cryptlib.bas

cryptlib安全工具包

    CRYPT_SESSINFO_VERSION          ' Protocol version 
    CRYPT_SESSINFO_REQUEST          ' Cert.request object 
    CRYPT_SESSINFO_RESPONSE         ' Cert.response object 
    CRYPT_SESSINFO_CACERTIFICATE    ' Issuing CA certificate 

    ' Protocol-specific information 
    CRYPT_SESSINFO_TSP_MSGIMPRINT   ' TSP message imprint 
    CRYPT_SESSINFO_CMP_REQUESTTYPE  ' Request type 
    CRYPT_SESSINFO_CMP_PKIBOOT      ' Enable PKIBoot facility 
    CRYPT_SESSINFO_CMP_PRIVKEYSET   ' Private-key keyset 
    CRYPT_SESSINFO_SSH_CHANNEL      ' SSH current channel 
    CRYPT_SESSINFO_SSH_CHANNEL_TYPE ' SSH channel type 
    CRYPT_SESSINFO_SSH_CHANNEL_ARG1 ' SSH channel argument 1 
    CRYPT_SESSINFO_SSH_CHANNEL_ARG2 ' SSH channel argument 2 
    CRYPT_SESSINFO_SSH_CHANNEL_ACTIVE ' SSH channel active 

    ' Used internally 
    CRYPT_SESSINFO_LAST
    CRYPT_USERINFO_FIRST = 7000

    '********************
    ' User attributes 
    '********************

    ' Security-related information 
    CRYPT_USERINFO_PASSWORD         ' Password 

    ' User role-related information 
    CRYPT_USERINFO_CAKEY_CERTSIGN   ' CA cert signing key 
    CRYPT_USERINFO_CAKEY_CRLSIGN    ' CA CRL signing key 
    CRYPT_USERINFO_CAKEY_RTCSSIGN   ' CA RTCS signing key 
    CRYPT_USERINFO_CAKEY_OCSPSIGN   ' CA OCSP signing key 

    ' Used internally for range checking 
    CRYPT_USERINFO_LAST
    CRYPT_ATTRIBUTE_LAST = CRYPT_USERINFO_LAST

    

End Enum

'****************************************************************************
'*                                                                           *
'*                       Attribute Subtypes and Related Values               *
'*                                                                           *
'****************************************************************************

' Flags for the X.509 keyUsage extension 

  Public Const CRYPT_KEYUSAGE_NONE As Long = &H000
  Public Const CRYPT_KEYUSAGE_DIGITALSIGNATURE As Long = &H001
  Public Const CRYPT_KEYUSAGE_NONREPUDIATION As Long = &H002
  Public Const CRYPT_KEYUSAGE_KEYENCIPHERMENT As Long = &H004
  Public Const CRYPT_KEYUSAGE_DATAENCIPHERMENT As Long = &H008
  Public Const CRYPT_KEYUSAGE_KEYAGREEMENT As Long = &H010
  Public Const CRYPT_KEYUSAGE_KEYCERTSIGN As Long = &H020
  Public Const CRYPT_KEYUSAGE_CRLSIGN As Long = &H040
  Public Const CRYPT_KEYUSAGE_ENCIPHERONLY As Long = &H080
  Public Const CRYPT_KEYUSAGE_DECIPHERONLY As Long = &H100
  Public Const CRYPT_KEYUSAGE_LAST As Long = &H200   ' Last possible value 

' X.509 cRLReason and cryptlib cRLExtReason codes 

  Public Const CRYPT_CRLREASON_UNSPECIFIED As Long = 0
  Public Const CRYPT_CRLREASON_KEYCOMPROMISE As Long = 1
  Public Const CRYPT_CRLREASON_CACOMPROMISE As Long = 2
  Public Const CRYPT_CRLREASON_AFFILIATIONCHANGED As Long = 3
  Public Const CRYPT_CRLREASON_SUPERSEDED As Long = 4
  Public Const CRYPT_CRLREASON_CESSATIONOFOPERATION As Long = 5
  Public Const CRYPT_CRLREASON_CERTIFICATEHOLD As Long = 6
  Public Const CRYPT_CRLREASON_REMOVEFROMCRL As Long = 8
  Public Const CRYPT_CRLREASON_PRIVILEGEWITHDRAWN As Long = 9
  Public Const CRYPT_CRLREASON_AACOMPROMISE As Long = 10
  Public Const CRYPT_CRLREASON_LAST As Long = 11
  Public Const CRYPT_CRLREASON_NEVERVALID As Long = 20
  Public Const CRYPT_CRLEXTREASON_LAST  As Long = 21


'  X.509 CRL reason flags.  These identify the same thing as the cRLReason
'  codes but allow for multiple reasons to be specified.  Note that these
'  don't follow the X.509 naming since in that scheme the enumerated types
'  and bitflags have the same names 

  Public Const CRYPT_CRLREASONFLAG_UNUSED As Long = &H001
  Public Const CRYPT_CRLREASONFLAG_KEYCOMPROMISE As Long = &H002
  Public Const CRYPT_CRLREASONFLAG_CACOMPROMISE As Long = &H004
  Public Const CRYPT_CRLREASONFLAG_AFFILIATIONCHANGED As Long = &H008
  Public Const CRYPT_CRLREASONFLAG_SUPERSEDED As Long = &H010
  Public Const CRYPT_CRLREASONFLAG_CESSATIONOFOPERATION As Long = &H020
  Public Const CRYPT_CRLREASONFLAG_CERTIFICATEHOLD As Long = &H040
  Public Const CRYPT_CRLREASONFLAG_LAST As Long = &H080   ' Last poss.value 

' X.509 CRL holdInstruction codes 

  Public Const CRYPT_HOLDINSTRUCTION_NONE As Long = 0
  Public Const CRYPT_HOLDINSTRUCTION_CALLISSUER As Long = 1
  Public Const CRYPT_HOLDINSTRUCTION_REJECT As Long = 2
  Public Const CRYPT_HOLDINSTRUCTION_PICKUPTOKEN As Long = 3
  Public Const CRYPT_HOLDINSTRUCTION_LAST  As Long = 4


' Certificate checking compliance levels 

  Public Const CRYPT_COMPLIANCELEVEL_OBLIVIOUS As Long = 0
  Public Const CRYPT_COMPLIANCELEVEL_REDUCED As Long = 1
  Public Const CRYPT_COMPLIANCELEVEL_STANDARD As Long = 2
  Public Const CRYPT_COMPLIANCELEVEL_PKIX_PARTIAL As Long = 3
  Public Const CRYPT_COMPLIANCELEVEL_PKIX_FULL As Long = 4
  Public Const CRYPT_COMPLIANCELEVEL_LAST  As Long = 5


' Flags for the Netscape netscape-cert-type extension 

  Public Const CRYPT_NS_CERTTYPE_SSLCLIENT As Long = &H001
  Public Const CRYPT_NS_CERTTYPE_SSLSERVER As Long = &H002
  Public Const CRYPT_NS_CERTTYPE_SMIME As Long = &H004
  Public Const CRYPT_NS_CERTTYPE_OBJECTSIGNING As Long = &H008
  Public Const CRYPT_NS_CERTTYPE_RESERVED As Long = &H010
  Public Const CRYPT_NS_CERTTYPE_SSLCA As Long = &H020
  Public Const CRYPT_NS_CERTTYPE_SMIMECA As Long = &H040
  Public Const CRYPT_NS_CERTTYPE_OBJECTSIGNINGCA As Long = &H080
  Public Const CRYPT_NS_CERTTYPE_LAST As Long = &H100   ' Last possible value 

' Flags for the SET certificate-type extension 

  Public Const CRYPT_SET_CERTTYPE_CARD As Long = &H001
  Public Const CRYPT_SET_CERTTYPE_MER As Long = &H002
  Public Const CRYPT_SET_CERTTYPE_PGWY As Long = &H004
  Public Const CRYPT_SET_CERTTYPE_CCA As Long = &H008
  Public Const CRYPT_SET_CERTTYPE_MCA As Long = &H010
  Public Const CRYPT_SET_CERTTYPE_PCA As Long = &H020
  Public Const CRYPT_SET_CERTTYPE_GCA As Long = &H040
  Public Const CRYPT_SET_CERTTYPE_BCA As Long = &H080
  Public Const CRYPT_SET_CERTTYPE_RCA As Long = &H100
  Public Const CRYPT_SET_CERTTYPE_ACQ As Long = &H200
  Public Const CRYPT_SET_CERTTYPE_LAST As Long = &H400   ' Last possible value 

' CMS contentType values 

Public Enum CRYPT_CONTENT_TYPE
 CRYPT_CONTENT_NONE
 CRYPT_CONTENT_DATA
               CRYPT_CONTENT_SIGNEDDATA
               CRYPT_CONTENT_ENVELOPEDDATA
               CRYPT_CONTENT_SIGNEDANDENVELOPEDDATA
               CRYPT_CONTENT_DIGESTEDDATA
               CRYPT_CONTENT_ENCRYPTEDDATA
               CRYPT_CONTENT_COMPRESSEDDATA
               CRYPT_CONTENT_AUTHDATA
               CRYPT_CONTENT_AUTHENVDATA
               CRYPT_CONTENT_TSTINFO
               CRYPT_CONTENT_SPCINDIRECTDATACONTEXT
               CRYPT_CONTENT_RTCSREQUEST
               CRYPT_CONTENT_RTCSRESPONSE
               CRYPT_CONTENT_RTCSRESPONSE_EXT
               CRYPT_CONTENT_LAST
             

End Enum

' ESS securityClassification codes 

  Public Const CRYPT_CLASSIFICATION_UNMARKED As Long = 0
  Public Const CRYPT_CLASSIFICATION_UNCLASSIFIED As Long = 1
  Public Const CRYPT_CLASSIFICATION_RESTRICTED As Long = 2
  Public Const CRYPT_CLASSIFICATION_CONFIDENTIAL As Long = 3
  Public Const CRYPT_CLASSIFICATION_SECRET As Long = 4
  Public Const CRYPT_CLASSIFICATION_TOP_SECRET As Long = 5
  Public Const CRYPT_CLASSIFICATION_LAST As Long = 255


' RTCS certificate status 

  Public Const CRYPT_CERTSTATUS_VALID As Long = 0
  Public Const CRYPT_CERTSTATUS_NOTVALID As Long = 1
  Public Const CRYPT_CERTSTATUS_NONAUTHORITATIVE As Long = 2
  Public Const CRYPT_CERTSTATUS_UNKNOWN  As Long = 3


' OCSP revocation status 

  Public Const CRYPT_OCSPSTATUS_NOTREVOKED As Long = 0
  Public Const CRYPT_OCSPSTATUS_REVOKED As Long = 1
  Public Const CRYPT_OCSPSTATUS_UNKNOWN  As Long = 2


'  The amount of detail to include in signatures when signing certificate
'  objects 

Public Enum CRYPT_SIGNATURELEVEL_TYPE

    CRYPT_SIGNATURELEVEL_NONE       ' Include only signature 
    CRYPT_SIGNATURELEVEL_SIGNERCERT ' Include signer cert 
    CRYPT_SIGNATURELEVEL_ALL        ' Include all relevant info 
    CRYPT_SIGNATURELEVEL_LAST       ' Last possible sig.level type 
    

End Enum

'  The level of integrity protection to apply to enveloped data.  The 
'  default envelope protection for an envelope with keying information 
'  applied is encryption, this can be modified to use MAC-only protection
'  (with no encryption) or hybrid encryption + authentication 

Public Enum CRYPT_INTEGRITY_TYPE

    CRYPT_INTEGRITY_NONE            ' No integrity protection 
    CRYPT_INTEGRITY_MACONLY         ' MAC only, no encryption 
    CRYPT_INTEGRITY_FULL            ' Encryption + ingerity protection 
    

End Enum

'  The certificate export format type, which defines the format in which a
'  certificate object is exported 

Public Enum CRYPT_CERTFORMAT_TYPE

    CRYPT_CERTFORMAT_NONE           ' No certificate format 
    CRYPT_CERTFORMAT_CERTIFICATE    ' DER-encoded certificate 
    CRYPT_CERTFORMAT_CERTCHAIN      ' PKCS #7 certificate chain 
    CRYPT_CERTFORMAT_TEXT_CERTIFICATE   ' base-64 wrapped cert 
    CRYPT_CERTFORMAT_TEXT_CERTCHAIN     ' base-64 wrapped cert chain 
    CRYPT_CERTFORMAT_XML_CERTIFICATE    ' XML wrapped cert 
    CRYPT_CERTFORMAT_XML_CERTCHAIN  ' XML wrapped cert chain 
    CRYPT_CERTFORMAT_LAST           ' Last possible cert.format type 
    

End Enum

' CMP request types 

Public Enum CRYPT_REQUESTTYPE_TYPE

    CRYPT_REQUESTTYPE_NONE          ' No request type 
    CRYPT_REQUESTTYPE_INITIALISATION    ' Initialisation request 
        CRYPT_REQUESTTYPE_INITIALIZATION = CRYPT_REQUESTTYPE_INITIALISATION
    CRYPT_REQUESTTYPE_CERTIFICATE   ' Certification request 
    CRYPT_REQUESTTYPE_KEYUPDATE     ' Key update request 
    CRYPT_REQUESTTYPE_REVOCATION    ' Cert revocation request 
    CRYPT_REQUESTTYPE_PKIBOOT       ' PKIBoot request 
    CRYPT_REQUESTTYPE_LAST          ' Last possible request type 
    

End Enum

' Key ID types 

Public Enum CRYPT_KEYID_TYPE

    CRYPT_KEYID_NONE                ' No key ID type 
    CRYPT_KEYID_NAME                ' Key owner name 
    CRYPT_KEYID_URI                 ' Key owner URI 
        CRYPT_KEYID_EMAIL = CRYPT_KEYID_URI  ' Synonym: owner email addr.
    CRYPT_KEYID_LAST                ' Last possible key ID type 
    

End Enum

' The encryption object types 

Public Enum CRYPT_OBJECT_TYPE

    CRYPT_OBJECT_NONE               ' No object type 
    CRYPT_OBJECT_ENCRYPTED_KEY      ' Conventionally encrypted key 
    CRYPT_OBJECT_PKCENCRYPTED_KEY   ' PKC-encrypted key 
    CRYPT_OBJECT_KEYAGREEMENT       ' Key agreement information 
    CRYPT_OBJECT_SIGNATURE          ' Signature 
    CRYPT_OBJECT_LAST               ' Last possible object type 
    

End Enum

' Object/attribute error type information 

Public Enum CRYPT_ERRTYPE_TYPE

    CRYPT_ERRTYPE_NONE              ' No error information 
    CRYPT_ERRTYPE_ATTR_SIZE         ' Attribute data too small or large 
    CRYPT_ERRTYPE_ATTR_VALUE        ' Attribute value is invalid 
    CRYPT_ERRTYPE_ATTR_ABSENT       ' Required attribute missing 
    CRYPT_ERRTYPE_ATTR_PRESENT      ' Non-allowed attribute present 
    CRYPT_ERRTYPE_CONSTRAINT        ' Cert: Constraint violation in object 
    CRYPT_ERRTYPE_ISSUERCONSTRAINT  ' Cert: Constraint viol.in issuing cert 
    CRYPT_ERRTYPE_LAST              ' Last possible error info type 
    

End Enum

' Cert store management action type 

Public Enum CRYPT_CERTACTION_TYPE

    CRYPT_CERTACTION_NONE           ' No cert management action 
    CRYPT_CERTACTION_CREATE         ' Create cert store 
    CRYPT_CERTACTION_CONNECT        ' Connect to cert store 
    CRYPT_CERTACTION_DISCONNECT     ' Disconnect from cert store 
    CRYPT_CERTACTION_ERROR          ' Error information 
    CRYPT_CERTACTION_ADDUSER        ' Add PKI user 
    CRYPT_CERTACTION_DELETEUSER     ' Delete PKI user 
    CRYPT_CERTACTION_REQUEST_CERT   ' Cert request 
    CRYPT_CERTACTION_REQUEST_RENEWAL ' Cert renewal request 
    CRYPT_CERTACTION_REQUEST_REVOCATION ' Cert revocation request 
    CRYPT_CERTACTION_CERT_CREATION  ' Cert creation 
    CRYPT_CERTACTION_CERT_CREATION_COMPLETE ' Confirmation of cert creation 
    CRYPT_CERTACTION_CERT_CREATION_DROP     ' Cancellation of cert creation 
    CRYPT_CERTACTION_CERT_CREATION_REVERSE  ' Cancel of creation w.revocation 
    CRYPT_CERTACTION_RESTART_CLEANUP  ' Delete reqs after restart 
    CRYPT_CERTACTION_RESTART_REVOKE_CERT  ' Complete revocation after restart 
    CRYPT_CERTACTION_ISSUE_CERT     ' Cert issue