-sky switch Specifies the subject's key type, which must be signature, exchange, or an integer that represents a provider type. By default, you can pass 1 for an exchange key and 2 for a signature key.
If I understand this correctly, then signature and exchange are two key types? In what situations is each used?
thank you
That is correct, these are the two type of asymmetric keys (public/private keys). Asymmetric keys are generally used for two purposes, 1)encrypt session keys 2)creating a digital signature
When talking about the key type: Exchange = encrypt session keys Signature = create digital signature
Here is a link that has a good explanation. Asymmetric Keys
The answer is hidden in the very end of the article referenced in other answer.
TL;DR: There is no technical difference between Signature and Exchange keys.
It is just about the key storage. Typical user will have two different key pairs for two different purposes ("exchange" and "sign"). They will be stored in corresponding "slots" of the key store. And the key store can actually contain more key pairs, if needed.
There is a difference between SIGNATURE or EXCHANGE key types. Key type: Exchange - used for both signing and encryption Key type: Signature - used only for signing Unless otherwise advised, when you create your CSR, you would choose the key type Exchange.
I have the same question. I did not find any documentation about this but my guess is the options determine the intended usage of the key and the certificate, whether it is for signing or key exchange. In most situations we need a signature key.
