CryptoSys PKI Toolkit Manual

X509_KeyUsageFlags

X509_KeyUsageFlags returns a bitfield containing the keyUsage flags for an X.509 certificate.

VB6/VBA Syntax

Public Declare Function X509_KeyUsageFlags Lib "diCrPKI.dll" (ByVal strCertFile As String) As Long

nRet = X509_KeyUsageFlags(strCertFile)

Parameters

strCertFile
[in] String with the filename of the X.509 certificate (or base64 representation).

C/C++ Syntax

long _stdcall X509_KeyUsageFlags(const char *szCertFile);

Returns (VB6/C)

Long: If successful, it returns a positive integer containing the keyUsage flags; or 0 if no keyUsage flags are set; otherwise it returns a negative error code.

.NET Equivalent

X509.KeyUsageFlags Method

Remarks

The certificate may be in binary BER format or base64 PEM format. The presence of a key usage flag can be ascertained by AND'ing the result with the bitfield value for each flag. 

digitalSignature 0x0001
nonRepudiation   0x0002
keyEncipherment  0x0004
dataEncipherment 0x0008
keyAgreement     0x0010
keyCertSign      0x0020
cRLSign          0x0040
encipherOnly     0x0080
decipherOnly     0x0100

These values are defined as PKI_X509_KEYUSAGE_DIGITALSIGNATURE, etc.

Example

This shows how to find and display the key usage flags for a given certificate. 

Dim nRet As Long
Dim strCertName As String
strCertName = "CarlRSASelf.cer"
nRet = X509_KeyUsageFlags(strCertName)
' Show the result as a hex number
Debug.Print "keyUsage flags are (0x" & Hex(nRet) & "):"
' Check all the keyUsage flags in turn
If (nRet And PKI_X509_KEYUSAGE_DIGITALSIGNATURE) <> 0 Then Debug.Print "digitalSignature"
If (nRet And PKI_X509_KEYUSAGE_NONREPUDIATION) <> 0 Then Debug.Print "nonRepudiation"
If (nRet And PKI_X509_KEYUSAGE_KEYENCIPHERMENT) <> 0 Then Debug.Print "keyEncipherment"
If (nRet And PKI_X509_KEYUSAGE_DATAENCIPHERMENT) <> 0 Then Debug.Print "dataEncipherment"
If (nRet And PKI_X509_KEYUSAGE_KEYAGREEMENT) <> 0 Then Debug.Print "keyAgreement"
If (nRet And PKI_X509_KEYUSAGE_KEYCERTSIGN) <> 0 Then Debug.Print "keyCertSign"
If (nRet And PKI_X509_KEYUSAGE_CRLSIGN) <> 0 Then Debug.Print "cRLSign"
If (nRet And PKI_X509_KEYUSAGE_ENCIPHERONLY) <> 0 Then Debug.Print "encipherOnly"
If (nRet And PKI_X509_KEYUSAGE_DECIPHERONLY) <> 0 Then Debug.Print "decipherOnly"

For the S/MIME test file CarlRSASelf.cer, this displays

keyUsage flags are (0x61):
digitalSignature
keyCertSign
cRLSign

See Also

X509_QueryCert

[Contents] [Index]

[HOME]   [NEXT: X509_MakeCert...]
Copyright © 2004-10 D.I. Management Services Pty Ltd. All rights reserved.