1
PKIX1Explicit88 { iso(1) identified-organization(3) dod(6) internet(1)
2
security(5) mechanisms(5) pkix(7) id-mod(0) id-pkix1-explicit(18) }
4
DEFINITIONS EXPLICIT TAGS ::=
12
-- UNIVERSAL Types defined in 1993 and 1998 ASN.1
13
-- and required by this specification
15
-- UniversalString ::= [UNIVERSAL 28] IMPLICIT OCTET STRING
16
-- UniversalString is defined in ASN.1:1993
18
-- BMPString ::= [UNIVERSAL 30] IMPLICIT OCTET STRING
19
-- BMPString is the subtype of UniversalString and models
20
-- the Basic Multilingual Plane of ISO/IEC/ITU 10646-1
22
--UTF8String ::= [UNIVERSAL 12] IMPLICIT OCTET STRING
23
-- The content of this type conforms to RFC 2279.
27
id-pkix OBJECT IDENTIFIER ::=
28
{ iso(1) identified-organization(3) dod(6) internet(1)
29
security(5) mechanisms(5) pkix(7) }
33
id-pe OBJECT IDENTIFIER ::= { id-pkix 1 }
34
-- arc for private certificate extensions
35
id-qt OBJECT IDENTIFIER ::= { id-pkix 2 }
36
-- arc for policy qualifier types
37
id-kp OBJECT IDENTIFIER ::= { id-pkix 3 }
38
-- arc for extended key purpose OIDS
39
id-ad OBJECT IDENTIFIER ::= { id-pkix 48 }
40
-- arc for access descriptors
42
-- policyQualifierIds for Internet policy qualifiers
44
id-qt-cps OBJECT IDENTIFIER ::= { id-qt 1 }
45
-- OID for CPS qualifier
46
id-qt-unotice OBJECT IDENTIFIER ::= { id-qt 2 }
47
-- OID for user notice qualifier
49
-- access descriptor definitions
51
id-ad-ocsp OBJECT IDENTIFIER ::= { id-ad 1 }
52
id-ad-caIssuers OBJECT IDENTIFIER ::= { id-ad 2 }
53
id-ad-timeStamping OBJECT IDENTIFIER ::= { id-ad 3 }
54
id-ad-caRepository OBJECT IDENTIFIER ::= { id-ad 5 }
56
-- attribute data types
58
Attribute ::= SEQUENCE {
60
values SET OF AttributeValue }
61
-- at least one value is required
63
AttributeType ::= OBJECT IDENTIFIER
65
AttributeValue ::= ANY
67
AttributeTypeAndValue ::= SEQUENCE {
69
value AttributeValue }
71
-- suggested naming attributes: Definition of the following
72
-- information object set may be augmented to meet local
73
-- requirements. Note that deleting members of the set may
74
-- prevent interoperability with conforming implementations.
75
-- presented in pairs: the AttributeType followed by the
76
-- type definition for the corresponding AttributeValue
77
--Arc for standard naming attributes
78
id-at OBJECT IDENTIFIER ::= { joint-iso-ccitt(2) ds(5) 4 }
80
-- Naming attributes of type X520name
82
id-at-name AttributeType ::= { id-at 41 }
83
id-at-surname AttributeType ::= { id-at 4 }
84
id-at-givenName AttributeType ::= { id-at 42 }
85
id-at-initials AttributeType ::= { id-at 43 }
86
id-at-generationQualifier AttributeType ::= { id-at 44 }
89
teletexString TeletexString (SIZE (1..ub-name)),
90
printableString PrintableString (SIZE (1..ub-name)),
91
universalString UniversalString (SIZE (1..ub-name)),
92
utf8String UTF8String (SIZE (1..ub-name)),
93
bmpString BMPString (SIZE (1..ub-name)) }
95
-- Naming attributes of type X520CommonName
97
id-at-commonName AttributeType ::= { id-at 3 }
99
X520CommonName ::= CHOICE {
100
teletexString TeletexString (SIZE (1..ub-common-name)),
101
printableString PrintableString (SIZE (1..ub-common-name)),
102
universalString UniversalString (SIZE (1..ub-common-name)),
103
utf8String UTF8String (SIZE (1..ub-common-name)),
104
bmpString BMPString (SIZE (1..ub-common-name)) }
106
-- Naming attributes of type X520LocalityName
108
id-at-localityName AttributeType ::= { id-at 7 }
110
X520LocalityName ::= CHOICE {
111
teletexString TeletexString (SIZE (1..ub-locality-name)),
112
printableString PrintableString (SIZE (1..ub-locality-name)),
113
universalString UniversalString (SIZE (1..ub-locality-name)),
114
utf8String UTF8String (SIZE (1..ub-locality-name)),
115
bmpString BMPString (SIZE (1..ub-locality-name)) }
117
-- Naming attributes of type X520StateOrProvinceName
119
id-at-stateOrProvinceName AttributeType ::= { id-at 8 }
121
X520StateOrProvinceName ::= CHOICE {
122
teletexString TeletexString (SIZE (1..ub-state-name)),
123
printableString PrintableString (SIZE (1..ub-state-name)),
124
universalString UniversalString (SIZE (1..ub-state-name)),
125
utf8String UTF8String (SIZE (1..ub-state-name)),
126
bmpString BMPString (SIZE(1..ub-state-name)) }
128
-- Naming attributes of type X520OrganizationName
130
id-at-organizationName AttributeType ::= { id-at 10 }
132
X520OrganizationName ::= CHOICE {
133
teletexString TeletexString
134
(SIZE (1..ub-organization-name)),
135
printableString PrintableString
136
(SIZE (1..ub-organization-name)),
137
universalString UniversalString
138
(SIZE (1..ub-organization-name)),
139
utf8String UTF8String
140
(SIZE (1..ub-organization-name)),
142
(SIZE (1..ub-organization-name)) }
144
-- Naming attributes of type X520OrganizationalUnitName
146
id-at-organizationalUnitName AttributeType ::= { id-at 11 }
148
X520OrganizationalUnitName ::= CHOICE {
149
teletexString TeletexString
150
(SIZE (1..ub-organizational-unit-name)),
151
printableString PrintableString
152
(SIZE (1..ub-organizational-unit-name)),
153
universalString UniversalString
154
(SIZE (1..ub-organizational-unit-name)),
155
utf8String UTF8String
156
(SIZE (1..ub-organizational-unit-name)),
158
(SIZE (1..ub-organizational-unit-name)) }
160
-- Naming attributes of type X520Title
162
id-at-title AttributeType ::= { id-at 12 }
164
X520Title ::= CHOICE {
165
teletexString TeletexString (SIZE (1..ub-title)),
166
printableString PrintableString (SIZE (1..ub-title)),
167
universalString UniversalString (SIZE (1..ub-title)),
168
utf8String UTF8String (SIZE (1..ub-title)),
169
bmpString BMPString (SIZE (1..ub-title)) }
171
-- Naming attributes of type X520dnQualifier
173
id-at-dnQualifier AttributeType ::= { id-at 46 }
175
X520dnQualifier ::= PrintableString
177
-- Naming attributes of type X520countryName (digraph from IS 3166)
179
id-at-countryName AttributeType ::= { id-at 6 }
181
X520countryName ::= PrintableString (SIZE (2))
183
-- Naming attributes of type X520SerialNumber
185
id-at-serialNumber AttributeType ::= { id-at 5 }
187
X520SerialNumber ::= PrintableString (SIZE (1..ub-serial-number))
189
-- Naming attributes of type X520Pseudonym
191
id-at-pseudonym AttributeType ::= { id-at 65 }
193
X520Pseudonym ::= CHOICE {
194
teletexString TeletexString (SIZE (1..ub-pseudonym)),
195
printableString PrintableString (SIZE (1..ub-pseudonym)),
196
universalString UniversalString (SIZE (1..ub-pseudonym)),
197
utf8String UTF8String (SIZE (1..ub-pseudonym)),
198
bmpString BMPString (SIZE (1..ub-pseudonym)) }
200
-- Naming attributes of type DomainComponent (from RFC 2247)
202
id-domainComponent AttributeType ::=
203
{ 0 9 2342 19200300 100 1 25 }
205
DomainComponent ::= IA5String
209
pkcs-9 OBJECT IDENTIFIER ::=
210
{ iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) 9 }
212
id-emailAddress AttributeType ::= { pkcs-9 1 }
214
EmailAddress ::= IA5String (SIZE (1..ub-emailaddress-length))
216
-- naming data types --
218
Name ::= CHOICE { -- only one possibility for now --
219
rdnSequence RDNSequence }
221
RDNSequence ::= SEQUENCE OF RelativeDistinguishedName
223
DistinguishedName ::= RDNSequence
225
RelativeDistinguishedName ::=
226
SET SIZE (1 .. MAX) OF AttributeTypeAndValue
228
-- Directory string type --
230
DirectoryString ::= CHOICE {
231
teletexString TeletexString (SIZE (1..MAX)),
232
printableString PrintableString (SIZE (1..MAX)),
233
universalString UniversalString (SIZE (1..MAX)),
234
utf8String UTF8String (SIZE (1..MAX)),
235
bmpString BMPString (SIZE (1..MAX)) }
237
-- certificate and CRL specific structures begin here
239
Certificate ::= SEQUENCE {
240
tbsCertificate TBSCertificate,
241
signatureAlgorithm AlgorithmIdentifier,
242
signature BIT STRING }
244
TBSCertificate ::= SEQUENCE {
245
version [0] Version DEFAULT v1,
246
serialNumber CertificateSerialNumber,
247
signature AlgorithmIdentifier,
251
subjectPublicKeyInfo SubjectPublicKeyInfo,
252
issuerUniqueID [1] IMPLICIT UniqueIdentifier OPTIONAL,
253
-- If present, version MUST be v2 or v3
254
subjectUniqueID [2] IMPLICIT UniqueIdentifier OPTIONAL,
255
-- If present, version MUST be v2 or v3
256
extensions [3] Extensions OPTIONAL
257
-- If present, version MUST be v3 -- }
259
Version ::= INTEGER { v1(0), v2(1), v3(2) }
261
CertificateSerialNumber ::= INTEGER
263
Validity ::= SEQUENCE {
269
generalTime GeneralizedTime }
271
UniqueIdentifier ::= BIT STRING
273
SubjectPublicKeyInfo ::= SEQUENCE {
274
algorithm AlgorithmIdentifier,
275
subjectPublicKey BIT STRING }
277
Extensions ::= SEQUENCE SIZE (1..MAX) OF Extension
279
Extension ::= SEQUENCE {
280
extnID OBJECT IDENTIFIER,
281
critical BOOLEAN DEFAULT FALSE,
282
extnValue OCTET STRING }
286
CertificateList ::= SEQUENCE {
287
tbsCertList TBSCertList,
288
signatureAlgorithm AlgorithmIdentifier,
289
signature BIT STRING }
291
TBSCertList ::= SEQUENCE {
292
version Version OPTIONAL,
293
-- if present, MUST be v2
294
signature AlgorithmIdentifier,
297
nextUpdate Time OPTIONAL,
298
revokedCertificates SEQUENCE OF SEQUENCE {
299
userCertificate CertificateSerialNumber,
301
crlEntryExtensions Extensions OPTIONAL
302
-- if present, MUST be v2
304
crlExtensions [0] Extensions OPTIONAL }
305
-- if present, MUST be v2
307
-- Version, Time, CertificateSerialNumber, and Extensions were
308
-- defined earlier for use in the certificate structure
310
AlgorithmIdentifier ::= SEQUENCE {
311
algorithm OBJECT IDENTIFIER,
312
parameters ANY DEFINED BY algorithm OPTIONAL }
313
-- contains a value of the type
314
-- registered for use with the
315
-- algorithm object identifier value
317
-- X.400 address syntax starts here
319
ORAddress ::= SEQUENCE {
320
built-in-standard-attributes BuiltInStandardAttributes,
321
built-in-domain-defined-attributes
322
BuiltInDomainDefinedAttributes OPTIONAL,
323
-- see also teletex-domain-defined-attributes
324
extension-attributes ExtensionAttributes OPTIONAL }
326
-- Built-in Standard Attributes
328
BuiltInStandardAttributes ::= SEQUENCE {
329
country-name CountryName OPTIONAL,
330
administration-domain-name AdministrationDomainName OPTIONAL,
331
network-address [0] IMPLICIT NetworkAddress OPTIONAL,
332
-- see also extended-network-address
333
terminal-identifier [1] IMPLICIT TerminalIdentifier OPTIONAL,
334
private-domain-name [2] PrivateDomainName OPTIONAL,
335
organization-name [3] IMPLICIT OrganizationName OPTIONAL,
336
-- see also teletex-organization-name
337
numeric-user-identifier [4] IMPLICIT NumericUserIdentifier
339
personal-name [5] IMPLICIT PersonalName OPTIONAL,
340
-- see also teletex-personal-name
341
organizational-unit-names [6] IMPLICIT OrganizationalUnitNames
343
-- see also teletex-organizational-unit-names
345
CountryName ::= [APPLICATION 1] CHOICE {
346
x121-dcc-code NumericString
347
(SIZE (ub-country-name-numeric-length)),
348
iso-3166-alpha2-code PrintableString
349
(SIZE (ub-country-name-alpha-length)) }
351
AdministrationDomainName ::= [APPLICATION 2] CHOICE {
352
numeric NumericString (SIZE (0..ub-domain-name-length)),
353
printable PrintableString (SIZE (0..ub-domain-name-length)) }
355
NetworkAddress ::= X121Address -- see also extended-network-address
357
X121Address ::= NumericString (SIZE (1..ub-x121-address-length))
359
TerminalIdentifier ::= PrintableString (SIZE
360
(1..ub-terminal-id-length))
362
PrivateDomainName ::= CHOICE {
363
numeric NumericString (SIZE (1..ub-domain-name-length)),
364
printable PrintableString (SIZE (1..ub-domain-name-length)) }
366
OrganizationName ::= PrintableString
367
(SIZE (1..ub-organization-name-length))
368
-- see also teletex-organization-name
370
NumericUserIdentifier ::= NumericString
371
(SIZE (1..ub-numeric-user-id-length))
373
PersonalName ::= SET {
374
surname [0] IMPLICIT PrintableString
375
(SIZE (1..ub-surname-length)),
376
given-name [1] IMPLICIT PrintableString
377
(SIZE (1..ub-given-name-length)) OPTIONAL,
378
initials [2] IMPLICIT PrintableString
379
(SIZE (1..ub-initials-length)) OPTIONAL,
380
generation-qualifier [3] IMPLICIT PrintableString
381
(SIZE (1..ub-generation-qualifier-length))
383
-- see also teletex-personal-name
385
OrganizationalUnitNames ::= SEQUENCE SIZE (1..ub-organizational-units)
386
OF OrganizationalUnitName
387
-- see also teletex-organizational-unit-names
389
OrganizationalUnitName ::= PrintableString (SIZE
390
(1..ub-organizational-unit-name-length))
392
-- Built-in Domain-defined Attributes
394
BuiltInDomainDefinedAttributes ::= SEQUENCE SIZE
395
(1..ub-domain-defined-attributes) OF
396
BuiltInDomainDefinedAttribute
398
BuiltInDomainDefinedAttribute ::= SEQUENCE {
399
type PrintableString (SIZE
400
(1..ub-domain-defined-attribute-type-length)),
401
value PrintableString (SIZE
402
(1..ub-domain-defined-attribute-value-length)) }
404
-- Extension Attributes
406
ExtensionAttributes ::= SET SIZE (1..ub-extension-attributes) OF
409
ExtensionAttribute ::= SEQUENCE {
410
extension-attribute-type [0] IMPLICIT INTEGER
411
(0..ub-extension-attributes),
412
extension-attribute-value [1]
413
ANY DEFINED BY extension-attribute-type }
415
-- Extension types and attribute values
417
common-name INTEGER ::= 1
419
CommonName ::= PrintableString (SIZE (1..ub-common-name-length))
421
teletex-common-name INTEGER ::= 2
423
TeletexCommonName ::= TeletexString (SIZE (1..ub-common-name-length))
425
teletex-organization-name INTEGER ::= 3
427
TeletexOrganizationName ::=
428
TeletexString (SIZE (1..ub-organization-name-length))
430
teletex-personal-name INTEGER ::= 4
432
TeletexPersonalName ::= SET {
433
surname [0] IMPLICIT TeletexString
434
(SIZE (1..ub-surname-length)),
435
given-name [1] IMPLICIT TeletexString
436
(SIZE (1..ub-given-name-length)) OPTIONAL,
437
initials [2] IMPLICIT TeletexString
438
(SIZE (1..ub-initials-length)) OPTIONAL,
439
generation-qualifier [3] IMPLICIT TeletexString
440
(SIZE (1..ub-generation-qualifier-length))
443
teletex-organizational-unit-names INTEGER ::= 5
445
TeletexOrganizationalUnitNames ::= SEQUENCE SIZE
446
(1..ub-organizational-units) OF TeletexOrganizationalUnitName
448
TeletexOrganizationalUnitName ::= TeletexString
449
(SIZE (1..ub-organizational-unit-name-length))
451
pds-name INTEGER ::= 7
453
PDSName ::= PrintableString (SIZE (1..ub-pds-name-length))
455
physical-delivery-country-name INTEGER ::= 8
457
PhysicalDeliveryCountryName ::= CHOICE {
458
x121-dcc-code NumericString (SIZE
459
(ub-country-name-numeric-length)),
460
iso-3166-alpha2-code PrintableString
461
(SIZE (ub-country-name-alpha-length)) }
463
postal-code INTEGER ::= 9
465
PostalCode ::= CHOICE {
466
numeric-code NumericString (SIZE (1..ub-postal-code-length)),
467
printable-code PrintableString (SIZE (1..ub-postal-code-length)) }
469
physical-delivery-office-name INTEGER ::= 10
471
PhysicalDeliveryOfficeName ::= PDSParameter
473
physical-delivery-office-number INTEGER ::= 11
475
PhysicalDeliveryOfficeNumber ::= PDSParameter
477
extension-OR-address-components INTEGER ::= 12
479
ExtensionORAddressComponents ::= PDSParameter
481
physical-delivery-personal-name INTEGER ::= 13
483
PhysicalDeliveryPersonalName ::= PDSParameter
485
physical-delivery-organization-name INTEGER ::= 14
487
PhysicalDeliveryOrganizationName ::= PDSParameter
489
extension-physical-delivery-address-components INTEGER ::= 15
491
ExtensionPhysicalDeliveryAddressComponents ::= PDSParameter
493
unformatted-postal-address INTEGER ::= 16
495
UnformattedPostalAddress ::= SET {
496
printable-address SEQUENCE SIZE (1..ub-pds-physical-address-lines)
497
OF PrintableString (SIZE (1..ub-pds-parameter-length))
499
teletex-string TeletexString
500
(SIZE (1..ub-unformatted-address-length)) OPTIONAL }
502
street-address INTEGER ::= 17
504
StreetAddress ::= PDSParameter
506
post-office-box-address INTEGER ::= 18
508
PostOfficeBoxAddress ::= PDSParameter
510
poste-restante-address INTEGER ::= 19
512
PosteRestanteAddress ::= PDSParameter
514
unique-postal-name INTEGER ::= 20
516
UniquePostalName ::= PDSParameter
518
local-postal-attributes INTEGER ::= 21
520
LocalPostalAttributes ::= PDSParameter
522
PDSParameter ::= SET {
523
printable-string PrintableString
524
(SIZE(1..ub-pds-parameter-length)) OPTIONAL,
525
teletex-string TeletexString
526
(SIZE(1..ub-pds-parameter-length)) OPTIONAL }
528
extended-network-address INTEGER ::= 22
530
ExtendedNetworkAddress ::= CHOICE {
531
e163-4-address SEQUENCE {
532
number [0] IMPLICIT NumericString
533
(SIZE (1..ub-e163-4-number-length)),
534
sub-address [1] IMPLICIT NumericString
535
(SIZE (1..ub-e163-4-sub-address-length))
537
psap-address [0] IMPLICIT PresentationAddress }
539
PresentationAddress ::= SEQUENCE {
540
pSelector [0] EXPLICIT OCTET STRING OPTIONAL,
541
sSelector [1] EXPLICIT OCTET STRING OPTIONAL,
542
tSelector [2] EXPLICIT OCTET STRING OPTIONAL,
543
nAddresses [3] EXPLICIT SET SIZE (1..MAX) OF OCTET STRING }
545
terminal-type INTEGER ::= 23
547
TerminalType ::= INTEGER {
553
videotex (8) } (0..ub-integer-options)
555
-- Extension Domain-defined Attributes
557
teletex-domain-defined-attributes INTEGER ::= 6
559
TeletexDomainDefinedAttributes ::= SEQUENCE SIZE
560
(1..ub-domain-defined-attributes) OF TeletexDomainDefinedAttribute
562
TeletexDomainDefinedAttribute ::= SEQUENCE {
564
(SIZE (1..ub-domain-defined-attribute-type-length)),
566
(SIZE (1..ub-domain-defined-attribute-value-length)) }
568
-- specifications of Upper Bounds MUST be regarded as mandatory
569
-- from Annex B of ITU-T X.411 Reference Definition of MTS Parameter
573
ub-name INTEGER ::= 32768
574
ub-common-name INTEGER ::= 64
575
ub-locality-name INTEGER ::= 128
576
ub-state-name INTEGER ::= 128
577
ub-organization-name INTEGER ::= 64
578
ub-organizational-unit-name INTEGER ::= 64
579
ub-title INTEGER ::= 64
580
ub-serial-number INTEGER ::= 64
581
ub-match INTEGER ::= 128
582
ub-emailaddress-length INTEGER ::= 128
583
ub-common-name-length INTEGER ::= 64
584
ub-country-name-alpha-length INTEGER ::= 2
585
ub-country-name-numeric-length INTEGER ::= 3
586
ub-domain-defined-attributes INTEGER ::= 4
587
ub-domain-defined-attribute-type-length INTEGER ::= 8
588
ub-domain-defined-attribute-value-length INTEGER ::= 128
589
ub-domain-name-length INTEGER ::= 16
590
ub-extension-attributes INTEGER ::= 256
591
ub-e163-4-number-length INTEGER ::= 15
592
ub-e163-4-sub-address-length INTEGER ::= 40
593
ub-generation-qualifier-length INTEGER ::= 3
594
ub-given-name-length INTEGER ::= 16
595
ub-initials-length INTEGER ::= 5
596
ub-integer-options INTEGER ::= 256
597
ub-numeric-user-id-length INTEGER ::= 32
598
ub-organization-name-length INTEGER ::= 64
599
ub-organizational-unit-name-length INTEGER ::= 32
600
ub-organizational-units INTEGER ::= 4
601
ub-pds-name-length INTEGER ::= 16
602
ub-pds-parameter-length INTEGER ::= 30
603
ub-pds-physical-address-lines INTEGER ::= 6
604
ub-postal-code-length INTEGER ::= 16
605
ub-pseudonym INTEGER ::= 128
606
ub-surname-length INTEGER ::= 40
607
ub-terminal-id-length INTEGER ::= 24
608
ub-unformatted-address-length INTEGER ::= 180
609
ub-x121-address-length INTEGER ::= 16
611
-- Note - upper bounds on string types, such as TeletexString, are
612
-- measured in characters. Excepting PrintableString or IA5String, a
613
-- significantly greater number of octets will be required to hold
614
-- such a value. As a minimum, 16 octets, or twice the specified
615
-- upper bound, whichever is the larger, should be allowed for
616
-- TeletexString. For UTF8String or UniversalString at least four
617
-- times the upper bound should be allowed.