如何从X509证书获取Keyusage值？ [英] how to get the Keyusage value from the X509 certificate?

问题描述

我想从X509结构化证书检索密钥使用值，我尝试下面的代码

I want to retrieve the Key usage value from the X509 structured certificate , i tried the following code

 X509* lcert=NULL;
 lCert=PEM_read(filename); // function will return the certificate in X509
unsigned long lKeyusage= lCert->ex_kusage;

当我打印lKeyusage值..有时候我得到128 ...有时我得到0同样的证书..
任何一个告诉我什么是错误。
如果我做错了请给我一些示例代码或正确的API ..

When i print the lKeyusage value .. some times i get 128 ... sometimes i get 0 for the same certificate .. Can any one tell me what is the error .? If i am doing wrong please give me some sample code or Correct API ..

推荐答案

我认为最简单的方法是使用内存BIO：

I think the easiest way is to use a memory BIO:

...
X509 *lcert = NULL;
BUF_MEM *bptr = NULL;
char *buf = NULL;
int loc;

FILE *f = fopen("your cert goes here", "rb");
if( (lcert = PEM_read_X509(f, &lcert, NULL, NULL)) == NULL){
    // error handling...
}

loc = X509_get_ext_by_NID( lcert, NID_key_usage, -1);
X509_EXTENSION *ex = X509_get_ext(lcert, loc);

BIO *bio = BIO_new(BIO_s_mem());
if(!X509V3_EXT_print(bio, ex, 0, 0)){
    // error handling...
}
BIO_flush(bio);
BIO_get_mem_ptr(bio, &bptr);

// now bptr contains the strings of the key_usage, take 
// care that bptr->data is NOT NULL terminated, so
// to print it well, let's do something..
buf = (char *)malloc( (bptr->length + 1)*sizeof(char) );

memcpy(buf, bptr->data, bptr->length);
buf[bptr->length] = '\0';

// Now you can printf it or parse it, the way you want...
printf ("%s\n", buf);

...

在我的情况下，对于teste证书已打印数字签名，不可否认，密钥加密

In my case, for a teste certificate, it has printed "Digital Signature, Non Repudiation, Key Encipherment"

还有其他方法，如使用ASN1_BIT_STRING *。如果以上情况不符合您的需要，我可以告诉您。

There are other ways, like using an ASN1_BIT_STRING *. I can show you if the above doesn't fit your needs.

回想。

这篇关于如何从X509证书获取Keyusage值？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！