in reply to Customer data encryption

Compress, pad, whiten, timestamp. Then generate a symmetric session key and encrypt with it, then RSA that key and attach it. Alternately, let GnuPG do essentially that very same thing for you. It's very well tested and therefore less likely to contain a major flaw than any system you come up with. No offense intended, that's just the facts of rolling your own.

Replies are listed 'Best First'.
Re^2: Customer data encryption
by hobbs (Monk) on Feb 26, 2007 at 22:24 UTC
    Above post is mine, I failed to notice that I wasn't logged in. You said above that you can't guarantee that the end users have GnuPG, but you might want to see about Crypt::OpenPGP. I haven't used it myself, I don't know if it's reliable, and it hasn't been updated in years... but it claims to be a pure-perl implementation of OpenPGP. Might make a worthy alternative.
[reply]

In Section Seekers of Perl Wisdom