key usage question

From: Trebor (Trebor1_at_hotmail.com)
Date: 03/08/05


Date: Tue, 8 Mar 2005 18:59:10 +0100

Hi all,

I have two certificates in my personal store.
According to their "Key usage" property, the first one is for "Digital
signature", and the second one is for "Key Encipherment".

By using CAPICOM, I noticed that I'm able to sign files without problem, by
using the second certificate
(which is not intended for digital signing according to its KeyUsage
property) ?!?!

I'm also able to verify these signatures without any problems.

1. Is this normal ?
 Do I need to check the certificate purpose before signing
 (by using Certificate.KeyUsage.IsDigitalSignatureEnabled property) ?

2. What about the files / content that I'm receiving , which are signed by
other parties ?
 Do I need to check the Certificate's IsDigitalSignatureEnabled property
after verification?
 Can I consider these signatures as reliable, if the certificate has ONLY
"Key Encipherment"
  keyword in their "Key usage property"?

 Thanks,
   Trebor.