> the latter cannot be attacked without the keypair and the > passphrase,
Keep in mind that we are talking about a hybrid crypto system. Your hidden assumption seems to be that the session key which is generated during encryption to a public key is not worth attacking. Then, nothing prevents you from using that session key together with a symmetric crypto system directly. In a way, the public-key crypto system is a layer on top of a symmetric crypto system, which tries to solve the key distribution problem. When you don't want to distribute keys -- and that's how I understand you -- it doesn't make much sense to use it. mo
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
