X509 extensions are dynamic, extended properties that can be added to an X509 certificate and changed. The System.Security.Cryptography.X509Certificates.X509Extension class can be used to create extensions that are associated with a certificate but are not part of a certificate as issued by a certification authority (CA).

In its most basic form, an X509 extension has an object identifier (OID), a Boolean value describing whether the extension is considered critical or not, and ASN-encoded data. Custom extensions can be registered in a System.Security.Cryptography.CryptoConfig file.

The.NET Framework includes implementations of several common X509 extensions:

• System.Security.Cryptography.X509Certificates.X509KeyUsageExtension. Describes the key usages of a certificate.

• System.Security.Cryptography.X509Certificates.X509BasicConstraintsExtension. Describes the constraints for a certificate.

• System.Security.Cryptography.X509Certificates.X509EnhancedKeyUsageExtension. Describes the enhanced key usages of a certificate.

• System.Security.Cryptography.X509Certificates.X509SubjectKeyIdentifierExtension. Describes the key identifier. For example, used with XMLDSIG.

Namespace: System.Security.Cryptography.X509Certificates
Assembly: System (in System.dll)
Assembly Versions: 2.0.0.0, 4.0.0.0
Since: .NET 2.0