CERT_AUTHORITY_KEY_ID_INFO structure (wincrypt.h)

The CERT_AUTHORITY_KEY_ID_INFO structure identifies the key used to sign a certificate or certificate revocation list (CRL). This structure differentiates among distinct keys used by the same certification authority as, for example, keys changed when an update occurs.

The key can be identified by an explicit key identifier, by giving a certificate's issuer and serial number, or by both. If both are used, the certificate issuer must ensure that the explicit key identifier, the certificate issuer and the serial number are consistent.

CryptDecodeObject creates an instance of this structure when performed on a CERT_EXTENSION structure's Value member with its structure's pszObjId member set to szOID_AUTHORITY_KEY_IDENTIFIER.

An instance of this structure can be used as input to CryptEncodeObject to create an appropriate CERT_EXTENSION.

Syntax

typedef struct _CERT_AUTHORITY_KEY_ID_INFO {
  CRYPT_DATA_BLOB    KeyId;
  CERT_NAME_BLOB     CertIssuer;
  CRYPT_INTEGER_BLOB CertSerialNumber;
} CERT_AUTHORITY_KEY_ID_INFO, *PCERT_AUTHORITY_KEY_ID_INFO;

Members

KeyId

A CRYPT_DATA_BLOB structure that contains a unique identifier of a public key.

CertIssuer

A CERT_NAME_BLOB structure that contains the encoded distinguished name of the certification authority that issued the certificate.

CertSerialNumber

A CRYPT_INTEGER_BLOB structure that contains the serial number of the certificate associated with the private key used to sign this certificate. For more information, see CERT_INFO.

Requirements

Requirement Value
Minimum supported client Windows XP [desktop apps only]
Minimum supported server Windows Server 2003 [desktop apps only]
Header wincrypt.h

See also

CRYPT_INTEGER_BLOB