On Mon, 14 May 2001, Rafael Coninck Teigao wrote:
> What I'm looking for is sort of this: there is a public key that can be
>used to create the cyphertext (only one public key) and a set of private keys
>that can be used alone to get the cleartext from this cyphertext.
Okay. Here is one way to do it. Encrypt the message using a symmetric
algorithm such as Twofish or AES or something. Now create a header that
says what the key you used with the symmetric cipher was. Make one
such header for each recipient, and encrypt each header (using an
asymmetric algorithm such as an elliptic-curve system) with the public
key of one of the intended recipients. Put the encrypted message together
with the encrypted headers, and sign the whole bundle with your own key.
Now your recipients can each read their header and get the key and then
unlock the whole document.
If you want to keep the number of headers down, or need to send to
a *lot* of different users with unique keys for each user, you can
use secret sharing to put a dozen messages in the header, such that
if your recipients can decrypt any six, they can construct the
symmetric key. Then you can hand out a different subset of six
keys to each of the participants. That gives you thousands of
different keys to hand out, but only 12 "headers".
Hope this helps...
Bear
