On 2011-01-30 02:30 PDT, Matej Kurpel wrote: > On 30. 1. 2011 10:57, Nelson B Bolyard wrote: >> Yes, the P7M holds all those encrypted copies of the key that >> encrypts the main message, and of course, the ciphertext produced >> with that key, And cert chains, and capabilities, and ... it's like >> bread from Bembleman's Bakery, it's what everyone wants. :) >> > Thank you. Is the symmetric (e.g. AES) key encrypted directly with > public keys of the recipients or is it encrypted using some more > ephemeral symmetric keys for each recipient and those ephemeral keys > are encrypted using the public keys? I thought the second was true but > now it wouldn't make sense... Need to clarify it for myself :)
Never the second, but there is a third choice: the bulk encryption key (of which there is only one per message) is encrypted using a symmetric algorithm with a key DERIVED from the public key of the intended recipient and the sender's private key. CMS is about giving its users choices, lots of choices, at least two (preferably 5 or 6) ways of doing each and every piece. That makes it a bunch of work to implement, but (probably) makes it future-proof. -- /Nelson Bolyard -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
