[Cryptography] Elliptic curve question

Hanno Böck hanno at hboeck.de
Tue Oct 8 13:23:33 EDT 2013


On Mon, 7 Oct 2013 10:54:50 +0200
Lay András <andras at lay.hu> wrote:

> I made a simple elliptic curve utility in command line PHP:
> 
> https://github.com/LaySoft/ecc_phgp
> 
> I know in the RSA, the sign is inverse operation of encrypt, so two
> different keypairs needs for encrypt and sign. In elliptic curve
> cryptography, the sign is not the inverse operation of encrypt, so my
> application use same keypair for encrypt and sign.
> 
> Is this correct?

The very general answer: If it's not a big problem, it's always better
to separate encryption and signing keys - because you never know if
there are yet unknown interactions if you use the same key material in
different use cases.

You can even say this more general: It's always better to use one key
for one usage case. It doesn't hurt and it may prevent security issues.

-- 
Hanno Böck
http://hboeck.de/

mail/jabber: hanno at hboeck.de
GPG: BBB51E42
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: not available
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20131008/d24bfc1b/attachment.pgp>


More information about the cryptography mailing list