Key usage extension
Define the allowed or required key usage extensions in the certificate.
Example JSON
"key_usage":
{
"critical":true,
"allow_critical_override":true,
"required_usages":
{
"rsa":
[
"digital_signature",
"non_repudiation",
"key_encipherment"
],
"ecdsa":
[
"digital_signature",
"non_repudiation"
],
"dilithium":
[
"digital_signature"
],
"sphincs":
[
"digital_signature"
]
},
"optional_usages":
{
"rsa":
[
"data_encipherment"
],
"ecdsa":
[
"key_agreement"
],
"dilithium":
[
"non_repudiation"
],
"sphincs":
[
"non_repudiation"
]
}
}Parameters
Name | Type | Req/Opt | Description |
|---|---|---|---|
key_usage | object | required | Key usage extension details. |
critical | boolean | optional | Indicates if the extension will be marked critical or not. Defaults to true. |
allow_critical_override | boolean | optional | Indicates if the critical flag can be overridden. Defaults to false. |
allow_value_override | boolean | optional | Allow value override of root CA and intermediate CA key usages and don’t apply system defaults. |
required_usage | object | optional | List of required key usages to be included in the certificate. Possible values:
|
optional_usages | object | optional | List of optional key usages that can be defined in a certificate profile or provided in the certificate request. Possible values:
|
rsa | array of strings | required | Define RSA key usages.
|
ecdsa | array of strings | required | Define ECDSA key usages.
|
dilithium | array of strings | required | Define ML-DSA key usages.
|
sphincs | array of strings | required | Define SLH-DSA key usages.
|