KeyUsage

Specifies the key usages set in the key usage extension of the certificate.

The following list specifies what KEY USAGES you can enter when creating certificate + keypairs for programs like OpenSSL and Microsoft's certreq command.

OpenSSL Value

Certreq Value

Description

digitalSignature

CERT_DIGITAL_SIGNATURE_KEY_USAGE

nonRepudiation

CERT_NON_REPUDIATION_KEY_USAGE

keyEncipherment

CERT_DATA_ENCIPHERMENT_KEY_USAGE

dataEncipherment

CERT_DATA_ENCIPHERMENT_KEY_USAGE

keyAgreement

CERT_KEY_AGREEMENT_KEY_USAGE

keyCertSign

CERT_KEY_CERT_SIGN_KEY_USAGE

cRLSign

CERT_OFFLINE_CRL_SIGN_KEY_USAGE CERT_CRL_SIGN_KEY_USAGE

encipherOnly

CERT_ENCIPHER_ONLY_KEY_USAGE

decipherOnly

CERT_DECIPHER_ONLY_KEY_USAGE

❊ Notes

To supply multiple key usages for Microsoft's certreq inf file, you must seperate them using the pipe | character.

KeyUsage = "CERT_DIGITAL_SIGNATURE_KEY_USAGE | CERT_KEY_ENCIPHERMENT_KEY_USAGE"

❊ Examples

piv_name_9c.cnf

keyUsage=critical,digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment, keyAgreement, keyCertSign, cRLSign

bitlocker-certificate.txt

KeyUsage = "CERT_KEY_ENCIPHERMENT_KEY_USAGE"

PreviousUsage Types NextKeyUsageProperty

Last updated 2 years ago

Was this helpful?

KeyUsage

Specifies the key usages set in the key usage extension of the certificate.

The following list specifies what KEY USAGES you can enter when creating certificate + keypairs for programs like OpenSSL and Microsoft's certreq command.

OpenSSL Value

Certreq Value

Description

digitalSignature

CERT_DIGITAL_SIGNATURE_KEY_USAGE

To add a

nonRepudiation

CERT_NON_REPUDIATION_KEY_USAGE

- the message cannot be denied from having been sent

keyEncipherment

CERT_DATA_ENCIPHERMENT_KEY_USAGE

To a

dataEncipherment

CERT_DATA_ENCIPHERMENT_KEY_USAGE

To data

keyAgreement

CERT_KEY_AGREEMENT_KEY_USAGE

For

keyCertSign

CERT_KEY_CERT_SIGN_KEY_USAGE

cRLSign

CERT_OFFLINE_CRL_SIGN_KEY_USAGE CERT_CRL_SIGN_KEY_USAGE

To a

encipherOnly

CERT_ENCIPHER_ONLY_KEY_USAGE

To only

decipherOnly

CERT_DECIPHER_ONLY_KEY_USAGE

To only

❊ Notes

To supply multiple key usages for Microsoft's certreq inf file, you must seperate them using the pipe | character.

KeyUsage = "CERT_DIGITAL_SIGNATURE_KEY_USAGE | CERT_KEY_ENCIPHERMENT_KEY_USAGE"

❊ Examples

piv_name_9c.cnf

keyUsage=critical,digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment, keyAgreement, keyCertSign, cRLSign

bitlocker-certificate.txt

KeyUsage = "CERT_KEY_ENCIPHERMENT_KEY_USAGE"

PreviousUsage Types NextKeyUsageProperty

Last updated 2 years ago

Was this helpful?