2.2.2.1 CACERTBLOB

  • Article

The CACERTBLOB construct consists of serialized elements. Each element is a data structure consisting of a header and its value. The element header consists of the following fields.

Field

Data type

Description

Element type

DWORD

Identifies the type of the element.

Encoding type

DWORD

Specifies the encoding used.

Length

DWORD

Specifies the length of the element.

The following table defines the element types that are possible.

Element type

Encoding type

Meaning

FILE_ELEMENT_CERT_TYPE

(0x00000020)

X509_ASN_ENCODING

(0x00000001)

The element contains ASN.1-encoded X.509 certificates, as defined in [RFC3280].

CERT_FRIENDLY_NAME_PROP_ID

(0x0000000d)

X509_ASN_ENCODING

(0x00000001)

A friendly name can be associated with the certificate. The friendly name is specified as a null-terminated Unicode character string.

CERT_DESCRIPTION_PROP_ID

(0x0000000b)

X509_ASN_ENCODING

(0x00000001)

This property allows the user to describe the use for the certificate.

CERT_ENHKEY_USAGE_PROP_ID

(0x00000009)

X509_ASN_ENCODING

(0x00000001)

A specific set of enhanced key usages can be enabled or disabled for a certificate. The ASN.1 representation for enhanced key usage (EKU) is described in [RFC3280] section 4.2.1.13.

CERT_CROSS_CERT_DIST_POINTS_PROP_ID

(0x00000017)

X509_ASN_ENCODING

(0x00000001)

The Cross-Certificate Distribution Points extension can be used to specify the download URL for cross certificates that are associated with a particular certificate.

The ASN.1 definition for Cross-Certificate Distribution Points is:

 CrossCertDistPoints   ::= SEQUENCE {
     syncDeltaTime INTEGER (0..4294967295) OPTIONAL,
     crossCertDistPointNames CrossCertDistPointNames
 }
 CrossCertDistPointNames   ::= SEQUENCE OF GeneralNames
 GeneralNames   ::= AltNames

For the definition of AltNames, see [RFC3280] section 4.2.1.7, the definition of GeneralNames.