Also, OIDs for extendedKeyUsage can be defined per-application, so there's no way to compile a full list of them.
-Kyle H On Fri, Jul 16, 2021 at 4:23 AM Viktor Dukhovni <openssl-us...@dukhovni.org> wrote: > > > On 15 Jul 2021, at 11:55 pm, SIMON BABY <simonkb...@gmail.com> wrote: > > > > I am looking for openssl APIs to get all the OIDs associated with user > > certificate Key usage extension. For example my sample Key usage extension > > from the certificate is below: > > X509v3 extensions: > > X509v3 Key Usage: critical > > Digital Signature, Key Encipherment > > > > I am looking for the APIs used to get the OIDs associated with Digital > > Signature and Key Encipherment from the certificate. > > There are no keyUsage OIDs, the field is a bitstring: > > https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.3 > > id-ce-keyUsage OBJECT IDENTIFIER ::= { id-ce 15 } > > KeyUsage ::= BIT STRING { > digitalSignature (0), > nonRepudiation (1), -- recent editions of X.509 have > -- renamed this bit to > contentCommitment > keyEncipherment (2), > dataEncipherment (3), > keyAgreement (4), > keyCertSign (5), > cRLSign (6), > encipherOnly (7), > decipherOnly (8) } > > There are OIDs in the extendedKeyUsage: > > https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.12 > > -- > Viktor. >