🟣KeyUsage

Specifies the key usages set in the key usage extension of the certificate.

The following list specifies what KEY USAGES you can enter when creating certificate + keypairs for programs like OpenSSL and Microsoft's certreq command.

OpenSSL Value

Certreq Value

Description

digitalSignature

CERT_DIGITAL_SIGNATURE_KEY_USAGE

To add a signature to a message

nonRepudiation

CERT_NON_REPUDIATION_KEY_USAGE

non-repudation - the message cannot be denied from having been sent

keyEncipherment

CERT_DATA_ENCIPHERMENT_KEY_USAGE

To encrypt a key

dataEncipherment

CERT_DATA_ENCIPHERMENT_KEY_USAGE

To encrypt data

keyAgreement

CERT_KEY_AGREEMENT_KEY_USAGE

For key exchange

keyCertSign

CERT_KEY_CERT_SIGN_KEY_USAGE

To sign a certificate

cRLSign

CERT_OFFLINE_CRL_SIGN_KEY_USAGE CERT_CRL_SIGN_KEY_USAGE

To sign a certificate revocation list (crl)

encipherOnly

CERT_ENCIPHER_ONLY_KEY_USAGE

To only encrypt

decipherOnly

CERT_DECIPHER_ONLY_KEY_USAGE

To only decrypt

❊ Notes

To supply multiple key usages for Microsoft's certreq inf file, you must seperate them using the pipe | character.

KeyUsage = "CERT_DIGITAL_SIGNATURE_KEY_USAGE | CERT_KEY_ENCIPHERMENT_KEY_USAGE"

❊ Examples

piv_name_9c.cnf

keyUsage=critical,digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment, keyAgreement, keyCertSign, cRLSign

bitlocker-certificate.txt

KeyUsage = "CERT_KEY_ENCIPHERMENT_KEY_USAGE"

PreviousUsage Types NextKeyUsageProperty

Last updated 2 years ago

Was this helpful?