What are requirements of Key Usage extension of parent and child certificates?



  • This question is about validating certificates. Imagine some machine gets a leaf certificate (i.e. a certificate signed by the certificate of some CA) with specific Key Usage attributes.

    Example #1: Should the machine reject the certificate if the parent certificate does not include the keyCertSign bit in Key Usage?

    Example #2: Is the child Key Usage required to be a subset of parent Key Usage? Or is the child allowed to have specific Key Usage bits that are not in the parent cert?



  • https://tools.ietf.org/html/rfc5280.html#section-4.2.1.3 has this to say:

    If the keyUsage extension is present, then the subject public key MUST NOT be used to verify signatures on certificates or CRLs unless the corresponding keyCertSign or cRLSign bit is set. If the subject public key is only to be used for verifying signatures on certificates and/or CRLs, then the digitalSignature and nonRepudiation bits SHOULD NOT be set. However, the digitalSignature and/or nonRepudiation bits MAY be set in addition to the keyCertSign and/or cRLSign bits if the subject public key is to be used to verify signatures on certificates and/or CRLs as well as other objects.

    So the expectation is that a CA's KeyUsage will assert { keyCertSign | cRLSign } without asserting digitalSignature. And the end-entity/leaf cert will of course want to assert digitalSignature, therefore there's no expectation of subsetting.



Suggested Topics

  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2