Srujan Srujan - 11 days ago 5
C Question

How to set the Keyusage value to new openssl X509 certificate in c program?

Unable to set the Keyusage ( like key encipherment, Digital Signature, CRL_SIGN, NON_REPUDIATION e.t.c ) to NEW X509 CERTIFICATE in openssl.

Help me how to solve this...?

Answer
By Adding the below functionality we can get the key usages, basic constraints to our created certificate....

int add_ext ( X509 *cert, int nid, char *value );


// Local variable definition
INT nid = 0;

// add algorithms to internal table

OpenSSL_add_all_algorithms( );

OpenSSL_add_all_ciphers ( );

OpenSSL_add_all_digests ( );


// A CA certificate must include the basicConstraints value with the
// CA field set to TRUE.

add_ext ( xcert, NID_basic_constraints, "critical,CA:TRUE" );

// Key usage is a multi valued extension consisting of a list of names
// of the permitted key usages.

add_ext ( xcert, NID_key_usage, "digitalSignature, nonRepudiation" );

// This Extensions consists of a list of usages indicating purposes for
// which the certificate public key can be used for..

add_ext ( xcert, NID_ext_key_usage, "critical,codeSigning,1.2.3.4" );

// Adds a new object to the internal table. oid is the numerical form
// of the object, sn the short name and ln the long name.

nid = OBJ_create ( "1.2.3.4", "SAMP_OID", "Test_OID" );
X509V3_EXT_add_alias ( nid, NID_netscape_comment );

add_ext ( xcert, nid, "MQ Comment Section" );


User defined function
---------------------

// Add extension using V3 code: we can set the config file as NULL because we
// wont reference any other sections.

int add_ext ( X509 *cert, int nid, char *value )
{
    //
    // Local Variable Definitions
    //
    X509_EXTENSION *ex = NULL;


    X509V3_CTX ctx;


    // Setting context of Extension

    X509V3_set_ctx_nodb ( &ctx );


    // Issuer and subject certs: both the target since it is self signed, no
    // request and no CRL

    X509V3_set_ctx( &ctx, cert, cert, NULL, NULL, NULL );


    ex = X509V3_EXT_conf_nid (NULL, &ctx, nid, value );


    if( !ex )
    {
        printf( "tError: In X509V3_EXT_conf_nidn" );
        hResult= GetLastError( );
    }

        return 0;

    }
Comments