rfc2985.txt

中、英文RFC文档大全打包下载完全版 .


RFC 2985      Selected Object Classes and Attribute Types  November 2000


   pkcs-9-at-extendedCertificateAttributes
                                 OBJECT IDENTIFIER ::= {pkcs-9 9}

   -- Obsolete (?) attribute identifiers, purportedly from "tentative
   -- PKCS #9 draft"
   -- pkcs-9-at-issuerAndSerialNumber OBJECT IDENTIFIER ::= {pkcs-9 10}
   -- pkcs-9-at-passwordCheck         OBJECT IDENTIFIER ::= {pkcs-9 11}
   -- pkcs-9-at-publicKey             OBJECT IDENTIFIER ::= {pkcs-9 12}

   pkcs-9-at-signingDescription       OBJECT IDENTIFIER ::= {pkcs-9 13}
   pkcs-9-at-extensionRequest         OBJECT IDENTIFIER ::= {pkcs-9 14}
   pkcs-9-at-smimeCapabilities        OBJECT IDENTIFIER ::= {pkcs-9 15}

   -- Unused (?)
   -- pkcs-9-at-?                     OBJECT IDENTIFIER ::= {pkcs-9 17}
   -- pkcs-9-at-?                     OBJECT IDENTIFIER ::= {pkcs-9 18}
   -- pkcs-9-at-?                     OBJECT IDENTIFIER ::= {pkcs-9 19}

   pkcs-9-at-friendlyName             OBJECT IDENTIFIER ::= {pkcs-9 20}
   pkcs-9-at-localKeyId               OBJECT IDENTIFIER ::= {pkcs-9 21}
   pkcs-9-at-userPKCS12               OBJECT IDENTIFIER ::=
                                         {2 16 840 1 113730 3 1 216}
   pkcs-9-at-pkcs15Token              OBJECT IDENTIFIER ::= {pkcs-9-at 1}
   pkcs-9-at-encryptedPrivateKeyInfo  OBJECT IDENTIFIER ::= {pkcs-9-at 2}
   pkcs-9-at-randomNonce              OBJECT IDENTIFIER ::= {pkcs-9-at 3}
   pkcs-9-at-sequenceNumber           OBJECT IDENTIFIER ::= {pkcs-9-at 4}
   pkcs-9-at-pkcs7PDU                 OBJECT IDENTIFIER ::= {pkcs-9-at 5}

     -- IETF PKIX Attribute branch
   ietf-at                            OBJECT IDENTIFIER ::=
                                         {1 3 6 1 5 5 7 9}

   pkcs-9-at-dateOfBirth              OBJECT IDENTIFIER ::= {ietf-at 1}
   pkcs-9-at-placeOfBirth             OBJECT IDENTIFIER ::= {ietf-at 2}
   pkcs-9-at-gender                   OBJECT IDENTIFIER ::= {ietf-at 3}
   pkcs-9-at-countryOfCitizenship     OBJECT IDENTIFIER ::= {ietf-at 4}
   pkcs-9-at-countryOfResidence       OBJECT IDENTIFIER ::= {ietf-at 5}

     -- Syntaxes (for use with LDAP accessible directories)
   pkcs-9-sx-pkcs9String              OBJECT IDENTIFIER ::= {pkcs-9-sx 1}
   pkcs-9-sx-signingTime              OBJECT IDENTIFIER ::= {pkcs-9-sx 2}

     -- Matching rules
   pkcs-9-mr-caseIgnoreMatch          OBJECT IDENTIFIER ::= {pkcs-9-mr 1}
   pkcs-9-mr-signingTimeMatch         OBJECT IDENTIFIER ::= {pkcs-9-mr 2}






Nystrom & Kaliski            Informational                     [Page 24]

RFC 2985      Selected Object Classes and Attribute Types  November 2000


     -- Arcs with attributes defined elsewhere
   smime                              OBJECT IDENTIFIER ::= {pkcs-9 16}

     -- Main arc for S/MIME (RFC 2633)
   certTypes                          OBJECT IDENTIFIER ::= {pkcs-9 22}

     -- Main arc for certificate types defined in PKCS #12
   crlTypes                           OBJECT IDENTIFIER ::= {pkcs-9 23}

     -- Main arc for crl types defined in PKCS #12

     -- Other object identifiers
   id-at-pseudonym                    OBJECT IDENTIFIER ::= {id-at 65}

   -- Useful types

   PKCS9String {INTEGER : maxSize} ::= CHOICE {
           ia5String IA5String (SIZE(1..maxSize)),
           directoryString DirectoryString {maxSize}
   }

   -- Object classes

   pkcsEntity OBJECT-CLASS ::= {
           SUBCLASS OF     { top }
           KIND            auxiliary
           MAY CONTAIN     { PKCSEntityAttributeSet }
           ID              pkcs-9-oc-pkcsEntity
   }

   naturalPerson OBJECT-CLASS ::= {
           SUBCLASS OF     { top }
           KIND            auxiliary
           MAY CONTAIN     { NaturalPersonAttributeSet }
           ID              pkcs-9-oc-naturalPerson
   }

   -- Attribute sets

   PKCSEntityAttributeSet ATTRIBUTE ::= {
           pKCS7PDU |
           userPKCS12 |
           pKCS15Token |
           encryptedPrivateKeyInfo,
           ... -- For future extensions
   }





Nystrom & Kaliski            Informational                     [Page 25]

RFC 2985      Selected Object Classes and Attribute Types  November 2000


   NaturalPersonAttributeSet ATTRIBUTE ::= {
           emailAddress |
           unstructuredName |
           unstructuredAddress |
           dateOfBirth |
           placeOfBirth |
           gender |
           countryOfCitizenship |
           countryOfResidence |
           pseudonym |
           serialNumber,
           ... -- For future extensions
   }

   -- Attributes

   pKCS7PDU ATTRIBUTE ::= {
           WITH SYNTAX ContentInfo
           ID pkcs-9-at-pkcs7PDU
   }

   userPKCS12 ATTRIBUTE ::= {
           WITH SYNTAX PFX
           ID pkcs-9-at-userPKCS12
   }

   pKCS15Token ATTRIBUTE ::= {
           WITH SYNTAX PKCS15Token
           ID pkcs-9-at-pkcs15Token
   }

   encryptedPrivateKeyInfo ATTRIBUTE ::= {
           WITH SYNTAX EncryptedPrivateKeyInfo
           ID pkcs-9-at-encryptedPrivateKeyInfo
   }

   emailAddress ATTRIBUTE ::= {
           WITH SYNTAX IA5String (SIZE(1..pkcs-9-ub-emailAddress))
           EQUALITY MATCHING RULE pkcs9CaseIgnoreMatch
           ID pkcs-9-at-emailAddress
   }

   unstructuredName ATTRIBUTE ::= {
           WITH SYNTAX PKCS9String {pkcs-9-ub-unstructuredName}
           EQUALITY MATCHING RULE pkcs9CaseIgnoreMatch
           ID pkcs-9-at-unstructuredName
   }




Nystrom & Kaliski            Informational                     [Page 26]

RFC 2985      Selected Object Classes and Attribute Types  November 2000


   unstructuredAddress ATTRIBUTE ::= {
           WITH SYNTAX DirectoryString {pkcs-9-ub-unstructuredAddress}
           EQUALITY MATCHING RULE caseIgnoreMatch
           ID pkcs-9-at-unstructuredAddress
   }

   dateOfBirth ATTRIBUTE ::= {
           WITH SYNTAX GeneralizedTime
           EQUALITY MATCHING RULE generalizedTimeMatch
           SINGLE VALUE TRUE
           ID pkcs-9-at-dateOfBirth
   }

   placeOfBirth ATTRIBUTE ::= {
           WITH SYNTAX DirectoryString {pkcs-9-ub-placeOfBirth}
           EQUALITY MATCHING RULE caseExactMatch
           SINGLE VALUE TRUE
           ID pkcs-9-at-placeOfBirth
   }

   gender ATTRIBUTE ::= {
           WITH SYNTAX PrintableString (SIZE(1) ^
                       FROM ("M" | "F" | "m" | "f"))
           EQUALITY MATCHING RULE caseIgnoreMatch
           SINGLE VALUE TRUE
           ID pkcs-9-at-gender
   }

   countryOfCitizenship ATTRIBUTE ::= {
           WITH SYNTAX PrintableString (SIZE(2))(CONSTRAINED BY {
           -- Must be a two-letter country acronym in accordance with
           -- ISO/IEC 3166 --})
           EQUALITY MATCHING RULE caseIgnoreMatch
           ID pkcs-9-at-countryOfCitizenship
   }

   countryOfResidence ATTRIBUTE ::= {
           WITH SYNTAX PrintableString (SIZE(2))(CONSTRAINED BY {
           -- Must be a two-letter country acronym in accordance with
           -- ISO/IEC 3166 --})
           EQUALITY MATCHING RULE caseIgnoreMatch
           ID pkcs-9-at-countryOfResidence
   }








Nystrom & Kaliski            Informational                     [Page 27]

RFC 2985      Selected Object Classes and Attribute Types  November 2000


   pseudonym ATTRIBUTE ::= {
           WITH SYNTAX DirectoryString {pkcs-9-ub-pseudonym}
           EQUALITY MATCHING RULE caseExactMatch
           ID id-at-pseudonym
   }

   contentType ATTRIBUTE ::= {
           WITH SYNTAX ContentType
           EQUALITY MATCHING RULE objectIdentifierMatch
           SINGLE VALUE TRUE
           ID pkcs-9-at-contentType
   }

   ContentType ::= OBJECT IDENTIFIER

   messageDigest ATTRIBUTE ::= {
           WITH SYNTAX MessageDigest
           EQUALITY MATCHING RULE octetStringMatch
           SINGLE VALUE TRUE
           ID pkcs-9-at-messageDigest
   }

   MessageDigest ::= OCTET STRING

   signingTime ATTRIBUTE ::= {
           WITH SYNTAX SigningTime
           EQUALITY MATCHING RULE signingTimeMatch
           SINGLE VALUE TRUE
           ID pkcs-9-at-signingTime
   }

   SigningTime ::= Time -- imported from ISO/IEC 9594-8

   randomNonce ATTRIBUTE ::= {
           WITH SYNTAX RandomNonce
           EQUALITY MATCHING RULE octetStringMatch
           SINGLE VALUE TRUE
           ID pkcs-9-at-randomNonce
   }

   RandomNonce ::= OCTET STRING (SIZE(4..MAX))
           -- At least four bytes long









Nystrom & Kaliski            Informational                     [Page 28]

RFC 2985      Selected Object Classes and Attribute Types  November 2000


   sequenceNumber ATTRIBUTE ::= {
           WITH SYNTAX SequenceNumber
           EQUALITY MATCHING RULE integerMatch
           SINGLE VALUE TRUE
           ID pkcs-9-at-sequenceNumber
   }

   SequenceNumber ::= INTEGER (1..MAX)

   counterSignature ATTRIBUTE ::= {
           WITH SYNTAX SignerInfo
           ID pkcs-9-at-counterSignature
   }

   challengePassword ATTRIBUTE ::= {
           WITH SYNTAX DirectoryString {pkcs-9-ub-challengePassword}
           EQUALITY MATCHING RULE caseExactMatch
           SINGLE VALUE TRUE
           ID pkcs-9-at-challengePassword
   }

   extensionRequest ATTRIBUTE ::= {
           WITH SYNTAX ExtensionRequest
           SINGLE VALUE TRUE
           ID pkcs-9-at-extensionRequest
   }

   ExtensionRequest ::= Extensions

   extendedCertificateAttributes ATTRIBUTE ::= {
           WITH SYNTAX SET OF Attribute
           SINGLE VALUE TRUE
           ID pkcs-9-at-extendedCertificateAttributes
   }

   friendlyName ATTRIBUTE ::= {
           WITH SYNTAX BMPString (SIZE(1..pkcs-9-ub-friendlyName))
           EQUALITY MATCHING RULE caseIgnoreMatch
           SINGLE VALUE TRUE
           ID pkcs-9-at-friendlyName
   }

   localKeyId ATTRIBUTE ::= {
           WITH SYNTAX OCTET STRING
           EQUALITY MATCHING RULE octetStringMatch
           SINGLE VALUE TRUE
           ID pkcs-9-at-localKeyId
   }



Nystrom & Kaliski            Informational                     [Page 29]

RFC 2985      Selected Object Classes and Attribute Types  November 2000


   signingDescription ATTRIBUTE ::= {
           WITH SYNTAX DirectoryString {pkcs-9-ub-signingDescription}
           EQUALITY MATCHING RULE caseIgnoreMatch
           SINGLE VALUE TRUE
           ID pkcs-9-at-signingDescription
   }

   smimeCapabilities ATTRIBUTE ::= {
           WITH SYNTAX SMIMECapabilities
           SINGLE VALUE TRUE
           ID pkcs-9-at-smimeCapabilities
   }

   SMIMECapabilities ::= SEQUENCE OF SMIMECapability

   SMIMECapability ::= SEQUENCE {
           algorithm  ALGORITHM.&id ({SMIMEv3Algorithms}),
           parameters ALGORITHM.&Type ({SMIMEv3Algorithms}{@algorithm})
   }

   SMIMEv3Algorithms ALGORITHM ::= {...-- See RFC 2633 --}

    -- Matching rules

   pkcs9CaseIgnoreMatch MATCHING-RULE ::= {
           SYNTAX PKCS9String {pkcs-9-ub-match}
           ID pkcs-9-mr-caseIgnoreMatch
   }

   signingTimeMatch MATCHING-RULE ::= {
           SYNTAX SigningTime
           ID pkcs-9-mr-signingTimeMatch
   }

   END

B. BNF schema summary This appendix provides augmented BNF [2]
   definitions of the object class and most attribute types specified in
   this document along with their associated syntaxes and matching
   rules.  The ABNF definitions have been done in accordance with [21],
   in an attempt to ease integration with LDAP-accessible Directory
   systems.  Lines have been folded in some cases to improve
   readability.

 B.1 Syntaxes

   This section defines all syntaxes that are used in this document.




Nystrom & Kaliski            Informational                     [Page 30]

RFC 2985      Selected Object Classes and Attribute Types  November 2000


  B.1.1 PKCS9String

   (
           1.2.840.113549.1.9.26.1
           DESC 'PKCS9String'
   )

   The encoding of a value in this syntax is the string value itself.

  B.1.2 SigningTime

   (
           1.2.840.113549.1.9.26.2
           DESC 'SigningTime'
   )

   Values in this syntax are encoded as printable strings, represented
   as specified in [5].  Note that the time zone must be specified.  For
   example, "199412161032Z".

 B.2 Object classes

  B.2.1 pkcsEntity

   (
           1.2.840.113549.1.9.24.1
           NAME 'pkcsEntity'
           SUP top
           AUXILIARY
           MAY (
           pKCS7PDU $ userPKCS12 $ pKCS15Token $ encryptedPrivateKeyInfo
           )
   )