Ray Dillinger wrote:
>
> On Mon, 14 May 2001, Rafael Coninck Teigao wrote:
>
> > What I'm looking for is sort of this: there is a public key that can be
> >used to create the cyphertext (only one public key) and a set of private keys
> >that can be used alone to get the cleartext from this cyphertext.
>
> Okay. Here is one way to do it. Encrypt the message using a symmetric
> algorithm such as Twofish or AES or something. Now create a header that
> says what the key you used with the symmetric cipher was. Make one
> such header for each recipient, and encrypt each header (using an
> asymmetric algorithm such as an elliptic-curve system) with the public
> key of one of the intended recipients. Put the encrypted message together
> with the encrypted headers, and sign the whole bundle with your own key.
>
> Now your recipients can each read their header and get the key and then
> unlock the whole document.
>
> If you want to keep the number of headers down, or need to send to
> a *lot* of different users with unique keys for each user, you can
> use secret sharing to put a dozen messages in the header, such that
> if your recipients can decrypt any six, they can construct the
> symmetric key. Then you can hand out a different subset of six
> keys to each of the participants. That gives you thousands of
> different keys to hand out, but only 12 "headers".
You just described PGP.
Cheers,
Ben.
--
http://www.apache-ssl.org/ben.html
"There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit." - Robert Woodruff
