[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Authority Key Identifier

To: "Jong 't, D (Dennis)" <D.Jong@xxxxxxxxxxxxxx>, <ietf-pkix@xxxxxxx>
Subject: RE: Authority Key Identifier
From: "Denis Issoupov" <dissoupo@xxxxxxxxxxx>
Date: Mon, 21 Oct 2002 08:51:41 -0400
List-archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-id: <ietf-pkix.imc.org>
List-unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
Sender: owner-ietf-pkix@xxxxxxxxxxxx
Thread-index: AcJ4/7OV9nm/Vw+oQgyp46aBagAicQAAN1Vw
Thread-topic: Authority Key Identifier

According to RFC 2459,

   AuthorityKeyIdentifier ::= SEQUENCE {
      keyIdentifier             [0] KeyIdentifier           OPTIONAL,
      authorityCertIssuer       [1] GeneralNames            OPTIONAL,
      authorityCertSerialNumber [2] CertificateSerialNumber OPTIONAL  } 

In your case it's encoded as

      keyIdentifier             [0] KeyIdentifier

30  -- SEQUENCE 
 16 -- lenght
    80 -- [0]
	14 -- lenght
	   b2 b6 f2 cb eb d0 b2 26 79 eb 8b 99 74 77 e2 df 2f d5 20 69
-- KeyIdentifier

So, if you decode it properly, you will have AKI=b2 b6 f2 cb eb d0 b2 26
79 eb 8b 99 74 77 e2 df 2f d5 20 69.

Denis Issoupov
Senior Software Developer
ALACRIS Inc.
* Voice: 613-230-9762 x239  * Fax: 613-230-9702
* Cell: 613-294-5948
* E-mail: dissoupo@xxxxxxxxxxx * Web: www.alacris.com

Find out more about the best OCSP Client for Windows at
http://www.ocspclient.com
 



> -----Original Message-----
> From: Jong 't, D (Dennis) [mailto:D.Jong@xxxxxxxxxxxxxx] 
> Sent: Monday, October 21, 2002 7:29 AM
> To: 'ietf-pkix@xxxxxxx'
> Subject: Authority Key Identifier
> 
> 
> 
> LS,
> 
> I have a question regarding the Authority Key Identifier 
> (AKI) in an x509 certificate. When we resolve the AKI from 
> the "CERT_CONTEXT" (MS IIS), it returns a 24 bytes structure, 
> like: 30 16 80 14 b2 b6 f2 cb eb d0 b2 26 79 eb 8b 99 74 77 
> e2 df 2f d5 20 69
> 
> The AKI should be 20 bytes long (RFC 2459, 4.2.1.2 using 160 
> bit SHA-1),
> like:
> b2 b6 f2 cb eb d0 b2 26 79 eb 8b 99 74 77 e2 df 2f d5 20 69
> 
> Does anyone know the purpose of those 4 trailing bytes? If 
> Yes, is it save to cut them off to substract the original AKI?
> 
> Met vriendelijke groet/with kind regards,
>  
> Dennis 't Jong
> Technisch Specialist
> Windows Server Management O&O - Beveiliging 
> 
> Rabobank ICT           Tel:    +31 30 21 52772
> Kamer ZL-R255          Fax:    +31 30 21 51893
> Laan van Eikenstein 9  Mobiel: +31 6 24481180
> 3705 AR Zeist          Email:  D.Jong@xxxxxxxxxxxxxx 
> Nederland              Web:    http://www.RabobankICT.nl 
> 
> 
> 
> 
> ================================================
> De informatie opgenomen in dit bericht kan vertrouwelijk zijn en 
> is uitsluitend bestemd voor de geadresseerde. Indien u dit bericht 
> onterecht ontvangt, wordt u verzocht de inhoud niet te gebruiken en 
> de afzender direct te informeren door het bericht te retourneren. 
> ================================================
> The information contained in this message may be confidential 
> and is intended to be exclusively for the addressee. Should you 
> receive this message unintentionally, please do not use the contents 
> herein and notify the sender immediately by return e-mail.
> 
> 
>

Prev by Date: Re: Authority Key Identifier
Next by Date: RE: draft-ietf-pkix-logotypes-06.txt
Previous by thread: Re: Authority Key Identifier
Next by thread: RE: Authority Key Identifier
Index(es):
- Date
- Thread