Rights Account Certificate XML Example
[The AD RMS SDK leveraging functionality exposed by the client in Msdrm.dll is available for use in Windows Server 2008, Windows Vista, Windows Server 2008 R2, Windows 7, Windows Server 2012, and Windows 8. It may be altered or unavailable in subsequent versions. Instead, use Active Directory Rights Management Services SDK 2.1, which leverages functionality exposed by the client in Msipc.dll.]
The following example shows an XrML rights account certificate (RAC) chain. The RAC was issued to the user account someone@example.com. The name of the AD RMS server that issued the RAC was EXAMPLESRV2008. To see an actual RAC, activate the user, navigate to the appropriate Rights Account Certificate Store, and open the certificate file.
The file name format for a RAC in the Pre-production hierarchy is GIC-user account-user ID GUID.drm. For example, the following RAC was saved in the file named GIC-someone@example.com-{f39c5f0b;kb861;k460c;k8a21;kb8a0b9a9c568}.drm.
- <XrML xmlns="" version="1.2">
- <BODY type="LICENSE" version="3.0">
<ISSUEDTIME>2008-03-17T16:04</ISSUEDTIME>
- <VALIDITYTIME>
<FROM>2008-03-16T16:04</FROM>
<UNTIL>2009-03-17T16:04</UNTIL>
</VALIDITYTIME>
- <DESCRIPTOR>
- <OBJECT type="Group-Identity-Credential">
<ID type="MS-GUID">
{f39c5f0b-b861-460c-8a21-b8a0b9a9c568}
</ID>
</OBJECT>
</DESCRIPTOR>
- <ISSUER>
- <OBJECT type="MS-DRM-Server">
<ID type="MS-GUID">
{e03ee46f-e62a-48d7-81f0-2d8d5d522c9d}
</ID>
<NAME>EXAMPLESRV2008</NAME>
<ADDRESS type="URL">HTTP://example.com:80/_wmcs</ADDRESS>
</OBJECT>
- <PUBLICKEY>
<ALGORITHM>RSA</ALGORITHM>
- <PARAMETER name="public-exponent">
<VALUE encoding="integer32">65537</VALUE>
</PARAMETER>
- <PARAMETER name="modulus">
<VALUE encoding="base64" size="1024">
1fn3bqaD3kdFtl+uo1mc/PKPNZyIjJ+KN+EACM72bSZwswcUTc8u75H
0rllk9bgonpFTt9MCdfl7f+NC2OuWv2rC9nuBKt6CN/wMEVpF+ByjkU
zMTA1Ktu/ziS4BJ9L7t1bUWEqa3nWb1B6MV/M+jeNgjiRMpGi+vzn3s
D/d8Oo=
</VALUE>
</PARAMETER>
</PUBLICKEY>
<SECURITYLEVEL name="Server-Version" value="6.0.0.0"/>
<SECURITYLEVEL name="Server-SKU" value="RMS 2.0"/>
</ISSUER>
- <DISTRIBUTIONPOINT>
- <OBJECT type="Activation">
<ID type="MS-GUID">
{8BA9EA80-99E4-4a2b-9764-4CD84F77C3A0}
</ID>
<NAME>Microsoft Identity Certification Server</NAME>
<ADDRESS type="URL">
http://example.com/_wmcs/certification
</ADDRESS>
</OBJECT>
</DISTRIBUTIONPOINT>
- <ISSUEDPRINCIPALS>
- <PRINCIPAL internal-id="1">
- <OBJECT type="Group-Identity">
<ID type="Windows">
S-1-5-21-1226287486-3652005974-3671177567-1114
</ID>
<NAME>someone@example.com</NAME>
</OBJECT>
- <PUBLICKEY>
<ALGORITHM>RSA</ALGORITHM>
- <PARAMETER name="public-exponent">
<VALUE encoding="integer32">65537</VALUE>
</PARAMETER>
- <PARAMETER name="modulus">
<VALUE encoding="base64" size="1024">
raMBBHBY7UbNE0bHh1Mc2G2LjBQfI/x/scBACTAm6Y12K+xQlve3p
NlcnFcuPrfguSpNrXq3bdk+zdONH92zzxSlwqvVXqubwNinLESusH
snpcVPGkPLV3PqxZ/JHOiEWKoLPkigNHGfatrBbnofCqRQhiG6it7
FbHvNMRAgxbE=
</VALUE>
</PARAMETER>
</PUBLICKEY>
<SECURITYLEVEL
name="Group-Identity-Credential-Type"
value="Persistent"/>
<SECURITYLEVEL
name="Group-Identity-Policy"
value="Group-Identity-Credential"/>
<SECURITYLEVEL
name="Group-Identity-Type"
value="Group"/>
</PRINCIPAL>
- </ISSUEDPRINCIPALS>
- <FEDERATIONPRINCIPALS>
- <PRINCIPAL>
- <OBJECT type="Machine-Unique-Identifier">
<ID type="MS-GUID">
{8a0acfdb-b60f-49bd-a781-f6b41e876219}
</ID>
<NAME>Machine</NAME>
</OBJECT>
- <ENABLINGBITS type="sealed-key">
<VALUE encoding="base64" size="6144">
ox7jiE7iXtnP5Q4p/ZPfh4VAP5sFh/wI+8XsK94+KBO8yfwytsNCoUP
JU3twWHoBNTIdbVCvSFFmhp+Uw71rHCB22Ud3ZUaV81a5ZjbsyFltiu
FFUOeqOKUGXQwKHrVcb6Yi2rEOmimKoBr1S/SP99g5D3xEZjxslFI8q
F3PblXdysVm8alF+KiLkWLO0B+doTd+7OnL48H1xQZnUFLVy2uBp+s5
JJDLd1+38Oj/qjl992EhHZMvle567g+vRLQ4pabIrtZnIw/hAa0yBWP
FlRNJ6v0qsj1FeM4mRiKYvGazyVDEYX+Js1sc1RUY4XNLo7tPlBt/4q
JHHhuGhX2jltXRKTQprlofb/ZnTfme+rBNKX5Rzd3+fjp0dFjdllfMG
Z5J+Z6PSwAAs9ojlner6j2kv88yHx700ZaTdCxhKPEVL9IyNPjFUHo/
b+499DIPu7tp2E3DlEEusnsnwZqIehpt8tghLzfUMM2YJe3T1poKVF0
SWjVfr2OKRZ3qQPdI+/3/cQzaGirgvRDuifJGduzLqZ2uABKwqYv2zP
ELKOKPuDWqckhgj83n/EYtyM/beCz0ZmEGHdAEmXFHr701t7heGI9aQ
jUwNjWmpwMUKTgKGfA0dNq4cJk1p/VO1+b2TS3yAC2jtwA5ZaejrQ8g
2H/S2D82ht8A9tGUjDfoqn4T2RN1laLXGwbzAto31I4kUWpcziakJ+/
XNBH4F961d6177Sie1IkGiLGnMSM3nmpdQPjad/z8YS3fPcE+LkbaP8
vmXZl4GY6nNSvkvTT/nxhFfn/Fm17HFvjovBhSB6NOFzkSiuXDcPXlU
X/BTGZk0p8j4yXQNtO9b3H+OtGEuwqnD8S69tIrpH+jpl/VCFXFKp3M
rcVUZfjhBGfZHapCul5dZfir32dU6bkTD/FmSbSVClr5rO7/sZ/Wlvl
lv4mw/gg642EnvzURDMFFZb+XYALFGdvMt3kZevK4o5hCE0yEP2PtAb
fWv1jpseo3nNRC/mMsv8nXgcdW1MKbuKEH
</VALUE>
</ENABLINGBITS>
<SECURITYLEVEL
name="Manufacturer"
value=
"Microsoft Corporation mcoregen DLL 6.0.5840.16389 (RMS
Client v2.0 Desktop Security Processor)"/>
<SECURITYLEVEL
name="Platform"
value="2.6.0.6000"/>
<SECURITYLEVE
name="Repository"
value=
"Microsoft Corporation Windows RMS Client v2.0 secure
repository 6.0.5840.16389"/>
</PRINCIPAL>
</FEDERATIONPRINCIPALS>
</BODY>
- <SIGNATURE>
<DIGEST>
<ALGORITHM>SHA1</ALGORITHM>
- <PARAMETER name="codingtype">
<VALUE encoding="string">surface-coding</VALUE>
</PARAMETER>
<VALUE encoding="base64" size="160">
Xc+84uqrehgkwjwHGAedTv7UeK0=
</VALUE>
</DIGEST>
- <ALGORITHM>RSA PKCS#1-V1.5</ALGORITHM>
<VALUE encoding="base64" size="1024">
SaZvQJOL9D478f5sxLq3Jdn5ZB11oHvfKr8xa3oPI5xwmFnnsol+rTJKWYP
K0lyfRhpqobgQmqtx9HaVGp/kK5HcPoMFVp8RRnbKogZDZVX3lKMq+vJeJb
RIassz6TZQICTBcf0QL/ba3qVNYGP3kl3LyRAK/DaHsD1w5XXAfmk=
</VALUE>
</SIGNATURE>
</XrML>
.
.
.
- <XrML xmlns="" version="1.2">
- <XrML xmlns="" version="1.2">
Related topics