Difference between keys for EC KeyAgreement and Signing

Why does Cryptokit distinguish between private EC keys used for signing and key agreement? I noticed you can transform those keys into each other but for what purpose are they different? After all its an BigInt in both cases.

Replies

CryptoKit uses strong types to prevent common mistakes that result in security vulnerabilities. So, when you create or import a key you declare up front what operations you plan to do with that key. That information flows through the type system, preventing you from making mistakes.

For an example of this sort of thing, consider the legacy SecKey API. SecKeyCreateSignature takes SecKey and SecKeyAlgorithm parameters and has doc comments to the effect that the key must be a private key and the algorithm must be appropriate for that key. In CryptoKit, the compiler checks that for you.

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"