Using SecureLogin to encrypt SSO data using PKI credentials, are there any requirements for the certificate key usage?
Certificate key requirements
SecureLogin includes options for the encryption of SSO data using a passphrase and/or PKI credentials. If using PKI credentials, the public key is used to encrypt SSO data. The private key, stored on a PIN protected smart card, is used to decrypt SSO data.
SecureLogin checks if the certificate is valid for encryption. It verifies that either the "CERT_KEY_ENCIPHERMENT_KEY_USAGE" or "CERT_DATA_ENCIPHERMENT_KEY_USAGE" is set in the certificateâs x509 key usage field. (This corresponds to the âKey Enciphermentâ and âData Enciphermentâ key usages.)
If a certificate on the smart card with either these key usages exist, it will be used by SecureLogin to encrypt SSO data. If multiple certificates exist, the correct certificate can be specified using certificate selection criteria.