PKCS-12 { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-12(12) modules(0) pkcs-12(1) } -- PKCS #12 v1.1 ASN.1 Module -- Revised October 27, 2012 -- This module has been checked for conformance with the ASN.1 standard -- by the OSS ASN.1 Tools DEFINITIONS IMPLICIT TAGS ::= BEGIN -- EXPORTS ALL -- All types and values defined in this module are exported for use -- in other ASN.1 modules. IMPORTS -- Erin: Added selectedAttributeTypes for inlining PKCS#9 informationFramework, selectedAttributeTypes FROM UsefulDefinitions {joint-iso-itu-t(2) ds(5) module(1) usefulDefinitions(0) 3} ATTRIBUTE FROM InformationFramework informationFramework ContentInfo, DigestInfo FROM PKCS-7 {iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-7(7) modules(0) pkcs-7(1)} PrivateKeyInfo, EncryptedPrivateKeyInfo FROM PKCS-8 {iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-8(8) modules(1) pkcs-8(1)} -- Inlined from PKCS#9 -- pkcs-9, friendlyName, localKeyId, certTypes, crlTypes -- FROM PKCS-9 {iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9) modules(0) pkcs-9(1)}; octetStringMatch, caseIgnoreMatch FROM SelectedAttributeTypes selectedAttributeTypes; pkcs-9 OBJECT IDENTIFIER ::= {iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) 9} -- Main arc for S/MIME (RFC 2633) certTypes OBJECT IDENTIFIER ::= {pkcs-9 22} -- Main arc for certificate types defined in PKCS #12 crlTypes OBJECT IDENTIFIER ::= {pkcs-9 23} pkcs-9-ub-pkcs9String INTEGER ::= 255 pkcs-9-ub-friendlyName INTEGER ::= pkcs-9-ub-pkcs9String friendlyName ATTRIBUTE ::= { WITH SYNTAX BMPString (SIZE(1..pkcs-9-ub-friendlyName)) EQUALITY MATCHING RULE caseIgnoreMatch SINGLE VALUE TRUE ID pkcs-9-at-friendlyName } localKeyId ATTRIBUTE ::= { WITH SYNTAX OCTET STRING EQUALITY MATCHING RULE octetStringMatch SINGLE VALUE TRUE ID pkcs-9-at-localKeyId } -- ============================ -- Object identifiers -- ============================ rsadsi OBJECT IDENTIFIER ::= {iso(1) member-body(2) us(840) rsadsi(113549)} pkcs OBJECT IDENTIFIER ::= {rsadsi pkcs(1)} pkcs-12 OBJECT IDENTIFIER ::= {pkcs 12} pkcs-12PbeIds OBJECT IDENTIFIER ::= {pkcs-12 1} pbeWithSHAAnd128BitRC4 OBJECT IDENTIFIER ::= {pkcs-12PbeIds 1} pbeWithSHAAnd40BitRC4 OBJECT IDENTIFIER ::= {pkcs-12PbeIds 2} pbeWithSHAAnd3-KeyTripleDES-CBC OBJECT IDENTIFIER ::= {pkcs-12PbeIds 3} pbeWithSHAAnd2-KeyTripleDES-CBC OBJECT IDENTIFIER ::= {pkcs-12PbeIds 4} pbeWithSHAAnd128BitRC2-CBC OBJECT IDENTIFIER ::= {pkcs-12PbeIds 5} pbewithSHAAnd40BitRC2-CBC OBJECT IDENTIFIER ::= {pkcs-12PbeIds 6} bagtypes OBJECT IDENTIFIER ::= {pkcs-12 10 1} -- ============================ -- The PFX PDU -- ============================ PFX ::= SEQUENCE { version INTEGER {v3(3)}(v3,...), authSafe ContentInfo, macData MacData OPTIONAL } MacData ::= SEQUENCE { mac DigestInfo, macSalt OCTET STRING, iterations INTEGER DEFAULT 1 -- Note: The default is for historical reasons and its use is -- deprecated. } AuthenticatedSafe ::= SEQUENCE OF ContentInfo -- Data if unencrypted -- EncryptedData if password-encrypted -- EnvelopedData if public key-encrypted SafeContents ::= SEQUENCE OF SafeBag SafeBag ::= SEQUENCE { bagId BAG-TYPE.&id ({PKCS12BagSet}), bagValue [0] EXPLICIT BAG-TYPE.&Type({PKCS12BagSet}{@bagId}), bagAttributes SET OF PKCS12Attribute OPTIONAL } -- ============================ -- Bag types -- ============================ keyBag BAG-TYPE ::= {KeyBag IDENTIFIED BY {bagtypes 1}} pkcs8ShroudedKeyBag BAG-TYPE ::= {PKCS8ShroudedKeyBag IDENTIFIED BY {bagtypes 2}} certBag BAG-TYPE ::= {CertBag IDENTIFIED BY {bagtypes 3}} crlBag BAG-TYPE ::= {CRLBag IDENTIFIED BY {bagtypes 4}} secretBag BAG-TYPE ::= {SecretBag IDENTIFIED BY {bagtypes 5}} safeContentsBag BAG-TYPE ::= {SafeContents IDENTIFIED BY {bagtypes 6}} PKCS12BagSet BAG-TYPE ::= { keyBag | pkcs8ShroudedKeyBag | certBag | crlBag | secretBag | safeContentsBag, ... -- For future extensions } BAG-TYPE ::= TYPE-IDENTIFIER -- KeyBag KeyBag ::= PrivateKeyInfo -- Shrouded KeyBag PKCS8ShroudedKeyBag ::= EncryptedPrivateKeyInfo -- CertBag CertBag ::= SEQUENCE { certId BAG-TYPE.&id ({CertTypes}), certValue [0] EXPLICIT BAG-TYPE.&Type ({CertTypes}{@certId}) } x509Certificate BAG-TYPE ::= {OCTET STRING IDENTIFIED BY {certTypes 1}} -- DER-encoded X.509 certificate stored in OCTET STRING sdsiCertificate BAG-TYPE ::= {IA5String IDENTIFIED BY {certTypes 2}} -- Base64-encoded SDSI certificate stored in IA5String CertTypes BAG-TYPE ::= { x509Certificate | sdsiCertificate, ... -- For future extensions } -- CRLBag CRLBag ::= SEQUENCE { crlId BAG-TYPE.&id ({CRLTypes}), crltValue [0] EXPLICIT BAG-TYPE.&Type ({CRLTypes}{@crlId}) } x509CRL BAG-TYPE ::= {OCTET STRING IDENTIFIED BY {crlTypes 1}} -- DER-encoded X.509 CRL stored in OCTET STRING CRLTypes BAG-TYPE ::= { x509CRL, ... -- For future extensions } -- Secret Bag SecretBag ::= SEQUENCE { secretTypeId BAG-TYPE.&id ({SecretTypes}), secretValue [0] EXPLICIT BAG-TYPE.&Type ({SecretTypes} {@secretTypeId}) } SecretTypes BAG-TYPE ::= { ... -- For future extensions } -- ============================ -- Attributes -- ============================ PKCS12Attribute ::= SEQUENCE { attrId ATTRIBUTE.&id ({PKCS12AttrSet}), attrValues SET OF ATTRIBUTE.&Type ({PKCS12AttrSet}{@attrId}) } -- This type is compatible with the X.500 type 'Attribute' PKCS12AttrSet ATTRIBUTE ::= { friendlyName | localKeyId, ... -- Other attributes are allowed } END