Also, OIDs for extendedKeyUsage can be defined per-application, so there's no way to compile a full list of them. -Kyle H On Fri, Jul 16, 2021 at 4:23 AM Viktor Dukhovni <openssl-users@xxxxxxxxxxxx> wrote: > > > On 15 Jul 2021, at 11:55 pm, SIMON BABY <simonkbaby@xxxxxxxxx> wrote: > > > > I am looking for openssl APIs to get all the OIDs associated with user certificate Key usage extension. For example my sample Key usage extension from the certificate is below: > > X509v3 extensions: > > X509v3 Key Usage: critical > > Digital Signature, Key Encipherment > > > > I am looking for the APIs used to get the OIDs associated with Digital Signature and Key Encipherment from the certificate. > > There are no keyUsage OIDs, the field is a bitstring: > > https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.3 > > id-ce-keyUsage OBJECT IDENTIFIER ::= { id-ce 15 } > > KeyUsage ::= BIT STRING { > digitalSignature (0), > nonRepudiation (1), -- recent editions of X.509 have > -- renamed this bit to contentCommitment > keyEncipherment (2), > dataEncipherment (3), > keyAgreement (4), > keyCertSign (5), > cRLSign (6), > encipherOnly (7), > decipherOnly (8) } > > There are OIDs in the extendedKeyUsage: > > https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.12 > > -- > Viktor. >
