Discuss this help topic in SecureBlackbox Forum

TElKeyUsageExtension is a descendant of TElCustomExtension class.

Description

     This extension defines the purpose (e.g., encipherment, signature, certificate signing) of the key contained in the certificate.

   The following paragraph is taken from RFC 2459 (Housley, et. al.), part 4.2.1.3:

    «The digitalSignature bit is asserted when the subject public key is used with a digital signature mechanism to support security services other than non-repudiation (bit 1), certificate signing (bit 5), or revocation information signing (bit 6). Digital signature mechanisms are often used for entity authentication and data origin authentication with integrity.

    The nonRepudiation bit is asserted when the subject public key is used to verify digital signatures used to provide a non- repudiation service which protects against the signing entity falsely denying some action, excluding certificate or CRL signing.

    The keyEncipherment bit is asserted when the subject public key is used for key transport. For example, when an RSA key is to be used for key management, then this bit shall asserted.

    The dataEncipherment bit is asserted when the subject public key is used for enciphering user data, other than cryptographic keys.

    The keyAgreement bit is asserted when the subject public key is used for key agreement. For example, when a Diffie-Hellman key is to be used for key management, then this bit shall asserted.

    The keyCertSign bit is asserted when the subject public key is used for verifying a signature on certificates. This bit may only be asserted in CA certificates.

    The cRLSign bit is asserted when the subject public key is used for verifying a signature on revocation information (e.g., a CRL).

    The meaning of the encipherOnly bit is undefined in the absence of the keyAgreement bit. When the encipherOnly bit is asserted and the keyAgreement bit is also set, the subject public key may be used only for enciphering data while performing key agreement.

    The meaning of the decipherOnly bit is undefined in the absence of the keyAgreement bit. When the decipherOnly bit is asserted and the keyAgreement bit is also set, the subject public key may be used only for deciphering data while performing key agreement.

    This profile does not restrict the combinations of bits that may be set in an instantiation of the keyUsage extension. However, appropriate values for keyUsage extensions for particular algorithms are specified in section 7.3.»

Properties

• CLRSign
• DataEncipherment
• DecipherOnly
• DigitalSignature
• EncipherOnly
• KeyAgreement
• KeyCertSign
• KeyEncipherment
• NonRepudiation

Inherited from TElCustomExtension

• Critical
• OID
• SaveDefaultASN1Tags
• Value

Declared in

.NET:

• Namespace: SBX509Ext
• Assembly: SecureBlackbox

VCL:

• Unit: SBX509Ext

Java:

• Package: SecureBlackbox.Base.jar

C++:

• sbx509ext.h

Discuss this help topic in SecureBlackbox Forum