Loading...
1PKCS7ContentInfo ::= SEQUENCE {
2 contentType ContentType ({ pkcs7_check_content_type }),
3 content [0] EXPLICIT SignedData OPTIONAL
4}
5
6ContentType ::= OBJECT IDENTIFIER ({ pkcs7_note_OID })
7
8SignedData ::= SEQUENCE {
9 version INTEGER ({ pkcs7_note_signeddata_version }),
10 digestAlgorithms DigestAlgorithmIdentifiers,
11 contentInfo ContentInfo ({ pkcs7_note_content }),
12 certificates CHOICE {
13 certSet [0] IMPLICIT ExtendedCertificatesAndCertificates,
14 certSequence [2] IMPLICIT Certificates
15 } OPTIONAL ({ pkcs7_note_certificate_list }),
16 crls CHOICE {
17 crlSet [1] IMPLICIT CertificateRevocationLists,
18 crlSequence [3] IMPLICIT CRLSequence
19 } OPTIONAL,
20 signerInfos SignerInfos
21}
22
23ContentInfo ::= SEQUENCE {
24 contentType ContentType ({ pkcs7_note_OID }),
25 content [0] EXPLICIT Data OPTIONAL
26}
27
28Data ::= ANY ({ pkcs7_note_data })
29
30DigestAlgorithmIdentifiers ::= CHOICE {
31 daSet SET OF DigestAlgorithmIdentifier,
32 daSequence SEQUENCE OF DigestAlgorithmIdentifier
33}
34
35DigestAlgorithmIdentifier ::= SEQUENCE {
36 algorithm OBJECT IDENTIFIER ({ pkcs7_note_OID }),
37 parameters ANY OPTIONAL
38}
39
40--
41-- Certificates and certificate lists
42--
43ExtendedCertificatesAndCertificates ::= SET OF ExtendedCertificateOrCertificate
44
45ExtendedCertificateOrCertificate ::= CHOICE {
46 certificate Certificate, -- X.509
47 extendedCertificate [0] IMPLICIT ExtendedCertificate -- PKCS#6
48}
49
50ExtendedCertificate ::= Certificate -- cheating
51
52Certificates ::= SEQUENCE OF Certificate
53
54CertificateRevocationLists ::= SET OF CertificateList
55
56CertificateList ::= SEQUENCE OF Certificate -- This may be defined incorrectly
57
58CRLSequence ::= SEQUENCE OF CertificateList
59
60Certificate ::= ANY ({ pkcs7_extract_cert }) -- X.509
61
62--
63-- Signer information
64--
65SignerInfos ::= CHOICE {
66 siSet SET OF SignerInfo,
67 siSequence SEQUENCE OF SignerInfo
68}
69
70SignerInfo ::= SEQUENCE {
71 version INTEGER ({ pkcs7_note_signerinfo_version }),
72 sid SignerIdentifier, -- CMS variant, not PKCS#7
73 digestAlgorithm DigestAlgorithmIdentifier ({ pkcs7_sig_note_digest_algo }),
74 authenticatedAttributes CHOICE {
75 aaSet [0] IMPLICIT SetOfAuthenticatedAttribute
76 ({ pkcs7_sig_note_set_of_authattrs }),
77 aaSequence [2] EXPLICIT SEQUENCE OF AuthenticatedAttribute
78 -- Explicit because easier to compute digest on
79 -- sequence of attributes and then reuse encoded
80 -- sequence in aaSequence.
81 } OPTIONAL,
82 digestEncryptionAlgorithm
83 DigestEncryptionAlgorithmIdentifier ({ pkcs7_sig_note_pkey_algo }),
84 encryptedDigest EncryptedDigest,
85 unauthenticatedAttributes CHOICE {
86 uaSet [1] IMPLICIT SET OF UnauthenticatedAttribute,
87 uaSequence [3] IMPLICIT SEQUENCE OF UnauthenticatedAttribute
88 } OPTIONAL
89} ({ pkcs7_note_signed_info })
90
91SignerIdentifier ::= CHOICE {
92 -- RFC5652 sec 5.3
93 issuerAndSerialNumber IssuerAndSerialNumber,
94 subjectKeyIdentifier [0] IMPLICIT SubjectKeyIdentifier
95}
96
97IssuerAndSerialNumber ::= SEQUENCE {
98 issuer Name ({ pkcs7_sig_note_issuer }),
99 serialNumber CertificateSerialNumber ({ pkcs7_sig_note_serial })
100}
101
102CertificateSerialNumber ::= INTEGER
103
104SubjectKeyIdentifier ::= OCTET STRING ({ pkcs7_sig_note_skid })
105
106SetOfAuthenticatedAttribute ::= SET OF AuthenticatedAttribute
107
108AuthenticatedAttribute ::= SEQUENCE {
109 type OBJECT IDENTIFIER ({ pkcs7_note_OID }),
110 values SET OF ANY ({ pkcs7_sig_note_authenticated_attr })
111}
112
113UnauthenticatedAttribute ::= SEQUENCE {
114 type OBJECT IDENTIFIER,
115 values SET OF ANY
116}
117
118DigestEncryptionAlgorithmIdentifier ::= SEQUENCE {
119 algorithm OBJECT IDENTIFIER ({ pkcs7_note_OID }),
120 parameters ANY OPTIONAL
121}
122
123EncryptedDigest ::= OCTET STRING ({ pkcs7_sig_note_signature })
124
125---
126--- X.500 Name
127---
128Name ::= SEQUENCE OF RelativeDistinguishedName
129
130RelativeDistinguishedName ::= SET OF AttributeValueAssertion
131
132AttributeValueAssertion ::= SEQUENCE {
133 attributeType OBJECT IDENTIFIER ({ pkcs7_note_OID }),
134 attributeValue ANY
135}
1PKCS7ContentInfo ::= SEQUENCE {
2 contentType ContentType ({ pkcs7_check_content_type }),
3 content [0] EXPLICIT SignedData OPTIONAL
4}
5
6ContentType ::= OBJECT IDENTIFIER ({ pkcs7_note_OID })
7
8SignedData ::= SEQUENCE {
9 version INTEGER ({ pkcs7_note_signeddata_version }),
10 digestAlgorithms DigestAlgorithmIdentifiers,
11 contentInfo ContentInfo ({ pkcs7_note_content }),
12 certificates CHOICE {
13 certSet [0] IMPLICIT ExtendedCertificatesAndCertificates,
14 certSequence [2] IMPLICIT Certificates
15 } OPTIONAL ({ pkcs7_note_certificate_list }),
16 crls CHOICE {
17 crlSet [1] IMPLICIT CertificateRevocationLists,
18 crlSequence [3] IMPLICIT CRLSequence
19 } OPTIONAL,
20 signerInfos SignerInfos
21}
22
23ContentInfo ::= SEQUENCE {
24 contentType ContentType ({ pkcs7_note_OID }),
25 content [0] EXPLICIT Data OPTIONAL
26}
27
28Data ::= ANY ({ pkcs7_note_data })
29
30DigestAlgorithmIdentifiers ::= CHOICE {
31 daSet SET OF DigestAlgorithmIdentifier,
32 daSequence SEQUENCE OF DigestAlgorithmIdentifier
33}
34
35DigestAlgorithmIdentifier ::= SEQUENCE {
36 algorithm OBJECT IDENTIFIER ({ pkcs7_note_OID }),
37 parameters ANY OPTIONAL
38}
39
40--
41-- Certificates and certificate lists
42--
43ExtendedCertificatesAndCertificates ::= SET OF ExtendedCertificateOrCertificate
44
45ExtendedCertificateOrCertificate ::= CHOICE {
46 certificate Certificate, -- X.509
47 extendedCertificate [0] IMPLICIT ExtendedCertificate -- PKCS#6
48}
49
50ExtendedCertificate ::= Certificate -- cheating
51
52Certificates ::= SEQUENCE OF Certificate
53
54CertificateRevocationLists ::= SET OF CertificateList
55
56CertificateList ::= SEQUENCE OF Certificate -- This may be defined incorrectly
57
58CRLSequence ::= SEQUENCE OF CertificateList
59
60Certificate ::= ANY ({ pkcs7_extract_cert }) -- X.509
61
62--
63-- Signer information
64--
65SignerInfos ::= CHOICE {
66 siSet SET OF SignerInfo,
67 siSequence SEQUENCE OF SignerInfo
68}
69
70SignerInfo ::= SEQUENCE {
71 version INTEGER ({ pkcs7_note_signerinfo_version }),
72 sid SignerIdentifier, -- CMS variant, not PKCS#7
73 digestAlgorithm DigestAlgorithmIdentifier ({ pkcs7_sig_note_digest_algo }),
74 authenticatedAttributes CHOICE {
75 aaSet [0] IMPLICIT SetOfAuthenticatedAttribute
76 ({ pkcs7_sig_note_set_of_authattrs }),
77 aaSequence [2] EXPLICIT SEQUENCE OF AuthenticatedAttribute
78 -- Explicit because easier to compute digest on
79 -- sequence of attributes and then reuse encoded
80 -- sequence in aaSequence.
81 } OPTIONAL,
82 digestEncryptionAlgorithm
83 DigestEncryptionAlgorithmIdentifier ({ pkcs7_sig_note_pkey_algo }),
84 encryptedDigest EncryptedDigest,
85 unauthenticatedAttributes CHOICE {
86 uaSet [1] IMPLICIT SET OF UnauthenticatedAttribute,
87 uaSequence [3] IMPLICIT SEQUENCE OF UnauthenticatedAttribute
88 } OPTIONAL
89} ({ pkcs7_note_signed_info })
90
91SignerIdentifier ::= CHOICE {
92 -- RFC5652 sec 5.3
93 issuerAndSerialNumber IssuerAndSerialNumber,
94 subjectKeyIdentifier [0] IMPLICIT SubjectKeyIdentifier
95}
96
97IssuerAndSerialNumber ::= SEQUENCE {
98 issuer Name ({ pkcs7_sig_note_issuer }),
99 serialNumber CertificateSerialNumber ({ pkcs7_sig_note_serial })
100}
101
102CertificateSerialNumber ::= INTEGER
103
104SubjectKeyIdentifier ::= OCTET STRING ({ pkcs7_sig_note_skid })
105
106SetOfAuthenticatedAttribute ::= SET OF AuthenticatedAttribute
107
108AuthenticatedAttribute ::= SEQUENCE {
109 type OBJECT IDENTIFIER ({ pkcs7_note_OID }),
110 values SET OF ANY ({ pkcs7_sig_note_authenticated_attr })
111}
112
113UnauthenticatedAttribute ::= SEQUENCE {
114 type OBJECT IDENTIFIER,
115 values SET OF ANY
116}
117
118DigestEncryptionAlgorithmIdentifier ::= SEQUENCE {
119 algorithm OBJECT IDENTIFIER ({ pkcs7_note_OID }),
120 parameters ANY OPTIONAL
121}
122
123EncryptedDigest ::= OCTET STRING ({ pkcs7_sig_note_signature })
124
125---
126--- X.500 Name
127---
128Name ::= SEQUENCE OF RelativeDistinguishedName
129
130RelativeDistinguishedName ::= SET OF AttributeValueAssertion
131
132AttributeValueAssertion ::= SEQUENCE {
133 attributeType OBJECT IDENTIFIER ({ pkcs7_note_OID }),
134 attributeValue ANY
135}