Peter:
Thanks for reading the document.
This text recommends the most prudent approach. Use the key for only one
algorithm and only one purpose.
Russ
At 04:12 AM 7/26/2002 +1200, Peter Gutmann wrote:
> Generally, good cryptographic practice employs a given RSA key pair
> in only one scheme. This practice avoids the risk that vulnerability
> in one scheme may compromise the security of the other, and may be
> essential to maintain provable security. While PKCS #1 Version 1.5
> [PKCS#1v1.5] has been employed for both key transport and digital
> signature without any known bad interactions, such a combined use of
> an RSA key pair is not recommended in the future. Therefore, an RSA
> key pair used for RSAES-OAEP key transport should not also be used
> for other purposes.
Does "other purposes" here mean "signing" or "other types of key transport"?
The comparison with PKCS #1 v1 seems to imply "signing", but it could also be
interpreted to mean PKCS #1v1 vs. PKCS #1v2 key transport... I could see that
the latter might lead to problems when you're communicating with existing
implementations, or a mixture of old and new.
Peter.