17 Dec
2003
17 Dec
'03
11:17 p.m.
You can't have it that each of three individuals can decrypt messages sent to a key, while they all have to cooperate to sign messages.
You can, but the key can't be a regular RSA key.
Generally speaking, decryption and signing are identical in the RSA cryptosystem.
That's right, don't use RSA as such. Choose two RSA keys. Make one as Hal describes for signing. Use the other one for receiving. The public key in this system is a pair of public RSA keys. You break symmetry, and lose automatic PGP support, but it seems to have the characteristics required. Eric