3.2.2.6.2.1.2.2 Processing Rules for Requests That Include Private Key Information

A certificate request that includes its associated private key MUST use a CMS certificate request with an embedded CMC structure.

The request MUST be compliant with the information that is specified in [RFC3852]. The processing rules for the following fields MUST be adhered to by the CA, but are not specified by [RFC3852].

  • contentType: This field MUST be set to the OID szOID_RSA_signedData (1.2.840.113549.1.7.2, id-signedData). If it is not, the CA MUST return a non-zero error.

  • content: The content structure MUST be SignedData. The SignedData structure MUST adhere to the following requirements:

    • encapContentInfo: This field MUST have the following values for its fields:

      • eContentType: This field MUST be set to the OID szOID_CT_PKI_DATA (1.3.6.1.5.5.7.12.2, Id-cct-PKIData). If it is not, the CA MUST return a non-zero error.

      • eContent: This field MUST be a PKIData structure, as specified in [RFC2797] section 3.1. The PKIData structure MUST adhere to the following requirements:

        • TaggedRequest: This field MUST contain exactly one certificate request. The certificate request MUST be PKCS #10 conforming to rules specified in sections 2.2.2.6.5 and 3.2.1.4.2.1.4.1.1. If it does not, the CA MUST return a non-zero error.

        • TaggedAttribute: This field MUST include the key hash attribute. The OID for this attribute is the OID szOID_ENCRYPTED_KEY_HASH (1.3.6.1.4.1.311.21.21), as specified in section 2.2.2.7.9. The value for this attribute MUST be the hash of the value of the OID szOID_ARCHIVED_KEY_ATTR (1.3.6.1.4.1.311.21.13) attribute, specified in the subsequent steps. The hash algorithm could be either algorithm used to sign certificate request or SHA1. <114> The hash value MUST be encoded as an octet string. The CA MUST calculate its own hash of the enveloped private key using the same hash algorithm and confirm it matches to the value in this field. If it doesn't, the CA MUST fail the request with a non-zero error.

          This field MAY also contain additional enrollment attributes. If the field contains the RegInfo attribute (as specified in [RFC2797] section 5.12), processing rules for its value are identical to the ones for the pwszAttributes parameter (as specified in section 3.2.1.4.2.1.2).

      • signerInfos: The SignerInfo structure MUST adhere to the following requirements:

        • unauthenticatedAttributes: One of the attributes in this field MUST be the OID szOID_ARCHIVED_KEY_ATTR (1.3.6.1.4.1.311.21.13). The value for this attribute MUST be ASN.1 DER encoded CMS. This CMS MUST have the following structure:

          • contentType: This field MUST be the OID szOID_PKCS_7_ENVELOPED (1.2.840.113549.1.7.3, id-envelopedData). If it is not, the CA MUST return a non-zero error.

          • content: This field MUST be an EnvelopedData structure with the following requirements:

            • recipientInfos: This field MUST reference the CA exchange certificate that contains the public key used for encrypting the private key. Other certificates in this collection SHOULD be ignored.

            • encryptedContentInfo: The encryptedContent field of the EncryptedContentInfo structure includes the private key that is to be sent to the CA encrypted to the public key of the certificate in the Current_CA_Exchange_Cert datum. The format of this private key is specified in section 2.2.2.9. If this private key does not correspond to the public key in the encapsulated PKCS #10 request, the CA MUST return a non-zero error.