CSR, CRL, Certificate, and Certificate Chain

This package defines certificate-related messages.

Certificate

A certificate for a public key.

Field Type Description Required
format CertificateFormat

The format of the certificate in |data|. Required.

No
data bytes

The raw bytes of an encoded certificate. Required.

No

Certificate.CertificateFormat

Defines different certificate formats.

Name Description
UNKNOWN
X509_DER

An X.509 certificate encoded in DER format (.der file).

X509_PEM

An X.509 certificate encoded in PEM format (.pem file).

SGX_ATTESTATION_KEY_CERTIFICATE

A serialized sgx.AttestationKeyCertificate proto for an SGX attestation key.

CertificateChain

A chain of certificates. In general, the following properties apply:

  • The first certificate in the chain is the end-entity certificate. This certificate belongs to an entity that is presenting a certificate chain in order to prove a public key trustworthy.
  • Certificates in the range [1, N-1] belong to intermediate certificate authorities.
  • The last certificate in the chain represents the root certificate. This certificate is self-signed, and belongs to an entity that is trusted by the relying party for some out-of-band reason.
  • A certificate with index i in the range [0, N-1] is signed by the private key corresponding to the certificate with index i+1.

Additional properties may apply for particular certificate types.

Note that a CertificateChain may use more than one certificate format.

Field Type Description Required
certificates Certificate[]

A chain of certificates.

No

CertificateRevocationList

A Certificate Revocation List (CRL).

Field Type Description Required
format CertificateRevocationListFormat

The format of the certificate revocation list in |data|. Required.

No
data bytes

The raw bytes of an encoded certificate revocation list. Required.

No

CertificateRevocationList.CertificateRevocationListFormat

Defines different certificate revocation list formats.

Name Description
UNKNOWN
X509_DER

An X.509 certificate revocation list in DER format (.der file).

X509_PEM

An X.509 certificate revocation list in PEM format (.pem file).

CertificateSigningRequest

A certificate signing request (CSR) for a public key.

Field Type Description Required
format CertificateSigningRequestFormat

The format of the CSR in |data|. Required.

No
data bytes

The raw bytes of an encoded CSR. Required.

No

CertificateSigningRequest.CertificateSigningRequestFormat

Defines different CSR formats.

Name Description
UNKNOWN
PKCS10_DER

A PKCS #10 certificate request encoded in DER format (.der file).

PKCS10_PEM

A PKCS #10 certificate request encoded in PEM format (.pem file).