Menu
I want to read the Key usage field in a certificate .is there an API is available in openssl ?
945
The key usage extension defines the purpose (for example, encipherment, signature, or certificate signing) of the key contained in the certificate. If the public key is used for entity authentication, then the certificate extension should have the key usage Digital signature.
Key encipherment means that the key in the certificate is used to encrypt another cryptographic key (which is not part of the application data).
You can try using the following command in openssl.
openssl x509 -in <certificate to check> -purpose -noout -text
This would print out the list of certificate purpose and the certificate itself.
114
7 years later...
Newer versions of openssl let you query certificate extensions using -ext flag. See docs for available options.
Print key usage:
$> openssl x509 -noout -ext keyUsage < test.crt
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
Print extended key usage:
$> openssl x509 -noout -ext extendedKeyUsage < test.crt
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
Note that if you want to print multiple extensions at once, you need to separate than by comma instead of using -ext flag multiple times:
$> openssl x509 -noout \
-ext keyUsage,extendedKeyUsage < test.crt
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
