diff --git a/lib/encoding/x509.js b/lib/encoding/x509.js
index 53316af18..e8ee16b9b 100644
--- a/lib/encoding/x509.js
+++ b/lib/encoding/x509.js
@@ -1257,6 +1257,92 @@ class UniformResourceIdentifier extends asn1.IA5String {};
 class IPAddress extends asn1.OctString {};
 class RegisteredID extends asn1.OID {};
 
+/**
+ * KeyUsage
+ */
+
+// KeyUsage ::= BIT STRING {
+//      digitalSignature        (0),
+//      nonRepudiation          (1), -- recent editions of X.509 have
+//                           -- renamed this bit to contentCommitment
+//      keyEncipherment         (2),
+//      dataEncipherment        (3),
+//      keyAgreement            (4),
+//      keyCertSign             (5),
+//      cRLSign                 (6),
+//      encipherOnly            (7),
+//      decipherOnly            (8) }
+
+class KeyUsage extends asn1.BitString {
+  constructor() {
+    super();
+    this.value = Buffer.alloc(2);
+  }
+
+  getBitByProperty(property) {
+    const properties = {
+      'digitalSignature': 0,
+      'nonRepudiation': 1,
+      'keyEncipherment': 2,
+      'dataEncipherment': 3,
+      'keyAgreement': 4,
+      'keyCertSign': 5,
+      'cRLSign': 6,
+      'encipherOnly': 7,
+      'decipherOnly': 8
+    };
+
+    return properties[property];
+  }
+
+  getPropertyByBit(bit) {
+    const bits = [
+      'digitalSignature',
+      'nonRepudiation',
+      'keyEncipherment',
+      'dataEncipherment',
+      'keyAgreement',
+      'keyCertSign',
+      'cRLSign',
+      'encipherOnly',
+      'decipherOnly'
+    ];
+
+    return bits[bit];
+  }
+
+  getJSON() {
+    const purpose = [];
+    for (let i = 0; i <= this.bits; i++) {
+      if (this.getBit(i))
+        purpose.push(this.getPropertyByBit(i));
+    }
+
+    return purpose;
+  }
+
+  fromJSON(json) {
+    assert(Array.isArray(json));
+    for (const property of json) {
+      const bit = this.getBitByProperty(property);
+
+      if (bit + 1 > this.bits)
+        this.bits = bit + 1;
+
+      this.setBit(bit, true);
+    }
+
+    if (this.bits < 9)
+      this.value = this.value.slice(0, -1);
+
+    return this;
+  }
+
+  static fromJSON(json) {
+    return new this().fromJSON(json);
+  }
+}
+
 /**
  * Entity
  */
@@ -1296,6 +1382,8 @@ function identifierToClass(oid) {
       return RSAPublicKey;
     case 'SubjectAltName':
       return SubjectAltName;
+    case 'KeyUsage':
+      return KeyUsage;
     default:
       return null;
   }
@@ -1320,4 +1408,5 @@ exports.DigestInfo = DigestInfo;
 exports.BasicConstraints = BasicConstraints;
 exports.RSAPublicKey = RSAPublicKey;
 exports.SubjectAltName = SubjectAltName;
+exports.KeyUsage = KeyUsage;
 exports.Entity = Entity;