As we all know, digital certificates include signature certificates and encryption certificates. signature certificates are used for signature and verification. Encryption certificates are used for encryption and decryption. I don't understand why I need to use Dual certificates, so I searched for relevant information. The following article is about the purpose of Dual-certificate.
"Two certificates are used in PKI, that is, two keys. Two keys refer to the signature key pair and the encryption key pair. In essence, both key pairs are asymmetric key pairs. Therefore, they can be used for asymmetric encryption and decryption. Why do I need a dual-key pair? This must begin with the usage of the two keys.
Signature key pairs are used for Data Integrity Detection to ensure anti-counterfeiting and anti-repudiation. The loss of the signature private key does not affect the verification of previous signature data. Therefore, the signature private key does not need to be backed up, therefore, the signature key does not need to be managed by a third party and is generated by the owner. The encryption key pair is used for data encryption protection. If the encryption key is lost, previously encrypted data cannot be decrypted, which is unacceptable in actual applications. The encrypted private key should be backed up by a trusted third party (CA, to ensure the availability of the encrypted data. Therefore, the encrypted key pair can be generated by a third party and backed up.
Because the use and management of the signature key and the encryption key are different, the rationality and inevitability of the use of the two certificates are determined ."
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
