cryptlib.cs

cryptlib安全工具包

	public const int SESSINFO_LAST                               = 6028;
	public const int USERINFO_FIRST                              = 7000; // ********************
	public const int USERINFO_PASSWORD                           = 7001; // Password
	public const int USERINFO_CAKEY_CERTSIGN                     = 7002; // CA cert signing key
	public const int USERINFO_CAKEY_CRLSIGN                      = 7003; // CA CRL signing key
	public const int USERINFO_CAKEY_RTCSSIGN                     = 7004; // CA RTCS signing key
	public const int USERINFO_CAKEY_OCSPSIGN                     = 7005; // CA OCSP signing key
	public const int USERINFO_LAST                               = 7006;
	public const int ATTRIBUTE_LAST                              = 7006;
	
	/****************************************************************************
	*																			*
	*						Attribute Subtypes and Related Values				*
	*																			*
	****************************************************************************/
	
	/* Flags for the X.509 keyUsage extension */
	
	public const int KEYUSAGE_NONE                            = 0x000;
	public const int KEYUSAGE_DIGITALSIGNATURE                = 0x001;
	public const int KEYUSAGE_NONREPUDIATION                  = 0x002;
	public const int KEYUSAGE_KEYENCIPHERMENT                 = 0x004;
	public const int KEYUSAGE_DATAENCIPHERMENT                = 0x008;
	public const int KEYUSAGE_KEYAGREEMENT                    = 0x010;
	public const int KEYUSAGE_KEYCERTSIGN                     = 0x020;
	public const int KEYUSAGE_CRLSIGN                         = 0x040;
	public const int KEYUSAGE_ENCIPHERONLY                    = 0x080;
	public const int KEYUSAGE_DECIPHERONLY                    = 0x100;
	public const int KEYUSAGE_LAST                            = 0x200; // Last possible value
	
	/* X.509 cRLReason and cryptlib cRLExtReason codes */
	
	public const int CRLREASON_UNSPECIFIED          = 0 ;
	public const int CRLREASON_KEYCOMPROMISE        = 1 ;
	public const int CRLREASON_CACOMPROMISE         = 2 ;
	public const int CRLREASON_AFFILIATIONCHANGED   = 3 ;
	public const int CRLREASON_SUPERSEDED           = 4 ;
	public const int CRLREASON_CESSATIONOFOPERATION = 5 ;
	public const int CRLREASON_CERTIFICATEHOLD      = 6 ;
	public const int CRLREASON_REMOVEFROMCRL        = 8 ;
	public const int CRLREASON_PRIVILEGEWITHDRAWN   = 9 ;
	public const int CRLREASON_AACOMPROMISE         = 10;
	public const int CRLREASON_LAST                 = 11; // End of standard CRL reasons
	public const int CRLREASON_NEVERVALID           = 20;
	public const int CRLEXTREASON_LAST              = 21;
	
	/* X.509 CRL reason flags.  These identify the same thing as the cRLReason
	   codes but allow for multiple reasons to be specified.  Note that these
	   don't follow the X.509 naming since in that scheme the enumerated types
	   and bitflags have the same names */
	
	public const int CRLREASONFLAG_UNUSED                     = 0x001;
	public const int CRLREASONFLAG_KEYCOMPROMISE              = 0x002;
	public const int CRLREASONFLAG_CACOMPROMISE               = 0x004;
	public const int CRLREASONFLAG_AFFILIATIONCHANGED         = 0x008;
	public const int CRLREASONFLAG_SUPERSEDED                 = 0x010;
	public const int CRLREASONFLAG_CESSATIONOFOPERATION       = 0x020;
	public const int CRLREASONFLAG_CERTIFICATEHOLD            = 0x040;
	public const int CRLREASONFLAG_LAST                       = 0x080; // Last poss.value
	
	/* X.509 CRL holdInstruction codes */
	
	public const int HOLDINSTRUCTION_NONE        = 0;
	public const int HOLDINSTRUCTION_CALLISSUER  = 1;
	public const int HOLDINSTRUCTION_REJECT      = 2;
	public const int HOLDINSTRUCTION_PICKUPTOKEN = 3;
	public const int HOLDINSTRUCTION_LAST        = 4;
	
	/* Certificate checking compliance levels */
	
	public const int COMPLIANCELEVEL_OBLIVIOUS    = 0;
	public const int COMPLIANCELEVEL_REDUCED      = 1;
	public const int COMPLIANCELEVEL_STANDARD     = 2;
	public const int COMPLIANCELEVEL_PKIX_PARTIAL = 3;
	public const int COMPLIANCELEVEL_PKIX_FULL    = 4;
	public const int COMPLIANCELEVEL_LAST         = 5;
	
	/* Flags for the Netscape netscape-cert-type extension */
	
	public const int NS_CERTTYPE_SSLCLIENT                    = 0x001;
	public const int NS_CERTTYPE_SSLSERVER                    = 0x002;
	public const int NS_CERTTYPE_SMIME                        = 0x004;
	public const int NS_CERTTYPE_OBJECTSIGNING                = 0x008;
	public const int NS_CERTTYPE_RESERVED                     = 0x010;
	public const int NS_CERTTYPE_SSLCA                        = 0x020;
	public const int NS_CERTTYPE_SMIMECA                      = 0x040;
	public const int NS_CERTTYPE_OBJECTSIGNINGCA              = 0x080;
	public const int NS_CERTTYPE_LAST                         = 0x100; // Last possible value
	
	/* Flags for the SET certificate-type extension */
	
	public const int SET_CERTTYPE_CARD                        = 0x001;
	public const int SET_CERTTYPE_MER                         = 0x002;
	public const int SET_CERTTYPE_PGWY                        = 0x004;
	public const int SET_CERTTYPE_CCA                         = 0x008;
	public const int SET_CERTTYPE_MCA                         = 0x010;
	public const int SET_CERTTYPE_PCA                         = 0x020;
	public const int SET_CERTTYPE_GCA                         = 0x040;
	public const int SET_CERTTYPE_BCA                         = 0x080;
	public const int SET_CERTTYPE_RCA                         = 0x100;
	public const int SET_CERTTYPE_ACQ                         = 0x200;
	public const int SET_CERTTYPE_LAST                        = 0x400; // Last possible value
	
	/* CMS contentType values */
	
	// CRYPT_CONTENT_TYPE
	public const int CONTENT_NONE                   = 0 ;
	public const int CONTENT_DATA                   = 1 ;
	public const int CONTENT_SIGNEDDATA             = 2 ;
	public const int CONTENT_ENVELOPEDDATA          = 3 ;
	public const int CONTENT_SIGNEDANDENVELOPEDDATA = 4 ;
	public const int CONTENT_DIGESTEDDATA           = 5 ;
	public const int CONTENT_ENCRYPTEDDATA          = 6 ;
	public const int CONTENT_COMPRESSEDDATA         = 7 ;
	public const int CONTENT_AUTHDATA               = 8 ;
	public const int CONTENT_AUTHENVDATA            = 9 ;
	public const int CONTENT_TSTINFO                = 10;
	public const int CONTENT_SPCINDIRECTDATACONTEXT = 11;
	public const int CONTENT_RTCSREQUEST            = 12;
	public const int CONTENT_RTCSRESPONSE           = 13;
	public const int CONTENT_RTCSRESPONSE_EXT       = 14;
	public const int CONTENT_LAST                   = 15;
	
	/* ESS securityClassification codes */
	
	public const int CLASSIFICATION_UNMARKED     = 0  ;
	public const int CLASSIFICATION_UNCLASSIFIED = 1  ;
	public const int CLASSIFICATION_RESTRICTED   = 2  ;
	public const int CLASSIFICATION_CONFIDENTIAL = 3  ;
	public const int CLASSIFICATION_SECRET       = 4  ;
	public const int CLASSIFICATION_TOP_SECRET   = 5  ;
	public const int CLASSIFICATION_LAST         = 255;
	
	/* RTCS certificate status */
	
	public const int CERTSTATUS_VALID            = 0;
	public const int CERTSTATUS_NOTVALID         = 1;
	public const int CERTSTATUS_NONAUTHORITATIVE = 2;
	public const int CERTSTATUS_UNKNOWN          = 3;
	
	/* OCSP revocation status */
	
	public const int OCSPSTATUS_NOTREVOKED = 0;
	public const int OCSPSTATUS_REVOKED    = 1;
	public const int OCSPSTATUS_UNKNOWN    = 2;
	
	/* The amount of detail to include in signatures when signing certificate
	   objects */
	
	// CRYPT_SIGNATURELEVEL_TYPE
	public const int SIGNATURELEVEL_NONE       = 0; // Include only signature
	public const int SIGNATURELEVEL_SIGNERCERT = 1; // Include signer cert
	public const int SIGNATURELEVEL_ALL        = 2; // Include all relevant info
	public const int SIGNATURELEVEL_LAST       = 3; // Last possible sig.level type
	
	/* The level of integrity protection to apply to enveloped data.  The 
	   default envelope protection for an envelope with keying information 
	   applied is encryption, this can be modified to use MAC-only protection
	   (with no encryption) or hybrid encryption + authentication */
	
	// CRYPT_INTEGRITY_TYPE
	public const int INTEGRITY_NONE    = 0; // No integrity protection
	public const int INTEGRITY_MACONLY = 1; // MAC only, no encryption
	public const int INTEGRITY_FULL    = 2; // Encryption + ingerity protection
	
	/* The certificate export format type, which defines the format in which a
	   certificate object is exported */
	
	// CRYPT_CERTFORMAT_TYPE
	public const int CERTFORMAT_NONE             = 0; // No certificate format
	public const int CERTFORMAT_CERTIFICATE      = 1; // DER-encoded certificate
	public const int CERTFORMAT_CERTCHAIN        = 2; // PKCS #7 certificate chain
	public const int CERTFORMAT_TEXT_CERTIFICATE = 3; // base-64 wrapped cert
	public const int CERTFORMAT_TEXT_CERTCHAIN   = 4; // base-64 wrapped cert chain
	public const int CERTFORMAT_XML_CERTIFICATE  = 5; // XML wrapped cert
	public const int CERTFORMAT_XML_CERTCHAIN    = 6; // XML wrapped cert chain
	public const int CERTFORMAT_LAST             = 7; // Last possible cert.format type
	
	/* CMP request types */
	
	// CRYPT_REQUESTTYPE_TYPE
	public const int REQUESTTYPE_NONE           = 0; // No request type
	public const int REQUESTTYPE_INITIALISATION = 1; // Initialisation request
	public const int REQUESTTYPE_INITIALIZATION = 1;
	public const int REQUESTTYPE_CERTIFICATE    = 2; // Certification request
	public const int REQUESTTYPE_KEYUPDATE      = 3; // Key update request
	public const int REQUESTTYPE_REVOCATION     = 4; // Cert revocation request
	public const int REQUESTTYPE_PKIBOOT        = 5; // PKIBoot request
	public const int REQUESTTYPE_LAST           = 6; // Last possible request type
	
	/* Key ID types */
	
	// CRYPT_KEYID_TYPE
	public const int KEYID_NONE  = 0; // No key ID type
	public const int KEYID_NAME  = 1; // Key owner name
	public const int KEYID_URI   = 2; // Key owner URI