ietf-smime
[Top] [All Lists]

Re: DH keypair generation (was RE: S/MIME V3 Msg Spec Comments)

1997-11-07 14:43:11
Blake,

Yes, there are always separate key pairs for signing and encrypting.

DH and DSS are separate algorithms.  DH is used for key exchange associated
with the content encryption process.  Specifically, a random message
encryption key (MEK) is generated and used to encrypt the content.  The
originator then uses her private DH key in conjunction with the recipient's
public DH key to generate a pairwise key which is used to uniquely encrypt
the MEK for the recipient.  This process is repeated for each recipient.

DSS is used for digital signature.  The originator uses her private DSS key
to sign a hash (usually SHA-1) of the data and the recipient uses the
originator's public DSS key to verify the originator's signature.

DH and DSS keys are separately generated.  The public DH and DSS keys are
stored in separate X.509 Certificates.

A pair of DSS private and public keys are generated for each user's
identity.  The DSS public key is included in an X.509 Certificate using the
X9.57 id-dsa OID in the SubjectPublicKeyInfo AlgorithmIdentifier field as
stated in PKIX I, Sec 7.3.3.

A separate pair of DH private and public keys are generated.  The DH public
key is included in a separate X.509 Certificate using the X9.42
dhpublicnumber OID in the SubjectPublicKeyInfo AlgorithmIdentifier field as
stated in PKIX I, Sec 7.3.2.

How about changing the text to the following: "An S/MIME agent or some
related administrative utility or function MUST be capable of generating
separate DH and DSS public/private key pairs on behalf of the user."

================================
John Pawling   
jsp(_at_)jgvandyke(_dot_)com                             
J.G. Van Dyke & Associates, Inc.           
================================



At 12:59 PM 11/7/97 -0800, Blake Ramsdell wrote:
On Thursday, November 06, 1997 11:49 AM, jsp(_at_)jgvandyke(_dot_)com
[SMTP:jsp(_at_)jgvandyke(_dot_)com] wrote:
4) Sec 4.1, 1rst para, 1rst sent: Please delete "RSA" from: "An S/MIME agent
or some related administrative utility or function MUST be capable of
generating RSA key pairs on behalf of the user."

My concern is along the lines of how keypairs work in the DH new world
order.  Is there always a separate pair for signing and encrypting?

I'd like to get that clarified also, because I think that it belongs in
this section also.

Blake
--
Blake C. Ramsdell
Worldtalk Corporation
For current info, check http://www.deming.com/users/blaker
Voice +1 425 882 8861 x103  Fax +1 425 882 8060