获得“密钥用法”从证书 [英] Get the "Key Usage" from Certificate
问题描述
我可以使用哪些API从证书获取密钥用法。我特别想知道给定的证书是否具有数字签名。
下面的截图是windows中证书的详细信息。我需要的API,给我的密钥用法。
代码是windows,我在C ++中编写我的代码。
What API can I use to get the "Key Usage" from a certificate. I Specifically want to know if a given certificate has "Digital Signature" or not. Below screenshot is the detail of a certificate in windows. I need the API that gives me the "Key Usage". The code is for windows and I am writing my code in C++.
谢谢
Sam
推荐答案
开始使用 CertOpenStore
,然后致电 <$ c $
Start with CertOpenStore
, then call CertFindCertificateInStore
in a loop until you find the certificate you are interested in.
The returned CERT_CONTEXT
contains a pointer to a CERT_INFO
struct. You will then want to walk the rgExtension
member which is an array of CERT_EXTENSION
objects. The one you care about has pszObjId
set to szOID_KEY_USAGE_RESTRICTION
, which will then give you this data: CERT_KEY_USAGE_RESTRICTION_INFO
where the RestrictedKeyUsage
member has the bit flags you are interested in.
您还可以查看 szOID_KEY_USAGE
扩展程序,它将使用相同的位标志,但msdn 文档说明这些字段仅为
You can also look at the szOID_KEY_USAGE
extension, which will use the same bit flags, but the msdn documentation states that those fields are
咨询字段[s]意味着密钥的使用受到限制
到指定的目的
advisory field[s], only, and does not imply that usage of the key is restricted to the purpose indicated
根据您需要的信息,请使用任一扩展名。
Depending on what you need the information for, you could use either extension.
这篇关于获得“密钥用法”从证书的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!