CERT_KEY_USAGE_RESTRICTION_INFO (Compact 2013)

3/28/2014

This structure contains restrictions imposed on the usage of a certificate's public key. This includes purposes for use of the key and policies under which the key can be used.

The CryptDecodeObject function creates an instance of this structure when performed on a CERT_EXTENSION structure's Value member with the structure's pszObjId member set to szOID_KEY_USAGE_RESTRICTION.

An instance of this structure can be used as input to the CryptEncodeObject function to create an appropriate CERT_EXTENSION structure.

Syntax

typedef struct _CERT_KEY_USAGE_RESTRICTION_INFO {
  DWORD cCertPolicyId;
  PCERT_POLICY_ID rgCertPolicyId;
  CRYPT_BIT_BLOB RestrictedKeyUsage;
} CERT_KEY_USAGE_RESTRICTION_INFO, *PCERT_KEY_USAGE_RESTRICTION_INFO;

Members

  • cCertPolicyId
    Number of elements in the rgCertPolicyId array.
  • rgCertPolicyId
    Pointer to an array of CERT_POLICY_ID structures identifying certification policy identifiers.
  • RestrictedKeyUsage
    CRYPT_BIT_BLOB structure that includes, as its pbData, a byte indicating the purposes for which the key can be used. If the cbData member is zero, the key has no usage restrictions.

    The following values are currently defined for the pbData member of RestrictedKeyUsage. These values can be combined using a bitwise OR operation.

    • CERT_DATA_ENCIPHERMENT_KEY_USAGE
    • CERT_DIGITAL_SIGNATURE_KEY_USAGE
    • CERT_KEY_AGREEMENT_KEY_USAGE
    • CERT_KEY_CERT_SIGN_KEY_USAGE
    • CERT_KEY_ENCIPHERMENT_KEY_USAGE
    • CERT_NON_REPUDIATION_KEY_USAGE
    • CERT_OFFLINE_CRL_SIGN_KEY_USAGE

Requirements

Header

wincrypt.h

See Also

Reference

Cryptography Structures
CERT_EXTENSION
CERT_POLICY_ID
CRYPT_BIT_BLOB