next up previous contents
Next: Private Key Protection Up: Key Pair Generation and Previous: Hardware/software key generation   Contents

Key usage purposes (as per X.509 v3 key usage field)

The DutchGrid medium-security Certification Authority root-certificate defined keyUsage extensions "digitalSignature", "certificateSign", and "cRLSign" in the X./509v3 certificate extensions. The X.509 basic constraints is set to "CA:true". the Netscape certificate type is set to "SSL CA", "S/MIME CA", and "Object signing CA".

The certificates issued by the DutchGrid medium-security Certification Authority under this policy will have the basic constraints set to "CA:false", and the keyUsage bits set to "digitalSignature, nonRepudiation, dataEncypherment, keyEncyphterment". The Netscape cert type is set to "server, client, email".

The keyUsage field may be marked as critical on request of the subscriber.

David Groep