From 57714a30a1b06dc4adb6a29bcab5d235c86b961c Mon Sep 17 00:00:00 2001 From: Stephen Davidson Date: Wed, 4 Jan 2023 16:40:18 -0400 Subject: [PATCH] EdDSA keyusage table --- SBR.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/SBR.md b/SBR.md index b38e937..cbc250c 100644 --- a/SBR.md +++ b/SBR.md @@ -1801,10 +1801,10 @@ e. `keyUsage` (SHALL be present) This extension SHOULD be marked critical. - | Generation | `rsaEncryption` | `id-ecPublicKey` | - |------|-----------------------|-----------------------------| - | Strict | For signing only, bit positions SHALL be set for `digitalSignature` and MAY be set for `nonRepudiation`.
For key management only, bit positions SHALL be set for `keyEncipherment`.
For dual use, bit positions SHALL be set for `digitalSignature` and `keyEncipherment` and MAY be set for `nonRepudiation`. |For signing only, bit positions SHALL be set for `digitalSignature` and MAY be set for `nonRepudiation`.
For key management only, bit positions SHALL be set for `keyAgreement` and MAY be set for `encipherOnly` or `decipherOnly`.
For dual use, bit positions SHALL be set for `digitalSignature` and `keyAgreement` and MAY be set for `nonRepudiation` and for `encipherOnly` or `decipherOnly` (only if `keyAgreement` is set).| - | Multipurpose
and Legacy | For signing only, bit positions SHALL be set for `digitalSignature` and MAY be set for `nonRepudiation`.
For key management only, bit positions SHALL be set for `keyEncipherment` and MAY be set for `dataEncipherment`.
For dual use, bit positions SHALL be set for `digitalSignature` and `keyEncipherment` and MAY be set for `nonRepudiation` and `dataEncipherment`. |For signing only, bit positions SHALL be set for `digitalSignature` and MAY be set for `nonRepudiation`.
For key management only, bit positions SHALL be set for `keyAgreement` and MAY be set for `encipherOnly` or `decipherOnly`.
For dual use, bit positions SHALL be set for `digitalSignature` and `keyAgreement` and MAY be set for `nonRepudiation` and for `encipherOnly` or `decipherOnly` (only if `keyAgreement` is set).| + | Generation | `rsaEncryption` | `id-ecPublicKey` |`id-Ed25519` and `id-Ed448` | + |------|-----------------------|-----------------------------|-----------------------------| + | Strict | For signing only, bit positions SHALL be set for `digitalSignature` and MAY be set for `nonRepudiation`.
For key management only, bit positions SHALL be set for `keyEncipherment`.
For dual use, bit positions SHALL be set for `digitalSignature` and `keyEncipherment` and MAY be set for `nonRepudiation`. |For signing only, bit positions SHALL be set for `digitalSignature` and MAY be set for `nonRepudiation`.
For key management only, bit positions SHALL be set for `keyAgreement` and MAY be set for `encipherOnly` or `decipherOnly`.
For dual use, bit positions SHALL be set for `digitalSignature` and `keyAgreement` and MAY be set for `nonRepudiation` and for `encipherOnly` or `decipherOnly` (only if `keyAgreement` is set).| Bit positions SHALL be set for `digitalSignature` and MAY be set for `nonRepudiation`. | + | Multipurpose
and Legacy | For signing only, bit positions SHALL be set for `digitalSignature` and MAY be set for `nonRepudiation`.
For key management only, bit positions SHALL be set for `keyEncipherment` and MAY be set for `dataEncipherment`.
For dual use, bit positions SHALL be set for `digitalSignature` and `keyEncipherment` and MAY be set for `nonRepudiation` and `dataEncipherment`. |For signing only, bit positions SHALL be set for `digitalSignature` and MAY be set for `nonRepudiation`.
For key management only, bit positions SHALL be set for `keyAgreement` and MAY be set for `encipherOnly` or `decipherOnly`.
For dual use, bit positions SHALL be set for `digitalSignature` and `keyAgreement` and MAY be set for `nonRepudiation` and for `encipherOnly` or `decipherOnly` (only if `keyAgreement` is set).| Bit positions SHALL be set for `digitalSignature` and MAY be set for `nonRepudiation`. | Other bit positions SHALL NOT be set.