Inconsistency in X509v3 Key Usage between gcr-viewer and openssl
I created a client certificate with
openssl req -new -newkey rsa:4096 -nodes -rand /dev/random -keyout client.key -out client.csr -sha512 -subj '/CN=client' -addext basicConstraints=critical,CA:TRUE,pathlen:1 openssl x509 -req -days 1095 -sha512 -in client.csr -signkey client.key -out client.crt -extfile <(printf "basicConstraints=CA:TRUE,pathlen:1\nkeyUsage=ASN1:FORMAT:HEX,BITSTRING:84 \nextendedKeyUsage=clientAuth")
The difference being that the keyUsage X.509 extension which is stored as OCTET STRING (1 elem) BIT STRING (8 bit) 10000100 is displayed as Digital Signature, Certificate Sign by openssl as specified by https://tools.ietf.org/html/rfc5280#section-22.214.171.124 gcr-viewer however displays this same certificate as having keyUsage Key encypherment.
This was tested with
$ openssl version OpenSSL 1.1.1 11 Sep 2018 $ gcr-viewer --version GCR Certificate and Key Viewer -- 3.28.0
I also tested this with the latest release 3.36.0 and the result was the same.