[cryptography] Using same key for ECDSA and ECIES
Kenny.Paterson at rhul.ac.uk
Fri Sep 20 11:17:15 EDT 2013
On 20/09/2013 16:07, "Alan Braggins" <alan.braggins at gmail.com> wrote:
>On 20/09/13 13:22, Dominik Schürmann wrote:
>> I am wondering if it is okay to use the same asymmetric ECC key for
>> ECDSA and ECIES. Given that the signing and encryption algorithms are
>> not related like in RSA, I assume it is okay to use the same key for
>> both operations.
>> Are there any things I need to pay attention to when combining both
>> schemes using same keys? Can Bob decrypt messages by forcing Alice to
>> sign messages? (as in naive RSA implementations).
>Even if it's technically secure (and I suspect it isn't), in some
>legislations you can be compelled to hand over a decryption key,
>or a dual use key, but not a signature _only_ key.
>So at least in some use cases, it's better to keep the signature key
>as a signature only key.
It is "technically secure". See:
especially Section 4.
Even so, I would not recommend this approach unless you absolutely have to
More information about the cryptography