-- Module PKCS7 (X.420:06/1999) -- The ASN.1 in version 1.5 of the PKCS#7 document is not defined in an ASN.1 module. This prevents an IMPORT of it into other ASN.1 modules. -- This Annex contains a module of PKCS#7 ASN.1 definitions conforming to current ASN.1 standards rather than the obsolescent (and now deprecated) 1988/90 version of ASN.1 used in version 1.5 of PKCS#7. -- Extensions to PKCS#7 defined in RFC 2630 are included. -- If differences are found between the ASN.1 in the following module and that in PKCS#7, the latter is definitive. PKCS7 {iso member-body usa(840) rsadsi(113549) pkcs(1) 7 module(0) -- module not currently defined in PKCS#7 --} DEFINITIONS IMPLICIT TAGS ::= BEGIN IMPORTS -- Directory Information Framework Attribute, Name --== FROM InformationFramework {joint-iso-itu-t ds(5) module(1) informationFramework(1) 3} -- Directory Authentication Framework AlgorithmIdentifier, AttributeCertificate, Certificate, CertificateList, CertificateSerialNumber, HASH{}, SIGNED{} --== FROM AuthenticationFramework {joint-iso-itu-t ds(5) module(1) authenticationFramework(7) 3}; -- In PKCS#7 the HASHED parameterised type applies the hash function to the -- contents octets component of a DER encoding of a value of the parameter. -- The ENCRYPTED parameterised type is redefined here because PKCS#7 encrypted values are -- defined as OCTET STRING, instead of BIT STRING as in the Directory Authentication Framework ENCRYPTED{ToBeEnciphered} ::= OCTET STRING (CONSTRAINED BY { -- must be the result of applying an encipherment procedure to the contents octets component -- of a definite-length BER-encoding of a value of --ToBeEnciphered}) ContentInfo ::= SEQUENCE { content-type PKCS7-CONTENT-TYPE.&id({PKCS7ContentTable}), pkcs7-content [0] PKCS7-CONTENT-TYPE.&Type({PKCS7ContentTable}) } PKCS7-CONTENT-TYPE ::= TYPE-IDENTIFIER PKCS7ContentTable PKCS7-CONTENT-TYPE ::= {data | signed-data | enveloped-data | signed-and-enveloped-data | digested-data | encrypted-data | authenticated-data, ...} -- Data data PKCS7-CONTENT-TYPE ::= {Data IDENTIFIED BY id-data } Data ::= OCTET STRING -- Signed Data signed-data PKCS7-CONTENT-TYPE ::= {SignedData IDENTIFIED BY id-signed-data } SignedData ::= SEQUENCE { version Version, digestAlgorithms DigestAlgorithmIdentifiers, contentInfo ContentInfo, certificates [0] CertificateSet OPTIONAL, crls [1] CertificateRevocationLists OPTIONAL, signerInfos SignerInfos } Version ::= INTEGER DigestAlgorithmIdentifiers ::= SET OF DigestAlgorithmIdentifier DigestAlgorithmIdentifier ::= AlgorithmIdentifier CertificateSet ::= SET OF CertificateChoice CertificateChoice ::= CHOICE { certificate Certificate, extendedCertificate [0] ExtendedCertificate, -- Obsolete attributeCertificate [1] AttributeCertificate } CertificateRevocationLists ::= SET OF CertificateList SignerInfos ::= SET OF SignerInfo SignerInfo ::= SEQUENCE { version Version, signerIdentifier SignerIdentifier, digestAlgorithm DigestAlgorithmIdentifier, authenticatedAttributes [0] Attributes OPTIONAL, digestEncryptionAlgorithm DigestEncryptionAlgorithmIdentifier, encryptedDigest EncryptedDigest, unauthenticatedAttributes [1] Attributes OPTIONAL } SignerIdentifier ::= CHOICE { issuerAndSerialNumber IssuerAndSerialNumber, subjectKeyIdentifier [2] SubjectKeyIdentifier } IssuerAndSerialNumber ::= SEQUENCE { issuer Name, serialNumber CertificateSerialNumber } SubjectKeyIdentifier ::= OCTET STRING DigestEncryptionAlgorithmIdentifier ::= AlgorithmIdentifier EncryptedDigest ::= ENCRYPTED{DigestInfo} DigestInfo ::= SEQUENCE { digestAlgorithm DigestAlgorithmIdentifier, digest Digest } Digest ::= HASH {CHOICE {content [1] PKCS7-CONTENT-TYPE.&Type({PKCS7ContentTable}), authenticated-attributes [0] EXPLICIT Attributes}} -- Enveloped Data enveloped-data PKCS7-CONTENT-TYPE ::= { EnvelopedData IDENTIFIED BY id-enveloped-data } EnvelopedData ::= SEQUENCE { version Version, originatorInfo [0] OriginatorInfo OPTIONAL, recipientInfos RecipientInfos, encryptedContentInfo EncryptedContentInfo, unprotectedAttributes [1] Attributes OPTIONAL } OriginatorInfo ::= SEQUENCE { certificates [0] CertificateSet OPTIONAL, crls [1] CertificateRevocationLists OPTIONAL } RecipientInfos ::= SET SIZE (1..MAX) OF RecipientInfo RecipientInfo ::= CHOICE { keyTransportRecipientInfo KeyTransportRecipientInfo, keyAgreementRecipientInfo [1] KeyAgreementRecipientInfo, keyEncryptionKeyRecipientInfo [2] KeyEncryptionKeyRecipientInfo } KeyTransportRecipientInfo ::= SEQUENCE { version Version, recipientIdentifier RecipientIdentifier, keyEncryptionAlgorithm KeyEncryptionAlgorithmIdentifier, encryptedKey EncryptedKey } RecipientIdentifier ::= CHOICE { issuerAndSerialNumber IssuerAndSerialNumber, subjectKeyIdentifier [0] SubjectKeyIdentifier } KeyEncryptionAlgorithmIdentifier ::= AlgorithmIdentifier EncryptedKey ::= OCTET STRING KeyAgreementRecipientInfo ::= SEQUENCE { version Version, originator [0] OriginatorIdentifierOrKey, userKeyingMaterial [1] EXPLICIT OCTET STRING OPTIONAL, keyEncryptionAlgorithm KeyEncryptionAlgorithmIdentifier, recipientEncryptedKeys RecipientEncryptedKeys } OriginatorIdentifierOrKey ::= CHOICE { issuerAndSerialNumber IssuerAndSerialNumber, subjectKeyIdentifier [0] SubjectKeyIdentifier, originatorPublicKey [1] OriginatorPublicKey } OriginatorPublicKey ::= SEQUENCE { algorithm AlgorithmIdentifier, publicKey BIT STRING } RecipientEncryptedKeys ::= SEQUENCE OF RecipientEncryptedKey RecipientEncryptedKey ::= SEQUENCE { recipientIdentifier KeyAgreementRecipientIdentifier, encryptedKey EncryptedKey } KeyAgreementRecipientIdentifier ::= CHOICE { issuerAndSerialNumber IssuerAndSerialNumber, recipientKeyIdentifier [0] RecipientKeyIdentifier } RecipientKeyIdentifier ::= SEQUENCE { subjectKeyIdentifier SubjectKeyIdentifier, date GeneralizedTime OPTIONAL, otherKeyAttribute OtherKeyAttribute OPTIONAL } OtherKeyAttribute ::= SEQUENCE { keyAttributeIdentifier OTHER-KEY-ATTRIBUTE.&id({OtherKeyAttributeTable}), keyAttribute OTHER-KEY-ATTRIBUTE.&Type ({OtherKeyAttributeTable}{@keyAttributeIdentifier}) OPTIONAL } OTHER-KEY-ATTRIBUTE ::= TYPE-IDENTIFIER OtherKeyAttributeTable OTHER-KEY-ATTRIBUTE ::= {...} KeyEncryptionKeyRecipientInfo ::= SEQUENCE { version Version, keyEncryptionKeyIdentifier KeyEncryptionKeyIdentifier, keyEncryptionAlgorithm KeyEncryptionAlgorithmIdentifier, encryptedKey EncryptedKey } KeyEncryptionKeyIdentifier ::= SEQUENCE { keyIdentifier OCTET STRING, date GeneralizedTime OPTIONAL, otherKeyAttribute OtherKeyAttribute OPTIONAL } EncryptedContentInfo ::= SEQUENCE { contentType PKCS7-CONTENT-TYPE.&id({PKCS7ContentTable}), contentEncryptionAlgorithm ContentEncryptionAlgorithmIdentifier, encryptedContent [0] ENCRYPTED{PKCS7-CONTENT-TYPE.&Type({PKCS7ContentTable}{@.contentType})} OPTIONAL } ContentEncryptionAlgorithmIdentifier ::= AlgorithmIdentifier -- Signed and Enveloped Data signed-and-enveloped-data PKCS7-CONTENT-TYPE ::= { SignedAndEnvelopedData IDENTIFIED BY id-signed-and-enveloped-data } SignedAndEnvelopedData ::= SEQUENCE { version Version, recipientInfos SET SIZE (1..MAX) OF KeyTransportRecipientInfo, digestAlgorithms DigestAlgorithmIdentifiers, encryptedContentInfo EncryptedContentInfo, certificates [0] CertificateSet OPTIONAL, crls [1] CertificateRevocationLists OPTIONAL, signerInfos SET SIZE (1..MAX) OF SignerInfo (WITH COMPONENTS { ..., signerIdentifier (WITH COMPONENTS { issuerAndSerialNumber PRESENT }), authenticatedAttributes ABSENT, unauthenticatedAttributes ABSENT }) } -- Digested Data digested-data PKCS7-CONTENT-TYPE ::= { DigestedData IDENTIFIED BY id-digested-data } DigestedData ::= SEQUENCE { version Version, digestAlgorithm DigestAlgorithmIdentifier, contentInfo ContentInfo, digest HASH{PKCS7-CONTENT-TYPE.&Type({PKCS7ContentTable})} } -- Encrypted Data encrypted-data PKCS7-CONTENT-TYPE ::= { EncryptedData IDENTIFIED BY id-encrypted-data } EncryptedData ::= SEQUENCE { version Version, encryptedContentInfo EncryptedContentInfo, unprotectedAttributes [1] Attributes OPTIONAL } -- Authenticated Data authenticated-data PKCS7-CONTENT-TYPE ::= { AuthenticatedData IDENTIFIED BY id-authenticated-data } AuthenticatedData ::= SEQUENCE { version Version, originatorInfo [0] OriginatorInfo OPTIONAL, recipientInfos RecipientInfos, macAlgorithm MessageAuthenticationCodeAlgorithmIdentifier, digestAlgorithm [1] DigestAlgorithmIdentifier OPTIONAL, contentInfo ContentInfo, authenticatedAttributes [2] Attributes OPTIONAL, messageAuthenticationCode MessageAuthenticationCode, unauthenticatedAttributes [3] Attributes OPTIONAL } MessageAuthenticationCodeAlgorithmIdentifier ::= AlgorithmIdentifier MessageAuthenticationCode ::= OCTET STRING -- Object Identifiers id-pkcs OBJECT IDENTIFIER ::= {iso member-body usa(840) rsadsi(113549) pkcs(1)} id-data OBJECT IDENTIFIER ::= {id-pkcs 7 1} id-signed-data OBJECT IDENTIFIER ::= {id-pkcs 7 2} id-enveloped-data OBJECT IDENTIFIER ::= {id-pkcs 7 3} id-signed-and-enveloped-data OBJECT IDENTIFIER ::= {id-pkcs 7 4} id-digested-data OBJECT IDENTIFIER ::= {id-pkcs 7 5} id-encrypted-data OBJECT IDENTIFIER ::= {id-pkcs 7 6} id-authenticated-data OBJECT IDENTIFIER ::= {id-pkcs 9 16 1 2} -- Definitions from PKCS#6 ExtendedCertificate ::= SIGNED{ExtendedCertificateInfo} ExtendedCertificateInfo ::= SEQUENCE { version Version, certificate Certificate, attributes Attributes } Attributes ::= SET OF Attribute END -- of PKCS#7 -- Generated by Asnp, the ASN.1 pretty-printer of France Telecom R&D