Originally Posted by pholy
Ahh-ha! That makes sense - if the whole book was encrypted with the customer's key, each download would have to wait on encrypting a big file. As Charleski describes it, only the relatively short (1024 bits? whatever...) payload-key needs to be encrypted for each customer.
I think.... something like that...
Asymmetric encryption algorithms (like RSA) are a huge amount slower than the symmetric one.
Almost all public key encryption schemes (OpenSSH, ...) work the steps: decrypt symmetric key with asymmetric ones and then use the faster symmetric decryption (like RC4 or AES).
The pdf won't be changed later on. As far as I can see only the device key is adjusted. That's the reason why you can reauthorize a newer hardware with an Adobe ID.
The symmetric and asymmetric key remain the same only your decryption information for the asymmetric key has to be adjusted (because of the changed hardware information)