Key usage extensions define the purpose of the public keycontained in a certificate. You can use them to restrict the publickey to as few or as many operations as needed. For example, if youhave a key used only for signing or verifying a signature, enablethe digital signature and/or non-repudiation extensions. Alternatively,if a key is used only for key management, enable key encipherment.
Keyusage extensions
The following table describes the keyusage extensions available for certificates created using the CA process.
Note: The digital signature and data encipherment key usageextensions are enabled by default for all Internet certificates.
Key usage extension | Description |
---|---|
Digital signature | Use when the public key is used with a digitalsignature mechanism to support security services other than non-repudiation,certificate signing, or CRL signing. A digital signature is oftenused for entity authentication and data origin authentication withintegrity. |
Non-repudiation | Use when the public key is used to verify digitalsignatures used to provide a non-repudiation service. Non-repudiationprotects against the signing entity falsely denying some action (excludingcertificate or CRL signing). |
Key encipherment | Use when a certificate will be used with aprotocol that encrypts keys. An example is S/MIME enveloping, wherea fast (symmetric) key is encrypted with the public key from the certificate.SSL protocol also performs key encipherment. |
Data encipherment | Use when the public key is used for encryptinguser data, other than cryptographic keys. |
Key agreement | Use when the sender and receiver of the publickey need to derive the key without using encryption. This key canthen can be used to encrypt messages between the sender and receiver.Key agreement is typically used with Diffie-Hellman ciphers. |
Certificate signing | Use when the subject public key is used toverify a signature on certificates. This extension can be used onlyin CA certificates. |
CRL signing | Use when the subject public key is to verifya signature on revocation information, such as a CRL. |
Encipher only | Use only when key agreement is also enabled.This enables the public key to be used only for enciphering data whileperforming key agreement. |
Decipher only | Use only when key agreement is also enabled.This enables the public key to be used only for deciphering data whileperforming key agreement. |
Extendedkey usage
Extended key usage further refines key usageextensions. An extended key is either critical or non-critical. Ifthe extension is critical, the certificate must be used onlyfor the indicated purpose or purposes. If the certificate is usedfor another purpose, it is in violation of the CA's policy.
Ifthe extension is non-critical, it indicates the intended purpose orpurposes of the key and may be used in finding the correct key/certificateof an entity that has multiple keys/certificates. The extension isthen only an informational field and does not imply that the CA restrictsuse of the key to the purpose indicated. Nevertheless, applicationsthat use certificates may require that a particular purpose be indicatedin order for the certificate to be acceptable.
If a certificatecontains both a critical key usage field and a critical extended keyusage field, both fields must be processed independently, andthe certificate be used only for a purpose consistent with both fields.If there is no purpose consistent with both fields, the certificatemust not be used for any purpose.
Extended key | Enable for these key usage extensions |
---|---|
TLS Web server authentication | Digital signature, key encipherment or keyagreement |
TLS Web client authentication | Digital signature and/or key agreement |
Sign (downloadable) executable code | Digital signature |
Email protection | Digital signature, non-repudiation, and/orkey encipherment or key agreement |
IPSEC End System (host or router) | Digital signature and/or key encipherment orkey agreement |
IPSEC Tunnel | Digital signature and/or key encipherment orkey agreement |
IPSEC User | Digital signature and/or key encipherment orkey agreement |
Timestamping | Digital signature, non-repudiation. |
Application | Required key usage extensions |
---|---|
SSL Client | Digital signature |
SSL Server | Key encipherment |
S/MIME Signing | Digital signature |
S/MIME Encryption | Key encipherment |
Certificate Signing | Certificate signing |
Object Signing | Digital signature |