TElSubjectKeyIdentifierExtension is a descendant of TElCustomExtension class.
The following paragraph is taken from RFC 2459 (Housley, et. al.), part 22.214.171.124:
«The subject key identifier extension provides a means of identifying certificates that contain a particular public key.
To facilitate chain building, this extension MUST appear in all con- forming CA certificates, that is, all certificates including the basic constraints extension where the value of cA is TRUE. The value of the subject key identifier MUST be the value placed in the key identifier field of the Authority Key Identifier extension of certificates issued by the subject of this certificate.
For CA certificates, subject key identifiers SHOULD be derived from the public key or a method that generates unique values. Two common methods for generating key identifiers from the public key are:
For end entity certificates, the subject key identifier extension provides a means for identifying certificates containing the particular public key used in an application. Where an end entity has obtained multiple certificates, especially from multiple CAs, the subject key identifier provides a means to quickly identify the set of certificates containing a particular public key. To assist applications in identification the appropriate end entity certificate, this extension SHOULD be included in all end entity certificates.
For end entity certificates, subject key identifiers SHOULD be derived from the public key. Two common methods for generating key identifiers from the public key are identified above.
Where a key identifier has not been previously established, this specification recommends use of one of these methods for generating keyIdentifiers.
This extension MUST NOT be marked critical.»
SecureBlackbox uses SHA-1 hash algorithm output as key identifiers.