使用单独的密钥对进行签名和加密的目的是什么? [英] What is the purpose of using separate key pairs for signing and encryption?
问题描述
为什么我需要使用单独的公共密钥对进行签名和加密
而不使用与RSA相同的密钥对?
使用同一密钥是否存在安全性问题?
Why do I need to use separate public key pairs for signing and encryption and not use the same key pair with RSA for example? Is there any security problem with using the same key?
推荐答案
使用单独的密钥对进行签名和签名的原因加密将散布风险:如果某人恢复了私有加密密钥,则他/她可以解密使用公共加密密钥加密的文档,但不能使用它对文档进行签名,反之亦然。
The reason for using separate key pairs for signing and encryption is to spread the risk: If someone recovers the private encryption key, he/she can decrypt documents that were encrypted using the public encryption key but can’t use it to also sign documents and vice versa.
另一个原因可能是法律原因:
在一些国家,数字签名的状态有点像传统的笔和纸签名,例如在欧盟数字签名立法。一般而言,这些规定意味着任何经过数字签名的合法文件均会将文档的签名者与其中的条款绑定在一起。因此,通常认为最好使用单独的密钥对进行加密和签名。使用加密密钥对,一个人可以进行加密的对话(例如,关于房地产交易),但是加密并不能合法地签署他发送的每条消息。只有当双方达成协议时,他们才会使用签名密钥签署合同,然后才受特定文档条款的法律约束。签名后,可以通过加密链接发送文档。如果签名密钥丢失或被破坏,则可以将其撤销以减轻将来的交易。如果加密密钥丢失,则应利用备份或密钥托管来继续查看加密内容。签名密钥绝不能备份或托管。
In several countries, a digital signature has a status somewhat like that of a traditional pen and paper signature, like in the EU digital signature legislation. Generally, these provisions mean that anything digitally signed legally binds the signer of the document to the terms therein. For that reason, it is often thought best to use separate key pairs for encrypting and signing. Using the encryption key pair, a person can engage in an encrypted conversation (e.g., regarding a real estate transaction), but the encryption does not legally sign every message he sends. Only when both parties come to an agreement do they sign a contract with their signing keys, and only then are they legally bound by the terms of a specific document. After signing, the document can be sent over the encrypted link. If a signing key is lost or compromised, it can be revoked to mitigate any future transactions. If an encryption key is lost, a backup or key escrow should be utilized to continue viewing encrypted content. Signing keys should never be backed up or escrowed.
这篇关于使用单独的密钥对进行签名和加密的目的是什么?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
