CryptographicMessageSyntax { iso member-body usa(840) rsadsi(113549)
pkcs(1) 7 module(0) version(3) }
-- Should the module OID be from the RSA branch, or from elsewhere?
DEFINITIONS IMPLICIT TAGS ::=
BEGIN
IMPORTS
-- Directory Information Framework
Attribute, Name
----
FROM InformationFramework { joint-iso-itu-t ds(5) modules(1)
informationFramework(1) 3 }
-- Directory Authentication Framework
AlgorithmIdentifier, AttributeCertificate, Certificate,
CertificateList, CertificateSerialNumber, HASHED { }, SIGNED { }
----
FROM AuthenticationFramework { joint-iso-itu-t ds(5) module(1)
authenticationFramework(7) 3 }
-- In Cryptographic Message Syntax the HASHED parameterised type applies the
hash function to the
-- contents octets component of a CER or DER encoding of a value of the
parameter.
-- Directory Certificate Extensions
CertificateAssertion
----
FROM CertificateExtensions { joint-iso-itu-t ds(5) module(1)
certificateExtensions(26) 0 };
-- The ENCRYPTED parameterised type is redefined here because Cryptographic
Message Syntax encrypted values are
-- defined as OCTET STRING, instead of BIT STRING as in the Directory
Authentication Framework
ENCRYPTED { ToBeEnciphered } ::= OCTET STRING ( CONSTRAINED BY {
-- must be the result of applying an encipherment procedure to the contents
octets component --
-- of a definite-length BER-encoding of a value of -- ToBeEnciphered } )
ContentInfo ::= SEQUENCE {
content-type CMS-CONTENT-TYPE.&id ({CMSContentTable}),
cms-content [0] CMS-CONTENT-TYPE.&Type ({CMSContentTable}
{(_at_)content-type}) OPTIONAL }
CMS-CONTENT-TYPE ::= TYPE-IDENTIFIER
CMSContentTable CMS-CONTENT-TYPE ::= { data, signed-data, enveloped-data, ... }
-- Data
data CMS-CONTENT-TYPE ::= { Data IDENTIFIED BY id-data }
Data ::= OCTET STRING
-- Signed Data
signed-data CMS-CONTENT-TYPE ::= { SignedData IDENTIFIED BY id-signed-data }
SignedData ::= SEQUENCE {
version Version,
digestAlgorithms DigestAlgorithmIdentifiers,
contentInfo ContentInfo,
certificates [0] CertificateSet OPTIONAL,
crls [1] CertificateRevocationLists OPTIONAL,
signerInfos SignerInfos }
Version ::= INTEGER
DigestAlgorithmIdentifiers ::= SET OF DigestAlgorithmIdentifier
DigestAlgorithmIdentifier ::= AlgorithmIdentifier
CertificateSet ::= SET OF CertificateChoice
CertificateChoice ::= CHOICE {
certificate Certificate,
extendedCertificate [0] ExtendedCertificate,
attributeCertificate [1] AttributeCertificate }
CertificateRevocationLists ::= SET OF CertificateList
SignerInfos ::= SET OF SignerInfo
SignerInfo ::= SEQUENCE {
version Version,
issuerAndSerialNumber IssuerAndSerialNumber,
digestAlgorithm DigestAlgorithmIdentifier,
authenticatedAttributes [0] Attributes OPTIONAL,
signatureAlgorithm SignatureAlgorithmIdentifier,
signature SignatureValue,
unauthenticatedAttributes [1] Attributes OPTIONAL }
IssuerAndSerialNumber ::= SEQUENCE {
issuer Name,
serialNumber CertificateSerialNumber }
SignatureAlgorithmIdentifier ::= AlgorithmIdentifier
SignatureValue ::= ENCRYPTED { DigestInfo }
DigestInfo ::= SEQUENCE {
digestAlgorithm DigestAlgorithmIdentifier,
digest Digest }
Digest ::= HASHED { CHOICE {
content CMS-CONTENT-TYPE.&Type ({CMSContentTable}),
authenticated-attributes [0] EXPLICIT Attributes } }
-- Enveloped Data
enveloped-data CMS-CONTENT-TYPE ::= { EnvelopedData
IDENTIFIED BY id-enveloped-data }
EnvelopedData ::= SEQUENCE {
version Version,
originatorInfo [0] OriginatorInfo OPTIONAL,
recipientInfos RecipientInfos,
encryptedContentInfo EncryptedContentInfo }
OriginatorInfo ::= SEQUENCE {
certificates [0] CertificateSet OPTIONAL,
crls [1] CertificateRevocationLists OPTIONAL }
RecipientInfos ::= SET SIZE (1..MAX) OF RecipientInfo
RecipientInfo ::= SEQUENCE {
version Version,
recipientIdentifier RecipientIdentifier,
keyEncryptionAlgorithm KeyEncryptionAlgorithmIdentifier,
encryptedKey EncryptedKey,
originatorCertificateSelector CertificateAssertion OPTIONAL }
RecipientIdentifier ::= CHOICE {
issuerAndSerialNumber IssuerAndSerialNumber,
recipientKeyIdentifier [0] RecipientKeyIdentifier,
mailListKeyIdentifier [1] MailListKeyIdentifier }
RecipientKeyIdentifier ::= SEQUENCE {
recipientName Name,
recipientCertificateSelector CertificateAssertion }
MailListKeyIdentifier ::= SEQUENCE {
kekIdentifier OCTET STRING,
date GeneralizedTime OPTIONAL,
otherKeyAttribute Attribute OPTIONAL }
KeyEncryptionAlgorithmIdentifier ::= AlgorithmIdentifier
EncryptedKey ::= OCTET STRING
EncryptedContentInfo ::= SEQUENCE {
contentType CMS-CONTENT-TYPE.&id ({CMSContentTable}),
contentEncryptionAlgorithm ContentEncryptionAlgorithmIdentifier,
encryptedContent [0] ENCRYPTED { CMS-CONTENT-TYPE.&Type
({CMSContentTable} {(_at_)contentType}) } OPTIONAL }
ContentEncryptionAlgorithmIdentifier ::= AlgorithmIdentifier
-- Object Identifiers
id-pkcs-7 OBJECT IDENTIFIER ::=
{ iso member-body usa(840) rsadsi(113549) pkcs(1) 7 }
id-data OBJECT IDENTIFIER ::= { id-pkcs-7 1 }
id-signed-data OBJECT IDENTIFIER ::= { id-pkcs-7 2 }
id-enveloped-data OBJECT IDENTIFIER ::= { id-pkcs-7 3 }
-- Definitions from PKCS#6
ExtendedCertificate ::= SIGNED { ExtendedCertificateInfo }
ExtendedCertificateInfo ::= SEQUENCE {
version Version,
certificate Certificate,
attributes Attributes }
Attributes ::= SET OF Attribute
END -- of CryptographicMessageSyntax