SignedData ::= SEQUENCE {
version INTEGER {sdVer1(1), sdVer2(2)} (sdVer1 | sdVer2),
digestAlgorithms DigestAlgorithmIdentifiers,
contentInfo ContentInfo,
certificates CHOICE {
certSet [0] IMPLICIT ExtendedCertificatesAndCertificates,
certSequence [2] IMPLICIT Certificates
} OPTIONAL,
crls CHOICE {
crlSet [1] IMPLICIT CertificateRevocationLists,
crlSequence [3] IMPLICIT CRLSequence
} OPTIONAL,
signerInfos SignerInfos
}
Version ::= INTEGER
DigestAlgorithmIdentifiers ::= CHOICE {
daSet SET OF DigestAlgorithmIdentifier,
daSequence SEQUENCE OF DigestAlgorithmIdentifier
}
DigestAlgorithmIdentifier ::= AlgorithmIdentifier
ContentInfo ::= SEQUENCE {
contentType ContentType,
content [0] EXPLICIT CONTENTS.&Type({Contents}{@contentType})
OPTIONAL
}
CONTENTS ::= TYPE-IDENTIFIER
Contents CONTENTS ::= {
{Data IDENTIFIED BY data} |
{SignedData IDENTIFIED BY signedData} |
{EnvelopedData IDENTIFIED BY envelopedData} |
{SignedAndEnvelopedData IDENTIFIED BY signedAndEnvelopedData} |
{DigestedData IDENTIFIED BY digestedData} |
{EncryptedData IDENTIFIED BY encryptedData},
... -- add any application-specific types/contents here
}
ContentType ::= CONTENTS.&id({Contents})
Data ::= OCTET STRING
ExtendedCertificatesAndCertificates ::= SET OF ExtendedCertificateOrCertificateExtendedCertificateOrCertificate ::= CHOICE {
certificate Certificate, -- X.509
extendedCertificate [0] IMPLICIT ExtendedCertificate -- PKCS#6
}
ExtendedCertificate ::= Certificate -- cheating
CertificateRevocationLists ::= SET OF CertificateList
CRLSequence ::= SEQUENCE OF CertificateList
Certificates ::= SEQUENCE OF Certificate
AlgorithmIdentifier {ALGORITHM:IOSet} ::= SEQUENCE {
algorithm ALGORITHM.&id({IOSet}),
parameters ALGORITHM.&Type({IOSet}{@algorithm}) OPTIONAL
}
Attribute { ATTRIBUTE:IOSet } ::= SEQUENCE {
type ATTRIBUTE.&id({IOSet}),
values SET SIZE (1..MAX) OF ATTRIBUTE.&Type({IOSet}{@type})
}
SignerInfos ::= CHOICE {
siSet SET OF SignerInfo,
siSequence SEQUENCE OF SignerInfo
}
SignerInfo ::= SEQUENCE {
version INTEGER {siVer1(1), siVer2(2)} (siVer1 | siVer2),
issuerAndSerialNumber IssuerAndSerialNumber,
digestAlgorithm DigestAlgorithmIdentifier,
authenticatedAttributes CHOICE {
aaSet [0] IMPLICIT SET OF Attribute {{Authenticated}},
aaSequence [2] EXPLICIT SEQUENCE OF Attribute {{Authenticated}}
-- Explicit because easier to compute digest on sequence of attributes and then reuse
-- encoded sequence in aaSequence.
} OPTIONAL,
digestEncryptionAlgorithm DigestEncryptionAlgorithmIdentifier,
encryptedDigest EncryptedDigest,
unauthenticatedAttributes CHOICE {
uaSet [1] IMPLICIT SET OF Attribute {{Unauthenticated}},
uaSequence [3] IMPLICIT SEQUENCE OF Attribute {{Unauthenticated}}
} OPTIONAL
}
IssuerAndSerialNumber ::= SEQUENCE {
issuer Name,
serialNumber CertificateSerialNumber
}
DigestEncryptionAlgorithmIdentifier ::= AlgorithmIdentifier
EncryptedDigest ::= OCTET STRING