Re: key usage - key encipherment or data encipherment

["Kazin, Joel" <Joel.Kazin@xxxxxxxxxxxxxx>]

Peters rewording makes it clearer.

At 12:34 AM 5/11/2005 -0500, pgut001@xxxxxxxxxxxxxxxxx wrote:

> Andrew Sciberras
> <andrewsciberras@xxxxxxxxx> writes: 
>
> >     The keyEncipherment bit is
> asserted when the subject public key is 
> >      used for key
> transport.  For example, when an RSA key is to be 
> >      used for key management,
> then this bit shall asserted. 
> > 
> >      The dataEncipherment bit
> is asserted when the subject public key 
> >      is used for enciphering
> user data, other than cryptographic keys. 
>
> Quoting that won't help (I've seen this sort of thing
> before) because as far 
> as the user is concerned what's being encrypted is data, so
> the valid bit to 
> use is dataEncipherment (quite logical to them).  What
> might help is to make 
> this more explicit in the text: 
>
>   The dataEncipherment bit is asserted when the subject
> public key is used for 
>   directly enciphering raw user data without the use of
> an intermediate 
>   symmetric cipher.  This bit MUST NOT be set when
> the intention is to 
>   encipher intermediate cryptographic keys rather than
> raw user data. 
>
> Peter.

Joel S. Kazin CPA, CISA, CISSP, CISM
Senior Consultant
Atos Origin
40 Old Sleepy Hollow Road
Pleasantville, New York 10570-3802
USA
Phone  +1 914-769-8780
Mobile  +1 914-564-1484
email    joel.kazin@xxxxxxxxxxxxxx
www.atosorigin.com