CERT_KEY_USAGE_RESTRICTION_INFO

The CERT_KEY_USAGE_RESTRICTION_INFO structure indicates a restriction imposed as to the purposes for which, and policies under which, the certified public key may be used.

When the CryptDecodeObject or CryptDecodeObjectEx function is performed on a CERT_EXTENSION structure's Value member, and the structure's pszObjId member is set to "2.5.29.4", this CERT_KEY_USAGE_RESTRICTION_INFO is output from the function call.

typedef struct _CERT_KEY_USAGE_RESTRICTION_INFO {
    DWORD                            cCertPolicyId;
    PCERT_POLICY_ID                  rgCertPolicyId;
    CRYPT_BIT_BLOB                   RestrictedKeyUsage;
} CERT_KEY_USAGE_RESTRICTION_INFO,  *PCERT_KEY_USAGE_RESTRICTION_INFO;
 

Members

cCertPolicyId

The number of elements in the array rgCertPolicyId.

rgCertPolicyId

An array of structures, each holding CERT_POLICY_ID information.

RestrictedKeyUsage

This member, when present (indicated by RestrictedKeyUsage.cbData != 0), indicates that the certified key may be used only for a purpose for which a corresponding key usage bit is set.

Currently defined RestrictedKeyUsage values are shown in the following table.

RestrictedKeyUsage	Value
CERT_DATA_ENCIPHERMENT_KEY_USAGE	0x10
CERT_DIGITAL_SIGNATURE_KEY_USAGE	0x80
CERT_KEY_AGREEMENT_KEY_USAGE	0x08
CERT_KEY_CERT_SIGN_KEY_USAGE	0x04
CERT_KEY_ENCIPHERMENT_KEY_USAGE	0x20
CERT_NON_REPUDIATION_KEY_USAGE	0x40
CERT_OFFLINE_CRL_SIGN_KEY_USAGE	0x02

See Also

CERT_POLICY_ID, CRYPT_BIT_BLOB