Highest Voted 'key-usage' Questions - IT Security Stack Exchange

20

votes

3 answers

Which signing key should I use for certifying other peoples public keys: master or subkey?

I have a Master Identity key (which is detached from my daily-use keyring) and both encryption and signing subkeys (all are RSA). I sign documents with the signing subkey: GnuPG selects this key automatically from my daily-use secret keyring…

asked Dec 29 '13 at 21:47

jah

390
2
10

19

votes

2 answers

Difference between key encipherment and data encipherment?

In the context of SSL/TLS certificates, what is the difference between key encipherment and data encipherment? What are some examples that highlights the difference?

tls public-key-infrastructure key-usage

asked May 07 '18 at 06:22

joedotnot

307
1
2
5

16

votes

2 answers

How to change (sub)key usage of a PGP key?

gpg2 generates keys with one or several of the (S)igning, (E)ncryption, (C)ertification usages set. However, e.g. Enigmail creates a primary key also set for (A)uthentication, which GnuPG then shows. How can this be set/modified using gpg2? I can't…

key-management pgp gnupg key-usage

asked Feb 27 '13 at 14:58

Tobias Kienzler

7,578
10
43
66

10

votes

1 answer

SSL Cert Types and Key Usage

I want to use OpenSSL to create a CSR and submit it to my CA (which uses Microsoft PKI) and receive certificates that can be used for both Server Auth and Client Auth. I'm not clear on a couple of things, which may simply be a a link between…

certificates openssl server client key-usage

asked Apr 05 '13 at 20:06

Mike

408
1
5
8

6

votes

0 answers

What Key Usage values are required to support Code Signing?

I have a .pfx that I want to use to sign a Clickonce app. However, on trying to do so, Visual Studio gives me "The selected certificate is not valid for code signing." When I go to certmgr.msc and check the certificate, it states "Code signing"…

certificates code-signing key-usage

asked Mar 10 '16 at 18:10

user104013

61
2

6

votes

1 answer

Difference between certificates with "extension fields" and "Non Repudiation" usage

For example we have two certificate pairs: First pair: Server cert with "Non Repudiation" (sometimes called Content Commitment) usage, Client cert without any "extension fields". Second pair: Server cert with "TLS Web Server Authentication"…

tls certificates openssl x.509 key-usage

asked Sep 21 '15 at 14:23

kay

163
1
1
4

4

votes

1 answer

what is the usage of extendedkeyusage in a CA certificate?

we have a CA certificate template to verify, which contains an extendedkeyusage extension with the following values "clientAuthentication" "emailProtection" and "id-kp-OCSPSigning" Is this a mistake or is there really a usecase for…

certificates certificate-authority key-usage

asked Sep 09 '19 at 08:38

IMenePs

73
6

3

votes

2 answers

Does the "Key Encipherment" key usage make sense when using ECDH P384?

I configured a Windows CA and created a certificate template to issue certificates with ECDH_P384 keys: Then I noticed that it's not possible to set the "Key Encipherment" key usage in the "Extensions" tab: What is the reason behind this…

certificates certificate-authority ecc key-usage

asked Jan 17 '20 at 14:52

Chris

81
1
7

2

votes

1 answer

Does Openssl support server certificate key usage validation during Tls handshake?

I want to understand if Openssl supports the key usage extension validation. If yes, how does it understand that each certificate in the chain received in server certificate correctly specifies the key usage ?

tls openssl key-usage

asked Jun 30 '21 at 18:03

Sameer Joshi

121
1

1

vote

1 answer

How test if a tool doesn’t check for /extendedKeyUsage=?

Web browsers are off course checking that field, but some third party libraries for languages like perl don’t perform it (they check /keyUsage= but not /extendedKeyUsage=). So for example, I would need a certificate authority that would allow to put…

tls certificates certificate-authority key-usage

asked Jan 12 '18 at 18:31

user2284570

1,402
1
14
33

1

vote

1 answer

Missing 'Key Usage' on a CA certificate: can sign certificates?

In Windows certificate store, an intermediate CA certificate without Key Usage extension is considered eligible (as long as it has isCA flag from Basic Constraints of course) for singing end entity certificates (such chain is considered valid). But,…

certificate-authority x.509 key-usage

asked Sep 19 '17 at 13:06

jirkamat

143
1
6

1

vote

0 answers

Key usage not applied using Microsoft CA

I'm a bit of a newbie to Certificate signing, so please forgive any stupid questions I might have. I have a CSR, when I decode the CSR it cleary request the following key usages: Requested Extensions: X509v3 Extended Key Usage: …

certificate-authority microsoft key-usage

asked Jan 05 '17 at 12:36

Oliland

11
3

0

votes

1 answer

application of key usage extension

I understand how Key Usage Extension of x.509 certificate works. I have gone through the Key Usage section of RFC5280 and I know of all the valid values and what they mean. But what I don't understand is the usage; Why it was deem necessary to add…

x.509 key-usage

asked Jul 11 '22 at 19:27

trekcampy

1

0

votes

0 answers

Is it must to have "Key Usage" extension in the selfsigned root certificate?

I have gone through multiple questions but still I am confused. RFC X.509 also does not clarify it. Conforming CAs MUST include this extension in certificates that contain public keys that are used to validate digital signatures on other…

certificate-authority x.509 key-usage

asked Apr 11 '22 at 06:01

Ravindra12jan

121
2

-1

votes

2 answers

AES algorithm encryption time

What is the time taken by an AES Encryption algorithm, with a key of 128 bits, operating on a normal computer (say with Intel i7) and what will be the impact be on the time if I wish to use a 256 bit key?

encryption aes key-usage time

asked Jun 20 '15 at 11:05

Lokanath

163
1
3

Questions tagged [key-usage]