Re: private to public decrypt now working

"Joe Kaplan" <joseph.e.kaplan@xxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:eANq2ZWmHHA.4316@xxxxxxxxxxxxxxxxxxxxxxx
The right solution here would simply be to issue each VP a key pair as
well (probably with an X509 cert) and have the president encrypt messages
for them using their public keys.

Better still, would be to encrypt the message (once) with a random session
key, then include one copy of the session key for each VP, encrypting that
session key with the VP's public key.

So, if Alice is sending to Bob and Dave, she'll encrypt the message with a
session key, and include one copy of the session key encrypted with Bob's
public key, one copy of the session key encrypted with Dave's public key.

There is no place in cryptographic theory or practice for the concept of
"semi-private". Either a key is private, held by one individual (or
key-stores under his control), or it is public, and should be no harm if it
accidentally leaks.

Consider the churn as VPs leave the company. Instead of just deleting them
from the directory, and not bothering to encrypt the session key with their
public key any more, you would have to re-issue a new key to all VPs! [Of
course, the method outlined above does issue a new session key with each
message, but that's a designed part of the communication, rather than a
further communication that has to take place above and beyond the message
being shared.]

Alun.
~~~~


.

Relevant Pages

  • Re: RSA Encryption without Session Keys - (I know its a bad idea)
    ... how do I tie a public key ... you can encrypt a password the same way you encrypt a ... session key as long as the length of the password is smaller than the length ... symmetric session key, encrypt the password with the session key, ...
    (microsoft.public.platformsdk.security)
  • Re: gnupg /rsa question // can a public rsa key be reconstructed from a plaintext and ciphertext ?
    ... >to encrypt the session key, ... >gnupg allows Bob to anonymize his key, ... Pretty poor assumption for a public key system. ... >and also the ciphertext of the session key that was encrypted to Bob's ...
    (sci.crypt)
  • CryptoAPI problem
    ... machine imports the public key, ... exchange pair) 3DES key, I get ERROR_INVALID_PARAMETER.. ... "target" machine when it gets the block size to encrypt the data. ... It seems like my session key must be bad somehow? ...
    (microsoft.public.platformsdk.security)
  • Re: how to have a gpg public key?
    ... Having just a public key doesn't do you much good. ... You need both a private key and a public key; ... can encrypt and decrypt your messages and you are just ...
    (Debian-User)
  • Re: RSA Encrypt/Decrypt Problems
    ... You can generate a snk for each and replicate the public key part to each ... Then sym encrypt your data with the key and iv and store in the ... You could actually do it with small blocks and only the public rsa key, ... > key) with the symmetric key embedded in the file and encrypted using the ...
    (microsoft.public.dotnet.security)