Discuss this help topic in SecureBlackbox Forum

TElAuthorityKeyIdentifierExtension class

Properties     Declared in     


TElAuthorityKeyIdentifierExtension is a descendant of TElCustomExtension class.

Description

     This extension is used to keep a «Fingerprint» of issuer's public key in order to distinguish different certificates which belong to the same issuer.     The following paragraph is taken from RFC 2459 (Housley, et. al.), part 4.2.1.1:

    «The authority key identifier extension provides a means of identifying the public key corresponding to the private key used to sign a certificate. This extension is used where an issuer has multiple signing keys (either due to multiple concurrent key pairs or due to changeover). The identification may be based on either the key identifier (the subject key identifier in the issuer's certificate) or on the issuer name and serial number.

    The keyIdentifier field of the authorityKeyIdentifier extension MUST be included in all certificates generated by conforming CAs to facilitate chain building. There is one exception; where a CA distributes its public key in the form of a "self-signed" certificate, the authority key identifier may be omitted. In this case, the subject and authority key identifiers would be identical. The value of the keyIdentifier field SHOULD be derived from the public key used to verify the certificate's signature or a method that generates unique values.»


This extension MUST NOT be marked critical.

Properties

Inherited from TElCustomExtension

Declared in

.NET:
  • Namespace: SBX509Ext
  • Assembly: SecureBlackbox
VCL:
  • Unit: SBX509Ext
Java:
  • Package: SecureBlackbox.Base.jar
C++:
  • sbx509ext.h

Discuss this help topic in SecureBlackbox Forum