Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

crypto/x509: add SubjectKeyId automatically when IsCA is true #26676

Open
FiloSottile opened this issue Jul 29, 2018 · 1 comment

Comments

Projects
None yet
1 participant
@FiloSottile
Copy link
Member

commented Jul 29, 2018

RFC 5280 provides a recommended algorithm to generate the SubjectKeyID, and since these are new public keys, we could use it to set it by default. It's mostly useful for CAs, so we can do it only when IsCA is true. We already automatically set AuthorityKeyID when the parent has SubjectKeyId.

@FiloSottile

This comment has been minimized.

Copy link
Member Author

commented Feb 4, 2019

Section 4.2.1.2 of RFC 5280 says this is a MUST for CAs.

   To facilitate certification path construction, this extension MUST
   appear in all conforming CA certificates, that is, all certificates
   including the basic constraints extension (Section 4.2.1.9) where the
   value of cA is TRUE. 
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.