2.3.3 Alt-Security-Identities

The Alt-Security-Identities attribute ([MS-ADA1] section 2.61) is a multi-valued UNICODE_STRING attribute (see [MS-ADTS] section 3.1.1.2.2.2, the String(Unicode) syntax). The value is formatted as follows:

"X509:<SHA1-TP-PUBKEY>[thumbprint]+[publickeyhash]"

where [thumbprint] is the SHA1 hash of a certificate and [publickeyhash] is the base64-encoded SHA-256 ([NIST.FIPS.180-4]) of the X.509 certificate public key [RFC5280].