see sharp RSS 2.0
# Wednesday, 24 June 2009

Sometime you need to get the integer value (or combination of values) for the Key Usage (i.e. for use in CertReq.EXE's INF files)

This is X509 Certificate Key Usage as defined in .NET:

Key Usage Description
0x0000 None
0x0001 EncipherOnly
0x0002 CrlSign
0x0004 KeyCertSign
0x0008 KeyAgreement
0x0010 DataEncipherment
0x0020 KeyEncipherment
0x0040 NonRepudiation
0x0080 DigitalSignature
0x8000 DecipherOnly

Of course it can be a combination of values :-)

To get it out of a certificate use this snippet (certificate is a valid X509Certificate2 object):

// either "Key Usage" or the OID "2.5.29.15" can be used here
string keyUsageOID = "2.5.29.15";

X509KeyUsageExtension keyUsageExtension = certificate.Extensions[keyUsageOID] as X509KeyUsageExtension;

if (keyUsageExtension != null)
{
   Console.WriteLine("Key Usage is 0x{0:x4}, {1}",
      Convert.ToInt32(keyUsageExtension.KeyUsages),
      keyUsageExtension.KeyUsages);

      // test for signature 
      bool hasSignatureKeyUsage = (keyUsageExtension.KeyUsages & X509KeyUsageFlags.DigitalSignature) == X509KeyUsageFlags.DigitalSignature;
      // just for fun: test for CRL signing too
      bool hasCrlSignKeyUsage = (keyUsageExtension.KeyUsages & X509KeyUsageFlags.CrlSign) == X509KeyUsageFlags.CrlSign;
}
// either Enhanced Key Usage or the OID 2.5.29.37
string enhancedKeyUsageOID = "2.5.29.37";

X509EnhancedKeyUsageExtension enhancedkeyUsageExtension = certificate.Extensions[enhancedKeyUsageOID] as X509EnhancedKeyUsageExtension;

if (enhancedkeyUsageExtension != null)
   foreach (Oid oid in enhancedkeyUsageExtension.EnhancedKeyUsages)
      Console.WriteLine("Enhanced Key Usage is {0} ({1})",
         oid.FriendlyName,
         oid.Value);
 
Wednesday, 24 June 2009 09:51:50 (Mitteleuropäische Sommerzeit, UTC+02:00)  #    -
C# | Certificates
Archive
<2009 June>
SunMonTueWedThuFriSat
31123456
78910111213
14151617181920
21222324252627
2829301234
567891011
About the author/Disclaimer

Disclaimer
The opinions expressed herein are my own personal opinions and do not represent my employer's view in any way.
Any link on this site may lead to an external website that is not under my control and that external website might show an opinion that is not mine.

© Copyright 2017
Hannes Köhler
Sign In
Statistics
Total Posts: 39
This Year: 0
This Month: 0
This Week: 0
Comments: 1
All Content © 2017, Hannes Köhler
DasBlog theme 'Business' created by Christoph De Baene (delarou)