I'm a bit new to using some of these techniques, so thanks for your patience... Some background: We are looking to use OpenSSL for passing encrypted data between parties. The private keys will be held inside our corporate network (is it correct to call this a keyring?). From those keys, we will issue certificates on a per-request basis frequently, only rarely generating new private keys. There will eventually be thousands of certificates handed out from a small set of private keys (10 or so). Data (less than 100B) will pass from the clients holding the certificates back to our server via email, fax, postal, etc. The question: Is it possible, using only the encrypted data, to know which private key will decrypt the data? I was not sure if there is some kind of "fingerprint" the encryption process left on the resulting data that could be used to determine the corresponding private key. We had talked about using a known string to begin all messages, and simply loop through all private keys, decrypting the data until we see the known string, but that seems insecure. I think the best way would be to send the certificate that encrypted the data along with the encrypted data, but I was hoping for another option... There are times a person will type in this information manually, and an entire certificate could be painful (the encrypted data will be hard enough). Thanks, --jah
