other than inelegance and the computational overhead, is there a reason why sign then encrypt then sign wouldn't work for this?