2.2.1.3.1 CERTIFICATE

The CERTIFICATE complex type, and its corresponding private key, are used to generate an ECC message signature as defined in section 2.2.1.6. This element identifies a CERT structure or a PKCERT structure. The structure included depends on the protocol used.

The included structure is always base64-encoded as specified in [MS-DRM] section 2.2.1.1.

 <xs:complexType name="CERTIFICATE">
   <xs:simpleContent>
     <xs:extension base="xs:string">
       <xs:attribute name ="private" type="xs:int" use="optional"/>
     </xs:extension>
   </xs:simpleContent>
 </xs:complexType>

private: If present, this attribute MUST be set to "1" to make the certificate's public key private. This means that the certificate's public key is private and is not distributed. If the value is missing or set to any other value, the certificate's public key is not private and can be distributed.