Hi On 20/09/2013 16:07, "Alan Braggins" <alan.bragg...@gmail.com> wrote:
>On 20/09/13 13:22, Dominik Schürmann wrote: >> I am wondering if it is okay to use the same asymmetric ECC key for >> ECDSA and ECIES. Given that the signing and encryption algorithms are >> not related like in RSA, I assume it is okay to use the same key for >> both operations. >> >> Are there any things I need to pay attention to when combining both >> schemes using same keys? Can Bob decrypt messages by forcing Alice to >> sign messages? (as in naive RSA implementations). > >Even if it's technically secure (and I suspect it isn't), in some >legislations you can be compelled to hand over a decryption key, >or a dual use key, but not a signature _only_ key. >http://www.legislation.gov.uk/ukpga/2000/23/section/49/enacted (9) > >So at least in some use cases, it's better to keep the signature key >as a signature only key. It is "technically secure". See: http://eprint.iacr.org/2011/615 especially Section 4. Even so, I would not recommend this approach unless you absolutely have to use it. Cheers Kenny _______________________________________________ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography