4.2 Typical Encoded Certificate from Windows Vista

  • Article

A sample of an encoded certificate from the computer "jroberts21.ntdev.corp.microsoft.com" is shown below.

The first property starts at offset 0 and is of type 0x19 (SUBJECT_PUBLIC_KEY_MD5_HASH).

The second property starts at offset 0x1c and is of type 0x0f (SIGNATURE_HASH).

The third property starts at offset 0x3c and is of type 0x03 (SHA1_HASH).

The fourth property starts at offset 0x5c and is of type 0x09 (ENHKEY_USAGE).

The DER-encoded extension data is as follows:

 0060                              30 14 06 08  2b 06 01 05          0...+...
 0070    05 07 03 01  06 08 2b 06  01 05 05 07  03 02        ......+.......  
  
  
 

This is decoded as follows:

  
 30 = Sequence (section 8.9 of [X690])
 14 = length
        06 = object ID (section 8.4 of [X680])
        08 = length 
        2b = { 1.3 } (from section 8.19.4 of [X690])
        06 01 05 05 07 03 01 = id-kp-serverAuth 
                               (section 4.2.1.13 of [RFC3280])
        06 = object ID (section 8.4 of [X680])
        08 = length 
        2b = { 1.3 } (from section 8.19.4 of [X690])
        06 01 05 05 07 03 02= id-kp-clientAuth 
                               (section 4.2.1.13 of [RFC3280])
  
 

The fifth property starts at offset 0x7e and is of type 0x04 (MD5_HASH).

The sixth property starts at offset 0x9a and is of type 0x14 (KEY_IDENTIFIER).

The certificate starts at offset 0xba, with the DER-encoded data starting at offset 0xc6. Note that the subject and issuer fields near offsets 0x101 and 0x15c each contain the SID of the computer's domain account. For better readability, the certificate also contains a Subject Alternative Name extension at offset 0x232, with the actual name beginning at 0x23e.

 0000  19 00 00 00 01 00 00 00 10 00 00 00 f4 62 72 22 .............br"
 0010  0a 13 e2 78 ad eb b9 99 e5 39 21 58 0f 00 00 00 ...x.....9!X....
 0020  01 00 00 00 14 00 00 00  12 9e b2 86 50 ec 9a 98 ............P...
 0030  61 8f ef 5c 5c 8b c8 75 22 01 9f 9c 03 00 00 00 a..\\..u".......
 0040  01 00 00 00 14 00 00 00 98 93 c1 90 82 5a 4a 76 .............ZJv
 0050  a7 d8 2b 6a 22 23 44 1b 4e 09 10 64 09 00 00 00 ..+j"#D.N..d....
 0060  01 00 00 00 16 00 00 00 30 14 06 08 2b 06 01 05 ........0...+...
 0070  05 07 03 01 06 08 2b 06 01 05 05 07 03 02 04 00 ......+.........
 0080  00 00 01 00 00 00 10 00 00 00 a9 06 e7 80 06 e4 ................
 0090  ef d8 44 7e f7 5f 9d f7 05 41 14 00 00 00 01 00 ..D~._...A......
 00a0  00 00 14 00 00 00 f5 4b 62 5d b1 dd a7 6f 73 f1 .......Kb]...os.
 00b0  51 7d 8a 14 70 84 ca f6 8f cf 20 00 00 00 01 00 Q}..p..... .....
 00c0  00 00 2d 02 00 00 30 82 02 29 30 82 01 92 a0 03 ..-...0..)0.....
 00d0  02 01 02 02 10 03 88 1c 65 49 2a cd ac 4b d7 de ........eI*..K..
 00e0  2c bf ec 8b c1 30 0d 06 09 2a 86 48 86 f7 0d 01 ,....0...*.H....
 00f0  01 05 05 00 30 39 31 37 30 35 06 03 55 04 03 13 ....091705..U...
 0100  2e 53 2d 31 2d 35 2d 32 31 2d 33 39 37 39 35 35 .S-1-5-21-397955
 0110  34 31 37 2d 36 32 36 38 38 31 31 32 36 2d 31 38 417-626881126-18
 0120  38 34 34 31 34 34 34 2d 33 33 39 34 37 31 37 30 8441444-33947170
 0130  1e 17 0d 30 37 30 32 30 32 32 31 35 36 31 36 5a ...070202215616Z
 0140  17 0d 30 37 30 32 31 36 32 31 35 36 31 36 5a 30 ..070216215616Z0
 0150  39 31 37 30 35 06 03 55 04 03 13 2e 53 2d 31 2d 91705..U....S-1-
 0160  35 2d 32 31 2d 33 39 37 39 35 35 34 31 37 2d 36 5-21-397955417-6
 0170  32 36 38 38 31 31 32 36 2d 31 38 38 34 34 31 34 26881126-1884414
 0180  34 34 2d 33 33 39 34 37 31 37 30 81 9f 30 0d 06 44-33947170..0..
 0190  09 2a 86 48 86 f7 0d 01 01 01 05 00 03 81 8d 00 .*.H............
 01a0  30 81 89 02 81 81 00 a8 f1 b4 a8 bc 81 03 ca 6f 0..............o
 01b0  3f 54 41 9e f6 b1 bc 83 de 3c a5 d0 fc 28 c2 83 ?TA......<...(..
 01c0  71 41 a9 76 12 a5 ee 5a 05 ce 24 77 71 a9 49 4d qA.v...Z..$wq.IM
 01d0  0d 2a 7d 8e a7 7c 69 04 9e 4a ca 7a 89 1b b5 22 .*}..|i..J.z..."
 01e0  c7 de d6 eb 45 21 b6 3d cb 0b 75 a3 59 b9 b2 82 ....E!.=..u.Y...
 01f0  4b 77 d8 c8 f2 b3 ff 46 48 03 d0 d1 30 eb 4d 5c Kw.....FH...0.M\
 0200  20 fc 9f 8e bb d8 8b cf b4 e8 7a 4a 18 11 e0 23 .........zJ...#
 0210  f9 69 e0 42 67 ea d9 27 da 35 cc 31 18 a8 08 3d .i.Bg..'.5.1...=
 0220  dc 15 02 d5 38 81 0d 02 03 01 00 01 a3 32 30 30 ....8........200
 0230  30 2e 06 03 55 1d 11 04 27 30 25 82 23 6a 72 6f 0...U...'0%.#jro
 0240  62 65 72 74 73 32 31 2e 6e 74 64 65 76 2e 63 6f berts21.ntdev.co
 0250  72 70 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d rp.microsoft.com
 0260  30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 03 0...*.H.........
 0270  81 81 00 84 99 ac c0 5a 8d bc 4e 2d 67 bb 23 b4 .......Z..N-g.#.
 0280  61 d7 54 4b a6 fe 44 93 c7 e6 91 8e 38 f0 c3 eb a.TK..D.....8...
 0290  18 1c c4 cf 99 96 8f 39 63 82 61 48 e1 a2 c5 5b .......9c.aH...[
 02a0  5e f6 ba 00 0a 52 71 d9 63 47 e6 1b 79 7c ab 2a ^....Rq.cG..y|.*
 02b0  3d bf 75 09 48 8a fa 73 2c 46 3b b1 93 6e e3 ce =.u.H..s,F;..n..
 02c0  6b 35 9d c6 be 19 0f 93 ec 53 3b cf ec 80 b0 50 k5.......S;....P
 02d0  65 b2 45 9c ba 15 7e 09 64 46 49 74 7a fb 8c 68 e.E...~.dFItz..h
 02e0  86 ff 91 39 35 aa cf 7b 0e 4c ea e8 f7 78 ae 4a ...95..{.L...x.J
 02f0  71 36 fb                                        q6.