🟣KeyUsage

Specifies the key usages set in the key usage extension of the certificate.

The following list specifies what KEY USAGES you can enter when creating certificate + keypairs for programs like OpenSSL and Microsoft's certreq command.

OpenSSL Value	Certreq Value	Description
digitalSignature	CERT_DIGITAL_SIGNATURE_KEY_USAGE	To add a signature to a message
nonRepudiation	CERT_NON_REPUDIATION_KEY_USAGE	non-repudation - the message cannot be denied from having been sent
keyEncipherment	CERT_DATA_ENCIPHERMENT_KEY_USAGE	To encrypt a key
dataEncipherment	CERT_DATA_ENCIPHERMENT_KEY_USAGE	To encrypt data
keyAgreement	CERT_KEY_AGREEMENT_KEY_USAGE	For key exchange
keyCertSign	CERT_KEY_CERT_SIGN_KEY_USAGE	To sign a certificate
cRLSign	CERT_OFFLINE_CRL_SIGN_KEY_USAGE CERT_CRL_SIGN_KEY_USAGE	To sign a certificate revocation list (crl)
encipherOnly	CERT_ENCIPHER_ONLY_KEY_USAGE	To only encrypt
decipherOnly	CERT_DECIPHER_ONLY_KEY_USAGE	To only decrypt

❊ Notes

To supply multiple key usages for Microsoft's certreq inf file, you must seperate them using the pipe | character.

KeyUsage = "CERT_DIGITAL_SIGNATURE_KEY_USAGE | CERT_KEY_ENCIPHERMENT_KEY_USAGE"

❊ Examples

OpenSSL

piv_name_9c.cnf

keyUsage=critical,digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment, keyAgreement, keyCertSign, cRLSign

Microsoft certreq

bitlocker-certificate.txt

KeyUsage = "CERT_KEY_ENCIPHERMENT_KEY_USAGE"