📄 rfc2985.txt
字号:
Nystrom & Kaliski Informational [Page 22]
RFC 2985 Selected Object Classes and Attribute Types November 2000
PFX
FROM PKCS-12 {iso(1) member-body(2) us(840) rsadsi(113549)
pkcs(1) pkcs-12(12) modules(0) pkcs-12(1)}
PKCS15Token
FROM PKCS-15 {iso(1) member-body(2) us(840) rsadsi(113549)
pkcs(1) pkcs-15(15) modules(1) pkcs-15(1)};
-- Upper bounds
pkcs-9-ub-pkcs9String INTEGER ::= 255
pkcs-9-ub-emailAddress INTEGER ::= pkcs-9-ub-pkcs9String
pkcs-9-ub-unstructuredName INTEGER ::= pkcs-9-ub-pkcs9String
pkcs-9-ub-unstructuredAddress INTEGER ::= pkcs-9-ub-pkcs9String
pkcs-9-ub-challengePassword INTEGER ::= pkcs-9-ub-pkcs9String
pkcs-9-ub-friendlyName INTEGER ::= pkcs-9-ub-pkcs9String
pkcs-9-ub-signingDescription INTEGER ::= pkcs-9-ub-pkcs9String
pkcs-9-ub-match INTEGER ::= pkcs-9-ub-pkcs9String
pkcs-9-ub-pseudonym INTEGER ::= ub-name
pkcs-9-ub-placeOfBirth INTEGER ::= ub-name
-- Object Identifiers
pkcs-9 OBJECT IDENTIFIER ::= {iso(1) member-body(2) us(840)
rsadsi(113549) pkcs(1) 9}
-- Main arcs
pkcs-9-mo OBJECT IDENTIFIER ::= {pkcs-9 0} -- Modules branch
pkcs-9-oc OBJECT IDENTIFIER ::= {pkcs-9 24} -- Object class branch
pkcs-9-at OBJECT IDENTIFIER ::= {pkcs-9 25} -- Attribute branch, for
-- new attributes
pkcs-9-sx OBJECT IDENTIFIER ::= {pkcs-9 26} -- For syntaxes (RFC 2252)
pkcs-9-mr OBJECT IDENTIFIER ::= {pkcs-9 27} -- Matching rules
-- Object classes
pkcs-9-oc-pkcsEntity OBJECT IDENTIFIER ::= {pkcs-9-oc 1}
pkcs-9-oc-naturalPerson OBJECT IDENTIFIER ::= {pkcs-9-oc 2}
-- Attributes
pkcs-9-at-emailAddress OBJECT IDENTIFIER ::= {pkcs-9 1}
pkcs-9-at-unstructuredName OBJECT IDENTIFIER ::= {pkcs-9 2}
pkcs-9-at-contentType OBJECT IDENTIFIER ::= {pkcs-9 3}
pkcs-9-at-messageDigest OBJECT IDENTIFIER ::= {pkcs-9 4}
pkcs-9-at-signingTime OBJECT IDENTIFIER ::= {pkcs-9 5}
pkcs-9-at-counterSignature OBJECT IDENTIFIER ::= {pkcs-9 6}
pkcs-9-at-challengePassword OBJECT IDENTIFIER ::= {pkcs-9 7}
pkcs-9-at-unstructuredAddress OBJECT IDENTIFIER ::= {pkcs-9 8}
Nystrom & Kaliski Informational [Page 23]
RFC 2985 Selected Object Classes and Attribute Types November 2000
pkcs-9-at-extendedCertificateAttributes
OBJECT IDENTIFIER ::= {pkcs-9 9}
-- Obsolete (?) attribute identifiers, purportedly from "tentative
-- PKCS #9 draft"
-- pkcs-9-at-issuerAndSerialNumber OBJECT IDENTIFIER ::= {pkcs-9 10}
-- pkcs-9-at-passwordCheck OBJECT IDENTIFIER ::= {pkcs-9 11}
-- pkcs-9-at-publicKey OBJECT IDENTIFIER ::= {pkcs-9 12}
pkcs-9-at-signingDescription OBJECT IDENTIFIER ::= {pkcs-9 13}
pkcs-9-at-extensionRequest OBJECT IDENTIFIER ::= {pkcs-9 14}
pkcs-9-at-smimeCapabilities OBJECT IDENTIFIER ::= {pkcs-9 15}
-- Unused (?)
-- pkcs-9-at-? OBJECT IDENTIFIER ::= {pkcs-9 17}
-- pkcs-9-at-? OBJECT IDENTIFIER ::= {pkcs-9 18}
-- pkcs-9-at-? OBJECT IDENTIFIER ::= {pkcs-9 19}
pkcs-9-at-friendlyName OBJECT IDENTIFIER ::= {pkcs-9 20}
pkcs-9-at-localKeyId OBJECT IDENTIFIER ::= {pkcs-9 21}
pkcs-9-at-userPKCS12 OBJECT IDENTIFIER ::=
{2 16 840 1 113730 3 1 216}
pkcs-9-at-pkcs15Token OBJECT IDENTIFIER ::= {pkcs-9-at 1}
pkcs-9-at-encryptedPrivateKeyInfo OBJECT IDENTIFIER ::= {pkcs-9-at 2}
pkcs-9-at-randomNonce OBJECT IDENTIFIER ::= {pkcs-9-at 3}
pkcs-9-at-sequenceNumber OBJECT IDENTIFIER ::= {pkcs-9-at 4}
pkcs-9-at-pkcs7PDU OBJECT IDENTIFIER ::= {pkcs-9-at 5}
-- IETF PKIX Attribute branch
ietf-at OBJECT IDENTIFIER ::=
{1 3 6 1 5 5 7 9}
pkcs-9-at-dateOfBirth OBJECT IDENTIFIER ::= {ietf-at 1}
pkcs-9-at-placeOfBirth OBJECT IDENTIFIER ::= {ietf-at 2}
pkcs-9-at-gender OBJECT IDENTIFIER ::= {ietf-at 3}
pkcs-9-at-countryOfCitizenship OBJECT IDENTIFIER ::= {ietf-at 4}
pkcs-9-at-countryOfResidence OBJECT IDENTIFIER ::= {ietf-at 5}
-- Syntaxes (for use with LDAP accessible directories)
pkcs-9-sx-pkcs9String OBJECT IDENTIFIER ::= {pkcs-9-sx 1}
pkcs-9-sx-signingTime OBJECT IDENTIFIER ::= {pkcs-9-sx 2}
-- Matching rules
pkcs-9-mr-caseIgnoreMatch OBJECT IDENTIFIER ::= {pkcs-9-mr 1}
pkcs-9-mr-signingTimeMatch OBJECT IDENTIFIER ::= {pkcs-9-mr 2}
Nystrom & Kaliski Informational [Page 24]
RFC 2985 Selected Object Classes and Attribute Types November 2000
-- Arcs with attributes defined elsewhere
smime OBJECT IDENTIFIER ::= {pkcs-9 16}
-- Main arc for S/MIME (RFC 2633)
certTypes OBJECT IDENTIFIER ::= {pkcs-9 22}
-- Main arc for certificate types defined in PKCS #12
crlTypes OBJECT IDENTIFIER ::= {pkcs-9 23}
-- Main arc for crl types defined in PKCS #12
-- Other object identifiers
id-at-pseudonym OBJECT IDENTIFIER ::= {id-at 65}
-- Useful types
PKCS9String {INTEGER : maxSize} ::= CHOICE {
ia5String IA5String (SIZE(1..maxSize)),
directoryString DirectoryString {maxSize}
}
-- Object classes
pkcsEntity OBJECT-CLASS ::= {
SUBCLASS OF { top }
KIND auxiliary
MAY CONTAIN { PKCSEntityAttributeSet }
ID pkcs-9-oc-pkcsEntity
}
naturalPerson OBJECT-CLASS ::= {
SUBCLASS OF { top }
KIND auxiliary
MAY CONTAIN { NaturalPersonAttributeSet }
ID pkcs-9-oc-naturalPerson
}
-- Attribute sets
PKCSEntityAttributeSet ATTRIBUTE ::= {
pKCS7PDU |
userPKCS12 |
pKCS15Token |
encryptedPrivateKeyInfo,
... -- For future extensions
}
Nystrom & Kaliski Informational [Page 25]
RFC 2985 Selected Object Classes and Attribute Types November 2000
NaturalPersonAttributeSet ATTRIBUTE ::= {
emailAddress |
unstructuredName |
unstructuredAddress |
dateOfBirth |
placeOfBirth |
gender |
countryOfCitizenship |
countryOfResidence |
pseudonym |
serialNumber,
... -- For future extensions
}
-- Attributes
pKCS7PDU ATTRIBUTE ::= {
WITH SYNTAX ContentInfo
ID pkcs-9-at-pkcs7PDU
}
userPKCS12 ATTRIBUTE ::= {
WITH SYNTAX PFX
ID pkcs-9-at-userPKCS12
}
pKCS15Token ATTRIBUTE ::= {
WITH SYNTAX PKCS15Token
ID pkcs-9-at-pkcs15Token
}
encryptedPrivateKeyInfo ATTRIBUTE ::= {
WITH SYNTAX EncryptedPrivateKeyInfo
ID pkcs-9-at-encryptedPrivateKeyInfo
}
emailAddress ATTRIBUTE ::= {
WITH SYNTAX IA5String (SIZE(1..pkcs-9-ub-emailAddress))
EQUALITY MATCHING RULE pkcs9CaseIgnoreMatch
ID pkcs-9-at-emailAddress
}
unstructuredName ATTRIBUTE ::= {
WITH SYNTAX PKCS9String {pkcs-9-ub-unstructuredName}
EQUALITY MATCHING RULE pkcs9CaseIgnoreMatch
ID pkcs-9-at-unstructuredName
}
Nystrom & Kaliski Informational [Page 26]
RFC 2985 Selected Object Classes and Attribute Types November 2000
unstructuredAddress ATTRIBUTE ::= {
WITH SYNTAX DirectoryString {pkcs-9-ub-unstructuredAddress}
EQUALITY MATCHING RULE caseIgnoreMatch
ID pkcs-9-at-unstructuredAddress
}
dateOfBirth ATTRIBUTE ::= {
WITH SYNTAX GeneralizedTime
EQUALITY MATCHING RULE generalizedTimeMatch
SINGLE VALUE TRUE
ID pkcs-9-at-dateOfBirth
}
placeOfBirth ATTRIBUTE ::= {
WITH SYNTAX DirectoryString {pkcs-9-ub-placeOfBirth}
EQUALITY MATCHING RULE caseExactMatch
SINGLE VALUE TRUE
ID pkcs-9-at-placeOfBirth
}
gender ATTRIBUTE ::= {
WITH SYNTAX PrintableString (SIZE(1) ^
FROM ("M" | "F" | "m" | "f"))
EQUALITY MATCHING RULE caseIgnoreMatch
SINGLE VALUE TRUE
ID pkcs-9-at-gender
}
countryOfCitizenship ATTRIBUTE ::= {
WITH SYNTAX PrintableString (SIZE(2))(CONSTRAINED BY {
-- Must be a two-letter country acronym in accordance with
-- ISO/IEC 3166 --})
EQUALITY MATCHING RULE caseIgnoreMatch
ID pkcs-9-at-countryOfCitizenship
}
countryOfResidence ATTRIBUTE ::= {
WITH SYNTAX PrintableString (SIZE(2))(CONSTRAINED BY {
-- Must be a two-letter country acronym in accordance with
-- ISO/IEC 3166 --})
EQUALITY MATCHING RULE caseIgnoreMatch
ID pkcs-9-at-countryOfResidence
}
Nystrom & Kaliski Informational [Page 27]
RFC 2985 Selected Object Classes and Attribute Types November 2000
pseudonym ATTRIBUTE ::= {
WITH SYNTAX DirectoryString {pkcs-9-ub-pseudonym}
EQUALITY MATCHING RULE caseExactMatch
ID id-at-pseudonym
}
contentType ATTRIBUTE ::= {
WITH SYNTAX ContentType
EQUALITY MATCHING RULE objectIdentifierMatch
SINGLE VALUE TRUE
ID pkcs-9-at-contentType
}
ContentType ::= OBJECT IDENTIFIER
messageDigest ATTRIBUTE ::= {
WITH SYNTAX MessageDigest
EQUALITY MATCHING RULE octetStringMatch
SINGLE VALUE TRUE
ID pkcs-9-at-messageDigest
}
MessageDigest ::= OCTET STRING
signingTime ATTRIBUTE ::= {
WITH SYNTAX SigningTime
EQUALITY MATCHING RULE signingTimeMatch
SINGLE VALUE TRUE
ID pkcs-9-at-signingTime
}
SigningTime ::= Time -- imported from ISO/IEC 9594-8
randomNonce ATTRIBUTE ::= {
WITH SYNTAX RandomNonce
EQUALITY MATCHING RULE octetStringMatch
SINGLE VALUE TRUE
ID pkcs-9-at-randomNonce
}
RandomNonce ::= OCTET STRING (SIZE(4..MAX))
-- At least four bytes long
Nystrom & Kaliski Informational [Page 28]
RFC 2985 Selected Object Classes and Attribute Types November 2000
sequenceNumber ATTRIBUTE ::= {
WITH SYNTAX SequenceNumber
EQUALITY MATCHING RULE integerMatch
SINGLE VALUE TRUE
ID pkcs-9-at-sequenceNumber
}
SequenceNumber ::= INTEGER (1..MAX)
counterSignature ATTRIBUTE ::= {
WITH SYNTAX SignerInfo
ID pkcs-9-at-counterSignature
}
challengePassword ATTRIBUTE ::= {
WITH SYNTAX DirectoryString {pkcs-9-ub-challengePassword}
EQUALITY MATCHING RULE caseExactMatch
SINGLE VALUE TRUE
ID pkcs-9-at-challengePassword
}
extensionRequest ATTRIBUTE ::= {
WITH SYNTAX ExtensionRequest
SINGLE VALUE TRUE
ID pkcs-9-at-extensionRequest
}
ExtensionRequest ::= Extensions
extendedCertificateAttributes ATTRIBUTE ::= {
WITH SYNTAX SET OF Attribute
SINGLE VALUE TRUE
ID pkcs-9-at-extendedCertificateAttributes
}
friendlyName ATTRIBUTE ::= {
WITH SYNTAX BMPString (SIZE(1..pkcs-9-ub-friendlyName))
EQUALITY MATCHING RULE caseIgnoreMatch
SINGLE VALUE TRUE
ID pkcs-9-at-friendlyName
}
localKeyId ATTRIBUTE ::= {
WITH SYNTAX OCTET STRING
EQUALITY MATCHING RULE octetStringMatch
SINGLE VALUE TRUE
ID pkcs-9-at-localKeyId
}
Nystrom & Kaliski Informational [Page 29]
RFC 2985 Selected Object Classes and Attribute Types November 2000
signingDescription ATTRIBUTE ::= {
WITH SYNTAX DirectoryString {pkcs-9-ub-signingDescription}
EQUALITY MATCHING RULE caseIgnoreMatch
SINGLE VALUE TRUE
ID pkcs-9-at-signingDescription
}
smimeCapabilities ATTRIBUTE ::= {
WITH SYNTAX SMIMECapabilities
SINGLE VALUE TRUE
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -