query on key usage OIDs
Kyle Hamilton
aerowolf at gmail.com
Fri Jul 16 04:44:39 UTC 2021
Also, OIDs for extendedKeyUsage can be defined per-application, so
there's no way to compile a full list of them.
-Kyle H
On Fri, Jul 16, 2021 at 4:23 AM Viktor Dukhovni
<openssl-users at dukhovni.org> wrote:
>
> > On 15 Jul 2021, at 11:55 pm, SIMON BABY <simonkbaby at gmail.com> wrote:
> >
> > I am looking for openssl APIs to get all the OIDs associated with user certificate Key usage extension. For example my sample Key usage extension from the certificate is below:
> > X509v3 extensions:
> > X509v3 Key Usage: critical
> > Digital Signature, Key Encipherment
> >
> > I am looking for the APIs used to get the OIDs associated with Digital Signature and Key Encipherment from the certificate.
>
> There are no keyUsage OIDs, the field is a bitstring:
>
> https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.3
>
> id-ce-keyUsage OBJECT IDENTIFIER ::= { id-ce 15 }
>
> KeyUsage ::= BIT STRING {
> digitalSignature (0),
> nonRepudiation (1), -- recent editions of X.509 have
> -- renamed this bit to contentCommitment
> keyEncipherment (2),
> dataEncipherment (3),
> keyAgreement (4),
> keyCertSign (5),
> cRLSign (6),
> encipherOnly (7),
> decipherOnly (8) }
>
> There are OIDs in the extendedKeyUsage:
>
> https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.12
>
> --
> Viktor.
>
More information about the openssl-users
mailing list