EldoS | Feel safer!

Software components for data protection, secure storage and transfer

Using extended key usage in X509 certs

Posted: 01/15/2009 09:07:14
by Stephane Grobety (Priority Standard support level)
Joined: 04/18/2006
Posts: 174

Hello everyone,

We're adding support for a new certificate provider to my application and they make a lot more use of the extended key usage in their certificates.

So far, in my application, I used the TElCertificateExtensions.keyUsage only for describing key usage. Now, I must add support for extended key usage as well and it isn't too pretty right now.

When I look at the certificate through the windows X509 display dialog, I see "Smart Card Logon (" which I can't find anywhere. On the other side, when looking at the same certificate through SBB and walking through the TElExtendedKeyUsageExtension.CustomUsages array, I find a single unidentified key usage.

- That key usage is returned as a string but it's actually a binary array. How shall I decode that ?
- Is that custom key usage actually the "smatcard logon" usage ? If now, how can I look that up ?

Also, some certificates are displayed by Windows as having "all" intended purpose. Does anyone know what that means exactly ? What certs will be identified as having "all" intended purposes ?

Thank you very much,
Posted: 01/15/2009 09:24:13
by Mykola Olshevsky (Basic support level)
Joined: 07/07/2005
Posts: 442

Hi. CustomUsages represents ASN.1 object identifiers, and to convert it to readable form (like you can use function SBUtils.OIDToStr();
Here is the description of some OIDs, used by Microsoft (including that Smart card logon):
Posted: 01/15/2009 09:30:56
by Stephane Grobety (Priority Standard support level)
Joined: 04/18/2006
Posts: 174

Thank you very much: that's exactly what I needed.

Best regards,



Topic viewed 1444 times

Number of guests: 2, registered members: 0, in total hidden: 0


Back to top

As of July 15, 2016 EldoS business operates as a division of /n software, inc. For more information, please read the announcement.

Got it!