11

It seems (to me at least) that is is generally accepted that "electronic identity" and "digital signatures" are a different thing. For example, in the Estonian ID card there are two certificates - one for identity, and one for signing.

They correspond to the real-world actions of "showing" your ID card to the authorities, and signing a document, respectively.

However, I don't understand why they have to be different. The same technology with the same infrastructure is/can be used for both. Why can't you use your digital signature for identifying yourself (or your e-identity key-pair to digitally sign a document).

In both cases you use your private key to sign something.

There are implications, of course, e.g. you may think someone is just verifying your identity, but in fact you may be signing a document that you don't want to sign. But one can offer you to sign a harmless document (e.g. "please sign this digital receipt" nonsense), but in fact you may be signing for a loan. People can be tricked via the user interface for digitally signing/identifying either way. (Related question: what are the ways to prevent that from happening?)

Is the distinction needed solely for protecting the owner, or there is a bigger factor for splitting a single technology solution into two?

Bozho
  • 1,173
  • 1
  • 10
  • 12
  • 1
    You may want to carry your identifying key around with you, so that you can identify yourself when required, but keep your signing key at home where it's more secure, since the consequences of losing it are more serious. But if both keys are stored in the same card, I guess that wouldn't apply here. – Mike Scott Jul 14 '15 at 19:23
  • besides, it's the correct PIN that enables both of them, so even if you lose it, if you don't also carry a sheet with your PIN, it doesn't matter. – Bozho Jul 14 '15 at 19:24
  • There are situations where you need to perform an authenticated action without exposing you identity. A prime example would be e-voting privacy - you need to identify yourself somehow in order to avoid voting multiple times, but you wouldn't want to publicly sign your vote with your actual identity for various reasons (I believe you already can think of at least several). – lanzz Jul 14 '15 at 19:57

2 Answers2

4

There are a few reasons for using different keys for signing and authentication:

  1. When using two keys, associated certificates can be issued from different CAs which allows web sites to only ask the user for the authentication certificate on login.

  2. The certificates can be issued with different key usage - the authentication one doesn't need non-repudiation, and the signature one doesn't need access to a ssl client.

  3. Usually the two keys are protected by different PINs with a different PIN policy. The authentication key has simple PIN policy - after an application authenticates with the PIN, the key can be used until the session is closed. On the other hand the signature key usually requires the PIN to be entered before any operation with the key.

I have never used Estonian eID, but on few different eIDs I have tested the keys are issued from different CAs, with different key usage flags and with different PIN policies as described in points 1 to 3.

Edit: Another reason to use different keys:

  1. A smart card could be configured to refuse key import for a signature slot and to allow it for an authentication slot, or it could support different crypto mechanisms for different slots...
Matt Slonetsky
  • 197
  • 4
Vasil Badev
  • 121
  • 2
1

A digital signature is a technological mechanism by which you can do several things, one of them being proving your identity to another entity: this is an authentication protocol.

Your identity is a property inherent to, say, yourself; the notion of "electronic identity" really means "something which designates your identity and is amenable to an authentication mechanism".

There can be authentication mechanisms which do not use signatures. Every time you type a password in a Web site, you are using such a mechanism: you "electronic identity" is then your registered account.

Conversely, there are uses of digital signatures that are not meant for authentication, but for non-repudiation: you not only prove your identity to somebody else, but you also give away a proof that could be validated afterwards by a third party who is not part of the initial protocol.

Thus, the two notions are quite distinct.

Unfortunately, it seems that some people live only to abuse terminology. A private key that you own and could use in various authentication protocols has been described, at times and by distinct people, as "digital identity", "electronic identity", "digital signature", "digital certificate", and myriads of other terms. A lot of confusion spreads from that.

In the case of the Estonian ID card, it is plausible that the two certificates, and really the two corresponding private keys, are kept separate as a somewhat blind and semi-maniacal application of the principle of "one use for each key".

Tom Leek
  • 170,038
  • 29
  • 342
  • 480
  • 1
    So I read that you are in support of the same key for signing as for Identity. Is there any need for each key to have different expiration dates, cryptography (algo/keylength), assurance by the notary, issuance or usage constraints, or anything else that would operationally or technically require (or prefer) two keys? – makerofthings7 Jul 14 '15 at 19:48
  • I am in support of the same key for two operations when (and exactly when) it makes no sense to have two separate keys. I know, however, that there are people who like to overdo things and insist on multiple keys even in cases where it does not make any good. – Tom Leek Jul 14 '15 at 20:08
  • And in this case, does it do any good? I think it's way simpler for "ordinary people" to use only one key, rather than figuring out how authentication differs from authorization and which PIN they should use in which case. – Bozho Jul 14 '15 at 20:39