2.2.4.13 Phase 1 and Phase 2 Auth Suite Other Certificate Signing

Keys: Software\Policies\...\Phase1AuthenticationSet\<wszSetId>\<SuiteIndex>, or Software\Policies\...\Phase2AuthenticationSet\<wszSetId>\<SuiteIndex>,

Value: "OtherCertSigning"

Type: REG_SZ.

Size: Equal to size of the Data field.

Data: this value is a Unicode string that uses the following grammar rules to encode certificate signing algorithms.

 OTHER-CERT-SIGNING-VAL = "ECDSA256" / "ECDSA384"

ECDSA256- this token represents the FW_AUTH_SUITE_FLAGS_CERT_SIGNING_ECDSA256 enumeration value as defined in [MS-FASP] section 2.2.61.

ECDSA384- this token represents the FW_AUTH_SUITE_FLAGS_CERT_SIGNING_ECDSA384 enumeration value as defined in [MS-FASP] section 2.2.61.

This value represents the FW_AUTH_SUITE_FLAGS_CERT_SIGNING_ECDSA256 and the FW_AUTH_SUITE_FLAGS_CERT_SIGNING_ECDSA384 flags of the wFlags field of the FW_AUTH_SUITE structure as defined in [MS-FASP] section 2.2.63. This value MUST be present only if the schema version of the authentication set, as defined in section 2.2.4.1, contains a version of 0x0201 or higher. Whenever this value is found in the suite key, a SkipVersion value MUST also be present, and MUST contain a version of 0x0200.