Re: AT_SIGNATURE
From: Michel Gallant (neutron_at_nspxistar.ca)
Date: 09/30/03
- Next message: JohnB: "CryptGenKey fails with CALG_3DES"
- Previous message: JohnB: "CryptGenKey fails with CALG_3DES"
- In reply to: Oliver Young: "AT_SIGNATURE"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 30 Sep 2003 11:24:26 -0400
AT_SIGNATURE and AT_KEYEXCHANGE are "CryptoAPI" specific designators.
They refer to MS properties associated with RSA keypairs in CryptoAPI keycontainers.
They are used within CryptoAPI by applications to control what keys can/can't do.
Originally, AT_KEYEXCHANGE was used to designature keys that could be used
for "exchanging keys" (i.e. encrypting secret sessions keys with the public RSA key of
recipients), whereas AT_SIGNATURE keys were meant to only allow signing content, using the private
RSA key.
Some of these usage issues are historically related to stricter crypto export restrictions.
Currently, for example, in CryptoAPI, to decrypt an enveloped message requires that the
local keypair of a recipient is marked as AT_KEYEXCHANGE.
Other applications, like .NET strong naming only accept use of keys marked AT_SIGNATURE.
An X509 public certificate does NOT contain the information as to whether the owner of
the private key has their keypair marked as SIGNATURE or EXCHANGE.
- Michel Gallant
MVP Security
"Oliver Young" <please@no.spam.com> wrote in message news:Ov5i9BzhDHA.4024@TK2MSFTNGP11.phx.gbl...
>
> What is the difference between AT_SIGNATURE and AT_KEYEXCHANGE? What is "key exchange"?
>
>
- Next message: JohnB: "CryptGenKey fails with CALG_3DES"
- Previous message: JohnB: "CryptGenKey fails with CALG_3DES"
- In reply to: Oliver Young: "AT_SIGNATURE"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
