Encryption and Signing – Same Key Pair – or different key pairs?
- Why do we need certificates at all in PKI?
- Diffie Helman, Symmetric and Asymmetric Encryption
- Group Encryption Keys
- Brute Force Breaking of Encryption – Solution Scheme
- Encryption and Signing – Same Key Pair – or different key pairs?
- Tokenization versus Encryption vs Data Masking
Most articles and even textbooks assume that the same key pair will be used for encryption as for signatures.
However, there is absolutely no reason this has to be the case.
Part of the reason the misconception arises is that the key pair is meant to represent a human (identity). And since the identity is unique, it may seem like there should be a SINGLE key pair.
In practice, it is preferable to use different key pairs for these two differing use cases (signatures and encryption).
Also read – A simple scheme to prevent brute force breaking of private keys
Private Keys are used in signing
Another thing to remember is that unlike payload encryption, the signing use case actually uses the private key to sign the data. Payload encryption uses the public key.
Why sign the hash and not the data itself?
signing the hash provides an additional safety check – by performing the hash check even before starting to decrypt the data.
Leave a Reply