From: Gary Howland <gary@systemics.com>
Date: Fri, 9 Aug 1996 11:20:36 +0800
To: Scott McGuire <svmcguir@syr.edu>
Subject: Re: appropriate algorithm for application
In-Reply-To: <ML-2.2.839513101.7349.scott@homebox.>
Message-ID: <320A29E7.13728473@systemics.com>
MIME-Version: 1.0
Content-Type: text/plain


Scott McGuire wrote:
> 
> > Cerridwyn Llewyellyn wrote:
> > >
> > > I need an algorithm/protocol that is capable of encrypting numerous
> > > files with separate keys, but there also needs to be a master key
> > > that will be able to decrypt all of them.  Is there such a system
> > > that is relatively secure?  I'd prefer the system to be as secure
> > > as possible, but in this application, security is secondary to
> > > functionality.  Thanks... //cerridwyn//
> >
> > Are you after a working program, or just a design?
> >
> > You could always use an escrowed public key generator (discussed on
> > sci.crypt some time ago), where the keys all have a factor of 'N'
> > embedded in 'N', but encrypted with the master key.
> >
> > (I'd be prepared to write the code that generates the keys, if
> > someone does the "master decrypt" side of things).
> >
> >
> 
> Why not just encrypt the files with regular, single key encryption and only use
> the public-key encryption on a master file holding a copy of all the individual
> keys?  This would be faster right?

The main reason is so that anyone can generate new keys as and when
they please. The master key is not required for key generation, which
makes it more secure (ie. it spends more of its time in the safe) and
practical (the master key may be in a different building).

Gary
--
pub  1024/C001D00D 1996/01/22  Gary Howland <gary@systemics.com>
Key fingerprint =  0C FB 60 61 4D 3B 24 7D  1C 89 1D BE 1F EE 09 06 
^S
^A^Aoft FAT filesytem is extremely robust, ^Mrarely suffering from^T^T