-----BEGIN PGP SIGNED MESSAGE----- Cool stuff, Matthew. You've gotta think about replay and delay attacks though. A good start is to include a time-stamp in the authenticated message (I'm not sure if PGP's built-in timestamp is authenticated. Anyone?), save the latest timestamp which you have authenticated, and reject messages unless they have an authenticated time-stamp later than that one. What fun! Keep me informed. Regards, Bryce -----BEGIN PGP SIGNATURE----- Version: 2.6.2i Comment: Auto-signed under Unix with 'BAP' Easy-PGP v1.1b2 iQB1AwUBMeORJ0jbHy8sKZitAQF/zgL9EbVUojASbX/TAY6YrS6hzUYR+6sE7bHI x01b12Yt2mQzWq//t636ROO1hzM/in9Co5jWjRhN6pQSnjNVI+OQC8iGw1eZm2c/ /lZ/MCqN+T5UvGgzNc62HyAWBZ9fIm/9 =2MGB -----END PGP SIGNATURE-----