pub unsafe static kSecPolicyKU_DigitalSignature: &'static CFStringSecPolicy only.Expand description
Predefined property key constants used to get or set values in a dictionary for a policy instance.
Some policy values may specify CFBooleanRef key usage constraints: kSecPolicyKU_DigitalSignature kSecPolicyKU_NonRepudiation kSecPolicyKU_KeyEncipherment kSecPolicyKU_DataEncipherment kSecPolicyKU_KeyAgreement kSecPolicyKU_KeyCertSign kSecPolicyKU_CRLSign kSecPolicyKU_EncipherOnly kSecPolicyKU_DecipherOnly
kSecPolicyKU policy values define certificate-level key purposes, in contrast to the key-level definitions in SecItem.h
For example, a key in a certificate might be acceptable to use for signing a CRL, but not for signing another certificate. In either case, this key would have the ability to sign (i.e. kSecAttrCanSign is true), but may only sign for specific purposes allowed by these policy constants. Similarly, a public key might have the capability to perform encryption or decryption, but the certificate in which it resides might have a decipher-only certificate policy.
These constants correspond to values defined in RFC 5280, section 4.2.1.3 (Key Usage) which define the purpose of a key contained in a certificate, in contrast to section 4.1.2.7 which define the uses that a key is capable of.
Note: these constants are not available on iOS. Your code should avoid direct reliance on these values for making policy decisions and use higher level policies where possible.
have a key usage that allows it to be used for signing.
have a key usage that allows it to be used for non-repudiation.
have a key usage that allows it to be used for key encipherment.
have a key usage that allows it to be used for data encipherment.
have a key usage that allows it to be used for key agreement.
have a key usage that allows it to be used for signing certificates.
have a key usage that allows it to be used for signing CRLs.
have a key usage that permits it to be used for encryption only.
have a key usage that permits it to be used for decryption only.
See also Appleās documentation