Discuss this help topic in SecureBlackbox Forum
TElSubjectKeyIdentifierExtension is a descendant of TElCustomExtension class.
Description
The following paragraph is taken from RFC 2459 (Housley, et. al.), part 4.2.1.2:
«The subject key identifier extension provides a means of identifying
certificates that contain a particular public key.
To facilitate chain building, this extension MUST appear in all con-
forming CA certificates, that is, all certificates including the
basic constraints extension where the value of cA
is TRUE. The value of the subject key identifier MUST be the value
placed in the key identifier field of the Authority Key Identifier
extension of certificates issued by the subject of
this certificate.
For CA certificates, subject key identifiers SHOULD be derived from
the public key or a method that generates unique values. Two common
methods for generating key identifiers from the public key are:
One common method for generating unique values is a monotonically
increasing sequence of integers.
For end entity certificates, the subject key identifier extension
provides a means for identifying certificates containing the
particular public key used in an application. Where an end entity has
obtained multiple certificates, especially from multiple CAs, the
subject key identifier provides a means to quickly identify the set
of certificates containing a particular public key. To assist
applications in identification the appropriate end entity
certificate, this extension SHOULD be included in all end entity
certificates.
For end entity certificates, subject key identifiers SHOULD be
derived from the public key. Two common methods for generating key
identifiers from the public key are identified above.
Where a key identifier has not been previously established, this
specification recommends use of one of these methods for generating
keyIdentifiers.
This extension MUST NOT be marked critical.»
SecureBlackbox uses SHA-1 hash algorithm output as
key identifiers.
Inherited from TElCustomExtension .NET:
