获得“密钥用法”从证书 [英] Get the "Key Usage" from Certificate
问题描述
我可以使用哪些API从证书获取密钥用法。我特别想知道给定的证书是否具有数字签名。
下面的截图是windows中证书的详细信息。我需要的API,给我的密钥用法。
代码是用于windows,我在C ++中编写我的代码。
What API can I use to get the "Key Usage" from a certificate. I Specifically want to know if a given certificate has "Digital Signature" or not. Below screenshot is the detail of a certificate in windows. I need the API that gives me the "Key Usage". The code is for windows and I am writing my code in C++.
谢谢
Sam
推荐答案
开始 CertOpenStore
,然后致电
Start with CertOpenStore
, then call CertFindCertificateInStore
in a loop until you find the certificate you are interested in.
返回的 CERT_CONTEXT
包含一个指向 CERT_INFO
struct。然后,您将要查看 rgExtension
成员,它是一个数组 CERT_EXTENSION
对象。你关心的一个有 pszObjId
设置为 szOID_KEY_USAGE_RESTRICTION
,然后会给你这个数据: CERT_KEY_USAGE_RESTRICTION_INFO
其中 RestrictedKeyUsage
成员具有您感兴趣的位标记。
The returned CERT_CONTEXT
contains a pointer to a CERT_INFO
struct. You will then want to walk the rgExtension
member which is an array of CERT_EXTENSION
objects. The one you care about has pszObjId
set to szOID_KEY_USAGE_RESTRICTION
, which will then give you this data: CERT_KEY_USAGE_RESTRICTION_INFO
where the RestrictedKeyUsage
member has the bit flags you are interested in.
您还可以查看 szOID_KEY_USAGE
扩展程序,它将使用相同的位标志,但msdn 文档说明这些字段仅为
You can also look at the szOID_KEY_USAGE
extension, which will use the same bit flags, but the msdn documentation states that those fields are
咨询字段[s]意味着密钥的使用受到限制
到指定的用途
advisory field[s], only, and does not imply that usage of the key is restricted to the purpose indicated
根据您需要的信息,请使用任一扩展名。
Depending on what you need the information for, you could use either extension.
这篇关于获得“密钥用法”从证书的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!