> On 15 Jul 2021, at 11:55 pm, SIMON BABY <simonkbaby@xxxxxxxxx> wrote: > > I am looking for openssl APIs to get all the OIDs associated with user certificate Key usage extension. For example my sample Key usage extension from the certificate is below: > X509v3 extensions: > X509v3 Key Usage: critical > Digital Signature, Key Encipherment > > I am looking for the APIs used to get the OIDs associated with Digital Signature and Key Encipherment from the certificate. There are no keyUsage OIDs, the field is a bitstring: https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.3 id-ce-keyUsage OBJECT IDENTIFIER ::= { id-ce 15 } KeyUsage ::= BIT STRING { digitalSignature (0), nonRepudiation (1), -- recent editions of X.509 have -- renamed this bit to contentCommitment keyEncipherment (2), dataEncipherment (3), keyAgreement (4), keyCertSign (5), cRLSign (6), encipherOnly (7), decipherOnly (8) } There are OIDs in the extendedKeyUsage: https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.12 -- Viktor.
