3.1.1.4.3.4.1.2 Responding to a CA Challenge Message
When the CA receives a certificate request with a key attestation statement containing szOID_ENROLL_EK_INFO, as specified in section 3.1.1.4.3.4.1, it SHOULD return a challenge to the client to prove that the client owns the corresponding EK private key (EKPriv), as specified in section 3.2.2.6.2.1.2.6.<28> Windows Client Certificate Enrollment protocol SHOULD verify and process the challenge as described below.<29>
The pctbCertChain parameter returned by the ICertRequestD::Request method MUST be a CMC full PKI response. This parameter contains the CAChallenge as described in section 3.2.2.6.2.1.2.6. Message syntax MUST be as specified in section 3.2.2.6.2.1.2.6.
The client MUST verify the signature on the CAChallenge and MUST validate the CA signing certificate and its chain. The validation MUST be based on chain validation as specified in [RFC3280].
The client MUST validate the CA exchange certificate included in the CAChallenge and verify that it is a valid exchange certificate (for more information, see [MSFT-ARCHIVE]).
The client MUST decrypt the secret included in the CAChallenge using its TPM and use the result as the secret in the next step. This process is CSP-specific.
The client generates enveloped data as described in section 3.1.1.4.3.4.1.3 by setting the encrypted content to the secret obtained in the previous step. The client MUST use the encryption algorithm provided in the szOID_ENROLL_ENCRYPTION_ALGORITHM attribute (section 2.2.2.8.1.4). The client sets the pctbRequest parameter in the ICertRequestD::Request method to this enveloped data.
The client adds the RequestId attribute (section 2.2.2.7.10), constructed from the Returned_Request_ID ADM element, to the pwszAttributes parameter of the ICertRequestD::Request method.
The client MUST set the 0x00000500 bit in the dwFlags parameter of ICertRequestD2::Request2, as described in section 3.2.1.4.3.1.1, to designate the request as containing the response to the CAChallenge.