Selecting the Encryption Methods for the pubkey Protection Scheme
There are two encryption methods needed to implement the Public Key Protection Scheme. We need a
conventional single key method, where the same key both encrypts and
decrypts (for encrypting and decrypting the server reply: the headers
and the document itself), and a public key method (used for encrypting
user's identification information and his encryption key).
The reason for using two encryption methods is the fact that public
key encryption is too slow for large amounts of data (documents), so
the documents have to encrypted with a single key method. But the key
has to be sent over an unsecure channel, and the way to do this
securely is to use a public key method.
Single Key Methods to Consider
The following single key encryption methods are worth considering:
- DES
- Patent in the U.S.
- IDEA
- Patent in Europe, no license fee for noncommercial use.
I suggest that DES encryption be used, since there are so many
different implementations all over the world, that it is easy to plug
it in, if just clear hooks are left in the WWW Common Library code.
Public Key Methods to Consider
The following public key encryption methods are worth considering:
- RSA
- Rivest-Shamir-Adleman, patent in the U.S.
- Rabin
- Public Key Partners claim their
patent covers all public key cryptography.
AL 12 December 1993