Tech-invite3GPPspaceIETFspace
96959493929190898887868584838281807978777675747372717069686766656463626160595857565554535251504948474645444342414039383736353433323130292827262524232221201918171615141312111009080706050403020100
in Index   Prev   Next

RFC 5912

New ASN.1 Modules for the Public Key Infrastructure Using X.509 (PKIX)

Pages: 117
Informational
Errata
Updated by:  69609480
Part 3 of 6 – Pages 36 to 52
First   Prev   Next

Top   ToC   RFC5912 - Page 36   prevText

8. ASN.1 Module for RFC 4055

PKIX1-PSS-OAEP-Algorithms-2009 {iso(1) identified-organization(3) dod(6) internet(1) security(5) mechanisms(5) pkix(7) id-mod(0) id-mod-pkix1-rsa-pkalgs-02(54)} DEFINITIONS EXPLICIT TAGS ::= BEGIN IMPORTS AlgorithmIdentifier{}, ALGORITHM, DIGEST-ALGORITHM, KEY-TRANSPORT, SIGNATURE-ALGORITHM, PUBLIC-KEY, SMIME-CAPS FROM AlgorithmInformation-2009 {iso(1) identified-organization(3) dod(6) internet(1) security(5) mechanisms(5) pkix(7) id-mod(0) id-mod-algorithmInformation-02(58)} id-sha1, mda-sha1, pk-rsa, RSAPublicKey FROM PKIXAlgs-2009 {iso(1) identified-organization(3) dod(6) internet(1) security(5) mechanisms(5) pkix(7) id-mod(0) id-mod-pkix1-algorithms2008-02(56)}; -- ============================ -- Object Set exports -- ============================ -- -- Define top-level symbols with all of the objects defined for -- export to other modules. These objects would be included as part -- of an Object Set to restrict the set of legal values. -- PublicKeys PUBLIC-KEY ::= { pk-rsaSSA-PSS | pk-rsaES-OAEP, ... } SignatureAlgs SIGNATURE-ALGORITHM ::= { sa-rsaSSA-PSS, ...} KeyTransportAlgs KEY-TRANSPORT ::= { kta-rsaES-OAEP, ... } HashAlgs DIGEST-ALGORITHM ::= { mda-sha224 | mda-sha256 | mda-sha384 | mda-sha512, ... } SMimeCaps SMIME-CAPS ::= { sa-rsaSSA-PSS.&smimeCaps | kta-rsaES-OAEP.&smimeCaps, ... } -- ============================= -- Algorithm Objects -- ============================= -- -- Public key object for PSS signatures
Top   ToC   RFC5912 - Page 37
   --

   pk-rsaSSA-PSS PUBLIC-KEY ::= {
       IDENTIFIER id-RSASSA-PSS
       KEY RSAPublicKey
       PARAMS TYPE RSASSA-PSS-params ARE optional
        -- Private key format not in this module --
       CERT-KEY-USAGE { nonRepudiation, digitalSignature,
                            keyCertSign, cRLSign }
   }

   --
   --  Signature algorithm definition for PSS signatures
   --

   sa-rsaSSA-PSS SIGNATURE-ALGORITHM ::= {
       IDENTIFIER id-RSASSA-PSS
       PARAMS TYPE RSASSA-PSS-params ARE required
       HASHES { mda-sha1 | mda-sha224 | mda-sha256 | mda-sha384
                    | mda-sha512 }
       PUBLIC-KEYS { pk-rsa | pk-rsaSSA-PSS }
       SMIME-CAPS { IDENTIFIED BY id-RSASSA-PSS }
   }

   --
   --  Signature algorithm definitions for PKCS v1.5 signatures
   --

   sa-sha224WithRSAEncryption SIGNATURE-ALGORITHM ::= {
       IDENTIFIER sha224WithRSAEncryption
       PARAMS TYPE NULL ARE required
       HASHES { mda-sha224 }
       PUBLIC-KEYS { pk-rsa }
       SMIME-CAPS { IDENTIFIED BY sha224WithRSAEncryption }
   }
   sha224WithRSAEncryption  OBJECT IDENTIFIER  ::=  { pkcs-1 14 }

   sa-sha256WithRSAEncryption SIGNATURE-ALGORITHM ::= {
       IDENTIFIER sha256WithRSAEncryption
       PARAMS TYPE NULL ARE required
       HASHES { mda-sha256 }
       PUBLIC-KEYS { pk-rsa }
       SMIME-CAPS { IDENTIFIED BY sha256WithRSAEncryption }
   }
   sha256WithRSAEncryption  OBJECT IDENTIFIER  ::=  { pkcs-1 11 }

   sa-sha384WithRSAEncryption SIGNATURE-ALGORITHM ::= {
       IDENTIFIER sha384WithRSAEncryption
Top   ToC   RFC5912 - Page 38
       PARAMS TYPE NULL ARE required
       HASHES { mda-sha384 }
       PUBLIC-KEYS { pk-rsa }
       SMIME-CAPS { IDENTIFIED BY sha384WithRSAEncryption }
   }
   sha384WithRSAEncryption  OBJECT IDENTIFIER  ::=  { pkcs-1 12 }

   sa-sha512WithRSAEncryption SIGNATURE-ALGORITHM ::= {
       IDENTIFIER sha512WithRSAEncryption
       PARAMS TYPE NULL ARE required
       HASHES { mda-sha512 }
       PUBLIC-KEYS { pk-rsa }
       SMIME-CAPS { IDENTIFIED BY sha512WithRSAEncryption }
   }
   sha512WithRSAEncryption  OBJECT IDENTIFIER  ::=  { pkcs-1 13 }

   --
   --  Public key definition for OAEP encryption
   --

   pk-rsaES-OAEP PUBLIC-KEY ::= {
       IDENTIFIER id-RSAES-OAEP
       KEY RSAPublicKey
       PARAMS TYPE RSAES-OAEP-params ARE optional
        -- Private key format not in this module --
       CERT-KEY-USAGE {keyEncipherment, dataEncipherment}
   }

   --
   --  Key transport key lock definition for OAEP encryption
   --

   kta-rsaES-OAEP KEY-TRANSPORT ::= {
       IDENTIFIER id-RSAES-OAEP
       PARAMS TYPE RSAES-OAEP-params ARE required
       PUBLIC-KEYS { pk-rsa | pk-rsaES-OAEP }
       SMIME-CAPS { TYPE RSAES-OAEP-params IDENTIFIED BY id-RSAES-OAEP}
   }
   -- ============================
   --   Basic object identifiers
   -- ============================

   pkcs-1  OBJECT IDENTIFIER  ::=
       { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) 1 }

   -- When rsaEncryption is used in an AlgorithmIdentifier, the
   -- parameters MUST be present and MUST be NULL.
Top   ToC   RFC5912 - Page 39
   -- rsaEncryption  OBJECT IDENTIFIER  ::=  { pkcs-1 1 }

   -- When id-RSAES-OAEP is used in an AlgorithmIdentifier,
   -- and the parameters field is present, it MUST be
   -- RSAES-OAEP-params.

   id-RSAES-OAEP  OBJECT IDENTIFIER  ::=  { pkcs-1 7 }

   -- When id-mgf1 is used in an AlgorithmIdentifier, the parameters
   -- MUST be present and MUST be a HashAlgorithm.

   id-mgf1  OBJECT IDENTIFIER  ::=  { pkcs-1 8 }

   -- When id-pSpecified is used in an AlgorithmIdentifier, the
   -- parameters MUST be an OCTET STRING.

   id-pSpecified  OBJECT IDENTIFIER  ::=  { pkcs-1 9 }

   -- When id-RSASSA-PSS is used in an AlgorithmIdentifier, and the
   -- parameters field is present, it MUST be RSASSA-PSS-params.

   id-RSASSA-PSS  OBJECT IDENTIFIER  ::=  { pkcs-1 10 }

   -- When the following OIDs are used in an AlgorithmIdentifier, the
   -- parameters SHOULD be absent, but if the parameters are present,
   -- they MUST be NULL.

   --
   -- id-sha1 is imported from RFC 3279.  Additionally, the v1.5
   -- signature algorithms (i.e., rsaWithSHA256) are now solely placed
   -- in that module.
   --

   id-sha224  OBJECT IDENTIFIER  ::=
       { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101)
       csor(3) nistAlgorithms(4) hashalgs(2) 4 }

   mda-sha224 DIGEST-ALGORITHM ::= {
       IDENTIFIER id-sha224
       PARAMS TYPE NULL ARE preferredAbsent
   }

   id-sha256  OBJECT IDENTIFIER  ::=
       { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101)
       csor(3) nistAlgorithms(4) hashalgs(2) 1 }

   mda-sha256 DIGEST-ALGORITHM ::= {
       IDENTIFIER id-sha256
Top   ToC   RFC5912 - Page 40
       PARAMS TYPE NULL ARE preferredAbsent
   }
   id-sha384  OBJECT IDENTIFIER  ::=
       { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101)
       csor(3) nistAlgorithms(4) hashalgs(2) 2 }

   mda-sha384 DIGEST-ALGORITHM ::= {
       IDENTIFIER id-sha384
       PARAMS TYPE NULL ARE preferredAbsent
   }
   id-sha512  OBJECT IDENTIFIER  ::=
       { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101)
       csor(3) nistAlgorithms(4) hashalgs(2) 3 }

   mda-sha512 DIGEST-ALGORITHM ::= {
       IDENTIFIER id-sha512
       PARAMS TYPE NULL ARE preferredAbsent
   }

   -- =============
   --   Constants
   -- =============

   EncodingParameters ::= OCTET STRING(SIZE(0..MAX))

   nullOctetString  EncodingParameters  ::=  ''H

   nullParameters NULL  ::=  NULL

   -- =========================
   --   Algorithm Identifiers
   -- =========================

   HashAlgorithm  ::=  AlgorithmIdentifier{DIGEST-ALGORITHM,
                           {HashAlgorithms}}

   HashAlgorithms DIGEST-ALGORITHM ::=  {
       { IDENTIFIER id-sha1 PARAMS TYPE NULL ARE preferredPresent } |
       { IDENTIFIER id-sha224 PARAMS TYPE NULL ARE preferredPresent } |
       { IDENTIFIER id-sha256 PARAMS TYPE NULL ARE preferredPresent } |
       { IDENTIFIER id-sha384 PARAMS TYPE NULL ARE preferredPresent } |
       { IDENTIFIER id-sha512 PARAMS TYPE NULL ARE preferredPresent }
   }

   sha1Identifier HashAlgorithm ::= {
       algorithm id-sha1,
       parameters NULL : NULL
   }
Top   ToC   RFC5912 - Page 41
   --
   --  We have a default algorithm - create the value here
   --

   MaskGenAlgorithm ::= AlgorithmIdentifier{ALGORITHM,
                           {PKCS1MGFAlgorithms}}

   mgf1SHA1 MaskGenAlgorithm ::= {
       algorithm id-mgf1,
       parameters HashAlgorithm : sha1Identifier
   }

   --
   --  Define the set of mask generation functions
   --
   --  If the identifier is id-mgf1, any of the listed hash
   --    algorithms may be used.
   --

   PKCS1MGFAlgorithms ALGORITHM ::= {
       { IDENTIFIER id-mgf1 PARAMS TYPE HashAlgorithm ARE required },
       ...
   }

   --
   -- Define the set of known source algorithms for PSS
   --

   PSourceAlgorithm ::= AlgorithmIdentifier{ALGORITHM,
                                                {PSS-SourceAlgorithms}}

   PSS-SourceAlgorithms ALGORITHM ::= {
       { IDENTIFIER id-pSpecified PARAMS TYPE EncodingParameters
             ARE required },
       ...
   }
   pSpecifiedEmpty PSourceAlgorithm ::=  {
       algorithm id-pSpecified,
       parameters EncodingParameters : nullOctetString
   }

   -- ===================
   --   Main structures
   -- ===================

   -- AlgorithmIdentifier parameters for id-RSASSA-PSS.
   -- Note that the tags in this Sequence are explicit.
   -- Note: The hash algorithm in hashAlgorithm and in
Top   ToC   RFC5912 - Page 42
   -- maskGenAlgorithm should be the same.

   RSASSA-PSS-params  ::=  SEQUENCE  {
       hashAlgorithm     [0] HashAlgorithm DEFAULT sha1Identifier,
       maskGenAlgorithm  [1] MaskGenAlgorithm DEFAULT mgf1SHA1,
       saltLength        [2] INTEGER DEFAULT 20,
       trailerField      [3] INTEGER DEFAULT 1
   }

   -- AlgorithmIdentifier parameters for id-RSAES-OAEP.
   -- Note that the tags in this Sequence are explicit.
   -- Note: The hash algorithm in hashFunc and in
   -- maskGenFunc should be the same.

   RSAES-OAEP-params  ::=  SEQUENCE  {
       hashFunc          [0] HashAlgorithm DEFAULT sha1Identifier,
       maskGenFunc       [1] MaskGenAlgorithm DEFAULT mgf1SHA1,
       pSourceFunc       [2] PSourceAlgorithm DEFAULT
                                 pSpecifiedEmpty
   }

   END

9. ASN.1 Module for RFC 4210

PKIXCMP-2009 { iso(1) identified-organization(3) dod(6) internet(1) security(5) mechanisms(5) pkix(7) id-mod(0) id-mod-cmp2000-02(50) } DEFINITIONS EXPLICIT TAGS ::= BEGIN IMPORTS AttributeSet{}, Extensions{}, EXTENSION, ATTRIBUTE FROM PKIX-CommonTypes-2009 {iso(1) identified-organization(3) dod(6) internet(1) security(5) mechanisms(5) pkix(7) id-mod(0) id-mod-pkixCommon-02(57)} AlgorithmIdentifier{}, SIGNATURE-ALGORITHM, ALGORITHM, DIGEST-ALGORITHM, MAC-ALGORITHM FROM AlgorithmInformation-2009 {iso(1) identified-organization(3) dod(6) internet(1) security(5) mechanisms(5) pkix(7) id-mod(0) id-mod-algorithmInformation-02(58)} Certificate, CertificateList FROM PKIX1Explicit-2009 {iso(1) identified-organization(3) dod(6) internet(1) security(5) mechanisms(5) pkix(7) id-mod(0) id-mod-pkix1-explicit-02(51)}
Top   ToC   RFC5912 - Page 43
 GeneralName, KeyIdentifier
 FROM PKIX1Implicit-2009
     {iso(1) identified-organization(3) dod(6) internet(1) security(5)
     mechanisms(5) pkix(7) id-mod(0) id-mod-pkix1-implicit-02(59)}

 CertTemplate, PKIPublicationInfo, EncryptedValue, CertId,
     CertReqMessages
 FROM PKIXCRMF-2009
     { iso(1) identified-organization(3) dod(6) internet(1) security(5)
     mechanisms(5) pkix(7) id-mod(0) id-mod-crmf2005-02(55) }
 -- see also the behavioral clarifications to CRMF codified in
 -- Appendix C of this specification

 CertificationRequest
 FROM PKCS-10
       {iso(1) identified-organization(3) dod(6) internet(1) security(5)
       mechanisms(5) pkix(7) id-mod(0) id-mod-pkcs10-2009(69)}
 -- (specified in RFC 2986 with 1993 ASN.1 syntax and IMPLICIT
 -- tags).  Alternatively, implementers may directly include
 -- the [PKCS10] syntax in this module
 ;

 -- the rest of the module contains locally defined OIDs and
 -- constructs

 CMPCertificate ::= CHOICE { x509v3PKCert Certificate, ... }
 -- This syntax, while bits-on-the-wire compatible with the
 -- standard X.509 definition of "Certificate", allows the
 -- possibility of future certificate types (such as X.509
 -- attribute certificates, WAP WTLS certificates, or other kinds
 -- of certificates) within this certificate management protocol,
 -- should a need ever arise to support such generality.  Those
 -- implementations that do not foresee a need to ever support
 -- other certificate types MAY, if they wish, comment out the
 -- above structure and "uncomment" the following one prior to
 -- compiling this ASN.1 module.  (Note that interoperability
 -- with implementations that don't do this will be unaffected by
 -- this change.)

 -- CMPCertificate ::= Certificate

 PKIMessage ::= SEQUENCE {
     header           PKIHeader,
     body             PKIBody,
     protection   [0] PKIProtection OPTIONAL,
     extraCerts   [1] SEQUENCE SIZE (1..MAX) OF CMPCertificate
                   OPTIONAL }
Top   ToC   RFC5912 - Page 44
 PKIMessages ::= SEQUENCE SIZE (1..MAX) OF PKIMessage

 PKIHeader ::= SEQUENCE {
     pvno                INTEGER     { cmp1999(1), cmp2000(2) },
     sender              GeneralName,
     -- identifies the sender
     recipient           GeneralName,
     -- identifies the intended recipient
     messageTime     [0] GeneralizedTime         OPTIONAL,
     -- time of production of this message (used when sender
     -- believes that the transport will be "suitable"; i.e.,
     -- that the time will still be meaningful upon receipt)
     protectionAlg   [1] AlgorithmIdentifier{ALGORITHM, {...}}
                             OPTIONAL,
     -- algorithm used for calculation of protection bits
     senderKID       [2] KeyIdentifier           OPTIONAL,
     recipKID        [3] KeyIdentifier           OPTIONAL,
     -- to identify specific keys used for protection
     transactionID   [4] OCTET STRING            OPTIONAL,
     -- identifies the transaction; i.e., this will be the same in
     -- corresponding request, response, certConf, and PKIConf
     -- messages
     senderNonce     [5] OCTET STRING            OPTIONAL,
     recipNonce      [6] OCTET STRING            OPTIONAL,
     -- nonces used to provide replay protection, senderNonce
     -- is inserted by the creator of this message; recipNonce
     -- is a nonce previously inserted in a related message by
     -- the intended recipient of this message
     freeText        [7] PKIFreeText             OPTIONAL,
     -- this may be used to indicate context-specific instructions
     -- (this field is intended for human consumption)
     generalInfo     [8] SEQUENCE SIZE (1..MAX) OF
                         InfoTypeAndValue     OPTIONAL
     -- this may be used to convey context-specific information
     -- (this field not primarily intended for human consumption)
 }

 PKIFreeText ::= SEQUENCE SIZE (1..MAX) OF UTF8String
     -- text encoded as UTF-8 String [RFC3629] (note: each
     -- UTF8String MAY include an [RFC3066] language tag
     -- to indicate the language of the contained text;
     -- see [RFC2482] for details)

 PKIBody ::= CHOICE {       -- message-specific body elements
     ir       [0]  CertReqMessages,        --Initialization Request
     ip       [1]  CertRepMessage,         --Initialization Response
     cr       [2]  CertReqMessages,        --Certification Request
     cp       [3]  CertRepMessage,         --Certification Response
Top   ToC   RFC5912 - Page 45
     p10cr    [4]  CertificationRequest,   --imported from [PKCS10]
     popdecc  [5]  POPODecKeyChallContent, --pop Challenge
     popdecr  [6]  POPODecKeyRespContent,  --pop Response
     kur      [7]  CertReqMessages,        --Key Update Request
     kup      [8]  CertRepMessage,         --Key Update Response
     krr      [9]  CertReqMessages,        --Key Recovery Request
     krp      [10] KeyRecRepContent,       --Key Recovery Response
     rr       [11] RevReqContent,          --Revocation Request
     rp       [12] RevRepContent,          --Revocation Response
     ccr      [13] CertReqMessages,        --Cross-Cert. Request
     ccp      [14] CertRepMessage,         --Cross-Cert. Response
     ckuann   [15] CAKeyUpdAnnContent,     --CA Key Update Ann.
     cann     [16] CertAnnContent,         --Certificate Ann.
     rann     [17] RevAnnContent,          --Revocation Ann.
     crlann   [18] CRLAnnContent,          --CRL Announcement
     pkiconf  [19] PKIConfirmContent,      --Confirmation
     nested   [20] NestedMessageContent,   --Nested Message
     genm     [21] GenMsgContent,          --General Message
     genp     [22] GenRepContent,          --General Response
     error    [23] ErrorMsgContent,        --Error Message
     certConf [24] CertConfirmContent,     --Certificate confirm
     pollReq  [25] PollReqContent,         --Polling request
     pollRep  [26] PollRepContent          --Polling response
 }

 PKIProtection ::= BIT STRING

 ProtectedPart ::= SEQUENCE {
     header    PKIHeader,
     body      PKIBody }

 id-PasswordBasedMac OBJECT IDENTIFIER ::= { iso(1) member-body(2)
     usa(840) nt(113533) nsn(7) algorithms(66) 13 }
 PBMParameter ::= SEQUENCE {
     salt                OCTET STRING,
     -- note:  implementations MAY wish to limit acceptable sizes
     -- of this string to values appropriate for their environment
     -- in order to reduce the risk of denial-of-service attacks
     owf                 AlgorithmIdentifier{DIGEST-ALGORITHM, {...}},
     -- AlgId for a One-Way Function (SHA-1 recommended)
     iterationCount      INTEGER,
     -- number of times the OWF is applied
     -- note:  implementations MAY wish to limit acceptable sizes
     -- of this integer to values appropriate for their environment
     -- in order to reduce the risk of denial-of-service attacks
     mac                 AlgorithmIdentifier{MAC-ALGORITHM, {...}}
     -- the MAC AlgId (e.g., DES-MAC, Triple-DES-MAC [PKCS11],
     -- or HMAC [RFC2104, RFC2202])
Top   ToC   RFC5912 - Page 46
 }

 id-DHBasedMac OBJECT IDENTIFIER ::= { iso(1) member-body(2)
     usa(840) nt(113533) nsn(7) algorithms(66) 30 }
 DHBMParameter ::= SEQUENCE {
     owf                 AlgorithmIdentifier{DIGEST-ALGORITHM, {...}},
     -- AlgId for a One-Way Function (SHA-1 recommended)
     mac                 AlgorithmIdentifier{MAC-ALGORITHM, {...}}
     -- the MAC AlgId (e.g., DES-MAC, Triple-DES-MAC [PKCS11],
     -- or HMAC [RFC2104, RFC2202])
 }

 PKIStatus ::= INTEGER {
     accepted               (0),
     -- you got exactly what you asked for
     grantedWithMods        (1),
     -- you got something like what you asked for; the
     -- requester is responsible for ascertaining the differences
     rejection              (2),
     -- you don't get it, more information elsewhere in the message
     waiting                (3),
     -- the request body part has not yet been processed; expect to
     -- hear more later (note: proper handling of this status
     -- response MAY use the polling req/rep PKIMessages specified
     -- in Section 5.3.22; alternatively, polling in the underlying
     -- transport layer MAY have some utility in this regard)
     revocationWarning      (4),
     -- this message contains a warning that a revocation is
     -- imminent
     revocationNotification (5),
     -- notification that a revocation has occurred
     keyUpdateWarning       (6)
     -- update already done for the oldCertId specified in
     -- CertReqMsg
 }

 PKIFailureInfo ::= BIT STRING {
 -- since we can fail in more than one way!
 -- More codes may be added in the future if/when required.
     badAlg              (0),
     -- unrecognized or unsupported Algorithm Identifier
     badMessageCheck     (1),
     -- integrity check failed (e.g., signature did not verify)
     badRequest          (2),
     -- transaction not permitted or supported
     badTime             (3),
     -- messageTime was not sufficiently close to the system time,
     -- as defined by local policy
Top   ToC   RFC5912 - Page 47
     badCertId           (4),
     -- no certificate could be found matching the provided criteria
     badDataFormat       (5),
     -- the data submitted has the wrong format
     wrongAuthority      (6),
     -- the authority indicated in the request is different from the
     -- one creating the response token
     incorrectData       (7),
     -- the requester's data is incorrect (for notary services)
     missingTimeStamp    (8),
     -- when the timestamp is missing but should be there
     -- (by policy)
     badPOP              (9),
     -- the proof-of-possession failed
     certRevoked         (10),
     -- the certificate has already been revoked
     certConfirmed       (11),
     -- the certificate has already been confirmed
     wrongIntegrity      (12),
     -- invalid integrity, password based instead of signature or
     -- vice versa
     badRecipientNonce   (13),
     -- invalid recipient nonce, either missing or wrong value
     timeNotAvailable    (14),
     -- the TSA's time source is not available
     unacceptedPolicy    (15),
     -- the requested TSA policy is not supported by the TSA
     unacceptedExtension (16),
     -- the requested extension is not supported by the TSA
     addInfoNotAvailable (17),
     -- the additional information requested could not be
     -- understood or is not available
     badSenderNonce      (18),
     -- invalid sender nonce, either missing or wrong size
     badCertTemplate     (19),
     -- invalid cert. template or missing mandatory information
     signerNotTrusted    (20),
     -- signer of the message unknown or not trusted
     transactionIdInUse  (21),
     -- the transaction identifier is already in use
     unsupportedVersion  (22),
     -- the version of the message is not supported
     notAuthorized       (23),
     -- the sender was not authorized to make the preceding
     -- request or perform the preceding action
     systemUnavail       (24),
     -- the request cannot be handled due to system unavailability
     systemFailure       (25),
Top   ToC   RFC5912 - Page 48
     -- the request cannot be handled due to system failure
     duplicateCertReq    (26)
     -- certificate cannot be issued because a duplicate
     -- certificate already exists
 }

 PKIStatusInfo ::= SEQUENCE {
     status        PKIStatus,
     statusString  PKIFreeText     OPTIONAL,
     failInfo      PKIFailureInfo  OPTIONAL }

 OOBCert ::= CMPCertificate

 OOBCertHash ::= SEQUENCE {
     hashAlg     [0] AlgorithmIdentifier{DIGEST-ALGORITHM, {...}}
                         OPTIONAL,
     certId      [1] CertId                  OPTIONAL,
     hashVal         BIT STRING
     -- hashVal is calculated over the DER encoding of the
     -- self-signed certificate with the identifier certID.
 }

 POPODecKeyChallContent ::= SEQUENCE OF Challenge
 -- One Challenge per encryption key certification request (in the
 -- same order as these requests appear in CertReqMessages).

 Challenge ::= SEQUENCE {
     owf                 AlgorithmIdentifier{DIGEST-ALGORITHM, {...}}
                             OPTIONAL,
     -- MUST be present in the first Challenge; MAY be omitted in
     -- any subsequent Challenge in POPODecKeyChallContent (if
     -- omitted, then the owf used in the immediately preceding
     -- Challenge is to be used).
     witness             OCTET STRING,
     -- the result of applying the one-way function (owf) to a
     -- randomly-generated INTEGER, A.  [Note that a different
     -- INTEGER MUST be used for each Challenge.]
     challenge           OCTET STRING
     -- the encryption (under the public key for which the cert.
     -- request is being made) of Rand, where Rand is specified as
     --   Rand ::= SEQUENCE {
     --      int      INTEGER,
     --       - the randomly-generated INTEGER A (above)
     --      sender   GeneralName
     --       - the sender's name (as included in PKIHeader)
     --   }
 }
Top   ToC   RFC5912 - Page 49
 POPODecKeyRespContent ::= SEQUENCE OF INTEGER
 -- One INTEGER per encryption key certification request (in the
 -- same order as these requests appear in CertReqMessages).  The
 -- retrieved INTEGER A (above) is returned to the sender of the
 -- corresponding Challenge.

 CertRepMessage ::= SEQUENCE {
     caPubs       [1] SEQUENCE SIZE (1..MAX) OF CMPCertificate
                   OPTIONAL,
     response         SEQUENCE OF CertResponse }

 CertResponse ::= SEQUENCE {
     certReqId           INTEGER,
     -- to match this response with the corresponding request (a value
     -- of -1 is to be used if certReqId is not specified in the
     -- corresponding request)
     status              PKIStatusInfo,
     certifiedKeyPair    CertifiedKeyPair    OPTIONAL,
     rspInfo             OCTET STRING        OPTIONAL
     -- analogous to the id-regInfo-utf8Pairs string defined
     -- for regInfo in CertReqMsg [RFC4211]
 }

 CertifiedKeyPair ::= SEQUENCE {
     certOrEncCert       CertOrEncCert,
     privateKey      [0] EncryptedValue      OPTIONAL,
     -- see [RFC4211] for comment on encoding
     publicationInfo [1] PKIPublicationInfo  OPTIONAL }

 CertOrEncCert ::= CHOICE {
     certificate     [0] CMPCertificate,
     encryptedCert   [1] EncryptedValue }
 KeyRecRepContent ::= SEQUENCE {
     status                  PKIStatusInfo,
     newSigCert          [0] CMPCertificate OPTIONAL,
     caCerts             [1] SEQUENCE SIZE (1..MAX) OF
                                      CMPCertificate OPTIONAL,
     keyPairHist         [2] SEQUENCE SIZE (1..MAX) OF
                                      CertifiedKeyPair OPTIONAL }

 RevReqContent ::= SEQUENCE OF RevDetails

 RevDetails ::= SEQUENCE {
     certDetails         CertTemplate,
     -- allows requester to specify as much as they can about
     -- the cert. for which revocation is requested
     -- (e.g., for cases in which serialNumber is not available)
     crlEntryDetails     Extensions{{...}}    OPTIONAL
Top   ToC   RFC5912 - Page 50
     -- requested crlEntryExtensions
 }

 RevRepContent ::= SEQUENCE {
     status       SEQUENCE SIZE (1..MAX) OF PKIStatusInfo,
     -- in same order as was sent in RevReqContent
     revCerts [0] SEQUENCE SIZE (1..MAX) OF CertId OPTIONAL,
     -- IDs for which revocation was requested
     -- (same order as status)
     crls     [1] SEQUENCE SIZE (1..MAX) OF CertificateList OPTIONAL
     -- the resulting CRLs (there may be more than one)
 }

 CAKeyUpdAnnContent ::= SEQUENCE {
     oldWithNew   CMPCertificate, -- old pub signed with new priv
     newWithOld   CMPCertificate, -- new pub signed with old priv
     newWithNew   CMPCertificate  -- new pub signed with new priv
 }

 CertAnnContent ::= CMPCertificate

 RevAnnContent ::= SEQUENCE {
     status              PKIStatus,
     certId              CertId,
     willBeRevokedAt     GeneralizedTime,
     badSinceDate        GeneralizedTime,
     crlDetails          Extensions{{...}}  OPTIONAL
     -- extra CRL details (e.g., crl number, reason, location, etc.)
 }

 CRLAnnContent ::= SEQUENCE OF CertificateList
 PKIConfirmContent ::= NULL

 NestedMessageContent ::= PKIMessages

 INFO-TYPE-AND-VALUE ::= TYPE-IDENTIFIER

 InfoTypeAndValue ::= SEQUENCE {
     infoType    INFO-TYPE-AND-VALUE.
                     &id({SupportedInfoSet}),
     infoValue   INFO-TYPE-AND-VALUE.
                     &Type({SupportedInfoSet}{@infoType}) }

 SupportedInfoSet INFO-TYPE-AND-VALUE ::= { ... }

 -- Example InfoTypeAndValue contents include, but are not limited
 -- to, the following (uncomment in this ASN.1 module and use as
 -- appropriate for a given environment):
Top   ToC   RFC5912 - Page 51
 --
 --   id-it-caProtEncCert    OBJECT IDENTIFIER ::= {id-it 1}
 --      CAProtEncCertValue      ::= CMPCertificate
 --   id-it-signKeyPairTypes OBJECT IDENTIFIER ::= {id-it 2}
 --      SignKeyPairTypesValue   ::= SEQUENCE OF
 --                                      AlgorithmIdentifier{{...}}
 --   id-it-encKeyPairTypes  OBJECT IDENTIFIER ::= {id-it 3}
 --      EncKeyPairTypesValue    ::= SEQUENCE OF
 --                                      AlgorithmIdentifier{{...}}
 --   id-it-preferredSymmAlg OBJECT IDENTIFIER ::= {id-it 4}
 --      PreferredSymmAlgValue   ::= AlgorithmIdentifier{{...}}
 --   id-it-caKeyUpdateInfo  OBJECT IDENTIFIER ::= {id-it 5}
 --      CAKeyUpdateInfoValue    ::= CAKeyUpdAnnContent
 --   id-it-currentCRL       OBJECT IDENTIFIER ::= {id-it 6}
 --      CurrentCRLValue         ::= CertificateList
 --   id-it-unsupportedOIDs  OBJECT IDENTIFIER ::= {id-it 7}
 --      UnsupportedOIDsValue    ::= SEQUENCE OF OBJECT IDENTIFIER
 --   id-it-keyPairParamReq  OBJECT IDENTIFIER ::= {id-it 10}
 --      KeyPairParamReqValue    ::= OBJECT IDENTIFIER
 --   id-it-keyPairParamRep  OBJECT IDENTIFIER ::= {id-it 11}
 --      KeyPairParamRepValue    ::= AlgorithmIdentifer
 --   id-it-revPassphrase    OBJECT IDENTIFIER ::= {id-it 12}
 --      RevPassphraseValue      ::= EncryptedValue
 --   id-it-implicitConfirm  OBJECT IDENTIFIER ::= {id-it 13}
 --      ImplicitConfirmValue    ::= NULL
 --   id-it-confirmWaitTime  OBJECT IDENTIFIER ::= {id-it 14}
 --      ConfirmWaitTimeValue    ::= GeneralizedTime
 --   id-it-origPKIMessage   OBJECT IDENTIFIER ::= {id-it 15}
 --      OrigPKIMessageValue     ::= PKIMessages
 --   id-it-suppLangTags     OBJECT IDENTIFIER ::= {id-it 16}
 --      SuppLangTagsValue       ::= SEQUENCE OF UTF8String
 --
 -- where
 --
 --   id-pkix OBJECT IDENTIFIER ::= {
 --      iso(1) identified-organization(3)
 --      dod(6) internet(1) security(5) mechanisms(5) pkix(7)}
 -- and
 --   id-it   OBJECT IDENTIFIER ::= {id-pkix 4}
 --
 --
 -- This construct MAY also be used to define new PKIX Certificate
 -- Management Protocol request and response messages, or general-
 -- purpose (e.g., announcement) messages for future needs or for
 -- specific environments.

 GenMsgContent ::= SEQUENCE OF InfoTypeAndValue
Top   ToC   RFC5912 - Page 52
 -- May be sent by EE, RA, or CA (depending on message content).
 -- The OPTIONAL infoValue parameter of InfoTypeAndValue will
 -- typically be omitted for some of the examples given above.
 -- The receiver is free to ignore any contained OBJECT IDs that it
 -- does not recognize.  If sent from EE to CA, the empty set
 -- indicates that the CA may send
 -- any/all information that it wishes.

 GenRepContent ::= SEQUENCE OF InfoTypeAndValue
 -- Receiver MAY ignore any contained OIDs that it does not
 -- recognize.

 ErrorMsgContent ::= SEQUENCE {
     pKIStatusInfo          PKIStatusInfo,
     errorCode              INTEGER           OPTIONAL,
     -- implementation-specific error codes
     errorDetails           PKIFreeText       OPTIONAL
     -- implementation-specific error details
 }

 CertConfirmContent ::= SEQUENCE OF CertStatus

 CertStatus ::= SEQUENCE {
     certHash    OCTET STRING,
     -- the hash of the certificate, using the same hash algorithm
     -- as is used to create and verify the certificate signature
     certReqId   INTEGER,
     -- to match this confirmation with the corresponding req/rep
     statusInfo  PKIStatusInfo OPTIONAL }

 PollReqContent ::= SEQUENCE OF SEQUENCE {
     certReqId              INTEGER }

 PollRepContent ::= SEQUENCE OF SEQUENCE {
     certReqId              INTEGER,
     checkAfter             INTEGER,  -- time in seconds
     reason                 PKIFreeText OPTIONAL }

 END


(next page on part 4)

Next Section