IX509ExtensionSubjectKeyIdentifier interface (certenroll.h)
The IX509ExtensionSubjectKeyIdentifier interface enables you to specify a SubjectKeyIdentifier extension. When a subject has multiple signing certificates, this extension can be used to help identify which certificate matches a specific certification authority (CA) signing certificate. The extension is placed in all certificates. The following syntax shows the Abstract Syntax Notation One (ASN.1) structure of the extension. The extension value is encoded by using Distinguished Encoding Rules (DER) and included in the certificate request.
----------------------------------------------------------------------
-- SubjectKeyIdentifier
-- XCN_OID_SUBJECT_KEY_IDENTIFIER (2.5.29.14)
----------------------------------------------------------------------
SubjectKeyIdentifier ::= KeyIdentifier
KeyIdentifier ::= OCTETSTRING
Typically the value is a 20-byte SHA-1 hash of the public key contained in the CA signing certificate. When the CA issues a certificate, it copies the hash value into the SubjectKeyIdentifier extension. To find the end-entity certificate signed by a particular CA certificate, chain building software searches until it matches the keyIdentifier field in the AuthorityKeyIdentifier extension on the CA signing certificate with a SubjectKeyIdentifier extension value on an issued certificate. For more information, see IX509ExtensionAuthorityKeyIdentifier.
To add this extension object to a PKCS #10 request or a CMC request, you must first add it to an IX509Extensions collection and use the collection to initialize an IX509AttributeExtensions object. For more information, see the PKCS #10 Extensions and the CMC Extensions topics.
Inheritance
The IX509ExtensionSubjectKeyIdentifier interface inherits from IX509Extension. IX509ExtensionSubjectKeyIdentifier also has these types of members:
Methods
The IX509ExtensionSubjectKeyIdentifier interface has these methods.
| IX509ExtensionSubjectKeyIdentifier::get_SubjectKeyIdentifier Retrieves a byte array that contains the key identifier. |
| IX509ExtensionSubjectKeyIdentifier::InitializeDecode Initializes the extension from a Distinguished Encoding Rules (DER) encoded byte array that contains the extension value. (IX509ExtensionSubjectKeyIdentifier.InitializeDecode) |
| IX509ExtensionSubjectKeyIdentifier::InitializeEncode Initializes the extension from a byte array that contains the key identifier. |
Requirements
| Requirement | Value |
|---|---|
| Minimum supported client | Windows Vista [desktop apps only] |
| Minimum supported server | Windows Server 2008 [desktop apps only] |
| Target Platform | Windows |
| Header | certenroll.h |
See also
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for