Scientology/Wollersheim as test case for key disclosure
Bill Stewart
stewarts at ix.netcom.com
Fri Sep 15 02:09:11 PDT 1995
At 02:42 PM 9/9/95 -0400, Phill wrote:
>One solution to this problem would be to modify PGP so that the session key
for
>the document was released rather than the passphrase for the public key. The
>former would provide only read access, the latter would allow th
scientologists
>to forge Wollerstein's signature on other material. In addition many of the
>documents may be subject to privillege.
It wouldn't be hard, though I'm not sure it's much different from requiring
the owner of the public key to decrypt the document in the first place.
It does give you some verifiability (somebody else can take the session key
and demonstrate that encrypting it with the recipient's public key does or
does not produce the encrypted-key string in the document being verified.)
If that's what you plan to use it for, you would also need to have the
entire padded session key and not just the session key itself.
Total amount of work to implement - another command-line option, a print
statement,
and maybe another command-line option and bit of code to allow decryption of a
public-key-encrypted document using a command-line-supplied session key.
#---
# Bill Stewart, Freelance Information Architect, stewarts at ix.netcom.com
# Phone +1-510-247-0664 Pager/Voicemail 1-408-787-1281
#---
More information about the cypherpunks-legacy
mailing list