2.3.3 Alt-Security-Identities

The Alt-Security-Identities attribute is a multi-valued UNICODE_STRING attribute (see the String(Unicode) syntax in [MS-ADTS] section 3.1.1.2.2.2). The value is formatted as:

X509:<SHA1-TP-PUBKEY>[thumbprint]+[publickeyhash]

Where [thumbprint] is the SHA1 hash of a certificate and [publickeyhash] is the base64-encoded SHA256 hash of the X.509 certificate public key [RFC5280].