Internal Name: szOID_ENROLL_AIK_INFO

Description: The value of this attribute contains an AIKPub and optionally an attestation certificate (AIKCert). A maximum of one AIKCert will be passed.<14>

Format: The value of the property is an EnvelopedData CMS structure with one RecipientInfo ([RFC3852] section 6.2). The RecipientInfo is for the CA exchange certificate. The EncryptedContent field MUST be the encrypted form of the following ASN.1 structure, DER encoded:

 AttestationIdentityKeyInfo ::= SEQUENCE SIZE (1..2) OF ANY

The first element of the sequence must be a SubjectPublicKeyInfo ([RFC2986] section 4) for the AIKPub.

If there is an AIKCert available, then the second element contains an AIKCert.

The total number of AIKCerts cannot exceed one.