4 DEFINITIONS IMPLICIT TAGS ::=
8 -- This contains both PKIX1Implicit88 and RFC2630 ASN.1 modules.
10 -- ISO arc for standard certificate and CRL extensions
12 id-ce OBJECT IDENTIFIER ::= {joint-iso-ccitt(2) ds(5) 29}
15 -- authority key identifier OID and syntax
17 id-ce-authorityKeyIdentifier OBJECT IDENTIFIER ::= { id-ce 35 }
19 AuthorityKeyIdentifier ::= SEQUENCE {
20 keyIdentifier [0] KeyIdentifier OPTIONAL,
21 authorityCertIssuer [1] GeneralNames OPTIONAL,
22 authorityCertSerialNumber [2] CertificateSerialNumber OPTIONAL }
23 -- authorityCertIssuer and authorityCertSerialNumber shall both
24 -- be present or both be absgent
26 KeyIdentifier ::= OCTET STRING
28 -- subject key identifier OID and syntax
30 id-ce-subjectKeyIdentifier OBJECT IDENTIFIER ::= { id-ce 14 }
32 SubjectKeyIdentifier ::= KeyIdentifier
34 -- key usage extension OID and syntax
36 id-ce-keyUsage OBJECT IDENTIFIER ::= { id-ce 15 }
38 KeyUsage ::= BIT STRING {
49 -- private key usage period extension OID and syntax
51 id-ce-privateKeyUsagePeriod OBJECT IDENTIFIER ::= { id-ce 16 }
53 PrivateKeyUsagePeriod ::= SEQUENCE {
54 notBefore [0] GeneralizedTime OPTIONAL,
55 notAfter [1] GeneralizedTime OPTIONAL }
56 -- either notBefore or notAfter shall be present
58 -- certificate policies extension OID and syntax
60 id-ce-certificatePolicies OBJECT IDENTIFIER ::= { id-ce 32 }
62 CertificatePolicies ::= SEQUENCE SIZE (1..MAX) OF PolicyInformation
64 PolicyInformation ::= SEQUENCE {
65 policyIdentifier CertPolicyId,
66 policyQualifiers SEQUENCE SIZE (1..MAX) OF
67 PolicyQualifierInfo OPTIONAL }
69 CertPolicyId ::= OBJECT IDENTIFIER
71 PolicyQualifierInfo ::= SEQUENCE {
72 policyQualifierId PolicyQualifierId,
73 qualifier ANY DEFINED BY policyQualifierId }
75 -- Implementations that recognize additional policy qualifiers shall
76 -- augment the following definition for PolicyQualifierId
79 OBJECT IDENTIFIER -- ( id-qt-cps | id-qt-unotice )
81 -- CPS pointer qualifier
85 -- user notice qualifier
87 UserNotice ::= SEQUENCE {
88 noticeRef NoticeReference OPTIONAL,
89 explicitText DisplayText OPTIONAL}
91 NoticeReference ::= SEQUENCE {
92 organization DisplayText,
93 noticeNumbers SEQUENCE OF INTEGER }
95 DisplayText ::= CHOICE {
96 visibleString VisibleString (SIZE (1..200)),
97 bmpString BMPString (SIZE (1..200)),
98 utf8String UTF8String (SIZE (1..200)) }
100 -- policy mapping extension OID and syntax
102 id-ce-policyMappings OBJECT IDENTIFIER ::= { id-ce 33 }
104 PolicyMappings ::= SEQUENCE SIZE (1..MAX) OF SEQUENCE {
105 issuerDomainPolicy CertPolicyId,
106 subjectDomainPolicy CertPolicyId }
108 -- subject alternative name extension OID and syntax
110 id-ce-subjectAltName OBJECT IDENTIFIER ::= { id-ce 17 }
112 SubjectAltName ::= GeneralNames
114 GeneralNames ::= SEQUENCE SIZE (1..MAX) OF GeneralName
116 GeneralName ::= CHOICE {
117 otherName [0] AnotherName,
118 rfc822Name [1] IA5String,
119 dNSName [2] IA5String,
120 x400Address [3] ORAddress,
121 directoryName [4] Name,
122 ediPartyName [5] EDIPartyName,
123 uniformResourceIdentifier [6] IA5String,
124 iPAddress [7] OCTET STRING,
125 registeredID [8] OBJECT IDENTIFIER }
127 -- AnotherName replaces OTHER-NAME ::= TYPE-IDENTIFIER, as
128 -- TYPE-IDENTIFIER is not supported in the '88 ASN.1 syntax
130 AnotherName ::= SEQUENCE {
131 type-id OBJECT IDENTIFIER,
132 value [0] EXPLICIT ANY DEFINED BY type-id }
134 EDIPartyName ::= SEQUENCE {
135 nameAssigner [0] DirectoryString OPTIONAL,
136 partyName [1] DirectoryString }
138 -- issuer alternative name extension OID and syntax
140 id-ce-issuerAltName OBJECT IDENTIFIER ::= { id-ce 18 }
142 IssuerAltName ::= GeneralNames
144 id-ce-subjectDirectoryAttributes OBJECT IDENTIFIER ::= { id-ce 9 }
146 SubjectDirectoryAttributes ::= SEQUENCE SIZE (1..MAX) OF Attribute
148 -- basic constraints extension OID and syntax
150 id-ce-basicConstraints OBJECT IDENTIFIER ::= { id-ce 19 }
152 BasicConstraints ::= SEQUENCE {
153 cA BOOLEAN DEFAULT FALSE,
154 pathLenConstraint INTEGER (0..MAX) OPTIONAL }
156 -- name constraints extension OID and syntax
158 id-ce-nameConstraints OBJECT IDENTIFIER ::= { id-ce 30 }
160 NameConstraints ::= SEQUENCE {
161 permittedSubtrees [0] GeneralSubtrees OPTIONAL,
162 excludedSubtrees [1] GeneralSubtrees OPTIONAL }
164 GeneralSubtrees ::= SEQUENCE SIZE (1..MAX) OF GeneralSubtree
166 GeneralSubtree ::= SEQUENCE {
168 minimum [0] BaseDistance DEFAULT 0,
169 maximum [1] BaseDistance OPTIONAL }
171 BaseDistance ::= INTEGER (0..MAX)
173 -- policy constraints extension OID and syntax
175 id-ce-policyConstraints OBJECT IDENTIFIER ::= { id-ce 36 }
177 PolicyConstraints ::= SEQUENCE {
178 requireExplicitPolicy [0] SkipCerts OPTIONAL,
179 inhibitPolicyMapping [1] SkipCerts OPTIONAL }
181 SkipCerts ::= INTEGER (0..MAX)
183 -- CRL distribution points extension OID and syntax
185 id-ce-cRLDistributionPoints OBJECT IDENTIFIER ::= {id-ce 31}
187 CRLDistPointsSyntax ::= SEQUENCE SIZE (1..MAX) OF DistributionPoint
189 DistributionPoint ::= SEQUENCE {
190 distributionPoint [0] DistributionPointName OPTIONAL,
191 reasons [1] ReasonFlags OPTIONAL,
192 cRLIssuer [2] GeneralNames OPTIONAL }
194 DistributionPointName ::= CHOICE {
195 fullName [0] GeneralNames,
196 nameRelativeToCRLIssuer [1] RelativeDistinguishedName }
200 ReasonFlags ::= BIT STRING {
204 affiliationChanged (3),
206 cessationOfOperation (5),
207 certificateHold (6) }
209 -- extended key usage extension OID and syntax
211 id-ce-extKeyUsage OBJECT IDENTIFIER ::= {id-ce 37}
213 ExtKeyUsageSyntax ::= SEQUENCE SIZE (1..MAX) OF KeyPurposeId
215 KeyPurposeId ::= OBJECT IDENTIFIER
217 -- extended key purpose OIDs
218 id-kp-serverAuth OBJECT IDENTIFIER ::= { id-kp 1 }
219 id-kp-clientAuth OBJECT IDENTIFIER ::= { id-kp 2 }
220 id-kp-codeSigning OBJECT IDENTIFIER ::= { id-kp 3 }
221 id-kp-emailProtection OBJECT IDENTIFIER ::= { id-kp 4 }
222 id-kp-ipsecEndSystem OBJECT IDENTIFIER ::= { id-kp 5 }
223 id-kp-ipsecTunnel OBJECT IDENTIFIER ::= { id-kp 6 }
224 id-kp-ipsecUser OBJECT IDENTIFIER ::= { id-kp 7 }
225 id-kp-timeStamping OBJECT IDENTIFIER ::= { id-kp 8 }
227 -- authority info access
229 id-pe-authorityInfoAccess OBJECT IDENTIFIER ::= { id-pe 1 }
231 AuthorityInfoAccessSyntax ::=
232 SEQUENCE SIZE (1..MAX) OF AccessDescription
234 AccessDescription ::= SEQUENCE {
235 accessMethod OBJECT IDENTIFIER,
236 accessLocation GeneralName }
238 -- CRL number extension OID and syntax
240 id-ce-cRLNumber OBJECT IDENTIFIER ::= { id-ce 20 }
242 CRLNumber ::= INTEGER (0..MAX)
244 -- issuing distribution point extension OID and syntax
246 id-ce-issuingDistributionPoint OBJECT IDENTIFIER ::= { id-ce 28 }
248 IssuingDistributionPoint ::= SEQUENCE {
249 distributionPoint [0] DistributionPointName OPTIONAL,
250 onlyContainsUserCerts [1] BOOLEAN DEFAULT FALSE,
251 onlyContainsCACerts [2] BOOLEAN DEFAULT FALSE,
252 onlySomeReasons [3] ReasonFlags OPTIONAL,
253 indirectCRL [4] BOOLEAN DEFAULT FALSE }
256 id-ce-deltaCRLIndicator OBJECT IDENTIFIER ::= { id-ce 27 }
258 -- deltaCRLIndicator ::= BaseCRLNumber
260 BaseCRLNumber ::= CRLNumber
262 -- CRL reasons extension OID and syntax
264 id-ce-cRLReasons OBJECT IDENTIFIER ::= { id-ce 21 }
266 CRLReason ::= ENUMERATED {
270 affiliationChanged (3),
272 cessationOfOperation (5),
276 -- certificate issuer CRL entry extension OID and syntax
278 id-ce-certificateIssuer OBJECT IDENTIFIER ::= { id-ce 29 }
280 CertificateIssuer ::= GeneralNames
282 -- hold instruction extension OID and syntax
284 id-ce-holdInstructionCode OBJECT IDENTIFIER ::= { id-ce 23 }
286 HoldInstructionCode ::= OBJECT IDENTIFIER
288 -- ANSI x9 holdinstructions
290 -- ANSI x9 arc holdinstruction arc
291 holdInstruction OBJECT IDENTIFIER ::=
292 {joint-iso-itu-t(2) member-body(2) us(840) x9cm(10040) 2}
294 -- ANSI X9 holdinstructions referenced by this standard
295 id-holdinstruction-none OBJECT IDENTIFIER ::=
296 {holdInstruction 1} -- deprecated
297 id-holdinstruction-callissuer OBJECT IDENTIFIER ::=
299 id-holdinstruction-reject OBJECT IDENTIFIER ::=
302 -- invalidity date CRL entry extension OID and syntax
304 id-ce-invalidityDate OBJECT IDENTIFIER ::= { id-ce 24 }
306 InvalidityDate ::= GeneralizedTime
309 -- --------------------------------------
311 -- --------------------------------------
313 -- UNIVERSAL Types defined in '93 and '98 ASN.1
314 -- but required by this specification
316 VisibleString ::= [UNIVERSAL 26] IMPLICIT OCTET STRING
318 NumericString ::= [UNIVERSAL 18] IMPLICIT OCTET STRING
320 IA5String ::= [UNIVERSAL 22] IMPLICIT OCTET STRING
322 TeletexString ::= [UNIVERSAL 20] IMPLICIT OCTET STRING
324 PrintableString ::= [UNIVERSAL 19] IMPLICIT OCTET STRING
326 UniversalString ::= [UNIVERSAL 28] IMPLICIT OCTET STRING
327 -- UniversalString is defined in ASN.1:1993
329 BMPString ::= [UNIVERSAL 30] IMPLICIT OCTET STRING
330 -- BMPString is the subtype of UniversalString and models
331 -- the Basic Multilingual Plane of ISO/IEC/ITU 10646-1
333 UTF8String ::= [UNIVERSAL 12] IMPLICIT OCTET STRING
334 -- The content of this type conforms to RFC 2279.
337 -- PKIX specific OIDs
339 id-pkix OBJECT IDENTIFIER ::=
340 { iso(1) identified-organization(3) dod(6) internet(1)
341 security(5) mechanisms(5) pkix(7) }
345 id-pe OBJECT IDENTIFIER ::= { id-pkix 1 }
346 -- arc for private certificate extensions
347 id-qt OBJECT IDENTIFIER ::= { id-pkix 2 }
348 -- arc for policy qualifier types
349 id-kp OBJECT IDENTIFIER ::= { id-pkix 3 }
350 -- arc for extended key purpose OIDS
351 id-ad OBJECT IDENTIFIER ::= { id-pkix 48 }
352 -- arc for access descriptors
354 -- policyQualifierIds for Internet policy qualifiers
356 id-qt-cps OBJECT IDENTIFIER ::= { id-qt 1 }
357 -- OID for CPS qualifier
358 id-qt-unotice OBJECT IDENTIFIER ::= { id-qt 2 }
359 -- OID for user notice qualifier
361 -- access descriptor definitions
363 id-ad-ocsp OBJECT IDENTIFIER ::= { id-ad 1 }
364 id-ad-caIssuers OBJECT IDENTIFIER ::= { id-ad 2 }
366 -- attribute data types --
368 Attribute ::= SEQUENCE {
370 values SET OF AttributeValue
371 -- at least one value is required --
374 AttributeType ::= OBJECT IDENTIFIER
376 AttributeValue ::= ANY
378 AttributeTypeAndValue ::= SEQUENCE {
380 value AttributeValue }
382 -- suggested naming attributes: Definition of the following
383 -- information object set may be augmented to meet local
384 -- requirements. Note that deleting members of the set may
385 -- prevent interoperability with conforming implementations.
386 -- presented in pairs: the AttributeType followed by the
387 -- type definition for the corresponding AttributeValue
389 -- Arc for standard naming attributes
390 id-at OBJECT IDENTIFIER ::= {joint-iso-ccitt(2) ds(5) 4}
392 -- Attributes of type NameDirectoryString
393 id-at-name AttributeType ::= {id-at 41}
394 id-at-surname AttributeType ::= {id-at 4}
395 id-at-givenName AttributeType ::= {id-at 42}
396 id-at-initials AttributeType ::= {id-at 43}
397 id-at-generationQualifier AttributeType ::= {id-at 44}
399 X520name ::= CHOICE {
400 teletexString TeletexString (SIZE (1..ub-name)),
401 printableString PrintableString (SIZE (1..ub-name)),
402 universalString UniversalString (SIZE (1..ub-name)),
403 utf8String UTF8String (SIZE (1..ub-name)),
404 bmpString BMPString (SIZE(1..ub-name)) }
408 id-at-commonName AttributeType ::= {id-at 3}
410 X520CommonName ::= CHOICE {
411 teletexString TeletexString (SIZE (1..ub-common-name)),
412 printableString PrintableString (SIZE (1..ub-common-name)),
413 universalString UniversalString (SIZE (1..ub-common-name)),
414 utf8String UTF8String (SIZE (1..ub-common-name)),
415 bmpString BMPString (SIZE(1..ub-common-name)) }
419 id-at-localityName AttributeType ::= {id-at 7}
421 X520LocalityName ::= CHOICE {
422 teletexString TeletexString (SIZE (1..ub-locality-name)),
423 printableString PrintableString (SIZE (1..ub-locality-name)),
424 universalString UniversalString (SIZE (1..ub-locality-name)),
425 utf8String UTF8String (SIZE (1..ub-locality-name)),
426 bmpString BMPString (SIZE(1..ub-locality-name)) }
430 id-at-stateOrProvinceName AttributeType ::= {id-at 8}
432 X520StateOrProvinceName ::= CHOICE {
433 teletexString TeletexString (SIZE (1..ub-state-name)),
434 printableString PrintableString (SIZE (1..ub-state-name)),
435 universalString UniversalString (SIZE (1..ub-state-name)),
436 utf8String UTF8String (SIZE (1..ub-state-name)),
437 bmpString BMPString (SIZE(1..ub-state-name)) }
441 id-at-organizationName AttributeType ::= {id-at 10}
443 X520OrganizationName ::= CHOICE {
444 teletexString TeletexString (SIZE (1..ub-organization-name)),
445 printableString PrintableString (SIZE (1..ub-organization-name)),
446 universalString UniversalString (SIZE (1..ub-organization-name)),
447 utf8String UTF8String (SIZE (1..ub-organization-name)),
448 bmpString BMPString (SIZE(1..ub-organization-name)) }
452 id-at-organizationalUnitName AttributeType ::= {id-at 11}
454 X520OrganizationalUnitName ::= CHOICE {
455 teletexString TeletexString (SIZE (1..ub-organizational-unit-name)),
456 printableString PrintableString
457 (SIZE (1..ub-organizational-unit-name)),
458 universalString UniversalString
459 (SIZE (1..ub-organizational-unit-name)),
460 utf8String UTF8String (SIZE (1..ub-organizational-unit-name)),
461 bmpString BMPString (SIZE(1..ub-organizational-unit-name)) }
465 id-at-title AttributeType ::= {id-at 12}
467 X520Title ::= CHOICE {
468 teletexString TeletexString (SIZE (1..ub-title)),
469 printableString PrintableString (SIZE (1..ub-title)),
470 universalString UniversalString (SIZE (1..ub-title)),
471 utf8String UTF8String (SIZE (1..ub-title)),
472 bmpString BMPString (SIZE(1..ub-title)) }
476 id-at-dnQualifier AttributeType ::= {id-at 46}
477 X520dnQualifier ::= PrintableString
479 id-at-countryName AttributeType ::= {id-at 6}
480 X520countryName ::= PrintableString (SIZE (2)) -- IS 3166 codes
484 pkcs-9 OBJECT IDENTIFIER ::=
485 { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) 9 }
487 emailAddress AttributeType ::= { pkcs-9 1 }
489 Pkcs9email ::= IA5String (SIZE (1..ub-emailaddress-length))
491 -- naming data types --
493 Name ::= CHOICE { -- only one possibility for now --
494 rdnSequence RDNSequence }
496 RDNSequence ::= SEQUENCE OF RelativeDistinguishedName
498 DistinguishedName ::= RDNSequence
500 RelativeDistinguishedName ::=
501 SET SIZE (1 .. MAX) OF AttributeTypeAndValue
503 -- Directory string type --
505 DirectoryString ::= CHOICE {
506 teletexString TeletexString (SIZE (1..MAX)),
507 printableString PrintableString (SIZE (1..MAX)),
508 universalString UniversalString (SIZE (1..MAX)),
509 utf8String UTF8String (SIZE (1..MAX)),
510 bmpString BMPString (SIZE(1..MAX)) }
513 -- --------------------------------------------------------
514 -- certificate and CRL specific structures begin here
515 -- --------------------------------------------------------
517 Certificate ::= SEQUENCE {
518 tbsCertificate TBSCertificate,
519 signatureAlgorithm AlgorithmIdentifier,
520 signature BIT STRING }
522 TBSCertificate ::= SEQUENCE {
523 version [0] EXPLICIT Version DEFAULT v1,
524 serialNumber CertificateSerialNumber,
525 signature AlgorithmIdentifier,
529 subjectPublicKeyInfo SubjectPublicKeyInfo,
530 issuerUniqueID [1] IMPLICIT UniqueIdentifier OPTIONAL,
531 -- If present, version shall be v2 or v3
532 subjectUniqueID [2] IMPLICIT UniqueIdentifier OPTIONAL,
533 -- If present, version shall be v2 or v3
534 extensions [3] EXPLICIT Extensions OPTIONAL
535 -- If present, version shall be v3 --
538 Version ::= INTEGER { v1(0), v2(1), v3(2) }
540 CertificateSerialNumber ::= INTEGER
542 Validity ::= SEQUENCE {
548 generalTime GeneralizedTime }
550 UniqueIdentifier ::= BIT STRING
552 SubjectPublicKeyInfo ::= SEQUENCE {
553 algorithm AlgorithmIdentifier,
554 subjectPublicKey BIT STRING }
556 Extensions ::= SEQUENCE SIZE (1..MAX) OF Extension
558 Extension ::= SEQUENCE {
559 extnID OBJECT IDENTIFIER,
560 critical BOOLEAN DEFAULT FALSE,
561 extnValue OCTET STRING }
564 -- ------------------------------------------
566 -- ------------------------------------------
568 CertificateList ::= SEQUENCE {
569 tbsCertList TBSCertList,
570 signatureAlgorithm AlgorithmIdentifier,
571 signature BIT STRING }
573 TBSCertList ::= SEQUENCE {
574 version Version OPTIONAL,
575 -- if present, shall be v2
576 signature AlgorithmIdentifier,
579 nextUpdate Time OPTIONAL,
580 revokedCertificates SEQUENCE OF SEQUENCE {
581 userCertificate CertificateSerialNumber,
583 crlEntryExtensions Extensions OPTIONAL
584 -- if present, shall be v2
586 crlExtensions [0] EXPLICIT Extensions OPTIONAL
587 -- if present, shall be v2 --
590 -- Version, Time, CertificateSerialNumber, and Extensions were
591 -- defined earlier for use in the certificate structure
593 AlgorithmIdentifier ::= SEQUENCE {
594 algorithm OBJECT IDENTIFIER,
595 parameters ANY DEFINED BY algorithm OPTIONAL }
596 -- contains a value of the type
597 -- registered for use with the
598 -- algorithm object identifier value
600 -- Algorithm OIDs and parameter structures
602 pkcs-1 OBJECT IDENTIFIER ::= {
603 iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) 1 }
605 rsaEncryption OBJECT IDENTIFIER ::= { pkcs-1 1 }
607 md2WithRSAEncryption OBJECT IDENTIFIER ::= { pkcs-1 2 }
609 md5WithRSAEncryption OBJECT IDENTIFIER ::= { pkcs-1 4 }
611 sha1WithRSAEncryption OBJECT IDENTIFIER ::= { pkcs-1 5 }
613 id-dsa-with-sha1 OBJECT IDENTIFIER ::= {
614 iso(1) member-body(2) us(840) x9-57 (10040) x9algorithm(4) 3 }
616 Dss-Sig-Value ::= SEQUENCE {
621 dhpublicnumber OBJECT IDENTIFIER ::= {
622 iso(1) member-body(2) us(840) ansi-x942(10046) number-type(2) 1 }
624 DomainParameters ::= SEQUENCE {
625 p INTEGER, -- odd prime, p=jq +1
626 g INTEGER, -- generator, g
627 q INTEGER, -- factor of p-1
628 j INTEGER OPTIONAL, -- subgroup factor, j>= 2
629 validationParms ValidationParms OPTIONAL }
631 ValidationParms ::= SEQUENCE {
633 pgenCounter INTEGER }
635 id-dsa OBJECT IDENTIFIER ::= {
636 iso(1) member-body(2) us(840) x9-57(10040) x9algorithm(4) 1 }
638 Dss-Parms ::= SEQUENCE {
643 -- x400 address syntax starts here
646 ORAddress ::= SEQUENCE {
647 built-in-standard-attributes BuiltInStandardAttributes,
648 built-in-domain-defined-attributes
649 BuiltInDomainDefinedAttributes OPTIONAL,
650 -- see also teletex-domain-defined-attributes
651 extension-attributes ExtensionAttributes OPTIONAL }
652 -- The OR-address is semantically absent from the OR-name if the
653 -- built-in-standard-attribute sequence is empty and the
654 -- built-in-domain-defined-attributes and extension-attributes are
657 -- Built-in Standard Attributes
659 BuiltInStandardAttributes ::= SEQUENCE {
660 country-name CountryName OPTIONAL,
661 administration-domain-name AdministrationDomainName OPTIONAL,
662 network-address [0] EXPLICIT NetworkAddress OPTIONAL,
663 -- see also extended-network-address
664 terminal-identifier [1] EXPLICIT TerminalIdentifier OPTIONAL,
665 private-domain-name [2] EXPLICIT PrivateDomainName OPTIONAL,
666 organization-name [3] EXPLICIT OrganizationName OPTIONAL,
667 -- see also teletex-organization-name
668 numeric-user-identifier [4] EXPLICIT NumericUserIdentifier OPTIONAL,
669 personal-name [5] EXPLICIT PersonalName OPTIONAL,
670 -- see also teletex-personal-name
671 organizational-unit-names [6] EXPLICIT OrganizationalUnitNames OPTIONAL
672 -- see also teletex-organizational-unit-names --
675 CountryName ::= [APPLICATION 1] CHOICE {
676 x121-dcc-code NumericString
677 (SIZE (ub-country-name-numeric-length)),
678 iso-3166-alpha2-code PrintableString
679 (SIZE (ub-country-name-alpha-length)) }
681 AdministrationDomainName ::= [APPLICATION 2] EXPLICIT CHOICE {
682 numeric NumericString (SIZE (0..ub-domain-name-length)),
683 printable PrintableString (SIZE (0..ub-domain-name-length)) }
685 NetworkAddress ::= X121Address -- see also extended-network-address
687 X121Address ::= NumericString (SIZE (1..ub-x121-address-length))
689 TerminalIdentifier ::= PrintableString (SIZE (1..ub-terminal-id-length))
691 PrivateDomainName ::= CHOICE {
692 numeric NumericString (SIZE (1..ub-domain-name-length)),
693 printable PrintableString (SIZE (1..ub-domain-name-length)) }
695 OrganizationName ::= PrintableString
696 (SIZE (1..ub-organization-name-length))
697 -- see also teletex-organization-name
699 NumericUserIdentifier ::= NumericString
700 (SIZE (1..ub-numeric-user-id-length))
702 PersonalName ::= SET {
703 surname [0] PrintableString (SIZE (1..ub-surname-length)),
704 given-name [1] PrintableString
705 (SIZE (1..ub-given-name-length)) OPTIONAL,
706 initials [2] PrintableString (SIZE (1..ub-initials-length)) OPTIONAL,
707 generation-qualifier [3] PrintableString
708 (SIZE (1..ub-generation-qualifier-length)) OPTIONAL }
709 -- see also teletex-personal-name
711 OrganizationalUnitNames ::= SEQUENCE SIZE (1..ub-organizational-units)
712 OF OrganizationalUnitName
713 -- see also teletex-organizational-unit-names
715 OrganizationalUnitName ::= PrintableString (SIZE
716 (1..ub-organizational-unit-name-length))
718 -- Built-in Domain-defined Attributes
720 BuiltInDomainDefinedAttributes ::= SEQUENCE SIZE
721 (1..ub-domain-defined-attributes) OF
722 BuiltInDomainDefinedAttribute
724 BuiltInDomainDefinedAttribute ::= SEQUENCE {
725 type PrintableString (SIZE
726 (1..ub-domain-defined-attribute-type-length)),
727 value PrintableString (SIZE
728 (1..ub-domain-defined-attribute-value-length))}
730 -- Extension Attributes
732 ExtensionAttributes ::= SET SIZE (1..ub-extension-attributes) OF
735 ExtensionAttribute ::= SEQUENCE {
736 extension-attribute-type [0] EXPLICIT INTEGER (0..ub-extension-attributes),
737 extension-attribute-value [1] EXPLICIT
738 ANY DEFINED BY extension-attribute-type }
740 -- Extension types and attribute values
743 common-name INTEGER ::= 1
745 CommonName ::= PrintableString (SIZE (1..ub-common-name-length))
747 teletex-common-name INTEGER ::= 2
749 TeletexCommonName ::= TeletexString (SIZE (1..ub-common-name-length))
751 teletex-organization-name INTEGER ::= 3
753 TeletexOrganizationName ::=
754 TeletexString (SIZE (1..ub-organization-name-length))
756 teletex-personal-name INTEGER ::= 4
758 TeletexPersonalName ::= SET {
759 surname [0] EXPLICIT TeletexString (SIZE (1..ub-surname-length)),
760 given-name [1] EXPLICIT TeletexString
761 (SIZE (1..ub-given-name-length)) OPTIONAL,
762 initials [2] EXPLICIT TeletexString (SIZE (1..ub-initials-length)) OPTIONAL,
763 generation-qualifier [3] EXPLICIT TeletexString (SIZE
764 (1..ub-generation-qualifier-length)) OPTIONAL }
766 teletex-organizational-unit-names INTEGER ::= 5
768 TeletexOrganizationalUnitNames ::= SEQUENCE SIZE
769 (1..ub-organizational-units) OF TeletexOrganizationalUnitName
771 TeletexOrganizationalUnitName ::= TeletexString
772 (SIZE (1..ub-organizational-unit-name-length))
774 pds-name INTEGER ::= 7
776 PDSName ::= PrintableString (SIZE (1..ub-pds-name-length))
778 physical-delivery-country-name INTEGER ::= 8
780 PhysicalDeliveryCountryName ::= CHOICE {
781 x121-dcc-code NumericString (SIZE (ub-country-name-numeric-length)),
782 iso-3166-alpha2-code PrintableString
783 (SIZE (ub-country-name-alpha-length)) }
785 postal-code INTEGER ::= 9
787 PostalCode ::= CHOICE {
788 numeric-code NumericString (SIZE (1..ub-postal-code-length)),
789 printable-code PrintableString (SIZE (1..ub-postal-code-length)) }
791 physical-delivery-office-name INTEGER ::= 10
793 PhysicalDeliveryOfficeName ::= PDSParameter
795 physical-delivery-office-number INTEGER ::= 11
797 PhysicalDeliveryOfficeNumber ::= PDSParameter
799 extension-OR-address-components INTEGER ::= 12
801 ExtensionORAddressComponents ::= PDSParameter
803 physical-delivery-personal-name INTEGER ::= 13
805 PhysicalDeliveryPersonalName ::= PDSParameter
807 physical-delivery-organization-name INTEGER ::= 14
809 PhysicalDeliveryOrganizationName ::= PDSParameter
811 extension-physical-delivery-address-components INTEGER ::= 15
813 ExtensionPhysicalDeliveryAddressComponents ::= PDSParameter
815 unformatted-postal-address INTEGER ::= 16
817 UnformattedPostalAddress ::= SET {
818 printable-address SEQUENCE SIZE (1..ub-pds-physical-address-lines) OF
819 PrintableString (SIZE (1..ub-pds-parameter-length)) OPTIONAL,
820 teletex-string TeletexString
821 (SIZE (1..ub-unformatted-address-length)) OPTIONAL }
823 street-address INTEGER ::= 17
825 StreetAddress ::= PDSParameter
827 post-office-box-address INTEGER ::= 18
829 PostOfficeBoxAddress ::= PDSParameter
831 poste-restante-address INTEGER ::= 19
833 PosteRestanteAddress ::= PDSParameter
835 unique-postal-name INTEGER ::= 20
837 UniquePostalName ::= PDSParameter
839 local-postal-attributes INTEGER ::= 21
841 LocalPostalAttributes ::= PDSParameter
843 PDSParameter ::= SET {
844 printable-string PrintableString
845 (SIZE(1..ub-pds-parameter-length)) OPTIONAL,
846 teletex-string TeletexString
847 (SIZE(1..ub-pds-parameter-length)) OPTIONAL }
849 extended-network-address INTEGER ::= 22
851 ExtendedNetworkAddress ::= CHOICE {
852 e163-4-address SEQUENCE {
853 number [0] EXPLICIT NumericString (SIZE (1..ub-e163-4-number-length)),
854 sub-address [1] EXPLICIT NumericString
855 (SIZE (1..ub-e163-4-sub-address-length)) OPTIONAL },
856 psap-address [0] EXPLICIT PresentationAddress }
858 PresentationAddress ::= SEQUENCE {
859 pSelector [0] EXPLICIT OCTET STRING OPTIONAL,
860 sSelector [1] EXPLICIT OCTET STRING OPTIONAL,
861 tSelector [2] EXPLICIT OCTET STRING OPTIONAL,
862 nAddresses [3] EXPLICIT SET SIZE (1..MAX) OF OCTET STRING }
864 terminal-type INTEGER ::= 23
866 TerminalType ::= INTEGER {
872 videotex (8) } (0..ub-integer-options)
874 -- Extension Domain-defined Attributes
876 teletex-domain-defined-attributes INTEGER ::= 6
878 TeletexDomainDefinedAttributes ::= SEQUENCE SIZE
879 (1..ub-domain-defined-attributes) OF TeletexDomainDefinedAttribute
881 TeletexDomainDefinedAttribute ::= SEQUENCE {
883 (SIZE (1..ub-domain-defined-attribute-type-length)),
885 (SIZE (1..ub-domain-defined-attribute-value-length)) }
887 -- specifications of Upper Bounds shall be regarded as mandatory
888 -- from Annex B of ITU-T X.411 Reference Definition of MTS Parameter
892 ub-name INTEGER ::= 32768
893 ub-common-name INTEGER ::= 64
894 ub-locality-name INTEGER ::= 128
895 ub-state-name INTEGER ::= 128
896 ub-organization-name INTEGER ::= 64
897 ub-organizational-unit-name INTEGER ::= 64
898 ub-title INTEGER ::= 64
899 ub-match INTEGER ::= 128
901 ub-emailaddress-length INTEGER ::= 128
903 ub-common-name-length INTEGER ::= 64
904 ub-country-name-alpha-length INTEGER ::= 2
905 ub-country-name-numeric-length INTEGER ::= 3
906 ub-domain-defined-attributes INTEGER ::= 4
907 ub-domain-defined-attribute-type-length INTEGER ::= 8
908 ub-domain-defined-attribute-value-length INTEGER ::= 128
909 ub-domain-name-length INTEGER ::= 16
910 ub-extension-attributes INTEGER ::= 256
911 ub-e163-4-number-length INTEGER ::= 15
912 ub-e163-4-sub-address-length INTEGER ::= 40
913 ub-generation-qualifier-length INTEGER ::= 3
914 ub-given-name-length INTEGER ::= 16
915 ub-initials-length INTEGER ::= 5
916 ub-integer-options INTEGER ::= 256
917 ub-numeric-user-id-length INTEGER ::= 32
918 ub-organization-name-length INTEGER ::= 64
919 ub-organizational-unit-name-length INTEGER ::= 32
920 ub-organizational-units INTEGER ::= 4
921 ub-pds-name-length INTEGER ::= 16
922 ub-pds-parameter-length INTEGER ::= 30
923 ub-pds-physical-address-lines INTEGER ::= 6
924 ub-postal-code-length INTEGER ::= 16
925 ub-surname-length INTEGER ::= 40
926 ub-terminal-id-length INTEGER ::= 24
927 ub-unformatted-address-length INTEGER ::= 180
928 ub-x121-address-length INTEGER ::= 16
930 -- Note - upper bounds on string types, such as TeletexString, are
931 -- measured in characters. Excepting PrintableString or IA5String, a
932 -- significantly greater number of octets will be required to hold
933 -- such a value. As a minimum, 16 octets, or twice the specified upper
934 -- bound, whichever is the larger, should be allowed for TeletexString.
935 -- For UTF8String or UniversalString at least four times the upper
936 -- bound should be allowed.
940 -- END of PKIX1Implicit88
945 -- Cryptographic Message Syntax
947 ContentInfo ::= SEQUENCE {
948 contentType ContentType,
949 content [0] EXPLICIT ANY DEFINED BY contentType }
951 ContentType ::= OBJECT IDENTIFIER
953 SignedData ::= SEQUENCE {
955 digestAlgorithms DigestAlgorithmIdentifiers,
956 encapContentInfo EncapsulatedContentInfo,
957 certificates [0] IMPLICIT CertificateSet OPTIONAL,
958 crls [1] IMPLICIT CertificateRevocationLists OPTIONAL,
959 signerInfos SignerInfos
962 CMSVersion ::= INTEGER { v0(0), v1(1), v2(2), v3(3), v4(4) }
964 DigestAlgorithmIdentifiers ::= SET OF DigestAlgorithmIdentifier
966 DigestAlgorithmIdentifier ::= AlgorithmIdentifier
968 EncapsulatedContentInfo ::= SEQUENCE {
969 eContentType ContentType,
970 eContent [0] EXPLICIT OCTET STRING OPTIONAL }
972 CertificateRevocationLists ::= SET OF CertificateList
974 CertificateChoices ::= CHOICE {
975 certificate Certificate
978 CertificateSet ::= SET OF CertificateChoices
980 SignerInfos ::= SET OF ANY -- this is not correct but we don't use it