The X509KeyUsageFlags enumeration type specifies the purpose of a key contained in a certificate. You can use the enumeration to identify restrictions. For example, if a key should be used only for signing, you can select the XCN_CERT_DIGITAL_SIGNATURE_KEY_USAGE or the XCN_CERT_NON_REPUDIATION_KEY_USAGE values. Likewise, if a key should be used only for key management, you can select the XCN_CERT_KEY_ENCIPHERMENT_KEY_USAGE value. This enumeration can be used to initialize an IX509ExtensionKeyUsage object.
The key is used with a Digital Signature Algorithm (DSA) to support services other than nonrepudiation, certificate signing, or revocation list signing.
The key is used to verify a digital signature as part of a nonrepudiation service that protects against false denial of action by a signing entity.
The key is used for key transport. That is, the key is used to manage a key passed from its point of origination to another point of use.
The key is used to encrypt user data other than cryptographic keys.
The key is used for key agreement. The key agreement or key exchange protocol enables two or more parties to negotiate a key value without transferring the key and without previously establishing a shared secret.
The key is used to verify a certificate signature. This value can only be used for certificates issued by certification authorities.