Key Usage Extension Explained

The Key Usage extension (OID 2.5.29.15) is a critical extension that defines the permitted cryptographic operations for the certificate's public key. If marked critical, a certificate must only be used for the operations listed — using it for other purposes violates PKI policy and most TLS implementations will reject such use.

Key Usage Bit Flags

• digitalSignature: Key may be used to sign data (required for ECDSA TLS certificates)
• nonRepudiation / contentCommitment: Key may be used for non-repudiation — the signer cannot later deny signing
• keyEncipherment: Key may be used to encrypt other keys (required for RSA key exchange in TLS)
• dataEncipherment: Key may be used to directly encrypt data (rare in TLS)
• keyAgreement: Key may be used for Diffie-Hellman key agreement (used with DH/ECDH keys)
• keyCertSign: Key may be used to sign other certificates — this is set on CA certificates
• cRLSign: Key may be used to sign Certificate Revocation Lists
• encipherOnly / decipherOnly: Used with keyAgreement to restrict direction

Typical Values for TLS Server Certificates

• RSA certificate: digitalSignature, keyEncipherment
• ECDSA certificate: digitalSignature
• CA certificate: digitalSignature, keyCertSign, cRLSign

Key Usage vs. Extended Key Usage

Key Usage defines low-level cryptographic operations. Extended Key Usage (EKU) defines higher-level application purposes (TLS server, TLS client, email signing, code signing, etc.). Both extensions work together — a TLS server certificate should have both digitalSignature in Key Usage and TLS Web Server Authentication in Extended Key Usage.