Eric Burger <eburger(_at_)brooktrout(_dot_)com> writes:
The problem is that the client does not want to download the object at all,
either because they only want to look at a particular body part and the
entire message is encrypted (Cyrus' example) or they wish to forward the
message without downloading it to their client.
You don't download it, the server sends out the RSA/Elgamal-encrypted message
encryption key (MEK) from the message (and nothing else) and the client
returns the MEK re-encrypted with the server's public key. This works with
anything (including for example crypto hardware like smart cards that won't
reveal a key), has minimal messaging overhead, and doesn't require any
additional security measures to protect the MEK.
Peter.