X509SubjectKeyIdentifierExtension Class
Definition
Important
Some information relates to prerelease product that may be substantially modified before it’s released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
Defines a string that identifies a certificate's subject key identifier (SKI). This class cannot be inherited.
public ref class X509SubjectKeyIdentifierExtension sealed : System::Security::Cryptography::X509Certificates::X509Extension
public sealed class X509SubjectKeyIdentifierExtension : System.Security.Cryptography.X509Certificates.X509Extension
type X509SubjectKeyIdentifierExtension = class
inherit X509Extension
Public NotInheritable Class X509SubjectKeyIdentifierExtension
Inherits X509Extension
- Inheritance
Examples
The following code example demonstrates how to open a user's personal certificate store and display information about each certificate in the store. This example uses the X509SubjectKeyIdentifierExtension class to display the information.
#using <System.dll>
#using <system.security.dll>
using namespace System;
using namespace System::Security::Cryptography;
using namespace System::Security::Cryptography::X509Certificates;
int main()
{
try
{
X509Store^ store = gcnew X509Store( L"MY",StoreLocation::CurrentUser );
store->Open( static_cast<OpenFlags>(OpenFlags::ReadOnly | OpenFlags::OpenExistingOnly) );
X509Certificate2Collection^ collection = dynamic_cast<X509Certificate2Collection^>(store->Certificates);
for ( int i = 0; i < collection->Count; i++ )
{
System::Collections::IEnumerator^ myEnum = collection[ i ]->Extensions->GetEnumerator();
while ( myEnum->MoveNext() )
{
X509Extension^ extension = safe_cast<X509Extension^>(myEnum->Current);
Console::WriteLine( L"{0}({1})", extension->Oid->FriendlyName, extension->Oid->Value );
if ( extension->Oid->FriendlyName == L"Key Usage" )
{
X509KeyUsageExtension^ ext = dynamic_cast<X509KeyUsageExtension^>(extension);
Console::WriteLine( ext->KeyUsages );
}
if ( extension->Oid->FriendlyName == L"Basic Constraints" )
{
X509BasicConstraintsExtension^ ext = dynamic_cast<X509BasicConstraintsExtension^>(extension);
Console::WriteLine( ext->CertificateAuthority );
Console::WriteLine( ext->HasPathLengthConstraint );
Console::WriteLine( ext->PathLengthConstraint );
}
if ( extension->Oid->FriendlyName == L"Subject Key Identifier" )
{
X509SubjectKeyIdentifierExtension^ ext = dynamic_cast<X509SubjectKeyIdentifierExtension^>(extension);
Console::WriteLine( ext->SubjectKeyIdentifier );
}
if ( extension->Oid->FriendlyName == L"Enhanced Key Usage" )
{
X509EnhancedKeyUsageExtension^ ext = dynamic_cast<X509EnhancedKeyUsageExtension^>(extension);
OidCollection^ oids = ext->EnhancedKeyUsages;
System::Collections::IEnumerator^ myEnum1 = oids->GetEnumerator();
while ( myEnum1->MoveNext() )
{
Oid^ oid = safe_cast<Oid^>(myEnum1->Current);
Console::WriteLine( L"{0}({1})", oid->FriendlyName, oid->Value );
}
}
}
}
store->Close();
}
catch ( CryptographicException^ )
{
Console::WriteLine( L"Information could not be written out for this certificate." );
}
}
using System;
using System.Security.Cryptography;
using System.Security.Cryptography.X509Certificates;
public class CertSelect
{
public static void Main()
{
try
{
X509Store store = new X509Store("MY", StoreLocation.CurrentUser);
store.Open(OpenFlags.ReadOnly | OpenFlags.OpenExistingOnly);
X509Certificate2Collection collection = (X509Certificate2Collection)store.Certificates;
for (int i = 0; i < collection.Count; i++)
{
foreach (X509Extension extension in collection[i].Extensions)
{
Console.WriteLine(extension.Oid.FriendlyName + "(" + extension.Oid.Value + ")");
if (extension.Oid.FriendlyName == "Key Usage")
{
X509KeyUsageExtension ext = (X509KeyUsageExtension)extension;
Console.WriteLine(ext.KeyUsages);
}
if (extension.Oid.FriendlyName == "Basic Constraints")
{
X509BasicConstraintsExtension ext = (X509BasicConstraintsExtension)extension;
Console.WriteLine(ext.CertificateAuthority);
Console.WriteLine(ext.HasPathLengthConstraint);
Console.WriteLine(ext.PathLengthConstraint);
}
if (extension.Oid.FriendlyName == "Subject Key Identifier")
{
X509SubjectKeyIdentifierExtension ext = (X509SubjectKeyIdentifierExtension)extension;
Console.WriteLine(ext.SubjectKeyIdentifier);
}
if (extension.Oid.FriendlyName == "Enhanced Key Usage")
{
X509EnhancedKeyUsageExtension ext = (X509EnhancedKeyUsageExtension)extension;
OidCollection oids = ext.EnhancedKeyUsages;
foreach (Oid oid in oids)
{
Console.WriteLine(oid.FriendlyName + "(" + oid.Value + ")");
}
}
}
}
store.Close();
}
catch (CryptographicException)
{
Console.WriteLine("Information could not be written out for this certificate.");
}
}
}
Imports System.Security.Cryptography
Imports System.Security.Cryptography.X509Certificates
Module CertSelect
Sub Main()
Try
Dim store As New X509Store("MY", StoreLocation.CurrentUser)
store.Open(OpenFlags.ReadOnly Or OpenFlags.OpenExistingOnly)
Dim collection As X509Certificate2Collection = CType(store.Certificates, X509Certificate2Collection)
For i As Integer = 0 To collection.Count - 1
Dim extension As X509Extension
For Each extension In collection(i).Extensions
Console.WriteLine(extension.Oid.FriendlyName + "(" + extension.Oid.Value + ")")
If extension.Oid.FriendlyName = "Key Usage" Then
Dim ext As X509KeyUsageExtension = CType(extension, X509KeyUsageExtension)
Console.WriteLine(ext.KeyUsages)
End If
If extension.Oid.FriendlyName = "Basic Constraints" Then
Dim ext As X509BasicConstraintsExtension = CType(extension, X509BasicConstraintsExtension)
Console.WriteLine(ext.CertificateAuthority)
Console.WriteLine(ext.HasPathLengthConstraint)
Console.WriteLine(ext.PathLengthConstraint)
End If
If extension.Oid.FriendlyName = "Subject Key Identifier" Then
Dim ext As X509SubjectKeyIdentifierExtension = CType(extension, X509SubjectKeyIdentifierExtension)
Console.WriteLine(ext.SubjectKeyIdentifier)
End If
If extension.Oid.FriendlyName = "Enhanced Key Usage" Then
Dim ext As X509EnhancedKeyUsageExtension = CType(extension, X509EnhancedKeyUsageExtension)
Dim oids As OidCollection = ext.EnhancedKeyUsages
Dim oid As Oid
For Each oid In oids
Console.WriteLine(oid.FriendlyName + "(" + oid.Value + ")")
Next oid
End If
Next extension
Next i
store.Close()
Catch
Console.WriteLine("Information could not be written out for this certificate.")
End Try
End Sub
End Module
Remarks
There are several ways to identify a certificate: by the hash of the certificate, by the issuer and serial number, and by the subject key identifier (SKI). The SKI provides a unique identification for the certificate's subject and is often used when working with XML digital signing.
Constructors
X509SubjectKeyIdentifierExtension() |
Initializes a new instance of the X509SubjectKeyIdentifierExtension class. |
X509SubjectKeyIdentifierExtension(AsnEncodedData, Boolean) |
Initializes a new instance of the X509SubjectKeyIdentifierExtension class using encoded data and a value that identifies whether the extension is critical. |
X509SubjectKeyIdentifierExtension(Byte[], Boolean) |
Initializes a new instance of the X509SubjectKeyIdentifierExtension class using a byte array and a value that identifies whether the extension is critical. |
X509SubjectKeyIdentifierExtension(PublicKey, Boolean) |
Initializes a new instance of the X509SubjectKeyIdentifierExtension class using a public key and a value indicating whether the extension is critical. |
X509SubjectKeyIdentifierExtension(PublicKey, X509SubjectKeyIdentifierHashAlgorithm, Boolean) |
Initializes a new instance of the X509SubjectKeyIdentifierExtension class using a public key, a hash algorithm identifier, and a value indicating whether the extension is critical. |
X509SubjectKeyIdentifierExtension(ReadOnlySpan<Byte>, Boolean) |
Initializes a new instance of the X509SubjectKeyIdentifierExtension class using a read-only span of bytes and a value that identifies whether the extension is critical. |
X509SubjectKeyIdentifierExtension(String, Boolean) |
Initializes a new instance of the X509SubjectKeyIdentifierExtension class using a string and a value that identifies whether the extension is critical. |
Properties
Critical |
Gets a Boolean value indicating whether the extension is critical. (Inherited from X509Extension) |
Oid |
Gets or sets the Oid value for an AsnEncodedData object. (Inherited from AsnEncodedData) |
RawData |
Gets or sets the Abstract Syntax Notation One (ASN.1)-encoded data represented in a byte array. (Inherited from AsnEncodedData) |
SubjectKeyIdentifier |
Gets a string that represents the subject key identifier (SKI) for a certificate. |
SubjectKeyIdentifierBytes |
Gets a value whose contents represent the subject key identifier (SKI) for a certificate. |
Methods
CopyFrom(AsnEncodedData) |
Creates a new instance of the X509SubjectKeyIdentifierExtension class by copying information from encoded data. |
Equals(Object) |
Determines whether the specified object is equal to the current object. (Inherited from Object) |
Format(Boolean) |
Returns a formatted version of the Abstract Syntax Notation One (ASN.1)-encoded data as a string. (Inherited from AsnEncodedData) |
GetHashCode() |
Serves as the default hash function. (Inherited from Object) |
GetType() |
Gets the Type of the current instance. (Inherited from Object) |
MemberwiseClone() |
Creates a shallow copy of the current Object. (Inherited from Object) |
ToString() |
Returns a string that represents the current object. (Inherited from Object) |