KeyUsage Extension The KeyUsage extension defines the following variables, which correlate directly
KeyUsage Extension
原文網(wǎng)址:http://pic.dhe.ibm.com/infocenter/seas/v2r4m1/index.jsp?topic=%2Fcom.ibm.help.seasimplementationguide.doc%2FSEAS_KeyUsage_Extension.htmlThe KeyUsage extension defines the following variables, which correlate directly to the bit fields defined in RFC 3280 for the extension:
- digitalSignature
- nonRepudiation
- keyEncipherment
- dataEncipherment
- keyAgreement
- keyCertSign
- cRLSign
- encipherOnly
- decipherOnly
Because the KeyUsage extension is a common area for problems with interoperability, the default formulas for KeyUsage specify a minimal set of rules that demonstrate the mechanics of the feature:
- Client-KeyUsage: !({encipherOnly} && {decipherOnly})
- Server-KeyUsage: !({encipherOnly} && {decipherOnly})
- CA-KeyUsage: !({encipherOnly} && {decipherOnly}) && {keyCertSign}
The first two rules state that it is not legal to set both the encipherOnly and decipherOnly bits in the same certificate. The third rule adds that CA certificates must include the keyCertSign bit. Replace or modify the expressions to implement an application-specific policy for the key usage setting.
Parent topic:?X.509 Extensions總結(jié)
以上是生活随笔為你收集整理的KeyUsage Extension The KeyUsage extension defines the following variables, which correlate directly的全部內(nèi)容,希望文章能夠幫你解決所遇到的問題。
- 上一篇: Key usage extensions
- 下一篇: Shouldn't CSRs autom