2.2.1.1.1.1 Certificate BLOB Properties
Each property in the certificate BLOB structure MUST be formatted as follows.
|
|
|
|
|
|
|
|
|
|
1 |
|
|
|
|
|
|
|
|
|
2 |
|
|
|
|
|
|
|
|
|
3 |
|
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
PropertyID |
|||||||||||||||||||||||||||||||
|
Reserved |
|||||||||||||||||||||||||||||||
|
Length |
|||||||||||||||||||||||||||||||
|
Value (variable) |
|||||||||||||||||||||||||||||||
|
... |
|||||||||||||||||||||||||||||||
PropertyID (4 bytes): This field MUST identify the property whose value is contained in the Value field. It MUST be an unsigned 32-bit integer in little-endian format. Valid integer values are shown in the following table.
-
Value
Meaning
KEY_PROV_INFO
2
This property is used to provide hints regarding the handling of the certificate. Its format is specified later in this section.
SHA1_HASH
3
A 20-byte array representing the SHA-1 hash of the certificate.
MD5_HASH
4
16-byte array representing the MD5 hash of the certificate.
KEY_SPEC
6
Unsigned 32-bit integer in little-endian format. The only valid value is 1 (also referred to as AT_KEYEXCHANGE).
ENHKEY_USAGE
9
The value of the extended key usage extension on the certificate, in ASN.1 DER encoding. For more details, see [RFC5280] section 4.2.1.12.
FRIENDLY_NAME
11
A null-terminated Unicode string representing the display name for the certificate.
DESCRIPTION
13
A null-terminated Unicode string representing a brief description of the certificate.
SIGNATURE_HASH
15
A 20-byte array containing the SHA-1 hash of the certificate signature, or a 16-byte array containing the MD5 hash of the certificate signature.
KEY_IDENTIFIER
20
A 20-byte array containing the SHA-1 hash of the certificate subject public key.
AUTO_ENROLL
21
A null-terminated Unicode string that contains the name or object identifier used for autoenrollment. This is present when the certificate was obtained through autoenrollment.
PUBKEY_ALG_PARA
22
The algorithm identifier for the public key contained in the certificate, in Distinguished Encoding Rules (DER) encoding. The structure of an X.509 certificate is defined by [RFC5280].
ISSUER_PUBLIC_KEY_MD5_HASH
24
A 16-byte array containing the MD5 hash of the public key associated with the private key used to sign the certificate.
SUBJECT_PUBLIC_KEY_MD5_HASH
25
A 16-byte array containing the MD5 hash of the public key contained in the certificate.
DATE_STAMP
27
A date stamp, in the form of an unsigned 64-bit integer in little-endian format representing the number of 100-nanosecond intervals since January 1, 1601.
ISSUER_SERIAL_NUMBER_MD5_HASH
28
A 16-byte array containing the MD5 hash of the certificate authority (CA) signing certificate serial number.
SUBJECT_NAME_MD5_HASH
29
A 16-byte array containing the MD5 hash of the subject name in the certificate.
Reserved (4 bytes): Reserved. MUST be set to 0x01 0x00 0x00 0x00.
Length (4 bytes): This field MUST contain the length of the Value field in bytes. It MUST be an unsigned 32-bit number in little-endian format.
Value (variable): This field MUST contain the value of the specified property, in the format specified for the property associated with the table of possible values for PropertyID.