There is a subtle difference in the security properties of an encrypted message when the message digest is internal (added before the encryption process) or external (added afterwards). The difference is: Authentication is a by-product of the operation in which the digest is internal. However, that is not the case when the digest is external.
The thing to remember is that if a message is decrypted successfully by the receiver, then it must have come from the expected sender — because they share the same key (assuming symmetric ciphers only). So if we assure somehow that when a message is decrypted, it results in the one that was sent, we will have authentication. We make this guarantee using message digests.
When the message digest is external, an attacker could drop the original message and digest, and simply replace them with new ones. The digest will still match but the message will be garbled (since the attacker’s key was used to encrypt it). But how can a receiver automatically distinguish between a garbled message and a correct one? A human could easily do that for a message in English, but it will be much harder if the data sent is a byte stream. Additionally, introducing a human in the picture would preclude automatic integrity verification. Thus, when the digest is outside, we cannot guarantee that the message decrypted is the same one that was sent.
Now, when the message digest is internal, then any modification by an attacker will be detected automatically during integrity verification. The attacker could also replace the entire cipher text, but since the decryption will be garbled (because attacker’s key was used to encrypt,) the digest verification will fail.
Update: Notice now that all of the above does not apply to a Message Authentication Code. The MAC can be placed internally or externally because the code (digest) is tied to a shared secret key. Since the attacker does not have this key, he can’t create an encrypted message for which digest verification succeeds at the receiver.
keywords: apply, digest, when
Tags: security