Yuji Shinozaki wrote: > > What provisions are there for attaching multiple pubkey-encrypted > symmetric keys to one document? > > For example, I want to send an encrypted document several recipients so I > encrypt the document with a randomly-generated symmetric key, then encrypt > the symmetric key with each recipients' pubkey, then put/send/deliver the > whole bundle to all parties. Can I do this in a PKCS7? Are there > software provisions to do this already? > Yes, this is supported in the command line 'smime' utility, though the public keys would be carried in certificates. > OR suppose I want to ensure document encryption key recovery without > having to do escrow. So all "company business" documents are stored > encrypted, and the symmetric key is attached encrypted both with the > recipients pubkey and an archivists' or record-keepers' pubkey. > > Are their provisions in openssl tools to do this? Is this best done > with PKCS7? Some other way? > This is just as case of ensuring that the 'company certificate' is always included when sending S/MIME encrypted data. Steve. -- Dr Stephen N. Henson. http://www.drh-consultancy.demon.co.uk/ Personal Email: [EMAIL PROTECTED] Senior crypto engineer, Celo Communications: http://www.celocom.com/ Core developer of the OpenSSL project: http://www.openssl.org/ Business Email: [EMAIL PROTECTED] PGP key: via homepage. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]