CERT_KEY_USAGE_RESTRICTION_INFO

The CERT_KEY_USAGE_RESTRICTION_INFO structure indicates a restriction imposed as to the purposes for which, and policies under which, the certified public key may be used.

When the CryptDecodeObject or CryptDecodeObjectEx function is performed on a CERT_EXTENSION structure's Value member, and the structure's pszObjId member is set to "2.5.29.4", this CERT_KEY_USAGE_RESTRICTION_INFO is output from the function call.

typedef struct _CERT_KEY_USAGE_RESTRICTION_INFO {
    DWORD                            cCertPolicyId;
    PCERT_POLICY_ID                  rgCertPolicyId;
    CRYPT_BIT_BLOB                   RestrictedKeyUsage;
} CERT_KEY_USAGE_RESTRICTION_INFO,  *PCERT_KEY_USAGE_RESTRICTION_INFO;
 

Members

cCertPolicyId
The number of elements in the array rgCertPolicyId.
rgCertPolicyId
An array of structures, each holding CERT_POLICY_ID information.
RestrictedKeyUsage
This member, when present (indicated by RestrictedKeyUsage.cbData != 0), indicates that the certified key may be used only for a purpose for which a corresponding key usage bit is set.

Currently defined RestrictedKeyUsage values are shown in the following table.
RestrictedKeyUsage Value
CERT_DATA_ENCIPHERMENT_KEY_USAGE 0x10
CERT_DIGITAL_SIGNATURE_KEY_USAGE 0x80
CERT_KEY_AGREEMENT_KEY_USAGE 0x08
CERT_KEY_CERT_SIGN_KEY_USAGE 0x04
CERT_KEY_ENCIPHERMENT_KEY_USAGE 0x20
CERT_NON_REPUDIATION_KEY_USAGE 0x40
CERT_OFFLINE_CRL_SIGN_KEY_USAGE 0x02

See Also

CERT_POLICY_ID, CRYPT_BIT_BLOB