Those alternatives also involve two pairs of keys.
-- Shmuel (Seymour J.) Metz http://mason.gmu.edu/~smetz3 ________________________________________ From: IBM Mainframe Discussion List <IBM-MAIN@LISTSERV.UA.EDU> on behalf of Charles Mills <charl...@mcn.org> Sent: Monday, August 26, 2019 5:42 PM To: IBM-MAIN@LISTSERV.UA.EDU Subject: Re: vendor distributes their private key Yow! Expensive in terms of CPU time. Wouldn't (ideally at least) foo encrypt it with a random secret key and then send it to bar encrypted with bar's public key? To provide non-repudiation -- to sign a document -- it is only necessary for the sender to encrypt a hash of the message with the sender's private key. Much cheaper than two long public key encryptions. Charles -----Original Message----- From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf Of Seymour J Metz Sent: Monday, August 26, 2019 1:43 PM To: IBM-MAIN@LISTSERV.UA.EDU Subject: Re: vendor distributes their private key The proper way to provide encryption and non-repudiation is to have two key pairs. You sign a message using your private key. People wanting to send you encrypted data encrypt using your public key. So if foo wants to send bar a signed encrypted document, foo double encrypts it with foo's private key and bar's publickey. -- Shmuel (Seymour J.) Metz http://mason.gmu.edu/~smetz3 ________________________________________ From: IBM Mainframe Discussion List <IBM-MAIN@LISTSERV.UA.EDU> on behalf of Phil Smith III <li...@akphs.com> Sent: Monday, August 26, 2019 4:35 PM To: IBM-MAIN@LISTSERV.UA.EDU Subject: Re: vendor distributes their private key CM Poncelet wrote: >Because a sender does not need to have an own public/private key-pair, >but needs only the public keys of the recipients to send encrypted >emails to them. Ah, ok. Reveals my ignorance of how PGP works. Voltage SecureMail uses both, providing that non-repudiation; I guess I assumed everyone did! ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
