Monday, 7 October 2013

KeyUsage 

KeyUsage ::= BIT STRING 
{
  digitalSignature   (0), -- verify signature of the certificate, entity authentication
  nonRepudiation     (1), -- recent editions of X.509 have
                          -- renamed this bit to contentCommitment
  keyEncipherment    (2), -- use to encrypt asymmetric private keys 
                          -- or symmetric keys for key transport
  dataEncipherment   (3), -- this will never be set, because keyAgreement is norm
  keyAgreement       (4), -- deriving Symmetric key from public key without encryption,
  keyCertSign        (5), -- for CA Certificates only
                          -- used to verify signatures of public key certificates
  cRLSign            (6),
  encipherOnly       (7), -- valid if keyAgreement is set, encrypts data while 
                          -- performing key management
  decipherOnly       (8)  -- valid if keyAgreement is set, decrypts data while  
                          -- performing key management
}
 

http://tools.ietf.org/html/rfc5280#page-29
http://publib.boulder.ibm.com/infocenter/domhelp/v8r0/index.jsp?topic=%2Fcom.ibm.help.domino.admin.doc%2FDOC%2FH_KEY_USAGE_EXTENSIONS_FOR_INTERNET_CERTIFICATES_1521_OVER.html
Posted by at No comments:
Labels: ,
Location: Bangalore, Karnataka, India
Subscribe to: Comments (Atom)