You are attempting to answer the question you are asking in the question. Let me get to the root of what you are asking.
From what I understand, you would like to create a 2 party escrow - buyer sends money in a way that can't be retrieved unless both parties are satisfied.
This can be done in two ways in Bitcoin - one through the use of multisignature transactions, other - through split-key addresses.
The first approach is to send the money to 2-of-2 multisignature combination of addresses - one held by the buyer, and another - by the seller. When they reach consensus, they create a transaction, each signs it and money is transferred. The disadvantage of this approach is that if they don't reach consensus, there is no way to settle the money dispute. If you would introduce some third party acting like an escrow and create 2-of-3 multisignature address, then you would need a consensus of any 2 involved parties. If the buyer and seller agree on a consensus, escrow service does not get involved and everyone is satisfied. If they can't reach consensus, escrow steps in and mediates the solution with the parties forcing a compromise - it can always break a stalemate by cooperating with one party.
The second approach is for both parties to settle on a public key each by themselves, and then combine it through multiplication or addition, creating a split-key address. They both know the public key and associated address, but none of them know the private key. If they agree on an output, the buyer sends the seller their private key and the seller can create a transaction crediting themselves, or if the seller wishes to return the money to the buyer, they can give them their private key. This approach has a few problems:
- One can't be using the same private keys in multiple transactions, as they get shared with third parties
- The person that will receive the second private key can dictate any division of money - nothing can stop them
- There is no possibility of creating a 2-of-3 escrow
So all in all, use multisignature transactions.
It sounds like your goal is to have a Bitcoin address generated by two parties that can only be spent out of by having those two parties cooperate. Is that correct? – Nick ODell – 2013-05-30T06:18:04.740
2Are you sure m-of-n transactions aren't instead what you need? – o0'. – 2013-05-30T12:55:36.890
@Nick: Yes, or more specifically, can only be spent, by only the vendor, when the buyer sends the pgp encrypted wallet to the vendor. (Redemption) – Dex Bitcoin – 2013-05-31T04:18:22.203
@Lorhoris: I'm pretty sure M-of-n aren't going to help this need. I definitely want the end product to be a file encrypted in something like PGP, where the person holding it can't get inside and the other person can get inside, (and be the first one to access the wallet) but doesn't possess it in any way. – Dex Bitcoin – 2013-05-31T04:21:50.253