|
|
|
|
|
|
ASN.1 for Internet X.509
PKI (Public Key Infrastructure) Certificate and CRL Profile
|
|
Note: In the following ASN.1 definitions, "[tag] Type" is to be interpreted as
"[tag] IMPLICIT Type".
|
|
|
|
|
|
|
|
|
|
| Certificate | ::= |
SEQUENCE {
|
|
| tbsCertificate |
TBSCertificate,
|
| signatureAlgorithm |
AlgorithmIdentifier,
|
| signatureValue |
BIT STRING }
| |
|
| TBSCertificate | ::= |
SEQUENCE {
|
|
| version |
[0] EXPLICIT Version DEFAULT v1,
|
| serialNumber |
CertificateSerialNumber,
|
| signature |
AlgorithmIdentifier,
|
| issuer |
Name,
|
| validity |
Validity,
|
| subject |
Name,
|
| subjectPublicKeyInfo |
SubjectPublicKeyInfo,
|
| issuerUniqueID |
[1] IMPLICIT UniqueIdentifier OPTIONAL,
-- If present, version MUST be v2 or v3
|
| subjectUniqueID |
[2] IMPLICIT UniqueIdentifier OPTIONAL,
-- If present, version MUST be v2 or v3
|
| extensions |
[3] EXPLICIT Extensions OPTIONAL
-- If present, version MUST be v3 -- }
| |
|
| Version | ::= |
INTEGER {
v1(0),
v2(1),
v3(2) }
| |
|
| CertificateSerialNumber | ::= |
INTEGER
| |
|
|
|
| notBefore |
Time,
|
| notAfter |
Time }
| |
|
|
|
| utcTime |
UTCTime,
|
| generalTime |
GeneralizedTime }
| |
|
| UniqueIdentifier | ::= |
BIT STRING
| |
|
| SubjectPublicKeyInfo | ::= |
SEQUENCE {
|
|
|
|
| Extensions | ::= |
SEQUENCE SIZE (1..MAX) OF
Extension
| |
|
|
|
| extnID |
OBJECT IDENTIFIER,
|
| critical |
BOOLEAN DEFAULT FALSE,
|
| extnValue |
OCTET STRING }
| |
|
|
|
|
|
|
|
|
|
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
# |
|
|
|
| id-ce | OBJECT IDENTIFIER ::= {
joint-iso-ccitt(2) ds(5) 29 }
| |
| id-pkix | OBJECT IDENTIFIER ::=
{
iso(1) identified-organization(3) dod(6) internet(1)
security(5) mechanisms(5) pkix(7) }
| |
| id-pe | OBJECT IDENTIFIER ::= {
id-pkix 1 }
-- arc for private certificate extensions
| |
|
|
|
|
|
|
|
|
The authority key identifier extension provides a means of
identifying the public key corresponding to the private key used to
sign a certificate. This extension is used where an issuer has
multiple signing keys (either due to multiple concurrent key pairs or
due to changeover).
This extension MUST NOT be marked critical.
|
|
|
| id-ce-authorityKeyIdentifier | OBJECT IDENTIFIER ::= {
id-ce 35 }
| |
|
| AuthorityKeyIdentifier | ::= |
SEQUENCE {
|
|
|
|
|
-- authorityCertIssuer and authorityCertSerialNumber MUST both
-- be present or both be absent
| |
|
| KeyIdentifier | ::= |
OCTET STRING
| |
|
|
|
|
|
|
|
|
|
|
The subject key identifier extension provides a means of identifying
certificates that contain a particular public key.
This extension MUST NOT be marked critical.
|
|
|
| id-ce-subjectKeyIdentifier | OBJECT IDENTIFIER ::= {
id-ce 14 }
| |
|
|
|
|
|
|
|
|
|
|
|
|
The key usage extension defines the purpose (e.g., encipherment,
signature, certificate signing) of the key contained in the
certificate.
When this extension appears, it SHOULD be marked critical.
|
|
|
| id-ce-keyUsage | OBJECT IDENTIFIER ::= {
id-ce 15 }
| |
|
|
|
| digitalSignature |
(0),
|
| nonRepudiation |
(1),
|
| keyEncipherment |
(2),
|
| dataEncipherment |
(3),
|
| keyAgreement |
(4),
|
| keyCertSign |
(5),
|
| cRLSign |
(6),
|
| encipherOnly |
(7),
|
| decipherOnly |
(8) }
|
|
|
|
|
|
|
|
|
|
|
This extension SHOULD NOT be used within the Internet PKI. CAs
conforming to this profile MUST NOT generate certificates that
include a critical private key usage period extension.
The private key usage period extension allows the certificate issuer
to specify a different validity period for the private key than the
certificate. This extension is intended for use with digital
signature keys. This extension consists of two optional components,
notBefore and notAfter. The private key associated with the
certificate SHOULD NOT be used to sign objects before or after the
times specified by the two components, respectively.
CAs conforming
to this profile MUST NOT generate certificates with private key usage
period extensions unless at least one of the two components is
present and the extension is non-critical.
|
|
|
| id-ce-privateKeyUsagePeriod | OBJECT IDENTIFIER ::= {
id-ce 16 }
| |
|
| PrivateKeyUsagePeriod | ::= |
SEQUENCE {
|
|
| notBefore |
[0] GeneralizedTime OPTIONAL,
|
| notAfter |
[1] GeneralizedTime OPTIONAL }
|
|
|
-- either notBefore or notAfter MUST be present
| |
|
|
|
|
|
|
|
|
|
|
The certificate policies extension contains a sequence of one or more
policy information terms, each of which consists of an object
identifier (OID) and optional qualifiers.
In an end entity certificate, these policy information terms indicate
the policy under which the certificate has been issued and the
purposes for which the certificate may be used.
|
|
|
| id-ce-certificatePolicies | OBJECT IDENTIFIER ::= {
id-ce 32 }
| |
| anyPolicy | OBJECT IDENTIFIER ::= {
id-ce-certificatePolicies 0 }
| |
| id-qt | OBJECT IDENTIFIER ::= {
id-pkix 2 }
| |
| id-qt-cps | OBJECT IDENTIFIER ::= {
id-qt 1 }
| |
| id-qt-unotice | OBJECT IDENTIFIER ::= {
id-qt 2 }
| |
|
| CertificatePolicies | ::= |
SEQUENCE SIZE (1..MAX) OF PolicyInformation
| |
|
| PolicyInformation | ::= |
SEQUENCE {
|
|
| policyIdentifier |
CertPolicyId,
|
| policyQualifiers |
SEQUENCE SIZE (1..MAX) OF PolicyQualifierInfo OPTIONAL }
| |
|
| CertPolicyId | ::= |
OBJECT IDENTIFIER
| |
|
| PolicyQualifierInfo | ::= |
SEQUENCE {
|
|
| policyQualifierId |
PolicyQualifierId,
|
| qualifier |
ANY DEFINED BY policyQualifierId }
| |
|
| PolicyQualifierId | ::= |
OBJECT IDENTIFIER (
id-qt-cps |
id-qt-unotice )
| |
|
|
|
|
|
|
|
|
|
|
This extension is used in CA certificates. It lists one or more
pairs of OIDs; each pair includes an issuerDomainPolicy and a
subjectDomainPolicy. The pairing indicates the issuing CA considers
its issuerDomainPolicy equivalent to the subject CA's
subjectDomainPolicy.
This extension MAY be supported by CAs and/or applications, and it
MUST be non-critical.
|
|
|
| id-ce-policyMappings | OBJECT IDENTIFIER ::= {
id-ce 33 }
| |
|
| PolicyMappings | ::= |
SEQUENCE SIZE (1..MAX) OF SEQUENCE {
|
|
|
|
|
|
|
|
|
|
|
|
|
The subject alternative names extension allows additional identities
to be bound to the subject of the certificate. Defined options
include an Internet electronic mail address, a DNS name, an IP
address, and a uniform resource identifier (URI).
|
|
|
| id-ce-subjectAltName | OBJECT IDENTIFIER ::= {
id-ce 17 }
| |
|
| SubjectAltName | ::= |
GeneralNames
| |
| GeneralNames | ::= |
SEQUENCE SIZE (1..MAX) OF GeneralName
| |
|
|
|
| otherName |
[0] AnotherName,
|
| rfc822Name |
[1] IA5String,
|
| dNSName |
[2] IA5String,
|
| x400Address |
[3] ORAddress,
|
| directoryName |
[4] Name,
|
| ediPartyName |
[5] EDIPartyName,
|
| uniformResourceIdentifier |
[6] IA5String,
|
| iPAddress |
[7] OCTET STRING,
|
| registeredID |
[8] OBJECT IDENTIFIER }
| |
|
| AnotherName | ::= |
SEQUENCE {
|
|
| type-id |
OBJECT IDENTIFIER,
|
| value |
ANY DEFINED BY type-id }
| |
|
|
|
|
|
|
|
|
|
|
As with Subject Alternative Name, this extension is used to associate Internet style
identities with the certificate issuer.
Where present, this extension SHOULD NOT be marked critical.
|
|
|
| id-ce-issuerAltName | OBJECT IDENTIFIER ::= {
id-ce 18 }
| |
|
|
|
|
|
|
|
|
|
|
|
|
The subject directory attributes extension is used to convey
identification attributes (e.g., nationality) of the subject.
This extension MUST be non-critical.
|
|
|
| id-ce-subjectDirectoryAttributes | OBJECT IDENTIFIER ::= {
id-ce 9 }
| |
|
| SubjectDirectoryAttributes | ::= |
SEQUENCE SIZE (1..MAX) OF Attribute
| |
|
|
|
|
|
|
|
|
|
|
The basic constraints extension identifies whether the subject of the
certificate is a CA and the maximum depth of valid certification
paths that include this certificate.
|
|
|
|
|
|
| id-ce-basicConstraints | OBJECT IDENTIFIER ::= {
id-ce 19 }
| |
|
| BasicConstraints | ::= |
SEQUENCE {
|
|
| cA |
BOOLEAN DEFAULT FALSE,
|
| pathLenConstraint |
INTEGER (0..MAX) OPTIONAL }
| |
|
|
|
|
|
|
|
|
|
|
The name constraints extension, which MUST be used only in a CA
certificate, indicates a name space within which all subject names in
subsequent certificates in a certification path MUST be located.
|
|
|
|
|
|
| id-ce-nameConstraints | OBJECT IDENTIFIER ::= {
id-ce 30 }
| |
|
| NameConstraints | ::= |
SEQUENCE {
|
|
| permittedSubtrees |
[0] GeneralSubtrees OPTIONAL,
|
| excludedSubtrees |
[1] GeneralSubtrees OPTIONAL }
| |
|
| GeneralSubtrees | ::= |
SEQUENCE SIZE (1..MAX) OF GeneralSubtree
| |
|
| GeneralSubtree | ::= |
SEQUENCE {
|
|
| base |
GeneralName,
|
| minimum |
[0] BaseDistance DEFAULT 0,
|
| maximum |
[1] BaseDistance OPTIONAL }
| |
|
| BaseDistance | ::= |
INTEGER (0..MAX)
| |
|
|
|
|
|
|
|
|
|
|
The policy constraints extension can be used in certificates issued
to CAs. The policy constraints extension constrains path validation
in two ways. It can be used to prohibit policy mapping or require
that each certificate in a path contain an acceptable policy
identifier.
This extension MAY be critical or non-critical.
|
|
|
| id-ce-policyConstraints | OBJECT IDENTIFIER ::= {
id-ce 36 }
| |
|
| PolicyConstraints | ::= |
SEQUENCE {
|
|
| requireExplicitPolicy |
[0] SkipCerts OPTIONAL,
|
| inhibitPolicyMapping |
[1] SkipCerts OPTIONAL }
| |
|
| SkipCerts | ::= |
INTEGER (0..MAX)
| |
|
|
|
|
|
|
|
|
|
|
This extension indicates one or more purposes for which the certified
public key may be used, in addition to or in place of the basic
purposes indicated in the key usage extension. In general, this
extension will appear only in end entity certificates.
This extension MAY, at the option of the certificate issuer, be
either critical or non-critical.
|
|
|
| id-ce-extKeyUsage | OBJECT IDENTIFIER ::= {
id-ce 37 }
| |
|
| ExtKeyUsageSyntax | ::= |
SEQUENCE SIZE (1..MAX) OF KeyPurposeId
| |
| KeyPurposeId | ::= |
OBJECT IDENTIFIER
| |
|
|
|
|
|
|
|
|
|
|
The CRL distribution points extension identifies how CRL information
is obtained.
|
|
|
| id-ce-cRLDistributionPoints | OBJECT IDENTIFIER ::= {
id-ce 31 }
| |
|
| CRLDistributionPoints | ::= |
SEQUENCE SIZE (1..MAX) OF DistributionPoint
| |
|
| DistributionPoint | ::= |
SEQUENCE {
|
|
| distributionPoint |
[0] DistributionPointName OPTIONAL,
|
| reasons |
[1] ReasonFlags OPTIONAL,
|
| cRLIssuer |
[2] GeneralNames OPTIONAL }
| |
|
| DistributionPointName | ::= |
CHOICE {
|
|
|
|
| ReasonFlags | ::= |
BIT STRING {
|
|
| unused |
(0),
|
| keyCompromise |
(1),
|
| cACompromise |
(2),
|
| affiliationChanged |
(3),
|
| superseded |
(4),
|
| cessationOfOperation |
(5),
|
| certificateHold |
(6),
|
| privilegeWithdrawn |
(7),
|
| aACompromise |
(8) }
|
|
|
|
|
|
|
|
|
|
|
The inhibit any-policy extension can be used in certificates issued
to CAs. The inhibit any-policy indicates that the special anyPolicy
OID, with the value { 2 5 29 32 0 }, is not considered an explicit
match for other certificate policies. The value indicates the number
of additional certificates that may appear in the path before
anyPolicy is no longer permitted. For example, a value of one
indicates that anyPolicy may be processed in certificates issued by
the subject of this certificate, but not in additional certificates
in the path.
This extension MUST be critical.
|
|
|
| id-ce-inhibitAnyPolicy | OBJECT IDENTIFIER ::= {
id-ce 54 }
| |
|
| InhibitAnyPolicy | ::= |
SkipCerts
| |
|
|
|
|
|
|
|
|
|
|
The freshest CRL extension identifies how delta CRL information is
obtained.
The extension MUST be non-critical.
|
|
|
| id-ce-freshestCRL | OBJECT IDENTIFIER ::= {
id-ce 46 }
| |
|
| FreshestCRL | ::= |
CRLDistributionPoints
| |
|
|
|
|
|
|
|
|
|
|
The authority information access extension indicates how to access CA
information and services for the issuer of the certificate in which
the extension appears. Information and services may include on-line
validation services and CA policy data.
This extension may be included in
end entity or CA certificates, and it MUST be non-critical.
|
|
|
| id-pe-authorityInfoAccess | OBJECT IDENTIFIER ::= {
id-pe 1 }
| |
|
| AuthorityInfoAccessSyntax | ::= |
SEQUENCE SIZE (1..MAX) OF AccessDescription
| |
|
| AccessDescription | ::= |
SEQUENCE {
|
|
| accessMethod |
OBJECT IDENTIFIER,
|
| accessLocation |
GeneralName }
| |
|
| id-ad | OBJECT IDENTIFIER ::= {
id-pkix 48 }
| |
| id-ad-caIssuers | OBJECT IDENTIFIER ::= {
id-ad 2 }
| |
| id-ad-ocsp | OBJECT IDENTIFIER ::= {
id-ad 1 }
| |
|
|
|
|
|
|
|
|
|
|
The subject information access extension indicates how to access
information and services for the subject of the certificate in which
the extension appears. When the subject is a CA, information and
services may include certificate validation services and CA policy
data. When the subject is an end entity, the information describes
the type of services offered and how to access them. In this case,
the contents of this extension are defined in the protocol
specifications for the suported services.
This extension may be
included in subject or CA certificates, and it MUST be non-critical.
|
|
|
| id-pe-subjectInfoAccess | OBJECT IDENTIFIER ::= {
id-pe 11 }
| |
|
| SubjectInfoAccessSyntax | ::= |
SEQUENCE SIZE (1..MAX) OF AccessDescription
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| CertificateList | ::= |
SEQUENCE {
|
|
|
|
| TBSCertList | ::= |
SEQUENCE {
|
|
|
|
|
|
| | } OPTIONAL,
|
| crlExtensions |
[0] EXPLICIT Extensions OPTIONAL }
-- if present, MUST be v2
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
The CRL number is a CRL extension which conveys a
monotonically increasing sequence number for a given CRL scope and
CRL issuer. This extension allows users to easily determine when a
particular CRL supersedes another CRL.
This extension is non-critical.
|
|
|
| id-ce-cRLNumber | OBJECT IDENTIFIER ::= {
id-ce 20 }
| |
|
| CRLNumber | ::= |
INTEGER (0..MAX)
| |
|
|
|
|
|
|
|
|
|
|
The delta CRL indicator is a CRL extension that identifies a
CRL as being a delta CRL. Delta CRLs contain updates to revocation
information previously distributed, rather than all the information
that would appear in a complete CRL.
This extension is critical.
|
|
|
| id-ce-deltaCRLIndicator | OBJECT IDENTIFIER ::= {
id-ce 27 }
| |
|
|
|
|
|
|
|
|
|
|
|
|
The issuing distribution point is a CRL extension that
identifies the CRL distribution point and scope for a particular CRL,
and it indicates whether the CRL covers revocation for end entity
certificates only, CA certificates only, attribute certificates only,
or a limited set of reason codes.
Although the extension is
critical, conforming implementations are not required to support this
extension.
|
|
|
| id-ce-issuingDistributionPoint | OBJECT IDENTIFIER ::= {
id-ce 28 }
| |
|
| issuingDistributionPoint | ::= |
SEQUENCE {
|
|
| distributionPoint |
[0] DistributionPointName OPTIONAL,
|
| onlyContainsUserCerts |
[1] BOOLEAN DEFAULT FALSE,
|
| onlyContainsCACerts |
[2] BOOLEAN DEFAULT FALSE,
|
| onlySomeReasons |
[3] ReasonFlags OPTIONAL,
|
| indirectCRL |
[4] BOOLEAN DEFAULT FALSE,
|
| onlyContainsAttributeCerts |
[5] BOOLEAN DEFAULT FALSE }
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
The reasonCode is a CRL entry extension that identifies
the reason for the certificate revocation.
This extension is non-critical.
|
|
|
| id-ce-cRLReason | OBJECT IDENTIFIER ::= {
id-ce 21 }
| |
|
| CRLReason | ::= |
ENUMERATED {
|
|
| unspecified |
(0),
|
| keyCompromise |
(1),
|
| cACompromise |
(2),
|
| affiliationChanged |
(3),
|
| superseded |
(4),
|
| cessationOfOperation |
(5),
|
| certificateHold |
(6),
|
| removeFromCRL |
(8),
|
| privilegeWithdrawn |
(9),
|
| aACompromise |
(10) }
| |
|
|
|
|
|
|
|
|
|
|
The hold instruction code is a CRL entry extension that
provides a registered instruction identifier which indicates the
action to be taken after encountering a certificate that has been
placed on hold.
This extension is non-critical.
|
|
|
| id-ce-holdInstructionCode | OBJECT IDENTIFIER ::= {
id-ce 23 }
| |
|
| holdInstructionCode | ::= |
OBJECT IDENTIFIER
| |
|
| holdInstruction | OBJECT IDENTIFIER ::= {
iso(1) member-body(2) us(840) x9-57(10040) 2 }
| |
| id-holdinstruction-none | OBJECT IDENTIFIER ::= {
holdInstruction 1 }
| |
| id-holdinstruction-callissuer | OBJECT IDENTIFIER ::= {
holdInstruction 2 }
| |
| id-holdinstruction-reject | OBJECT IDENTIFIER ::= {
holdInstruction 3 }
| |
|
|
|
|
|
|
|
|
|
|
The invalidity date is a non-critical CRL entry extension that
provides the date on which it is known or suspected that the private
key was compromised or that the certificate otherwise became invalid.
This extension is non-critical.
|
|
|
| id-ce-id-ce-invalidityDate | OBJECT IDENTIFIER ::= {
id-ce 24 }
| |
|
| invalidityDate | ::= |
GeneralizedTime
| |
|
|
|
|
|
|
|
|
|
|
This CRL entry extension identifies the certificate issuer associated
with an entry in an indirect CRL, that is, a CRL that has the
indirectCRL indicator set in its issuing distribution point
extension.
This extension MUST always be
critical.
|
|
|
| id-ce-certificateIssuer | OBJECT IDENTIFIER ::= {
id-ce 29 }
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| Name | ::= |
CHOICE { -- only one possibility for now --
|
|
| rdnSequence |
RDNSequence }
| |
|
| RDNSequence | ::= |
SEQUENCE OF
RelativeDistinguishedName
| |
| DistinguishedName | ::= |
RDNSequence
| |
|
| RelativeDistinguishedName | ::= |
SET SIZE (1 .. MAX) OF
AttributeTypeAndValue
| |
|
| AttributeTypeAndValue | ::= |
SEQUENCE {
|
|
| type |
AttributeType,
|
| value |
AttributeValue }
| |
|
| AttributeType | ::= |
OBJECT IDENTIFIER
| |
| AttributeValue | ::= |
ANY
| |
|
|
|
|
|
|
|
|
|
|
|
| AlgorithmIdentifier | ::= |
SEQUENCE {
|
|
| algorithm |
OBJECT IDENTIFIER,
|
| parameters |
ANY DEFINED BY algorithm OPTIONAL }
-- contains a value of the type
-- registered for use with the
-- algorithm object identifier value
| |
|
|
|
|
|
|
|
|
|
| md2 | OBJECT IDENTIFIER ::= {
iso(1) member-body(2) us(840) rsadsi(113549)
digestAlgorithm(2) 2
}
| |
| md5 | OBJECT IDENTIFIER ::= {
iso(1) member-body(2) us(840) rsadsi(113549)
digestAlgorithm(2) 5
}
| |
| id-sha1 | OBJECT IDENTIFIER ::= {
iso(1) identified-organization(3) oiw(14)
secsig(3) algorithms(2) 26
}
| |
|
|
|
|
|
|
|
|
|
|
| -- OID for DSA public key
| |
|
| id-dsa | OBJECT IDENTIFIER ::= {
iso(1) member-body(2) us(840) x9-57(10040)
x9algorithm(4) 1
}
| |
|
|
| -- encoding for DSA public key
| |
|
| DSAPublicKey | ::= |
INTEGER -- public key, y
| |
|
|
|
| p |
INTEGER,
|
| q |
INTEGER,
|
| g |
INTEGER }
| |
|
|
| -- OID for DSA signature generated with SHA-1 hash
| |
|
| id-dsa-with-sha1 | OBJECT IDENTIFIER ::= {
iso(1) member-body(2) us(840) x9-57(10040)
x9algorithm(4) 3
}
| |
|
|
| -- encoding for DSA signature generated with SHA-1 hash
| |
|
| Dss-Sig-Value | ::= |
SEQUENCE {
|
|
|
|
|
|
|
|
|
|
|
|
|
| -- arc for RSA public key and RSA signature OIDs
| |
|
| pkcs-1 | OBJECT IDENTIFIER ::= {
iso(1) member-body(2) us(840) rsadsi(113549)
pkcs(1) 1
}
| |
|
|
| -- OID for RSA public keys
| |
|
| rsaEncryption | OBJECT IDENTIFIER ::= {
pkcs-1 1
}
| |
|
|
| -- OID for RSA signature generated with MD2 hash
| |
|
| md2WithRSAEncryption | OBJECT IDENTIFIER ::= {
pkcs-1 2
}
| |
|
|
| -- OID for RSA signature generated with MD5 hash
| |
|
| md5WithRSAEncryption | OBJECT IDENTIFIER ::= {
pkcs-1 4
}
| |
|
|
| -- OID for RSA signature generated with SHA-1 hash
| |
|
| sha1WithRSAEncryption | OBJECT IDENTIFIER ::= {
pkcs-1 5
}
| |
|
|
| -- encoding for RSA public key
| |
|
| RSAPublicKey | ::= |
SEQUENCE {
|
|
| modulus |
INTEGER, | -- n
|
| publicExponent |
INTEGER } | -- e
| |
|
|
|
|
|
|
|
|
|
| dhpublicnumber | OBJECT IDENTIFIER ::= {
iso(1) member-body(2) us(840) ansi-x942(10046)
number-type(2) 1
}
| |
|
|
| -- encoding for DH public key
| |
|
| DHPublicKey | ::= |
INTEGER -- public key, y = g^x mod p
| |
|
| DomainParameters | ::= |
SEQUENCE {
|
|
| p |
INTEGER, | -- odd prime, p=jq +1
|
| g |
INTEGER, | -- generator, g
|
| q |
INTEGER, | -- factor of p-1
|
| j |
INTEGER OPTIONAL, | -- subgroup factor, j>= 2
|
| validationParms |
ValidationParms OPTIONAL }
| |
|
| ValidationParms | ::= |
SEQUENCE {
|
|
| seed |
BIT STRING,
|
| pgenCounter |
INTEGER }
| |
|
|
|
|
|
|
|
|
|
| keyExchangeAlgorithm | OBJECT IDENTIFIER ::= {
2 16 840 1 101 2 1 1 22
}
| |
|
| KEA-Parms-Id | ::= |
OCTET STRING
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
