0

What's the required key usage/extended key usage for signing documents, eg.PDF, Word, PowerPoint, Excel, etc...

I am going to create a self-signed certificate that is needed to sign those documents. I wonder which key usage is required as there are many types that I can choose.

Note: I just need a self-signed certificate, not from trusted CAs.

CHOO YJ
  • 103
  • 4
  • Please be aware that accepted and required values may not only depend on _technical definitions_ of options but also on _profiles_ established by _norms_ and _legal contexts_. Thus, also consider norms and laws applicable in the context of your signatures to be. – mkl Jul 02 '21 at 16:14

2 Answers2

1

You can use Microsoft proprietary Document Signing EKU: https://www.alvestrand.no/objectid/1.3.6.1.4.1.311.3.10.3.12.html. For key usage you can use digitalSignature and optionally nonRepudiation.

Note: I just need a self-signed certificate, not from trusted CAs.

what is the point? The trust to your self-signed certificate must be established on every system where signature will be validated.

Crypt32
  • 5,750
  • 12
  • 24
  • I'll just use a free Let's Encrypt certificate to sign documents as it is trusted and there is a digitalSignature usage there. – CHOO YJ Jul 01 '21 at 07:19
  • I'm afraid, but Let's Encrypt doesn't offer code/document signing certificates. You can't use these certificates for document signing, you will have to use another (possibly) paid CA service. – Crypt32 Jul 01 '21 at 07:21
1

You can use keyusage as "digitalSignature" only to create self-signed signing certificate for signing documents.

Additionally, you can add the following:

  1. keyUsage

    • nonRepudiation (Good to have, since CA add this in document signing certificate)

  2. extendedKeyUsage/EnhancedKeyUsage:

    • 1.3.6.1.4.1.311.3.10.3.12 (Microsoft Document Signing)
    • 1.2.840.113583.1.1.5 (Adobe Authentic Documents Trust)

For more information, you can refer below URL:

https://www.globalsign.com/en/repository/GlobalSign_DocumentSign_for_Adobe_CDS_CPS_v1.3.pdf

saurabh
  • 723
  • 1
  • 4
  • 12