in2EPS
IETF         RFCs         Groups         SIP         SEC Search
3GPP       Specs       Glos.       Arch.       EPC       IMS       subsD       UICC       ETSI Info

Security

   Cryptography Basics  ASN.1 for PKIX  ASN.1 for CMS  IPsec: historical PDFs
PKIX examples CMS examples SSL examples

ASN.1 for PKIX (Public-Key Infrastructure – X.509)
as defined in RFC 5280

# Certificate     # Standard Certificate Extensions     # Private Certificate Extensions
# CRL     # CRL Extensions     # CRL Entry Extensions     # Naming     # Algorithm Identifiers 
 Basic Certificate fields   Section 4.1 Top 
Certificate    # TBSCertificate    # Version    # CertificateSerialNumber    # Validity    # SubjectPublicKeyInfo    # UniqueIdentifier    # Extensions
 Certificate structure   Section 4.1.1 Up 
Certificate::= SEQUENCE   {
tbsCertificate TBSCertificate,
signatureAlgorithm AlgorithmIdentifier, --   Section 4.1.1.2
signatureValue BIT STRING --   Section 4.1.1.3
}
 TBSCertificate – To Be Signed Certificate   Section 4.1.2 Up 
TBSCertificate::= SEQUENCE   {
version [0] EXPLICIT   Version   DEFAULT   v1,
serialNumber CertificateSerialNumber,
signature AlgorithmIdentifier, --   Section 4.1.2.3
issuer Name, --   Section 4.1.2.4
validity Validity,
subject Name, --   Section 4.1.2.6
subjectPublicKeyInfo SubjectPublicKeyInfo,
issuerUniqueID [1] IMPLICIT   UniqueIdentifier   OPTIONAL,
--   If present, version MUST be v2 or v3
subjectUniqueID [2] IMPLICIT   UniqueIdentifier   OPTIONAL,
--    If present, version MUST be v2 or v3
extensions [3] EXPLICIT   Extensions   OPTIONAL
--   If present, version MUST be v3
}
 Version   Section 4.1.2.1 Up 
Version::= INTEGER   {   v1(0),   v2(1),   v3(2)   }
 Serial Number   Section 4.1.2.2 Up 
CertificateSerialNumber::= INTEGER
 Validity   Section 4.1.2.5 Up 
Validity::= SEQUENCE   {
notBefore Time,
notAfter Time
}
Time::= CHOICE   {
utcTime UTCTime,
generalTime GeneralizedTime
}
 Subject Public Key Info   Section 4.1.2.7 Up 
SubjectPublicKeyInfo::= SEQUENCE   {
algorithm AlgorithmIdentifier,
subjectPublicKey BIT STRING
}
 Unique Identifiers   Section 4.1.2.8 Up 
UniqueIdentifier::= BIT STRING
 Extensions   Section 4.1.2.9 Up 
Extensions::= SEQUENCE   SIZE   (1..MAX)   OF   Extension
Extension::= SEQUENCE   {
extnID OBJECT IDENTIFIER,
critical BOOLEAN   DEFAULT   FALSE,
extnValue OCTET STRING
--   contains the DER encoding of an ASN.1 value
--   corresponding to the extension type identified
--   by extnID
}
# Certificate     # Standard Certificate Extensions     # Private Certificate Extensions
# CRL     # CRL Extensions     # CRL Entry Extensions     # Naming     # Algorithm Identifiers 
 Standard Certificate Extensions   Section 4.2.1 Top 
Authority Key Identifier    # Subject Key Identifier    # Key Usage    # Certificate Policies    # Policy Mappings    # Subject Alternative Name   
Issuer Alternative Name    # Subject Directory Attributes    # Basic Constraints    # Name Constraints    # Policy Constraints    # Extended Key Usage   
CRL Distribution Points    # Inhibit Any-Policy    # Freshest CRL
-- ISO arc for standard certificate and CRL extensions
id-ce   OBJECT IDENTIFIER   ::=   {   joint-iso-ccitt(2)   ds(5)   29     }
 Authority Key Identifier   Section 4.2.1.1 Up 
id-ce-authorityKeyIdentifier   OBJECT IDENTIFIER   ::=   {   id-ce   35   }
AuthorityKeyIdentifier::= SEQUENCE   {
keyIdentifier [0]   KeyIdentifier   OPTIONAL,
authorityCertIssuer [1]   GeneralNames   OPTIONAL,
authorityCertSerialNumber [2]   CertificateSerialNumber   OPTIONAL
}
-- authorityCertIssuer and authorityCertSerialNumber MUST both
-- be present or both be absent
KeyIdentifier::= OCTET STRING
 Subject Key Identifier   Section 4.2.1.2 Up 
id-ce-subjectKeyIdentifier   OBJECT IDENTIFIER   ::=   {   id-ce   14   }
SubjectKeyIdentifier::= KeyIdentifier
 Key Usage   Section 4.2.1.3 Up 
id-ce-keyUsage   OBJECT IDENTIFIER   ::=   {   id-ce   15   }
KeyUsage::= BIT STRING   {
digitalSignature (0),
nonRepudiation (1),   -- recent editions of X.509 have renamed this bit to contentCommitment
keyEncipherment (2),
dataEncipherment (3),
keyAgreement (4),
keyCertSign (5),
cRLSign (6),
encipherOnly (7),
decipherOnly (8)
}
 Certificate Policies   Section 4.2.1.4 Up 
id-ce-certificatePolicies   OBJECT IDENTIFIER   ::=   {   id-ce   32   }
anyPolicy   OBJECT IDENTIFIER   ::=   {   id-ce-certificatePolicies   0   }
CertificatePolicies::= SEQUENCE   SIZE (1..MAX) OF   PolicyInformation
PolicyInformation::= SEQUENCE   {
policyIdentifier CertPolicyId,
policyQualifiers SEQUENCE SIZE (1..MAX) OF   PolicyQualifierInfo   OPTIONAL
}
CertPolicyId::= OBJECT IDENTIFIER
PolicyQualifierInfo::= SEQUENCE   {
policyQualifierId PolicyQualifierId,
qualifier ANY DEFINED BY   policyQualifierId
}
-- policyQualifierIds for Internet policy qualifiers
id-qt   OBJECT IDENTIFIER   ::=   {   id-pkix   2   }
id-qt-cps   OBJECT IDENTIFIER   ::=   {   id-qt   1   }
id-qt-unotice   OBJECT IDENTIFIER   ::=   {   id-qt   2   }
PolicyQualifierId::= OBJECT IDENTIFIER   ( id-qt-cps  |  id-qt-unotice )
 Policy Mappings   Section 4.2.1.5 Up 
id-ce-policyMappings   OBJECT IDENTIFIER   ::=   {   id-ce   33   }
PolicyMappings::= SEQUENCE   SIZE (1..MAX)   OF   SEQUENCE   {
issuerDomainPolicy CertPolicyId,
subjectDomainPolicy CertPolicyId
}
 Subject Alternative Name   Section 4.2.1.6 Up 
id-ce-subjectAltName   OBJECT IDENTIFIER   ::=   {   id-ce   17   }
SubjectAltName::= GeneralNames
GeneralNames::= SEQUENCE   SIZE (1..MAX)   OF   GeneralName
GeneralName::= CHOICE   {
otherName [0]   AnotherName,
rfc822Name [1]   IA5String,
dNSName [2]   IA5String,
x400Address [3]   ORAddress,
directoryName [4]   Name,
ediPartyName [5]   EDIPartyName,
uniformResourceIdentifier [6]   IA5String,
iPAddress [7]   OCTET STRING,
registeredID [8]   OBJECT IDENTIFIER
}
-- AnotherName replaces OTHER-NAME ::= TYPE-IDENTIFIER, as TYPE-IDENTIFIER is not supported in the '88 ASN.1 syntax
AnotherName::= SEQUENCE   {
type-id OBJECT IDENTIFIER,
value [0] EXPLICIT   ANY   DEFINED BY   type-id
}
EDIPartyName::= SEQUENCE   {
nameAssigner [0]   DirectoryString   OPTIONAL,
partyName [1]   DirectoryString
}
 Issuer Alternative Name   Section 4.2.1.7 Up 
id-ce-issuerAltName   OBJECT IDENTIFIER   ::=   {   id-ce   18   }
IssuerAltName::= GeneralNames
 Subject Directory Attributes   Section 4.2.1.8 Up 
id-ce-subjectDirectoryAttributes   OBJECT IDENTIFIER   ::=   {   id-ce   9   }
SubjectDirectoryAttributes::= SEQUENCE   SIZE (1..MAX)   OF   Attribute
Attribute::= SEQUENCE   {
type AttributeType,
values SET OF   AttributeValue
}
 Basic Constraints   Section 4.2.1.9 Up 
id-ce-basicConstraints   OBJECT IDENTIFIER   ::=   {   id-ce   19   }
BasicConstraints::= SEQUENCE   {
cA BOOLEAN   DEFAULT   FALSE,
pathLenConstraint INTEGER   (0..MAX)   OPTIONAL
}
 Name Constraints   Section 4.2.1.10 Up 
id-ce-nameConstraints   OBJECT IDENTIFIER   ::=   {   id-ce   30   }
NameConstraints::= SEQUENCE   {
permittedSubtrees [0]   GeneralSubtrees   OPTIONAL,
excludedSubtrees [1]   GeneralSubtrees   OPTIONAL
}
GeneralSubtrees::= SEQUENCE   SIZE (1..MAX)   OF   GeneralSubtree
GeneralSubtree::= SEQUENCE   {
base GeneralName,
minimum [0]   BaseDistance   DEFAULT   0,
maximum [1]   BaseDistance   OPTIONAL
}
BaseDistance::= INTEGER   (0..MAX)
 Policy Constraints   Section 4.2.1.11 Up 
id-ce-policyConstraints   OBJECT IDENTIFIER   ::=   {   id-ce   36   }
PolicyConstraints::= SEQUENCE   {
requireExplicitPolicy [0]   SkipCerts   OPTIONAL,
inhibitPolicyMapping [1]   SkipCerts   OPTIONAL
}
SkipCerts::= INTEGER   (0..MAX)
 Extended Key Usage   Section 4.2.1.12 Up 
id-ce-extKeyUsage   OBJECT IDENTIFIER   ::=   {   id-ce   37   }
ExtKeyUsageSyntax::= SEQUENCE   SIZE (1..MAX)   OF   KeyPurposeId
KeyPurposeId::= OBJECT IDENTIFIER
anyExtendedKeyUsage OBJECT IDENTIFIER   ::= {   id-ce-extKeyUsage   0   }
id-kp OBJECT IDENTIFIER   ::= {   id-pkix   3   }
id-kp-serverAuth OBJECT IDENTIFIER   ::= {   id-kp   1   }
-- TLS WWW server authentication
-- Key usage bits that may be consistent: digitalSignature,
-- keyEncipherment or keyAgreement
id-kp-clientAuth OBJECT IDENTIFIER   ::= {   id-kp   2   }
-- TLS WWW client authentication
-- Key usage bits that may be consistent: digitalSignature
-- and/or keyAgreement
id-kp-codeSigning OBJECT IDENTIFIER   ::= {   id-kp   3   }
-- Signing of downloadable executable code
-- Key usage bits that may be consistent: digitalSignature
id-kp-emailProtection OBJECT IDENTIFIER   ::= {   id-kp   4   }
-- Email protection
-- Key usage bits that may be consistent: digitalSignature,
-- nonRepudiation, and/or (keyEncipherment or keyAgreement)
id-kp-timeStamping OBJECT IDENTIFIER   ::= {   id-kp   8   }
-- Binding the hash of an object to a time
-- Key usage bits that may be consistent: digitalSignature
-- and/or nonRepudiation
id-kp-OCSPSigning OBJECT IDENTIFIER   ::= {   id-kp   9   }
-- Signing OCSP responses
-- Key usage bits that may be consistent: digitalSignature
-- and/or nonRepudiation
 CRL Distribution Points   Section 4.2.1.13 Up 
id-ce-cRLDistributionPoints   OBJECT IDENTIFIER   ::=   {   id-ce   31   }
CRLDistributionPoints::= SEQUENCE   SIZE (1..MAX)   OF   DistributionPoint
DistributionPoint::= SEQUENCE   {
distributionPoint [0]   DistributionPointName   OPTIONAL,
reasons [1]   ReasonFlags   OPTIONAL,
cRLIssuer [2]   GeneralNames   OPTIONAL
}
DistributionPointName::= CHOICE   {
fullName [0]   GeneralNames,
nameRelativeToCRLIssuer [1]   RelativeDistinguishedName
}
ReasonFlags::= BIT STRING   {
unused (0),
keyCompromise (1),
cACompromise (2),
affiliationChanged (3),
superseded (4),
cessationOfOperation (5),
certificateHold (6),
privilegeWithdrawn (7),
aACompromise (8)
}
 Inhibit Any-Policy   Section 4.2.1.14 Up 
id-ce-inhibitAnyPolicy   OBJECT IDENTIFIER   ::=   {   id-ce   54   }
InhibitAnyPolicy::= SkipCerts
 Freshest CRL same OID and syntax as for the CRL Extension   Section 4.2.1.15 Up 
FreshestCRL::= CRLDistributionPoints
# Certificate     # Standard Certificate Extensions     # Private Certificate Extensions
# CRL     # CRL Extensions     # CRL Entry Extensions     # Naming     # Algorithm Identifiers 
 Private Internet Certificate Extensions   Section 4.2.2 Top 
Authority Information Access    # Subject Information Access
id-pkixOBJECT IDENTIFIER   ::=  
  {   iso(1)   identified-organization(3)   dod(6)   internet(1)   security(5)   mechanisms(5)   pkix(7)   }
id-peOBJECT IDENTIFIER   ::=   {   id-pkix   1   }   -- arc for private certificate extensions
 Authority Information Access   Section 4.2.2.1 Up 
id-pe-authorityInfoAccess   OBJECT IDENTIFIER   ::=   {   id-pe   1   }
AuthorityInfoAccessSyntax::= SEQUENCE   SIZE (1..MAX)   OF   AccessDescription
AccessDescription::= SEQUENCE   {
accessMethod OBJECT IDENTIFIER,
accessLocation GeneralName
}
id-adOBJECT IDENTIFIER   ::=   {   id-pkix   48   }
id-ad-caIssuersOBJECT IDENTIFIER   ::=   {   id-ad   2   }
id-ad-ocspOBJECT IDENTIFIER   ::=   {   id-ad   1   }
 Subject Information Access   Section 4.2.2.2 Up 
id-pe-subjectInfoAccess   OBJECT IDENTIFIER   ::=   {   id-pe   11   }
SubjectInfoAccessSyntax::= SEQUENCE   SIZE (1..MAX)   OF   AccessDescription
# Certificate     # Standard Certificate Extensions     # Private Certificate Extensions
# CRL     # CRL Extensions     # CRL Entry Extensions     # Naming     # Algorithm Identifiers 
 CRL – Certificate Revocation List   Section 5.1 Top 
CertificateList    # TBSCertList
 Certificate List   Section 5.1.1 Up 
CertificateList::= SEQUENCE   {
tbsCertList TBSCertList,
signatureAlgorithm AlgorithmIdentifier, --   Section 5.1.1.2
signatureValue BIT STRING --   Section 5.1.1.3
}
 Certificate List "To Be Signed"   Section 5.1.2 Up 
TBSCertList::= SEQUENCE   {
version Version   OPTIONAL,
-- if present, MUST be v2
signature AlgorithmIdentifier,
issuer Name,
thisUpdate Time,
nextUpdate Time   OPTIONAL,
revokedCertificates SEQUENCE OF   SEQUENCE   {
userCertificate CertificateSerialNumber,
revocationDate Time,
crlEntryExtensions Extensions   OPTIONAL
-- if present, version MUST be v2
}   OPTIONAL,
crlExtensions [0] EXPLICIT   Extensions   OPTIONAL
-- if present, version MUST be v2
}
# Certificate     # Standard Certificate Extensions     # Private Certificate Extensions
# CRL     # CRL Extensions     # CRL Entry Extensions     # Naming     # Algorithm Identifiers 
 CRL Extensions   Section 5.2 Top 
Authority Key Identifier    # Issuer Alternative Name    # CRL Number    # Delta CRL Indicator   
Issuing Distribution Point    # Freshest CRL    # Authority Information Access
 Authority Key Identifier   same syntax as for the Certificate Extension Section 5.2.1 Up 
 CRL Number   Section 5.2.3 Up 
id-ce-cRLNumberOBJECT IDENTIFIER   ::=   {   id-ce   20   }
CRLNumber::= INTEGER (0..MAX)
 Delta CRL Indicator   Section 5.2.4 Up 
id-ce-deltaCRLIndicatorOBJECT IDENTIFIER   ::=   {   id-ce   27   }
BaseCRLNumber::= CRLNumber
 Issuing Distribution Point   Section 5.2.5 Up 
id-ce-issuingDistributionPointOBJECT IDENTIFIER   ::=   {   id-ce   29   }
issuingDistributionPoint::= SEQUENCE   {
distributionPoint [0]   DistributionPointName   OPTIONAL,
onlyContainsUserCerts [1]   BOOLEAN   DEFAULT   FALSE,
onlyContainsCACerts [2]   BOOLEAN   DEFAULT   FALSE,
onlySomeReasons [3]   ReasonFlags   OPTIONAL,
indirectCRL [4]   BOOLEAN   DEFAULT   FALSE,
onlyContainsAttributeCerts [5]   BOOLEAN   DEFAULT   FALSE
}
 Freshest CRL (a.k.a. Delta CRL Distribution Point)   Section 5.2.6 Up 
id-ce-cRLNumberOBJECT IDENTIFIER   ::=   {   id-ce   46   }
FreshestCRL::= CRLDistributionPoints
 Authority Information Access   same syntax as for the Certificate Extension Section 5.2.7 Up 
# Certificate     # Standard Certificate Extensions     # Private Certificate Extensions
# CRL     # CRL Extensions     # CRL Entry Extensions     # Naming     # Algorithm Identifiers 
 CRL Entry Extensions   Section 5.3 Top 
Reason Code    # Invalidity Date    # Certificate Issuer
 Reason Code   Section 5.3.1 Up 
id-ce-cRLReason   OBJECT IDENTIFIER   ::=   {   id-ce   21   }
CRLReason::= ENUMERATED {
unspecified (0),
keyCompromise (1),
cACompromise (2),
affiliationChanged (3),
superseded (4),
cessationOfOperation (5),
certificateHold (6),
removeFromCRL (8),
privilegeWithdrawn (9),
aACompromise (10)
}
 Invalidity Date   Section 5.3.2 Up 
id-ce-id-ce-invalidityDate   OBJECT IDENTIFIER   ::=   {   id-ce   24   }
invalidityDate::= GeneralizedTime
 Certificate Issuer   Section 5.3.3 Up 
id-ce-certificateIssuer   OBJECT IDENTIFIER   ::=   {   id-ce   29   }
certificateIssuer::= GeneralNames
# Certificate     # Standard Certificate Extensions     # Private Certificate Extensions
# CRL     # CRL Extensions     # CRL Entry Extensions     # Naming     # Algorithm Identifiers 
 Naming   Section 4.1.2.4 Top 
Name    # RelativeDistinguishedName    # DirectoryString   
-- Arc for standard naming attributes
id-at   OBJECT IDENTIFIER   ::=   {   joint-iso-ccitt(2)   ds(5)   4     }
 Name   Up 
Name::= CHOICE   { -- only one possibility for now --
rdnSequence RDNSequence
}
RDNSequence::= SEQUENCE OF   RelativeDistinguishedName
 Relative Distinguished Name   Up 
RelativeDistinguishedName::= SET   SIZE (1 .. MAX)   OF   AttributeTypeAndValue
AttributeTypeAndValue::= SEQUENCE   {
type AttributeType,
value AttributeValue
}
AttributeType::= OBJECT IDENTIFIER
AttributeValue::= ANY   -- DEFINED BY AttributeType
 Directory String   Up 
DirectoryString::= CHOICE   {
teletexString TeletexString   (SIZE (1..MAX)),
printableString PrintableString   (SIZE (1..MAX)),
universalString UniversalString   (SIZE (1..MAX)),
utf8String UTF8String   (SIZE (1..MAX)),
bmpString BMPString   (SIZE (1..MAX))
}
# Certificate     # Standard Certificate Extensions     # Private Certificate Extensions
# CRL     # CRL Extensions     # CRL Entry Extensions     # Naming     # Algorithm Identifiers 
 Algorithm Identifiers   Section 4.1.1.2 Top 
One-way Hash Functions    # DSA Keys and Signatures    # RSA Keys and Signatures    #  Diffie-Hellman Keys    # KEA Keys   
Elliptic Curve Keys, Signatures, and Curves
AlgorithmIdentifier::= SEQUENCE   {
algorithm OBJECT IDENTIFIER,
parameters ANY   DEFINED BY   algorithm   OPTIONAL
   -- contains a value of the type
   -- registered for use with the
   -- algorithm object identifier value
}
 One-way Hash Functions   RFC 3279 Section 2.1
Section 2.2.1
Up 
md2OBJECT IDENTIFIER   ::=   {   iso(1)   member-body(2)   us(840)   rsadsi(113549)   digestAlgorithm(2)   2   }
md5OBJECT IDENTIFIER   ::=   {   iso(1)   member-body(2)   us(840)   rsadsi(113549)   digestAlgorithm(2)   5   }
id-sha1OBJECT IDENTIFIER   ::=   {   iso(1)   identified-organization(3)   oiw(14)   secsig(3)   algorithms(2)   26   }
 DSA Keys and Signatures   Up 
-- OID for DSA public key
id-dsaOBJECT IDENTIFIER   ::=   {
   iso(1)   member-body(2)   us(840)   x9-57(10040)   x9algorithm(4)   1
}
-- encoding for DSA public key
DSAPublicKey::= INTEGER -- public key, y
Dss-Parms::= SEQUENCE   {
p INTEGER,
q INTEGER,
g INTEGER
}
-- OID for DSA signature generated with SHA-1 hash
id-dsa-with-sha1OBJECT IDENTIFIER   ::=   {
   iso(1)   member-body(2)   us(840)   x9-57(10040)   x9algorithm(4)   3
}
-- encoding for DSA signature generated with SHA-1 hash
Dss-Sig-Value::= SEQUENCE   {
r INTEGER,
s INTEGER
}
 RSA Keys and Signatures   Up 
-- arc for RSA public key and RSA signature OIDs
pkcs-1OBJECT IDENTIFIER   ::=   {
   iso(1)   member-body(2)   us(840)   rsadsi(113549)   pkcs(1)   1
}
-- OID for RSA public keys
rsaEncryptionOBJECT IDENTIFIER   ::=   {
   pkcs-1   1
}
-- OID for RSA signature generated with MD2 hash
md2WithRSAEncryptionOBJECT IDENTIFIER   ::=   {
   pkcs-1   2
}
-- OID for RSA signature generated with MD5 hash
md5WithRSAEncryptionOBJECT IDENTIFIER   ::=   {
   pkcs-1   4
}
-- OID for RSA signature generated with SHA-1 hash
sha1WithRSAEncryptionOBJECT IDENTIFIER   ::=   {
   pkcs-1   5
}
-- encoding for RSA public key
RSAPublicKey::= SEQUENCE   {
modulus INTEGER, -- n
publicExponent INTEGER -- e
}
 Diffie-Hellman Keys   Up 
dhpublicnumberOBJECT IDENTIFIER   ::=   {
   iso(1)   member-body(2)   us(840)   ansi-x942(10046)   number-type(2)   1
}
-- encoding for DH public key
DHPublicKey::= INTEGER -- public key, y = g^x mod p
DomainParameters::= SEQUENCE   {
p INTEGER, -- odd prime, p=jq +1
g INTEGER, -- generator, g
q INTEGER, -- factor of p-1
j INTEGER OPTIONAL,-- subgroup factor, j>= 2
validationParms ValidationParms OPTIONAL
}
ValidationParms::= SEQUENCE   {
seed BIT STRING,
pgenCounter INTEGER
}
 KEA Keys   Up 
keyExchangeAlgorithmOBJECT IDENTIFIER   ::=   {
   2   16   840   1   101   2   1   1   22
}
KEA-Parms-Id::= OCTET STRING
 Elliptic Curve Keys, Signatures, and Curves   Up