Quoting Ben Laurie <[EMAIL PROTECTED]>: > I don't see any value added by cipher1 - what's the point?
The message is encrypted, i.e, cipher1, then cipher1 is encrypted yeilding cipher2. Since symmetric_key1 of cipher1 is RSA_Encrypt(sender's private key), access to sender's public key can decrypt cipher1(must be *this* sender). Since symmetric_key2 of cipher2 is RSA_Encrypt(receiver's public key), only the receiver can decrypt cipher2. As was pointed out to me, the process of decrypting cipher2, yields an encrypted message, i.e., cipher1, that can forwarded on behalf of the original sender. This is not necessarily undesirable. However, SHA1(message) is to ensure that cipher1 has not be altered in transport. Therefore, the receiver knows three items. (1) The sender who originated the message. (2) The receiver is the intended receiver. (3) The message was not altered during transport. Thx, -Matt --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]