Netscape MANAGEMENT SYSTEM 6.0 - PLUG-IN Manual page 349

• (
encipherOnly 7
this bit is set,
keyAgreement
• (
decipherOnly 8
this bit is set,
keyAgreement
Table C-4 summarizes the above guidelines for typical certificate uses.
Certificate uses and corresponding Key Usage bits
Table C-4
Purpose of certificate
CA Signing
SSL Client
SSL Server
S/MIME Signing
S/MIME Encryption
Certificate Signing
Object Signing
If the extension is present and is marked critical, then it will be used to
keyUsage
enforce the usage of the certificate and key. The extension is used to limit the usage
of a key; if the extension is not present or not critical, all types of usage are allowed.
If the extension is present (critical or not), it is used to select from
keyUsage
multiple certificates for a given operation. For example, it is used to distinguish
separate signing and encryption certificates for users who have separate certificates
and key pairs for these operations.
CMS Version Support
Refer to "KeyUsageExt Plug-in Module" on page 186.
• CMS 4.1: Supported
• CMS 4.2: Supported
• CMS 4.2-SP2: Supported
• CMS 4.5: Supported
• CMS 6.0: Supported
) if the public key is to be used only for enciphering data. If
should also be set.
) if the public key is to be used only for deciphering data. If
should also be set.
Required Key Usage bit
keyCertSign
cRLSign
digitalSignature
keyEncipherment
digitalSignature
keyEncipherment
keyCertSign
digitalSignature
Standard X.509 v3 Certificate Extensions
Appendix C Certificate and CRL Extensions 349