This entry is part 5 of 6 in the series PKI

Most articles and even textbooks assume that the same key pair will be used for encryption as for signatures.

However, there is absolutely no reason this has to be the case.

Part of the reason the misconception arises is that the key pair is meant to represent a human (identity). And since the identity is unique, it may seem like there should be a SINGLE key pair.

In practice, it is preferable to use different key pairs for these two differing use cases (signatures and encryption).

Also read –  A simple scheme to prevent brute force breaking of private keys

Private Keys are used in signing

Another thing to remember is that unlike payload encryption, the signing use case actually uses the private key to sign the data. Payload encryption uses the public key.

Why sign the hash and not the data itself?

signing the hash provides an additional safety check – by performing the hash check even before starting to decrypt the data.

 

Anuj holds professional certifications in Google Cloud, AWS as well as certifications in Docker and App Performance Tools such as New Relic. He specializes in Cloud Security, Data Encryption and Container Technologies.

Initial Consultation

Anuj Varma – who has written posts on Anuj Varma, Hands-On Technology Architect, Clean Air Activist.


Series NavigationBrute Force Breaking of Encryption – Solution SchemeTokenization versus Encryption vs Data Masking