pkcs-15v1_1.asn

读写Smart卡加解密接口的程序

    spki SubjectPublicKeyInfo, -- See X.509. Must contain a public EC key
    ...
}

PublicDHKeyAttributes ::= SEQUENCE {
    value  	ObjectValue {DHPublicKeyChoice},
    keyInfo 	KeyInfo {DomainParameters, PublicKeyOperations} OPTIONAL,
    ... -- For future extensions
}

DHPublicKeyChoice ::= CHOICE {
    raw	 DiffieHellmanPublicNumber,
    spki SubjectPublicKeyInfo, -- See X.509. Must contain a public D-H key
    ...
}

PublicDSAKeyAttributes ::= SEQUENCE {
    value  	ObjectValue {DSAPublicKeyChoice},
    keyInfo 	KeyInfo {DomainParameters, PublicKeyOperations} OPTIONAL,
    ... -- For future extensions
}

DSAPublicKeyChoice ::= CHOICE {
    raw	 INTEGER,
    spki SubjectPublicKeyInfo, -- See X.509. Must contain a public DSA key.
    ...
}

PublicKEAKeyAttributes ::= SEQUENCE {
    value  	ObjectValue {KEAPublicKeyChoice},
    keyInfo 	KeyInfo {DomainParameters, PublicKeyOperations} OPTIONAL,
    ... -- For future extensions
}

KEAPublicKeyChoice ::= CHOICE {
    raw	 INTEGER,
    spki SubjectPublicKeyInfo, -- See X.509. Must contain a public KEA key
    ...
}

SecretKeyType ::= CHOICE {
    genericSecretKey	SecretKeyObject {GenericSecretKeyAttributes},
    rc2key 		[0] SecretKeyObject {GenericSecretKeyAttributes},
    rc4key 		[1] SecretKeyObject {GenericSecretKeyAttributes},
    desKey 		[2] SecretKeyObject {GenericSecretKeyAttributes},
    des2Key		[3] SecretKeyObject {GenericSecretKeyAttributes},
    des3Key    	        [4] SecretKeyObject {GenericSecretKeyAttributes}, 
    castKey 		[5] SecretKeyObject {GenericSecretKeyAttributes},
    cast3Key 		[6] SecretKeyObject {GenericSecretKeyAttributes},
    cast128Key  	[7] SecretKeyObject {GenericSecretKeyAttributes},
    rc5Key  		[8] SecretKeyObject {GenericSecretKeyAttributes},
    ideaKey 		[9] SecretKeyObject {GenericSecretKeyAttributes},
    skipjackKey 	[10] SecretKeyObject {GenericSecretKeyAttributes},
    batonKey		[11] SecretKeyObject {GenericSecretKeyAttributes},
    juniperKey  	[12] SecretKeyObject {GenericSecretKeyAttributes},
    rc6Key 		[13] SecretKeyObject {GenericSecretKeyAttributes},
    otherKey		[14] OtherKey,
... -- For future extensions
}

SecretKeyObject {KeyAttributes} ::= PKCS15Object { 
     CommonKeyAttributes, CommonSecretKeyAttributes, KeyAttributes}

OtherKey ::= SEQUENCE {
    keyType	OBJECT IDENTIFIER,
    keyAttr	SecretKeyObject {GenericSecretKeyAttributes}
}

GenericSecretKeyAttributes ::= SEQUENCE {
    value	ObjectValue { OCTET STRING },
    ... -- For future extensions
}

CertificateType ::= CHOICE {
    x509Certificate  	CertificateObject { X509CertificateAttributes},
    x509AttributeCertificate [0] CertificateObject
                        {X509AttributeCertificateAttributes}, 
    spkiCertificate 	[1] CertificateObject {SPKICertificateAttributes},
    pgpCertificate  	[2] CertificateObject {PGPCertificateAttributes},
    wtlsCertificate 	[3] CertificateObject {WTLSCertificateAttributes},
    x9-68Certificate 	[4] CertificateObject {X9-68CertificateAttributes},
    ...,
    cvCertificate	[5] CertificateObject {CVCertificateAttributes}
}

CertificateObject {CertAttributes} ::= PKCS15Object { 
    CommonCertificateAttributes, NULL, CertAttributes}

X509CertificateAttributes ::= SEQUENCE {
    value		ObjectValue { Certificate },
    subject  		Name OPTIONAL,
    issuer 		[0] Name OPTIONAL,
    serialNumber 	CertificateSerialNumber OPTIONAL,
    ... -- For future extensions
}

X509AttributeCertificateAttributes ::= SEQUENCE {
    value	ObjectValue { AttributeCertificate },
    issuer	GeneralNames OPTIONAL,
    serialNumber CertificateSerialNumber OPTIONAL,
    attrTypes 	[0] SEQUENCE OF OBJECT IDENTIFIER OPTIONAL,
    ... -- For future extensions
}

SPKICertificateAttributes ::= SEQUENCE {
    value	ObjectValue { PKCS15-OPAQUE.&Type },
    ... -- For future extensions
}

PGPCertificateAttributes ::= SEQUENCE {
    value	ObjectValue { PKCS15-OPAQUE.&Type },
    ... -- For future extensions
}

WTLSCertificateAttributes ::= SEQUENCE {
    value	ObjectValue { PKCS15-OPAQUE.&Type },
    ... -- For future extensions
}

X9-68CertificateAttributes ::= SEQUENCE {
    value	ObjectValue { PKCS15-OPAQUE.&Type },
    ... -- For future extensions
}
CVCertificateAttributes ::= SEQUENCE {
    value	ObjectValue { PKCS15-OPAQUE.&Type},
    ... -- For future extensions
}

DataType ::= CHOICE {
    opaqueDO	DataObject {Opaque},
    externalIDO	[0] DataObject {ExternalIDO},
    oidDO  	[1] DataObject {OidDO},
    ... -- For future extensions
}

DataObject {DataObjectAttributes} ::= PKCS15Object { 
    CommonDataObjectAttributes, NULL, DataObjectAttributes}

Opaque ::= ObjectValue {PKCS15-OPAQUE.&Type}

ExternalIDO ::= ObjectValue {PKCS15-OPAQUE.&Type}
    (CONSTRAINED BY {-- All data objects must be defined in
    -- accordance with ISO/IEC 7816-6 --}) 

OidDO ::= SEQUENCE {
    id		OBJECT IDENTIFIER,
    value 	ObjectValue {PKCS15-OPAQUE.&Type}
}

AuthenticationType ::= CHOICE {
    pin	AuthenticationObject { PinAttributes },
    ...,
    biometricTemplate [0] AuthenticationObject {BiometricAttributes},
    authKey  [1] AuthenticationObject {AuthKeyAttributes},
    external [2] AuthenticationObject {ExternalAuthObjectAttributes}
}

AuthenticationObject {AuthObjectAttributes} ::= PKCS15Object { 
    CommonAuthenticationObjectAttributes, NULL, AuthObjectAttributes}

PinAttributes ::= SEQUENCE {
    pinFlags  	  PinFlags,
    pinType  	  PinType,
    minLength 	  INTEGER (pkcs15-lb-minPinLength..pkcs15-ub-minPinLength),
    storedLength  INTEGER (0..pkcs15-ub-storedPinLength),
    maxLength 	  INTEGER OPTIONAL,
    pinReference  [0] Reference DEFAULT 0,
    padChar  	  OCTET STRING (SIZE(1)) OPTIONAL,
    lastPinChange GeneralizedTime OPTIONAL,
    path 	  Path OPTIONAL,
    ... -- For future extensions
}

PinFlags ::= BIT STRING {
    case-sensitive		(0),
    local 			(1),
    change-disabled 		(2),
    unblock-disabled 		(3),
    initialized  		(4),
    needs-padding 		(5),
    unblockingPin 		(6),
    soPin 			(7),
    disable-allowed 		(8),
    integrity-protected		(9),
    confidentiality-protected	(10),
    exchangeRefData		(11)
} (CONSTRAINED BY { -- 'unblockingPin' and 'soPIN' cannot both be set -- })

PinType ::= ENUMERATED {bcd, ascii-numeric, utf8, ...,
    half-nibble-bcd, iso9564-1}

BiometricAttributes ::= SEQUENCE {
    bioFlags		BiometricFlags,
    templateId		OBJECT IDENTIFIER,
    bioType		BiometricType,
    bioReference	Reference DEFAULT 0,
    lastChange		GeneralizedTime OPTIONAL,
    path		Path OPTIONAL,
... -- For future extensions
}

BiometricFlags ::= BIT STRING {
    local		(1),
    change-disabled	(2),
    unblock-disabled	(3),
    initialized		(4),
    disable-allowed	(8),
    integrity-protected	(9),
    confidentiality-protected	(10)
    } -- Note: bits 0, 5, 6, and 7 are reserved for future use

BiometricType ::= CHOICE {
    fingerPrint		FingerPrint,
    irisScan		[0] IrisScan,
    -- Possible extensions:
    -- voiceScan	VoiceScan,
    -- faceScan		FaceScan,
    -- retinaScan	Retinascan,
    -- handGeometry	HandGeometry,
    -- writeDynamics	WriteDynamics,
    -- keyStrokeDynamicsKeyStrokeDynamics,
    -- lipDynamics	LipDynamics,
    ... -- For future extensions
}

FingerPrint ::= SEQUENCE {
    hand	ENUMERATED {left, right},
    finger	ENUMERATED {thumb, pointerFinger, middleFinger,
                    ringFinger, littleFinger}, 
    ...
}

IrisScan ::= SEQUENCE {
    eye	ENUMERATED {left, right},
    ...
}

ExternalAuthObjectAttributes ::= CHOICE {
    authKeyAttributes	AuthKeyAttributes,
    certBasedAttributes	[0] CertBasedAuthenticationAttributes,
    ... -- For future extensions
}

AuthKeyAttributes ::= SEQUENCE {
    derivedKey	BOOLEAN DEFAULT TRUE,
    authKeyId	Identifier,
    ... -- For future extensions
}

CertBasedAuthenticationAttributes ::= SEQUENCE {
    cha	OCTET STRING,
    ...
}

TokenInfo ::= SEQUENCE {
    version		INTEGER {v1(0)} (v1,...),
    serialNumber	OCTET STRING,
    manufacturerID 	Label OPTIONAL,
    label 		[0] Label OPTIONAL,
    tokenflags 		TokenFlags,
    seInfo 		SEQUENCE OF SecurityEnvironmentInfo OPTIONAL,
    recordInfo 		[1] RecordInfo OPTIONAL,
    supportedAlgorithms	[2] SEQUENCE OF AlgorithmInfo OPTIONAL,
    ...,
    issuerId		[3] Label OPTIONAL,
    holderId		[4] Label OPTIONAL,
    lastUpdate		[5] LastUpdate OPTIONAL,
    preferredLanguage	PrintableString OPTIONAL -- In accordance with
    -- IETF RFC 1766 
} (CONSTRAINED BY { -- Each AlgorithmInfo.reference value must be unique --})

TokenFlags ::= BIT STRING {
    readonly		(0),
    loginRequired 	(1),
    prnGeneration 	(2),
    eidCompliant  	(3)
}

SecurityEnvironmentInfo ::= SEQUENCE {
    se		INTEGER (0..pkcs15-ub-seInfo),
    owner 	OBJECT IDENTIFIER,
    ... -- For future extensions
}

RecordInfo ::= SEQUENCE {
    oDFRecordLength  	[0] INTEGER (0..pkcs15-ub-recordLength) OPTIONAL,
    prKDFRecordLength 	[1] INTEGER (0..pkcs15-ub-recordLength) OPTIONAL,
    puKDFRecordLength	[2] INTEGER (0..pkcs15-ub-recordLength) OPTIONAL,
    sKDFRecordLength 	[3] INTEGER (0..pkcs15-ub-recordLength) OPTIONAL,
    cDFRecordLength  	[4] INTEGER (0..pkcs15-ub-recordLength) OPTIONAL,
    dODFRecordLength 	[5] INTEGER (0..pkcs15-ub-recordLength) OPTIONAL,
    aODFRecordLength 	[6] INTEGER (0..pkcs15-ub-recordLength) OPTIONAL
}

AlgorithmInfo ::= SEQUENCE {
    reference  	Reference,
    algorithm  	PKCS15-ALGORITHM.&id({AlgorithmSet}),
    parameters 	PKCS15-ALGORITHM.&Parameters({AlgorithmSet}{@algorithm}),
    supportedOperations
        	PKCS15-ALGORITHM.&Operations({AlgorithmSet}{@algorithm}),
    algId       PKCS15-ALGORITHM.&objectIdentifier({AlgorithmSet}{@algorithm})
                    OPTIONAL, 
    algRef	Reference OPTIONAL
}

PKCS15-ALGORITHM ::= CLASS {
        &id INTEGER UNIQUE,
        &Parameters,
        &Operations Operations,
	&objectIdentifier OBJECT IDENTIFIER OPTIONAL
} WITH SYNTAX {
  PARAMETERS &Parameters OPERATIONS &Operations ID &id [OID &objectIdentifier]}

PKCS15-OPAQUE ::= TYPE-IDENTIFIER

PublicKeyOperations ::= Operations 

Operations ::= BIT STRING {
        compute-checksum  (0), -- H/W computation of checksum
        compute-signature (1), -- H/W computation of signature
        verify-checksum   (2), -- H/W verification of checksum
        verify-signature  (3), -- H/W verification of signature
        encipher          (4), -- H/W encryption of data
        decipher          (5), -- H/W decryption of data
        hash              (6), -- H/W hashing
        generate-key      (7)  -- H/W key generation
        }

pkcs15-alg-null      PKCS15-ALGORITHM ::= {
        PARAMETERS NULL OPERATIONS {{generate-key}} ID -1}

AlgorithmSet PKCS15-ALGORITHM ::= { 
        pkcs15-alg-null,
        ... -- See PKCS #11 for values for the &id field (and parameters)
        }

LastUpdate ::= CHOICE {
        generalizedTime GeneralizedTime,
        referencedTime ReferencedValue {GeneralizedTime},
	... -- For future extensions
	}

-- Soft token related types and objects

EnvelopedData {Type} ::= SEQUENCE {
    version		 INTEGER{v0(0),v1(1),v2(2),v3(3),v4(4)}(v0|v1|v2,...),
    originatorInfo	 [0] OriginatorInfo OPTIONAL,
    recipientInfos 	 RecipientInfos,
    encryptedContentInfo EncryptedContentInfo{Type},
    unprotectedAttrs	 [1] SET SIZE (1..MAX) OF Attribute OPTIONAL
}

EncryptedContentInfo {Type} ::= SEQUENCE {
    contentType		       OBJECT IDENTIFIER,
    contentEncryptionAlgorithm AlgorithmIdentifier {{KeyDerivationAlgorithms}},
    encryptedContent 	       [0] OCTET STRING OPTIONAL
}(CONSTRAINED BY {-- 'encryptedContent' shall be the result of
  -- encrypting DER-encoded value of type -- Type})

PKCS15Token ::= SEQUENCE {
    version		INTEGER {v1(0)} (v1,...),
    keyManagementInfo	[0] KeyManagementInfo OPTIONAL,
    pkcs15Objects	SEQUENCE OF PKCS15Objects
}

KeyManagementInfo ::= SEQUENCE OF SEQUENCE {
    keyId		Identifier,
    keyInfo		CHOICE {
    	recipientInfo	RecipientInfo,
    	passwordInfo	[0] PasswordInfo
	}
} (CONSTRAINED BY {-- Each keyID must be unique --})

PasswordInfo ::= SEQUENCE {
    hint	Label OPTIONAL,
    algId	AlgorithmIdentifier {{KeyDerivationAlgorithms}},
    ...
} (CONSTRAINED BY {--keyID shall point to a KEKRecipientInfo--})

KeyDerivationAlgorithms ALGORITHM-IDENTIFIER ::= {
    PBKDF2Algorithms,
    ... -- For future extensions
}

CMS3DESwrap ::= NULL

KeyEncryptionAlgorithms ALGORITHM-IDENTIFIER ::= {
    {CMS3DESwrap IDENTIFIED BY id-alg-CMS3DESwrap} |
    {INTEGER IDENTIFIED BY id-alg-CMSRC2wrap},
    ... -- For future extensions
}

DES-IV ::= OCTET STRING (SIZE(8))

ContentEncryptionAlgorithms ALGORITHM-IDENTIFIER ::= {
    SupportingAlgorithms EXCEPT {NULL IDENTIFIED BY id-hmacWithSHA1},
    ... -- For future extensions
}

MACAlgorithms ALGORITHM-IDENTIFIER ::= {
    {NULL IDENTIFIED BY hMAC-SHA1},
    ... -- For future extensions
}

DigestAlgorithms ALGORITHM-IDENTIFIER ::= {
    {NULL IDENTIFIED BY sha-1},
    ... -- For future extensions
}

-- Misc

DDO ::= SEQUENCE {
    oid  	  OBJECT IDENTIFIER,
    odfPath  	  Path OPTIONAL,
    tokenInfoPath [0] Path OPTIONAL,
    unusedPath 	  [1] Path OPTIONAL,
    ... -- For future extensions
}

DIRRecord ::=   [APPLICATION 1] SEQUENCE {
    aid  	[APPLICATION 15] OCTET STRING,
    label 	[APPLICATION 16] UTF8String OPTIONAL,
    path 	[APPLICATION 17] OCTET STRING,
    ddo  	[APPLICATION 19] DDO OPTIONAL
}

UnusedSpace ::= SEQUENCE {
    path  	Path (WITH COMPONENTS {..., index PRESENT, length PRESENT}),
    authId 	Identifier OPTIONAL,
    ...,
    accessControlRules SEQUENCE OF AccessControlRule OPTIONAL
}

END