2.2.9.4.4 ISSUEDPRINCIPALS

The ISSUEDPRINCIPALS element of the SPC issues the SPC public key. It MUST use the following template.

 <ISSUEDPRINCIPALS>
    <PRINCIPAL>
       <OBJECT type="Machine-Unique-Identifier">
          <ID type="MS-GUID">
             [[- GUID -]]
          </ID> 
          <NAME>Machine</NAME> 
       </OBJECT>
       [[- publickey -]]
       <DIGEST>
          <ALGORITHM>[[- hashalgorithm -]]</ALGORITHM> 
          <PARAMETER name="codingtype">
             <VALUE encoding="string">
                surface-coding
             </VALUE> 
          </PARAMETER>
          <VALUE encoding="base64" size="[[- hashsize -]]">
             [[- hash -]]
          </VALUE> 
       </DIGEST>
       [[- platform -]]
       [[- manufacturer -]]
       [[- repository -]]
    </PRINCIPAL>
 </ISSUEDPRINCIPALS>
  

[[- GUID -]]: MUST be a unique GUID that identifies the principal the certificate is issued to, represented as a literal ASCII string enclosed in braces.

[[- publickey -]]: MUST contain the SPC public key. The exponent MUST be set to 65537. The size attribute of the VALUE element MUST be set to the size of the SPC public key. The modulus MUST contain the modulus of the SPC public key.

[[- hashalgorithm -]]: MUST contain the name of the hash algorithm: SHA-1 or SHA-256.

[[- hashsize -]]: MUST contain the size of the hash, in bits.

[[- hash -]]: MUST contain a SHA-1 or SHA-256 hash of HID information.

[[- platform -]]: MUST contain a SECURITYLEVEL element with the name "Platform" and the value of a string that contains the version of the client platform.

[[- manufacturer -]]: MUST contain a SECURITYLEVEL element with the name "Manufacturer" and the value of a string that contains identifying information about the creator of the security processor.

[[- repository -]]: MUST contain a SECURITYLEVEL element with the name "Repository" and the value of a string that contains the version of the security processor.