Solicitud de archivado de claves de CMC
Art铆culo
06/12/2023
El ejemplo siguiente contiene una solicitud de archivo de claves CMC. El ejemplo se gener贸 mediante las herramientas de Certreq.exe y Certutil.exe. El archivo .inf usado como entrada para Certreq.exe contiene la siguiente configuraci贸n.
[NewRequest]
Subject="cn=TestCN,o=TestOrg"
RequestType=cmc
PrivateKeyArchive=true
[RequestAttributes]
CertificateTemplate=User
Esta configuraci贸n genera la siguiente salida de ejemplo. La configuraci贸n especifica el asunto, el tipo de solicitud (CMC) y el nombre de la plantilla. La plantilla Usuario especifica que:
La solicitud debe usar el proveedor criptogr谩fico base de Microsoft 1.0 o el proveedor criptogr谩fico mejorado de Microsoft 1.0.
El nombre del firmante debe compilarse a partir de Active Directory.
La solicitud incluye el nombre de la plantilla de certificado, el uso mejorado de clave (EKU) y las extensiones uso de claves. La extensi贸n EKU especifica que el certificado emitido se puede usar para cifrar el sistema de archivos (EFS), el correo electr贸nico seguro y la autenticaci贸n de cliente.
PKCS7/CMS Message:
CMSG_SIGNED(2)
CMSG_SIGNED_DATA_CMS_VERSION(3)
Content Type: 1.3.6.1.5.5.7.12.2 CMC Data
PKCS7 Message Content:
================ Begin Nesting Level 1 ================
CMS Certificate Request:
Tagged Attributes: 1
Body Part Id: 2
1.3.6.1.4.1.311.10.10.1 CMC Attributes
Value[0]:
Data Reference: 0
Cert Reference[0]: 1
2 attributes:
Attribute[0]: 1.3.6.1.4.1.311.21.21
Value[0][0]:
Unknown Attribute type
Encrypted Key Hash:
77 46 e7 e6 6b b5 97 a6 7d 08 bf 6e 05 9c 79 e1 6d d6 6b 83
0000 04 14 77 46 e7 e6 6b b5 97 a6 7d 08 bf 6e 05 9c ..wF..k...}..n..
0010 79 e1 6d d6 6b 83 y.m.k.
Attribute[1]: 1.3.6.1.4.1.311.21.20 (Client Information)
Value[1][0]:
Unknown Attribute type
Client Id: = 9
(XECI_DISABLE -- 0)
(XECI_XENROLL -- 1)
(XECI_AUTOENROLL -- 2)
(XECI_REQWIZARD -- 3)
(XECI_CERTREQ -- 4)
User: JDOMCSC\administrator
Machine: vich3d.jdomcsc.nttest.microsoft.com
Process: certreq
0000 30 48 02 01 09 0c 23 76 69 63 68 33 64 2e 6a 64 0H....#vich3d.jd
0010 6f 6d 63 73 63 2e 6e 74 74 65 73 74 2e 6d 69 63 omcsc.nttest.mic
0020 72 6f 73 6f 66 74 2e 63 6f 6d 0c 15 4a 44 4f 4d rosoft.com..JDOM
0030 43 53 43 5c 61 64 6d 69 6e 69 73 74 72 61 74 6f CSC\administrato
0040 72 0c 07 63 65 72 74 72 65 71 r..certreq
Tagged Requests: 1
CMC_TAGGED_CERT_REQUEST_CHOICE:
Body Part Id: 1
================ Begin Nesting Level 2 ================
Element 0:
PKCS10 Certificate Request:
Version: 1
Subject:
O=TestOrg
CN=TestCN
[0,0]: CERT_RDN_PRINTABLE_STRING, Length = 6 (6/64 Characters)
2.5.4.3 Common Name (CN)="TestCN"
54 65 73 74 43 4e TestCN
54 00 65 00 73 00 74 00 43 00 4e 00 T.e.s.t.C.N.
[1,0]: CERT_RDN_PRINTABLE_STRING, Length = 7 (7/64 Characters)
2.5.4.10 Organization (O)="TestOrg"
54 65 73 74 4f 72 67 TestOrg
54 00 65 00 73 00 74 00 4f 00 72 00 67 00 T.e.s.t.O.r.g.
Public Key Algorithm:
Algorithm ObjectId: 1.2.840.113549.1.1.1 RSA (RSA_SIGN)
Algorithm Parameters:
05 00
Public Key Length: 1024 bits
Public Key: UnusedBits = 0
0000 30 81 89 02 81 81 00 da b2 cc 81 37 00 c9 c8 a0
0010 90 3d a0 f6 b7 a7 68 80 bf 43 44 19 62 fd 9b 71
0020 32 49 c0 b0 a3 45 54 d1 e5 24 c1 cd e3 e6 45 8a
0030 2d e5 3f ef cd 7e eb bc 68 de 74 88 11 76 61 f3
0040 77 65 c6 9c 54 ee 54 6d f9 e5 9b c7 ec 82 15 bd
0050 6b 15 88 97 93 ec 0d 0a ef a8 5e de 0c e7 94 e0
0060 7d e7 3d 44 a4 77 1d bd d8 03 df bf b4 89 a1 88
0070 3c 85 72 e3 36 96 7c e0 7f e4 ac 84 8a 69 6e 02
0080 69 0b e4 53 fb 2c 95 02 03 01 00 01
Request Attributes: 5
5 attributes:
Attribute[0]: 1.3.6.1.4.1.311.13.2.3 (OS Version)
Value[0][0]:
6.0.5361.2
0000 16 0a 36 2e 30 2e 35 33 36 31 2e 32 ..6.0.5361.2
Attribute[1]: 1.3.6.1.4.1.311.13.2.1 (Enrollment Name Value Pair)
Value[1][0]:
CertificateTemplate=User
0000 30 32 1e 26 00 43 00 65 00 72 00 74 00 69 00 66 02.&.C.e.r.t.i.f
0010 00 69 00 63 00 61 00 74 00 65 00 54 00 65 00 6d .i.c.a.t.e.T.e.m
0020 00 70 00 6c 00 61 00 74 00 65 1e 08 00 55 00 73 .p.l.a.t.e...U.s
0030 00 65 00 72 .e.r
Attribute[2]: 1.3.6.1.4.1.311.21.20 (Client Information)
Value[2][0]:
Unknown Attribute type
Client Id: = 9
(XECI_DISABLE -- 0)
(XECI_XENROLL -- 1)
(XECI_AUTOENROLL -- 2)
(XECI_REQWIZARD -- 3)
(XECI_CERTREQ -- 4)
User: JDOMCSC\administrator
Machine: vich3d.jdomcsc.nttest.microsoft.com
Process: certreq
0000 30 48 02 01 09 0c 23 76 69 63 68 33 64 2e 6a 64 0H....#vich3d.jd
0010 6f 6d 63 73 63 2e 6e 74 74 65 73 74 2e 6d 69 63 omcsc.nttest.mic
0020 72 6f 73 6f 66 74 2e 63 6f 6d 0c 15 4a 44 4f 4d rosoft.com..JDOM
0030 43 53 43 5c 61 64 6d 69 6e 69 73 74 72 61 74 6f CSC\administrato
0040 72 0c 07 63 65 72 74 72 65 71 r..certreq
Attribute[3]: 1.3.6.1.4.1.311.13.2.2 (Enrollment CSP)
Value[3][0]:
Unknown Attribute type
CSP Provider Info
KeySpec = 1
Provider = Microsoft Enhanced Cryptographic Provider v1.0
Signature: UnusedBits=0
0000 30 64 02 01 01 1e 5c 00 4d 00 69 00 63 00 72 00 0d....\.M.i.c.r.
0010 6f 00 73 00 6f 00 66 00 74 00 20 00 45 00 6e 00 o.s.o.f.t. .E.n.
0020 68 00 61 00 6e 00 63 00 65 00 64 00 20 00 43 00 h.a.n.c.e.d. .C.
0030 72 00 79 00 70 00 74 00 6f 00 67 00 72 00 61 00 r.y.p.t.o.g.r.a.
0040 70 00 68 00 69 00 63 00 20 00 50 00 72 00 6f 00 p.h.i.c. .P.r.o.
0050 76 00 69 00 64 00 65 00 72 00 20 00 76 00 31 00 v.i.d.e.r. .v.1.
0060 2e 00 30 03 01 00 ..0...
Attribute[4]: 1.2.840.113549.1.9.14 (Certificate Extensions)
Value[4][0]:
Unknown Attribute type
Certificate Extensions: 4
1.3.6.1.4.1.311.20.2: Flags = 0, Length = a
Certificate Template Name (Certificate Type)
User
0000 1e 08 00 55 00 73 00 65 00 72 ...U.s.e.r
2.5.29.37: Flags = 0, Length = 22
Enhanced Key Usage
Encrypting File System (1.3.6.1.4.1.311.10.3.4)
Secure Email (1.3.6.1.5.5.7.3.4)
Client Authentication (1.3.6.1.5.5.7.3.2)
0000 30 20 06 0a 2b 06 01 04 01 82 37 0a 03 04 06 08 0 ..+.....7.....
0010 2b 06 01 05 05 07 03 04 06 08 2b 06 01 05 05 07 +.........+.....
0020 03 02 ..
2.5.29.15: Flags = 1(Critical), Length = 4
Key Usage
Digital Signature, Key Encipherment (a0)
0000 03 02 05 a0 ....
2.5.29.14: Flags = 0, Length = 16
Subject Key Identifier
15 bb ba 05 35 8d 0b 21 fb 5d b0 f4 a3 8f e3 bf 0f 2c e0 c5
0000 04 14 15 bb ba 05 35 8d 0b 21 fb 5d b0 f4 a3 8f ......5..!.]....
0010 e3 bf 0f 2c e0 c5 ...,..
0000 30 73 30 17 06 09 2b 06 01 04 01 82 37 14 02 04 0s0...+.....7...
0010 0a 1e 08 00 55 00 73 00 65 00 72 30 29 06 03 55 ....U.s.e.r0)..U
0020 1d 25 04 22 30 20 06 0a 2b 06 01 04 01 82 37 0a .%."0 ..+.....7.
0030 03 04 06 08 2b 06 01 05 05 07 03 04 06 08 2b 06 ....+.........+.
0040 01 05 05 07 03 02 30 0e 06 03 55 1d 0f 01 01 ff ......0...U.....
0050 04 04 03 02 05 a0 30 1d 06 03 55 1d 0e 04 16 04 ......0...U.....
0060 14 15 bb ba 05 35 8d 0b 21 fb 5d b0 f4 a3 8f e3 .....5..!.].....
0070 bf 0f 2c e0 c5 ..,..
Signature Algorithm:
Algorithm ObjectId: 1.2.840.113549.1.1.5 sha1RSA
Algorithm Parameters:
05 00
Signature: UnusedBits=0
0000 86 70 1b cb 78 99 af fe d8 dc b5 e3 7b 8c 45 ab
0010 6e c6 82 1d e4 d4 e2 dc 64 d8 86 99 1a e2 b6 40
0020 af ff 50 b7 e4 47 9d 1f f5 8f be 90 c7 ad c2 08
0030 f7 0d 0c d5 75 b9 80 91 41 e4 c5 79 f2 5c 84 de
0040 0c e5 f4 aa e2 14 e8 f9 45 e5 4a a8 17 c6 ff 63
0050 39 fa df 45 34 81 d3 94 10 66 5d 2f 24 a8 30 a3
0060 61 81 f2 15 d6 f1 cb 48 17 e6 71 c0 38 cb 59 cc
0070 5f dc 37 df e7 8c c7 61 91 5e 67 f7 0c bc c9 6a
Signature matches Public Key
Key Id Hash(rfc-sha1): 15 bb ba 05 35 8d 0b 21 fb 5d b0 f4 a3 8f e3 bf 0f 2c e0 c5
Key Id Hash(sha1): db 65 d3 30 67 b4 6a 68 0a a8 29 84 79 cf 3c f0 04 9d 2c 72
---------------- End Nesting Level 2 ----------------
Tagged Content Info: 0
Tagged Other Messages: 0
---------------- End Nesting Level 1 ----------------
Signer Count: 1
Signer Info[0]:
Signature matches request Public Key
CMSG_SIGNER_INFO_CMS_VERSION(3)
CERT_ID_KEY_IDENTIFIER(2)
0000 15 bb ba 05 35 8d 0b 21 fb 5d b0 f4 a3 8f e3 bf
0010 0f 2c e0 c5
Hash Algorithm:
Algorithm ObjectId: 1.3.14.3.2.26 sha1 (sha1NoSign)
Algorithm Parameters: NULL
Encrypted Hash Algorithm:
Algorithm ObjectId: 1.2.840.113549.1.1.1 RSA (RSA_SIGN)
Algorithm Parameters: NULL
Encrypted Hash:
0000 45 05 b6 19 26 01 3c c2 02 17 2d 9e 1d 19 4d f8
0010 ff 43 58 e5 54 4a 24 52 5b 93 e6 36 00 5b ba ae
0020 bf bc 70 d9 c7 f5 d1 49 e9 e3 6e bd b7 ac 33 c9
0030 14 7a 81 b5 9e b1 a9 7c 22 87 58 8b 90 28 87 4f
0040 86 5b 01 6e cb 6f de 4a 66 89 e6 e5 bc ae d2 59
0050 b5 88 23 81 a5 52 a0 71 f0 b0 d4 57 b8 ac 64 fc
0060 a0 3b 7b bd 8a 5e 57 1a 71 1c 47 05 70 8f 27 bc
0070 7a 25 be da 79 10 d0 83 e0 8a c3 f8 d1 ff 51 3a
Authenticated Attributes[0]:
2 attributes:
Attribute[0]: 1.2.840.113549.1.9.3 (Content Type)
Value[0][0]:
Unknown Attribute type
1.3.6.1.5.5.7.12.2 CMC Data
0000 06 08 2b 06 01 05 05 07 0c 02 ..+.......
Attribute[1]: 1.2.840.113549.1.9.4 (Message Digest)
Value[1][0]:
Unknown Attribute type
Message Digest:
e0 88 af ba 3f 9b de 52 7f f0 88 7f ce d9 7d eb fa 36 3f 72
0000 04 14 e0 88 af ba 3f 9b de 52 7f f0 88 7f ce d9 ......?..R......
0010 7d eb fa 36 3f 72 }..6?r
Unauthenticated Attributes[0]:
1 attributes:
Attribute[0]: 1.3.6.1.4.1.311.21.13 (Encrypted Private Key)
Value[0][0]:
Unknown Attribute type
================ Begin Nesting Level 1 ================
PKCS7 Message:
CMSG_ENVELOPED(3)
CMSG_ENVELOPED_DATA_PKCS_1_5_VERSION(0)
Content Type: 1.2.840.113549.1.7.1 PKCS 7 Data
Content Encryption Algorithm:
Algorithm ObjectId: 1.2.840.113549.3.7 3des
Algorithm Parameters:
04 08 6c d4 43 89 e1 5a 7f c3
04 08 6c d4 43 89 e1 5a 7f c3
PKCS7 Message Content:
Recipient Info[0]:
Serial Number: 488a9b22000000000a39
Issuer:
CN=JDOMCSC Longhorn Enterprise Root CA
O=Microsoft
Subject:
CN=JDOMCSC Longhorn Enterprise Root CA-Xchg
O=Microsoft
Decrypted PKCS7 Message Content
================ Begin Nesting Level 2 ================
Private Key:
PRIVATEKEYBLOB
Version: 2
aiKeyAlg: 0xa400
CALG_RSA_KEYX
Algorithm Class: 0xa000(5) ALG_CLASS_KEY_EXCHANGE
Algorithm Type: 0x400(2) ALG_TYPE_RSA
Algorithm Sub-id: 0x0(0) ALG_SID_RSA_ANY
0000 52 53 41 32 00 04 00 00 01 00 01 00 95 2c fb 53 RSA2.........,.S
0010 e4 0b 69 02 6e 69 8a 84 ac e4 7f e0 7c 96 36 e3 ..i.ni......|.6.
0020 72 85 3c 88 a1 89 b4 bf df 03 d8 bd 1d 77 a4 44 r. |