19

In the context of SSL/TLS certificates, what is the difference between key encipherment and data encipherment? What are some examples that highlights the difference?

Anders
  • 64,406
  • 24
  • 178
  • 215
joedotnot
  • 307
  • 1
  • 2
  • 5
  • I think for the confusion to end,you need adapt transparency way of distributing private keys to your customers than using PDF which is not accurately performing well with your clients. – Fred Buluku May 09 '18 at 02:54
  • 1
    This does not provide an answer to the question. Once you have sufficient [reputation](https://security.stackexchange.com/help/whats-reputation) you will be able to [comment on any post](https://security.stackexchange.com/help/privileges/comment); instead, [provide answers that don't require clarification from the asker](https://meta.stackexchange.com/questions/214173/why-do-i-need-50-reputation-to-comment-what-can-i-do-instead). - [From Review](/review/low-quality-posts/118983) – multithr3at3d May 09 '18 at 11:11

2 Answers2

25

Key encipherment means that the key in the certificate is used to encrypt another cryptographic key (which is not part of the application data). This is used within TLS in the RSA key exchange, where the pre-master secret (from which the symmetric encryption key is derived) is generated by the client, then encrypted with the servers public key and send to the server and decrypted there with the servers private key.

Data encipherment means that the key in the certificate is used to encrypt application data. This is not used in TLS. But certificates are not only used for TLS (for example also in S/MIME, VPN, signing of documents ...) so there might be use cases where this is needed.

Steffen Ullrich
  • 184,332
  • 29
  • 363
  • 424
  • Based on what you said. are my statements below true. 1) If i want to host a website with https on a server, buy a cert with Key Encipherment. 2) if i want to do message signing (i.e. payload signing such that it is not tampered with - but the payload itself is visible as clear text), buy a cert with Data Encipherment 3) If i want to use the same cert to do both 1) and 2), buy a cert with both Key Encipherment and Data Encipherment. 4) If i omit both usages when purchasing the cert, is it still usable to do 1) and 2) above ? – joedotnot May 07 '18 at 07:55
  • @joedotnot: 1) yes 2) signing is not encryption, i.e. you need key usage DigitalSignature. Apart from that you usually not buy a certificate with a specific key usage but a certificate for a specific purpose and the key usage is set by the issuer accordingly. – Steffen Ullrich May 07 '18 at 08:23
  • 1
    1) for HTTPS and any other SSL/TLS, up to 1.2 it is best, and for 1.3 it is required, to use 'forward secret' key-exchanges (DHE=Diffie-Hellman or ECDHE=Elliptic Curve DH _ephemeral_) which use the certificated key for signing and not either kind of encryption and thus requires digSign in KU. (And as Steffen says, you don't normally choose KU -- or EKU; the CA does based on its 'product line'.) – dave_thompson_085 Feb 26 '19 at 05:14
  • Reference https://ldapwiki.com/wiki/KeyEncipherment – MDMoore313 Nov 10 '20 at 18:24
0

Key encipherment is Use when a certificate will be used with a protocol that encrypts keys. An example is S/MIME enveloping, where a fast (symmetric) key is encrypted with the public key from the certificate. SSL protocol also performs key encipherment.

Data Encipherment is used when when the public key is used for encrypting user data, other than cryptographic keys.

Deepak K
  • 1