jspωiki
SubjectKeyIdentifier

Overview#

SubjectKeyIdentifier (SKID) is defined in RFC 5280 as a X.509 Certificate Extension that provides a means of identifying certificates that contain a particular Public Key.

To facilitate Certification path construction, this Certificate Extension MUST appear in all conforming Certificate Authority certificates, that is, all certificates including the BasicConstraints extension (RFC 5280 Section 4.2.1.9) where the value of cA is TRUE.

In conforming CA certificates, the value of the SubjectKeyIdentifier MUST be the value placed in the key identifier field of the Authority Key Identifier extension (RFC 5280 Section 4.2.1.1) of certificates issued by the subject of this certificate. Applications are not required to verify that key identifiers match when performing certification path validation.

For CA certificates, SubjectKeyIdentifier SHOULD be derived from the Public Key or a method that generates unique values.

Conforming Certificate Authoritys MUST mark this extension as non-critical.

More Information#

There might be more information for this subject on one of the following: