On Fri, Mar 11, 2005 at 12:04:59PM -0500, Eric Burger wrote:
Background:
I am a co-chair of the lemonade work group in the IETF
<http://www.ietf.org/html.charters/lemonade-charter.html>.
One thing we would like to do is enable a remote client to fetch the
encrypted session key from an IMAP server, decrypt the key using the
client's key, and then handing back the clear session key to the IMAP server
to decrypt or verify a message or body part.
So, the question is, are there implementations of PGP where one can:
1. Extract the encrypted session key from the PGP-encrypted object
2. An API for handing over the encrypted session key and the client key,
returning the clear session key (this would run on the remote client).
3. An API that takes the clear session key and the PGP-encrypted object and
returns the cleartext object.
Note that this is different from the normal case of an API that takes the
client's key and the PGP-encrypted object and simply returns the cleartext
object.
GnuPG can do this. The feature was originally intended as a
workaround for places that have laws about compelled production of
keys, but it can be used for what you discuss.
David