OpenSSL 111: authorityKeyIdentifier

Viktor Dukhovni openssl-users at dukhovni.org
Wed Mar 25 17:48:57 UTC 2020


On Wed, Mar 25, 2020 at 05:47:01PM +0100, Dirk wrote:

> >> My expectation (maybe wrong) is that the serial and the issuer name belong to
> >> the same X509 certificate that the key id belongs to.
> > 
> > Your expectation is "wrong".  The issuer DN in the AKID is in fact
> > supposed to be the issuer's issuer.  It would be redundant to
> > encode the issuer DN there, it is already present in the EE
> > certificate.
>
> Thank you Victor. Can you point me to the rfc that defines this?

You could just save time and take my word for it, based on the logical
argument that the issuer public key is identified by the serial number
and DN of the CA that signed its certificate (the combination required
to be unique) and that repeating the EE issuer DN would be redundant.
The text in RFC 5280 is not terribly clear, but is basically a brief
restatement of X.509.

If you really want to puzzle over more text see (page 24, physical page
34 of):

    http://handle.itu.int/11.1002/1000/9590-en?locatt=format:pdf

    8.2.2.1 Authority key identifier extension

    This field, which may be used as either a certificate extension or
    CRL extension, identifies the public key to be used to verify the
    signature on this certificate or CRL. It enables distinct keys used
    by the same CA to be distinguished (e.g., as key updating occurs).
    This field is defined as follows:

    authorityKeyIdentifier EXTENSION ::= {
        SYNTAX AuthorityKeyIdentifier IDENTIFIED BY id-ce-authorityKeyIdentifier
    }

    AuthorityKeyIdentifier ::= SEQUENCE {
        keyIdentifier             [0] KeyIdentifier OPTIONAL
        authorityCertIssuer       [1] GeneralNames  OPTIONAL
        authorityCertSerialNumber [2] CertificateSerialNumber OPTIONAL }
        ( WITH COMPONENTS {..., authorityCertIssuer PRESENT, authorityCertSerialNumber PRESENT} |
          WITH COMPONENTS {..., authorityCertIssuer ABSENT, authorityCertSerialNumber ABSENT} )

    KeyIdentifier ::= OCTET STRING

    The key may be identified by an explicit key identifier in the
    keyIdentifier component, by identification of a certificate for the
    key (giving certificate issuer in the authorityCertIssuer component
    and certificate serial number in the authorityCertSerialNumber
    component), or by both explicit key identifier and identification of
    a certificate for the key. If both forms of identification are used
    then the certificate or CRL issuer shall ensure they are consistent.
    A key identifier shall be unique with respect to all key identifiers
    for the issuing authority for the certificate or CRL containing the
    extension. An implementation which supports this extension is not
    required to be able to process all name forms in the
    authorityCertIssuer component. (See 8.3.2.1 for details of the
    GeneralNames type.)

    Certification authorities shall assign certificate serial numbers
    such that every (issuer, certificate serial number) pair uniquely
    identifies a single certificate. The keyIdentifier form can be used
    to select CA certificates during path construction. The
    authorityCertIssuer, authoritySerialNumber pair can only be used to
    provide preference to one certificate over others during path
    construction.

    This extension is always non-critical.

-- 
    Viktor.


More information about the openssl-users mailing list