Hello, regarding the KeyUsage bits I'd like to know the opinion of this list: The draft-ietf-pkix-ipki-part1-09.txt states: > The keyEncipherment bit is asserted when the subject public key > is used for key transport. For example, when an RSA key is to > be used for key management, then this bit shall asserted. > > The dataEncipherment bit is asserted when the subject public key > is used for enciphering user data, other than cryptographic > keys. Which bits need to be asserted in a certificate which I want to use e.g. for encrypting emails ? Using the hybrid method (data is encrypted symmetrically and the symmetric key is encrypted asymmetrically) a certified asymmetric key will be used for keyEncipherment, but I assume dataEncipherment is the bit to be asserted, because I'm using the certified key for confidentiality and protection of the data. Or should maybe both bits be asserted in an encryption certificate ? Regards - Petra Glöckner
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature