narkive is for sale. Interested? (dismiss)
Discussion:
Difference between AT_KEYEXCHANGE and AT_SIGNATURE
(too old to reply)
Arsalan Ahmad
2008-02-11 15:12:49 UTC
Permalink
Hello all,

Could anyone please tell me what is the difference between two keys that are
generated using CryptGenKey() by providing AT_KEYEXCHANGE and AT_SIGNATURE?

In my applicaiton, I want to use a public/private key pair which will be
used not only to encrypt data but to sign data as well. How I can achieve
this? I dont want to use certificates.

Thanks,

Arsalan
lelteto
2008-02-11 17:13:01 UTC
Permalink
AT_SIGNATURE key acn ONLY be used to sign a message. It cannot be used to
wrap (export) session key. AT_KEYEXCHANGE key can be used for BOTH purposes.
So if you want to use only 1 (one) key pair for both, you definitely need
AT_KEYEXCHANGE key pair.

You also need to understand some security implications - and why using two
keys are better than using the same key pair for both:

Normally you shold NEVER reveal youd signing private key. If it is lost, you
simply generate a new signing key pair and use that from that point of time.
On the other hand, you normally need to back up your key exchange key,
because without that you cannot decrypt messages in the future (if the
private key is lost). However, backup means that the key may be available to
someone else - who now could sign messages purportedly coming from you - and
you wouldn't want that.
If you use different key pairs for the two actions you can have secure
signing (your signing private key never goes out) and still can back up your
key exchange key.

One more note on generating these keys:
Since you don't want your signing key know, when you generate it with
CryptGenKey(AT_SIGNATURE) you should never set flags KEY_EXPORTABLE or
KEY_ARCHIVABLE and you may want the extra protection and add
CRYPT_USER_PROTECTED, so every time the signing key is used the user knows it.
On the other hand, when generating the key exchange key using
CryptGenKey(AT_KEYEXCHANGE) you should immediately back it up: set the flag
CRYPT_ARCHIVABLE and IMMEDIATELY export the key for backup. (This flag allows
to export the key only once - right after it is created -, so it is more
secure than allowing to be exported any time by setting CRYPT_EXPORTABLE.)

Laszlo Elteto
SafeNet, Inc.
Post by Arsalan Ahmad
Hello all,
Could anyone please tell me what is the difference between two keys that are
generated using CryptGenKey() by providing AT_KEYEXCHANGE and AT_SIGNATURE?
In my applicaiton, I want to use a public/private key pair which will be
used not only to encrypt data but to sign data as well. How I can achieve
this? I dont want to use certificates.
Thanks,
Arsalan
Arsalan Ahmad
2008-02-12 08:44:25 UTC
Permalink
Thanks Laszlo Elteto for all the help.
Post by lelteto
AT_SIGNATURE key acn ONLY be used to sign a message. It cannot be used to
wrap (export) session key. AT_KEYEXCHANGE key can be used for BOTH purposes.
So if you want to use only 1 (one) key pair for both, you definitely need
AT_KEYEXCHANGE key pair.
You also need to understand some security implications - and why using two
Normally you shold NEVER reveal youd signing private key. If it is lost, you
simply generate a new signing key pair and use that from that point of time.
On the other hand, you normally need to back up your key exchange key,
because without that you cannot decrypt messages in the future (if the
private key is lost). However, backup means that the key may be available to
someone else - who now could sign messages purportedly coming from you - and
you wouldn't want that.
If you use different key pairs for the two actions you can have secure
signing (your signing private key never goes out) and still can back up your
key exchange key.
Since you don't want your signing key know, when you generate it with
CryptGenKey(AT_SIGNATURE) you should never set flags KEY_EXPORTABLE or
KEY_ARCHIVABLE and you may want the extra protection and add
CRYPT_USER_PROTECTED, so every time the signing key is used the user knows it.
On the other hand, when generating the key exchange key using
CryptGenKey(AT_KEYEXCHANGE) you should immediately back it up: set the flag
CRYPT_ARCHIVABLE and IMMEDIATELY export the key for backup. (This flag allows
to export the key only once - right after it is created -, so it is more
secure than allowing to be exported any time by setting CRYPT_EXPORTABLE.)
Laszlo Elteto
SafeNet, Inc.
Post by Arsalan Ahmad
Hello all,
Could anyone please tell me what is the difference between two keys that are
generated using CryptGenKey() by providing AT_KEYEXCHANGE and
AT_SIGNATURE?
In my applicaiton, I want to use a public/private key pair which will be
used not only to encrypt data but to sign data as well. How I can achieve
this? I dont want to use certificates.
Thanks,
Arsalan
jantes
2008-02-18 10:36:00 UTC
Permalink
A good explanation, but why allow signing with the key exchange key? Doesn't
that break the security that you describe?
Post by lelteto
AT_SIGNATURE key acn ONLY be used to sign a message. It cannot be used to
wrap (export) session key. AT_KEYEXCHANGE key can be used for BOTH purposes.
So if you want to use only 1 (one) key pair for both, you definitely need
AT_KEYEXCHANGE key pair.
You also need to understand some security implications - and why using two
Normally you shold NEVER reveal youd signing private key. If it is lost, you
simply generate a new signing key pair and use that from that point of time.
On the other hand, you normally need to back up your key exchange key,
because without that you cannot decrypt messages in the future (if the
private key is lost). However, backup means that the key may be available to
someone else - who now could sign messages purportedly coming from you - and
you wouldn't want that.
If you use different key pairs for the two actions you can have secure
signing (your signing private key never goes out) and still can back up your
key exchange key.
Since you don't want your signing key know, when you generate it with
CryptGenKey(AT_SIGNATURE) you should never set flags KEY_EXPORTABLE or
KEY_ARCHIVABLE and you may want the extra protection and add
CRYPT_USER_PROTECTED, so every time the signing key is used the user knows it.
On the other hand, when generating the key exchange key using
CryptGenKey(AT_KEYEXCHANGE) you should immediately back it up: set the flag
CRYPT_ARCHIVABLE and IMMEDIATELY export the key for backup. (This flag allows
to export the key only once - right after it is created -, so it is more
secure than allowing to be exported any time by setting CRYPT_EXPORTABLE.)
Laszlo Elteto
SafeNet, Inc.
Post by Arsalan Ahmad
Hello all,
Could anyone please tell me what is the difference between two keys that are
generated using CryptGenKey() by providing AT_KEYEXCHANGE and AT_SIGNATURE?
In my applicaiton, I want to use a public/private key pair which will be
used not only to encrypt data but to sign data as well. How I can achieve
this? I dont want to use certificates.
Thanks,
Arsalan
lelteto
2008-02-18 18:00:05 UTC
Permalink
This is "conevience vs. security". It you are using private keys externally,
normally you need CERTIFICATE for them. It is hard to get one certificate -
and users don't want to bother getting two certs. (Plus they would confuse
which one to use for what.)
So this is just the realization from microsoft that users want ONE private /
public key pair and use that for everything.

Laszlo Elteto
SafeNet, Inc.
Post by jantes
A good explanation, but why allow signing with the key exchange key? Doesn't
that break the security that you describe?
Post by lelteto
AT_SIGNATURE key acn ONLY be used to sign a message. It cannot be used to
wrap (export) session key. AT_KEYEXCHANGE key can be used for BOTH purposes.
So if you want to use only 1 (one) key pair for both, you definitely need
AT_KEYEXCHANGE key pair.
You also need to understand some security implications - and why using two
Normally you shold NEVER reveal youd signing private key. If it is lost, you
simply generate a new signing key pair and use that from that point of time.
On the other hand, you normally need to back up your key exchange key,
because without that you cannot decrypt messages in the future (if the
private key is lost). However, backup means that the key may be available to
someone else - who now could sign messages purportedly coming from you - and
you wouldn't want that.
If you use different key pairs for the two actions you can have secure
signing (your signing private key never goes out) and still can back up your
key exchange key.
Since you don't want your signing key know, when you generate it with
CryptGenKey(AT_SIGNATURE) you should never set flags KEY_EXPORTABLE or
KEY_ARCHIVABLE and you may want the extra protection and add
CRYPT_USER_PROTECTED, so every time the signing key is used the user knows it.
On the other hand, when generating the key exchange key using
CryptGenKey(AT_KEYEXCHANGE) you should immediately back it up: set the flag
CRYPT_ARCHIVABLE and IMMEDIATELY export the key for backup. (This flag allows
to export the key only once - right after it is created -, so it is more
secure than allowing to be exported any time by setting CRYPT_EXPORTABLE.)
Laszlo Elteto
SafeNet, Inc.
Post by Arsalan Ahmad
Hello all,
Could anyone please tell me what is the difference between two keys that are
generated using CryptGenKey() by providing AT_KEYEXCHANGE and AT_SIGNATURE?
In my applicaiton, I want to use a public/private key pair which will be
used not only to encrypt data but to sign data as well. How I can achieve
this? I dont want to use certificates.
Thanks,
Arsalan
h***@gmail.com
2014-01-15 09:59:37 UTC
Permalink
Post by lelteto
AT_SIGNATURE key acn ONLY be used to sign a message. It cannot be used to
wrap (export) session key. AT_KEYEXCHANGE key can be used for BOTH purposes.
So if you want to use only 1 (one) key pair for both, you definitely need
AT_KEYEXCHANGE key pair.
You also need to understand some security implications - and why using two
Normally you shold NEVER reveal youd signing private key. If it is lost, you
simply generate a new signing key pair and use that from that point of time.
On the other hand, you normally need to back up your key exchange key,
because without that you cannot decrypt messages in the future (if the
private key is lost). However, backup means that the key may be available to
someone else - who now could sign messages purportedly coming from you - and
you wouldn't want that.
If you use different key pairs for the two actions you can have secure
signing (your signing private key never goes out) and still can back up your
key exchange key.
Since you don't want your signing key know, when you generate it with
CryptGenKey(AT_SIGNATURE) you should never set flags KEY_EXPORTABLE or
KEY_ARCHIVABLE and you may want the extra protection and add
CRYPT_USER_PROTECTED, so every time the signing key is used the user knows it.
On the other hand, when generating the key exchange key using
CryptGenKey(AT_KEYEXCHANGE) you should immediately back it up: set the flag
CRYPT_ARCHIVABLE and IMMEDIATELY export the key for backup. (This flag allows
to export the key only once - right after it is created -, so it is more
secure than allowing to be exported any time by setting CRYPT_EXPORTABLE.)
Laszlo Elteto
SafeNet, Inc.
Post by Arsalan Ahmad
Hello all,
Could anyone please tell me what is the difference between two keys that are
generated using CryptGenKey() by providing AT_KEYEXCHANGE and AT_SIGNATURE?
In my applicaiton, I want to use a public/private key pair which will be
used not only to encrypt data but to sign data as well. How I can achieve
this? I dont want to use certificates.
Thanks,
Arsalan
Thanks for your explanation, but why can't I find these attributes in PKCS#11 specification?
Loading...