PKCS7ContentInfo ::= SEQUENCE {
|
contentType ContentType ({ pkcs7_check_content_type }),
|
content [0] EXPLICIT SignedData OPTIONAL
|
}
|
|
ContentType ::= OBJECT IDENTIFIER ({ pkcs7_note_OID })
|
|
SignedData ::= SEQUENCE {
|
version INTEGER ({ pkcs7_note_signeddata_version }),
|
digestAlgorithms DigestAlgorithmIdentifiers,
|
contentInfo ContentInfo ({ pkcs7_note_content }),
|
certificates CHOICE {
|
certSet [0] IMPLICIT ExtendedCertificatesAndCertificates,
|
certSequence [2] IMPLICIT Certificates
|
} OPTIONAL ({ pkcs7_note_certificate_list }),
|
crls CHOICE {
|
crlSet [1] IMPLICIT CertificateRevocationLists,
|
crlSequence [3] IMPLICIT CRLSequence
|
} OPTIONAL,
|
signerInfos SignerInfos
|
}
|
|
ContentInfo ::= SEQUENCE {
|
contentType ContentType ({ pkcs7_note_OID }),
|
content [0] EXPLICIT Data OPTIONAL
|
}
|
|
Data ::= ANY ({ pkcs7_note_data })
|
|
DigestAlgorithmIdentifiers ::= CHOICE {
|
daSet SET OF DigestAlgorithmIdentifier,
|
daSequence SEQUENCE OF DigestAlgorithmIdentifier
|
}
|
|
DigestAlgorithmIdentifier ::= SEQUENCE {
|
algorithm OBJECT IDENTIFIER ({ pkcs7_note_OID }),
|
parameters ANY OPTIONAL
|
}
|
|
--
|
-- Certificates and certificate lists
|
--
|
ExtendedCertificatesAndCertificates ::= SET OF ExtendedCertificateOrCertificate
|
|
ExtendedCertificateOrCertificate ::= CHOICE {
|
certificate Certificate, -- X.509
|
extendedCertificate [0] IMPLICIT ExtendedCertificate -- PKCS#6
|
}
|
|
ExtendedCertificate ::= Certificate -- cheating
|
|
Certificates ::= SEQUENCE OF Certificate
|
|
CertificateRevocationLists ::= SET OF CertificateList
|
|
CertificateList ::= SEQUENCE OF Certificate -- This may be defined incorrectly
|
|
CRLSequence ::= SEQUENCE OF CertificateList
|
|
Certificate ::= ANY ({ pkcs7_extract_cert }) -- X.509
|
|
--
|
-- Signer information
|
--
|
SignerInfos ::= CHOICE {
|
siSet SET OF SignerInfo,
|
siSequence SEQUENCE OF SignerInfo
|
}
|
|
SignerInfo ::= SEQUENCE {
|
version INTEGER ({ pkcs7_note_signerinfo_version }),
|
sid SignerIdentifier, -- CMS variant, not PKCS#7
|
digestAlgorithm DigestAlgorithmIdentifier ({ pkcs7_sig_note_digest_algo }),
|
authenticatedAttributes CHOICE {
|
aaSet [0] IMPLICIT SetOfAuthenticatedAttribute
|
({ pkcs7_sig_note_set_of_authattrs }),
|
aaSequence [2] EXPLICIT SEQUENCE OF AuthenticatedAttribute
|
-- Explicit because easier to compute digest on
|
-- sequence of attributes and then reuse encoded
|
-- sequence in aaSequence.
|
} OPTIONAL,
|
digestEncryptionAlgorithm
|
DigestEncryptionAlgorithmIdentifier ({ pkcs7_sig_note_pkey_algo }),
|
encryptedDigest EncryptedDigest,
|
unauthenticatedAttributes CHOICE {
|
uaSet [1] IMPLICIT SET OF UnauthenticatedAttribute,
|
uaSequence [3] IMPLICIT SEQUENCE OF UnauthenticatedAttribute
|
} OPTIONAL
|
} ({ pkcs7_note_signed_info })
|
|
SignerIdentifier ::= CHOICE {
|
-- RFC5652 sec 5.3
|
issuerAndSerialNumber IssuerAndSerialNumber,
|
subjectKeyIdentifier [0] IMPLICIT SubjectKeyIdentifier
|
}
|
|
IssuerAndSerialNumber ::= SEQUENCE {
|
issuer Name ({ pkcs7_sig_note_issuer }),
|
serialNumber CertificateSerialNumber ({ pkcs7_sig_note_serial })
|
}
|
|
CertificateSerialNumber ::= INTEGER
|
|
SubjectKeyIdentifier ::= OCTET STRING ({ pkcs7_sig_note_skid })
|
|
SetOfAuthenticatedAttribute ::= SET OF AuthenticatedAttribute
|
|
AuthenticatedAttribute ::= SEQUENCE {
|
type OBJECT IDENTIFIER ({ pkcs7_note_OID }),
|
values SET OF ANY ({ pkcs7_sig_note_authenticated_attr })
|
}
|
|
UnauthenticatedAttribute ::= SEQUENCE {
|
type OBJECT IDENTIFIER,
|
values SET OF ANY
|
}
|
|
DigestEncryptionAlgorithmIdentifier ::= SEQUENCE {
|
algorithm OBJECT IDENTIFIER ({ pkcs7_note_OID }),
|
parameters ANY OPTIONAL
|
}
|
|
EncryptedDigest ::= OCTET STRING ({ pkcs7_sig_note_signature })
|
|
---
|
--- X.500 Name
|
---
|
Name ::= SEQUENCE OF RelativeDistinguishedName
|
|
RelativeDistinguishedName ::= SET OF AttributeValueAssertion
|
|
AttributeValueAssertion ::= SEQUENCE {
|
attributeType OBJECT IDENTIFIER ({ pkcs7_note_OID }),
|
attributeValue ANY
|
}
|
