search

GoateePFE / ADCSTemplate

A PowerShell module for exporting, importing, removing, permissioning, publishing Active Directory Certificate Templates. It also includes a DSC resource for creating AD CS templates using these functions. This was built with the intent of using DSC for rapid lab builds. Could also work in production to move templates between AD CS environments.
MIT License
81 stars 24 forks source link

OID entry name in OID container is not random #1

Open Crypt32 opened 6 years ago

Crypt32 commented 6 years ago

You have a function Get-RandomHex that generates random HEX for OID entry name in OID container. Actually, these OIDs are not truly random, their name depend on actual OID value and generated as follows:

OID entry name format: [X.Y] Where X -- is first 16 (up to) characters of last OID arc. If last arc length exceeds 16 characters, it is stripped to 16 characters. Where Y -- is MD5 hash calculated over unicode OID value string.

This technique is used in order to support O(1) OID lookup instead of enumerating all OID entries in OID container.

GoateePFE commented 6 years ago

Added notes from Twitter thread with Vadims here: It is OID part (separated by dot). OID is hierarchical structure and each number have some meaning in a given context. I'm not sure about public information on OID name generation, I got this from Vic Heller (Windows PKI team) six years ago.

Crypt32 commented 6 years ago

untitled excerpt from respective conversation.