From 0f2d15c95f98e7b271111c9311210a808c624adb Mon Sep 17 00:00:00 2001
From: Ingela Anderton Andin <ingela@erlang.org>
Date: Fri, 8 May 2015 15:57:15 +0200
Subject: public_key, ssl: Align public_key and ssl doc

Make sure that links from ssl to public_key work.

OTP-12670 - Ignoring 1.2 extension in 1.0 or TLS-1.1
solved by 5edda23ee854038c9d4bcddd0d676ee0ffd20da5
is mentioned here to make the release scripts happy,
as the branch solving this accidently had a name ending 1267
instead of 12670
---
 lib/public_key/doc/src/Makefile               |   2 +-
 lib/public_key/doc/src/part.xml               |   2 +-
 lib/public_key/doc/src/public_key_records.xml | 841 ++++++++++++++++++++++++++
 lib/public_key/doc/src/records.xml            | 841 --------------------------
 4 files changed, 843 insertions(+), 843 deletions(-)
 create mode 100644 lib/public_key/doc/src/public_key_records.xml
 delete mode 100644 lib/public_key/doc/src/records.xml

(limited to 'lib/public_key')

diff --git a/lib/public_key/doc/src/Makefile b/lib/public_key/doc/src/Makefile
index 2adc13a5cf..d04819b5aa 100644
--- a/lib/public_key/doc/src/Makefile
+++ b/lib/public_key/doc/src/Makefile
@@ -42,7 +42,7 @@ XML_REF6_FILES =
 XML_PART_FILES = part.xml part_notes.xml
 XML_CHAPTER_FILES = \
 	introduction.xml \
-        records.xml \
+        public_key_records.xml \
 	using_public_key.xml \
 	notes.xml
 
diff --git a/lib/public_key/doc/src/part.xml b/lib/public_key/doc/src/part.xml
index d3cc9303bd..465f311946 100644
--- a/lib/public_key/doc/src/part.xml
+++ b/lib/public_key/doc/src/part.xml
@@ -38,7 +38,7 @@
     PKCS</url> standard.</p>
   </description>
   <xi:include href="introduction.xml"/>
-  <xi:include href="records.xml"/>
+  <xi:include href="public_key_records.xml"/>
   <xi:include href="using_public_key.xml"/>
 </part>
 
diff --git a/lib/public_key/doc/src/public_key_records.xml b/lib/public_key/doc/src/public_key_records.xml
new file mode 100644
index 0000000000..9536167839
--- /dev/null
+++ b/lib/public_key/doc/src/public_key_records.xml
@@ -0,0 +1,841 @@
+<?xml version="1.0" encoding="utf-8" ?>
+<!DOCTYPE chapter SYSTEM "chapter.dtd">
+
+<chapter>
+  <header>
+    <copyright>
+      <year>2008</year>
+      <year>2015</year>
+      <holder>Ericsson AB, All Rights Reserved</holder>
+    </copyright>
+    <legalnotice>
+  The contents of this file are subject to the Erlang Public License,
+  Version 1.1, (the "License"); you may not use this file except in
+  compliance with the License. You should have received a copy of the
+  Erlang Public License along with this software. If not, it can be
+  retrieved online at http://www.erlang.org/.
+
+  Software distributed under the License is distributed on an "AS IS"
+  basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
+  the License for the specific language governing rights and limitations
+  under the License.
+
+  The Initial Developer of the Original Code is Ericsson AB.
+    </legalnotice>
+
+    <title>Public-Key Records</title>
+    <prepared>Ingela Anderton Andin</prepared>
+    <responsible></responsible>
+    <docno></docno>
+    <approved></approved>
+    <checked></checked>
+    <date>2008-02-06</date>
+    <rev>A</rev>
+    <file>public_key_records.xml</file>
+  </header>
+    
+  <p>This chapter briefly describes Erlang records derived from ASN.1
+  specifications used to handle public key infrastructure.
+  The scope is to describe the data types of each component,
+  not the semantics. For information on the
+  semantics, refer to the relevant standards and RFCs linked in the sections below.</p>
+
+  <p>Use the following include directive to get access to the
+  records and constant macros described in the following sections:</p>
+  
+  <code> -include_lib("public_key/include/public_key.hrl"). </code>
+
+ <section>
+    <title>Data Types</title>   
+
+    <p>Common non-standard Erlang
+    data types used to describe the record fields in the
+    following sections and which are not defined in the Public Key <seealso
+    marker="public_key">Reference Manual</seealso>
+    follows here:</p>
+    
+    <taglist>
+      <tag><c>time()</c></tag>
+      <item><p>= <c>uct_time() | general_time()</c></p></item>
+
+      <tag><c>uct_time()</c></tag>
+      <item><p>= <c>{utcTime, "YYMMDDHHMMSSZ"}</c></p></item>
+
+      <tag><c>general_time()</c></tag>
+      <item><p>= <c>{generalTime, "YYYYMMDDHHMMSSZ"}</c></p></item>
+ 
+      <tag><c>general_name()</c></tag>
+      <item>= <p><c>{rfc822Name, string()}</c></p>
+      <p><c>| {dNSName, string()}</c></p>
+      <p><c>| {x400Address, string()}</c></p>
+      <p><c>| {directoryName, {rdnSequence, [#AttributeTypeAndValue'{}]}}</c></p>
+      <p><c>| {eidPartyName, special_string()}</c></p>
+      <p><c>| {eidPartyName, special_string(), special_string()}</c></p>
+      <p><c>| {uniformResourceIdentifier, string()}</c></p>
+      <p><c>| {ipAddress, string()}</c></p>
+      <p><c>| {registeredId, oid()}</c></p>
+      <p><c>| {otherName, term()}</c></p>
+      </item>
+
+      <tag><c>special_string()</c></tag>
+      <item>= <p><c>{teletexString, string()}</c></p>
+      <p><c>| {printableString, string()}</c></p>
+      <p><c>| {universalString, string()}</c></p>
+      <p><c>| {utf8String, binary()}</c></p>
+      <p><c>| {bmpString, string()}</c></p>
+      </item>
+
+      <tag><c>dist_reason()</c></tag>
+      <item>= <p><c>unused</c></p>
+      <p><c>| keyCompromise</c></p>
+      <p><c>| cACompromise</c></p>
+      <p><c>| affiliationChanged</c></p>
+      <p><c>| superseded</c></p>
+      <p><c>| cessationOfOperation</c></p>
+      <p><c>| certificateHold</c></p>
+      <p><c>| privilegeWithdrawn</c></p>
+      <p><c>| aACompromise</c></p>
+      </item>
+
+      <tag><c>OID_macro()</c></tag>
+      <item>= <p><c>?OID_name() </c></p>
+      </item>
+      
+      <tag><c>OID_name()</c></tag>
+      <item>= <p><c>atom()</c></p>
+      </item>
+      
+    </taglist>
+
+  </section>
+  
+  <section>
+    <title>RSA</title>
+    <p>Erlang representation of <url href="http://www.ietf.org/rfc/rfc3447.txt"> 
+    Rivest-Shamir-Adleman cryptosystem (RSA)</url> keys follows:</p>
+    
+    <code>
+#'RSAPublicKey'{
+	  modulus,       % integer()
+	  publicExponent % integer()
+	  }.
+
+#'RSAPrivateKey'{
+          version,         % two-prime | multi
+	  modulus,         % integer()
+	  publicExponent,  % integer()
+	  privateExponent, % integer()
+	  prime1,          % integer() 
+	  prime2,          % integer()
+	  exponent1,       % integer()
+	  exponent2,       % integer()
+	  coefficient,     % integer()
+	  otherPrimeInfos  % [#OtherPrimeInfo{}] | asn1_NOVALUE
+	 }.
+
+#'OtherPrimeInfo'{
+	prime,           % integer()
+	exponent,        % integer()
+	coefficient      % integer()
+ 	 }.	 </code>
+
+  </section>
+
+  <section>
+    <title>DSA</title>
+     <p>Erlang representation of <url href="http://www.ietf.org/rfc/rfc6979.txt">Digigital Signature Algorithm (DSA)</url> keys</p>
+    <code>	 
+#'DSAPrivateKey',{
+	  version,      % integer()
+	  p,            % integer()
+	  q,            % integer()
+	  g,            % integer()
+	  y,            % integer()
+	  x             % integer()
+	  }.
+
+#'Dss-Parms',{
+         p,         % integer()
+	 q,         % integer()
+	 g          % integer()
+	 }. </code>
+	
+  </section>
+
+  <section>
+       <title>ECDSA </title>
+       <p>Erlang representation of  <url href="http://www.ietf.org/rfc/rfc6979.txt">Elliptic Curve Digital Signature Algorithm (ECDSA)</url> keys follows:</p> 
+    
+    <code>	 
+#'ECPrivateKey'{
+          version,       % integer()
+	  privateKey,    % binary()  
+	  parameters,    % der_encoded() - {'EcpkParameters', #'ECParameters'{}} |
+	                                   {'EcpkParameters', {namedCurve, oid()}} |
+	                                   {'EcpkParameters', 'NULL'} % Inherited by CA
+	  publicKey      % bitstring()
+	  }.
+	  
+#'ECParameters'{
+      version,    % integer()
+      fieldID,    % #'FieldID'{}
+      curve,      % #'Curve'{}
+      base,       % binary()       
+      order,      % integer()        
+      cofactor    % integer()
+      }.
+      
+#'Curve'{
+	a,        % binary()
+	b,        % binary() 
+	seed      % bitstring() - optional
+
+	}.
+
+#'FieldID'{
+	fieldType,    % oid()
+	parameters    % Depending on fieldType
+	}.
+
+#'ECPoint'{
+      point %  binary() - the public key
+      }.</code>
+  </section>
+
+  <section>
+    <title>PKIX Certificates</title>   
+    <p>Erlang representation of PKIX certificates derived from ASN.1 
+    specifications see also <url href="http://www.ietf.org/rfc/rfc5280.txt">X509 certificates (RFC 5280)</url>, also referred to as <c>plain</c> type,  are as follows:</p>
+<code>
+#'Certificate'{
+		tbsCertificate,        % #'TBSCertificate'{}
+		signatureAlgorithm,    % #'AlgorithmIdentifier'{} 
+		signature              % bitstring()
+	       }.
+
+#'TBSCertificate'{
+	  version,              % v1 | v2 | v3 
+	  serialNumber,         % integer() 
+	  signature,            % #'AlgorithmIdentifier'{} 
+	  issuer,               % {rdnSequence, [#AttributeTypeAndValue'{}]} 
+	  validity,             % #'Validity'{}
+	  subject,              % {rdnSequence, [#AttributeTypeAndValue'{}]} 
+	  subjectPublicKeyInfo, % #'SubjectPublicKeyInfo'{}
+	  issuerUniqueID,       % binary() | asn1_novalue
+	  subjectUniqueID,      % binary() | asn1_novalue
+	  extensions            % [#'Extension'{}] 
+	 }.
+	  
+#'AlgorithmIdentifier'{
+	  algorithm,  % oid() 
+	  parameters  % der_encoded()
+	 }.</code>
+
+<p>Erlang alternate representation of PKIX certificate, also referred to as <c>otp</c> type</p>
+	 
+<code>
+#'OTPCertificate'{
+		tbsCertificate,        % #'OTPTBSCertificate'{}
+		signatureAlgorithm,    % #'SignatureAlgorithm'
+		signature              % bitstring()
+	       }.
+
+#'OTPTBSCertificate'{
+	  version,              % v1 | v2 | v3 
+	  serialNumber,         % integer() 
+	  signature,            % #'SignatureAlgorithm'
+	  issuer,               % {rdnSequence, [#AttributeTypeAndValue'{}]} 
+	  validity,             % #'Validity'{}
+	  subject,              % {rdnSequence, [#AttributeTypeAndValue'{}]} 
+	  subjectPublicKeyInfo, % #'OTPSubjectPublicKeyInfo'{}
+	  issuerUniqueID,       % binary() | asn1_novalue
+	  subjectUniqueID,      % binary() | asn1_novalue
+	  extensions            % [#'Extension'{}] 
+	 }.
+	  
+#'SignatureAlgorithm'{
+	  algorithm,  % id_signature_algorithm()
+	  parameters  % asn1_novalue | #'Dss-Parms'{}
+	 }.</code>
+
+<p><c>id_signature_algorithm() = OID_macro()</c></p>
+
+<p>The available OID names are as follows:</p>
+<table>
+  <row>
+    <cell align="left" valign="middle"><em>OID Name</em></cell>
+  </row>
+  <row>
+    <cell align="left" valign="middle">id-dsa-with-sha1</cell>
+      </row>
+      <row>
+	<cell align="left" valign="middle">id-dsaWithSHA1 (ISO or OID to above)</cell>
+      </row>
+       <row>
+	<cell align="left" valign="middle">md2WithRSAEncryption</cell>
+      </row>
+      <row>
+	<cell align="left" valign="middle">md5WithRSAEncryption</cell>
+      </row>
+      <row>
+	<cell align="left" valign="middle">sha1WithRSAEncryption</cell>
+      </row>
+      <row>
+	<cell align="left" valign="middle">sha-1WithRSAEncryption (ISO or OID to above)</cell>
+      </row>
+      <row>
+	<cell align="left" valign="middle">sha224WithRSAEncryption</cell>
+      </row>
+       <row>
+	<cell align="left" valign="middle">sha256WithRSAEncryption</cell>
+      </row>
+     <row>
+	<cell align="left" valign="middle">sha512WithRSAEncryption</cell>
+      </row>
+        <row>
+	  <cell align="left" valign="middle">ecdsa-with-SHA1</cell>
+     </row>
+      <tcaption>Signature Algorithm OIDs </tcaption>
+</table>
+    
+<p>The data type <c>'AttributeTypeAndValue'</c>, is represented as
+ the following erlang record:</p>
+
+<code>
+#'AttributeTypeAndValue'{
+	  type,   % id_attributes()
+	  value   % term() 
+	 }.</code>
+
+<p>The attribute OID name atoms and their corresponding value types
+are as follows:</p>
+<table>
+  <row>
+    <cell align="left" valign="middle"><em>OID Name</em></cell>
+    <cell align="left" valign="middle"><em>Value Type</em></cell>
+  </row>
+  <row>
+    <cell align="left" valign="middle">id-at-name</cell>
+    <cell align="left" valign="middle">special_string()</cell>
+  </row>      
+  <row>
+    <cell align="left" valign="middle">id-at-surname</cell>
+    <cell align="left" valign="middle">special_string()</cell>
+  </row>
+  <row>
+    <cell align="left" valign="middle">id-at-givenName</cell>
+    <cell align="left" valign="middle">special_string()</cell>
+  </row>
+  <row>
+    <cell align="left" valign="middle">id-at-initials </cell>
+    <cell align="left" valign="middle">special_string()</cell>
+  </row>
+  <row>
+    <cell align="left" valign="middle">id-at-generationQualifier</cell>
+    <cell align="left" valign="middle">special_string()</cell>
+  </row>
+  <row>
+    <cell align="left" valign="middle">id-at-commonName</cell>
+    <cell align="left" valign="middle">special_string()</cell>
+  </row>   
+  <row>
+    <cell align="left" valign="middle">id-at-localityName</cell>
+    <cell align="left" valign="middle">special_string()</cell>
+  </row>
+  <row>
+    <cell align="left" valign="middle">id-at-stateOrProvinceName</cell>
+    <cell align="left" valign="middle">special_string()</cell>
+  </row>
+  <row>
+    <cell align="left" valign="middle">id-at-organizationName</cell>
+    <cell align="left" valign="middle">special_string()</cell>
+  </row>
+  <row>
+    <cell align="left" valign="middle">id-at-title</cell>
+    <cell align="left" valign="middle">special_string()</cell>
+  </row>
+  <row>
+    <cell align="left" valign="middle">id-at-dnQualifier</cell>
+    <cell align="left" valign="middle">{printableString, string()}</cell>
+  </row>
+  <row>
+    <cell align="left" valign="middle">id-at-countryName</cell>
+    <cell align="left" valign="middle">{printableString, string()}</cell>
+  </row>
+  <row>
+    <cell align="left" valign="middle">id-at-serialNumber</cell>
+    <cell align="left" valign="middle">{printableString, string()}</cell>
+  </row>      
+  <row>
+    <cell align="left" valign="middle">id-at-pseudonym</cell>
+    <cell align="left" valign="middle">special_string()</cell>
+  </row>
+  <tcaption>Attribute OIDs</tcaption>
+</table>
+    
+<p>The data types <c>'Validity'</c>, <c>'SubjectPublicKeyInfo'</c>, and 
+<c>'SubjectPublicKeyInfoAlgorithm'</c> are represented as the following Erlang records:</p>
+
+<code>
+#'Validity'{ 
+	  notBefore, % time()
+	  notAfter   % time()
+	 }.
+	 
+#'SubjectPublicKeyInfo'{
+	  algorithm,       % #AlgorithmIdentifier{} 
+	  subjectPublicKey % binary() 
+	 }.
+
+#'SubjectPublicKeyInfoAlgorithm'{
+	  algorithm,  % id_public_key_algorithm()
+	  parameters  % public_key_params()
+	 }.</code>
+
+<p>The public-key algorithm OID name atoms are as follows:</p>
+<table>
+  <row>
+    <cell align="left" valign="middle"><em>OID Name</em></cell>
+  </row>
+  <row>
+    <cell align="left" valign="middle">rsaEncryption</cell>
+      </row>
+      <row>
+	<cell align="left" valign="middle">id-dsa</cell>
+      </row>
+      <row>
+	<cell align="left" valign="middle">dhpublicnumber</cell>
+      </row>
+      <row>
+	<cell align="left" valign="middle">id-keyExchangeAlgorithm</cell>
+      </row>
+      <row>
+	<cell align="left" valign="middle">id-ecPublicKey</cell>
+      </row>
+      <tcaption>Public-Key Algorithm OIDs</tcaption>
+</table>
+    
+<code>
+#'Extension'{
+	  extnID,    % id_extensions() | oid() 
+	  critical,  % boolean()
+	  extnValue  % der_encoded()
+	 }.</code>
+
+<p><c>id_extensions()</c>  
+  <seealso marker="#StdCertExt">Standard Certificate Extensions</seealso>, 
+  <seealso marker="#PrivIntExt">Private Internet Extensions</seealso>,  
+  <seealso marker="#CRLCertExt">CRL Extensions</seealso> and 
+  <seealso marker="#CRLEntryExt">CRL Entry Extensions</seealso>.
+</p>
+    
+</section>
+  
+<section>
+  <marker id="StdCertExt"></marker>
+  <title>Standard Certificate Extensions</title>
+    
+  <p>The standard certificate extensions OID name atoms and their 
+  corresponding value types are as follows:</p>
+
+  <table>
+      <row>
+	<cell align="left" valign="middle"><em>OID Name</em></cell>
+	<cell align="left" valign="middle"><em>Value Type</em></cell>
+      </row>
+      <row>
+	<cell align="left" valign="middle">id-ce-authorityKeyIdentifier</cell>
+	<cell align="left" valign="middle">#'AuthorityKeyIdentifier'{}</cell>
+      </row>
+      <row>
+	<cell align="left" valign="middle">id-ce-subjectKeyIdentifier</cell>
+	<cell align="left" valign="middle">oid()</cell>
+      </row>
+      <row>
+	<cell align="left" valign="middle">id-ce-keyUsage</cell>
+	<cell align="left" valign="middle">[key_usage()]</cell>
+      </row>
+      <row>
+	<cell align="left" valign="middle">id-ce-privateKeyUsagePeriod</cell>
+	<cell align="left" valign="middle">#'PrivateKeyUsagePeriod'{}</cell>
+      </row>
+      <row>
+	<cell align="left" valign="middle">id-ce-certificatePolicies</cell>
+	<cell align="left" valign="middle">#'PolicyInformation'{}</cell>
+      </row>
+      
+      <row>
+	<cell align="left" valign="middle">id-ce-policyMappings</cell>
+	<cell align="left" valign="middle">#'PolicyMappings_SEQOF'{}</cell>
+      </row>
+      
+      <row>
+	<cell align="left" valign="middle">id-ce-subjectAltName</cell>
+	<cell align="left" valign="middle">general_name()</cell>
+      </row>
+
+      <row>
+	<cell align="left" valign="middle">id-ce-issuerAltName</cell>
+	<cell align="left" valign="middle">general_name()</cell>
+      </row>
+      
+      <row>
+	<cell align="left" valign="middle">id-ce-subjectDirectoryAttributes</cell>
+	<cell align="left" valign="middle"> [#'Attribute'{}]</cell>
+      </row>
+
+      <row>
+          <cell align="left" valign="middle">id-ce-basicConstraints</cell>
+	  <cell align="left" valign="middle">#'BasicConstraints'{}</cell>
+      </row>
+      <row>
+	<cell align="left" valign="middle">id-ce-nameConstraints</cell>
+	<cell align="left" valign="middle">#'NameConstraints'{}</cell>
+      </row>
+      <row>
+	<cell align="left" valign="middle">id-ce-policyConstraints</cell>
+	<cell align="left" valign="middle">#'PolicyConstraints'{}</cell>
+      </row>
+      <row>
+	<cell align="left" valign="middle">id-ce-extKeyUsage</cell>
+	<cell align="left" valign="middle">[id_key_purpose()]</cell>
+      </row>
+      
+      <row>
+	<cell align="left" valign="middle">id-ce-cRLDistributionPoints</cell>
+	<cell align="left" valign="middle">[#'DistributionPoint'{}]</cell>
+      </row>
+      
+      <row>
+	<cell align="left" valign="middle">id-ce-inhibitAnyPolicy</cell>
+	<cell align="left" valign="middle">integer()</cell>
+      </row>
+      
+      <row>
+	<cell align="left" valign="middle">id-ce-freshestCRL</cell>
+	<cell align="left" valign="middle">[#'DistributionPoint'{}]</cell>
+      </row>
+      
+      
+      <tcaption>Standard Certificate Extensions</tcaption>
+    </table>
+
+    <p>Here:</p>
+    <taglist>
+      <tag><c>key_usage()</c></tag>
+      <item>= <p><c>digitalSignature</c></p>
+      <p><c>| nonRepudiation</c></p>
+      <p><c>| keyEncipherment</c></p>
+      <p><c>| dataEncipherment</c></p>
+      <p><c>| keyAgreement</c></p>
+      <p><c>| keyCertSign</c></p>
+      <p><c>| cRLSign</c></p>
+      <p><c>| encipherOnly</c></p>
+      <p><c>| decipherOnly </c></p>
+      </item>
+    </taglist>
+   
+    <p>And for <c>id_key_purpose()</c>:</p>
+    
+<table>
+  <row>
+    <cell align="left" valign="middle"><em>OID Name</em></cell>
+  </row>
+  <row>
+    <cell align="left" valign="middle">id-kp-serverAuth</cell>
+      </row>
+      <row>
+	<cell align="left" valign="middle">id-kp-clientAuth</cell>
+      </row>
+      <row>
+	<cell align="left" valign="middle">id-kp-codeSigning</cell>
+      </row>
+      <row>
+	<cell align="left" valign="middle">id-kp-emailProtection</cell>
+      </row>
+       <row>
+	<cell align="left" valign="middle">id-kp-timeStamping</cell>
+      </row>
+       <row>
+	<cell align="left" valign="middle">id-kp-OCSPSigning</cell>
+      </row>
+      <tcaption>Key Purpose OIDs</tcaption>
+</table>
+    
+    <code>
+#'AuthorityKeyIdentifier'{
+	  keyIdentifier,	    % oid()
+	  authorityCertIssuer,      % general_name()
+	  authorityCertSerialNumber % integer() 
+	 }.
+
+#'PrivateKeyUsagePeriod'{
+	  notBefore,   % general_time()
+	  notAfter     % general_time()
+	 }.
+
+#'PolicyInformation'{
+	  policyIdentifier,  % oid()
+	  policyQualifiers   % [#PolicyQualifierInfo{}]
+	 }.
+
+#'PolicyQualifierInfo'{
+	  policyQualifierId,   % oid()
+	  qualifier            % string() | #'UserNotice'{}
+	 }.
+
+#'UserNotice'{
+         noticeRef,   % #'NoticeReference'{}
+	 explicitText % string()
+	 }.
+
+#'NoticeReference'{
+         organization,    % string()
+	 noticeNumbers    % [integer()]
+	 }.
+
+#'PolicyMappings_SEQOF'{
+	  issuerDomainPolicy,  % oid()
+	  subjectDomainPolicy  % oid()
+	 }.
+
+#'Attribute'{
+          type,  % oid()
+	  values % [der_encoded()]
+	  }).
+
+#'BasicConstraints'{
+	  cA,		    % boolean()
+	  pathLenConstraint % integer()
+	 }).
+
+#'NameConstraints'{
+	  permittedSubtrees, % [#'GeneralSubtree'{}]
+	  excludedSubtrees   % [#'GeneralSubtree'{}]
+	 }).
+
+#'GeneralSubtree'{
+	  base,    % general_name()
+	  minimum, % integer()
+	  maximum  % integer()
+	 }).
+
+#'PolicyConstraints'{
+	  requireExplicitPolicy, % integer()
+	  inhibitPolicyMapping   % integer()
+	 }).
+
+#'DistributionPoint'{
+	  distributionPoint, % {fullName, [general_name()]} | {nameRelativeToCRLIssuer,
+	  [#AttributeTypeAndValue{}]}
+	  reasons,           % [dist_reason()]
+	  cRLIssuer          % [general_name()]
+	 }).</code>
+
+</section>
+
+ <section>
+   <marker id="PrivIntExt"></marker>
+   <title>Private Internet Extensions</title>   
+
+   <p>The private internet extensions OID name atoms and their corresponding value 
+   types are as follows:</p>
+
+   <table>
+        <row>
+          <cell align="left" valign="middle"><em>OID Name</em></cell>
+          <cell align="left" valign="middle"><em>Value Type</em></cell>
+        </row>
+        <row>
+          <cell align="left" valign="middle">id-pe-authorityInfoAccess</cell>
+          <cell align="left" valign="middle">[#'AccessDescription'{}]</cell>
+        </row>
+	<row>
+          <cell align="left" valign="middle">id-pe-subjectInfoAccess</cell>
+          <cell align="left" valign="middle">[#'AccessDescription'{}]</cell>
+        </row>
+        <tcaption>Private Internet Extensions</tcaption>
+      </table>   
+ 
+<code>
+#'AccessDescription'{
+           accessMethod,    % oid()
+	   accessLocation   % general_name()
+	 }).</code>
+
+ </section>
+ 
+<section>
+    <title>CRL and CRL Extensions Profile</title>
+
+    <p>Erlang representation of CRL and CRL extensions profile 
+    derived from ASN.1 specifications and RFC 5280 are as follows:</p>
+
+ <code>
+#'CertificateList'{
+          tbsCertList,        % #'TBSCertList{}
+          signatureAlgorithm, % #'AlgorithmIdentifier'{} 
+          signature           % bitstring()
+	  }).
+
+#'TBSCertList'{
+      version,             % v2 (if defined)
+      signature,           % #AlgorithmIdentifier{}
+      issuer,              % {rdnSequence, [#AttributeTypeAndValue'{}]} 
+      thisUpdate,          % time()
+      nextUpdate,          % time() 
+      revokedCertificates, % [#'TBSCertList_revokedCertificates_SEQOF'{}]
+      crlExtensions        % [#'Extension'{}]
+      }).
+
+#'TBSCertList_revokedCertificates_SEQOF'{
+         userCertificate,      % integer()
+ 	 revocationDate,       % timer()
+	 crlEntryExtensions    % [#'Extension'{}]
+	 }).</code>
+ 
+ <section>
+   <marker id="CRLCertExt"></marker>
+   <title>CRL Extensions</title>
+
+   <p>The CRL extensions OID name atoms and their corresponding value types are as follows:</p>
+   
+   
+        <table>
+        <row>
+          <cell align="left" valign="middle"><em>OID Name</em></cell>
+          <cell align="left" valign="middle"><em>Value Type</em></cell>
+        </row>
+        <row>
+          <cell align="left" valign="middle">id-ce-authorityKeyIdentifier</cell>
+          <cell align="left" valign="middle">#'AuthorityKeyIdentifier{}</cell>
+        </row>
+        <row>
+          <cell align="left" valign="middle">id-ce-issuerAltName</cell>
+          <cell align="left" valign="middle">{rdnSequence, [#AttributeTypeAndValue'{}]}</cell>
+           </row>
+	    <row>
+          <cell align="left" valign="middle">id-ce-cRLNumber</cell>
+          <cell align="left" valign="middle">integer()</cell>
+           </row>
+	    <row>
+          <cell align="left" valign="middle">id-ce-deltaCRLIndicator</cell>
+          <cell align="left" valign="middle">integer()</cell>
+           </row>
+	    <row>
+          <cell align="left" valign="middle">id-ce-issuingDistributionPoint</cell>
+          <cell align="left" valign="middle">#'IssuingDistributionPoint'{}</cell>
+           </row>
+	   <row>
+          <cell align="left" valign="middle">id-ce-freshestCRL</cell>
+          <cell align="left" valign="middle">[#'Distributionpoint'{}]</cell>
+           </row>
+	   
+        <tcaption>CRL Extensions</tcaption>
+      </table>
+      
+      <p>Here, the data type <c>'IssuingDistributionPoint'</c> is represented as 
+      the following Erlang record:</p>
+
+      <code>
+#'IssuingDistributionPoint'{
+          distributionPoint,         % {fullName, [general_name()]} | {nameRelativeToCRLIssuer,
+	  [#AttributeTypeAndValue'{}]}
+	  onlyContainsUserCerts,     % boolean()
+	  onlyContainsCACerts,       % boolean()
+	  onlySomeReasons,           % [dist_reason()]
+	  indirectCRL,               % boolean()
+	  onlyContainsAttributeCerts % boolean()
+	  }).</code> 
+ </section>
+ 
+ <section>
+   <marker id="CRLEntryExt"></marker>
+   <title>CRL Entry Extensions</title>
+
+   <p>The CRL entry extensions OID name atoms and their corresponding value types are as follows:</p>
+
+       <table>
+        <row>
+          <cell align="left" valign="middle"><em>OID Name</em></cell>
+          <cell align="left" valign="middle"><em>Value Type</em></cell>
+        </row>
+        <row>
+          <cell align="left" valign="middle">id-ce-cRLReason</cell>
+          <cell align="left" valign="middle">crl_reason()</cell>
+        </row>
+        <row>
+          <cell align="left" valign="middle">id-ce-holdInstructionCode</cell>
+          <cell align="left" valign="middle">oid()</cell>
+           </row>
+	    <row>
+          <cell align="left" valign="middle">id-ce-invalidityDate</cell>
+          <cell align="left" valign="middle">general_time()</cell>
+           </row>
+	    <row>
+          <cell align="left" valign="middle">id-ce-certificateIssuer</cell>
+          <cell align="left" valign="middle">general_name()</cell>
+           </row>
+	   <tcaption>CRL Entry Extensions</tcaption>
+       </table>
+
+
+       <p>Here:</p>
+       <taglist>
+      <tag><c>crl_reason()</c></tag>
+      <item>= <p><c>unspecified</c></p>
+      <p><c>| keyCompromise</c></p>
+      <p><c>| cACompromise</c></p>
+      <p><c>| affiliationChanged</c></p>
+      <p><c>| superseded</c></p>
+      <p><c>| cessationOfOperation</c></p>
+      <p><c>| certificateHold</c></p>
+      <p><c>| removeFromCRL</c></p>
+      <p><c>| privilegeWithdrawn</c></p>
+      <p><c>| aACompromise</c></p>
+      </item>
+       </taglist>
+
+ </section>
+
+ <section>
+   <marker id="PKCS10"></marker>
+   <title>PKCS#10 Certification Request</title>
+   <p>Erlang representation of a PKCS#10 certification request 
+   derived from ASN.1 specifications and RFC 5280 are as follows:</p>
+   <code>
+#'CertificationRequest'{
+          certificationRequestInfo #'CertificationRequestInfo'{},
+	  signatureAlgorithm	   #'CertificationRequest_signatureAlgorithm'{}}.
+	  signature                bitstring()
+	  }
+
+#'CertificationRequestInfo'{
+	  version       atom(),
+	  subject       {rdnSequence, [#AttributeTypeAndValue'{}]} ,
+	  subjectPKInfo #'CertificationRequestInfo_subjectPKInfo'{},
+	  attributes    [#'AttributePKCS-10' {}]
+	  }
+
+#'CertificationRequestInfo_subjectPKInfo'{
+          algorithm		#'CertificationRequestInfo_subjectPKInfo_algorithm'{}
+	  subjectPublicKey 	  bitstring()
+	  }
+
+#'CertificationRequestInfo_subjectPKInfo_algorithm'{
+     algorithm = oid(),
+     parameters = der_encoded()
+}	  
+
+#'CertificationRequest_signatureAlgorithm'{
+     algorithm = oid(),
+     parameters = der_encoded()
+     }
+
+#'AttributePKCS-10'{
+    type = oid(),
+    values = [der_encoded()]
+}  </code> 
+ </section>
+</section>
+</chapter>
diff --git a/lib/public_key/doc/src/records.xml b/lib/public_key/doc/src/records.xml
deleted file mode 100644
index 9536167839..0000000000
--- a/lib/public_key/doc/src/records.xml
+++ /dev/null
@@ -1,841 +0,0 @@
-<?xml version="1.0" encoding="utf-8" ?>
-<!DOCTYPE chapter SYSTEM "chapter.dtd">
-
-<chapter>
-  <header>
-    <copyright>
-      <year>2008</year>
-      <year>2015</year>
-      <holder>Ericsson AB, All Rights Reserved</holder>
-    </copyright>
-    <legalnotice>
-  The contents of this file are subject to the Erlang Public License,
-  Version 1.1, (the "License"); you may not use this file except in
-  compliance with the License. You should have received a copy of the
-  Erlang Public License along with this software. If not, it can be
-  retrieved online at http://www.erlang.org/.
-
-  Software distributed under the License is distributed on an "AS IS"
-  basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
-  the License for the specific language governing rights and limitations
-  under the License.
-
-  The Initial Developer of the Original Code is Ericsson AB.
-    </legalnotice>
-
-    <title>Public-Key Records</title>
-    <prepared>Ingela Anderton Andin</prepared>
-    <responsible></responsible>
-    <docno></docno>
-    <approved></approved>
-    <checked></checked>
-    <date>2008-02-06</date>
-    <rev>A</rev>
-    <file>public_key_records.xml</file>
-  </header>
-    
-  <p>This chapter briefly describes Erlang records derived from ASN.1
-  specifications used to handle public key infrastructure.
-  The scope is to describe the data types of each component,
-  not the semantics. For information on the
-  semantics, refer to the relevant standards and RFCs linked in the sections below.</p>
-
-  <p>Use the following include directive to get access to the
-  records and constant macros described in the following sections:</p>
-  
-  <code> -include_lib("public_key/include/public_key.hrl"). </code>
-
- <section>
-    <title>Data Types</title>   
-
-    <p>Common non-standard Erlang
-    data types used to describe the record fields in the
-    following sections and which are not defined in the Public Key <seealso
-    marker="public_key">Reference Manual</seealso>
-    follows here:</p>
-    
-    <taglist>
-      <tag><c>time()</c></tag>
-      <item><p>= <c>uct_time() | general_time()</c></p></item>
-
-      <tag><c>uct_time()</c></tag>
-      <item><p>= <c>{utcTime, "YYMMDDHHMMSSZ"}</c></p></item>
-
-      <tag><c>general_time()</c></tag>
-      <item><p>= <c>{generalTime, "YYYYMMDDHHMMSSZ"}</c></p></item>
- 
-      <tag><c>general_name()</c></tag>
-      <item>= <p><c>{rfc822Name, string()}</c></p>
-      <p><c>| {dNSName, string()}</c></p>
-      <p><c>| {x400Address, string()}</c></p>
-      <p><c>| {directoryName, {rdnSequence, [#AttributeTypeAndValue'{}]}}</c></p>
-      <p><c>| {eidPartyName, special_string()}</c></p>
-      <p><c>| {eidPartyName, special_string(), special_string()}</c></p>
-      <p><c>| {uniformResourceIdentifier, string()}</c></p>
-      <p><c>| {ipAddress, string()}</c></p>
-      <p><c>| {registeredId, oid()}</c></p>
-      <p><c>| {otherName, term()}</c></p>
-      </item>
-
-      <tag><c>special_string()</c></tag>
-      <item>= <p><c>{teletexString, string()}</c></p>
-      <p><c>| {printableString, string()}</c></p>
-      <p><c>| {universalString, string()}</c></p>
-      <p><c>| {utf8String, binary()}</c></p>
-      <p><c>| {bmpString, string()}</c></p>
-      </item>
-
-      <tag><c>dist_reason()</c></tag>
-      <item>= <p><c>unused</c></p>
-      <p><c>| keyCompromise</c></p>
-      <p><c>| cACompromise</c></p>
-      <p><c>| affiliationChanged</c></p>
-      <p><c>| superseded</c></p>
-      <p><c>| cessationOfOperation</c></p>
-      <p><c>| certificateHold</c></p>
-      <p><c>| privilegeWithdrawn</c></p>
-      <p><c>| aACompromise</c></p>
-      </item>
-
-      <tag><c>OID_macro()</c></tag>
-      <item>= <p><c>?OID_name() </c></p>
-      </item>
-      
-      <tag><c>OID_name()</c></tag>
-      <item>= <p><c>atom()</c></p>
-      </item>
-      
-    </taglist>
-
-  </section>
-  
-  <section>
-    <title>RSA</title>
-    <p>Erlang representation of <url href="http://www.ietf.org/rfc/rfc3447.txt"> 
-    Rivest-Shamir-Adleman cryptosystem (RSA)</url> keys follows:</p>
-    
-    <code>
-#'RSAPublicKey'{
-	  modulus,       % integer()
-	  publicExponent % integer()
-	  }.
-
-#'RSAPrivateKey'{
-          version,         % two-prime | multi
-	  modulus,         % integer()
-	  publicExponent,  % integer()
-	  privateExponent, % integer()
-	  prime1,          % integer() 
-	  prime2,          % integer()
-	  exponent1,       % integer()
-	  exponent2,       % integer()
-	  coefficient,     % integer()
-	  otherPrimeInfos  % [#OtherPrimeInfo{}] | asn1_NOVALUE
-	 }.
-
-#'OtherPrimeInfo'{
-	prime,           % integer()
-	exponent,        % integer()
-	coefficient      % integer()
- 	 }.	 </code>
-
-  </section>
-
-  <section>
-    <title>DSA</title>
-     <p>Erlang representation of <url href="http://www.ietf.org/rfc/rfc6979.txt">Digigital Signature Algorithm (DSA)</url> keys</p>
-    <code>	 
-#'DSAPrivateKey',{
-	  version,      % integer()
-	  p,            % integer()
-	  q,            % integer()
-	  g,            % integer()
-	  y,            % integer()
-	  x             % integer()
-	  }.
-
-#'Dss-Parms',{
-         p,         % integer()
-	 q,         % integer()
-	 g          % integer()
-	 }. </code>
-	
-  </section>
-
-  <section>
-       <title>ECDSA </title>
-       <p>Erlang representation of  <url href="http://www.ietf.org/rfc/rfc6979.txt">Elliptic Curve Digital Signature Algorithm (ECDSA)</url> keys follows:</p> 
-    
-    <code>	 
-#'ECPrivateKey'{
-          version,       % integer()
-	  privateKey,    % binary()  
-	  parameters,    % der_encoded() - {'EcpkParameters', #'ECParameters'{}} |
-	                                   {'EcpkParameters', {namedCurve, oid()}} |
-	                                   {'EcpkParameters', 'NULL'} % Inherited by CA
-	  publicKey      % bitstring()
-	  }.
-	  
-#'ECParameters'{
-      version,    % integer()
-      fieldID,    % #'FieldID'{}
-      curve,      % #'Curve'{}
-      base,       % binary()       
-      order,      % integer()        
-      cofactor    % integer()
-      }.
-      
-#'Curve'{
-	a,        % binary()
-	b,        % binary() 
-	seed      % bitstring() - optional
-
-	}.
-
-#'FieldID'{
-	fieldType,    % oid()
-	parameters    % Depending on fieldType
-	}.
-
-#'ECPoint'{
-      point %  binary() - the public key
-      }.</code>
-  </section>
-
-  <section>
-    <title>PKIX Certificates</title>   
-    <p>Erlang representation of PKIX certificates derived from ASN.1 
-    specifications see also <url href="http://www.ietf.org/rfc/rfc5280.txt">X509 certificates (RFC 5280)</url>, also referred to as <c>plain</c> type,  are as follows:</p>
-<code>
-#'Certificate'{
-		tbsCertificate,        % #'TBSCertificate'{}
-		signatureAlgorithm,    % #'AlgorithmIdentifier'{} 
-		signature              % bitstring()
-	       }.
-
-#'TBSCertificate'{
-	  version,              % v1 | v2 | v3 
-	  serialNumber,         % integer() 
-	  signature,            % #'AlgorithmIdentifier'{} 
-	  issuer,               % {rdnSequence, [#AttributeTypeAndValue'{}]} 
-	  validity,             % #'Validity'{}
-	  subject,              % {rdnSequence, [#AttributeTypeAndValue'{}]} 
-	  subjectPublicKeyInfo, % #'SubjectPublicKeyInfo'{}
-	  issuerUniqueID,       % binary() | asn1_novalue
-	  subjectUniqueID,      % binary() | asn1_novalue
-	  extensions            % [#'Extension'{}] 
-	 }.
-	  
-#'AlgorithmIdentifier'{
-	  algorithm,  % oid() 
-	  parameters  % der_encoded()
-	 }.</code>
-
-<p>Erlang alternate representation of PKIX certificate, also referred to as <c>otp</c> type</p>
-	 
-<code>
-#'OTPCertificate'{
-		tbsCertificate,        % #'OTPTBSCertificate'{}
-		signatureAlgorithm,    % #'SignatureAlgorithm'
-		signature              % bitstring()
-	       }.
-
-#'OTPTBSCertificate'{
-	  version,              % v1 | v2 | v3 
-	  serialNumber,         % integer() 
-	  signature,            % #'SignatureAlgorithm'
-	  issuer,               % {rdnSequence, [#AttributeTypeAndValue'{}]} 
-	  validity,             % #'Validity'{}
-	  subject,              % {rdnSequence, [#AttributeTypeAndValue'{}]} 
-	  subjectPublicKeyInfo, % #'OTPSubjectPublicKeyInfo'{}
-	  issuerUniqueID,       % binary() | asn1_novalue
-	  subjectUniqueID,      % binary() | asn1_novalue
-	  extensions            % [#'Extension'{}] 
-	 }.
-	  
-#'SignatureAlgorithm'{
-	  algorithm,  % id_signature_algorithm()
-	  parameters  % asn1_novalue | #'Dss-Parms'{}
-	 }.</code>
-
-<p><c>id_signature_algorithm() = OID_macro()</c></p>
-
-<p>The available OID names are as follows:</p>
-<table>
-  <row>
-    <cell align="left" valign="middle"><em>OID Name</em></cell>
-  </row>
-  <row>
-    <cell align="left" valign="middle">id-dsa-with-sha1</cell>
-      </row>
-      <row>
-	<cell align="left" valign="middle">id-dsaWithSHA1 (ISO or OID to above)</cell>
-      </row>
-       <row>
-	<cell align="left" valign="middle">md2WithRSAEncryption</cell>
-      </row>
-      <row>
-	<cell align="left" valign="middle">md5WithRSAEncryption</cell>
-      </row>
-      <row>
-	<cell align="left" valign="middle">sha1WithRSAEncryption</cell>
-      </row>
-      <row>
-	<cell align="left" valign="middle">sha-1WithRSAEncryption (ISO or OID to above)</cell>
-      </row>
-      <row>
-	<cell align="left" valign="middle">sha224WithRSAEncryption</cell>
-      </row>
-       <row>
-	<cell align="left" valign="middle">sha256WithRSAEncryption</cell>
-      </row>
-     <row>
-	<cell align="left" valign="middle">sha512WithRSAEncryption</cell>
-      </row>
-        <row>
-	  <cell align="left" valign="middle">ecdsa-with-SHA1</cell>
-     </row>
-      <tcaption>Signature Algorithm OIDs </tcaption>
-</table>
-    
-<p>The data type <c>'AttributeTypeAndValue'</c>, is represented as
- the following erlang record:</p>
-
-<code>
-#'AttributeTypeAndValue'{
-	  type,   % id_attributes()
-	  value   % term() 
-	 }.</code>
-
-<p>The attribute OID name atoms and their corresponding value types
-are as follows:</p>
-<table>
-  <row>
-    <cell align="left" valign="middle"><em>OID Name</em></cell>
-    <cell align="left" valign="middle"><em>Value Type</em></cell>
-  </row>
-  <row>
-    <cell align="left" valign="middle">id-at-name</cell>
-    <cell align="left" valign="middle">special_string()</cell>
-  </row>      
-  <row>
-    <cell align="left" valign="middle">id-at-surname</cell>
-    <cell align="left" valign="middle">special_string()</cell>
-  </row>
-  <row>
-    <cell align="left" valign="middle">id-at-givenName</cell>
-    <cell align="left" valign="middle">special_string()</cell>
-  </row>
-  <row>
-    <cell align="left" valign="middle">id-at-initials </cell>
-    <cell align="left" valign="middle">special_string()</cell>
-  </row>
-  <row>
-    <cell align="left" valign="middle">id-at-generationQualifier</cell>
-    <cell align="left" valign="middle">special_string()</cell>
-  </row>
-  <row>
-    <cell align="left" valign="middle">id-at-commonName</cell>
-    <cell align="left" valign="middle">special_string()</cell>
-  </row>   
-  <row>
-    <cell align="left" valign="middle">id-at-localityName</cell>
-    <cell align="left" valign="middle">special_string()</cell>
-  </row>
-  <row>
-    <cell align="left" valign="middle">id-at-stateOrProvinceName</cell>
-    <cell align="left" valign="middle">special_string()</cell>
-  </row>
-  <row>
-    <cell align="left" valign="middle">id-at-organizationName</cell>
-    <cell align="left" valign="middle">special_string()</cell>
-  </row>
-  <row>
-    <cell align="left" valign="middle">id-at-title</cell>
-    <cell align="left" valign="middle">special_string()</cell>
-  </row>
-  <row>
-    <cell align="left" valign="middle">id-at-dnQualifier</cell>
-    <cell align="left" valign="middle">{printableString, string()}</cell>
-  </row>
-  <row>
-    <cell align="left" valign="middle">id-at-countryName</cell>
-    <cell align="left" valign="middle">{printableString, string()}</cell>
-  </row>
-  <row>
-    <cell align="left" valign="middle">id-at-serialNumber</cell>
-    <cell align="left" valign="middle">{printableString, string()}</cell>
-  </row>      
-  <row>
-    <cell align="left" valign="middle">id-at-pseudonym</cell>
-    <cell align="left" valign="middle">special_string()</cell>
-  </row>
-  <tcaption>Attribute OIDs</tcaption>
-</table>
-    
-<p>The data types <c>'Validity'</c>, <c>'SubjectPublicKeyInfo'</c>, and 
-<c>'SubjectPublicKeyInfoAlgorithm'</c> are represented as the following Erlang records:</p>
-
-<code>
-#'Validity'{ 
-	  notBefore, % time()
-	  notAfter   % time()
-	 }.
-	 
-#'SubjectPublicKeyInfo'{
-	  algorithm,       % #AlgorithmIdentifier{} 
-	  subjectPublicKey % binary() 
-	 }.
-
-#'SubjectPublicKeyInfoAlgorithm'{
-	  algorithm,  % id_public_key_algorithm()
-	  parameters  % public_key_params()
-	 }.</code>
-
-<p>The public-key algorithm OID name atoms are as follows:</p>
-<table>
-  <row>
-    <cell align="left" valign="middle"><em>OID Name</em></cell>
-  </row>
-  <row>
-    <cell align="left" valign="middle">rsaEncryption</cell>
-      </row>
-      <row>
-	<cell align="left" valign="middle">id-dsa</cell>
-      </row>
-      <row>
-	<cell align="left" valign="middle">dhpublicnumber</cell>
-      </row>
-      <row>
-	<cell align="left" valign="middle">id-keyExchangeAlgorithm</cell>
-      </row>
-      <row>
-	<cell align="left" valign="middle">id-ecPublicKey</cell>
-      </row>
-      <tcaption>Public-Key Algorithm OIDs</tcaption>
-</table>
-    
-<code>
-#'Extension'{
-	  extnID,    % id_extensions() | oid() 
-	  critical,  % boolean()
-	  extnValue  % der_encoded()
-	 }.</code>
-
-<p><c>id_extensions()</c>  
-  <seealso marker="#StdCertExt">Standard Certificate Extensions</seealso>, 
-  <seealso marker="#PrivIntExt">Private Internet Extensions</seealso>,  
-  <seealso marker="#CRLCertExt">CRL Extensions</seealso> and 
-  <seealso marker="#CRLEntryExt">CRL Entry Extensions</seealso>.
-</p>
-    
-</section>
-  
-<section>
-  <marker id="StdCertExt"></marker>
-  <title>Standard Certificate Extensions</title>
-    
-  <p>The standard certificate extensions OID name atoms and their 
-  corresponding value types are as follows:</p>
-
-  <table>
-      <row>
-	<cell align="left" valign="middle"><em>OID Name</em></cell>
-	<cell align="left" valign="middle"><em>Value Type</em></cell>
-      </row>
-      <row>
-	<cell align="left" valign="middle">id-ce-authorityKeyIdentifier</cell>
-	<cell align="left" valign="middle">#'AuthorityKeyIdentifier'{}</cell>
-      </row>
-      <row>
-	<cell align="left" valign="middle">id-ce-subjectKeyIdentifier</cell>
-	<cell align="left" valign="middle">oid()</cell>
-      </row>
-      <row>
-	<cell align="left" valign="middle">id-ce-keyUsage</cell>
-	<cell align="left" valign="middle">[key_usage()]</cell>
-      </row>
-      <row>
-	<cell align="left" valign="middle">id-ce-privateKeyUsagePeriod</cell>
-	<cell align="left" valign="middle">#'PrivateKeyUsagePeriod'{}</cell>
-      </row>
-      <row>
-	<cell align="left" valign="middle">id-ce-certificatePolicies</cell>
-	<cell align="left" valign="middle">#'PolicyInformation'{}</cell>
-      </row>
-      
-      <row>
-	<cell align="left" valign="middle">id-ce-policyMappings</cell>
-	<cell align="left" valign="middle">#'PolicyMappings_SEQOF'{}</cell>
-      </row>
-      
-      <row>
-	<cell align="left" valign="middle">id-ce-subjectAltName</cell>
-	<cell align="left" valign="middle">general_name()</cell>
-      </row>
-
-      <row>
-	<cell align="left" valign="middle">id-ce-issuerAltName</cell>
-	<cell align="left" valign="middle">general_name()</cell>
-      </row>
-      
-      <row>
-	<cell align="left" valign="middle">id-ce-subjectDirectoryAttributes</cell>
-	<cell align="left" valign="middle"> [#'Attribute'{}]</cell>
-      </row>
-
-      <row>
-          <cell align="left" valign="middle">id-ce-basicConstraints</cell>
-	  <cell align="left" valign="middle">#'BasicConstraints'{}</cell>
-      </row>
-      <row>
-	<cell align="left" valign="middle">id-ce-nameConstraints</cell>
-	<cell align="left" valign="middle">#'NameConstraints'{}</cell>
-      </row>
-      <row>
-	<cell align="left" valign="middle">id-ce-policyConstraints</cell>
-	<cell align="left" valign="middle">#'PolicyConstraints'{}</cell>
-      </row>
-      <row>
-	<cell align="left" valign="middle">id-ce-extKeyUsage</cell>
-	<cell align="left" valign="middle">[id_key_purpose()]</cell>
-      </row>
-      
-      <row>
-	<cell align="left" valign="middle">id-ce-cRLDistributionPoints</cell>
-	<cell align="left" valign="middle">[#'DistributionPoint'{}]</cell>
-      </row>
-      
-      <row>
-	<cell align="left" valign="middle">id-ce-inhibitAnyPolicy</cell>
-	<cell align="left" valign="middle">integer()</cell>
-      </row>
-      
-      <row>
-	<cell align="left" valign="middle">id-ce-freshestCRL</cell>
-	<cell align="left" valign="middle">[#'DistributionPoint'{}]</cell>
-      </row>
-      
-      
-      <tcaption>Standard Certificate Extensions</tcaption>
-    </table>
-
-    <p>Here:</p>
-    <taglist>
-      <tag><c>key_usage()</c></tag>
-      <item>= <p><c>digitalSignature</c></p>
-      <p><c>| nonRepudiation</c></p>
-      <p><c>| keyEncipherment</c></p>
-      <p><c>| dataEncipherment</c></p>
-      <p><c>| keyAgreement</c></p>
-      <p><c>| keyCertSign</c></p>
-      <p><c>| cRLSign</c></p>
-      <p><c>| encipherOnly</c></p>
-      <p><c>| decipherOnly </c></p>
-      </item>
-    </taglist>
-   
-    <p>And for <c>id_key_purpose()</c>:</p>
-    
-<table>
-  <row>
-    <cell align="left" valign="middle"><em>OID Name</em></cell>
-  </row>
-  <row>
-    <cell align="left" valign="middle">id-kp-serverAuth</cell>
-      </row>
-      <row>
-	<cell align="left" valign="middle">id-kp-clientAuth</cell>
-      </row>
-      <row>
-	<cell align="left" valign="middle">id-kp-codeSigning</cell>
-      </row>
-      <row>
-	<cell align="left" valign="middle">id-kp-emailProtection</cell>
-      </row>
-       <row>
-	<cell align="left" valign="middle">id-kp-timeStamping</cell>
-      </row>
-       <row>
-	<cell align="left" valign="middle">id-kp-OCSPSigning</cell>
-      </row>
-      <tcaption>Key Purpose OIDs</tcaption>
-</table>
-    
-    <code>
-#'AuthorityKeyIdentifier'{
-	  keyIdentifier,	    % oid()
-	  authorityCertIssuer,      % general_name()
-	  authorityCertSerialNumber % integer() 
-	 }.
-
-#'PrivateKeyUsagePeriod'{
-	  notBefore,   % general_time()
-	  notAfter     % general_time()
-	 }.
-
-#'PolicyInformation'{
-	  policyIdentifier,  % oid()
-	  policyQualifiers   % [#PolicyQualifierInfo{}]
-	 }.
-
-#'PolicyQualifierInfo'{
-	  policyQualifierId,   % oid()
-	  qualifier            % string() | #'UserNotice'{}
-	 }.
-
-#'UserNotice'{
-         noticeRef,   % #'NoticeReference'{}
-	 explicitText % string()
-	 }.
-
-#'NoticeReference'{
-         organization,    % string()
-	 noticeNumbers    % [integer()]
-	 }.
-
-#'PolicyMappings_SEQOF'{
-	  issuerDomainPolicy,  % oid()
-	  subjectDomainPolicy  % oid()
-	 }.
-
-#'Attribute'{
-          type,  % oid()
-	  values % [der_encoded()]
-	  }).
-
-#'BasicConstraints'{
-	  cA,		    % boolean()
-	  pathLenConstraint % integer()
-	 }).
-
-#'NameConstraints'{
-	  permittedSubtrees, % [#'GeneralSubtree'{}]
-	  excludedSubtrees   % [#'GeneralSubtree'{}]
-	 }).
-
-#'GeneralSubtree'{
-	  base,    % general_name()
-	  minimum, % integer()
-	  maximum  % integer()
-	 }).
-
-#'PolicyConstraints'{
-	  requireExplicitPolicy, % integer()
-	  inhibitPolicyMapping   % integer()
-	 }).
-
-#'DistributionPoint'{
-	  distributionPoint, % {fullName, [general_name()]} | {nameRelativeToCRLIssuer,
-	  [#AttributeTypeAndValue{}]}
-	  reasons,           % [dist_reason()]
-	  cRLIssuer          % [general_name()]
-	 }).</code>
-
-</section>
-
- <section>
-   <marker id="PrivIntExt"></marker>
-   <title>Private Internet Extensions</title>   
-
-   <p>The private internet extensions OID name atoms and their corresponding value 
-   types are as follows:</p>
-
-   <table>
-        <row>
-          <cell align="left" valign="middle"><em>OID Name</em></cell>
-          <cell align="left" valign="middle"><em>Value Type</em></cell>
-        </row>
-        <row>
-          <cell align="left" valign="middle">id-pe-authorityInfoAccess</cell>
-          <cell align="left" valign="middle">[#'AccessDescription'{}]</cell>
-        </row>
-	<row>
-          <cell align="left" valign="middle">id-pe-subjectInfoAccess</cell>
-          <cell align="left" valign="middle">[#'AccessDescription'{}]</cell>
-        </row>
-        <tcaption>Private Internet Extensions</tcaption>
-      </table>   
- 
-<code>
-#'AccessDescription'{
-           accessMethod,    % oid()
-	   accessLocation   % general_name()
-	 }).</code>
-
- </section>
- 
-<section>
-    <title>CRL and CRL Extensions Profile</title>
-
-    <p>Erlang representation of CRL and CRL extensions profile 
-    derived from ASN.1 specifications and RFC 5280 are as follows:</p>
-
- <code>
-#'CertificateList'{
-          tbsCertList,        % #'TBSCertList{}
-          signatureAlgorithm, % #'AlgorithmIdentifier'{} 
-          signature           % bitstring()
-	  }).
-
-#'TBSCertList'{
-      version,             % v2 (if defined)
-      signature,           % #AlgorithmIdentifier{}
-      issuer,              % {rdnSequence, [#AttributeTypeAndValue'{}]} 
-      thisUpdate,          % time()
-      nextUpdate,          % time() 
-      revokedCertificates, % [#'TBSCertList_revokedCertificates_SEQOF'{}]
-      crlExtensions        % [#'Extension'{}]
-      }).
-
-#'TBSCertList_revokedCertificates_SEQOF'{
-         userCertificate,      % integer()
- 	 revocationDate,       % timer()
-	 crlEntryExtensions    % [#'Extension'{}]
-	 }).</code>
- 
- <section>
-   <marker id="CRLCertExt"></marker>
-   <title>CRL Extensions</title>
-
-   <p>The CRL extensions OID name atoms and their corresponding value types are as follows:</p>
-   
-   
-        <table>
-        <row>
-          <cell align="left" valign="middle"><em>OID Name</em></cell>
-          <cell align="left" valign="middle"><em>Value Type</em></cell>
-        </row>
-        <row>
-          <cell align="left" valign="middle">id-ce-authorityKeyIdentifier</cell>
-          <cell align="left" valign="middle">#'AuthorityKeyIdentifier{}</cell>
-        </row>
-        <row>
-          <cell align="left" valign="middle">id-ce-issuerAltName</cell>
-          <cell align="left" valign="middle">{rdnSequence, [#AttributeTypeAndValue'{}]}</cell>
-           </row>
-	    <row>
-          <cell align="left" valign="middle">id-ce-cRLNumber</cell>
-          <cell align="left" valign="middle">integer()</cell>
-           </row>
-	    <row>
-          <cell align="left" valign="middle">id-ce-deltaCRLIndicator</cell>
-          <cell align="left" valign="middle">integer()</cell>
-           </row>
-	    <row>
-          <cell align="left" valign="middle">id-ce-issuingDistributionPoint</cell>
-          <cell align="left" valign="middle">#'IssuingDistributionPoint'{}</cell>
-           </row>
-	   <row>
-          <cell align="left" valign="middle">id-ce-freshestCRL</cell>
-          <cell align="left" valign="middle">[#'Distributionpoint'{}]</cell>
-           </row>
-	   
-        <tcaption>CRL Extensions</tcaption>
-      </table>
-      
-      <p>Here, the data type <c>'IssuingDistributionPoint'</c> is represented as 
-      the following Erlang record:</p>
-
-      <code>
-#'IssuingDistributionPoint'{
-          distributionPoint,         % {fullName, [general_name()]} | {nameRelativeToCRLIssuer,
-	  [#AttributeTypeAndValue'{}]}
-	  onlyContainsUserCerts,     % boolean()
-	  onlyContainsCACerts,       % boolean()
-	  onlySomeReasons,           % [dist_reason()]
-	  indirectCRL,               % boolean()
-	  onlyContainsAttributeCerts % boolean()
-	  }).</code> 
- </section>
- 
- <section>
-   <marker id="CRLEntryExt"></marker>
-   <title>CRL Entry Extensions</title>
-
-   <p>The CRL entry extensions OID name atoms and their corresponding value types are as follows:</p>
-
-       <table>
-        <row>
-          <cell align="left" valign="middle"><em>OID Name</em></cell>
-          <cell align="left" valign="middle"><em>Value Type</em></cell>
-        </row>
-        <row>
-          <cell align="left" valign="middle">id-ce-cRLReason</cell>
-          <cell align="left" valign="middle">crl_reason()</cell>
-        </row>
-        <row>
-          <cell align="left" valign="middle">id-ce-holdInstructionCode</cell>
-          <cell align="left" valign="middle">oid()</cell>
-           </row>
-	    <row>
-          <cell align="left" valign="middle">id-ce-invalidityDate</cell>
-          <cell align="left" valign="middle">general_time()</cell>
-           </row>
-	    <row>
-          <cell align="left" valign="middle">id-ce-certificateIssuer</cell>
-          <cell align="left" valign="middle">general_name()</cell>
-           </row>
-	   <tcaption>CRL Entry Extensions</tcaption>
-       </table>
-
-
-       <p>Here:</p>
-       <taglist>
-      <tag><c>crl_reason()</c></tag>
-      <item>= <p><c>unspecified</c></p>
-      <p><c>| keyCompromise</c></p>
-      <p><c>| cACompromise</c></p>
-      <p><c>| affiliationChanged</c></p>
-      <p><c>| superseded</c></p>
-      <p><c>| cessationOfOperation</c></p>
-      <p><c>| certificateHold</c></p>
-      <p><c>| removeFromCRL</c></p>
-      <p><c>| privilegeWithdrawn</c></p>
-      <p><c>| aACompromise</c></p>
-      </item>
-       </taglist>
-
- </section>
-
- <section>
-   <marker id="PKCS10"></marker>
-   <title>PKCS#10 Certification Request</title>
-   <p>Erlang representation of a PKCS#10 certification request 
-   derived from ASN.1 specifications and RFC 5280 are as follows:</p>
-   <code>
-#'CertificationRequest'{
-          certificationRequestInfo #'CertificationRequestInfo'{},
-	  signatureAlgorithm	   #'CertificationRequest_signatureAlgorithm'{}}.
-	  signature                bitstring()
-	  }
-
-#'CertificationRequestInfo'{
-	  version       atom(),
-	  subject       {rdnSequence, [#AttributeTypeAndValue'{}]} ,
-	  subjectPKInfo #'CertificationRequestInfo_subjectPKInfo'{},
-	  attributes    [#'AttributePKCS-10' {}]
-	  }
-
-#'CertificationRequestInfo_subjectPKInfo'{
-          algorithm		#'CertificationRequestInfo_subjectPKInfo_algorithm'{}
-	  subjectPublicKey 	  bitstring()
-	  }
-
-#'CertificationRequestInfo_subjectPKInfo_algorithm'{
-     algorithm = oid(),
-     parameters = der_encoded()
-}	  
-
-#'CertificationRequest_signatureAlgorithm'{
-     algorithm = oid(),
-     parameters = der_encoded()
-     }
-
-#'AttributePKCS-10'{
-    type = oid(),
-    values = [der_encoded()]
-}  </code> 
- </section>
-</section>
-</chapter>
-- 
cgit v1.2.3