Menu
-sky switch Specifies the subject's key type, which must be signature, exchange, or an integer that represents a provider type. By default, you can pass 1 for an exchange key and 2 for a signature key.
If I understand this correctly, then signature and exchange are two key types? In what situations is each used?
thank you
717
MakeCert (Makecert.exe) is a command-line CryptoAPI tool that creates an X. 509 certificate that is signed by a system test root key or by another specified key. The certificate binds a certificate name to the public part of the key pair. The certificate is saved to a file, a system certificate store, or both.
AD FS does not require that certificates be issued by a CA. However, the SSL certificate (the certificate that is also used by default as the service communications certificate) must be trusted by the AD FS clients. We recommend that you not use self-signed certificates for these certificate types.
In 95% of ADFS deployments, it will require three certificates to be properly installed: SSL certificate. Token Signing Certificate. Token “Decryption” Certificate.
That is correct, these are the two type of asymmetric keys (public/private keys). Asymmetric keys are generally used for two purposes, 1)encrypt session keys 2)creating a digital signature
When talking about the key type: Exchange = encrypt session keys Signature = create digital signature
Here is a link that has a good explanation. Asymmetric Keys
191
The answer is hidden in the very end of the article referenced in other answer.
TL;DR: There is no technical difference between Signature and Exchange keys.
It is just about the key storage. Typical user will have two different key pairs for two different purposes ("exchange" and "sign"). They will be stored in corresponding "slots" of the key store. And the key store can actually contain more key pairs, if needed.
40
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
