PKCS-12 {iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1)
                 pkcs-12(12) modules(0)  pkcs-12(1)}

-- $Id$

DEFINITIONS IMPLICIT TAGS ::=

BEGIN

-- EXPORTS ALL
-- All types and values defined in this module is exported for use in
-- other ASN.1 modules. 

IMPORTS

informationFramework
        FROM UsefulDefinitions {joint-iso-itu-t(2) ds(5) module(1)
        usefulDefinitions(0) 3}

Attribute
	FROM InformationFramework informationFramework

ContentInfo, --DigestInfo-- Digest, DigestAlgorithmIdentifier
	FROM PKCS-7 {iso(1) member-body(2) us(840) rsadsi(113549)
	pkcs(1) pkcs-7(7) modules(0) pkcs-7(1)}

--PrivateKeyInfo, EncryptedPrivateKeyInfo
--	FROM PKCS-8 {iso(1) member-body(2) us(840) rsadsi(113549)
--	pkcs(1) pkcs-8(8) modules(1) pkcs-8(1)}
--
--pkcs-9, friendlyName, localKeyId, certTypes, crlTypes
--	FROM PKCS-9 {iso(1) member-body(2) us(840) rsadsi(113549)
--	pkcs(1) pkcs-9(9) modules(0) pkcs-9(1) };--

-- A PKCS#8 IMPORT from below
AlgorithmIdentifier, ALGORITHM-IDENTIFIER
        FROM PKCS-5 {iso(1) member-body(2) us(840) rsadsi(113549)
        pkcs(1) pkcs-5(5) modules(16) pkcs-5(1)};


-- Object identifiers

--rsadsi	OBJECT IDENTIFIER ::= {iso(1) member-body(2) us(840) rsadsi(113549)}
--pkcs    OBJECT IDENTIFIER ::= {rsadsi pkcs(1)}
--pkcs-12	OBJECT IDENTIFIER ::= {pkcs 12}
--pkcs-12PbeIds                  	OBJECT IDENTIFIER ::= {pkcs-12 1}
--pbeWithSHAAnd128BitRC4          OBJECT IDENTIFIER ::= {pkcs-12PbeIds 1}
--pbeWithSHAAnd40BitRC4           OBJECT IDENTIFIER ::= {pkcs-12PbeIds 2}
--pbeWithSHAAnd3-KeyTripleDES-CBC	OBJECT IDENTIFIER ::= {pkcs-12PbeIds 3}
--pbeWithSHAAnd2-KeyTripleDES-CBC	OBJECT IDENTIFIER ::= {pkcs-12PbeIds 4}
--pbeWithSHAAnd128BitRC2-CBC      OBJECT IDENTIFIER ::= {pkcs-12PbeIds 5}
--pbewithSHAAnd40BitRC2-CBC       OBJECT IDENTIFIER ::= {pkcs-12PbeIds 6}

--bagtypes			OBJECT IDENTIFIER ::= {pkcs-12 10 1}

-- The PFX PDU

PFX ::= SEQUENCE {
    	version		INTEGER {v3(3)}(v3,...),
    	authSafe	ContentInfo,
    	macData    	MacData OPTIONAL
}

MacData ::= SEQUENCE {
    	mac 		DigestInfo,
	macSalt	        OCTET STRING,
	iterations	INTEGER DEFAULT 1
-- Note: The default is for historical reasons and its use is
-- deprecated. A higher value, like 1024 is recommended.
}

-- Imported from PKCS#7
DigestInfo ::= SEQUENCE {
        digestAlgorithm DigestAlgorithmIdentifier,
        digest		Digest
}

AuthenticatedSafe ::= SEQUENCE OF ContentInfo
	-- Data if unencrypted
	-- EncryptedData if password-encrypted
	-- EnvelopedData if public key-encrypted

SafeContents ::= SEQUENCE OF SafeBag

SafeBag ::= SEQUENCE {
  	bagId	      	-- BAG-TYPE.&id ({PKCS12BagSet}) -- OBJECT IDENTIFIER,
  	bagValue      	[0] EXPLICIT --BAG-TYPE.&Type({PKCS12BagSet}{@bagId}) -- ANY,
  	bagAttributes 	SET OF PKCS12Attribute OPTIONAL
}

-- Bag types

--keyBag 	  BAG-TYPE ::= 
--	{KeyBag IDENTIFIED BY {bagtypes 1}}
--pkcs8ShroudedKeyBag BAG-TYPE ::=
--	{PKCS8ShroudedKeyBag IDENTIFIED BY {bagtypes 2}}
--certBag BAG-TYPE ::= 
--	{CertBag IDENTIFIED BY {bagtypes 3}}
--crlBag BAG-TYPE ::=
--	{CRLBag IDENTIFIED BY {bagtypes 4}}
--secretBag BAG-TYPE ::=    
--	{SecretBag IDENTIFIED BY {bagtypes 5}}
--safeContentsBag BAG-TYPE ::=
--	{SafeContents IDENTIFIED BY {bagtypes 6}}

--PKCS12BagSet BAG-TYPE ::= {
--	keyBag | 
--	pkcs8ShroudedKeyBag |
--	certBag |
--	crlBag | 
--	secretBag | 
--	safeContentsBag,
--	... - - For future extensions
--}

--BAG-TYPE ::= TYPE-IDENTIFIER

-- KeyBag

KeyBag ::= PrivateKeyInfo

-- Shrouded KeyBag

PKCS8ShroudedKeyBag ::= EncryptedPrivateKeyInfo

-- CertBag

CertBag ::= SEQUENCE {
	certId    --BAG-TYPE.&id   ({CertTypes}) -- OBJECT IDENTIFIER,
	certValue [0] EXPLICIT --BAG-TYPE.&Type ({CertTypes}{@certId})-- ANY
}

--x509Certificate BAG-TYPE ::=
--	{OCTET STRING IDENTIFIED BY {certTypes 1}}
	-- DER-encoded X.509 certificate stored in OCTET STRING
--sdsiCertificate BAG-TYPE ::=
--	{IA5String IDENTIFIED BY {certTypes 2}}
	-- Base64-encoded SDSI certificate stored in IA5String

--CertTypes BAG-TYPE ::= {
--	x509Certificate |
--	sdsiCertificate,
--	... - - For future extensions
--}

-- CRLBag

CRLBag ::= SEQUENCE {
	crlId     	--BAG-TYPE.&id ({CRLTypes})-- OBJECT IDENTIFIER,
	crlValue 	[0] EXPLICIT --BAG-TYPE.&Type ({CRLTypes}{@crlId})-- ANY
}

--x509CRL BAG-TYPE ::=
--	{OCTET STRING IDENTIFIED BY {crlTypes 1}}
	-- DER-encoded X.509 CRL stored in OCTET STRING

--CRLTypes BAG-TYPE ::= {
--	x509CRL,
--	... - - For future extensions
--}

-- Secret Bag

SecretBag ::= SEQUENCE {
	secretTypeId --BAG-TYPE.&id ({SecretTypes})-- OBJECT IDENTIFIER,
	secretValue  [0] EXPLICIT --BAG-TYPE.&Type ({SecretTypes}{@secretTypeId})-- ANY
}

--SecretTypes BAG-TYPE ::= {
--	... - - For future extensions
--}

-- Attributes

PKCS12Attribute ::= SEQUENCE {
	attrId	   	--ATTRIBUTE.&id ({PKCS12AttrSet})-- OBJECT IDENTIFIER,
	attrValues 	SET OF --ATTRIBUTE.&Type ({PKCS12AttrSet}{@attrId})-- ANY
} -- This type is compatible with the X.500 type 'Attribute'

--PKCS12AttrSet ATTRIBUTE ::= {
--	friendlyName |
--	localKeyId,
--	... - - Other attributes are allowed
--}

--END

-- We import PKCS#8 here directly rather than creating another dissector

--PKCS-8 {iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-8(8)
--        modules(1) pkcs-8(1)} 

-- $Revision: 1.5 $

-- This module has been checked for conformance with the ASN.1
-- standard by the OSS ASN.1 Tools

--DEFINITIONS IMPLICIT TAGS ::= 

--BEGIN

-- EXPORTS All --
-- All types and values defined in this module is exported for use in other
-- ASN.1 modules.

--IMPORTS

--informationFramework
--        FROM UsefulDefinitions {joint-iso-itu-t(2) ds(5) module(1)
--                                usefulDefinitions(0) 3} 

--Attribute
--        FROM InformationFramework informationFramework

--AlgorithmIdentifier, ALGORITHM-IDENTIFIER
--        FROM PKCS-5 {iso(1) member-body(2) us(840) rsadsi(113549)
--        pkcs(1) pkcs-5(5) modules(16) pkcs-5(1)};

-- Private-key information syntax

PrivateKeyInfo ::= SEQUENCE {
  version Version,
  privateKeyAlgorithm AlgorithmIdentifier --{{PrivateKeyAlgorithms}}--,
  privateKey PrivateKey,
  attributes [0] Attributes OPTIONAL }

Version ::= INTEGER {v1(0)} (v1,...)

PrivateKey ::= OCTET STRING

Attributes ::= SET OF Attribute

-- Encrypted private-key information syntax

EncryptedPrivateKeyInfo ::= SEQUENCE {
    encryptionAlgorithm AlgorithmIdentifier --{{KeyEncryptionAlgorithms}}--,
    encryptedData EncryptedData 
}

EncryptedData ::= OCTET STRING

--PrivateKeyAlgorithms ALGORITHM-IDENTIFIER ::= {
--    ... - - For local profiles
--}

--KeyEncryptionAlgorithms ALGORITHM-IDENTIFIER ::= {
--    ... - - For local profiles
--}

-- From RFC 2898
PBEParameter ::= SEQUENCE {
    salt		OCTET STRING,
    iterationCount 	INTEGER
}


PBKDF2Params ::= SEQUENCE {
    salt CHOICE {
        specified OCTET STRING,
	otherSource AlgorithmIdentifier --{{PBKDF2-SaltSources}}--
	},
    iterationCount INTEGER --(1..MAX)--,
    keyLength INTEGER (1..MAX) OPTIONAL,
    prf AlgorithmIdentifier --{{PBKDF2-PRFs}} DEFAULT algid-hmacWithSHA1-- OPTIONAL }

PBES2Params ::= SEQUENCE {
    keyDerivationFunc AlgorithmIdentifier --{{PBES2-KDFs}}--,
    encryptionScheme AlgorithmIdentifier --{{PBES2-Encs}}-- }

PBMAC1Params ::=  SEQUENCE {
    keyDerivationFunc AlgorithmIdentifier --{{PBMAC1-KDFs}}--,
    messageAuthScheme AlgorithmIdentifier --{{PBMAC1-MACs}}-- }


END