2.2.1.1.1.1 Certificate BLOB Properties

Each property in the certificate BLOB structure MUST be formatted as follows.


0


1


2


3


4


5


6


7


8


9

1
0


1


2


3


4


5


6


7


8


9

2
0


1


2


3


4


5


6


7


8


9

3
0


1

PropertyID

Reserved

Length

Value (variable)

...

PropertyID (4 bytes): This field MUST identify the property whose value is contained in the Value field. It MUST be an unsigned 32-bit integer in little-endian format. Valid integer values are shown in the following table.

Value

Meaning

KEY_PROV_INFO

2

This property is used to provide hints regarding the handling of the certificate. Its format is specified later in this section.

SHA1_HASH

3

A 20-byte array representing the SHA-1 hash of the certificate.

MD5_HASH

4

16-byte array representing the MD5 hash of the certificate.

KEY_SPEC

6

Unsigned 32-bit integer in little-endian format. The only valid value is 1 (also referred to as AT_KEYEXCHANGE).

ENHKEY_USAGE

9

The value of the extended key usage extension on the certificate, in ASN.1 DER encoding. For more details, see [RFC5280] section 4.2.1.12.

FRIENDLY_NAME

11

A null-terminated Unicode string representing the display name for the certificate.

DESCRIPTION

13

A null-terminated Unicode string representing a brief description of the certificate.

SIGNATURE_HASH

15

A 20-byte array containing the SHA-1 hash of the certificate signature, or a 16-byte array containing the MD5 hash of the certificate signature.

KEY_IDENTIFIER

20

A 20-byte array containing the SHA-1 hash of the certificate subject public key.

AUTO_ENROLL

21

A null-terminated Unicode string that contains the name or object identifier used for autoenrollment. This is present when the certificate was obtained through autoenrollment.

PUBKEY_ALG_PARA

22

The algorithm identifier for the public key contained in the certificate, in Distinguished Encoding Rules (DER) encoding. The structure of an X.509 certificate is defined by [RFC5280].

ISSUER_PUBLIC_KEY_MD5_HASH

24

A 16-byte array containing the MD5 hash of the public key associated with the private key used to sign the certificate.

SUBJECT_PUBLIC_KEY_MD5_HASH

25

A 16-byte array containing the MD5 hash of the public key contained in the certificate.

DATE_STAMP

27

A date stamp, in the form of an unsigned 64-bit integer in little-endian format representing the number of 100-nanosecond intervals since January 1, 1601.

ISSUER_SERIAL_NUMBER_MD5_HASH

28

A 16-byte array containing the MD5 hash of the certificate authority (CA) signing certificate serial number.

SUBJECT_NAME_MD5_HASH

29

A 16-byte array containing the MD5 hash of the subject name in the certificate.

Reserved (4 bytes): Reserved. MUST be set to 0x01 0x00 0x00 0x00.

Length (4 bytes): This field MUST contain the length of the Value field in bytes. It MUST be an unsigned 32-bit number in little-endian format.

Value (variable): This field MUST contain the value of the specified property, in the format specified for the property associated with the table of possible values for PropertyID.