I'm curious about the Bouncy Castle API process for handling multiple public keys to encrypt data. For example, if i have 3 different clients that would like me to encrypt data and send to them using their public key for encryption, if i label each clients public key respectively - how does bouncy castle determine that client 1 should be encrypted with public key 1 and not public key 3 (which would be the public key for client 3)?
it would seem from a decrpytion standpoint, that publicKeyEncryptedData has a keyID tag attached with it that can be used to look up the corresponding private key, but i dont understand how it chooses the correct key to encrypt with.
It doesn't. You have to specify all recipients (i.e. certificates to use for encryption). When you are doing encryption using PKCS#7 the process is:
Decryption process is: