2.2.1 Server Public Key for ClientWrap Subprotocol
This section specifies the format in which the BackupKey Remote Protocol server returns its public key to a client for client-side secret wrapping, as specified in section 3.1.4.1.3.
The server's public key MUST be encapsulated in a DER-encoded X.509 public key certificate. For details on the X.509 certificate format, see [X509] section 2 and [RFC5280]. DER encoding is specified in [X690]. The fields of the certificate MUST be populated as follows:
The subjectPublicKeyInfo field MUST contain the key wrapping the server's 2,048-bit RSA public key ([RFC8017]). As specified in [RFC8017], the AlgorithmIdentifier OID associated with this value MUST be set to rsaEncryption (1.2.840.113549.1.1.1).
The subjectUniqueID field MUST be set to a GUID that the server can use to uniquely identify this public key. This GUID MUST be encoded as a 16-byte binary array ([MS-DTYP] section 2.3.4.2).
The other fields of the certificate SHOULD be populated as follows:
The Common Name field of the Subject name field SHOULD contain the name of the DNS domain assigned to the server.
The version field SHOULD be set to the numeric value 2 to denote an X.509 version 3 certificate as specified in [RFC5280].
The serialNumber field SHOULD be identical to the subjectUniqueID field.
The notBefore field SHOULD be set to the date and time (as determined by the server) at which the RSA key pair was generated.
The notAfter field SHOULD be set to exactly 365 days after the date and time in the notBefore field.
The issuerUniqueID field SHOULD be identical to the subjectUniqueID field.
The certificate SHOULD be self-signed.