Key Permissions

Grants access to corporate keys to extensions.

Keys are designated for corporate usage if they're generated using the chrome.enterprise.platformKeys API on a managed account. Keys imported or generated in another way are not designated for corporate usage.

Access to keys designated for corporate usage is solely controlled by this policy. The user can neither grant nor withdraw access to corporate keys to or from extensions.

By default an extension cannot use a key designated for corporate usage, which is equivalent to setting allowCorporateKeyUsage to false for that extension.

Only if allowCorporateKeyUsage is set to true for an extension, it can use any platform key marked for corporate usage to sign arbitrary data. This permission should only be granted if the extension is trusted to secure access to the key against attackers.
See https://cloud.google.com/docs/chrome-enterprise/policies/?policy=KeyPermissions for more information about schema and formatting.

Example value:

{
"extension2": {
"allowCorporateKeyUsage": false
},
"extension1": {
"allowCorporateKeyUsage": true
}
}

Supported on: At least Microsoft Windows 7 or Windows Server 2008 family

Key Permissions (The single-line field is deprecated and will be removed in the future. Please start using the multi-line textbox below.)

Registry HiveHKEY_CURRENT_USER
Registry PathSoftware\Policies\Google\ChromeOS
Value NameKeyPermissions
Value TypeREG_SZ
Default Value


Registry HiveHKEY_CURRENT_USER
Registry PathSoftware\Policies\Google\ChromeOS
Value NameKeyPermissions
Value TypeREG_MULTI_SZ
Default Value

chromeos.admx

Administrative Templates (Computers)

Administrative Templates (Users)