Controls::=SEQUENCESIZE(1..MAX)OFAttributeTypeAndValue
AttributeTypeAndValue::=SEQUENCE{
typeOBJECTIDENTIFIER,
valueANYDEFINEDBYtype}
ProofOfPossession::=CHOICE{
raVerified[0]NULL,
--usediftheRAhasalreadyverifiedthattherequesterisin
--possessionoftheprivatekey
signature[1]POPOSigningKey,
keyEncipherment[2]POPOPrivKey,
keyAgreement[3]POPOPrivKey}
POPOSigningKey::=SEQUENCE{
poposkInput[0]POPOSigningKeyInputOPTIONAL,
algorithmIdentifierAlgorithmIdentifier,
signatureBITSTRING}
--Thesignature(using"algorithmIdentifier")isonthe
--DER-encodedvalueofpoposkInput.NOTE:IftheCertReqMsg
--certReqCertTemplatecontainsthesubjectandpublicKeyvalues,
--thenpoposkInputMUSTbeomittedandthesignatureMUSTbe
--computedontheDER-encodedvalueofCertReqMsgcertReq.If
--theCertReqMsgcertReqCertTemplatedoesnotcontainthepublic
--keyandsubjectvalues,thenpoposkInputMUSTbepresentand
--MUSTbesigned.Thisstrategyensuresthatthepublickeyis
--notpresentinboththepoposkInputandCertReqMsgcertReq
--CertTemplatefields.
POPOSigningKeyInput::=SEQUENCE{
authInfoCHOICE{
sender[0]GeneralName,
--usedonlyifanauthenticatedidentityhasbeen
--establishedforthesender(e.g.,aDNfroma
--previously-issuedandcurrently-validcertificate
publicKeyMACPKMACValue},
--usedifnoauthenticatedGeneralNamecurrentlyexistsfor
--thesender;publicKeyMACcontainsapassWord-basedMAC
--ontheDER-encodedvalueofpublicKey
publicKeySubjectPublicKeyInfo}--fromCertTemplate
PKMACValue::=SEQUENCE{
algIdAlgorithmIdentifier,
--algorithmvalueshallbePasswordBasedMac{1284011353376613}
--parametervalueisPBMParameter
valueBITSTRING}
PBMParameter::=SEQUENCE{
saltOCTETSTRING,
owfAlgorithmIdentifier,
--AlgIdforaOne-WayFunction(SHA-1recommended)
iterationCountINTEGER,
--numberoftimestheOWFisapplied
macAlgorithmIdentifier
--theMACAlgId(e.g.,DES-MAC,Triple-DES-MAC[PKCS11],
}--orHMAC[RFC2104,RFC2202])
POPOPrivKey::=CHOICE{
thisMessage[0]BITSTRING,
--posessionisproveninthismessage(whichcontainstheprivate
--keyitself(encryptedfortheCA))
subsequentMessage[1]SubsequentMessage,
--possessionwillbeproveninasubsequentmessage
dhMAC[2]BITSTRING}
--forkeyAgreement(only),possessionisproveninthismessage
--(whichcontainsaMAC(overtheDER-encodedvalueofthe
--certReqparameterinCertReqMsg,whichMUSTincludebothsubject
--andpublicKey)basedonakeyderivedfromtheendentity"s
--privateDHkeyandtheCA"spublicDHkey);
--thedhMACvalueMUSTbecalculatedASPerthedirectionsgiven
--inAppendixA.
SubsequentMessage::=INTEGER{
encrCert(0),
--requeststhatresultingcertificatebeencryptedforthe
--endentity(followingwhich,POPwillbeprovenina
--confirmationmessage)
challengeResp(1)}
--requeststhatCAengageinchallenge-responseexchangewith
--endentityinordertoproveprivatekeypossession
--Objectidentifierassignments--
id-pkixOBJECTIDENTIFIER::={iso(1)identified-organization(3)
dod(6)internet(1)security(5)mechanisms(5)7}
--arcforInternetX.509PKIprotocolsandtheircomponents
id-pkipOBJECTIDENTIFIER::={id-pkix5}
--RegistrationControlsinCRMF
id-regCtrlOBJECTIDENTIFIER::={id-pkip1}
--Thefollowingdefinitionmaybeuncommentedforusewith
--ASN.1compilerswhichdonotunderstandUTF8String.
--UTF8String::=[UNIVERSAL12]IMPLICITOCTETSTRING
id-regCtrl-regTokenOBJECTIDENTIFIER::={id-regCtrl1}
--withsyntax:
RegToken::=UTF8String
id-regCtrl-authenticatorOBJECTIDENTIFIER::={id-regCtrl2}
--withsyntax:
Authenticator::=UTF8String
id-regCtrl-pkiPublicationInfoOBJECTIDENTIFIER::={id-regCtrl3}
--withsyntax:
PKIPublicationInfo::=SEQUENCE{
actionINTEGER{
dontPublish(0),
pleasePublish(1)},
推荐阅读
- win7系统中提示未授予用户在此计算机上的请求登录类型的具体处理方法
- 升级iOS8一直显示已请求更新解决方法
- 学历证书是毕业证吗 学历证书是不是毕业证
- 消防员需要考应急救援员证书吗
- 一建报考条件有哪些
- 中级职业资格证书有什么用
- 辅修专业证书有用吗
- 作品登记证书是版权吗
- 请求注解 RFC介绍
- 如何考取cpr证书