Appendix A: Certificate Request Structure
Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2
This appendix provides additional detailed information about the key archival process regarding the certificate request structure.
ASN.1 Structure
A certificate request for key archival to the CA is a CMC Full PKIRequest message as specified in RFC 2797. The ASN.1 structure used by the Windows Server 2003 CA is demonstrated in Figure 46.
.gif "Art Image")
Figure 46: CMC Request Message
Understanding the PKCS #7 Message Content Structure
The first section of the CMC message contains a PKCS #7 message that has the relevant elements for generating a certificate request.
Understanding the controlSequence TaggedAttribute Element
The TaggedAttribute element in the message contains the following information.
Extensions—The Extensions section of the TaggedAttribute element contains the following extensions.
Application Policies
Template Information
Key Usage
Enhanced Key Usage
Attributes—The Attributes section of the TaggedAttribute element contains the following data.
Common Name
Template Name to be used
Hash of the encrypted private key BLOB
Other request information
Understanding the reqSequence TaggedRequest Element
The reqSequence TaggedRequest element contains a nested PKCS #10 message. This message contains the user’s public key in addition to other information relevant for generating the certificate.
Understanding the cmsSequence TaggedContentInfo Element
The cmsSequence TaggedContentInfo element can contain nested PKCS #7 and CMC messages. In a standard archival request, this element is not used.
Understanding the otherMsgSequence OtherMsg Element
Not Used
Understanding the Signatures Structure
The signatures section of the CMC message contains one or more signatures used to sign the request. The following is an example of the signatures section.
Signer Count: 1
Signer Info[0]:
Signature matches request Public Key
CMSG_SIGNER_INFO_CMS_VERSION(3)
CERT_ID_KEY_IDENTIFIER(2)
0000 81 92 56 3a c4 31 f8 82 0c 54 c9 d0 98 4f d8 c5
0010 34 63 9e cc
Hash Algorithm:
Algorithm ObjectId: 1.3.14.3.2.26 sha1
Algorithm Parameters: NULL
Encrypted Hash Algorithm:
Algorithm ObjectId: 1.2.840.113549.1.1.1 RSA
Algorithm Parameters: NULL
Encrypted Hash:
0000 c1 ae 90 a7 a3 0b 52 66 ea c4 d0 04 17 2e 94 95
0010 14 20 06 ...
Understanding the Authenticated Attributes Structure
The authenticated attributes section contains additional authenticated attributes, such as Content Type, Message Digest, and Client Information. The following is an example of the authenticated attributes section.
Authenticated Attributes[0]:
3 attributes:
Attribute[0]: 1.2.840.113549.1.9.3 (Content Type)
Value[0][0]:
Unknown Attribute type
1.3.6.1.5.5.7.12.2 CMC Data
Attribute[1]: 1.2.840.113549.1.9.4 (Message Digest)
Value[1][0]:
Unknown Attribute type
Message Digest:
5e 1f 0f f0 28 a4 fe 91 0d c2 2f 1a 18 78 7e 2e 10 7f 17 39
Attribute[2]: 1.3.6.1.4.1.311.21.20 (Client Information)
Value[2][0]:
Unknown Attribute type
Client Id: = 1
XECI_XENROLL -- 1
User: CONTOSO0\avibm
Machine: dcross-stress.contoso.com
Process: certreq
Understanding the Unauthenticated Attributes Structure
The unauthenticated attributes section contains the encrypted private key. The private key is contained in an enveloped PKCS #7 message that is encrypted to the CA’s exchange key. Since this is an unauthenticated attribute, the SHA1 hash of the PKCS #7 message is included as one of the attributes of the controlSequence TaggedAttribute attributes.
The following is an example of the unauthenticated attributes section.
Unauthenticated Attributes[0]:
1 attributes:
Attribute[0]: 1.3.6.1.4.1.311.21.13 (Encrypted Private Key)
Value[0][0]:
Unknown Attribute type
================ Begin Nesting Level 1 ================
PKCS7 Message:
CMSG_ENVELOPED(3)
CMSG_ENVELOPED_DATA_PKCS_1_5_VERSION(0)
Content Type: 1.2.840.113549.1.7.1 PKCS 7 Data
PKCS7 Message Content:
0000 d4 a6 31 b6 5a ee 62 90 cc 17 b1 7a 6a 0d 40 9a
..1.Z.b....zj.@.
0010 33 fd 11 14 0b ae 12 bd 3b 32 b8 73 af cc 1b 76
3.......;2.s...v ...
Performing Binary Export for a Request
To view and decode a CMS key archival request from a Windows Server 2003 CA, it is necessary to do a binary export directly from the CA database. A binary export can be easily achieved through the Certification Authority MMC snap-in or by using the certutil.exe command-line tool.
Binary Request Export Using the Certification Authority MMC Snap-In Walkthrough
To export a binary request using the Certification Authority MMC Snap-in
Log on to the CA machine using a CA Administrator account.
Open the Certification Authority MMC snap-in.
Click the Issued Certificates folder.
If the binary request column has not been previously added to the database view, it must be added to support a binary request export. To add a column to the view, click View on the menu bar, and then select the Add/Remove Columns menu option.
In the Add/Remove Columns dialog box, select the Binary Request field in the Available Columns list box on the left.
Click Add, and then click OK.
Next, a binary request can be exported.
Select a request from the issued certificates view, and then click the Action menu.
Select Export Binary Data on the All Tasks menu.
In the Export Binary Data dialog box, choose Binary Request as the column you want to export.
Click OK.
The data will be exported into ASCII format that can be opened in Notepad using notepad.exe.
Note
Following the previous steps will generate a dump of the certificate archival request only; it does not include the private key material. To dump a full certificate archival request including the private key material, follow the command-line option.
Binary Request Export Using the CertUtil.exe Command-Line Tool Walkthrough
To use the certutil.exe to view the certificate request including private key material, a request file has to be generated first.
To generate a request file
Run Notepad.exe.
Paste the following certificate request information into Notepad.
[Version]
Signature= "$Windows NT$"
[NewRequest]
Subject = "CN=Test Subject"
KeySpec = 1
Exportable = FALSE
PrivateKeyArchive = TRUE
[RequestAttributes]
CertificateTemplate = EFS
Note
.gif "note") Note |
|---|
| Make sure that the CA is configured for key archival before starting this process. In this example, the EFS template is used; this should be changed to an existing certificate template that allows private key archival. |
</div></td>
</tr>
</tbody>
</table>
Save the file as CertificateRequest.inf, and then close Notepad.
Open the command-line window.
Type the following command.
Certreq –new CertificateRequest.inf CertificateRequest.req
Notes:
This command will prompt you to select the CA to fetch the CA exchange certificate from, and to encrypt the private key to.
This command will write the request to a file named by the last argument on the command line: CertificateRequest.req.
To avoid using the CA selection dialog, you can specify the CA via -config CAMachineDNSName\CACertCommonName before or after the –new option.
Type the following command.
certreq -submit CertificateRequest.req KeyArchival.cer KeyArchival. p7b KeyArchival.rsp
This command will prompt you to select the CA to submit the request to.
Notes:
This command will write the newly issued certificate, a PKCS7 containing only the issued certificate and chain, and the full CMC response to files named by the last three arguments on the command line: KeyArchival.cer, KeyArchival.p7b, and KeyArchival.rsp, respectively.
To avoid the U/I, you can specify the CA via -config CAMachineDNSName\CACertCommonName before or after the –submit.
Type the following command.
certreq -accept KeyArchival.rsp
This command verifies the response, installs the certificate, and associates it with the private key.
Type the following command.
Certutil –privatekey –dump CertificateRequest.req >CertificateRequest.txt
This command will generate a dump of the certificate archival request into the CertificateRequest.txt file.
Type the following command.
Certutil –privatekey –dump KeyArchival.rsp >CertificateResponse.txt
This command will generate a dump of the certificate archival response into the CertificateResponse.txt file.
For non-Windows Server 2003 clients or servers enrolling to a Windows Server 2003 CA, the format of the request may be different. The reason is that non-Windows Server 2003 platforms may not support CMC data structures and, therefore, may not be able to encode the request information inside a PKIData object. Instead, the request information may be inside the Data body but not encoded as a PKIData object.
Note
certreq.exe and other tools may be installed on a Windows Server 2003 Professional machine by installing the Administrative Tools (adminpak.msi) that are located in the \i386 directory on all Windows Server 2003 CD-ROM media.
CMC Request and Response Examples
Request:
SEQUENCE :
OBJECT IDENTIFIER : signedData [1.2.840.113549.1.7.2]
CONTEXT SPECIFIC (0) :
SEQUENCE :
INTEGER : 3
SET :
SEQUENCE :
OBJECT IDENTIFIER : sha1 [1.3.14.3.2.26]
NULL :
SEQUENCE :
OBJECT IDENTIFIER : [1.3.6.1.5.5.7.12.2]
CONTEXT SPECIFIC (0) :
OCTET STRING :
SEQUENCE :
SEQUENCE :
SEQUENCE :
INTEGER : 2
OBJECT IDENTIFIER : [1.3.6.1.5.5.7.7.8]
SET :
SEQUENCE :
INTEGER : 0
SEQUENCE :
INTEGER : 1
SEQUENCE :
SEQUENCE :
OBJECT IDENTIFIER : [1.3.6.1.4.1.311.21.10]
OCTET STRING :
SEQUENCE :
SEQUENCE :
OBJECT IDENTIFIER : encryptedFileSystem [1.3.6.1.4.1.311.10.3.4]
SEQUENCE :
OBJECT IDENTIFIER : keyUsage [2.5.29.15]
OCTET STRING :
BIT STRING UnusedBits:5 :
20
SEQUENCE :
OBJECT IDENTIFIER : extKeyUsage [2.5.29.37]
OCTET STRING :
SEQUENCE :
OBJECT IDENTIFIER : encryptedFileSystem [1.3.6.1.4.1.311.10.3.4]
SEQUENCE :
OBJECT IDENTIFIER : [1.3.6.1.4.1.311.21.7]
OCTET STRING :
SEQUENCE :
OBJECT IDENTIFIER :
[1.3.6.1.4.1.311.21.8.4014942.3497959.5914804.3829722.12246394.103.3066650.1537810]
INTEGER : 100
INTEGER : 2
SEQUENCE :
INTEGER : 3
OBJECT IDENTIFIER : [1.3.6.1.4.1.311.10.10.1]
SET :
SEQUENCE :
INTEGER : 0
SEQUENCE :
INTEGER : 1
SET :
SEQUENCE :
OBJECT IDENTIFIER : [1.3.6.1.4.1.311.21.21]
SET :
OCTET STRING :
9231E6C0B87445190EA2CA934B2807FF799
3C59F
SEQUENCE :
INTEGER : 4
OBJECT IDENTIFIER : [1.3.6.1.5.5.7.7.18]
SET :
OCTET STRING :
436572746966696361746554656D706C6174653D4172636
869766554657374426173696345465326
SEQUENCE :
CONTEXT SPECIFIC (0) :
INTEGER : 1
SEQUENCE :
SEQUENCE :
INTEGER : 0
SEQUENCE :
SET :
SEQUENCE :
OBJECT IDENTIFIER : commonName [2.5.4.3]
PRINTABLE STRING :
'Test Subject'
SEQUENCE :
SEQUENCE :
OBJECT IDENTIFIER : rsaEncryption [1.2.840.113549.1.1.1]
NULL :
BIT STRING UnusedBits:0 :
SEQUENCE :
INTEGER :
00DAFF7C6859557C698CDA4598222E8E90E
EB481889531E9F67F10C081F2545B060BE7
714E755325AC710774764DCA8120C6BEB7B
6EF74B0260EDD56DD299B242A94EE83C420
AC7FF0E694122E26EF67670782223C4E8D8
12C98047F24E10CF6A26FEBEEB826638924
F36B697CEA02EFC4CA0D108CB85047266AD
27DE582D181A1
INTEGER : 65537
CONTEXT SPECIFIC (0) :
SEQUENCE :
OBJECT IDENTIFIER : [1.3.6.1.4.1.311.13.2.3]
SET :
IA5 STRING :
'5.2.3790.2'
SEQUENCE :
OBJECT IDENTIFIER : [1.3.6.1.4.1.311.21.20]
SET :
SEQUENCE :
INTEGER : 1
UTF8 STRING :
'dcross-stress.contoso.com'
UTF8 STRING :
'CONTOSO0\avibm'
UTF8 STRING :
'certreq'
SEQUENCE :
OBJECT IDENTIFIER : [1.3.6.1.4.1.311.13.2.2]
SET :
SEQUENCE :
INTEGER : 1
BMP STRING :
'Microsoft Strong Cryptographic P'
'rovider'
BIT STRING UnusedBits:0 :
00000000000000000000000000000000
00000000000000000000000000000000
00000000000000000000000000000000
00000000000000000000000000000000
00000000000000000000000000000000
00000000000000000000000000000000
00000000000000000000000000000000
00000000000000000000000000000000
0000000000000000
SEQUENCE :
OBJECT IDENTIFIER : extensionReq [1.2.840.113549.1.9.14]
SET :
SEQUENCE :
SEQUENCE :
OBJECT IDENTIFIER : sMIMECapabilities [1.2.840.113549.1.9.15]
OCTET STRING :
SEQUENCE :
SEQUENCE :
OBJECT IDENTIFIER : rc2CBC [1.2.840.113549.3.2]
INTEGER : 128
SEQUENCE :
OBJECT IDENTIFIER : rc4 [1.2.840.113549.3.4]
INTEGER : 128
SEQUENCE :
OBJECT IDENTIFIER : desCBC [1.3.14.3.2.7]
SEQUENCE :
OBJECT IDENTIFIER : DES-EDE3-CBC [1.2.840.113549.3.7]
SEQUENCE :
OBJECT IDENTIFIER : subjectKeyIdentifier [2.5.29.14]
OCTET STRING :
OCTET STRING :
8192563AC431F8820C54C9D098
4FD8C534639ECC
SEQUENCE :
OBJECT IDENTIFIER : [1.3.6.1.4.1.311.21.10]
OCTET STRING :
SEQUENCE :
SEQUENCE :
OBJECT IDENTIFIER : encryptedFileSystem [1.3.6.1.4.1.311.10.3.4]
SEQUENCE :
OBJECT IDENTIFIER : keyUsage [2.5.29.15]
OCTET STRING :
BIT STRING UnusedBits:5 :
20
SEQUENCE :
OBJECT IDENTIFIER : extKeyUsage [2.5.29.37]
OCTET STRING :
SEQUENCE :
OBJECT IDENTIFIER : encryptedFileSystem [1.3.6.1.4.1.311.10.3.4]
SEQUENCE :
OBJECT IDENTIFIER : [1.3.6.1.4.1.311.21.7]
OCTET STRING :
SEQUENCE :
OBJECT IDENTIFIER :
[1.3.6.1.4.1.311.21.8.4014942.3497959.5914804.3829722.12246394.103.3066650.1537810]
INTEGER : 100
INTEGER : 2
SEQUENCE :
OBJECT IDENTIFIER : sha1withRSAEncryption [1.2.840.113549.1.1.5]
NULL :
BIT STRING UnusedBits:0 :
31E945A575155D8F91E972DB26A52C8FAE16D7F5074365D
C2E585C8718AB09A4FBB67D8A78A63C76B14482A1DEDCAA
5B234035F3CFFABCAF3DEC24C5944ACE46A1BAFE857F310
7C21105C817FA88C0CCB23B88D2684327B40CB99E9A059F
3B95BAC6423740CA1B46B4DC58664863325004DCA2857C2
2B4117942CC7D39E86900
SEQUENCE :
SEQUENCE :
SET :
SEQUENCE :
INTEGER : 3
CONTEXT SPECIFIC (0) :
8192563AC431F8820C54C9D0984FD8C534639ECC
SEQUENCE :
OBJECT IDENTIFIER : sha1 [1.3.14.3.2.26]
NULL :
CONTEXT SPECIFIC (0) :
SEQUENCE :
OBJECT IDENTIFIER : contentType [1.2.840.113549.1.9.3]
SET :
OBJECT IDENTIFIER : [1.3.6.1.5.5.7.12.2]
SEQUENCE :
OBJECT IDENTIFIER : messageDigest [1.2.840.113549.1.9.4]
SET :
OCTET STRING :
5E1F0FF028A4FE910DC22F1A18787E2E107F1739
SEQUENCE :
OBJECT IDENTIFIER : [1.3.6.1.4.1.311.21.20]
SET :
SEQUENCE :
INTEGER : 1
UTF8 STRING :
'dcross-stress.contoso.com'
UTF8 STRING : 'CONTOSO0\avibm'
UTF8 STRING : 'certreq'
SEQUENCE :
OBJECT IDENTIFIER : rsaEncryption [1.2.840.113549.1.1.1]
NULL :
OCTET STRING :
C1AE90A7A30B5266EAC4D004172E949514200653AA5EA3C2BF17C7731DA8EB
1A635CE1DC4F5AD9FB44EF2D9E8C9F961800DBEBC1ADE14E0459A8B46880DF
01A177FC9B02B89113638F3A6A3B3ED0765BD16B905D6BCB404F65E79AAB12
97F2F9F52D68D13373D41D510D97A954800368F8DEDEE13D8635EBF4364512
17407F1A
CONTEXT SPECIFIC (1) :
SEQUENCE :
OBJECT IDENTIFIER : [1.3.6.1.4.1.311.21.13]
SET :
SEQUENCE :
OBJECT IDENTIFIER : envelopedData [1.2.840.113549.1.7.3]
CONTEXT SPECIFIC (0) :
SEQUENCE :
INTEGER : 0
SET :
SEQUENCE :
INTEGER : 0
SEQUENCE :
SEQUENCE :
SET :
SEQUENCE :
OBJECT IDENTIFIER : domainComponent [0.9.2342.19200300.100.1.25]
IA5 STRING :
'com'
SET :
SEQUENCE :
OBJECT IDENTIFIER : domainComponent [0.9.2342.19200300.100.1.25]
IA5 STRING :
'contoso'
SET :
SEQUENCE :
OBJECT IDENTIFIER : commonName [2.5.4.3]
PRINTABLE STRING :
'TestEnrollment'
INTEGER :
18D0100D00000000005B
SEQUENCE :
OBJECT IDENTIFIER : rsaEncryption [1.2.840.113549.1.1.1]
NULL :
OCTET STRING :
A41AAE9CDA66F283D6D4BC829D2F58BCECFD3F
5A57EC8AE14021179AE5F93F03AE90747FD300
4573ED78F802E02AB3C6ADEDEAA367069DA399
8E1D2D34ABEEFF0F8DE2CB76078C56D883BD94
D7CE9C5CD75F5E3F442A467F74E07C5A434E4A
F1BDD6EC493F3A870764B6CC6446FA5D674255
D93F248DE23E0D96902C79901800
SEQUENCE :
OBJECT IDENTIFIER : data [1.2.840.113549.1.7.1]
SEQUENCE :
OBJECT IDENTIFIER : DES-EDE3-CBC [1.2.840.113549.3.7]
OCTET STRING :
06003B8D3EB4B44C
CONTEXT SPECIFIC (0) :
D4A631B65AEE6290CC17B17A6A0D409A33FD11140
BAE12BD3B32B873AFCC1B76A4022D0FB2B50E431A
1E48C8D45865EC5B730D7357D61C9495235143381
19CDBF34C5455B73C9FF38AEFBC4E32DD8145647B
46B0B4A60D29D062051F116C6BA49253D4590944A
7CCB70F43E7E850B34DE55074B3C5FF5AE1C5A18C
6BC271D1F2BC3FBBE19558252C894110CC801292D
63DA1485BDB957270E6C1A38FE33D672EA3E8D031
CD7BCFEF5C738818DCC43A6F76F3EC81701C561DF
9FA6032C47236D9A16973BDF6A033F4925CC5B491
C00C635C65F744C8FEBE19B1EDD2172AE3A7CFB70
87A6BCAE7BB52BCEEF412889C4A45ACAE0ACC0E43
A14C7AA34FB4B4C49360ADD0C65D1494B792E04D7
8D43C2EDB79974B5C08C87E0C72767C26A2EBF6F0
E273269D139F2D6F451301944B76218D9BD4C5931
50C79FA5DA1AF1383E5342EC2F5318E2404774345
B82A0CB4EE26FC0D59A1D18EDBBEFF6135675D014
293470B301CC59387C4E627E1F6B038A158A927B9
160387104BFC5466B7FB4107DF02D136E076F2CAD
94718ADD9F93C0D376A80A6E3796C6236888E6517
1D36A0F3BFAA8B8E44FC8DA426F3F19128A910D83
71A7D68CDFEFCA0BBF32888D8AC679975AE43BB6D
209D61F82EEA2463616E905177E929CFD3D85C8ED
8ED1EDCECA01CA1580960E87D57591817C863FE33
757F527DC7C6457ED5CEDC3BE1597A05BFB10A145
522C98AF266A992CC607434D3421D57A80195D052
557AE89652193B840FC27CB343C2C242445453E78
9E6E397DFC84363B4EAE801DF1BE2993D1AF13256
A1390C4B7D51127CC55FF0B1184D4E87967961E86
B722E1048C0
Response:
SEQUENCE :
OBJECT IDENTIFIER : signedData [1.2.840.113549.1.7.2]
CONTEXT SPECIFIC (0) :
SEQUENCE :
INTEGER : 3
SET :
SEQUENCE :
OBJECT IDENTIFIER : sha1 [1.3.14.3.2.26]
NULL :
SEQUENCE :
OBJECT IDENTIFIER : [1.3.6.1.5.5.7.12.3]
CONTEXT SPECIFIC (0) :
OCTET STRING :
SEQUENCE :
SEQUENCE :
SEQUENCE :
INTEGER : 1
OBJECT IDENTIFIER : [1.3.6.1.5.5.7.7.1]
SET :
SEQUENCE :
INTEGER : 0
SEQUENCE :
INTEGER : 1
UTF8 STRING : 'Issued'
SEQUENCE :
INTEGER : 2
OBJECT IDENTIFIER : [1.3.6.1.4.1.311.10.10.1]
SET :
SEQUENCE :
INTEGER : 0
SEQUENCE :
INTEGER : 1
SET :
SEQUENCE :
OBJECT IDENTIFIER : [1.3.6.1.4.1.311.21.17]
SET :
OCTET STRING :
DE73D68A50323310A01EEDDF66188213DC9
CD490
SEQUENCE :
OBJECT IDENTIFIER : [1.3.6.1.4.1.311.21.21]
SET :
OCTET STRING :
9231E6C0B87445190EA2CA934B2807FF799
3C59F
SEQUENCE :
SEQUENCE :
CONTEXT SPECIFIC (0) :
SEQUENCE :
SEQUENCE :
CONTEXT SPECIFIC (0) :
INTEGER : 2
INTEGER :
172B1FB96BBBF2BA49A64EBEA41833EF
SEQUENCE :
OBJECT IDENTIFIER : sha1withRSAEncryption [1.2.840.113549.1.1.5]
NULL :
SEQUENCE :
SET :
SEQUENCE :
OBJECT IDENTIFIER : domainComponent [0.9.2342.19200300.100.1.25]
IA5 STRING : 'com'
SET :
SEQUENCE :
OBJECT IDENTIFIER : domainComponent [0.9.2342.19200300.100.1.25]
IA5 STRING : 'contoso'
SET :
SEQUENCE :
OBJECT IDENTIFIER : commonName [2.5.4.3]
PRINTABLE STRING :
'TestEnrollment'
SEQUENCE :
UTC TIME : '040210162354Z'
UTC TIME : '090210162738Z'
SEQUENCE :
SET :
SEQUENCE :
OBJECT IDENTIFIER : domainComponent [0.9.2342.19200300.100.1.25]
IA5 STRING : 'com'
SET :
SEQUENCE :
OBJECT IDENTIFIER : domainComponent [0.9.2342.19200300.100.1.25]
IA5 STRING : 'contoso'
SET :
SEQUENCE :
OBJECT IDENTIFIER : commonName [2.5.4.3]
PRINTABLE STRING :
'TestEnrollment'
SEQUENCE :
SEQUENCE :
OBJECT IDENTIFIER : rsaEncryption [1.2.840.113549.1.1.1]
NULL :
BIT STRING UnusedBits:0 :
SEQUENCE :
INTEGER :
00E23136361B94412ABD67C376C6AC882B50F45D9AD28719C1
5B0F3125CB352E19F5A381A33FF2971CC4702747BD94C3EE93
75493C1A48F5174BE1F8135CCFB641F3EE6042C4771E8E176A
7B65E49E407903072C28E2CC92153454664630FDA3CC70A805
086B586592AF45BFFE5CC82DCF1ED622DD9BE4ECF64D635600
9338C96F7D2EF77447F3ACD2AFC9C76EBC7A77DAAA9245A0EE
0398D041B37DD78BD77C46D84A808AECDB88EC4319B1E6ADB9
19053A84D3403163003EE696F65E0A55F5EA7A4955870D451E
E4A0AB684EE6ED503437A3F4388DC96A00A9F7D26E3527B3D0
F657EFB8E431B24A97ADBD1475DAF545B9754856200E640E42
CA8BF78614A953
INTEGER : 65537
CONTEXT SPECIFIC (3) :
SEQUENCE :
SEQUENCE :
OBJECT IDENTIFIER : [1.3.6.1.4.1.311.20.2]
OCTET STRING :
BMP STRING : 'CA'
SEQUENCE :
OBJECT IDENTIFIER : keyUsage [2.5.29.15]
OCTET STRING :
BIT STRING UnusedBits:1 :
86
SEQUENCE :
OBJECT IDENTIFIER : basicConstraints [2.5.29.19]
BOOLEAN : 'FF'
OCTET STRING :
SEQUENCE :
BOOLEAN : 'FF'
SEQUENCE :
OBJECT IDENTIFIER : subjectKeyIdentifier [2.5.29.14]
OCTET STRING :
OCTET STRING :
10C8E49879236E65350924C24EFB074EFB5F4AA0
SEQUENCE :
OBJECT IDENTIFIER : cRLDistributionPoints [2.5.29.31]
OCTET STRING :
SEQUENCE :
SEQUENCE :
CONTEXT SPECIFIC (0) :
CONTEXT SPECIFIC (0) :
CONTEXT SPECIFIC (6) :
'ldap:///CN=TestEnrollment,CN=dcross'
'-stress,CN=CDP,CN=Public%20Key%20Se'
'rvices,CN=Services,CN=Configuration'
',DC=contoso,DC=com?certificateRevoc'
'ationList?base?objectClass=cRLDistr'
'ibutionPoint'
CONTEXT SPECIFIC (6) :
'https://dcross-stress.contoso.com/Ce'
'rtEnroll/TestEnrollment.crl'
SEQUENCE :
OBJECT IDENTIFIER : [1.3.6.1.4.1.311.21.1]
OCTET STRING :
INTEGER : 0
SEQUENCE :
OBJECT IDENTIFIER : sha1withRSAEncryption [1.2.840.113549.1.1.5]
NULL :
BIT STRING UnusedBits:0 :
CA9E6760A8DFB0D213E90D7450B5C7A7C5C920760D01EB45E4F46A23780841
40EDE1A37BA123934C06A39F9638F86C9A50258E43E71DE44239A20DFD6EAE
C636F6B50C964EF23A72B349F35530A96CC99AF8937F22F684AF5E39E64C90
F49C0D87621BBB13DE9FAF84609C26C5ECEB37F479CAEF826D36C19FD5C80D
B865D0C6FF287DE8FF0CD3FE0476E514ED82D9A23DCB684D28E3B93A229A7B
D4DAF89E9A2F2D62599B91E8746830BCF88947611A82E9893137ABBA74B489
6C9C1492DCA2A7FA75F46451C7838EC0E9FB5D9222D3895C116C2C13E3995F
6D56ACB5F62FD7B764FAAB5AF0B5EA73AF3211B40AE44697DCB6E0D28E88E9
00037A506832C0BA
SEQUENCE :
SEQUENCE :
CONTEXT SPECIFIC (0) :
INTEGER : 2
INTEGER : '18E922D0000000000060'
SEQUENCE :
OBJECT IDENTIFIER : sha1withRSAEncryption [1.2.840.113549.1.1.5]
NULL :
SEQUENCE :
SET :
SEQUENCE :
OBJECT IDENTIFIER : domainComponent [0.9.2342.19200300.100.1.25]
IA5 STRING : 'com'
SET :
SEQUENCE :
OBJECT IDENTIFIER : domainComponent [0.9.2342.19200300.100.1.25]
IA5 STRING : 'contoso'
SET :
SEQUENCE :
OBJECT IDENTIFIER : commonName [2.5.4.3]
PRINTABLE STRING :
'TestEnrollment'
SEQUENCE :
UTC TIME : '040812185455Z'
UTC TIME : '050812185455Z'
SEQUENCE :
SET :
SEQUENCE :
OBJECT IDENTIFIER : domainComponent [0.9.2342.19200300.100.1.25]
IA5 STRING : 'com'
SET :
SEQUENCE :
OBJECT IDENTIFIER : domainComponent [0.9.2342.19200300.100.1.25]
IA5 STRING : 'contoso'
SET :
SEQUENCE :
OBJECT IDENTIFIER : commonName [2.5.4.3]
PRINTABLE STRING : 'Users'
SET :
SEQUENCE :
OBJECT IDENTIFIER : commonName [2.5.4.3]
PRINTABLE STRING :
'Avi Ben-Menahem'
SEQUENCE :
SEQUENCE :
OBJECT IDENTIFIER : rsaEncryption [1.2.840.113549.1.1.1]
NULL :
BIT STRING UnusedBits:0 :
SEQUENCE :
INTEGER :
00DAFF7C6859557C698CDA4598222E8E90EEB481889531E9F6
7F10C081F2545B060BE7714E755325AC710774764DCA8120C6
BEB7B6EF74B0260EDD56DD299B242A94EE83C420AC7FF0E694
122E26EF67670782223C4E8D812C98047F24E10CF6A26FEBEE
B826638924F36B697CEA02EFC4CA0D108CB85047266AD27DE5
82D181A1
INTEGER : 65537
CONTEXT SPECIFIC (3) :
SEQUENCE :
SEQUENCE :
OBJECT IDENTIFIER : sMIMECapabilities [1.2.840.113549.1.9.15]
OCTET STRING :
SEQUENCE :
SEQUENCE :
OBJECT IDENTIFIER : rc2CBC [1.2.840.113549.3.2]
INTEGER : 128
SEQUENCE :
OBJECT IDENTIFIER : rc4 [1.2.840.113549.3.4]
INTEGER : 128
SEQUENCE :
OBJECT IDENTIFIER : desCBC [1.3.14.3.2.7]
SEQUENCE :
OBJECT IDENTIFIER : DES-EDE3-CBC [1.2.840.113549.3.7]
SEQUENCE :
OBJECT IDENTIFIER : subjectKeyIdentifier [2.5.29.14]
OCTET STRING :
OCTET STRING :
8192563AC431F8820C54C9D0984FD8C534639ECC
SEQUENCE :
OBJECT IDENTIFIER : [1.3.6.1.4.1.311.21.10]
OCTET STRING :
SEQUENCE :
SEQUENCE :
OBJECT IDENTIFIER : encryptedFileSystem [1.3.6.1.4.1.311.10.3.4]
SEQUENCE :
OBJECT IDENTIFIER : keyUsage [2.5.29.15]
OCTET STRING :
BIT STRING UnusedBits:5 :
20
SEQUENCE :
OBJECT IDENTIFIER : extKeyUsage [2.5.29.37]
OCTET STRING :
SEQUENCE :
OBJECT IDENTIFIER : encryptedFileSystem [1.3.6.1.4.1.311.10.3.4]
SEQUENCE :
OBJECT IDENTIFIER : [1.3.6.1.4.1.311.21.7]
OCTET STRING :
SEQUENCE :
OBJECT IDENTIFIER :
[1.3.6.1.4.1.311.21.8.4014942.3497959.5914804.3829722.12246394.103.3066650.1537810]
INTEGER : 100
INTEGER : 2
SEQUENCE :
OBJECT IDENTIFIER : authorityKeyIdentifier [2.5.29.35]
OCTET STRING :
SEQUENCE :
CONTEXT SPECIFIC (0) :
10C8E49879236E65350924C24EFB074EFB5F4AA0
SEQUENCE :
OBJECT IDENTIFIER : cRLDistributionPoints [2.5.29.31]
OCTET STRING :
SEQUENCE :
SEQUENCE :
CONTEXT SPECIFIC (0) :
CONTEXT SPECIFIC (0) :
CONTEXT SPECIFIC (6) :
'ldap:///CN=TestEnrollment,CN=dcross'
'-stress,CN=CDP,CN=Public%20Key%20Se'
'rvices,CN=Services,CN=Configuration'
',DC=contoso,DC=com?certificateRevoc'
'ationList?base?objectClass=cRLDistr'
'ibutionPoint'
CONTEXT SPECIFIC (6) :
'https://dcross-stress.contoso.com/Ce'
'rtEnroll/TestEnrollment.crl'
SEQUENCE :
OBJECT IDENTIFIER : authorityInfoAccess [1.3.6.1.5.5.7.1.1]
OCTET STRING :
SEQUENCE :
SEQUENCE :
OBJECT IDENTIFIER : caIssuers [1.3.6.1.5.5.7.48.2]
CONTEXT SPECIFIC (6) :
'ldap:///CN=TestEnrollment,CN=AIA,CN=Publi'
'c%20Key%20Services,CN=Services,CN=Configu'
'ration,DC=contoso,DC=com?cACertificate?ba'
'se?objectClass=certificationAuthority'
SEQUENCE :
OBJECT IDENTIFIER : caIssuers [1.3.6.1.5.5.7.48.2]
CONTEXT SPECIFIC (6) :
'https://dcross-stress.contoso.com/CertEnro'
'll/dcross-stress.contoso.com_TestEnrollme'
'nt.crt'
SEQUENCE :
OBJECT IDENTIFIER : subjectAltName [2.5.29.17]
OCTET STRING :
SEQUENCE :
CONTEXT SPECIFIC (0) :
OBJECT IDENTIFIER : [1.3.6.1.4.1.311.20.2.3]
CONTEXT SPECIFIC (0) :
UTF8 STRING :
'avibm@contoso.com'
SEQUENCE :
OBJECT IDENTIFIER : sha1withRSAEncryption [1.2.840.113549.1.1.5]
NULL :
BIT STRING UnusedBits:0 :
9D0000D2CC5668BEE443EBDE5EE4CADA5D61C17C00B262A3F231726FD2E7A8
500603B89BE123D577FA2AE592567FB96743A6AE9B57AE089B1C205D6552F5
5D60DD825D94D27301527FDB275035473DFC16A4F0C4886036A50CA1D320E3
D284744CC0E552D1FFB24CD6110E6B17C86F830B5CC7A7E1791930320373CA
C4E667BC372983597713CF8608389A6C82F9079FF8666C867BF2243DE5A22C
20DBDBAD788A77758B68D9260EA5040A2F5C97C1AD80144F06F714D20BF671
96BE5774D16080A9EAA5933C3C7EA34AE3F41DC001E0C2F83EA7AFAADA4812
D0F27C48E288A20C44F085F328CCE6F478D6E4E89131D8EF43DA7B23DA39C9
8CB15DE2EBA2BC8F
SET :
SEQUENCE :
INTEGER : 1
SEQUENCE :
SEQUENCE :
SET :
SEQUENCE :
OBJECT IDENTIFIER : domainComponent [0.9.2342.19200300.100.1.25]
IA5 STRING : 'com'
SET :
SEQUENCE :
OBJECT IDENTIFIER : domainComponent [0.9.2342.19200300.100.1.25]
IA5 STRING : 'contoso'
SET :
SEQUENCE :
OBJECT IDENTIFIER : commonName [2.5.4.3]
PRINTABLE STRING :
'TestEnrollment'
INTEGER :
172B1FB96BBBF2BA49A64EBEA41833EF
SEQUENCE :
OBJECT IDENTIFIER : sha1 [1.3.14.3.2.26]
NULL :
CONTEXT SPECIFIC (0) :
SEQUENCE :
OBJECT IDENTIFIER : contentType [1.2.840.113549.1.9.3]
SET :
OBJECT IDENTIFIER : [1.3.6.1.5.5.7.12.3]
SEQUENCE :
OBJECT IDENTIFIER : messageDigest [1.2.840.113549.1.9.4]
SET :
OCTET STRING :
17CEEAA968CDD0A92DFC7E9AA174F87755AD8A87
SEQUENCE :
OBJECT IDENTIFIER : rsaEncryption [1.2.840.113549.1.1.1]
NULL :
OCTET STRING :
C5D3AC35D5AAE5766640A2EF87D8ED005BB9BD63D51B10D803EEFEA1261161
3031241F695A2EDFF0240EE624D22FECB5AB6B74FD97A5DB12B3B873558AD5
0BC6DB59E438A7150A27749F53CBA447CD0751D7D49EEE3EBD1BBB20234887
5DD11DE26764DDEB2EBFA1E0023DD8CECF9C2530E2D0886FF26EAB747635A7
A57B7CA154BD0083A1DA891A35C3CD7EF5BA735FBCD2FD811FABE68C988C4D
172572BE63AE0575CF646756D4E66B2B127A699119368AAFB8B54661D317AF
2DF2622A0FFF01F18D5EF261E830107BD7F58848813CA6C0F8BF681A214E37
13618340D6DE9594829FB2B2DB1CFF973DC01F22D982846E474DDB9767D1BF
51E8C66F934593B5
Recovery BLOB Structure
When stored in the CA database, the private key is stored as a PKCS #7 message, encrypted with a 3DES symmetric key that is encrypted to the KRA(s) public key as a column in the CA database. When the recovery BLOB is retrieved by the certutil –getkey command, the encrypted PKCS #7 and the KRA certificate hashes are retrieved from the database. Also, the encrypted PKCS #7 is wrapped inside a signed PKCS #7 to allow collecting the previous certificates and attaching them to the signed PKCS #7. The PKCS #7 is not protected with a password since it is already protected by the public key of the recovery agent(s). The outer PKCS #7 wrapper can contain the certificate chains for the recovery agent(s) and the end-entity to facilitate the recovery operations and construction of the end-entity PKCS #12 file. Figure 47 illustrates the recovery BLOB structure.
The recovery BLOB consists of wrapping the encrypted PKCS #7 in the database in another (signed) PKCS #7 to allow a number of certificates to be included in the recovery BLOB. The returned certificates include the full chain of the user certificate being recovered, the chain of the signing CA certificate (which may differ from the CA certificate under which the user certificate was issued), and the KRA certificates to which the key was encrypted. The szOID_ARCHIVED_KEY_CERT_HASH(1.3.6.1.4.1.311.21.16) is an attribute containing the SHA-1 hash of the certificate for the key being recovered, attached as an authenticated attribute to the CA signature of the recovery BLOB. This allows certutil -recoverkey recoveryblobfile to also display the Subject name of the KRA certificate(s) used to protect the private key BLOB.
.gif "Art Image")
Figure 47: Recovery BLOB
ASN.1 Structure
The following is the ASN.1 structure of the PKCS #7 EnvelopedData object.
EnvelopedData ::= SEQUENCE {
version Version,
recipientInfos RecipientInfos,
encryptedContentInfo EncryptedContentInfo
}
Storing the recovery BLOB as an enveloped PKCS #7 enables a recovery agent to retrieve the recovery BLOB from the CA database. The recovery agent’s private key is used to decrypt the EncryptedContentInfo to extract the PKCS #12 data. The following is the ASN.1 structure of the EncryptedContentInfo body.
EncryptedContentInfo ::= SEQUENCE {
contentType ContentType,
contentEncryptionAlgorithm ContentEncryptionAlgorithmIdentifier,
encryptedContent[0] IMPLICIT EncryptedContent OPTIONAL
}
By definition, there can be multiple recovery agent certificates specified by RecipientInfo, where IssuerAndSerialNumber is used to disambiguate between multiple recovery agent certificates. Only the recovery agent certificates included in the RecipientInfo body of the enveloped PKCS #7 object can be used to recover the archived key material. The following is the ASN.1 structure of the RecipientInfo body.
RecipientInfo ::= SEQUENCE {
version Version,
issuerAndSerialNumber IssuerAndSerialNumber,
keyEncryptionAlgorithm KeyEncryptionAlgorithmIdentifier,
encryptedKey EncryptedKey
}