CertGetIntendedKeyUsage function (wincrypt.h)

The CertGetIntendedKeyUsage function acquires the intended key usage bytes from a certificate. The intended key usage can be in either the szOID_KEY_USAGE ("") or szOID_KEY_ATTRIBUTES ("") extension.


BOOL CertGetIntendedKeyUsage(
  [in]  DWORD      dwCertEncodingType,
  [in]  PCERT_INFO pCertInfo,
  [out] BYTE       *pbKeyUsage,
  [in]  DWORD      cbKeyUsage


[in] dwCertEncodingType

Specifies the encoding type used. It is always acceptable to specify both the certificate and message encoding types by combining them with a bitwise-OR operation as shown in the following example:

X509_ASN_ENCODING | PKCS_7_ASN_ENCODING Currently defined encoding types are:


[in] pCertInfo

A pointer to CERT_INFO structure of the specified certificate.

[out] pbKeyUsage

A pointer to a buffer to receive the intended key usage. The following list shows currently defined values. These can be combined by using bitwise-OR operations.


[in] cbKeyUsage

The size, in bytes, of the buffer pointed to by pbKeyUsage. Currently, the intended key usage occupies 1 or 2 bytes of data.

Return value

If the certificate does not have any intended key usage bytes, FALSE is returned and pbKeyUsage is zeroed. Otherwise, TRUE is returned and up to cbKeyUsage number of bytes are copied into pbKeyUsage. Any remaining bytes not copied are zeroed.

GetLastError returns zero if none of the required extensions is found.

If the function fails, GetLastError may return an Abstract Syntax Notation One (ASN.1) encoding/decoding error. For information about these errors, see ASN.1 Encoding/Decoding Return Values.


Requirement Value
Minimum supported client Windows XP [desktop apps | UWP apps]
Minimum supported server Windows Server 2003 [desktop apps | UWP apps]
Target Platform Windows
Header wincrypt.h
Library Crypt32.lib
DLL Crypt32.dll

See also

Data Management Functions