[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Certificate requests for encryption keys

To: Ben Laurie <ben@xxxxxxxxxxxxx>
Subject: Re: Certificate requests for encryption keys
From: Stephen Kent <kent@xxxxxxx>
Date: Tue, 8 Jun 1999 18:01:33 -0400
Cc: ietf-pkix@xxxxxxx
In-reply-to: <>
List-archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
References: <><>
Sender: owner-ietf-pkix@xxxxxxx

Ben,
>Stephen Kent wrote:
>>
>> Ben,
>>
>> >
>> >??? If I HMAC then DH the result, isn't that a signature?
>>
>> No, encrypting a hash (I assumed you meant a hash, not HMAC)
>
>Sorry, yes, I do, of course.
>
>> for
>> verification by a specified entity (the entity whose public key was an
>> input to the DH computation you performed) isn't a signature.
>
>I encrypt the hash with my private key, of course, not someone else's
>public key.

NYou don't encrypt anything with a D-H private key or public key.  Use use
your private key and someone else's public key to generate a shared secret
value, which can then be used as a symmetric key for encryption) or as an
input to a symmetric authentication algorithm (e.g., HMAC).

Steve

Follow-Ups:
- Re: Certificate requests for encryption keys
  - From: Ben Laurie

References:
- Re: Certificate requests for encryption keys
  - From: Keith Brady
- Re: Certificate requests for encryption keys
  - From: Stephen Kent
- Re: Certificate requests for encryption keys
  - From: Ben Laurie

Prev by Date: RE: Possible clarification to RFC 2459
Next by Date: RE: Certificate requests for encryption keys
Previous by thread: Re: Certificate requests for encryption keys
Next by thread: Re: Certificate requests for encryption keys
Index(es):
- Date
- Thread