X509KeyUsageFlags X509KeyUsageFlags X509KeyUsageFlags X509KeyUsageFlags Enum


Defines how the certificate key can be used. If this value is not defined, the key can be used for any purpose.

This enumeration has a FlagsAttribute attribute that allows a bitwise combination of its member values.

public enum class X509KeyUsageFlags
public enum X509KeyUsageFlags
type X509KeyUsageFlags = 
Public Enum X509KeyUsageFlags


CrlSign CrlSign CrlSign CrlSign 2

The key can be used to sign a certificate revocation list (CRL).

DataEncipherment DataEncipherment DataEncipherment DataEncipherment 16

The key can be used for data encryption.

DecipherOnly DecipherOnly DecipherOnly DecipherOnly 32768

The key can be used for decryption only.

DigitalSignature DigitalSignature DigitalSignature DigitalSignature 128

The key can be used as a digital signature.

EncipherOnly EncipherOnly EncipherOnly EncipherOnly 1

The key can be used for encryption only.

KeyAgreement KeyAgreement KeyAgreement KeyAgreement 8

The key can be used to determine key agreement, such as a key created using the Diffie-Hellman key agreement algorithm.

KeyCertSign KeyCertSign KeyCertSign KeyCertSign 4

The key can be used to sign certificates.

KeyEncipherment KeyEncipherment KeyEncipherment KeyEncipherment 32

The key can be used for key encryption.

None None None None 0

No key usage parameters.

NonRepudiation NonRepudiation NonRepudiation NonRepudiation 64

The key can be used for authentication.


This class is an implementation of a commonly used extension that is mapped by default to the CryptoConfig file. When the Extensions property of the X509Certificate2 class is invoked, this class can be used directly.

Applies to