1
-- Module GulsSecurityTransformations (X.830:04/1995)
3
GulsSecurityTransformations {joint-iso-itu-t genericULS(20) modules(1)
4
gulsSecurityTransformations(3)} DEFINITIONS AUTOMATIC TAGS ::=
9
securityTransformations, notation
10
FROM ObjectIdentifiers {joint-iso-itu-t genericULS(20) modules(1)
12
SECURITY-TRANSFORMATION, SecurityIdentity
13
FROM Notation notation
15
FROM AuthenticationFramework {joint-iso-itu-t ds(5) module(1)
16
authenticationFramework(7) 3};
18
-- ***************************************
19
-- Notation for specifying key information
20
-- ***************************************
23
-- This information object class definition is for use when
24
-- specifying key information relating to particular classes
25
-- of protection mechanisms (e.g. symmetric, asymmetric).
26
-- It may be useful in defining various security transformations.
28
&kiClass CHOICE {local INTEGER,
29
-- local objects can only be defined within this
31
global OBJECT IDENTIFIER
32
-- global objects are defined elsewhere
35
}WITH SYNTAX {KEY-INFO-CLASS &kiClass
39
symmetricKeyInformation KEY-INFORMATION ::= {
40
KEY-INFO-CLASS local:0
42
SEQUENCE {entityId SecurityIdentity,
43
keyIdentifier INTEGER}
46
asymmetricKeyInformation KEY-INFORMATION ::= {
47
KEY-INFO-CLASS local:1
49
SEQUENCE {issuerCAName SecurityIdentity OPTIONAL,
50
certSerialNumber INTEGER OPTIONAL,
51
signerName SecurityIdentity OPTIONAL,
52
keyIdentifier BIT STRING OPTIONAL}
55
-- *******************************************
56
-- Directory ENCRYPTED Security Transformation
57
-- *******************************************
58
dirEncryptedTransformation SECURITY-TRANSFORMATION ::= {
59
IDENTIFIER {securityTransformations dir-encrypted(1)}
60
-- This transformation transforms a string of octets to a
61
-- new bit string using an encipherment process.
62
INITIAL-ENCODING-RULES {joint-iso-itu-t asn1(1) ber(1)}
63
XFORMED-DATA-TYPE BIT STRING
66
-- ****************************************
67
-- Directory SIGNED Security Transformation
68
-- ****************************************
69
dirSignedTransformation SECURITY-TRANSFORMATION ::= {
70
IDENTIFIER {securityTransformations dir-signed(2)}
71
INITIAL-ENCODING-RULES
72
{joint-iso-itu-t asn1(1) ber-derived(2) distinguished-encoding(1)}
78
-- this type is constrained to being the to-be-signed type -- }),
79
algorithmId AlgorithmIdentifier,
80
-- of the algorithms used to compute the signature
81
encipheredHash BIT STRING}
84
-- *******************************************
85
-- Directory SIGNATURE Security Transformation
86
-- *******************************************
87
dirSignatureTransformation SECURITY-TRANSFORMATION ::= {
88
IDENTIFIER {securityTransformations dir-signature(3)}
89
INITIAL-ENCODING-RULES
90
{joint-iso-itu-t asn1(1) ber-derived(2) distinguished-encoding(1)}
92
SEQUENCE {algorithmId AlgorithmIdentifier,
93
-- of the algorithms used to compute the signature
94
encipheredHash BIT STRING}
97
-- ***********************************
98
-- GULS SIGNED Security Transformation
99
-- ***********************************
100
gulsSignedTransformation{KEY-INFORMATION:SupportedKIClasses}
101
SECURITY-TRANSFORMATION ::= {
102
IDENTIFIER {securityTransformations guls-signed(4)}
103
INITIAL-ENCODING-RULES
104
{joint-iso-itu-t asn1(1) ber-derived(2) canonical-encoding(0)}
105
-- This default for initial encoding rules may be overridden
106
-- using a static protected parameter (initEncRules).
108
SEQUENCE {intermediateValue
111
identification (WITH COMPONENTS {
112
transfer-syntax (CONSTRAINED BY {
113
-- The transfer syntax to be used is that
114
-- indicated by the initEncRules value within
115
-- the intermediate value -- })PRESENT
117
data-value (CONTAINING IntermediateType{{SupportedKIClasses}})
119
-- The data value encoded is a value of type
125
-- the appendix value must be generated following
126
-- the procedure specified in D.4 of DIS 11586-1 -- })
130
IntermediateType{KEY-INFORMATION:SupportedKIClasses} ::= SEQUENCE {
131
unprotectedItem ABSTRACT-SYNTAX.&Type-- this type is constrained to being
132
-- the type of the unprotected item, or
133
-- BIT STRING if the unprotected item is
134
-- not derived from an ASN.1 abstract
138
DEFAULT {joint-iso-itu-t asn1(1) ber-derived(2) canonical-encoding(0)},
139
signOrSealAlgorithm AlgorithmIdentifier OPTIONAL,
140
-- Identifies the signing or
141
-- sealing algorithm, and can convey
142
-- algorithm parameters
143
hashAlgorithm AlgorithmIdentifier OPTIONAL,
144
-- Identifies a hash function,
145
-- for use if a hash function is required
146
-- and the signOrSealAlgorithm identifier
147
-- does not imply a particular hash
148
-- function. Can also convey algorithm
151
SEQUENCE {kiClass KEY-INFORMATION.&kiClass({SupportedKIClasses}),
152
keyInfo KEY-INFORMATION.&KiType({SupportedKIClasses}{@.kiClass})
154
-- Key information may assume various
155
-- formats, governed by supported members
156
-- of the KEY-INFORMATION information
157
-- object class (defined at start of the
158
-- definitive ASN.1 module)
161
-- **************************************
162
-- GULS SIGNATURE Security Transformation
163
-- **************************************
164
gulsSignatureTransformation{KEY-INFORMATION:SupportedKIClasses}
165
SECURITY-TRANSFORMATION ::= {
166
IDENTIFIER {securityTransformations guls-signature(5)}
167
INITIAL-ENCODING-RULES
168
{joint-iso-itu-t asn1(1) ber-derived(2) canonical-encoding(0)}
169
-- This default for initial encoding rules may be overridden
170
-- using a static protected parameter (initEncRules).
172
SEQUENCE {initEncRules
175
{joint-iso-itu-t asn1(1) ber-derived(2)
176
canonical-encoding(0)},
177
signOrSealAlgorithm AlgorithmIdentifier OPTIONAL,
178
-- Identifies the signing or
179
-- sealing algorithm, and can convey
180
-- algorithm parameters
181
hashAlgorithm AlgorithmIdentifier OPTIONAL,
182
-- Identifies a hash function,
183
-- for use if a hash function is required
184
-- and the signOrSealAlgorithm identifier
185
-- does not imply a particular hash
186
-- function. Can also convey algorithm parameters.
189
KEY-INFORMATION.&kiClass({SupportedKIClasses}),
191
KEY-INFORMATION.&KiType
192
({SupportedKIClasses}{@.kiClass})} OPTIONAL,
193
-- Key information may assume various
194
-- formats, governed by supported members
195
-- of the KEY-INFORMATION information
196
-- object class (defined at start of the
197
-- definitive ASN.1 module)
201
-- the appendix value must be generated following
202
-- the procedure specified in D.5 of DIS 11586-1 -- })
208
-- Generated by Asnp, the ASN.1 pretty-printer of France Telecom R&D