The keyEncipherment bit is asserted when the subject public key is
used for key transport. For example, when an RSA key is to be
used for key management, then this bit shall asserted.
The dataEncipherment bit is asserted when the subject public key
is used for enciphering user data, other than cryptographic keys.
Hi,
I have had a recent interoperability issue with a application vendor that didn't like the key-usage attributes in a cert from a CA vendor's certificate. Signing certs work fine, it was an encryption cert that failed.
CA sets key-usage = "key encipherment".
Application wants to encrypt some XML data so looks for key-usage = "data encipherment". Reason - because XML is data, not a key.
I believe the application vendor is wrong and I explained that the RSA key actually encrypts an AES key so it doesn't directly encrypt the data but they want an official "pkix" ruling based on the standard so can someone please refer me to a statement in the standard that clears this up.
Thanks,
Simon McMahon.
Simon McMahon
Work: (07) 31311420
Mobile: (043) 2294180
Simon McMahon
Work: (07) 31311420
Mobile: (043) 2294180
***********************************************************************************
This email, including any attachments sent with it, is confidential and for the sole use of the intended recipient(s). This confidentiality is not waived or lost, if you receive it and you are not the intended recipient(s), or if it is transmitted/received in error.
Any unauthorised use, alteration, disclosure, distribution or review of this email is prohibited. It may be subject to a statutory duty of confidentiality if it relates to health service matters.
If you are not the intended recipient(s), or if you have received this email in error, you are asked to immediately notify the sender by telephone or by return email. You should also delete this email and destroy any hard copies produced.
***********************************************************************************