On Mon, 7 Oct 2013 10:54:50 +0200 Lay András <and...@lay.hu> wrote: > I made a simple elliptic curve utility in command line PHP: > > https://github.com/LaySoft/ecc_phgp > > I know in the RSA, the sign is inverse operation of encrypt, so two > different keypairs needs for encrypt and sign. In elliptic curve > cryptography, the sign is not the inverse operation of encrypt, so my > application use same keypair for encrypt and sign. > > Is this correct?
The very general answer: If it's not a big problem, it's always better to separate encryption and signing keys - because you never know if there are yet unknown interactions if you use the same key material in different use cases. You can even say this more general: It's always better to use one key for one usage case. It doesn't hurt and it may prevent security issues. -- Hanno Böck http://hboeck.de/ mail/jabber: ha...@hboeck.de GPG: BBB51E42
signature.asc
Description: PGP signature
_______________________________________________ The cryptography mailing list cryptography@metzdowd.com http://www.metzdowd.com/mailman/listinfo/cryptography