Why do I need to use separate public key pairs for signing and encryption and not use the same key pair with RSA for example? Is there any security problem with using the same key?
问题:
回答1:
The reason for using separate key pairs for signing and encryption is to spread the risk: If someone recovers the private encryption key, he/she can decrypt documents that were encrypted using the public encryption key but can’t use it to also sign documents and vice versa.
Another reason could be a legal reason:
In several countries, a digital signature has a status somewhat like that of a traditional pen and paper signature, like in the EU digital signature legislation. Generally, these provisions mean that anything digitally signed legally binds the signer of the document to the terms therein. For that reason, it is often thought best to use separate key pairs for encrypting and signing. Using the encryption key pair, a person can engage in an encrypted conversation (e.g., regarding a real estate transaction), but the encryption does not legally sign every message he sends. Only when both parties come to an agreement do they sign a contract with their signing keys, and only then are they legally bound by the terms of a specific document. After signing, the document can be sent over the encrypted link. If a signing key is lost or compromised, it can be revoked to mitigate any future transactions. If an encryption key is lost, a backup or key escrow should be utilized to continue viewing encrypted content. Signing keys should never be backed up or escrowed.
回答2:
I'm not entirely sure what you are getting at. I am going to assume you want to know why you should use different keys for https/ssl/ssh and code signing (other than that they have different usage bits).
SSL certificates have to hang out around web servers, which are infamous for being compromised. Code signing certificates can be hidden away completely offline. In theory. In practice web servers are managed by professional sysadmins, and code signing certs are left lying around on bodge-a-job developer PCs. Also there's the Principle of Least Privilege.
回答3:
You might want to go to see this similar question from the security stack :
https://security.stackexchange.com/questions/1806/why-should-one-not-use-the-same-asymmetric-key-for-encryption-as-they-do-for-sig
IMHO, the answer from Am1rr3zA is the best.
回答4:
Having separate signing and encryption key pairs allows a company to back up the encryption certificate in order to decrypt data if you leave the company and they find stuff encrypted with your key.
Typically, the company won't keep a backup copy of your signing certificate, since it would destroy the notion of a valid digital signature. If the signing certificate is held by more than one party, then who really signed a message with it?
So, encryption key is held by the user and backed up by the company. Signing key is only held by the user.
回答5:
Reasons for using separate keys for signing and encryption:
- Useful in organization were encryption key needs to be backed or kept in escrow in order to decrypt data once an employee/user of the organization is no longer available. Unlike the encryption key the signing key must never be used by anyone other then the employee/user and does not and should not need to be kept in escrow.
- Allows having different expiration times for signing an encryption keys.
- Given that the underlying mathematics is the same for encryption and signing, only in reverse, if an attacker can convince/trick a key holder to sign an unformatted encrypted message using the same key then the attacker gets the original.
回答6:
Read this : http://en.wikipedia.org/wiki/Public-key_cryptography
Basically you are asking about the different between asymmetric and symmetric encryption.