Re: key usage - key encipherment or data encipherment

[pgut001@xxxxxxxxxxxxxxxxx (Peter Gutmann)]

Denis Pinkas <Denis.Pinkas@xxxxxxxx> writes:

>Let us look what PKCS#11 states about the mapping of X.509 key usage flags to
>cryptoki attributes for private keys for CKA_DECRYPT and CKA_UNWRAP:

Note that this usage is entirely dependent on the user.  PKCS #11 sets no
constraints based on the cert contents.  Experience has shown that the PKCS
#11 flags set by the user often bear no relation to the key flags in the cert,
with keys with signature-only certs being usable for encryption and vice
versa.  It's not small-scale stuff either, this sort of thing goes all the way
up to the European national-CA level (this isn't a purely European disease,
but smart cards seem to be a lot more widely used over there, so it's more
noticeable).

>Key usage flags for public keys    Corresponding cryptoki attributes in X.509
>public key certificates for private keys
>
>dataEncipherment                           CKA_DECRYPT
>keyAgreement                               CKA_DERIVE
>keyEncipherment                            CKA_UNWRAP

Even that is merely theoretical guidance, since there's a lot of confusion
between decryption and unwrapping keys - some apps mark keys as being for
decryption and some for unwrapping.  What you do is you try a decrypt first,
and if that fails you try an unwrap with a CKO_SECRET_KEY of type
CKK_GENERIC_SECRET, which returns the entire decrypted value, making the
unwrap equivalent to a straight decrypt.

So even here where you've got provision for key-wrap vs. data-encrypt, (a)
it's frequently not mapped from the certificate to the PKCS #11 level and (b)
even if it were, it's common practice to apply both operations in a manner
that makes them equivalent, in order to handle with the way existing apps do
things.

Peter.