From a99b7ff68aa194c260134ab2461af1a14a03e697 Mon Sep 17 00:00:00 2001 From: tmanevik Date: Thu, 23 Apr 2015 15:06:05 +0200 Subject: Editorial changes --- lib/public_key/doc/src/cert_records.xml | 265 +++++++++++++++++++------------- 1 file changed, 159 insertions(+), 106 deletions(-) (limited to 'lib/public_key/doc/src/cert_records.xml') diff --git a/lib/public_key/doc/src/cert_records.xml b/lib/public_key/doc/src/cert_records.xml index 857a39bf40..4d4533fe21 100644 --- a/lib/public_key/doc/src/cert_records.xml +++ b/lib/public_key/doc/src/cert_records.xml @@ -23,7 +23,7 @@ The Initial Developer of the Original Code is Ericsson AB. - Certificate records + Certificate Records Ingela Anderton Andin @@ -34,66 +34,81 @@ cert_records.xml -

This chapter briefly describes erlang records derived from ASN1 - specifications used to handle X509 certificates and CertificationRequest. - The intent is to describe the data types -and not to specify the semantics of each component. For information on the -semantics, please see This section briefly describes Erlang records derived from ASN.1 + specifications used to handle X509 certificates and CertificationRequest. + The scope is to describe the data types of each component, + not the semantics. For information on the semantics, refer to RFC 5280 and PKCS-10.

Use the following include directive to get access to the - records and constant macros (OIDs) described in the following sections.

+ records and constant macros (OIDs) described in the following sections:

-include_lib("public_key/include/public_key.hrl"). -

The used ASN1 specifications are available asn1 subdirectory - of the application public_key. -

+

The used ASN.1 specifications are available in the asn1 subdirectory + of the public_key application.

Common Data Types -

Common non standard erlang - data types used to described the record fields in the - below sections are defined in public key reference manual or - follows here.

- -

time() = uct_time() | general_time()

- -

uct_time() = {utcTime, "YYMMDDHHMMSSZ"}

- -

general_time() = {generalTime, "YYYYMMDDHHMMSSZ"}

- -

- general_name() = {rfc822Name, string()} | {dNSName, string()} - | {x400Address, string()} | {directoryName, - {rdnSequence, [#AttributeTypeAndValue'{}]}} | - | {eidPartyName, special_string()} - | {eidPartyName, special_string(), special_string()} - | {uniformResourceIdentifier, string()} | {ipAddress, string()} | - {registeredId, oid()} | {otherName, term()} -

+

Common non-standard Erlang + data types used to describe the record fields in the + following sections are defined in the public_key Reference Manual, or + follows here:

-

- special_string() = - {teletexString, string()} | {printableString, string()} | - {universalString, string()} | {utf8String, binary()} | - {bmpString, string()} -

- -

- dist_reason() = unused | keyCompromise | cACompromise | - affiliationChanged | superseded | cessationOfOperation | - certificateHold | privilegeWithdrawn | - aACompromise -

+ + time() +

= uct_time() | general_time()

 + + uct_time() +

= {utcTime, "YYMMDDHHMMSSZ"}

 + + general_time() +

= {generalTime, "YYYYMMDDHHMMSSZ"}

 + + general_name() + =

{rfc822Name, string()}

+

| {dNSName, string()}

+

| {x400Address, string()}

+

| {directoryName, {rdnSequence, [#AttributeTypeAndValue'{}]}}

+

| {eidPartyName, special_string()}

+

| {eidPartyName, special_string(), special_string()}

+

| {uniformResourceIdentifier, string()}

+

| {ipAddress, string()}

+

| {registeredId, oid()}

+

| {otherName, term()}

+ + + special_string() + =

{teletexString, string()}

+

| {printableString, string()}

+

| {universalString, string()}

+

| {utf8String, binary()}

+

| {bmpString, string()}

+ + + dist_reason() + =

unused

+

| keyCompromise

+

| cACompromise

+

| affiliationChanged

+

| superseded

+

| cessationOfOperation

+

| certificateHold

+

| privilegeWithdrawn

+

| aACompromise

+ + +
- PKIX Certificates + PKIX Certificates +

Erlang representation of PKIX certificates derived from ASN.1 + specifications and RFC 5280 are as follows:

#'Certificate'{ tbsCertificate, % #'TBSCertificate'{} @@ -117,8 +132,7 @@ semantics, please see + }. #'OTPCertificate'{ @@ -143,20 +157,20 @@ semantics, please see + }. -

id_signature_algorithm() = ?oid_name_as_erlang_atom for available -oid names see table below. Ex: ?'id-dsa-with-sha1'

+

Here, id_signature_algorithm() = ?OID name, for available OID names, for example +?id-dsa-with-sha1. That is, by prepending "?" to the OID name, represented as an Erlang atom.

+

The available OID names are as follows:

- OID name + OID Name id-dsa-with-sha1 - id-dsaWithSHA1 (ISO alt oid to above) + id-dsaWithSHA1 (ISO or OID to above) md2WithRSAEncryption @@ -168,7 +182,7 @@ oid names see table below. Ex: ?'id-dsa-with-sha1'

sha1WithRSAEncryption - sha-1WithRSAEncryption (ISO alt oid to above) + sha-1WithRSAEncryption (ISO or OID to above) sha224WithRSAEncryption @@ -182,21 +196,24 @@ oid names see table below. Ex: ?'id-dsa-with-sha1'

ecdsa-with-SHA1 - Signature algorithm oids + Signature Algorithm OIDs
+

The data type 'AttributeTypeAndValue', is represented as + the following erlang record:

+ #'AttributeTypeAndValue'{ type, % id_attributes() value % term() - }. - + }. -

id_attributes()

+

The attribute OID name atoms and their corresponding value types +are as follows:

- OID name - Value type + OID Name + Value Type id-at-name @@ -254,9 +271,12 @@ oid names see table below. Ex: ?'id-dsa-with-sha1'

id-at-pseudonym special_string() - Attribute oids + Attribute OIDs
+

The data types 'Validity', 'SubjectPublicKeyInfo', and +'SubjectPublicKeyInfoAlgorithm' are represented as the following Erlang records:

+ #'Validity'{ notBefore, % time() @@ -271,13 +291,12 @@ oid names see table below. Ex: ?'id-dsa-with-sha1'

#'SubjectPublicKeyInfoAlgorithm'{ algorithm, % id_public_key_algorithm() parameters % public_key_params() - }. - + }. -

id_public_key_algorithm()

+

The public-key algorithm OID name atoms are as follows:

- OID name + OID Name rsaEncryption @@ -294,7 +313,7 @@ oid names see table below. Ex: ?'id-dsa-with-sha1'

id-ecPublicKey - Public key algorithm oids + Public-Key Algorithm OIDs
@@ -302,8 +321,7 @@ oid names see table below. Ex: ?'id-dsa-with-sha1'

extnID, % id_extensions() | oid() critical, % boolean() extnValue % der_encoded() - }. - + }.

id_extensions() Standard Certificate Extensions, @@ -316,12 +334,15 @@ oid names see table below. Ex: ?'id-dsa-with-sha1'

- Standard certificate extensions - + Standard Certificate Extensions + +

The standard certificate extensions OID name atoms and their + corresponding value types are as follows:

+ - OID name - Value type + OID Name + Value Type id-ce-authorityKeyIdentifier @@ -333,7 +354,7 @@ oid names see table below. Ex: ?'id-dsa-with-sha1'

 id-ce-keyUsage - [key_usage()] + [key_usage()] id-ce-privateKeyUsagePeriod @@ -400,17 +421,26 @@ oid names see table below. Ex: ?'id-dsa-with-sha1'

Standard Certificate Extensions
-

- key_usage() = digitalSignature | nonRepudiation | keyEncipherment| - dataEncipherment | keyAgreement | keyCertSign | cRLSign | encipherOnly | - decipherOnly -

+

Here:

+ + key_usage() + =

digitalSignature

+

| nonRepudiation

+

| keyEncipherment

+

| dataEncipherment

+

| keyAgreement

+

| keyCertSign

+

| cRLSign

+

| encipherOnly

+

| decipherOnly

+ + -

id_key_purpose()

+

And for id_key_purpose():

- OID name + OID Name id-kp-serverAuth @@ -430,7 +460,7 @@ oid names see table below. Ex: ?'id-dsa-with-sha1'

id-kp-OCSPSigning - Key purpose oids + Key Purpose OIDs
@@ -501,8 +531,7 @@ oid names see table below. Ex: ?'id-dsa-with-sha1'

[#AttributeTypeAndValue{}]} reasons, % [dist_reason()] cRLIssuer % [general_name()] - }). - + }).
@@ -510,10 +539,13 @@ oid names see table below. Ex: ?'id-dsa-with-sha1'

Private Internet Extensions +

The private internet extensions OID name atoms and their corresponding value + types are as follows:

+ - OID name - Value type + OID Name + Value Type id-pe-authorityInfoAccess @@ -530,13 +562,15 @@ oid names see table below. Ex: ?'id-dsa-with-sha1'

#'AccessDescription'{ accessMethod, % oid() accessLocation % general_name() - }). - + }).
- CRL and CRL Extensions Profile + CRL and CRL Extensions Profile + +

Erlang representation of CRL and CRL extensions profile + derived from ASN.1 specifications and RFC 5280 are as follows:

#'CertificateList'{ @@ -559,17 +593,19 @@ oid names see table below. Ex: ?'id-dsa-with-sha1'

userCertificate, % integer() revocationDate, % timer() crlEntryExtensions % [#'Extension'{}] - }). - + }).
- CRL Extensions + CRL Extensions + +

The CRL extensions OID name atoms and their corresponding value types are as follows:

+
- OID name - Value type + OID Name + Value Type id-ce-authorityKeyIdentifier @@ -599,6 +635,9 @@ oid names see table below. Ex: ?'id-dsa-with-sha1'

CRL Extensions
+

Here, the data type 'IssuingDistributionPoint' is represented as + the following Erlang record:

+ #'IssuingDistributionPoint'{ distributionPoint, % {fullName, [general_name()]} | {nameRelativeToCRLIssuer, @@ -608,18 +647,19 @@ oid names see table below. Ex: ?'id-dsa-with-sha1'

onlySomeReasons, % [dist_reason()] indirectCRL, % boolean() onlyContainsAttributeCerts % boolean() - }). - + }).
- CRL Entry Extensions + CRL Entry Extensions + +

The CRL entry extensions OID name atoms and their corresponding value types are as follows:

- OID name - Value type + OID Name + Value Type id-ce-cRLReason @@ -639,17 +679,31 @@ oid names see table below. Ex: ?'id-dsa-with-sha1'

CRL Entry Extensions
-

- crl_reason() = unspecified | keyCompromise | cACompromise | - affiliationChanged | superseded | cessationOfOperation | - certificateHold | removeFromCRL | privilegeWithdrawn | - aACompromise -

+ + +

Here:

+ + crl_reason() + =

unspecifiedc>

+

| keyCompromise

+

| cACompromise

+

| affiliationChanged

+

| superseded

+

| cessationOfOperation

+

| certificateHold

+

| removeFromCRL

+

| privilegeWithdrawn

+

| aACompromise

+ + +
PKCS#10 Certification Request +

Erlang representation of a PKCS#10 certification request + derived from ASN.1 specifications and RFC 5280 are as follows:

#'CertificationRequest'{ certificationRequestInfo #'CertificationRequestInfo'{}, @@ -682,8 +736,7 @@ oid names see table below. Ex: ?'id-dsa-with-sha1'

#'AttributePKCS-10'{ type = oid(), values = [der_encoded()] -} - +}
-- cgit v1.2.3