|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
PKIX1 { }
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
DEFINITIONS IMPLICIT TAGS ::=
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
BEGIN
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
-- This contains both PKIX1Implicit88 and RFC2630 ASN.1 modules.
|
|
Packit Service |
4684c1 |
-- ISO arc for standard certificate and CRL extensions
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
-- authority key identifier OID and syntax
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
PrivateKeyUsagePeriod ::= SEQUENCE {
|
|
Packit Service |
4684c1 |
notBefore [0] GeneralizedTime OPTIONAL,
|
|
Packit Service |
4684c1 |
notAfter [1] GeneralizedTime OPTIONAL }
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
AuthorityKeyIdentifier ::= SEQUENCE {
|
|
Packit Service |
4684c1 |
keyIdentifier [0] OCTET STRING OPTIONAL, --KeyIdentifier
|
|
Packit Service |
4684c1 |
authorityCertIssuer [1] GeneralNames OPTIONAL,
|
|
Packit Service |
4684c1 |
authorityCertSerialNumber [2] CertificateSerialNumber OPTIONAL }
|
|
Packit Service |
4684c1 |
-- authorityCertIssuer and authorityCertSerialNumber shall both
|
|
Packit Service |
4684c1 |
-- be present or both be absgent
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
-- subject key identifier OID and syntax
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
SubjectKeyIdentifier ::= OCTET STRING
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
-- key usage extension OID and syntax
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
KeyUsage ::= BIT STRING
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
-- Directory string type --
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
DirectoryString ::= CHOICE {
|
|
Packit Service |
4684c1 |
teletexString TeletexString (SIZE (1..MAX)),
|
|
Packit Service |
4684c1 |
printableString PrintableString (SIZE (1..MAX)),
|
|
Packit Service |
4684c1 |
universalString UniversalString (SIZE (1..MAX)),
|
|
Packit Service |
4684c1 |
utf8String UTF8String (SIZE (1..MAX)),
|
|
Packit Service |
4684c1 |
bmpString BMPString (SIZE(1..MAX)),
|
|
Packit Service |
4684c1 |
-- IA5String is added here to handle old UID encoded as ia5String --
|
|
Packit Service |
4684c1 |
-- See tests/userid/ for more information. It shouldn't be here, --
|
|
Packit Service |
4684c1 |
-- so if it causes problems, considering dropping it. --
|
|
Packit Service |
4684c1 |
ia5String IA5String (SIZE(1..MAX)) }
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
SubjectAltName ::= GeneralNames
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
GeneralNames ::= SEQUENCE SIZE (1..MAX) OF GeneralName
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
GeneralName ::= CHOICE {
|
|
Packit Service |
4684c1 |
otherName [0] AnotherName,
|
|
Packit Service |
4684c1 |
rfc822Name [1] IA5String,
|
|
Packit Service |
4684c1 |
dNSName [2] IA5String,
|
|
Packit Service |
4684c1 |
x400Address [3] ANY,
|
|
Packit Service |
4684c1 |
-- Changed to work with the libtasn1 parser.
|
|
Packit Service |
4684c1 |
directoryName [4] EXPLICIT SEQUENCE OF RelativeDistinguishedName, --Name,
|
|
Packit Service |
4684c1 |
ediPartyName [5] ANY, --EDIPartyName replaced by ANY to save memory
|
|
Packit Service |
4684c1 |
uniformResourceIdentifier [6] IA5String,
|
|
Packit Service |
4684c1 |
iPAddress [7] OCTET STRING,
|
|
Packit Service |
4684c1 |
registeredID [8] OBJECT IDENTIFIER }
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
-- AnotherName replaces OTHER-NAME ::= TYPE-IDENTIFIER, as
|
|
Packit Service |
4684c1 |
-- TYPE-IDENTIFIER is not supported in the '88 ASN.1 syntax
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
AnotherName ::= SEQUENCE {
|
|
Packit Service |
4684c1 |
type-id OBJECT IDENTIFIER,
|
|
Packit Service |
4684c1 |
value [0] EXPLICIT ANY DEFINED BY type-id }
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
-- issuer alternative name extension OID and syntax
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
IssuerAltName ::= GeneralNames
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
-- basic constraints extension OID and syntax
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
BasicConstraints ::= SEQUENCE {
|
|
Packit Service |
4684c1 |
cA BOOLEAN DEFAULT FALSE,
|
|
Packit Service |
4684c1 |
pathLenConstraint INTEGER (0..MAX) OPTIONAL }
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
-- CRL distribution points extension OID and syntax
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
CRLDistributionPoints ::= SEQUENCE SIZE (1..MAX) OF DistributionPoint
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
DistributionPoint ::= SEQUENCE {
|
|
Packit Service |
4684c1 |
distributionPoint [0] EXPLICIT DistributionPointName OPTIONAL,
|
|
Packit Service |
4684c1 |
reasons [1] ReasonFlags OPTIONAL,
|
|
Packit Service |
4684c1 |
cRLIssuer [2] GeneralNames OPTIONAL
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
DistributionPointName ::= CHOICE {
|
|
Packit Service |
4684c1 |
fullName [0] GeneralNames,
|
|
Packit Service |
4684c1 |
nameRelativeToCRLIssuer [1] RelativeDistinguishedName
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
ReasonFlags ::= BIT STRING
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
-- extended key usage extension OID and syntax
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
ExtKeyUsageSyntax ::= SEQUENCE SIZE (1..MAX) OF OBJECT IDENTIFIER --ExtKeyUsageSyntax
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
-- authority info access
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
AuthorityInfoAccessSyntax ::=
|
|
Packit Service |
4684c1 |
SEQUENCE SIZE (1..MAX) OF AccessDescription
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
AccessDescription ::= SEQUENCE {
|
|
Packit Service |
4684c1 |
accessMethod OBJECT IDENTIFIER,
|
|
Packit Service |
4684c1 |
accessLocation GeneralName }
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
-- CRL number extension OID and syntax
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
-- CRLNumber ::= INTEGER (0..MAX)
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
-- certificate issuer CRL entry extension OID and syntax
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
-- CertificateIssuer ::= GeneralNames
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
-- --------------------------------------
|
|
Packit Service |
4684c1 |
-- EXPLICIT
|
|
Packit Service |
4684c1 |
-- --------------------------------------
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
-- attribute data types --
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
Attribute ::= SEQUENCE {
|
|
Packit Service |
4684c1 |
type OBJECT IDENTIFIER, -- AttributeType
|
|
Packit Service |
4684c1 |
values SET OF ANY -- AttributeValue
|
|
Packit Service |
4684c1 |
-- at least one value is required --
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
-- AttributeType ::= OBJECT IDENTIFIER
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
-- AttributeValue ::= ANY DEFINED BY type
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
AttributeTypeAndValue ::= SEQUENCE {
|
|
Packit Service |
4684c1 |
type OBJECT IDENTIFIER, -- AttributeType
|
|
Packit Service |
4684c1 |
value ANY } -- AttributeValue
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
Name ::= CHOICE { -- only one possibility for now --
|
|
Packit Service |
4684c1 |
rdnSequence SEQUENCE OF RelativeDistinguishedName }
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
DistinguishedName ::= SEQUENCE OF RelativeDistinguishedName -- RDNSequence
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
RelativeDistinguishedName ::=
|
|
Packit Service |
4684c1 |
SET SIZE (1 .. MAX) OF AttributeTypeAndValue
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
-- --------------------------------------------------------
|
|
Packit Service |
4684c1 |
-- certificate and CRL specific structures begin here
|
|
Packit Service |
4684c1 |
-- --------------------------------------------------------
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
Certificate ::= SEQUENCE {
|
|
Packit Service |
4684c1 |
tbsCertificate TBSCertificate,
|
|
Packit Service |
4684c1 |
signatureAlgorithm AlgorithmIdentifier,
|
|
Packit Service |
4684c1 |
signature BIT STRING }
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
TBSCertificate ::= SEQUENCE {
|
|
Packit Service |
4684c1 |
version [0] EXPLICIT INTEGER DEFAULT 0,
|
|
Packit Service |
4684c1 |
serialNumber CertificateSerialNumber,
|
|
Packit Service |
4684c1 |
signature AlgorithmIdentifier,
|
|
Packit Service |
4684c1 |
issuer Name,
|
|
Packit Service |
4684c1 |
validity Validity,
|
|
Packit Service |
4684c1 |
subject Name,
|
|
Packit Service |
4684c1 |
subjectPublicKeyInfo SubjectPublicKeyInfo,
|
|
Packit Service |
4684c1 |
issuerUniqueID [1] IMPLICIT UniqueIdentifier OPTIONAL,
|
|
Packit Service |
4684c1 |
-- If present, version shall be v2 or v3
|
|
Packit Service |
4684c1 |
subjectUniqueID [2] IMPLICIT UniqueIdentifier OPTIONAL,
|
|
Packit Service |
4684c1 |
-- If present, version shall be v2 or v3
|
|
Packit Service |
4684c1 |
extensions [3] EXPLICIT Extensions OPTIONAL
|
|
Packit Service |
4684c1 |
-- If present, version shall be v3 --
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
CertificateSerialNumber ::= INTEGER
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
Validity ::= SEQUENCE {
|
|
Packit Service |
4684c1 |
notBefore Time,
|
|
Packit Service |
4684c1 |
notAfter Time }
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
Time ::= CHOICE {
|
|
Packit Service |
4684c1 |
utcTime UTCTime,
|
|
Packit Service |
4684c1 |
generalTime GeneralizedTime }
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
UniqueIdentifier ::= BIT STRING
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
SubjectPublicKeyInfo ::= SEQUENCE {
|
|
Packit Service |
4684c1 |
algorithm AlgorithmIdentifier,
|
|
Packit Service |
4684c1 |
subjectPublicKey BIT STRING }
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
Extensions ::= SEQUENCE SIZE (1..MAX) OF Extension
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
Extension ::= SEQUENCE {
|
|
Packit Service |
4684c1 |
extnID OBJECT IDENTIFIER,
|
|
Packit Service |
4684c1 |
critical BOOLEAN DEFAULT FALSE,
|
|
Packit Service |
4684c1 |
extnValue OCTET STRING }
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
-- ------------------------------------------
|
|
Packit Service |
4684c1 |
-- CRL structures
|
|
Packit Service |
4684c1 |
-- ------------------------------------------
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
CertificateList ::= SEQUENCE {
|
|
Packit Service |
4684c1 |
tbsCertList TBSCertList,
|
|
Packit Service |
4684c1 |
signatureAlgorithm AlgorithmIdentifier,
|
|
Packit Service |
4684c1 |
signature BIT STRING }
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
TBSCertList ::= SEQUENCE {
|
|
Packit Service |
4684c1 |
version INTEGER OPTIONAL,
|
|
Packit Service |
4684c1 |
-- if present, shall be v2
|
|
Packit Service |
4684c1 |
signature AlgorithmIdentifier,
|
|
Packit Service |
4684c1 |
issuer Name,
|
|
Packit Service |
4684c1 |
thisUpdate Time,
|
|
Packit Service |
4684c1 |
nextUpdate Time OPTIONAL,
|
|
Packit Service |
4684c1 |
revokedCertificates SEQUENCE OF SEQUENCE {
|
|
Packit Service |
4684c1 |
userCertificate CertificateSerialNumber,
|
|
Packit Service |
4684c1 |
revocationDate Time,
|
|
Packit Service |
4684c1 |
crlEntryExtensions Extensions OPTIONAL
|
|
Packit Service |
4684c1 |
-- if present, shall be v2
|
|
Packit Service |
4684c1 |
} OPTIONAL,
|
|
Packit Service |
4684c1 |
crlExtensions [0] EXPLICIT Extensions OPTIONAL
|
|
Packit Service |
4684c1 |
-- if present, shall be v2 --
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
-- Version, Time, CertificateSerialNumber, and Extensions were
|
|
Packit Service |
4684c1 |
-- defined earlier for use in the certificate structure
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
AlgorithmIdentifier ::= SEQUENCE {
|
|
Packit Service |
4684c1 |
algorithm OBJECT IDENTIFIER,
|
|
Packit Service |
4684c1 |
parameters ANY DEFINED BY algorithm OPTIONAL }
|
|
Packit Service |
4684c1 |
-- contains a value of the type
|
|
Packit Service |
4684c1 |
-- registered for use with the
|
|
Packit Service |
4684c1 |
-- algorithm object identifier value
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
-- Algorithm OIDs and parameter structures
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
Dss-Sig-Value ::= SEQUENCE {
|
|
Packit Service |
4684c1 |
r INTEGER,
|
|
Packit Service |
4684c1 |
s INTEGER
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
Dss-Parms ::= SEQUENCE {
|
|
Packit Service |
4684c1 |
p INTEGER,
|
|
Packit Service |
4684c1 |
q INTEGER,
|
|
Packit Service |
4684c1 |
g INTEGER }
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
-- Extension types and attribute values
|
|
Packit Service |
4684c1 |
--
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
-- END of PKIX1Implicit88
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
-- BEGIN of RFC2630
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
-- Cryptographic Message Syntax
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
pkcs-7-ContentInfo ::= SEQUENCE {
|
|
Packit Service |
4684c1 |
contentType OBJECT IDENTIFIER,
|
|
Packit Service |
4684c1 |
content [0] EXPLICIT ANY DEFINED BY contentType }
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
pkcs-7-DigestInfo ::= SEQUENCE {
|
|
Packit Service |
4684c1 |
digestAlgorithm AlgorithmIdentifier,
|
|
Packit Service |
4684c1 |
digest OCTET STRING
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
pkcs-7-SignedData ::= SEQUENCE {
|
|
Packit Service |
4684c1 |
version INTEGER,
|
|
Packit Service |
4684c1 |
digestAlgorithms pkcs-7-DigestAlgorithmIdentifiers,
|
|
Packit Service |
4684c1 |
encapContentInfo pkcs-7-EncapsulatedContentInfo,
|
|
Packit Service |
4684c1 |
certificates [0] IMPLICIT pkcs-7-CertificateSet OPTIONAL,
|
|
Packit Service |
4684c1 |
crls [1] IMPLICIT pkcs-7-CertificateRevocationLists OPTIONAL,
|
|
Packit Service |
4684c1 |
signerInfos pkcs-7-SignerInfos
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
pkcs-7-DigestAlgorithmIdentifiers ::= SET OF AlgorithmIdentifier
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
-- rfc5652: eContent [0] EXPLICIT OCTET STRING OPTIONAL
|
|
Packit Service |
4684c1 |
-- rfc2315: content [0] EXPLICIT ANY DEFINED BY contentType OPTIONAL
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
pkcs-7-EncapsulatedContentInfo ::= SEQUENCE {
|
|
Packit Service |
4684c1 |
eContentType OBJECT IDENTIFIER,
|
|
Packit Service |
4684c1 |
eContent [0] EXPLICIT ANY OPTIONAL }
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
-- We don't use CertificateList here since we only want
|
|
Packit Service |
4684c1 |
-- to read the raw data.
|
|
Packit Service |
4684c1 |
pkcs-7-CertificateRevocationLists ::= SET OF ANY
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
pkcs-7-CertificateChoices ::= CHOICE {
|
|
Packit Service |
4684c1 |
-- Although the paper uses Certificate type, we
|
|
Packit Service |
4684c1 |
-- don't use it since, we don't need to parse it.
|
|
Packit Service |
4684c1 |
-- We only need to read and store it.
|
|
Packit Service |
4684c1 |
certificate ANY
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
pkcs-7-CertificateSet ::= SET OF pkcs-7-CertificateChoices
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
IssuerAndSerialNumber ::= SEQUENCE {
|
|
Packit Service |
4684c1 |
issuer Name,
|
|
Packit Service |
4684c1 |
serialNumber CertificateSerialNumber
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
pkcs-7-SignerInfo ::= SEQUENCE {
|
|
Packit Service |
4684c1 |
version INTEGER,
|
|
Packit Service |
4684c1 |
sid SignerIdentifier,
|
|
Packit Service |
4684c1 |
digestAlgorithm AlgorithmIdentifier,
|
|
Packit Service |
4684c1 |
signedAttrs [0] IMPLICIT SignedAttributes OPTIONAL,
|
|
Packit Service |
4684c1 |
signatureAlgorithm AlgorithmIdentifier,
|
|
Packit Service |
4684c1 |
signature OCTET STRING,
|
|
Packit Service |
4684c1 |
unsignedAttrs [1] IMPLICIT SignedAttributes OPTIONAL }
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
SignedAttributes ::= SET SIZE (1..MAX) OF Attribute
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
SignerIdentifier ::= CHOICE {
|
|
Packit Service |
4684c1 |
issuerAndSerialNumber IssuerAndSerialNumber,
|
|
Packit Service |
4684c1 |
subjectKeyIdentifier [0] OCTET STRING
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
pkcs-7-SignerInfos ::= SET OF pkcs-7-SignerInfo
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
-- BEGIN of RFC2986
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
-- Certificate requests
|
|
Packit Service |
4684c1 |
pkcs-10-CertificationRequestInfo ::= SEQUENCE {
|
|
Packit Service |
4684c1 |
version INTEGER,
|
|
Packit Service |
4684c1 |
subject Name,
|
|
Packit Service |
4684c1 |
subjectPKInfo SubjectPublicKeyInfo,
|
|
Packit Service |
4684c1 |
attributes [0] Attributes
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
Attributes ::= SET OF Attribute
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
pkcs-10-CertificationRequest ::= SEQUENCE {
|
|
Packit Service |
4684c1 |
certificationRequestInfo pkcs-10-CertificationRequestInfo,
|
|
Packit Service |
4684c1 |
signatureAlgorithm AlgorithmIdentifier,
|
|
Packit Service |
4684c1 |
signature BIT STRING
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
-- stuff from PKCS#9
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
pkcs-9-at-challengePassword OBJECT IDENTIFIER ::= {iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) 9 7}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
pkcs-9-challengePassword ::= CHOICE {
|
|
Packit Service |
4684c1 |
printableString PrintableString,
|
|
Packit Service |
4684c1 |
utf8String UTF8String }
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
pkcs-9-localKeyId ::= OCTET STRING
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
-- PKCS #8 stuff
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
-- Private-key information syntax
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
pkcs-8-PrivateKeyInfo ::= SEQUENCE {
|
|
Packit Service |
4684c1 |
version INTEGER,
|
|
Packit Service |
4684c1 |
privateKeyAlgorithm AlgorithmIdentifier,
|
|
Packit Service |
4684c1 |
privateKey OCTET STRING,
|
|
Packit Service |
4684c1 |
attributes [0] Attributes OPTIONAL }
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
-- Encrypted private-key information syntax
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
pkcs-8-EncryptedPrivateKeyInfo ::= SEQUENCE {
|
|
Packit Service |
4684c1 |
encryptionAlgorithm AlgorithmIdentifier,
|
|
Packit Service |
4684c1 |
encryptedData pkcs-8-EncryptedData
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
pkcs-8-EncryptedData ::= OCTET STRING
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
-- PKCS #5 stuff
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
pkcs-5-des-CBC-params ::= OCTET STRING (SIZE(8))
|
|
Packit Service |
4684c1 |
pkcs-5-des-EDE3-CBC-params ::= OCTET STRING (SIZE(8))
|
|
Packit Service |
4684c1 |
pkcs-5-aes128-CBC-params ::= OCTET STRING (SIZE(16))
|
|
Packit Service |
4684c1 |
pkcs-5-aes192-CBC-params ::= OCTET STRING (SIZE(16))
|
|
Packit Service |
4684c1 |
pkcs-5-aes256-CBC-params ::= OCTET STRING (SIZE(16))
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
-- GOST extension
|
|
Packit Service |
4684c1 |
Gost28147-89-Parameters ::= SEQUENCE {
|
|
Packit Service |
4684c1 |
iv OCTET STRING, -- (SIZE (8))
|
|
Packit Service |
4684c1 |
encryptionParamSet OBJECT IDENTIFIER
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
pkcs-5-PBE-params ::= SEQUENCE {
|
|
Packit Service |
4684c1 |
salt OCTET STRING,
|
|
Packit Service |
4684c1 |
iterationCount INTEGER }
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
pkcs-5-PBES2-params ::= SEQUENCE {
|
|
Packit Service |
4684c1 |
keyDerivationFunc AlgorithmIdentifier,
|
|
Packit Service |
4684c1 |
encryptionScheme AlgorithmIdentifier }
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
-- PBKDF2
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
-- pkcs-5-algid-hmacWithSHA1 AlgorithmIdentifier ::=
|
|
Packit Service |
4684c1 |
-- {algorithm pkcs-5-id-hmacWithSHA1, parameters NULL : NULL}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
pkcs-5-PBKDF2-params ::= SEQUENCE {
|
|
Packit Service |
4684c1 |
salt CHOICE {
|
|
Packit Service |
4684c1 |
specified OCTET STRING,
|
|
Packit Service |
4684c1 |
otherSource AlgorithmIdentifier
|
|
Packit Service |
4684c1 |
},
|
|
Packit Service |
4684c1 |
iterationCount INTEGER (1..MAX),
|
|
Packit Service |
4684c1 |
keyLength INTEGER (1..MAX) OPTIONAL,
|
|
Packit Service |
4684c1 |
prf AlgorithmIdentifier OPTIONAL -- DEFAULT pkcs-5-id-hmacWithSHA1
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
-- PKCS #12 stuff
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
pkcs-12-PFX ::= SEQUENCE {
|
|
Packit Service |
4684c1 |
version INTEGER {v3(3)},
|
|
Packit Service |
4684c1 |
authSafe pkcs-7-ContentInfo,
|
|
Packit Service |
4684c1 |
macData pkcs-12-MacData OPTIONAL
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
pkcs-12-PbeParams ::= SEQUENCE {
|
|
Packit Service |
4684c1 |
salt OCTET STRING,
|
|
Packit Service |
4684c1 |
iterations INTEGER
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
pkcs-12-MacData ::= SEQUENCE {
|
|
Packit Service |
4684c1 |
mac pkcs-7-DigestInfo,
|
|
Packit Service |
4684c1 |
macSalt OCTET STRING,
|
|
Packit Service |
4684c1 |
iterations INTEGER DEFAULT 1
|
|
Packit Service |
4684c1 |
-- Note: The default is for historical reasons and its use is
|
|
Packit Service |
4684c1 |
-- deprecated. A higher value, like 1024 is recommended.
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
pkcs-12-AuthenticatedSafe ::= SEQUENCE OF pkcs-7-ContentInfo
|
|
Packit Service |
4684c1 |
-- Data if unencrypted
|
|
Packit Service |
4684c1 |
-- EncryptedData if password-encrypted
|
|
Packit Service |
4684c1 |
-- EnvelopedData if public key-encrypted
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
pkcs-12-SafeContents ::= SEQUENCE OF pkcs-12-SafeBag
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
pkcs-12-SafeBag ::= SEQUENCE {
|
|
Packit Service |
4684c1 |
bagId OBJECT IDENTIFIER,
|
|
Packit Service |
4684c1 |
bagValue [0] EXPLICIT ANY DEFINED BY badId,
|
|
Packit Service |
4684c1 |
bagAttributes SET OF Attribute OPTIONAL
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
-- CertBag
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
pkcs-12-CertBag ::= SEQUENCE {
|
|
Packit Service |
4684c1 |
certId OBJECT IDENTIFIER,
|
|
Packit Service |
4684c1 |
certValue [0] EXPLICIT ANY DEFINED BY certId
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
-- x509Certificate BAG-TYPE ::= {OCTET STRING IDENTIFIED BY {pkcs-9-certTypes 1}}
|
|
Packit Service |
4684c1 |
-- DER-encoded X.509 certificate stored in OCTET STRING
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
pkcs-12-CRLBag ::= SEQUENCE {
|
|
Packit Service |
4684c1 |
crlId OBJECT IDENTIFIER,
|
|
Packit Service |
4684c1 |
crlValue [0] EXPLICIT ANY DEFINED BY crlId
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
pkcs-12-SecretBag ::= SEQUENCE {
|
|
Packit Service |
4684c1 |
secretTypeId OBJECT IDENTIFIER,
|
|
Packit Service |
4684c1 |
secretValue [0] EXPLICIT ANY DEFINED BY secretTypeId
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
-- x509CRL BAG-TYPE ::= {OCTET STRING IDENTIFIED BY {pkcs-9-crlTypes 1}}
|
|
Packit Service |
4684c1 |
-- DER-encoded X.509 CRL stored in OCTET STRING
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
-- PKCS #7 stuff (needed in PKCS 12)
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
pkcs-7-Data ::= OCTET STRING
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
pkcs-7-EncryptedData ::= SEQUENCE {
|
|
Packit Service |
4684c1 |
version INTEGER,
|
|
Packit Service |
4684c1 |
encryptedContentInfo pkcs-7-EncryptedContentInfo,
|
|
Packit Service |
4684c1 |
unprotectedAttrs [1] IMPLICIT pkcs-7-UnprotectedAttributes OPTIONAL }
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
pkcs-7-EncryptedContentInfo ::= SEQUENCE {
|
|
Packit Service |
4684c1 |
contentType OBJECT IDENTIFIER,
|
|
Packit Service |
4684c1 |
contentEncryptionAlgorithm pkcs-7-ContentEncryptionAlgorithmIdentifier,
|
|
Packit Service |
4684c1 |
encryptedContent [0] IMPLICIT OCTET STRING OPTIONAL }
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
pkcs-7-ContentEncryptionAlgorithmIdentifier ::= AlgorithmIdentifier
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
pkcs-7-UnprotectedAttributes ::= SET SIZE (1..MAX) OF Attribute
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
-- rfc3820
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
ProxyCertInfo ::= SEQUENCE {
|
|
Packit Service |
4684c1 |
pCPathLenConstraint INTEGER (0..MAX) OPTIONAL,
|
|
Packit Service |
4684c1 |
proxyPolicy ProxyPolicy }
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
ProxyPolicy ::= SEQUENCE {
|
|
Packit Service |
4684c1 |
policyLanguage OBJECT IDENTIFIER,
|
|
Packit Service |
4684c1 |
policy OCTET STRING OPTIONAL }
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
-- 2.5.29.32
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
certificatePolicies ::= SEQUENCE SIZE (1..MAX) OF PolicyInformation
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
PolicyInformation ::= SEQUENCE {
|
|
Packit Service |
4684c1 |
policyIdentifier OBJECT IDENTIFIER,
|
|
Packit Service |
4684c1 |
policyQualifiers SEQUENCE SIZE (1..MAX) OF PolicyQualifierInfo OPTIONAL }
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
PolicyQualifierInfo ::= SEQUENCE {
|
|
Packit Service |
4684c1 |
policyQualifierId OBJECT IDENTIFIER,
|
|
Packit Service |
4684c1 |
qualifier ANY DEFINED BY policyQualifierId }
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
CPSuri ::= IA5String
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
UserNotice ::= SEQUENCE {
|
|
Packit Service |
4684c1 |
noticeRef NoticeReference OPTIONAL,
|
|
Packit Service |
4684c1 |
explicitText DisplayText OPTIONAL }
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
NoticeReference ::= SEQUENCE {
|
|
Packit Service |
4684c1 |
organization DisplayText,
|
|
Packit Service |
4684c1 |
noticeNumbers SEQUENCE OF INTEGER }
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
DisplayText ::= CHOICE {
|
|
Packit Service |
4684c1 |
ia5String IA5String (SIZE (1..200)),
|
|
Packit Service |
4684c1 |
visibleString VisibleString (SIZE (1..200)),
|
|
Packit Service |
4684c1 |
bmpString BMPString (SIZE (1..200)),
|
|
Packit Service |
4684c1 |
utf8String UTF8String (SIZE (1..200)) }
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
-- rfc2560
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
OCSPRequest ::= SEQUENCE {
|
|
Packit Service |
4684c1 |
tbsRequest TBSRequest,
|
|
Packit Service |
4684c1 |
optionalSignature [0] EXPLICIT Signature OPTIONAL }
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
TBSRequest ::= SEQUENCE {
|
|
Packit Service |
4684c1 |
version [0] EXPLICIT INTEGER DEFAULT 0,
|
|
Packit Service |
4684c1 |
requestorName [1] EXPLICIT GeneralName OPTIONAL,
|
|
Packit Service |
4684c1 |
requestList SEQUENCE OF Request,
|
|
Packit Service |
4684c1 |
requestExtensions [2] EXPLICIT Extensions OPTIONAL }
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
Signature ::= SEQUENCE {
|
|
Packit Service |
4684c1 |
signatureAlgorithm AlgorithmIdentifier,
|
|
Packit Service |
4684c1 |
signature BIT STRING,
|
|
Packit Service |
4684c1 |
certs [0] EXPLICIT SEQUENCE OF Certificate OPTIONAL }
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
Request ::= SEQUENCE {
|
|
Packit Service |
4684c1 |
reqCert CertID,
|
|
Packit Service |
4684c1 |
singleRequestExtensions [0] EXPLICIT Extensions OPTIONAL }
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
CertID ::= SEQUENCE {
|
|
Packit Service |
4684c1 |
hashAlgorithm AlgorithmIdentifier,
|
|
Packit Service |
4684c1 |
issuerNameHash OCTET STRING, -- Hash of Issuer's DN
|
|
Packit Service |
4684c1 |
issuerKeyHash OCTET STRING, -- Hash of Issuers public key
|
|
Packit Service |
4684c1 |
serialNumber CertificateSerialNumber }
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
OCSPResponse ::= SEQUENCE {
|
|
Packit Service |
4684c1 |
responseStatus OCSPResponseStatus,
|
|
Packit Service |
4684c1 |
responseBytes [0] EXPLICIT ResponseBytes OPTIONAL }
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
OCSPResponseStatus ::= ENUMERATED {
|
|
Packit Service |
4684c1 |
successful (0), --Response has valid confirmations
|
|
Packit Service |
4684c1 |
malformedRequest (1), --Illegal confirmation request
|
|
Packit Service |
4684c1 |
internalError (2), --Internal error in issuer
|
|
Packit Service |
4684c1 |
tryLater (3), --Try again later
|
|
Packit Service |
4684c1 |
--(4) is not used
|
|
Packit Service |
4684c1 |
sigRequired (5), --Must sign the request
|
|
Packit Service |
4684c1 |
unauthorized (6) --Request unauthorized
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
ResponseBytes ::= SEQUENCE {
|
|
Packit Service |
4684c1 |
responseType OBJECT IDENTIFIER,
|
|
Packit Service |
4684c1 |
response OCTET STRING }
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
BasicOCSPResponse ::= SEQUENCE {
|
|
Packit Service |
4684c1 |
tbsResponseData ResponseData,
|
|
Packit Service |
4684c1 |
signatureAlgorithm AlgorithmIdentifier,
|
|
Packit Service |
4684c1 |
signature BIT STRING,
|
|
Packit Service |
4684c1 |
certs [0] EXPLICIT SEQUENCE OF Certificate OPTIONAL }
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
ResponseData ::= SEQUENCE {
|
|
Packit Service |
4684c1 |
version [0] EXPLICIT INTEGER DEFAULT 0,
|
|
Packit Service |
4684c1 |
responderID ResponderID,
|
|
Packit Service |
4684c1 |
producedAt GeneralizedTime,
|
|
Packit Service |
4684c1 |
responses SEQUENCE OF SingleResponse,
|
|
Packit Service |
4684c1 |
responseExtensions [1] EXPLICIT Extensions OPTIONAL }
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
ResponderID ::= CHOICE {
|
|
Packit Service |
4684c1 |
-- Changed to work with the libtasn1 parser.
|
|
Packit Service |
4684c1 |
byName [1] EXPLICIT SEQUENCE OF RelativeDistinguishedName, --Name
|
|
Packit Service |
4684c1 |
byKey [2] EXPLICIT OCTET STRING --SHA-1 hash of responder's public key
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
SingleResponse ::= SEQUENCE {
|
|
Packit Service |
4684c1 |
certID CertID,
|
|
Packit Service |
4684c1 |
certStatus CertStatus,
|
|
Packit Service |
4684c1 |
thisUpdate GeneralizedTime,
|
|
Packit Service |
4684c1 |
nextUpdate [0] EXPLICIT GeneralizedTime OPTIONAL,
|
|
Packit Service |
4684c1 |
singleExtensions [1] EXPLICIT Extensions OPTIONAL }
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
CertStatus ::= CHOICE {
|
|
Packit Service |
4684c1 |
good [0] IMPLICIT NULL,
|
|
Packit Service |
4684c1 |
revoked [1] IMPLICIT RevokedInfo,
|
|
Packit Service |
4684c1 |
unknown [2] IMPLICIT UnknownInfo }
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
RevokedInfo ::= SEQUENCE {
|
|
Packit Service |
4684c1 |
revocationTime GeneralizedTime,
|
|
Packit Service |
4684c1 |
revocationReason [0] EXPLICIT ENUMERATED { unspecified(0) } OPTIONAL }
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
UnknownInfo ::= NULL -- this can be replaced with an enumeration
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
-- rfc5280
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
NameConstraints ::= SEQUENCE {
|
|
Packit Service |
4684c1 |
permittedSubtrees [0] GeneralSubtrees OPTIONAL,
|
|
Packit Service |
4684c1 |
excludedSubtrees [1] GeneralSubtrees OPTIONAL }
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
GeneralSubtrees ::= SEQUENCE SIZE (1..MAX) OF GeneralSubtree
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
GeneralSubtree ::= SEQUENCE {
|
|
Packit Service |
4684c1 |
base GeneralName,
|
|
Packit Service |
4684c1 |
minimum [0] INTEGER DEFAULT 0,
|
|
Packit Service |
4684c1 |
maximum [1] INTEGER OPTIONAL }
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
-- rfc7633
|
|
Packit Service |
4684c1 |
TlsFeatures ::= SEQUENCE OF INTEGER
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
END
|