Example policy setup
Jump to navigation
Jump to search
Back: CSharp Components
There is a Policy.UI desktop app in source code if you want to experiment with other policies. It is rudimentary. But it will validate a policy against a certificate.
Below a digital signature only policy is validated against a certificate with only a digital signature key usage and again with only key encipherment key usage.
ConfigConsole commands.
*See DigitalSignature.dpol and KeyEncipherment.dpol files below.
Policy_Add DigitalSignature Support\Policy\DigitalSignature.dpol Policy_Add KeyEncipherment Support\Policy\KeyEncipherment.dpol PolicyGroup_ADD SingleUse Policy_AddtoGroup DigitalSignature SingleUse PRIVATE_RESOLVER false true Policy_AddtoGroup KeyEncipherment SingleUse PRIVATE_RESOLVER true false Policy_AddtoGroup KeyEncipherment SingleUse PUBLIC_RESOLVER PolicyGroup_AddOwner SingleUse dev.singleuse.lab
Notes:
SingleUse is just an arbitrary group name.
The last command, "PolicyGroup_AddOwner" is how a email or domain is mapped to policies. Owner => Groups => Policies
DigitalSignature.dpol
X509.TBS.EXTENSION.KeyUsage = 128
KeyEncipherment.dpol
X509.TBS.EXTENSION.KeyUsage = 32
Other examples:
DigitalSignature_critical.dpol
X509.TBS.EXTENSION.KeyUsage+ = 128
keyEncipherment_Critical.dpol
X509.TBS.EXTENSION.KeyUsage+ = 32
There is a Policy.UI desktop app in source code if you want to experiment with other policies. It is rudimentary. But it will validate a policy against a certificate.
Below a digital signature only policy is validated against a certificate with only a digital signature key usage and again with only key encipherment key usage.
