[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Scientology/Wollersheim as test case for key disclosure



At 02:42 PM 9/9/95 -0400, Phill wrote:
>One solution to this problem would be to modify PGP so that the session key
for 
>the document was released rather than the passphrase for the public key. The 
>former would provide only read access, the latter would allow th
scientologists 
>to forge Wollerstein's signature on other material. In addition many of the 
>documents may be subject to privillege.

It wouldn't be hard, though I'm not sure it's much different from requiring
the owner of the public key to decrypt the document in the first place.
It does give you some verifiability (somebody else can take the session key
and demonstrate that encrypting it with the recipient's public key does or 
does not produce the encrypted-key string in the document being verified.)
If that's what you plan to use it for, you would also need to have the
entire padded session key and not just the session key itself.

Total amount of work to implement - another command-line option, a print
statement,
and maybe another command-line option and bit of code to allow decryption of a
public-key-encrypted document using a command-line-supplied session key.
#---
# Bill Stewart, Freelance Information Architect, [email protected]
# Phone +1-510-247-0664 Pager/Voicemail 1-408-787-1281
#---