创建关键用法离线CRL在Bouncy Castle中签名

时间:2013-02-27 21:50:54

标签: java x509certificate bouncycastle

如何创建关键用法离线CRL由充气城堡签名? 我知道如何使用常量创建预定义的keyCertSign或其他... 

import org.bouncycastle.asn1.x509.KeyUsage;
KeyUsage keyUsage = new KeyUsage(KeyUsage.keyCertSign | KeyUsage.cRLSign);

1 个答案:

答案 0 :(得分:1)

KeyUsage.cRLSign应涵盖CRL签名和离线CRL签名。根据X.509规范RFC 5280,只有9个基本关键用法。

      KeyUsage ::= BIT STRING {
       digitalSignature        (0),
       nonRepudiation          (1), -- recent editions of X.509 have
                            -- renamed this bit to contentCommitment
       keyEncipherment         (2),
       dataEncipherment        (3),
       keyAgreement            (4),
       keyCertSign             (5),
       cRLSign                 (6),
       encipherOnly            (7),
       decipherOnly            (8) }

如果设置了cRLSign位,并且您在IE中打开了证书,您将看到“离线CRL签名,CRL签名”。其他证书查看者可能只会说“CRL签名”。

相关问题
最新问题