Dear list,
If I understand correctly, there are two X.509 v3 extensions that
determine key (companion to the given certificate) suitability for
e-mail signing:
1. extendedKeyUsage (EKU)
2. nsCertType
In particular,
1. Setting only "emailProtection" in EKU
or
2. Setting only "email" in nsCertType
gives
S/MIME signing : Yes
when the certificate is checked with "openssl x509 -in cert.pem -noout
-purpose"
3. When no EKU or nsCertType extension is present in cert, one gets:
S/MIME signing : Yes (why?)
4. If, e.g., "emailProtection" is NOT set in EKU and nsCertType is
absent, I get
S/MIME signing : No
Can anyone explain, which combination of these two extensions results in
a key suitable for e-mail signing?
Do only these two extensions determine the suitability of the key for
e-mail signing?
Thank you for your answers,
Arsen.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
