KeyEncipherment is a Key Usage bit which is used when the subject Public Key is used for enciphering Private Key or Secret-key keys, i.e., for key transport.

KeyEncipherment means that the key in the certificate is used to encrypt another Cryptographic Key (which is not part of the application data). This is used within TLS in the RSA Key-Exchange, where the Premaster Secret (from which the symmetric encryption key is derived) is generated by the client, then encrypted with the servers Public Key and send to the server and decrypted there with the servers Private Key.

For example, KeyEncipherment bit shall be set when an RSA Public Key is to be used for encrypting a Symmetric Key content-decryption key or an Asymmetric Key Cryptography Private Key.

More Information#

There might be more information for this subject on one of the following: