🟣KeyUsage

Specifies the key usages set in the key usage extension of the certificate.

The following list specifies what KEY USAGES you can enter when creating certificate + keypairs for programs like OpenSSL and Microsoft's certreq command.

OpenSSL Value
Certreq Value
Description

digitalSignature

CERT_DIGITAL_SIGNATURE_KEY_USAGE

nonRepudiation

CERT_NON_REPUDIATION_KEY_USAGE

keyEncipherment

CERT_DATA_ENCIPHERMENT_KEY_USAGE

dataEncipherment

CERT_DATA_ENCIPHERMENT_KEY_USAGE

keyAgreement

CERT_KEY_AGREEMENT_KEY_USAGE

keyCertSign

CERT_KEY_CERT_SIGN_KEY_USAGE

cRLSign

CERT_OFFLINE_CRL_SIGN_KEY_USAGE CERT_CRL_SIGN_KEY_USAGE

encipherOnly

CERT_ENCIPHER_ONLY_KEY_USAGE

decipherOnly

CERT_DECIPHER_ONLY_KEY_USAGE

❊ Notes

To supply multiple key usages for Microsoft's certreq inf file, you must seperate them using the pipe | character.

KeyUsage = "CERT_DIGITAL_SIGNATURE_KEY_USAGE | CERT_KEY_ENCIPHERMENT_KEY_USAGE"

❊ Examples

piv_name_9c.cnf
keyUsage=critical,digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment, keyAgreement, keyCertSign, cRLSign

Last updated