The following is a list of commonly used extended key usage and issuance policies that are used repeatedly in practice to restrict certificate authority certificates.
Frequently used extended key usages:
The extended key usages are also referred to in some documentation as Application Policies called.
OID | Description |
---|---|
1.3.6.1.4.1.311.20.2.1 | Certificate Request Agent |
1.3.6.1.5.5.7.3.2 | Client Authentication |
1.3.6.1.5.5.7.3.3 | Code Signing |
1.3.6.1.4.1.311.10.3.13 | Lifetime Signing |
1.3.6.1.4.1.311.10.3.12 | Document Signing |
1.3.6.1.4.1.311.80.1 | Document Encryption |
1.3.6.1.4.1.311.10.3.4 | Encrypting file system |
1.3.6.1.4.1.311.10.3.4.1 | File Recovery |
1.3.6.1.5.5.7.3.5 | IP Security End System |
1.3.6.1.5.5.8.2.2 | IP Security IKE Intermediate |
1.3.6.1.5.5.7.3.6 | IP Security Tunnel Endpoint |
1.3.6.1.5.5.7.3.7 | IP Security User |
1.3.6.1.4.1.311.10.3.11 | Key Recovery |
1.3.6.1.5.2.3.5 | KDC Authentication |
1.3.6.1.4.1.311.10.3.1 | Microsoft Trust List Signing |
1.3.6.1.4.1.311.10.3.10 | Qualified Subordination |
1.3.6.1.4.1.311.10.3.9 | Root List Signer |
1.3.6.1.5.5.7.3.4 | Secure E-mail |
1.3.6.1.5.5.7.3.1 | Server Authentication |
1.3.6.1.4.1.311.20.2.2 | Smartcard Logon |
1.3.6.1.5.5.7.3.8 | Time Stamping according to RFC 3161 |
1.3.6.1.5.5.7.3.9 | OCSP Signing |
1.3.6.1.4.1.311.54.1.2 | Remote Desktop Authentication |
1.3.6.1.4.1.311.21.5 | Private Key Archival |
2.16.840.1.113741.1.2.3 | Intel Advanced Management Technology (AMT) Provisioning |
Frequently used issuance policies (Issuance Policies):
OID | Description |
---|---|
2.5.29.32.0 | All Issuance Policies (AnyPolicy) |
1.3.6.1.4.1.311.21.32 | TPM Key AttestationUser Credentials: (Low Assurance) |
1.3.6.1.4.1.311.21.31 | TPM Key AttestationEndorsement Certificate: (Medium Assurance) |
1.3.6.1.4.1.311.21.30 | TPM Key AttestationEndorsement Key: (High Assurance) |
Related links:
- Basics: Restricting Extended Key Usage (EKU) in Certification Authority Certificates
- Restrict extended key usage (EKU) for imported root certification authority certificates
- Configuring the Trusted Platform Module (TPM) Key Attestation
- Basics of online responders (Online Certificate Status Protocol, OCSP)
External sources
- TPM Key Attestation (Microsoft)
- Setting up TPM protected certificates using a Microsoft Certificate Authority - Part 3: Key Attestation (Microsoft)
- Object IDs associated with Microsoft cryptography (Microsoft, archive link)
- Object Identifiers (OID) in PKI (PKI Solutions, Inc.)
20 thoughts on “Häufig verwendete erweiterte Schlüsselverwendungen (Extended Key Usages) und Ausstellungsrichtlinien (Issuance Policies)”
Comments are closed.