paperkey // ? feature request
mo at g10code.com
Wed Feb 11 00:36:08 CET 2009
> the latter cannot be attacked without the keypair and the
Keep in mind that we are talking about a hybrid crypto system. Your
hidden assumption seems to be that the session key which is generated
during encryption to a public key is not worth attacking. Then, nothing
prevents you from using that session key together with a symmetric
crypto system directly.
In a way, the public-key crypto system is a layer on top of a symmetric
crypto system, which tries to solve the key distribution problem. When
you don't want to distribute keys -- and that's how I understand you --
it doesn't make much sense to use it.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 260 bytes
Desc: OpenPGP digital signature
More information about the Gnupg-users