query on key usage OIDs
Viktor Dukhovni
openssl-users at dukhovni.org
Fri Jul 16 04:15:43 UTC 2021
> On 15 Jul 2021, at 11:55 pm, SIMON BABY <simonkbaby at gmail.com> wrote:
>
> I am looking for openssl APIs to get all the OIDs associated with user certificate Key usage extension. For example my sample Key usage extension from the certificate is below:
> X509v3 extensions:
> X509v3 Key Usage: critical
> Digital Signature, Key Encipherment
>
> I am looking for the APIs used to get the OIDs associated with Digital Signature and Key Encipherment from the certificate.
There are no keyUsage OIDs, the field is a bitstring:
https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.3
id-ce-keyUsage OBJECT IDENTIFIER ::= { id-ce 15 }
KeyUsage ::= BIT STRING {
digitalSignature (0),
nonRepudiation (1), -- recent editions of X.509 have
-- renamed this bit to contentCommitment
keyEncipherment (2),
dataEncipherment (3),
keyAgreement (4),
keyCertSign (5),
cRLSign (6),
encipherOnly (7),
decipherOnly (8) }
There are OIDs in the extendedKeyUsage:
https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.12
--
Viktor.
More information about the openssl-users
mailing list