A few random comments about this discussion: 1. Someone mentioned performance. If that is a concern, use hardware to do the public-key algorithm - for example the Crypto Express HSM.
2. Remember that not all public-key algorithms can directly encrypt data. For example, RSA can, but Elliptic Curve (ECC) and DSA cannot. (For ECC, there is a method called ECIES that essentially creates a symmetric key under the covers and uses that to encrypt the data.) 3. Someone talked about signing and encrypting. Remember that you should never use the same key pairs for both - you should always have separate key pairs for signing and for encrypting. 4. Phil Smith showed how you can send the same content to multiple people by encrypting it with a symmetric key, then encrypting that symmetric key with each of their public keys. The Cryptographic Message Syntax (CMS) standard (RFC 5652, ANSI X9.73) supports exactly this method using something they call "enveloped data". ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
