Re: key usage - key encipherment or data encipherment

["Wen-Cheng Wang" <wcwang@xxxxxxxxxx>]

FYI:  In the Asia PKI Interoperability Guideline (prepared by
Asia PKI Forum), we suggest CA vendors or operators to
assert both the keyEncipherment and dataEncipherment bits
in an encryption cert. The main reason is that we intend to allow
users to use the public key for directly enciphering raw user data.
We certainly know that the public key is usually used to encrypt
intermediate cryptographic keys. However, what if someday
users really want to use that public key for directly enciphering
raw user data (e.g., user password)? For the sake of supporting
both kinds of encipherment, it is better to assert both bits in the
beginning. I see no reason why a public key certified by an
"encryption" certificate should be prohibit from being used for
directly enciphering small-size user data. The second reason is
that we believe that asserting both bits is helpful to achieve
maximum Interoperability. By asserting both bits, no matter which
interpretation the application implementators adopt, the cert
should always work.
Anyway, I believe that it is not harmful if the dataEncipherment
bit is asserted in an encryption cert in addition to the
keyEncipherment bit.

Wen-Cheng Wang

----- Original Message ----- 
From: "Russ Housley" <housley@xxxxxxxxxxxx>
To: "Miguel A Rodriguez" <mars@xxxxxxxxxxxxxx>
Cc: <ietf-pkix@xxxxxxx>
Sent: Thursday, May 12, 2005 3:57 AM
Subject: RE: key usage - key encipherment or data encipherment


> As far as I know, SET was the only protocol that used data encipherment.  Of course, SET used the 
> same RSA public key for both data encipherment and key encipherment.
>
> Russ
>
> At 01:20 PM 5/11/2005, Miguel A Rodriguez wrote:
>
> > Does anyone use dataEncipherment?
> >
> > Miguel A Rodríguez
> > SeguriData
> > Mexico
> >
> > At 03:47 AM 5/11/2005, Wen-Cheng Wang wrote:
> >
> >
> > >Peter Gutmann <pgut001@xxxxxxxxxxxxxxxxx> wrote:
> > >>Andrew Sciberras <andrewsciberras@xxxxxxxxx> writes:
> > >>
> > >>>     The keyEncipherment bit is asserted when the subject public key
> > is
> > >>>      used for key transport.  For example, when an RSA key is to be
> > >>>      used for key management, then this bit shall asserted.
> > >>>
> > >>>      The dataEncipherment bit is asserted when the subject public
> > key
> > >>>      is used for enciphering user data, other than cryptographic
> > >>> keys.
> > >>Quoting that won't help (I've seen this sort of thing before) because
> > >>as far as the user is concerned what's being encrypted is data, so the
> >
> > >>valid bit to use is dataEncipherment (quite logical to them).  What
> > >>might help is to make this more explicit in the text:
> > >>  The dataEncipherment bit is asserted when the subject public key is
> > >> used for
> > >>  directly enciphering raw user data without the use of an
> > intermediate
> > >>  symmetric cipher.  This bit MUST NOT be set when the intention is to
> > >>  encipher intermediate cryptographic keys rather than raw user data.
> > >It is better to clarify that it is legitimate to assert both the
> > >keyEncipherment bit
> > >and the dataEncipherment bit in one certificate. In that case, it means
> >
> > >that the
> > >key (e.g., RSA key) may be used for enciphering intermediate
> > cryptographic
> > >keys or directly enciphering raw user data (e.g., user password).
> > >
> > >Wen-Cheng Wang
> > >
> > >