HTML Annotations, Copyright 1996, T.M.A. Lomas,
Computer Security Group,
University of Cambridge
Computer Laboratory.
All Rights Reserved.
These are based upon a protocol description issued 8th August 1996 by MasterCard and VISA, who we presume to retain copyright in the text of these documents.
Permission is granted to use or distribute these files provided this copyright information is preserved, and subject to any conditions imposed by MasterCard and VISA.
1290 SetCertificate DEFINITIONS EXPLICIT TAGS ::= BEGIN
1291
1292 --
1293 -- This module defines types for CRL and X.509v3 certificate support.
1294 --
1295
1296 -- EXPORTS All;
1297
1298 IMPORTS
1299
1300 AlgorithmIdentifier, Name
1301 FROM SetAttribute
1302
1303 Extensions
1304 FROM SetCertificateExtensions
1305
1306 id-sha1-with-rsa-signature
1307 FROM SetPKCS7Plus;
1308
1309
1310 UnsignedCertificate ::= SEQUENCE {
1311 version [0] CertificateVersion,
1312 serialNumber CertificateSerialNumber,
1313 signature SignatureAlgorithmIdentifier,
1314 issuer Name,
1315 validity Validity,
1316 subject Name,
1317 subjectPublicKeyInfo SubjectPublicKeyInfo,
1318 issuerUniqueID [1] IMPLICIT UniqueIdentifier OPTIONAL,
1319 subjectUniqueID [2] IMPLICIT UniqueIdentifier OPTIONAL,
1320 extensions [3] Extensions -- Required for SET usage
1321 }
1322
1323 CertificateVersion ::= INTEGER { ver3(2) } ( ver3 )
1324
1325 CertificateSerialNumber ::= INTEGER( 0..MAX )
1326
1327 -- Compute the encrypted hash of this value if issuing a certificate,
1328 -- or recompute the issuer's signature on this value if validating a
1329 -- certificate.
1330 --
1331 EncodedCertificate ::= TYPE-IDENTIFIER.&Type (UnsignedCertificate)
1332
1333 Certificate::= SIGNED {
1334 EncodedCertificate
1335 } ( CONSTRAINED BY { -- Verify Or Sign Certificate -- } )
1336
1337 SIGNED { ToBeSigned } ::= SEQUENCE {
1338 toBeSigned ToBeSigned,
1339 algorithm SignatureAlgorithmIdentifier,
1340 signature BIT STRING
1341 }
1342
1343 Validity ::= SEQUENCE {
1344 notBefore UTCTime, -- Not valid before this date
1345 notAfter UTCTime -- Not valid after this date
1346 }
1347
1348 UniqueIdentifier ::= BIT STRING -- Not used in the SET protocol
1349
1350 SubjectPublicKeyInfo ::= SEQUENCE {
1351 algorithm AlgorithmIdentifier,
1352 subjectPublicKey BIT STRING
1353 }
1354
1355 SIGNATURE-ALGORITHM ::= TYPE-IDENTIFIER
1356
1357 SignatureAlgorithmIdentifier ::= SEQUENCE {
1358 algorithm SIGNATURE-ALGORITHM.&id({SupportedSignatureAlgorithms}),
1359 parameters SIGNATURE-ALGORITHM.&Type({SupportedSignatureAlgorithms}
1360 {@algorithm}) OPTIONAL
1361 }
1362
1363 SupportedSignatureAlgorithms SIGNATURE-ALGORITHM ::= {
1364 sha1-with-rsa-signature
1365 }
1366
1367 sha1-with-rsa-signature SIGNATURE-ALGORITHM ::= {
1368 NULL IDENTIFIED BY id-sha1-with-rsa-signature }
1369
1370
1371 END