Add a KeyUsage extension on a Bouncycastle certificate request

Could anyone post a Java code for adding to a PKCS10 bouncycastle certificate request an extension regarding a KeyUsage (for example a KeyUsage.keyEncipherment).

I didn't find anything ad i cannot find a proper contructor for X509Extension with a KeyUsage.

Thanks

try this

import org.bouncycastle.asn1.x509.KeyUsage;

KeyUsage keyUsage = new KeyUsage(KeyUsage.keyCertSign | KeyUsage.cRLSign);

X509Extension extension = new X509Extension(true, new DEROctetString(keyUsage));

This seems to be the right way. You have to aadd an extension request attribute to your CSR builder:

... generate X500Name name and a SubjectPublicKeInfo spki ...
PKCS10CertificationRequestBuilder p10Builder =
        new PKCS10CertificationRequestBuilder(name,spki);
KeyUsage ku = new KeyUsage(KeyUsage.keyCertSign | KeyUsage.cRLSign);
ExtensionsGenerator extgen = new ExtensionsGenerator();
extgen.addExtension(Extension.keyUsage,true,ku);
p10Builder.addAttribute(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest,
                        extgen.generate());
...set up your signer here ...
PKCS10CertificationRequest csr = p10Builder.build(signer);