SECTION 8.6
701
Interactive Forms
KEY
TYPE
VALUE
KeyUsage
array of
ASCII
strings
(Optional;
PDF 1.7)
An array of ASCII strings, where each string specifies an
acceptable key-usage extension that must be present in the signing certificate.
Multiple strings specify a range of acceptable key-usage extensions. The key-
usage extension is described in RFC 3280 (see the Bibliography).
Each character in a string represents a key-usage type, where the order of the
characters indicates the key-usage extension it represents. The first through
ninth characters in the array, from left to right, represent the required value for
the following key-usage extensions:
1
2
3
digitalSignature
non-Repudiation
keyEncipherment
4
5
6
dataEncipherment 7
keyAgreement
keyCertSign
8
9
cRLSign
encipherOnly
decipherOnly
Any additional characters are ignored. Any missing characters or characters
that are not one of the following values, should be set to ‘
X
’. The following
character values are supported:
0
1
X
Corresponding key-usage must not be set.
Corresponding key-usage must be set.
State of the corresponding key-usage does not matter.
For example, the string values ‘
1
’ and ‘
1XXXXXXXX
’ represent settings where the
key-usage type digitalSignature must be set and the state of all other key-usage
types do not matter.
The value of the corresponding flag in the
Ff
entry indicates whether this is a
required constraint.
Issuer
array
(Optional)
An array of byte strings containing DER-encoded X.509v3 certifi-
cates of acceptable issuers. If the signer’s certificate chains up to any of the
specified issuers (either directly or indirectly), the certificate is considered ac-
ceptable for signing. The value of the corresponding flag in the
Ff
entry indi-
cates whether this is a required constraint.
(Optional)
An array of byte strings that contain Object Identifiers (OIDs) of
the certificate policies that must be present in the signing certificate. An exam-
ple of such a string is
(2.16.840.1.113733.1.7.1.1)
. This field is only applicable if
the value of
Issuer
is not empty. The certificate policies extension is described
in RFC 3280 (see the Bibliography). The value of the corresponding flag in the
Ff
entry indicates whether this is a required constraint.
OID
array
Index Bookmark Pages Text
Previous Next
Pages: Index All Pages
This HTML file was created by VeryPDF PDF to HTML Converter product.