Question was how to retrieve those lists for any given certificate, using currently supported OpenSSL APIs.
The lists of usage bits and extusage OIDs in any given certificate are finite, even if the list of values that could be in other certificates is infinite. On 2021-07-16 06:44, Kyle Hamilton wrote:
Also, OIDs for extendedKeyUsage can be defined per-application, so there's no way to compile a full list of them. -Kyle H On Fri, Jul 16, 2021 at 4:23 AM Viktor Dukhovni <openssl-us...@dukhovni.org> wrote:On 15 Jul 2021, at 11:55 pm, SIMON BABY<simonkb...@gmail.com> wrote: I am looking for openssl APIs to get all the OIDs associated with user certificate Key usage extension. For example my sample Key usage extension from the certificate is below: X509v3 extensions: X509v3 Key Usage: critical Digital Signature, Key Encipherment I am looking for the APIs used to get the OIDs associated with Digital Signature and Key Encipherment from the certificate.There are no keyUsage OIDs, the field is a bitstring: https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.3 id-ce-keyUsage OBJECT IDENTIFIER ::= { id-ce 15 } KeyUsage ::= BIT STRING { digitalSignature (0), nonRepudiation (1), -- recent editions of X.509 have -- renamed this bit to contentCommitment keyEncipherment (2), dataEncipherment (3), keyAgreement (4), keyCertSign (5), cRLSign (6), encipherOnly (7), decipherOnly (8) } There are OIDs in the extendedKeyUsage: https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.12
Enjoy Jakob -- Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10 This public discussion message is non-binding and may contain errors. WiseMo - Remote Service Management for PCs, Phones and Embedded
