Valid on z/OS
Use the KEYUSAGE keyword to specify the appropriate values for the KeyUsage certificate extension, of which one or more of the values might be coded. For certificate authority certificates (CERTAUTH), the default is CERTSIGN and is always set. There is no default for certificates that are not certificate‑authority certificates. When the key pair is generated using the DSA algorithm, only the digital signature bit is set since the keys cannot be used for encryption.
This keyword has the following format:
TSS GENCERT(acid) KEYUSAGE(HANDSHAKE|DATAENCRYPT|DOCSIGN|CERTSIGN|KEYAGREE)
Facilitates identification and key exchange during security handshakes, such as SSL, which set the digitalSignature and keyEncipherment indicators. When the key pair is generated using the DSA algorithm, only the digitalSignature bit is set because the keys cannot be used for encryption.
Encrypts data, which sets the dataEncipherment indicator. When the key pair is generated using the DSA algorithm, you cannot use the DATAENCRYPT keyword in the Keyusage parameter.
Specifies a legally binding signature, which sets the nonRepudiation indicator.
Specifies a signature for other digital certificates and CRLs, which sets the keyCertSign and cRLSign indicators.
Facilitates key exchange, which sets the keyAgreement indicator. This usage is valid only for NISTECC and BPECC keys. A certificate with no keyUsage value other than keyAgreement cannot be used for signing.
Note: Include single quotes if specifying more than one value with KEYUSAGE. For example:
KEYUSAGE('HANDSHAKE DATAENCRYPT')
This keyword is used with:
|
Copyright © 2014 CA Technologies.
All rights reserved.
|
|