AW: Does the use of the same key for encryption and signature pos e a security threat?

[Dittmann Werner <we...@siemens.com>]

All,
 
I'm not the guru of encryption mathematics. But the argumentation
seems a little odd to me:
The public or private key of the asymmetric key is used only to
encrypt very short data: during signature only some digests (not
even the whole certificate or message) and during encryption only
the short and random symmetric session key. Pls keep in mind
that we do not encrypt the whole message with the PK but only
a short symmertic key that is used to encrypt the message.
 
Thus IMHO the usage patterns for signature and encryption are very
similar. The amount of data being encrypted with the PK is always
very low and in both cases random. 
 
IMO Signature is more "dangerous" because I can start a known
plaintext attack (because I can compute the digest that is encrypted
with the public key). This is not the case for encryption because
the random session key is not know to the attacker.
 
Regards,
Werner
-----Ursprüngliche Nachricht-----
Von: Christof Soehngen [mailto:Christof.Soehngen@SYRACOM.DE] 
Gesendet: Freitag, 28. Mai 2004 16:33
An: Dittmann Werner; fx-dev@ws.apache.org; sanjesh@soapknox.com
Betreff: AW: Does the use of the same key for encryption and signature pose a security threat?


Thanks for the quick answer,
looks like I didn't describe my problem good enough :-)
I know of the way WSS4J does handle the problem (USE_REQ_SIG_CERT) and to me this procedure looks very elegant (minimal footprint).
My problem is that a co-worker told me that this procedure is dangerous, because it would allow mathematical attacks. He suggested using two key pairs, one for signing, one for encryption. This would mean a huge problem regarding deployment.
I think I'll ask that co-worker what attack he meant, exactly.
Bye, Christof