CERT_AUTHORITY_KEY_ID_INFO

The CERT_AUTHORITY_KEY_ID_INFO structure, which can be used for either a certificate extension or a CRL extension, identifies the CA's key used to sign the certificate or CRL. It enables distinct keys used by the same CA to be differentiated (for example, as key updating occurs). The key may be identified by an explicit key identifier, by identification of a certificate for the key (giving certificate issuer and certificate serial number), or both. If both are used then the certificate issuer shall ensure that all three fields are consistent.

When the CryptDecodeObject or CryptDecodeObjectEx function is performed on a CERT_EXTENSION structure's Value member, and the structure's pszObjId member is set to "2.5.29.1", this CERT_AUTHORITY_KEY_ID_INFO is output from the function call.

typedef struct _CERT_AUTHORITY_KEY_ID_INFO {
    CRYPT_DATA_BLOB              KeyId;
    CERT_NAME_BLOB               CertIssuer;
    CRYPT_INTEGER_BLOB           CertSerialNumber;
 } CERT_AUTHORITY_KEY_ID_INFO,  *PCERT_AUTHORITY_KEY_ID_INFO;
 

Members

KeyId
A unique identifier for a Certificate's public key.
CertIssuer
The distinguished name of the CA that issued the certificate (encoded form).
CertSerialNumber
The serial number of the certificate associated with the private key used to sign this certificate. See CERT_INFO for details.

See Also

BLOB Structure