0

I understand how Key Usage Extension of x.509 certificate works. I have gone through the Key Usage section of RFC5280 and I know of all the valid values and what they mean.

But what I don't understand is the usage; Why it was deem necessary to add Key Usage extension to x.509 certificate? Is it solving any problem or is it used to prevent some obscure attack?

thanks

trekcampy
  • 1
  • welcome - i think you're asking about why it's deemed necessary to include the intended usage of the key in the certificate - can you please clarify? – brynk Jul 11 '22 at 20:34

1 Answers1

0

The first sentences in the key usage section of RFC5280 make it clear that key usage extension is meant to express intent, for humans and for complying libraries:

The key usage extension defines the purpose (e.g., encipherment, signature, certificate signing) of the key contained in the certificate. The usage restriction might be employed when a key that could be used for more than one operation is to be restricted.

Complying libraries, e.g. openssl, do not to use the pertaining key pair for other purposes than stated in the certificate's key usage. But, in the end, this extension is only semantic sugar. There is no guarantee, and your own evil library can certainly use the key pair in any way it likes.

Things get really murky when you throw in the extended key usage extension, which Microsoft AD/CS seems to use by default:

If a certificate contains both a key usage extension and an extended key usage extension, then both extensions MUST be processed independently and the certificate MUST only be used for a purpose consistent with both extensions. If there is no purpose consistent with both extensions, then the certificate MUST NOT be used for any purpose.

To my knowledge, there is no attack that can be fended of with this. When working with complying libraries, the key usage extensions can help prevent wearing out a key, it helps enforcing the principle of using one key (pair) for exactly one purpose. Also, a cryptographer may conclude that it is security-wise okay to use an N-length key of algorithm M for e.g. signing but not for data encipherment due to properties of M and N and the data rate or data volume in their system and code that intent into the key usage.

The key usage extensions prevent accidental key misuse, not more, not less.

AHalvar
  • 426
  • 4
  • 3
  • Thanks for a detailed explanation. You mentioned Microsoft and it seems like Microsoft tend to use that extension a lot. In some cases I have seen them marking the extension as Critical. Can you think of any other reason, besides the ones you have listed, for why would they deem extension to be so important as to mark as Critical? I hope the explanation is not as simple as their CA just issuing certificates with KeyUsage extension and extension marked as Critical, by default. – trekcampy Jul 21 '22 at 18:53