📄 cryptlib.asn
字号:
type OBJECT IDENTIFIER,
value ANY DEFINED BY type -- ConfigOptions/UserIndex/UserInfo
}
PKCS15Data ::= CHOICE {
oidDO [1] PKCS15Object { PKCS15CommonDataObjectAttributes,
NULL,
PKCS15OidDO }
}
-/ Overall object wrappers. The tagging is [n] PKCS15Objects.foo
[0] PKCS15ObjectValue.objects /-
PrivateKeys ::= [0][0] SEQUENCE OF PKCS15PrivateKey
PublicKeys ::= [1][0] SEQUENCE OF PKCS15PublicKey
SecretKeys ::= [3][0] SEQUENCE OF PKCS15SecretKey
Certificates ::= [4][0] SEQUENCE OF PKCS15Certificate
DataObjects ::= [7][0] SEQUENCE OF PKCS15Data
------------------------------------------------------------------------------
-- --
-- User/Config Info --
-- --
------------------------------------------------------------------------------
-/ User information /-
-/ PKI user information needed for CMP /-
userData ::= SEQUENCE {
name Name, -- Name for CMP
encAlgo AlgorithmIdentifier, -- Algo to encrypt passwords
encPW OCTET STRING, -- Encrypted passwords
attributes Attributes
}
userPW ::= SEQUENCE {
issuePW OCTET STRING SIZE(11), -- Password for ir
revPW OCTET STRING SIZE(11) -- Password for rr
}
------------------------------------------------------------------------------
-- --
-- Misc --
-- --
------------------------------------------------------------------------------
-/ OCSP /-
OCSPRequest ::= SEQUENCE {
SEQUENCE { -- tbsRequest
version [0] EXPLICIT INTEGER DEFAULT 0,
-- Must be 1 if !certID used
reqName [1] EXPLICIT ... OPTIONAL
-- Ignored
SEQUENCE { -- requestList
SEQUENCE { -- request
certID CertID,
}
},
reqExts [2] EXPLICIT Extensions OPTIONAL
},
signature [0] EXPLICIT SEQUENCE {
sigAlgo AlgorithmIdentifier,
sig BIT STRING,
certs [0] EXPLICIT SEQUENCE OF Certificate OPTIONAL
} OPTIONAL
}
OCSPResponse ::= {
respStatus ENUMERATED, -- 0 = OK
respBytes [0] EXPLICIT SEQUENCE {
respType OBJECT IDENTIFIER, -- id-pkix-ocsp-basic
resp OCTET STRING {
SEQUENCE { -- basicOCSPResponse
SEQUENCE { -- tbsRespData
version [0] EXPLICIT ... OPTIONAL,-- Ignored
respID ..., -- Ignored
producedAt ..., -- Ignored
responses SEQUENCE {
SEQUENCE { -- singleResponse
certID ..., -- Ignored
certStatus [0] EXPLICIT = OK, else !OK
... -- Ignored
}
},
respExts[0] EXPLICIT Extensions OPTIONAL
}
sigAlgo AlgorithmIdentifier,
signature BIT STRING
certs [0] EXPLICIT SEQUENCE OF Certificate OPTIONAL
}
}
}
}
OCSPCryptlibResponse ::= {
respStatus ENUMERATED, -- 0 = OK
respBytes [0] EXPLICIT SEQUENCE {
respType OBJECT IDENTIFIER, -- cryptlibOcspBasic
resp OCTET STRING {
SEQUENCE { -- rtcsResponse
SEQUENCE { -- tbsRespData
responses SEQUENCE {
SEQUENCE { -- singleResponse
certHash
OCTET STRING SIZE(20),
status BOOLEAN
}
},
respExts Extensions OPTIONAL
}
sigAlgo AlgorithmIdentifier OPTIONAL,
signature BIT STRING OPTIONAL,
certs [0] SEQUENCE OF Certificate OPTIONAL
}
}
}
}
CertID ::= CHOICE {
certID SEQUENCE {
hashAlgo AlgorithmIdentifier,
iNameHash OCTET STRING, -- Hash of issuerName
iKeyHash OCTET STRING, -- Hash of issuer SPKI w/o tag+len
serialNo INTEGER
},
issuerAndSerial [0] IssuerAndSerialNumber,
certificate [1] Certificate,
certHash [2] OCTET STRING
}
-/ Timestamping /-
TSARequest ::= SEQUENCE {
version INTEGER (1),
msgImprint SEQUENCE {
algorithm AlgorithmIdentifier,
hash OCTET STRING
},
policy OBJECT IDENTIFIER OPTIONAL,
-- Ignored
nonce INTEGER OPTIONAL, -- Copy to output if present
includeSigCerts BOOLEAN DEFAULT FALSE,
-- Include signer certs if set
extensions [0] Extensions OPTIONAL -- Reject if present
}
TSAResponse ::= SEQUENCE {
status SEQUENCE {
status INTEGER, -- 0 = OK
... OPTIONAL
},
timeStamp ContentInfo
}
TSTInfo ::= SEQUENCE {
version INTEGER (1),
policy OBJECT IDENTIFIER,
msgImprint SEQUENCE { ... } -- From request
serialNo INTEGER, -- Unique value
genTime GeneralizedTime, -- Current time
nonce INTEGER OPTIONAL -- From input if present
}
-/ PKCS #12 /-
PFX ::= SEQUENCE {
version INTEGER (3),
authSafe SEQUENCE {
contentType OBJECT IDENTIFIER id-Data,
content [0] EXPLICIT OCTET STRING {
safeConts SEQUENCE {
SEQUENCE {
contentType
OBJECT IDENTIFIER id-Data,
content
[0] EXPLICIT OCTET STRING {
safeContents
SEQUENCE OF PKCS12Bag
}
}
}
}
}
macData SEQUENCE {
mac SEQUENCE {
algorithm AlgorithmIdentifier,
mac OCTET STRING
}
macSalt OCTET STRING,
iterations INTEGER DEFAULT 1
}
}
PKCS12CertBag ::= SEQUENCE {
bagId OBJECT IDENTIFIER certBag,
bagValue [0] EXPLICIT SEQUENCE {
certId OBJECT IDENTIFIER x509Certificate,
certValue [0] EXPLICIT OCTET STRING {
cert Certificate
}
}
bagAttributes SET OF Attribute
}
PKCS12KeyBag ::= SEQUENCE {
bagId OBJECT IDENTIFIER pkcs8ShroudedKeyBag,
bagValue [0] EXPLICIT SEQUENCE {
encryptionAlgo SEQUENCE {
algo OBJECT IDENTIFIER pbeWithSHAAnd2-KeyTripleDES-CBC,
pbeParams SEQUENCE {
salt OCTET STRING SIZE 16),
iters INTEGER (1000)
}
}
encryptedData OCTET STRING
}
bagAttributes SET OF Attribute
}
------------------------------------------------------------------------------
-- --
-- Certificate Mismanagement Protocol --
-- --
------------------------------------------------------------------------------
-/ "If an undergraduate student handed this in as an assignment I'd fail them
on the grounds that it shows a complete lack of understanding of the
principles of workable protocol design" /-
xxxRequest ::= SEQUENCE { -- ir/cr/kur, 3.3.1/3.3.3/3.3.5
header SEQUENCE { -- Profile = B8
version INTEGER (2),
sender [4] EXPLICIT DirectoryName, -- DN of subject
recipient [4] EXPLICIT DirectoryName, -- DN of CA
protAlgo [1] EXPLICIT AlgorithmIdentifier (PBMac),
protKeyID [2] EXPLICIT OCTET STRING,
transID [4] EXPLICIT OCTET STRING SIZE (16), -- Random
nonce [5] EXPLICIT OCTET STRING SIZE (16), -- Random
},
body [0] EXPLICIT SEQUENCE { -- [2] in cr, [7] in kur
certReqMsg SEQUENCE { -- RFC 2510
SEQUENCE {
cReqID INTEGER (0),
cTemplate SEQUENCE {
validity[1] TIME OPTIONAL,
subject [5] EXPLICIT Name,
pubKey [6] SubjectPublicKeyInfo,
exts [9] Extensions OPTIONAL
}
},
pop [1] EXPLICIT Signature -- From X.509, for sig.key
or pop [2] EXPLICIT [1] INTEGER (0)
-- For encr-only key
}
}
},
protection [0] EXPLICIT BIT STRING -- ir = MAC, cr/kur = SIG
}
xxxResponse ::= SEQUENCE { -- ip/cp/kup, 3.3.2/3.3.4/3.3.6
header SEQUENCE { -- Profile = B8
version INTEGER (2),
sender SEQUENCE {...}, -- Ignored
recipient SEQUENCE {...}, -- Ignored
messageTime [0] ... OPTIONAL, -- Ignored
protAlgo [1] EXPLICIT AlgorithmIdentifier (PBMac),
protKeyID [2] EXPLICIT OCTET STRING, -- Must match previous
transID [4] EXPLICIT OCTET STRING SIZE (16),-- Must match previous
nonceX [5] EXPLICIT OCTET STRING SIZE (16),-- Needed in CertConf
...
},
body [1] EXPLICIT SEQUENCE { -- [3] in cp, [8] in kup
caPubs [1] EXPLICIT SEQUENCE {...} OPTIONAL,-- Ignored
response SEQUENCE {
SEQUENCE {
certReqID INTEGER (0),
status SEQUENCE { -- PKIStatusInfo, 3.2.3
status INTEGER,
statusStr SEQUENCE OF UTF8String OPTIONAL,
failInfo BIT STRING OPTIONAL
},
certKeyPair SEQUENCE { -- If status == 0 or 1
cert[0] EXPLICIT Certificate,
or encCert -- For encr-only key
[1] EXPLICIT EncryptedCert,
... -- Ignored
}
}
}
},
protection [0] EXPLICIT BIT STRING -- ip = MAC, cp/kup = SIG
}
CertConf ::= SEQUENCE { -- 3.3.18, profile = B8
header SEQUENCE {
version INTEGER (2),
sender SEQUENCE {...}, -- Ignored
recipient SEQUENCE {...}, -- Ignored
messageTime [0] ... OPTIONAL, -- Ignored
protAlgo [1] EXPLICIT AlgorithmIdentifier (PBMac),
protKeyID [2] EXPLICIT OCTET STRING, -- Must match previous
transID [4] EXPLICIT OCTET STRING SIZE (16),-- Must match previous
nonce [5] EXPLICIT OCTET STRING SIZE (16),-- Random
nonceX [6] EXPLICIT OCTET STRING SIZE (16),-- Copied from InitResp
... -- Ignored
},
body [24] EXPLICIT SEQUENCE {
SEQUENCE {
certHash OCTET STRING
certReqID INTEGER (0),
}
},
protection [0] EXPLICIT BIT STRING -- ix = MAC, cx/kux = SIG
}
Conf ::= SEQUENCE { -- 3.3.17, profile = B8
header SEQUENCE {
version INTEGER (2),
sender SEQUENCE {...}, -- Ignored
recipient SEQUENCE {...}, -- Ignored
messageTime [0] ... OPTIONAL, -- Ignored
protAlgo [1] EXPLICIT AlgorithmIdentifier (PBMac),
protKeyID [2] EXPLICIT OCTET STRING, -- Must match previous
transID [4] EXPLICIT OCTET STRING SIZE (16),-- Must match previous
... -- Ignored
},
body [19] EXPLICIT SEQUENCE {
NULL
},
protection [0] EXPLICIT BIT STRING -- ix = MAC, cx/kux = SIG
}
RevRequest ::= SEQUENCE { -- rr, 3.3.9
header SEQUENCE {
version INTEGER (2),
sender [4] EXPLICIT DirectoryName, -- DN of subject
recipient [4] EXPLICIT DirectoryName, -- DN of CA
protAlgo [1] EXPLICIT AlgorithmIdentifier (PBMac),
protKeyID [2] EXPLICIT OCTET STRING,
transID [4] EXPLICIT OCTET STRING SIZE (16), -- Random
nonce [5] EXPLICIT OCTET STRING SIZE (16), -- Random
},
body [11] EXPLICIT SEQUENCE {
revDetails SEQUENCE {
cTemplate SEQUENCE { -- RFC 2510
serial [1] INTEGER,
issuer [3] EXPLICIT NAME
},
crlEntries Extensions OPTIONAL
}
},
protection [0] EXPLICIT BIT STRING -- MAC or SIG
}
RevResponse ::= SEQUENCE { -- rp, 3.3.10
header SEQUENCE {
version INTEGER (2),
sender SEQUENCE {...}, -- Ignored
recipient SEQUENCE {...}, -- Ignored
messageTime [0] ... OPTIONAL, -- Ignored
protAlgo [1] EXPLICIT AlgorithmIdentifier (PBMac),
protKeyID [2] EXPLICIT OCTET STRING, -- Must match previous
transID [4] EXPLICIT OCTET STRING SIZE (16),-- Must match previous
... -- Ignored
},
body [12] EXPLICIT SEQUENCE {
status SEQUENCE {
SEQUENCE { -- PKIStatusInfo, 3.2.3
status INTEGER,
statusStr SEQUENCE OF UTF8String OPTIONAL,
failInfo BIT STRING OPTIONAL
},
... -- Ignored
}
... -- Ignored
},
protection [0] EXPLICIT BIT STRING -- MAC or SIG
}
GenMsg ::= SEQUENCE { -- 3.3.19/3.3.20
header SEQUENCE {
version INTEGER (2),
sender SEQUENCE {...}, -- Ignored
recipient SEQUENCE {...}, -- Ignored
messageTime [0] ... OPTIONAL, -- Ignored
protAlgo [1] EXPLICIT AlgorithmIdentifier (sigAlgo),
protKeyID [2] EXPLICIT OCTET STRING, -- Must match previous
transID [4] EXPLICIT OCTET STRING SIZE (16),-- Must match previous
... -- Ignored
},
body [21] EXPLICIT SEQUENCE OF {
SEQUENCE {
infoType OBJECT IDENTIFIER,
intoValue ANY DEFINED BY infoType OPTIONAL
}
},
protection [0] EXPLICIT BIT STRING -- MAC or SIG
}
Error ::= SEQUENCE { -- 3.3.21
header SEQUENCE {
version INTEGER (2),
sender SEQUENCE {...}, -- Ignored
recipient SEQUENCE {...}, -- Ignored
messageTime [0] ... OPTIONAL, -- Ignored
protAlgo [1] EXPLICIT AlgorithmIdentifier (sigAlgo),
protKeyID [2] EXPLICIT OCTET STRING, -- Must match previous
transID [4] EXPLICIT OCTET STRING SIZE (16),-- Must match previous
... -- Ignored
},
body [23] EXPLICIT SEQUENCE {
SEQUENCE {
status INTEGER,
SEQUENCE {
statusMsg UTF8String,
... -- Ignored
} OPTIONAL,
failInfo BIT STRING OPTIONAL
},
errorCode INTEGER OPTIONAL,
SEQUENCE {
errorMsg UTF8String,
... -- Ignored
} OPTIONAL
},
protection [0] EXPLICIT BIT STRING -- SIG
}
-/ The MAC information used when the protection is a MAC /-
MacInfo ::= SEQUENCE {
algoID OBJECT IDENTIFIER (entrustMAC),
algoParams SEQUENCE {
salt OCTET STRING,
pwHashAlgo AlgorithmIdentifier (SHA-1),
iterations INTEGER,
macAlgo AlgorithmIdentifier (HMAC-SHA1)
}
}
-/ The encrypted data when the cert is returned encrypted /-
EncryptedCert ::= SEQUENCE {
dummy [0] ... OPTIONAL, -- Ignored
cekAlg [1] AlgorithmIdentifier,-- CEK algorithm
encCEK [2] BIT STRING, -- Encrypted CEK
dummy [3] ... OPTIONAL, -- Ignored
dummy [4] ... OPTIONAL, -- Ignored
encData BIT STRING
}
END
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -