diff options
| author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2003-04-16 10:44:12 +0000 |
|---|---|---|
| committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2003-04-16 10:44:12 +0000 |
| commit | f0eb96e3762d825c9e0d30e6d93601c75fe1dab4 (patch) | |
| tree | c987ec2797c29977576b480135ebdc2e3afa4884 /lib/pkix.asn | |
| parent | b1d596003a6cb55139a89c2f64b691180608ec37 (diff) | |
| download | gnutls-f0eb96e3762d825c9e0d30e6d93601c75fe1dab4.tar.gz | |
added definitions for pkcs12
Diffstat (limited to 'lib/pkix.asn')
| -rw-r--r-- | lib/pkix.asn | 114 |
1 files changed, 111 insertions, 3 deletions
diff --git a/lib/pkix.asn b/lib/pkix.asn index 8384e8e13b..044b028d4b 100644 --- a/lib/pkix.asn +++ b/lib/pkix.asn @@ -481,8 +481,11 @@ X520countryName ::= PrintableString (SIZE (2)) -- IS 3166 codes -- Legacy attributes +pkcs OBJECT IDENTIFIER ::= + { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) } + pkcs-9 OBJECT IDENTIFIER ::= - { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) 9 } + { pkcs 9 } emailAddress AttributeType ::= { pkcs-9 1 } @@ -601,7 +604,7 @@ AlgorithmIdentifier ::= SEQUENCE { -- Algorithm OIDs and parameter structures pkcs-1 OBJECT IDENTIFIER ::= { - iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) 1 } + pkcs 1 } rsaEncryption OBJECT IDENTIFIER ::= { pkcs-1 1 } @@ -1009,6 +1012,9 @@ CertificationRequest ::= SEQUENCE { pkcs-9-ub-challengePassword INTEGER ::= 255 +pkcs-9-certTypes OBJECT IDENTIFIER ::= {pkcs-9 22} +pkcs-9-crlTypes OBJECT IDENTIFIER ::= {pkcs-9 23} + challengePassword AttributeType ::= {pkcs-9 7} Pkcs9challengePassword ::= CHOICE { @@ -1044,7 +1050,7 @@ EncryptedData ::= OCTET STRING -- PKCS #5 stuff pkcs-5 OBJECT IDENTIFIER ::= - { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) 5 } + { pkcs 5 } pkcs-5-encryptionAlgorithm OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) 3 } @@ -1078,4 +1084,106 @@ pkcs-5-PBKDF2-params ::= SEQUENCE { prf AlgorithmIdentifier OPTIONAL -- DEFAULT pkcs-5-id-hmacWithSHA1 } +-- PKCS #12 stuff + +pkcs-12 OBJECT IDENTIFIER ::= {pkcs 12} + +PFX ::= SEQUENCE { + version INTEGER {v3(3)}, + authSafe ContentInfo, + macData MacData OPTIONAL +} + +MacData ::= ANY +-- we don't use it +-- SEQUENCE { +-- mac ANY, --DigestInfo, +-- macSalt OCTET STRING, +-- iterations INTEGER DEFAULT 1 +-- Note: The default is for historical reasons and its use is +-- deprecated. A higher value, like 1024 is recommended. +--} + +AuthenticatedSafe ::= SEQUENCE OF ContentInfo + -- Data if unencrypted + -- EncryptedData if password-encrypted + -- EnvelopedData if public key-encrypted + +SafeContents ::= SEQUENCE OF SafeBag + +-- To replace TYPE-IDENTIFIER +BAG-TYPE ::= SEQUENCE { + type-id OBJECT IDENTIFIER, + value [0] EXPLICIT ANY DEFINED BY type-id } + + +SafeBag ::= SEQUENCE { + bagId BAG-TYPE, + bagValue [0] EXPLICIT ANY DEFINED BY badId, + bagAttributes SET OF PKCS12Attribute OPTIONAL +} + +-- Bag types + + +bagtypes OBJECT IDENTIFIER ::= {pkcs-12 10 1} + +keyBag OBJECT IDENTIFIER ::= {bagtypes 1} +pkcs8ShroudedKeyBag OBJECT IDENTIFIER ::= {bagtypes 2} +certBag OBJECT IDENTIFIER ::= {bagtypes 3} +crlBag OBJECT IDENTIFIER ::= {bagtypes 4} + +KeyBag ::= PrivateKeyInfo + +-- Shrouded KeyBag + +PKCS8ShroudedKeyBag ::= EncryptedPrivateKeyInfo + +-- CertBag + +CertBag ::= SEQUENCE { + certId BAG-TYPE, + certValue [0] EXPLICIT ANY DEFINED BY certId +} + +-- x509Certificate BAG-TYPE ::= {OCTET STRING IDENTIFIED BY {pkcs-9-certTypes 1}} +-- DER-encoded X.509 certificate stored in OCTET STRING + +CRLBag ::= SEQUENCE { + crlId BAG-TYPE, + crlValue [0] EXPLICIT ANY DEFINED BY crlId +} + +-- x509CRL BAG-TYPE ::= +-- {OCTET STRING IDENTIFIED BY {pkcs-9-crlTypes 1}} +-- DER-encoded X.509 CRL stored in OCTET STRING + +PKCS12Attribute ::= ANY + +-- PKCS #7 stuff (needed in PKCS 12) + +id-data OBJECT IDENTIFIER ::= { iso(1) member-body(2) + us(840) rsadsi(113549) pkcs(1) pkcs7(7) 1 } + +id-encryptedData OBJECT IDENTIFIER ::= { iso(1) member-body(2) + us(840) rsadsi(113549) pkcs(1) pkcs7(7) 6 } + +Data ::= OCTET STRING + +EncryptedData ::= SEQUENCE { + version CMSVersion, + encryptedContentInfo EncryptedContentInfo, + unprotectedAttrs [1] IMPLICIT UnprotectedAttributes OPTIONAL } + +EncryptedContentInfo ::= SEQUENCE { + contentType ContentType, + contentEncryptionAlgorithm ContentEncryptionAlgorithmIdentifier, + encryptedContent [0] IMPLICIT EncryptedContent OPTIONAL } + +ContentEncryptionAlgorithmIdentifier ::= AlgorithmIdentifier + +EncryptedContent ::= OCTET STRING + +UnprotectedAttributes ::= SET SIZE (1..MAX) OF Attribute + END |