>On Tue 03/04/12 2:21 PM , Balamurugan rajan balamurugan....@gmail.com sent: >I want to need to read the Certiifcate Key usage and identify the combination >values to determine what certificate is >that . so i need the Keyuage values >of X509V3 certificate >
That's a completely different thing! From my understandingm, the key usage extension may exist as an ASN1_OCTET_STRING but it has a structure defined in RFC5280 - http://tools.ietf.org/html/rfc5280#appendix-A.1 From: id-ce-keyUsage OBJECT IDENTIFIER ::= { id-ce 15 } KeyUsage ::= BIT STRING { digitalSignature (0), nonRepudiation (1), -- recent editions of X.509 have -- renamed this bit to contentCommitment keyEncipherment (2), dataEncipherment (3), keyAgreement (4), keyCertSign (5), cRLSign (6), encipherOnly (7), decipherOnly (8) } So, an octet / bit string that is a key usage extension within a cert that has an example value of: 0106 Would be bit 8 (0100h) plus bit 2 (0004h) plus bit 1 (0002h): decipherOnly keyEncipherment nonRepudation Carl ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
