[Mono-list] X509Extensions and X509CertificateBuilder

Sebastien Pouliot sebastien at ximian.com
Wed Jan 4 08:13:20 EST 2006

Hello Kim,

On Wed, 2006-01-04 at 12:54 +0100, Hellan.Kim KHE wrote:
> I'm trying to use X509CertificateBuilder to create a certificate and I
> would like to add extensions.
> As the first I would have liked to add a KeyUsageExtension, but ran into
> problems. It seems that the extension classes are mainly there for
> reading extensions in certificates, not for creating them.

That's true for most extensions. A lot of extension decoding was
required in order to implement X.509 stuff in Mono. 

OTOH not a lot of encoding was required to implement the "makecert" tool
- and I never had the time, nor anyone else it seems ;-), to complete
all of them.

Luckily for you the KeyUsageExtension class can both decode and encode.

> 1) How do I set what keyusage purposes this extension should contain?

Using the KeyUsageExtension.KeyUsage property, which is an enum of type

> 2) How do I specify that this extension should be critical? The Critical
> property is read only.

Yes it's read-only (in X509Extension). I don't recall why as the code
seems present to handle the critical encoding correctly. Please fill a
bug for this and I'll try to fix it ASAP.

As for existing Mono.Security.dll versions, you can get the ASN.1 of any
extension, manipulate it (add the critical boolean) and re-create an
X509Extension before adding it of the X509CertificateBuilder.
Sebastien Pouliot  <sebastien at ximian.com>
Blog: http://pages.infinit.net/ctech/

More information about the Mono-list mailing list