Public-Key Cryptography Standards #12

Format utilisé par Up ! Security Manager

Le format Public-Key Cryptography Standards #12 (PKCS#12) du laboratoire Rsa spécifie les conventions sur l'échange des informations personnelles.

La norme utilisée utilisée est Abstract Syntax Notation One (ASN.1) de l'International Telecommunication Union (ITU) compilée en Basic Encoding Rules (BER).

PKCS-12 {iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-12(12) modules(0) pkcs-12(1)}

-- This module has been checked for conformance with the ASN.1 standard by the OSS
-- ASN.1 Tools

DEFINITIONS IMPLICIT TAGS ::=

BEGIN
-- EXPORTS ALL
-- All types and values defined in this module is exported for use in other ASN.1 modules.

IMPORTS


-- Object identifiers
rsadsi OBJECT IDENTIFIER ::= {iso(1) member-body(2) us(840) rsadsi(113549)}
pkcs OBJECT IDENTIFIER ::= {rsadsi pkcs(1)}
pkcs-12 OBJECT IDENTIFIER ::= {pkcs 12}
pkcs-12PbeIds OBJECT IDENTIFIER ::= {pkcs-12 1}
pbeWithSHAAnd128BitRC4 OBJECT IDENTIFIER ::= {pkcs-12PbeIds 1}
pbeWithSHAAnd40BitRC4 OBJECT IDENTIFIER ::= {pkcs-12PbeIds 2}
pbeWithSHAAnd3-KeyTripleDES-CBC OBJECT IDENTIFIER ::= {pkcs-12PbeIds 3}
pbeWithSHAAnd2-KeyTripleDES-CB COBJECT IDENTIFIER ::= {pkcs-12PbeIds 4}
pbeWithSHAAnd128BitRC2-CBC OBJECT IDENTIFIER ::= {pkcs-12PbeIds 5}
pbewithSHAAnd40BitRC2-CBC OBJECT IDENTIFIER ::= {pkcs-12PbeIds 6}
bagtypes OBJECT IDENTIFIER ::= {pkcs-12 10 1}

-- The PFX PDU
PFX ::= SEQUENCE
-- Point d'entree de l'echange des informations personnelles.

MacData ::= SEQUENCE -- Information pour la signature par l'algorithme Hmac.

AuthenticatedSafe ::= SEQUENCE OF ContentInfo
-- Data if unencrypted
-- EncryptedData if password-encrypted
-- EnvelopedData if public key-encrypted

SafeContents ::= SEQUENCE OF SafeBag
SafeBag ::= SEQUENCE
-- Piece d'information telle une cle, un certificat, etc.

-- Bag types
keyBag BAG-TYPE ::= {KeyBag IDENTIFIED BY {bagtypes 1}}
pkcs-8ShroudedKeyBag BAG-TYPE ::= {PKCS8ShroudedKeyBag IDENTIFIED BY {bagtypes 2}}
certBag BAG-TYPE ::= {CertBag IDENTIFIED BY {bagtypes 3}}
crlBag BAG-TYPE ::= {CRLBag IDENTIFIED BY {bagtypes 4}}
secretBag BAG-TYPE ::= {SecretBag IDENTIFIED BY {bagtypes 5}}
safeContentsBag BAG-TYPE ::= {SafeContents IDENTIFIED BY {bagtypes 6}}

PKCS12BagSet BAG-TYPE ::=
BAG-TYPE ::= TYPE-IDENTIFIER

-- KeyBag
KeyBag ::= PrivateKeyInfo
-- Contient une cle privee au format PCKS#8.PrivateKeyInfo.

-- Shrouded KeyBag
PKCS8ShroudedKeyBag ::= EncryptedPrivateKeyInfo
-- Contient une cle privee au format PCKS#8.PrivateKeyInfo qui a ete encryptee.

-- CertBag
CertBag ::= SEQUENCE
-- Contient un certificat.

x509Certificate BAG-TYPE ::= { OCTET STRING IDENTIFIED BY {certTypes 1}}
-- DER-encoded X.509 certificate stored in OCTET STRING

sdsiCertificate BAG-TYPE ::= {IA5String IDENTIFIED BY {certTypes 2}}
-- Base64-encoded SDSI certificate stored in IA5String

CertTypes BAG-TYPE ::=
-- CRLBag
CRLBag ::= SEQUENCE
-- Contient une liste de revocation de certificats.

x509CRL BAG-TYPE ::= { OCTET STRING IDENTIFIED BY {certTypes 1}}
-- DER-encoded X.509 CRL stored in OCTET STRING

CRLTypes BAG-TYPE ::=
-- Secret Bag
SecretBag ::= SEQUENCE
-- Contient un secret provenant des informations personnelles.

SecretTypes BAG-TYPE ::= { ... -- For future extensions }
-- Attributes

PKCS12Attribute ::= SEQUENCE
-- Attributs lisibles associes a une cle.
-- This type is compatible with the X.500 type ’Attribute’

PKCS12AttrSet ATTRIBUTE ::=
END

Algorithme utilisé par Up ! Security Manager

Voici l'algorithme d'exportation des informations personnelles :

De plus :