CryptoSys PKI Pro Manual

X509_KeyUsageFlags

Returns a bitfield containing the keyUsage flags for an X.509 certificate.

VBA/VB6 Syntax

Public Declare Function X509_KeyUsageFlags Lib "diCrPKI.dll" (ByVal strCertFile As String) As Long

nRet = X509_KeyUsageFlags(strCertFile)

C/C++ Syntax

long __stdcall X509_KeyUsageFlags(const char *szCertFile);

Parameters

szCertFile
[in] with the filename of the X.509 certificate (or base64 representation).

Returns (VBA/C)

If successful, it returns a positive integer containing the keyUsage flags; or 0 if no keyUsage flags are set; otherwise it returns a negative error code.

.NET Equivalent

X509.KeyUsageFlags Method

Python Equivalent

static X509.key_usage_flags(certfile)

Remarks

The certificate may be in binary BER format or base64 PEM format. The presence of a key usage flag can be ascertained by AND'ing the result with the bitfield value for each flag. 

digitalSignature 0x0001
nonRepudiation   0x0002
keyEncipherment  0x0004
dataEncipherment 0x0008
keyAgreement     0x0010
keyCertSign      0x0020
cRLSign          0x0040
encipherOnly     0x0080
decipherOnly     0x0100

These values are defined as PKI_X509_KEYUSAGE_DIGITALSIGNATURE, etc.

Example

This shows how to find and display the key usage flags for a given certificate. 

Dim nRet As Long
Dim strCertName As String
strCertName = "CarlRSASelf.cer"
nRet = X509_KeyUsageFlags(strCertName)
' Show the result as a hex number
Debug.Print "keyUsage flags are (0x" & Hex(nRet) & "):"
' Check all the keyUsage flags in turn
If (nRet And PKI_X509_KEYUSAGE_DIGITALSIGNATURE) <> 0 Then Debug.Print "digitalSignature"
If (nRet And PKI_X509_KEYUSAGE_NONREPUDIATION) <> 0 Then Debug.Print "nonRepudiation"
If (nRet And PKI_X509_KEYUSAGE_KEYENCIPHERMENT) <> 0 Then Debug.Print "keyEncipherment"
If (nRet And PKI_X509_KEYUSAGE_DATAENCIPHERMENT) <> 0 Then Debug.Print "dataEncipherment"
If (nRet And PKI_X509_KEYUSAGE_KEYAGREEMENT) <> 0 Then Debug.Print "keyAgreement"
If (nRet And PKI_X509_KEYUSAGE_KEYCERTSIGN) <> 0 Then Debug.Print "keyCertSign"
If (nRet And PKI_X509_KEYUSAGE_CRLSIGN) <> 0 Then Debug.Print "cRLSign"
If (nRet And PKI_X509_KEYUSAGE_ENCIPHERONLY) <> 0 Then Debug.Print "encipherOnly"
If (nRet And PKI_X509_KEYUSAGE_DECIPHERONLY) <> 0 Then Debug.Print "decipherOnly"

' Alternatively, use X509_QueryCert to find these values as a string directly
Debug.Print "Use X509_QueryCert..."
Dim strOutput As String
Dim strQuery As String
Dim nChars As Long
strQuery = "keyUsageString"
nChars = X509_QueryCert("", 0, strCertName, strQuery, 0)
If nChars < 0 Then Exit Sub  ' ERROR
strOutput = String(nChars, " ")
nChars = X509_QueryCert(strOutput, Len(strOutput), strCertName, strQuery, 0)
Debug.Print "X509_QueryCert('" & strQuery & "')=" & strOutput

For the S/MIME test file CarlRSASelf.cer, this displays

keyUsage flags are (0x61):
digitalSignature
keyCertSign
cRLSign
Use X509_QueryCert...
X509_QueryCert('keyUsageString')=digitalSignature,keyCertSign,cRLSign

See Also

X509_QueryCert

[Contents] [Index]

[PREV: X509_HashIssuerAndSN...]   [Contents]   [Index]   
   [NEXT: X509_MakeCert...]
Copyright © 2004-24 D.I. Management Services Pty Ltd. All rights reserved. Generated 2024-09-23T07:52:09Z.