1178825Sdfr-- $Id$ -- 2178825Sdfr-- Definitions from rfc2459/rfc3280 3178825Sdfr 472445SassarRFC2459 DEFINITIONS ::= BEGIN 572445Sassar 6178825SdfrIMPORTS heim_any FROM heim; 772445Sassar 8178825SdfrVersion ::= INTEGER { 9233294Sstas rfc3280_version_1(0), 10178825Sdfr rfc3280_version_2(1), 11178825Sdfr rfc3280_version_3(2) 12178825Sdfr} 1372445Sassar 14178825Sdfrid-pkcs-1 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) 15178825Sdfr rsadsi(113549) pkcs(1) 1 } 16178825Sdfrid-pkcs1-rsaEncryption OBJECT IDENTIFIER ::= { id-pkcs-1 1 } 17178825Sdfrid-pkcs1-md2WithRSAEncryption OBJECT IDENTIFIER ::= { id-pkcs-1 2 } 18178825Sdfrid-pkcs1-md5WithRSAEncryption OBJECT IDENTIFIER ::= { id-pkcs-1 4 } 19178825Sdfrid-pkcs1-sha1WithRSAEncryption OBJECT IDENTIFIER ::= { id-pkcs-1 5 } 20178825Sdfrid-pkcs1-sha256WithRSAEncryption OBJECT IDENTIFIER ::= { id-pkcs-1 11 } 21178825Sdfrid-pkcs1-sha384WithRSAEncryption OBJECT IDENTIFIER ::= { id-pkcs-1 12 } 22178825Sdfrid-pkcs1-sha512WithRSAEncryption OBJECT IDENTIFIER ::= { id-pkcs-1 13 } 23178825Sdfr 24178825Sdfrid-heim-rsa-pkcs1-x509 OBJECT IDENTIFIER ::= { 1 2 752 43 16 1 } 25178825Sdfr 26178825Sdfrid-pkcs-2 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) 27178825Sdfr rsadsi(113549) pkcs(1) 2 } 28178825Sdfrid-pkcs2-md2 OBJECT IDENTIFIER ::= { id-pkcs-2 2 } 29178825Sdfrid-pkcs2-md4 OBJECT IDENTIFIER ::= { id-pkcs-2 4 } 30178825Sdfrid-pkcs2-md5 OBJECT IDENTIFIER ::= { id-pkcs-2 5 } 31178825Sdfr 32233294Sstasid-rsa-digestAlgorithm OBJECT IDENTIFIER ::= 33178825Sdfr{ iso(1) member-body(2) us(840) rsadsi(113549) 2 } 34178825Sdfr 35178825Sdfrid-rsa-digest-md2 OBJECT IDENTIFIER ::= { id-rsa-digestAlgorithm 2 } 36178825Sdfrid-rsa-digest-md4 OBJECT IDENTIFIER ::= { id-rsa-digestAlgorithm 4 } 37178825Sdfrid-rsa-digest-md5 OBJECT IDENTIFIER ::= { id-rsa-digestAlgorithm 5 } 38178825Sdfr 39178825Sdfrid-pkcs-3 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) 40178825Sdfr rsadsi(113549) pkcs(1) 3 } 41178825Sdfr 42178825Sdfrid-pkcs3-rc2-cbc OBJECT IDENTIFIER ::= { id-pkcs-3 2 } 43178825Sdfrid-pkcs3-rc4 OBJECT IDENTIFIER ::= { id-pkcs-3 4 } 44178825Sdfrid-pkcs3-des-ede3-cbc OBJECT IDENTIFIER ::= { id-pkcs-3 7 } 45178825Sdfr 46178825Sdfrid-rsadsi-encalg OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) 47178825Sdfr rsadsi(113549) 3 } 48178825Sdfr 49178825Sdfrid-rsadsi-rc2-cbc OBJECT IDENTIFIER ::= { id-rsadsi-encalg 2 } 50178825Sdfrid-rsadsi-des-ede3-cbc OBJECT IDENTIFIER ::= { id-rsadsi-encalg 7 } 51178825Sdfr 52178825Sdfrid-secsig-sha-1 OBJECT IDENTIFIER ::= { iso(1) identified-organization(3) 53178825Sdfr oiw(14) secsig(3) algorithm(2) 26 } 54178825Sdfr 55233294Sstasid-secsig-sha-1WithRSAEncryption OBJECT IDENTIFIER ::= { iso(1) identified-organization(3) 56233294Sstas oiw(14) secsig(3) algorithm(2) 29 } 57233294Sstas 58178825Sdfrid-nistAlgorithm OBJECT IDENTIFIER ::= { 59178825Sdfr joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) 4 } 60233294Sstas 61178825Sdfrid-nist-aes-algs OBJECT IDENTIFIER ::= { id-nistAlgorithm 1 } 62178825Sdfr 63178825Sdfrid-aes-128-cbc OBJECT IDENTIFIER ::= { id-nist-aes-algs 2 } 64178825Sdfrid-aes-192-cbc OBJECT IDENTIFIER ::= { id-nist-aes-algs 22 } 65178825Sdfrid-aes-256-cbc OBJECT IDENTIFIER ::= { id-nist-aes-algs 42 } 66178825Sdfr 67178825Sdfrid-nist-sha-algs OBJECT IDENTIFIER ::= { id-nistAlgorithm 2 } 68178825Sdfr 69178825Sdfrid-sha256 OBJECT IDENTIFIER ::= { id-nist-sha-algs 1 } 70178825Sdfrid-sha224 OBJECT IDENTIFIER ::= { id-nist-sha-algs 4 } 71178825Sdfrid-sha384 OBJECT IDENTIFIER ::= { id-nist-sha-algs 2 } 72178825Sdfrid-sha512 OBJECT IDENTIFIER ::= { id-nist-sha-algs 3 } 73178825Sdfr 74178825Sdfrid-dhpublicnumber OBJECT IDENTIFIER ::= { 75178825Sdfr iso(1) member-body(2) us(840) ansi-x942(10046) 76178825Sdfr number-type(2) 1 } 77178825Sdfr 78233294Sstas-- ECC 79233294Sstas 80233294Sstasid-ecPublicKey OBJECT IDENTIFIER ::= { 81233294Sstas iso(1) member-body(2) us(840) ansi-X9-62(10045) keyType(2) 1 } 82233294Sstas 83233294Sstasid-ecDH OBJECT IDENTIFIER ::= { 84233294Sstas iso(1) identified-organization(3) certicom(132) schemes(1) 85233294Sstas ecdh(12) } 86233294Sstas 87233294Sstasid-ecMQV OBJECT IDENTIFIER ::= { 88233294Sstas iso(1) identified-organization(3) certicom(132) schemes(1) 89233294Sstas ecmqv(13) } 90233294Sstas 91233294Sstasid-ecdsa-with-SHA256 OBJECT IDENTIFIER ::= { 92233294Sstas iso(1) member-body(2) us(840) ansi-X9-62(10045) signatures(4) 93233294Sstas ecdsa-with-SHA2(3) 2 } 94233294Sstas 95233294Sstasid-ecdsa-with-SHA1 OBJECT IDENTIFIER ::= { 96233294Sstas iso(1) member-body(2) us(840) ansi-X9-62(10045) signatures(4) 1 } 97233294Sstas 98233294Sstas-- some EC group ids 99233294Sstas 100233294Sstasid-ec-group-secp256r1 OBJECT IDENTIFIER ::= { 101233294Sstas iso(1) member-body(2) us(840) ansi-X9-62(10045) curves(3) 102233294Sstas prime(1) 7 } 103233294Sstas 104233294Sstasid-ec-group-secp160r1 OBJECT IDENTIFIER ::= { 105233294Sstas iso(1) identified-organization(3) certicom(132) 0 8 } 106233294Sstas 107233294Sstasid-ec-group-secp160r2 OBJECT IDENTIFIER ::= { 108233294Sstas iso(1) identified-organization(3) certicom(132) 0 30 } 109233294Sstas 110233294Sstas-- DSA 111233294Sstas 112178825Sdfrid-x9-57 OBJECT IDENTIFIER ::= { 113233294Sstas iso(1) member-body(2) us(840) ansi-x942(10046) 4 } 114178825Sdfr 115178825Sdfrid-dsa OBJECT IDENTIFIER ::= { id-x9-57 1 } 116178825Sdfrid-dsa-with-sha1 OBJECT IDENTIFIER ::= { id-x9-57 3 } 117178825Sdfr 118178825Sdfr-- x.520 names types 119178825Sdfr 120178825Sdfrid-x520-at OBJECT IDENTIFIER ::= { joint-iso-ccitt(2) ds(5) 4 } 121178825Sdfr 122178825Sdfrid-at-commonName OBJECT IDENTIFIER ::= { id-x520-at 3 } 123178825Sdfrid-at-surname OBJECT IDENTIFIER ::= { id-x520-at 4 } 124178825Sdfrid-at-serialNumber OBJECT IDENTIFIER ::= { id-x520-at 5 } 125178825Sdfrid-at-countryName OBJECT IDENTIFIER ::= { id-x520-at 6 } 126178825Sdfrid-at-localityName OBJECT IDENTIFIER ::= { id-x520-at 7 } 127178825Sdfrid-at-stateOrProvinceName OBJECT IDENTIFIER ::= { id-x520-at 8 } 128178825Sdfrid-at-streetAddress OBJECT IDENTIFIER ::= { id-x520-at 9 } 129178825Sdfrid-at-organizationName OBJECT IDENTIFIER ::= { id-x520-at 10 } 130178825Sdfrid-at-organizationalUnitName OBJECT IDENTIFIER ::= { id-x520-at 11 } 131178825Sdfrid-at-name OBJECT IDENTIFIER ::= { id-x520-at 41 } 132178825Sdfrid-at-givenName OBJECT IDENTIFIER ::= { id-x520-at 42 } 133178825Sdfrid-at-initials OBJECT IDENTIFIER ::= { id-x520-at 43 } 134178825Sdfrid-at-generationQualifier OBJECT IDENTIFIER ::= { id-x520-at 44 } 135178825Sdfrid-at-pseudonym OBJECT IDENTIFIER ::= { id-x520-at 65 } 136178825Sdfr-- RFC 2247 137178825Sdfrid-Userid OBJECT IDENTIFIER ::= 138178825Sdfr { 0 9 2342 19200300 100 1 1 } 139178825Sdfrid-domainComponent OBJECT IDENTIFIER ::= 140178825Sdfr { 0 9 2342 19200300 100 1 25 } 141178825Sdfr 142178825Sdfr 143178825Sdfr-- rfc3280 144178825Sdfr 145178825Sdfrid-x509-ce OBJECT IDENTIFIER ::= {joint-iso-ccitt(2) ds(5) 29} 146178825Sdfr 147178825SdfrAlgorithmIdentifier ::= SEQUENCE { 148178825Sdfr algorithm OBJECT IDENTIFIER, 149178825Sdfr parameters heim_any OPTIONAL 150178825Sdfr} 151178825Sdfr 152178825SdfrAttributeType ::= OBJECT IDENTIFIER 153178825Sdfr 154178825SdfrAttributeValue ::= heim_any 155178825Sdfr 156178825SdfrDirectoryString ::= CHOICE { 157178825Sdfr ia5String IA5String, 158233294Sstas teletexString TeletexString, 159178825Sdfr printableString PrintableString, 160178825Sdfr universalString UniversalString, 161178825Sdfr utf8String UTF8String, 162178825Sdfr bmpString BMPString 163178825Sdfr} 164178825Sdfr 165178825SdfrAttribute ::= SEQUENCE { 166178825Sdfr type AttributeType, 167178825Sdfr value SET OF -- AttributeValue -- heim_any 168178825Sdfr} 169178825Sdfr 17072445SassarAttributeTypeAndValue ::= SEQUENCE { 171178825Sdfr type AttributeType, 172178825Sdfr value DirectoryString 17372445Sassar} 17472445Sassar 175178825SdfrRelativeDistinguishedName ::= SET OF AttributeTypeAndValue 17672445Sassar 17772445SassarRDNSequence ::= SEQUENCE OF RelativeDistinguishedName 17872445Sassar 179178825SdfrName ::= CHOICE { 180178825Sdfr rdnSequence RDNSequence 18172445Sassar} 18272445Sassar 183178825SdfrCertificateSerialNumber ::= INTEGER 184178825Sdfr 185178825SdfrTime ::= CHOICE { 186178825Sdfr utcTime UTCTime, 187178825Sdfr generalTime GeneralizedTime 188178825Sdfr} 189178825Sdfr 190178825SdfrValidity ::= SEQUENCE { 191178825Sdfr notBefore Time, 192178825Sdfr notAfter Time 193178825Sdfr} 194178825Sdfr 195178825SdfrUniqueIdentifier ::= BIT STRING 196178825Sdfr 197178825SdfrSubjectPublicKeyInfo ::= SEQUENCE { 198178825Sdfr algorithm AlgorithmIdentifier, 199178825Sdfr subjectPublicKey BIT STRING 200178825Sdfr} 201178825Sdfr 202178825SdfrExtension ::= SEQUENCE { 203178825Sdfr extnID OBJECT IDENTIFIER, 204178825Sdfr critical BOOLEAN OPTIONAL, -- DEFAULT FALSE XXX 205178825Sdfr extnValue OCTET STRING 206178825Sdfr} 207178825Sdfr 208178825SdfrExtensions ::= SEQUENCE SIZE (1..MAX) OF Extension 209178825Sdfr 210178825SdfrTBSCertificate ::= SEQUENCE { 211178825Sdfr version [0] Version OPTIONAL, -- EXPLICIT nnn DEFAULT 1, 212178825Sdfr serialNumber CertificateSerialNumber, 213178825Sdfr signature AlgorithmIdentifier, 214178825Sdfr issuer Name, 215178825Sdfr validity Validity, 216178825Sdfr subject Name, 217178825Sdfr subjectPublicKeyInfo SubjectPublicKeyInfo, 218178825Sdfr issuerUniqueID [1] IMPLICIT BIT STRING -- UniqueIdentifier -- OPTIONAL, 219178825Sdfr -- If present, version shall be v2 or v3 220178825Sdfr subjectUniqueID [2] IMPLICIT BIT STRING -- UniqueIdentifier -- OPTIONAL, 221178825Sdfr -- If present, version shall be v2 or v3 222178825Sdfr extensions [3] EXPLICIT Extensions OPTIONAL 223178825Sdfr -- If present, version shall be v3 224178825Sdfr} 225178825Sdfr 226178825SdfrCertificate ::= SEQUENCE { 227178825Sdfr tbsCertificate TBSCertificate, 228178825Sdfr signatureAlgorithm AlgorithmIdentifier, 229178825Sdfr signatureValue BIT STRING 230178825Sdfr} 231178825Sdfr 232178825SdfrCertificates ::= SEQUENCE OF Certificate 233178825Sdfr 234178825SdfrValidationParms ::= SEQUENCE { 235178825Sdfr seed BIT STRING, 236178825Sdfr pgenCounter INTEGER 237178825Sdfr} 238178825Sdfr 239178825SdfrDomainParameters ::= SEQUENCE { 240178825Sdfr p INTEGER, -- odd prime, p=jq +1 241178825Sdfr g INTEGER, -- generator, g 242178825Sdfr q INTEGER, -- factor of p-1 243178825Sdfr j INTEGER OPTIONAL, -- subgroup factor 244178825Sdfr validationParms ValidationParms OPTIONAL -- ValidationParms 245178825Sdfr} 246178825Sdfr 247233294Sstas-- As defined by PKCS3 248233294SstasDHParameter ::= SEQUENCE { 249233294Sstas prime INTEGER, -- odd prime, p=jq +1 250233294Sstas base INTEGER, -- generator, g 251233294Sstas privateValueLength INTEGER OPTIONAL 252233294Sstas} 253233294Sstas 254178825SdfrDHPublicKey ::= INTEGER 255178825Sdfr 256178825SdfrOtherName ::= SEQUENCE { 257178825Sdfr type-id OBJECT IDENTIFIER, 258178825Sdfr value [0] EXPLICIT heim_any 259178825Sdfr} 260178825Sdfr 261178825SdfrGeneralName ::= CHOICE { 262178825Sdfr otherName [0] IMPLICIT -- OtherName -- SEQUENCE { 263178825Sdfr type-id OBJECT IDENTIFIER, 264178825Sdfr value [0] EXPLICIT heim_any 265178825Sdfr }, 266178825Sdfr rfc822Name [1] IMPLICIT IA5String, 267178825Sdfr dNSName [2] IMPLICIT IA5String, 268178825Sdfr-- x400Address [3] IMPLICIT ORAddress,-- 269178825Sdfr directoryName [4] IMPLICIT -- Name -- CHOICE { 270178825Sdfr rdnSequence RDNSequence 271178825Sdfr }, 272178825Sdfr-- ediPartyName [5] IMPLICIT EDIPartyName, -- 273178825Sdfr uniformResourceIdentifier [6] IMPLICIT IA5String, 274178825Sdfr iPAddress [7] IMPLICIT OCTET STRING, 275178825Sdfr registeredID [8] IMPLICIT OBJECT IDENTIFIER 276178825Sdfr} 277178825Sdfr 278178825SdfrGeneralNames ::= SEQUENCE SIZE (1..MAX) OF GeneralName 279178825Sdfr 280178825Sdfrid-x509-ce-keyUsage OBJECT IDENTIFIER ::= { id-x509-ce 15 } 281178825Sdfr 282178825SdfrKeyUsage ::= BIT STRING { 283178825Sdfr digitalSignature (0), 284178825Sdfr nonRepudiation (1), 285178825Sdfr keyEncipherment (2), 286178825Sdfr dataEncipherment (3), 287178825Sdfr keyAgreement (4), 288178825Sdfr keyCertSign (5), 289178825Sdfr cRLSign (6), 290178825Sdfr encipherOnly (7), 291178825Sdfr decipherOnly (8) 292178825Sdfr} 293178825Sdfr 294178825Sdfrid-x509-ce-authorityKeyIdentifier OBJECT IDENTIFIER ::= { id-x509-ce 35 } 295178825Sdfr 296178825SdfrKeyIdentifier ::= OCTET STRING 297178825Sdfr 298178825SdfrAuthorityKeyIdentifier ::= SEQUENCE { 299178825Sdfr keyIdentifier [0] IMPLICIT OCTET STRING OPTIONAL, 300233294Sstas authorityCertIssuer [1] IMPLICIT -- GeneralName -- 301233294Sstas SEQUENCE -- SIZE (1..MAX) -- OF GeneralName OPTIONAL, 302178825Sdfr authorityCertSerialNumber [2] IMPLICIT INTEGER OPTIONAL 303178825Sdfr} 304178825Sdfr 305178825Sdfrid-x509-ce-subjectKeyIdentifier OBJECT IDENTIFIER ::= { id-x509-ce 14 } 306178825Sdfr 307178825SdfrSubjectKeyIdentifier ::= KeyIdentifier 308178825Sdfr 309178825Sdfrid-x509-ce-basicConstraints OBJECT IDENTIFIER ::= { id-x509-ce 19 } 310178825Sdfr 311178825SdfrBasicConstraints ::= SEQUENCE { 312178825Sdfr cA BOOLEAN OPTIONAL -- DEFAULT FALSE --, 313233294Sstas pathLenConstraint INTEGER (0..4294967295) OPTIONAL 314178825Sdfr} 315178825Sdfr 316178825Sdfrid-x509-ce-nameConstraints OBJECT IDENTIFIER ::= { id-x509-ce 30 } 317178825Sdfr 318178825SdfrBaseDistance ::= INTEGER -- (0..MAX) -- 319178825Sdfr 320178825SdfrGeneralSubtree ::= SEQUENCE { 321178825Sdfr base GeneralName, 322178825Sdfr minimum [0] IMPLICIT -- BaseDistance -- INTEGER OPTIONAL -- DEFAULT 0 --, 323178825Sdfr maximum [1] IMPLICIT -- BaseDistance -- INTEGER OPTIONAL 324178825Sdfr} 325178825Sdfr 326178825SdfrGeneralSubtrees ::= SEQUENCE -- SIZE (1..MAX) -- OF GeneralSubtree 327178825Sdfr 328178825SdfrNameConstraints ::= SEQUENCE { 329178825Sdfr permittedSubtrees [0] IMPLICIT -- GeneralSubtrees -- SEQUENCE OF GeneralSubtree OPTIONAL, 330178825Sdfr excludedSubtrees [1] IMPLICIT -- GeneralSubtrees -- SEQUENCE OF GeneralSubtree OPTIONAL 331178825Sdfr} 332178825Sdfr 333178825Sdfrid-x509-ce-privateKeyUsagePeriod OBJECT IDENTIFIER ::= { id-x509-ce 16 } 334178825Sdfrid-x509-ce-certificatePolicies OBJECT IDENTIFIER ::= { id-x509-ce 32 } 335178825Sdfrid-x509-ce-policyMappings OBJECT IDENTIFIER ::= { id-x509-ce 33 } 336178825Sdfrid-x509-ce-subjectAltName OBJECT IDENTIFIER ::= { id-x509-ce 17 } 337178825Sdfrid-x509-ce-issuerAltName OBJECT IDENTIFIER ::= { id-x509-ce 18 } 338178825Sdfrid-x509-ce-subjectDirectoryAttributes OBJECT IDENTIFIER ::= { id-x509-ce 9 } 339178825Sdfrid-x509-ce-policyConstraints OBJECT IDENTIFIER ::= { id-x509-ce 36 } 340178825Sdfr 341178825Sdfrid-x509-ce-extKeyUsage OBJECT IDENTIFIER ::= { id-x509-ce 37} 342178825Sdfr 343178825SdfrExtKeyUsage ::= SEQUENCE OF OBJECT IDENTIFIER 344178825Sdfr 345178825Sdfrid-x509-ce-cRLDistributionPoints OBJECT IDENTIFIER ::= { id-x509-ce 31 } 346178825Sdfrid-x509-ce-deltaCRLIndicator OBJECT IDENTIFIER ::= { id-x509-ce 27 } 347178825Sdfrid-x509-ce-issuingDistributionPoint OBJECT IDENTIFIER ::= { id-x509-ce 28 } 348178825Sdfrid-x509-ce-holdInstructionCode OBJECT IDENTIFIER ::= { id-x509-ce 23 } 349178825Sdfrid-x509-ce-invalidityDate OBJECT IDENTIFIER ::= { id-x509-ce 24 } 350178825Sdfrid-x509-ce-certificateIssuer OBJECT IDENTIFIER ::= { id-x509-ce 29 } 351178825Sdfrid-x509-ce-inhibitAnyPolicy OBJECT IDENTIFIER ::= { id-x509-ce 54 } 352178825Sdfr 353178825SdfrDistributionPointReasonFlags ::= BIT STRING { 354178825Sdfr unused (0), 355178825Sdfr keyCompromise (1), 356178825Sdfr cACompromise (2), 357178825Sdfr affiliationChanged (3), 358178825Sdfr superseded (4), 359178825Sdfr cessationOfOperation (5), 360178825Sdfr certificateHold (6), 361178825Sdfr privilegeWithdrawn (7), 362178825Sdfr aACompromise (8) 363178825Sdfr} 364178825Sdfr 365178825SdfrDistributionPointName ::= CHOICE { 366178825Sdfr fullName [0] IMPLICIT -- GeneralNames -- SEQUENCE SIZE (1..MAX) OF GeneralName, 367178825Sdfr nameRelativeToCRLIssuer [1] RelativeDistinguishedName 368178825Sdfr} 369178825Sdfr 370178825SdfrDistributionPoint ::= SEQUENCE { 371178825Sdfr distributionPoint [0] IMPLICIT heim_any -- DistributionPointName -- OPTIONAL, 372178825Sdfr reasons [1] IMPLICIT heim_any -- DistributionPointReasonFlags -- OPTIONAL, 373178825Sdfr cRLIssuer [2] IMPLICIT heim_any -- GeneralNames -- OPTIONAL 374178825Sdfr} 375178825Sdfr 376178825SdfrCRLDistributionPoints ::= SEQUENCE SIZE (1..MAX) OF DistributionPoint 377178825Sdfr 378178825Sdfr 379178825Sdfr-- rfc3279 380178825Sdfr 381178825SdfrDSASigValue ::= SEQUENCE { 382178825Sdfr r INTEGER, 383178825Sdfr s INTEGER 384178825Sdfr} 385178825Sdfr 386178825SdfrDSAPublicKey ::= INTEGER 387178825Sdfr 388178825SdfrDSAParams ::= SEQUENCE { 389178825Sdfr p INTEGER, 390178825Sdfr q INTEGER, 391178825Sdfr g INTEGER 392178825Sdfr} 393178825Sdfr 394233294Sstas-- draft-ietf-pkix-ecc-subpubkeyinfo-11 395233294Sstas 396233294SstasECPoint ::= OCTET STRING 397233294Sstas 398233294SstasECParameters ::= CHOICE { 399233294Sstas namedCurve OBJECT IDENTIFIER 400233294Sstas -- implicitCurve NULL 401233294Sstas -- specifiedCurve SpecifiedECDomain 402233294Sstas} 403233294Sstas 404233294SstasECDSA-Sig-Value ::= SEQUENCE { 405233294Sstas r INTEGER, 406233294Sstas s INTEGER 407233294Sstas} 408233294Sstas 409178825Sdfr-- really pkcs1 410178825Sdfr 411178825SdfrRSAPublicKey ::= SEQUENCE { 412178825Sdfr modulus INTEGER, -- n 413178825Sdfr publicExponent INTEGER -- e 414178825Sdfr} 415178825Sdfr 416178825SdfrRSAPrivateKey ::= SEQUENCE { 417178825Sdfr version INTEGER (0..4294967295), 418178825Sdfr modulus INTEGER, -- n 419178825Sdfr publicExponent INTEGER, -- e 420178825Sdfr privateExponent INTEGER, -- d 421178825Sdfr prime1 INTEGER, -- p 422178825Sdfr prime2 INTEGER, -- q 423178825Sdfr exponent1 INTEGER, -- d mod (p-1) 424178825Sdfr exponent2 INTEGER, -- d mod (q-1) 425178825Sdfr coefficient INTEGER -- (inverse of q) mod p 426178825Sdfr} 427178825Sdfr 428178825SdfrDigestInfo ::= SEQUENCE { 429178825Sdfr digestAlgorithm AlgorithmIdentifier, 430178825Sdfr digest OCTET STRING 431178825Sdfr} 432178825Sdfr 433178825Sdfr-- some ms ext 434178825Sdfr 435178825Sdfr-- szOID_ENROLL_CERTTYPE_EXTENSION "1.3.6.1.4.1.311.20.2" is Encoded as a 436178825Sdfr 437178825Sdfr-- UNICODESTRING (0x1E tag) 438178825Sdfr 439178825Sdfr-- szOID_CERTIFICATE_TEMPLATE "1.3.6.1.4.1.311.21.7" is Encoded as: 440178825Sdfr 441233294Sstas-- TemplateVersion ::= INTEGER (0..4294967295) 442178825Sdfr 443178825Sdfr-- CertificateTemplate ::= SEQUENCE { 444178825Sdfr-- templateID OBJECT IDENTIFIER, 445178825Sdfr-- templateMajorVersion TemplateVersion, 446178825Sdfr-- templateMinorVersion TemplateVersion OPTIONAL 447178825Sdfr-- } 448178825Sdfr 449178825Sdfr 450178825Sdfr-- 451178825Sdfr-- CRL 452233294Sstas-- 453178825Sdfr 454178825SdfrTBSCRLCertList ::= SEQUENCE { 455178825Sdfr version Version OPTIONAL, -- if present, MUST be v2 456178825Sdfr signature AlgorithmIdentifier, 457178825Sdfr issuer Name, 458178825Sdfr thisUpdate Time, 459178825Sdfr nextUpdate Time OPTIONAL, 460178825Sdfr revokedCertificates SEQUENCE OF SEQUENCE { 461178825Sdfr userCertificate CertificateSerialNumber, 462178825Sdfr revocationDate Time, 463178825Sdfr crlEntryExtensions Extensions OPTIONAL 464178825Sdfr -- if present, MUST be v2 465178825Sdfr } OPTIONAL, 466178825Sdfr crlExtensions [0] EXPLICIT Extensions OPTIONAL 467178825Sdfr -- if present, MUST be v2 468178825Sdfr} 469178825Sdfr 470178825Sdfr 471178825SdfrCRLCertificateList ::= SEQUENCE { 472178825Sdfr tbsCertList TBSCRLCertList, 473178825Sdfr signatureAlgorithm AlgorithmIdentifier, 474178825Sdfr signatureValue BIT STRING 475178825Sdfr} 476178825Sdfr 477178825Sdfrid-x509-ce-cRLNumber OBJECT IDENTIFIER ::= { id-x509-ce 20 } 478178825Sdfrid-x509-ce-freshestCRL OBJECT IDENTIFIER ::= { id-x509-ce 46 } 479178825Sdfrid-x509-ce-cRLReason OBJECT IDENTIFIER ::= { id-x509-ce 21 } 480178825Sdfr 481178825SdfrCRLReason ::= ENUMERATED { 482178825Sdfr unspecified (0), 483178825Sdfr keyCompromise (1), 484178825Sdfr cACompromise (2), 485178825Sdfr affiliationChanged (3), 486178825Sdfr superseded (4), 487178825Sdfr cessationOfOperation (5), 488178825Sdfr certificateHold (6), 489178825Sdfr removeFromCRL (8), 490178825Sdfr privilegeWithdrawn (9), 491178825Sdfr aACompromise (10) 492178825Sdfr} 493178825Sdfr 494178825SdfrPKIXXmppAddr ::= UTF8String 495178825Sdfr 496178825Sdfrid-pkix OBJECT IDENTIFIER ::= { iso(1) identified-organization(3) 497178825Sdfr dod(6) internet(1) security(5) mechanisms(5) pkix(7) } 498178825Sdfr 499178825Sdfrid-pkix-on OBJECT IDENTIFIER ::= { id-pkix 8 } 500178825Sdfrid-pkix-on-xmppAddr OBJECT IDENTIFIER ::= { id-pkix-on 5 } 501178825Sdfrid-pkix-on-dnsSRV OBJECT IDENTIFIER ::= { id-pkix-on 7 } 502178825Sdfr 503178825Sdfrid-pkix-kp OBJECT IDENTIFIER ::= { id-pkix 3 } 504178825Sdfrid-pkix-kp-serverAuth OBJECT IDENTIFIER ::= { id-pkix-kp 1 } 505178825Sdfrid-pkix-kp-clientAuth OBJECT IDENTIFIER ::= { id-pkix-kp 2 } 506178825Sdfrid-pkix-kp-emailProtection OBJECT IDENTIFIER ::= { id-pkix-kp 4 } 507178825Sdfrid-pkix-kp-timeStamping OBJECT IDENTIFIER ::= { id-pkix-kp 8 } 508178825Sdfrid-pkix-kp-OCSPSigning OBJECT IDENTIFIER ::= { id-pkix-kp 9 } 509178825Sdfr 510178825Sdfrid-pkix-pe OBJECT IDENTIFIER ::= { id-pkix 1 } 511178825Sdfr 512178825Sdfrid-pkix-pe-authorityInfoAccess OBJECT IDENTIFIER ::= { id-pkix-pe 1 } 513178825Sdfr 514178825SdfrAccessDescription ::= SEQUENCE { 515178825Sdfr accessMethod OBJECT IDENTIFIER, 516178825Sdfr accessLocation GeneralName 517178825Sdfr} 518178825Sdfr 519178825SdfrAuthorityInfoAccessSyntax ::= SEQUENCE SIZE (1..MAX) OF AccessDescription 520178825Sdfr 521178825Sdfr-- RFC 3820 Proxy Certificate Profile 522178825Sdfr 523178825Sdfrid-pkix-pe-proxyCertInfo OBJECT IDENTIFIER ::= { id-pkix-pe 14 } 524178825Sdfr 525178825Sdfrid-pkix-ppl OBJECT IDENTIFIER ::= { id-pkix 21 } 526178825Sdfr 527178825Sdfrid-pkix-ppl-anyLanguage OBJECT IDENTIFIER ::= { id-pkix-ppl 0 } 528178825Sdfrid-pkix-ppl-inheritAll OBJECT IDENTIFIER ::= { id-pkix-ppl 1 } 529178825Sdfrid-pkix-ppl-independent OBJECT IDENTIFIER ::= { id-pkix-ppl 2 } 530178825Sdfr 531178825SdfrProxyPolicy ::= SEQUENCE { 532178825Sdfr policyLanguage OBJECT IDENTIFIER, 533178825Sdfr policy OCTET STRING OPTIONAL 534178825Sdfr} 535178825Sdfr 536178825SdfrProxyCertInfo ::= SEQUENCE { 537178825Sdfr pCPathLenConstraint INTEGER (0..4294967295) OPTIONAL, -- really MAX 538178825Sdfr proxyPolicy ProxyPolicy 539178825Sdfr} 540178825Sdfr 541178825Sdfr--- U.S. Federal PKI Common Policy Framework 542178825Sdfr-- Card Authentication key 543178825Sdfrid-uspkicommon-card-id OBJECT IDENTIFIER ::= { 2 16 840 1 101 3 6 6 } 544178825Sdfrid-uspkicommon-piv-interim OBJECT IDENTIFIER ::= { 2 16 840 1 101 3 6 9 1 } 545178825Sdfr 546178825Sdfr--- Netscape extentions 547178825Sdfr 548233294Sstasid-netscape OBJECT IDENTIFIER ::= 549178825Sdfr { joint-iso-itu-t(2) country(16) us(840) organization(1) netscape(113730) } 550178825Sdfrid-netscape-cert-comment OBJECT IDENTIFIER ::= { id-netscape 1 13 } 551178825Sdfr 552178825Sdfr--- MS extentions 553178825Sdfr 554233294Sstasid-ms-cert-enroll-domaincontroller OBJECT IDENTIFIER ::= 555178825Sdfr { 1 3 6 1 4 1 311 20 2 } 556178825Sdfr 557233294Sstasid-ms-client-authentication OBJECT IDENTIFIER ::= 558178825Sdfr { 1 3 6 1 5 5 7 3 2 } 559178825Sdfr 560178825Sdfr-- DER:1e:20:00:44:00:6f:00:6d:00:61:00:69:00:6e:00:43:00:6f:00:6e:00:74:00:72:00:6f:00:6c:00:6c:00:65:00:72 561178825Sdfr 562178825SdfrEND 563