Questions tagged [key-usage]
15 questions
20
votes
3 answers
Which signing key should I use for certifying other peoples public keys: master or subkey?
I have a Master Identity key (which is detached from my daily-use keyring) and both encryption and signing subkeys (all are RSA).
I sign documents with the signing subkey: GnuPG selects this key automatically from my daily-use secret keyring…
jah
- 390
- 2
- 10
19
votes
2 answers
Difference between key encipherment and data encipherment?
In the context of SSL/TLS certificates, what is the difference between key encipherment and data encipherment? What are some examples that highlights the difference?
joedotnot
- 307
- 1
- 2
- 5
16
votes
2 answers
How to change (sub)key usage of a PGP key?
gpg2 generates keys with one or several of the (S)igning, (E)ncryption, (C)ertification usages set. However, e.g. Enigmail creates a primary key also set for (A)uthentication, which GnuPG then shows. How can this be set/modified using gpg2? I can't…
Tobias Kienzler
- 7,578
- 10
- 43
- 66
10
votes
1 answer
SSL Cert Types and Key Usage
I want to use OpenSSL to create a CSR and submit it to my CA (which uses Microsoft PKI) and receive certificates that can be used for both Server Auth and Client Auth. I'm not clear on a couple of things, which may simply be a a link between…
Mike
- 408
- 1
- 5
- 8
6
votes
0 answers
What Key Usage values are required to support Code Signing?
I have a .pfx that I want to use to sign a Clickonce app. However, on trying to do so, Visual Studio gives me "The selected certificate is not valid for code signing." When I go to certmgr.msc and check the certificate, it states "Code signing"…
user104013
- 61
- 2
6
votes
1 answer
Difference between certificates with "extension fields" and "Non Repudiation" usage
For example we have two certificate pairs:
First pair:
Server cert with "Non Repudiation" (sometimes called Content Commitment) usage,
Client cert without any "extension fields".
Second pair:
Server cert with "TLS Web Server Authentication"…
kay
- 163
- 1
- 1
- 4
4
votes
1 answer
what is the usage of extendedkeyusage in a CA certificate?
we have a CA certificate template to verify, which contains an extendedkeyusage extension with the following values
"clientAuthentication"
"emailProtection" and
"id-kp-OCSPSigning"
Is this a mistake or is there really a usecase for…
IMenePs
- 73
- 6
3
votes
2 answers
Does the "Key Encipherment" key usage make sense when using ECDH P384?
I configured a Windows CA and created a certificate template to issue certificates with ECDH_P384 keys:
Then I noticed that it's not possible to set the "Key Encipherment" key usage in the "Extensions" tab:
What is the reason behind this…
Chris
- 81
- 1
- 7
2
votes
1 answer
Does Openssl support server certificate key usage validation during Tls handshake?
I want to understand if Openssl supports the key usage extension validation. If yes, how does it understand that each certificate in the chain received in server certificate correctly specifies the key usage ?
Sameer Joshi
- 121
- 1
1
vote
1 answer
How test if a tool doesn’t check for /extendedKeyUsage=?
Web browsers are off course checking that field, but some third party libraries for languages like perl don’t perform it (they check /keyUsage= but not /extendedKeyUsage=).
So for example, I would need a certificate authority that would allow to put…
user2284570
- 1,402
- 1
- 14
- 33
1
vote
1 answer
Missing 'Key Usage' on a CA certificate: can sign certificates?
In Windows certificate store, an intermediate CA certificate without Key Usage extension is considered eligible (as long as it has isCA flag from Basic Constraints of course) for singing end entity certificates (such chain is considered valid).
But,…
jirkamat
- 143
- 1
- 6
1
vote
0 answers
Key usage not applied using Microsoft CA
I'm a bit of a newbie to Certificate signing, so please forgive any stupid questions I might have.
I have a CSR, when I decode the CSR it cleary request the following key usages:
Requested Extensions:
X509v3 Extended Key Usage:
…
Oliland
- 11
- 3
0
votes
1 answer
application of key usage extension
I understand how Key Usage Extension of x.509 certificate works. I have gone through the Key Usage section of RFC5280 and I know of all the valid values and what they mean.
But what I don't understand is the usage; Why it was deem necessary to add…
0
votes
0 answers
Is it must to have "Key Usage" extension in the selfsigned root certificate?
I have gone through multiple questions but still I am confused. RFC X.509 also does not clarify it.
Conforming CAs MUST include this extension in certificates that
contain public keys that are used to validate digital signatures on
other…
Ravindra12jan
- 121
- 2
-1
votes
2 answers
AES algorithm encryption time
What is the time taken by an AES Encryption algorithm, with a key of 128 bits, operating on a normal computer (say with Intel i7) and what will be the impact be on the time if I wish to use a 256 bit key?
Lokanath
- 163
- 1
- 3