CERT_KEY_ATTRIBUTES_INFO

The CERT_KEY_ATTRIBUTES_INFO structure contains optional additional information about the public key being certified. It can include a key identifier, an indication of the intended use of that key, and/or an indication of the period of use of the corresponding private key.

When the CryptDecodeObject or CryptDecodeObjectEx function is performed on a CERT_EXTENSION structure's Value member, and the structure's pszObjId member is set to "2.5.29.2", this CERT_KEY_ATTRIBUTES_INFO is output from the function call.

typedef struct _CERT_KEY_ATTRIBUTES_INFO {
    CRYPT_DATA_BLOB             KeyId;
    CRYPT_BIT_BLOB              IntendedKeyUsage;
    PCERT_PRIVATE_KEY_VALIDITY  pPrivateKeyUsagePeriod;  // optional
} CERT_KEY_ATTRIBUTES_INFO,    *PCERT_KEY_ATTRIBUTES_INFO;
 

Members

KeyId
The unique identifier of the key.
IntendedKeyUsage
This field indicates the intended purpose of the key, and is for use in finding the correct key or certificate of a user who has multiple keys or certificates. It is an advisory field and does not imply that usage of the key is restricted to the purpose indicated. The list of intended uses is not necessarily all-inclusive, and the field may be omitted. If the use of a key is to be restricted to a particular purpose, the key usage restriction extension shall be used. See the RestrictedKeyUsage field in CERT_KEY_USAGE_RESTRICTION_INFO for a list of bit values.
pPrivateKeyUsagePeriod
An optional data field. A pointer to a CERT_PRIVATE_KEY_VALIDITY structure that indicates the period of use of the private key corresponding to the certified public key.

See Also

BLOB Structure, CERT_PRIVATE_KEY_VALIDITY, CRYPT_BIT_BLOB