2.2.1 Server Public Key for ClientWrap Subprotocol

  • Article

This section specifies the format in which the BackupKey Remote Protocol server returns its public key to a client for client-side secret wrapping, as specified in section 3.1.4.1.3.

The server's public key MUST be encapsulated in a DER-encoded X.509 public key certificate. For details on the X.509 certificate format, see [X509] section 2 and [RFC5280]. DER encoding is specified in [X690]. The fields of the certificate MUST be populated as follows:

  • The subjectPublicKeyInfo field MUST contain the key wrapping the server's 2,048-bit RSA public key ([RFC8017]). As specified in [RFC8017], the AlgorithmIdentifier OID associated with this value MUST be set to rsaEncryption (1.2.840.113549.1.1.1).

  • The subjectUniqueID field MUST be set to a GUID that the server can use to uniquely identify this public key. This GUID MUST be encoded as a 16-byte binary array ([MS-DTYP] section 2.3.4.2).

  • The other fields of the certificate SHOULD be populated as follows:

    • The Common Name field of the Subject name field SHOULD contain the name of the DNS domain assigned to the server.

    • The version field SHOULD be set to the numeric value 2 to denote an X.509 version 3 certificate as specified in [RFC5280].

    • The serialNumber field SHOULD be identical to the subjectUniqueID field.

    • The notBefore field SHOULD be set to the date and time (as determined by the server) at which the RSA key pair was generated.

    • The notAfter field SHOULD be set to exactly 365 days after the date and time in the notBefore field.

    • The issuerUniqueID field SHOULD be identical to the subjectUniqueID field.

    • The certificate SHOULD be self-signed.