On 20/09/13 13:22, Dominik Schürmann wrote:
I am wondering if it is okay to use the same asymmetric ECC key for
ECDSA and ECIES. Given that the signing and encryption algorithms are
not related like in RSA, I assume it is okay to use the same key for
both operations.
Are there any things I need to pay attention to when combining both
schemes using same keys? Can Bob decrypt messages by forcing Alice to
sign messages? (as in naive RSA implementations).
Even if it's technically secure (and I suspect it isn't), in some
legislations you can be compelled to hand over a decryption key,
or a dual use key, but not a signature _only_ key.
http://www.legislation.gov.uk/ukpga/2000/23/section/49/enacted (9)
So at least in some use cases, it's better to keep the signature key
as a signature only key.
_______________________________________________
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography
