> Well, a common problem with asymmetric ciphers is that they tend to be
> problematic when encrypting large amounts of data. They often cause
> data expansion and are extremely slow; I imagine that using an
> asymmetric cipher to encrypt everything would result in your data
> being at least twice the size of what you put in (whether you used RSA
> or ElGamal), and I think that it would probably be even slower than
> what you're doing now as well. It would probably also be prudent, as
> Francis suggests, to add a digital signature to your data; I've found
> that authentication of data is quite often more important than keeping
> the data confidential.
>

What would be a good envelope to put all that in?  I'm not sure what
ruby openssl supports, and my experience with this is somewhat
limited.  In the past I've always used PKCS7.  Performance is also an
issue, plus I have two types of data to store.  One is short term with
a life of maybe a week at most, the other would be stored much longer
for auditing purposes.  Plus the keys have to change every 90 days.