| PKIX1 { } |
| DEFINITIONS IMPLICIT TAGS ::= |
| BEGIN |
| id-ce OBJECT IDENTIFIER ::= {joint-iso-ccitt(2) ds(5) 29} |
| id-ce-authorityKeyIdentifier OBJECT IDENTIFIER ::= { id-ce 35 } |
| AuthorityKeyIdentifier ::= SEQUENCE { |
| keyIdentifier [0] KeyIdentifier OPTIONAL, |
| authorityCertIssuer [1] GeneralNames OPTIONAL, |
| authorityCertSerialNumber [2] CertificateSerialNumber OPTIONAL } |
| -- authorityCertIssuer and authorityCertSerialNumber shall both |
| -- be present or both be absgent |
| KeyIdentifier ::= OCTET STRING |
| id-ce-subjectKeyIdentifier OBJECT IDENTIFIER ::= { id-ce 14 } |
| SubjectKeyIdentifier ::= KeyIdentifier |
| id-ce-keyUsage OBJECT IDENTIFIER ::= { id-ce 15 } |
| KeyUsage ::= BIT STRING { |
| digitalSignature (0), |
| nonRepudiation (1), |
| keyEncipherment (2), |
| dataEncipherment (3), |
| keyAgreement (4), |
| keyCertSign (5), |
| cRLSign (6), |
| encipherOnly (7), |
| decipherOnly (8) } |
| id-ce-privateKeyUsagePeriod OBJECT IDENTIFIER ::= { id-ce 16 } |
| PrivateKeyUsagePeriod ::= SEQUENCE { |
| notBefore [0] GeneralizedTime OPTIONAL, |
| notAfter [1] GeneralizedTime OPTIONAL } |
| -- either notBefore or notAfter shall be present |
| id-ce-certificatePolicies OBJECT IDENTIFIER ::= { id-ce 32 } |
| CertificatePolicies ::= SEQUENCE SIZE (1..MAX) OF PolicyInformation |
| PolicyInformation ::= SEQUENCE { |
| policyIdentifier CertPolicyId, |
| policyQualifiers SEQUENCE SIZE (1..MAX) OF |
| PolicyQualifierInfo OPTIONAL } |
| CertPolicyId ::= OBJECT IDENTIFIER |
| PolicyQualifierInfo ::= SEQUENCE { |
| policyQualifierId PolicyQualifierId, |
| qualifier ANY DEFINED BY policyQualifierId } |
| PolicyQualifierId ::= |
| OBJECT IDENTIFIER -- ( id-qt-cps | id-qt-unotice ) |
| CPSuri ::= IA5String |
| UserNotice ::= SEQUENCE { |
| noticeRef NoticeReference OPTIONAL, |
| explicitText DisplayText OPTIONAL} |
| NoticeReference ::= SEQUENCE { |
| organization DisplayText, |
| noticeNumbers SEQUENCE OF INTEGER } |
| DisplayText ::= CHOICE { |
| visibleString VisibleString (SIZE (1..200)), |
| bmpString BMPString (SIZE (1..200)), |
| utf8String UTF8String (SIZE (1..200)) } |
| id-ce-policyMappings OBJECT IDENTIFIER ::= { id-ce 33 } |
| PolicyMappings ::= SEQUENCE SIZE (1..MAX) OF SEQUENCE { |
| issuerDomainPolicy CertPolicyId, |
| subjectDomainPolicy CertPolicyId } |
| DirectoryString ::= CHOICE { |
| teletexString TeletexString (SIZE (1..MAX)), |
| printableString PrintableString (SIZE (1..MAX)), |
| universalString UniversalString (SIZE (1..MAX)), |
| utf8String UTF8String (SIZE (1..MAX)), |
| bmpString BMPString (SIZE(1..MAX)), |
| -- IA5String is added here to handle old UID encoded as ia5String -- |
| -- See tests/userid/ for more information. It shouldn't be here, -- |
| -- so if it causes problems, considering dropping it. -- |
| ia5String IA5String (SIZE(1..MAX)) } |
| id-ce-subjectAltName OBJECT IDENTIFIER ::= { id-ce 17 } |
| SubjectAltName ::= GeneralNames |
| GeneralNames ::= SEQUENCE SIZE (1..MAX) OF GeneralName |
| GeneralName ::= CHOICE { |
| otherName [0] AnotherName, |
| rfc822Name [1] IA5String, |
| dNSName [2] IA5String, |
| x400Address [3] ORAddress, |
| directoryName [4] EXPLICIT RDNSequence, --Name, |
| ediPartyName [5] EDIPartyName, |
| uniformResourceIdentifier [6] IA5String, |
| iPAddress [7] OCTET STRING, |
| registeredID [8] OBJECT IDENTIFIER } |
| AnotherName ::= SEQUENCE { |
| type-id OBJECT IDENTIFIER, |
| value [0] EXPLICIT ANY DEFINED BY type-id } |
| EDIPartyName ::= SEQUENCE { |
| nameAssigner [0] DirectoryString OPTIONAL, |
| partyName [1] DirectoryString } |
| id-ce-issuerAltName OBJECT IDENTIFIER ::= { id-ce 18 } |
| IssuerAltName ::= GeneralNames |
| id-ce-subjectDirectoryAttributes OBJECT IDENTIFIER ::= { id-ce 9 } |
| SubjectDirectoryAttributes ::= SEQUENCE SIZE (1..MAX) OF Attribute |
| id-ce-basicConstraints OBJECT IDENTIFIER ::= { id-ce 19 } |
| BasicConstraints ::= SEQUENCE { |
| cA BOOLEAN DEFAULT FALSE, |
| pathLenConstraint INTEGER (0..MAX) OPTIONAL } |
| id-ce-nameConstraints OBJECT IDENTIFIER ::= { id-ce 30 } |
| NameConstraints ::= SEQUENCE { |
| permittedSubtrees [0] GeneralSubtrees OPTIONAL, |
| excludedSubtrees [1] GeneralSubtrees OPTIONAL } |
| GeneralSubtrees ::= SEQUENCE SIZE (1..MAX) OF GeneralSubtree |
| GeneralSubtree ::= SEQUENCE { |
| base GeneralName, |
| minimum [0] BaseDistance DEFAULT 0, |
| maximum [1] BaseDistance OPTIONAL } |
| BaseDistance ::= INTEGER (0..MAX) |
| id-ce-policyConstraints OBJECT IDENTIFIER ::= { id-ce 36 } |
| PolicyConstraints ::= SEQUENCE { |
| requireExplicitPolicy [0] SkipCerts OPTIONAL, |
| inhibitPolicyMapping [1] SkipCerts OPTIONAL } |
| SkipCerts ::= INTEGER (0..MAX) |
| id-ce-cRLDistributionPoints OBJECT IDENTIFIER ::= {id-ce 31} |
| CRLDistributionPoints ::= SEQUENCE SIZE (1..MAX) OF DistributionPoint |
| DistributionPoint ::= SEQUENCE { |
| distributionPoint [0] EXPLICIT DistributionPointName OPTIONAL, |
| reasons [1] ReasonFlags OPTIONAL, |
| cRLIssuer [2] GeneralNames OPTIONAL |
| } |
| DistributionPointName ::= CHOICE { |
| fullName [0] GeneralNames, |
| nameRelativeToCRLIssuer [1] RelativeDistinguishedName |
| } |
| ReasonFlags ::= BIT STRING { |
| unused (0), |
| keyCompromise (1), |
| cACompromise (2), |
| affiliationChanged (3), |
| superseded (4), |
| cessationOfOperation (5), |
| certificateHold (6), |
| privilegeWithdrawn (7), |
| aACompromise (8) } |
| id-ce-extKeyUsage OBJECT IDENTIFIER ::= {id-ce 37} |
| ExtKeyUsageSyntax ::= SEQUENCE SIZE (1..MAX) OF KeyPurposeId |
| KeyPurposeId ::= OBJECT IDENTIFIER |
| id-kp-serverAuth OBJECT IDENTIFIER ::= { id-kp 1 } |
| id-kp-clientAuth OBJECT IDENTIFIER ::= { id-kp 2 } |
| id-kp-codeSigning OBJECT IDENTIFIER ::= { id-kp 3 } |
| id-kp-emailProtection OBJECT IDENTIFIER ::= { id-kp 4 } |
| id-kp-ipsecEndSystem OBJECT IDENTIFIER ::= { id-kp 5 } |
| id-kp-ipsecTunnel OBJECT IDENTIFIER ::= { id-kp 6 } |
| id-kp-ipsecUser OBJECT IDENTIFIER ::= { id-kp 7 } |
| id-kp-timeStamping OBJECT IDENTIFIER ::= { id-kp 8 } |
| id-pe-authorityInfoAccess OBJECT IDENTIFIER ::= { id-pe 1 } |
| AuthorityInfoAccessSyntax ::= |
| SEQUENCE SIZE (1..MAX) OF AccessDescription |
| AccessDescription ::= SEQUENCE { |
| accessMethod OBJECT IDENTIFIER, |
| accessLocation GeneralName } |
| id-ce-cRLNumber OBJECT IDENTIFIER ::= { id-ce 20 } |
| CRLNumber ::= INTEGER (0..MAX) |
| id-ce-issuingDistributionPoint OBJECT IDENTIFIER ::= { id-ce 28 } |
| IssuingDistributionPoint ::= SEQUENCE { |
| distributionPoint [0] DistributionPointName OPTIONAL, |
| onlyContainsUserCerts [1] BOOLEAN DEFAULT FALSE, |
| onlyContainsCACerts [2] BOOLEAN DEFAULT FALSE, |
| onlySomeReasons [3] ReasonFlags OPTIONAL, |
| indirectCRL [4] BOOLEAN DEFAULT FALSE } |
| id-ce-deltaCRLIndicator OBJECT IDENTIFIER ::= { id-ce 27 } |
| BaseCRLNumber ::= CRLNumber |
| id-ce-cRLReasons OBJECT IDENTIFIER ::= { id-ce 21 } |
| CRLReason ::= ENUMERATED { |
| unspecified (0), |
| keyCompromise (1), |
| cACompromise (2), |
| affiliationChanged (3), |
| superseded (4), |
| cessationOfOperation (5), |
| certificateHold (6), |
| removeFromCRL (8) } |
| id-ce-certificateIssuer OBJECT IDENTIFIER ::= { id-ce 29 } |
| CertificateIssuer ::= GeneralNames |
| id-ce-holdInstructionCode OBJECT IDENTIFIER ::= { id-ce 23 } |
| HoldInstructionCode ::= OBJECT IDENTIFIER |
| holdInstruction OBJECT IDENTIFIER ::= |
| {joint-iso-itu-t(2) member-body(2) us(840) x9cm(10040) 2} |
| id-holdinstruction-none OBJECT IDENTIFIER ::= |
| {holdInstruction 1} -- deprecated |
| id-holdinstruction-callissuer OBJECT IDENTIFIER ::= |
| {holdInstruction 2} |
| id-holdinstruction-reject OBJECT IDENTIFIER ::= |
| {holdInstruction 3} |
| id-ce-invalidityDate OBJECT IDENTIFIER ::= { id-ce 24 } |
| InvalidityDate ::= GeneralizedTime |
| VisibleString ::= [UNIVERSAL 26] IMPLICIT OCTET STRING |
| NumericString ::= [UNIVERSAL 18] IMPLICIT OCTET STRING |
| IA5String ::= [UNIVERSAL 22] IMPLICIT OCTET STRING |
| TeletexString ::= [UNIVERSAL 20] IMPLICIT OCTET STRING |
| PrintableString ::= [UNIVERSAL 19] IMPLICIT OCTET STRING |
| UniversalString ::= [UNIVERSAL 28] IMPLICIT OCTET STRING |
| -- UniversalString is defined in ASN.1:1993 |
| BMPString ::= [UNIVERSAL 30] IMPLICIT OCTET STRING |
| -- BMPString is the subtype of UniversalString and models |
| -- the Basic Multilingual Plane of ISO/IEC/ITU 10646-1 |
| UTF8String ::= [UNIVERSAL 12] IMPLICIT OCTET STRING |
| -- The content of this type conforms to RFC 2279. |
| id-pkix OBJECT IDENTIFIER ::= |
| { iso(1) identified-organization(3) dod(6) internet(1) |
| security(5) mechanisms(5) pkix(7) } |
| id-pe OBJECT IDENTIFIER ::= { id-pkix 1 } |
| -- arc for private certificate extensions |
| id-qt OBJECT IDENTIFIER ::= { id-pkix 2 } |
| -- arc for policy qualifier types |
| id-kp OBJECT IDENTIFIER ::= { id-pkix 3 } |
| -- arc for extended key purpose OIDS |
| id-ad OBJECT IDENTIFIER ::= { id-pkix 48 } |
| -- arc for access descriptors |
| id-qt-cps OBJECT IDENTIFIER ::= { id-qt 1 } |
| -- OID for CPS qualifier |
| id-qt-unotice OBJECT IDENTIFIER ::= { id-qt 2 } |
| -- OID for user notice qualifier |
| id-ad-ocsp OBJECT IDENTIFIER ::= { id-ad 1 } |
| id-ad-caIssuers OBJECT IDENTIFIER ::= { id-ad 2 } |
| Attribute ::= SEQUENCE { |
| type AttributeType, |
| values SET OF AttributeValue |
| -- at least one value is required -- |
| } |
| AttributeType ::= OBJECT IDENTIFIER |
| AttributeValue ::= ANY DEFINED BY type |
| AttributeTypeAndValue ::= SEQUENCE { |
| type AttributeType, |
| value AttributeValue } |
| id-at OBJECT IDENTIFIER ::= {joint-iso-ccitt(2) ds(5) 4} |
| id-at-initials AttributeType ::= { id-at 43 } |
| X520initials ::= DirectoryString |
| id-at-generationQualifier AttributeType ::= { id-at 44 } |
| X520generationQualifier ::= DirectoryString |
| id-at-surname AttributeType ::= { id-at 4 } |
| X520surName ::= DirectoryString |
| id-at-givenName AttributeType ::= { id-at 42 } |
| X520givenName ::= DirectoryString |
| id-at-name AttributeType ::= { id-at 41 } |
| X520name ::= DirectoryString |
| id-at-commonName AttributeType ::= {id-at 3} |
| X520CommonName ::= DirectoryString |
| id-at-localityName AttributeType ::= {id-at 7} |
| X520LocalityName ::= DirectoryString |
| id-at-stateOrProvinceName AttributeType ::= {id-at 8} |
| X520StateOrProvinceName ::= DirectoryString |
| id-at-organizationName AttributeType ::= {id-at 10} |
| X520OrganizationName ::= DirectoryString |
| id-at-organizationalUnitName AttributeType ::= {id-at 11} |
| X520OrganizationalUnitName ::= DirectoryString |
| id-at-title AttributeType ::= {id-at 12} |
| X520Title ::= DirectoryString |
| id-at-description AttributeType ::= {id-at 13} |
| X520Description ::= DirectoryString |
| id-at-dnQualifier AttributeType ::= {id-at 46} |
| X520dnQualifier ::= PrintableString |
| id-at-countryName AttributeType ::= {id-at 6} |
| X520countryName ::= PrintableString (SIZE (2)) -- IS 3166 codes |
| id-at-serialNumber AttributeType ::= {id-at 5} |
| X520serialNumber ::= PrintableString |
| id-at-telephoneNumber AttributeType ::= {id-at 20} |
| X520telephoneNumber ::= PrintableString |
| id-at-facsimileTelephoneNumber AttributeType ::= {id-at 23} |
| X520facsimileTelephoneNumber ::= PrintableString |
| id-at-pseudonym AttributeType ::= {id-at 65} |
| X520pseudonym ::= DirectoryString |
| id-at-name AttributeType ::= {id-at 41} |
| X520name ::= DirectoryString |
| id-at-streetAddress AttributeType ::= {id-at 9} |
| X520streetAddress ::= DirectoryString |
| id-at-postalAddress AttributeType ::= {id-at 16} |
| X520postalAddress ::= PostalAddress |
| PostalAddress ::= SEQUENCE OF DirectoryString |
| -- Legacy attributes |
| pkcs OBJECT IDENTIFIER ::= |
| { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) } |
| pkcs-9 OBJECT IDENTIFIER ::= |
| { pkcs 9 } |
| emailAddress AttributeType ::= { pkcs-9 1 } |
| Pkcs9email ::= IA5String (SIZE (1..ub-emailaddress-length)) |
| Name ::= CHOICE { -- only one possibility for now -- |
| rdnSequence RDNSequence } |
| RDNSequence ::= SEQUENCE OF RelativeDistinguishedName |
| DistinguishedName ::= RDNSequence |
| RelativeDistinguishedName ::= |
| SET SIZE (1 .. MAX) OF AttributeTypeAndValue |
| Certificate ::= SEQUENCE { |
| tbsCertificate TBSCertificate, |
| signatureAlgorithm AlgorithmIdentifier, |
| signature BIT STRING } |
| TBSCertificate ::= SEQUENCE { |
| version [0] EXPLICIT Version DEFAULT v1, |
| serialNumber CertificateSerialNumber, |
| signature AlgorithmIdentifier, |
| issuer Name, |
| validity Validity, |
| subject Name, |
| subjectPublicKeyInfo SubjectPublicKeyInfo, |
| issuerUniqueID [1] IMPLICIT UniqueIdentifier OPTIONAL, |
| -- If present, version shall be v2 or v3 |
| subjectUniqueID [2] IMPLICIT UniqueIdentifier OPTIONAL, |
| -- If present, version shall be v2 or v3 |
| extensions [3] EXPLICIT Extensions OPTIONAL |
| -- If present, version shall be v3 -- |
| } |
| Version ::= INTEGER { v1(0), v2(1), v3(2) } |
| CertificateSerialNumber ::= INTEGER |
| Validity ::= SEQUENCE { |
| notBefore Time, |
| notAfter Time } |
| Time ::= CHOICE { |
| utcTime UTCTime, |
| generalTime GeneralizedTime } |
| UniqueIdentifier ::= BIT STRING |
| SubjectPublicKeyInfo ::= SEQUENCE { |
| algorithm AlgorithmIdentifier, |
| subjectPublicKey BIT STRING } |
| Extensions ::= SEQUENCE SIZE (1..MAX) OF Extension |
| Extension ::= SEQUENCE { |
| extnID OBJECT IDENTIFIER, |
| critical BOOLEAN DEFAULT FALSE, |
| extnValue OCTET STRING } |
| CertificateList ::= SEQUENCE { |
| tbsCertList TBSCertList, |
| signatureAlgorithm AlgorithmIdentifier, |
| signature BIT STRING } |
| TBSCertList ::= SEQUENCE { |
| version Version OPTIONAL, |
| -- if present, shall be v2 |
| signature AlgorithmIdentifier, |
| issuer Name, |
| thisUpdate Time, |
| nextUpdate Time OPTIONAL, |
| revokedCertificates SEQUENCE OF SEQUENCE { |
| userCertificate CertificateSerialNumber, |
| revocationDate Time, |
| crlEntryExtensions Extensions OPTIONAL |
| -- if present, shall be v2 |
| } OPTIONAL, |
| crlExtensions [0] EXPLICIT Extensions OPTIONAL |
| -- if present, shall be v2 -- |
| } |
| AlgorithmIdentifier ::= SEQUENCE { |
| algorithm OBJECT IDENTIFIER, |
| parameters ANY DEFINED BY algorithm OPTIONAL } |
| -- contains a value of the type |
| -- registered for use with the |
| -- algorithm object identifier value |
| pkcs-1 OBJECT IDENTIFIER ::= { |
| pkcs 1 } |
| rsaEncryption OBJECT IDENTIFIER ::= { pkcs-1 1 } |
| md2WithRSAEncryption OBJECT IDENTIFIER ::= { pkcs-1 2 } |
| md5WithRSAEncryption OBJECT IDENTIFIER ::= { pkcs-1 4 } |
| sha1WithRSAEncryption OBJECT IDENTIFIER ::= { pkcs-1 5 } |
| id-dsa-with-sha1 OBJECT IDENTIFIER ::= { |
| iso(1) member-body(2) us(840) x9-57 (10040) x9algorithm(4) 3 } |
| Dss-Sig-Value ::= SEQUENCE { |
| r INTEGER, |
| s INTEGER |
| } |
| dhpublicnumber OBJECT IDENTIFIER ::= { |
| iso(1) member-body(2) us(840) ansi-x942(10046) number-type(2) 1 } |
| DomainParameters ::= SEQUENCE { |
| p INTEGER, -- odd prime, p=jq +1 |
| g INTEGER, -- generator, g |
| q INTEGER, -- factor of p-1 |
| j INTEGER OPTIONAL, -- subgroup factor, j>= 2 |
| validationParms ValidationParms OPTIONAL } |
| ValidationParms ::= SEQUENCE { |
| seed BIT STRING, |
| pgenCounter INTEGER } |
| id-dsa OBJECT IDENTIFIER ::= { |
| iso(1) member-body(2) us(840) x9-57(10040) x9algorithm(4) 1 } |
| Dss-Parms ::= SEQUENCE { |
| p INTEGER, |
| q INTEGER, |
| g INTEGER } |
| ORAddress ::= SEQUENCE { |
| built-in-standard-attributes BuiltInStandardAttributes, |
| built-in-domain-defined-attributes |
| BuiltInDomainDefinedAttributes OPTIONAL, |
| -- see also teletex-domain-defined-attributes |
| extension-attributes ExtensionAttributes OPTIONAL } |
| BuiltInStandardAttributes ::= SEQUENCE { |
| country-name CountryName OPTIONAL, |
| administration-domain-name AdministrationDomainName OPTIONAL, |
| network-address [0] EXPLICIT NetworkAddress OPTIONAL, |
| -- see also extended-network-address |
| terminal-identifier [1] EXPLICIT TerminalIdentifier OPTIONAL, |
| private-domain-name [2] EXPLICIT PrivateDomainName OPTIONAL, |
| organization-name [3] EXPLICIT OrganizationName OPTIONAL, |
| -- see also teletex-organization-name |
| numeric-user-identifier [4] EXPLICIT NumericUserIdentifier OPTIONAL, |
| personal-name [5] EXPLICIT PersonalName OPTIONAL, |
| -- see also teletex-personal-name |
| organizational-unit-names [6] EXPLICIT OrganizationalUnitNames OPTIONAL |
| -- see also teletex-organizational-unit-names -- |
| } |
| CountryName ::= [APPLICATION 1] CHOICE { |
| x121-dcc-code NumericString |
| (SIZE (ub-country-name-numeric-length)), |
| iso-3166-alpha2-code PrintableString |
| (SIZE (ub-country-name-alpha-length)) } |
| AdministrationDomainName ::= [APPLICATION 2] EXPLICIT CHOICE { |
| numeric NumericString (SIZE (0..ub-domain-name-length)), |
| printable PrintableString (SIZE (0..ub-domain-name-length)) } |
| NetworkAddress ::= X121Address -- see also extended-network-address |
| X121Address ::= NumericString (SIZE (1..ub-x121-address-length)) |
| TerminalIdentifier ::= PrintableString (SIZE (1..ub-terminal-id-length)) |
| PrivateDomainName ::= CHOICE { |
| numeric NumericString (SIZE (1..ub-domain-name-length)), |
| printable PrintableString (SIZE (1..ub-domain-name-length)) } |
| OrganizationName ::= PrintableString |
| (SIZE (1..ub-organization-name-length)) |
| NumericUserIdentifier ::= NumericString |
| (SIZE (1..ub-numeric-user-id-length)) |
| PersonalName ::= SET { |
| surname [0] PrintableString (SIZE (1..ub-surname-length)), |
| given-name [1] PrintableString |
| (SIZE (1..ub-given-name-length)) OPTIONAL, |
| initials [2] PrintableString (SIZE (1..ub-initials-length)) OPTIONAL, |
| generation-qualifier [3] PrintableString |
| (SIZE (1..ub-generation-qualifier-length)) OPTIONAL } |
| OrganizationalUnitNames ::= SEQUENCE SIZE (1..ub-organizational-units) |
| OF OrganizationalUnitName |
| OrganizationalUnitName ::= PrintableString (SIZE |
| (1..ub-organizational-unit-name-length)) |
| BuiltInDomainDefinedAttributes ::= SEQUENCE SIZE |
| (1..ub-domain-defined-attributes) OF |
| BuiltInDomainDefinedAttribute |
| BuiltInDomainDefinedAttribute ::= SEQUENCE { |
| type PrintableString (SIZE |
| (1..ub-domain-defined-attribute-type-length)), |
| value PrintableString (SIZE |
| (1..ub-domain-defined-attribute-value-length))} |
| ExtensionAttributes ::= SET SIZE (1..ub-extension-attributes) OF |
| ExtensionAttribute |
| ExtensionAttribute ::= SEQUENCE { |
| extension-attribute-type [0] EXPLICIT INTEGER (0..ub-extension-attributes), |
| extension-attribute-value [1] EXPLICIT |
| ANY DEFINED BY extension-attribute-type } |
| common-name INTEGER ::= 1 |
| CommonName ::= PrintableString (SIZE (1..ub-common-name-length)) |
| teletex-common-name INTEGER ::= 2 |
| TeletexCommonName ::= TeletexString (SIZE (1..ub-common-name-length)) |
| teletex-organization-name INTEGER ::= 3 |
| TeletexOrganizationName ::= |
| TeletexString (SIZE (1..ub-organization-name-length)) |
| teletex-personal-name INTEGER ::= 4 |
| TeletexPersonalName ::= SET { |
| surname [0] EXPLICIT TeletexString (SIZE (1..ub-surname-length)), |
| given-name [1] EXPLICIT TeletexString |
| (SIZE (1..ub-given-name-length)) OPTIONAL, |
| initials [2] EXPLICIT TeletexString (SIZE (1..ub-initials-length)) OPTIONAL, |
| generation-qualifier [3] EXPLICIT TeletexString (SIZE |
| (1..ub-generation-qualifier-length)) OPTIONAL } |
| teletex-organizational-unit-names INTEGER ::= 5 |
| TeletexOrganizationalUnitNames ::= SEQUENCE SIZE |
| (1..ub-organizational-units) OF TeletexOrganizationalUnitName |
| TeletexOrganizationalUnitName ::= TeletexString |
| (SIZE (1..ub-organizational-unit-name-length)) |
| pds-name INTEGER ::= 7 |
| PDSName ::= PrintableString (SIZE (1..ub-pds-name-length)) |
| physical-delivery-country-name INTEGER ::= 8 |
| PhysicalDeliveryCountryName ::= CHOICE { |
| x121-dcc-code NumericString (SIZE (ub-country-name-numeric-length)), |
| iso-3166-alpha2-code PrintableString |
| (SIZE (ub-country-name-alpha-length)) } |
| postal-code INTEGER ::= 9 |
| PostalCode ::= CHOICE { |
| numeric-code NumericString (SIZE (1..ub-postal-code-length)), |
| printable-code PrintableString (SIZE (1..ub-postal-code-length)) } |
| physical-delivery-office-name INTEGER ::= 10 |
| PhysicalDeliveryOfficeName ::= PDSParameter |
| physical-delivery-office-number INTEGER ::= 11 |
| PhysicalDeliveryOfficeNumber ::= PDSParameter |
| extension-OR-address-components INTEGER ::= 12 |
| ExtensionORAddressComponents ::= PDSParameter |
| physical-delivery-personal-name INTEGER ::= 13 |
| PhysicalDeliveryPersonalName ::= PDSParameter |
| physical-delivery-organization-name INTEGER ::= 14 |
| PhysicalDeliveryOrganizationName ::= PDSParameter |
| extension-physical-delivery-address-components INTEGER ::= 15 |
| ExtensionPhysicalDeliveryAddressComponents ::= PDSParameter |
| unformatted-postal-address INTEGER ::= 16 |
| UnformattedPostalAddress ::= SET { |
| printable-address SEQUENCE SIZE (1..ub-pds-physical-address-lines) OF |
| PrintableString (SIZE (1..ub-pds-parameter-length)) OPTIONAL, |
| teletex-string TeletexString |
| (SIZE (1..ub-unformatted-address-length)) OPTIONAL } |
| street-address INTEGER ::= 17 |
| StreetAddress ::= PDSParameter |
| post-office-box-address INTEGER ::= 18 |
| PostOfficeBoxAddress ::= PDSParameter |
| poste-restante-address INTEGER ::= 19 |
| PosteRestanteAddress ::= PDSParameter |
| unique-postal-name INTEGER ::= 20 |
| UniquePostalName ::= PDSParameter |
| local-postal-attributes INTEGER ::= 21 |
| LocalPostalAttributes ::= PDSParameter |
| PDSParameter ::= SET { |
| printable-string PrintableString |
| (SIZE(1..ub-pds-parameter-length)) OPTIONAL, |
| teletex-string TeletexString |
| (SIZE(1..ub-pds-parameter-length)) OPTIONAL } |
| extended-network-address INTEGER ::= 22 |
| ExtendedNetworkAddress ::= CHOICE { |
| e163-4-address SEQUENCE { |
| number [0] EXPLICIT NumericString (SIZE (1..ub-e163-4-number-length)), |
| sub-address [1] EXPLICIT NumericString |
| (SIZE (1..ub-e163-4-sub-address-length)) OPTIONAL }, |
| psap-address [0] EXPLICIT PresentationAddress } |
| PresentationAddress ::= SEQUENCE { |
| pSelector [0] EXPLICIT OCTET STRING OPTIONAL, |
| sSelector [1] EXPLICIT OCTET STRING OPTIONAL, |
| tSelector [2] EXPLICIT OCTET STRING OPTIONAL, |
| nAddresses [3] EXPLICIT SET SIZE (1..MAX) OF OCTET STRING } |
| terminal-type INTEGER ::= 23 |
| TerminalType ::= INTEGER { |
| telex (3), |
| teletex (4), |
| g3-facsimile (5), |
| g4-facsimile (6), |
| ia5-terminal (7), |
| videotex (8) } -- (0..ub-integer-options) |
| teletex-domain-defined-attributes INTEGER ::= 6 |
| TeletexDomainDefinedAttributes ::= SEQUENCE SIZE |
| (1..ub-domain-defined-attributes) OF TeletexDomainDefinedAttribute |
| TeletexDomainDefinedAttribute ::= SEQUENCE { |
| type TeletexString |
| (SIZE (1..ub-domain-defined-attribute-type-length)), |
| value TeletexString |
| (SIZE (1..ub-domain-defined-attribute-value-length)) } |
| ub-name INTEGER ::= 32768 |
| ub-common-name INTEGER ::= 64 |
| ub-locality-name INTEGER ::= 128 |
| ub-state-name INTEGER ::= 128 |
| ub-organization-name INTEGER ::= 64 |
| ub-organizational-unit-name INTEGER ::= 64 |
| ub-title INTEGER ::= 64 |
| ub-match INTEGER ::= 128 |
| ub-emailaddress-length INTEGER ::= 128 |
| ub-common-name-length INTEGER ::= 64 |
| ub-country-name-alpha-length INTEGER ::= 2 |
| ub-country-name-numeric-length INTEGER ::= 3 |
| ub-domain-defined-attributes INTEGER ::= 4 |
| ub-domain-defined-attribute-type-length INTEGER ::= 8 |
| ub-domain-defined-attribute-value-length INTEGER ::= 128 |
| ub-domain-name-length INTEGER ::= 16 |
| ub-extension-attributes INTEGER ::= 256 |
| ub-e163-4-number-length INTEGER ::= 15 |
| ub-e163-4-sub-address-length INTEGER ::= 40 |
| ub-generation-qualifier-length INTEGER ::= 3 |
| ub-given-name-length INTEGER ::= 16 |
| ub-initials-length INTEGER ::= 5 |
| ub-integer-options INTEGER ::= 256 |
| ub-numeric-user-id-length INTEGER ::= 32 |
| ub-organization-name-length INTEGER ::= 64 |
| ub-organizational-unit-name-length INTEGER ::= 32 |
| ub-organizational-units INTEGER ::= 4 |
| ub-pds-name-length INTEGER ::= 16 |
| ub-pds-parameter-length INTEGER ::= 30 |
| ub-pds-physical-address-lines INTEGER ::= 6 |
| ub-postal-code-length INTEGER ::= 16 |
| ub-surname-length INTEGER ::= 40 |
| ub-terminal-id-length INTEGER ::= 24 |
| ub-unformatted-address-length INTEGER ::= 180 |
| ub-x121-address-length INTEGER ::= 16 |
| pkcs-7-ContentInfo ::= SEQUENCE { |
| contentType OBJECT IDENTIFIER, |
| content [0] EXPLICIT ANY DEFINED BY contentType } |
| pkcs-7-DigestInfo ::= SEQUENCE { |
| digestAlgorithm AlgorithmIdentifier, |
| digest OCTET STRING |
| } |
| pkcs-7-SignedData ::= SEQUENCE { |
| version INTEGER, |
| digestAlgorithms pkcs-7-DigestAlgorithmIdentifiers, |
| encapContentInfo pkcs-7-EncapsulatedContentInfo, |
| certificates [0] IMPLICIT pkcs-7-CertificateSet OPTIONAL, |
| crls [1] IMPLICIT pkcs-7-CertificateRevocationLists OPTIONAL, |
| signerInfos pkcs-7-SignerInfos |
| } |
| pkcs-7-DigestAlgorithmIdentifiers ::= SET OF AlgorithmIdentifier |
| pkcs-7-EncapsulatedContentInfo ::= SEQUENCE { |
| eContentType OBJECT IDENTIFIER, |
| eContent [0] EXPLICIT ANY OPTIONAL } |
| pkcs-7-CertificateRevocationLists ::= SET OF ANY |
| pkcs-7-CertificateChoices ::= CHOICE { |
| certificate ANY |
| } |
| pkcs-7-CertificateSet ::= SET OF pkcs-7-CertificateChoices |
| IssuerAndSerialNumber ::= SEQUENCE { |
| issuer Name, |
| serialNumber CertificateSerialNumber |
| } |
| pkcs-7-SignerInfo ::= SEQUENCE { |
| version INTEGER, |
| sid SignerIdentifier, |
| digestAlgorithm AlgorithmIdentifier, |
| signedAttrs [0] IMPLICIT SignedAttributes OPTIONAL, |
| signatureAlgorithm AlgorithmIdentifier, |
| signature OCTET STRING, |
| unsignedAttrs [1] IMPLICIT SignedAttributes OPTIONAL } |
| SignedAttributes ::= SET SIZE (1..MAX) OF Attribute |
| SignerIdentifier ::= CHOICE { |
| issuerAndSerialNumber IssuerAndSerialNumber, |
| subjectKeyIdentifier [0] SubjectKeyIdentifier |
| } |
| pkcs-7-SignerInfos ::= SET OF pkcs-7-SignerInfo |
| pkcs-10-CertificationRequestInfo ::= SEQUENCE { |
| version INTEGER { v1(0) }, |
| subject Name, |
| subjectPKInfo SubjectPublicKeyInfo, |
| attributes [0] Attributes |
| } |
| Attributes ::= SET OF Attribute |
| pkcs-10-CertificationRequest ::= SEQUENCE { |
| certificationRequestInfo pkcs-10-CertificationRequestInfo, |
| signatureAlgorithm AlgorithmIdentifier, |
| signature BIT STRING |
| } |
| pkcs-9-ub-challengePassword INTEGER ::= 255 |
| pkcs-9-certTypes OBJECT IDENTIFIER ::= {pkcs-9 22} |
| pkcs-9-crlTypes OBJECT IDENTIFIER ::= {pkcs-9 23} |
| pkcs-9-at-challengePassword OBJECT IDENTIFIER ::= {pkcs-9 7} |
| pkcs-9-challengePassword ::= CHOICE { |
| printableString PrintableString (SIZE (1..pkcs-9-ub-challengePassword)), |
| utf8String UTF8String (SIZE (1..pkcs-9-ub-challengePassword)) } |
| pkcs-9-at-localKeyId OBJECT IDENTIFIER ::= {pkcs-9 21} |
| pkcs-9-localKeyId ::= OCTET STRING |
| pkcs-9-at-friendlyName OBJECT IDENTIFIER ::= {pkcs-9 20} |
| pkcs-9-friendlyName ::= BMPString (SIZE (1..255)) |
| pkcs-8-PrivateKeyInfo ::= SEQUENCE { |
| version pkcs-8-Version, |
| privateKeyAlgorithm AlgorithmIdentifier, |
| privateKey pkcs-8-PrivateKey, |
| attributes [0] Attributes OPTIONAL } |
| pkcs-8-Version ::= INTEGER {v1(0)} |
| pkcs-8-PrivateKey ::= OCTET STRING |
| pkcs-8-Attributes ::= SET OF Attribute |
| pkcs-8-EncryptedPrivateKeyInfo ::= SEQUENCE { |
| encryptionAlgorithm AlgorithmIdentifier, |
| encryptedData pkcs-8-EncryptedData |
| } |
| pkcs-8-EncryptedData ::= OCTET STRING |
| pkcs-5 OBJECT IDENTIFIER ::= |
| { pkcs 5 } |
| pkcs-5-encryptionAlgorithm OBJECT IDENTIFIER ::= |
| { iso(1) member-body(2) us(840) rsadsi(113549) 3 } |
| pkcs-5-des-EDE3-CBC OBJECT IDENTIFIER ::= {pkcs-5-encryptionAlgorithm 7} |
| pkcs-5-des-EDE3-CBC-params ::= OCTET STRING (SIZE(8)) |
| pkcs-5-id-PBES2 OBJECT IDENTIFIER ::= {pkcs-5 13} |
| pkcs-5-PBES2-params ::= SEQUENCE { |
| keyDerivationFunc AlgorithmIdentifier, |
| encryptionScheme AlgorithmIdentifier } |
| pkcs-5-id-PBKDF2 OBJECT IDENTIFIER ::= {pkcs-5 12} |
| pkcs-5-PBKDF2-params ::= SEQUENCE { |
| salt CHOICE { |
| specified OCTET STRING, |
| otherSource AlgorithmIdentifier |
| }, |
| iterationCount INTEGER (1..MAX), |
| keyLength INTEGER (1..MAX) OPTIONAL, |
| prf AlgorithmIdentifier OPTIONAL -- DEFAULT pkcs-5-id-hmacWithSHA1 |
| } |
| pkcs-12 OBJECT IDENTIFIER ::= {pkcs 12} |
| pkcs-12-PFX ::= SEQUENCE { |
| version INTEGER {v3(3)}, |
| authSafe pkcs-7-ContentInfo, |
| macData pkcs-12-MacData OPTIONAL |
| } |
| pkcs-12-PbeParams ::= SEQUENCE { |
| salt OCTET STRING, |
| iterations INTEGER |
| } |
| pkcs-12-MacData ::= SEQUENCE { |
| mac pkcs-7-DigestInfo, |
| macSalt OCTET STRING, |
| iterations INTEGER DEFAULT 1 |
| } |
| pkcs-12-AuthenticatedSafe ::= SEQUENCE OF pkcs-7-ContentInfo |
| -- Data if unencrypted |
| -- EncryptedData if password-encrypted |
| -- EnvelopedData if public key-encrypted |
| pkcs-12-SafeContents ::= SEQUENCE OF pkcs-12-SafeBag |
| pkcs-12-SafeBag ::= SEQUENCE { |
| bagId OBJECT IDENTIFIER, |
| bagValue [0] EXPLICIT ANY DEFINED BY badId, |
| bagAttributes SET OF pkcs-12-PKCS12Attribute OPTIONAL |
| } |
| pkcs-12-bagtypes OBJECT IDENTIFIER ::= {pkcs-12 10 1} |
| pkcs-12-keyBag OBJECT IDENTIFIER ::= {pkcs-12-bagtypes 1} |
| pkcs-12-pkcs8ShroudedKeyBag OBJECT IDENTIFIER ::= {pkcs-12-bagtypes 2} |
| pkcs-12-certBag OBJECT IDENTIFIER ::= {pkcs-12-bagtypes 3} |
| pkcs-12-crlBag OBJECT IDENTIFIER ::= {pkcs-12-bagtypes 4} |
| pkcs-12-KeyBag ::= pkcs-8-PrivateKeyInfo |
| pkcs-12-PKCS8ShroudedKeyBag ::= pkcs-8-EncryptedPrivateKeyInfo |
| pkcs-12-CertBag ::= SEQUENCE { |
| certId OBJECT IDENTIFIER, |
| certValue [0] EXPLICIT ANY DEFINED BY certId |
| } |
| pkcs-12-CRLBag ::= SEQUENCE { |
| crlId OBJECT IDENTIFIER, |
| crlValue [0] EXPLICIT ANY DEFINED BY crlId |
| } |
| pkcs-12-PKCS12Attribute ::= Attribute |
| pkcs-7-Data ::= OCTET STRING |
| pkcs-7-EncryptedData ::= SEQUENCE { |
| version INTEGER, |
| encryptedContentInfo pkcs-7-EncryptedContentInfo, |
| unprotectedAttrs [1] IMPLICIT pkcs-7-UnprotectedAttributes OPTIONAL } |
| pkcs-7-EncryptedContentInfo ::= SEQUENCE { |
| contentType OBJECT IDENTIFIER, |
| contentEncryptionAlgorithm pkcs-7-ContentEncryptionAlgorithmIdentifier, |
| encryptedContent [0] IMPLICIT OCTET STRING OPTIONAL } |
| pkcs-7-ContentEncryptionAlgorithmIdentifier ::= AlgorithmIdentifier |
| pkcs-7-UnprotectedAttributes ::= SET SIZE (1..MAX) OF Attribute |
| id-at-ldap-DC AttributeType ::= { 0 9 2342 19200300 100 1 25 } |
| ldap-DC ::= IA5String |
| id-at-ldap-UID AttributeType ::= { 0 9 2342 19200300 100 1 1 } |
| ldap-UID ::= DirectoryString |
| id-pda OBJECT IDENTIFIER ::= { id-pkix 9 } |
| id-pda-dateOfBirth AttributeType ::= { id-pda 1 } |
| DateOfBirth ::= GeneralizedTime |
| id-pda-placeOfBirth AttributeType ::= { id-pda 2 } |
| PlaceOfBirth ::= DirectoryString |
| id-pda-gender AttributeType ::= { id-pda 3 } |
| Gender ::= PrintableString (SIZE(1)) |
| -- "M", "F", "m" or "f" |
| id-pda-countryOfCitizenship AttributeType ::= { id-pda 4 } |
| CountryOfCitizenship ::= PrintableString (SIZE (2)) |
| -- ISO 3166 Country Code |
| id-pda-countryOfResidence AttributeType ::= { id-pda 5 } |
| CountryOfResidence ::= PrintableString (SIZE (2)) |
| -- ISO 3166 Country Code |
| id-pe-proxyCertInfo OBJECT IDENTIFIER ::= { id-pe 14 } |
| id-ppl-inheritAll OBJECT IDENTIFIER ::= { id-pkix 21 1 } |
| id-ppl-independent OBJECT IDENTIFIER ::= { id-pkix 21 2 } |
| ProxyCertInfo ::= SEQUENCE { |
| pCPathLenConstraint INTEGER (0..MAX) OPTIONAL, |
| proxyPolicy ProxyPolicy } |
| ProxyPolicy ::= SEQUENCE { |
| policyLanguage OBJECT IDENTIFIER, |
| policy OCTET STRING OPTIONAL } |
| id-on OBJECT IDENTIFIER ::= { id-pkix 8 } -- other name forms |
| id-on-xmppAddr OBJECT IDENTIFIER ::= { id-on 5 } |
| XmppAddr ::= UTF8String |
| BasicOCSPResponse ::= SEQUENCE { |
| tbsResponseData ResponseData, |
| signatureAlgorithm AlgorithmIdentifier, |
| signature BIT STRING, |
| certs [0] EXPLICIT SEQUENCE OF Certificate OPTIONAL } |
| ResponseData ::= SEQUENCE { |
| version [0] EXPLICIT INTEGER DEFAULT 0, |
| responderID ResponderID, |
| producedAt GeneralizedTime, |
| responses SEQUENCE OF SingleResponse, |
| responseExtensions [1] EXPLICIT Extensions OPTIONAL } |
| ResponderID ::= CHOICE { |
| byName [1] EXPLICIT RDNSequence, --Name |
| byKey [2] EXPLICIT OCTET STRING --SHA-1 hash of responder's public key |
| } |
| CertID ::= SEQUENCE { |
| hashAlgorithm AlgorithmIdentifier, |
| issuerNameHash OCTET STRING, -- Hash of Issuer's DN |
| issuerKeyHash OCTET STRING, -- Hash of Issuers public key |
| serialNumber CertificateSerialNumber } |
| CertStatus ::= CHOICE { |
| good [0] IMPLICIT NULL, |
| revoked [1] IMPLICIT RevokedInfo, |
| unknown [2] IMPLICIT UnknownInfo } |
| SingleResponse ::= SEQUENCE { |
| certID CertID, |
| certStatus CertStatus, |
| thisUpdate GeneralizedTime, |
| nextUpdate [0] EXPLICIT GeneralizedTime OPTIONAL, |
| singleExtensions [1] EXPLICIT Extensions OPTIONAL } |
| RevokedInfo ::= SEQUENCE { |
| revocationTime GeneralizedTime, |
| revocationReason [0] EXPLICIT CRLReason OPTIONAL } |
| UnknownInfo ::= NULL -- this can be replaced with an enumeration |
| END |
