Re: All About Certificate Extensions

Bob Relyea Wed, 28 Sep 2005 09:58:28 -0700

Petar Popara wrote:

I've been reading this:
http://www.mozilla.org/projects/security/pki/nss/tech-notes/tn3.html
and I can't find anything about encryption: which key usage cert shold have to be able to perform encryption?

It's in the document. I think you are trying to look for a generic 'do encryption', but NSS always 'does encryption' in a specific context:

1) SSL handshakes:

Cert Usage              Requried Key Usage              Required Cert Type
--------------------    --------------------            -----------------------

SSLServer:              KEY_AGREEMENT OR
                        KEY_ENCIPHERMENT;               SSL_SERVER;

2) Email encryption

mailRecipient:          KEY_AGREEMENT OR
                        KEY_ENCIPHERMENT;               EMAIL;

KEY_ENCIPHERMENT, DATA_ENCIPHERMENT or both?

If you look at the list, NSS never uses the DATA_ENCIPHERMENT.


_______________________________________________
mozilla-crypto mailing list
[email protected]
http://mail.mozilla.org/listinfo/mozilla-crypto

smime.p7s
Description: S/MIME Cryptographic Signature

Re: All About Certificate Extensions

Reply via email to