How the container id is generated for the certificates that are added to ArcotID?

Document ID : KB000012200
Last Modified Date : 14/02/2018
Show Technical Document Details
Question:

We can add certificates to ArcotID Key Bag Element. When ArcotID is downloaded using any ArcotID Client(e.g. ArcotID Native Client), the certificates also get downloaded. Each certificate has a ID(or container name). How The container name is generated?

Environment:
ArcotID Native Client 6.2.xCA Strong Authentication (previously known as Webfort or AuthMinder)
Answer:

If user has added any certificate on ArcotID, the Key Bag elements in ArcotID looks like belowarcotid_certificates.png

 

Images data descriptions

 

In above image user has added two certificates, first certificate has serial no 700000001A4D6397F748EA077800000000001A and second certificate has serial no 7000000019DE70A4E72ACD0E93000000000019 along with this serial no. certificate has ID (Sequence ID) no 01000000(Base64encoded "AQAAAA==") and no 14000000(Base64encoded "FAAAAA==") respectably.

 

Above image also shows that ArcotID contain three certificates, first one is root certificate and last two are mail sign/Authentication certificate.

 

Once this ArcotID comes to ArcotID client. The client calls method ImportArcotID. The ImportArcotID method imports certificates added to ArcotID to trust store.

 

 

 

Before importing certificates ANC client create container name using below formula

Container Name Formula

 

Container Name = Wallet Name + Card Name + Org Name+ ID(which is certificate sequence in ArcotID as in base64 encoded ).

We consider above certificates then client creates 2 container name

1.       ArcotKeybag[DEEPAK,ARCARD,DEFAULTORG, AQAAAA ==]

2.       ArcotKeybag[DEEPAK,ARCARD,DEFAULTORG, FAAAAA==]

 

Where DEEPAK is Wallet Name. ARCARD is the Card Name, DEFAULTORG is Org Name and AQAAAA (01000000) == is ID which is same as present in image. Here we are seeing, client is not generating any data which helps to create container name. Above finding shows that container name depends on ArcotID which is coming from server and being used by ANC client to upload certificate on trust store.