On 01/30/2011 03:04 AM, Nelson B Bolyard wrote: > On 2011-01-30 02:30 PDT, Matej Kurpel wrote: >> On 30. 1. 2011 10:57, Nelson B Bolyard wrote: >>> Yes, the P7M holds all those encrypted copies of the key that >>> encrypts the main message, and of course, the ciphertext produced >>> with that key, And cert chains, and capabilities, and ... it's like >>> bread from Bembleman's Bakery, it's what everyone wants. :) >>> >> Thank you. Is the symmetric (e.g. AES) key encrypted directly with >> public keys of the recipients or is it encrypted using some more >> ephemeral symmetric keys for each recipient and those ephemeral keys >> are encrypted using the public keys? I thought the second was true but >> now it wouldn't make sense... Need to clarify it for myself :) > Never the second, but there is a third choice: the bulk encryption key > (of which there is only one per message) is encrypted using a symmetric > algorithm with a key DERIVED from the public key of the intended recipient > and the sender's private key. This usually happens if the recipients public 'encryption' key is some DH varient (DH, Fortezza KEA, EC-DH, etc).
bob
-- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
