Dale Thorn writes (in part):
I'm tending to think that, instead of using PGP for all encoding (even though it may have multiple facilities for all situations), a message could be encrypted with a good trusted private-key system or whatever, then the private key encrypted with the Public Key software and sent either separately or with the message.
But you've described exactly what PGP does. It encrypts the message with a "good, trusted private-key system" -- IDEA, which has undergone significant peer review, has a long-enough key (128 bits), and has exhibited no significant weaknesses or shortcuts to brute force (which is impossible, given the key length). It then encrypts the IDEA session key that was used with the recipient's public key, and bundles the the IDEA-encrypted message and the RSA-encrypted session key (and optionally, a signed hash of the message) for delivery to the recipient. Tunny ====================================================================== James A. Tunnicliffe | WWWeb: http://www.inference.com/~tunny Inference Corporation | PGP Fingerprint: CA 23 E2 F3 AC 2D 0C 77 tunny@Inference.com | 36 07 D9 33 3D 32 53 9C ======================================================================