Was this page helpful?
Your feedback about this content is important. Let us know what you think.
Additional feedback?
1500 characters remaining
Export (0) Print
Expand All

X509KeyUsageFlags enumeration

The X509KeyUsageFlags enumeration type specifies the purpose of a key contained in a certificate. You can use the enumeration to identify restrictions. For example, if a key should be used only for signing, you can select the XCN_CERT_DIGITAL_SIGNATURE_KEY_USAGE or the XCN_CERT_NON_REPUDIATION_KEY_USAGE values. Likewise, if a key should be used only for key management, you can select the XCN_CERT_KEY_ENCIPHERMENT_KEY_USAGE value. This enumeration can be used to initialize an IX509ExtensionKeyUsage object.

Syntax


typedef enum X509KeyUsageFlags { 
  XCN_CERT_NO_KEY_USAGE                 = 0,
  XCN_CERT_DIGITAL_SIGNATURE_KEY_USAGE  = 0x80,
  XCN_CERT_NON_REPUDIATION_KEY_USAGE    = 0x40,
  XCN_CERT_KEY_ENCIPHERMENT_KEY_USAGE   = 0x20,
  XCN_CERT_DATA_ENCIPHERMENT_KEY_USAGE  = 0x10,
  XCN_CERT_KEY_AGREEMENT_KEY_USAGE      = 0x8,
  XCN_CERT_KEY_CERT_SIGN_KEY_USAGE      = 0x4,
  XCN_CERT_OFFLINE_CRL_SIGN_KEY_USAGE   = 0x2,
  XCN_CERT_CRL_SIGN_KEY_USAGE           = 0x2,
  XCN_CERT_ENCIPHER_ONLY_KEY_USAGE      = 0x1,
  XCN_CERT_DECIPHER_ONLY_KEY_USAGE      = ( 0x80 << 8 )
} X509KeyUsageFlags;

Constants

XCN_CERT_NO_KEY_USAGE

The purpose of the key is not defined.

XCN_CERT_DIGITAL_SIGNATURE_KEY_USAGE

The key is used with a Digital Signature Algorithm (DSA) to support services other than nonrepudiation, certificate signing, or revocation list signing.

XCN_CERT_NON_REPUDIATION_KEY_USAGE

The key is used to verify a digital signature as part of a nonrepudiation service that protects against false denial of action by a signing entity.

XCN_CERT_KEY_ENCIPHERMENT_KEY_USAGE

The key is used for key transport. That is, the key is used to manage a key passed from its point of origination to another point of use.

XCN_CERT_DATA_ENCIPHERMENT_KEY_USAGE

The key is used to encrypt user data other than cryptographic keys.

XCN_CERT_KEY_AGREEMENT_KEY_USAGE

The key is used for key agreement. The key agreement or key exchange protocol enables two or more parties to negotiate a key value without transferring the key and without previously establishing a shared secret.

XCN_CERT_KEY_CERT_SIGN_KEY_USAGE

The key is used to verify a certificate signature. This value can only be used for certificates issued by certification authorities.

XCN_CERT_OFFLINE_CRL_SIGN_KEY_USAGE

The key is used to verify an offline certificate revocation list (CRL) signature.

XCN_CERT_CRL_SIGN_KEY_USAGE

The key is used to verify a CRL signature.

XCN_CERT_ENCIPHER_ONLY_KEY_USAGE

The key is used to encrypt data while performing key agreement. When this value is specified, the XCN_CERT_KEY_AGREEMENT_KEY_USAGE value must also be specified.

XCN_CERT_DECIPHER_ONLY_KEY_USAGE

The key is used to decrypt data while performing key agreement. When this value is specified, the XCN_CERT_KEY_AGREEMENT_KEY_USAGE must also be specified.

Requirements

Minimum supported client

Windows Vista [desktop apps only]

Minimum supported server

Windows Server 2008 [desktop apps only]

Header

CertEnroll.h

See also

CertEnroll Enumerations
CertEnroll Interfaces
InitializeEncode
IX509ExtensionKeyUsage

 

 

Community Additions

ADD
Show:
© 2015 Microsoft