diff --git a/bouncycastle.config b/bouncycastle.config
index 43e1b48..42ca610 100644
--- a/bouncycastle.config
+++ b/bouncycastle.config
@@ -134,9 +134,7 @@
 org/bouncycastle/asn1/x509/CertificatePair.java \
 org/bouncycastle/asn1/x509/CertificatePolicies.java \
 org/bouncycastle/asn1/x509/DisplayText.java \
-org/bouncycastle/asn1/x509/ExtendedKeyUsage.java \
 org/bouncycastle/asn1/x509/IetfAttrSyntax.java \
-org/bouncycastle/asn1/x509/KeyPurposeId.java \
 org/bouncycastle/asn1/x509/NoticeReference.java \
 org/bouncycastle/asn1/x509/PolicyMappings.java \
 org/bouncycastle/asn1/x509/PolicyQualifierId.java \
diff --git a/src/main/java/org/bouncycastle/asn1/x509/ExtendedKeyUsage.java b/src/main/java/org/bouncycastle/asn1/x509/ExtendedKeyUsage.java
new file mode 100644
index 0000000..0811df5
--- /dev/null
+++ b/src/main/java/org/bouncycastle/asn1/x509/ExtendedKeyUsage.java
@@ -0,0 +1,128 @@
+package org.bouncycastle.asn1.x509;
+
+import org.bouncycastle.asn1.ASN1Encodable;
+import org.bouncycastle.asn1.ASN1EncodableVector;
+import org.bouncycastle.asn1.ASN1Sequence;
+import org.bouncycastle.asn1.ASN1TaggedObject;
+import org.bouncycastle.asn1.DERObject;
+import org.bouncycastle.asn1.DERObjectIdentifier;
+import org.bouncycastle.asn1.DERSequence;
+
+import java.util.Enumeration;
+import java.util.Hashtable;
+import java.util.Vector;
+
+/**
+ * The extendedKeyUsage object.
+ * <pre>
+ *      extendedKeyUsage ::= SEQUENCE SIZE (1..MAX) OF KeyPurposeId
+ * </pre>
+ */
+public class ExtendedKeyUsage
+    extends ASN1Encodable
+{
+    Hashtable     usageTable = new Hashtable();
+    ASN1Sequence  seq;
+
+    public static ExtendedKeyUsage getInstance(
+        ASN1TaggedObject obj,
+        boolean          explicit)
+    {
+        return getInstance(ASN1Sequence.getInstance(obj, explicit));
+    }
+
+    public static ExtendedKeyUsage getInstance(
+        Object obj)
+    {
+        if (obj instanceof ExtendedKeyUsage) 
+        {
+            return (ExtendedKeyUsage)obj;
+        }
+        
+        if(obj instanceof ASN1Sequence) 
+        {
+            return new ExtendedKeyUsage((ASN1Sequence)obj);
+        }
+
+        if (obj instanceof X509Extension)
+        {
+            return getInstance(X509Extension.convertValueToObject((X509Extension)obj));
+        }
+
+        throw new IllegalArgumentException("Invalid ExtendedKeyUsage: " + obj.getClass().getName());
+    }
+
+    public ExtendedKeyUsage(
+        KeyPurposeId  usage)
+    {
+        this.seq = new DERSequence(usage);
+
+        this.usageTable.put(usage, usage);
+    }
+    
+    public ExtendedKeyUsage(
+        ASN1Sequence  seq)
+    {
+        this.seq = seq;
+
+        Enumeration e = seq.getObjects();
+
+        while (e.hasMoreElements())
+        {
+            Object  o = e.nextElement();
+            if (!(o instanceof DERObjectIdentifier))
+            {
+                throw new IllegalArgumentException("Only DERObjectIdentifiers allowed in ExtendedKeyUsage.");
+            }
+            this.usageTable.put(o, o);
+        }
+    }
+
+    public ExtendedKeyUsage(
+        Vector  usages)
+    {
+        ASN1EncodableVector v = new ASN1EncodableVector();
+        Enumeration         e = usages.elements();
+
+        while (e.hasMoreElements())
+        {
+            DERObject  o = (DERObject)e.nextElement();
+
+            v.add(o);
+            this.usageTable.put(o, o);
+        }
+
+        this.seq = new DERSequence(v);
+    }
+
+    public boolean hasKeyPurposeId(
+        KeyPurposeId keyPurposeId)
+    {
+        return (usageTable.get(keyPurposeId) != null);
+    }
+    
+    /**
+     * Returns all extended key usages.
+     * The returned vector contains DERObjectIdentifiers.
+     * @return A vector with all key purposes.
+     */
+    public Vector getUsages()
+    {
+        Vector temp = new Vector();
+        for (Enumeration it = usageTable.elements(); it.hasMoreElements();)
+        {
+            temp.addElement(it.nextElement());
+        }
+        return temp;
+    }
+
+    public int size()
+    {
+        return usageTable.size();
+    }
+    
+    public DERObject toASN1Object()
+    {
+        return seq;
+    }
+}
diff --git a/src/main/java/org/bouncycastle/asn1/x509/KeyPurposeId.java b/src/main/java/org/bouncycastle/asn1/x509/KeyPurposeId.java
new file mode 100644
index 0000000..425e043
--- /dev/null
+++ b/src/main/java/org/bouncycastle/asn1/x509/KeyPurposeId.java
@@ -0,0 +1,119 @@
+package org.bouncycastle.asn1.x509;
+
+import org.bouncycastle.asn1.DERObjectIdentifier;
+
+/**
+ * The KeyPurposeId object.
+ * <pre>
+ *     KeyPurposeId ::= OBJECT IDENTIFIER
+ *
+ *     id-kp ::= OBJECT IDENTIFIER { iso(1) identified-organization(3) 
+ *          dod(6) internet(1) security(5) mechanisms(5) pkix(7) 3}
+ *
+ * </pre>
+ */
+public class KeyPurposeId
+    extends DERObjectIdentifier
+{
+    private static final String id_kp = "1.3.6.1.5.5.7.3";
+
+    /**
+     * Create a KeyPurposeId from an OID string
+     *
+     * @param id OID String.  E.g. "1.3.6.1.5.5.7.3.1"
+     */
+    public KeyPurposeId(
+        String  id)
+    {
+        super(id);
+    }
+
+    /**
+     * { 2 5 29 37 0 }
+     */
+    public static final KeyPurposeId anyExtendedKeyUsage = new KeyPurposeId(X509Extensions.ExtendedKeyUsage.getId() + ".0");
+    /**
+     * { id-kp 1 }
+     */
+    public static final KeyPurposeId id_kp_serverAuth = new KeyPurposeId(id_kp + ".1");
+    /**
+     * { id-kp 2 }
+     */
+    public static final KeyPurposeId id_kp_clientAuth = new KeyPurposeId(id_kp + ".2");
+    /**
+     * { id-kp 3 }
+     */
+    public static final KeyPurposeId id_kp_codeSigning = new KeyPurposeId(id_kp + ".3");
+    /**
+     * { id-kp 4 }
+     */
+    public static final KeyPurposeId id_kp_emailProtection = new KeyPurposeId(id_kp + ".4");
+    /**
+     * Usage deprecated by RFC4945 - was { id-kp 5 }
+     */
+    public static final KeyPurposeId id_kp_ipsecEndSystem = new KeyPurposeId(id_kp + ".5");
+    /**
+     * Usage deprecated by RFC4945 - was { id-kp 6 }
+     */
+    public static final KeyPurposeId id_kp_ipsecTunnel = new KeyPurposeId(id_kp + ".6");
+    /**
+     * Usage deprecated by RFC4945 - was { idkp 7 }
+     */
+    public static final KeyPurposeId id_kp_ipsecUser = new KeyPurposeId(id_kp + ".7");
+    /**
+     * { id-kp 8 }
+     */
+    public static final KeyPurposeId id_kp_timeStamping = new KeyPurposeId(id_kp + ".8");
+    /**
+     * { id-kp 9 }
+     */
+    public static final KeyPurposeId id_kp_OCSPSigning = new KeyPurposeId(id_kp + ".9");
+    /**
+     * { id-kp 10 }
+     */
+    public static final KeyPurposeId id_kp_dvcs = new KeyPurposeId(id_kp + ".10");
+    /**
+     * { id-kp 11 }
+     */
+    public static final KeyPurposeId id_kp_sbgpCertAAServerAuth = new KeyPurposeId(id_kp + ".11");
+    /**
+     * { id-kp 12 }
+     */
+    public static final KeyPurposeId id_kp_scvp_responder = new KeyPurposeId(id_kp + ".12");
+    /**
+     * { id-kp 13 }
+     */
+    public static final KeyPurposeId id_kp_eapOverPPP = new KeyPurposeId(id_kp + ".13");
+    /**
+     * { id-kp 14 }
+     */
+    public static final KeyPurposeId id_kp_eapOverLAN = new KeyPurposeId(id_kp + ".14");
+    /**
+     * { id-kp 15 }
+     */
+    public static final KeyPurposeId id_kp_scvpServer = new KeyPurposeId(id_kp + ".15");
+    /**
+     * { id-kp 16 }
+     */
+    public static final KeyPurposeId id_kp_scvpClient = new KeyPurposeId(id_kp + ".16");
+    /**
+     * { id-kp 17 }
+     */
+    public static final KeyPurposeId id_kp_ipsecIKE = new KeyPurposeId(id_kp + ".17");
+    /**
+     * { id-kp 18 }
+     */
+    public static final KeyPurposeId id_kp_capwapAC = new KeyPurposeId(id_kp + ".18");
+    /**
+     * { id-kp 19 }
+     */
+    public static final KeyPurposeId id_kp_capwapWTP = new KeyPurposeId(id_kp + ".19");
+
+    //
+    // microsoft key purpose ids
+    //
+    /**
+     * { 1 3 6 1 4 1 311 20 2 2 }
+     */
+    public static final KeyPurposeId id_kp_smartcardlogon = new KeyPurposeId("1.3.6.1.4.1.311.20.2.2");
+}