PKCS-7 {iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-7(7) modules(0) pkcs-7(1)} DEFINITIONS EXPLICIT TAGS ::= BEGIN -- -- 3. Definitions -- -- EXPORTS All; IMPORTS informationFramework, authenticationFramework FROM UsefulDefinitions {joint-iso-itu-t ds(5) module(1) usefulDefinitions(0) 3} Name, ATTRIBUTE FROM InformationFramework informationFramework ALGORITHM, Certificate, CertificateSerialNumber, CertificateList, Time FROM AuthenticationFramework authenticationFramework; -- contentType, messageDigest, signingTime -- , counterSignature -- FROM PKCS-9 {iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) -- pkcs-9(9) modules(0) pkcs-9(1)}; -- -- 6. Useful types -- pkcs-9 OBJECT IDENTIFIER ::= {iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) 9} contentType ATTRIBUTE ::= { WITH SYNTAX ContentType -- EQUALITY MATCHING RULE objectIdentifierMatch SINGLE VALUE TRUE ID pkcs-9-at-contentType } pkcs-9-at-contentType OBJECT IDENTIFIER ::= {pkcs-9 3} pkcs-9-at-messageDigest OBJECT IDENTIFIER ::= {pkcs-9 4} pkcs-9-at-signingTime OBJECT IDENTIFIER ::= {pkcs-9 5} pkcs-9-at-counterSignature OBJECT IDENTIFIER ::= {pkcs-9 6} counterSignature ATTRIBUTE ::= { WITH SYNTAX SignerInfo ID pkcs-9-at-counterSignature } messageDigest ATTRIBUTE ::= { WITH SYNTAX MessageDigest -- EQUALITY MATCHING RULE octetStringMatch SINGLE VALUE TRUE ID pkcs-9-at-messageDigest } MessageDigest ::= OCTET STRING signingTime ATTRIBUTE ::= { WITH SYNTAX SigningTime -- EQUALITY MATCHING RULE signingTimeMatch SINGLE VALUE TRUE ID pkcs-9-at-signingTime } SigningTime ::= Time -- imported from ISO/IEC 9594-8 -- Also defined in X.509 -- Redeclared here as a parameterized type AlgorithmIdentifier {ALGORITHM:IOSet} ::= SEQUENCE { algorithm ALGORITHM.&id({IOSet}), parameters ALGORITHM.&Type({IOSet}{@algorithm}) OPTIONAL } -- Also defined in X.501 -- Redeclared here as a parameterized type Attribute { ATTRIBUTE:IOSet } ::= SEQUENCE { type ATTRIBUTE.&id({IOSet}), values SET SIZE (1..MAX) OF ATTRIBUTE.&Type({IOSet}{@type}) } CertificateRevocationLists ::= SET OF CertificateList Certificates ::= SEQUENCE OF Certificate CRLSequence ::= SEQUENCE OF CertificateList ContentEncryptionAlgorithmIdentifier ::= AlgorithmIdentifier {{ContentEncryptionAlgorithms}} ContentEncryptionAlgorithms ALGORITHM ::= { ... -- add any application-specific algorithms here } DigestAlgorithmIdentifier ::= AlgorithmIdentifier {{DigestAlgorithms}} DigestAlgorithms ALGORITHM ::= { ... -- add any application-specific algorithms here } DigestEncryptionAlgorithmIdentifier ::= AlgorithmIdentifier {{DigestEncryptionAlgorithms}} DigestEncryptionAlgorithms ALGORITHM ::= { ... -- add any application-specific algorithms here } ExtendedCertificateOrCertificate ::= CHOICE { certificate Certificate, -- X.509 extendedCertificate [0] IMPLICIT ExtendedCertificate -- PKCS#6 } ExtendedCertificate ::= Certificate -- cheating ExtendedCertificatesAndCertificates ::= SET OF ExtendedCertificateOrCertificate IssuerAndSerialNumber ::= SEQUENCE { issuer Name, serialNumber CertificateSerialNumber } KeyEncryptionAlgorithmIdentifier ::= AlgorithmIdentifier {{KeyEncryptionAlgorithms}} KeyEncryptionAlgorithms ALGORITHM ::= { ... -- add any application-specific algorithms here } -- -- 7. General syntax -- ContentInfo ::= SEQUENCE { -- contentType ContentType, contentType CONTENTS.&id({Contents}), content [0] EXPLICIT CONTENTS.&Type({Contents}{@contentType}) OPTIONAL } CONTENTS ::= TYPE-IDENTIFIER Contents CONTENTS ::= { {Data IDENTIFIED BY data} | {SignedData IDENTIFIED BY signedData} | {EnvelopedData IDENTIFIED BY envelopedData} | {SignedAndEnvelopedData IDENTIFIED BY signedAndEnvelopedData} | {DigestedData IDENTIFIED BY digestedData} | {EncryptedData IDENTIFIED BY encryptedData}, ... -- add any application-specific types/contents here } ContentType ::= CONTENTS.&id({Contents}) -- -- 8. Data content type -- Data ::= OCTET STRING -- -- 9. Signed-data content type -- SignedData ::= SEQUENCE { -- version INTEGER {sdVer1(1), sdVer2(2)} (sdVer1 | sdVer2), version INTEGER {sdVer1(1), sdVer2(2)}, digestAlgorithms DigestAlgorithmIdentifiers, contentInfo ContentInfo, certificates CHOICE { certSet [0] IMPLICIT ExtendedCertificatesAndCertificates, certSequence [2] IMPLICIT Certificates } OPTIONAL, crls CHOICE { crlSet [1] IMPLICIT CertificateRevocationLists, crlSequence [3] IMPLICIT CRLSequence } OPTIONAL, signerInfos SignerInfos } (WITH COMPONENTS { ..., version (sdVer1), digestAlgorithms (WITH COMPONENTS { ..., daSet PRESENT }), certificates (WITH COMPONENTS { ..., certSequence ABSENT }), crls (WITH COMPONENTS { ..., crlSequence ABSENT }), signerInfos (WITH COMPONENTS { ..., siSet PRESENT }) } | WITH COMPONENTS { ..., version (sdVer2), digestAlgorithms (WITH COMPONENTS { ..., daSequence PRESENT }), certificates (WITH COMPONENTS { ..., certSet ABSENT }), crls (WITH COMPONENTS { ..., crlSet ABSENT }), signerInfos (WITH COMPONENTS { ..., siSequence PRESENT }) }) SignerInfos ::= CHOICE { siSet SET OF SignerInfo, siSequence SEQUENCE OF SignerInfo } DigestAlgorithmIdentifiers ::= CHOICE { daSet SET OF DigestAlgorithmIdentifier, daSequence SEQUENCE OF DigestAlgorithmIdentifier } SignerInfo ::= SEQUENCE { -- version INTEGER {siVer1(1), siVer2(2)} (siVer1 | siVer2), version INTEGER {siVer1(1), siVer2(2)}, issuerAndSerialNumber IssuerAndSerialNumber, digestAlgorithm DigestAlgorithmIdentifier, authenticatedAttributes CHOICE { aaSet [0] IMPLICIT SET OF Attribute {{Authenticated}}, aaSequence [2] EXPLICIT SEQUENCE OF Attribute {{Authenticated}} -- Explicit because easier to compute digest on sequence of attributes and then reuse -- encoded sequence in aaSequence. } OPTIONAL, digestEncryptionAlgorithm DigestEncryptionAlgorithmIdentifier, encryptedDigest EncryptedDigest, unauthenticatedAttributes CHOICE { uaSet [1] IMPLICIT SET OF Attribute {{Unauthenticated}}, uaSequence [3] IMPLICIT SEQUENCE OF Attribute {{Unauthenticated}} } OPTIONAL } (WITH COMPONENTS { ..., version (siVer1), authenticatedAttributes (WITH COMPONENTS { ..., aaSequence ABSENT }), unauthenticatedAttributes (WITH COMPONENTS { ..., uaSequence ABSENT }) } | WITH COMPONENTS { ..., version (siVer2), authenticatedAttributes (WITH COMPONENTS { ..., aaSet ABSENT }), unauthenticatedAttributes (WITH COMPONENTS { ..., uaSet ABSENT }) }) Authenticated ATTRIBUTE ::= { contentType | messageDigest, ..., -- add application-specific attributes here signingTime } Unauthenticated ATTRIBUTE ::= { contentType | messageDigest, ..., -- add application-specific attributes here counterSignature -- ..., add application-specific attributes here -- counterSignature } EncryptedDigest ::= OCTET STRING DigestInfo ::= SEQUENCE { digestAlgorithm DigestAlgorithmIdentifier, digest Digest } Digest ::= OCTET STRING -- -- 10. Enveloped-data content type -- EnvelopedData ::= SEQUENCE { -- version INTEGER {edVer0(0), edVer1(1)} (edVer0 | edVer1), version INTEGER {edVer0(0), edVer1(1)}, recipientInfos RecipientInfos, encryptedContentInfo EncryptedContentInfo } (WITH COMPONENTS { ..., version (edVer0), recipientInfos (WITH COMPONENTS { ..., riSet PRESENT }) } | WITH COMPONENTS { ..., version (edVer1), recipientInfos (WITH COMPONENTS { ..., riSequence PRESENT }) }) RecipientInfos ::= CHOICE { riSet SET OF RecipientInfo, riSequence SEQUENCE OF RecipientInfo } EncryptedContentInfo ::= SEQUENCE { contentType ContentType, contentEncryptionAlgorithm ContentEncryptionAlgorithmIdentifier, encryptedContent [0] IMPLICIT EncryptedContent OPTIONAL } EncryptedContent ::= OCTET STRING RecipientInfo ::= SEQUENCE { -- version INTEGER {riVer0(0)} (riVer0), version INTEGER {riVer0(0)}, issuerAndSerialNumber IssuerAndSerialNumber, keyEncryptionAlgorithm KeyEncryptionAlgorithmIdentifier, encryptedKey EncryptedKey } EncryptedKey ::= OCTET STRING -- -- 11. Signed-and-enveloped-data content type -- SignedAndEnvelopedData ::= SEQUENCE { -- version INTEGER {seVer1(1), seVer2(2)} (seVer1 | seVer2), version INTEGER {seVer1(1), seVer2(2)}, recipientInfos RecipientInfos, digestAlgorithms DigestAlgorithmIdentifiers, encryptedContentInfo EncryptedContentInfo, certificates CHOICE { certSet [0] IMPLICIT ExtendedCertificatesAndCertificates, certSequence [2] IMPLICIT Certificates } OPTIONAL, crls CHOICE { crlSet [1] IMPLICIT CertificateRevocationLists, crlSequence [3] IMPLICIT CRLSequence } OPTIONAL, signerInfos SignerInfos } (WITH COMPONENTS { ..., version (seVer1), recipientInfos (WITH COMPONENTS { ..., riSet PRESENT }), digestAlgorithms (WITH COMPONENTS { ..., daSet PRESENT }), certificates (WITH COMPONENTS { ..., certSequence ABSENT }), crls (WITH COMPONENTS { ..., crlSequence ABSENT }), signerInfos (WITH COMPONENTS { ..., siSet PRESENT }) } | WITH COMPONENTS { ..., version (seVer2), recipientInfos (WITH COMPONENTS { ..., riSequence PRESENT }), digestAlgorithms (WITH COMPONENTS { ..., daSequence PRESENT }), certificates (WITH COMPONENTS { ..., certSet ABSENT }), crls (WITH COMPONENTS { ..., crlSet ABSENT }), signerInfos (WITH COMPONENTS { ..., siSequence PRESENT }) }) -- -- 12. Digested-data content type --pbeWithSHAAnd3-KeyTripleDES-CBC DigestedData ::= SEQUENCE { -- version INTEGER {ddVer0(0)} (ddVer0), version INTEGER {ddVer0(0)}, digestAlgorithm DigestAlgorithmIdentifier, contentInfo ContentInfo, digest Digest } -- -- 13. Encrypted-data content type -- EncryptedData ::= SEQUENCE { -- version INTEGER {edVer0(0)} (edVer0), version INTEGER {edVer0(0)}, encryptedContentInfo EncryptedContentInfo } -- -- 14. Object Identifiers -- pkcs-7 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) 7 } data OBJECT IDENTIFIER ::= { pkcs-7 1 } signedData OBJECT IDENTIFIER ::= { pkcs-7 2 } envelopedData OBJECT IDENTIFIER ::= { pkcs-7 3 } signedAndEnvelopedData OBJECT IDENTIFIER ::= { pkcs-7 4 } digestedData OBJECT IDENTIFIER ::= { pkcs-7 5 } encryptedData OBJECT IDENTIFIER ::= { pkcs-7 6 } END