query on key usage OIDs

Viktor Dukhovni openssl-users at dukhovni.org
Fri Jul 16 04:15:43 UTC 2021

> On 15 Jul 2021, at 11:55 pm, SIMON BABY <simonkbaby at gmail.com> wrote:
> I am looking for openssl APIs to get all the OIDs associated with user certificate Key usage extension. For example my sample Key usage extension from the certificate is below:
> X509v3 extensions:
>             X509v3 Key Usage: critical
>                 Digital Signature, Key Encipherment
> I am looking for the APIs used to get the OIDs associated with  Digital Signature and Key Encipherment from the certificate.

There are no keyUsage OIDs, the field is a bitstring:


      id-ce-keyUsage OBJECT IDENTIFIER ::=  { id-ce 15 }

      KeyUsage ::= BIT STRING {
           digitalSignature        (0),
           nonRepudiation          (1), -- recent editions of X.509 have
                                        -- renamed this bit to contentCommitment
           keyEncipherment         (2),
           dataEncipherment        (3),
           keyAgreement            (4),
           keyCertSign             (5),
           cRLSign                 (6),
           encipherOnly            (7),
           decipherOnly            (8) }

There are OIDs in the extendedKeyUsage:



More information about the openssl-users mailing list