diff --git a/app/build.gradle.kts b/app/build.gradle.kts
index 088997a..76c9d45 100644
--- a/app/build.gradle.kts
+++ b/app/build.gradle.kts
@@ -4,9 +4,9 @@ plugins {
 
 android {
     namespace = "io.github.aviraxp.keystoreinjection"
-    compileSdk = 34
+    compileSdk = 35
     ndkVersion = "26.3.11579264"
-    buildToolsVersion = "34.0.0"
+    buildToolsVersion = "35.0.0"
 
     buildFeatures {
         prefab = true
@@ -15,7 +15,7 @@ android {
     defaultConfig {
         applicationId = "io.github.aviraxp.keystoreinjection"
         minSdk = 34
-        targetSdk = 34
+        targetSdk = 35
         versionCode = 10
         versionName = "v0.1.0"
         multiDexEnabled = false
diff --git a/app/src/main/java/io/github/aviraxp/keystoreinjection/CustomKeyStoreKeyPairGeneratorSpi.java b/app/src/main/java/io/github/aviraxp/keystoreinjection/CustomKeyStoreKeyPairGeneratorSpi.java
index 6e5ff14..4a27926 100644
--- a/app/src/main/java/io/github/aviraxp/keystoreinjection/CustomKeyStoreKeyPairGeneratorSpi.java
+++ b/app/src/main/java/io/github/aviraxp/keystoreinjection/CustomKeyStoreKeyPairGeneratorSpi.java
@@ -38,6 +38,7 @@
 import java.security.spec.AlgorithmParameterSpec;
 import java.security.spec.ECGenParameterSpec;
 import java.security.spec.RSAKeyGenParameterSpec;
+import java.util.Arrays;
 import java.util.Objects;
 
 public class CustomKeyStoreKeyPairGeneratorSpi extends KeyPairGeneratorSpi {
@@ -156,12 +157,7 @@ private Extension createExtension(int size) {
 
             ASN1Sequence rootOfTrustSeq = new DERSequence(rootOfTrustEncodables);
 
-            // TODO hex3l: validate that SIGN is the only required or create a parser
-            ASN1Integer[] purposesArray = {
-                    new ASN1Integer(2) //params.getPurposes()
-            };
-
-            var Apurpose = new DERSet(purposesArray);
+            var Apurpose = new DERSet(getPurposesArray());
             var Aalgorithm = new ASN1Integer(getAlgorithm());
             var AkeySize = new ASN1Integer(size);
             var Adigest = new DERSet(getDigests());
@@ -241,6 +237,26 @@ private ASN1OctetString getAsn1OctetString(ASN1Encodable[] teeEnforcedEncodables
         return new DEROctetString(keyDescriptionHackSeq);
     }
 
+    private ASN1Integer[] getPurposesArray() {
+        int purposes = params.getPurposes();
+        if (purposes == 0) {
+            return new ASN1Integer[]{new ASN1Integer(0)};
+        }
+        int count = Integer.bitCount(purposes);
+
+        ASN1Integer[] result = new ASN1Integer[count];
+        int index = 0;
+
+        for (int i = 0; purposes > 0; i++) {
+            if ((purposes & 1) == 1) {
+                result[index++] = new ASN1Integer(i);
+            }
+            purposes >>= 1;
+        }
+
+        return result;
+    }
+
     private ASN1Encodable[] getDigests() {
         String[] digests = params.getDigests();
         ASN1Encodable[] result = new ASN1Encodable[digests.length];
@@ -268,7 +284,7 @@ private int getEcCurve() {
             case "secp224r1" -> res = 0;
             case "secp256r1" -> res = 1;
             case "secp384r1" -> res = 2;
-            case "secp521r1" -> res = 3 ;
+            case "secp521r1" -> res = 3;
             case "CURVE_25519" -> res = 4;
             default -> res = -1;
         }