Gültige OIDs in makecert.exe

Ich habe mich immer wieder gefragt, wo eigentlich definiert ist, welche Werte man dem Parameter -eku in makecert.exe geben darf. Ich hab’s gefunden und da raus geholt, damit man es leichter hat.

Es muss ja nicht immer ein Coding-Artikel sein. Wer ein Zertifikat erstellen möchte, benötigt dafür das .NET-SDK-Tool makecert.exe. Dieses kann im Parameter -eku einen Wert entgegen nehmen, der eingrenzt, wofür das Zertifikat verwendet werden darf. Es gibt zwar viele Beispiele im Netz, aber manchmal benötigt man einfach nur die Liste. Unten habe ich sie eingefügt.

In der Liste sind jeweils die Klassen-Variablen-Namen aus der Quelldatei Wincrypt.h enthalten. Ich habe diese jetzt nicht übersetzt (was bei 314 verfügbaren Klassen ein wenig zu viel Aufwand gewesen wäre).

Wenn man also beispiel ein Code-Sign-Zertifikat (PKIX_KP_CODE_SIGNING) erstellen möchte, verwendet man einfach:

makecert.exe … -eku 1.3.6.1.5.5.7.3.3

Vielleicht konnte ich ja jemandem damit helfen.

Verwendungs-Klasse EKU-Wert
ANSI_X942 1.2.840.10046
ANSI_X942_DH 1.2.840.10046.2.1
ANY_APPLICATION_POLICY 1.3.6.1.4.1.311.10.12.1
ANY_CERT_POLICY 2.5.29.32.0
APPLICATION_CERT_POLICIES 1.3.6.1.4.1.311.21.10
APPLICATION_POLICY_CONSTRAINTS 1.3.6.1.4.1.311.21.12
APPLICATION_POLICY_MAPPINGS 1.3.6.1.4.1.311.21.11
ARCHIVED_KEY_ATTR 1.3.6.1.4.1.311.21.13
ARCHIVED_KEY_CERT_HASH 1.3.6.1.4.1.311.21.16
AUTHORITY_INFO_ACCESS 1.3.6.1.5.5.7.1.1
AUTHORITY_KEY_IDENTIFIER 2.5.29.1
AUTHORITY_KEY_IDENTIFIER2 2.5.29.35
AUTHORITY_REVOCATION_LIST 2.5.4.38
AUTO_ENROLL_CTL_USAGE 1.3.6.1.4.1.311.20.1
BASIC_CONSTRAINTS 2.5.29.10
BASIC_CONSTRAINTS2 2.5.29.19
BUSINESS_CATEGORY 2.5.4.15
CA_CERTIFICATE 2.5.4.37
CERT_EXTENSIONS 1.3.6.1.4.1.311.2.1.14
CERT_MANIFOLD 1.3.6.1.4.1.311.20.3
CERT_POLICIES 2.5.29.32
CERT_POLICIES_95 2.5.29.3
CERTIFICATE_REVOCATION_LIST 2.5.4.39
CERTIFICATE_TEMPLATE 1.3.6.1.4.1.311.21.7
CERTSRV_CA_VERSION 1.3.6.1.4.1.311.21.1
CERTSRV_CROSSCA_VERSION 1.3.6.1.4.1.311.21.22
CERTSRV_PREVIOUS_CERT_HASH 1.3.6.1.4.1.311.21.2
CMC 1.3.6.1.5.5.7.7
CMC_ADD_EXTENSIONS 1.3.6.1.5.5.7.7.8
CMC_DATA_RETURN 1.3.6.1.5.5.7.7.4
CMC_DECRYPTED_POP 1.3.6.1.5.5.7.7.10
CMC_ENCRYPTED_POP 1.3.6.1.5.5.7.7.9
CMC_GET_CERT 1.3.6.1.5.5.7.7.15
CMC_GET_CRL 1.3.6.1.5.5.7.7.16
CMC_ID_POP_LINK_RANDOM 1.3.6.1.5.5.7.7.22
CMC_ID_POP_LINK_WITNESS 1.3.6.1.5.5.7.7.23
CMC_IDENTIFICATION 1.3.6.1.5.5.7.7.2
CMC_IDENTITY_PROOF 1.3.6.1.5.5.7.7.3
CMC_LRA_POP_WITNESS 1.3.6.1.5.5.7.7.11
CMC_QUERY_PENDING 1.3.6.1.5.5.7.7.21
CMC_RECIPIENT_NONCE 1.3.6.1.5.5.7.7.7
CMC_REG_INFO 1.3.6.1.5.5.7.7.18
CMC_RESPONSE_INFO 1.3.6.1.5.5.7.7.19
CMC_REVOKE_REQUEST 1.3.6.1.5.5.7.7.17
CMC_SENDER_NONCE 1.3.6.1.5.5.7.7.6
CMC_STATUS_INFO 1.3.6.1.5.5.7.7.1
CMC_TRANSACTION_ID 1.3.6.1.5.5.7.7.5
COMMON_NAME 2.5.4.3
COUNTRY_NAME 2.5.4.6
CRL_DIST_POINTS 2.5.29.31
CRL_NEXT_PUBLISH 1.3.6.1.4.1.311.21.4
CRL_NUMBER 2.5.29.20
CRL_REASON_CODE 2.5.29.21
CRL_SELF_CDP 1.3.6.1.4.1.311.21.14
CRL_VIRTUAL_BASE 1.3.6.1.4.1.311.21.3
CROSS_CERT_DIST_POINTS 1.3.6.1.4.1.311.10.9.1
CROSS_CERTIFICATE_PAIR 2.5.4.40
CT_PKI_DATA 1.3.6.1.5.5.7.12.2
CT_PKI_RESPONSE 1.3.6.1.5.5.7.12.3
CTL 1.3.6.1.4.1.311.10.1
DELTA_CRL_INDICATOR 2.5.29.27
DESCRIPTION 2.5.4.13
DESTINATION_INDICATOR 2.5.4.27
DEVICE_SERIAL_NUMBER 2.5.4.5
DN_QUALIFIER 2.5.4.46
DOMAIN_COMPONENT 0.9.2342.19200300.100.1.25
DRM 1.3.6.1.4.1.311.10.5.1
DRM_INDIVIDUALIZATION 1.3.6.1.4.1.311.10.5.2
DS 2.5
DS_EMAIL_REPLICATION 1.3.6.1.4.1.311.21.19
DSALG 2.5.8
DSALG_CRPT 2.5.8.1
DSALG_HASH 2.5.8.2
DSALG_RSA 2.5.8.1.1
DSALG_SIGN 2.5.8.3
EFS_RECOVERY 1.3.6.1.4.1.311.10.3.4.1
EMBEDDED_NT_CRYPTO 1.3.6.1.4.1.311.10.3.8
ENCRYPTED_KEY_HASH 1.3.6.1.4.1.311.21.21
ENHANCED_KEY_USAGE 2.5.29.37
ENROLL_CERTTYPE_EXTENSION 1.3.6.1.4.1.311.20.2
ENROLLMENT_AGENT 1.3.6.1.4.1.311.20.2.1
ENROLLMENT_CSP_PROVIDER 1.3.6.1.4.1.311.13.2.2
ENROLLMENT_NAME_VALUE_PAIR 1.3.6.1.4.1.311.13.2.1
ENTERPRISE_OID_ROOT 1.3.6.1.4.1.311.21.8
FACSIMILE_TELEPHONE_NUMBER 2.5.4.23
FRESHEST_CRL 2.5.29.46
GIVEN_NAME 2.5.4.42
INFOSEC 2.16.840.1.101.2.1
INFOSEC_mosaicConfidentiality 2.16.840.1.101.2.1.1.4
INFOSEC_mosaicIntegrity 2.16.840.1.101.2.1.1.6
INFOSEC_mosaicKeyManagement 2.16.840.1.101.2.1.1.10
INFOSEC_mosaicKMandSig 2.16.840.1.101.2.1.1.12
INFOSEC_mosaicKMandUpdSig 2.16.840.1.101.2.1.1.20
INFOSEC_mosaicSignature 2.16.840.1.101.2.1.1.2
INFOSEC_mosaicTokenProtection 2.16.840.1.101.2.1.1.8
INFOSEC_mosaicUpdatedSig 2.16.840.1.101.2.1.1.19
INFOSEC_mosaicUpdateInteg 2.16.840.1.101.2.1.1.21
INFOSEC_sdnsConfidentiality 2.16.840.1.101.2.1.1.3
INFOSEC_sdnsIntegrity 2.16.840.1.101.2.1.1.5
INFOSEC_sdnsKeyManagement 2.16.840.1.101.2.1.1.9
INFOSEC_sdnsKMandSig 2.16.840.1.101.2.1.1.11
INFOSEC_sdnsSignature 2.16.840.1.101.2.1.1.1
INFOSEC_sdnsTokenProtection 2.16.840.1.101.2.1.1.7
INFOSEC_SuiteAConfidentiality 2.16.840.1.101.2.1.1.14
INFOSEC_SuiteAIntegrity 2.16.840.1.101.2.1.1.15
INFOSEC_SuiteAKeyManagement 2.16.840.1.101.2.1.1.17
INFOSEC_SuiteAKMandSig 2.16.840.1.101.2.1.1.18
INFOSEC_SuiteASignature 2.16.840.1.101.2.1.1.13
INFOSEC_SuiteATokenProtection 2.16.840.1.101.2.1.1.16
INHIBIT_ANY_POLICY 2.5.29.54
INITIALS 2.5.4.43
INTERNATIONAL_ISDN_NUMBER 2.5.4.25
IPSEC_KP_IKE_INTERMEDIATE 1.3.6.1.5.5.8.2.2
ISSUED_CERT_HASH 1.3.6.1.4.1.311.21.17
ISSUER_ALT_NAME 2.5.29.8
ISSUER_ALT_NAME2 2.5.29.18
ISSUING_DIST_POINT 2.5.29.28
KEY_ATTRIBUTES 2.5.29.2
KEY_USAGE 2.5.29.15
KEY_USAGE_RESTRICTION 2.5.29.4
KEYID_RDN 1.3.6.1.4.1.311.10.7.1
KP_CA_EXCHANGE 1.3.6.1.4.1.311.21.5
KP_CTL_USAGE_SIGNING 1.3.6.1.4.1.311.10.3.1
KP_DOCUMENT_SIGNING 1.3.6.1.4.1.311.10.3.12
KP_EFS 1.3.6.1.4.1.311.10.3.4
KP_KEY_RECOVERY 1.3.6.1.4.1.311.10.3.11
KP_KEY_RECOVERY_AGENT 1.3.6.1.4.1.311.21.6
KP_LIFETIME_SIGNING 1.3.6.1.4.1.311.10.3.13
KP_MOBILE_DEVICE_SOFTWARE 1.3.6.1.4.1.311.10.3.14
KP_QUALIFIED_SUBORDINATION 1.3.6.1.4.1.311.10.3.10
KP_SMARTCARD_LOGON 1.3.6.1.4.1.311.20.2.2
KP_TIME_STAMP_SIGNING 1.3.6.1.4.1.311.10.3.2
LEGACY_POLICY_MAPPINGS 2.5.29.5
LICENSE_SERVER 1.3.6.1.4.1.311.10.6.2
LICENSES 1.3.6.1.4.1.311.10.6.1
LOCAL_MACHINE_KEYSET 1.3.6.1.4.1.311.17.2
LOCALITY_NAME 2.5.4.7
MEMBER 2.5.4.31
NAME_CONSTRAINTS 2.5.29.30
NETSCAPE 2.16.840.1.113730
NETSCAPE_BASE_URL 2.16.840.1.113730.1.2
NETSCAPE_CA_POLICY_URL 2.16.840.1.113730.1.8
NETSCAPE_CA_REVOCATION_URL 2.16.840.1.113730.1.4
NETSCAPE_CERT_EXTENSION 2.16.840.1.113730.1
NETSCAPE_CERT_RENEWAL_URL 2.16.840.1.113730.1.7
NETSCAPE_CERT_SEQUENCE 2.16.840.1.113730.2.5
NETSCAPE_CERT_TYPE 2.16.840.1.113730.1.1
NETSCAPE_COMMENT 2.16.840.1.113730.1.13
NETSCAPE_DATA_TYPE 2.16.840.1.113730.2
NETSCAPE_REVOCATION_URL 2.16.840.1.113730.1.3
NETSCAPE_SSL_SERVER_NAME 2.16.840.1.113730.1.12
NEXT_UPDATE_LOCATION 1.3.6.1.4.1.311.10.2
NT_PRINCIPAL_NAME 1.3.6.1.4.1.311.20.2.3
NT5_CRYPTO 1.3.6.1.4.1.311.10.3.6
OEM_WHQL_CRYPTO 1.3.6.1.4.1.311.10.3.7
OIW 1.3.14
OIWDIR 1.3.14.7.2
OIWDIR_CRPT 1.3.14.7.2.1
OIWDIR_HASH 1.3.14.7.2.2
OIWDIR_md2 1.3.14.7.2.2.1
OIWDIR_md2RSA 1.3.14.7.2.3.1
OIWDIR_SIGN 1.3.14.7.2.3
OIWSEC 1.3.14.3.2
OIWSEC_desCBC 1.3.14.3.2.7
OIWSEC_desCFB 1.3.14.3.2.9
OIWSEC_desECB 1.3.14.3.2.6
OIWSEC_desEDE 1.3.14.3.2.17
OIWSEC_desMAC 1.3.14.3.2.10
OIWSEC_desOFB 1.3.14.3.2.8
OIWSEC_dhCommMod 1.3.14.3.2.16
OIWSEC_dsa 1.3.14.3.2.12
OIWSEC_dsaComm 1.3.14.3.2.20
OIWSEC_dsaCommSHA 1.3.14.3.2.21
OIWSEC_dsaCommSHA1 1.3.14.3.2.28
OIWSEC_dsaSHA1 1.3.14.3.2.27
OIWSEC_keyHashSeal 1.3.14.3.2.23
OIWSEC_md2RSASign 1.3.14.3.2.24
OIWSEC_md4RSA 1.3.14.3.2.2
OIWSEC_md4RSA2 1.3.14.3.2.4
OIWSEC_md5RSA 1.3.14.3.2.3
OIWSEC_md5RSASign 1.3.14.3.2.25
OIWSEC_mdc2 1.3.14.3.2.19
OIWSEC_mdc2RSA 1.3.14.3.2.14
OIWSEC_rsaSign 1.3.14.3.2.11
OIWSEC_rsaXchg 1.3.14.3.2.22
OIWSEC_sha 1.3.14.3.2.18
OIWSEC_sha1 1.3.14.3.2.26
OIWSEC_sha1RSASign 1.3.14.3.2.29
OIWSEC_shaDSA 1.3.14.3.2.13
OIWSEC_shaRSA 1.3.14.3.2.15
ORGANIZATION_NAME 2.5.4.10
ORGANIZATIONAL_UNIT_NAME 2.5.4.11
OS_VERSION 1.3.6.1.4.1.311.13.2.3
OWNER 2.5.4.32
PHYSICAL_DELIVERY_OFFICE_NAME 2.5.4.19
PKCS 1.2.840.113549.1
PKCS_1 1.2.840.113549.1.1
PKCS_10 1.2.840.113549.1.10
PKCS_11 1.2.840.113549.1.12
PKCS_12_FRIENDLY_NAME_ATTR 1.2.840.113549.1.9.20
PKCS_12_KEY_PROVIDER_NAME_ATTR 1.3.6.1.4.1.311.17.1
PKCS_12_LOCAL_KEY_ID 1.2.840.113549.1.9.21
PKCS_2 1.2.840.113549.1.2
PKCS_3 1.2.840.113549.1.3
PKCS_4 1.2.840.113549.1.4
PKCS_5 1.2.840.113549.1.5
PKCS_6 1.2.840.113549.1.6
PKCS_7 1.2.840.113549.1.7
PKCS_8 1.2.840.113549.1.8
PKCS_9 1.2.840.113549.1.9
PKIX 1.3.6.1.5.5.7
PKIX_ACC_DESCR 1.3.6.1.5.5.7.48
PKIX_CA_ISSUERS 1.3.6.1.5.5.7.48.2
PKIX_KP 1.3.6.1.5.5.7.3
PKIX_KP_CLIENT_AUTH 1.3.6.1.5.5.7.3.2
PKIX_KP_CODE_SIGNING 1.3.6.1.5.5.7.3.3
PKIX_KP_EMAIL_PROTECTION 1.3.6.1.5.5.7.3.4
PKIX_KP_IPSEC_END_SYSTEM 1.3.6.1.5.5.7.3.5
PKIX_KP_IPSEC_TUNNEL 1.3.6.1.5.5.7.3.6
PKIX_KP_IPSEC_USER 1.3.6.1.5.5.7.3.7
PKIX_KP_SERVER_AUTH 1.3.6.1.5.5.7.3.1
PKIX_KP_TIMESTAMP_SIGNING 1.3.6.1.5.5.7.3.8
PKIX_NO_SIGNATURE 1.3.6.1.5.5.7.6.2
PKIX_OCSP 1.3.6.1.5.5.7.48.1
PKIX_PE 1.3.6.1.5.5.7.1
PKIX_POLICY_QUALIFIER_CPS 1.3.6.1.5.5.7.2.1
PKIX_POLICY_QUALIFIER_USERNOTICE 1.3.6.1.5.5.7.2.2
POLICY_CONSTRAINTS 2.5.29.36
POLICY_MAPPINGS 2.5.29.33
POST_OFFICE_BOX 2.5.4.18
POSTAL_ADDRESS 2.5.4.16
POSTAL_CODE 2.5.4.17
PREFERRED_DELIVERY_METHOD 2.5.4.28
PRESENTATION_ADDRESS 2.5.4.29
PRIVATEKEY_USAGE_PERIOD 2.5.29.16
PRODUCT_UPDATE 1.3.6.1.4.1.311.31.1
RDN_DUMMY_SIGNER 1.3.6.1.4.1.311.21.9
REASON_CODE_HOLD 2.5.29.23
REGISTERED_ADDRESS 2.5.4.26
REMOVE_CERTIFICATE 1.3.6.1.4.1.311.10.8.1
RENEWAL_CERTIFICATE 1.3.6.1.4.1.311.13.1
REQUEST_CLIENT_INFO 1.3.6.1.4.1.311.21.20
REQUIRE_CERT_CHAIN_POLICY 1.3.6.1.4.1.311.21.15
ROLE_OCCUPANT 2.5.4.33
ROOT_LIST_SIGNER 1.3.6.1.4.1.311.10.3.9
RSA 1.2.840.113549
RSA_certExtensions 1.2.840.113549.1.9.14
RSA_challengePwd 1.2.840.113549.1.9.7
RSA_contentType 1.2.840.113549.1.9.3
RSA_counterSign 1.2.840.113549.1.9.6
RSA_data 1.2.840.113549.1.7.1
RSA_DES_EDE3_CBC 1.2.840.113549.3.7
RSA_DH 1.2.840.113549.1.3.1
RSA_digestedData 1.2.840.113549.1.7.5
RSA_emailAddr 1.2.840.113549.1.9.1
RSA_ENCRYPT 1.2.840.113549.3
RSA_encryptedData 1.2.840.113549.1.7.6
RSA_envelopedData 1.2.840.113549.1.7.3
RSA_extCertAttrs 1.2.840.113549.1.9.9
RSA_HASH 1.2.840.113549.2
RSA_hashedData 1.2.840.113549.1.7.5
RSA_MD2 1.2.840.113549.2.2
RSA_MD2RSA 1.2.840.113549.1.1.2
RSA_MD4 1.2.840.113549.2.4
RSA_MD4RSA 1.2.840.113549.1.1.3
RSA_MD5 1.2.840.113549.2.5
RSA_MD5RSA 1.2.840.113549.1.1.4
RSA_messageDigest 1.2.840.113549.1.9.4
RSA_preferSignedData 1.2.840.113549.1.9.15.1
RSA_RC2CBC 1.2.840.113549.3.2
RSA_RC4 1.2.840.113549.3.4
RSA_RC5_CBCPad 1.2.840.113549.3.9
RSA_RSA 1.2.840.113549.1.1.1
RSA_SET0AEP_RSA 1.2.840.113549.1.1.6
RSA_SHA1RSA 1.2.840.113549.1.1.5
RSA_SHA256RSA 1.2.840.113549.1.1.11
RSA_SHA384RSA 1.2.840.113549.1.1.12
RSA_SHA512RSA 1.2.840.113549.1.1.13
RSA_signedData 1.2.840.113549.1.7.2
RSA_signEnvData 1.2.840.113549.1.7.4
RSA_signingTime 1.2.840.113549.1.9.5
RSA_SMIMEalg 1.2.840.113549.1.9.16.3
RSA_SMIMEalgCMS3DESwrap 1.2.840.113549.1.9.16.3.6
RSA_SMIMEalgCMSRC2wrap 1.2.840.113549.1.9.16.3.7
RSA_SMIMEalgESDH 1.2.840.113549.1.9.16.3.5
RSA_SMIMECapabilities 1.2.840.113549.1.9.15
RSA_unstructAddr 1.2.840.113549.1.9.9
RSA_unstructName 1.2.840.113549.1.9.2
SEARCH_GUIDE 2.5.4.14
SEE_ALSO 2.5.4.34
SERIALIZED 1.3.6.1.4.1.311.10.3.3.1
SERVER_GATED_CRYPTO 1.3.6.1.4.1.311.10.3.3
SGC_NETSCAPE 2.16.840.1.113730.4.1
SORTED_CTL 1.3.6.1.4.1.311.10.1.1
STATE_OR_PROVINCE_NAME 2.5.4.8
STREET_ADDRESS 2.5.4.9
SUBJECT_ALT_NAME 2.5.29.7
SUBJECT_ALT_NAME2 2.5.29.17
SUBJECT_DIR_ATTRS 2.5.29.9
SUBJECT_KEY_IDENTIFIER 2.5.29.14
SUPPORTED_APPLICATION_CONTEXT 2.5.4.30
SUR_NAME 2.5.4.4
TELEPHONE_NUMBER 2.5.4.20
TELETEXT_TERMINAL_IDENTIFIER 2.5.4.22
TELEX_NUMBER 2.5.4.21
TITLE 2.5.4.12
USER_CERTIFICATE 2.5.4.36
USER_PASSWORD 2.5.4.35
WHQL_CRYPTO 1.3.6.1.4.1.311.10.3.5
X21_ADDRESS 2.5.4.24
X957 1.2.840.10040
X957_DSA 1.2.840.10040.4.1
X957_SHA1DSA 1.2.840.10040.4.3
YESNO_TRUST_ATTR 1.3.6.1.4.1.311.10.4.1

3 Antworten auf „Gültige OIDs in makecert.exe“

Schreibe einen Kommentar

Deine E-Mail-Adresse wird nicht veröffentlicht. Erforderliche Felder sind mit * markiert.

This site uses Akismet to reduce spam. Learn how your comment data is processed.