Discussion:
AT_SIGNATURE and AT_KEYEXCHANGE
(too old to reply)
Nick
2005-06-06 06:23:01 UTC
Permalink
Hi there,

According to MSDN, each key store within a CSP can have a key pair for
signature and a key pair for key exchange.

My Questions are:

1) When I use the import utility from MMC to import a pkcs12 file that
contains both the certificate and key, how do I specify the key is going to
be imported as AT_SIGNATURE?

2) From my testing, it seems that when a smart card based CSP is used, I can
use a key pair marked as AT_KEYEXCHANGE to do signature and key exchange. But
with one of the microsoft CSPs, a key pair marked as AT_KEYEXCHANGE can only
be used to do key exchange. So, is this correct?

Thanks

Nick
lelteto
2005-06-06 16:35:23 UTC
Permalink
For your questions:
1. The certificate EXTENSION(s) will tell what the key is valid for. If the
private key is valid ONLY for signature than it will be set as AT_SIGNATURE.
If it is valid for other purposes (eg. SSL authentication, decryption etc)
than it will be AT_KEYEXCHANGE.
2. Yes, AT_SIGNATURE keys can ONLY be used to sign; AT_KEYEXCHANGE keys can
be use both to sign and decrypt.

(Although from a pure security point one should not use the same private key
for both signing and decrypt, in practice people don't like to get multiple
certificates - getting one is hassle enough - so they just want to use one
key pair and one cert. That's why MS allows one private key to be used for
botj signing and decryption.)

Laszlo Elteto
SafeNet, Inc.
Post by Nick
Hi there,
According to MSDN, each key store within a CSP can have a key pair for
signature and a key pair for key exchange.
1) When I use the import utility from MMC to import a pkcs12 file that
contains both the certificate and key, how do I specify the key is going to
be imported as AT_SIGNATURE?
2) From my testing, it seems that when a smart card based CSP is used, I can
use a key pair marked as AT_KEYEXCHANGE to do signature and key exchange. But
with one of the microsoft CSPs, a key pair marked as AT_KEYEXCHANGE can only
be used to do key exchange. So, is this correct?
Thanks
Nick
Nick
2005-06-06 22:17:16 UTC
Permalink
Hi Lelteto,

Thanks for your reply.

The certificate that I imported has only the digital signature bit set in
its key usage extenstion and it has no extended key usage extenstion. I have
tried a few certificates and everytime I imported a new certificate, it
created a new key container and imported that key as AT_KEYEXCHANGE.

Also, is there a way to specify which CSP and key container that you want to
import the certificates and keys into?

For question 2, I have done some testing and when I was using a smart card
based CSP I could use a key marked as AT_KEYEXCHANGE to do both signing and
key exchange thing. But when I used a key from one of the MS CSPs, I could
only do key exchange with keys marked as AT_KEYEXCHANGE. So is there anything
that I need to do before I can use any key marked as AT_KEYEXCHANGE for both
signature and key exchange?

Thanks

Nick
Post by lelteto
1. The certificate EXTENSION(s) will tell what the key is valid for. If the
private key is valid ONLY for signature than it will be set as AT_SIGNATURE.
If it is valid for other purposes (eg. SSL authentication, decryption etc)
than it will be AT_KEYEXCHANGE.
2. Yes, AT_SIGNATURE keys can ONLY be used to sign; AT_KEYEXCHANGE keys can
be use both to sign and decrypt.
(Although from a pure security point one should not use the same private key
for both signing and decrypt, in practice people don't like to get multiple
certificates - getting one is hassle enough - so they just want to use one
key pair and one cert. That's why MS allows one private key to be used for
botj signing and decryption.)
Laszlo Elteto
SafeNet, Inc.
Post by Nick
Hi there,
According to MSDN, each key store within a CSP can have a key pair for
signature and a key pair for key exchange.
1) When I use the import utility from MMC to import a pkcs12 file that
contains both the certificate and key, how do I specify the key is going to
be imported as AT_SIGNATURE?
2) From my testing, it seems that when a smart card based CSP is used, I can
use a key pair marked as AT_KEYEXCHANGE to do signature and key exchange. But
with one of the microsoft CSPs, a key pair marked as AT_KEYEXCHANGE can only
be used to do key exchange. So, is this correct?
Thanks
Nick
lelteto
2005-06-07 15:02:02 UTC
Permalink
(a) I don't know the reason why the sign-only cert imports as AT_KEYEXCHANGE.
Maybe MS can answer that.
(b) if you use the MS tools they will import the key/cert into the MS CSP.
You can, of course, programmatically import them into your choice of CSP: you
need top get contect to that CSP (and create a new container), convert the
file into PRIVATEKEYBLOB (don't forget the endian conversion; also, in that
conversion you will be able to specify whether you want it to be
AT_KEYEXCHANGE or AT_SIGNATURE) then use CryptImportKey.
(c) Again, I don't understand why you can't use an AT_KEYEXCHANGE key for
signing. I've always been able to do that. Maybe it's some error on your side
(coding?) Are you using low-level calls? (CryptAcquireContext,
CryptGetUserKey, CryptCreateHash... CryptSignHash?)

Laszlo Elteto
SafeNet, Inc.
Post by Nick
Hi Lelteto,
Thanks for your reply.
The certificate that I imported has only the digital signature bit set in
its key usage extenstion and it has no extended key usage extenstion. I have
tried a few certificates and everytime I imported a new certificate, it
created a new key container and imported that key as AT_KEYEXCHANGE.
Also, is there a way to specify which CSP and key container that you want to
import the certificates and keys into?
For question 2, I have done some testing and when I was using a smart card
based CSP I could use a key marked as AT_KEYEXCHANGE to do both signing and
key exchange thing. But when I used a key from one of the MS CSPs, I could
only do key exchange with keys marked as AT_KEYEXCHANGE. So is there anything
that I need to do before I can use any key marked as AT_KEYEXCHANGE for both
signature and key exchange?
Thanks
Nick
Post by lelteto
1. The certificate EXTENSION(s) will tell what the key is valid for. If the
private key is valid ONLY for signature than it will be set as AT_SIGNATURE.
If it is valid for other purposes (eg. SSL authentication, decryption etc)
than it will be AT_KEYEXCHANGE.
2. Yes, AT_SIGNATURE keys can ONLY be used to sign; AT_KEYEXCHANGE keys can
be use both to sign and decrypt.
(Although from a pure security point one should not use the same private key
for both signing and decrypt, in practice people don't like to get multiple
certificates - getting one is hassle enough - so they just want to use one
key pair and one cert. That's why MS allows one private key to be used for
botj signing and decryption.)
Laszlo Elteto
SafeNet, Inc.
Post by Nick
Hi there,
According to MSDN, each key store within a CSP can have a key pair for
signature and a key pair for key exchange.
1) When I use the import utility from MMC to import a pkcs12 file that
contains both the certificate and key, how do I specify the key is going to
be imported as AT_SIGNATURE?
2) From my testing, it seems that when a smart card based CSP is used, I can
use a key pair marked as AT_KEYEXCHANGE to do signature and key exchange. But
with one of the microsoft CSPs, a key pair marked as AT_KEYEXCHANGE can only
be used to do key exchange. So, is this correct?
Thanks
Nick
Valery Pryamikov
2005-06-07 18:23:25 UTC
Permalink
AT_KEYEXCHANGE and AT_KEYSIGNATURE is just usage restriction hint for the
framework. There are several good logical reasons to differenciate signature
and encryption keys. The most important reason is that encryption keys may
(and usually do) require backup for avoiding risk of information loss.
However signature keys neither requires backup nor should they be fed to
keyescrow agents.
But when it concerns RSA keys - both signature and encryption keys has
absolutely same structure and there is no possibility to distinguish key's
purpose just by accessing key's strucutre. Therefore any key could be used
for both purpose, but A GOOD FRAMEWORK distinguish signature and encryption
keys because they require different treatment by backup/restore agents (as
well as key escrow agents if last are used).

Another important historical reason was US crypto exporting restrictions:
restrictions were only regarding strength of encryption keys but not
signature keys. Microsoft was required to provide prove to the government
that they never allow signature keys to be used for encryption purposes
before they were allowed to ship Microsoft encryption modules with Windows.
Exporting restrictions are the history now (thanks god :D).

This all is explanation of why you get keyusage restrictions with Microsoft
CSP, but not with thirdparty CSP.

-Valery.
http://www.harper.no/valery
Post by Nick
Hi Lelteto,
Thanks for your reply.
The certificate that I imported has only the digital signature bit set in
its key usage extenstion and it has no extended key usage extenstion. I have
tried a few certificates and everytime I imported a new certificate, it
created a new key container and imported that key as AT_KEYEXCHANGE.
Also, is there a way to specify which CSP and key container that you want to
import the certificates and keys into?
For question 2, I have done some testing and when I was using a smart card
based CSP I could use a key marked as AT_KEYEXCHANGE to do both signing and
key exchange thing. But when I used a key from one of the MS CSPs, I could
only do key exchange with keys marked as AT_KEYEXCHANGE. So is there anything
that I need to do before I can use any key marked as AT_KEYEXCHANGE for both
signature and key exchange?
Thanks
Nick
Post by lelteto
1. The certificate EXTENSION(s) will tell what the key is valid for. If the
private key is valid ONLY for signature than it will be set as AT_SIGNATURE.
If it is valid for other purposes (eg. SSL authentication, decryption etc)
than it will be AT_KEYEXCHANGE.
2. Yes, AT_SIGNATURE keys can ONLY be used to sign; AT_KEYEXCHANGE keys can
be use both to sign and decrypt.
(Although from a pure security point one should not use the same private key
for both signing and decrypt, in practice people don't like to get multiple
certificates - getting one is hassle enough - so they just want to use one
key pair and one cert. That's why MS allows one private key to be used for
botj signing and decryption.)
Laszlo Elteto
SafeNet, Inc.
Post by Nick
Hi there,
According to MSDN, each key store within a CSP can have a key pair for
signature and a key pair for key exchange.
1) When I use the import utility from MMC to import a pkcs12 file that
contains both the certificate and key, how do I specify the key is going to
be imported as AT_SIGNATURE?
2) From my testing, it seems that when a smart card based CSP is used, I can
use a key pair marked as AT_KEYEXCHANGE to do signature and key exchange. But
with one of the microsoft CSPs, a key pair marked as AT_KEYEXCHANGE can only
be used to do key exchange. So, is this correct?
Thanks
Nick
Nick
2005-06-08 06:42:03 UTC
Permalink
Thanks all for your reply.

All are figured out. The reason that I can not use a AT_KEYEXCHANGE key to
sign data is that I wrongly passed the key handle to CryptCreateHash(), where
a smartcard based CSP does not complain but a MS CSP returns a bad key error.

Thanks again for your help.

Nick
Post by Valery Pryamikov
AT_KEYEXCHANGE and AT_KEYSIGNATURE is just usage restriction hint for the
framework. There are several good logical reasons to differenciate signature
and encryption keys. The most important reason is that encryption keys may
(and usually do) require backup for avoiding risk of information loss.
However signature keys neither requires backup nor should they be fed to
keyescrow agents.
But when it concerns RSA keys - both signature and encryption keys has
absolutely same structure and there is no possibility to distinguish key's
purpose just by accessing key's strucutre. Therefore any key could be used
for both purpose, but A GOOD FRAMEWORK distinguish signature and encryption
keys because they require different treatment by backup/restore agents (as
well as key escrow agents if last are used).
restrictions were only regarding strength of encryption keys but not
signature keys. Microsoft was required to provide prove to the government
that they never allow signature keys to be used for encryption purposes
before they were allowed to ship Microsoft encryption modules with Windows.
Exporting restrictions are the history now (thanks god :D).
This all is explanation of why you get keyusage restrictions with Microsoft
CSP, but not with thirdparty CSP.
-Valery.
http://www.harper.no/valery
Post by Nick
Hi Lelteto,
Thanks for your reply.
The certificate that I imported has only the digital signature bit set in
its key usage extenstion and it has no extended key usage extenstion. I have
tried a few certificates and everytime I imported a new certificate, it
created a new key container and imported that key as AT_KEYEXCHANGE.
Also, is there a way to specify which CSP and key container that you want to
import the certificates and keys into?
For question 2, I have done some testing and when I was using a smart card
based CSP I could use a key marked as AT_KEYEXCHANGE to do both signing and
key exchange thing. But when I used a key from one of the MS CSPs, I could
only do key exchange with keys marked as AT_KEYEXCHANGE. So is there anything
that I need to do before I can use any key marked as AT_KEYEXCHANGE for both
signature and key exchange?
Thanks
Nick
Post by lelteto
1. The certificate EXTENSION(s) will tell what the key is valid for. If the
private key is valid ONLY for signature than it will be set as AT_SIGNATURE.
If it is valid for other purposes (eg. SSL authentication, decryption etc)
than it will be AT_KEYEXCHANGE.
2. Yes, AT_SIGNATURE keys can ONLY be used to sign; AT_KEYEXCHANGE keys can
be use both to sign and decrypt.
(Although from a pure security point one should not use the same private key
for both signing and decrypt, in practice people don't like to get multiple
certificates - getting one is hassle enough - so they just want to use one
key pair and one cert. That's why MS allows one private key to be used for
botj signing and decryption.)
Laszlo Elteto
SafeNet, Inc.
Post by Nick
Hi there,
According to MSDN, each key store within a CSP can have a key pair for
signature and a key pair for key exchange.
1) When I use the import utility from MMC to import a pkcs12 file that
contains both the certificate and key, how do I specify the key is going to
be imported as AT_SIGNATURE?
2) From my testing, it seems that when a smart card based CSP is used, I can
use a key pair marked as AT_KEYEXCHANGE to do signature and key exchange. But
with one of the microsoft CSPs, a key pair marked as AT_KEYEXCHANGE can only
be used to do key exchange. So, is this correct?
Thanks
Nick
Loading...