To prevent legitimate message recipients from forging new messages and to encrypt messages for a specific set of recipients (channel), a root key is encrypted and combined with a base session management key to render a combined root key, which in turn is encrypted with a public key of at least one recipient device to render a session management key. The public key of each of “N” intended recipient device encrypts the combined root key to render “N” session management keys. The session management keys are then combined with the combined root key to render a multicast root key, which is signed with a private key of a sending device. The signed multicast root key is combined with the session management keys to render an encrypted, signed multicast root key that is used to encrypt digital information prior to transmitting the digital information.