Export (0) Print
Expand All
1 out of 1 rated this helpful - Rate this topic

X509KeyUsageFlags enumeration

The X509KeyUsageFlags enumeration type specifies the purpose of a key contained in a certificate. You can use the enumeration to identify restrictions. For example, if a key should be used only for signing, you can select the XCN_CERT_DIGITAL_SIGNATURE_KEY_USAGE or the XCN_CERT_NON_REPUDIATION_KEY_USAGE values. Likewise, if a key should be used only for key management, you can select the XCN_CERT_KEY_ENCIPHERMENT_KEY_USAGE value. This enumeration can be used to initialize an IX509ExtensionKeyUsage object.

Syntax


typedef enum X509KeyUsageFlags { 
  XCN_CERT_NO_KEY_USAGE                 = 0,
  XCN_CERT_DIGITAL_SIGNATURE_KEY_USAGE  = 0x80,
  XCN_CERT_NON_REPUDIATION_KEY_USAGE    = 0x40,
  XCN_CERT_KEY_ENCIPHERMENT_KEY_USAGE   = 0x20,
  XCN_CERT_DATA_ENCIPHERMENT_KEY_USAGE  = 0x10,
  XCN_CERT_KEY_AGREEMENT_KEY_USAGE      = 0x8,
  XCN_CERT_KEY_CERT_SIGN_KEY_USAGE      = 0x4,
  XCN_CERT_OFFLINE_CRL_SIGN_KEY_USAGE   = 0x2,
  XCN_CERT_CRL_SIGN_KEY_USAGE           = 0x2,
  XCN_CERT_ENCIPHER_ONLY_KEY_USAGE      = 0x1,
  XCN_CERT_DECIPHER_ONLY_KEY_USAGE      = ( 0x80 << 8 )
} X509KeyUsageFlags;

Constants

XCN_CERT_NO_KEY_USAGE

The purpose of the key is not defined.

XCN_CERT_DIGITAL_SIGNATURE_KEY_USAGE

The key is used with a Digital Signature Algorithm (DSA) to support services other than nonrepudiation, certificate signing, or revocation list signing.

XCN_CERT_NON_REPUDIATION_KEY_USAGE

The key is used to verify a digital signature as part of a nonrepudiation service that protects against false denial of action by a signing entity.

XCN_CERT_KEY_ENCIPHERMENT_KEY_USAGE

The key is used for key transport. That is, the key is used to manage a key passed from its point of origination to another point of use.

XCN_CERT_DATA_ENCIPHERMENT_KEY_USAGE

The key is used to encrypt user data other than cryptographic keys.

XCN_CERT_KEY_AGREEMENT_KEY_USAGE

The key is used for key agreement. The key agreement or key exchange protocol enables two or more parties to negotiate a key value without transferring the key and without previously establishing a shared secret.

XCN_CERT_KEY_CERT_SIGN_KEY_USAGE

The key is used to verify a certificate signature. This value can only be used for certificates issued by certification authorities.

XCN_CERT_OFFLINE_CRL_SIGN_KEY_USAGE

The key is used to verify an offline certificate revocation list (CRL) signature.

XCN_CERT_CRL_SIGN_KEY_USAGE

The key is used to verify a CRL signature.

XCN_CERT_ENCIPHER_ONLY_KEY_USAGE

The key is used to encrypt data while performing key agreement. When this value is specified, the XCN_CERT_KEY_AGREEMENT_KEY_USAGE value must also be specified.

XCN_CERT_DECIPHER_ONLY_KEY_USAGE

The key is used to decrypt data while performing key agreement. When this value is specified, the XCN_CERT_KEY_AGREEMENT_KEY_USAGE must also be specified.

Requirements

Minimum supported client

Windows Vista [desktop apps only]

Minimum supported server

Windows Server 2008 [desktop apps only]

Header

CertEnroll.h

See also

CertEnroll Enumerations
CertEnroll Interfaces
InitializeEncode
IX509ExtensionKeyUsage

 

 

Did you find this helpful?
(1500 characters remaining)
Thank you for your feedback

Community Additions

ADD
Show:
© 2014 Microsoft. All rights reserved.