Standard X.509 v3 Certificate Extensions
Appendix
C
Certificate and CRL Extensions
349
•
encipherOnly
(
7
) if the public key is to be used only for enciphering data. If
this bit is set,
keyAgreement
should also be set.
•
decipherOnly
(
8
) if the public key is to be used only for deciphering data. If
this bit is set,
keyAgreement
should also be set.
Table C-4 summarizes the above guidelines for typical certificate uses.
If the
keyUsage
extension is present and is marked critical, then it will be used to
enforce the usage of the certificate and key. The extension is used to limit the usage
of a key; if the extension is not present or not critical, all types of usage are allowed.
If the
keyUsage
extension is present (critical or not), it is used to select from
multiple certificates for a given operation. For example, it is used to distinguish
separate signing and encryption certificates for users who have separate certificates
and key pairs for these operations.
CMS Version Support
Refer to “KeyUsageExt Plug-in Module” on page 186.
•
CMS 4.1
: Supported
•
CMS 4.2
: Supported
•
CMS 4.2-SP2
: Supported
•
CMS 4.5
: Supported
•
CMS 6.0
: Supported
Table C-4
Certificate uses and corresponding Key Usage bits
Purpose of certificate
Required Key Usage bit
CA Signing
keyCertSign
cRLSign
SSL Client
digitalSignature
SSL Server
keyEncipherment
S/MIME Signing
digitalSignature
S/MIME Encryption
keyEncipherment
Certificate Signing
keyCertSign
Object Signing
digitalSignature
Summary of Contents for Certificate Management System 6.0
Page 1: ...Plug Ins Guide Netscape Certificate Management System Version6 0 March 2002...
Page 10: ...10 Netscape Certificate Management System Plug Ins Guide March 2002...
Page 62: ...Enrollment Forms 62 Netscape Certificate Management System Plug Ins Guide March 2002...
Page 308: ...NTEventLog Plug in Module 308 Netscape Certificate Management System Plug Ins Guide March 2002...