ADCSTemplate icon indicating copy to clipboard operation
ADCSTemplate copied to clipboard

Published 20 hours ago verified publisher icon GoateePFE

OID entry name in OID container is not random

Open Crypt32 opened this issue 7 years ago • 2 comments

You have a function Get-RandomHex that generates random HEX for OID entry name in OID container. Actually, these OIDs are not truly random, their name depend on actual OID value and generated as follows:

OID entry name format: [X.Y] Where X -- is first 16 (up to) characters of last OID arc. If last arc length exceeds 16 characters, it is stripped to 16 characters. Where Y -- is MD5 hash calculated over unicode OID value string.

This technique is used in order to support O(1) OID lookup instead of enumerating all OID entries in OID container.

Crypt32 avatar Mar 28 '18 07:03 Crypt32

Added notes from Twitter thread with Vadims here: It is OID part (separated by dot). OID is hierarchical structure and each number have some meaning in a given context. I'm not sure about public information on OID name generation, I got this from Vic Heller (Windows PKI team) six years ago.

GoateePFE avatar Apr 07 '18 23:04 GoateePFE

untitled excerpt from respective conversation.

Crypt32 avatar Apr 08 '18 07:04 Crypt32