Srujan Srujan - 6 months ago 51
C Question

How to set the Keyusage value to new openssl X509 certificate in c program?

Unable to set the Keyusage ( like key encipherment, Digital Signature, CRL_SIGN, NON_REPUDIATION e.t.c ) to NEW X509 CERTIFICATE in openssl.

Help me how to solve this...?

By Adding the below functionality we can get the key usages, basic constraints to our created certificate....

int add_ext ( X509 *cert, int nid, char *value );

// Local variable definition
INT nid = 0;

// add algorithms to internal table

OpenSSL_add_all_algorithms( );

OpenSSL_add_all_ciphers ( );

OpenSSL_add_all_digests ( );

// A CA certificate must include the basicConstraints value with the
// CA field set to TRUE.

add_ext ( xcert, NID_basic_constraints, "critical,CA:TRUE" );

// Key usage is a multi valued extension consisting of a list of names
// of the permitted key usages.

add_ext ( xcert, NID_key_usage, "digitalSignature, nonRepudiation" );

// This Extensions consists of a list of usages indicating purposes for
// which the certificate public key can be used for..

add_ext ( xcert, NID_ext_key_usage, "critical,codeSigning," );

// Adds a new object to the internal table. oid is the numerical form
// of the object, sn the short name and ln the long name.

nid = OBJ_create ( "", "SAMP_OID", "Test_OID" );
X509V3_EXT_add_alias ( nid, NID_netscape_comment );

add_ext ( xcert, nid, "MQ Comment Section" );

User defined function

// Add extension using V3 code: we can set the config file as NULL because we
// wont reference any other sections.

int add_ext ( X509 *cert, int nid, char *value )
    // Local Variable Definitions
    X509_EXTENSION *ex = NULL;

    X509V3_CTX ctx;

    // Setting context of Extension

    X509V3_set_ctx_nodb ( &ctx );

    // Issuer and subject certs: both the target since it is self signed, no
    // request and no CRL

    X509V3_set_ctx( &ctx, cert, cert, NULL, NULL, NULL );

    ex = X509V3_EXT_conf_nid (NULL, &ctx, nid, value );

    if( !ex )
        printf( "tError: In X509V3_EXT_conf_nidn" );
        hResult= GetLastError( );

        return 0;