Strange Key Usage "nonRepudiation"

Hello

today i found some certificate in our Djigzo store with key usage =
nonRepudiation. I have grabed the matching root CA but this
certificate is still marked as invalid so the quetsion is if this is
because of the exclusive use of nonRepudiation and what this
certificate should be used for anyway??

Many Thanks

Andreas

Non-repudiation is a 'strong' form of signing which is normally used for
legal electronic signatures. This normally implies that the private key
is stored on an approved smart card en that the certificate is issued by
some highly trusted issuer. Sometimes, three certificates (and private
keys) are issued to one person. An encryption certificate, a signing
certificate and a non-repudiation certificate. With three certificates,
the signing certificate is typically used only for authentication
purposes and the non-repudiation for signing documents.

Djigzo does not make a distinction between a signing certificate and a
non-repudiation certificate. A certificate with signing and/or
non-repudiation key usage is acceptable for signing.

The reason why the certificate is invalid in your case is that the
certificate can only contains the non-repudiation key usage. The
certificate is therefore not valid for encryption. It should be valid
for signing if you would possess the private key.

Kind regards,

Martijn

···

On 01/-10/-28163 08:59 PM, lst_hoe02(a)kwsoft.de wrote:

Hello

today i found some certificate in our Djigzo store with key usage =
nonRepudiation. I have grabed the matching root CA but this certificate
is still marked as invalid so the quetsion is if this is because of the
exclusive use of nonRepudiation and what this certificate should be used
for anyway??

--
Djigzo open source email encryption

Zitat von Martijn Brinkers <martijn(a)djigzo.com>:

···

On 01/-10/-28163 08:59 PM, lst_hoe02(a)kwsoft.de wrote:

Hello

today i found some certificate in our Djigzo store with key usage =
nonRepudiation. I have grabed the matching root CA but this certificate
is still marked as invalid so the quetsion is if this is because of the
exclusive use of nonRepudiation and what this certificate should be used
for anyway??

Non-repudiation is a 'strong' form of signing which is normally used for
legal electronic signatures. This normally implies that the private key
is stored on an approved smart card en that the certificate is issued by
some highly trusted issuer. Sometimes, three certificates (and private
keys) are issued to one person. An encryption certificate, a signing
certificate and a non-repudiation certificate. With three certificates,
the signing certificate is typically used only for authentication
purposes and the non-repudiation for signing documents.

Djigzo does not make a distinction between a signing certificate and a
non-repudiation certificate. A certificate with signing and/or
non-repudiation key usage is acceptable for signing.

The reason why the certificate is invalid in your case is that the
certificate can only contains the non-repudiation key usage. The
certificate is therefore not valid for encryption. It should be valid
for signing if you would possess the private key.

Hm, okay so because of the "strong" intended usage the certificate is
actually of low usage value because it is "signing-only".

Regards

Andreas

Zitat von Martijn Brinkers <martijn(a)djigzo.com>:

Hello

today i found some certificate in our Djigzo store with key usage =
nonRepudiation. I have grabed the matching root CA but this certificate
is still marked as invalid so the quetsion is if this is because of the
exclusive use of nonRepudiation and what this certificate should be used
for anyway??

Non-repudiation is a 'strong' form of signing which is normally used for
legal electronic signatures. This normally implies that the private key
is stored on an approved smart card en that the certificate is issued by
some highly trusted issuer. Sometimes, three certificates (and private
keys) are issued to one person. An encryption certificate, a signing
certificate and a non-repudiation certificate. With three certificates,
the signing certificate is typically used only for authentication
purposes and the non-repudiation for signing documents.

Djigzo does not make a distinction between a signing certificate and a
non-repudiation certificate. A certificate with signing and/or
non-repudiation key usage is acceptable for signing.

The reason why the certificate is invalid in your case is that the
certificate can only contains the non-repudiation key usage. The
certificate is therefore not valid for encryption. It should be valid
for signing if you would possess the private key.

Hm, okay so because of the "strong" intended usage the certificate is
actually of low usage value because it is "signing-only".

Well yes and no :slight_smile:

The user of that certificate probably signed a message with his/her
non-repudiation certificate and the sender can therefore not deny having
send the message.

From you point of view, i.e., the admin of the gateway, yes the

certificate is kind of pointless. By default all certificates from
messages are extracted and stored in the certificate store. In this
case, the certificate could just as well have been skipped if that's
what you mean?

Kind regards,

Martijn

···

On 01/-10/-28163 08:59 PM, lst_hoe02(a)kwsoft.de wrote:

On 01/-10/-28163 08:59 PM, lst_hoe02(a)kwsoft.de wrote:

--
Djigzo open source email encryption

Zitat von Martijn Brinkers <martijn(a)djigzo.com>:

Zitat von Martijn Brinkers <martijn(a)djigzo.com>:

Hello

today i found some certificate in our Djigzo store with key usage =
nonRepudiation. I have grabed the matching root CA but this certificate
is still marked as invalid so the quetsion is if this is because of the
exclusive use of nonRepudiation and what this certificate should be used
for anyway??

Non-repudiation is a 'strong' form of signing which is normally used for
legal electronic signatures. This normally implies that the private key
is stored on an approved smart card en that the certificate is issued by
some highly trusted issuer. Sometimes, three certificates (and private
keys) are issued to one person. An encryption certificate, a signing
certificate and a non-repudiation certificate. With three certificates,
the signing certificate is typically used only for authentication
purposes and the non-repudiation for signing documents.

Djigzo does not make a distinction between a signing certificate and a
non-repudiation certificate. A certificate with signing and/or
non-repudiation key usage is acceptable for signing.

The reason why the certificate is invalid in your case is that the
certificate can only contains the non-repudiation key usage. The
certificate is therefore not valid for encryption. It should be valid
for signing if you would possess the private key.

Hm, okay so because of the "strong" intended usage the certificate is
actually of low usage value because it is "signing-only".

Well yes and no :slight_smile:

The user of that certificate probably signed a message with his/her
non-repudiation certificate and the sender can therefore not deny having
send the message.

From you point of view, i.e., the admin of the gateway, yes the
certificate is kind of pointless. By default all certificates from
messages are extracted and stored in the certificate store. In this
case, the certificate could just as well have been skipped if that's
what you mean?

Yes and no :wink:
The point is that such certificates are lawyer toys. Technical the
same as all others but limited by its usage and maybe useful in case
of go to court but only if you have a good lawyer...
I wonder why someone will pay for such certificates and why the usage
for encryption is denied anyway?

Regards

Andreas

···

On 01/-10/-28163 08:59 PM, lst_hoe02(a)kwsoft.de wrote:

On 01/-10/-28163 08:59 PM, lst_hoe02(a)kwsoft.de wrote:

Hi,

Not really related, but maybe it will clarify the point:
In Austria for example it is law, that a signed document is equally trustworthy like a hand-signed document, if the signature was created by an qualified-certificate (in short, a certificate on a SmartCard, which was signed by the Austrian government). If I sign a contract with my SmartCard, the signature itself cannot be disputed by any layer.

Kind Regard,
Manuel Faux

···

-----Original Message-----
From: users-bounces(a)lists.djigzo.com [mailto:users-bounces(a)lists.djigzo.com] On Behalf Of lst_hoe02(a)kwsoft.de
Sent: Friday, February 25, 2011 10:59 AM
To: users(a)lists.djigzo.com
Subject: Re: Strange Key Usage "nonRepudiation"

Zitat von Martijn Brinkers <martijn(a)djigzo.com>:

On 01/-10/-28163 08:59 PM, lst_hoe02(a)kwsoft.de wrote:

Zitat von Martijn Brinkers <martijn(a)djigzo.com>:

On 01/-10/-28163 08:59 PM, lst_hoe02(a)kwsoft.de wrote:

Hello

today i found some certificate in our Djigzo store with key usage =
nonRepudiation. I have grabed the matching root CA but this
certificate is still marked as invalid so the quetsion is if this
is because of the exclusive use of nonRepudiation and what this
certificate should be used for anyway??

Non-repudiation is a 'strong' form of signing which is normally used
for legal electronic signatures. This normally implies that the
private key is stored on an approved smart card en that the
certificate is issued by some highly trusted issuer. Sometimes,
three certificates (and private
keys) are issued to one person. An encryption certificate, a signing
certificate and a non-repudiation certificate. With three
certificates, the signing certificate is typically used only for
authentication purposes and the non-repudiation for signing documents.

Djigzo does not make a distinction between a signing certificate and
a non-repudiation certificate. A certificate with signing and/or
non-repudiation key usage is acceptable for signing.

The reason why the certificate is invalid in your case is that the
certificate can only contains the non-repudiation key usage. The
certificate is therefore not valid for encryption. It should be
valid for signing if you would possess the private key.

Hm, okay so because of the "strong" intended usage the certificate is
actually of low usage value because it is "signing-only".

Well yes and no :slight_smile:

The user of that certificate probably signed a message with his/her
non-repudiation certificate and the sender can therefore not deny
having send the message.

From you point of view, i.e., the admin of the gateway, yes the
certificate is kind of pointless. By default all certificates from
messages are extracted and stored in the certificate store. In this
case, the certificate could just as well have been skipped if that's
what you mean?

Yes and no :wink:
The point is that such certificates are lawyer toys. Technical the same as all others but limited by its usage and maybe useful in case of go to court but only if you have a good lawyer...
I wonder why someone will pay for such certificates and why the usage for encryption is denied anyway?

Regards

Andreas

Zitat von Manuel Faux <Manuel.Faux(a)securesolutions.at>:

Hi,

Not really related, but maybe it will clarify the point:
In Austria for example it is law, that a signed document is equally
trustworthy like a hand-signed document, if the signature was
created by an qualified-certificate (in short, a certificate on a
SmartCard, which was signed by the Austrian government). If I sign a
contract with my SmartCard, the signature itself cannot be disputed
by any layer.

The same will maybe happen in germany too. But the question is why the
certificates are limited to signing? Is there any security drawback
in allowing encryption? For me it only looks like the opportunity to
sell *two* certificates to the same person.

Regards

Andreas

The concept behind this is, that it is said, if one key is compromised, only a part of the whole "system" is affected. If someone compromises your signing-key hi is still unable to decrypt your mails.
IPsec for example also has different key material for signing and different key material for encrypting packets. This is a security engineers philosophy. As far I remember this was a criticized point of WEP weaknesses, WEP uses the same cryptographic material for signing and encryption.

I do not think the point behind this is to sell more certificates. If this principle is used, normally both certificates are issued the same time.

Kind Regards,
Manuel Faux

···

-----Original Message-----
From: users-bounces(a)lists.djigzo.com [mailto:users-bounces(a)lists.djigzo.com] On Behalf Of lst_hoe02(a)kwsoft.de
Sent: Friday, February 25, 2011 11:49 AM
To: users(a)lists.djigzo.com
Subject: Re: Strange Key Usage "nonRepudiation"

Zitat von Manuel Faux <Manuel.Faux(a)securesolutions.at>:

Hi,

Not really related, but maybe it will clarify the point:
In Austria for example it is law, that a signed document is equally
trustworthy like a hand-signed document, if the signature was created
by an qualified-certificate (in short, a certificate on a SmartCard,
which was signed by the Austrian government). If I sign a contract
with my SmartCard, the signature itself cannot be disputed by any
layer.

The same will maybe happen in germany too. But the question is why the certificates are limited to signing? Is there any security drawback in allowing encryption? For me it only looks like the opportunity to sell *two* certificates to the same person.

Regards

Andreas

Zitat von Manuel Faux <Manuel.Faux(a)securesolutions.at>:

The concept behind this is, that it is said, if one key is
compromised, only a part of the whole "system" is affected. If
someone compromises your signing-key hi is still unable to decrypt
your mails.
IPsec for example also has different key material for signing and
different key material for encrypting packets. This is a security
engineers philosophy. As far I remember this was a criticized point
of WEP weaknesses, WEP uses the same cryptographic material for
signing and encryption.

I do not think the point behind this is to sell more certificates.
If this principle is used, normally both certificates are issued the
same time.

The key splitting only makes sense if
- they are not stored at the same point
- they might have different strenght eg. password protection and the like
- they are at least typically not used at the same time

For IPSEC this is true because the ciphers used for signing and
encryption differ with potential weakness at one of them. With S/MIME
at least as far as i understand this is not true because the key is
not used directly in encryption so even choosing a waek cpiher will
not lead to key compromise.
So it looks like complicating a already hard to use system in favour
of theoretical advanced security?

It is my impression that such things lead not to improved security but
to non-usage of security.

But as always YMMV

Regards

Andreas