About X509 Valves
Note
This section contains common X509 information.
Key usage
Key usage is a list of (9) flags (bitmask) turning on (true) or off (false) a specific usage.
Flags:
| Bit Index | Flag Name |
|---|---|
| 0 | digitalSignature |
| 1 | nonRepudiation |
| 2 | keyEncipherment |
| 3 | dataEncipherment |
| 4 | keyAgreement |
| 5 | keyCertSign |
| 6 | cRLSign |
| 7 | encipherOnly |
| 8 | decipherOnly |
If length of list is shorter than 9, false will be added to the end until length is 9.
Examples:
# Turn on digitalSignature
true # Index 0 is digitalSignature
# Turn on keyCertSign
false,false,false,false,false,true # Index 5 is keyCertSign
Extended key usage
Extended key usage is a list of key purpose aliases. Only the one defined below are valid in the current version.
Key purpose aliases:
- OCSPSigning
- serverAuth
- clientAuth
- codeSigning