The CERT_KEY_USAGE_RESTRICTION_INFO structure indicates a restriction imposed as to the purposes for which, and policies under which, the certified public key may be used.
When the CryptDecodeObject or CryptDecodeObjectEx function is performed on a CERT_EXTENSION structure's Value member, and the structure's pszObjId member is set to "2.5.29.4", this CERT_KEY_USAGE_RESTRICTION_INFO is output from the function call.
typedef struct _CERT_KEY_USAGE_RESTRICTION_INFO {
DWORD cCertPolicyId;
PCERT_POLICY_ID rgCertPolicyId;
CRYPT_BIT_BLOB RestrictedKeyUsage;
} CERT_KEY_USAGE_RESTRICTION_INFO, *PCERT_KEY_USAGE_RESTRICTION_INFO;
Currently defined RestrictedKeyUsage values are shown in the following table.
RestrictedKeyUsage | Value |
---|---|
CERT_DATA_ENCIPHERMENT_KEY_USAGE | 0x10 |
CERT_DIGITAL_SIGNATURE_KEY_USAGE | 0x80 |
CERT_KEY_AGREEMENT_KEY_USAGE | 0x08 |
CERT_KEY_CERT_SIGN_KEY_USAGE | 0x04 |
CERT_KEY_ENCIPHERMENT_KEY_USAGE | 0x20 |
CERT_NON_REPUDIATION_KEY_USAGE | 0x40 |
CERT_OFFLINE_CRL_SIGN_KEY_USAGE | 0x02 |
CERT_POLICY_ID, CRYPT_BIT_BLOB