[Ejbca-develop] digital sig bit

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 454-5900

At the risk fo sounding stupid, could someone please enlighten me=20
regarding correct usage of dig sig bit?  I note the initial CA=20
gengerated by ca.sh, has CRL and Key sign bits set, but omits dig sig=20
bit.  The bit is set however on default (fixed) root and subca's.=20

Per RFC3280:

"The digitalSignature bit is asserted when the subject public key is=20
used with a digital signature mechanism to support security services=20
other than certificate signing (bit 5), or CRL signing (bit 6). Digital=20
signature mechanisms are often used for entity authentication and data=20
origin authentication with integrity."

TIA-

--=20
Best regards,

Ken Gunderson
GPG Key-- 9F5179FD

"Freedom begins between the ears."      -- Edward Abbey