Is using the same RSA key pair for both (signing and encryption) & (signing and encryption) a bad idea?

Question

Possible Duplicate:
Why should one not use the same asymmetric key for encryption as they do for signing?

I'm new to IT Security. I still can't figure out why using the same RSA key pair for both (signing and encryption) & (signing and encryption) is a bad idea?

Most people talk about why we should not use same key pair for signing and encryption, but what about signing and decryption?

Can you reread your question? Your sentences look a bit mangled. — CodesInChaos, May 13 '12 at 19:55
@CodeInChaos Yes, I wasn't sure what to make of those, so I left them as is for the OP — jonsca, May 14 '12 at 02:05

score 0 · Answer 1 · answered May 13 '12 at 18:52

There's no technical or cryptography-based reason why you wouldn't want to use the same key for both. The only reasons why are:

it limits the exposure of your keys -- i.e. you don't have to have the same key available to the people who perform what may be separate tasks
ancillary legal reasons -- there might be legal requirements around electronic signatures in your country
damage control in the case of compromise -- i.e. if your private key gets out, then the less that key is useful for the fewer problems it will cause

Is using the same RSA key pair for both (signing and encryption) & (signing and encryption) a bad idea?

1 Answers1