All Classes and Interfaces

Class
Description
 
Some other information of non-restrictive nature regarding the usage of this certificate.
 
An Admissions structure.
 
Attribute to indicate admissions to certain professions.
 
AesCcmCiphertext ::= SEQUENCE { nonce OCTET STRING (SIZE (12)) ccmCiphertext Opaque -- 16 bytes longer than plaintext }
 
Implementation of the Archive Timestamp type defined in RFC4998.
Implementation of ArchiveTimeStampChain type, as defined in RFC4998 and RFC6283.
Implementation of ArchiveTimeStampSequence type, as defined in RFC4998.
RFC 5652: Attribute is a pair of OID (as type identifier) + set of values.
RFC 5652 defines 5 "SET OF Attribute" entities with 5 different names.
This is helper tool to construct Attributes sets.
 
AttrOrOID ::= CHOICE (oid OBJECT IDENTIFIER, attribute Attribute }
RFC 5652 section 9.1: The AuthenticatedData carries AuthAttributes and other data which define what really is being signed.
Parse AuthenticatedData stream.
RFC 5083: CMS AuthEnveloped Data object.
Parse AuthEnvelopedData input stream.
BasePublicEncryptionKey ::= CHOICE { eciesNistP256 EccP256CurvePoint, eciesBrainpoolP256r1 EccP256CurvePoint, ... }
 
 
 
 
BitmapSspRange ::= SEQUENCE { sspValue OCTET STRING (SIZE(1..32)), sspBitmask OCTET STRING (SIZE(1..32)) }
bodyIdMax INTEGER ::= 4294967295 BodyPartID ::= INTEGER(0..bodyIdMax)
BodyPartList ::= SEQUENCE SIZE (1..MAX) OF BodyPartID
BodyPartPath ::= SEQUENCE SIZE (1..MAX) OF BodyPartID
BodyPartReference ::= CHOICE { bodyPartID BodyPartID, bodyPartPath BodyPartPath }
See https://www.bsi.bund.de/cae/servlet/contentblob/471398/publicationFile/30615/BSI-TR-03111_pdf.pdf
 
RFC 5084: CCMParameters object.
 
CertEtcToken ::= CHOICE { certificate [0] IMPLICIT Certificate , esscertid [1] ESSCertId , pkistatus [2] IMPLICIT PKIStatusInfo , assertion [3] ContentInfo , crl [4] IMPLICIT CertificateList, ocspcertstatus [5] CertStatus, oscpcertid [6] IMPLICIT CertId , oscpresponse [7] IMPLICIT OCSPResponse, capabilities [8] SMIMECapabilities, extension Extension }
ISIS-MTT PROFILE: The responder may include this extension in a response to send the hash of the requested certificate to the responder.
 
 
Certificate ::= CertificateBase (ImplicitCertificate | ExplicitCertificate)
 
CertificateBase ::= SEQUENCE { version Uint8(3), type CertificateType, issuer IssuerIdentifier, toBeSigned ToBeSignedCertificate, signature Signature OPTIONAL }
 
an Iso7816CertificateBody structure.
an Iso7816CertificateHolderAuthorization structure.
 
CertificateId ::= CHOICE { linkageData LinkageData, name Hostname, binaryId OCTET STRING(SIZE(1..64)), none NULL, ... }
 
CertificateType ::= ENUMERATED { explicit, implicit, ... }
 
CertificationRequest ::= SEQUENCE { certificationRequestInfo SEQUENCE { version INTEGER, subject Name, subjectPublicKeyInfo SEQUENCE { algorithm AlgorithmIdentifier, subjectPublicKey BIT STRING }, attributes [0] IMPLICIT SET OF Attribute }, signatureAlgorithm AlgorithmIdentifier, signature BIT STRING }
CertifiedKeyPair ::= SEQUENCE { certOrEncCert CertOrEncCert, privateKey [0] EncryptedKey OPTIONAL, -- see [CRMF] for comment on encoding publicationInfo [1] PKIPublicationInfo OPTIONAL }
 
 
 
 
 
 
 
 
 
 
CircularRegion ::= SEQUENCE { center TwoDLocation, radius Uint16 }
 
CMCFailInfo ::= INTEGER { badAlg (0), badMessageCheck (1), badRequest (2), badTime (3), badCertId (4), unsupportedExt (5), mustArchiveKeys (6), badIdentity (7), popRequired (8), popFailed (9), noKeyReuse (10), internalCAError (11), tryLater (12), authDataFail (13) }
Object Identifiers from RFC 5272
CMCPublicationInfo ::= SEQUENCE { hashAlg AlgorithmIdentifier, certHashes SEQUENCE OF OCTET STRING, pubInfo PKIPublicationInfo }
CMCStatus ::= INTEGER { success (0), failed (2), pending (3), noSupport (4), confirmRequired (5), popRequired (6), partial (7) }
-- Used to return status state in a response id-cmc-statusInfo OBJECT IDENTIFIER ::= {id-cmc 1} CMCStatusInfo ::= SEQUENCE { cMCStatus CMCStatus, bodyList SEQUENCE SIZE (1..MAX) OF BodyPartID, statusString UTF8String OPTIONAL, otherInfo CHOICE { failInfo CMCFailInfo, pendInfo PendInfo } OPTIONAL }
Other info implements the choice component of CMCStatusInfo.
 
-- Replaces CMC Status Info -- id-cmc-statusInfoV2 OBJECT IDENTIFIER ::= {id-cmc 25} CMCStatusInfoV2 ::= SEQUENCE { cMCStatus CMCStatus, bodyList SEQUENCE SIZE (1..MAX) OF BodyPartReference, statusString UTF8String OPTIONAL, otherStatusInfo OtherStatusInfo OPTIONAL } OtherStatusInfo ::= CHOICE { failInfo CMCFailInfo, pendInfo PendInfo, extendedFailInfo ExtendedFailInfo } PendInfo ::= SEQUENCE { pendToken OCTET STRING, pendTime GeneralizedTime } ExtendedFailInfo ::= SEQUENCE { failInfoOID OBJECT IDENTIFIER, failInfoValue ANY DEFINED BY failInfoOID }
 
id-aa-cmc-unsignedData OBJECT IDENTIFIER ::= {id-aa 34} CMCUnsignedData ::= SEQUENCE { bodyPartPath BodyPartPath, identifier OBJECT IDENTIFIER, content ANY DEFINED BY identifier }
 
 
From RFC 6211
RFC 5652 CMS attribute OID constants, RFC 6019 Binary Time, and RFC 6211 Algorithm Identifier Protection Attribute.
 
 
 
Commitment type qualifiers, used in the Commitment-Type-Indication attribute (RFC3126).
CompleteRevocationRefs ::= SEQUENCE OF CrlOcspRef
RFC 3274: CMS Compressed Data.
Parser of RFC 3274 CompressedData object.
 
 
RFC 5652 ContentInfo, and RFC 5652 EncapsulatedContentInfo objects.
RFC 5652 ContentInfo object parser.
ContributedExtensionBlock ::= SEQUENCE { contributorId IEEE1609DOT2-HEADERINFO-CONTRIBUTED-EXTENSION.
 
-- Inform follow on servers that one or more controls have already been -- processed id-cmc-controlProcessed OBJECT IDENTIFIER ::= {id-cmc 32} ControlsProcessed ::= SEQUENCE { bodyList SEQUENCE SIZE(1..MAX) OF BodyPartReference }
Countersignature ::= Ieee1609Dot2Data (WITH COMPONENTS {..., content (WITH COMPONENTS {..., signedData (WITH COMPONENTS {..., tbsData (WITH COMPONENTS {..., payload (WITH COMPONENTS {..., data ABSENT, extDataHash PRESENT }), headerInfo(WITH COMPONENTS {..., generationTime PRESENT, expiryTime ABSENT, generationLocation ABSENT, p2pcdLearningRequest ABSENT, missingCrlIdentifier ABSENT, encryptionKey ABSENT }) }) }) }) })
CountryAndRegions ::= SEQUENCE { countryOnly CountryOnly, regions SequenceOfUint8 }
 
 
 
CrlIdentifier ::= SEQUENCE { crlissuer Name, crlIssuedTime UTCTime, crlNumber INTEGER OPTIONAL }
CRLListID ::= SEQUENCE { crls SEQUENCE OF CrlValidatedID }
CrlOcspRef ::= SEQUENCE { crlids [0] CRLListID OPTIONAL, ocspids [1] OcspListID OPTIONAL, otherRev [2] OtherRevRefs OPTIONAL }
CrlSeries ::= Uint16
CrlValidatedID ::= SEQUENCE { crlHash OtherHash, crlIdentifier CrlIdentifier OPTIONAL }
 
Implementation of the CryptoInfos element defined in RFC 4998:
The CscaMasterList object.
CsrAttrs ::= SEQUENCE SIZE (0..MAX) OF AttrOrOID
an iso7816Certificate structure.
 
Data ::= CHOICE { message OCTET STRING , messageImprint DigestInfo, certs [0] SEQUENCE SIZE (1..MAX) OF TargetEtcChain }
The DataGroupHash object.
A declaration of majority.
 
id-cmc-decryptedPOP OBJECT IDENTIFIER ::= {id-cmc 10} DecryptedPOP ::= SEQUENCE { bodyPartID BodyPartID, thePOPAlgID AlgorithmIdentifier, thePOP OCTET STRING }
From RFC 2875 for Diffie-Hellman POP.
RFC 5652 DigestedData object.
Duration ::= CHOICE { microseconds Uint16, milliseconds Uint16, seconds Uint16, minutes Uint16, hours Uint16, sixtyHours Uint16, years Uint16 }
DVCSCertInfo::= SEQUENCE { version Integer DEFAULT 1 , dvReqInfo DVCSRequestInformation, messageImprint DigestInfo, serialNumber Integer, responseTime DVCSTime, dvStatus [0] PKIStatusInfo OPTIONAL, policy [1] PolicyInformation OPTIONAL, reqSignature [2] SignerInfos OPTIONAL, certs [3] SEQUENCE SIZE (1..MAX) OF TargetEtcChain OPTIONAL, extensions Extensions OPTIONAL }
DVCSCertInfo::= SEQUENCE { version Integer DEFAULT 1 , dvReqInfo DVCSRequestInformation, messageImprint DigestInfo, serialNumber Integer, responseTime DVCSTime, dvStatus [0] PKIStatusInfo OPTIONAL, policy [1] PolicyInformation OPTIONAL, reqSignature [2] SignerInfos OPTIONAL, certs [3] SEQUENCE SIZE (1..MAX) OF TargetEtcChain OPTIONAL, extensions Extensions OPTIONAL }
DVCSErrorNotice ::= SEQUENCE { transactionStatus PKIStatusInfo , transactionIdentifier GeneralName OPTIONAL }
OIDs for RFC 3029 Data Validation and Certification Server Protocols
DVCSRequest ::= SEQUENCE { requestInformation DVCSRequestInformation, data Data, transactionIdentifier GeneralName OPTIONAL }
DVCSRequestInformation ::= SEQUENCE { version INTEGER DEFAULT 1 , service ServiceType, nonce Nonce OPTIONAL, requestTime DVCSTime OPTIONAL, requester [0] GeneralNames OPTIONAL, requestPolicy [1] PolicyInformation OPTIONAL, dvcs [2] GeneralNames OPTIONAL, dataLocations [3] GeneralNames OPTIONAL, extensions [4] IMPLICIT Extensions OPTIONAL }
DVCSRequestInformation ::= SEQUENCE { version INTEGER DEFAULT 1 , service ServiceType, nonce Nonce OPTIONAL, requestTime DVCSTime OPTIONAL, requester [0] GeneralNames OPTIONAL, requestPolicy [1] PolicyInformation OPTIONAL, dvcs [2] GeneralNames OPTIONAL, dataLocations [3] GeneralNames OPTIONAL, extensions [4] IMPLICIT Extensions OPTIONAL }
DVCSResponse ::= CHOICE { dvCertInfo DVCSCertInfo , dvErrorNote [0] DVCSErrorNotice }
DVCSTime ::= CHOICE { genTime GeneralizedTime, timeStampToken ContentInfo }
German Federal Office for Information Security (Bundesamt für Sicherheit in der Informationstechnik) https://www.bsi.bund.de/
 
ECC-CMS-SharedInfo ::= SEQUENCE { keyInfo AlgorithmIdentifier, entityUInfo [0] EXPLICIT OCTET STRING OPTIONAL, suppPubInfo [2] EXPLICIT OCTET STRING }
Common interface for ITS curve points.
EccP256CurvePoint ::= CHOICE { x-only OCTET STRING (SIZE (32)), fill NULL, compressed-y-0 OCTET STRING (SIZE (32)), compressed-y-1 OCTET STRING (SIZE (32)), uncompressedP256 SEQUENCE { x OCTET STRING (SIZE (32)), y OCTET STRING (SIZE (32)) } }
 
EccP384CurvePoint ::= CHOICE { x-only OCTET STRING (SIZE (48)), fill NULL, compressed-y-0 OCTET STRING (SIZE (48)), compressed-y-1 OCTET STRING (SIZE (48)), uncompressedP384 SEQUENCE { x OCTET STRING (SIZE (48)), y OCTET STRING (SIZE (48)) } }
 
EcdsaP256Signature ::= SEQUENCE { rSig EccP256CurvePoint, sSig OCTET STRING (SIZE (32)) }
 
EcdsaP384Signature ::= SEQUENCE { rSig EccP384CurvePoint, sSig OCTET STRING (SIZE (48)) }
 
an Iso7816ECDSAPublicKeyStructure structure.
 
RFC 5652 EncryptedContentInfo object.
Parser for RFC 5652 EncryptedContentInfo object.
RFC 5652 EncryptedData object.
EncryptedData ::= SEQUENCE { recipients SequenceOfRecipientInfo, ciphertext SymmetricCiphertext }
 
EncryptedDataEncryptionKey ::= CHOICE { eciesNistP256 EciesP256EncryptedKey, eciesBrainpoolP256r1 EciesP256EncryptedKey, ... }
 
 
id-cmc-encryptedPOP OBJECT IDENTIFIER ::= {id-cmc 9} EncryptedPOP ::= SEQUENCE { request TaggedRequest, cms ContentInfo, thePOPAlgID AlgorithmIdentifier, witnessAlgID AlgorithmIdentifier, witness OCTET STRING }
 
Implementation of the EncryptionInfo element defined in RFC 4998:
EndEntityType ::= BIT STRING { app(0), enrol(1) } (SIZE (8)) (ALL EXCEPT ())
RFC 5652 EnvelopedData object.
Parser of RFC 5652 EnvelopedData object.
 
 
 
 
Ieee1609Dot2HeaderInfoContributedExtensions IEEE1609DOT2-HEADERINFO-CONTRIBUTED-EXTENSION ::= { {EtsiOriginatingHeaderInfoExtension IDENTIFIED BY etsiHeaderInfoContributorId}, ... }
 
RFC 5544: Binding Documents with Time-Stamps; Evidence object.
RFC 4998: Evidence Record Syntax (ERS)
 
ExtendedFailInfo ::= SEQUENCE { failInfoOID OBJECT IDENTIFIER, failInfoValue ANY DEFINED BY failInfoOID }
ExtensionReq ::= SEQUENCE SIZE (1..MAX) OF Extension
 
RFC 5084: GCMParameters object.
RFC 5990 GenericHybridParameters class.
 
 
GeographicRegion ::= CHOICE { circularRegion CircularRegion, rectangularRegion SequenceOfRectangularRegion, polygonalRegion PolygonalRegion, identifiedRegion SequenceOfIdentifiedRegion, ... }
id-cmc-getCert OBJECT IDENTIFIER ::= {id-cmc 15} GetCert ::= SEQUENCE { issuerName GeneralName, serialNumber INTEGER }
id-cmc-getCRL OBJECT IDENTIFIER ::= {id-cmc 16} GetCRL ::= SEQUENCE { issuerName Name, cRLName GeneralName OPTIONAL, time GeneralizedTime OPTIONAL, reasons ReasonFlags OPTIONAL }
GroupLinkageValue ::= SEQUENCE { jValue OCTET STRING (SIZE(4)) value OCTET STRING (SIZE(9)) }
CertificateType ::= ENUMERATED { explicit, implicit, ... }
HashedData::= CHOICE { sha256HashedData OCTET STRING (SIZE(32)), ..., sha384HashedData OCTET STRING (SIZE(48)), reserved OCTET STRING (SIZE(32)) }
 
 
 
 
 
 
HeaderInfo ::= SEQUENCE { psid Psid, generationTime Time64 OPTIONAL, expiryTime Time64 OPTIONAL, generationLocation ThreeDLocation OPTIONAL, p2pcdLearningRequest HashedId3 OPTIONAL, missingCrlIdentifier MissingCrlIdentifier OPTIONAL, ..., inlineP2pcdRequest SequenceOfHashedId3 OPTIONAL, requestedCertificate Certificate OPTIONAL }
 
 
{ ISOITU(2) intorgs(23) icao(136) }
IdentifiedRegion ::= CHOICE { countryOnly CountryOnly, countryAndRegions CountryAndRegions, countryAndSubregions CountryAndSubregions, ... }
id-cmc-identityProofV2 OBJECT IDENTIFIER ::= { id-cmc 34 } identityProofV2 ::= SEQUENCE { proofAlgID AlgorithmIdentifier, macAlgId AlgorithmIdentifier, witness OCTET STRING }
OER forward definition builders for OER encoded data.
 
Ieee1609Dot2Content ::= CHOICE { unsecuredData Opaque, signedData SignedData, encryptedData EncryptedData, signedCertificateRequest Opaque, ... }
 
Ieee1609Dot2Data ::= SEQUENCE { protocolVersion Uint8(3), content Ieee1609Dot2Content }
 
 
Example InfoTypeAndValue contents include, but are not limited to, the following (un-comment in this ASN.1 module and use as appropriate for a given environment):
ISISMT -- Industrial Signature Interoperability Specification
RFC 5652: IssuerAndSerialNumber object.
IssuerIdentifier ::= CHOICE { sha256AndDigest HashedId8, self HashAlgorithm, ..., sha384AndDigest HashedId8 }
 
IValue ::= Uint16
RFC 5652: Content encryption key delivery mechanisms.
RFC 5652: Content encryption key delivery mechanisms.
RFC 5652: Content encryption key delivery mechanisms.
RFC 5652: Content encryption key delivery mechanisms.
 
RFC 5652: Content encryption key delivery mechanisms.
Latitude ::= NinetyDegreeInt
The LDSSecurityObject object (V1.8).
 
LinkageData ::= SEQUENCE { iCert IValue, linkage-value LinkageValue, group-linkage-value GroupLinkageValue OPTIONAL }
LinkageValue ::= OCTET STRING (SIZE(9))
Latitude ::= OneEightyDegreeInt OneEightyDegreeInt ::= INTEGER { min (-1799999999), max (1800000000), unknown (1800000001) } (-1799999999..1800000001)
id-cmc-lraPOPWitness OBJECT IDENTIFIER ::= {id-cmc 11} LraPopWitness ::= SEQUENCE { pkiDataBodyid BodyPartID, bodyIds SEQUENCE OF BodyPartID }
 
RFC 5544: Binding Documents with Time-Stamps; MetaData object.
MissingCrlIdentifier ::= SEQUENCE { cracaId HashedId3, crlSeries CrlSeries, ... }
id-cmc-modCertTemplate OBJECT IDENTIFIER ::= {id-cmc 31} ModCertTemplate ::= SEQUENCE { pkiDataReference BodyPartPath, certReferences BodyPartList, replace BOOLEAN DEFAULT TRUE, certTemplate CertTemplate }
Monetary limit for transactions.
 
RFC 5753/3278: MQVuserKeyingMaterial object.
Names of authorities which are responsible for the administration of title registers.
 
NinetyDegreeInt ::= INTEGER { min (-900000000), max (900000000), unknown (900000001) }
OcspIdentifier ::= SEQUENCE { ocspResponderID ResponderID, -- As in OCSP response data producedAt GeneralizedTime -- As in OCSP response data }
OcspListID ::= SEQUENCE { ocspResponses SEQUENCE OF OcspResponsesID }
OcspResponsesID ::= SEQUENCE { ocspIdentifier OcspIdentifier, ocspRepHash OtherHash OPTIONAL }
 
 
 
 
 
 
 
 
OER sequence decoder, decodes prefix and determines which optional parts are available.
A placeholder object that represents an absent item.
 
NinetyDegreeInt ::= INTEGER { min (-900000000), max (900000000), unknown (900000001) }
 
 
RFC 5652: Content encryption key delivery mechanisms.
RFC 5652: OriginatorInfo object.
RFC 5652: Content encryption key delivery mechanisms.
 
OtherHash ::= CHOICE { sha1Hash OtherHashValue, -- This contains a SHA-1 hash otherHash OtherHashAlgAndValue }
 
RFC 5652: OtherKeyAttribute object.
OtherMsg ::= SEQUENCE { bodyPartID BodyPartID, otherMsgType OBJECT IDENTIFIER, otherMsgValue ANY DEFINED BY otherMsgType }
RFC 5652: Content encryption key delivery mechanisms.
RFC 5652: OtherRevocationInfoFormat object.
OtherRevRefs ::= SEQUENCE { otherRevRefType OtherRevRefType, otherRevRefs ANY DEFINED BY otherRevRefType } OtherRevRefType ::= OBJECT IDENTIFIER
OtherRevVals ::= SEQUENCE { otherRevValType OtherRevValType, otherRevVals ANY DEFINED BY OtherRevValType } OtherRevValType ::= OBJECT IDENTIFIER
 
Other info implements the choice component of CMCStatusInfoV2.
EAC encoding date object
Implementation of PartialHashtree, as defined in RFC 4998.
RFC 5652: Content encryption key delivery mechanisms.
PathProcInput ::= SEQUENCE { acceptablePolicySet SEQUENCE SIZE (1..MAX) OF PolicyInformation, inhibitPolicyMapping BOOLEAN DEFAULT FALSE, explicitPolicyReqd [0] BOOLEAN DEFAULT FALSE , inhibitAnyPolicy [1] BOOLEAN DEFAULT FALSE }
 
 
PendInfo ::= SEQUENCE { pendToken OCTET STRING, pendTime GeneralizedTime }
 
 
 
PKIData ::= SEQUENCE { controlSequence SEQUENCE SIZE(0..MAX) OF TaggedAttribute, reqSequence SEQUENCE SIZE(0..MAX) OF TaggedRequest, cmsSequence SEQUENCE SIZE(0..MAX) OF TaggedContentInfo, otherMsgSequence SEQUENCE SIZE(0..MAX) OF OtherMsg }
PKIFailureInfo ::= BIT STRING { badAlg (0), -- unrecognized or unsupported Algorithm Identifier badMessageCheck (1), -- integrity check failed (e.g., signature did not verify) badRequest (2), -- transaction not permitted or supported badTime (3), -- messageTime was not sufficiently close to the system time, as defined by local policy badCertId (4), -- no certificate could be found matching the provided criteria badDataFormat (5), -- the data submitted has the wrong format wrongAuthority (6), -- the authority indicated in the request is different from the one creating the response token incorrectData (7), -- the requester's data is incorrect (for notary services) missingTimeStamp (8), -- when the timestamp is missing but should be there (by policy) badPOP (9) -- the proof-of-possession failed certRevoked (10), certConfirmed (11), wrongIntegrity (12), badRecipientNonce (13), timeNotAvailable (14), -- the TSA's time source is not available unacceptedPolicy (15), -- the requested TSA policy is not supported by the TSA unacceptedExtension (16), -- the requested extension is not supported by the TSA addInfoNotAvailable (17) -- the additional information requested could not be understood -- or is not available badSenderNonce (18), badCertTemplate (19), signerNotTrusted (20), transactionIdInUse (21), unsupportedVersion (22), notAuthorized (23), systemUnavail (24), systemFailure (25), -- the request cannot be handled due to system failure duplicateCertReq (26)
 
 
 
 
 
PKIPublicationInfo ::= SEQUENCE { action INTEGER { dontPublish (0), pleasePublish (1) }, pubInfos SEQUENCE SIZE (1..MAX) OF SinglePubInfo OPTIONAL } -- pubInfos MUST NOT be present if action is "dontPublish" -- (if action is "pleasePublish" and pubInfos is omitted, -- "dontCare" is assumed)
-- This defines the response message in the protocol id-cct-PKIResponse OBJECT IDENTIFIER ::= { id-cct 3 } ResponseBody ::= PKIResponse PKIResponse ::= SEQUENCE { controlSequence SEQUENCE SIZE(0..MAX) OF TaggedAttribute, cmsSequence SEQUENCE SIZE(0..MAX) OF TaggedContentInfo, otherMsgSequence SEQUENCE SIZE(0..MAX) OF OtherMsg }
 
 
Password-based MAC value for use with POPOSigningKeyInput.
PKRecipientInfo ::= SEQUENCE { recipientId HashedId8, encKey EncryptedDataEncryptionKey }
 
 
 
SEQUENCE SIZE(3..MAX) OF TwoDLocation
 
id-cmc-popLinkWitnessV2 OBJECT IDENTIFIER ::= { id-cmc 33 } PopLinkWitnessV2 ::= SEQUENCE { keyGenAlgorithm AlgorithmIdentifier, macAlgorithm AlgorithmIdentifier, witness OCTET STRING }
 
 
 
 
 
PreSharedKeyRecipientInfo ::= HashedId8
Attribute to indicate that the certificate holder may sign in the name of a third person.
 
Professions, specializations, disciplines, fields of activity, etc.
 
 
 
 
PsidGroupPermissions ::= SEQUENCE { subjectPermissions SubjectPermissions, minChainLength INTEGER DEFAULT 1, chainLengthRange INTEGER DEFAULT 0, eeType EndEntityType DEFAULT (app) }
 
PsidSsp ::= SEQUENCE { psid Psid, ssp ServiceSpecificPermissions OPTIONAL }
 
PsidSspRange ::= SEQUENCE { psid Psid, sspRange SspRange OPTIONAL }
 
PublicEncryptionKey ::= SEQUENCE { supportedSymmAlg SymmAlgorithm, publicKey BasePublicEncryptionKey }
 
PublicVerificationKey ::= CHOICE { ecdsaNistP256 EccP256CurvePoint, ecdsaBrainpoolP256r1 EccP256CurvePoint, ..., ecdsaBrainpoolP384r1 EccP384CurvePoint }
 
PublishTrustAnchors ::= SEQUENCE { seqNumber INTEGER, hashAlgorithm AlgorithmIdentifier, anchorHashes SEQUENCE OF OCTET STRING }
RFC 5652: Content encryption key delivery mechanisms.
RFC 5652: Content encryption key delivery mechanisms.
RFC 5652: Content encryption key delivery mechanisms.
RecipientInfo ::= CHOICE { pskRecipInfo PreSharedKeyReicpientInfo, symmRecipInfo SymmRecipientInfo, certRecipInfo PKRecipientInfo, signedDataRecipInfo PKRecipientInfo, rekRecipInfo PKRecipientInfo }
RFC 5652: Content encryption key delivery mechanisms.
RectangularRegion ::= SEQUENCE { northWest TwoDLocation, southEast TwoDLocation }
 
RegionAndSubregions ::= SEQUENCE { region Uint8, subregions SequenceOfUint16 }
 
Marker for Geographic Region types.
ISIS-MTT-Optional: The certificate requested by the client by inserting the RetrieveIfAllowed extension in the request, will be returned in this extension.
 
Some other restriction regarding the usage of this certificate.
 
 
 
RevocationValues ::= SEQUENCE { crlVals [0] SEQUENCE OF CertificateList OPTIONAL, ocspVals [1] SEQUENCE OF BasicOCSPResponse OPTIONAL, otherRevVals [2] OtherRevVals OPTIONAL}
RevokeRequest ::= SEQUENCE { issuerName Name, serialNumber INTEGER, reason CRLReason, invalidityDate GeneralizedTime OPTIONAL, passphrase OCTET STRING OPTIONAL, comment UTF8String OPTIONAL }
 
 
 
RFC 5990 RSA KEM parameters class.
an Iso7816RSAPublicKeyStructure structure.
RFC 5940: Additional Cryptographic Message Syntax (CMS) Revocation Information Choices.
SequenceOfCertificate ::= SEQUENCE OF Certificate
 
 
SequenceOfOctetString ::= SEQUENCE (SIZE(0..MAX)) OF OCTET STRING (SIZE(0..MAX))
SEQUENCE OF PsidGroupPermissions
 
SequenceOfPsidSsp ::= SEQUENCE OF PsidSsp
 
 
 
SequenceOfRecipientInfo ::= SEQUENCE OF RecipientInfo
 
SequenceOfRectangularRegion ::= SEQUENCE OF RectangularRegion
ServiceSpecificPermissions ::= CHOICE { opaque OCTET STRING (SIZE(0..MAX)), ..., bitmapSsp BitmapSsp }
 
ServiceType ::= ENUMERATED { cpd(1), vsd(2), cpkc(3), ccpd(4) }
Signature ::= CHOICE { ecdsaNistP256Signature EcdsaP256Signature, ecdsaBrainpoolP256r1Signature EcdsaP256Signature, ...
 
 
 
SignedData ::= SEQUENCE { hashId HashAlgorithm, tbsData ToBeSignedData, signer SignerIdentifier, signature Signature }
Parser for RFC 5652: SignedData object.
SignedDataPayload ::= SEQUENCE { data Ieee1609Dot2Data OPTIONAL, extDataHash HashedData OPTIONAL, ... }
 
 
RFC 5652: Identify who signed the containing SignerInfo object.
SignerIdentifier ::= CHOICE { digest HashedId8, certificate SequenceOfCertificate, self NULL, ... }
 
RFC 5652: Signature container per Signer, see SignerIdentifier.
Signer-Location attribute (RFC3126).
 
 
 
 
SinglePubInfo ::= SEQUENCE { pubMethod INTEGER { dontCare (0), x500 (1), web (2), ldap (3) }, pubLocation GeneralName OPTIONAL }
 
Handler class for dealing with S/MIME Capabilities
 
 
Handler for creating a vector S/MIME Capabilities
The SMIMEEncryptionKeyPreference object.
 
 
SspRange ::= CHOICE { opaque SequenceOfOctetString, all NULL, ...
 
 
SubjectPermissions ::= CHOICE { explicit SequenceOfPsidSspRange, all NULL, ... }
 
 
 
SymmetricCiphertext ::= CHOICE { aes128ccm AesCcmCiphertext, ... }
 
SymmRecipientInfo ::= SEQUENCE { recipientId HashedId8, encKey SymmetricCiphertext }
TaggedAttribute from RFC5272
TaggedCertificationRequest ::= SEQUENCE { bodyPartID BodyPartID, certificationRequest CertificationRequest }
TaggedContentInfo ::= SEQUENCE { bodyPartID BodyPartID, contentInfo ContentInfo }
TaggedRequest ::= CHOICE { tcr [0] TaggedCertificationRequest, crm [1] CertReqMsg, orm [2] SEQUENCE { bodyPartID BodyPartID, requestMessageType OBJECT IDENTIFIER, requestMessageValue ANY DEFINED BY requestMessageType } }
TargetEtcChain ::= SEQUENCE { target CertEtcToken, chain SEQUENCE SIZE (1..MAX) OF CertEtcToken OPTIONAL, pathProcInput [0] PathProcInput OPTIONAL }
RFC 5652: Dual-mode timestamp format producing either UTCTIme or GeneralizedTime.
RFC 5544 Binding Documents with Time-Stamps; TimeStampAndCRL object.
RFC 5544: Binding Documents with Time-Stamps; TimeStampedData object.
Parser for RFC 5544: TimeStampedData object.
 
 
RFC 5544 Binding Documents with Time-Stamps; TimeStampTokenEvidence object.
ToBeSignedCertificate ::= SEQUENCE { id CertificateId, cracaId HashedId3, crlSeries CrlSeries, validityPeriod ValidityPeriod, region GeographicRegion OPTIONAL, assuranceLevel SubjectAssurance OPTIONAL, appPermissions SequenceOfPsidSsp OPTIONAL, certIssuePermissions SequenceOfPsidGroupPermissions OPTIONAL, certRequestPermissions SequenceOfPsidGroupPermissions OPTIONAL, canRequestRollover NULL OPTIONAL, encryptionKey PublicEncryptionKey OPTIONAL, verifyKeyIndicator VerificationKeyIndicator, ... } (WITH COMPONENTS { ..., appPermissions PRESENT} | WITH COMPONENTS { ..., certIssuePermissions PRESENT} | WITH COMPONENTS { ..., certRequestPermissions PRESENT})
 
ToBeSignedData ::= SEQUENCE { payload SignedDataPayload, headerInfo HeaderInfo }
 
 
TwoDLocation ::= SEQUENCE { latitude Latitude, longitude Longitude }
 
 
 
 
ValidityPeriod ::= SEQUENCE { start Time32, duration Duration }
 
VerificationKeyIndicator ::= CHOICE { verificationKey PublicVerificationKey, reconstructionValue EccP256CurvePoint, ... }