All Classes and Interfaces
Class
Description
AaEntry ::= SEQUENCE {
aaCertificate EtsiTs103097Certificate,
accessPoint Url
}
Some other information of non-restrictive nature regarding the usage of this
certificate.
AdditionalParams ::= CHOICE {
original ButterflyParamsOriginal,
unified ButterflyExpansion,
compactUnified ButterflyExpansion,
encryptionKey PublicEncryptionKey,
...
An Admissions structure.
Attribute to indicate admissions to certain professions.
AesCcmCiphertext ::= SEQUENCE {
nonce OCTET STRING (SIZE (12))
ccmCiphertext Opaque -- 16 bytes longer than plaintext
}
Implementation of the Archive Timestamp type defined in RFC4998.
Implementation of ArchiveTimeStampChain type, as defined in RFC4998 and RFC6283.
Implementation of ArchiveTimeStampSequence type, as defined in RFC4998.
RFC 5652:
Attribute is a pair of OID (as type identifier) + set of values.
RFC 5652 defines
5 "SET OF Attribute" entities with 5 different names.
This is helper tool to construct
Attributes sets.
AttrOrOID ::= CHOICE (oid OBJECT IDENTIFIER, attribute Attribute }
RFC 5652 section 9.1:
The AuthenticatedData carries AuthAttributes and other data
which define what really is being signed.
Parse
AuthenticatedData stream.RFC 5083:
CMS AuthEnveloped Data object.
Parse
AuthEnvelopedData input stream.AuthorizationValidationRequest ::= SEQUENCE {
sharedAtRequest SharedAtRequest,
ecSignature EcSignature,
...
AuthorizationValidationResponse ::= SEQUENCE {
requestHash OCTET STRING (SIZE(16)),
responseCode AuthorizationValidationResponseCode,
confirmedSubjectAttributes CertificateSubjectAttributes (WITH COMPONENTS{..., certIssuePermissions ABSENT}) OPTIONAL,
...
BasePublicEncryptionKey ::= CHOICE {
eciesNistP256 EccP256CurvePoint,
eciesBrainpoolP256r1 EccP256CurvePoint,
...
BitmapSspRange ::= SEQUENCE {
sspValue OCTET STRING (SIZE(1..32)),
sspBitmask OCTET STRING (SIZE(1..32))
}
bodyIdMax INTEGER ::= 4294967295
BodyPartID ::= INTEGER(0..bodyIdMax)
BodyPartList ::= SEQUENCE SIZE (1..MAX) OF BodyPartID
BodyPartPath ::= SEQUENCE SIZE (1..MAX) OF BodyPartID
BodyPartReference ::= CHOICE {
bodyPartID BodyPartID,
bodyPartPath BodyPartPath
}
See https://www.bsi.bund.de/cae/servlet/contentblob/471398/publicationFile/30615/BSI-TR-03111_pdf.pdf
ButterflyExpansion ::= CHOICE {
aes128 OCTET STRING (SIZE(16)),
...
ButterflyParamsOriginal ::= SEQUENCE {
signingExpansion ButterflyExpansion,
encryptionKey PublicEncryptionKey,
encryptionExpansion ButterflyExpansion
}
CaCertificateRequest ::= SEQUENCE {
publicKeys PublicKeys,
requestedSubjectAttributes CertificateSubjectAttributes,
...
CAKeyUpdAnnContent ::= SEQUENCE {
oldWithNew CMPCertificate, -- old pub signed with new priv
newWithOld CMPCertificate, -- new pub signed with old priv
newWithNew CMPCertificate -- new pub signed with new priv
}
RFC 5084: CCMParameters object.
CertAnnContent ::= CMPCertificate
CertConfirmContent ::= SEQUENCE OF CertStatus
CertEtcToken ::= CHOICE {
certificate [0] IMPLICIT Certificate ,
esscertid [1] ESSCertId ,
pkistatus [2] IMPLICIT PKIStatusInfo ,
assertion [3] ContentInfo ,
crl [4] IMPLICIT CertificateList,
ocspcertstatus [5] CertStatus,
oscpcertid [6] IMPLICIT CertId ,
oscpresponse [7] IMPLICIT OCSPResponse,
capabilities [8] SMIMECapabilities,
extension Extension
}
ISIS-MTT PROFILE: The responder may include this extension in a response to
send the hash of the requested certificate to the responder.
Certificate ::= CertificateBase (ImplicitCertificate | ExplicitCertificate)
CertificateBase ::= SEQUENCE {
version Uint8(3),
type CertificateType,
issuer IssuerIdentifier,
toBeSigned ToBeSignedCertificate,
signature Signature OPTIONAL
}
an Iso7816CertificateBody structure.
CertificateFormat::= INTEGER {
ts103097v131 (1)
}(1..255)
an Iso7816CertificateHolderAuthorization structure.
CertificateId ::= CHOICE {
linkageData LinkageData,
name Hostname,
binaryId OCTET STRING(SIZE(1..64)),
none NULL,
...
CertificateSubjectAttributes ::= SEQUENCE {
id CertificateId OPTIONAL,
validityPeriod ValidityPeriod OPTIONAL,
region GeographicRegion OPTIONAL,
assuranceLevel SubjectAssurance OPTIONAL,
appPermissions SequenceOfPsidSsp OPTIONAL,
certIssuePermissions SequenceOfPsidGroupPermissions OPTIONAL,
...
CertificateType ::= ENUMERATED {
explicit,
implicit,
...
CertificationRequest ::= SEQUENCE {
certificationRequestInfo SEQUENCE {
version INTEGER,
subject Name,
subjectPublicKeyInfo SEQUENCE {
algorithm AlgorithmIdentifier,
subjectPublicKey BIT STRING },
attributes [0] IMPLICIT SET OF Attribute },
signatureAlgorithm AlgorithmIdentifier,
signature BIT STRING
}
CertifiedKeyPair ::= SEQUENCE {
certOrEncCert CertOrEncCert,
privateKey [0] EncryptedKey OPTIONAL,
-- see [CRMF] for comment on encoding
publicationInfo [1] PKIPublicationInfo OPTIONAL
}
CertOrEncCert ::= CHOICE {
certificate [0] CMPCertificate,
encryptedCert [1] EncryptedKey
}
CertRepMessage ::= SEQUENCE {
caPubs [1] SEQUENCE SIZE (1..MAX) OF CMPCertificate
OPTIONAL,
response SEQUENCE OF CertResponse
}
GenMsg: {id-it 19}, < absent >
GenRep: {id-it 19}, CertReqTemplateContent | < absent >
CertResponse ::= SEQUENCE {
certReqId INTEGER,
status PKIStatusInfo,
certifiedKeyPair CertifiedKeyPair OPTIONAL,
rspInfo OCTET STRING OPTIONAL
-- analogous to the id-regInfo-utf8Pairs string defined
-- for regInfo in CertReqMsg [CRMF]
}
CertStatus ::= SEQUENCE {
certHash OCTET STRING,
certReqId INTEGER,
statusInfo PKIStatusInfo OPTIONAL,
hashAlg [0] AlgorithmIdentifier{DIGEST-ALGORITHM, {...}}
OPTIONAL
}
Challenge ::= SEQUENCE {
owf AlgorithmIdentifier OPTIONAL,
-- MUST be present in the first Challenge; MAY be omitted in
-- any subsequent Challenge in POPODecKeyChallContent (if
-- omitted, then the owf used in the immediately preceding
-- Challenge is to be used).
Rand is the inner type
CircularRegion ::= SEQUENCE {
center TwoDLocation,
radius Uint16
}
CMCFailInfo ::= INTEGER {
badAlg (0),
badMessageCheck (1),
badRequest (2),
badTime (3),
badCertId (4),
unsupportedExt (5),
mustArchiveKeys (6),
badIdentity (7),
popRequired (8),
popFailed (9),
noKeyReuse (10),
internalCAError (11),
tryLater (12),
authDataFail (13)
}
Object Identifiers from RFC 5272
CMCPublicationInfo ::= SEQUENCE {
hashAlg AlgorithmIdentifier,
certHashes SEQUENCE OF OCTET STRING,
pubInfo PKIPublicationInfo
}
CMCStatus ::= INTEGER {
success (0),
failed (2),
pending (3),
noSupport (4),
confirmRequired (5),
popRequired (6),
partial (7)
}
-- Used to return status state in a response
id-cmc-statusInfo OBJECT IDENTIFIER ::= {id-cmc 1}
CMCStatusInfo ::= SEQUENCE {
cMCStatus CMCStatus,
bodyList SEQUENCE SIZE (1..MAX) OF BodyPartID,
statusString UTF8String OPTIONAL,
otherInfo CHOICE {
failInfo CMCFailInfo,
pendInfo PendInfo } OPTIONAL
}
Other info implements the choice component of CMCStatusInfo.
-- Replaces CMC Status Info
--
id-cmc-statusInfoV2 OBJECT IDENTIFIER ::= {id-cmc 25}
CMCStatusInfoV2 ::= SEQUENCE {
cMCStatus CMCStatus,
bodyList SEQUENCE SIZE (1..MAX) OF BodyPartReference,
statusString UTF8String OPTIONAL,
otherStatusInfo OtherStatusInfo OPTIONAL
}
OtherStatusInfo ::= CHOICE {
failInfo CMCFailInfo,
pendInfo PendInfo,
extendedFailInfo ExtendedFailInfo
}
PendInfo ::= SEQUENCE {
pendToken OCTET STRING,
pendTime GeneralizedTime
}
ExtendedFailInfo ::= SEQUENCE {
failInfoOID OBJECT IDENTIFIER,
failInfoValue ANY DEFINED BY failInfoOID
}
id-aa-cmc-unsignedData OBJECT IDENTIFIER ::= {id-aa 34}
CMCUnsignedData ::= SEQUENCE {
bodyPartPath BodyPartPath,
identifier OBJECT IDENTIFIER,
content ANY DEFINED BY identifier
}
From RFC 6211
CMSORIforKEMOtherInfo ::= SEQUENCE {
wrap KeyEncryptionAlgorithmIdentifier,
kekLength INTEGER (1..MAX),
ukm [0] EXPLICIT UserKeyingMaterial OPTIONAL
}
UserKeyingMaterial ::= OCTET STRING
Commitment type qualifiers, used in the Commitment-Type-Indication attribute (RFC3126).
CompleteRevocationRefs ::= SEQUENCE OF CrlOcspRef
RFC 3274: CMS Compressed Data.
Parser of RFC 3274
CompressedData object.RFC 5652
ContentInfo object parser.ContributedExtensionBlock ::= SEQUENCE {
contributorId IEEE1609DOT2-HEADERINFO-CONTRIBUTED-EXTENSION.
-- Inform follow on servers that one or more controls have already been
-- processed
id-cmc-controlProcessed OBJECT IDENTIFIER ::= {id-cmc 32}
ControlsProcessed ::= SEQUENCE {
bodyList SEQUENCE SIZE(1..MAX) OF BodyPartReference
}
Countersignature ::= Ieee1609Dot2Data (WITH COMPONENTS {...,
content (WITH COMPONENTS {...,
signedData (WITH COMPONENTS {...,
tbsData (WITH COMPONENTS {...,
payload (WITH COMPONENTS {...,
data ABSENT,
extDataHash PRESENT
}),
headerInfo(WITH COMPONENTS {...,
generationTime PRESENT,
expiryTime ABSENT,
generationLocation ABSENT,
p2pcdLearningRequest ABSENT,
missingCrlIdentifier ABSENT,
encryptionKey ABSENT
})
})
})
})
})
CountryAndRegions ::= SEQUENCE {
countryOnly CountryOnly,
regions SequenceOfUint8
}
CountryAndSubregions ::= SEQUENCE {
country CountryOnly,
regionAndSubregions SequenceOfRegionAndSubregions
}
CRLAnnContent ::= SEQUENCE OF CertificateList
CrlIdentifier ::= SEQUENCE
{
crlissuer Name,
crlIssuedTime UTCTime,
crlNumber INTEGER OPTIONAL
}
CRLListID ::= SEQUENCE {
crls SEQUENCE OF CrlValidatedID }
CrlOcspRef ::= SEQUENCE {
crlids [0] CRLListID OPTIONAL,
ocspids [1] OcspListID OPTIONAL,
otherRev [2] OtherRevRefs OPTIONAL
}
CrlSeries ::= Uint16
GenMsg: {id-it TBD1}, SEQUENCE SIZE (1..MAX) OF CRLStatus
GenRep: {id-it TBD2}, SEQUENCE SIZE (1..MAX) OF
CertificateList | < absent >
CRLStatus ::= SEQUENCE {
source CRLSource,
thisUpdate Time OPTIONAL }
CrlValidatedID ::= SEQUENCE {
crlHash OtherHash,
crlIdentifier CrlIdentifier OPTIONAL }
Implementation of the CryptoInfos element defined in RFC 4998:
The CscaMasterList object.
CsrAttrs ::= SEQUENCE SIZE (0..MAX) OF AttrOrOID
CtlCommand ::= CHOICE {
add CtlEntry,
delete CtlDelete,
...
CtlDelete ::= CHOICE {
cert HashedId8,
dc DcDelete,
...
CtlEntry ::= CHOICE {
rca RootCaEntry,
ea EaEntry,
aa AaEntry,
dc DcEntry,
tlm TlmEntry,
...
CtlFormat ::= SEQUENCE {
version Version,
nextUpdate Time32,
isFullCtl BOOLEAN,
ctlSequence INTEGER (0..255),
ctlCommands SEQUENCE OF CtlCommand,
...
an iso7816Certificate structure.
Data ::= CHOICE {
message OCTET STRING ,
messageImprint DigestInfo,
certs [0] SEQUENCE SIZE (1..MAX) OF
TargetEtcChain
}
The DataGroupHash object.
DcEntry ::= SEQUENCE {
url Url,
cert SEQUENCE OF HashedId8
}
A declaration of majority.
id-cmc-decryptedPOP OBJECT IDENTIFIER ::= {id-cmc 10}
DecryptedPOP ::= SEQUENCE {
bodyPartID BodyPartID,
thePOPAlgID AlgorithmIdentifier,
thePOP OCTET STRING
}
DeltaCtl::= CtlFormat (WITH COMPONENTS {...,
isFullCtl(FALSE)
})
DHBMParameter ::= SEQUENCE {
owf AlgorithmIdentifier,
-- AlgId for a One-Way Function (SHA-1 recommended)
mac AlgorithmIdentifier
-- the MAC AlgId (e.g., DES-MAC, Triple-DES-MAC [PKCS11],
} -- or HMAC [RFC2104, RFC2202])
From RFC 2875 for Diffie-Hellman POP.
RFC 5652 DigestedData object.
Duration ::= CHOICE {
microseconds Uint16,
milliseconds Uint16,
seconds Uint16,
minutes Uint16,
hours Uint16,
sixtyHours Uint16,
years Uint16
}
DVCSCertInfo::= SEQUENCE {
version Integer DEFAULT 1 ,
dvReqInfo DVCSRequestInformation,
messageImprint DigestInfo,
serialNumber Integer,
responseTime DVCSTime,
dvStatus [0] PKIStatusInfo OPTIONAL,
policy [1] PolicyInformation OPTIONAL,
reqSignature [2] SignerInfos OPTIONAL,
certs [3] SEQUENCE SIZE (1..MAX) OF
TargetEtcChain OPTIONAL,
extensions Extensions OPTIONAL
}
DVCSCertInfo::= SEQUENCE {
version Integer DEFAULT 1 ,
dvReqInfo DVCSRequestInformation,
messageImprint DigestInfo,
serialNumber Integer,
responseTime DVCSTime,
dvStatus [0] PKIStatusInfo OPTIONAL,
policy [1] PolicyInformation OPTIONAL,
reqSignature [2] SignerInfos OPTIONAL,
certs [3] SEQUENCE SIZE (1..MAX) OF
TargetEtcChain OPTIONAL,
extensions Extensions OPTIONAL
}
DVCSErrorNotice ::= SEQUENCE {
transactionStatus PKIStatusInfo ,
transactionIdentifier GeneralName OPTIONAL
}
OIDs for RFC 3029
Data Validation and Certification Server Protocols
DVCSRequest ::= SEQUENCE {
requestInformation DVCSRequestInformation,
data Data,
transactionIdentifier GeneralName OPTIONAL
}
DVCSRequestInformation ::= SEQUENCE {
version INTEGER DEFAULT 1 ,
service ServiceType,
nonce Nonce OPTIONAL,
requestTime DVCSTime OPTIONAL,
requester [0] GeneralNames OPTIONAL,
requestPolicy [1] PolicyInformation OPTIONAL,
dvcs [2] GeneralNames OPTIONAL,
dataLocations [3] GeneralNames OPTIONAL,
extensions [4] IMPLICIT Extensions OPTIONAL
}
DVCSRequestInformation ::= SEQUENCE {
version INTEGER DEFAULT 1 ,
service ServiceType,
nonce Nonce OPTIONAL,
requestTime DVCSTime OPTIONAL,
requester [0] GeneralNames OPTIONAL,
requestPolicy [1] PolicyInformation OPTIONAL,
dvcs [2] GeneralNames OPTIONAL,
dataLocations [3] GeneralNames OPTIONAL,
extensions [4] IMPLICIT Extensions OPTIONAL
}
DVCSResponse ::= CHOICE
{
dvCertInfo DVCSCertInfo ,
dvErrorNote [0] DVCSErrorNotice
}
DVCSTime ::= CHOICE {
genTime GeneralizedTime,
timeStampToken ContentInfo
}
German Federal Office for Information Security
(Bundesamt für Sicherheit in der Informationstechnik)
https://www.bsi.bund.de/
EaEntry ::= SEQUENCE {
eaCertificate EtsiTs103097Certificate,
aaAccessPoint Url,
itsAccessPoint Url OPTIONAL
}
ECC-CMS-SharedInfo ::= SEQUENCE {
keyInfo AlgorithmIdentifier,
entityUInfo [0] EXPLICIT OCTET STRING OPTIONAL,
suppPubInfo [2] EXPLICIT OCTET STRING }
Common interface for ITS curve points.
EccP256CurvePoint ::= CHOICE {
x-only OCTET STRING (SIZE (32)),
fill NULL,
compressed-y-0 OCTET STRING (SIZE (32)),
compressed-y-1 OCTET STRING (SIZE (32)),
uncompressedP256 SEQUENCE {
x OCTET STRING (SIZE (32)),
y OCTET STRING (SIZE (32))
}
}
EccP384CurvePoint ::= CHOICE {
x-only OCTET STRING (SIZE (48)),
fill NULL,
compressed-y-0 OCTET STRING (SIZE (48)),
compressed-y-1 OCTET STRING (SIZE (48)),
uncompressedP384 SEQUENCE {
x OCTET STRING (SIZE (48)),
y OCTET STRING (SIZE (48))
}
}
EcdsaP256Signature ::= SEQUENCE {
rSig EccP256CurvePoint,
sSig OCTET STRING (SIZE (32))
}
EcdsaP384Signature ::= SEQUENCE {
rSig EccP384CurvePoint,
sSig OCTET STRING (SIZE (48))
}
an Iso7816ECDSAPublicKeyStructure structure.
EciesP256EncryptedKey ::= SEQUENCE {
v EccP256CurvePoint,
c OCTET STRING (SIZE (16)),
t OCTET STRING (SIZE (16))
}
EcSignature::= CHOICE {
encryptedEcSignature EtsiTs103097Data-Encrypted{EtsiTs103097Data-SignedExternalPayload},
ecSignature EtsiTs103097Data-SignedExternalPayload
}
Edwards Elliptic Curve Object Identifiers (RFC 8410)
EeEcaCertRequest ::= SEQUENCE {
version Uint8 (2),
generationTime Time32,
type CertificateType,
tbsCert ToBeSignedCertificate (WITH COMPONENTS {
...,
id (WITH COMPONENTS {
...,
linkageData ABSENT
}),
cracaId ('000000'H),
crlSeries (0),
appPermissions ABSENT,
certIssuePermissions ABSENT,
certRequestPermissions PRESENT,
verifyKeyIndicator (WITH COMPONENTS {
verificationKey
})
}),
canonicalId IA5String OPTIONAL,
...
EeRaCertRequest ::= SEQUENCE {
version Uint8 (2),
generationTime Time32,
type CertificateType,
tbsCert ToBeSignedCertificate (WITH COMPONENTS {
...,
cracaId ('000000'H),
crlSeries (0),
appPermissions PRESENT,
certIssuePermissions ABSENT,
certRequestPermissions ABSENT,
verifyKeyIndicator (WITH COMPONENTS {
verificationKey
})
}),
additionalParams AdditionalParams OPTIONAL,
...
OER Element is the result of building the OER definition.
Element suppliers allow us to defer the finalisation of a definition until
the point at which it is used.
Elevation ::= Uint16
RFC 5652 EncryptedContentInfo object.
Parser for RFC 5652 EncryptedContentInfo object.
RFC 5652 EncryptedData object.
EncryptedData ::= SEQUENCE {
recipients SequenceOfRecipientInfo,
ciphertext SymmetricCiphertext
}
EncryptedDataEncryptionKey ::= CHOICE {
eciesNistP256 EciesP256EncryptedKey,
eciesBrainpoolP256r1 EciesP256EncryptedKey,
...
EncryptedKey ::= CHOICE {
encryptedValue EncryptedValue, -- deprecated
envelopedData [0] EnvelopedData }
id-cmc-encryptedPOP OBJECT IDENTIFIER ::= {id-cmc 9}
EncryptedPOP ::= SEQUENCE {
request TaggedRequest,
cms ContentInfo,
thePOPAlgID AlgorithmIdentifier,
witnessAlgID AlgorithmIdentifier,
witness OCTET STRING
}
EncryptedValue
Please see reference to pending deprecation in favour of EnvelopedData.
Implementation of the EncryptionInfo element defined in RFC 4998:
EncryptionKey ::= CHOICE {
public PublicEncryptionKey,
symmetric SymmetricEncryptionKey
}
EndEntityType ::= BIT STRING { app(0), enrol(1) } (SIZE (8)) (ALL EXCEPT ())
RFC 5652 EnvelopedData object.
Parser of RFC 5652
EnvelopedData object.
ErrorMsgContent ::= SEQUENCE {
pKIStatusInfo PKIStatusInfo,
errorCode INTEGER OPTIONAL,
-- implementation-specific error codes
errorDetails PKIFreeText OPTIONAL
-- implementation-specific error details
}
Ieee1609Dot2HeaderInfoContributedExtensions
IEEE1609DOT2-HEADERINFO-CONTRIBUTED-EXTENSION ::= {
{EtsiOriginatingHeaderInfoExtension IDENTIFIED BY etsiHeaderInfoContributorId},
...
EtsiTs102941CrlRequest::= SEQUENCE {
issuerId HashedId8,
lastKnownUpdate Time32 OPTIONAL
}
EtsiTs102941CtlRequest::= SEQUENCE {
issuerId HashedId8,
lastKnownCtlSequence INTEGER (0..255) OPTIONAL
}
EtsiTs102941Data::= SEQUENCE {
version Version (v1),
content EtsiTs102941DataContent
}
EtsiTs102941DataContent ::= CHOICE {
enrolmentRequest InnerEcRequestSignedForPop,
enrolmentResponse InnerEcResponse,
authorizationRequest InnerAtRequest,
authorizationResponse InnerAtResponse,
certificateRevocationList ToBeSignedCrl,
EtsiTs102941DeltaCtlRequest::= EtsiTs102941CtlRequest
and
EtsiTs102941CtlRequest::= SEQUENCE {
issuerId HashedId8,
lastKnownCtlSequence INTEGER (0..255) OPTIONAL
}
EtsiTs103097Data::=Ieee1609Dot2Data (WITH COMPONENTS {...,
content (WITH COMPONENTS {...,
signedData (WITH COMPONENTS {..., -- constraints on signed data headers
tbsData (WITH COMPONENTS {
headerInfo (WITH COMPONENTS {...,
generationTime PRESENT,
p2pcdLearningRequest ABSENT,
missingCrlIdentifier ABSENT
})
}),
signer (WITH COMPONENTS {..., --constraints on the certificate
certificate ((WITH COMPONENT (EtsiTs103097Certificate))^(SIZE(1)))
})
}),
encryptedData (WITH COMPONENTS {..., -- constraints on encrypted data headers
recipients (WITH COMPONENT (
(WITH COMPONENTS {...,
pskRecipInfo ABSENT,
symmRecipInfo ABSENT,
rekRecipInfo ABSENT
})
))
}),
signedCertificateRequest ABSENT
})
})
EtsiTs103097Data-Signed {ToBeSignedDataContent} ::= EtsiTs103097Data (WITH COMPONENTS {...,
content (WITH COMPONENTS {
signedData (WITH COMPONENTS {...,
tbsData (WITH COMPONENTS {
payload (WITH COMPONENTS {
data (WITH COMPONENTS {...,
content (WITH COMPONENTS {
unsecuredData (CONTAINING ToBeSignedDataContent)
})
}) PRESENT
})
})
})
})
})
EtsiTs103097Data-Signed {ToBeSignedDataContent} ::= EtsiTs103097Data (WITH COMPONENTS {...,
content (WITH COMPONENTS {
signedData (WITH COMPONENTS {...,
tbsData (WITH COMPONENTS {
payload (WITH COMPONENTS {
data (WITH COMPONENTS {...,
content (WITH COMPONENTS {
unsecuredData (CONTAINING ToBeSignedDataContent)
})
}) PRESENT
})
})
})
})
})
EtsiTs103097ExtensionModule
{itu-t(0) identified-organization(4) etsi(0) itsDomain(5) wg5(5) secHeaders(103097) extension(2) version1(1)}
EtsiTs103097Module
{itu-t(0) identified-organization(4) etsi(0) itsDomain(5) wg5(5) secHeaders(103097) core(1) version2(2)}
RFC 5544:
Binding Documents with Time-Stamps; Evidence object.
RFC 4998:
Evidence Record Syntax (ERS)
ExplicitCertificate ::= CertificateBase (WITH COMPONENTS {...,
type(explicit),
toBeSigned(WITH COMPONENTS {...,
verifyKeyIndicator(WITH COMPONENTS {verificationKey})
}),
signature PRESENT
})
ExtendedFailInfo ::= SEQUENCE {
failInfoOID OBJECT IDENTIFIER,
failInfoValue ANY DEFINED BY failInfoOID
}
Extension {EXT-TYPE : ExtensionTypes} ::= SEQUENCE {
id EXT-TYPE.&extId({ExtensionTypes}),
content EXT-TYPE.&ExtContent({ExtensionTypes}{@.id})
}
ExtensionReq ::= SEQUENCE SIZE (1..MAX) OF Extension
ExtId ::= INTEGER(0..255)
RFC 5084: GCMParameters object.
RFC 5990 GenericHybridParameters class.
GenMsgContent ::= SEQUENCE OF InfoTypeAndValue
GeographicRegion ::= CHOICE {
circularRegion CircularRegion,
rectangularRegion SequenceOfRectangularRegion,
polygonalRegion PolygonalRegion,
identifiedRegion SequenceOfIdentifiedRegion,
...
id-cmc-getCert OBJECT IDENTIFIER ::= {id-cmc 15}
GetCert ::= SEQUENCE {
issuerName GeneralName,
serialNumber INTEGER }
id-cmc-getCRL OBJECT IDENTIFIER ::= {id-cmc 16}
GetCRL ::= SEQUENCE {
issuerName Name,
cRLName GeneralName OPTIONAL,
time GeneralizedTime OPTIONAL,
reasons ReasonFlags OPTIONAL }
GNU project OID collection
GroupLinkageValue ::= SEQUENCE {
jValue OCTET STRING (SIZE(4))
value OCTET STRING (SIZE(9))
}
HashAlgorithm ::= ENUMERATED {
sha256,
...,
sha384
}
HashedData::= CHOICE {
sha256HashedData OCTET STRING (SIZE(32)),
...,
sha384HashedData OCTET STRING (SIZE(48)),
reserved OCTET STRING (SIZE(32))
}
HeaderInfo ::= SEQUENCE {
psid Psid,
generationTime Time64 OPTIONAL,
expiryTime Time64 OPTIONAL,
generationLocation ThreeDLocation OPTIONAL,
p2pcdLearningRequest HashedId3 OPTIONAL,
missingCrlIdentifier MissingCrlIdentifier OPTIONAL,
encryptionKey EncryptionKey OPTIONAL,
...,
inlineP2pcdRequest SequenceOfHashedId3 OPTIONAL,
requestedCertificate Certificate OPTIONAL,
pduFunctionalType PduFunctionalType OPTIONAL,
contributedExtensions ContributedExtensionBlocks OPTIONAL
}
HeaderInfoContributorId ::= INTEGER (0..255)
etsiHeaderInfoContributorId HeaderInfoContributorId ::= 2
Hostname ::= UTF8String (SIZE(0..255))
IANA:
{ iso(1) identifier-organization(3) dod(6) internet(1) } == IETF defined things
{ ISOITU(2) intorgs(23) icao(136) }
IdentifiedRegion ::= CHOICE {
countryOnly CountryOnly,
countryAndRegions CountryAndRegions,
countryAndSubregions CountryAndSubregions,
...
id-cmc-identityProofV2 OBJECT IDENTIFIER ::= { id-cmc 34 }
identityProofV2 ::= SEQUENCE {
proofAlgID AlgorithmIdentifier,
macAlgId AlgorithmIdentifier,
witness OCTET STRING
}
OER forward definition builders for OER encoded data.
Ieee1609Dot2Content ::= CHOICE {
unsecuredData Opaque,
signedData SignedData,
encryptedData EncryptedData,
signedCertificateRequest Opaque,
...
Ieee1609Dot2Data ::= SEQUENCE {
protocolVersion Uint8(3),
content Ieee1609Dot2Content
}
ImplicitCertificate ::= CertificateBase (WITH COMPONENTS {...,
type(implicit),
toBeSigned(WITH COMPONENTS {...,
verifyKeyIndicator(WITH COMPONENTS {reconstructionValue})
}),
signature ABSENT
})
Example InfoTypeAndValue contents include, but are not limited
to, the following (un-comment in this ASN.1 module and use as
appropriate for a given environment):
InnerAtRequest ::= SEQUENCE {
publicKeys PublicKeys,
hmacKey OCTET STRING (SIZE(32)),
sharedAtRequest SharedAtRequest,
ecSignature EcSignature,
...
InnerAtResponse ::= SEQUENCE {
requestHash OCTET STRING (SIZE(16)),
responseCode AuthorizationResponseCode,
certificate EtsiTs103097Certificate OPTIONAL,
...
InnerEcRequest ::= SEQUENCE {
itsId OCTET STRING,
certificateFormat CertificateFormat,
publicKeys PublicKeys,
requestedSubjectAttributes CertificateSubjectAttributes (WITH COMPONENTS{..., certIssuePermissions ABSENT}),
...
InnerEcResponse ::= SEQUENCE {
requestHash OCTET STRING (SIZE(16)),
responseCode EnrolmentResponseCode,
certificate EtsiTs103097Certificate OPTIONAL,
...
ISISMT -- Industrial Signature Interoperability Specification
OIDS from ISO/IEC 10118-3:2004
RFC 5652: IssuerAndSerialNumber object.
IssuerIdentifier ::= CHOICE {
sha256AndDigest HashedId8,
self HashAlgorithm,
...,
sha384AndDigest HashedId8
}
IValue ::= Uint16
RFC 5652:
Content encryption key delivery mechanisms.
RFC 5652:
Content encryption key delivery mechanisms.
KemBMParameter ::= SEQUENCE {
kdf AlgorithmIdentifier{KEY-DERIVATION, {...}},
len INTEGER (1..MAX),
mac AlgorithmIdentifier{MAC-ALGORITHM, {...}}
}
KemCiphertextInfo ::= SEQUENCE {
kem AlgorithmIdentifier{KEM-ALGORITHM, {...}},
ct OCTET STRING
}
Defined in RFC 9629.
RFC 5652:
Content encryption key delivery mechanisms.
RFC 5652:
Content encryption key delivery mechanisms.
KeyRecRepContent ::= SEQUENCE {
status PKIStatusInfo,
newSigCert [0] CMPCertificate OPTIONAL,
caCerts [1] SEQUENCE SIZE (1..MAX) OF
CMPCertificate OPTIONAL,
keyPairHist [2] SEQUENCE SIZE (1..MAX) OF
CertifiedKeyPair OPTIONAL
}
RFC 5652:
Content encryption key delivery mechanisms.
Korea Information Security Agency (KISA)
({iso(1) member-body(2) kr(410) kisa(200004)})
KnownLatitude ::= NinetyDegreeInt (min..max)
LaId ::= OCTET STRING (SIZE(2))
Latitude ::= NinetyDegreeInt
The LDSSecurityObject object (V1.8).
LinkageData ::= SEQUENCE {
iCert IValue,
linkage-value LinkageValue,
group-linkage-value GroupLinkageValue OPTIONAL
}
LinkageSeed ::= OCTET STRING (SIZE(16))
LinkageValue ::= OCTET STRING (SIZE(9))
Latitude ::= OneEightyDegreeInt
OneEightyDegreeInt ::= INTEGER {
min (-1799999999),
max (1800000000),
unknown (1800000001)
} (-1799999999..1800000001)
id-cmc-lraPOPWitness OBJECT IDENTIFIER ::= {id-cmc 11}
LraPopWitness ::= SEQUENCE {
pkiDataBodyid BodyPartID,
bodyIds SEQUENCE OF BodyPartID
}
RFC 5544:
Binding Documents with Time-Stamps; MetaData object.
Microsoft
MissingCrlIdentifier ::= SEQUENCE {
cracaId HashedId3,
crlSeries CrlSeries,
...
id-cmc-modCertTemplate OBJECT IDENTIFIER ::= {id-cmc 31}
ModCertTemplate ::= SEQUENCE {
pkiDataReference BodyPartPath,
certReferences BodyPartList,
replace BOOLEAN DEFAULT TRUE,
certTemplate CertTemplate
}
Monetary limit for transactions.
RFC 5753/3278: MQVuserKeyingMaterial object.
Names of authorities which are responsible for the administration of title
registers.
NestedMessageContent ::= PKIMessages
The NetscapeCertType object.
NinetyDegreeInt ::= INTEGER {
min (-900000000),
max (900000000),
unknown (900000001)
}
From RFC 3657
Use of the Camellia Encryption Algorithm
in Cryptographic Message Syntax (CMS)
OcspIdentifier ::= SEQUENCE {
ocspResponderID ResponderID, -- As in OCSP response data
producedAt GeneralizedTime -- As in OCSP response data
}
OcspListID ::= SEQUENCE {
ocspResponses SEQUENCE OF OcspResponsesID
}
OcspResponsesID ::= SEQUENCE {
ocspIdentifier OcspIdentifier,
ocspRepHash OtherHash OPTIONAL
}
OER sequence decoder, decodes prefix and determines which optional
parts are available.
A placeholder object that represents an absent item.
OIW organization's OIDs:
NinetyDegreeInt ::= INTEGER {
min (-900000000),
max (900000000),
unknown (900000001)
}
OOBCert ::= CMPCertificate
OOBCertHash ::= SEQUENCE {
hashAlg [0] AlgorithmIdentifier OPTIONAL,
certId [1] CertId OPTIONAL,
hashVal BIT STRING
-- hashVal is calculated over the DER encoding of the
-- self-signed certificate with the identifier certID.
RFC 5652:
Content encryption key delivery mechanisms.
RFC 5652: OriginatorInfo object.
RFC 5652:
Content encryption key delivery mechanisms.
OtherHash ::= CHOICE {
sha1Hash OtherHashValue, -- This contains a SHA-1 hash
otherHash OtherHashAlgAndValue
}
RFC 5652: OtherKeyAttribute object.
OtherMsg ::= SEQUENCE {
bodyPartID BodyPartID,
otherMsgType OBJECT IDENTIFIER,
otherMsgValue ANY DEFINED BY otherMsgType }
RFC 5652:
Content encryption key delivery mechanisms.
RFC 5652: OtherRevocationInfoFormat object.
OtherRevRefs ::= SEQUENCE {
otherRevRefType OtherRevRefType,
otherRevRefs ANY DEFINED BY otherRevRefType
}
OtherRevRefType ::= OBJECT IDENTIFIER
OtherRevVals ::= SEQUENCE {
otherRevValType OtherRevValType,
otherRevVals ANY DEFINED BY OtherRevValType
}
OtherRevValType ::= OBJECT IDENTIFIER
Other info implements the choice component of CMCStatusInfoV2.
EAC encoding date object
Implementation of PartialHashtree, as defined in RFC 4998.
RFC 5652:
Content encryption key delivery mechanisms.
PathProcInput ::= SEQUENCE {
acceptablePolicySet SEQUENCE SIZE (1..MAX) OF
PolicyInformation,
inhibitPolicyMapping BOOLEAN DEFAULT FALSE,
explicitPolicyReqd [0] BOOLEAN DEFAULT FALSE ,
inhibitAnyPolicy [1] BOOLEAN DEFAULT FALSE
}
PBMParameter ::= SEQUENCE {
salt OCTET STRING,
-- note: implementations MAY wish to limit acceptable sizes
-- of this string to values appropriate for their environment
-- in order to reduce the risk of denial-of-service attacks
owf AlgorithmIdentifier,
-- AlgId for a One-Way Function (SHA-1 recommended)
iterationCount INTEGER,
-- number of times the OWF is applied
-- note: implementations MAY wish to limit acceptable sizes
-- of this integer to values appropriate for their environment
-- in order to reduce the risk of denial-of-service attacks
mac AlgorithmIdentifier
-- the MAC AlgId (e.g., DES-MAC, Triple-DES-MAC [PKCS11],
} -- or HMAC [RFC2104, RFC2202])
PduFunctionalType ::= INTEGER (0..255)
tlsHandshake PduFunctionalType ::= 1
iso21177ExtendedAuth PduFunctionalType ::= 2
PendInfo ::= SEQUENCE {
pendToken OCTET STRING,
pendTime GeneralizedTime
}
PKIBody ::= CHOICE { -- message-specific body elements
ir [0] CertReqMessages, --Initialization Request
ip [1] CertRepMessage, --Initialization Response
cr [2] CertReqMessages, --Certification Request
cp [3] CertRepMessage, --Certification Response
p10cr [4] CertificationRequest, --imported from [PKCS10]
popdecc [5] POPODecKeyChallContent, --pop Challenge
popdecr [6] POPODecKeyRespContent, --pop Response
kur [7] CertReqMessages, --Key Update Request
kup [8] CertRepMessage, --Key Update Response
krr [9] CertReqMessages, --Key Recovery Request
krp [10] KeyRecRepContent, --Key Recovery Response
rr [11] RevReqContent, --Revocation Request
rp [12] RevRepContent, --Revocation Response
ccr [13] CertReqMessages, --Cross-Cert.
PKIConfirmContent ::= NULL
PKIData ::= SEQUENCE {
controlSequence SEQUENCE SIZE(0..MAX) OF TaggedAttribute,
reqSequence SEQUENCE SIZE(0..MAX) OF TaggedRequest,
cmsSequence SEQUENCE SIZE(0..MAX) OF TaggedContentInfo,
otherMsgSequence SEQUENCE SIZE(0..MAX) OF OtherMsg
}
PKIFailureInfo ::= BIT STRING {
badAlg (0),
-- unrecognized or unsupported Algorithm Identifier
badMessageCheck (1), -- integrity check failed (e.g., signature did not verify)
badRequest (2),
-- transaction not permitted or supported
badTime (3), -- messageTime was not sufficiently close to the system time, as defined by local policy
badCertId (4), -- no certificate could be found matching the provided criteria
badDataFormat (5),
-- the data submitted has the wrong format
wrongAuthority (6), -- the authority indicated in the request is different from the one creating the response token
incorrectData (7), -- the requester's data is incorrect (for notary services)
missingTimeStamp (8), -- when the timestamp is missing but should be there (by policy)
badPOP (9) -- the proof-of-possession failed
certRevoked (10),
certConfirmed (11),
wrongIntegrity (12),
badRecipientNonce (13),
timeNotAvailable (14),
-- the TSA's time source is not available
unacceptedPolicy (15),
-- the requested TSA policy is not supported by the TSA
unacceptedExtension (16),
-- the requested extension is not supported by the TSA
addInfoNotAvailable (17)
-- the additional information requested could not be understood
-- or is not available
badSenderNonce (18),
badCertTemplate (19),
signerNotTrusted (20),
transactionIdInUse (21),
unsupportedVersion (22),
notAuthorized (23),
systemUnavail (24),
systemFailure (25),
-- the request cannot be handled due to system failure
duplicateCertReq (26)
PKIFreeText ::= SEQUENCE SIZE (1..MAX) OF UTF8String
-- text encoded as UTF-8 String [RFC3629] (note: each
-- UTF8String MAY include an [RFC3066] language tag
-- to indicate the language of the contained text
-- see [RFC2482] for details)
PKIHeader ::= SEQUENCE {
pvno INTEGER { cmp1999(1), cmp2000(2) },
sender GeneralName,
-- identifies the sender
recipient GeneralName,
-- identifies the intended recipient
messageTime [0] GeneralizedTime OPTIONAL,
-- time of production of this message (used when sender
-- believes that the transport will be "suitable"; i.e.,
-- that the time will still be meaningful upon receipt)
protectionAlg [1] AlgorithmIdentifier OPTIONAL,
-- algorithm used for calculation of protection bits
senderKID [2] KeyIdentifier OPTIONAL,
recipKID [3] KeyIdentifier OPTIONAL,
-- to identify specific keys used for protection
transactionID [4] OCTET STRING OPTIONAL,
-- identifies the transaction; i.e., this will be the same in
-- corresponding request, response, certConf, and PKIConf
-- messages
senderNonce [5] OCTET STRING OPTIONAL,
recipNonce [6] OCTET STRING OPTIONAL,
-- nonces used to provide replay protection, senderNonce
-- is inserted by the creator of this message; recipNonce
-- is a nonce previously inserted in a related message by
-- the intended recipient of this message
freeText [7] PKIFreeText OPTIONAL,
-- this may be used to indicate context-specific instructions
-- (this field is intended for human consumption)
generalInfo [8] SEQUENCE SIZE (1..MAX) OF
InfoTypeAndValue OPTIONAL
-- this may be used to convey context-specific information
-- (this field not primarily intended for human consumption)
}
PKIMessage ::= SEQUENCE {
header PKIHeader,
body PKIBody,
protection [0] PKIProtection OPTIONAL,
extraCerts [1] SEQUENCE SIZE (1..MAX) OF CMPCertificate
OPTIONAL
}
PKIMessages ::= SEQUENCE SIZE (1..MAX) OF PKIMessage
PKIPublicationInfo ::= SEQUENCE {
action INTEGER {
dontPublish (0),
pleasePublish (1) },
pubInfos SEQUENCE SIZE (1..MAX) OF SinglePubInfo OPTIONAL }
-- pubInfos MUST NOT be present if action is "dontPublish"
-- (if action is "pleasePublish" and pubInfos is omitted,
-- "dontCare" is assumed)
-- This defines the response message in the protocol
id-cct-PKIResponse OBJECT IDENTIFIER ::= { id-cct 3 }
ResponseBody ::= PKIResponse
PKIResponse ::= SEQUENCE {
controlSequence SEQUENCE SIZE(0..MAX) OF TaggedAttribute,
cmsSequence SEQUENCE SIZE(0..MAX) OF TaggedContentInfo,
otherMsgSequence SEQUENCE SIZE(0..MAX) OF OtherMsg
}
PKIStatus ::= INTEGER {
accepted (0),
-- you got exactly what you asked for
grantedWithMods (1),
-- you got something like what you asked for; the
-- requester is responsible for ascertaining the differences
rejection (2),
-- you don't get it, more information elsewhere in the message
waiting (3),
-- the request body part has not yet been processed; expect to
-- hear more later (note: proper handling of this status
-- response MAY use the polling req/rep PKIMessages specified
-- in Section 5.3.22; alternatively, polling in the underlying
-- transport layer MAY have some utility in this regard)
revocationWarning (4),
-- this message contains a warning that a revocation is
-- imminent
revocationNotification (5),
-- notification that a revocation has occurred
keyUpdateWarning (6)
-- update already done for the oldCertId specified in
-- CertReqMsg
}
PKIStatusInfo ::= SEQUENCE {
status PKIStatus,
statusString PKIFreeText OPTIONAL,
failInfo PKIFailureInfo OPTIONAL
}
Password-based MAC value for use with POPOSigningKeyInput.
PKRecipientInfo ::= SEQUENCE {
recipientId HashedId8,
encKey EncryptedDataEncryptionKey
}
PollRepContent ::= SEQUENCE OF SEQUENCE {
certReqId INTEGER,
checkAfter INTEGER, -- time in seconds
reason PKIFreeText OPTIONAL }
PollReqContent ::= SEQUENCE OF SEQUENCE {
certReqId INTEGER }
SEQUENCE SIZE(3..MAX) OF TwoDLocation
id-cmc-popLinkWitnessV2 OBJECT IDENTIFIER ::= { id-cmc 33 }
PopLinkWitnessV2 ::= SEQUENCE {
keyGenAlgorithm AlgorithmIdentifier,
macAlgorithm AlgorithmIdentifier,
witness OCTET STRING
}
POPODecKeyChallContent ::= SEQUENCE OF Challenge
-- One Challenge per encryption key certification request (in the
-- same order as these requests appear in CertReqMessages).
PreSharedKeyRecipientInfo ::= HashedId8
Attribute to indicate that the certificate holder may sign in the name of a
third person.
Professions, specializations, disciplines, fields of activity, etc.
ProtectedPart ::= SEQUENCE {
header PKIHeader,
body PKIBody
}
Psid ::= INTEGER (0..MAX)
PsidGroupPermissions ::= SEQUENCE {
subjectPermissions SubjectPermissions,
minChainLength INTEGER DEFAULT 1,
chainLengthRange INTEGER DEFAULT 0,
eeType EndEntityType DEFAULT (app)
}
PsidSsp ::= SEQUENCE {
psid Psid,
ssp ServiceSpecificPermissions OPTIONAL
}
PsidSspRange ::= SEQUENCE {
psid Psid,
sspRange SspRange OPTIONAL
}
PublicEncryptionKey ::= SEQUENCE {
supportedSymmAlg SymmAlgorithm,
publicKey BasePublicEncryptionKey
}
This is designed to parse
the PublicKeyAndChallenge created by the KEYGEN tag included by
Mozilla based browsers.
PublicKeys ::= SEQUENCE {
verificationKey PublicVerificationKey,
encryptionKey PublicEncryptionKey OPTIONAL
}
PublicVerificationKey ::= CHOICE {
ecdsaNistP256 EccP256CurvePoint,
ecdsaBrainpoolP256r1 EccP256CurvePoint,
...,
ecdsaBrainpoolP384r1 EccP384CurvePoint
}
PublishTrustAnchors ::= SEQUENCE {
seqNumber INTEGER,
hashAlgorithm AlgorithmIdentifier,
anchorHashes SEQUENCE OF OCTET STRING
}
RFC 5652:
Content encryption key delivery mechanisms.
RFC 5652:
Content encryption key delivery mechanisms.
RFC 5652:
Content encryption key delivery mechanisms.
RecipientInfo ::= CHOICE {
pskRecipInfo PreSharedKeyRecipientInfo,
symmRecipInfo SymmRecipientInfo,
certRecipInfo PKRecipientInfo,
signedDataRecipInfo PKRecipientInfo,
rekRecipInfo PKRecipientInfo
}
RFC 5652:
Content encryption key delivery mechanisms.
RectangularRegion ::= SEQUENCE {
northWest TwoDLocation,
southEast TwoDLocation
}
RegionAndSubregions ::= SEQUENCE {
region Uint8,
subregions SequenceOfUint16
}
Marker for Geographic Region types.
ISIS-MTT-Optional: The certificate requested by the client by inserting the
RetrieveIfAllowed extension in the request, will be returned in this
extension.
Some other restriction regarding the usage of this certificate.
RevAnnContent ::= SEQUENCE {
status PKIStatus,
certId CertId,
willBeRevokedAt GeneralizedTime,
badSinceDate GeneralizedTime,
crlDetails Extensions OPTIONAL
-- extra CRL details (e.g., crl number, reason, location, etc.)
}
RevDetails ::= SEQUENCE {
certDetails CertTemplate,
-- allows requester to specify as much as they can about
-- the cert.
RevocationValues ::= SEQUENCE {
crlVals [0] SEQUENCE OF CertificateList OPTIONAL,
ocspVals [1] SEQUENCE OF BasicOCSPResponse OPTIONAL,
otherRevVals [2] OtherRevVals OPTIONAL}
RevokeRequest ::= SEQUENCE {
issuerName Name,
serialNumber INTEGER,
reason CRLReason,
invalidityDate GeneralizedTime OPTIONAL,
passphrase OCTET STRING OPTIONAL,
comment UTF8String OPTIONAL }
RevRepContent ::= SEQUENCE {
status SEQUENCE SIZE (1..MAX) OF PKIStatusInfo,
-- in same order as was sent in RevReqContent
revCerts [0] SEQUENCE SIZE (1..MAX) OF CertId
OPTIONAL,
-- IDs for which revocation was requested
-- (same order as status)
crls [1] SEQUENCE SIZE (1..MAX) OF CertificateList OPTIONAL
-- the resulting CRLs (there may be more than one)
}
RevReqContent ::= SEQUENCE OF RevDetails
RootCaEntry ::= SEQUENCE {
selfsignedRootCa EtsiTs103097Certificate,
successorTo EtsiTs103097Certificate OPTIONAL
}
GenMsg: {id-it 20}, RootCaCertValue | < absent >
GenRep: {id-it 18}, RootCaKeyUpdateContent | < absent >
RFC 5990 RSA KEM parameters class.
an Iso7816RSAPublicKeyStructure structure.
RFC 7914 scrypt parameters.
RFC 5940:
Additional Cryptographic Message Syntax (CMS) Revocation Information Choices.
SequenceOfCertificate ::= SEQUENCE OF Certificate
SequenceOfIdentifiedRegion ::= SEQUENCE OF IdentifiedRegion
SequenceOfOctetString ::= SEQUENCE (SIZE(0..MAX)) OF OCTET STRING (SIZE(0..MAX))
SequenceOfPsid ::= SEQUENCE OF Psid
SEQUENCE OF PsidGroupPermissions
SequenceOfPsidSsp ::= SEQUENCE OF PsidSsp
SequenceOfRecipientInfo ::= SEQUENCE OF RecipientInfo
SequenceOfRectangularRegion ::= SEQUENCE OF RectangularRegion
SequenceOfRectangularRegion ::= SEQUENCE OF RectangularRegion
SequenceOfUint16 ::= SEQUENCE OF Uint16
SequenceOfUint8 ::= SEQUENCE OF Uint8
ServiceSpecificPermissions ::= CHOICE {
opaque OCTET STRING (SIZE(0..MAX)),
...,
bitmapSsp BitmapSsp
}
ServiceType ::= ENUMERATED { cpd(1), vsd(2), cpkc(3), ccpd(4) }
SharedAtRequest ::= SEQUENCE {
eaId HashedId8,
keyTag OCTET STRING (SIZE(16)),
certificateFormat CertificateFormat,
requestedSubjectAttributes CertificateSubjectAttributes (WITH COMPONENTS{..., certIssuePermissions ABSENT}),
...
Signature ::= CHOICE {
ecdsaNistP256Signature EcdsaP256Signature,
ecdsaBrainpoolP256r1Signature EcdsaP256Signature,
...
SignedData ::= SEQUENCE {
hashId HashAlgorithm,
tbsData ToBeSignedData,
signer SignerIdentifier,
signature Signature
}
Parser for RFC 5652:
SignedData object.
SignedDataPayload ::= SEQUENCE {
data Ieee1609Dot2Data OPTIONAL,
extDataHash HashedData OPTIONAL,
...
SignedPublicKeyAndChallenge ::= SEQUENCE {
publicKeyAndChallenge PublicKeyAndChallenge,
signatureAlgorithm AlgorithmIdentifier,
signature BIT STRING
}
RFC 5652:
Identify who signed the containing
SignerInfo object.SignerIdentifier
This structure allows the recipient of data to determine which
keying material to use to authenticate the data.
RFC 5652:
Signature container per Signer, see
SignerIdentifier.Signer-Location attribute (RFC3126).
SinglePubInfo ::= SEQUENCE {
pubMethod INTEGER {
dontCare (0),
x500 (1),
web (2),
ldap (3) },
pubLocation GeneralName OPTIONAL }
Handler class for dealing with S/MIME Capabilities
Handler for creating a vector S/MIME Capabilities
The SMIMEEncryptionKeyPreference object.
SspRange ::= CHOICE {
opaque SequenceOfOctetString,
all NULL,
...
SubjectAssurance ::= OCTET STRING (SIZE(1))
SubjectPermissions ::= CHOICE {
explicit SequenceOfPsidSspRange,
all NULL,
...
A switch is intended to examine the state of the OER decoding stream
and return an oer definition to based on that state.
SymmAlgorithm ::= ENUMERATED {
aes128Ccm,
...
SymmetricCiphertext ::= CHOICE {
aes128ccm AesCcmCiphertext,
...
SymmetricEncryptionKey ::= CHOICE {
aes128Ccm OCTET STRING(SIZE(16)),
...
SymmRecipientInfo ::= SEQUENCE {
recipientId HashedId8,
encKey SymmetricCiphertext
}
TaggedAttribute from RFC5272
TaggedCertificationRequest ::= SEQUENCE {
bodyPartID BodyPartID,
certificationRequest CertificationRequest
}
TaggedContentInfo ::= SEQUENCE {
bodyPartID BodyPartID,
contentInfo ContentInfo
}
TaggedRequest ::= CHOICE {
tcr [0] TaggedCertificationRequest,
crm [1] CertReqMsg,
orm [2] SEQUENCE {
bodyPartID BodyPartID,
requestMessageType OBJECT IDENTIFIER,
requestMessageValue ANY DEFINED BY requestMessageType
}
}
TargetEtcChain ::= SEQUENCE {
target CertEtcToken,
chain SEQUENCE SIZE (1..MAX) OF
CertEtcToken OPTIONAL,
pathProcInput [0] PathProcInput OPTIONAL
}
ThreeDLocation ::= SEQUENCE {
latitude Latitude,
longitude Longitude,
elevation Elevation
}
RFC 5652:
Dual-mode timestamp format producing either UTCTIme or GeneralizedTime.
Time64 ::= Uint64
RFC 5544
Binding Documents with Time-Stamps; TimeStampAndCRL object.
RFC 5544:
Binding Documents with Time-Stamps; TimeStampedData object.
Parser for RFC 5544:
TimeStampedData object.RFC 5544
Binding Documents with Time-Stamps; TimeStampTokenEvidence object.
TlmEntry::= SEQUENCE {
selfSignedTLMCertificate EtsiTs103097Certificate,
successorTo EtsiTs103097Certificate OPTIONAL,
accessPoint Url
}
ToBeSignedCertificate ::= SEQUENCE {
id CertificateId,
cracaId HashedId3,
crlSeries CrlSeries,
validityPeriod ValidityPeriod,
region GeographicRegion OPTIONAL,
assuranceLevel SubjectAssurance OPTIONAL,
appPermissions SequenceOfPsidSsp OPTIONAL,
certIssuePermissions SequenceOfPsidGroupPermissions OPTIONAL,
certRequestPermissions SequenceOfPsidGroupPermissions OPTIONAL,
canRequestRollover NULL OPTIONAL,
encryptionKey PublicEncryptionKey OPTIONAL,
verifyKeyIndicator VerificationKeyIndicator,
...
ToBeSignedCrl ::= SEQUENCE {
version Version,
thisUpdate Time32,
nextUpdate Time32,
entries SEQUENCE OF CrlEntry,
...
ToBeSignedData ::= SEQUENCE {
payload SignedDataPayload,
headerInfo HeaderInfo
}
ToBeSignedLinkCertificate ::= SEQUENCE {
expiryTime Time32,
certificateHash HashedData,
...
TwoDLocation ::= SEQUENCE {
latitude Latitude,
longitude Longitude
}
Uint64 ::= INTEGER (0..18446744073709551615)
UnknownLongitude ::= OneEightyDegreeInt (unknown)
The value 1,800,000,001 indicates that the longitude was not
available to the sender.
ValidityPeriod ::= SEQUENCE {
start Time32,
duration Duration
}
VerificationKeyIndicator ::= CHOICE {
verificationKey PublicVerificationKey,
reconstructionValue EccP256CurvePoint,
...