Encryption and Signing – Same Key Pair – or different key pairs?
- Why do we need certificates at all in PKI?
- Diffie Helman, Symmetric and Asymmetric Encryption
- Group Encryption Keys
- Brute Force Breaking of Encryption – Solution Scheme
- Encryption and Signing – Same Key Pair – or different key pairs?
- Tokenization versus Encryption vs Data Masking
Most articles and even textbooks assume that the same key pair will be used for encryption as for signatures.
However, there is absolutely no reason this has to be the case.
Part of the reason the misconception arises is that the key pair is meant to represent a human (identity). And since the identity is unique, it may seem like there should be a SINGLE key pair.
In practice, it is preferable to use different key pairs for these two differing use cases (signatures and encryption).
Also read – A simple scheme to prevent brute force breaking of private keys
Private Keys are used in signing
Another thing to remember is that unlike payload encryption, the signing use case actually uses the private key to sign the data. Payload encryption uses the public key.
Why sign the hash and not the data itself?
signing the hash provides an additional safety check – by performing the hash check even before starting to decrypt the data.
Anuj holds professional certifications in Google Cloud, AWS as well as certifications in Docker and App Performance Tools such as New Relic. He specializes in Cloud Security, Data Encryption and Container Technologies.
Anuj Varma – who has written 1210 posts on Anuj Varma, Hands-On Technology Architect, Clean Air Activist.
Leave a Reply