Back: CSharp Components

ConfigConsole commands.

*See DigitalSignature.dpol and KeyEncipherment.dpol files below.

Policy_Add  DigitalSignature  Support\Policy\DigitalSignature.dpol
Policy_Add  KeyEncipherment  Support\Policy\KeyEncipherment.dpol
PolicyGroup_ADD  SingleUse
Policy_AddtoGroup  DigitalSignature  SingleUse PRIVATE_RESOLVER false true
Policy_AddtoGroup  KeyEncipherment  SingleUse  PRIVATE_RESOLVER true false
Policy_AddtoGroup  KeyEncipherment  SingleUse  PUBLIC_RESOLVER
PolicyGroup_AddOwner  SingleUse  dev.singleuse.lab 

Notes:
SingleUse is just an arbitrary group name.
The last command, "PolicyGroup_AddOwner" is how a email or domain is mapped to policies. Owner => Groups => Policies


DigitalSignature.dpol

X509.TBS.EXTENSION.KeyUsage = 128

KeyEncipherment.dpol

X509.TBS.EXTENSION.KeyUsage = 32



Other examples:


DigitalSignature_critical.dpol

X509.TBS.EXTENSION.KeyUsage+ = 128

keyEncipherment_Critical.dpol

X509.TBS.EXTENSION.KeyUsage+ =  32

There is a Policy.UI desktop app in source code if you want to experiment with other policies. It is rudimentary. But it will validate a policy against a certificate.
Below a digital signature only policy is validated against a certificate with only a digital signature key usage and again with only key encipherment key usage.

PolicyUI.png

PolicyUIEncipherment.png