*Content confidentiality* prevents the disclosure of the plaintext
content of a message to any party other than the intended recipient(s). It
is provided on a per-message basis using an asymmetric or symmetric encryption
technique. The encrypted content is unintelligible to any MTA handling
the message.

If the originator chooses an asymmetric algorithm, the recipient's public key is used to encrypt the message content. The recipient uses its private key to decrypt the content. If an asymmetric encryption algorithm is used, the message can only be addressed to a single recipient (i.e., the recipient whose private key is paired with the public key used to perform the encryption).

If the originator chooses a symmetric algorithm, delivery to multiple recipients is possible. The originator encrypts the content using a symmetric encryption key. This key may be distributed to each message recipient by placing the key in the encrypted-data of the message token for that recipient. The key may also be distributed by some other means (e.g., by prior agreement).

The message originator can encrypt the content using any symmetric or asymmetric algorithm understood by both the originator and the recipient. All information relevant to the algorithm, such as the algorithm's object identifier and any input parameters, can be conveyed in the message envelope or the signed-data of the message token.

Fri Oct 7 16:17:21 EDT 1994