-- $Id$ PKCS10 DEFINITIONS ::= BEGIN IMPORTS Time, GeneralName, SubjectPublicKeyInfo, RelativeDistinguishedName, AttributeTypeAndValue, Extension, AlgorithmIdentifier FROM rfc2459 heim_any FROM heim; CRMFRDNSequence ::= SEQUENCE OF RelativeDistinguishedName Controls ::= SEQUENCE -- SIZE(1..MAX) -- OF AttributeTypeAndValue -- XXX IMPLICIT brokenness POPOSigningKey ::= SEQUENCE { poposkInput [0] IMPLICIT POPOSigningKeyInput OPTIONAL, algorithmIdentifier AlgorithmIdentifier, signature BIT STRING } PKMACValue ::= SEQUENCE { algId AlgorithmIdentifier, value BIT STRING } -- XXX IMPLICIT brokenness POPOSigningKeyInput ::= SEQUENCE { authInfo CHOICE { sender [0] IMPLICIT GeneralName, publicKeyMAC PKMACValue }, publicKey SubjectPublicKeyInfo } -- from CertTemplate PBMParameter ::= SEQUENCE { salt OCTET STRING, owf AlgorithmIdentifier, iterationCount INTEGER, mac AlgorithmIdentifier } SubsequentMessage ::= INTEGER { encrCert (0), challengeResp (1) } -- XXX IMPLICIT brokenness POPOPrivKey ::= CHOICE { thisMessage [0] BIT STRING, -- Deprecated subsequentMessage [1] IMPLICIT SubsequentMessage, dhMAC [2] BIT STRING, -- Deprecated agreeMAC [3] IMPLICIT PKMACValue, encryptedKey [4] heim_any } -- XXX IMPLICIT brokenness ProofOfPossession ::= CHOICE { raVerified [0] NULL, signature [1] POPOSigningKey, keyEncipherment [2] POPOPrivKey, keyAgreement [3] POPOPrivKey } CertTemplate ::= SEQUENCE { version [0] INTEGER OPTIONAL, serialNumber [1] INTEGER OPTIONAL, signingAlg [2] SEQUENCE { algorithm OBJECT IDENTIFIER, parameters heim_any OPTIONAL } -- AlgorithmIdentifier -- OPTIONAL, issuer [3] IMPLICIT CHOICE { rdnSequence CRMFRDNSequence } -- Name -- OPTIONAL, validity [4] SEQUENCE { notBefore [0] Time OPTIONAL, notAfter [1] Time OPTIONAL } -- OptionalValidity -- OPTIONAL, subject [5] IMPLICIT CHOICE { rdnSequence CRMFRDNSequence } -- Name -- OPTIONAL, publicKey [6] IMPLICIT SEQUENCE { algorithm AlgorithmIdentifier, subjectPublicKey BIT STRING OPTIONAL } -- SubjectPublicKeyInfo -- OPTIONAL, issuerUID [7] IMPLICIT BIT STRING OPTIONAL, subjectUID [8] IMPLICIT BIT STRING OPTIONAL, extensions [9] IMPLICIT SEQUENCE OF Extension OPTIONAL } CertRequest ::= SEQUENCE { certReqId INTEGER, certTemplate CertTemplate, controls Controls OPTIONAL } CertReqMsg ::= SEQUENCE { certReq CertRequest, popo ProofOfPossession OPTIONAL, regInfo SEQUENCE OF AttributeTypeAndValue OPTIONAL } CertReqMessages ::= SEQUENCE OF CertReqMsg END