All Classes and Interfaces
Class
Description
Some other information of non-restrictive nature regarding the usage of this
certificate.
An Admissions structure.
Attribute to indicate admissions to certain professions.
AesCcmCiphertext ::= SEQUENCE {
nonce OCTET STRING (SIZE (12))
ccmCiphertext Opaque -- 16 bytes longer than plaintext
}
Implementation of the Archive Timestamp type defined in RFC4998.
Implementation of ArchiveTimeStampChain type, as defined in RFC4998 and RFC6283.
Implementation of ArchiveTimeStampSequence type, as defined in RFC4998.
RFC 5652:
Attribute is a pair of OID (as type identifier) + set of values.
RFC 5652 defines
5 "SET OF Attribute" entities with 5 different names.
This is helper tool to construct
Attributes
sets.
AttrOrOID ::= CHOICE (oid OBJECT IDENTIFIER, attribute Attribute }
RFC 5652 section 9.1:
The AuthenticatedData carries AuthAttributes and other data
which define what really is being signed.
Parse
AuthenticatedData
stream.RFC 5083:
CMS AuthEnveloped Data object.
Parse
AuthEnvelopedData
input stream.BasePublicEncryptionKey ::= CHOICE {
eciesNistP256 EccP256CurvePoint,
eciesBrainpoolP256r1 EccP256CurvePoint,
...
}
BitmapSspRange ::= SEQUENCE {
sspValue OCTET STRING (SIZE(1..32)),
sspBitmask OCTET STRING (SIZE(1..32))
}
bodyIdMax INTEGER ::= 4294967295
BodyPartID ::= INTEGER(0..bodyIdMax)
BodyPartList ::= SEQUENCE SIZE (1..MAX) OF BodyPartID
BodyPartPath ::= SEQUENCE SIZE (1..MAX) OF BodyPartID
BodyPartReference ::= CHOICE {
bodyPartID BodyPartID,
bodyPartPath BodyPartPath
}
See https://www.bsi.bund.de/cae/servlet/contentblob/471398/publicationFile/30615/BSI-TR-03111_pdf.pdf
RFC 5084: CCMParameters object.
CertEtcToken ::= CHOICE {
certificate [0] IMPLICIT Certificate ,
esscertid [1] ESSCertId ,
pkistatus [2] IMPLICIT PKIStatusInfo ,
assertion [3] ContentInfo ,
crl [4] IMPLICIT CertificateList,
ocspcertstatus [5] CertStatus,
oscpcertid [6] IMPLICIT CertId ,
oscpresponse [7] IMPLICIT OCSPResponse,
capabilities [8] SMIMECapabilities,
extension Extension
}
ISIS-MTT PROFILE: The responder may include this extension in a response to
send the hash of the requested certificate to the responder.
Certificate ::= CertificateBase (ImplicitCertificate | ExplicitCertificate)
CertificateBase ::= SEQUENCE {
version Uint8(3),
type CertificateType,
issuer IssuerIdentifier,
toBeSigned ToBeSignedCertificate,
signature Signature OPTIONAL
}
an Iso7816CertificateBody structure.
an Iso7816CertificateHolderAuthorization structure.
CertificateId ::= CHOICE {
linkageData LinkageData,
name Hostname,
binaryId OCTET STRING(SIZE(1..64)),
none NULL,
...
}
CertificateType ::= ENUMERATED {
explicit,
implicit,
...
}
CertificationRequest ::= SEQUENCE {
certificationRequestInfo SEQUENCE {
version INTEGER,
subject Name,
subjectPublicKeyInfo SEQUENCE {
algorithm AlgorithmIdentifier,
subjectPublicKey BIT STRING },
attributes [0] IMPLICIT SET OF Attribute },
signatureAlgorithm AlgorithmIdentifier,
signature BIT STRING
}
CertifiedKeyPair ::= SEQUENCE {
certOrEncCert CertOrEncCert,
privateKey [0] EncryptedKey OPTIONAL,
-- see [CRMF] for comment on encoding
publicationInfo [1] PKIPublicationInfo OPTIONAL
}
CircularRegion ::= SEQUENCE {
center TwoDLocation,
radius Uint16
}
CMCFailInfo ::= INTEGER {
badAlg (0),
badMessageCheck (1),
badRequest (2),
badTime (3),
badCertId (4),
unsupportedExt (5),
mustArchiveKeys (6),
badIdentity (7),
popRequired (8),
popFailed (9),
noKeyReuse (10),
internalCAError (11),
tryLater (12),
authDataFail (13)
}
Object Identifiers from RFC 5272
CMCPublicationInfo ::= SEQUENCE {
hashAlg AlgorithmIdentifier,
certHashes SEQUENCE OF OCTET STRING,
pubInfo PKIPublicationInfo
}
CMCStatus ::= INTEGER {
success (0),
failed (2),
pending (3),
noSupport (4),
confirmRequired (5),
popRequired (6),
partial (7)
}
-- Used to return status state in a response
id-cmc-statusInfo OBJECT IDENTIFIER ::= {id-cmc 1}
CMCStatusInfo ::= SEQUENCE {
cMCStatus CMCStatus,
bodyList SEQUENCE SIZE (1..MAX) OF BodyPartID,
statusString UTF8String OPTIONAL,
otherInfo CHOICE {
failInfo CMCFailInfo,
pendInfo PendInfo } OPTIONAL
}
Other info implements the choice component of CMCStatusInfo.
-- Replaces CMC Status Info
--
id-cmc-statusInfoV2 OBJECT IDENTIFIER ::= {id-cmc 25}
CMCStatusInfoV2 ::= SEQUENCE {
cMCStatus CMCStatus,
bodyList SEQUENCE SIZE (1..MAX) OF BodyPartReference,
statusString UTF8String OPTIONAL,
otherStatusInfo OtherStatusInfo OPTIONAL
}
OtherStatusInfo ::= CHOICE {
failInfo CMCFailInfo,
pendInfo PendInfo,
extendedFailInfo ExtendedFailInfo
}
PendInfo ::= SEQUENCE {
pendToken OCTET STRING,
pendTime GeneralizedTime
}
ExtendedFailInfo ::= SEQUENCE {
failInfoOID OBJECT IDENTIFIER,
failInfoValue ANY DEFINED BY failInfoOID
}
id-aa-cmc-unsignedData OBJECT IDENTIFIER ::= {id-aa 34}
CMCUnsignedData ::= SEQUENCE {
bodyPartPath BodyPartPath,
identifier OBJECT IDENTIFIER,
content ANY DEFINED BY identifier
}
From RFC 6211
Commitment type qualifiers, used in the Commitment-Type-Indication attribute (RFC3126).
CompleteRevocationRefs ::= SEQUENCE OF CrlOcspRef
RFC 3274: CMS Compressed Data.
Parser of RFC 3274
CompressedData
object.RFC 5652
ContentInfo
object parser.ContributedExtensionBlock ::= SEQUENCE {
contributorId IEEE1609DOT2-HEADERINFO-CONTRIBUTED-EXTENSION.
-- Inform follow on servers that one or more controls have already been
-- processed
id-cmc-controlProcessed OBJECT IDENTIFIER ::= {id-cmc 32}
ControlsProcessed ::= SEQUENCE {
bodyList SEQUENCE SIZE(1..MAX) OF BodyPartReference
}
Countersignature ::= Ieee1609Dot2Data (WITH COMPONENTS {...,
content (WITH COMPONENTS {...,
signedData (WITH COMPONENTS {...,
tbsData (WITH COMPONENTS {...,
payload (WITH COMPONENTS {...,
data ABSENT,
extDataHash PRESENT
}),
headerInfo(WITH COMPONENTS {...,
generationTime PRESENT,
expiryTime ABSENT,
generationLocation ABSENT,
p2pcdLearningRequest ABSENT,
missingCrlIdentifier ABSENT,
encryptionKey ABSENT
})
})
})
})
})
CountryAndRegions ::= SEQUENCE {
countryOnly CountryOnly,
regions SequenceOfUint8
}
CrlIdentifier ::= SEQUENCE
{
crlissuer Name,
crlIssuedTime UTCTime,
crlNumber INTEGER OPTIONAL
}
CRLListID ::= SEQUENCE {
crls SEQUENCE OF CrlValidatedID }
CrlOcspRef ::= SEQUENCE {
crlids [0] CRLListID OPTIONAL,
ocspids [1] OcspListID OPTIONAL,
otherRev [2] OtherRevRefs OPTIONAL
}
CrlSeries ::= Uint16
CrlValidatedID ::= SEQUENCE {
crlHash OtherHash,
crlIdentifier CrlIdentifier OPTIONAL }
Implementation of the CryptoInfos element defined in RFC 4998:
The CscaMasterList object.
CsrAttrs ::= SEQUENCE SIZE (0..MAX) OF AttrOrOID
an iso7816Certificate structure.
Data ::= CHOICE {
message OCTET STRING ,
messageImprint DigestInfo,
certs [0] SEQUENCE SIZE (1..MAX) OF
TargetEtcChain
}
The DataGroupHash object.
A declaration of majority.
id-cmc-decryptedPOP OBJECT IDENTIFIER ::= {id-cmc 10}
DecryptedPOP ::= SEQUENCE {
bodyPartID BodyPartID,
thePOPAlgID AlgorithmIdentifier,
thePOP OCTET STRING
}
From RFC 2875 for Diffie-Hellman POP.
RFC 5652 DigestedData object.
Duration ::= CHOICE {
microseconds Uint16,
milliseconds Uint16,
seconds Uint16,
minutes Uint16,
hours Uint16,
sixtyHours Uint16,
years Uint16
}
DVCSCertInfo::= SEQUENCE {
version Integer DEFAULT 1 ,
dvReqInfo DVCSRequestInformation,
messageImprint DigestInfo,
serialNumber Integer,
responseTime DVCSTime,
dvStatus [0] PKIStatusInfo OPTIONAL,
policy [1] PolicyInformation OPTIONAL,
reqSignature [2] SignerInfos OPTIONAL,
certs [3] SEQUENCE SIZE (1..MAX) OF
TargetEtcChain OPTIONAL,
extensions Extensions OPTIONAL
}
DVCSCertInfo::= SEQUENCE {
version Integer DEFAULT 1 ,
dvReqInfo DVCSRequestInformation,
messageImprint DigestInfo,
serialNumber Integer,
responseTime DVCSTime,
dvStatus [0] PKIStatusInfo OPTIONAL,
policy [1] PolicyInformation OPTIONAL,
reqSignature [2] SignerInfos OPTIONAL,
certs [3] SEQUENCE SIZE (1..MAX) OF
TargetEtcChain OPTIONAL,
extensions Extensions OPTIONAL
}
DVCSErrorNotice ::= SEQUENCE {
transactionStatus PKIStatusInfo ,
transactionIdentifier GeneralName OPTIONAL
}
OIDs for RFC 3029
Data Validation and Certification Server Protocols
DVCSRequest ::= SEQUENCE {
requestInformation DVCSRequestInformation,
data Data,
transactionIdentifier GeneralName OPTIONAL
}
DVCSRequestInformation ::= SEQUENCE {
version INTEGER DEFAULT 1 ,
service ServiceType,
nonce Nonce OPTIONAL,
requestTime DVCSTime OPTIONAL,
requester [0] GeneralNames OPTIONAL,
requestPolicy [1] PolicyInformation OPTIONAL,
dvcs [2] GeneralNames OPTIONAL,
dataLocations [3] GeneralNames OPTIONAL,
extensions [4] IMPLICIT Extensions OPTIONAL
}
DVCSRequestInformation ::= SEQUENCE {
version INTEGER DEFAULT 1 ,
service ServiceType,
nonce Nonce OPTIONAL,
requestTime DVCSTime OPTIONAL,
requester [0] GeneralNames OPTIONAL,
requestPolicy [1] PolicyInformation OPTIONAL,
dvcs [2] GeneralNames OPTIONAL,
dataLocations [3] GeneralNames OPTIONAL,
extensions [4] IMPLICIT Extensions OPTIONAL
}
DVCSResponse ::= CHOICE
{
dvCertInfo DVCSCertInfo ,
dvErrorNote [0] DVCSErrorNotice
}
DVCSTime ::= CHOICE {
genTime GeneralizedTime,
timeStampToken ContentInfo
}
German Federal Office for Information Security
(Bundesamt für Sicherheit in der Informationstechnik)
https://www.bsi.bund.de/
ECC-CMS-SharedInfo ::= SEQUENCE {
keyInfo AlgorithmIdentifier,
entityUInfo [0] EXPLICIT OCTET STRING OPTIONAL,
suppPubInfo [2] EXPLICIT OCTET STRING }
Common interface for ITS curve points.
EccP256CurvePoint ::= CHOICE {
x-only OCTET STRING (SIZE (32)),
fill NULL,
compressed-y-0 OCTET STRING (SIZE (32)),
compressed-y-1 OCTET STRING (SIZE (32)),
uncompressedP256 SEQUENCE {
x OCTET STRING (SIZE (32)),
y OCTET STRING (SIZE (32))
}
}
EccP384CurvePoint ::= CHOICE {
x-only OCTET STRING (SIZE (48)),
fill NULL,
compressed-y-0 OCTET STRING (SIZE (48)),
compressed-y-1 OCTET STRING (SIZE (48)),
uncompressedP384 SEQUENCE {
x OCTET STRING (SIZE (48)),
y OCTET STRING (SIZE (48))
}
}
EcdsaP256Signature ::= SEQUENCE {
rSig EccP256CurvePoint,
sSig OCTET STRING (SIZE (32))
}
EcdsaP384Signature ::= SEQUENCE {
rSig EccP384CurvePoint,
sSig OCTET STRING (SIZE (48))
}
an Iso7816ECDSAPublicKeyStructure structure.
RFC 5652 EncryptedContentInfo object.
Parser for RFC 5652 EncryptedContentInfo object.
RFC 5652 EncryptedData object.
EncryptedData ::= SEQUENCE {
recipients SequenceOfRecipientInfo,
ciphertext SymmetricCiphertext
}
EncryptedDataEncryptionKey ::= CHOICE {
eciesNistP256 EciesP256EncryptedKey,
eciesBrainpoolP256r1 EciesP256EncryptedKey,
...
}
id-cmc-encryptedPOP OBJECT IDENTIFIER ::= {id-cmc 9}
EncryptedPOP ::= SEQUENCE {
request TaggedRequest,
cms ContentInfo,
thePOPAlgID AlgorithmIdentifier,
witnessAlgID AlgorithmIdentifier,
witness OCTET STRING
}
Implementation of the EncryptionInfo element defined in RFC 4998:
EndEntityType ::= BIT STRING { app(0), enrol(1) } (SIZE (8)) (ALL EXCEPT ())
RFC 5652 EnvelopedData object.
Parser of RFC 5652
EnvelopedData
object.Ieee1609Dot2HeaderInfoContributedExtensions
IEEE1609DOT2-HEADERINFO-CONTRIBUTED-EXTENSION ::= {
{EtsiOriginatingHeaderInfoExtension IDENTIFIED BY etsiHeaderInfoContributorId},
...
}
RFC 5544:
Binding Documents with Time-Stamps; Evidence object.
RFC 4998:
Evidence Record Syntax (ERS)
ExtendedFailInfo ::= SEQUENCE {
failInfoOID OBJECT IDENTIFIER,
failInfoValue ANY DEFINED BY failInfoOID
}
ExtensionReq ::= SEQUENCE SIZE (1..MAX) OF Extension
RFC 5084: GCMParameters object.
RFC 5990 GenericHybridParameters class.
GeographicRegion ::= CHOICE {
circularRegion CircularRegion,
rectangularRegion SequenceOfRectangularRegion,
polygonalRegion PolygonalRegion,
identifiedRegion SequenceOfIdentifiedRegion,
...
}
id-cmc-getCert OBJECT IDENTIFIER ::= {id-cmc 15}
GetCert ::= SEQUENCE {
issuerName GeneralName,
serialNumber INTEGER }
id-cmc-getCRL OBJECT IDENTIFIER ::= {id-cmc 16}
GetCRL ::= SEQUENCE {
issuerName Name,
cRLName GeneralName OPTIONAL,
time GeneralizedTime OPTIONAL,
reasons ReasonFlags OPTIONAL }
GroupLinkageValue ::= SEQUENCE {
jValue OCTET STRING (SIZE(4))
value OCTET STRING (SIZE(9))
}
CertificateType ::= ENUMERATED {
explicit,
implicit,
...
}
HashedData::= CHOICE {
sha256HashedData OCTET STRING (SIZE(32)),
...,
sha384HashedData OCTET STRING (SIZE(48)),
reserved OCTET STRING (SIZE(32))
}
HeaderInfo ::= SEQUENCE {
psid Psid,
generationTime Time64 OPTIONAL,
expiryTime Time64 OPTIONAL,
generationLocation ThreeDLocation OPTIONAL,
p2pcdLearningRequest HashedId3 OPTIONAL,
missingCrlIdentifier MissingCrlIdentifier OPTIONAL,
...,
inlineP2pcdRequest SequenceOfHashedId3 OPTIONAL,
requestedCertificate Certificate OPTIONAL
}
{ ISOITU(2) intorgs(23) icao(136) }
IdentifiedRegion ::= CHOICE {
countryOnly CountryOnly,
countryAndRegions CountryAndRegions,
countryAndSubregions CountryAndSubregions,
...
}
id-cmc-identityProofV2 OBJECT IDENTIFIER ::= { id-cmc 34 }
identityProofV2 ::= SEQUENCE {
proofAlgID AlgorithmIdentifier,
macAlgId AlgorithmIdentifier,
witness OCTET STRING
}
OER forward definition builders for OER encoded data.
Ieee1609Dot2Content ::= CHOICE {
unsecuredData Opaque,
signedData SignedData,
encryptedData EncryptedData,
signedCertificateRequest Opaque,
...
}
Ieee1609Dot2Data ::= SEQUENCE {
protocolVersion Uint8(3),
content Ieee1609Dot2Content
}
Example InfoTypeAndValue contents include, but are not limited
to, the following (un-comment in this ASN.1 module and use as
appropriate for a given environment):
ISISMT -- Industrial Signature Interoperability Specification
RFC 5652: IssuerAndSerialNumber object.
IssuerIdentifier ::= CHOICE {
sha256AndDigest HashedId8,
self HashAlgorithm,
...,
sha384AndDigest HashedId8
}
IValue ::= Uint16
RFC 5652:
Content encryption key delivery mechanisms.
RFC 5652:
Content encryption key delivery mechanisms.
RFC 5652:
Content encryption key delivery mechanisms.
RFC 5652:
Content encryption key delivery mechanisms.
RFC 5652:
Content encryption key delivery mechanisms.
Latitude ::= NinetyDegreeInt
The LDSSecurityObject object (V1.8).
LinkageData ::= SEQUENCE {
iCert IValue,
linkage-value LinkageValue,
group-linkage-value GroupLinkageValue OPTIONAL
}
LinkageValue ::= OCTET STRING (SIZE(9))
Latitude ::= OneEightyDegreeInt
OneEightyDegreeInt ::= INTEGER {
min (-1799999999),
max (1800000000),
unknown (1800000001)
} (-1799999999..1800000001)
id-cmc-lraPOPWitness OBJECT IDENTIFIER ::= {id-cmc 11}
LraPopWitness ::= SEQUENCE {
pkiDataBodyid BodyPartID,
bodyIds SEQUENCE OF BodyPartID
}
RFC 5544:
Binding Documents with Time-Stamps; MetaData object.
MissingCrlIdentifier ::= SEQUENCE {
cracaId HashedId3,
crlSeries CrlSeries,
...
}
id-cmc-modCertTemplate OBJECT IDENTIFIER ::= {id-cmc 31}
ModCertTemplate ::= SEQUENCE {
pkiDataReference BodyPartPath,
certReferences BodyPartList,
replace BOOLEAN DEFAULT TRUE,
certTemplate CertTemplate
}
Monetary limit for transactions.
RFC 5753/3278: MQVuserKeyingMaterial object.
Names of authorities which are responsible for the administration of title
registers.
NinetyDegreeInt ::= INTEGER {
min (-900000000),
max (900000000),
unknown (900000001)
}
OcspIdentifier ::= SEQUENCE {
ocspResponderID ResponderID, -- As in OCSP response data
producedAt GeneralizedTime -- As in OCSP response data
}
OcspListID ::= SEQUENCE {
ocspResponses SEQUENCE OF OcspResponsesID
}
OcspResponsesID ::= SEQUENCE {
ocspIdentifier OcspIdentifier,
ocspRepHash OtherHash OPTIONAL
}
OER sequence decoder, decodes prefix and determines which optional
parts are available.
A placeholder object that represents an absent item.
NinetyDegreeInt ::= INTEGER {
min (-900000000),
max (900000000),
unknown (900000001)
}
RFC 5652:
Content encryption key delivery mechanisms.
RFC 5652: OriginatorInfo object.
RFC 5652:
Content encryption key delivery mechanisms.
OtherHash ::= CHOICE {
sha1Hash OtherHashValue, -- This contains a SHA-1 hash
otherHash OtherHashAlgAndValue
}
RFC 5652: OtherKeyAttribute object.
OtherMsg ::= SEQUENCE {
bodyPartID BodyPartID,
otherMsgType OBJECT IDENTIFIER,
otherMsgValue ANY DEFINED BY otherMsgType }
RFC 5652:
Content encryption key delivery mechanisms.
RFC 5652: OtherRevocationInfoFormat object.
OtherRevRefs ::= SEQUENCE {
otherRevRefType OtherRevRefType,
otherRevRefs ANY DEFINED BY otherRevRefType
}
OtherRevRefType ::= OBJECT IDENTIFIER
OtherRevVals ::= SEQUENCE {
otherRevValType OtherRevValType,
otherRevVals ANY DEFINED BY OtherRevValType
}
OtherRevValType ::= OBJECT IDENTIFIER
Other info implements the choice component of CMCStatusInfoV2.
EAC encoding date object
Implementation of PartialHashtree, as defined in RFC 4998.
RFC 5652:
Content encryption key delivery mechanisms.
PathProcInput ::= SEQUENCE {
acceptablePolicySet SEQUENCE SIZE (1..MAX) OF
PolicyInformation,
inhibitPolicyMapping BOOLEAN DEFAULT FALSE,
explicitPolicyReqd [0] BOOLEAN DEFAULT FALSE ,
inhibitAnyPolicy [1] BOOLEAN DEFAULT FALSE
}
PendInfo ::= SEQUENCE {
pendToken OCTET STRING,
pendTime GeneralizedTime
}
PKIData ::= SEQUENCE {
controlSequence SEQUENCE SIZE(0..MAX) OF TaggedAttribute,
reqSequence SEQUENCE SIZE(0..MAX) OF TaggedRequest,
cmsSequence SEQUENCE SIZE(0..MAX) OF TaggedContentInfo,
otherMsgSequence SEQUENCE SIZE(0..MAX) OF OtherMsg
}
PKIFailureInfo ::= BIT STRING {
badAlg (0),
-- unrecognized or unsupported Algorithm Identifier
badMessageCheck (1), -- integrity check failed (e.g., signature did not verify)
badRequest (2),
-- transaction not permitted or supported
badTime (3), -- messageTime was not sufficiently close to the system time, as defined by local policy
badCertId (4), -- no certificate could be found matching the provided criteria
badDataFormat (5),
-- the data submitted has the wrong format
wrongAuthority (6), -- the authority indicated in the request is different from the one creating the response token
incorrectData (7), -- the requester's data is incorrect (for notary services)
missingTimeStamp (8), -- when the timestamp is missing but should be there (by policy)
badPOP (9) -- the proof-of-possession failed
certRevoked (10),
certConfirmed (11),
wrongIntegrity (12),
badRecipientNonce (13),
timeNotAvailable (14),
-- the TSA's time source is not available
unacceptedPolicy (15),
-- the requested TSA policy is not supported by the TSA
unacceptedExtension (16),
-- the requested extension is not supported by the TSA
addInfoNotAvailable (17)
-- the additional information requested could not be understood
-- or is not available
badSenderNonce (18),
badCertTemplate (19),
signerNotTrusted (20),
transactionIdInUse (21),
unsupportedVersion (22),
notAuthorized (23),
systemUnavail (24),
systemFailure (25),
-- the request cannot be handled due to system failure
duplicateCertReq (26)
PKIPublicationInfo ::= SEQUENCE {
action INTEGER {
dontPublish (0),
pleasePublish (1) },
pubInfos SEQUENCE SIZE (1..MAX) OF SinglePubInfo OPTIONAL }
-- pubInfos MUST NOT be present if action is "dontPublish"
-- (if action is "pleasePublish" and pubInfos is omitted,
-- "dontCare" is assumed)
-- This defines the response message in the protocol
id-cct-PKIResponse OBJECT IDENTIFIER ::= { id-cct 3 }
ResponseBody ::= PKIResponse
PKIResponse ::= SEQUENCE {
controlSequence SEQUENCE SIZE(0..MAX) OF TaggedAttribute,
cmsSequence SEQUENCE SIZE(0..MAX) OF TaggedContentInfo,
otherMsgSequence SEQUENCE SIZE(0..MAX) OF OtherMsg
}
Password-based MAC value for use with POPOSigningKeyInput.
PKRecipientInfo ::= SEQUENCE {
recipientId HashedId8,
encKey EncryptedDataEncryptionKey
}
SEQUENCE SIZE(3..MAX) OF TwoDLocation
id-cmc-popLinkWitnessV2 OBJECT IDENTIFIER ::= { id-cmc 33 }
PopLinkWitnessV2 ::= SEQUENCE {
keyGenAlgorithm AlgorithmIdentifier,
macAlgorithm AlgorithmIdentifier,
witness OCTET STRING
}
PreSharedKeyRecipientInfo ::= HashedId8
Attribute to indicate that the certificate holder may sign in the name of a
third person.
Professions, specializations, disciplines, fields of activity, etc.
PsidGroupPermissions ::= SEQUENCE {
subjectPermissions SubjectPermissions,
minChainLength INTEGER DEFAULT 1,
chainLengthRange INTEGER DEFAULT 0,
eeType EndEntityType DEFAULT (app)
}
PsidSsp ::= SEQUENCE {
psid Psid,
ssp ServiceSpecificPermissions OPTIONAL
}
PsidSspRange ::= SEQUENCE {
psid Psid,
sspRange SspRange OPTIONAL
}
PublicEncryptionKey ::= SEQUENCE {
supportedSymmAlg SymmAlgorithm,
publicKey BasePublicEncryptionKey
}
PublicVerificationKey ::= CHOICE {
ecdsaNistP256 EccP256CurvePoint,
ecdsaBrainpoolP256r1 EccP256CurvePoint,
...,
ecdsaBrainpoolP384r1 EccP384CurvePoint
}
PublishTrustAnchors ::= SEQUENCE {
seqNumber INTEGER,
hashAlgorithm AlgorithmIdentifier,
anchorHashes SEQUENCE OF OCTET STRING
}
RFC 5652:
Content encryption key delivery mechanisms.
RFC 5652:
Content encryption key delivery mechanisms.
RFC 5652:
Content encryption key delivery mechanisms.
RecipientInfo ::= CHOICE {
pskRecipInfo PreSharedKeyReicpientInfo,
symmRecipInfo SymmRecipientInfo,
certRecipInfo PKRecipientInfo,
signedDataRecipInfo PKRecipientInfo,
rekRecipInfo PKRecipientInfo
}
RFC 5652:
Content encryption key delivery mechanisms.
RectangularRegion ::= SEQUENCE {
northWest TwoDLocation,
southEast TwoDLocation
}
RegionAndSubregions ::= SEQUENCE {
region Uint8,
subregions SequenceOfUint16
}
Marker for Geographic Region types.
ISIS-MTT-Optional: The certificate requested by the client by inserting the
RetrieveIfAllowed extension in the request, will be returned in this
extension.
Some other restriction regarding the usage of this certificate.
RevocationValues ::= SEQUENCE {
crlVals [0] SEQUENCE OF CertificateList OPTIONAL,
ocspVals [1] SEQUENCE OF BasicOCSPResponse OPTIONAL,
otherRevVals [2] OtherRevVals OPTIONAL}
RevokeRequest ::= SEQUENCE {
issuerName Name,
serialNumber INTEGER,
reason CRLReason,
invalidityDate GeneralizedTime OPTIONAL,
passphrase OCTET STRING OPTIONAL,
comment UTF8String OPTIONAL }
RFC 5990 RSA KEM parameters class.
an Iso7816RSAPublicKeyStructure structure.
RFC 5940:
Additional Cryptographic Message Syntax (CMS) Revocation Information Choices.
SequenceOfCertificate ::= SEQUENCE OF Certificate
SequenceOfOctetString ::= SEQUENCE (SIZE(0..MAX)) OF OCTET STRING (SIZE(0..MAX))
SEQUENCE OF PsidGroupPermissions
SequenceOfPsidSsp ::= SEQUENCE OF PsidSsp
SequenceOfRecipientInfo ::= SEQUENCE OF RecipientInfo
SequenceOfRectangularRegion ::= SEQUENCE OF RectangularRegion
ServiceSpecificPermissions ::= CHOICE {
opaque OCTET STRING (SIZE(0..MAX)),
...,
bitmapSsp BitmapSsp
}
ServiceType ::= ENUMERATED { cpd(1), vsd(2), cpkc(3), ccpd(4) }
Signature ::= CHOICE {
ecdsaNistP256Signature EcdsaP256Signature,
ecdsaBrainpoolP256r1Signature EcdsaP256Signature,
...
SignedData ::= SEQUENCE {
hashId HashAlgorithm,
tbsData ToBeSignedData,
signer SignerIdentifier,
signature Signature
}
Parser for RFC 5652:
SignedData
object.
SignedDataPayload ::= SEQUENCE {
data Ieee1609Dot2Data OPTIONAL,
extDataHash HashedData OPTIONAL,
...
}
RFC 5652:
Identify who signed the containing
SignerInfo
object.
SignerIdentifier ::= CHOICE {
digest HashedId8,
certificate SequenceOfCertificate,
self NULL,
...
}
RFC 5652:
Signature container per Signer, see
SignerIdentifier
.Signer-Location attribute (RFC3126).
SinglePubInfo ::= SEQUENCE {
pubMethod INTEGER {
dontCare (0),
x500 (1),
web (2),
ldap (3) },
pubLocation GeneralName OPTIONAL }
Handler class for dealing with S/MIME Capabilities
Handler for creating a vector S/MIME Capabilities
The SMIMEEncryptionKeyPreference object.
SspRange ::= CHOICE {
opaque SequenceOfOctetString,
all NULL,
...
SubjectPermissions ::= CHOICE {
explicit SequenceOfPsidSspRange,
all NULL,
...
}
SymmetricCiphertext ::= CHOICE {
aes128ccm AesCcmCiphertext,
...
}
SymmRecipientInfo ::= SEQUENCE {
recipientId HashedId8,
encKey SymmetricCiphertext
}
TaggedAttribute from RFC5272
TaggedCertificationRequest ::= SEQUENCE {
bodyPartID BodyPartID,
certificationRequest CertificationRequest
}
TaggedContentInfo ::= SEQUENCE {
bodyPartID BodyPartID,
contentInfo ContentInfo
}
TaggedRequest ::= CHOICE {
tcr [0] TaggedCertificationRequest,
crm [1] CertReqMsg,
orm [2] SEQUENCE {
bodyPartID BodyPartID,
requestMessageType OBJECT IDENTIFIER,
requestMessageValue ANY DEFINED BY requestMessageType
}
}
TargetEtcChain ::= SEQUENCE {
target CertEtcToken,
chain SEQUENCE SIZE (1..MAX) OF
CertEtcToken OPTIONAL,
pathProcInput [0] PathProcInput OPTIONAL
}
RFC 5652:
Dual-mode timestamp format producing either UTCTIme or GeneralizedTime.
RFC 5544
Binding Documents with Time-Stamps; TimeStampAndCRL object.
RFC 5544:
Binding Documents with Time-Stamps; TimeStampedData object.
Parser for RFC 5544:
TimeStampedData
object.RFC 5544
Binding Documents with Time-Stamps; TimeStampTokenEvidence object.
ToBeSignedCertificate ::= SEQUENCE {
id CertificateId,
cracaId HashedId3,
crlSeries CrlSeries,
validityPeriod ValidityPeriod,
region GeographicRegion OPTIONAL,
assuranceLevel SubjectAssurance OPTIONAL,
appPermissions SequenceOfPsidSsp OPTIONAL,
certIssuePermissions SequenceOfPsidGroupPermissions OPTIONAL,
certRequestPermissions SequenceOfPsidGroupPermissions OPTIONAL,
canRequestRollover NULL OPTIONAL,
encryptionKey PublicEncryptionKey OPTIONAL,
verifyKeyIndicator VerificationKeyIndicator,
...
}
(WITH COMPONENTS { ..., appPermissions PRESENT} |
WITH COMPONENTS { ..., certIssuePermissions PRESENT} |
WITH COMPONENTS { ..., certRequestPermissions PRESENT})
ToBeSignedData ::= SEQUENCE {
payload SignedDataPayload,
headerInfo HeaderInfo
}
TwoDLocation ::= SEQUENCE {
latitude Latitude,
longitude Longitude
}
ValidityPeriod ::= SEQUENCE {
start Time32,
duration Duration
}
VerificationKeyIndicator ::= CHOICE {
verificationKey PublicVerificationKey,
reconstructionValue EccP256CurvePoint,
...
}