CERT_AUTHORITY_KEY_ID2_INFO

The CERT_AUTHORITY_KEY_ID2_INFO structure differs from the CERT_AUTHORITY_KEY_ID_INFO structure in that the certificate issuer (AuthorityCertIssuer) is in a CERT_ALT_NAME_INFO representation instead of the distinguished name representation where a CERT_NAME_BLOB is used. Otherwise, the structures are used in the same way.

The CERT_AUTHORITY_KEY_ID2_INFO structure, which can be used for either a certificate extension or a CRL extension, identifies the CA's key used to sign the certificate or CRL. It enables distinct keys used by the same CA to be differentiated (for example, as key updating occurs). The key may be identified by an explicit key identifier, by identification of a certificate for the key (giving certificate issuer and certificate serial number), or both. If both are used then the certificate issuer shall ensure that all three fields are consistent.

When the CryptDecodeObject or CryptDecodeObjectEx function is performed on a CERT_EXTENSION structure's Value member, and the structure's pszObjId member is set to "2.5.29.35", this CERT_AUTHORITY_KEY_ID2_INFO is output from the function call.

typedef struct _CERT_AUTHORITY_KEY_ID2_INFO {
    CRYPT_DATA_BLOB     KeyId;
    CERT_ALT_NAME_INFO  AuthorityCertIssuer;
    CRYPT_INTEGER_BLOB  AuthorityCertSerialNumber;
} CERT_AUTHORITY_KEY_ID2_INFO, *PCERT_AUTHORITY_KEY_ID2_INFO;
 

Members

KeyId
A unique identifier for a Certificate's public key.
AuthorityCertIssuer
Optional. Set its cAltEntry member to 0 to omit. The name of the CA that issued the certificate (encoded form).
AuthorityCertSerialNumber
The serial number of the certificate associated with the private key used to sign this certificate. See CERT_INFO for details.

See Also

CERT_ALT_NAME_INFO, CERT_AUTHORITY_KEY_ID_INFO