At 02:42 PM 9/9/95 -0400, Phill wrote:
One solution to this problem would be to modify PGP so that the session key for the document was released rather than the passphrase for the public key. The former would provide only read access, the latter would allow th scientologists to forge Wollerstein's signature on other material. In addition many of the documents may be subject to privillege.
It wouldn't be hard, though I'm not sure it's much different from requiring the owner of the public key to decrypt the document in the first place. It does give you some verifiability (somebody else can take the session key and demonstrate that encrypting it with the recipient's public key does or does not produce the encrypted-key string in the document being verified.) If that's what you plan to use it for, you would also need to have the entire padded session key and not just the session key itself. Total amount of work to implement - another command-line option, a print statement, and maybe another command-line option and bit of code to allow decryption of a public-key-encrypted document using a command-line-supplied session key. #--- # Bill Stewart, Freelance Information Architect, stewarts@ix.netcom.com # Phone +1-510-247-0664 Pager/Voicemail 1-408-787-1281 #---