OpenSSL 111: authorityKeyIdentifier

Wed Mar 25 19:07:19 UTC 2020

Makes perfectly sense. Thank you. 

> Am 25.03.2020 um 18:49 schrieb Viktor Dukhovni <openssl-users at dukhovni.org>:
> 
> On Wed, Mar 25, 2020 at 05:47:01PM +0100, Dirk wrote:
> 
>>>> My expectation (maybe wrong) is that the serial and the issuer name belong to
>>>> the same X509 certificate that the key id belongs to.
>>> 
>>> Your expectation is "wrong".  The issuer DN in the AKID is in fact
>>> supposed to be the issuer's issuer.  It would be redundant to
>>> encode the issuer DN there, it is already present in the EE
>>> certificate.
>> 
>> Thank you Victor. Can you point me to the rfc that defines this?
> 
> You could just save time and take my word for it, based on the logical
> argument that the issuer public key is identified by the serial number
> and DN of the CA that signed its certificate (the combination required
> to be unique) and that repeating the EE issuer DN would be redundant.
> The text in RFC 5280 is not terribly clear, but is basically a brief
> restatement of X.509.
> 
> If you really want to puzzle over more text see (page 24, physical page
> 34 of):
> 
>    http://handle.itu.int/11.1002/1000/9590-en?locatt=format:pdf
> 
>    8.2.2.1 Authority key identifier extension
> 
>    This field, which may be used as either a certificate extension or
>    CRL extension, identifies the public key to be used to verify the
>    signature on this certificate or CRL. It enables distinct keys used
>    by the same CA to be distinguished (e.g., as key updating occurs).
>    This field is defined as follows:
> 
>    authorityKeyIdentifier EXTENSION ::= {
>        SYNTAX AuthorityKeyIdentifier IDENTIFIED BY id-ce-authorityKeyIdentifier
>    }
> 
>    AuthorityKeyIdentifier ::= SEQUENCE {
>        keyIdentifier             [0] KeyIdentifier OPTIONAL
>        authorityCertIssuer       [1] GeneralNames  OPTIONAL
>        authorityCertSerialNumber [2] CertificateSerialNumber OPTIONAL }
>        ( WITH COMPONENTS {..., authorityCertIssuer PRESENT, authorityCertSerialNumber PRESENT} |
>          WITH COMPONENTS {..., authorityCertIssuer ABSENT, authorityCertSerialNumber ABSENT} )
> 
>    KeyIdentifier ::= OCTET STRING
> 
>    The key may be identified by an explicit key identifier in the
>    keyIdentifier component, by identification of a certificate for the
>    key (giving certificate issuer in the authorityCertIssuer component
>    and certificate serial number in the authorityCertSerialNumber
>    component), or by both explicit key identifier and identification of
>    a certificate for the key. If both forms of identification are used
>    then the certificate or CRL issuer shall ensure they are consistent.
>    A key identifier shall be unique with respect to all key identifiers
>    for the issuing authority for the certificate or CRL containing the
>    extension. An implementation which supports this extension is not
>    required to be able to process all name forms in the
>    authorityCertIssuer component. (See 8.3.2.1 for details of the
>    GeneralNames type.)
> 
>    Certification authorities shall assign certificate serial numbers
>    such that every (issuer, certificate serial number) pair uniquely
>    identifies a single certificate. The keyIdentifier form can be used
>    to select CA certificates during path construction. The
>    authorityCertIssuer, authoritySerialNumber pair can only be used to
>    provide preference to one certificate over others during path
>    construction.
> 
>    This extension is always non-critical.
> 
> -- 
>    Viktor.