feat: Add CMS Encryption option to certificate profiles

PeculiarVentures · Jan 22, 2025 · 52a83b1 · 52a83b1
1 parent 8e5d754
commit 52a83b1
Show file tree

Hide file tree

Showing 2 changed files with 6 additions and 1 deletion.
diff --git a/src/CaIssueCertificateView.tsx b/src/CaIssueCertificateView.tsx
@@ -214,6 +214,7 @@ export const CaIssueCertificateView: React.FC<CaIssueCertificateViewProps> = ()
                     <MenuItem value="code_signing">Code Signing</MenuItem>
                     <MenuItem value="smime">S/MIME</MenuItem>
                     <MenuItem value="pdf_signing">PDF Document Signing</MenuItem>
+                    <MenuItem value="cms_encryption">CMS Encryption</MenuItem>
                   </Select>
                 </FormControl>
               </ListItem>

diff --git a/src/CaProvider.tsx b/src/CaProvider.tsx
@@ -70,7 +70,7 @@ export class CaDataBase {
   }
 }
 
-export type CertificateProfile = 'none' | 'code_signing' | 'smime' | 'pdf_signing';
+export type CertificateProfile = 'none' | 'code_signing' | 'smime' | 'pdf_signing' | 'cms_encryption';
 
 export interface CaEnrolParams {
   subject: string;
@@ -234,6 +234,10 @@ export const CaProvider: React.FC<CaProviderProps> = (params) => {
           extensions.push(new x509.KeyUsagesExtension(x509.KeyUsageFlags.digitalSignature, true));
           extensions.push(new x509.ExtendedKeyUsageExtension(['1.2.840.113583.1.1.10'])); // Adobe PDF
           break;
+        case 'cms_encryption':
+          extensions.push(new x509.KeyUsagesExtension(x509.KeyUsageFlags.keyEncipherment | x509.KeyUsageFlags.dataEncipherment, true));
+          extensions.push(new x509.ExtendedKeyUsageExtension(['1.3.6.1.4.1.311.80.1'])); // Document Encryption
+          break;
         default:
           extensions.push(new x509.KeyUsagesExtension(x509.KeyUsageFlags.digitalSignature, true));
           break;