Re: Opening PKI encrypted with Public Key outside your Escrow Authority.

[derez <derez () packetforge net>]

Benson, Sean M wrote:
> I have a Question maybe someone can explain to me.
>
> Say company Acme has a PKI structure.
> Company/User Beta also has PKI or is using PKI software
>
> It allows S/MIME and Proprietary Keys to be imported into and AcmeUser's
> keyrings/address books.
>
> If User () Acme com uses the key from AnotherUser () Acme com I as the Key
> Escrow CA can open/un-encrypt/read the mail using the Escrowed Private
> keys.
>
> But If User () Acme com uses the Public Key from User () Beta com to encrypt.
> Can I open this message using only the Keys I have Escrowed?  
> Ie.. Only AcmeUser's Public/private pair?
>
> Or is it encrypted with the Public key of UserBeta and I am SOL?

Right, if the public key of another PKI (Beta Company) was used to to 
encrypt the mail then you would need to have private keys (User or 
escrowed) from that PKI to decrypt it.

>  
> btw: I believe your SOL without that other key as it's encrypted with
> it. Am I right?

Yes.

~derez

------------------------------------------------------------------------------
This List Sponsored by: Cenzic

Concerned about Web Application Security? 
As attacks through web applications continue to rise, you need to proactively 
protect your applications from hackers. Cenzic has the most comprehensive 
solutions to meet your application security penetration testing and 
vulnerability management needs. You have an option to go with a managed 
service (Cenzic ClickToSecure) or an enterprise software (Cenzic Hailstorm). 
Download FREE whitepaper on how a managed service can help you: 
http://www.cenzic.com/news_events/wpappsec.php 
And, now for a limited time we can do a FREE audit for you to confirm your 
results from other product. Contact us at request () cenzic com
------------------------------------------------------------------------------