Handling X509KeyStorageFlags in applications

Vadims Podans PKI Developer

Hello everyone! While participating on StackOverflow.com, I’m observing common in-app certificate handling misuses in .NET applications and I want to share some thoughts on this. Today I would like to speak about handling X509Certificate2 object creation inside the application code, common problems in handling private key material, potential issues and how to overcome them. Problem…

Read More

PowerShell File Checksum Integrity Verifier (PsFCIV)

Vadims Podans PKI Developer

Today I’m glad to announce a PowerShell File Checksum Integrity Verifier (hereinafter PsFCIV) availability as a standalone package. Years ago a friend of mine asked to develop a PowerShell script that would replace a now-discontinued Microsoft File Checksum Integrity Verifier (FCIV) tool that is an essential utility to check integrity of large file shares. While…

Read More

Request extension processing in Active Directory Certification Authority

Vadims Podans PKI Developer

Hello S-1-1-0, Crypt32 is on air! Today I want to explain how ADCS Certification Authority processes extensions from incoming requests and certificate templates. Every X.509 V3 certificate contains certificate extensions to include extra information about certificate owner, issuer, intended usages, limitations/constraints. CA utilize multiple sources to generate extension list to be included in signed certificate,…

Read More

ADCS certificate serial number generation algorithms – a comprehensive guide

Vadims Podans PKI Developer

Hello S-1-1-0, @Crypt32 is again on a failboatboard with new blog post. Today I will share information about a little-known portion in configuration of Microsoft ADCS Certification Authority – serial number generation algorithm. This article assumes big-endian encoding Certificate serial number requirements Every X.509 conforming CA generates a unique serial number for each issued certificate,…

Read More