Managing Policy Plug-in ModulesChapter 11 Policies 563For general information about this extension, see “authorityKeyIdentifier” onpage 737.You can also customize the method for deriving the Key Identifier using the CMSSDK by subclassing the policy and overriding the following method:formKeyIdentifier(X509CertInfo certInfo, IRequest req)If enabled, the policy adds a Subject Key Identifier Extension to an enrollmentrequest if the extension does not already exist. If the extension exists in the request,for example from a CRMF request, the policy replaces the extension. In case ofagent-approved enrollments, after an agent approves the enrollment request, thepolicy accepts any Subject Key Identifier Extension that is already there.During installation, CMS automatically creates an instance of the subject keyidentifier extension policy, named SubjectKeyIdentifierExt that is enabled bydefault.Managing Policy Plug-in ModulesThis section explains how to use the CMS window to perform the followingoperations:Table 11-41 SubjectKeyIdentifierExt Configuration ParametersParameter Descriptionenable Specifies whether the rule is enabled or disabled. Select to enable, deselect todisable.predicate Specifies the predicate expression for this rule. If you want this rule to be appliedto all certificate requests, leave the field blank (default). To form a predicateexpression, see “Using Predicates in Policy Rules,” on page 485.critical Select if you want the server to mark the extension critical; deselect if you wantthe server to mark the extension noncritical (default).KeyIdentifierType Specifies the method for deriving Key Identifier.• SHA1 specifies that the key identifier must be derived as a 20 byte (160 bit)SHA-1 hash of the BIT STRING of Subject Public Key (default).• TypeField specifies that the key identifier must be derived as a type fieldvalue of 0100 followed by 60 least significant bits of the SHA-1 hash of theSubject Public Key.• SpkiSHA1 specifies that the key identifier must be derived as a 20 byte (160bit) SHA-1 hash of the Subject Public Key Info.
