PDF Format Reference - Adobe Portable Document Format

SECTION 8.6

701

Interactive Forms

KEY

TYPE

VALUE

KeyUsage

array of

ASCII

strings

(Optional;

PDF 1.7)

An array of ASCII strings, where each string specifies an

acceptable key-usage extension that must be present in the signing certificate.

Multiple strings specify a range of acceptable key-usage extensions. The key-

usage extension is described in RFC 3280 (see the Bibliography).

Each character in a string represents a key-usage type, where the order of the

characters indicates the key-usage extension it represents. The first through

ninth characters in the array, from left to right, represent the required value for

the following key-usage extensions:

1

2

3

digitalSignature

non-Repudiation

keyEncipherment

4

5

6

dataEncipherment 7

keyAgreement

keyCertSign

8

9

cRLSign

encipherOnly

decipherOnly

Any additional characters are ignored. Any missing characters or characters

that are not one of the following values, should be set to ‘

X

’. The following

character values are supported:

0

1

X

Corresponding key-usage must not be set.

Corresponding key-usage must be set.

State of the corresponding key-usage does not matter.

For example, the string values ‘

1

’ and ‘

1XXXXXXXX

’ represent settings where the

key-usage type digitalSignature must be set and the state of all other key-usage

types do not matter.

The value of the corresponding flag in the

Ff

entry indicates whether this is a

required constraint.

Issuer

array

(Optional)

An array of byte strings containing DER-encoded X.509v3 certifi-

cates of acceptable issuers. If the signer’s certificate chains up to any of the

specified issuers (either directly or indirectly), the certificate is considered ac-

ceptable for signing. The value of the corresponding flag in the

Ff

entry indi-

cates whether this is a required constraint.

(Optional)

An array of byte strings that contain Object Identifiers (OIDs) of

the certificate policies that must be present in the signing certificate. An exam-

ple of such a string is

(2.16.840.1.113733.1.7.1.1)

. This field is only applicable if

the value of

Issuer

is not empty. The certificate policies extension is described

in RFC 3280 (see the Bibliography). The value of the corresponding flag in the

Ff

entry indicates whether this is a required constraint.

OID

array

Index Bookmark Pages Text

Pages: Index All Pages

This HTML file was created by VeryPDF PDF to HTML Converter product.