|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
PKIX1 { }
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
DEFINITIONS IMPLICIT TAGS ::=
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
BEGIN
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
-- This contains both PKIX1Implicit88 and RFC2630 ASN.1 modules.
|
|
Packit |
b00eeb |
-- It also includes updates from RFC 5480 and RFC 5758
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
-- ISO arc for standard certificate and CRL extensions
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
id-ce OBJECT IDENTIFIER ::= {joint-iso-ccitt(2) ds(5) 29}
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
-- authority key identifier OID and syntax
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
id-ce-authorityKeyIdentifier OBJECT IDENTIFIER ::= { id-ce 35 }
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
AuthorityKeyIdentifier ::= SEQUENCE {
|
|
Packit |
b00eeb |
keyIdentifier [0] KeyIdentifier OPTIONAL,
|
|
Packit |
b00eeb |
authorityCertIssuer [1] GeneralNames OPTIONAL,
|
|
Packit |
b00eeb |
authorityCertSerialNumber [2] CertificateSerialNumber OPTIONAL }
|
|
Packit |
b00eeb |
-- authorityCertIssuer and authorityCertSerialNumber shall both
|
|
Packit |
b00eeb |
-- be present or both be absgent
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
KeyIdentifier ::= OCTET STRING
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
-- subject key identifier OID and syntax
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
id-ce-subjectKeyIdentifier OBJECT IDENTIFIER ::= { id-ce 14 }
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
SubjectKeyIdentifier ::= KeyIdentifier
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
-- key usage extension OID and syntax
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
id-ce-keyUsage OBJECT IDENTIFIER ::= { id-ce 15 }
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
KeyUsage ::= BIT STRING {
|
|
Packit |
b00eeb |
digitalSignature (0),
|
|
Packit |
b00eeb |
nonRepudiation (1),
|
|
Packit |
b00eeb |
keyEncipherment (2),
|
|
Packit |
b00eeb |
dataEncipherment (3),
|
|
Packit |
b00eeb |
keyAgreement (4),
|
|
Packit |
b00eeb |
keyCertSign (5),
|
|
Packit |
b00eeb |
cRLSign (6),
|
|
Packit |
b00eeb |
encipherOnly (7),
|
|
Packit |
b00eeb |
decipherOnly (8) }
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
-- private key usage period extension OID and syntax
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
id-ce-privateKeyUsagePeriod OBJECT IDENTIFIER ::= { id-ce 16 }
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
PrivateKeyUsagePeriod ::= SEQUENCE {
|
|
Packit |
b00eeb |
notBefore [0] GeneralizedTime OPTIONAL,
|
|
Packit |
b00eeb |
notAfter [1] GeneralizedTime OPTIONAL }
|
|
Packit |
b00eeb |
-- either notBefore or notAfter shall be present
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
-- certificate policies extension OID and syntax
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
id-ce-certificatePolicies OBJECT IDENTIFIER ::= { id-ce 32 }
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
CertificatePolicies ::= SEQUENCE SIZE (1..MAX) OF PolicyInformation
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
PolicyInformation ::= SEQUENCE {
|
|
Packit |
b00eeb |
policyIdentifier CertPolicyId,
|
|
Packit |
b00eeb |
policyQualifiers SEQUENCE SIZE (1..MAX) OF
|
|
Packit |
b00eeb |
PolicyQualifierInfo OPTIONAL }
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
CertPolicyId ::= OBJECT IDENTIFIER
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
PolicyQualifierInfo ::= SEQUENCE {
|
|
Packit |
b00eeb |
policyQualifierId PolicyQualifierId,
|
|
Packit |
b00eeb |
qualifier ANY DEFINED BY policyQualifierId }
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
-- Implementations that recognize additional policy qualifiers shall
|
|
Packit |
b00eeb |
-- augment the following definition for PolicyQualifierId
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
PolicyQualifierId ::=
|
|
Packit |
b00eeb |
OBJECT IDENTIFIER -- ( id-qt-cps | id-qt-unotice )
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
-- CPS pointer qualifier
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
CPSuri ::= IA5String
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
-- user notice qualifier
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
UserNotice ::= SEQUENCE {
|
|
Packit |
b00eeb |
noticeRef NoticeReference OPTIONAL,
|
|
Packit |
b00eeb |
explicitText DisplayText OPTIONAL}
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
NoticeReference ::= SEQUENCE {
|
|
Packit |
b00eeb |
organization DisplayText,
|
|
Packit |
b00eeb |
noticeNumbers SEQUENCE OF INTEGER }
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
DisplayText ::= CHOICE {
|
|
Packit |
b00eeb |
visibleString VisibleString (SIZE (1..200)),
|
|
Packit |
b00eeb |
bmpString BMPString (SIZE (1..200)),
|
|
Packit |
b00eeb |
utf8String UTF8String (SIZE (1..200)) }
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
-- policy mapping extension OID and syntax
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
id-ce-policyMappings OBJECT IDENTIFIER ::= { id-ce 33 }
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
PolicyMappings ::= SEQUENCE SIZE (1..MAX) OF SEQUENCE {
|
|
Packit |
b00eeb |
issuerDomainPolicy CertPolicyId,
|
|
Packit |
b00eeb |
subjectDomainPolicy CertPolicyId }
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
-- subject alternative name extension OID and syntax
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
-- Directory string type --
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
DirectoryString ::= CHOICE {
|
|
Packit |
b00eeb |
teletexString TeletexString (SIZE (1..MAX)),
|
|
Packit |
b00eeb |
printableString PrintableString (SIZE (1..MAX)),
|
|
Packit |
b00eeb |
universalString UniversalString (SIZE (1..MAX)),
|
|
Packit |
b00eeb |
utf8String UTF8String (SIZE (1..MAX)),
|
|
Packit |
b00eeb |
bmpString BMPString (SIZE(1..MAX)),
|
|
Packit |
b00eeb |
-- IA5String is added here to handle old UID encoded as ia5String --
|
|
Packit |
b00eeb |
-- See tests/userid/ for more information. It shouldn't be here, --
|
|
Packit |
b00eeb |
-- so if it causes problems, considering dropping it. --
|
|
Packit |
b00eeb |
ia5String IA5String (SIZE(1..MAX)) }
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
id-ce-subjectAltName OBJECT IDENTIFIER ::= { id-ce 17 }
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
SubjectAltName ::= GeneralNames
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
GeneralNames ::= SEQUENCE SIZE (1..MAX) OF GeneralName
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
GeneralName ::= CHOICE {
|
|
Packit |
b00eeb |
otherName [0] AnotherName,
|
|
Packit |
b00eeb |
rfc822Name [1] IA5String,
|
|
Packit |
b00eeb |
dNSName [2] IA5String,
|
|
Packit |
b00eeb |
x400Address [3] ORAddress,
|
|
Packit |
b00eeb |
-- Changed to work with the libtasn1 parser.
|
|
Packit |
b00eeb |
directoryName [4] EXPLICIT RDNSequence, --Name,
|
|
Packit |
b00eeb |
ediPartyName [5] EDIPartyName,
|
|
Packit |
b00eeb |
uniformResourceIdentifier [6] IA5String,
|
|
Packit |
b00eeb |
iPAddress [7] OCTET STRING,
|
|
Packit |
b00eeb |
registeredID [8] OBJECT IDENTIFIER }
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
-- AnotherName replaces OTHER-NAME ::= TYPE-IDENTIFIER, as
|
|
Packit |
b00eeb |
-- TYPE-IDENTIFIER is not supported in the '88 ASN.1 syntax
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
AnotherName ::= SEQUENCE {
|
|
Packit |
b00eeb |
type-id OBJECT IDENTIFIER,
|
|
Packit |
b00eeb |
value [0] EXPLICIT ANY DEFINED BY type-id }
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
EDIPartyName ::= SEQUENCE {
|
|
Packit |
b00eeb |
nameAssigner [0] DirectoryString OPTIONAL,
|
|
Packit |
b00eeb |
partyName [1] DirectoryString }
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
-- issuer alternative name extension OID and syntax
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
id-ce-issuerAltName OBJECT IDENTIFIER ::= { id-ce 18 }
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
IssuerAltName ::= GeneralNames
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
id-ce-subjectDirectoryAttributes OBJECT IDENTIFIER ::= { id-ce 9 }
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
SubjectDirectoryAttributes ::= SEQUENCE SIZE (1..MAX) OF Attribute
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
-- basic constraints extension OID and syntax
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
id-ce-basicConstraints OBJECT IDENTIFIER ::= { id-ce 19 }
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
BasicConstraints ::= SEQUENCE {
|
|
Packit |
b00eeb |
cA BOOLEAN DEFAULT FALSE,
|
|
Packit |
b00eeb |
pathLenConstraint INTEGER (0..MAX) OPTIONAL }
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
-- name constraints extension OID and syntax
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
id-ce-nameConstraints OBJECT IDENTIFIER ::= { id-ce 30 }
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
NameConstraints ::= SEQUENCE {
|
|
Packit |
b00eeb |
permittedSubtrees [0] GeneralSubtrees OPTIONAL,
|
|
Packit |
b00eeb |
excludedSubtrees [1] GeneralSubtrees OPTIONAL }
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
GeneralSubtrees ::= SEQUENCE SIZE (1..MAX) OF GeneralSubtree
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
GeneralSubtree ::= SEQUENCE {
|
|
Packit |
b00eeb |
base GeneralName,
|
|
Packit |
b00eeb |
minimum [0] BaseDistance DEFAULT 0,
|
|
Packit |
b00eeb |
maximum [1] BaseDistance OPTIONAL }
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
BaseDistance ::= INTEGER (0..MAX)
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
-- policy constraints extension OID and syntax
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
id-ce-policyConstraints OBJECT IDENTIFIER ::= { id-ce 36 }
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
PolicyConstraints ::= SEQUENCE {
|
|
Packit |
b00eeb |
requireExplicitPolicy [0] SkipCerts OPTIONAL,
|
|
Packit |
b00eeb |
inhibitPolicyMapping [1] SkipCerts OPTIONAL }
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
SkipCerts ::= INTEGER (0..MAX)
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
-- CRL distribution points extension OID and syntax
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
id-ce-cRLDistributionPoints OBJECT IDENTIFIER ::= {id-ce 31}
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
CRLDistributionPoints ::= SEQUENCE SIZE (1..MAX) OF DistributionPoint
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
DistributionPoint ::= SEQUENCE {
|
|
Packit |
b00eeb |
distributionPoint [0] EXPLICIT DistributionPointName OPTIONAL,
|
|
Packit |
b00eeb |
reasons [1] ReasonFlags OPTIONAL,
|
|
Packit |
b00eeb |
cRLIssuer [2] GeneralNames OPTIONAL
|
|
Packit |
b00eeb |
}
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
DistributionPointName ::= CHOICE {
|
|
Packit |
b00eeb |
fullName [0] GeneralNames,
|
|
Packit |
b00eeb |
nameRelativeToCRLIssuer [1] RelativeDistinguishedName
|
|
Packit |
b00eeb |
}
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
ReasonFlags ::= BIT STRING {
|
|
Packit |
b00eeb |
unused (0),
|
|
Packit |
b00eeb |
keyCompromise (1),
|
|
Packit |
b00eeb |
cACompromise (2),
|
|
Packit |
b00eeb |
affiliationChanged (3),
|
|
Packit |
b00eeb |
superseded (4),
|
|
Packit |
b00eeb |
cessationOfOperation (5),
|
|
Packit |
b00eeb |
certificateHold (6),
|
|
Packit |
b00eeb |
privilegeWithdrawn (7),
|
|
Packit |
b00eeb |
aACompromise (8) }
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
-- extended key usage extension OID and syntax
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
id-ce-extKeyUsage OBJECT IDENTIFIER ::= {id-ce 37}
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
ExtKeyUsageSyntax ::= SEQUENCE SIZE (1..MAX) OF KeyPurposeId
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
KeyPurposeId ::= OBJECT IDENTIFIER
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
-- extended key purpose OIDs
|
|
Packit |
b00eeb |
id-kp-serverAuth OBJECT IDENTIFIER ::= { id-kp 1 }
|
|
Packit |
b00eeb |
id-kp-clientAuth OBJECT IDENTIFIER ::= { id-kp 2 }
|
|
Packit |
b00eeb |
id-kp-codeSigning OBJECT IDENTIFIER ::= { id-kp 3 }
|
|
Packit |
b00eeb |
id-kp-emailProtection OBJECT IDENTIFIER ::= { id-kp 4 }
|
|
Packit |
b00eeb |
id-kp-ipsecEndSystem OBJECT IDENTIFIER ::= { id-kp 5 }
|
|
Packit |
b00eeb |
id-kp-ipsecTunnel OBJECT IDENTIFIER ::= { id-kp 6 }
|
|
Packit |
b00eeb |
id-kp-ipsecUser OBJECT IDENTIFIER ::= { id-kp 7 }
|
|
Packit |
b00eeb |
id-kp-timeStamping OBJECT IDENTIFIER ::= { id-kp 8 }
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
-- authority info access
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
id-pe-authorityInfoAccess OBJECT IDENTIFIER ::= { id-pe 1 }
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
AuthorityInfoAccessSyntax ::=
|
|
Packit |
b00eeb |
SEQUENCE SIZE (1..MAX) OF AccessDescription
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
AccessDescription ::= SEQUENCE {
|
|
Packit |
b00eeb |
accessMethod OBJECT IDENTIFIER,
|
|
Packit |
b00eeb |
accessLocation GeneralName }
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
-- CRL number extension OID and syntax
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
id-ce-cRLNumber OBJECT IDENTIFIER ::= { id-ce 20 }
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
CRLNumber ::= INTEGER (0..MAX)
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
-- issuing distribution point extension OID and syntax
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
id-ce-issuingDistributionPoint OBJECT IDENTIFIER ::= { id-ce 28 }
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
IssuingDistributionPoint ::= SEQUENCE {
|
|
Packit |
b00eeb |
distributionPoint [0] DistributionPointName OPTIONAL,
|
|
Packit |
b00eeb |
onlyContainsUserCerts [1] BOOLEAN DEFAULT FALSE,
|
|
Packit |
b00eeb |
onlyContainsCACerts [2] BOOLEAN DEFAULT FALSE,
|
|
Packit |
b00eeb |
onlySomeReasons [3] ReasonFlags OPTIONAL,
|
|
Packit |
b00eeb |
indirectCRL [4] BOOLEAN DEFAULT FALSE }
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
id-ce-deltaCRLIndicator OBJECT IDENTIFIER ::= { id-ce 27 }
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
-- deltaCRLIndicator ::= BaseCRLNumber
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
BaseCRLNumber ::= CRLNumber
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
-- CRL reasons extension OID and syntax
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
id-ce-cRLReasons OBJECT IDENTIFIER ::= { id-ce 21 }
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
CRLReason ::= ENUMERATED {
|
|
Packit |
b00eeb |
unspecified (0),
|
|
Packit |
b00eeb |
keyCompromise (1),
|
|
Packit |
b00eeb |
cACompromise (2),
|
|
Packit |
b00eeb |
affiliationChanged (3),
|
|
Packit |
b00eeb |
superseded (4),
|
|
Packit |
b00eeb |
cessationOfOperation (5),
|
|
Packit |
b00eeb |
certificateHold (6),
|
|
Packit |
b00eeb |
removeFromCRL (8) }
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
-- certificate issuer CRL entry extension OID and syntax
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
id-ce-certificateIssuer OBJECT IDENTIFIER ::= { id-ce 29 }
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
CertificateIssuer ::= GeneralNames
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
-- hold instruction extension OID and syntax
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
id-ce-holdInstructionCode OBJECT IDENTIFIER ::= { id-ce 23 }
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
HoldInstructionCode ::= OBJECT IDENTIFIER
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
-- ANSI x9 holdinstructions
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
-- ANSI x9 arc holdinstruction arc
|
|
Packit |
b00eeb |
holdInstruction OBJECT IDENTIFIER ::=
|
|
Packit |
b00eeb |
{joint-iso-itu-t(2) member-body(2) us(840) x9cm(10040) 2}
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
-- ANSI X9 holdinstructions referenced by this standard
|
|
Packit |
b00eeb |
id-holdinstruction-none OBJECT IDENTIFIER ::=
|
|
Packit |
b00eeb |
{holdInstruction 1} -- deprecated
|
|
Packit |
b00eeb |
id-holdinstruction-callissuer OBJECT IDENTIFIER ::=
|
|
Packit |
b00eeb |
{holdInstruction 2}
|
|
Packit |
b00eeb |
id-holdinstruction-reject OBJECT IDENTIFIER ::=
|
|
Packit |
b00eeb |
{holdInstruction 3}
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
-- invalidity date CRL entry extension OID and syntax
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
id-ce-invalidityDate OBJECT IDENTIFIER ::= { id-ce 24 }
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
InvalidityDate ::= GeneralizedTime
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
-- --------------------------------------
|
|
Packit |
b00eeb |
-- EXPLICIT
|
|
Packit |
b00eeb |
-- --------------------------------------
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
-- UNIVERSAL Types defined in '93 and '98 ASN.1
|
|
Packit |
b00eeb |
-- but required by this specification
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
VisibleString ::= [UNIVERSAL 26] IMPLICIT OCTET STRING
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
NumericString ::= [UNIVERSAL 18] IMPLICIT OCTET STRING
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
IA5String ::= [UNIVERSAL 22] IMPLICIT OCTET STRING
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
TeletexString ::= [UNIVERSAL 20] IMPLICIT OCTET STRING
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
PrintableString ::= [UNIVERSAL 19] IMPLICIT OCTET STRING
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
UniversalString ::= [UNIVERSAL 28] IMPLICIT OCTET STRING
|
|
Packit |
b00eeb |
-- UniversalString is defined in ASN.1:1993
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
BMPString ::= [UNIVERSAL 30] IMPLICIT OCTET STRING
|
|
Packit |
b00eeb |
-- BMPString is the subtype of UniversalString and models
|
|
Packit |
b00eeb |
-- the Basic Multilingual Plane of ISO/IEC/ITU 10646-1
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
UTF8String ::= [UNIVERSAL 12] IMPLICIT OCTET STRING
|
|
Packit |
b00eeb |
-- The content of this type conforms to RFC 2279.
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
-- PKIX specific OIDs
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
id-pkix OBJECT IDENTIFIER ::=
|
|
Packit |
b00eeb |
{ iso(1) identified-organization(3) dod(6) internet(1)
|
|
Packit |
b00eeb |
security(5) mechanisms(5) pkix(7) }
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
-- PKIX arcs
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
id-pe OBJECT IDENTIFIER ::= { id-pkix 1 }
|
|
Packit |
b00eeb |
-- arc for private certificate extensions
|
|
Packit |
b00eeb |
id-qt OBJECT IDENTIFIER ::= { id-pkix 2 }
|
|
Packit |
b00eeb |
-- arc for policy qualifier types
|
|
Packit |
b00eeb |
id-kp OBJECT IDENTIFIER ::= { id-pkix 3 }
|
|
Packit |
b00eeb |
-- arc for extended key purpose OIDS
|
|
Packit |
b00eeb |
id-ad OBJECT IDENTIFIER ::= { id-pkix 48 }
|
|
Packit |
b00eeb |
-- arc for access descriptors
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
-- policyQualifierIds for Internet policy qualifiers
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
id-qt-cps OBJECT IDENTIFIER ::= { id-qt 1 }
|
|
Packit |
b00eeb |
-- OID for CPS qualifier
|
|
Packit |
b00eeb |
id-qt-unotice OBJECT IDENTIFIER ::= { id-qt 2 }
|
|
Packit |
b00eeb |
-- OID for user notice qualifier
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
-- access descriptor definitions
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
id-ad-ocsp OBJECT IDENTIFIER ::= { id-ad 1 }
|
|
Packit |
b00eeb |
id-ad-caIssuers OBJECT IDENTIFIER ::= { id-ad 2 }
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
-- attribute data types --
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
Attribute ::= SEQUENCE {
|
|
Packit |
b00eeb |
type AttributeType,
|
|
Packit |
b00eeb |
values SET OF AttributeValue
|
|
Packit |
b00eeb |
-- at least one value is required --
|
|
Packit |
b00eeb |
}
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
AttributeType ::= OBJECT IDENTIFIER
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
AttributeValue ::= ANY DEFINED BY type
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
AttributeTypeAndValue ::= SEQUENCE {
|
|
Packit |
b00eeb |
type AttributeType,
|
|
Packit |
b00eeb |
value AttributeValue }
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
-- suggested naming attributes: Definition of the following
|
|
Packit |
b00eeb |
-- information object set may be augmented to meet local
|
|
Packit |
b00eeb |
-- requirements. Note that deleting members of the set may
|
|
Packit |
b00eeb |
-- prevent interoperability with conforming implementations.
|
|
Packit |
b00eeb |
-- presented in pairs: the AttributeType followed by the
|
|
Packit |
b00eeb |
-- type definition for the corresponding AttributeValue
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
-- Arc for standard naming attributes
|
|
Packit |
b00eeb |
id-at OBJECT IDENTIFIER ::= {joint-iso-ccitt(2) ds(5) 4}
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
-- Attributes of type NameDirectoryString
|
|
Packit |
b00eeb |
id-at-initials AttributeType ::= { id-at 43 }
|
|
Packit |
b00eeb |
X520initials ::= DirectoryString
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
id-at-generationQualifier AttributeType ::= { id-at 44 }
|
|
Packit |
b00eeb |
X520generationQualifier ::= DirectoryString
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
id-at-surname AttributeType ::= { id-at 4 }
|
|
Packit |
b00eeb |
X520surName ::= DirectoryString
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
id-at-givenName AttributeType ::= { id-at 42 }
|
|
Packit |
b00eeb |
X520givenName ::= DirectoryString
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
id-at-name AttributeType ::= { id-at 41 }
|
|
Packit |
b00eeb |
X520name ::= DirectoryString
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
id-at-commonName AttributeType ::= {id-at 3}
|
|
Packit |
b00eeb |
X520CommonName ::= DirectoryString
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
id-at-localityName AttributeType ::= {id-at 7}
|
|
Packit |
b00eeb |
X520LocalityName ::= DirectoryString
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
id-at-stateOrProvinceName AttributeType ::= {id-at 8}
|
|
Packit |
b00eeb |
X520StateOrProvinceName ::= DirectoryString
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
id-at-organizationName AttributeType ::= {id-at 10}
|
|
Packit |
b00eeb |
X520OrganizationName ::= DirectoryString
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
id-at-organizationalUnitName AttributeType ::= {id-at 11}
|
|
Packit |
b00eeb |
X520OrganizationalUnitName ::= DirectoryString
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
id-at-title AttributeType ::= {id-at 12}
|
|
Packit |
b00eeb |
X520Title ::= DirectoryString
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
id-at-description AttributeType ::= {id-at 13}
|
|
Packit |
b00eeb |
X520Description ::= DirectoryString
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
id-at-dnQualifier AttributeType ::= {id-at 46}
|
|
Packit |
b00eeb |
X520dnQualifier ::= PrintableString
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
id-at-countryName AttributeType ::= {id-at 6}
|
|
Packit |
b00eeb |
X520countryName ::= PrintableString (SIZE (2)) -- IS 3166 codes
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
id-at-serialNumber AttributeType ::= {id-at 5}
|
|
Packit |
b00eeb |
X520serialNumber ::= PrintableString
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
id-at-telephoneNumber AttributeType ::= {id-at 20}
|
|
Packit |
b00eeb |
X520telephoneNumber ::= PrintableString
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
id-at-facsimileTelephoneNumber AttributeType ::= {id-at 23}
|
|
Packit |
b00eeb |
X520facsimileTelephoneNumber ::= PrintableString
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
id-at-pseudonym AttributeType ::= {id-at 65}
|
|
Packit |
b00eeb |
X520pseudonym ::= DirectoryString
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
id-at-name AttributeType ::= {id-at 41}
|
|
Packit |
b00eeb |
X520name ::= DirectoryString
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
id-at-streetAddress AttributeType ::= {id-at 9}
|
|
Packit |
b00eeb |
X520streetAddress ::= DirectoryString
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
id-at-postalAddress AttributeType ::= {id-at 16}
|
|
Packit |
b00eeb |
X520postalAddress ::= PostalAddress
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
PostalAddress ::= SEQUENCE OF DirectoryString
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
-- Legacy attributes
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
pkcs OBJECT IDENTIFIER ::=
|
|
Packit |
b00eeb |
{ iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) }
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
pkcs-9 OBJECT IDENTIFIER ::=
|
|
Packit |
b00eeb |
{ pkcs 9 }
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
emailAddress AttributeType ::= { pkcs-9 1 }
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
Pkcs9email ::= IA5String (SIZE (1..ub-emailaddress-length))
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
-- naming data types --
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
Name ::= CHOICE { -- only one possibility for now --
|
|
Packit |
b00eeb |
rdnSequence RDNSequence }
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
RDNSequence ::= SEQUENCE OF RelativeDistinguishedName
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
DistinguishedName ::= RDNSequence
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
RelativeDistinguishedName ::=
|
|
Packit |
b00eeb |
SET SIZE (1 .. MAX) OF AttributeTypeAndValue
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
-- --------------------------------------------------------
|
|
Packit |
b00eeb |
-- certificate and CRL specific structures begin here
|
|
Packit |
b00eeb |
-- --------------------------------------------------------
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
Certificate ::= SEQUENCE {
|
|
Packit |
b00eeb |
tbsCertificate TBSCertificate,
|
|
Packit |
b00eeb |
signatureAlgorithm AlgorithmIdentifier,
|
|
Packit |
b00eeb |
signature BIT STRING }
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
TBSCertificate ::= SEQUENCE {
|
|
Packit |
b00eeb |
version [0] EXPLICIT Version DEFAULT v1,
|
|
Packit |
b00eeb |
serialNumber CertificateSerialNumber,
|
|
Packit |
b00eeb |
signature AlgorithmIdentifier,
|
|
Packit |
b00eeb |
issuer Name,
|
|
Packit |
b00eeb |
validity Validity,
|
|
Packit |
b00eeb |
subject Name,
|
|
Packit |
b00eeb |
subjectPublicKeyInfo SubjectPublicKeyInfo,
|
|
Packit |
b00eeb |
issuerUniqueID [1] IMPLICIT UniqueIdentifier OPTIONAL,
|
|
Packit |
b00eeb |
-- If present, version shall be v2 or v3
|
|
Packit |
b00eeb |
subjectUniqueID [2] IMPLICIT UniqueIdentifier OPTIONAL,
|
|
Packit |
b00eeb |
-- If present, version shall be v2 or v3
|
|
Packit |
b00eeb |
extensions [3] EXPLICIT Extensions OPTIONAL
|
|
Packit |
b00eeb |
-- If present, version shall be v3 --
|
|
Packit |
b00eeb |
}
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
Version ::= INTEGER { v1(0), v2(1), v3(2) }
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
CertificateSerialNumber ::= INTEGER
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
Validity ::= SEQUENCE {
|
|
Packit |
b00eeb |
notBefore Time,
|
|
Packit |
b00eeb |
notAfter Time }
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
Time ::= CHOICE {
|
|
Packit |
b00eeb |
utcTime UTCTime,
|
|
Packit |
b00eeb |
generalTime GeneralizedTime }
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
UniqueIdentifier ::= BIT STRING
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
SubjectPublicKeyInfo ::= SEQUENCE {
|
|
Packit |
b00eeb |
algorithm AlgorithmIdentifier,
|
|
Packit |
b00eeb |
subjectPublicKey BIT STRING }
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
Extensions ::= SEQUENCE SIZE (1..MAX) OF Extension
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
Extension ::= SEQUENCE {
|
|
Packit |
b00eeb |
extnID OBJECT IDENTIFIER,
|
|
Packit |
b00eeb |
critical BOOLEAN DEFAULT FALSE,
|
|
Packit |
b00eeb |
extnValue OCTET STRING }
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
-- ------------------------------------------
|
|
Packit |
b00eeb |
-- CRL structures
|
|
Packit |
b00eeb |
-- ------------------------------------------
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
CertificateList ::= SEQUENCE {
|
|
Packit |
b00eeb |
tbsCertList TBSCertList,
|
|
Packit |
b00eeb |
signatureAlgorithm AlgorithmIdentifier,
|
|
Packit |
b00eeb |
signature BIT STRING }
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
TBSCertList ::= SEQUENCE {
|
|
Packit |
b00eeb |
version Version OPTIONAL,
|
|
Packit |
b00eeb |
-- if present, shall be v2
|
|
Packit |
b00eeb |
signature AlgorithmIdentifier,
|
|
Packit |
b00eeb |
issuer Name,
|
|
Packit |
b00eeb |
thisUpdate Time,
|
|
Packit |
b00eeb |
nextUpdate Time OPTIONAL,
|
|
Packit |
b00eeb |
revokedCertificates SEQUENCE OF SEQUENCE {
|
|
Packit |
b00eeb |
userCertificate CertificateSerialNumber,
|
|
Packit |
b00eeb |
revocationDate Time,
|
|
Packit |
b00eeb |
crlEntryExtensions Extensions OPTIONAL
|
|
Packit |
b00eeb |
-- if present, shall be v2
|
|
Packit |
b00eeb |
} OPTIONAL,
|
|
Packit |
b00eeb |
crlExtensions [0] EXPLICIT Extensions OPTIONAL
|
|
Packit |
b00eeb |
-- if present, shall be v2 --
|
|
Packit |
b00eeb |
}
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
-- Version, Time, CertificateSerialNumber, and Extensions were
|
|
Packit |
b00eeb |
-- defined earlier for use in the certificate structure
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
AlgorithmIdentifier ::= SEQUENCE {
|
|
Packit |
b00eeb |
algorithm OBJECT IDENTIFIER,
|
|
Packit |
b00eeb |
parameters ANY DEFINED BY algorithm OPTIONAL }
|
|
Packit |
b00eeb |
-- contains a value of the type
|
|
Packit |
b00eeb |
-- registered for use with the
|
|
Packit |
b00eeb |
-- algorithm object identifier value
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
-- Algorithm OIDs and parameter structures
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
pkcs-1 OBJECT IDENTIFIER ::= {
|
|
Packit |
b00eeb |
pkcs 1 }
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
rsaEncryption OBJECT IDENTIFIER ::= { pkcs-1 1 }
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
md2WithRSAEncryption OBJECT IDENTIFIER ::= { pkcs-1 2 }
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
md5WithRSAEncryption OBJECT IDENTIFIER ::= { pkcs-1 4 }
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
sha1WithRSAEncryption OBJECT IDENTIFIER ::= { pkcs-1 5 }
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
id-dsa-with-sha1 OBJECT IDENTIFIER ::= {
|
|
Packit |
b00eeb |
iso(1) member-body(2) us(840) x9-57 (10040) x9algorithm(4) 3 }
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
Dss-Sig-Value ::= SEQUENCE {
|
|
Packit |
b00eeb |
r INTEGER,
|
|
Packit |
b00eeb |
s INTEGER
|
|
Packit |
b00eeb |
}
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
dhpublicnumber OBJECT IDENTIFIER ::= {
|
|
Packit |
b00eeb |
iso(1) member-body(2) us(840) ansi-x942(10046) number-type(2) 1 }
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
DomainParameters ::= SEQUENCE {
|
|
Packit |
b00eeb |
p INTEGER, -- odd prime, p=jq +1
|
|
Packit |
b00eeb |
g INTEGER, -- generator, g
|
|
Packit |
b00eeb |
q INTEGER, -- factor of p-1
|
|
Packit |
b00eeb |
j INTEGER OPTIONAL, -- subgroup factor, j>= 2
|
|
Packit |
b00eeb |
validationParms ValidationParms OPTIONAL }
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
ValidationParms ::= SEQUENCE {
|
|
Packit |
b00eeb |
seed BIT STRING,
|
|
Packit |
b00eeb |
pgenCounter INTEGER }
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
id-dsa OBJECT IDENTIFIER ::= {
|
|
Packit |
b00eeb |
iso(1) member-body(2) us(840) x9-57(10040) x9algorithm(4) 1 }
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
Dss-Parms ::= SEQUENCE {
|
|
Packit |
b00eeb |
p INTEGER,
|
|
Packit |
b00eeb |
q INTEGER,
|
|
Packit |
b00eeb |
g INTEGER }
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
-- EC algorithm OIDs and parameter structures from RFC 3279
|
|
Packit |
b00eeb |
ansi-X9-62 OBJECT IDENTIFIER ::= {
|
|
Packit |
b00eeb |
iso(1) member-body(2) us(840) 10045 }
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
id-ecSigType OBJECT IDENTIFIER ::= {
|
|
Packit |
b00eeb |
ansi-X9-62 signatures(4) }
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
ecdsa-with-SHA1 OBJECT IDENTIFIER ::= {
|
|
Packit |
b00eeb |
id-ecSigType 1 }
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
Ecdsa-Sig-Value ::= SEQUENCE {
|
|
Packit |
b00eeb |
r INTEGER,
|
|
Packit |
b00eeb |
s INTEGER }
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
id-public-key-type OBJECT IDENTIFIER ::= { ansi-X9-62 2 }
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
id-ecPublicKey OBJECT IDENTIFIER ::= { id-public-key-type 1 }
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
ECPoint ::= OCTET STRING
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
-- The EC parameters structure was amended by RFC 5480
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
ECParameters ::= CHOICE {
|
|
Packit |
b00eeb |
namedCurve OBJECT IDENTIFIER
|
|
Packit |
b00eeb |
-- implicitCurve NULL
|
|
Packit |
b00eeb |
-- specifiedCurve SpecifiedECDomain
|
|
Packit |
b00eeb |
}
|
|
Packit |
b00eeb |
-- implicitCurve and specifiedCurve MUST NOT be used in PKIX.
|
|
Packit |
b00eeb |
-- Details for SpecifiedECDomain can be found in [X9.62].
|
|
Packit |
b00eeb |
-- Any future additions to this CHOICE should be coordinated
|
|
Packit |
b00eeb |
-- with ANSI X9.
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
--
|
|
Packit |
b00eeb |
-- Named Elliptic Curves (from RFC 5480)
|
|
Packit |
b00eeb |
--
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
-- Note that in X9.62 the curves are referred to as 'ansiX9' as
|
|
Packit |
b00eeb |
-- opposed to 'sec'. For example secp192r1 is the same curve as
|
|
Packit |
b00eeb |
-- ansix9p192r1.
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
-- Note that in RFC 3279 the secp192r1 curve was referred to as
|
|
Packit |
b00eeb |
-- prime192v1 and the secp256r1 curve was referred to as prime256v1.
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
-- Note that FIPS186-3 refers to secp192r1 as P-192, secp224r1 as
|
|
Packit |
b00eeb |
-- P-224, secp256r1 as P-256, secp384r1 as P-384, and secp521r1 as
|
|
Packit |
b00eeb |
-- P-521.
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
secp192r1 OBJECT IDENTIFIER ::= {
|
|
Packit |
b00eeb |
iso(1) member-body(2) us(840) ansi-X9-62(10045) curves(3)
|
|
Packit |
b00eeb |
prime(1) 1 }
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
sect163k1 OBJECT IDENTIFIER ::= {
|
|
Packit |
b00eeb |
iso(1) identified-organization(3) certicom(132) curve(0) 1 }
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
sect163r2 OBJECT IDENTIFIER ::= {
|
|
Packit |
b00eeb |
iso(1) identified-organization(3) certicom(132) curve(0) 15 }
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
secp224r1 OBJECT IDENTIFIER ::= {
|
|
Packit |
b00eeb |
iso(1) identified-organization(3) certicom(132) curve(0) 33 }
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
sect233k1 OBJECT IDENTIFIER ::= {
|
|
Packit |
b00eeb |
iso(1) identified-organization(3) certicom(132) curve(0) 26 }
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
sect233r1 OBJECT IDENTIFIER ::= {
|
|
Packit |
b00eeb |
iso(1) identified-organization(3) certicom(132) curve(0) 27 }
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
secp256r1 OBJECT IDENTIFIER ::= {
|
|
Packit |
b00eeb |
iso(1) member-body(2) us(840) ansi-X9-62(10045) curves(3)
|
|
Packit |
b00eeb |
prime(1) 7 }
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
sect283k1 OBJECT IDENTIFIER ::= {
|
|
Packit |
b00eeb |
iso(1) identified-organization(3) certicom(132) curve(0) 16 }
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
sect283r1 OBJECT IDENTIFIER ::= {
|
|
Packit |
b00eeb |
iso(1) identified-organization(3) certicom(132) curve(0) 17 }
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
secp384r1 OBJECT IDENTIFIER ::= {
|
|
Packit |
b00eeb |
iso(1) identified-organization(3) certicom(132) curve(0) 34 }
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
sect409k1 OBJECT IDENTIFIER ::= {
|
|
Packit |
b00eeb |
iso(1) identified-organization(3) certicom(132) curve(0) 36 }
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
sect409r1 OBJECT IDENTIFIER ::= {
|
|
Packit |
b00eeb |
iso(1) identified-organization(3) certicom(132) curve(0) 37 }
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
secp521r1 OBJECT IDENTIFIER ::= {
|
|
Packit |
b00eeb |
iso(1) identified-organization(3) certicom(132) curve(0) 35 }
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
sect571k1 OBJECT IDENTIFIER ::= {
|
|
Packit |
b00eeb |
iso(1) identified-organization(3) certicom(132) curve(0) 38 }
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
sect571r1 OBJECT IDENTIFIER ::= {
|
|
Packit |
b00eeb |
iso(1) identified-organization(3) certicom(132) curve(0) 39 }
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
-- Algorithm OIDs added by RFC 5758
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
id-dsa-with-sha224 OBJECT IDENTIFIER ::= { joint-iso-ccitt(2)
|
|
Packit |
b00eeb |
country(16) us(840) organization(1) gov(101) csor(3)
|
|
Packit |
b00eeb |
algorithms(4) id-dsa-with-sha2(3) 1 }
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
id-dsa-with-sha256 OBJECT IDENTIFIER ::= { joint-iso-ccitt(2)
|
|
Packit |
b00eeb |
country(16) us(840) organization(1) gov(101) csor(3)
|
|
Packit |
b00eeb |
algorithms(4) id-dsa-with-sha2(3) 2 }
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
ecdsa-with-SHA224 OBJECT IDENTIFIER ::= { iso(1) member-body(2)
|
|
Packit |
b00eeb |
us(840) ansi-X9-62(10045) signatures(4) ecdsa-with-SHA2(3) 1 }
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
ecdsa-with-SHA256 OBJECT IDENTIFIER ::= { iso(1) member-body(2)
|
|
Packit |
b00eeb |
us(840) ansi-X9-62(10045) signatures(4) ecdsa-with-SHA2(3) 2 }
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
ecdsa-with-SHA384 OBJECT IDENTIFIER ::= { iso(1) member-body(2)
|
|
Packit |
b00eeb |
us(840) ansi-X9-62(10045) signatures(4) ecdsa-with-SHA2(3) 3 }
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
ecdsa-with-SHA512 OBJECT IDENTIFIER ::= { iso(1) member-body(2)
|
|
Packit |
b00eeb |
us(840) ansi-X9-62(10045) signatures(4) ecdsa-with-SHA2(3) 4 }
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
-- x400 address syntax starts here
|
|
Packit |
b00eeb |
-- OR Names
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
ORAddress ::= SEQUENCE {
|
|
Packit |
b00eeb |
built-in-standard-attributes BuiltInStandardAttributes,
|
|
Packit |
b00eeb |
built-in-domain-defined-attributes
|
|
Packit |
b00eeb |
BuiltInDomainDefinedAttributes OPTIONAL,
|
|
Packit |
b00eeb |
-- see also teletex-domain-defined-attributes
|
|
Packit |
b00eeb |
extension-attributes ExtensionAttributes OPTIONAL }
|
|
Packit |
b00eeb |
-- The OR-address is semantically absent from the OR-name if the
|
|
Packit |
b00eeb |
-- built-in-standard-attribute sequence is empty and the
|
|
Packit |
b00eeb |
-- built-in-domain-defined-attributes and extension-attributes are
|
|
Packit |
b00eeb |
-- both omitted.
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
-- Built-in Standard Attributes
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
BuiltInStandardAttributes ::= SEQUENCE {
|
|
Packit |
b00eeb |
country-name CountryName OPTIONAL,
|
|
Packit |
b00eeb |
administration-domain-name AdministrationDomainName OPTIONAL,
|
|
Packit |
b00eeb |
network-address [0] EXPLICIT NetworkAddress OPTIONAL,
|
|
Packit |
b00eeb |
-- see also extended-network-address
|
|
Packit |
b00eeb |
terminal-identifier [1] EXPLICIT TerminalIdentifier OPTIONAL,
|
|
Packit |
b00eeb |
private-domain-name [2] EXPLICIT PrivateDomainName OPTIONAL,
|
|
Packit |
b00eeb |
organization-name [3] EXPLICIT OrganizationName OPTIONAL,
|
|
Packit |
b00eeb |
-- see also teletex-organization-name
|
|
Packit |
b00eeb |
numeric-user-identifier [4] EXPLICIT NumericUserIdentifier OPTIONAL,
|
|
Packit |
b00eeb |
personal-name [5] EXPLICIT PersonalName OPTIONAL,
|
|
Packit |
b00eeb |
-- see also teletex-personal-name
|
|
Packit |
b00eeb |
organizational-unit-names [6] EXPLICIT OrganizationalUnitNames OPTIONAL
|
|
Packit |
b00eeb |
-- see also teletex-organizational-unit-names --
|
|
Packit |
b00eeb |
}
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
CountryName ::= [APPLICATION 1] CHOICE {
|
|
Packit |
b00eeb |
x121-dcc-code NumericString
|
|
Packit |
b00eeb |
(SIZE (ub-country-name-numeric-length)),
|
|
Packit |
b00eeb |
iso-3166-alpha2-code PrintableString
|
|
Packit |
b00eeb |
(SIZE (ub-country-name-alpha-length)) }
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
AdministrationDomainName ::= [APPLICATION 2] EXPLICIT CHOICE {
|
|
Packit |
b00eeb |
numeric NumericString (SIZE (0..ub-domain-name-length)),
|
|
Packit |
b00eeb |
printable PrintableString (SIZE (0..ub-domain-name-length)) }
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
NetworkAddress ::= X121Address -- see also extended-network-address
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
X121Address ::= NumericString (SIZE (1..ub-x121-address-length))
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
TerminalIdentifier ::= PrintableString (SIZE (1..ub-terminal-id-length))
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
PrivateDomainName ::= CHOICE {
|
|
Packit |
b00eeb |
numeric NumericString (SIZE (1..ub-domain-name-length)),
|
|
Packit |
b00eeb |
printable PrintableString (SIZE (1..ub-domain-name-length)) }
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
OrganizationName ::= PrintableString
|
|
Packit |
b00eeb |
(SIZE (1..ub-organization-name-length))
|
|
Packit |
b00eeb |
-- see also teletex-organization-name
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
NumericUserIdentifier ::= NumericString
|
|
Packit |
b00eeb |
(SIZE (1..ub-numeric-user-id-length))
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
PersonalName ::= SET {
|
|
Packit |
b00eeb |
surname [0] PrintableString (SIZE (1..ub-surname-length)),
|
|
Packit |
b00eeb |
given-name [1] PrintableString
|
|
Packit |
b00eeb |
(SIZE (1..ub-given-name-length)) OPTIONAL,
|
|
Packit |
b00eeb |
initials [2] PrintableString (SIZE (1..ub-initials-length)) OPTIONAL,
|
|
Packit |
b00eeb |
generation-qualifier [3] PrintableString
|
|
Packit |
b00eeb |
(SIZE (1..ub-generation-qualifier-length)) OPTIONAL }
|
|
Packit |
b00eeb |
-- see also teletex-personal-name
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
OrganizationalUnitNames ::= SEQUENCE SIZE (1..ub-organizational-units)
|
|
Packit |
b00eeb |
OF OrganizationalUnitName
|
|
Packit |
b00eeb |
-- see also teletex-organizational-unit-names
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
OrganizationalUnitName ::= PrintableString (SIZE
|
|
Packit |
b00eeb |
(1..ub-organizational-unit-name-length))
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
-- Built-in Domain-defined Attributes
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
BuiltInDomainDefinedAttributes ::= SEQUENCE SIZE
|
|
Packit |
b00eeb |
(1..ub-domain-defined-attributes) OF
|
|
Packit |
b00eeb |
BuiltInDomainDefinedAttribute
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
BuiltInDomainDefinedAttribute ::= SEQUENCE {
|
|
Packit |
b00eeb |
type PrintableString (SIZE
|
|
Packit |
b00eeb |
(1..ub-domain-defined-attribute-type-length)),
|
|
Packit |
b00eeb |
value PrintableString (SIZE
|
|
Packit |
b00eeb |
(1..ub-domain-defined-attribute-value-length))}
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
-- Extension Attributes
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
ExtensionAttributes ::= SET SIZE (1..ub-extension-attributes) OF
|
|
Packit |
b00eeb |
ExtensionAttribute
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
ExtensionAttribute ::= SEQUENCE {
|
|
Packit |
b00eeb |
extension-attribute-type [0] EXPLICIT INTEGER (0..ub-extension-attributes),
|
|
Packit |
b00eeb |
extension-attribute-value [1] EXPLICIT
|
|
Packit |
b00eeb |
ANY DEFINED BY extension-attribute-type }
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
-- Extension types and attribute values
|
|
Packit |
b00eeb |
--
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
common-name INTEGER ::= 1
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
CommonName ::= PrintableString (SIZE (1..ub-common-name-length))
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
teletex-common-name INTEGER ::= 2
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
TeletexCommonName ::= TeletexString (SIZE (1..ub-common-name-length))
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
teletex-organization-name INTEGER ::= 3
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
TeletexOrganizationName ::=
|
|
Packit |
b00eeb |
TeletexString (SIZE (1..ub-organization-name-length))
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
teletex-personal-name INTEGER ::= 4
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
TeletexPersonalName ::= SET {
|
|
Packit |
b00eeb |
surname [0] EXPLICIT TeletexString (SIZE (1..ub-surname-length)),
|
|
Packit |
b00eeb |
given-name [1] EXPLICIT TeletexString
|
|
Packit |
b00eeb |
(SIZE (1..ub-given-name-length)) OPTIONAL,
|
|
Packit |
b00eeb |
initials [2] EXPLICIT TeletexString (SIZE (1..ub-initials-length)) OPTIONAL,
|
|
Packit |
b00eeb |
generation-qualifier [3] EXPLICIT TeletexString (SIZE
|
|
Packit |
b00eeb |
(1..ub-generation-qualifier-length)) OPTIONAL }
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
teletex-organizational-unit-names INTEGER ::= 5
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
TeletexOrganizationalUnitNames ::= SEQUENCE SIZE
|
|
Packit |
b00eeb |
(1..ub-organizational-units) OF TeletexOrganizationalUnitName
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
TeletexOrganizationalUnitName ::= TeletexString
|
|
Packit |
b00eeb |
(SIZE (1..ub-organizational-unit-name-length))
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
pds-name INTEGER ::= 7
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
PDSName ::= PrintableString (SIZE (1..ub-pds-name-length))
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
physical-delivery-country-name INTEGER ::= 8
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
PhysicalDeliveryCountryName ::= CHOICE {
|
|
Packit |
b00eeb |
x121-dcc-code NumericString (SIZE (ub-country-name-numeric-length)),
|
|
Packit |
b00eeb |
iso-3166-alpha2-code PrintableString
|
|
Packit |
b00eeb |
(SIZE (ub-country-name-alpha-length)) }
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
postal-code INTEGER ::= 9
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
PostalCode ::= CHOICE {
|
|
Packit |
b00eeb |
numeric-code NumericString (SIZE (1..ub-postal-code-length)),
|
|
Packit |
b00eeb |
printable-code PrintableString (SIZE (1..ub-postal-code-length)) }
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
physical-delivery-office-name INTEGER ::= 10
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
PhysicalDeliveryOfficeName ::= PDSParameter
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
physical-delivery-office-number INTEGER ::= 11
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
PhysicalDeliveryOfficeNumber ::= PDSParameter
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
extension-OR-address-components INTEGER ::= 12
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
ExtensionORAddressComponents ::= PDSParameter
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
physical-delivery-personal-name INTEGER ::= 13
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
PhysicalDeliveryPersonalName ::= PDSParameter
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
physical-delivery-organization-name INTEGER ::= 14
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
PhysicalDeliveryOrganizationName ::= PDSParameter
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
extension-physical-delivery-address-components INTEGER ::= 15
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
ExtensionPhysicalDeliveryAddressComponents ::= PDSParameter
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
unformatted-postal-address INTEGER ::= 16
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
UnformattedPostalAddress ::= SET {
|
|
Packit |
b00eeb |
printable-address SEQUENCE SIZE (1..ub-pds-physical-address-lines) OF
|
|
Packit |
b00eeb |
PrintableString (SIZE (1..ub-pds-parameter-length)) OPTIONAL,
|
|
Packit |
b00eeb |
teletex-string TeletexString
|
|
Packit |
b00eeb |
(SIZE (1..ub-unformatted-address-length)) OPTIONAL }
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
street-address INTEGER ::= 17
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
StreetAddress ::= PDSParameter
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
post-office-box-address INTEGER ::= 18
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
PostOfficeBoxAddress ::= PDSParameter
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
poste-restante-address INTEGER ::= 19
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
PosteRestanteAddress ::= PDSParameter
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
unique-postal-name INTEGER ::= 20
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
UniquePostalName ::= PDSParameter
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
local-postal-attributes INTEGER ::= 21
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
LocalPostalAttributes ::= PDSParameter
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
PDSParameter ::= SET {
|
|
Packit |
b00eeb |
printable-string PrintableString
|
|
Packit |
b00eeb |
(SIZE(1..ub-pds-parameter-length)) OPTIONAL,
|
|
Packit |
b00eeb |
teletex-string TeletexString
|
|
Packit |
b00eeb |
(SIZE(1..ub-pds-parameter-length)) OPTIONAL }
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
extended-network-address INTEGER ::= 22
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
ExtendedNetworkAddress ::= CHOICE {
|
|
Packit |
b00eeb |
e163-4-address SEQUENCE {
|
|
Packit |
b00eeb |
number [0] EXPLICIT NumericString (SIZE (1..ub-e163-4-number-length)),
|
|
Packit |
b00eeb |
sub-address [1] EXPLICIT NumericString
|
|
Packit |
b00eeb |
(SIZE (1..ub-e163-4-sub-address-length)) OPTIONAL },
|
|
Packit |
b00eeb |
psap-address [0] EXPLICIT PresentationAddress }
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
PresentationAddress ::= SEQUENCE {
|
|
Packit |
b00eeb |
pSelector [0] EXPLICIT OCTET STRING OPTIONAL,
|
|
Packit |
b00eeb |
sSelector [1] EXPLICIT OCTET STRING OPTIONAL,
|
|
Packit |
b00eeb |
tSelector [2] EXPLICIT OCTET STRING OPTIONAL,
|
|
Packit |
b00eeb |
nAddresses [3] EXPLICIT SET SIZE (1..MAX) OF OCTET STRING }
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
terminal-type INTEGER ::= 23
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
TerminalType ::= INTEGER {
|
|
Packit |
b00eeb |
telex (3),
|
|
Packit |
b00eeb |
teletex (4),
|
|
Packit |
b00eeb |
g3-facsimile (5),
|
|
Packit |
b00eeb |
g4-facsimile (6),
|
|
Packit |
b00eeb |
ia5-terminal (7),
|
|
Packit |
b00eeb |
videotex (8) } -- (0..ub-integer-options)
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
-- Extension Domain-defined Attributes
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
teletex-domain-defined-attributes INTEGER ::= 6
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
TeletexDomainDefinedAttributes ::= SEQUENCE SIZE
|
|
Packit |
b00eeb |
(1..ub-domain-defined-attributes) OF TeletexDomainDefinedAttribute
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
TeletexDomainDefinedAttribute ::= SEQUENCE {
|
|
Packit |
b00eeb |
type TeletexString
|
|
Packit |
b00eeb |
(SIZE (1..ub-domain-defined-attribute-type-length)),
|
|
Packit |
b00eeb |
value TeletexString
|
|
Packit |
b00eeb |
(SIZE (1..ub-domain-defined-attribute-value-length)) }
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
-- specifications of Upper Bounds shall be regarded as mandatory
|
|
Packit |
b00eeb |
-- from Annex B of ITU-T X.411 Reference Definition of MTS Parameter
|
|
Packit |
b00eeb |
-- Upper Bounds
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
-- Upper Bounds
|
|
Packit |
b00eeb |
ub-name INTEGER ::= 32768
|
|
Packit |
b00eeb |
ub-common-name INTEGER ::= 64
|
|
Packit |
b00eeb |
ub-locality-name INTEGER ::= 128
|
|
Packit |
b00eeb |
ub-state-name INTEGER ::= 128
|
|
Packit |
b00eeb |
ub-organization-name INTEGER ::= 64
|
|
Packit |
b00eeb |
ub-organizational-unit-name INTEGER ::= 64
|
|
Packit |
b00eeb |
ub-title INTEGER ::= 64
|
|
Packit |
b00eeb |
ub-match INTEGER ::= 128
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
ub-emailaddress-length INTEGER ::= 128
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
ub-common-name-length INTEGER ::= 64
|
|
Packit |
b00eeb |
ub-country-name-alpha-length INTEGER ::= 2
|
|
Packit |
b00eeb |
ub-country-name-numeric-length INTEGER ::= 3
|
|
Packit |
b00eeb |
ub-domain-defined-attributes INTEGER ::= 4
|
|
Packit |
b00eeb |
ub-domain-defined-attribute-type-length INTEGER ::= 8
|
|
Packit |
b00eeb |
ub-domain-defined-attribute-value-length INTEGER ::= 128
|
|
Packit |
b00eeb |
ub-domain-name-length INTEGER ::= 16
|
|
Packit |
b00eeb |
ub-extension-attributes INTEGER ::= 256
|
|
Packit |
b00eeb |
ub-e163-4-number-length INTEGER ::= 15
|
|
Packit |
b00eeb |
ub-e163-4-sub-address-length INTEGER ::= 40
|
|
Packit |
b00eeb |
ub-generation-qualifier-length INTEGER ::= 3
|
|
Packit |
b00eeb |
ub-given-name-length INTEGER ::= 16
|
|
Packit |
b00eeb |
ub-initials-length INTEGER ::= 5
|
|
Packit |
b00eeb |
ub-integer-options INTEGER ::= 256
|
|
Packit |
b00eeb |
ub-numeric-user-id-length INTEGER ::= 32
|
|
Packit |
b00eeb |
ub-organization-name-length INTEGER ::= 64
|
|
Packit |
b00eeb |
ub-organizational-unit-name-length INTEGER ::= 32
|
|
Packit |
b00eeb |
ub-organizational-units INTEGER ::= 4
|
|
Packit |
b00eeb |
ub-pds-name-length INTEGER ::= 16
|
|
Packit |
b00eeb |
ub-pds-parameter-length INTEGER ::= 30
|
|
Packit |
b00eeb |
ub-pds-physical-address-lines INTEGER ::= 6
|
|
Packit |
b00eeb |
ub-postal-code-length INTEGER ::= 16
|
|
Packit |
b00eeb |
ub-surname-length INTEGER ::= 40
|
|
Packit |
b00eeb |
ub-terminal-id-length INTEGER ::= 24
|
|
Packit |
b00eeb |
ub-unformatted-address-length INTEGER ::= 180
|
|
Packit |
b00eeb |
ub-x121-address-length INTEGER ::= 16
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
-- Note - upper bounds on string types, such as TeletexString, are
|
|
Packit |
b00eeb |
-- measured in characters. Excepting PrintableString or IA5String, a
|
|
Packit |
b00eeb |
-- significantly greater number of octets will be required to hold
|
|
Packit |
b00eeb |
-- such a value. As a minimum, 16 octets, or twice the specified upper
|
|
Packit |
b00eeb |
-- bound, whichever is the larger, should be allowed for TeletexString.
|
|
Packit |
b00eeb |
-- For UTF8String or UniversalString at least four times the upper
|
|
Packit |
b00eeb |
-- bound should be allowed.
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
-- END of PKIX1Implicit88
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
-- BEGIN of RFC2630
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
-- Cryptographic Message Syntax
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
pkcs-7-ContentInfo ::= SEQUENCE {
|
|
Packit |
b00eeb |
contentType pkcs-7-ContentType,
|
|
Packit |
b00eeb |
content [0] EXPLICIT ANY DEFINED BY contentType }
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
pkcs-7-DigestInfo ::= SEQUENCE {
|
|
Packit |
b00eeb |
digestAlgorithm pkcs-7-DigestAlgorithmIdentifier,
|
|
Packit |
b00eeb |
digest pkcs-7-Digest
|
|
Packit |
b00eeb |
}
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
pkcs-7-Digest ::= OCTET STRING
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
pkcs-7-ContentType ::= OBJECT IDENTIFIER
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
pkcs-7-SignedData ::= SEQUENCE {
|
|
Packit |
b00eeb |
version pkcs-7-CMSVersion,
|
|
Packit |
b00eeb |
digestAlgorithms pkcs-7-DigestAlgorithmIdentifiers,
|
|
Packit |
b00eeb |
encapContentInfo pkcs-7-EncapsulatedContentInfo,
|
|
Packit |
b00eeb |
certificates [0] IMPLICIT pkcs-7-CertificateSet OPTIONAL,
|
|
Packit |
b00eeb |
crls [1] IMPLICIT pkcs-7-CertificateRevocationLists OPTIONAL,
|
|
Packit |
b00eeb |
signerInfos pkcs-7-SignerInfos
|
|
Packit |
b00eeb |
}
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
pkcs-7-CMSVersion ::= INTEGER { v0(0), v1(1), v2(2), v3(3), v4(4) }
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
pkcs-7-DigestAlgorithmIdentifiers ::= SET OF pkcs-7-DigestAlgorithmIdentifier
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
pkcs-7-DigestAlgorithmIdentifier ::= AlgorithmIdentifier
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
pkcs-7-EncapsulatedContentInfo ::= SEQUENCE {
|
|
Packit |
b00eeb |
eContentType pkcs-7-ContentType,
|
|
Packit |
b00eeb |
eContent [0] EXPLICIT OCTET STRING OPTIONAL }
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
-- We don't use CertificateList here since we only want
|
|
Packit |
b00eeb |
-- to read the raw data.
|
|
Packit |
b00eeb |
pkcs-7-CertificateRevocationLists ::= SET OF ANY
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
pkcs-7-CertificateChoices ::= CHOICE {
|
|
Packit |
b00eeb |
-- Although the paper uses Certificate type, we
|
|
Packit |
b00eeb |
-- don't use it since, we don't need to parse it.
|
|
Packit |
b00eeb |
-- We only need to read and store it.
|
|
Packit |
b00eeb |
certificate ANY
|
|
Packit |
b00eeb |
}
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
pkcs-7-CertificateSet ::= SET OF pkcs-7-CertificateChoices
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
pkcs-7-SignerInfos ::= SET OF ANY -- this is not correct but we don't use it
|
|
Packit |
b00eeb |
-- anyway
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
-- BEGIN of RFC2986
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
-- Certificate requests
|
|
Packit |
b00eeb |
pkcs-10-CertificationRequestInfo ::= SEQUENCE {
|
|
Packit |
b00eeb |
version INTEGER { v1(0) },
|
|
Packit |
b00eeb |
subject Name,
|
|
Packit |
b00eeb |
subjectPKInfo SubjectPublicKeyInfo,
|
|
Packit |
b00eeb |
attributes [0] Attributes
|
|
Packit |
b00eeb |
}
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
Attributes ::= SET OF Attribute
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
pkcs-10-CertificationRequest ::= SEQUENCE {
|
|
Packit |
b00eeb |
certificationRequestInfo pkcs-10-CertificationRequestInfo,
|
|
Packit |
b00eeb |
signatureAlgorithm AlgorithmIdentifier,
|
|
Packit |
b00eeb |
signature BIT STRING
|
|
Packit |
b00eeb |
}
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
-- stuff from PKCS#9
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
pkcs-9-ub-challengePassword INTEGER ::= 255
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
pkcs-9-certTypes OBJECT IDENTIFIER ::= {pkcs-9 22}
|
|
Packit |
b00eeb |
pkcs-9-crlTypes OBJECT IDENTIFIER ::= {pkcs-9 23}
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
pkcs-9-at-challengePassword OBJECT IDENTIFIER ::= {pkcs-9 7}
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
pkcs-9-challengePassword ::= CHOICE {
|
|
Packit |
b00eeb |
printableString PrintableString (SIZE (1..pkcs-9-ub-challengePassword)),
|
|
Packit |
b00eeb |
utf8String UTF8String (SIZE (1..pkcs-9-ub-challengePassword)) }
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
pkcs-9-at-localKeyId OBJECT IDENTIFIER ::= {pkcs-9 21}
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
pkcs-9-localKeyId ::= OCTET STRING
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
pkcs-9-at-friendlyName OBJECT IDENTIFIER ::= {pkcs-9 20}
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
pkcs-9-friendlyName ::= BMPString (SIZE (1..255))
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
-- PKCS #8 stuff
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
-- Private-key information syntax
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
pkcs-8-PrivateKeyInfo ::= SEQUENCE {
|
|
Packit |
b00eeb |
version pkcs-8-Version,
|
|
Packit |
b00eeb |
privateKeyAlgorithm AlgorithmIdentifier,
|
|
Packit |
b00eeb |
privateKey pkcs-8-PrivateKey,
|
|
Packit |
b00eeb |
attributes [0] Attributes OPTIONAL }
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
pkcs-8-Version ::= INTEGER {v1(0)}
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
pkcs-8-PrivateKey ::= OCTET STRING
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
pkcs-8-Attributes ::= SET OF Attribute
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
-- Encrypted private-key information syntax
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
pkcs-8-EncryptedPrivateKeyInfo ::= SEQUENCE {
|
|
Packit |
b00eeb |
encryptionAlgorithm AlgorithmIdentifier,
|
|
Packit |
b00eeb |
encryptedData pkcs-8-EncryptedData
|
|
Packit |
b00eeb |
}
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
pkcs-8-EncryptedData ::= OCTET STRING
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
-- PKCS #5 stuff
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
pkcs-5 OBJECT IDENTIFIER ::=
|
|
Packit |
b00eeb |
{ pkcs 5 }
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
pkcs-5-encryptionAlgorithm OBJECT IDENTIFIER ::=
|
|
Packit |
b00eeb |
{ iso(1) member-body(2) us(840) rsadsi(113549) 3 }
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
pkcs-5-des-EDE3-CBC OBJECT IDENTIFIER ::= {pkcs-5-encryptionAlgorithm 7}
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
pkcs-5-des-EDE3-CBC-params ::= OCTET STRING (SIZE(8))
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
pkcs-5-des-CBC-params ::= OCTET STRING (SIZE(8))
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
pkcs-5-rc2-CBC-params ::= SEQUENCE {
|
|
Packit |
b00eeb |
rc2ParameterVersion INTEGER OPTIONAL,
|
|
Packit |
b00eeb |
iv OCTET STRING (SIZE(8))
|
|
Packit |
b00eeb |
}
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
pkcs-5-PBE-params ::= SEQUENCE {
|
|
Packit |
b00eeb |
salt OCTET STRING (SIZE(8)),
|
|
Packit |
b00eeb |
iterationCount INTEGER
|
|
Packit |
b00eeb |
}
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
pkcs-5-id-PBES2 OBJECT IDENTIFIER ::= {pkcs-5 13}
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
pkcs-5-PBES2-params ::= SEQUENCE {
|
|
Packit |
b00eeb |
keyDerivationFunc AlgorithmIdentifier,
|
|
Packit |
b00eeb |
encryptionScheme AlgorithmIdentifier }
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
-- PBKDF2
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
pkcs-5-id-PBKDF2 OBJECT IDENTIFIER ::= {pkcs-5 12}
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
-- pkcs-5-id-hmacWithSHA1 OBJECT IDENTIFIER ::= {iso(1) member-body(2) us(840) rsadsi(113549) 2 7}
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
-- pkcs-5-algid-hmacWithSHA1 AlgorithmIdentifier ::=
|
|
Packit |
b00eeb |
-- {algorithm pkcs-5-id-hmacWithSHA1, parameters NULL : NULL}
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
pkcs-5-PBKDF2-params ::= SEQUENCE {
|
|
Packit |
b00eeb |
salt CHOICE {
|
|
Packit |
b00eeb |
specified OCTET STRING,
|
|
Packit |
b00eeb |
otherSource AlgorithmIdentifier
|
|
Packit |
b00eeb |
},
|
|
Packit |
b00eeb |
iterationCount INTEGER (1..MAX),
|
|
Packit |
b00eeb |
keyLength INTEGER (1..MAX) OPTIONAL,
|
|
Packit |
b00eeb |
prf AlgorithmIdentifier OPTIONAL -- DEFAULT pkcs-5-id-hmacWithSHA1
|
|
Packit |
b00eeb |
}
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
-- PKCS #12 stuff
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
pkcs-12 OBJECT IDENTIFIER ::= {pkcs 12}
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
pkcs-12-PFX ::= SEQUENCE {
|
|
Packit |
b00eeb |
version INTEGER {v3(3)},
|
|
Packit |
b00eeb |
authSafe pkcs-7-ContentInfo,
|
|
Packit |
b00eeb |
macData pkcs-12-MacData OPTIONAL
|
|
Packit |
b00eeb |
}
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
pkcs-12-PbeParams ::= SEQUENCE {
|
|
Packit |
b00eeb |
salt OCTET STRING,
|
|
Packit |
b00eeb |
iterations INTEGER
|
|
Packit |
b00eeb |
}
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
pkcs-12-MacData ::= SEQUENCE {
|
|
Packit |
b00eeb |
mac pkcs-7-DigestInfo,
|
|
Packit |
b00eeb |
macSalt OCTET STRING,
|
|
Packit |
b00eeb |
iterations INTEGER DEFAULT 1
|
|
Packit |
b00eeb |
-- Note: The default is for historical reasons and its use is
|
|
Packit |
b00eeb |
-- deprecated. A higher value, like 1024 is recommended.
|
|
Packit |
b00eeb |
}
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
pkcs-12-AuthenticatedSafe ::= SEQUENCE OF pkcs-7-ContentInfo
|
|
Packit |
b00eeb |
-- Data if unencrypted
|
|
Packit |
b00eeb |
-- EncryptedData if password-encrypted
|
|
Packit |
b00eeb |
-- EnvelopedData if public key-encrypted
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
pkcs-12-SafeContents ::= SEQUENCE OF pkcs-12-SafeBag
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
pkcs-12-SafeBag ::= SEQUENCE {
|
|
Packit |
b00eeb |
bagId OBJECT IDENTIFIER,
|
|
Packit |
b00eeb |
bagValue [0] EXPLICIT ANY DEFINED BY badId,
|
|
Packit |
b00eeb |
bagAttributes SET OF pkcs-12-PKCS12Attribute OPTIONAL
|
|
Packit |
b00eeb |
}
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
-- Bag types
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
pkcs-12-bagtypes OBJECT IDENTIFIER ::= {pkcs-12 10 1}
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
pkcs-12-keyBag OBJECT IDENTIFIER ::= {pkcs-12-bagtypes 1}
|
|
Packit |
b00eeb |
pkcs-12-pkcs8ShroudedKeyBag OBJECT IDENTIFIER ::= {pkcs-12-bagtypes 2}
|
|
Packit |
b00eeb |
pkcs-12-certBag OBJECT IDENTIFIER ::= {pkcs-12-bagtypes 3}
|
|
Packit |
b00eeb |
pkcs-12-crlBag OBJECT IDENTIFIER ::= {pkcs-12-bagtypes 4}
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
pkcs-12-KeyBag ::= pkcs-8-PrivateKeyInfo
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
-- Shrouded KeyBag
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
pkcs-12-PKCS8ShroudedKeyBag ::= pkcs-8-EncryptedPrivateKeyInfo
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
-- CertBag
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
pkcs-12-CertBag ::= SEQUENCE {
|
|
Packit |
b00eeb |
certId OBJECT IDENTIFIER,
|
|
Packit |
b00eeb |
certValue [0] EXPLICIT ANY DEFINED BY certId
|
|
Packit |
b00eeb |
}
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
-- x509Certificate BAG-TYPE ::= {OCTET STRING IDENTIFIED BY {pkcs-9-certTypes 1}}
|
|
Packit |
b00eeb |
-- DER-encoded X.509 certificate stored in OCTET STRING
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
pkcs-12-CRLBag ::= SEQUENCE {
|
|
Packit |
b00eeb |
crlId OBJECT IDENTIFIER,
|
|
Packit |
b00eeb |
crlValue [0] EXPLICIT ANY DEFINED BY crlId
|
|
Packit |
b00eeb |
}
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
-- x509CRL BAG-TYPE ::=
|
|
Packit |
b00eeb |
-- {OCTET STRING IDENTIFIED BY {pkcs-9-crlTypes 1}}
|
|
Packit |
b00eeb |
-- DER-encoded X.509 CRL stored in OCTET STRING
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
pkcs-12-PKCS12Attribute ::= Attribute
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
-- PKCS #7 stuff (needed in PKCS 12)
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
pkcs-7-data OBJECT IDENTIFIER ::= { iso(1) member-body(2)
|
|
Packit |
b00eeb |
us(840) rsadsi(113549) pkcs(1) pkcs7(7) 1 }
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
pkcs-7-encryptedData OBJECT IDENTIFIER ::= { iso(1) member-body(2)
|
|
Packit |
b00eeb |
us(840) rsadsi(113549) pkcs(1) pkcs7(7) 6 }
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
pkcs-7-Data ::= OCTET STRING
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
pkcs-7-EncryptedData ::= SEQUENCE {
|
|
Packit |
b00eeb |
version pkcs-7-CMSVersion,
|
|
Packit |
b00eeb |
encryptedContentInfo pkcs-7-EncryptedContentInfo,
|
|
Packit |
b00eeb |
unprotectedAttrs [1] IMPLICIT pkcs-7-UnprotectedAttributes OPTIONAL }
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
pkcs-7-EncryptedContentInfo ::= SEQUENCE {
|
|
Packit |
b00eeb |
contentType pkcs-7-ContentType,
|
|
Packit |
b00eeb |
contentEncryptionAlgorithm pkcs-7-ContentEncryptionAlgorithmIdentifier,
|
|
Packit |
b00eeb |
encryptedContent [0] IMPLICIT pkcs-7-EncryptedContent OPTIONAL }
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
pkcs-7-ContentEncryptionAlgorithmIdentifier ::= AlgorithmIdentifier
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
pkcs-7-EncryptedContent ::= OCTET STRING
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
pkcs-7-UnprotectedAttributes ::= SET SIZE (1..MAX) OF Attribute
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
-- LDAP stuff
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
id-at-domainComponent AttributeType ::= { 0 9 2342 19200300 100 1 25 }
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
domainComponent ::= IA5String
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
id-at-userId AttributeType ::= { 0 9 2342 19200300 100 1 1 }
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
userId ::= DirectoryString
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
-- rfc3039
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
id-pda OBJECT IDENTIFIER ::= { id-pkix 9 }
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
id-pda-dateOfBirth AttributeType ::= { id-pda 1 }
|
|
Packit |
b00eeb |
DateOfBirth ::= GeneralizedTime
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
id-pda-placeOfBirth AttributeType ::= { id-pda 2 }
|
|
Packit |
b00eeb |
PlaceOfBirth ::= DirectoryString
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
id-pda-gender AttributeType ::= { id-pda 3 }
|
|
Packit |
b00eeb |
Gender ::= PrintableString (SIZE(1))
|
|
Packit |
b00eeb |
-- "M", "F", "m" or "f"
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
id-pda-countryOfCitizenship AttributeType ::= { id-pda 4 }
|
|
Packit |
b00eeb |
CountryOfCitizenship ::= PrintableString (SIZE (2))
|
|
Packit |
b00eeb |
-- ISO 3166 Country Code
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
id-pda-countryOfResidence AttributeType ::= { id-pda 5 }
|
|
Packit |
b00eeb |
CountryOfResidence ::= PrintableString (SIZE (2))
|
|
Packit |
b00eeb |
-- ISO 3166 Country Code
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
-- spkac: added by gnome-keyring
|
|
Packit |
b00eeb |
-- http://dev.w3.org/html5/spec/Overview.html
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
PublicKeyAndChallenge ::= SEQUENCE {
|
|
Packit |
b00eeb |
spki SubjectPublicKeyInfo,
|
|
Packit |
b00eeb |
challenge IA5String
|
|
Packit |
b00eeb |
}
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
SignedPublicKeyAndChallenge ::= SEQUENCE {
|
|
Packit |
b00eeb |
publicKeyAndChallenge PublicKeyAndChallenge,
|
|
Packit |
b00eeb |
signatureAlgorithm AlgorithmIdentifier,
|
|
Packit |
b00eeb |
signature BIT STRING
|
|
Packit |
b00eeb |
}
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
-- pkcs-9 extension requests: added by gnome-keyring
|
|
Packit |
b00eeb |
-- http://mirror.switch.ch/ftp/doc/standard/pkcs/pkcs-9/pkcs-9.txt
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
ExtensionRequest ::= SEQUENCE OF Extension
|
|
Packit |
b00eeb |
|
|
Packit |
b00eeb |
END
|