EldoS | Feel safer!

Software components for data protection, secure storage and transfer

SubjectKeyIdentifier from CertificateRequest

Posted: 04/03/2013 09:02:20
by David Eršil (Standard support level)
Joined: 01/15/2013
Posts: 38


I would like to ask you for help with following:

I am creating PKCS10 certificate request (using TElCertificateRequest class) to be sent to CA. This works fine, but I also need to get (and store) public key's SubjectKeyIdentifier for future use, as it is needed by the CA when fetching the newly issued certificate.
I know I can obtain SKID from certificate extension somehow, but am I able to get it directly from the request?

Thank you for your help.
Posted: 04/03/2013 09:06:27
by Vsevolod Ievgiienko (Team)

Thank you for contacting us.

You can use TElCertificateRequest.Extensions.SubjectKeyIdentifier to retrieve it.
Posted: 04/03/2013 09:38:03
by David Eršil (Standard support level)
Joined: 01/15/2013
Posts: 38

Thank you, Vsevolod. It seems so easy now :)

However, even if I "include" the ceSubjectKeyIdentifier into extensions before generating the request, when I try to access it, I get only two bytes of SKID (4 and 0), which seems odd to me. I would expect it to be much longer, even the help says that SBB uses SHA-1 hash...

My code is as following, should it be of any help:
request.Extensions.Included |= SBX509Ext.Unit.ceSubjectKeyIdentifier;
await request.GenerateAsync(nAlgorithm, nKeySize, nHash);
byte[] skid = request.Extensions.SubjectKeyIdentifier.Value;

I thought I might be using wrong property, but SubjectKeyIdentifier.KeyIdentifier has 0 bytes. And, to be complete, SubjectKeyIdentifier.OID has 3 bytes.
Posted: 04/04/2013 01:24:22
by Vsevolod Ievgiienko (Team)

Sorry, I forgot to write that you should also add croGenerateKeyIdentifier to TElCertificateRequest.Options. This option will force the component to generate SKID automatically.
Posted: 04/04/2013 02:34:07
by David Eršil (Standard support level)
Joined: 01/15/2013
Posts: 38

Yup, it seems to be working now :)
Thank you very much!



Topic viewed 659 times

Number of guests: 1, registered members: 0, in total hidden: 0


Back to top

As of July 15, 2016 EldoS business operates as a division of /n software, inc. For more information, please read the announcement.

Got it!