aboutsummaryrefslogtreecommitdiffstats
path: root/lib/public_key/asn1/PKCS-12.asn1
blob: 078089f7b5b10cd26592825817122a48f7592621 (plain) (blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
PKCS-12 {iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1)
                 pkcs-12(12) modules(0)  pkcs-12(1)}

-- $Revision$

DEFINITIONS IMPLICIT TAGS ::=

BEGIN

-- EXPORTS ALL
-- All types and values defined in this module is exported for use in
-- other ASN.1 modules.

IMPORTS

informationFramework
        FROM UsefulDefinitions {joint-iso-itu-t(2) ds(5) module(1)
        usefulDefinitions(0) 3}

ATTRIBUTE
	FROM InformationFramework informationFramework

ContentInfo, DigestInfo
	FROM PKCS-7 {iso(1) member-body(2) us(840) rsadsi(113549)
	pkcs(1) pkcs-7(7) modules(0) pkcs-7(1)}

PrivateKeyInfo, EncryptedPrivateKeyInfo
	FROM PKCS-8 {iso(1) member-body(2) us(840) rsadsi(113549)
	pkcs(1) pkcs-8(8) modules(1) pkcs-8(1)}

pkcs-9, friendlyName, localKeyId, certTypes, crlTypes
	FROM PKCS-9 {iso(1) member-body(2) us(840) rsadsi(113549)
	pkcs(1) pkcs-9(9) modules(0) pkcs-9(1)};

-- Object identifiers

rsadsi	OBJECT IDENTIFIER ::= {iso(1) member-body(2) us(840) rsadsi(113549)}
pkcs    OBJECT IDENTIFIER ::= {rsadsi pkcs(1)}
pkcs-12	OBJECT IDENTIFIER ::= {pkcs 12}
pkcs-12PbeIds                  	OBJECT IDENTIFIER ::= {pkcs-12 1}
pbeWithSHAAnd128BitRC4          OBJECT IDENTIFIER ::= {pkcs-12PbeIds 1}
pbeWithSHAAnd40BitRC4           OBJECT IDENTIFIER ::= {pkcs-12PbeIds 2}
pbeWithSHAAnd3-KeyTripleDES-CBC	OBJECT IDENTIFIER ::= {pkcs-12PbeIds 3}
pbeWithSHAAnd2-KeyTripleDES-CBC	OBJECT IDENTIFIER ::= {pkcs-12PbeIds 4}
pbeWithSHAAnd128BitRC2-CBC      OBJECT IDENTIFIER ::= {pkcs-12PbeIds 5}
pbewithSHAAnd40BitRC2-CBC       OBJECT IDENTIFIER ::= {pkcs-12PbeIds 6}

bagtypes			OBJECT IDENTIFIER ::= {pkcs-12 10 1}

-- The PFX PDU

PFX ::= SEQUENCE {
	version		INTEGER {v3(3)}(v3,...),
	authSafe	ContentInfo,
	macData    	MacData OPTIONAL
}

MacData ::= SEQUENCE {
	mac 		DigestInfo,
	macSalt	        OCTET STRING,
	iterations	INTEGER DEFAULT 1
-- Note: The default is for historical reasons and its use is
-- deprecated. A higher value, like 1024 is recommended.
}

AuthenticatedSafe ::= SEQUENCE OF ContentInfo
	-- Data if unencrypted
	-- EncryptedData if password-encrypted
	-- EnvelopedData if public key-encrypted

SafeContents ::= SEQUENCE OF SafeBag

SafeBag ::= SEQUENCE {
	bagId	      	BAG-TYPE.&id ({PKCS12BagSet}),
	bagValue      	[0] EXPLICIT BAG-TYPE.&Type({PKCS12BagSet}{@bagId}),
	bagAttributes 	SET OF PKCS12Attribute OPTIONAL
}

-- Bag types

keyBag 	  BAG-TYPE ::=
	{KeyBag IDENTIFIED BY {bagtypes 1}}
pkcs8ShroudedKeyBag BAG-TYPE ::=
	{PKCS8ShroudedKeyBag IDENTIFIED BY {bagtypes 2}}
certBag BAG-TYPE ::=
	{CertBag IDENTIFIED BY {bagtypes 3}}
crlBag BAG-TYPE ::=
	{CRLBag IDENTIFIED BY {bagtypes 4}}
secretBag BAG-TYPE ::=
	{SecretBag IDENTIFIED BY {bagtypes 5}}
safeContentsBag BAG-TYPE ::=
	{SafeContents IDENTIFIED BY {bagtypes 6}}

PKCS12BagSet BAG-TYPE ::= {
	keyBag |
	pkcs8ShroudedKeyBag |
	certBag |
	crlBag |
	secretBag |
	safeContentsBag,
	... -- For future extensions
}

BAG-TYPE ::= TYPE-IDENTIFIER

-- KeyBag

KeyBag ::= PrivateKeyInfo

-- Shrouded KeyBag

PKCS8ShroudedKeyBag ::= EncryptedPrivateKeyInfo

-- CertBag

CertBag ::= SEQUENCE {
	certId    BAG-TYPE.&id   ({CertTypes}),
	certValue [0] EXPLICIT BAG-TYPE.&Type ({CertTypes}{@certId})
}

x509Certificate BAG-TYPE ::=
	{OCTET STRING IDENTIFIED BY {certTypes 1}}
	-- DER-encoded X.509 certificate stored in OCTET STRING
sdsiCertificate BAG-TYPE ::=
	{IA5String IDENTIFIED BY {certTypes 2}}
	-- Base64-encoded SDSI certificate stored in IA5String

CertTypes BAG-TYPE ::= {
	x509Certificate |
	sdsiCertificate,
	... -- For future extensions
}

-- CRLBag

CRLBag ::= SEQUENCE {
	crlId     	BAG-TYPE.&id ({CRLTypes}),
	crlValue 	[0] EXPLICIT BAG-TYPE.&Type ({CRLTypes}{@crlId})
}

x509CRL BAG-TYPE ::=
	{OCTET STRING IDENTIFIED BY {crlTypes 1}}
	-- DER-encoded X.509 CRL stored in OCTET STRING

CRLTypes BAG-TYPE ::= {
	x509CRL,
	... -- For future extensions
}

-- Secret Bag

SecretBag ::= SEQUENCE {
	secretTypeId BAG-TYPE.&id ({SecretTypes}),
	secretValue  [0] EXPLICIT BAG-TYPE.&Type ({SecretTypes}{@secretTypeId})
}

SecretTypes BAG-TYPE ::= {
	... -- For future extensions
}

-- Attributes

PKCS12Attribute ::= SEQUENCE {
	attrId	   	ATTRIBUTE.&id ({PKCS12AttrSet}),
	attrValues 	SET OF ATTRIBUTE.&Type ({PKCS12AttrSet}{@attrId})
} -- This type is compatible with the X.500 type 'Attribute'

PKCS12AttrSet ATTRIBUTE ::= {
	friendlyName |
	localKeyId,
	... -- Other attributes are allowed
}

END