KeyUsages

KeyUsages (often referred to as the KeyUsage extension in X.509 certificates) defines the purposes for which the public key contained in a certificate may be used. It is typically encoded as a bit string where each bit corresponds to a specific allowed operation. The extension helps constrain a certificate holder’s cryptographic actions to align with policy and risk requirements.

The standard bits include digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment, keyAgreement, keyCertSign, and cRLSign. Some implementations also use

KeyUsages are commonly marked as a critical extension. If the extension is marked critical and an application

Relation to other PKI constraints: KeyUsages limit how the key can be used, while ExtendedKeyUsage provides

See also: X.509, ExtendedKeyUsage, PKI, TLS certificates.