Re: AT_SIGNATURE

From: Michel Gallant (neutron_at_nspxistar.ca)
Date: 09/30/03

• Next message: JohnB: "CryptGenKey fails with CALG_3DES"
• Previous message: JohnB: "CryptGenKey fails with CALG_3DES"
• In reply to: Oliver Young: "AT_SIGNATURE"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Tue, 30 Sep 2003 11:24:26 -0400

AT_SIGNATURE and AT_KEYEXCHANGE are "CryptoAPI" specific designators.
They refer to MS properties associated with RSA keypairs in CryptoAPI keycontainers.

They are used within CryptoAPI by applications to control what keys can/can't do.
Originally, AT_KEYEXCHANGE was used to designature keys that could be used
for "exchanging keys" (i.e. encrypting secret sessions keys with the public RSA key of
recipients), whereas AT_SIGNATURE keys were meant to only allow signing content, using the private
RSA key.

Some of these usage issues are historically related to stricter crypto export restrictions.

Currently, for example, in CryptoAPI, to decrypt an enveloped message requires that the
local keypair of a recipient is marked as AT_KEYEXCHANGE.
Other applications, like .NET strong naming only accept use of keys marked AT_SIGNATURE.

An X509 public certificate does NOT contain the information as to whether the owner of
the private key has their keypair marked as SIGNATURE or EXCHANGE.

 - Michel Gallant
    MVP Security

"Oliver Young" <please@no.spam.com> wrote in message news:Ov5i9BzhDHA.4024@TK2MSFTNGP11.phx.gbl...
>
> What is the difference between AT_SIGNATURE and AT_KEYEXCHANGE? What is "key exchange"?
>
>

• Next message: JohnB: "CryptGenKey fails with CALG_3DES"
• Previous message: JohnB: "CryptGenKey fails with CALG_3DES"
• In reply to: Oliver Young: "AT_SIGNATURE"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages RE: CryptoAPI - How can I use ECB cipher mode with RSA? ... RSA does not have cipher modes - only symmetric block ciphers have. ... CryptSetKeyParam for RSA keys. ... I am faced with abandoning CryptoAPI completely ... (microsoft.public.platformsdk.security) Re: HMAC TLS 1.0 ... The CryptoAPI interface isn't well suited for the complex sort of crypto ... involved in performing TLS key derivation operations. ... > The problem with #1 is, how can I divide the keys handled ... (microsoft.public.platformsdk.security) RE: Thanks and a follow-up question on private keys ... Basically keys are stored within Crypto Service Providers. ... CSP stores keys is CSP implementation dependant and of course possibly ... to request authentication before exercising the private keys and may never ... CryptoAPI through the same interface. ... (Focus-Microsoft) Re: OpenNETCF Cryptography questions - using RSA for licensing strategy ... that is in bits (not characters). ... the CryptoAPI on some CE devices will support 16K bit key sizes ... ... >keys, in which case I think generating 1024 character keys would be very ... >> public and private keys are just long numbers, ... (microsoft.public.dotnet.framework.compactframework) Re: Encrypton/decryption Keys ... This posting is provided "AS IS" with no warranties, and confers no rights. ... > use somwhere in the structure of CryptoAPI. ... > Is there a way to keep these keys secret and not allow other application ... (microsoft.public.security)

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint