📄 cryptlib.asn
字号:
value OCTET STRING
},
iAndSHash SEQUENCE { -- Written and read
id INTEGER (3),
value OCTET STRING SIZE(20)
},
iHash SEQUENCE { -- Written and read
id INTEGER (6),
value OCTET STRING SIZE(20)
},
sHash SEQUENCE { -- Written and read
id INTEGER (7),
value OCTET STRING SIZE(20)
},
pgp SEQUENCE { -- Written and read
id INTEGER (8),
value OCTET STRING SIZE(8)
},
openPGP SEQUENCE { -- Written and read
id INTEGER (9),
value OCTET STRING SIZE(8)
},
...
}
-/ Private key information (DLP = DSA/DH/KEA/etc) /-
PKCS15PrivateRSAKeyAttributes ::= SEQUENCE {
value [2] EnvelopedData {
SEQUENCE {
modulus [0] INTEGER OPTIONAL, -- n, not written
publicExp [1] INTEGER OPTIONAL, -- e, not written
privateExp [2] INTEGER OPTIONAL, -- d, not written
prime1 [3] INTEGER OPTIONAL, -- p
prime2 [4] INTEGER OPTIONAL, -- q
exponent1 [5] INTEGER OPTIONAL, -- d mod p-1
exponent2 [6] INTEGER OPTIONAL, -- d mod q-1
coefficient [7] INTEGER OPTIONAL -- q^-1 mod p
}
},
modulusLength INTEGER,
...
}
PKCS15PrivateDLPKeyAttributes ::= SEQUENCE {
value [2] EnvelopedData {
INTEGER -- DSA x value
},
...
}
PKCS15PrivateKey ::= CHOICE {
privateRSAKey PKCS15Object{ PKCS15CommonKeyAttributes,
PKCS15CommonPrivateKeyAttributes,
PKCS15PrivateRSAKeyAttributes },
privateDSAKey [2] PKCS15Object{ PKCS15CommonKeyAttributes,
PKCS15CommonPrivateKeyAttributes,
PKCS15PrivateDSAKeyAttributes }
}
-/ This expands out to:
SEQUENCE {
keyAttr PKCS15CommonKeyAttributes,
privKeyAttr PKCS15CommonPrivateKeyAttributes,
keyData [1] { SEQUENCE { [2] IMPLICIT { Enveloped key data } } }
} /-
-/ Public key information (DLP = DSA/DH/KEA/etc) /-
PKCS15PublicRSAKeyAttributes ::= SEQUENCE {
value [0] EXPLICIT {
[1] SubjectPublicKeyInfo
},
modulusLength INTEGER,
...
}
PKCS15PublicDLPKeyAttributes ::= SEQUENCE {
value [0] EXPLICIT SubjectPublicKeyInfo,
...
}
PKCS15PublicKey ::= CHOICE {
publicRSAKey PKCS15Object{ PKCS15CommonKeyAttributes,
PKCS15CommonPublicKeyAttributes,
PKCS15PublicRSAKeyAttributes },
publicDSAKey [2] PKCS15Object{ PKCS15CommonKeyAttributes,
PKCS15CommonPublicKeyAttributes,
PKCS15PublicDSAKeyAttributes }
}
-/ This expands out to:
SEQUENCE {
keyAttr PKCS15CommonKeyAttributes,
privKeyAttr PKCS15CommonPublicKeyAttributes,
keyData [1] { SEQUENCE { [0] { Public-key data } } }
} /-
-/ Certificate information /-
PKCS15X509CertificateAttributes ::= SEQUENCE {
value [0] Certificate,
...
}
PKCS15Certificate ::= CHOICE {
x509Certificate PKCS15Object{ PKCS15CommonCertificateAttributes,
NULL,
PKCS15X509CertificateAttributes }
}
-/ This expands out to:
SEQUENCE {
certAttr PKCS15CommonCertificateAttributes,
classAttr NULL,
certData [1] { SEQUENCE { [0] IMPLICIT Certificate } }
} /-
-/ Secret key information /-
PKCS15GenericSecretKeyAttributes ::= {
value [2] EnvelopedData {
OCTET STRING -- Raw secret key
}
}
PKCS15SecretKey ::= CHOICE {
des3Key [4] PKCS15Object{ PKCS15CommonKeyAttributes,
PKCS15CommonSecretKeyAttributes,
PKCS15GenericSecretKeyAttributes },
}
-/ This expands out to:
SEQUENCE {
keyAttr PKCS15CommonKeyAttributes,
secKeyAttr PKCS15CommonSecretKeyAttributes,
keyData [1] { [2] { Enveloped key data } }
} /-
-/ Data information /-
ConfigOption ::= SEQUENCE {
type INTEGER, -- CRYPT_PROPERTY_xxx
value ANY DEFINED BY type -- BOOLEAN, INTEGER, UTF8String
}
ConfigOptions ::= SEQUENCE OF ConfigOption
UserIndexEntry ::= SEQUENCE {
iD OCTET STRING SIZE(16), -- User ID
creatorID OCTET STRING SIZE(16), -- Creating SO's ID
name UTF8String, -- User name
fileReference INTEGER -- Reference to user file
}
UserIndex ::= SEQUENCE OF UserIndexEntry
UserInfo ::= SEQUENCE {
role ENUMERATED, -- SO/user/CA
iD OCTET STRING SIZE(16), -- User ID
creatorID OCTET STRING SIZE(16), -- Creating SO's ID
name UTF8String, -- User name
}
// Other user data, has to be stored elsewhere
// state ENUMERATED, -- SO inited/user inited/locked
// encSecKey EncryptedData OPTIONAL -- (Used for CAs)
PKCS15OidDO ::= SEQUENCE {
type OBJECT IDENTIFIER,
value ANY DEFINED BY type -- ConfigOptions/UserIndex/UserInfo
}
PKCS15Data ::= CHOICE {
oidDO [1] PKCS15Object { PKCS15CommonDataObjectAttributes,
NULL,
PKCS15OidDO }
}
-/ Overall object wrappers. The tagging is [n] PKCS15Objects.foo
[0] PKCS15ObjectValue.objects /-
PrivateKeys ::= [0][0] SEQUENCE OF PKCS15PrivateKey
PublicKeys ::= [1][0] SEQUENCE OF PKCS15PublicKey
SecretKeys ::= [3][0] SEQUENCE OF PKCS15SecretKey
Certificates ::= [4][0] SEQUENCE OF PKCS15Certificate
DataObjects ::= [7][0] SEQUENCE OF PKCS15Data
------------------------------------------------------------------------------
-- --
-- User/Config Info --
-- --
------------------------------------------------------------------------------
-/ User information /-
-/ PKI user information needed for CMP. The attributes always include an
sKID (to uniquely identify the user info) and optionally additional
template attributes that are applied to certificate(s) created for this
user. The dual use of the attributes is somewhat ugly, in theory we
could split the two into attributes required for PKI user management and
attributes to apply to the issued certificate, but because the only one
that's used for user management is the sKID it's easier to special-case
it in the cert handling code /-
userData ::= SEQUENCE {
name Name, -- Name for CMP
encAlgo AlgorithmIdentifier, -- Algo to encrypt passwords
encPW OCTET STRING, -- Encrypted passwords
attributes Attributes
}
userPW ::= SEQUENCE {
issuePW OCTET STRING SIZE(11), -- Password for ir
revPW OCTET STRING SIZE(11) -- Password for rr
}
------------------------------------------------------------------------------
-- --
-- Misc --
-- --
------------------------------------------------------------------------------
-/ OCSP /-
OCSPRequest ::= SEQUENCE {
SEQUENCE { -- tbsRequest
version [0] EXPLICIT INTEGER DEFAULT 0,
-- Must be 1 if !certID used
reqName [1] EXPLICIT ... OPTIONAL
-- Ignored
SEQUENCE { -- requestList
SEQUENCE { -- request
certID CertID,
singleReqExt
[0] EXPLICIT Extensions OPTIONAL
}
},
reqExts [2] EXPLICIT Extensions OPTIONAL
},
signature [0] EXPLICIT SEQUENCE {
sigAlgo AlgorithmIdentifier,
sig BIT STRING,
certs [0] EXPLICIT SEQUENCE OF Certificate OPTIONAL
} OPTIONAL
}
OCSPResponse ::= {
respStatus ENUMERATED, -- 0 = OK
respBytes [0] EXPLICIT SEQUENCE {
respType OBJECT IDENTIFIER, -- id-pkix-ocsp-basic
resp OCTET STRING {
SEQUENCE { -- basicOCSPResponse
SEQUENCE { -- tbsRespData
version [0] EXPLICIT ... OPTIONAL,-- Ignored
respID ..., -- Ignored
producedAt ..., -- Ignored
responses SEQUENCE {
SEQUENCE { -- singleResponse
certID ..., -- Ignored
certStatus [0] EXPLICIT = OK, else !OK
... -- Ignored
}
},
respExts[0] EXPLICIT Extensions OPTIONAL
}
sigAlgo AlgorithmIdentifier,
signature BIT STRING
certs [0] EXPLICIT SEQUENCE OF Certificate OPTIONAL
}
}
}
}
OCSPCryptlibResponse ::= {
respStatus ENUMERATED, -- 0 = OK
respBytes [0] EXPLICIT SEQUENCE {
respType OBJECT IDENTIFIER, -- cryptlibOcspBasic
resp OCTET STRING {
SEQUENCE { -- rtcsResponse
SEQUENCE { -- tbsRespData
responses SEQUENCE {
SEQUENCE { -- singleResponse
certHash
OCTET STRING SIZE(20),
status BOOLEAN
}
},
respExts Extensions OPTIONAL
}
sigAlgo AlgorithmIdentifier OPTIONAL,
signature BIT STRING OPTIONAL,
certs [0] SEQUENCE OF Certificate OPTIONAL
}
}
}
}
CertID ::= CHOICE {
certID SEQUENCE {
hashAlgo AlgorithmIdentifier,
iNameHash OCTET STRING, -- Hash of issuerName
iKeyHash OCTET STRING, -- Hash of issuer SPKI w/o tag+len
serialNo INTEGER
},
issuerAndSerial [0] IssuerAndSerialNumber,
certificate [1] Certificate,
certHash [2] OCTET STRING
}
-/ Timestamping /-
TSARequest ::= SEQUENCE {
version INTEGER (1),
msgImprint SEQUENCE {
algorithm AlgorithmIdentifier,
hash OCTET STRING
},
policy OBJECT IDENTIFIER OPTIONAL,
-- Ignored
nonce INTEGER OPTIONAL, -- Copy to output if present
includeSigCerts BOOLEAN DEFAULT FALSE,
-- Include signer certs if set
extensions [0] Extensions OPTIONAL -- Reject if present
}
TSAResponse ::= SEQUENCE {
status SEQUENCE {
status INTEGER, -- 0 = OK
... OPTIONAL
},
timeStamp ContentInfo
}
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -