AT_KEYEXCHANGE and AT_KEYSIGNATURE is just usage restriction hint for the
framework. There are several good logical reasons to differenciate signature
and encryption keys. The most important reason is that encryption keys may
(and usually do) require backup for avoiding risk of information loss.
However signature keys neither requires backup nor should they be fed to
But when it concerns RSA keys - both signature and encryption keys has
absolutely same structure and there is no possibility to distinguish key's
purpose just by accessing key's strucutre. Therefore any key could be used
for both purpose, but A GOOD FRAMEWORK distinguish signature and encryption
keys because they require different treatment by backup/restore agents (as
well as key escrow agents if last are used).
Another important historical reason was US crypto exporting restrictions:
restrictions were only regarding strength of encryption keys but not
signature keys. Microsoft was required to provide prove to the government
that they never allow signature keys to be used for encryption purposes
before they were allowed to ship Microsoft encryption modules with Windows.
Exporting restrictions are the history now (thanks god :D).
This all is explanation of why you get keyusage restrictions with Microsoft
CSP, but not with thirdparty CSP.
Post by Nick
Thanks for your reply.
The certificate that I imported has only the digital signature bit set in
its key usage extenstion and it has no extended key usage extenstion. I have
tried a few certificates and everytime I imported a new certificate, it
created a new key container and imported that key as AT_KEYEXCHANGE.
Also, is there a way to specify which CSP and key container that you want to
import the certificates and keys into?
For question 2, I have done some testing and when I was using a smart card
based CSP I could use a key marked as AT_KEYEXCHANGE to do both signing and
key exchange thing. But when I used a key from one of the MS CSPs, I could
only do key exchange with keys marked as AT_KEYEXCHANGE. So is there anything
that I need to do before I can use any key marked as AT_KEYEXCHANGE for both
signature and key exchange?
Post by lelteto
1. The certificate EXTENSION(s) will tell what the key is valid for. If the
private key is valid ONLY for signature than it will be set as AT_SIGNATURE.
If it is valid for other purposes (eg. SSL authentication, decryption etc)
than it will be AT_KEYEXCHANGE.
2. Yes, AT_SIGNATURE keys can ONLY be used to sign; AT_KEYEXCHANGE keys can
be use both to sign and decrypt.
(Although from a pure security point one should not use the same private key
for both signing and decrypt, in practice people don't like to get multiple
certificates - getting one is hassle enough - so they just want to use one
key pair and one cert. That's why MS allows one private key to be used for
botj signing and decryption.)
Post by Nick
According to MSDN, each key store within a CSP can have a key pair for
signature and a key pair for key exchange.
1) When I use the import utility from MMC to import a pkcs12 file that
contains both the certificate and key, how do I specify the key is going to
be imported as AT_SIGNATURE?
2) From my testing, it seems that when a smart card based CSP is used, I can
use a key pair marked as AT_KEYEXCHANGE to do signature and key exchange. But
with one of the microsoft CSPs, a key pair marked as AT_KEYEXCHANGE can only
be used to do key exchange. So, is this correct?