4.4 Key Usage Extension

The X.509 key usage extension is used to specify how a key is used. When an application goes through the verification process, it normally checks that the key is only being used for an intended purpose. The key usage extension uses the general purpose extension structure General Purpose Extension Structure. No additional flags are defined for this extension. value must be one nuint16 where each bit is a key usage. Any combination of key usages may be used, but not all are appropriate combinations or are appropriate for all types of keys. The following key usages are defined:

Value

Name

Description

0x8000

X509_KEY_USAGE_DIGITAL_SIGNATURE

Designate that the key is used to create digital signatures.

0x4000

X509_KEY_USAGE_NON_REPUDIATION

Designate that the key will be used for non-repudiation. This type of key usually has legal ramifications.

0x2000

X509_KEY_USAGE_KEY_ENCIPHERMENT

Designates that the key will be used to encrypt other keys.

0x1000

X509_KEY_USAGE_DATA_ENCIPHERMENT

Designates that the key will be used to directly encrypt data.

0x0800

X509_KEY_USAGE_KEY_AGREEMENT

Not valid for RSA keys.

0x0400

X509_KEY_USAGE_KEY_CERT_SIGN

Designates that the key will be used to sign certificates.

0x0200

X509_KEY_USAGE_CRL_SIGN

Designates that the key will be used to sign CRLs.

0x0100

X509_KEY_USAGE_ENCIPHER_ONLY

Not valid for RSA keys.

0x0080

X509_KEY_USAGE_DECIPHER_ONLY

Not valid for RSA keys.