2.9.2.2 CA Exchange Certificate

The public key in the CA exchange certificate can be used to encrypt end entities' private keys when requests for new certificates are sent to the CA (see [MS-WCCE] section 3.1.1.4.3.6). The concerns for key length that were presented for the CA signing key also apply to this key. However, the lifetime of this private key might be shorter than the lifetime of the CA signing key. Also, this private key is not required to extend the validity of the certificates that the CA issues.

If this key is compromised, all of the certificates and private keys that were processed by using the key can no longer be trusted because an attacker who possesses the private key could intercept and decrypt the end entity's private key.

Key storage considerations are the same as for the CA signing key. These certificates can be revoked and not used by the CA if they are compromised.

Storage and transmission of the Exchange public key is important because an attacker might generate its own key pair and if it could substitute its public key for a CA's Exchange public key, the client might be induced to encrypt a private key by using that key for which the attacker has the private key.