Freigeben über

Appendix A: Certificate Request Structure

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

This appendix provides additional detailed information about the key archival process regarding the certificate request structure.

ASN.1 Structure

A certificate request for key archival to the CA is a CMC Full PKIRequest message as specified in RFC 2797. The ASN.1 structure used by the Windows Server 2003 CA is demonstrated in Figure 46.

Art Image

Figure 46:  CMC Request Message

Understanding the PKCS #7 Message Content Structure

The first section of the CMC message contains a PKCS #7 message that has the relevant elements for generating a certificate request.

Understanding the controlSequence TaggedAttribute Element

The TaggedAttribute element in the message contains the following information.

  • Extensions—The Extensions section of the TaggedAttribute element contains the following extensions.

    • Application Policies

    • Template Information

    • Key Usage

    • Enhanced Key Usage

  • Attributes—The Attributes section of the TaggedAttribute element contains the following data.

    • Common Name

    • Template Name to be used

    • Hash of the encrypted private key BLOB  

  • Other request information

Understanding the reqSequence TaggedRequest Element

The reqSequence TaggedRequest element contains a nested PKCS #10 message. This message contains the user’s public key in addition to other information relevant for generating the certificate.

Understanding the cmsSequence TaggedContentInfo Element

The cmsSequence TaggedContentInfo element can contain nested PKCS #7 and CMC messages. In a standard archival request, this element is not used.

Understanding the otherMsgSequence OtherMsg Element

Not Used

Understanding the Signatures Structure

The signatures section of the CMC message contains one or more signatures used to sign the request. The following is an example of the signatures section.

Signer Count: 1 
Signer Info[0]: 
Signature matches request Public Key 
    0000  81 92 56 3a c4 31 f8 82  0c 54 c9 d0 98 4f d8 c5 
    0010  34 63 9e cc 
Hash Algorithm: 
    Algorithm ObjectId: sha1 
    Algorithm Parameters: NULL 
Encrypted Hash Algorithm: 
    Algorithm ObjectId: 1.2.840.113549.1.1.1 RSA 
    Algorithm Parameters: NULL 
Encrypted Hash: 
    0000  c1 ae 90 a7 a3 0b 52 66  ea c4 d0 04 17 2e 94 95 
    0010  14 20 06 ...

Understanding the Authenticated Attributes Structure

The authenticated attributes section contains additional authenticated attributes, such as Content Type, Message Digest, and Client Information. The following is an example of the authenticated attributes section.

Authenticated Attributes[0]: 
  3 attributes: 
  Attribute[0]: 1.2.840.113549.1.9.3 (Content Type) 
    Unknown Attribute type CMC Data 
  Attribute[1]: 1.2.840.113549.1.9.4 (Message Digest) 
    Unknown Attribute type 
    Message Digest: 
        5e 1f 0f f0 28 a4 fe 91 0d c2 2f 1a 18 78 7e 2e 10 7f 17 39 
  Attribute[2]: (Client Information) 
    Unknown Attribute type 
    Client Id: = 1 
    XECI_XENROLL -- 1 
    User: CONTOSO0\avibm 
    Process: certreq

Understanding the Unauthenticated Attributes Structure

The unauthenticated attributes section contains the encrypted private key. The private key is contained in an enveloped PKCS #7 message that is encrypted to the CA’s exchange key. Since this is an unauthenticated attribute, the SHA1 hash of the PKCS #7 message is included as one of the attributes of the controlSequence TaggedAttribute attributes.

The following is an example of the unauthenticated attributes section.

Unauthenticated Attributes[0]: 
  1 attributes: 
  Attribute[0]: (Encrypted Private Key) 
    Unknown Attribute type 
================ Begin Nesting Level 1 ================ 
PKCS7 Message: 
  Content Type: 1.2.840.113549.1.7.1 PKCS 7 Data 
PKCS7 Message Content: 
0000    d4 a6 31 b6 5a ee 62 90  cc 17 b1 7a 6a 0d 40 9a 
0010    33 fd 11 14 0b ae 12 bd  3b 32 b8 73 af cc 1b 76 
3.......;2.s...v ...

Performing Binary Export for a Request

To view and decode a CMS key archival request from a Windows Server 2003 CA, it is necessary to do a binary export directly from the CA database. A binary export can be easily achieved through the Certification Authority MMC snap-in or by using the certutil.exe command-line tool.

Binary Request Export Using the Certification Authority MMC Snap-In Walkthrough

To export a binary request using the Certification Authority MMC Snap-in

  1. Log on to the CA machine using a CA Administrator account.

  2. Open the Certification Authority MMC snap-in.

  3. Click the Issued Certificates folder.

  4. If the binary request column has not been previously added to the database view, it must be added to support a binary request export. To add a column to the view, click View on the menu bar, and then select the Add/Remove Columns menu option.

  5. In the Add/Remove Columns dialog box, select the Binary Request field in the Available Columns list box on the left.

  6. Click Add, and then click OK.

Next, a binary request can be exported.

  1. Select a request from the issued certificates view, and then click the Action menu.

  2. Select Export Binary Data on the All Tasks menu.

  3. In the Export Binary Data dialog box, choose Binary Request as the column you want to export.

  4. Click OK.

The data will be exported into ASCII format that can be opened in Notepad using notepad.exe.


Following the previous steps will generate a dump of the certificate archival request only; it does not include the private key material. To dump a full certificate archival request including the private key material, follow the command-line option.

Binary Request Export Using the CertUtil.exe Command-Line Tool Walkthrough

To use the certutil.exe to view the certificate request including private key material, a request file has to be generated first.

To generate a request file

  1. Run Notepad.exe.

  2. Paste the following certificate request information into Notepad.


    Signature= "$Windows NT$"


    Subject = "CN=Test Subject"

    KeySpec = 1

    Exportable = FALSE

    PrivateKeyArchive = TRUE


    CertificateTemplate = EFS


Make sure that the CA is configured for key archival before starting this process. In this example, the EFS template is used; this should be changed to an existing certificate template that allows private key archival.
  1. Save the file as CertificateRequest.inf, and then close Notepad.

  2. Open the command-line window.

  3. Type the following command.

    Certreq –new CertificateRequest.inf CertificateRequest.req


    • This command will prompt you to select the CA to fetch the CA exchange certificate from, and to encrypt the private key to.

    • This command will write the request to a file named by the last argument on the command line: CertificateRequest.req.

    • To avoid using the CA selection dialog, you can specify the CA via -config CAMachineDNSName\CACertCommonName before or after the –new option.

  4. Type the following command.

    certreq -submit CertificateRequest.req KeyArchival.cer KeyArchival. p7b KeyArchival.rsp

    This command will prompt you to select the CA to submit the request to.


    • This command will write the newly issued certificate, a PKCS7 containing only the issued certificate and chain, and the full CMC response to files named by the last three arguments on the command line: KeyArchival.cer, KeyArchival.p7b, and KeyArchival.rsp, respectively.

    • To avoid the U/I, you can specify the CA via -config CAMachineDNSName\CACertCommonName before or after the –submit.

  5. Type the following command.

    certreq -accept KeyArchival.rsp

    This command verifies the response, installs the certificate, and associates it with the private key.

  6. Type the following command.

    Certutil –privatekey –dump CertificateRequest.req >CertificateRequest.txt

    This command will generate a dump of the certificate archival request into the CertificateRequest.txt file.  

  7. Type the following command.

    Certutil –privatekey –dump KeyArchival.rsp >CertificateResponse.txt

    This command will generate a dump of the certificate archival response into the CertificateResponse.txt file.

For non-Windows Server 2003 clients or servers enrolling to a Windows Server 2003 CA, the format of the request may be different. The reason is that non-Windows Server 2003 platforms may not support CMC data structures and, therefore, may not be able to encode the request information inside a PKIData object. Instead, the request information may be inside the Data body but not encoded as a PKIData object.


certreq.exe and other tools may be installed on a Windows Server 2003 Professional machine by installing the Administrative Tools (adminpak.msi) that are located in the \i386 directory on all Windows Server 2003 CD-ROM media.

CMC Request and Response Examples


 OBJECT IDENTIFIER :  signedData [1.2.840.113549.1.7.2] 
    SEQUENCE :  
       INTEGER : 3 
       SET :  
          SEQUENCE :  
             OBJECT IDENTIFIER :  sha1 [] 
             NULL :  
       SEQUENCE :  
          OBJECT IDENTIFIER :  [] 
          CONTEXT SPECIFIC (0) :  
             OCTET STRING :  
                SEQUENCE :  
                   SEQUENCE :  
                      SEQUENCE :  
                         INTEGER : 2 
                         OBJECT IDENTIFIER :  [] 
                            SET :  
                               SEQUENCE :  
                                  INTEGER : 0 
                               SEQUENCE :  
                                  INTEGER : 1 
                               SEQUENCE :  
                                  SEQUENCE :  
                                     OBJECT IDENTIFIER :  [] 
                                     OCTET STRING :  
                                        SEQUENCE :  
                                           SEQUENCE :  
                                              OBJECT IDENTIFIER :  encryptedFileSystem [] 
                                  SEQUENCE :  
                                     OBJECT IDENTIFIER :  keyUsage [] 
                                     OCTET STRING :  
                                     BIT STRING UnusedBits:5 :  
                                  SEQUENCE :  
                                     OBJECT IDENTIFIER :  extKeyUsage [] 
                                        OCTET STRING :  
                                           SEQUENCE :  
                                              OBJECT IDENTIFIER :  encryptedFileSystem [] 
                                     SEQUENCE :  
                                        OBJECT IDENTIFIER :  [] 
                                        OCTET STRING :  
                                           SEQUENCE :  
                                              OBJECT IDENTIFIER :  
                                              INTEGER : 100 
                                              INTEGER : 2 
                         SEQUENCE :  
                            INTEGER : 3 
                            OBJECT IDENTIFIER :  [] 
                            SET :  
                               SEQUENCE :  
                                  INTEGER : 0 
                                  SEQUENCE :  
                                     INTEGER : 1 
                                  SET :  
                                     SEQUENCE :  
                                        OBJECT IDENTIFIER :  [] 
                                        SET :  
                                           OCTET STRING :  
                         SEQUENCE :  
                            INTEGER : 4 
                            OBJECT IDENTIFIER :  [] 
                            SET :  
                               OCTET STRING :  
                      SEQUENCE :  
                         CONTEXT SPECIFIC (0) :  
                            INTEGER : 1 
                            SEQUENCE :  
                               SEQUENCE :  
                                  INTEGER : 0 
                                  SEQUENCE :  
                                     SET :  
                                        SEQUENCE :  
                                           OBJECT IDENTIFIER :  commonName [] 
                                           PRINTABLE STRING :  
'Test Subject' 
                                  SEQUENCE :  
                                     SEQUENCE :  
                                        OBJECT IDENTIFIER :  rsaEncryption [1.2.840.113549.1.1.1] 
                                        NULL :  
                                     BIT STRING UnusedBits:0 :  
                                        SEQUENCE :  
                                           INTEGER :  
                                           INTEGER : 65537 
                                  CONTEXT SPECIFIC (0) :  
                                     SEQUENCE :  
                                        OBJECT IDENTIFIER :  [] 
                                        SET :  
                                           IA5 STRING :  
                                     SEQUENCE :  
                                        OBJECT IDENTIFIER :  [] 
                                        SET :  
                                           SEQUENCE :  
                                              INTEGER : 1 
                                              UTF8 STRING :  
                                              UTF8 STRING :  
                                              UTF8 STRING :  
                                     SEQUENCE :  
                                        OBJECT IDENTIFIER :  [] 
                                        SET :  
                                           SEQUENCE :  
                                              INTEGER : 1 
                                              BMP STRING :  
                                                 'Microsoft Strong Cryptographic P' 
                                              BIT STRING UnusedBits:0 :  
                                     SEQUENCE :  
                                        OBJECT IDENTIFIER :  extensionReq [1.2.840.113549.1.9.14] 
                                        SET :  
                                           SEQUENCE :  
                                              SEQUENCE :  
                                                 OBJECT IDENTIFIER :  sMIMECapabilities [1.2.840.113549.1.9.15] 
                                                 OCTET STRING :  
                                                    SEQUENCE :  
                                                       SEQUENCE :  
                                                          OBJECT IDENTIFIER :  rc2CBC [1.2.840.113549.3.2] 
                                                          INTEGER : 128 
                                                       SEQUENCE :  
                                                          OBJECT IDENTIFIER :  rc4 [1.2.840.113549.3.4] 
                                                          INTEGER : 128 
                                                       SEQUENCE :  
                                                          OBJECT IDENTIFIER :  desCBC [] 
                                                       SEQUENCE :  
                                                          OBJECT IDENTIFIER :  DES-EDE3-CBC [1.2.840.113549.3.7] 
                                              SEQUENCE :  
                                                 OBJECT IDENTIFIER :  subjectKeyIdentifier [] 
                                                 OCTET STRING :  
                                                    OCTET STRING :  
                                              SEQUENCE :  
                                                 OBJECT IDENTIFIER :  [] 
                                                 OCTET STRING :  
                                                    SEQUENCE :  
                                                       SEQUENCE :  
                                                          OBJECT IDENTIFIER :  encryptedFileSystem [] 
                                              SEQUENCE :  
                                                 OBJECT IDENTIFIER :  keyUsage [] 
                                                 OCTET STRING :  
                                                    BIT STRING UnusedBits:5 :  
                                              SEQUENCE :  
                                                 OBJECT IDENTIFIER :  extKeyUsage [] 
                                                 OCTET STRING :  
                                                    SEQUENCE :  
                                                       OBJECT IDENTIFIER :  encryptedFileSystem [] 
                                              SEQUENCE :  
                                                 OBJECT IDENTIFIER :  [] 
                                                 OCTET STRING :  
                                                    SEQUENCE :  
                                                       OBJECT IDENTIFIER :  
                                                       INTEGER : 100 
                                                       INTEGER : 2 
                               SEQUENCE :  
                                  OBJECT IDENTIFIER :  sha1withRSAEncryption [1.2.840.113549.1.1.5] 
                                  NULL :  
                               BIT STRING UnusedBits:0 :  
                      SEQUENCE :  
                      SEQUENCE :  
          SET :  
             SEQUENCE :  
                INTEGER : 3 
                CONTEXT SPECIFIC (0) :  
                SEQUENCE :  
                   OBJECT IDENTIFIER :  sha1 [] 
                   NULL :  
                CONTEXT SPECIFIC (0) :  
                   SEQUENCE :  
                      OBJECT IDENTIFIER :  contentType [1.2.840.113549.1.9.3] 
                      SET :  
                         OBJECT IDENTIFIER :  [] 
                   SEQUENCE :  
                      OBJECT IDENTIFIER :  messageDigest [1.2.840.113549.1.9.4] 
                      SET :  
                         OCTET STRING :  
                   SEQUENCE :  
                      OBJECT IDENTIFIER :  [] 
                      SET :  
                         SEQUENCE :  
                            INTEGER : 1 
                            UTF8 STRING :  
                            UTF8 STRING : 'CONTOSO0\avibm' 
                            UTF8 STRING : 'certreq' 
                SEQUENCE :  
                   OBJECT IDENTIFIER :  rsaEncryption [1.2.840.113549.1.1.1] 
                   NULL :  
                OCTET STRING :  
                CONTEXT SPECIFIC (1) :  
                   SEQUENCE :  
                      OBJECT IDENTIFIER :  [] 
                      SET :  
                         SEQUENCE :  
                            OBJECT IDENTIFIER :  envelopedData [1.2.840.113549.1.7.3] 
                            CONTEXT SPECIFIC (0) :  
                               SEQUENCE :  
                                  INTEGER : 0 
                                  SET :  
                                     SEQUENCE :  
                                        INTEGER : 0 
                                        SEQUENCE :  
                                           SEQUENCE :  
                                              SET :  
                                                 SEQUENCE :  
                                                    OBJECT IDENTIFIER :  domainComponent [0.9.2342.19200300.100.1.25] 
                                                    IA5 STRING :  
                                              SET :  
                                                 SEQUENCE :  
                                                    OBJECT IDENTIFIER :  domainComponent [0.9.2342.19200300.100.1.25] 
                                                    IA5 STRING :  
                                              SET :  
                                                 SEQUENCE :  
                                                    OBJECT IDENTIFIER :  commonName [] 
                                                    PRINTABLE STRING :  
                                           INTEGER :  
                                        SEQUENCE :  
                                           OBJECT IDENTIFIER :  rsaEncryption [1.2.840.113549.1.1.1] 
                                           NULL :  
                                        OCTET STRING :  
                                  SEQUENCE :  
                                     OBJECT IDENTIFIER :  data [1.2.840.113549.1.7.1] 
                                     SEQUENCE :  
                                        OBJECT IDENTIFIER :  DES-EDE3-CBC [1.2.840.113549.3.7] 
                                        OCTET STRING :  
                                     CONTEXT SPECIFIC (0) :  


    OBJECT IDENTIFIER :  signedData [1.2.840.113549.1.7.2] 
       SEQUENCE :  
          INTEGER : 3 
          SET :  
             SEQUENCE :  
                OBJECT IDENTIFIER :  sha1 [] 
                NULL :  
          SEQUENCE :  
             OBJECT IDENTIFIER :  [] 
             CONTEXT SPECIFIC (0) :  
                OCTET STRING :  
                   SEQUENCE :  
                      SEQUENCE :  
                         SEQUENCE :  
                            INTEGER : 1 
                            OBJECT IDENTIFIER :  [] 
                            SET :  
                               SEQUENCE :  
                                  INTEGER : 0 
                                  SEQUENCE :  
                                     INTEGER : 1 
                                  UTF8 STRING : 'Issued' 
                         SEQUENCE :  
                            INTEGER : 2 
                            OBJECT IDENTIFIER :  [] 
                            SET :  
                               SEQUENCE :  
                                  INTEGER : 0 
                                  SEQUENCE :  
                                     INTEGER : 1 
                                  SET :  
                                     SEQUENCE :  
                                        OBJECT IDENTIFIER :  [] 
                                        SET :  
                                           OCTET STRING :  
                                     SEQUENCE :  
                                        OBJECT IDENTIFIER :  [] 
                                        SET :  
                                           OCTET STRING :  
                      SEQUENCE :  
                      SEQUENCE :  
          CONTEXT SPECIFIC (0) :  
             SEQUENCE :  
                SEQUENCE :  
                   CONTEXT SPECIFIC (0) :  
                      INTEGER : 2 
                   INTEGER :  
                   SEQUENCE :  
                      OBJECT IDENTIFIER :  sha1withRSAEncryption [1.2.840.113549.1.1.5] 
                      NULL :  
                   SEQUENCE :  
                      SET :  
                         SEQUENCE :  
                            OBJECT IDENTIFIER :  domainComponent [0.9.2342.19200300.100.1.25] 
                            IA5 STRING : 'com' 
                      SET :  
                         SEQUENCE :  
                            OBJECT IDENTIFIER :  domainComponent [0.9.2342.19200300.100.1.25] 
                            IA5 STRING : 'contoso' 
                      SET :  
                         SEQUENCE :  
                            OBJECT IDENTIFIER :  commonName [] 
                            PRINTABLE STRING :  
                   SEQUENCE :  
                      UTC TIME : '040210162354Z' 
                      UTC TIME : '090210162738Z' 
                   SEQUENCE :  
                      SET :  
                         SEQUENCE :  
                            OBJECT IDENTIFIER :  domainComponent [0.9.2342.19200300.100.1.25] 
                            IA5 STRING : 'com' 
                      SET :  
                         SEQUENCE :  
                            OBJECT IDENTIFIER :  domainComponent [0.9.2342.19200300.100.1.25] 
                            IA5 STRING : 'contoso' 
                      SET :  
                         SEQUENCE :  
                            OBJECT IDENTIFIER :  commonName [] 
                            PRINTABLE STRING :  
                   SEQUENCE :  
                      SEQUENCE :  
                         OBJECT IDENTIFIER :  rsaEncryption [1.2.840.113549.1.1.1] 
                         NULL :  
                      BIT STRING UnusedBits:0 :  
                         SEQUENCE :  
                            INTEGER :  
                            INTEGER : 65537 
                   CONTEXT SPECIFIC (3) :  
                      SEQUENCE :  
                         SEQUENCE :  
                            OBJECT IDENTIFIER :  [] 
                            OCTET STRING :  
                               BMP STRING : 'CA' 
                         SEQUENCE :  
                            OBJECT IDENTIFIER :  keyUsage [] 
                            OCTET STRING :  
                               BIT STRING UnusedBits:1 :  
                         SEQUENCE :  
                            OBJECT IDENTIFIER :  basicConstraints [] 
                            BOOLEAN : 'FF' 
                            OCTET STRING :  
                               SEQUENCE :  
                                  BOOLEAN : 'FF' 
                         SEQUENCE :  
                            OBJECT IDENTIFIER :  subjectKeyIdentifier [] 
                            OCTET STRING :  
                               OCTET STRING :  
                         SEQUENCE :  
                            OBJECT IDENTIFIER :  cRLDistributionPoints [] 
                            OCTET STRING :  
                               SEQUENCE :  
                                  SEQUENCE :  
                                     CONTEXT SPECIFIC (0) :  
                                        CONTEXT SPECIFIC (0) :  
                                           CONTEXT SPECIFIC (6) :  
                                           CONTEXT SPECIFIC (6) :  
                         SEQUENCE :  
                            OBJECT IDENTIFIER :  [] 
                            OCTET STRING :  
                               INTEGER : 0 
                SEQUENCE :  
                   OBJECT IDENTIFIER :  sha1withRSAEncryption [1.2.840.113549.1.1.5] 
                   NULL :  
                BIT STRING UnusedBits:0 :  
             SEQUENCE :  
                SEQUENCE :  
                   CONTEXT SPECIFIC (0) :  
                      INTEGER : 2 
                   INTEGER : '18E922D0000000000060' 
                   SEQUENCE :  
                      OBJECT IDENTIFIER :  sha1withRSAEncryption [1.2.840.113549.1.1.5] 
                      NULL :  
                   SEQUENCE :  
                      SET :  
                         SEQUENCE :  
                            OBJECT IDENTIFIER :  domainComponent [0.9.2342.19200300.100.1.25] 
                            IA5 STRING : 'com' 
                      SET :  
                         SEQUENCE :  
                            OBJECT IDENTIFIER :  domainComponent [0.9.2342.19200300.100.1.25] 
                            IA5 STRING : 'contoso' 
                      SET :  
                         SEQUENCE :  
                            OBJECT IDENTIFIER :  commonName [] 
                            PRINTABLE STRING :  
                   SEQUENCE :  
                      UTC TIME : '040812185455Z' 
                      UTC TIME : '050812185455Z' 
                   SEQUENCE :  
                      SET :  
                         SEQUENCE :  
                            OBJECT IDENTIFIER :  domainComponent [0.9.2342.19200300.100.1.25] 
                            IA5 STRING : 'com' 
                      SET :  
                         SEQUENCE :  
                              OBJECT IDENTIFIER :  domainComponent [0.9.2342.19200300.100.1.25] 
                              IA5 STRING : 'contoso' 
                        SET :  
                           SEQUENCE :  
                              OBJECT IDENTIFIER :  commonName [] 
                              PRINTABLE STRING : 'Users' 
                        SET :  
                           SEQUENCE :  
                              OBJECT IDENTIFIER :  commonName [] 
                              PRINTABLE STRING :  
                                 'Avi Ben-Menahem' 
                     SEQUENCE :  
                        SEQUENCE :  
                           OBJECT IDENTIFIER :  rsaEncryption [1.2.840.113549.1.1.1] 
                           NULL :  
                        BIT STRING UnusedBits:0 :  
                           SEQUENCE :  
                              INTEGER :  
                              INTEGER : 65537 
                     CONTEXT SPECIFIC (3) :  
                        SEQUENCE :  
                           SEQUENCE :  
                              OBJECT IDENTIFIER :  sMIMECapabilities [1.2.840.113549.1.9.15] 
                              OCTET STRING :  
                                 SEQUENCE :  
                                    SEQUENCE :  
                                       OBJECT IDENTIFIER :  rc2CBC [1.2.840.113549.3.2] 
                                       INTEGER : 128 
                                    SEQUENCE :  
                                       OBJECT IDENTIFIER :  rc4 [1.2.840.113549.3.4] 
                                       INTEGER : 128 
                                    SEQUENCE :  
                                       OBJECT IDENTIFIER :  desCBC [] 
                                    SEQUENCE :  
                                       OBJECT IDENTIFIER :  DES-EDE3-CBC [1.2.840.113549.3.7] 
                           SEQUENCE :  
                              OBJECT IDENTIFIER :  subjectKeyIdentifier [] 
                              OCTET STRING :  
                                 OCTET STRING :  
                           SEQUENCE :  
                              OBJECT IDENTIFIER :  [] 
                              OCTET STRING :  
                                 SEQUENCE :  
                                    SEQUENCE :  
                                       OBJECT IDENTIFIER :  encryptedFileSystem [] 
                           SEQUENCE :  
                              OBJECT IDENTIFIER :  keyUsage [] 
                              OCTET STRING :  
                                 BIT STRING UnusedBits:5 :  
                           SEQUENCE :  
                              OBJECT IDENTIFIER :  extKeyUsage [] 
                              OCTET STRING :  
                                 SEQUENCE :  
                                    OBJECT IDENTIFIER :  encryptedFileSystem [] 
                           SEQUENCE :  
                              OBJECT IDENTIFIER :  [] 
                              OCTET STRING :  
                                 SEQUENCE :  
                                    OBJECT IDENTIFIER :   
                                  INTEGER : 100 
                                  INTEGER : 2 
                         SEQUENCE :  
                            OBJECT IDENTIFIER :  authorityKeyIdentifier [] 
                            OCTET STRING :  
                               SEQUENCE :  
                                  CONTEXT SPECIFIC (0) :  
                         SEQUENCE :  
                            OBJECT IDENTIFIER :  cRLDistributionPoints [] 
                            OCTET STRING :  
                               SEQUENCE :  
                                  SEQUENCE :  
                                     CONTEXT SPECIFIC (0) :  
                                        CONTEXT SPECIFIC (0) :  
                                           CONTEXT SPECIFIC (6) :  
                                           CONTEXT SPECIFIC (6) :  
                         SEQUENCE :  
                            OBJECT IDENTIFIER :  authorityInfoAccess [] 
                            OCTET STRING :  
                               SEQUENCE :  
                                  SEQUENCE :  
                                     OBJECT IDENTIFIER :  caIssuers [] 
                                     CONTEXT SPECIFIC (6) :  
                                  SEQUENCE :  
                                     OBJECT IDENTIFIER :  caIssuers [] 
                                     CONTEXT SPECIFIC (6) :  
                         SEQUENCE :  
                            OBJECT IDENTIFIER :  subjectAltName [] 
                            OCTET STRING :  
                               SEQUENCE :  
                                  CONTEXT SPECIFIC (0) :  
                                     OBJECT IDENTIFIER :  [] 
                                     CONTEXT SPECIFIC (0) :  
                                        UTF8 STRING :  
                SEQUENCE :  
                   OBJECT IDENTIFIER :  sha1withRSAEncryption [1.2.840.113549.1.1.5] 
                   NULL :  
                BIT STRING UnusedBits:0 :  
          SET :  
             SEQUENCE :  
                INTEGER : 1 
                SEQUENCE :  
                   SEQUENCE :  
                      SET :  
                         SEQUENCE :  
                            OBJECT IDENTIFIER :  domainComponent [0.9.2342.19200300.100.1.25] 
                            IA5 STRING : 'com' 
                      SET :  
                         SEQUENCE :  
                            OBJECT IDENTIFIER :  domainComponent [0.9.2342.19200300.100.1.25] 
                            IA5 STRING : 'contoso' 
                      SET :  
                         SEQUENCE :  
                            OBJECT IDENTIFIER :  commonName [] 
                            PRINTABLE STRING :  
                   INTEGER :  
                SEQUENCE :  
                   OBJECT IDENTIFIER :  sha1 [] 
                   NULL :  
                CONTEXT SPECIFIC (0) :  
                   SEQUENCE :  
                      OBJECT IDENTIFIER :  contentType [1.2.840.113549.1.9.3] 
                      SET :  
                         OBJECT IDENTIFIER :  [] 
                   SEQUENCE :  
                      OBJECT IDENTIFIER :  messageDigest [1.2.840.113549.1.9.4] 
                      SET :  
                         OCTET STRING :  
                SEQUENCE :  
                   OBJECT IDENTIFIER :  rsaEncryption [1.2.840.113549.1.1.1] 
                   NULL :  
                OCTET STRING :  

Recovery BLOB Structure

When stored in the CA database, the private key is stored as a PKCS #7 message, encrypted with a 3DES symmetric key that is encrypted to the KRA(s) public key as a column in the CA database. When the recovery BLOB is retrieved by the certutil –getkey command, the encrypted PKCS #7 and the KRA certificate hashes are retrieved from the database. Also, the encrypted PKCS #7 is wrapped inside a signed PKCS #7 to allow collecting the previous certificates and attaching them to the signed PKCS #7. The PKCS #7 is not protected with a password since it is already protected by the public key of the recovery agent(s). The outer PKCS #7 wrapper can contain the certificate chains for the recovery agent(s) and the end-entity to facilitate the recovery operations and construction of the end-entity PKCS #12 file. Figure 47 illustrates the recovery BLOB structure.

The recovery BLOB consists of wrapping the encrypted PKCS #7 in the database in another (signed) PKCS #7 to allow a number of certificates to be included in the recovery BLOB. The returned certificates include the full chain of the user certificate being recovered, the chain of the signing CA certificate (which may differ from the CA certificate under which the user certificate was issued), and the KRA certificates to which the key was encrypted. The szOID_ARCHIVED_KEY_CERT_HASH( is an attribute containing the SHA-1 hash of the certificate for the key being recovered, attached as an authenticated attribute to the CA signature of the recovery BLOB. This allows certutil -recoverkey recoveryblobfile to also display the Subject name of the KRA certificate(s) used to protect the private key BLOB.

Art Image

Figure 47:  Recovery BLOB

ASN.1 Structure

The following is the ASN.1 structure of the PKCS #7 EnvelopedData object.

EnvelopedData ::= SEQUENCE {

version                             Version,

recipientInfos                    RecipientInfos,

encryptedContentInfo        EncryptedContentInfo


Storing the recovery BLOB as an enveloped PKCS #7 enables a recovery agent to retrieve the recovery BLOB from the CA database. The recovery agent’s private key is used to decrypt the EncryptedContentInfo to extract the PKCS #12 data. The following is the ASN.1 structure of the EncryptedContentInfo body.

EncryptedContentInfo ::= SEQUENCE {

contentType                          ContentType,

contentEncryptionAlgorithm    ContentEncryptionAlgorithmIdentifier,

encryptedContent[0]              IMPLICIT EncryptedContent OPTIONAL


By definition, there can be multiple recovery agent certificates specified by RecipientInfo, where IssuerAndSerialNumber is used to disambiguate between multiple recovery agent certificates. Only the recovery agent certificates included in the RecipientInfo body of the enveloped PKCS #7 object can be used to recover the archived key material. The following is the ASN.1 structure of the RecipientInfo body.

RecipientInfo ::= SEQUENCE {

version                           Version,

issuerAndSerialNumber    IssuerAndSerialNumber,

keyEncryptionAlgorithm    KeyEncryptionAlgorithmIdentifier,

encryptedKey                  EncryptedKey
