🟣KeySpec

Specifies whether the private key associated with the new certificate can be used for signing, encryption, or both.

Determines if the key can be used for signatures, for Exchange (encryption), or for both.

These values are only used for Microsoft's Certreq command:

Value	Description
AT_NONE	Indicates that this cmdlet uses the default value from the underlying CSP.
AT_SIGNATURE	Can be used for signing.
AT_KEYEXCHANGE	Can be used for signing and encryption.

❊ Notes

If unsure, use AT_KEYEXCHANGE.

KeySpec = "AT_KEYEXCHANGE"