1
-- Module PKCS7 (X.420:06/1999)
2
-- The ASN.1 in version 1.5 of the PKCS#7 document is not defined in an ASN.1 module. This prevents an IMPORT of it into other ASN.1 modules.
3
-- This Annex contains a module of PKCS#7 ASN.1 definitions conforming to current ASN.1 standards rather than the obsolescent (and now deprecated) 1988/90 version of ASN.1 used in version 1.5 of PKCS#7.
4
-- Extensions to PKCS#7 defined in RFC 2630 are included.
5
-- If differences are found between the ASN.1 in the following module and that in PKCS#7, the latter is definitive.
6
PKCS7 {iso member-body usa(840) rsadsi(113549) pkcs(1) 7
7
module(0) -- module not currently defined in PKCS#7 --} DEFINITIONS IMPLICIT
12
-- Directory Information Framework
15
FROM InformationFramework {joint-iso-itu-t ds(5) module(1)
16
informationFramework(1) 3}
17
-- Directory Authentication Framework
18
AlgorithmIdentifier, AttributeCertificate, Certificate, CertificateList,
19
CertificateSerialNumber, HASH{}, SIGNED{}
21
FROM AuthenticationFramework {joint-iso-itu-t ds(5) module(1)
22
authenticationFramework(7) 3};
24
-- In PKCS#7 the HASHED parameterised type applies the hash function to the
25
-- contents octets component of a DER encoding of a value of the parameter.
26
-- The ENCRYPTED parameterised type is redefined here because PKCS#7 encrypted values are
27
-- defined as OCTET STRING, instead of BIT STRING as in the Directory Authentication Framework
28
ENCRYPTED{ToBeEnciphered} ::=
31
-- must be the result of applying an encipherment procedure to the contents octets component
32
-- of a definite-length BER-encoding of a value of --ToBeEnciphered})
34
ContentInfo ::= SEQUENCE {
35
content-type PKCS7-CONTENT-TYPE.&id({PKCS7ContentTable}),
36
pkcs7-content [0] PKCS7-CONTENT-TYPE.&Type({PKCS7ContentTable})
39
PKCS7-CONTENT-TYPE ::= TYPE-IDENTIFIER
41
PKCS7ContentTable PKCS7-CONTENT-TYPE ::=
42
{data | signed-data | enveloped-data | signed-and-enveloped-data |
43
digested-data | encrypted-data | authenticated-data, ...}
46
data PKCS7-CONTENT-TYPE ::= {Data
53
signed-data PKCS7-CONTENT-TYPE ::= {SignedData
54
IDENTIFIED BY id-signed-data
57
SignedData ::= SEQUENCE {
59
digestAlgorithms DigestAlgorithmIdentifiers,
60
contentInfo ContentInfo,
61
certificates [0] CertificateSet OPTIONAL,
62
crls [1] CertificateRevocationLists OPTIONAL,
63
signerInfos SignerInfos
68
DigestAlgorithmIdentifiers ::= SET OF DigestAlgorithmIdentifier
70
DigestAlgorithmIdentifier ::= AlgorithmIdentifier
72
CertificateSet ::= SET OF CertificateChoice
74
CertificateChoice ::= CHOICE {
75
certificate Certificate,
76
extendedCertificate [0] ExtendedCertificate, -- Obsolete
77
attributeCertificate [1] AttributeCertificate
80
CertificateRevocationLists ::= SET OF CertificateList
82
SignerInfos ::= SET OF SignerInfo
84
SignerInfo ::= SEQUENCE {
86
signerIdentifier SignerIdentifier,
87
digestAlgorithm DigestAlgorithmIdentifier,
88
authenticatedAttributes [0] Attributes OPTIONAL,
89
digestEncryptionAlgorithm DigestEncryptionAlgorithmIdentifier,
90
encryptedDigest EncryptedDigest,
91
unauthenticatedAttributes [1] Attributes OPTIONAL
94
SignerIdentifier ::= CHOICE {
95
issuerAndSerialNumber IssuerAndSerialNumber,
96
subjectKeyIdentifier [2] SubjectKeyIdentifier
99
IssuerAndSerialNumber ::= SEQUENCE {
101
serialNumber CertificateSerialNumber
104
SubjectKeyIdentifier ::= OCTET STRING
106
DigestEncryptionAlgorithmIdentifier ::= AlgorithmIdentifier
108
EncryptedDigest ::= ENCRYPTED{DigestInfo}
110
DigestInfo ::= SEQUENCE {
111
digestAlgorithm DigestAlgorithmIdentifier,
118
[1] PKCS7-CONTENT-TYPE.&Type({PKCS7ContentTable}),
119
authenticated-attributes [0] EXPLICIT Attributes}}
122
enveloped-data PKCS7-CONTENT-TYPE ::= {
124
IDENTIFIED BY id-enveloped-data
127
EnvelopedData ::= SEQUENCE {
129
originatorInfo [0] OriginatorInfo OPTIONAL,
130
recipientInfos RecipientInfos,
131
encryptedContentInfo EncryptedContentInfo,
132
unprotectedAttributes [1] Attributes OPTIONAL
135
OriginatorInfo ::= SEQUENCE {
136
certificates [0] CertificateSet OPTIONAL,
137
crls [1] CertificateRevocationLists OPTIONAL
140
RecipientInfos ::= SET SIZE (1..MAX) OF RecipientInfo
142
RecipientInfo ::= CHOICE {
143
keyTransportRecipientInfo KeyTransportRecipientInfo,
144
keyAgreementRecipientInfo [1] KeyAgreementRecipientInfo,
145
keyEncryptionKeyRecipientInfo [2] KeyEncryptionKeyRecipientInfo
148
KeyTransportRecipientInfo ::= SEQUENCE {
150
recipientIdentifier RecipientIdentifier,
151
keyEncryptionAlgorithm KeyEncryptionAlgorithmIdentifier,
152
encryptedKey EncryptedKey
155
RecipientIdentifier ::= CHOICE {
156
issuerAndSerialNumber IssuerAndSerialNumber,
157
subjectKeyIdentifier [0] SubjectKeyIdentifier
160
KeyEncryptionAlgorithmIdentifier ::= AlgorithmIdentifier
162
EncryptedKey ::= OCTET STRING
164
KeyAgreementRecipientInfo ::= SEQUENCE {
166
originator [0] OriginatorIdentifierOrKey,
167
userKeyingMaterial [1] EXPLICIT OCTET STRING OPTIONAL,
168
keyEncryptionAlgorithm KeyEncryptionAlgorithmIdentifier,
169
recipientEncryptedKeys RecipientEncryptedKeys
172
OriginatorIdentifierOrKey ::= CHOICE {
173
issuerAndSerialNumber IssuerAndSerialNumber,
174
subjectKeyIdentifier [0] SubjectKeyIdentifier,
175
originatorPublicKey [1] OriginatorPublicKey
178
OriginatorPublicKey ::= SEQUENCE {
179
algorithm AlgorithmIdentifier,
183
RecipientEncryptedKeys ::= SEQUENCE OF RecipientEncryptedKey
185
RecipientEncryptedKey ::= SEQUENCE {
186
recipientIdentifier KeyAgreementRecipientIdentifier,
187
encryptedKey EncryptedKey
190
KeyAgreementRecipientIdentifier ::= CHOICE {
191
issuerAndSerialNumber IssuerAndSerialNumber,
192
recipientKeyIdentifier [0] RecipientKeyIdentifier
195
RecipientKeyIdentifier ::= SEQUENCE {
196
subjectKeyIdentifier SubjectKeyIdentifier,
197
date GeneralizedTime OPTIONAL,
198
otherKeyAttribute OtherKeyAttribute OPTIONAL
201
OtherKeyAttribute ::= SEQUENCE {
202
keyAttributeIdentifier OTHER-KEY-ATTRIBUTE.&id({OtherKeyAttributeTable}),
204
OTHER-KEY-ATTRIBUTE.&Type
205
({OtherKeyAttributeTable}{@keyAttributeIdentifier}) OPTIONAL
208
OTHER-KEY-ATTRIBUTE ::= TYPE-IDENTIFIER
210
OtherKeyAttributeTable OTHER-KEY-ATTRIBUTE ::=
213
KeyEncryptionKeyRecipientInfo ::= SEQUENCE {
215
keyEncryptionKeyIdentifier KeyEncryptionKeyIdentifier,
216
keyEncryptionAlgorithm KeyEncryptionAlgorithmIdentifier,
217
encryptedKey EncryptedKey
220
KeyEncryptionKeyIdentifier ::= SEQUENCE {
221
keyIdentifier OCTET STRING,
222
date GeneralizedTime OPTIONAL,
223
otherKeyAttribute OtherKeyAttribute OPTIONAL
226
EncryptedContentInfo ::= SEQUENCE {
227
contentType PKCS7-CONTENT-TYPE.&id({PKCS7ContentTable}),
228
contentEncryptionAlgorithm ContentEncryptionAlgorithmIdentifier,
230
[0] ENCRYPTED{PKCS7-CONTENT-TYPE.&Type({PKCS7ContentTable}{@.contentType})}
234
ContentEncryptionAlgorithmIdentifier ::= AlgorithmIdentifier
236
-- Signed and Enveloped Data
237
signed-and-enveloped-data PKCS7-CONTENT-TYPE ::= {
238
SignedAndEnvelopedData
239
IDENTIFIED BY id-signed-and-enveloped-data
242
SignedAndEnvelopedData ::= SEQUENCE {
244
recipientInfos SET SIZE (1..MAX) OF KeyTransportRecipientInfo,
245
digestAlgorithms DigestAlgorithmIdentifiers,
246
encryptedContentInfo EncryptedContentInfo,
247
certificates [0] CertificateSet OPTIONAL,
248
crls [1] CertificateRevocationLists OPTIONAL,
254
signerIdentifier (WITH COMPONENTS {
255
issuerAndSerialNumber PRESENT
257
authenticatedAttributes ABSENT,
258
unauthenticatedAttributes ABSENT
263
digested-data PKCS7-CONTENT-TYPE ::= {
265
IDENTIFIED BY id-digested-data
268
DigestedData ::= SEQUENCE {
270
digestAlgorithm DigestAlgorithmIdentifier,
271
contentInfo ContentInfo,
272
digest HASH{PKCS7-CONTENT-TYPE.&Type({PKCS7ContentTable})}
276
encrypted-data PKCS7-CONTENT-TYPE ::= {
278
IDENTIFIED BY id-encrypted-data
281
EncryptedData ::= SEQUENCE {
283
encryptedContentInfo EncryptedContentInfo,
284
unprotectedAttributes [1] Attributes OPTIONAL
287
-- Authenticated Data
288
authenticated-data PKCS7-CONTENT-TYPE ::= {
290
IDENTIFIED BY id-authenticated-data
293
AuthenticatedData ::= SEQUENCE {
295
originatorInfo [0] OriginatorInfo OPTIONAL,
296
recipientInfos RecipientInfos,
297
macAlgorithm MessageAuthenticationCodeAlgorithmIdentifier,
298
digestAlgorithm [1] DigestAlgorithmIdentifier OPTIONAL,
299
contentInfo ContentInfo,
300
authenticatedAttributes [2] Attributes OPTIONAL,
301
messageAuthenticationCode MessageAuthenticationCode,
302
unauthenticatedAttributes [3] Attributes OPTIONAL
305
MessageAuthenticationCodeAlgorithmIdentifier ::= AlgorithmIdentifier
307
MessageAuthenticationCode ::= OCTET STRING
309
-- Object Identifiers
310
id-pkcs OBJECT IDENTIFIER ::=
311
{iso member-body usa(840) rsadsi(113549) pkcs(1)}
313
id-data OBJECT IDENTIFIER ::= {id-pkcs 7 1}
315
id-signed-data OBJECT IDENTIFIER ::= {id-pkcs 7 2}
317
id-enveloped-data OBJECT IDENTIFIER ::= {id-pkcs 7 3}
319
id-signed-and-enveloped-data OBJECT IDENTIFIER ::= {id-pkcs 7 4}
321
id-digested-data OBJECT IDENTIFIER ::= {id-pkcs 7 5}
323
id-encrypted-data OBJECT IDENTIFIER ::= {id-pkcs 7 6}
325
id-authenticated-data OBJECT IDENTIFIER ::= {id-pkcs 9 16 1 2}
327
-- Definitions from PKCS#6
328
ExtendedCertificate ::=
329
SIGNED{ExtendedCertificateInfo}
331
ExtendedCertificateInfo ::= SEQUENCE {
333
certificate Certificate,
334
attributes Attributes
337
Attributes ::= SET OF Attribute
341
-- Generated by Asnp, the ASN.1 pretty-printer of France Telecom R&D