Auto-selection client certificate mechanism

Skip to first unread message

Tim Falcon

Jan 29, 2023, 11:01:22 AMJan 29

I am interested in the auto-selection mechanism of client certificates, especially in "ClientAuthRemeberList.txt" file.

As I know this file contains the user's automatic selections. This file is constructed from lines, each line is made of three parts separated by ","

The first and second parts are pretty self-explanatory. The server and the fingerprint of the certificate.

The third part is made up of several parts that I do not understand and would be happy for an explanation.

What isn't ^firstPartDomain, the two numbers after and the base64 chunk that I see.
I dig into the source code bug I didn’t succeed to understand what happened there.

I will be happy to get any assistance with that.


Tom Ritter

Jan 31, 2023, 12:54:40 PMJan 31
to Tim Falcon,
The third part you are seeing is the output of

OriginAttributes is a complex partitioning key we use to separate
state between Private Browsing Mode, Containers, First Party
Isolation, State Partitioning, etc. So for client certs this key
would separate the automatic selection of client certificates so a
certificate selected for a domain in e.g. Container A would not be
auto-selected for the same domain in Container B.

> --
> You received this message because you are subscribed to the Google Groups "" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to
> To view this discussion on the web visit

Dana Keeler

Jan 31, 2023, 12:56:46 PMJan 31
to Tim Falcon,
Note that the format of this file is not standardized and may change without notice.

Reply all
Reply to author
0 new messages