You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
There are two new ODIs that are being used with Smartcards for Windows Authentication since 2023 and will be mandatory for "strong authentication" starting 2025 (see KB5014754).
It would nice to have x509.ObjectIdentifier and x509.Extension for following OIDs, 1.3.6.1.4.1.311.25.2 and 1.3.6.1.4.1.311.25.2.1
Pardon; what I mean is an ExtensionType that can be added to a x509.Extension.
alfonsrv
changed the title
Add NIDs for 1.3.6.1.4.1.311.25.2 and 1.3.6.1.4.1.311.25.2.1
Extensions for Smartcards 1.3.6.1.4.1.311.25.2 and 1.3.6.1.4.1.311.25.2.1
Feb 9, 2024
Had to rename it to txt, so GitHub would allow me to upload it directly. SID in the extension should be S-1-5-21-1376704245-510857609-3386413621-500 fyi
There are two new ODIs that are being used with Smartcards for Windows Authentication since 2023 and will be mandatory for "strong authentication" starting 2025 (see KB5014754).
It would nice to have
x509.ObjectIdentifier
andx509.Extension
for following OIDs, 1.3.6.1.4.1.311.25.2 and 1.3.6.1.4.1.311.25.2.1They require passing an object's Active Directory Security Identifier (
objectSid
, e.g. S-1-5-21-1468012755-800561317-457473099-500) as value. See here for reference on what ASN.1 encoding looks like: https://elkement.art/2023/03/30/lord-of-the-sid-how-to-add-the-objectsid-attribute-to-a-certificate-manually/https://blog.qdsecurity.se/2022/05/27/manually-injecting-a-sid-in-a-certificate/
Both of the OIDs are used in Windows Client Certificate Enrollment Protocol.
https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-wcce/446a0fca-7f27-4436-965d-191635518466
https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-wcce/e563cff8-1af6-4e6f-a655-7571ca482e71
It was already added by OpenSSL, see openssl/openssl#19630
The text was updated successfully, but these errors were encountered: