IETF Logo Mail Archive

Re: Question from a new comer about KeyUsage

Hans Schupp <schupp@secude.com> Thu, 22 March 2001 00:32 UTC

Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with SMTP id TAA26328 for <pkix-archive@odin.ietf.org>; Wed, 21 Mar 2001 19:32:40 -0500 (EST)
Received: from localhost (daemon@localhost) by above.proper.com (8.9.3/8.9.3) with SMTP id QAA13986; Wed, 21 Mar 2001 16:32:04 -0800 (PST)
Received: by mail.imc.org (bulk_mailer v1.12); Wed, 21 Mar 2001 16:31:56 -0800
Received: from gateway.secude.com (linux.secude.com [141.12.207.27]) by above.proper.com (8.9.3/8.9.3) with ESMTP id QAA13947 for <ietf-pkix@imc.org>; Wed, 21 Mar 2001 16:31:55 -0800 (PST)
Received: from secude.com (pc-hans.intranet.secude.com [192.168.3.36]) by gateway.secude.com (Postfix) with ESMTP id EA82C1B1A; Thu, 22 Mar 2001 01:31:30 +0100 (MET)
Message-ID: <3AB947E9.2E1F7C64@secude.com>
Date: Thu, 22 Mar 2001 01:31:37 +0100
From: Hans Schupp <schupp@secude.com>
Organization: SECUDE GmbH
X-Mailer: Mozilla 4.76 [en] (Windows NT 5.0; U)
X-Accept-Language: en
MIME-Version: 1.0
To: prkumar@nortelnetworks.com
Cc: ietf-pkix@imc.org
Subject: Re: Question from a new comer about KeyUsage
References: <000701c0b223$9fb4ce40$86fa20c0@engeast.baynetworks.com>
Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg="sha1"; boundary="------------msD1F5F76654892AC11FCD042A"
Precedence: bulk
List-Archive: http://www.imc.org/ietf-pkix/mail-archive/
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: mailto:ietf-pkix-request@imc.org?body=unsubscribe

Prashant Kumar wrote:

> In one of the Microsoft Certificate the Key usage bits are
> set as 0x05 A0(0000 0101 1010 0000). If we open the
> certificate using MS it claims that
> 
> 1. Digital Signature, Key Encipherment[A0] bits are set.
> 
> However if you go according to the RFC 2459 it actually has
> Digital Signature, nonRepudiation, and dataEncipherment set
> ....(Bits 0, 1 and 3) bit 8 is the right most bit...

You left out the fact, that KeyUsage is encoded as a BIT STRING, which
has a special meaning for the first byte. The 0x05 only says: the 5 last
bits of the following byte are unused, i.e. from the byte 10100000 only
the part 101xxxxx is meaningful.
Take this and you get exactly the bits "digitalSignature" and
"keyEncipherment". MS is not always wrong ;-)

regards, Hans
--
Hans Schupp, SECUDE GmbH, +49-6151-82897-0
_________________________________________________
CeBIT Hannover 22.-28.03.2001, hall 2 / booth B18

v2.23.0 | Report a Bug | By Email