[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: appropriate algorithm for application
-----BEGIN PGP SIGNED MESSAGE-----
>Scott McGuire wrote
>>
... stuff deleted ...
>>
>>
>> Why not just encrypt the files with regular, single key encryption and only
use
>> the public-key encryption on a master file holding a copy of all the
individual
>> keys? This would be faster right?
>
>The main reason is so that anyone can generate new keys as and when
>they please. The master key is not required for key generation, which
>makes it more secure (ie. it spends more of its time in the safe) and
>practical (the master key may be in a different building).
>
>Gary
>--
>pub 1024/C001D00D 1996/01/22 Gary Howland <[email protected]>
>Key fingerprint = 0C FB 60 61 4D 3B 24 7D 1C 89 1D BE 1F EE 09 06
>^S
>^A^Aoft FAT filesytem is extremely robust, ^Mrarely suffering from^T^T
If the master file (or say master directory with one keyfile for each
encrypted file) is encrypted with public key encryption, than anyone with the
master public key can add a new encrypted file key but only the person with
the master private key can remove one of those keys.
Now that I think about it, this is like having each user encrypt their file
with a conventional key and sending a PGP encrypted message with the key they
used to the maintainer of the master file. Of course if you don't trust the
users to give up a copy of the key, you would need to automate the procedure.
Scott
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3a
Charset: noconv
iQCVAwUBMgpQiN7xoXfnt4lpAQEBfwQAuHXSGhgWXr1S7gEKWH9iygLlSrioGjoz
/4+kqXKW/Q1ygDub0W3Tdr54uHaltAD8V/uk539i2ToTA0HQwaQ/jQq4eyRWrASl
bW1e5VWkJrKOm3J1qDSfIcoD7ACygwMb2Fxmp1w0GQ5uOOwjH8bow7YGMVPZKa/C
pDLIbjT36bM=
=18an
-----END PGP SIGNATURE-----