Question was how to retrieve those lists for any given certificate,
using currently supported OpenSSL APIs.
The lists of usage bits and extusage OIDs in any given certificate
are finite, even if the list of values that could be in other
certificates is infinite.
On 2021-07-16 06:44, Kyle Hamilton wrote:
Also, OIDs for extendedKeyUsage can be defined per-application, so
there's no way to compile a full list of them.
-Kyle H
On Fri, Jul 16, 2021 at 4:23 AM Viktor Dukhovni
<openssl-us...@dukhovni.org> wrote:
On 15 Jul 2021, at 11:55 pm, SIMON BABY<simonkb...@gmail.com> wrote:
I am looking for openssl APIs to get all the OIDs associated with user
certificate Key usage extension. For example my sample Key usage extension from
the certificate is below:
X509v3 extensions:
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
I am looking for the APIs used to get the OIDs associated with Digital
Signature and Key Encipherment from the certificate.
There are no keyUsage OIDs, the field is a bitstring:
https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.3
id-ce-keyUsage OBJECT IDENTIFIER ::= { id-ce 15 }
KeyUsage ::= BIT STRING {
digitalSignature (0),
nonRepudiation (1), -- recent editions of X.509 have
-- renamed this bit to
contentCommitment
keyEncipherment (2),
dataEncipherment (3),
keyAgreement (4),
keyCertSign (5),
cRLSign (6),
encipherOnly (7),
decipherOnly (8) }
There are OIDs in the extendedKeyUsage:
https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.12
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded