4.5 Novell Security Attributes Extension

The Novell Security Attributes extension is used to specify the cryptographic qualities of the key and the environment in which the key was generated. In addition, it can be used to identify the enterprise that the subject (of the X.509 certificate) belongs to. The Novell Security Attributes extension specific flags are optional flags that can be used to specify values to be encoded into the Novell Security Attributes extension. If no extension specific flags are set, the lowest cryptographic qualities are encoded. The Novell Security Attributes extension uses the general purpose extension structure as described in Section 5.2.1, General Purpose Extension Structure. For this release, value must not be present, and length should be set to 0.

This section contains the following topics:

4.5.1 Mutually Exclusive Flags

The mutually exclusive flags used in the Novell Security Attributes extension are defined below:

Value

Name

Description

0x00100

NOVELL_EXTENSION_SERVER_DEFAULT

Specifies that the key pair is for a server.

0x00200

NOVELL_EXTENSION_USER_DEFAULT

Specifies that the key pair is for a user.

0x00400

NOVELL_EXTENSION_ORGCA_DEFAULT

Specifies that the key pair is for the Organizational CA.

4.5.2 Additional Flags

An additional flag used in the Novell Security Attributes extension is defined below:

Value

Name

Description

0x10000

NOVELL_EXTENSION_EXTRACTABLE_KEY

Specifies that the private key can be extracted from the Novell International Cryptographic Infrastructure (NICI). Setting this flag reduces the cryptographic quality. This flag only applies to keys generated by Novell PKIS.

0x00200

NOVELL_EXTENSION_USER_DEFAULT

Specifies that the key pair is for a user.

0x00400

NOVELL_EXTENSION_ORGCA_DEFAULT

Specifies that the key pair is for the Organizational CA.