iramcdonald
commented
6 years ago Hi,
Best practice in all current cryptography is to separate key usage. Signing keys should never be used for encryption keys (and vice versa). This is important to get right (including for RSA).
Cheers,
- Ira
Ira McDonald (Musician / Software Architect) Co-Chair - TCG Trusted Mobility Solutions WG Chair - Linux Foundation Open Printing WG Secretary - IEEE-ISTO Printer Working Group Co-Chair - IEEE-ISTO PWG Internet Printing Protocol WG IETF Designated Expert - IPP & Printer MIB Blue Roof Music / High North Inc http://sites.google.com/site/blueroofmusic http://sites.google.com/site/highnorthinc mailto: blueroofmusic@gmail.com Jan-April: 579 Park Place Saline, MI 48176 734-944-0094 May-Dec: PO Box 221 Grand Marais, MI 49839 906-494-2434
On Thu, Sep 27, 2018 at 10:19 AM OYTIS notifications@github.com wrote:
Today Uptane specifies one ECU key that is used to sign ECU manifest and also to send encrypted firmware to ECU. It might work fine for RSA, but e.g. with ED/EC crypthography we normally have ED keys for signatures and a separate pair of EC keys for encryption. It shoud be supported in uptane.
— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/uptane/uptane-standard/issues/3, or mute the thread https://github.com/notifications/unsubscribe-auth/ATe6O-Xl1htJKnvNGSri4hpIVAe7BE3jks5ufN5mgaJpZM4W8xDK .
JustinCappos
OYTIS
mnm678
Today Uptane specifies one ECU key that is used to sign ECU manifest and also to send encrypted firmware to ECU. It might work fine for RSA, but e.g. with ED/EC crypthography we normally have ED keys for signatures and a separate pair of EC keys for encryption. It shoud be supported in uptane.