On 22 April 2017 at 00:31, John Levine <johnl@xxxxxxxxx> wrote: >>> If a recipient is cooperative, and sends you back a message signed >>> with the same key to which you encrypted the message, that tells you >>> he got it, but that's not a very interesting case. >> >>It's also abuse of the cryptographic primitives, I hope that this >>isn't really how it works and you are eliding certain key details. > > It doesn't use the same session key, it uses the same public key. It's > not obvious to me why that would be wrong. https://tools.ietf.org/html/rfc8017#section-6 If you are using ECDSA/ECDH, then you can also commit the same abuses. Historically, keys were saved with an "EC" type, and can be used for either interchangeably (the library I work on commits this sin). In the case of EC, there isn't a known path from use of ECDSA to abuse of ECDH and vice versa, but it isn't known to be safe either. This is much harder, if not possible with the X25519/Ed25519 pair, because no library will support you in this.