|
Packit Service |
3749ba |
|
|
Packit Service |
3749ba |
PKIX1 { }
|
|
Packit Service |
3749ba |
|
|
Packit Service |
3749ba |
DEFINITIONS IMPLICIT TAGS ::=
|
|
Packit Service |
3749ba |
|
|
Packit Service |
3749ba |
BEGIN
|
|
Packit Service |
3749ba |
|
|
Packit Service |
3749ba |
-- This contains both PKIX1Implicit88 and RFC2630 ASN.1 modules.
|
|
Packit Service |
3749ba |
|
|
Packit Service |
3749ba |
id-pkix OBJECT IDENTIFIER ::=
|
|
Packit Service |
3749ba |
{ iso(1) identified-organization(3) dod(6) internet(1)
|
|
Packit Service |
3749ba |
security(5) mechanisms(5) pkix(7) }
|
|
Packit Service |
3749ba |
|
|
Packit Service |
3749ba |
-- ISO arc for standard certificate and CRL extensions
|
|
Packit Service |
3749ba |
|
|
Packit Service |
3749ba |
-- authority key identifier OID and syntax
|
|
Packit Service |
3749ba |
|
|
Packit Service |
3749ba |
AuthorityKeyIdentifier ::= SEQUENCE {
|
|
Packit Service |
3749ba |
keyIdentifier [0] KeyIdentifier OPTIONAL,
|
|
Packit Service |
3749ba |
authorityCertIssuer [1] GeneralNames OPTIONAL,
|
|
Packit Service |
3749ba |
authorityCertSerialNumber [2] CertificateSerialNumber OPTIONAL }
|
|
Packit Service |
3749ba |
-- authorityCertIssuer and authorityCertSerialNumber shall both
|
|
Packit Service |
3749ba |
-- be present or both be absgent
|
|
Packit Service |
3749ba |
|
|
Packit Service |
3749ba |
KeyIdentifier ::= OCTET STRING
|
|
Packit Service |
3749ba |
|
|
Packit Service |
3749ba |
-- subject key identifier OID and syntax
|
|
Packit Service |
3749ba |
|
|
Packit Service |
3749ba |
SubjectKeyIdentifier ::= KeyIdentifier
|
|
Packit Service |
3749ba |
|
|
Packit Service |
3749ba |
-- key usage extension OID and syntax
|
|
Packit Service |
3749ba |
|
|
Packit Service |
3749ba |
KeyUsage ::= BIT STRING
|
|
Packit Service |
3749ba |
|
|
Packit Service |
3749ba |
-- Directory string type --
|
|
Packit Service |
3749ba |
|
|
Packit Service |
3749ba |
DirectoryString ::= CHOICE {
|
|
Packit Service |
3749ba |
teletexString TeletexString (SIZE (1..MAX)),
|
|
Packit Service |
3749ba |
printableString PrintableString (SIZE (1..MAX)),
|
|
Packit Service |
3749ba |
universalString UniversalString (SIZE (1..MAX)),
|
|
Packit Service |
3749ba |
utf8String UTF8String (SIZE (1..MAX)),
|
|
Packit Service |
3749ba |
bmpString BMPString (SIZE(1..MAX)),
|
|
Packit Service |
3749ba |
-- IA5String is added here to handle old UID encoded as ia5String --
|
|
Packit Service |
3749ba |
-- See tests/userid/ for more information. It shouldn't be here, --
|
|
Packit Service |
3749ba |
-- so if it causes problems, considering dropping it. --
|
|
Packit Service |
3749ba |
ia5String IA5String (SIZE(1..MAX)) }
|
|
Packit Service |
3749ba |
|
|
Packit Service |
3749ba |
SubjectAltName ::= GeneralNames
|
|
Packit Service |
3749ba |
|
|
Packit Service |
3749ba |
GeneralNames ::= SEQUENCE SIZE (1..MAX) OF GeneralName
|
|
Packit Service |
3749ba |
|
|
Packit Service |
3749ba |
GeneralName ::= CHOICE {
|
|
Packit Service |
3749ba |
otherName [0] AnotherName,
|
|
Packit Service |
3749ba |
rfc822Name [1] IA5String,
|
|
Packit Service |
3749ba |
dNSName [2] IA5String,
|
|
Packit Service |
3749ba |
x400Address [3] ANY,
|
|
Packit Service |
3749ba |
-- Changed to work with the libtasn1 parser.
|
|
Packit Service |
3749ba |
directoryName [4] EXPLICIT RDNSequence, --Name,
|
|
Packit Service |
3749ba |
ediPartyName [5] ANY, --EDIPartyName replaced by ANY to save memory
|
|
Packit Service |
3749ba |
uniformResourceIdentifier [6] IA5String,
|
|
Packit Service |
3749ba |
iPAddress [7] OCTET STRING,
|
|
Packit Service |
3749ba |
registeredID [8] OBJECT IDENTIFIER }
|
|
Packit Service |
3749ba |
|
|
Packit Service |
3749ba |
-- AnotherName replaces OTHER-NAME ::= TYPE-IDENTIFIER, as
|
|
Packit Service |
3749ba |
-- TYPE-IDENTIFIER is not supported in the '88 ASN.1 syntax
|
|
Packit Service |
3749ba |
|
|
Packit Service |
3749ba |
AnotherName ::= SEQUENCE {
|
|
Packit Service |
3749ba |
type-id OBJECT IDENTIFIER,
|
|
Packit Service |
3749ba |
value [0] EXPLICIT ANY DEFINED BY type-id }
|
|
Packit Service |
3749ba |
|
|
Packit Service |
3749ba |
-- issuer alternative name extension OID and syntax
|
|
Packit Service |
3749ba |
|
|
Packit Service |
3749ba |
IssuerAltName ::= GeneralNames
|
|
Packit Service |
3749ba |
|
|
Packit Service |
3749ba |
-- basic constraints extension OID and syntax
|
|
Packit Service |
3749ba |
|
|
Packit Service |
3749ba |
BasicConstraints ::= SEQUENCE {
|
|
Packit Service |
3749ba |
cA BOOLEAN DEFAULT FALSE,
|
|
Packit Service |
3749ba |
pathLenConstraint INTEGER (0..MAX) OPTIONAL }
|
|
Packit Service |
3749ba |
|
|
Packit Service |
3749ba |
-- CRL distribution points extension OID and syntax
|
|
Packit Service |
3749ba |
|
|
Packit Service |
3749ba |
CRLDistributionPoints ::= SEQUENCE SIZE (1..MAX) OF DistributionPoint
|
|
Packit Service |
3749ba |
|
|
Packit Service |
3749ba |
DistributionPoint ::= SEQUENCE {
|
|
Packit Service |
3749ba |
distributionPoint [0] EXPLICIT DistributionPointName OPTIONAL,
|
|
Packit Service |
3749ba |
reasons [1] ReasonFlags OPTIONAL,
|
|
Packit Service |
3749ba |
cRLIssuer [2] GeneralNames OPTIONAL
|
|
Packit Service |
3749ba |
}
|
|
Packit Service |
3749ba |
|
|
Packit Service |
3749ba |
DistributionPointName ::= CHOICE {
|
|
Packit Service |
3749ba |
fullName [0] GeneralNames,
|
|
Packit Service |
3749ba |
nameRelativeToCRLIssuer [1] RelativeDistinguishedName
|
|
Packit Service |
3749ba |
}
|
|
Packit Service |
3749ba |
|
|
Packit Service |
3749ba |
ReasonFlags ::= BIT STRING
|
|
Packit Service |
3749ba |
|
|
Packit Service |
3749ba |
-- extended key usage extension OID and syntax
|
|
Packit Service |
3749ba |
|
|
Packit Service |
3749ba |
ExtKeyUsageSyntax ::= SEQUENCE SIZE (1..MAX) OF KeyPurposeId
|
|
Packit Service |
3749ba |
|
|
Packit Service |
3749ba |
KeyPurposeId ::= OBJECT IDENTIFIER
|
|
Packit Service |
3749ba |
|
|
Packit Service |
3749ba |
-- CRL number extension OID and syntax
|
|
Packit Service |
3749ba |
|
|
Packit Service |
3749ba |
CRLNumber ::= INTEGER (0..MAX)
|
|
Packit Service |
3749ba |
|
|
Packit Service |
3749ba |
-- certificate issuer CRL entry extension OID and syntax
|
|
Packit Service |
3749ba |
|
|
Packit Service |
3749ba |
CertificateIssuer ::= GeneralNames
|
|
Packit Service |
3749ba |
|
|
Packit Service |
3749ba |
-- attribute data types --
|
|
Packit Service |
3749ba |
|
|
Packit Service |
3749ba |
Attribute ::= SEQUENCE {
|
|
Packit Service |
3749ba |
type AttributeType,
|
|
Packit Service |
3749ba |
values SET OF AttributeValue
|
|
Packit Service |
3749ba |
-- at least one value is required --
|
|
Packit Service |
3749ba |
}
|
|
Packit Service |
3749ba |
|
|
Packit Service |
3749ba |
AttributeType ::= OBJECT IDENTIFIER
|
|
Packit Service |
3749ba |
|
|
Packit Service |
3749ba |
AttributeValue ::= ANY DEFINED BY type
|
|
Packit Service |
3749ba |
|
|
Packit Service |
3749ba |
AttributeTypeAndValue ::= SEQUENCE {
|
|
Packit Service |
3749ba |
type AttributeType,
|
|
Packit Service |
3749ba |
value AttributeValue }
|
|
Packit Service |
3749ba |
|
|
Packit Service |
3749ba |
-- suggested naming attributes: Definition of the following
|
|
Packit Service |
3749ba |
-- information object set may be augmented to meet local
|
|
Packit Service |
3749ba |
-- requirements. Note that deleting members of the set may
|
|
Packit Service |
3749ba |
-- prevent interoperability with conforming implementations.
|
|
Packit Service |
3749ba |
-- presented in pairs: the AttributeType followed by the
|
|
Packit Service |
3749ba |
-- type definition for the corresponding AttributeValue
|
|
Packit Service |
3749ba |
|
|
Packit Service |
3749ba |
-- Arc for standard naming attributes
|
|
Packit Service |
3749ba |
id-at OBJECT IDENTIFIER ::= {joint-iso-ccitt(2) ds(5) 4}
|
|
Packit Service |
3749ba |
|
|
Packit Service |
3749ba |
-- Attributes of type NameDirectoryString
|
|
Packit Service |
3749ba |
|
|
Packit Service |
3749ba |
-- gnutls: Note that the Object ID (id-at*) is being set just before the
|
|
Packit Service |
3749ba |
-- actual definition. This is done in order for asn1_find_structure_from_oid
|
|
Packit Service |
3749ba |
-- to work (locate structure from OID).
|
|
Packit Service |
3749ba |
-- Maybe this is inefficient and memory consuming. Should we replace with
|
|
Packit Service |
3749ba |
-- a table that maps OIDs to structures?
|
|
Packit Service |
3749ba |
|
|
Packit Service |
3749ba |
PostalAddress ::= SEQUENCE OF DirectoryString
|
|
Packit Service |
3749ba |
|
|
Packit Service |
3749ba |
-- Legacy attributes
|
|
Packit Service |
3749ba |
|
|
Packit Service |
3749ba |
emailAddress AttributeType ::= { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) 9 1 }
|
|
Packit Service |
3749ba |
|
|
Packit Service |
3749ba |
Pkcs9email ::= IA5String (SIZE (1..ub-emailaddress-length))
|
|
Packit Service |
3749ba |
|
|
Packit Service |
3749ba |
-- naming data types --
|
|
Packit Service |
3749ba |
|
|
Packit Service |
3749ba |
Name ::= CHOICE { -- only one possibility for now --
|
|
Packit Service |
3749ba |
rdnSequence RDNSequence }
|
|
Packit Service |
3749ba |
|
|
Packit Service |
3749ba |
RDNSequence ::= SEQUENCE OF RelativeDistinguishedName
|
|
Packit Service |
3749ba |
|
|
Packit Service |
3749ba |
DistinguishedName ::= RDNSequence
|
|
Packit Service |
3749ba |
|
|
Packit Service |
3749ba |
RelativeDistinguishedName ::=
|
|
Packit Service |
3749ba |
SET SIZE (1 .. MAX) OF AttributeTypeAndValue
|
|
Packit Service |
3749ba |
|
|
Packit Service |
3749ba |
|
|
Packit Service |
3749ba |
|
|
Packit Service |
3749ba |
-- --------------------------------------------------------
|
|
Packit Service |
3749ba |
-- certificate and CRL specific structures begin here
|
|
Packit Service |
3749ba |
-- --------------------------------------------------------
|
|
Packit Service |
3749ba |
|
|
Packit Service |
3749ba |
Certificate ::= SEQUENCE {
|
|
Packit Service |
3749ba |
tbsCertificate TBSCertificate,
|
|
Packit Service |
3749ba |
signatureAlgorithm AlgorithmIdentifier,
|
|
Packit Service |
3749ba |
signature BIT STRING }
|
|
Packit Service |
3749ba |
|
|
Packit Service |
3749ba |
TBSCertificate ::= SEQUENCE {
|
|
Packit Service |
3749ba |
version [0] EXPLICIT Version DEFAULT v1,
|
|
Packit Service |
3749ba |
serialNumber CertificateSerialNumber,
|
|
Packit Service |
3749ba |
signature AlgorithmIdentifier,
|
|
Packit Service |
3749ba |
issuer Name,
|
|
Packit Service |
3749ba |
validity Validity,
|
|
Packit Service |
3749ba |
subject Name,
|
|
Packit Service |
3749ba |
subjectPublicKeyInfo SubjectPublicKeyInfo,
|
|
Packit Service |
3749ba |
issuerUniqueID [1] IMPLICIT UniqueIdentifier OPTIONAL,
|
|
Packit Service |
3749ba |
-- If present, version shall be v2 or v3
|
|
Packit Service |
3749ba |
subjectUniqueID [2] IMPLICIT UniqueIdentifier OPTIONAL,
|
|
Packit Service |
3749ba |
-- If present, version shall be v2 or v3
|
|
Packit Service |
3749ba |
extensions [3] EXPLICIT Extensions OPTIONAL
|
|
Packit Service |
3749ba |
-- If present, version shall be v3 --
|
|
Packit Service |
3749ba |
}
|
|
Packit Service |
3749ba |
|
|
Packit Service |
3749ba |
Version ::= INTEGER { v1(0), v2(1), v3(2) }
|
|
Packit Service |
3749ba |
|
|
Packit Service |
3749ba |
CertificateSerialNumber ::= INTEGER
|
|
Packit Service |
3749ba |
|
|
Packit Service |
3749ba |
Validity ::= SEQUENCE {
|
|
Packit Service |
3749ba |
notBefore Time,
|
|
Packit Service |
3749ba |
notAfter Time }
|
|
Packit Service |
3749ba |
|
|
Packit Service |
3749ba |
Time ::= CHOICE {
|
|
Packit Service |
3749ba |
utcTime UTCTime,
|
|
Packit Service |
3749ba |
generalTime GeneralizedTime }
|
|
Packit Service |
3749ba |
|
|
Packit Service |
3749ba |
UniqueIdentifier ::= BIT STRING
|
|
Packit Service |
3749ba |
|
|
Packit Service |
3749ba |
SubjectPublicKeyInfo ::= SEQUENCE {
|
|
Packit Service |
3749ba |
algorithm AlgorithmIdentifier,
|
|
Packit Service |
3749ba |
subjectPublicKey BIT STRING }
|
|
Packit Service |
3749ba |
|
|
Packit Service |
3749ba |
Extensions ::= SEQUENCE SIZE (1..MAX) OF Extension
|
|
Packit Service |
3749ba |
|
|
Packit Service |
3749ba |
Extension ::= SEQUENCE {
|
|
Packit Service |
3749ba |
extnID OBJECT IDENTIFIER,
|
|
Packit Service |
3749ba |
critical BOOLEAN DEFAULT FALSE,
|
|
Packit Service |
3749ba |
extnValue OCTET STRING }
|
|
Packit Service |
3749ba |
|
|
Packit Service |
3749ba |
|
|
Packit Service |
3749ba |
-- ------------------------------------------
|
|
Packit Service |
3749ba |
-- CRL structures
|
|
Packit Service |
3749ba |
-- ------------------------------------------
|
|
Packit Service |
3749ba |
|
|
Packit Service |
3749ba |
CertificateList ::= SEQUENCE {
|
|
Packit Service |
3749ba |
tbsCertList TBSCertList,
|
|
Packit Service |
3749ba |
signatureAlgorithm AlgorithmIdentifier,
|
|
Packit Service |
3749ba |
signature BIT STRING }
|
|
Packit Service |
3749ba |
|
|
Packit Service |
3749ba |
TBSCertList ::= SEQUENCE {
|
|
Packit Service |
3749ba |
version Version OPTIONAL,
|
|
Packit Service |
3749ba |
-- if present, shall be v2
|
|
Packit Service |
3749ba |
signature AlgorithmIdentifier,
|
|
Packit Service |
3749ba |
issuer Name,
|
|
Packit Service |
3749ba |
thisUpdate Time,
|
|
Packit Service |
3749ba |
nextUpdate Time OPTIONAL,
|
|
Packit Service |
3749ba |
revokedCertificates SEQUENCE OF SEQUENCE {
|
|
Packit Service |
3749ba |
userCertificate CertificateSerialNumber,
|
|
Packit Service |
3749ba |
revocationDate Time,
|
|
Packit Service |
3749ba |
crlEntryExtensions Extensions OPTIONAL
|
|
Packit Service |
3749ba |
-- if present, shall be v2
|
|
Packit Service |
3749ba |
} OPTIONAL,
|
|
Packit Service |
3749ba |
crlExtensions [0] EXPLICIT Extensions OPTIONAL
|
|
Packit Service |
3749ba |
-- if present, shall be v2 --
|
|
Packit Service |
3749ba |
}
|
|
Packit Service |
3749ba |
|
|
Packit Service |
3749ba |
-- Version, Time, CertificateSerialNumber, and Extensions were
|
|
Packit Service |
3749ba |
-- defined earlier for use in the certificate structure
|
|
Packit Service |
3749ba |
|
|
Packit Service |
3749ba |
AlgorithmIdentifier ::= SEQUENCE {
|
|
Packit Service |
3749ba |
algorithm OBJECT IDENTIFIER,
|
|
Packit Service |
3749ba |
parameters ANY DEFINED BY algorithm OPTIONAL }
|
|
Packit Service |
3749ba |
-- contains a value of the type
|
|
Packit Service |
3749ba |
-- registered for use with the
|
|
Packit Service |
3749ba |
-- algorithm object identifier value
|
|
Packit Service |
3749ba |
|
|
Packit Service |
3749ba |
-- Algorithm OIDs and parameter structures
|
|
Packit Service |
3749ba |
|
|
Packit Service |
3749ba |
Dss-Sig-Value ::= SEQUENCE {
|
|
Packit Service |
3749ba |
r INTEGER,
|
|
Packit Service |
3749ba |
s INTEGER
|
|
Packit Service |
3749ba |
}
|
|
Packit Service |
3749ba |
|
|
Packit Service |
3749ba |
DomainParameters ::= SEQUENCE {
|
|
Packit Service |
3749ba |
p INTEGER, -- odd prime, p=jq +1
|
|
Packit Service |
3749ba |
g INTEGER, -- generator, g
|
|
Packit Service |
3749ba |
q INTEGER, -- factor of p-1
|
|
Packit Service |
3749ba |
j INTEGER OPTIONAL, -- subgroup factor, j>= 2
|
|
Packit Service |
3749ba |
validationParms ValidationParms OPTIONAL }
|
|
Packit Service |
3749ba |
|
|
Packit Service |
3749ba |
ValidationParms ::= SEQUENCE {
|
|
Packit Service |
3749ba |
seed BIT STRING,
|
|
Packit Service |
3749ba |
pgenCounter INTEGER }
|
|
Packit Service |
3749ba |
|
|
Packit Service |
3749ba |
Dss-Parms ::= SEQUENCE {
|
|
Packit Service |
3749ba |
p INTEGER,
|
|
Packit Service |
3749ba |
q INTEGER,
|
|
Packit Service |
3749ba |
g INTEGER }
|
|
Packit Service |
3749ba |
|
|
Packit Service |
3749ba |
-- x400 address syntax starts here
|
|
Packit Service |
3749ba |
-- OR Names
|
|
Packit Service |
3749ba |
|
|
Packit Service |
3749ba |
CountryName ::= [APPLICATION 1] CHOICE {
|
|
Packit Service |
3749ba |
x121-dcc-code NumericString
|
|
Packit Service |
3749ba |
(SIZE (ub-country-name-numeric-length)),
|
|
Packit Service |
3749ba |
iso-3166-alpha2-code PrintableString
|
|
Packit Service |
3749ba |
(SIZE (ub-country-name-alpha-length)) }
|
|
Packit Service |
3749ba |
|
|
Packit Service |
3749ba |
OrganizationName ::= PrintableString
|
|
Packit Service |
3749ba |
(SIZE (1..ub-organization-name-length))
|
|
Packit Service |
3749ba |
-- see also teletex-organization-name
|
|
Packit Service |
3749ba |
|
|
Packit Service |
3749ba |
NumericUserIdentifier ::= NumericString
|
|
Packit Service |
3749ba |
(SIZE (1..ub-numeric-user-id-length))
|
|
Packit Service |
3749ba |
|
|
Packit Service |
3749ba |
-- see also teletex-personal-name
|
|
Packit Service |
3749ba |
|
|
Packit Service |
3749ba |
OrganizationalUnitNames ::= SEQUENCE SIZE (1..ub-organizational-units)
|
|
Packit Service |
3749ba |
OF OrganizationalUnitName
|
|
Packit Service |
3749ba |
-- see also teletex-organizational-unit-names
|
|
Packit Service |
3749ba |
|
|
Packit Service |
3749ba |
OrganizationalUnitName ::= PrintableString (SIZE
|
|
Packit Service |
3749ba |
(1..ub-organizational-unit-name-length))
|
|
Packit Service |
3749ba |
|
|
Packit Service |
3749ba |
-- Extension types and attribute values
|
|
Packit Service |
3749ba |
--
|
|
Packit Service |
3749ba |
|
|
Packit Service |
3749ba |
CommonName ::= PrintableString
|
|
Packit Service |
3749ba |
|
|
Packit Service |
3749ba |
-- END of PKIX1Implicit88
|
|
Packit Service |
3749ba |
|
|
Packit Service |
3749ba |
|
|
Packit Service |
3749ba |
-- BEGIN of RFC2630
|
|
Packit Service |
3749ba |
|
|
Packit Service |
3749ba |
-- Cryptographic Message Syntax
|
|
Packit Service |
3749ba |
|
|
Packit Service |
3749ba |
pkcs-7-ContentInfo ::= SEQUENCE {
|
|
Packit Service |
3749ba |
contentType pkcs-7-ContentType,
|
|
Packit Service |
3749ba |
content [0] EXPLICIT ANY DEFINED BY contentType }
|
|
Packit Service |
3749ba |
|
|
Packit Service |
3749ba |
pkcs-7-DigestInfo ::= SEQUENCE {
|
|
Packit Service |
3749ba |
digestAlgorithm pkcs-7-DigestAlgorithmIdentifier,
|
|
Packit Service |
3749ba |
digest pkcs-7-Digest
|
|
Packit Service |
3749ba |
}
|
|
Packit Service |
3749ba |
|
|
Packit Service |
3749ba |
pkcs-7-Digest ::= OCTET STRING
|
|
Packit Service |
3749ba |
|
|
Packit Service |
3749ba |
pkcs-7-ContentType ::= OBJECT IDENTIFIER
|
|
Packit Service |
3749ba |
|
|
Packit Service |
3749ba |
pkcs-7-SignedData ::= SEQUENCE {
|
|
Packit Service |
3749ba |
version pkcs-7-CMSVersion,
|
|
Packit Service |
3749ba |
digestAlgorithms pkcs-7-DigestAlgorithmIdentifiers,
|
|
Packit Service |
3749ba |
encapContentInfo pkcs-7-EncapsulatedContentInfo,
|
|
Packit Service |
3749ba |
certificates [0] IMPLICIT pkcs-7-CertificateSet OPTIONAL,
|
|
Packit Service |
3749ba |
crls [1] IMPLICIT pkcs-7-CertificateRevocationLists OPTIONAL,
|
|
Packit Service |
3749ba |
signerInfos pkcs-7-SignerInfos
|
|
Packit Service |
3749ba |
}
|
|
Packit Service |
3749ba |
|
|
Packit Service |
3749ba |
pkcs-7-CMSVersion ::= INTEGER { v0(0), v1(1), v2(2), v3(3), v4(4) }
|
|
Packit Service |
3749ba |
|
|
Packit Service |
3749ba |
pkcs-7-DigestAlgorithmIdentifiers ::= SET OF pkcs-7-DigestAlgorithmIdentifier
|
|
Packit Service |
3749ba |
|
|
Packit Service |
3749ba |
pkcs-7-DigestAlgorithmIdentifier ::= AlgorithmIdentifier
|
|
Packit Service |
3749ba |
|
|
Packit Service |
3749ba |
pkcs-7-EncapsulatedContentInfo ::= SEQUENCE {
|
|
Packit Service |
3749ba |
eContentType pkcs-7-ContentType,
|
|
Packit Service |
3749ba |
eContent [0] EXPLICIT OCTET STRING OPTIONAL }
|
|
Packit Service |
3749ba |
|
|
Packit Service |
3749ba |
-- We don't use CertificateList here since we only want
|
|
Packit Service |
3749ba |
-- to read the raw data.
|
|
Packit Service |
3749ba |
pkcs-7-CertificateRevocationLists ::= SET OF ANY
|
|
Packit Service |
3749ba |
|
|
Packit Service |
3749ba |
pkcs-7-CertificateChoices ::= CHOICE {
|
|
Packit Service |
3749ba |
-- Although the paper uses Certificate type, we
|
|
Packit Service |
3749ba |
-- don't use it since, we don't need to parse it.
|
|
Packit Service |
3749ba |
-- We only need to read and store it.
|
|
Packit Service |
3749ba |
certificate ANY
|
|
Packit Service |
3749ba |
}
|
|
Packit Service |
3749ba |
|
|
Packit Service |
3749ba |
pkcs-7-CertificateSet ::= SET OF pkcs-7-CertificateChoices
|
|
Packit Service |
3749ba |
|
|
Packit Service |
3749ba |
pkcs-7-SignerInfos ::= SET OF ANY -- this is not correct but we don't use it
|
|
Packit Service |
3749ba |
-- anyway
|
|
Packit Service |
3749ba |
|
|
Packit Service |
3749ba |
|
|
Packit Service |
3749ba |
-- BEGIN of RFC2986
|
|
Packit Service |
3749ba |
|
|
Packit Service |
3749ba |
-- Certificate requests
|
|
Packit Service |
3749ba |
pkcs-10-CertificationRequestInfo ::= SEQUENCE {
|
|
Packit Service |
3749ba |
version INTEGER { v1(0) },
|
|
Packit Service |
3749ba |
subject Name,
|
|
Packit Service |
3749ba |
subjectPKInfo SubjectPublicKeyInfo,
|
|
Packit Service |
3749ba |
attributes [0] Attributes
|
|
Packit Service |
3749ba |
}
|
|
Packit Service |
3749ba |
|
|
Packit Service |
3749ba |
Attributes ::= SET OF Attribute
|
|
Packit Service |
3749ba |
|
|
Packit Service |
3749ba |
pkcs-10-CertificationRequest ::= SEQUENCE {
|
|
Packit Service |
3749ba |
certificationRequestInfo pkcs-10-CertificationRequestInfo,
|
|
Packit Service |
3749ba |
signatureAlgorithm AlgorithmIdentifier,
|
|
Packit Service |
3749ba |
signature BIT STRING
|
|
Packit Service |
3749ba |
}
|
|
Packit Service |
3749ba |
|
|
Packit Service |
3749ba |
-- stuff from PKCS#9
|
|
Packit Service |
3749ba |
|
|
Packit Service |
3749ba |
pkcs-9-at-challengePassword OBJECT IDENTIFIER ::= {iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) 9 7}
|
|
Packit Service |
3749ba |
|
|
Packit Service |
3749ba |
pkcs-9-challengePassword ::= CHOICE {
|
|
Packit Service |
3749ba |
printableString PrintableString,
|
|
Packit Service |
3749ba |
utf8String UTF8String }
|
|
Packit Service |
3749ba |
|
|
Packit Service |
3749ba |
pkcs-9-localKeyId ::= OCTET STRING
|
|
Packit Service |
3749ba |
|
|
Packit Service |
3749ba |
-- PKCS #8 stuff
|
|
Packit Service |
3749ba |
|
|
Packit Service |
3749ba |
-- Private-key information syntax
|
|
Packit Service |
3749ba |
|
|
Packit Service |
3749ba |
pkcs-8-PrivateKeyInfo ::= SEQUENCE {
|
|
Packit Service |
3749ba |
version pkcs-8-Version,
|
|
Packit Service |
3749ba |
privateKeyAlgorithm AlgorithmIdentifier,
|
|
Packit Service |
3749ba |
privateKey pkcs-8-PrivateKey,
|
|
Packit Service |
3749ba |
attributes [0] Attributes OPTIONAL }
|
|
Packit Service |
3749ba |
|
|
Packit Service |
3749ba |
pkcs-8-Version ::= INTEGER {v1(0)}
|
|
Packit Service |
3749ba |
|
|
Packit Service |
3749ba |
pkcs-8-PrivateKey ::= OCTET STRING
|
|
Packit Service |
3749ba |
|
|
Packit Service |
3749ba |
pkcs-8-Attributes ::= SET OF Attribute
|
|
Packit Service |
3749ba |
|
|
Packit Service |
3749ba |
-- Encrypted private-key information syntax
|
|
Packit Service |
3749ba |
|
|
Packit Service |
3749ba |
pkcs-8-EncryptedPrivateKeyInfo ::= SEQUENCE {
|
|
Packit Service |
3749ba |
encryptionAlgorithm AlgorithmIdentifier,
|
|
Packit Service |
3749ba |
encryptedData pkcs-8-EncryptedData
|
|
Packit Service |
3749ba |
}
|
|
Packit Service |
3749ba |
|
|
Packit Service |
3749ba |
pkcs-8-EncryptedData ::= OCTET STRING
|
|
Packit Service |
3749ba |
|
|
Packit Service |
3749ba |
-- PKCS #5 stuff
|
|
Packit Service |
3749ba |
|
|
Packit Service |
3749ba |
pkcs-5-des-EDE3-CBC-params ::= OCTET STRING (SIZE(8))
|
|
Packit Service |
3749ba |
pkcs-5-aes128-CBC-params ::= OCTET STRING (SIZE(16))
|
|
Packit Service |
3749ba |
pkcs-5-aes192-CBC-params ::= OCTET STRING (SIZE(16))
|
|
Packit Service |
3749ba |
pkcs-5-aes256-CBC-params ::= OCTET STRING (SIZE(16))
|
|
Packit Service |
3749ba |
|
|
Packit Service |
3749ba |
pkcs-5-PBES2-params ::= SEQUENCE {
|
|
Packit Service |
3749ba |
keyDerivationFunc AlgorithmIdentifier,
|
|
Packit Service |
3749ba |
encryptionScheme AlgorithmIdentifier }
|
|
Packit Service |
3749ba |
|
|
Packit Service |
3749ba |
-- PBKDF2
|
|
Packit Service |
3749ba |
|
|
Packit Service |
3749ba |
-- pkcs-5-algid-hmacWithSHA1 AlgorithmIdentifier ::=
|
|
Packit Service |
3749ba |
-- {algorithm pkcs-5-id-hmacWithSHA1, parameters NULL : NULL}
|
|
Packit Service |
3749ba |
|
|
Packit Service |
3749ba |
pkcs-5-PBKDF2-params ::= SEQUENCE {
|
|
Packit Service |
3749ba |
salt CHOICE {
|
|
Packit Service |
3749ba |
specified OCTET STRING,
|
|
Packit Service |
3749ba |
otherSource AlgorithmIdentifier
|
|
Packit Service |
3749ba |
},
|
|
Packit Service |
3749ba |
iterationCount INTEGER (1..MAX),
|
|
Packit Service |
3749ba |
keyLength INTEGER (1..MAX) OPTIONAL,
|
|
Packit Service |
3749ba |
prf AlgorithmIdentifier OPTIONAL -- DEFAULT pkcs-5-id-hmacWithSHA1
|
|
Packit Service |
3749ba |
}
|
|
Packit Service |
3749ba |
|
|
Packit Service |
3749ba |
-- PKCS #12 stuff
|
|
Packit Service |
3749ba |
|
|
Packit Service |
3749ba |
pkcs-12-PFX ::= SEQUENCE {
|
|
Packit Service |
3749ba |
version INTEGER {v3(3)},
|
|
Packit Service |
3749ba |
authSafe pkcs-7-ContentInfo,
|
|
Packit Service |
3749ba |
macData pkcs-12-MacData OPTIONAL
|
|
Packit Service |
3749ba |
}
|
|
Packit Service |
3749ba |
|
|
Packit Service |
3749ba |
pkcs-12-PbeParams ::= SEQUENCE {
|
|
Packit Service |
3749ba |
salt OCTET STRING,
|
|
Packit Service |
3749ba |
iterations INTEGER
|
|
Packit Service |
3749ba |
}
|
|
Packit Service |
3749ba |
|
|
Packit Service |
3749ba |
pkcs-12-MacData ::= SEQUENCE {
|
|
Packit Service |
3749ba |
mac pkcs-7-DigestInfo,
|
|
Packit Service |
3749ba |
macSalt OCTET STRING,
|
|
Packit Service |
3749ba |
iterations INTEGER DEFAULT 1
|
|
Packit Service |
3749ba |
-- Note: The default is for historical reasons and its use is
|
|
Packit Service |
3749ba |
-- deprecated. A higher value, like 1024 is recommended.
|
|
Packit Service |
3749ba |
}
|
|
Packit Service |
3749ba |
|
|
Packit Service |
3749ba |
pkcs-12-AuthenticatedSafe ::= SEQUENCE OF pkcs-7-ContentInfo
|
|
Packit Service |
3749ba |
-- Data if unencrypted
|
|
Packit Service |
3749ba |
-- EncryptedData if password-encrypted
|
|
Packit Service |
3749ba |
-- EnvelopedData if public key-encrypted
|
|
Packit Service |
3749ba |
|
|
Packit Service |
3749ba |
pkcs-12-SafeContents ::= SEQUENCE OF pkcs-12-SafeBag
|
|
Packit Service |
3749ba |
|
|
Packit Service |
3749ba |
pkcs-12-SafeBag ::= SEQUENCE {
|
|
Packit Service |
3749ba |
bagId OBJECT IDENTIFIER,
|
|
Packit Service |
3749ba |
bagValue [0] EXPLICIT ANY DEFINED BY badId,
|
|
Packit Service |
3749ba |
bagAttributes SET OF pkcs-12-PKCS12Attribute OPTIONAL
|
|
Packit Service |
3749ba |
}
|
|
Packit Service |
3749ba |
|
|
Packit Service |
3749ba |
-- Bag types
|
|
Packit Service |
3749ba |
|
|
Packit Service |
3749ba |
pkcs-12-KeyBag ::= pkcs-8-PrivateKeyInfo
|
|
Packit Service |
3749ba |
|
|
Packit Service |
3749ba |
-- Shrouded KeyBag
|
|
Packit Service |
3749ba |
|
|
Packit Service |
3749ba |
pkcs-12-PKCS8ShroudedKeyBag ::= pkcs-8-EncryptedPrivateKeyInfo
|
|
Packit Service |
3749ba |
|
|
Packit Service |
3749ba |
-- CertBag
|
|
Packit Service |
3749ba |
|
|
Packit Service |
3749ba |
pkcs-12-CertBag ::= SEQUENCE {
|
|
Packit Service |
3749ba |
certId OBJECT IDENTIFIER,
|
|
Packit Service |
3749ba |
certValue [0] EXPLICIT ANY DEFINED BY certId
|
|
Packit Service |
3749ba |
}
|
|
Packit Service |
3749ba |
|
|
Packit Service |
3749ba |
-- x509Certificate BAG-TYPE ::= {OCTET STRING IDENTIFIED BY {pkcs-9-certTypes 1}}
|
|
Packit Service |
3749ba |
-- DER-encoded X.509 certificate stored in OCTET STRING
|
|
Packit Service |
3749ba |
|
|
Packit Service |
3749ba |
pkcs-12-CRLBag ::= SEQUENCE {
|
|
Packit Service |
3749ba |
crlId OBJECT IDENTIFIER,
|
|
Packit Service |
3749ba |
crlValue [0] EXPLICIT ANY DEFINED BY crlId
|
|
Packit Service |
3749ba |
}
|
|
Packit Service |
3749ba |
|
|
Packit Service |
3749ba |
pkcs-12-SecretBag ::= SEQUENCE {
|
|
Packit Service |
3749ba |
secretTypeId OBJECT IDENTIFIER,
|
|
Packit Service |
3749ba |
secretValue [0] EXPLICIT ANY DEFINED BY secretTypeId
|
|
Packit Service |
3749ba |
}
|
|
Packit Service |
3749ba |
|
|
Packit Service |
3749ba |
-- x509CRL BAG-TYPE ::= {OCTET STRING IDENTIFIED BY {pkcs-9-crlTypes 1}}
|
|
Packit Service |
3749ba |
-- DER-encoded X.509 CRL stored in OCTET STRING
|
|
Packit Service |
3749ba |
|
|
Packit Service |
3749ba |
pkcs-12-PKCS12Attribute ::= Attribute
|
|
Packit Service |
3749ba |
|
|
Packit Service |
3749ba |
-- PKCS #7 stuff (needed in PKCS 12)
|
|
Packit Service |
3749ba |
|
|
Packit Service |
3749ba |
pkcs-7-Data ::= OCTET STRING
|
|
Packit Service |
3749ba |
|
|
Packit Service |
3749ba |
pkcs-7-EncryptedData ::= SEQUENCE {
|
|
Packit Service |
3749ba |
version pkcs-7-CMSVersion,
|
|
Packit Service |
3749ba |
encryptedContentInfo pkcs-7-EncryptedContentInfo,
|
|
Packit Service |
3749ba |
unprotectedAttrs [1] IMPLICIT pkcs-7-UnprotectedAttributes OPTIONAL }
|
|
Packit Service |
3749ba |
|
|
Packit Service |
3749ba |
pkcs-7-EncryptedContentInfo ::= SEQUENCE {
|
|
Packit Service |
3749ba |
contentType pkcs-7-ContentType,
|
|
Packit Service |
3749ba |
contentEncryptionAlgorithm pkcs-7-ContentEncryptionAlgorithmIdentifier,
|
|
Packit Service |
3749ba |
encryptedContent [0] IMPLICIT pkcs-7-EncryptedContent OPTIONAL }
|
|
Packit Service |
3749ba |
|
|
Packit Service |
3749ba |
pkcs-7-ContentEncryptionAlgorithmIdentifier ::= AlgorithmIdentifier
|
|
Packit Service |
3749ba |
|
|
Packit Service |
3749ba |
pkcs-7-EncryptedContent ::= OCTET STRING
|
|
Packit Service |
3749ba |
|
|
Packit Service |
3749ba |
pkcs-7-UnprotectedAttributes ::= SET SIZE (1..MAX) OF Attribute
|
|
Packit Service |
3749ba |
|
|
Packit Service |
3749ba |
-- rfc3820
|
|
Packit Service |
3749ba |
|
|
Packit Service |
3749ba |
ProxyCertInfo ::= SEQUENCE {
|
|
Packit Service |
3749ba |
pCPathLenConstraint INTEGER (0..MAX) OPTIONAL,
|
|
Packit Service |
3749ba |
proxyPolicy ProxyPolicy }
|
|
Packit Service |
3749ba |
|
|
Packit Service |
3749ba |
ProxyPolicy ::= SEQUENCE {
|
|
Packit Service |
3749ba |
policyLanguage OBJECT IDENTIFIER,
|
|
Packit Service |
3749ba |
policy OCTET STRING OPTIONAL }
|
|
Packit Service |
3749ba |
|
|
Packit Service |
3749ba |
END
|