Netscape MANAGEMENT SYSTEM 4.5 - PLUG-IN Manual page 351

Certificate uses and corresponding Key Usage bits (Continued)
Table C-4
Purpose of certificate
S/MIME Encryption
Certificate Signing
Object Signing
If the extension is present and is marked critical, then it will be used to
keyUsage
enforce the usage of the certificate and key. The extension is used to limit the usage
of a key; if the extension is not present or not critical, all types of usage are allowed.
If the extension is present (critical or not), it is used to select from
keyUsage
multiple certificates for a given operation. For example, it is used to distinguish
separate signing and encryption certificates for users who have separate certificates
and key pairs for these operations.
CMS Version Support
Refer to "KeyUsageExt Plug-in Module" on page 187.
• CMS 4.1: Supported
• CMS 4.2: Supported
• CMS 4.2-SP2: Supported
Netscape Recommendation
Netscape recommends this extension for all certificates if their intended purpose or
purposes are known. Netscape requires this extension for all dual-key signing
certificates.
Microsoft Recommendation
Microsoft recommends this extension for all certificates if their intended purpose
or purposes are known. If the extension is absent, Microsoft products will assume
the certificate is valid for all usages. If the extension is present, Microsoft products
will interpret the extension in the same way whether marked critical or not. If the
extension is present, the actual usage must conform to the specified usage.
The only Microsoft application that currently enforces this extension is Microsoft
Outlook.
Standard X.509 v3 Certificate Extensions
Required Key Usage bit
keyEncipherment
keyCertSign
digitalSignature
Appendix C Certificate and CRL Extensions 351