All Classes

AaEntry ::= SEQUENCE { aaCertificate EtsiTs103097Certificate, accessPoint Url }

An Admissions structure.

Attribute to indicate admissions to certain professions.

AesCcmCiphertext ::= SEQUENCE { nonce OCTET STRING (SIZE (12)) ccmCiphertext Opaque -- 16 bytes longer than plaintext }

Implementation of the Archive Timestamp type defined in RFC4998.

Implementation of ArchiveTimeStampSequence type, as defined in RFC4998.

RFC 5652 defines 5 "SET OF Attribute" entities with 5 different names.

RFC 5652 section 9.1: The AuthenticatedData carries AuthAttributes and other data which define what really is being signed.

RFC 5083: CMS AuthEnveloped Data object.

AuthorizationValidationRequest ::= SEQUENCE { sharedAtRequest SharedAtRequest, ecSignature EcSignature, ... }

BitmapSspRange ::= SEQUENCE { sspValue OCTET STRING (SIZE(1..32)), sspBitmask OCTET STRING (SIZE(1..32)) }

bodyIdMax INTEGER ::= 4294967295 BodyPartID ::= INTEGER(0..bodyIdMax)

BodyPartPath ::= SEQUENCE SIZE (1..MAX) OF BodyPartID

See https://www.bsi.bund.de/cae/servlet/contentblob/471398/publicationFile/30615/BSI-TR-03111_pdf.pdf

ButterflyParamsOriginal ::= SEQUENCE { signingExpansion ButterflyExpansion, encryptionKey PublicEncryptionKey, encryptionExpansion ButterflyExpansion }

ISIS-MTT PROFILE: The responder may include this extension in a response to send the hash of the requested certificate to the responder.

CertificateBase ::= SEQUENCE { version Uint8(3), type CertificateType, issuer IssuerIdentifier, toBeSigned ToBeSignedCertificate, signature Signature OPTIONAL }

an Iso7816CertificateBody structure.

an Iso7816CertificateHolderAuthorization structure.

CertificateId ::= CHOICE { linkageData LinkageData, name Hostname, binaryId OCTET STRING(SIZE(1..64)), none NULL, ... }

CertificateSubjectAttributes ::= SEQUENCE { id CertificateId OPTIONAL, validityPeriod ValidityPeriod OPTIONAL, region GeographicRegion OPTIONAL, assuranceLevel SubjectAssurance OPTIONAL, appPermissions SequenceOfPsidSsp OPTIONAL, certIssuePermissions SequenceOfPsidGroupPermissions OPTIONAL, ... }(WITH COMPONENTS { ..., appPermissions PRESENT} | WITH COMPONENTS { ..., certIssuePermissions PRESENT})

CertifiedKeyPair ::= SEQUENCE { certOrEncCert CertOrEncCert, privateKey [0] EncryptedKey OPTIONAL, -- see [CRMF] for comment on encoding publicationInfo [1] PKIPublicationInfo OPTIONAL }

CertRepMessage ::= SEQUENCE { caPubs [1] SEQUENCE SIZE (1..MAX) OF CMPCertificate OPTIONAL, response SEQUENCE OF CertResponse }

CertStatus ::= SEQUENCE { certHash OCTET STRING, certReqId INTEGER, statusInfo PKIStatusInfo OPTIONAL, hashAlg [0] AlgorithmIdentifier{DIGEST-ALGORITHM, {...}}

CircularRegion ::= SEQUENCE { center TwoDLocation, radius Uint16 }

CMCFailInfo ::= INTEGER { badAlg (0), badMessageCheck (1), badRequest (2), badTime (3), badCertId (4), unsupportedExt (5), mustArchiveKeys (6), badIdentity (7), popRequired (8), popFailed (9), noKeyReuse (10), internalCAError (11), tryLater (12), authDataFail (13) }

CMCPublicationInfo ::= SEQUENCE { hashAlg AlgorithmIdentifier, certHashes SEQUENCE OF OCTET STRING, pubInfo PKIPublicationInfo }

-- Used to return status state in a response id-cmc-statusInfo OBJECT IDENTIFIER ::= {id-cmc 1} CMCStatusInfo ::= SEQUENCE { cMCStatus CMCStatus, bodyList SEQUENCE SIZE (1..MAX) OF BodyPartID, statusString UTF8String OPTIONAL, otherInfo CHOICE { failInfo CMCFailInfo, pendInfo PendInfo } OPTIONAL }

From RFC 6211

CompleteRevocationRefs ::= SEQUENCE OF CrlOcspRef

Parser of RFC 3274 CompressedData object.

RFC 5652 ContentInfo object parser.

Countersignature ::= Ieee1609Dot2Data (WITH COMPONENTS {..., content (WITH COMPONENTS {..., signedData (WITH COMPONENTS {..., tbsData (WITH COMPONENTS {..., payload (WITH COMPONENTS {..., data ABSENT, extDataHash PRESENT }), headerInfo(WITH COMPONENTS {..., generationTime PRESENT, expiryTime ABSENT, generationLocation ABSENT, p2pcdLearningRequest ABSENT, missingCrlIdentifier ABSENT, encryptionKey ABSENT }) }) }) }) })

CrlIdentifier ::= SEQUENCE { crlissuer Name, crlIssuedTime UTCTime, crlNumber INTEGER OPTIONAL }

CrlOcspRef ::= SEQUENCE { crlids [0] CRLListID OPTIONAL, ocspids [1] OcspListID OPTIONAL, otherRev [2] OtherRevRefs OPTIONAL }

GenMsg: {id-it TBD1}, SEQUENCE SIZE (1..MAX) OF CRLStatus GenRep: {id-it TBD2}, SEQUENCE SIZE (1..MAX) OF CertificateList | < absent >

CrlValidatedID ::= SEQUENCE { crlHash OtherHash, crlIdentifier CrlIdentifier OPTIONAL }

Implementation of the CryptoInfos element defined in RFC 4998:

CsrAttrs ::= SEQUENCE SIZE (0..MAX) OF AttrOrOID

CtlDelete ::= CHOICE { cert HashedId8, dc DcDelete, ... }

CtlFormat ::= SEQUENCE { version Version, nextUpdate Time32, isFullCtl BOOLEAN, ctlSequence INTEGER (0..255), ctlCommands SEQUENCE OF CtlCommand, ... }

an iso7816Certificate structure.

Data ::= CHOICE { message OCTET STRING , messageImprint DigestInfo, certs [0] SEQUENCE SIZE (1..MAX) OF TargetEtcChain }

DHBMParameter ::= SEQUENCE { owf AlgorithmIdentifier, -- AlgId for a One-Way Function (SHA-1 recommended) mac AlgorithmIdentifier -- the MAC AlgId (e.g., DES-MAC, Triple-DES-MAC [PKCS11], } -- or HMAC [RFC2104, RFC2202])

RFC 5652 DigestedData object.

DVCSCertInfo::= SEQUENCE { version Integer DEFAULT 1 , dvReqInfo DVCSRequestInformation, messageImprint DigestInfo, serialNumber Integer, responseTime DVCSTime, dvStatus [0] PKIStatusInfo OPTIONAL, policy [1] PolicyInformation OPTIONAL, reqSignature [2] SignerInfos OPTIONAL, certs [3] SEQUENCE SIZE (1..MAX) OF TargetEtcChain OPTIONAL, extensions Extensions OPTIONAL }

DVCSErrorNotice ::= SEQUENCE { transactionStatus PKIStatusInfo , transactionIdentifier GeneralName OPTIONAL }

DVCSRequest ::= SEQUENCE { requestInformation DVCSRequestInformation, data Data, transactionIdentifier GeneralName OPTIONAL }

DVCSRequestInformation ::= SEQUENCE { version INTEGER DEFAULT 1 , service ServiceType, nonce Nonce OPTIONAL, requestTime DVCSTime OPTIONAL, requester [0] GeneralNames OPTIONAL, requestPolicy [1] PolicyInformation OPTIONAL, dvcs [2] GeneralNames OPTIONAL, dataLocations [3] GeneralNames OPTIONAL, extensions [4] IMPLICIT Extensions OPTIONAL }

DVCSTime ::= CHOICE { genTime GeneralizedTime, timeStampToken ContentInfo }

Common interface for ITS curve points.

EccP384CurvePoint ::= CHOICE { x-only OCTET STRING (SIZE (48)), fill NULL, compressed-y-0 OCTET STRING (SIZE (48)), compressed-y-1 OCTET STRING (SIZE (48)), uncompressedP384 SEQUENCE { x OCTET STRING (SIZE (48)), y OCTET STRING (SIZE (48)) } }

EciesP256EncryptedKey ::= SEQUENCE { v EccP256CurvePoint, c OCTET STRING (SIZE (16)), t OCTET STRING (SIZE (16)) }

EcSignature::= CHOICE { encryptedEcSignature EtsiTs103097Data-Encrypted{EtsiTs103097Data-SignedExternalPayload}, ecSignature EtsiTs103097Data-SignedExternalPayload }

Element suppliers allow us to defer the finalisation of a definition until the point at which it is used.

Parser for RFC 5652 EncryptedContentInfo object.

EncryptedData ::= SEQUENCE { recipients SequenceOfRecipientInfo, ciphertext SymmetricCiphertext }

EncryptedDataEncryptionKey ::= CHOICE { eciesNistP256 EciesP256EncryptedKey, eciesBrainpoolP256r1 EciesP256EncryptedKey, ... }

id-cmc-encryptedPOP OBJECT IDENTIFIER ::= {id-cmc 9} EncryptedPOP ::= SEQUENCE { request TaggedRequest, cms ContentInfo, thePOPAlgID AlgorithmIdentifier, witnessAlgID AlgorithmIdentifier, witness OCTET STRING }

Implementation of the EncryptionInfo element defined in RFC 4998:

EndEntityType ::= BIT STRING { app(0), enrol(1) } (SIZE (8)) (ALL EXCEPT ())

RFC 5652 EnvelopedData object.

Ieee1609Dot2HeaderInfoContributedExtensions IEEE1609DOT2-HEADERINFO-CONTRIBUTED-EXTENSION ::= { {EtsiOriginatingHeaderInfoExtension IDENTIFIED BY etsiHeaderInfoContributorId}, ... }

EtsiTs102941DataContent ::= CHOICE { enrolmentRequest InnerEcRequestSignedForPop, enrolmentResponse InnerEcResponse, authorizationRequest InnerAtRequest, authorizationResponse InnerAtResponse, certificateRevocationList ToBeSignedCrl,

EtsiTs103097Data::=Ieee1609Dot2Data (WITH COMPONENTS {..., content (WITH COMPONENTS {..., signedData (WITH COMPONENTS {..., -- constraints on signed data headers tbsData (WITH COMPONENTS { headerInfo (WITH COMPONENTS {..., generationTime PRESENT, p2pcdLearningRequest ABSENT, missingCrlIdentifier ABSENT }) }), signer (WITH COMPONENTS {..., --constraints on the certificate certificate ((WITH COMPONENT (EtsiTs103097Certificate))^(SIZE(1))) }) }), encryptedData (WITH COMPONENTS {..., -- constraints on encrypted data headers recipients (WITH COMPONENT ( (WITH COMPONENTS {..., pskRecipInfo ABSENT, symmRecipInfo ABSENT, rekRecipInfo ABSENT }) )) }), signedCertificateRequest ABSENT }) })

EtsiTs103097Module {itu-t(0) identified-organization(4) etsi(0) itsDomain(5) wg5(5) secHeaders(103097) core(1) version2(2)}

RFC 4998: Evidence Record Syntax (ERS)

ExtendedFailInfo ::= SEQUENCE { failInfoOID OBJECT IDENTIFIER, failInfoValue ANY DEFINED BY failInfoOID }

ExtensionReq ::= SEQUENCE SIZE (1..MAX) OF Extension

RFC 5990 GenericHybridParameters class.

id-cmc-getCert OBJECT IDENTIFIER ::= {id-cmc 15} GetCert ::= SEQUENCE { issuerName GeneralName, serialNumber INTEGER }

GroupLinkageValue ::= SEQUENCE { jValue OCTET STRING (SIZE(4)) value OCTET STRING (SIZE(9)) }

HashAlgorithm ::= ENUMERATED { sha256, ..., sha384 }

Hostname ::= UTF8String (SIZE(0..255))

IdentifiedRegion ::= CHOICE { countryOnly CountryOnly, countryAndRegions CountryAndRegions, countryAndSubregions CountryAndSubregions, ... }

OER forward definition builders for OER encoded data.

Ieee1609Dot2Content ::= CHOICE { unsecuredData Opaque, signedData SignedData, encryptedData EncryptedData, signedCertificateRequest Opaque, ... }

Example InfoTypeAndValue contents include, but are not limited to, the following (un-comment in this ASN.1 module and use as appropriate for a given environment):

InnerEcResponse ::= SEQUENCE { requestHash OCTET STRING (SIZE(16)), responseCode EnrolmentResponseCode, certificate EtsiTs103097Certificate OPTIONAL, ... } (WITH COMPONENTS { responseCode (ok), certificate PRESENT } | WITH COMPONENTS { responseCode (ALL EXCEPT ok), certificate ABSENT } )

ISISMT -- Industrial Signature Interoperability Specification

IssuerIdentifier ::= CHOICE { sha256AndDigest HashedId8, self HashAlgorithm, ..., sha384AndDigest HashedId8 }

IValue ::= Uint16

RFC 5652: Content encryption key delivery mechanisms.

RFC 5652: Content encryption key delivery mechanisms.

RFC 5652: Content encryption key delivery mechanisms.

Latitude ::= NinetyDegreeInt

LinkageValue ::= OCTET STRING (SIZE(9))

id-cmc-lraPOPWitness OBJECT IDENTIFIER ::= {id-cmc 11} LraPopWitness ::= SEQUENCE { pkiDataBodyid BodyPartID, bodyIds SEQUENCE OF BodyPartID }

RFC 5544: Binding Documents with Time-Stamps; MetaData object.

Monetary limit for transactions.

RFC 5753/3278: MQVuserKeyingMaterial object.

OcspIdentifier ::= SEQUENCE { ocspResponderID ResponderID, -- As in OCSP response data producedAt GeneralizedTime -- As in OCSP response data }

OcspResponsesID ::= SEQUENCE { ocspIdentifier OcspIdentifier, ocspRepHash OtherHash OPTIONAL }

OER sequence decoder, decodes prefix and determines which optional parts are available.

RFC 5652: OriginatorInfo object.

OtherMsg ::= SEQUENCE { bodyPartID BodyPartID, otherMsgType OBJECT IDENTIFIER, otherMsgValue ANY DEFINED BY otherMsgType }

RFC 5652: OtherRevocationInfoFormat object.

OtherRevVals ::= SEQUENCE { otherRevValType OtherRevValType, otherRevVals ANY DEFINED BY OtherRevValType } OtherRevValType ::= OBJECT IDENTIFIER

Other info implements the choice component of CMCStatusInfoV2.

Implementation of PartialHashtree, as defined in RFC 4998.

PathProcInput ::= SEQUENCE { acceptablePolicySet SEQUENCE SIZE (1..MAX) OF PolicyInformation, inhibitPolicyMapping BOOLEAN DEFAULT FALSE, explicitPolicyReqd [0] BOOLEAN DEFAULT FALSE , inhibitAnyPolicy [1] BOOLEAN DEFAULT FALSE }

PduFunctionalType ::= INTEGER (0..255) tlsHandshake PduFunctionalType ::= 1 iso21177ExtendedAuth PduFunctionalType ::= 2

PKIFailureInfo ::= BIT STRING { badAlg (0), -- unrecognized or unsupported Algorithm Identifier badMessageCheck (1), -- integrity check failed (e.g., signature did not verify) badRequest (2), -- transaction not permitted or supported badTime (3), -- messageTime was not sufficiently close to the system time, as defined by local policy badCertId (4), -- no certificate could be found matching the provided criteria badDataFormat (5), -- the data submitted has the wrong format wrongAuthority (6), -- the authority indicated in the request is different from the one creating the response token incorrectData (7), -- the requester's data is incorrect (for notary services) missingTimeStamp (8), -- when the timestamp is missing but should be there (by policy) badPOP (9) -- the proof-of-possession failed certRevoked (10), certConfirmed (11), wrongIntegrity (12), badRecipientNonce (13), timeNotAvailable (14), -- the TSA's time source is not available unacceptedPolicy (15), -- the requested TSA policy is not supported by the TSA unacceptedExtension (16), -- the requested extension is not supported by the TSA addInfoNotAvailable (17) -- the additional information requested could not be understood -- or is not available badSenderNonce (18), badCertTemplate (19), signerNotTrusted (20), transactionIdInUse (21), unsupportedVersion (22), notAuthorized (23), systemUnavail (24), systemFailure (25), -- the request cannot be handled due to system failure duplicateCertReq (26)

PKIMessage ::= SEQUENCE { header PKIHeader, body PKIBody, protection [0] PKIProtection OPTIONAL, extraCerts [1] SEQUENCE SIZE (1..MAX) OF CMPCertificate OPTIONAL }

PKIPublicationInfo ::= SEQUENCE { action INTEGER { dontPublish (0), pleasePublish (1) }, pubInfos SEQUENCE SIZE (1..MAX) OF SinglePubInfo OPTIONAL } -- pubInfos MUST NOT be present if action is "dontPublish" -- (if action is "pleasePublish" and pubInfos is omitted, -- "dontCare" is assumed)

Password-based MAC value for use with POPOSigningKeyInput.

PollReqContent ::= SEQUENCE OF SEQUENCE { certReqId INTEGER }

Attribute to indicate that the certificate holder may sign in the name of a third person.

Professions, specializations, disciplines, fields of activity, etc.

Psid ::= INTEGER (0..MAX)

PublicKeys ::= SEQUENCE { verificationKey PublicVerificationKey, encryptionKey PublicEncryptionKey OPTIONAL }

RFC 5652: Content encryption key delivery mechanisms.

RecipientInfo ::= CHOICE { pskRecipInfo PreSharedKeyRecipientInfo, symmRecipInfo SymmRecipientInfo, certRecipInfo PKRecipientInfo, signedDataRecipInfo PKRecipientInfo, rekRecipInfo PKRecipientInfo }

RectangularRegion ::= SEQUENCE { northWest TwoDLocation, southEast TwoDLocation }

RegionAndSubregions ::= SEQUENCE { region Uint8, subregions SequenceOfUint16 }

Marker for Geographic Region types.

RevokeRequest ::= SEQUENCE { issuerName Name, serialNumber INTEGER, reason CRLReason, invalidityDate GeneralizedTime OPTIONAL, passphrase OCTET STRING OPTIONAL, comment UTF8String OPTIONAL }

RootCaEntry ::= SEQUENCE { selfsignedRootCa EtsiTs103097Certificate, successorTo EtsiTs103097Certificate OPTIONAL }

GenMsg: {id-it 20}, RootCaCertValue | < absent > GenRep: {id-it 18}, RootCaKeyUpdateContent | < absent >

an Iso7816RSAPublicKeyStructure structure.

SequenceOfCertificate ::= SEQUENCE OF Certificate

SequenceOfIdentifiedRegion ::= SEQUENCE OF IdentifiedRegion

SequenceOfPsid ::= SEQUENCE OF Psid

SEQUENCE OF PsidGroupPermissions

SequenceOfPsidSsp ::= SEQUENCE OF PsidSsp

SequenceOfRecipientInfo ::= SEQUENCE OF RecipientInfo

SequenceOfRectangularRegion ::= SEQUENCE OF RectangularRegion

SequenceOfUint16 ::= SEQUENCE OF Uint16

SequenceOfUint8 ::= SEQUENCE OF Uint8

ServiceSpecificPermissions ::= CHOICE { opaque OCTET STRING (SIZE(0..MAX)), ..., bitmapSsp BitmapSsp }

SharedAtRequest ::= SEQUENCE { eaId HashedId8, keyTag OCTET STRING (SIZE(16)), certificateFormat CertificateFormat, requestedSubjectAttributes CertificateSubjectAttributes (WITH COMPONENTS{..., certIssuePermissions ABSENT}), ... }

Signature ::= CHOICE { ecdsaNistP256Signature EcdsaP256Signature, ecdsaBrainpoolP256r1Signature EcdsaP256Signature, ...

SignedData ::= SEQUENCE { hashId HashAlgorithm, tbsData ToBeSignedData, signer SignerIdentifier, signature Signature }

Parser for RFC 5652: SignedData object.

RFC 5652: Identify who signed the containing SignerInfo object.

RFC 5652: Signature container per Signer, see SignerIdentifier.

SinglePubInfo ::= SEQUENCE { pubMethod INTEGER { dontCare (0), x500 (1), web (2), ldap (3) }, pubLocation GeneralName OPTIONAL }

Handler class for dealing with S/MIME Capabilities

The SMIMEEncryptionKeyPreference object.

SubjectAssurance ::= OCTET STRING (SIZE(1))

SymmAlgorithm ::= ENUMERATED { aes128Ccm, ... }

SymmetricEncryptionKey ::= CHOICE { aes128Ccm OCTET STRING(SIZE(16)), ... }

TaggedCertificationRequest ::= SEQUENCE { bodyPartID BodyPartID, certificationRequest CertificationRequest }

TaggedRequest ::= CHOICE { tcr [0] TaggedCertificationRequest, crm [1] CertReqMsg, orm [2] SEQUENCE { bodyPartID BodyPartID, requestMessageType OBJECT IDENTIFIER, requestMessageValue ANY DEFINED BY requestMessageType } }

ThreeDLocation ::= SEQUENCE { latitude Latitude, longitude Longitude, elevation Elevation }

RFC 5652: Dual-mode timestamp format producing either UTCTIme or GeneralizedTime.

Time64 ::= Uint64

RFC 5544: Binding Documents with Time-Stamps; TimeStampedData object.

RFC 5544 Binding Documents with Time-Stamps; TimeStampTokenEvidence object.

TlmEntry::= SEQUENCE { selfSignedTLMCertificate EtsiTs103097Certificate, successorTo EtsiTs103097Certificate OPTIONAL, accessPoint Url }

TwoDLocation ::= SEQUENCE { latitude Latitude, longitude Longitude }

ValidityPeriod ::= SEQUENCE { start Time32, duration Duration }

VerificationKeyIndicator ::= CHOICE { verificationKey PublicVerificationKey, reconstructionValue EccP256CurvePoint, ... }