OID value: 1.3.6.1.4.1.3401.8.1.1
OID description:
X.509 certificates normally do not specify a key creation date, only
a certificate creation date. A somewhat complicated mechanism is
available to facilitate setting a reliable key creation date field in
the OpenPGP public key packet.
This mechanism is intended to facilitate allowing pre-existing
OpenPGP keys to acquire X.509 certificates on their key material.
These X.509 certificates could then be distributed and imported into
other users' OpenPGP compatible software. In order to keep the
resulting OpenPGP keys compatible with the ones which were certified,
OpenPGP encodes the key creation date into the X.509 certificate
request which is sent to be certified. With a cooperative
certificate issuing authority (CA), the key creation date is then
embedded in the certificate in a special format. This ensures that
when other users import the X.509 certificate, they will create the
OpenPGP key with the same creation date that the original key had.
This is especially important in case the importing user did not
previously have a copy of the original OpenPGP key, but acquired it
by importing the X.509 certificate; and then he later imports the
original OpenPGP key as a conventional-format OpenPGP key, rather
than as a certificate. Without the special mechanism for handling
creation dates, the creation dates wouldn't match, and the keyids of
the two keys would be different, making them appear to be two
different keys. Putting the key creation date into the X.509
certificate helps to insure that importing the certificate will
correctly reconstruct the OpenPGP key.
Two alternative mechanisms are available for encoding this
information into the X.509 certificate. The preferred mechanism is a
custom extension created for this purpose. The OID for this
extension is (1 3 6 1 4 1 3401 8 1 1), encoded as the octet string
{0x06, 0x0a, 0x2b, 0x06, 0x01, 0x04, 0x01, 0x9a, 0x49, 0x08, 0x01,
0x01}. The data for the extension is defined as:
PGPExtension ::= SEQUENCE {
version Version DEFAULT v1,
keyCreation Time
}
The OpenPGP key creation data is stored in X.509 Time format, the
same format used for the notBefore and notAfter subfields of the
certificate validity field. This is converted to the four byte
OpenPGP time format specified in RFC2440 and used as the key creation
field in the new OpenPGP key packet.
URL for further info: http://www.imc.org/ietf-openpgp/mail-archive/msg09930.html
See also the OID Repository website reference for 1.3.6.1.4.1.3401.8.1.1