All Classes and Interfaces
Class
Description
AaEntry ::= SEQUENCE {
aaCertificate EtsiTs103097Certificate,
accessPoint Url
}
Some other information of non-restrictive nature regarding the usage of this
certificate.
AdditionalParams ::= CHOICE {
original ButterflyParamsOriginal,
unified ButterflyExpansion,
compactUnified ButterflyExpansion,
encryptionKey PublicEncryptionKey,
...
An Admissions structure.
Attribute to indicate admissions to certain professions.
AesCcmCiphertext ::= SEQUENCE {
nonce OCTET STRING (SIZE (12))
ccmCiphertext Opaque -- 16 bytes longer than plaintext
}
AesCcmCiphertext ::= SEQUENCE {
nonce OCTET STRING (SIZE (12))
ccmCiphertext Opaque -- 16 bytes longer than plaintext
}
Implementation of the Archive Timestamp type defined in RFC4998.
Implementation of ArchiveTimeStampChain type, as defined in RFC4998 and RFC6283.
Implementation of ArchiveTimeStampSequence type, as defined in RFC4998.
RFC 5652:
Attribute is a pair of OID (as type identifier) + set of values.
RFC 5652 defines
5 "SET OF Attribute" entities with 5 different names.
This is helper tool to construct
Attributes sets.
AttrOrOID ::= CHOICE (oid OBJECT IDENTIFIER, attribute Attribute }
RFC 5652 section 9.1:
The AuthenticatedData carries AuthAttributes and other data
which define what really is being signed.
Parse
AuthenticatedData stream.RFC 5083:
CMS AuthEnveloped Data object.
Parse
AuthEnvelopedData input stream.AuthorizationValidationRequest ::= SEQUENCE {
sharedAtRequest SharedAtRequest,
ecSignature EcSignature,
...
AuthorizationValidationResponse ::= SEQUENCE {
requestHash OCTET STRING (SIZE(16)),
responseCode AuthorizationValidationResponseCode,
confirmedSubjectAttributes CertificateSubjectAttributes (WITH COMPONENTS{..., certIssuePermissions ABSENT}) OPTIONAL,
...
BasePublicEncryptionKey ::= CHOICE {
eciesNistP256 EccP256CurvePoint,
eciesBrainpoolP256r1 EccP256CurvePoint,
...
BitmapSspRange ::= SEQUENCE {
sspValue OCTET STRING (SIZE(1..32)),
sspBitmask OCTET STRING (SIZE(1..32))
}
BitmapSspRange ::= SEQUENCE {
sspValue OCTET STRING (SIZE(1..32)),
sspBitmask OCTET STRING (SIZE(1..32))
}
bodyIdMax INTEGER ::= 4294967295
BodyPartID ::= INTEGER(0..bodyIdMax)
BodyPartList ::= SEQUENCE SIZE (1..MAX) OF BodyPartID
BodyPartPath ::= SEQUENCE SIZE (1..MAX) OF BodyPartID
BodyPartReference ::= CHOICE {
bodyPartID BodyPartID,
bodyPartPath BodyPartPath
}
See https://www.bsi.bund.de/cae/servlet/contentblob/471398/publicationFile/30615/BSI-TR-03111_pdf.pdf
ButterflyExpansion ::= CHOICE {
aes128 OCTET STRING (SIZE(16)),
...
ButterflyParamsOriginal ::= SEQUENCE {
signingExpansion ButterflyExpansion,
encryptionKey PublicEncryptionKey,
encryptionExpansion ButterflyExpansion
}
CaCertificateRequest ::= SEQUENCE {
publicKeys PublicKeys,
requestedSubjectAttributes CertificateSubjectAttributes,
...
RFC 5084: CCMParameters object.
CertAnnContent ::= CMPCertificate
CertEtcToken ::= CHOICE {
certificate [0] IMPLICIT Certificate ,
esscertid [1] ESSCertId ,
pkistatus [2] IMPLICIT PKIStatusInfo ,
assertion [3] ContentInfo ,
crl [4] IMPLICIT CertificateList,
ocspcertstatus [5] CertStatus,
oscpcertid [6] IMPLICIT CertId ,
oscpresponse [7] IMPLICIT OCSPResponse,
capabilities [8] SMIMECapabilities,
extension Extension
}
ISIS-MTT PROFILE: The responder may include this extension in a response to
send the hash of the requested certificate to the responder.
Certificate ::= CertificateBase (ImplicitCertificate | ExplicitCertificate)
CertificateBase ::= SEQUENCE {
version Uint8(3),
type CertificateType,
issuer IssuerIdentifier,
toBeSigned ToBeSignedCertificate,
signature Signature OPTIONAL
}
CertificateBase ::= SEQUENCE {
version Uint8(3),
type CertificateType,
issuer IssuerIdentifier,
toBeSigned ToBeSignedCertificate,
signature Signature OPTIONAL
}
an Iso7816CertificateBody structure.
CertificateFormat::= INTEGER {
ts103097v131 (1)
}(1..255)
an Iso7816CertificateHolderAuthorization structure.
CertificateId ::= CHOICE {
linkageData LinkageData,
name Hostname,
binaryId OCTET STRING(SIZE(1..64)),
none NULL,
...
CertificateSubjectAttributes ::= SEQUENCE {
id CertificateId OPTIONAL,
validityPeriod ValidityPeriod OPTIONAL,
region GeographicRegion OPTIONAL,
assuranceLevel SubjectAssurance OPTIONAL,
appPermissions SequenceOfPsidSsp OPTIONAL,
certIssuePermissions SequenceOfPsidGroupPermissions OPTIONAL,
...
CertificateType ::= ENUMERATED {
explicit,
implicit,
...
CertificateType ::= ENUMERATED {
explicit,
implicit,
...
CertificationRequest ::= SEQUENCE {
certificationRequestInfo SEQUENCE {
version INTEGER,
subject Name,
subjectPublicKeyInfo SEQUENCE {
algorithm AlgorithmIdentifier,
subjectPublicKey BIT STRING },
attributes [0] IMPLICIT SET OF Attribute },
signatureAlgorithm AlgorithmIdentifier,
signature BIT STRING
}
CertifiedKeyPair ::= SEQUENCE {
certOrEncCert CertOrEncCert,
privateKey [0] EncryptedValue OPTIONAL,
-- see [CRMF] for comment on encoding
publicationInfo [1] PKIPublicationInfo OPTIONAL
}
CertOrEncCert ::= CHOICE {
certificate [0] CMPCertificate,
encryptedCert [1] EncryptedKey
}
GenMsg: {id-it 19}, < absent >
GenRep: {id-it 19}, CertReqTemplateContent | < absent >
CertStatus ::= SEQUENCE {
certHash OCTET STRING,
certReqId INTEGER,
statusInfo PKIStatusInfo OPTIONAL,
hashAlg [0] AlgorithmIdentifier{DIGEST-ALGORITHM, {...}}
OPTIONAL
}
CircularRegion ::= SEQUENCE {
center TwoDLocation,
radius Uint16
}
CircularRegion ::= SEQUENCE {
center TwoDLocation,
radius Uint16
}
CMCFailInfo ::= INTEGER {
badAlg (0),
badMessageCheck (1),
badRequest (2),
badTime (3),
badCertId (4),
unsupportedExt (5),
mustArchiveKeys (6),
badIdentity (7),
popRequired (8),
popFailed (9),
noKeyReuse (10),
internalCAError (11),
tryLater (12),
authDataFail (13)
}
Object Identifiers from RFC 5272
CMCPublicationInfo ::= SEQUENCE {
hashAlg AlgorithmIdentifier,
certHashes SEQUENCE OF OCTET STRING,
pubInfo PKIPublicationInfo
}
CMCStatus ::= INTEGER {
success (0),
failed (2),
pending (3),
noSupport (4),
confirmRequired (5),
popRequired (6),
partial (7)
}
-- Used to return status state in a response
id-cmc-statusInfo OBJECT IDENTIFIER ::= {id-cmc 1}
CMCStatusInfo ::= SEQUENCE {
cMCStatus CMCStatus,
bodyList SEQUENCE SIZE (1..MAX) OF BodyPartID,
statusString UTF8String OPTIONAL,
otherInfo CHOICE {
failInfo CMCFailInfo,
pendInfo PendInfo } OPTIONAL
}
Other info implements the choice component of CMCStatusInfo.
-- Replaces CMC Status Info
--
id-cmc-statusInfoV2 OBJECT IDENTIFIER ::= {id-cmc 25}
CMCStatusInfoV2 ::= SEQUENCE {
cMCStatus CMCStatus,
bodyList SEQUENCE SIZE (1..MAX) OF BodyPartReference,
statusString UTF8String OPTIONAL,
otherStatusInfo OtherStatusInfo OPTIONAL
}
OtherStatusInfo ::= CHOICE {
failInfo CMCFailInfo,
pendInfo PendInfo,
extendedFailInfo ExtendedFailInfo
}
PendInfo ::= SEQUENCE {
pendToken OCTET STRING,
pendTime GeneralizedTime
}
ExtendedFailInfo ::= SEQUENCE {
failInfoOID OBJECT IDENTIFIER,
failInfoValue ANY DEFINED BY failInfoOID
}
id-aa-cmc-unsignedData OBJECT IDENTIFIER ::= {id-aa 34}
CMCUnsignedData ::= SEQUENCE {
bodyPartPath BodyPartPath,
identifier OBJECT IDENTIFIER,
content ANY DEFINED BY identifier
}
From RFC 6211
RFC 5652 CMS attribute OID constants.
CMSORIforKEMOtherInfo ::= SEQUENCE {
wrap KeyEncryptionAlgorithmIdentifier,
kekLength INTEGER (1..65535),
ukm [0] EXPLICIT UserKeyingMaterial OPTIONAL
}
UserKeyingMaterial ::= OCTET STRING
Commitment type qualifiers, used in the Commitment-Type-Indication attribute (RFC3126).
CompleteRevocationRefs ::= SEQUENCE OF CrlOcspRef
RFC 3274: CMS Compressed Data.
Parser of RFC 3274
CompressedData object.RFC 5652
ContentInfo object parser.ContributedExtensionBlock ::= SEQUENCE {
contributorId IEEE1609DOT2-HEADERINFO-CONTRIBUTED-EXTENSION.
-- Inform follow on servers that one or more controls have already been
-- processed
id-cmc-controlProcessed OBJECT IDENTIFIER ::= {id-cmc 32}
ControlsProcessed ::= SEQUENCE {
bodyList SEQUENCE SIZE(1..MAX) OF BodyPartReference
}
Countersignature ::= Ieee1609Dot2Data (WITH COMPONENTS {...,
content (WITH COMPONENTS {...,
signedData (WITH COMPONENTS {...,
tbsData (WITH COMPONENTS {...,
payload (WITH COMPONENTS {...,
data ABSENT,
extDataHash PRESENT
}),
headerInfo(WITH COMPONENTS {...,
generationTime PRESENT,
expiryTime ABSENT,
generationLocation ABSENT,
p2pcdLearningRequest ABSENT,
missingCrlIdentifier ABSENT,
encryptionKey ABSENT
})
})
})
})
})
CountryAndRegions ::= SEQUENCE {
countryOnly CountryOnly,
regions SequenceOfUint8
}
CountryAndSubregions ::= SEQUENCE {
country CountryOnly,
regionAndSubregions SequenceOfRegionAndSubregions
}
CrlIdentifier ::= SEQUENCE
{
crlissuer Name,
crlIssuedTime UTCTime,
crlNumber INTEGER OPTIONAL
}
CRLListID ::= SEQUENCE {
crls SEQUENCE OF CrlValidatedID }
CrlOcspRef ::= SEQUENCE {
crlids [0] CRLListID OPTIONAL,
ocspids [1] OcspListID OPTIONAL,
otherRev [2] OtherRevRefs OPTIONAL
}
CrlSeries ::= Uint16
GenMsg: {id-it TBD1}, SEQUENCE SIZE (1..MAX) OF CRLStatus
GenRep: {id-it TBD2}, SEQUENCE SIZE (1..MAX) OF
CertificateList | < absent >
CRLStatus ::= SEQUENCE {
source CRLSource,
thisUpdate Time OPTIONAL }
CrlValidatedID ::= SEQUENCE {
crlHash OtherHash,
crlIdentifier CrlIdentifier OPTIONAL }
Implementation of the CryptoInfos element defined in RFC 4998:
The CscaMasterList object.
CsrAttrs ::= SEQUENCE SIZE (0..MAX) OF AttrOrOID
CtlCommand ::= CHOICE {
add CtlEntry,
delete CtlDelete,
...
CtlDelete ::= CHOICE {
cert HashedId8,
dc DcDelete,
...
CtlEntry ::= CHOICE {
rca RootCaEntry,
ea EaEntry,
aa AaEntry,
dc DcEntry,
tlm TlmEntry,
...
CtlFormat ::= SEQUENCE {
version Version,
nextUpdate Time32,
isFullCtl BOOLEAN,
ctlSequence INTEGER (0..255),
ctlCommands SEQUENCE OF CtlCommand,
...
an iso7816Certificate structure.
Data ::= CHOICE {
message OCTET STRING ,
messageImprint DigestInfo,
certs [0] SEQUENCE SIZE (1..MAX) OF
TargetEtcChain
}
The DataGroupHash object.
DcEntry ::= SEQUENCE {
url Url,
cert SEQUENCE OF HashedId8
}
A declaration of majority.
id-cmc-decryptedPOP OBJECT IDENTIFIER ::= {id-cmc 10}
DecryptedPOP ::= SEQUENCE {
bodyPartID BodyPartID,
thePOPAlgID AlgorithmIdentifier,
thePOP OCTET STRING
}
DeltaCtl::= CtlFormat (WITH COMPONENTS {...,
isFullCtl(FALSE)
})
DHBMParameter ::= SEQUENCE {
owf AlgorithmIdentifier,
-- AlgId for a One-Way Function (SHA-1 recommended)
mac AlgorithmIdentifier
-- the MAC AlgId (e.g., DES-MAC, Triple-DES-MAC [PKCS11],
} -- or HMAC [RFC2104, RFC2202])
From RFC 2875 for Diffie-Hellman POP.
RFC 5652 DigestedData object.
Duration ::= CHOICE {
microseconds Uint16,
milliseconds Uint16,
seconds Uint16,
minutes Uint16,
hours Uint16,
sixtyHours Uint16,
years Uint16
}
Duration ::= CHOICE {
microseconds Uint16,
milliseconds Uint16,
seconds Uint16,
minutes Uint16,
hours Uint16,
sixtyHours Uint16,
years Uint16
}
DVCSCertInfo::= SEQUENCE {
version Integer DEFAULT 1 ,
dvReqInfo DVCSRequestInformation,
messageImprint DigestInfo,
serialNumber Integer,
responseTime DVCSTime,
dvStatus [0] PKIStatusInfo OPTIONAL,
policy [1] PolicyInformation OPTIONAL,
reqSignature [2] SignerInfos OPTIONAL,
certs [3] SEQUENCE SIZE (1..MAX) OF
TargetEtcChain OPTIONAL,
extensions Extensions OPTIONAL
}
DVCSCertInfo::= SEQUENCE {
version Integer DEFAULT 1 ,
dvReqInfo DVCSRequestInformation,
messageImprint DigestInfo,
serialNumber Integer,
responseTime DVCSTime,
dvStatus [0] PKIStatusInfo OPTIONAL,
policy [1] PolicyInformation OPTIONAL,
reqSignature [2] SignerInfos OPTIONAL,
certs [3] SEQUENCE SIZE (1..MAX) OF
TargetEtcChain OPTIONAL,
extensions Extensions OPTIONAL
}
DVCSErrorNotice ::= SEQUENCE {
transactionStatus PKIStatusInfo ,
transactionIdentifier GeneralName OPTIONAL
}
OIDs for RFC 3029
Data Validation and Certification Server Protocols
DVCSRequest ::= SEQUENCE {
requestInformation DVCSRequestInformation,
data Data,
transactionIdentifier GeneralName OPTIONAL
}
DVCSRequestInformation ::= SEQUENCE {
version INTEGER DEFAULT 1 ,
service ServiceType,
nonce Nonce OPTIONAL,
requestTime DVCSTime OPTIONAL,
requester [0] GeneralNames OPTIONAL,
requestPolicy [1] PolicyInformation OPTIONAL,
dvcs [2] GeneralNames OPTIONAL,
dataLocations [3] GeneralNames OPTIONAL,
extensions [4] IMPLICIT Extensions OPTIONAL
}
DVCSRequestInformation ::= SEQUENCE {
version INTEGER DEFAULT 1 ,
service ServiceType,
nonce Nonce OPTIONAL,
requestTime DVCSTime OPTIONAL,
requester [0] GeneralNames OPTIONAL,
requestPolicy [1] PolicyInformation OPTIONAL,
dvcs [2] GeneralNames OPTIONAL,
dataLocations [3] GeneralNames OPTIONAL,
extensions [4] IMPLICIT Extensions OPTIONAL
}
DVCSResponse ::= CHOICE
{
dvCertInfo DVCSCertInfo ,
dvErrorNote [0] DVCSErrorNotice
}
DVCSTime ::= CHOICE {
genTime GeneralizedTime,
timeStampToken ContentInfo
}
German Federal Office for Information Security
(Bundesamt für Sicherheit in der Informationstechnik)
http://www.bsi.bund.de/
EaEntry ::= SEQUENCE {
eaCertificate EtsiTs103097Certificate,
aaAccessPoint Url,
itsAccessPoint Url OPTIONAL
}
ECC-CMS-SharedInfo ::= SEQUENCE {
keyInfo AlgorithmIdentifier,
entityUInfo [0] EXPLICIT OCTET STRING OPTIONAL,
suppPubInfo [2] EXPLICIT OCTET STRING }
Common interface for ITS curve points.
EccP256CurvePoint ::= CHOICE {
x-only OCTET STRING (SIZE (32)),
fill NULL,
compressed-y-0 OCTET STRING (SIZE (32)),
compressed-y-1 OCTET STRING (SIZE (32)),
uncompressedP256 SEQUENCE {
x OCTET STRING (SIZE (32)),
y OCTET STRING (SIZE (32))
}
}
EccP384CurvePoint ::= CHOICE {
x-only OCTET STRING (SIZE (48)),
fill NULL,
compressed-y-0 OCTET STRING (SIZE (48)),
compressed-y-1 OCTET STRING (SIZE (48)),
uncompressedP384 SEQUENCE {
x OCTET STRING (SIZE (48)),
y OCTET STRING (SIZE (48))
}
}
EcdsaP256Signature ::= SEQUENCE {
rSig EccP256CurvePoint,
sSig OCTET STRING (SIZE (32))
}
EcdsaP384Signature ::= SEQUENCE {
rSig EccP384CurvePoint,
sSig OCTET STRING (SIZE (48))
}
an Iso7816ECDSAPublicKeyStructure structure.
EciesP256EncryptedKey ::= SEQUENCE {
v EccP256CurvePoint,
c OCTET STRING (SIZE (16)),
t OCTET STRING (SIZE (16))
}
EcSignature::= CHOICE {
encryptedEcSignature EtsiTs103097Data-Encrypted{EtsiTs103097Data-SignedExternalPayload},
ecSignature EtsiTs103097Data-SignedExternalPayload
}
EeEcaCertRequest ::= SEQUENCE {
version Uint8 (2),
generationTime Time32,
type CertificateType,
tbsCert ToBeSignedCertificate (WITH COMPONENTS {
...,
id (WITH COMPONENTS {
...,
linkageData ABSENT
}),
cracaId ('000000'H),
crlSeries (0),
appPermissions ABSENT,
certIssuePermissions ABSENT,
certRequestPermissions PRESENT,
verifyKeyIndicator (WITH COMPONENTS {
verificationKey
})
}),
canonicalId IA5String OPTIONAL,
...
EeRaCertRequest ::= SEQUENCE {
version Uint8 (2),
generationTime Time32,
type CertificateType,
tbsCert ToBeSignedCertificate (WITH COMPONENTS {
...,
cracaId ('000000'H),
crlSeries (0),
appPermissions PRESENT,
certIssuePermissions ABSENT,
certRequestPermissions ABSENT,
verifyKeyIndicator (WITH COMPONENTS {
verificationKey
})
}),
additionalParams AdditionalParams OPTIONAL,
...
OER Element is the result of building the OER definition.
Element suppliers allow us to defer the finalisation of a definition until
the point at which it is used.
Elevation ::= Uint16
RFC 5652 EncryptedContentInfo object.
Parser for RFC 5652 EncryptedContentInfo object.
RFC 5652 EncryptedData object.
EncryptedData ::= SEQUENCE {
recipients SequenceOfRecipientInfo,
ciphertext SymmetricCiphertext
}
EncryptedData ::= SEQUENCE {
recipients SequenceOfRecipientInfo,
ciphertext SymmetricCiphertext
}
EncryptedDataEncryptionKey ::= CHOICE {
eciesNistP256 EciesP256EncryptedKey,
eciesBrainpoolP256r1 EciesP256EncryptedKey,
...
id-cmc-encryptedPOP OBJECT IDENTIFIER ::= {id-cmc 9}
EncryptedPOP ::= SEQUENCE {
request TaggedRequest,
cms ContentInfo,
thePOPAlgID AlgorithmIdentifier,
witnessAlgID AlgorithmIdentifier,
witness OCTET STRING
}
Implementation of the EncryptionInfo element defined in RFC 4998:
EncryptionKey ::= CHOICE {
public PublicEncryptionKey,
symmetric SymmetricEncryptionKey
}
EndEntityType ::= BIT STRING { app(0), enrol(1) } (SIZE (8)) (ALL EXCEPT ())
EndEntityType ::= BIT STRING { app(0), enrol(1) } (SIZE (8)) (ALL EXCEPT ())
RFC 5652 EnvelopedData object.
Parser of RFC 5652
EnvelopedData object.Ieee1609Dot2HeaderInfoContributedExtensions
IEEE1609DOT2-HEADERINFO-CONTRIBUTED-EXTENSION ::= {
{EtsiOriginatingHeaderInfoExtension IDENTIFIED BY etsiHeaderInfoContributorId},
...
EtsiTs102941CrlRequest::= SEQUENCE {
issuerId HashedId8,
lastKnownUpdate Time32 OPTIONAL
}
EtsiTs102941CtlRequest::= SEQUENCE {
issuerId HashedId8,
lastKnownCtlSequence INTEGER (0..255) OPTIONAL
}
EtsiTs102941Data::= SEQUENCE {
version Version (v1),
content EtsiTs102941DataContent
}
EtsiTs102941DataContent ::= CHOICE {
enrolmentRequest InnerEcRequestSignedForPop,
enrolmentResponse InnerEcResponse,
authorizationRequest InnerAtRequest,
authorizationResponse InnerAtResponse,
certificateRevocationList ToBeSignedCrl,
EtsiTs102941DeltaCtlRequest::= EtsiTs102941CtlRequest
and
EtsiTs102941CtlRequest::= SEQUENCE {
issuerId HashedId8,
lastKnownCtlSequence INTEGER (0..255) OPTIONAL
}
EtsiTs103097Data::=Ieee1609Dot2Data (WITH COMPONENTS {...,
content (WITH COMPONENTS {...,
signedData (WITH COMPONENTS {..., -- constraints on signed data headers
tbsData (WITH COMPONENTS {
headerInfo (WITH COMPONENTS {...,
generationTime PRESENT,
p2pcdLearningRequest ABSENT,
missingCrlIdentifier ABSENT
})
}),
signer (WITH COMPONENTS {..., --constraints on the certificate
certificate ((WITH COMPONENT (EtsiTs103097Certificate))^(SIZE(1)))
})
}),
encryptedData (WITH COMPONENTS {..., -- constraints on encrypted data headers
recipients (WITH COMPONENT (
(WITH COMPONENTS {...,
pskRecipInfo ABSENT,
symmRecipInfo ABSENT,
rekRecipInfo ABSENT
})
))
}),
signedCertificateRequest ABSENT
})
})
EtsiTs103097Data-Signed {ToBeSignedDataContent} ::= EtsiTs103097Data (WITH COMPONENTS {...,
content (WITH COMPONENTS {
signedData (WITH COMPONENTS {...,
tbsData (WITH COMPONENTS {
payload (WITH COMPONENTS {
data (WITH COMPONENTS {...,
content (WITH COMPONENTS {
unsecuredData (CONTAINING ToBeSignedDataContent)
})
}) PRESENT
})
})
})
})
})
EtsiTs103097Data-Signed {ToBeSignedDataContent} ::= EtsiTs103097Data (WITH COMPONENTS {...,
content (WITH COMPONENTS {
signedData (WITH COMPONENTS {...,
tbsData (WITH COMPONENTS {
payload (WITH COMPONENTS {
data (WITH COMPONENTS {...,
content (WITH COMPONENTS {
unsecuredData (CONTAINING ToBeSignedDataContent)
})
}) PRESENT
})
})
})
})
})
EtsiTs103097ExtensionModule
{itu-t(0) identified-organization(4) etsi(0) itsDomain(5) wg5(5) secHeaders(103097) extension(2) version1(1)}
EtsiTs103097Module
{itu-t(0) identified-organization(4) etsi(0) itsDomain(5) wg5(5) secHeaders(103097) core(1) version2(2)}
RFC 5544:
Binding Documents with Time-Stamps; Evidence object.
RFC 4998:
Evidence Record Syntax (ERS)
ExplicitCertificate ::= CertificateBase (WITH COMPONENTS {...,
type(explicit),
toBeSigned(WITH COMPONENTS {...,
verifyKeyIndicator(WITH COMPONENTS {verificationKey})
}),
signature PRESENT
})
ExtendedFailInfo ::= SEQUENCE {
failInfoOID OBJECT IDENTIFIER,
failInfoValue ANY DEFINED BY failInfoOID
}
Extension {EXT-TYPE : ExtensionTypes} ::= SEQUENCE {
id EXT-TYPE.&extId({ExtensionTypes}),
content EXT-TYPE.&ExtContent({ExtensionTypes}{@.id})
}
ExtensionReq ::= SEQUENCE SIZE (1..MAX) OF Extension
ExtId ::= INTEGER(0..255)
RFC 5084: GCMParameters object.
RFC 5990 GenericHybridParameters class.
GeographicRegion ::= CHOICE {
circularRegion CircularRegion,
rectangularRegion SequenceOfRectangularRegion,
polygonalRegion PolygonalRegion,
identifiedRegion SequenceOfIdentifiedRegion,
...
GeographicRegion ::= CHOICE {
circularRegion CircularRegion,
rectangularRegion SequenceOfRectangularRegion,
polygonalRegion PolygonalRegion,
identifiedRegion SequenceOfIdentifiedRegion,
...
id-cmc-getCert OBJECT IDENTIFIER ::= {id-cmc 15}
GetCert ::= SEQUENCE {
issuerName GeneralName,
serialNumber INTEGER }
id-cmc-getCRL OBJECT IDENTIFIER ::= {id-cmc 16}
GetCRL ::= SEQUENCE {
issuerName Name,
cRLName GeneralName OPTIONAL,
time GeneralizedTime OPTIONAL,
reasons ReasonFlags OPTIONAL }
GroupLinkageValue ::= SEQUENCE {
jValue OCTET STRING (SIZE(4))
value OCTET STRING (SIZE(9))
}
GroupLinkageValue ::= SEQUENCE {
jValue OCTET STRING (SIZE(4))
value OCTET STRING (SIZE(9))
}
CertificateType ::= ENUMERATED {
explicit,
implicit,
...
HashAlgorithm ::= ENUMERATED {
sha256,
...,
sha384
}
HashedData ::= CHOICE {
sha256HashedData OCTET STRING (SIZE(32))
}
HashedData::= CHOICE {
sha256HashedData OCTET STRING (SIZE(32)),
...,
sha384HashedData OCTET STRING (SIZE(48)),
reserved OCTET STRING (SIZE(32))
}
HeaderInfo ::= SEQUENCE {
psid Psid,
generationTime Time64 OPTIONAL,
expiryTime Time64 OPTIONAL,
generationLocation ThreeDLocation OPTIONAL,
p2pcdLearningRequest HashedId3 OPTIONAL,
missingCrlIdentifier MissingCrlIdentifier OPTIONAL,
...,
inlineP2pcdRequest SequenceOfHashedId3 OPTIONAL,
requestedCertificate Certificate OPTIONAL
}
HeaderInfo ::= SEQUENCE {
psid Psid,
generationTime Time64 OPTIONAL,
expiryTime Time64 OPTIONAL,
generationLocation ThreeDLocation OPTIONAL,
p2pcdLearningRequest HashedId3 OPTIONAL,
missingCrlIdentifier MissingCrlIdentifier OPTIONAL,
encryptionKey EncryptionKey OPTIONAL,
...,
inlineP2pcdRequest SequenceOfHashedId3 OPTIONAL,
requestedCertificate Certificate OPTIONAL,
pduFunctionalType PduFunctionalType OPTIONAL,
contributedExtensions ContributedExtensionBlocks OPTIONAL
}
HeaderInfoContributorId ::= INTEGER (0..255)
etsiHeaderInfoContributorId HeaderInfoContributorId ::= 2
Hostname ::= UTF8String (SIZE(0..255))
{ ISOITU(2) intorgs(23) icao(136) }
IdentifiedRegion ::= CHOICE {
countryOnly CountryOnly,
countryAndRegions CountryAndRegions,
countryAndSubregions CountryAndSubregions,
...
id-cmc-identityProofV2 OBJECT IDENTIFIER ::= { id-cmc 34 }
identityProofV2 ::= SEQUENCE {
proofAlgID AlgorithmIdentifier,
macAlgId AlgorithmIdentifier,
witness OCTET STRING
}
OER forward definition builders for OER encoded data.
Ieee1609Dot2Content ::= CHOICE {
unsecuredData Opaque,
signedData SignedData,
encryptedData EncryptedData,
signedCertificateRequest Opaque,
...
Ieee1609Dot2Content ::= CHOICE {
unsecuredData Opaque,
signedData SignedData,
encryptedData EncryptedData,
signedCertificateRequest Opaque,
...
Ieee1609Dot2Data ::= SEQUENCE {
protocolVersion Uint8(3),
content Ieee1609Dot2Content
}
Ieee1609Dot2Data ::= SEQUENCE {
protocolVersion Uint8(3),
content Ieee1609Dot2Content
}
ImplicitCertificate ::= CertificateBase (WITH COMPONENTS {...,
type(implicit),
toBeSigned(WITH COMPONENTS {...,
verifyKeyIndicator(WITH COMPONENTS {reconstructionValue})
}),
signature ABSENT
})
Example InfoTypeAndValue contents include, but are not limited
to, the following (un-comment in this ASN.1 module and use as
appropriate for a given environment):
InnerAtRequest ::= SEQUENCE {
publicKeys PublicKeys,
hmacKey OCTET STRING (SIZE(32)),
sharedAtRequest SharedAtRequest,
ecSignature EcSignature,
...
InnerAtResponse ::= SEQUENCE {
requestHash OCTET STRING (SIZE(16)),
responseCode AuthorizationResponseCode,
certificate EtsiTs103097Certificate OPTIONAL,
...
InnerEcRequest ::= SEQUENCE {
itsId OCTET STRING,
certificateFormat CertificateFormat,
publicKeys PublicKeys,
requestedSubjectAttributes CertificateSubjectAttributes (WITH COMPONENTS{..., certIssuePermissions ABSENT}),
...
InnerEcResponse ::= SEQUENCE {
requestHash OCTET STRING (SIZE(16)),
responseCode EnrolmentResponseCode,
certificate EtsiTs103097Certificate OPTIONAL,
...
ISISMT -- Industrial Signature Interoperability Specification
RFC 5652: IssuerAndSerialNumber object.
IssuerIdentifier ::= CHOICE {
sha256AndDigest HashedId8,
self HashAlgorithm,
...,
sha384AndDigest HashedId8
}
IssuerIdentifier ::= CHOICE {
sha256AndDigest HashedId8,
self HashAlgorithm,
...,
sha384AndDigest HashedId8
}
Uint16 ::= INTEGER (0..65535)
IValue ::= Uint16
IValue ::= Uint16
RFC 5652:
Content encryption key delivery mechanisms.
RFC 5652:
Content encryption key delivery mechanisms.
KemBMParameter ::= SEQUENCE {
kdf AlgorithmIdentifier{KEY-DERIVATION, {...}},
len INTEGER (1..MAX),
mac AlgorithmIdentifier{MAC-ALGORITHM, {...}}
}
KemCiphertextInfo ::= SEQUENCE {
kem AlgorithmIdentifier{KEM-ALGORITHM, {...}},
ct OCTET STRING
}
Defined in RFC 9629.
RFC 5652:
Content encryption key delivery mechanisms.
RFC 5652:
Content encryption key delivery mechanisms.
RFC 5652:
Content encryption key delivery mechanisms.
KnownLatitude ::= NinetyDegreeInt (min..max)
LaId ::= OCTET STRING (SIZE(2))
Latitude ::= NinetyDegreeInt
NinetyDegreeInt ::= INTEGER {
min (-900000000),
max (900000000),
unknown (900000001)
}
Latitude ::= NinetyDegreeInt
The LDSSecurityObject object (V1.8).
LinkageData ::= SEQUENCE {
iCert IValue,
linkage-value LinkageValue,
group-linkage-value GroupLinkageValue OPTIONAL
}
LinkageData ::= SEQUENCE {
iCert IValue,
linkage-value LinkageValue,
group-linkage-value GroupLinkageValue OPTIONAL
}
LinkageSeed ::= OCTET STRING (SIZE(16))
LinkageValue ::= OCTET STRING (SIZE(9))
LinkageValue ::= OCTET STRING (SIZE(9))
Latitude ::= OneEightyDegreeInt
NinetyDegreeInt ::= INTEGER {
min (-17999999999),
max (1800000000),
unknown (1800000001)
}
Latitude ::= OneEightyDegreeInt
OneEightyDegreeInt ::= INTEGER {
min (-1799999999),
max (1800000000),
unknown (1800000001)
} (-1799999999..1800000001)
id-cmc-lraPOPWitness OBJECT IDENTIFIER ::= {id-cmc 11}
LraPopWitness ::= SEQUENCE {
pkiDataBodyid BodyPartID,
bodyIds SEQUENCE OF BodyPartID
}
RFC 5544:
Binding Documents with Time-Stamps; MetaData object.
MissingCrlIdentifier ::= SEQUENCE {
cracaId HashedId3,
crlSeries CrlSeries,
...
id-cmc-modCertTemplate OBJECT IDENTIFIER ::= {id-cmc 31}
ModCertTemplate ::= SEQUENCE {
pkiDataReference BodyPartPath,
certReferences BodyPartList,
replace BOOLEAN DEFAULT TRUE,
certTemplate CertTemplate
}
Monetary limit for transactions.
RFC 5753/3278: MQVuserKeyingMaterial object.
Names of authorities which are responsible for the administration of title
registers.
NestedMessageContent ::= PKIMessages
NinetyDegreeInt ::= INTEGER {
min (-900000000),
max (900000000),
unknown (900000001)
}
OcspIdentifier ::= SEQUENCE {
ocspResponderID ResponderID, -- As in OCSP response data
producedAt GeneralizedTime -- As in OCSP response data
}
OcspListID ::= SEQUENCE {
ocspResponses SEQUENCE OF OcspResponsesID
}
OcspResponsesID ::= SEQUENCE {
ocspIdentifier OcspIdentifier,
ocspRepHash OtherHash OPTIONAL
}
OER sequence decoder, decodes prefix and determines which optional
parts are available.
A placeholder object that represents an absent item.
NinetyDegreeInt ::= INTEGER {
min (-900000000),
max (900000000),
unknown (900000001)
}
OOBCert ::= CMPCertificate
RFC 5652:
Content encryption key delivery mechanisms.
RFC 5652: OriginatorInfo object.
RFC 5652:
Content encryption key delivery mechanisms.
OtherHash ::= CHOICE {
sha1Hash OtherHashValue, -- This contains a SHA-1 hash
otherHash OtherHashAlgAndValue
}
RFC 5652: OtherKeyAttribute object.
OtherMsg ::= SEQUENCE {
bodyPartID BodyPartID,
otherMsgType OBJECT IDENTIFIER,
otherMsgValue ANY DEFINED BY otherMsgType }
RFC 5652:
Content encryption key delivery mechanisms.
RFC 5652: OtherRevocationInfoFormat object.
OtherRevRefs ::= SEQUENCE {
otherRevRefType OtherRevRefType,
otherRevRefs ANY DEFINED BY otherRevRefType
}
OtherRevRefType ::= OBJECT IDENTIFIER
OtherRevVals ::= SEQUENCE {
otherRevValType OtherRevValType,
otherRevVals ANY DEFINED BY OtherRevValType
}
OtherRevValType ::= OBJECT IDENTIFIER
Other info implements the choice component of CMCStatusInfoV2.
EAC encoding date object
Implementation of PartialHashtree, as defined in RFC 4998.
RFC 5652:
Content encryption key delivery mechanisms.
PathProcInput ::= SEQUENCE {
acceptablePolicySet SEQUENCE SIZE (1..MAX) OF
PolicyInformation,
inhibitPolicyMapping BOOLEAN DEFAULT FALSE,
explicitPolicyReqd [0] BOOLEAN DEFAULT FALSE ,
inhibitAnyPolicy [1] BOOLEAN DEFAULT FALSE
}
PduFunctionalType ::= INTEGER (0..255)
tlsHandshake PduFunctionalType ::= 1
iso21177ExtendedAuth PduFunctionalType ::= 2
PendInfo ::= SEQUENCE {
pendToken OCTET STRING,
pendTime GeneralizedTime
}
PKIData ::= SEQUENCE {
controlSequence SEQUENCE SIZE(0..MAX) OF TaggedAttribute,
reqSequence SEQUENCE SIZE(0..MAX) OF TaggedRequest,
cmsSequence SEQUENCE SIZE(0..MAX) OF TaggedContentInfo,
otherMsgSequence SEQUENCE SIZE(0..MAX) OF OtherMsg
}
PKIFailureInfo ::= BIT STRING {
badAlg (0),
-- unrecognized or unsupported Algorithm Identifier
badMessageCheck (1), -- integrity check failed (e.g., signature did not verify)
badRequest (2),
-- transaction not permitted or supported
badTime (3), -- messageTime was not sufficiently close to the system time, as defined by local policy
badCertId (4), -- no certificate could be found matching the provided criteria
badDataFormat (5),
-- the data submitted has the wrong format
wrongAuthority (6), -- the authority indicated in the request is different from the one creating the response token
incorrectData (7), -- the requester's data is incorrect (for notary services)
missingTimeStamp (8), -- when the timestamp is missing but should be there (by policy)
badPOP (9) -- the proof-of-possession failed
certRevoked (10),
certConfirmed (11),
wrongIntegrity (12),
badRecipientNonce (13),
timeNotAvailable (14),
-- the TSA's time source is not available
unacceptedPolicy (15),
-- the requested TSA policy is not supported by the TSA
unacceptedExtension (16),
-- the requested extension is not supported by the TSA
addInfoNotAvailable (17)
-- the additional information requested could not be understood
-- or is not available
badSenderNonce (18),
badCertTemplate (19),
signerNotTrusted (20),
transactionIdInUse (21),
unsupportedVersion (22),
notAuthorized (23),
systemUnavail (24),
systemFailure (25),
-- the request cannot be handled due to system failure
duplicateCertReq (26)
PKIMessages ::= SEQUENCE SIZE (1..MAX) OF PKIMessage
PKIPublicationInfo ::= SEQUENCE {
action INTEGER {
dontPublish (0),
pleasePublish (1) },
pubInfos SEQUENCE SIZE (1..MAX) OF SinglePubInfo OPTIONAL }
-- pubInfos MUST NOT be present if action is "dontPublish"
-- (if action is "pleasePublish" and pubInfos is omitted,
-- "dontCare" is assumed)
-- This defines the response message in the protocol
id-cct-PKIResponse OBJECT IDENTIFIER ::= { id-cct 3 }
ResponseBody ::= PKIResponse
PKIResponse ::= SEQUENCE {
controlSequence SEQUENCE SIZE(0..MAX) OF TaggedAttribute,
cmsSequence SEQUENCE SIZE(0..MAX) OF TaggedContentInfo,
otherMsgSequence SEQUENCE SIZE(0..MAX) OF OtherMsg
}
PKIStatusInfo ::= SEQUENCE {
status PKIStatus,
statusString PKIFreeText OPTIONAL,
failInfo PKIFailureInfo OPTIONAL
}
Password-based MAC value for use with POPOSigningKeyInput.
PKRecipientInfo ::= SEQUENCE {
recipientId HashedId8,
encKey EncryptedDataEncryptionKey
}
PKRecipientInfo ::= SEQUENCE {
recipientId HashedId8,
encKey EncryptedDataEncryptionKey
}
SEQUENCE SIZE(3..MAX) OF TwoDLocation
SEQUENCE SIZE(3..MAX) OF TwoDLocation
id-cmc-popLinkWitnessV2 OBJECT IDENTIFIER ::= { id-cmc 33 }
PopLinkWitnessV2 ::= SEQUENCE {
keyGenAlgorithm AlgorithmIdentifier,
macAlgorithm AlgorithmIdentifier,
witness OCTET STRING
}
PreSharedKeyRecipientInfo ::= HashedId8
Attribute to indicate that the certificate holder may sign in the name of a
third person.
Professions, specializations, disciplines, fields of activity, etc.
ProtectedPart ::= SEQUENCE {
header PKIHeader,
body PKIBody
}
Psid ::= INTEGER (0..MAX)
PsidGroupPermissions ::= SEQUENCE {
subjectPermissions SubjectPermissions,
minChainLength INTEGER DEFAULT 1,
chainLengthRange INTEGER DEFAULT 0,
eeType EndEntityType DEFAULT (app)
}
PsidGroupPermissions ::= SEQUENCE {
subjectPermissions SubjectPermissions,
minChainLength INTEGER DEFAULT 1,
chainLengthRange INTEGER DEFAULT 0,
eeType EndEntityType DEFAULT (app)
}
PsidSsp ::= SEQUENCE {
psid Psid,
ssp ServiceSpecificPermissions OPTIONAL
}
PsidSspRange ::= SEQUENCE {
psid Psid,
sspRange SspRange OPTIONAL
}
PsidSspRange ::= SEQUENCE {
psid Psid,
sspRange SspRange OPTIONAL
}
PublicEncryptionKey ::= SEQUENCE {
supportedSymmAlg SymmAlgorithm,
publicKey BasePublicEncryptionKey
}
PublicKeys ::= SEQUENCE {
verificationKey PublicVerificationKey,
encryptionKey PublicEncryptionKey OPTIONAL
}
PublicVerificationKey ::= CHOICE {
ecdsaNistP256 EccP256CurvePoint,
ecdsaBrainpoolP256r1 EccP256CurvePoint,
...,
ecdsaBrainpoolP384r1 EccP384CurvePoint
}
PublishTrustAnchors ::= SEQUENCE {
seqNumber INTEGER,
hashAlgorithm AlgorithmIdentifier,
anchorHashes SEQUENCE OF OCTET STRING
}
RFC 5652:
Content encryption key delivery mechanisms.
RFC 5652:
Content encryption key delivery mechanisms.
RFC 5652:
Content encryption key delivery mechanisms.
RecipientInfo ::= CHOICE {
pskRecipInfo PreSharedKeyReicpientInfo,
symmRecipInfo SymmRecipientInfo,
certRecipInfo PKRecipientInfo,
signedDataRecipInfo PKRecipientInfo,
rekRecipInfo PKRecipientInfo
}
RecipientInfo ::= CHOICE {
pskRecipInfo PreSharedKeyRecipientInfo,
symmRecipInfo SymmRecipientInfo,
certRecipInfo PKRecipientInfo,
signedDataRecipInfo PKRecipientInfo,
rekRecipInfo PKRecipientInfo
}
RFC 5652:
Content encryption key delivery mechanisms.
RectangularRegion ::= SEQUENCE {
northWest TwoDLocation,
southEast TwoDLocation
}
RectangularRegion ::= SEQUENCE {
northWest TwoDLocation,
southEast TwoDLocation
}
RegionAndSubregions ::= SEQUENCE {
region Uint8,
subregions SequenceOfUint16
}
Marker for Geographic Region types.
ISIS-MTT-Optional: The certificate requested by the client by inserting the
RetrieveIfAllowed extension in the request, will be returned in this
extension.
Some other restriction regarding the usage of this certificate.
RevocationValues ::= SEQUENCE {
crlVals [0] SEQUENCE OF CertificateList OPTIONAL,
ocspVals [1] SEQUENCE OF BasicOCSPResponse OPTIONAL,
otherRevVals [2] OtherRevVals OPTIONAL}
RevokeRequest ::= SEQUENCE {
issuerName Name,
serialNumber INTEGER,
reason CRLReason,
invalidityDate GeneralizedTime OPTIONAL,
passphrase OCTET STRING OPTIONAL,
comment UTF8String OPTIONAL }
RootCaEntry ::= SEQUENCE {
selfsignedRootCa EtsiTs103097Certificate,
successorTo EtsiTs103097Certificate OPTIONAL
}
GenMsg: {id-it 20}, RootCaCertValue | < absent >
GenRep: {id-it 18}, RootCaKeyUpdateContent | < absent >
RFC 5990 RSA KEM parameters class.
an Iso7816RSAPublicKeyStructure structure.
RFC 5940:
Additional Cryptographic Message Syntax (CMS) Revocation Information Choices.
SequenceOfCertificate ::= SEQUENCE OF Certificate
SequenceOfCertificate ::= SEQUENCE OF Certificate
SequenceOfIdentifiedRegion ::= SEQUENCE OF IdentifiedRegion
SequenceOfOctetString ::= SEQUENCE (SIZE(0..MAX)) OF OCTET STRING (SIZE(0..MAX))
SequenceOfOctetString ::= SEQUENCE (SIZE(0..MAX)) OF OCTET STRING (SIZE(0..MAX))
SequenceOfPsid ::= SEQUENCE OF Psid
SEQUENCE OF PsidGroupPermissions
SEQUENCE OF PsidGroupPermissions
SequenceOfPsidSsp ::= SEQUENCE OF PsidSsp
SequenceOfRecipientInfo ::= SEQUENCE OF RecipientInfo
SequenceOfRecipientInfo ::= SEQUENCE OF RecipientInfo
SequenceOfRectangularRegion ::= SEQUENCE OF RectangularRegion
SequenceOfRectangularRegion ::= SEQUENCE OF RectangularRegion
SequenceOfRectangularRegion ::= SEQUENCE OF RectangularRegion
SequenceOfUint16 ::= SEQUENCE OF Uint16
SequenceOfUint8 ::= SEQUENCE OF Uint8
ServiceSpecificPermissions ::= CHOICE {
opaque OCTET STRING (SIZE(0..MAX)),
...,
bitmapSsp BitmapSsp
}
ServiceType ::= ENUMERATED { cpd(1), vsd(2), cpkc(3), ccpd(4) }
SharedAtRequest ::= SEQUENCE {
eaId HashedId8,
keyTag OCTET STRING (SIZE(16)),
certificateFormat CertificateFormat,
requestedSubjectAttributes CertificateSubjectAttributes (WITH COMPONENTS{..., certIssuePermissions ABSENT}),
...
Signature ::= CHOICE {
ecdsaNistP256Signature EcdsaP256Signature,
ecdsaBrainpoolP256r1Signature EcdsaP256Signature,
...
Signature ::= CHOICE {
ecdsaNistP256Signature EcdsaP256Signature,
ecdsaBrainpoolP256r1Signature EcdsaP256Signature,
...
SignedData ::= SEQUENCE {
hashId HashAlgorithm,
tbsData ToBeSignedData,
signer SignerIdentifier,
signature Signature
}
SignedData ::= SEQUENCE {
hashId HashAlgorithm,
tbsData ToBeSignedData,
signer SignerIdentifier,
signature Signature
}
Parser for RFC 5652:
SignedData object.
SignedDataPayload ::= SEQUENCE {
data Ieee1609Dot2Data OPTIONAL,
extDataHash HashedData OPTIONAL,
...
SignedDataPayload ::= SEQUENCE {
data Ieee1609Dot2Data OPTIONAL,
extDataHash HashedData OPTIONAL,
...
RFC 5652:
Identify who signed the containing
SignerInfo object.
SignerIdentifier ::= CHOICE {
digest HashedId8,
certificate SequenceOfCertificate,
self NULL,
...
SignerIdentifier
This structure allows the recipient of data to determine which
keying material to use to authenticate the data.
RFC 5652:
Signature container per Signer, see
SignerIdentifier.Signer-Location attribute (RFC3126).
SinglePubInfo ::= SEQUENCE {
pubMethod INTEGER {
dontCare (0),
x500 (1),
web (2),
ldap (3) },
pubLocation GeneralName OPTIONAL }
Handler class for dealing with S/MIME Capabilities
Handler for creating a vector S/MIME Capabilities
The SMIMEEncryptionKeyPreference object.
SspRange ::= CHOICE {
opaque SequenceOfOctetString,
all NULL,
...
SspRange ::= CHOICE {
opaque SequenceOfOctetString,
all NULL,
...
SubjectAssurance ::= OCTET STRING (SIZE(1))
SubjectPermissions ::= CHOICE {
explicit SequenceOfPsidSspRange,
all NULL,
...
SubjectPermissions ::= CHOICE {
explicit SequenceOfPsidSspRange,
all NULL,
...
A switch is intended to examine the state of the OER decoding stream
and return an oer definition to based on that state.
SymmAlgorithm ::= ENUMERATED {
aes128Ccm,
...
SymmetricCiphertext ::= CHOICE {
aes128ccm AesCcmCiphertext,
...
SymmetricEncryptionKey ::= CHOICE {
aes128Ccm OCTET STRING(SIZE(16)),
...
SymmRecipientInfo ::= SEQUENCE {
recipientId HashedId8,
encKey SymmetricCiphertext
}
SymmRecipientInfo ::= SEQUENCE {
recipientId HashedId8,
encKey SymmetricCiphertext
}
TaggedAttribute from RFC5272
TaggedCertificationRequest ::= SEQUENCE {
bodyPartID BodyPartID,
certificationRequest CertificationRequest
}
TaggedContentInfo ::= SEQUENCE {
bodyPartID BodyPartID,
contentInfo ContentInfo
}
TaggedRequest ::= CHOICE {
tcr [0] TaggedCertificationRequest,
crm [1] CertReqMsg,
orm [2] SEQUENCE {
bodyPartID BodyPartID,
requestMessageType OBJECT IDENTIFIER,
requestMessageValue ANY DEFINED BY requestMessageType
}
}
TargetEtcChain ::= SEQUENCE {
target CertEtcToken,
chain SEQUENCE SIZE (1..MAX) OF
CertEtcToken OPTIONAL,
pathProcInput [0] PathProcInput OPTIONAL
}
ThreeDLocation ::= SEQUENCE {
latitude Latitude,
longitude Longitude,
elevation Elevation
}
RFC 5652:
Dual-mode timestamp format producing either UTCTIme or GeneralizedTime.
Time64 ::= Uint64
RFC 5544
Binding Documents with Time-Stamps; TimeStampAndCRL object.
RFC 5544:
Binding Documents with Time-Stamps; TimeStampedData object.
Parser for RFC 5544:
TimeStampedData object.RFC 5544
Binding Documents with Time-Stamps; TimeStampTokenEvidence object.
TlmEntry::= SEQUENCE {
selfSignedTLMCertificate EtsiTs103097Certificate,
successorTo EtsiTs103097Certificate OPTIONAL,
accessPoint Url
}
ToBeSignedCertificate ::= SEQUENCE {
id CertificateId,
cracaId HashedId3,
crlSeries CrlSeries,
validityPeriod ValidityPeriod,
region GeographicRegion OPTIONAL,
assuranceLevel SubjectAssurance OPTIONAL,
appPermissions SequenceOfPsidSep OPTIONAL,
certIssuePermissions SequenceOfPsidGroupPermissions OPTIONAL,
certRequestPermissions NULL OPTIONAL,
encryptionKey PublicEncryptionKey OPTIONAL,
verifyKeyIndicator VerificationKeyIndicator,
...
ToBeSignedCertificate ::= SEQUENCE {
id CertificateId,
cracaId HashedId3,
crlSeries CrlSeries,
validityPeriod ValidityPeriod,
region GeographicRegion OPTIONAL,
assuranceLevel SubjectAssurance OPTIONAL,
appPermissions SequenceOfPsidSsp OPTIONAL,
certIssuePermissions SequenceOfPsidGroupPermissions OPTIONAL,
certRequestPermissions SequenceOfPsidGroupPermissions OPTIONAL,
canRequestRollover NULL OPTIONAL,
encryptionKey PublicEncryptionKey OPTIONAL,
verifyKeyIndicator VerificationKeyIndicator,
...
ToBeSignedCrl ::= SEQUENCE {
version Version,
thisUpdate Time32,
nextUpdate Time32,
entries SEQUENCE OF CrlEntry,
...
ToBeSignedData ::= SEQUENCE {
payload SignedDataPayload,
headerInfo HeaderInfo
}
ToBeSignedData ::= SEQUENCE {
payload SignedDataPayload,
headerInfo HeaderInfo
}
ToBeSignedLinkCertificate ::= SEQUENCE {
expiryTime Time32,
certificateHash HashedData,
...
TwoDLocation ::= SEQUENCE {
latitude Latitude,
longitude Longitude
}
TwoDLocation ::= SEQUENCE {
latitude Latitude,
longitude Longitude
}
Uint64 ::= INTEGER (0..18446744073709551615)
UnknownLongitude ::= OneEightyDegreeInt (unknown)
The value 1,800,000,001 indicates that the longitude was not
available to the sender.
ValidityPeriod ::= SEQUENCE {
start Time32,
duration Duration
}
ValidityPeriod ::= SEQUENCE {
start Time32,
duration Duration
}
VerificationKeyIndicator ::= CHOICE {
verificationKey PublicVerificationKey,
reconstructionValue EccP256CurvePoint,
...
VerificationKeyIndicator ::= CHOICE {
verificationKey PublicVerificationKey,
reconstructionValue EccP256CurvePoint,
...