2.2.2.1 Certificate Properties
Each property in the certificate blob MUST be formatted as follows.
|
|
|
|
|
|
|
|
|
|
1 |
|
|
|
|
|
|
|
|
|
2 |
|
|
|
|
|
|
|
|
|
3 |
|
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
PropertyID |
|||||||||||||||||||||||||||||||
Reserved |
|||||||||||||||||||||||||||||||
Length |
|||||||||||||||||||||||||||||||
Value (variable) |
|||||||||||||||||||||||||||||||
... |
PropertyID (4 bytes): This field MUST identify the property whose value is contained in the Value field. It MUST be an unsigned 32-bit integer in little-endian format. This field MUST be set to one of the following values. All the values MUST be in little-endian format.
-
Value
Meaning
KEY_PROV_INFO
2
This property is used to provide additional information regarding the certificate. Its format is specified in section 2.2.2.1.1.
SHA1_HASH
3
A 20-byte array representing the SHA-1 hash of the certificate.
MD5_HASH
4
A 16-byte array representing the MD5 hash of the certificate.
KEY_SPEC
6
An unsigned 32-bit integer. This is a flag which specifies the allowed use of the private key. The value MUST be 1, which specifies the key can be used for encryption.
ENHKEY_USAGE
9
The value of the Extended Key Usage extension on the certificate, in ASN.1 DER encoding. For details on the Extended Key Usage Extension, see [RFC3280] section 4.2.1.13.
FRIENDLY_NAME
11
A null-terminated Unicode string in UTF-16 encoding, representing the display name for the certificate.
DESCRIPTION
13
A null-terminated Unicode string in UTF-16 encoding, representing a brief description of the certificate.
SIGNATURE_HASH
15
A 20-byte array containing the SHA-1 hash of the certificate signature.
KEY_IDENTIFIER
20
A 20-byte array containing the SHA-1 hash of the certificate subject public key.
AUTO_ENROLL
21
A null-terminated Unicode string in UTF-16 encoding, containing the name or object identifier used for auto-enrollment. This is present when the certificate was obtained through auto-enrollment.
PUBKEY_ALG_PARA
22
The algorithm identifier for the public key contained in the certificate, in DER encoding. For details, see [RFC3280] section 4.1.
ISSUER_PUBLIC_KEY_MD5_HASH
24
A 16-byte array containing the MD5 hash of the public key associated with the private key used to sign the certificate.
SUBJECT_PUBLIC_KEY_MD5_HASH
25
A 16-byte array containing the MD5 hash of the public key contained in the certificate.
DATE_STAMP
27
A date stamp, in the form of an unsigned 64-bit integer, representing the number of 100-nanosecond intervals since January 1, 1601.
ISSUER_SERIAL_NUMBER_MD5_HASH
28
A 16-byte array containing the MD5 hash of the CA signing certificate serial number.
SUBJECT_NAME_MD5_HASH
29
A 16-byte array containing the MD5 hash of the subject name in the certificate.
Reserved (4 bytes): This is a 32-bit unsigned integer in little-endian format that must be set to 0x00000001.
Length (4 bytes): This field MUST contain the length of the Value field in bytes. It MUST be an unsigned 32-bit number in little-endian format.
Value (variable): This field MUST contain the value of the specified property, in the format specified for the property associated with the table of possible values for PropertyID.