获得“密钥用法”从证书 [英] Get the "Key Usage" from Certificate

问题描述

我可以使用哪些API从证书获取密钥用法。我特别想知道给定的证书是否具有数字签名。
下面的截图是windows中证书的详细信息。我需要的API，给我的密钥用法。
代码是用于windows，我在C ++中编写我的代码。

What API can I use to get the "Key Usage" from a certificate. I Specifically want to know if a given certificate has "Digital Signature" or not. Below screenshot is the detail of a certificate in windows. I need the API that gives me the "Key Usage". The code is for windows and I am writing my code in C++.

谢谢

Sam

推荐答案

开始 CertOpenStore ，然后致电

Start with CertOpenStore, then call CertFindCertificateInStore in a loop until you find the certificate you are interested in.

返回的 CERT_CONTEXT 包含一个指向 CERT_INFO struct。然后，您将要查看 rgExtension 成员，它是一个数组 CERT_EXTENSION 对象。你关心的一个有 pszObjId 设置为 szOID_KEY_USAGE_RESTRICTION ，然后会给你这个数据： CERT_KEY_USAGE_RESTRICTION_INFO 其中 RestrictedKeyUsage 成员具有您感兴趣的位标记。

The returned CERT_CONTEXT contains a pointer to a CERT_INFO struct. You will then want to walk the rgExtension member which is an array of CERT_EXTENSION objects. The one you care about has pszObjId set to szOID_KEY_USAGE_RESTRICTION, which will then give you this data: CERT_KEY_USAGE_RESTRICTION_INFO where the RestrictedKeyUsage member has the bit flags you are interested in.

您还可以查看 szOID_KEY_USAGE 扩展程序，它将使用相同的位标志，但msdn 文档说明这些字段仅为

You can also look at the szOID_KEY_USAGE extension, which will use the same bit flags, but the msdn documentation states that those fields are

咨询字段[s]意味着密钥的使用受到限制
到指定的用途

advisory field[s], only, and does not imply that usage of the key is restricted to the purpose indicated

根据您需要的信息，请使用任一扩展名。

Depending on what you need the information for, you could use either extension.

这篇关于获得“密钥用法”从证书的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！