<?xml version="1.0" encoding="utf-8" ?>
<!DOCTYPE chapter SYSTEM "chapter.dtd">
<chapter>
<header>
<copyright>
<year>2008</year>
<year>2015</year>
<holder>Ericsson AB, All Rights Reserved</holder>
</copyright>
<legalnotice>
The contents of this file are subject to the Erlang Public License,
Version 1.1, (the "License"); you may not use this file except in
compliance with the License. You should have received a copy of the
Erlang Public License along with this software. If not, it can be
retrieved online at http://www.erlang.org/.
Software distributed under the License is distributed on an "AS IS"
basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
the License for the specific language governing rights and limitations
under the License.
The Initial Developer of the Original Code is Ericsson AB.
</legalnotice>
<title>Public-Key Records</title>
<prepared>Ingela Anderton Andin</prepared>
<responsible></responsible>
<docno></docno>
<approved></approved>
<checked></checked>
<date>2008-02-06</date>
<rev>A</rev>
<file>public_key_records.xml</file>
</header>
<p>This chapter briefly describes Erlang records derived from ASN.1
specifications used to handle public key infrastructure.
The scope is to describe the data types of each component,
not the semantics. For information on the
semantics, refer to the relevant standards and RFCs linked in the sections below.</p>
<p>Use the following include directive to get access to the
records and constant macros described in the following sections:</p>
<code> -include_lib("public_key/include/public_key.hrl"). </code>
<section>
<title>Data Types</title>
<p>Common non-standard Erlang
data types used to describe the record fields in the
following sections and which are not defined in the Public Key <seealso
marker="public_key">Reference Manual</seealso>
follows here:</p>
<taglist>
<tag><c>time()</c></tag>
<item><p>= <c>uct_time() | general_time()</c></p></item>
<tag><c>uct_time()</c></tag>
<item><p>= <c>{utcTime, "YYMMDDHHMMSSZ"}</c></p></item>
<tag><c>general_time()</c></tag>
<item><p>= <c>{generalTime, "YYYYMMDDHHMMSSZ"}</c></p></item>
<tag><c>general_name()</c></tag>
<item>= <p><c>{rfc822Name, string()}</c></p>
<p><c>| {dNSName, string()}</c></p>
<p><c>| {x400Address, string()}</c></p>
<p><c>| {directoryName, {rdnSequence, [#AttributeTypeAndValue'{}]}}</c></p>
<p><c>| {eidPartyName, special_string()}</c></p>
<p><c>| {eidPartyName, special_string(), special_string()}</c></p>
<p><c>| {uniformResourceIdentifier, string()}</c></p>
<p><c>| {ipAddress, string()}</c></p>
<p><c>| {registeredId, oid()}</c></p>
<p><c>| {otherName, term()}</c></p>
</item>
<tag><c>special_string()</c></tag>
<item>= <p><c>{teletexString, string()}</c></p>
<p><c>| {printableString, string()}</c></p>
<p><c>| {universalString, string()}</c></p>
<p><c>| {utf8String, binary()}</c></p>
<p><c>| {bmpString, string()}</c></p>
</item>
<tag><c>dist_reason()</c></tag>
<item>= <p><c>unused</c></p>
<p><c>| keyCompromise</c></p>
<p><c>| cACompromise</c></p>
<p><c>| affiliationChanged</c></p>
<p><c>| superseded</c></p>
<p><c>| cessationOfOperation</c></p>
<p><c>| certificateHold</c></p>
<p><c>| privilegeWithdrawn</c></p>
<p><c>| aACompromise</c></p>
</item>
</taglist>
</section>
<section>
<title>RSA</title>
<p>Erlang representation of <url href="http://www.ietf.org/rfc/rfc3447.txt">
Rivest-Shamir-Adleman cryptosystem (RSA)</url> keys follows:</p>
<code>
#'RSAPublicKey'{
modulus, % integer()
publicExponent % integer()
}.
#'RSAPrivateKey'{
version, % two-prime | multi
modulus, % integer()
publicExponent, % integer()
privateExponent, % integer()
prime1, % integer()
prime2, % integer()
exponent1, % integer()
exponent2, % integer()
coefficient, % integer()
otherPrimeInfos % [#OtherPrimeInfo{}] | asn1_NOVALUE
}.
#'OtherPrimeInfo'{
prime, % integer()
exponent, % integer()
coefficient % integer()
}. </code>
</section>
<section>
<title>DSA</title>
<p>Erlang representation of <url href="http://www.ietf.org/rfc/rfc6979.txt">Digigital Signature Algorithm (DSA)</url> keys</p>
<code>
#'DSAPrivateKey',{
version, % integer()
p, % integer()
q, % integer()
g, % integer()
y, % integer()
x % integer()
}.
#'Dss-Parms',{
p, % integer()
q, % integer()
g % integer()
}. </code>
</section>
<section>
<title>ECDSA </title>
<p>Erlang representation of <url href="http://www.ietf.org/rfc/rfc6979.txt">Elliptic Curve Digital Signature Algorithm (ECDSA)</url> keys follows:</p>
<code>
#'ECPrivateKey'{
version, % integer()
privateKey, % binary()
parameters, % der_encoded() - {'EcpkParameters', #'ECParameters'{}} |
{'EcpkParameters', {namedCurve, oid()}} |
{'EcpkParameters', 'NULL'} % Inherited by CA
publicKey % bitstring()
}.
#'ECParameters'{
version, % integer()
fieldID, % #'FieldID'{}
curve, % #'Curve'{}
base, % binary()
order, % integer()
cofactor % integer()
}.
#'Curve'{
a, % binary()
b, % binary()
seed % bitstring() - optional
}.
#'FieldID'{
fieldType, % oid()
parameters % Depending on fieldType
}.
#'ECPoint'{
point % binary() - the public key
}.</code>
</section>
<section>
<title>PKIX Certificates</title>
<p>Erlang representation of PKIX certificates derived from ASN.1
specifications see also <url href="http://www.ietf.org/rfc/rfc5280.txt">X509 certificates (RFC 5280)</url> are as follows:</p>
<code>
#'Certificate'{
tbsCertificate, % #'TBSCertificate'{}
signatureAlgorithm, % #'AlgorithmIdentifier'{}
signature % bitstring()
}.
#'TBSCertificate'{
version, % v1 | v2 | v3
serialNumber, % integer()
signature, % #'AlgorithmIdentifier'{}
issuer, % {rdnSequence, [#AttributeTypeAndValue'{}]}
validity, % #'Validity'{}
subject, % {rdnSequence, [#AttributeTypeAndValue'{}]}
subjectPublicKeyInfo, % #'SubjectPublicKeyInfo'{}
issuerUniqueID, % binary() | asn1_novalue
subjectUniqueID, % binary() | asn1_novalue
extensions % [#'Extension'{}]
}.
#'AlgorithmIdentifier'{
algorithm, % oid()
parameters % der_encoded()
}.</code>
<code>
#'OTPCertificate'{
tbsCertificate, % #'OTPTBSCertificate'{}
signatureAlgorithm, % #'SignatureAlgorithm'
signature % bitstring()
}.
#'OTPTBSCertificate'{
version, % v1 | v2 | v3
serialNumber, % integer()
signature, % #'SignatureAlgorithm'
issuer, % {rdnSequence, [#AttributeTypeAndValue'{}]}
validity, % #'Validity'{}
subject, % {rdnSequence, [#AttributeTypeAndValue'{}]}
subjectPublicKeyInfo, % #'OTPSubjectPublicKeyInfo'{}
issuerUniqueID, % binary() | asn1_novalue
subjectUniqueID, % binary() | asn1_novalue
extensions % [#'Extension'{}]
}.
#'SignatureAlgorithm'{
algorithm, % id_signature_algorithm()
parameters % asn1_novalue | #'Dss-Parms'{}
}.</code>
<p>Here, <c>id_signature_algorithm()</c> = ?OID name, for available OID names, for example
<c>?id-dsa-with-sha1</c>. That is, by prepending "?" to the OID name, represented as an Erlang atom.</p>
<p>The available OID names are as follows:</p>
<table>
<row>
<cell align="left" valign="middle"><em>OID Name</em></cell>
</row>
<row>
<cell align="left" valign="middle">id-dsa-with-sha1</cell>
</row>
<row>
<cell align="left" valign="middle">id-dsaWithSHA1 (ISO or OID to above)</cell>
</row>
<row>
<cell align="left" valign="middle">md2WithRSAEncryption</cell>
</row>
<row>
<cell align="left" valign="middle">md5WithRSAEncryption</cell>
</row>
<row>
<cell align="left" valign="middle">sha1WithRSAEncryption</cell>
</row>
<row>
<cell align="left" valign="middle">sha-1WithRSAEncryption (ISO or OID to above)</cell>
</row>
<row>
<cell align="left" valign="middle">sha224WithRSAEncryption</cell>
</row>
<row>
<cell align="left" valign="middle">sha256WithRSAEncryption</cell>
</row>
<row>
<cell align="left" valign="middle">sha512WithRSAEncryption</cell>
</row>
<row>
<cell align="left" valign="middle">ecdsa-with-SHA1</cell>
</row>
<tcaption>Signature Algorithm OIDs </tcaption>
</table>
<p>The data type <c>'AttributeTypeAndValue'</c>, is represented as
the following erlang record:</p>
<code>
#'AttributeTypeAndValue'{
type, % id_attributes()
value % term()
}.</code>
<p>The attribute OID name atoms and their corresponding value types
are as follows:</p>
<table>
<row>
<cell align="left" valign="middle"><em>OID Name</em></cell>
<cell align="left" valign="middle"><em>Value Type</em></cell>
</row>
<row>
<cell align="left" valign="middle">id-at-name</cell>
<cell align="left" valign="middle">special_string()</cell>
</row>
<row>
<cell align="left" valign="middle">id-at-surname</cell>
<cell align="left" valign="middle">special_string()</cell>
</row>
<row>
<cell align="left" valign="middle">id-at-givenName</cell>
<cell align="left" valign="middle">special_string()</cell>
</row>
<row>
<cell align="left" valign="middle">id-at-initials </cell>
<cell align="left" valign="middle">special_string()</cell>
</row>
<row>
<cell align="left" valign="middle">id-at-generationQualifier</cell>
<cell align="left" valign="middle">special_string()</cell>
</row>
<row>
<cell align="left" valign="middle">id-at-commonName</cell>
<cell align="left" valign="middle">special_string()</cell>
</row>
<row>
<cell align="left" valign="middle">id-at-localityName</cell>
<cell align="left" valign="middle">special_string()</cell>
</row>
<row>
<cell align="left" valign="middle">id-at-stateOrProvinceName</cell>
<cell align="left" valign="middle">special_string()</cell>
</row>
<row>
<cell align="left" valign="middle">id-at-organizationName</cell>
<cell align="left" valign="middle">special_string()</cell>
</row>
<row>
<cell align="left" valign="middle">id-at-title</cell>
<cell align="left" valign="middle">special_string()</cell>
</row>
<row>
<cell align="left" valign="middle">id-at-dnQualifier</cell>
<cell align="left" valign="middle">{printableString, string()}</cell>
</row>
<row>
<cell align="left" valign="middle">id-at-countryName</cell>
<cell align="left" valign="middle">{printableString, string()}</cell>
</row>
<row>
<cell align="left" valign="middle">id-at-serialNumber</cell>
<cell align="left" valign="middle">{printableString, string()}</cell>
</row>
<row>
<cell align="left" valign="middle">id-at-pseudonym</cell>
<cell align="left" valign="middle">special_string()</cell>
</row>
<tcaption>Attribute OIDs</tcaption>
</table>
<p>The data types <c>'Validity'</c>, <c>'SubjectPublicKeyInfo'</c>, and
<c>'SubjectPublicKeyInfoAlgorithm'</c> are represented as the following Erlang records:</p>
<code>
#'Validity'{
notBefore, % time()
notAfter % time()
}.
#'SubjectPublicKeyInfo'{
algorithm, % #AlgorithmIdentifier{}
subjectPublicKey % binary()
}.
#'SubjectPublicKeyInfoAlgorithm'{
algorithm, % id_public_key_algorithm()
parameters % public_key_params()
}.</code>
<p>The public-key algorithm OID name atoms are as follows:</p>
<table>
<row>
<cell align="left" valign="middle"><em>OID Name</em></cell>
</row>
<row>
<cell align="left" valign="middle">rsaEncryption</cell>
</row>
<row>
<cell align="left" valign="middle">id-dsa</cell>
</row>
<row>
<cell align="left" valign="middle">dhpublicnumber</cell>
</row>
<row>
<cell align="left" valign="middle">id-keyExchangeAlgorithm</cell>
</row>
<row>
<cell align="left" valign="middle">id-ecPublicKey</cell>
</row>
<tcaption>Public-Key Algorithm OIDs</tcaption>
</table>
<code>
#'Extension'{
extnID, % id_extensions() | oid()
critical, % boolean()
extnValue % der_encoded()
}.</code>
<p><c>id_extensions()</c>
<seealso marker="#StdCertExt">Standard Certificate Extensions</seealso>,
<seealso marker="#PrivIntExt">Private Internet Extensions</seealso>,
<seealso marker="#CRLCertExt">CRL Extensions</seealso> and
<seealso marker="#CRLEntryExt">CRL Entry Extensions</seealso>.
</p>
</section>
<section>
<marker id="StdCertExt"></marker>
<title>Standard Certificate Extensions</title>
<p>The standard certificate extensions OID name atoms and their
corresponding value types are as follows:</p>
<table>
<row>
<cell align="left" valign="middle"><em>OID Name</em></cell>
<cell align="left" valign="middle"><em>Value Type</em></cell>
</row>
<row>
<cell align="left" valign="middle">id-ce-authorityKeyIdentifier</cell>
<cell align="left" valign="middle">#'AuthorityKeyIdentifier'{}</cell>
</row>
<row>
<cell align="left" valign="middle">id-ce-subjectKeyIdentifier</cell>
<cell align="left" valign="middle">oid()</cell>
</row>
<row>
<cell align="left" valign="middle">id-ce-keyUsage</cell>
<cell align="left" valign="middle">[key_usage()]</cell>
</row>
<row>
<cell align="left" valign="middle">id-ce-privateKeyUsagePeriod</cell>
<cell align="left" valign="middle">#'PrivateKeyUsagePeriod'{}</cell>
</row>
<row>
<cell align="left" valign="middle">id-ce-certificatePolicies</cell>
<cell align="left" valign="middle">#'PolicyInformation'{}</cell>
</row>
<row>
<cell align="left" valign="middle">id-ce-policyMappings</cell>
<cell align="left" valign="middle">#'PolicyMappings_SEQOF'{}</cell>
</row>
<row>
<cell align="left" valign="middle">id-ce-subjectAltName</cell>
<cell align="left" valign="middle">general_name()</cell>
</row>
<row>
<cell align="left" valign="middle">id-ce-issuerAltName</cell>
<cell align="left" valign="middle">general_name()</cell>
</row>
<row>
<cell align="left" valign="middle">id-ce-subjectDirectoryAttributes</cell>
<cell align="left" valign="middle"> [#'Attribute'{}]</cell>
</row>
<row>
<cell align="left" valign="middle">id-ce-basicConstraints</cell>
<cell align="left" valign="middle">#'BasicConstraints'{}</cell>
</row>
<row>
<cell align="left" valign="middle">id-ce-nameConstraints</cell>
<cell align="left" valign="middle">#'NameConstraints'{}</cell>
</row>
<row>
<cell align="left" valign="middle">id-ce-policyConstraints</cell>
<cell align="left" valign="middle">#'PolicyConstraints'{}</cell>
</row>
<row>
<cell align="left" valign="middle">id-ce-extKeyUsage</cell>
<cell align="left" valign="middle">[id_key_purpose()]</cell>
</row>
<row>
<cell align="left" valign="middle">id-ce-cRLDistributionPoints</cell>
<cell align="left" valign="middle">[#'DistributionPoint'{}]</cell>
</row>
<row>
<cell align="left" valign="middle">id-ce-inhibitAnyPolicy</cell>
<cell align="left" valign="middle">integer()</cell>
</row>
<row>
<cell align="left" valign="middle">id-ce-freshestCRL</cell>
<cell align="left" valign="middle">[#'DistributionPoint'{}]</cell>
</row>
<tcaption>Standard Certificate Extensions</tcaption>
</table>
<p>Here:</p>
<taglist>
<tag><c>key_usage()</c></tag>
<item>= <p><c>digitalSignature</c></p>
<p><c>| nonRepudiation</c></p>
<p><c>| keyEncipherment</c></p>
<p><c>| dataEncipherment</c></p>
<p><c>| keyAgreement</c></p>
<p><c>| keyCertSign</c></p>
<p><c>| cRLSign</c></p>
<p><c>| encipherOnly</c></p>
<p><c>| decipherOnly </c></p>
</item>
</taglist>
<p>And for <c>id_key_purpose()</c>:</p>
<table>
<row>
<cell align="left" valign="middle"><em>OID Name</em></cell>
</row>
<row>
<cell align="left" valign="middle">id-kp-serverAuth</cell>
</row>
<row>
<cell align="left" valign="middle">id-kp-clientAuth</cell>
</row>
<row>
<cell align="left" valign="middle">id-kp-codeSigning</cell>
</row>
<row>
<cell align="left" valign="middle">id-kp-emailProtection</cell>
</row>
<row>
<cell align="left" valign="middle">id-kp-timeStamping</cell>
</row>
<row>
<cell align="left" valign="middle">id-kp-OCSPSigning</cell>
</row>
<tcaption>Key Purpose OIDs</tcaption>
</table>
<code>
#'AuthorityKeyIdentifier'{
keyIdentifier, % oid()
authorityCertIssuer, % general_name()
authorityCertSerialNumber % integer()
}.
#'PrivateKeyUsagePeriod'{
notBefore, % general_time()
notAfter % general_time()
}.
#'PolicyInformation'{
policyIdentifier, % oid()
policyQualifiers % [#PolicyQualifierInfo{}]
}.
#'PolicyQualifierInfo'{
policyQualifierId, % oid()
qualifier % string() | #'UserNotice'{}
}.
#'UserNotice'{
noticeRef, % #'NoticeReference'{}
explicitText % string()
}.
#'NoticeReference'{
organization, % string()
noticeNumbers % [integer()]
}.
#'PolicyMappings_SEQOF'{
issuerDomainPolicy, % oid()
subjectDomainPolicy % oid()
}.
#'Attribute'{
type, % oid()
values % [der_encoded()]
}).
#'BasicConstraints'{
cA, % boolean()
pathLenConstraint % integer()
}).
#'NameConstraints'{
permittedSubtrees, % [#'GeneralSubtree'{}]
excludedSubtrees % [#'GeneralSubtree'{}]
}).
#'GeneralSubtree'{
base, % general_name()
minimum, % integer()
maximum % integer()
}).
#'PolicyConstraints'{
requireExplicitPolicy, % integer()
inhibitPolicyMapping % integer()
}).
#'DistributionPoint'{
distributionPoint, % {fullName, [general_name()]} | {nameRelativeToCRLIssuer,
[#AttributeTypeAndValue{}]}
reasons, % [dist_reason()]
cRLIssuer % [general_name()]
}).</code>
</section>
<section>
<marker id="PrivIntExt"></marker>
<title>Private Internet Extensions</title>
<p>The private internet extensions OID name atoms and their corresponding value
types are as follows:</p>
<table>
<row>
<cell align="left" valign="middle"><em>OID Name</em></cell>
<cell align="left" valign="middle"><em>Value Type</em></cell>
</row>
<row>
<cell align="left" valign="middle">id-pe-authorityInfoAccess</cell>
<cell align="left" valign="middle">[#'AccessDescription'{}]</cell>
</row>
<row>
<cell align="left" valign="middle">id-pe-subjectInfoAccess</cell>
<cell align="left" valign="middle">[#'AccessDescription'{}]</cell>
</row>
<tcaption>Private Internet Extensions</tcaption>
</table>
<code>
#'AccessDescription'{
accessMethod, % oid()
accessLocation % general_name()
}).</code>
</section>
<section>
<title>CRL and CRL Extensions Profile</title>
<p>Erlang representation of CRL and CRL extensions profile
derived from ASN.1 specifications and RFC 5280 are as follows:</p>
<code>
#'CertificateList'{
tbsCertList, % #'TBSCertList{}
signatureAlgorithm, % #'AlgorithmIdentifier'{}
signature % bitstring()
}).
#'TBSCertList'{
version, % v2 (if defined)
signature, % #AlgorithmIdentifier{}
issuer, % {rdnSequence, [#AttributeTypeAndValue'{}]}
thisUpdate, % time()
nextUpdate, % time()
revokedCertificates, % [#'TBSCertList_revokedCertificates_SEQOF'{}]
crlExtensions % [#'Extension'{}]
}).
#'TBSCertList_revokedCertificates_SEQOF'{
userCertificate, % integer()
revocationDate, % timer()
crlEntryExtensions % [#'Extension'{}]
}).</code>
<section>
<marker id="CRLCertExt"></marker>
<title>CRL Extensions</title>
<p>The CRL extensions OID name atoms and their corresponding value types are as follows:</p>
<table>
<row>
<cell align="left" valign="middle"><em>OID Name</em></cell>
<cell align="left" valign="middle"><em>Value Type</em></cell>
</row>
<row>
<cell align="left" valign="middle">id-ce-authorityKeyIdentifier</cell>
<cell align="left" valign="middle">#'AuthorityKeyIdentifier{}</cell>
</row>
<row>
<cell align="left" valign="middle">id-ce-issuerAltName</cell>
<cell align="left" valign="middle">{rdnSequence, [#AttributeTypeAndValue'{}]}</cell>
</row>
<row>
<cell align="left" valign="middle">id-ce-cRLNumber</cell>
<cell align="left" valign="middle">integer()</cell>
</row>
<row>
<cell align="left" valign="middle">id-ce-deltaCRLIndicator</cell>
<cell align="left" valign="middle">integer()</cell>
</row>
<row>
<cell align="left" valign="middle">id-ce-issuingDistributionPoint</cell>
<cell align="left" valign="middle">#'IssuingDistributionPoint'{}</cell>
</row>
<row>
<cell align="left" valign="middle">id-ce-freshestCRL</cell>
<cell align="left" valign="middle">[#'Distributionpoint'{}]</cell>
</row>
<tcaption>CRL Extensions</tcaption>
</table>
<p>Here, the data type <c>'IssuingDistributionPoint'</c> is represented as
the following Erlang record:</p>
<code>
#'IssuingDistributionPoint'{
distributionPoint, % {fullName, [general_name()]} | {nameRelativeToCRLIssuer,
[#AttributeTypeAndValue'{}]}
onlyContainsUserCerts, % boolean()
onlyContainsCACerts, % boolean()
onlySomeReasons, % [dist_reason()]
indirectCRL, % boolean()
onlyContainsAttributeCerts % boolean()
}).</code>
</section>
<section>
<marker id="CRLEntryExt"></marker>
<title>CRL Entry Extensions</title>
<p>The CRL entry extensions OID name atoms and their corresponding value types are as follows:</p>
<table>
<row>
<cell align="left" valign="middle"><em>OID Name</em></cell>
<cell align="left" valign="middle"><em>Value Type</em></cell>
</row>
<row>
<cell align="left" valign="middle">id-ce-cRLReason</cell>
<cell align="left" valign="middle">crl_reason()</cell>
</row>
<row>
<cell align="left" valign="middle">id-ce-holdInstructionCode</cell>
<cell align="left" valign="middle">oid()</cell>
</row>
<row>
<cell align="left" valign="middle">id-ce-invalidityDate</cell>
<cell align="left" valign="middle">general_time()</cell>
</row>
<row>
<cell align="left" valign="middle">id-ce-certificateIssuer</cell>
<cell align="left" valign="middle">general_name()</cell>
</row>
<tcaption>CRL Entry Extensions</tcaption>
</table>
<p>Here:</p>
<taglist>
<tag><c>crl_reason()</c></tag>
<item>= <p><c>unspecified</c></p>
<p><c>| keyCompromise</c></p>
<p><c>| cACompromise</c></p>
<p><c>| affiliationChanged</c></p>
<p><c>| superseded</c></p>
<p><c>| cessationOfOperation</c></p>
<p><c>| certificateHold</c></p>
<p><c>| removeFromCRL</c></p>
<p><c>| privilegeWithdrawn</c></p>
<p><c>| aACompromise</c></p>
</item>
</taglist>
</section>
<section>
<marker id="PKCS10"></marker>
<title>PKCS#10 Certification Request</title>
<p>Erlang representation of a PKCS#10 certification request
derived from ASN.1 specifications and RFC 5280 are as follows:</p>
<code>
#'CertificationRequest'{
certificationRequestInfo #'CertificationRequestInfo'{},
signatureAlgorithm #'CertificationRequest_signatureAlgorithm'{}}.
signature bitstring()
}
#'CertificationRequestInfo'{
version atom(),
subject {rdnSequence, [#AttributeTypeAndValue'{}]} ,
subjectPKInfo #'CertificationRequestInfo_subjectPKInfo'{},
attributes [#'AttributePKCS-10' {}]
}
#'CertificationRequestInfo_subjectPKInfo'{
algorithm #'CertificationRequestInfo_subjectPKInfo_algorithm'{}
subjectPublicKey bitstring()
}
#'CertificationRequestInfo_subjectPKInfo_algorithm'{
algorithm = oid(),
parameters = der_encoded()
}
#'CertificationRequest_signatureAlgorithm'{
algorithm = oid(),
parameters = der_encoded()
}
#'AttributePKCS-10'{
type = oid(),
values = [der_encoded()]
} </code>
</section>
</section>
</chapter>