1.3.6.1.4.1.3401.8.1.1 - X.509v3 certificate extension for specifying key creation date

OID value: 1.3.6.1.4.1.3401.8.1.1

OID description:
X.509 certificates normally do not specify a key creation date, only a certificate creation date. A somewhat complicated mechanism is available to facilitate setting a reliable key creation date field in the OpenPGP public key packet. This mechanism is intended to facilitate allowing pre-existing OpenPGP keys to acquire X.509 certificates on their key material. These X.509 certificates could then be distributed and imported into other users' OpenPGP compatible software. In order to keep the resulting OpenPGP keys compatible with the ones which were certified, OpenPGP encodes the key creation date into the X.509 certificate request which is sent to be certified. With a cooperative certificate issuing authority (CA), the key creation date is then embedded in the certificate in a special format. This ensures that when other users import the X.509 certificate, they will create the OpenPGP key with the same creation date that the original key had. This is especially important in case the importing user did not previously have a copy of the original OpenPGP key, but acquired it by importing the X.509 certificate; and then he later imports the original OpenPGP key as a conventional-format OpenPGP key, rather than as a certificate. Without the special mechanism for handling creation dates, the creation dates wouldn't match, and the keyids of the two keys would be different, making them appear to be two different keys. Putting the key creation date into the X.509 certificate helps to insure that importing the certificate will correctly reconstruct the OpenPGP key. Two alternative mechanisms are available for encoding this information into the X.509 certificate. The preferred mechanism is a custom extension created for this purpose. The OID for this extension is (1 3 6 1 4 1 3401 8 1 1), encoded as the octet string {0x06, 0x0a, 0x2b, 0x06, 0x01, 0x04, 0x01, 0x9a, 0x49, 0x08, 0x01, 0x01}. The data for the extension is defined as: PGPExtension ::= SEQUENCE { version Version DEFAULT v1, keyCreation Time } The OpenPGP key creation data is stored in X.509 Time format, the same format used for the notBefore and notAfter subfields of the certificate validity field. This is converted to the four byte OpenPGP time format specified in RFC2440 and used as the key creation field in the new OpenPGP key packet.

URL for further info: http://www.imc.org/ietf-openpgp/mail-archive/msg09930.html

See also the OID Repository website reference for 1.3.6.1.4.1.3401.8.1.1

Superior references

• 1.3.6.1.4.1 - IANA-registered Private Enterprises
• 1.3.6.1.4 - Internet Private
• 1.3.6.1 - OID assignments from 1.3.6.1 - Internet
• 1.3.6 - US Department of Defense
• 1.3 - ISO Identified Organization
• 1 - ISO assigned OIDs
• Top of OID tree