Quiz Entry - updated: 2026.05.31
Why should you never use the same key pair for both encryption and signing?
Mixing the two roles lets an attacker abuse one operation to undermine the other — so best practice is separate key pairs for separate purposes.
Even though RSA can do both, reusing one key pair is dangerous because:
- The two uses have different lifecycles and policies (e.g. you may want to escrow/backup an encryption key for data recovery, but a signing key must never be copied or its non-repudiation is destroyed).
- Certain protocol interactions let an attacker present a chosen value to be "decrypted" or "signed" and use the result to attack the other function (chosen-ciphertext / chosen-message style abuse).
Tip: One key, one job. This is also why X.509 certificates carry a keyUsage field — it explicitly states whether a key is for digitalSignature, keyEncipherment, etc.