PKCS-7 {iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) 7 0} DEFINITIONS EXPLICIT TAGS ::= BEGIN -- 3. Definitions -- Defined in X.509 AlgorithmIdentifier ::= SEQUENCE { algorithm OBJECT IDENTIFIER, parameters ANY DEFINED BY algorithm OPTIONAL } -- Defined in X.501 Attribute ::= SEQUENCE{ type AttributeType, values SET OF AttributeValue } AttributeType ::= OBJECT IDENTIFIER AttributeValue ::= ANY -- Defined in X.509 Certificate ::= SEQUENCE { tbsCertificate TBSCertificate, signatureAlgorithm AlgorithmIdentifier, signature BIT STRING } TBSCertificate ::= SEQUENCE { version [0] Version DEFAULT v1, serialNumber CertificateSerialNumber, signature AlgorithmIdentifier, issuer Name, validity Validity, subject Name, subjectPublicKeyInfo SubjectPublicKeyInfo, issuerUniqueIdentifier [1] IMPLICIT UniqueIdentifier OPTIONAL, subjectUniqueIdentifier [2] IMPLICIT UniqueIdentifier OPTIONAL, extensions [3] Extensions OPTIONAL } -- Version ::= INTEGER {v1(0), v2(1), v3(2)} Name ::= CHOICE { RDNSequence } RDNSequence ::= SEQUENCE OF RelativeDistinguishedName RelativeDistinguishedName ::= SET OF AttributeValueAssertion AttributeValueAssertion ::= SEQUENCE { AttributeType, AttributeValue } Validity ::= SEQUENCE { notBefore UTCTime, notAfter UTCTime } SubjectPublicKeyInfo ::= SEQUENCE { algorithm AlgorithmIdentifier, subjectPublicKey BIT STRING } UniqueIdentifier ::= BIT STRING Extensions ::= SEQUENCE OF Extension Extension ::= SEQUENCE { extnId OBJECT IDENTIFIER, critical BOOLEAN DEFAULT FALSE, extnValue OCTET STRING } -- Defined in X.509 CertificateSerialNumber ::= INTEGER -- Defined in RFC 1422 CertificateRevocationList ::= SEQUENCE { tbsCertificateRevocationList TBSCertificateRevocationList, signatureAlgorithm AlgorithmIdentifier, signature BIT STRING } TBSCertificateRevocationList ::= SEQUENCE{ signature AlgorithmIdentifier, issuer Name, lastUpdate UTCTime, nextUpdate UTCTime, revokedCertificates SEQUENCE OF CRLEntry OPTIONAL } CRLEntry ::= SEQUENCE{ userCertificate SerialNumber, revocationDate UTCTime } SerialNumber ::= INTEGER -- Defined in PKCS #6 ExtendedCertificate ::= SEQUENCE { extendedCertificateInfo ExtendedCertificateInfo, signatureAlgorithm SignatureAlgorithmIdentifier, signature Signature } ExtendedCertificateInfo ::= SEQUENCE { version Version, certificate Certificate, attributes Attributes } -- Version ::= INTEGER Attributes ::= SET OF Attribute SignatureAlgorithmIdentifier ::= AlgorithmIdentifier Signature ::= BIT STRING -- 6. Useful Types CertificateRevocationLists ::= SET OF CertificateRevocationList ContentEncryptionAlgorithmIdentifier ::= AlgorithmIdentifier DigestAlgorithmIdentifier ::= AlgorithmIdentifier DigestEncryptionAlgorithmIdentifier ::= AlgorithmIdentifier ExtendedCertificateOrCertificate ::= CHOICE { certificate Certificate, -- X.509 extendedCertificate [0] IMPLICIT ExtendedCertificate } ExtendedCertificatesAndCertificates ::= SET OF ExtendedCertificateOrCertificate IssuerAndSerialNumber ::= SEQUENCE { issuer Name, serialNumber CertificateSerialNumber } KeyEncryptionAlgorithmIdentifier ::= AlgorithmIdentifier Version ::= INTEGER -- 7. General Syntax ContentInfo ::= SEQUENCE { contentType ContentType, content [0] EXPLICIT ANY DEFINED BY contentType OPTIONAL } ContentType ::= OBJECT IDENTIFIER -- 8. Data Content Type Data ::= OCTET STRING -- 9. Signed-Data SignedData ::= SEQUENCE { version Version, digestAlgorithms DigestAlgorithmIdentifiers, contentInfo ContentInfo, certificates [0] IMPLICIT ExtendedCertificatesAndCertificates OPTIONAL, crls [1] IMPLICIT CertificateRevocationLists OPTIONAL, signerInfos SignerInfos } DigestAlgorithmIdentifiers ::= SET OF DigestAlgorithmIdentifier SignerInfos ::= SET OF SignerInfo SignerInfo ::= SEQUENCE { version Version, issuerAndSerialNumber IssuerAndSerialNumber, digestAlgorithm DigestAlgorithmIdentifier, authenticatedAttributes [0] IMPLICIT Attributes OPTIONAL, digestEncryptionAlgorithm DigestEncryptionAlgorithmIdentifier, encryptedDigest EncryptedDigest, unauthenticatedAttributes [1] IMPLICIT Attributes OPTIONAL } EncryptedDigest ::= OCTET STRING DigestInfo ::= SEQUENCE { digestAlgorithm DigestAlgorithmIdentifier, digest Digest } Digest ::= OCTET STRING -- 10. Enveloped-Data EnvelopedData ::= SEQUENCE { version Version, recipientInfos RecipientInfos, encryptedContentInfo EncryptedContentInfo } RecipientInfos ::= SET OF RecipientInfo EncryptedContentInfo ::= SEQUENCE { contentType ContentType, contentEncryptionAlgorithm ContentEncryptionAlgorithmIdentifier, encryptedContent [0] IMPLICIT EncryptedContent OPTIONAL } EncryptedContent ::= OCTET STRING RecipientInfo ::= SEQUENCE { version Version, issuerAndSerialNumber IssuerAndSerialNumber, keyEncryptionAlgorithm KeyEncryptionAlgorithmIdentifier, encryptedKey EncryptedKey } EncryptedKey ::= OCTET STRING -- 11. Signed-and-Enveloped-Data SignedAndEnvelopedData ::= SEQUENCE { version Version, recipientInfos RecipientInfos, digestAlgorithms DigestAlgorithmIdentifiers, encryptedContentInfo EncryptedContentInfo, certificates [0] IMPLICIT ExtendedCertificatesAndCertificates OPTIONAL, crls [1] IMPLICIT CertificateRevocationLists OPTIONAL, signerInfos SignerInfos } -- 12. Digested-Data DigestedData ::= SEQUENCE { version Version, digestAlgorithm DigestAlgorithmIdentifier, contentInfo ContentInfo, digest Digest } -- Digest ::= OCTET STRING -- 13. Encrypted-Data EncryptedData ::= SEQUENCE { version Version, encryptedContentInfo EncryptedContentInfo } -- 14. Object Identifiers pkcs-7 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) 7 } data OBJECT IDENTIFIER ::= { pkcs-7 1 } signedData OBJECT IDENTIFIER ::= { pkcs-7 2 } envelopedData OBJECT IDENTIFIER ::= { pkcs-7 3 } signedAndEnvelopedData OBJECT IDENTIFIER ::= { pkcs-7 4 } digestedData OBJECT IDENTIFIER ::= { pkcs-7 5 } encryptedData OBJECT IDENTIFIER ::= { pkcs-7 6 } END