On 01/-10/-28163 08:59 PM, [email protected] wrote: > Hello > > today i found some certificate in our Djigzo store with key usage = > nonRepudiation. I have grabed the matching root CA but this certificate > is still marked as invalid so the quetsion is if this is because of the > exclusive use of nonRepudiation and what this certificate should be used > for anyway??
Non-repudiation is a 'strong' form of signing which is normally used for legal electronic signatures. This normally implies that the private key is stored on an approved smart card en that the certificate is issued by some highly trusted issuer. Sometimes, three certificates (and private keys) are issued to one person. An encryption certificate, a signing certificate and a non-repudiation certificate. With three certificates, the signing certificate is typically used only for authentication purposes and the non-repudiation for signing documents. Djigzo does not make a distinction between a signing certificate and a non-repudiation certificate. A certificate with signing and/or non-repudiation key usage is acceptable for signing. The reason why the certificate is invalid in your case is that the certificate can only contains the non-repudiation key usage. The certificate is therefore not valid for encryption. It should be valid for signing if you would possess the private key. Kind regards, Martijn -- Djigzo open source email encryption
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ Users mailing list [email protected] http://lists.djigzo.com/lists/listinfo/users
smime.p7s
Description: S/MIME Cryptographic Signature
