Versions Compared

Version Old Version 5 New Version 6
Changes made by

Petteri Kivimäki

Petteri Kivimäki

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  • The KeyUsage field must include at least one of the following values: digitalSignature, keyEncipherment or dataEncipherment.

  • The KeyUsage field must not include nonRepudiation.

  • The Extended Key Usage ExtendedKeyUsage field may contain ClientAuthentication or ServerAuthentication.

...

  • The KeyUsage field must include nonRepudiation.

  • The KeyUsage field must not include any of the following values: digitalSignature, keyEncipherment and dataEncipherment.

  • The ExtendedKeyUsage field must not include ClientAuthentication.

  • The CA issuing must ensure that Qualified eSeal certificates are issued only if private key is stored on a Qualified Signature Creation Device.

  • The CA must ensure that Advanced eSeal certificates are issued only if private key is handle securely by certificate owner.

  • When a Qualified Signature Creation Device is used, the Device must support PKCS#11 protocol for connectivity.

...