pkcs7.asn1 3.8 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136
  1. PKCS7ContentInfo ::= SEQUENCE {
  2. contentType ContentType ({ pkcs7_check_content_type }),
  3. content [0] EXPLICIT SignedData OPTIONAL
  4. }
  5. ContentType ::= OBJECT IDENTIFIER ({ pkcs7_note_OID })
  6. SignedData ::= SEQUENCE {
  7. version INTEGER ({ pkcs7_note_signeddata_version }),
  8. digestAlgorithms DigestAlgorithmIdentifiers,
  9. contentInfo ContentInfo ({ pkcs7_note_content }),
  10. certificates CHOICE {
  11. certSet [0] IMPLICIT ExtendedCertificatesAndCertificates,
  12. certSequence [2] IMPLICIT Certificates
  13. } OPTIONAL ({ pkcs7_note_certificate_list }),
  14. crls CHOICE {
  15. crlSet [1] IMPLICIT CertificateRevocationLists,
  16. crlSequence [3] IMPLICIT CRLSequence
  17. } OPTIONAL,
  18. signerInfos SignerInfos
  19. }
  20. ContentInfo ::= SEQUENCE {
  21. contentType ContentType ({ pkcs7_note_OID }),
  22. content [0] EXPLICIT Data OPTIONAL
  23. }
  24. Data ::= ANY ({ pkcs7_note_data })
  25. DigestAlgorithmIdentifiers ::= CHOICE {
  26. daSet SET OF DigestAlgorithmIdentifier,
  27. daSequence SEQUENCE OF DigestAlgorithmIdentifier
  28. }
  29. DigestAlgorithmIdentifier ::= SEQUENCE {
  30. algorithm OBJECT IDENTIFIER ({ pkcs7_note_OID }),
  31. parameters ANY OPTIONAL
  32. }
  33. --
  34. -- Certificates and certificate lists
  35. --
  36. ExtendedCertificatesAndCertificates ::= SET OF ExtendedCertificateOrCertificate
  37. ExtendedCertificateOrCertificate ::= CHOICE {
  38. certificate Certificate, -- X.509
  39. extendedCertificate [0] IMPLICIT ExtendedCertificate -- PKCS#6
  40. }
  41. ExtendedCertificate ::= Certificate -- cheating
  42. Certificates ::= SEQUENCE OF Certificate
  43. CertificateRevocationLists ::= SET OF CertificateList
  44. CertificateList ::= SEQUENCE OF Certificate -- This may be defined incorrectly
  45. CRLSequence ::= SEQUENCE OF CertificateList
  46. Certificate ::= ANY ({ pkcs7_extract_cert }) -- X.509
  47. --
  48. -- Signer information
  49. --
  50. SignerInfos ::= CHOICE {
  51. siSet SET OF SignerInfo,
  52. siSequence SEQUENCE OF SignerInfo
  53. }
  54. SignerInfo ::= SEQUENCE {
  55. version INTEGER ({ pkcs7_note_signerinfo_version }),
  56. sid SignerIdentifier, -- CMS variant, not PKCS#7
  57. digestAlgorithm DigestAlgorithmIdentifier ({ pkcs7_sig_note_digest_algo }),
  58. authenticatedAttributes CHOICE {
  59. aaSet [0] IMPLICIT SetOfAuthenticatedAttribute
  60. ({ pkcs7_sig_note_set_of_authattrs }),
  61. aaSequence [2] EXPLICIT SEQUENCE OF AuthenticatedAttribute
  62. -- Explicit because easier to compute digest on
  63. -- sequence of attributes and then reuse encoded
  64. -- sequence in aaSequence.
  65. } OPTIONAL,
  66. digestEncryptionAlgorithm
  67. DigestEncryptionAlgorithmIdentifier ({ pkcs7_sig_note_pkey_algo }),
  68. encryptedDigest EncryptedDigest,
  69. unauthenticatedAttributes CHOICE {
  70. uaSet [1] IMPLICIT SET OF UnauthenticatedAttribute,
  71. uaSequence [3] IMPLICIT SEQUENCE OF UnauthenticatedAttribute
  72. } OPTIONAL
  73. } ({ pkcs7_note_signed_info })
  74. SignerIdentifier ::= CHOICE {
  75. -- RFC5652 sec 5.3
  76. issuerAndSerialNumber IssuerAndSerialNumber,
  77. subjectKeyIdentifier [0] IMPLICIT SubjectKeyIdentifier
  78. }
  79. IssuerAndSerialNumber ::= SEQUENCE {
  80. issuer Name ({ pkcs7_sig_note_issuer }),
  81. serialNumber CertificateSerialNumber ({ pkcs7_sig_note_serial })
  82. }
  83. CertificateSerialNumber ::= INTEGER
  84. SubjectKeyIdentifier ::= OCTET STRING ({ pkcs7_sig_note_skid })
  85. SetOfAuthenticatedAttribute ::= SET OF AuthenticatedAttribute
  86. AuthenticatedAttribute ::= SEQUENCE {
  87. type OBJECT IDENTIFIER ({ pkcs7_note_OID }),
  88. values SET OF ANY ({ pkcs7_sig_note_authenticated_attr })
  89. }
  90. UnauthenticatedAttribute ::= SEQUENCE {
  91. type OBJECT IDENTIFIER,
  92. values SET OF ANY
  93. }
  94. DigestEncryptionAlgorithmIdentifier ::= SEQUENCE {
  95. algorithm OBJECT IDENTIFIER ({ pkcs7_note_OID }),
  96. parameters ANY OPTIONAL
  97. }
  98. EncryptedDigest ::= OCTET STRING ({ pkcs7_sig_note_signature })
  99. ---
  100. --- X.500 Name
  101. ---
  102. Name ::= SEQUENCE OF RelativeDistinguishedName
  103. RelativeDistinguishedName ::= SET OF AttributeValueAssertion
  104. AttributeValueAssertion ::= SEQUENCE {
  105. attributeType OBJECT IDENTIFIER ({ pkcs7_note_OID }),
  106. attributeValue ANY
  107. }