PIV key and Cert Type

PIV Authentication

This certificate and its associated private key is used to authenticate the card and the cardholder. This slot is used for things like system login. The end user's PIN is required to perform any private key operations. Once the PIN has been provided successfully, multiple private key operations may be performed without additional cardholder consent.

Digital Signature

This certificate and its associated private key is used for digital signatures for the purpose of document signing, or signing files and executables. The end user's PIN is required to perform any private key operations. The PIN must be submitted every time immediately before a sign operation, to ensure cardholder participation for every digital signature generated.

Key Management/ Encrypt

This certificate and its associated private key is used for encryption for the purpose of confidentiality. This slot is used for things like encrypting e-mails or files. The end user's PIN is required to perform any private key operations. Once the PIN has been provided successfully, multiple private key operations may be performed without additional cardholder consent.

Card Authentication

This certificate and its associated private key is used to support additional physical access applications, such as providing physical access to buildings via PIV-enabled door locks. The end user PIN is NOT required to perform private key operations for this slot.

Retired Key Management

They are meant for previously used Key Management keys to be able to decrypt earlier encrypted documents or emails.