Openssl ca
Jump to navigation
Jump to search
keyUsage and extendedKeyUsage are both extensions used in X.509 certificates to specify the purposes for which the public key contained in the certificate can be used. However, they serve slightly different purposes: keyUsage: This extension defines the cryptographic operations for which the public key in the certificate can be used. It specifies the permitted key usages, such as digital signature, key encipherment, data encipherment, key agreement, and certificate signing. extendedKeyUsage: This extension further refines the usage of the certificate beyond what is covered by keyUsage. It specifies the specific extended key usages, such as client authentication, server authentication, code signing, email protection, and time stamping. In summary, keyUsage is more general and covers basic cryptographic operations, while extendedKeyUsage provides more specific details about how the certificate can be used, including specific application purposes. Both extensions are optional in a certificate, and their presence or absence can impact how the certificate is interpreted and used by various systems.