Skip to main content

6. Key Usage Bits

This section preserves the RFC text for X.509 SLH-DSA algorithm identifiers, including ASN.1, OIDs, AlgorithmIdentifier, id-slh-dsa-* and id-hash-slh-dsa-* names, DER examples, certificates, key usage, IANA registrations, and security requirements.

Original RFC Text

6.  Key Usage Bits

The intended application for the key is indicated in the keyUsage
certificate extension; see Section 4.2.1.3 of [RFC5280]. If the
keyUsage extension is present in a certificate that indicates an id-
slh-dsa-* (Pure SLH-DSA) or id-hash-slh-dsa-* (HashSLH-DSA)
identifier in the SubjectPublicKeyInfo, then at least one of the
following MUST be present:

* digitalSignature

* nonRepudiation

* keyCertSign

* cRLSign

If the keyUsage extension is present in a certificate that indicates
an id-slh-dsa-* (Pure SLH-DSA) or id-hash-slh-dsa-* (HashSLH-DSA)
identifier in the SubjectPublicKeyInfo, then the following MUST NOT
be present:

* keyEncipherment

* dataEncipherment

* keyAgreement

* encipherOnly

* decipherOnly

Requirements about the keyUsage extension bits defined in [RFC5280]
still apply.