Credential Validation

I’ve encountered a situation where invalid credentials when calling a Win32 Active Directory call have a serious impact on Active Directory. To mitigate this I needed to validate the credentials before making the call. I’ve found the code below:

bool valid = false;

 using (PrincipalContext context = new PrincipalContext(ContextType.Domain))
 {
     valid = context.ValidateCredentials(username, password);
 }

Microsoft code signing root certificate

I’ve been looking for the Microsoft Code Signing certificate, and managed to locate it through http://knowledgeobelisk.blogspot.co.uk/2014/05/so-for-those-of-you-who-are-attempting.html

The certificate can be downloaded from the Microsoft site at: http://www.microsoft.com/pki/certs/MicrosoftCodeVerifRoot.crt

-----BEGIN CERTIFICATE-----
MIIHBTCCBO2gAwIBAgIQcpQEEB8+DKNHg3/KF1qEODANBgkqhkiG9w0BAQUFADB/
MQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVk
bW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMSkwJwYDVQQDEyBN
aWNyb3NvZnQgQ29kZSBWZXJpZmljYXRpb24gUm9vdDAeFw0wNTExMDExMzQ2NDZa
Fw0yNTExMDExMzU0MDNaMH8xCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpXYXNoaW5n
dG9uMRAwDgYDVQQHEwdSZWRtb25kMR4wHAYDVQQKExVNaWNyb3NvZnQgQ29ycG9y
YXRpb24xKTAnBgNVBAMTIE1pY3Jvc29mdCBDb2RlIFZlcmlmaWNhdGlvbiBSb290
MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAvXfJHH8VeDjFB0MhWvvk
zDvGVTH8IYmxvOcBnPuQviARVXanTQLnsvQuje+yh0ZWykfOyMNj4wgDS5YGuXAi
ROZLe0Q/dbe4piuRCEHvSwdZ1qQZnfbLpLuOAmVNyt4PtJAi8bVrXCL2yvk4qigL
Bi08GY23NV+D7d1lc4RGkp9E4olKjNWYp2096BnLRK0YC+pcX3wLw5qTaETztr+X
mTByPyhZ0HDIBVd49UqCNAokwXqwZKU6bhLVA2E4uw4t/YWc1kh1ahyyouiR+rfk
9Txf/clArMegQvV02Lnb1/5zdxrgxLcJsQWabeNegDh1eFK2EtN5rkP3ZafRFmRp
hY94OriUv0USYlpNh0jW+Bm8WQEG9RrbYCmfAT9uc/n9gEXOldeK9pIMwXNALG2q
MqbxfzD4kPGuRSe5tA4wAr3GDuw8jFu2NIXPFAsMUA2p4lmRLqgBOfQsFWMEgLhA
32L3/rdME6gsqWYTOGL8QHBie3V31SuOG6WZ5bm3x63qAaAle1hGUlZUosmSK1gd
SFHAH/43ANHiqxDCqVnpQpluj7UeR2Z0Hph2V1cEXr0vhZPVDgufLnsmZKeGEglQ
Y+fRx45+DjsH57vkzRpA1Hq6BVlK1tDu3JZeIkonHEXj3tqy6dND/elvwMl9H/2f
kJyGIAjMdNxApymzq1hla7ECAwEAAaOCAXswggF3MAsGA1UdDwQEAwIBxjAPBgNV
HRMBAf8EBTADAQH/MB0GA1UdDgQWBBRi+wohW39DbhHaCVRQa/XSlnHxnjBVBgNV
HR8ETjBMMEqgSKBGhkRodHRwOi8vY3JsLm1pY3Jvc29mdC5jb20vcGtpL2NybC9w
cm9kdWN0cy9NaWNyb3NvZnRDb2RlVmVyaWZSb290LmNybDAQBgkrBgEEAYI3FQEE
AwIBADB0BgNVHSAEbTBrMGkGCSsGAQQBgjcVLzBcMFoGCCsGAQUFBwICME4eTABD
AG8AcAB5AHIAaQBnAGgAdAAgAKkAIAAyADAAMAA1ACAATQBpAGMAcgBvAHMAbwBm
AHQAIABDAG8AcgBwAG8AcgBhAHQAaQBvAG4wWQYIKwYBBQUHAQEETTBLMEkGCCsG
AQUFBzAChj1odHRwOi8vd3d3Lm1pY3Jvc29mdC5jb20vcGtpL2NlcnRzL01pY3Jv
c29mdENvZGVWZXJpZlJvb3QuY3J0MA0GCSqGSIb3DQEBBQUAA4ICAQBhQujrGMhx
3EYZaW3qDs04Z6w+pwf2TRY8nlf7uLinx4cJ5mNX0D1GkFD1BZnJynQ6+wGtek1q
q4TgQFNXyJzVBDaCuLcexoeZwtjHIJ7G8j5V+Y90RFHdK7bQFN3G3tLF/4WvF7mg
ddrGDeJFdpYayz5T++k0WzIDI2y/2H6aPYUPyBU7nQBWT6/dsSUcoMwpZhtHzntn
72TvSEeS3p0UUGm4X4Kp8q2TK1Pvq2IyN+q/BAtG6xmEpqpJoG3Bqy2DQWq01kN7
0jt6DNJt0A0g3FvCKaf4giQiFgE12BrWRCLcR2dWpmgu/8lmn/t/tGTGHmd24DEu
OtlzDWeZyPVhHl3Bp7iPMR843+Ozh0xNs8T2YFysrA2gLAK57/CjXSe9ln0N0NRA
BtGk1stus9U2/kjI8jgmVjogaqTDAEjnGCnnq6OrfAekf6VrSroCP4aXXbluWSTg
fI/t78PPqq8VUT/f9yh4XetNH100CJs0OyqhyJEJfVPB/32AH+BrKNS53Vh0Ibif
Lb0VOk5FSlzDrHwHstAhFbjPadoU5Cwk+2blAZ4aZrTErU0rrWBi5OSP6jcNytg2
3H/bIHozwErWHy3ghc4roZLXVFMgYYZ8NwMDjPxDR+T4SIusGkLqmIJdYlOBa1NG
MLLnhau8GJyGllmGthqv+v1IMSRcARy7HA==
-----END CERTIFICATE-----

Cerfificate details:

X509 Certificate:
Version: 3
Serial Number: 729404101f3e0ca347837fca175a8438
Signature Algorithm:
    Algorithm ObjectId: 1.2.840.113549.1.1.5 sha1RSA
    Algorithm Parameters:
    05 00
Issuer:
    CN=Microsoft Code Verification Root
    O=Microsoft Corporation
    L=Redmond
    S=Washington
    C=US
  Name Hash(sha1): 3a4ad98c36e9b29514934cc6d684e4de10817915
  Name Hash(md5): 26886a40a2dc8d0f4c09452b9266e59b

 NotBefore: 01/11/2005 14:46
 NotAfter: 01/11/2025 14:54

Subject:
    CN=Microsoft Code Verification Root
    O=Microsoft Corporation
    L=Redmond
    S=Washington
    C=US
  Name Hash(sha1): 3a4ad98c36e9b29514934cc6d684e4de10817915
  Name Hash(md5): 26886a40a2dc8d0f4c09452b9266e59b

Public Key Algorithm:
    Algorithm ObjectId: 1.2.840.113549.1.1.1 RSA
    Algorithm Parameters:
    05 00
Public Key Length: 4096 bits
Public Key: UnusedBits = 0
    0000  30 82 02 0a 02 82 02 01  00 bd 77 c9 1c 7f 15 78
    0010  38 c5 07 43 21 5a fb e4  cc 3b c6 55 31 fc 21 89
    0020  b1 bc e7 01 9c fb 90 be  20 11 55 76 a7 4d 02 e7
    0030  b2 f4 2e 8d ef b2 87 46  56 ca 47 ce c8 c3 63 e3
    0040  08 03 4b 96 06 b9 70 22  44 e6 4b 7b 44 3f 75 b7
    0050  b8 a6 2b 91 08 41 ef 4b  07 59 d6 a4 19 9d f6 cb
    0060  a4 bb 8e 02 65 4d ca de  0f b4 90 22 f1 b5 6b 5c
    0070  22 f6 ca f9 38 aa 28 0b  06 2d 3c 19 8d b7 35 5f
    0080  83 ed dd 65 73 84 46 92  9f 44 e2 89 4a 8c d5 98
    0090  a7 6d 3d e8 19 cb 44 ad  18 0b ea 5c 5f 7c 0b c3
    00a0  9a 93 68 44 f3 b6 bf 97  99 30 72 3f 28 59 d0 70
    00b0  c8 05 57 78 f5 4a 82 34  0a 24 c1 7a b0 64 a5 3a
    00c0  6e 12 d5 03 61 38 bb 0e  2d fd 85 9c d6 48 75 6a
    00d0  1c b2 a2 e8 91 fa b7 e4  f5 3c 5f fd c9 40 ac c7
    00e0  a0 42 f5 74 d8 b9 db d7  fe 73 77 1a e0 c4 b7 09
    00f0  b1 05 9a 6d e3 5e 80 38  75 78 52 b6 12 d3 79 ae
    0100  43 f7 65 a7 d1 16 64 69  85 8f 78 3a b8 94 bf 45
    0110  12 62 5a 4d 87 48 d6 f8  19 bc 59 01 06 f5 1a db
    0120  60 29 9f 01 3f 6e 73 f9  fd 80 45 ce 95 d7 8a f6
    0130  92 0c c1 73 40 2c 6d aa  32 a6 f1 7f 30 f8 90 f1
    0140  ae 45 27 b9 b4 0e 30 02  bd c6 0e ec 3c 8c 5b b6
    0150  34 85 cf 14 0b 0c 50 0d  a9 e2 59 91 2e a8 01 39
    0160  f4 2c 15 63 04 80 b8 40  df 62 f7 fe b7 4c 13 a8
    0170  2c a9 66 13 38 62 fc 40  70 62 7b 75 77 d5 2b 8e
    0180  1b a5 99 e5 b9 b7 c7 ad  ea 01 a0 25 7b 58 46 52
    0190  56 54 a2 c9 92 2b 58 1d  48 51 c0 1f fe 37 00 d1
    01a0  e2 ab 10 c2 a9 59 e9 42  99 6e 8f b5 1e 47 66 74
    01b0  1e 98 76 57 57 04 5e bd  2f 85 93 d5 0e 0b 9f 2e
    01c0  7b 26 64 a7 86 12 09 50  63 e7 d1 c7 8e 7e 0e 3b
    01d0  07 e7 bb e4 cd 1a 40 d4  7a ba 05 59 4a d6 d0 ee
    01e0  dc 96 5e 22 4a 27 1c 45  e3 de da b2 e9 d3 43 fd
    01f0  e9 6f c0 c9 7d 1f fd 9f  90 9c 86 20 08 cc 74 dc
    0200  40 a7 29 b3 ab 58 65 6b  b1 02 03 01 00 01
Certificate Extensions: 7
    2.5.29.15: Flags = 0, Length = 4
    Key Usage
        Digital Signature, Non-Repudiation, Certificate Signing, Off-line CRL Signing, CRL Signing (c6)

    2.5.29.19: Flags = 1(Critical), Length = 5
    Basic Constraints
        Subject Type=CA
        Path Length Constraint=None

    2.5.29.14: Flags = 0, Length = 16
    Subject Key Identifier
        62 fb 0a 21 5b 7f 43 6e 11 da 09 54 50 6b f5 d2 96 71 f1 9e

    2.5.29.31: Flags = 0, Length = 4e
    CRL Distribution Points
        [1]CRL Distribution Point
             Distribution Point Name:
                  Full Name:
                       URL=http://crl.microsoft.com/pki/crl/products/MicrosoftCodeVerifRoot.crl

    1.3.6.1.4.1.311.21.1: Flags = 0, Length = 3
    CA Version
        V0.0

    2.5.29.32: Flags = 0, Length = 6d
    Certificate Policies
        [1]Certificate Policy:
             Policy Identifier=1.3.6.1.4.1.311.21.47
             [1,1]Policy Qualifier Info:
                  Policy Qualifier Id=User Notice
                  Qualifier:
                       Notice Text=Copyright © 2005 Microsoft Corporation

    1.3.6.1.5.5.7.1.1: Flags = 0, Length = 4d
    Authority Information Access
        [1]Authority Info Access
             Access Method=Certification Authority Issuer (1.3.6.1.5.5.7.48.2)
             Alternative Name:
                  URL=http://www.microsoft.com/pki/certs/MicrosoftCodeVerifRoot.crt

Signature Algorithm:
    Algorithm ObjectId: 1.2.840.113549.1.1.5 sha1RSA
    Algorithm Parameters:
    05 00
Signature: UnusedBits=0
    0000  1c bb 1c 01 5c 24 31 48  fd fa af 1a b6 86 59 96
    0010  86 9c 18 bc ab 85 e7 b2  30 46 53 6b 81 53 62 5d
    0020  82 98 ea 42 1a ac 8b 48  f8 e4 47 43 fc 8c 03 03
    0030  37 7c 86 61 20 53 54 d7  92 a1 2b ce 85 e0 2d 1f
    0040  d6 4a c0 33 7a 20 db 7f  dc 36 d8 ca 0d 37 ea 8f
    0050  e4 e4 62 60 ad 2b 4d ad  c4 b4 66 1a 9e 01 e5 66
    0060  fb 24 2c e4 14 da 69 cf  b8 15 21 d0 b2 07 7c ac
    0070  c3 5c 4a 45 4e 3a 15 bd  2d 9f b8 21 74 58 dd b9
    0080  d4 28 6b e0 1f 80 7d ff  c1 53 7d 09 91 c8 a1 2a
    0090  3b 34 9b 08 34 5d 1f 4d  eb 5d 78 28 f7 df 3f 51
    00a0  15 af aa cf c3 ef ed 8f  7c e0 24 59 6e b9 5d 97
    00b0  86 3f 02 ba 4a 6b a5 7f  a4 07 7c ab a3 ab e7 29
    00c0  18 e7 48 00 c3 a4 6a 20  3a 56 26 38 f2 c8 48 fe
    00d0  36 d5 b3 6e cb d6 a4 d1  06 40 d4 d0 0d 7d 96 bd
    00e0  27 5d a3 f0 ef b9 02 2c  a0 0d ac ac 5c 60 f6 c4
    00f0  b3 4d 4c 87 b3 e3 df 38  1f 31 8f b8 a7 c1 5d 1e
    0100  61 f5 c8 99 67 0d 73 d9  3a 2e 31 e0 76 67 1e c6
    0110  64 b4 7f fb 9f 66 c9 ff  2e 68 a6 56 67 47 dc 22
    0120  44 d6 1a d8 35 01 16 22  24 82 f8 a7 29 c2 5b dc
    0130  20 0d d0 6d d2 0c 7a 3b  d2 7b 43 d6 b4 6a 41 83
    0140  2d ab c1 6d a0 49 aa a6  84 19 eb 46 0b 04 bf ea
    0150  37 32 62 ab ef 53 2b 93  ad f2 a9 82 5f b8 69 50
    0160  14 9d de 92 47 48 ef 64  ef 67 7b ce 47 1b 66 29
    0170  cc a0 1c 25 b1 dd af 4f  56 00 9d 3b 15 c8 0f 85
    0180  3d 9a 7e d8 bf 6c 23 03  32 5b 34 e9 fb 53 3e cb
    0190  1a 96 76 45 e2 0d c6 da  75 a0 b9 17 af 85 ff c5
    01a0  d2 de c6 dd 14 d0 b6 2b  dd 51 44 74 8f f9 55 3e
    01b0  f2 c6 9e 20 c7 d8 c2 99  87 c6 1e b7 b8 82 36 04
    01c0  d5 9c c8 57 53 40 e0 84  ab 6a 4d 7a ad 01 fb 3a
    01d0  74 ca c9 99 05 f5 50 90  46 3d d0 57 63 e6 09 87
    01e0  c7 a7 b8 b8 fb 57 9e 3c  16 4d f6 07 a7 3e ac 67
    01f0  38 cd 0e ea 6d 69 19 46  dc 71 c8 18 eb e8 42 61
Signature matches Public Key
Root Certificate: Subject matches Issuer
Key Id Hash(rfc-sha1): ea 03 d3 12 03 af 82 15 0a e5 74 50 7e 3e 1f fe 19 4d fe 68
Key Id Hash(sha1): 62 fb 0a 21 5b 7f 43 6e 11 da 09 54 50 6b f5 d2 96 71 f1 9e
Key Id Hash(md5): 57422ad355375fe4f8a40946b45566d9
Key Id Hash(sha256): dcb17fc702eaf2a224905d7801e21ec168b9be7de922d1d88444bd4eef21c9b3
Cert Hash(md5): 7a b2 9f c8 d1 b0 d2 a0 7f 8d 72 f4 3a eb 21 1e
Cert Hash(sha1): 8f be 4d 07 0e f8 ab 1b cc af 2a 9d 5c ca e7 28 2a 2c 66 b3
Cert Hash(sha256): ca7791d5c9a1580dcdcad31d0549fea2043e229aa4f4932cfa056ca23eb8a950
Signature Hash: f4e3b23c5b3673fb06339c35314279fdee1e003f
CertUtil: -dump command completed successfully.

Microsoft OIDs

Taken from http://certificateerror.blogspot.co.uk/2010/08/microsoft-oids.html

1.3.6.1.4.1.311 Microsoft_OID Microsoft OID
1.3.6.1.4.1.311.2 Authenticode Authenticode
1.3.6.1.4.1.311.2.1.4 SPC_INDIRECT_DATA_OBJID SPC INDIRECT DATA OBJID
1.3.6.1.4.1.311.2.1.11 SPC_STATEMENT_TYPE_OBJID SPC STATEMENT TYPE OBJID
1.3.6.1.4.1.311.2.1.12 SPC_SP_OPUS_INFO_OBJID SPC SP OPUS INFO OBJID
1.3.6.1.4.1.311.2.1.15 SPC_PE_IMAGE_DATA_OBJID SPC PE IMAGE DATA OBJID
1.3.6.1.4.1.311.2.1.10 SPC_SP_AGENCY_INFO_OBJID SPC SP AGENCY INFO OBJID
1.3.6.1.4.1.311.2.1.26 SPC_MINIMAL_CRITERIA_OBJID SPC MINIMAL CRITERIA OBJID
1.3.6.1.4.1.311.2.1.27 SPC_FINANCIAL_CRITERIA_OBJID SPC FINANCIAL CRITERIA OBJID
1.3.6.1.4.1.311.2.1.28 SPC_LINK_OBJID SPC LINK OBJID
1.3.6.1.4.1.311.2.1.29 SPC_HASH_INFO_OBJID SPC HASH INFO OBJID
1.3.6.1.4.1.311.2.1.30 SPC_SIPINFO_OBJID SPC SIPINFO OBJID
1.3.6.1.4.1.311.2.1.14 SPC_CERT_EXTENSIONS_OBJID SPC CERT EXTENSIONS OBJID
1.3.6.1.4.1.311.2.1.18 SPC_RAW_FILE_DATA_OBJID SPC RAW FILE DATA OBJID
1.3.6.1.4.1.311.2.1.19 SPC_STRUCTURED_STORAGE_DATA_OBJID SPC STRUCTURED STORAGE DATA OBJID
1.3.6.1.4.1.311.2.1.20 SPC_JAVA_CLASS_DATA_OBJID SPC JAVA CLASS DATA OBJID
1.3.6.1.4.1.311.2.1.21 SPC_INDIVIDUAL_SP_KEY_PURPOSE_OBJID SPC INDIVIDUAL SP KEY PURPOSE OBJID
1.3.6.1.4.1.311.2.1.22 SPC_COMMERCIAL_SP_KEY_PURPOSE_OBJID SPC COMMERCIAL SP KEY PURPOSE OBJID
1.3.6.1.4.1.311.2.1.25 SPC_CAB_DATA_OBJID SPC CAB DATA OBJID
1.3.6.1.4.1.311.2.1.25 SPC_GLUE_RDN_OBJID SPC GLUE RDN OBJID
1.3.6.1.4.1.311.2.2 CTL_for_Software_Publishers_Trusted_CAs CTL for Software Publishers Trusted CAs
1.3.6.1.4.1.311.2.2.1 szOID_TRUSTED_CODESIGNING_CA_LIST OID TRUSTED CODESIGNING CA LIST
1.3.6.1.4.1.311.2.2.2 szOID_TRUSTED_CLIENT_AUTH_CA_LIST OID TRUSTED CLIENT AUTH CA LIST
1.3.6.1.4.1.311.2.2.3 szOID_TRUSTED_SERVER_AUTH_CA_LIST OID TRUSTED SERVER AUTH CA LIST
1.3.6.1.4.1.311.3 Time_Stamping Time Stamping
1.3.6.1.4.1.311.3.2.1 SPC_TIME_STAMP_REQUEST_OBJID SPC TIME STAMP REQUEST OBJID
1.3.6.1.4.1.311.4 Permissions Permissions
1.3.6.1.4.1.311.10 Crypto_2.0 Crypto 2.0
1.3.6.1.4.1.311.10.1 szOID_CTL OID CTL
1.3.6.1.4.1.311.10.1.1 szOID_SORTED_CTL OID SORTED CTL
1.3.6.1.4.1.311.10.2 szOID_NEXT_UPDATE_LOCATION OID NEXT UPDATE LOCATION
1.3.6.1.4.1.311.10.3.1 szOID_KP_CTL_USAGE_SIGNING OID KP CTL USAGE SIGNING
1.3.6.1.4.1.311.10.3.2 szOID_KP_TIME_STAMP_SIGNING OID KP TIME STAMP SIGNING
1.3.6.1.4.1.311.10.3.3 szOID_SERVER_GATED_CRYPTO OID SERVER GATED CRYPTO
1.3.6.1.4.1.311.10.3.3.1 szOID_SERIALIZED OID SERIALIZED
1.3.6.1.4.1.311.10.3.4 szOID_EFS_CRYPTO OID EFS CRYPTO
1.3.6.1.4.1.311.10.3.4.1 szOID_EFS_RECOVERY OID EFS RECOVERY
1.3.6.1.4.1.311.10.3.5 szOID_WHQL_CRYPTO OID WHQL CRYPTO
1.3.6.1.4.1.311.10.3.6 szOID_NT5_CRYPTO OID NT5 CRYPTO
1.3.6.1.4.1.311.10.3.7 szOID_OEM_WHQL_CRYPTO OID OEM WHQL CRYPTO
1.3.6.1.4.1.311.10.3.8 szOID_EMBEDDED_NT_CRYPTO OID EMBEDDED NT CRYPTO
1.3.6.1.4.1.311.10.3.9 szOID_ROOT_LIST_SIGNER OID ROOT LIST SIGNER
1.3.6.1.4.1.311.10.3.10 szOID_KP_QUALIFIED_SUBORDINATION OID KP QUALIFIED SUBORDINATION
1.3.6.1.4.1.311.10.3.11 szOID_KP_KEY_RECOVERY OID KP KEY RECOVERY
1.3.6.1.4.1.311.10.3.12 szOID_KP_DOCUMENT_SIGNING OID KP DOCUMENT SIGNING
1.3.6.1.4.1.311.10.4.1 szOID_YESNO_TRUST_ATTR OID YESNO TRUST ATTR
1.3.6.1.4.1.311.10.5.1 szOID_DRM OID DRM
1.3.6.1.4.1.311.10.5.2 szOID_DRM_INDIVIDUALIZATION OID DRM INDIVIDUALIZATION
1.3.6.1.4.1.311.10.6.1 szOID_LICENSES OID LICENSES
1.3.6.1.4.1.311.10.6.2 szOID_LICENSE_SERVER OID LICENSE SERVER
1.3.6.1.4.1.311.10.7 szOID_MICROSOFT_RDN_PREFIX OID MICROSOFT RDN PREFIX
1.3.6.1.4.1.311.10.7.1 szOID_KEYID_RDN OID KEYID RDN
1.3.6.1.4.1.311.10.8.1 szOID_REMOVE_CERTIFICATE OID REMOVE CERTIFICATE
1.3.6.1.4.1.311.10.9.1 szOID_CROSS_CERT_DIST_POINTS OID CROSS CERT DIST POINTS
1.3.6.1.4.1.311.10.10 Microsoft_CMC_OIDs Microsoft CMC OIDs
1.3.6.1.4.1.311.10.10.1 szOID_CMC_ADD_ATTRIBUTES OID CMC ADD ATTRIBUTES
1.3.6.1.4.1.311.10.11 Microsoft_certificate_property_OIDs Microsoft certificate property OIDs
1.3.6.1.4.1.311.10.11. szOID_CERT_PROP_ID_PREFIX OID CERT PROP ID PREFIX
1.3.6.1.4.1.311.10.12 CryptUI CryptUI
1.3.6.1.4.1.311.10.12.1 szOID_ANY_APPLICATION_POLICY OID ANY APPLICATION POLICY
1.3.6.1.4.1.311.12 Catalog Catalog
1.3.6.1.4.1.311.12.1.1 szOID_CATALOG_LIST OID CATALOG LIST
1.3.6.1.4.1.311.12.1.2 szOID_CATALOG_LIST_MEMBER OID CATALOG LIST MEMBER
1.3.6.1.4.1.311.12.2.1 CAT_NAMEVALUE_OBJID CAT NAMEVALUE OBJID
1.3.6.1.4.1.311.12.2.2 CAT_MEMBERINFO_OBJID CAT MEMBERINFO OBJID
1.3.6.1.4.1.311.13 Microsoft_PKCS10_OIDs Microsoft PKCS10 OIDs
1.3.6.1.4.1.311.13.1 szOID_RENEWAL_CERTIFICATE OID RENEWAL CERTIFICATE
1.3.6.1.4.1.311.13.2.1 szOID_ENROLLMENT_NAME_VALUE_PAIR OID ENROLLMENT NAME VALUE PAIR
1.3.6.1.4.1.311.13.2.2 szOID_ENROLLMENT_CSP_PROVIDER OID ENROLLMENT CSP PROVIDER
1.3.6.1.4.1.311.15 Microsoft_Java Microsoft Java
1.3.6.1.4.1.311.16 Microsoft_Outlook/Exchange Microsoft Outlook/Exchange
1.3.6.1.4.1.311.16.4 Outlook_Express Outlook Express
1.3.6.1.4.1.311.17 Microsoft_PKCS12_attributes Microsoft PKCS12 attributes
1.3.6.1.4.1.311.17.1 szOID_LOCAL_MACHINE_KEYSET OID LOCAL MACHINE KEYSET
1.3.6.1.4.1.311.18 Microsoft_Hydra Microsoft Hydra
1.3.6.1.4.1.311.19 Microsoft_ISPU_Test Microsoft ISPU Test
1.3.6.1.4.1.311.20 Microsoft_Enrollment_Infrastructure Microsoft Enrollment Infrastructure
1.3.6.1.4.1.311.20.1 szOID_AUTO_ENROLL_CTL_USAGE OID AUTO ENROLL CTL USAGE
1.3.6.1.4.1.311.20.2 szOID_ENROLL_CERTTYPE_EXTENSION OID ENROLL CERTTYPE EXTENSION
1.3.6.1.4.1.311.20.2.1 szOID_ENROLLMENT_AGENT OID ENROLLMENT AGENT
1.3.6.1.4.1.311.20.2.2 szOID_KP_SMARTCARD_LOGON OID KP SMARTCARD LOGON
1.3.6.1.4.1.311.20.2.3 szOID_NT_PRINCIPAL_NAME OID NT PRINCIPAL NAME
1.3.6.1.4.1.311.20.3 szOID_CERT_MANIFOLD OID CERT MANIFOLD
1.3.6.1.4.1.311.21 Microsoft_CertSrv_Infrastructure Microsoft CertSrv Infrastructure
1.3.6.1.4.1.311.21.1 szOID_CERTSRV_CA_VERSION OID CERTSRV CA VERSION
1.3.6.1.4.1.311.25 Microsoft_Directory_Service Microsoft Directory Service
1.3.6.1.4.1.311.25.1 szOID_NTDS_REPLICATION OID NTDS REPLICATION
1.3.6.1.4.1.311.30 IIS IIS
1.3.6.1.4.1.311.31 Windows_updates_and_service_packs Windows updates and service packs
1.3.6.1.4.1.311.31.1 szOID_PRODUCT_UPDATE OID PRODUCT UPDATE
1.3.6.1.4.1.311.40 Fonts Fonts
1.3.6.1.4.1.311.41 Microsoft_Licensing_and_Registration Microsoft Licensing and Registration
1.3.6.1.4.1.311.42 Microsoft_Corporate_PKI_(ITG) Microsoft Corporate PKI (ITG)
1.3.6.1.4.1.311.88 CAPICOM CAPICOM
1.3.6.1.4.1.311.88 szOID_CAPICOM OID CAPICOM
1.3.6.1.4.1.311.88.1 szOID_CAPICOM_VERSION OID CAPICOM VERSION
1.3.6.1.4.1.311.88.2 szOID_CAPICOM_ATTRIBUTE OID CAPICOM ATTRIBUTE
1.3.6.1.4.1.311.88.2.1 szOID_CAPICOM_DOCUMENT_NAME OID CAPICOM DOCUMENT NAME
1.3.6.1.4.1.311.88.2.2 szOID_CAPICOM_DOCUMENT_DESCRIPTION OID CAPICOM DOCUMENT DESCRIPTION
1.3.6.1.4.1.311.88.3 szOID_CAPICOM_ENCRYPTED_DATA OID CAPICOM ENCRYPTED DATA
1.3.6.1.4.1.311.88.3.1 szOID_CAPICOM_ENCRYPTED_CONTENT OID CAPICOM ENCRYPTED CONTENT
1.3.6.1.4.1.311 Microsoft_OID Microsoft OID
1.3.6.1.4.1.311.2 Authenticode Authenticode
1.3.6.1.4.1.311.2.1.4 SPC_INDIRECT_DATA_OBJID SPC INDIRECT DATA OBJID
1.3.6.1.4.1.311.2.1.11 SPC_STATEMENT_TYPE_OBJID SPC STATEMENT TYPE OBJID
1.3.6.1.4.1.311.2.1.12 SPC_SP_OPUS_INFO_OBJID SPC SP OPUS INFO OBJID
1.3.6.1.4.1.311.2.1.15 SPC_PE_IMAGE_DATA_OBJID SPC PE IMAGE DATA OBJID
1.3.6.1.4.1.311.2.1.10 SPC_SP_AGENCY_INFO_OBJID SPC SP AGENCY INFO OBJID
1.3.6.1.4.1.311.2.1.26 SPC_MINIMAL_CRITERIA_OBJID SPC MINIMAL CRITERIA OBJID
1.3.6.1.4.1.311.2.1.27 SPC_FINANCIAL_CRITERIA_OBJID SPC FINANCIAL CRITERIA OBJID
1.3.6.1.4.1.311.2.1.28 SPC_LINK_OBJID SPC LINK OBJID
1.3.6.1.4.1.311.2.1.29 SPC_HASH_INFO_OBJID SPC HASH INFO OBJID
1.3.6.1.4.1.311.2.1.30 SPC_SIPINFO_OBJID SPC SIPINFO OBJID
1.3.6.1.4.1.311.2.1.14 SPC_CERT_EXTENSIONS_OBJID SPC CERT EXTENSIONS OBJID
1.3.6.1.4.1.311.2.1.18 SPC_RAW_FILE_DATA_OBJID SPC RAW FILE DATA OBJID
1.3.6.1.4.1.311.2.1.19 SPC_STRUCTURED_STORAGE_DATA_OBJID SPC STRUCTURED STORAGE DATA OBJID
1.3.6.1.4.1.311.2.1.20 SPC_JAVA_CLASS_DATA_OBJID SPC JAVA CLASS DATA OBJID
1.3.6.1.4.1.311.2.1.21 SPC_INDIVIDUAL_SP_KEY_PURPOSE_OBJID SPC INDIVIDUAL SP KEY PURPOSE OBJID
1.3.6.1.4.1.311.2.1.22 SPC_COMMERCIAL_SP_KEY_PURPOSE_OBJID SPC COMMERCIAL SP KEY PURPOSE OBJID
1.3.6.1.4.1.311.2.1.25 SPC_CAB_DATA_OBJID SPC CAB DATA OBJID
1.3.6.1.4.1.311.2.1.25 SPC_GLUE_RDN_OBJID SPC GLUE RDN OBJID
1.3.6.1.4.1.311.2.2 CTL_for_Software_Publishers_Trusted_CAs CTL for Software Publishers Trusted CAs
1.3.6.1.4.1.311.2.2.1 szOID_TRUSTED_CODESIGNING_CA_LIST OID TRUSTED CODESIGNING CA LIST
1.3.6.1.4.1.311.2.2.2 szOID_TRUSTED_CLIENT_AUTH_CA_LIST OID TRUSTED CLIENT AUTH CA LIST
1.3.6.1.4.1.311.2.2.3 szOID_TRUSTED_SERVER_AUTH_CA_LIST OID TRUSTED SERVER AUTH CA LIST
1.3.6.1.4.1.311.3 Time_Stamping Time Stamping
1.3.6.1.4.1.311.3.2.1 SPC_TIME_STAMP_REQUEST_OBJID SPC TIME STAMP REQUEST OBJID
1.3.6.1.4.1.311.4 Permissions Permissions
1.3.6.1.4.1.311.10 Crypto_2.0 Crypto 2.0
1.3.6.1.4.1.311.10.1 szOID_CTL OID CTL
1.3.6.1.4.1.311.10.1.1 szOID_SORTED_CTL OID SORTED CTL
1.3.6.1.4.1.311.10.2 szOID_NEXT_UPDATE_LOCATION OID NEXT UPDATE LOCATION
1.3.6.1.4.1.311.10.3.1 szOID_KP_CTL_USAGE_SIGNING OID KP CTL USAGE SIGNING
1.3.6.1.4.1.311.10.3.2 szOID_KP_TIME_STAMP_SIGNING OID KP TIME STAMP SIGNING
1.3.6.1.4.1.311.10.3.3 szOID_SERVER_GATED_CRYPTO OID SERVER GATED CRYPTO
1.3.6.1.4.1.311.10.3.3.1 szOID_SERIALIZED OID SERIALIZED
1.3.6.1.4.1.311.10.3.4 szOID_EFS_CRYPTO OID EFS CRYPTO
1.3.6.1.4.1.311.10.3.4.1 szOID_EFS_RECOVERY OID EFS RECOVERY
1.3.6.1.4.1.311.10.3.5 szOID_WHQL_CRYPTO OID WHQL CRYPTO
1.3.6.1.4.1.311.10.3.6 szOID_NT5_CRYPTO OID NT5 CRYPTO
1.3.6.1.4.1.311.10.3.7 szOID_OEM_WHQL_CRYPTO OID OEM WHQL CRYPTO
1.3.6.1.4.1.311.10.3.8 szOID_EMBEDDED_NT_CRYPTO OID EMBEDDED NT CRYPTO
1.3.6.1.4.1.311.10.3.9 szOID_ROOT_LIST_SIGNER OID ROOT LIST SIGNER
1.3.6.1.4.1.311.10.3.10 szOID_KP_QUALIFIED_SUBORDINATION OID KP QUALIFIED SUBORDINATION
1.3.6.1.4.1.311.10.3.11 szOID_KP_KEY_RECOVERY OID KP KEY RECOVERY
1.3.6.1.4.1.311.10.3.12 szOID_KP_DOCUMENT_SIGNING OID KP DOCUMENT SIGNING
1.3.6.1.4.1.311.10.3.13 szOID_KP_LIFETIME_SIGNING OID KP LIFETIME SIGNING
1.3.6.1.4.1.311.10.3.14 szOID_KP_MOBILE_DEVICE_SOFTWARE OID KP MOBILE DEVICE SOFTWARE
1.3.6.1.4.1.311.10.4.1 szOID_YESNO_TRUST_ATTR OID YESNO TRUST ATTR
1.3.6.1.4.1.311.10.5.1 szOID_DRM OID DRM
1.3.6.1.4.1.311.10.5.2 szOID_DRM_INDIVIDUALIZATION OID DRM INDIVIDUALIZATION
1.3.6.1.4.1.311.10.6.1 szOID_LICENSES OID LICENSES
1.3.6.1.4.1.311.10.6.2 szOID_LICENSE_SERVER OID LICENSE SERVER
1.3.6.1.4.1.311.10.7 szOID_MICROSOFT_RDN_PREFIX OID MICROSOFT RDN PREFIX
1.3.6.1.4.1.311.10.7.1 szOID_KEYID_RDN OID KEYID RDN
1.3.6.1.4.1.311.10.8.1 szOID_REMOVE_CERTIFICATE OID REMOVE CERTIFICATE
1.3.6.1.4.1.311.10.9.1 szOID_CROSS_CERT_DIST_POINTS OID CROSS CERT DIST POINTS
1.3.6.1.4.1.311.10.10 Microsoft_CMC_OIDs Microsoft CMC OIDs
1.3.6.1.4.1.311.10.10.1 szOID_CMC_ADD_ATTRIBUTES OID CMC ADD ATTRIBUTES
1.3.6.1.4.1.311.10.11 Microsoft_certificate_property_OIDs Microsoft certificate property OIDs
1.3.6.1.4.1.311.10.11.1 szOID_CERT_PROP_ID_PREFIX OID CERT PROP ID PREFIX
1.3.6.1.4.1.311.10.12 CryptUI CryptUI
1.3.6.1.4.1.311.10.12.1 szOID_ANY_APPLICATION_POLICY OID ANY APPLICATION POLICY
1.3.6.1.4.1.311.12 Catalog Catalog
1.3.6.1.4.1.311.12.1.1 szOID_CATALOG_LIST OID CATALOG LIST
1.3.6.1.4.1.311.12.1.2 szOID_CATALOG_LIST_MEMBER OID CATALOG LIST MEMBER
1.3.6.1.4.1.311.12.2.1 CAT_NAMEVALUE_OBJID CAT NAMEVALUE OBJID
1.3.6.1.4.1.311.12.2.2 CAT_MEMBERINFO_OBJID CAT MEMBERINFO OBJID
1.3.6.1.4.1.311.13 Microsoft_PKCS10_OIDs Microsoft PKCS10 OIDs
1.3.6.1.4.1.311.13.1 szOID_RENEWAL_CERTIFICATE OID RENEWAL CERTIFICATE
1.3.6.1.4.1.311.13.2.1 szOID_ENROLLMENT_NAME_VALUE_PAIR OID ENROLLMENT NAME VALUE PAIR
1.3.6.1.4.1.311.13.2.2 szOID_ENROLLMENT_CSP_PROVIDER OID ENROLLMENT CSP PROVIDER
1.3.6.1.4.1.311.13.2.3 szOID_OS_VERSION OID OS VERSION
1.3.6.1.4.1.311.15 Microsoft_Java Microsoft Java
1.3.6.1.4.1.311.16 Microsoft_Outlook/Exchange Microsoft Outlook/Exchange
1.3.6.1.4.1.311.16.4 szOID_MICROSOFT_Encryption_Key_Preference OID MICROSOFT Encryption Key Preference
1.3.6.1.4.1.311.17 Microsoft_PKCS12_attributes Microsoft PKCS12 attributes
1.3.6.1.4.1.311.17.1 szOID_LOCAL_MACHINE_KEYSET OID LOCAL MACHINE KEYSET
1.3.6.1.4.1.311.18 Microsoft_Hydra Microsoft Hydra
1.3.6.1.4.1.311.18.1 szOID_PKIX_LICENSE_INFO OID PKIX LICENSE INFO
1.3.6.1.4.1.311.18.2 szOID_PKIX_MANUFACTURER OID PKIX MANUFACTURER
1.3.6.1.4.1.311.18.3 szOID_PKIX_MANUFACTURER_MS_SPECIFIC OID PKIX MANUFACTURER MS SPECIFIC
1.3.6.1.4.1.311.18.4 szOID_PKIX_HYDRA_CERT_VERSION OID PKIX HYDRA CERT VERSION
1.3.6.1.4.1.311.18.5 szOID_PKIX_LICENSED_PRODUCT_INFO OID PKIX LICENSED PRODUCT INFO
1.3.6.1.4.1.311.18.6 szOID_PKIX_MS_LICENSE_SERVER_INFO OID PKIX MS LICENSE SERVER INFO
1.3.6.1.4.1.311.18.7 szOID_PKIS_PRODUCT_SPECIFIC_OID OID PKIS PRODUCT SPECIFIC OID
1.3.6.1.4.1.311.18.8 szOID_PKIS_TLSERVER_SPK_OID OID PKIS TLSERVER SPK OID
1.3.6.1.4.1.311.19 Microsoft_ISPU_Test Microsoft ISPU Test
1.3.6.1.4.1.311.20 Microsoft_Enrollment_Infrastructure Microsoft Enrollment Infrastructure
1.3.6.1.4.1.311.20.1 szOID_AUTO_ENROLL_CTL_USAGE OID AUTO ENROLL CTL USAGE
1.3.6.1.4.1.311.20.2 szOID_ENROLL_CERTTYPE_EXTENSION OID ENROLL CERTTYPE EXTENSION
1.3.6.1.4.1.311.20.2.1 szOID_ENROLLMENT_AGENT OID ENROLLMENT AGENT
1.3.6.1.4.1.311.20.2.2 szOID_KP_SMARTCARD_LOGON OID KP SMARTCARD LOGON
1.3.6.1.4.1.311.20.2.3 szOID_NT_PRINCIPAL_NAME OID NT PRINCIPAL NAME
1.3.6.1.4.1.311.20.3 szOID_CERT_MANIFOLD OID CERT MANIFOLD
1.3.6.1.4.1.311.21 Microsoft_CertSrv_Infrastructure Microsoft CertSrv Infrastructure
1.3.6.1.4.1.311.21.1 szOID_CERTSRV_CA_VERSION OID CERTSRV CA VERSION
1.3.6.1.4.1.311.21.2 szOID_CERTSRV_PREVIOUS_CERT_HASH OID CERTSRV PREVIOUS CERT HASH
1.3.6.1.4.1.311.21.3 szOID_CRL_VIRTUAL_BASE OID CRL VIRTUAL BASE
1.3.6.1.4.1.311.21.4 szOID_CRL_NEXT_PUBLISH OID CRL NEXT PUBLISH
1.3.6.1.4.1.311.21.5 szOID_KP_CA_EXCHANGE OID KP CA EXCHANGE
1.3.6.1.4.1.311.21.6 szOID_KP_KEY_RECOVERY_AGENT OID KP KEY RECOVERY AGENT
1.3.6.1.4.1.311.21.7 szOID_CERTIFICATE_TEMPLATE OID CERTIFICATE TEMPLATE
1.3.6.1.4.1.311.21.8 szOID_ENTERPRISE_OID_ROOT OID ENTERPRISE OID ROOT
1.3.6.1.4.1.311.21.9 szOID_RDN_DUMMY_SIGNER OID RDN DUMMY SIGNER
1.3.6.1.4.1.311.21.10 szOID_APPLICATION_CERT_POLICIES OID APPLICATION CERT POLICIES
1.3.6.1.4.1.311.21.11 szOID_APPLICATION_POLICY_MAPPINGS OID APPLICATION POLICY MAPPINGS
1.3.6.1.4.1.311.21.12 szOID_APPLICATION_POLICY_CONSTRAINTS OID APPLICATION POLICY CONSTRAINTS
1.3.6.1.4.1.311.21.13 szOID_ARCHIVED_KEY_ATTR OID ARCHIVED KEY ATTR
1.3.6.1.4.1.311.21.14 szOID_CRL_SELF_CDP OID CRL SELF CDP
1.3.6.1.4.1.311.21.15 szOID_REQUIRE_CERT_CHAIN_POLICY OID REQUIRE CERT CHAIN POLICY
1.3.6.1.4.1.311.21.16 szOID_ARCHIVED_KEY_CERT_HASH OID ARCHIVED KEY CERT HASH
1.3.6.1.4.1.311.21.17 szOID_ISSUED_CERT_HASH OID ISSUED CERT HASH
1.3.6.1.4.1.311.21.19 szOID_DS_EMAIL_REPLICATION OID DS EMAIL REPLICATION
1.3.6.1.4.1.311.21.20 szOID_REQUEST_CLIENT_INFO OID REQUEST CLIENT INFO
1.3.6.1.4.1.311.21.21 szOID_ENCRYPTED_KEY_HASH OID ENCRYPTED KEY HASH
1.3.6.1.4.1.311.21.22 szOID_CERTSRV_CROSSCA_VERSION OID CERTSRV CROSSCA VERSION
1.3.6.1.4.1.311.25 Microsoft_Directory_Service Microsoft Directory Service
1.3.6.1.4.1.311.25.1 szOID_NTDS_REPLICATION OID NTDS REPLICATION
1.3.6.1.4.1.311.30 IIS IIS
1.3.6.1.4.1.311.30.1 szOID_IIS_VIRTUAL_SERVER OID IIS VIRTUAL SERVER
1.3.6.1.4.1.311.43 Microsoft_WWOps_BizExt Microsoft WWOps BizExt
1.3.6.1.4.1.311.44 Microsoft_Peer_Networking Microsoft Peer Networking
1.3.6.1.4.1.311.44.1 szOID_PEERNET_PNRP OID PEERNET PNRP
1.3.6.1.4.1.311.44.2 szOID_PEERNET_IDENTITY OID PEERNET IDENTITY
1.3.6.1.4.1.311.44.3 szOID_PEERNET_GROUPING OID PEERNET GROUPING
1.3.6.1.4.1.311.44.0.1 szOID_PEERNET_CERT_TYPE OID PEERNET CERT TYPE
1.3.6.1.4.1.311.44.0.2 szOID_PEERNET_PEERNAME OID PEERNET PEERNAME
1.3.6.1.4.1.311.44.0.3 szOID_PEERNET_CLASSIFIER OID PEERNET CLASSIFIER
1.3.6.1.4.1.311.44.0.4 szOID_PEERNET_CERT_VERSION OID PEERNET CERT VERSION
1.3.6.1.4.1.311.44.1.1 szOID_PEERNET_PNRP_ADDRESS OID PEERNET PNRP ADDRESS
1.3.6.1.4.1.311.44.1.2 szOID_PEERNET_PNRP_FLAGS OID PEERNET PNRP FLAGS
1.3.6.1.4.1.311.44.1.3 szOID_PEERNET_PNRP_PAYLOAD OID PEERNET PNRP PAYLOAD
1.3.6.1.4.1.311.44.1.4 szOID_PEERNET_PNRP_ID OID PEERNET PNRP ID
1.3.6.1.4.1.311.44.2.2 szOID_PEERNET_IDENTITY_FLAGS OID PEERNET IDENTITY FLAGS
1.3.6.1.4.1.311.44.3.1 szOID_PEERNET_GROUPING_PEERNAME OID PEERNET GROUPING PEERNAME
1.3.6.1.4.1.311.44.3.2 szOID_PEERNET_GROUPING_FLAGS OID PEERNET GROUPING FLAGS
1.3.6.1.4.1.311.44.3.3 szOID_PEERNET_GROUPING_ROLES OID PEERNET GROUPING ROLES
1.3.6.1.4.1.311.44.3.5 szOID_PEERNET_GROUPING_CLASSIFIERS OID PEERNET GROUPING CLASSIFIERS
1.3.6.1.4.1.311.45 Mobile_Devices_Code_Signing Mobile Devices Code Signing
1.3.6.1.4.1.311.88 CAPICOM CAPICOM
1.3.6.1.4.1.311.88 szOID_CAPICOM OID CAPICOM
1.3.6.1.4.1.311.88.1 szOID_CAPICOM_VERSION OID CAPICOM VERSION
1.3.6.1.4.1.311.88.2 szOID_CAPICOM_ATTRIBUTE OID CAPICOM ATTRIBUTE
1.3.6.1.4.1.311.88.2.1 szOID_CAPICOM_DOCUMENT_NAME OID CAPICOM DOCUMENT NAME
1.3.6.1.4.1.311.88.2.2 szOID_CAPICOM_DOCUMENT_DESCRIPTION OID CAPICOM DOCUMENT DESCRIPTION
1.3.6.1.4.1.311.88.3 szOID_CAPICOM_ENCRYPTED_DATA OID CAPICOM ENCRYPTED DATA
1.3.6.1.4.1.311.88.3.1 szOID_CAPICOM_ENCRYPTED_CONTENT OID CAPICOM ENCRYPTED CONTENT