EldoS | Feel safer!

Software components for data protection, secure storage and transfer

Using extended key usage in X509 certs

Also by EldoS: Rethync
The cross-platform framework that simplifies synchronizing data between mobile and desktop applications and servers and cloud storages
#8637
Posted: 01/15/2009 09:07:14
by Stephane Grobety (Priority Standard support level)
Joined: 04/18/2006
Posts: 170

Hello everyone,

We're adding support for a new certificate provider to my application and they make a lot more use of the extended key usage in their certificates.

So far, in my application, I used the TElCertificateExtensions.keyUsage only for describing key usage. Now, I must add support for extended key usage as well and it isn't too pretty right now.

When I look at the certificate through the windows X509 display dialog, I see "Smart Card Logon (1.3.6.1.4.1.311.20.2.2)" which I can't find anywhere. On the other side, when looking at the same certificate through SBB and walking through the TElExtendedKeyUsageExtension.CustomUsages array, I find a single unidentified key usage.

- That key usage is returned as a string but it's actually a binary array. How shall I decode that ?
- Is that custom key usage actually the "smatcard logon" usage ? If now, how can I look that up ?

Also, some certificates are displayed by Windows as having "all" intended purpose. Does anyone know what that means exactly ? What certs will be identified as having "all" intended purposes ?

Thank you very much,
Stephane
#8639
Posted: 01/15/2009 09:24:13
by Mykola Olshevsky (Basic support level)
Joined: 07/07/2005
Posts: 450

Hi. CustomUsages represents ASN.1 object identifiers, and to convert it to readable form (like 1.3.6.1.4.1.311.20.2.2) you can use function SBUtils.OIDToStr();
Here is the description of some OIDs, used by Microsoft (including that Smart card logon):
http://support.microsoft.com/default.aspx/kb/287547
#8640
Posted: 01/15/2009 09:30:56
by Stephane Grobety (Priority Standard support level)
Joined: 04/18/2006
Posts: 170

Thank you very much: that's exactly what I needed.

Best regards,
Stephane

Reply

Statistics

Topic viewed 1318 times

Number of guests: 1, registered members: 0, in total hidden: 0




|

Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!