GB/Z 19717—2005基于多用途互聯網郵件擴展(MIME)的安全報文交換附 錄 A
ExtendedSecurityServices
{ iso(1) member-body(2) us(840) rsadsi(113549)
pkcs(1) pkcs-9(9) smime(16) modules(0) ess(2) }DEFINITIONS IMPLICIT TAGS ::=
BEGIN
IMPORTS
——密碼報文語法 (CMS)
CryptographicMessageSyntax { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) modules(0) cms(1)}中的ContentType, IssuerAndSerialNumber, ubjectKeyIdentifier——PKIX 證書和CRL 框架Sec A.2 隱藏標記模式,
——1988語法
PKIX1Implicit88 {iso(1) identified-organization(3) dod(6) internet(1) security(5) mechanisms(5) pkix(7)id-mod(0) id-pkix1-implicit-88(2)} 中的PolicyInformation——X.509
CertificateExtensions{joint-iso-ccitt ds(5) module(1) certificateExtensions(26) 0}中的 GeneralNames, CertificateSerialNumber;——擴展安全服務
——在本模塊中,“SEQUENCE SIZE (1..MAX) OF”結構出現在幾個 ASN.1結構中。一個有效的 ASN.1 SEQUENCE 可以是零或更多項。SIZE (1..MAX) 結構將 SEQUENCE 限定為至少有1項。 MAX 表示沒有規定上限。
——具體實現可以自由選擇適合各自環境的上限。
UTF8String ::= [UNIVERSAL 12] IMPLICIT OCTET STRING
—— 在 [UTF8] 中介紹內容的格式。
——收據請求語法(Receipt Request Syntax)
ReceiptRequest ::= SEQUENCE {
signedContentIdentifier ContentIdentifier,
receiptsFrom ReceiptsFrom,
receiptsTo SEQUENCE SIZE (1..ub-receiptsTo)) OF GeneralNames }
ub-receiptsTo INTEGER ::= 16
id-aa-receiptRequest OBJECT IDENTIFIER ::= { iso(1) member-body(2)
us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) id-aa(2) 1}ContentIdentifier ::= OCTET STRING
id-aa-contentIdentifier OBJECT IDENTIFIER ::= { iso(1) member-body(2)
us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) id-aa(2) 7}ReceiptsFrom ::= CHOICE {
allOrFirstTier [0] AllOrFirstTier,
-- formerly "allOrNone [0]AllOrNone"
receiptList [1] SEQUENCE OF GeneralNames }AllOrFirstTier ::= INTEGER { – Formerly AllOrNone
allReceipts (0),
firstTierRecipients (1) }——收據語法(Receipt Syntax)
Receipt ::= SEQUENCE {
version ESSVersion,
contentType ContentType,
signedContentIdentifier ContentIdentifier,
originatorSignatureValue OCTET STRING }
id-ct-receipt OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840)
rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) id-ct(1) 1}
ESSVersion ::= INTEGER { v1(1) }
——內容線索(Content Hints)
ContentHints ::= SEQUENCE {
contentDescription UTF8String (SIZE (1..MAX)) OPTIONAL,
contentType ContentType }
id-aa-contentHint OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840)
rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) id-aa(2) 4}
——報文簽名摘要屬性(Message Signature Digest Attribute)
msgSigDigest ::= OCTET STRING
id-aa-msgSigDigest OBJECT IDENTIFIER ::= { iso(1) member-body(2)
us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) id-aa(2) 5}——簽字內容參考屬性(Signed Content Reference Attribute)
ContentReference ::= SEQUENCE {
contentType ContentType,
signedContentIdentifier ContentIdentifier,
originatorSignatureValue OCTET STRING }
id-aa-contentReference OBJECT IDENTIFIER ::= { iso(1) member-body(2)
us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) id-aa(2) 10 }——eSSSecurityLabel語法(Syntax of eSSSecurityLabel)
ESSSecurityLabel ::= SET {
security-policy-identifier SecurityPolicyIdentifier,
security-classification SecurityClassification OPTIONAL,
privacy-mark ESSPrivacyMark OPTIONAL,
security-categories SecurityCategories OPTIONAL }
id-aa-securityLabel OBJECT IDENTIFIER ::= { iso(1) member-body(2)
us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) id-aa(2) 2}SecurityPolicyIdentifier ::= OBJECT IDENTIFIER
SecurityClassification ::= INTEGER {
unmarked (0),
unclassified (1),
restricted (2),
confidential (3),
secret (4),
top-secret (5) } (0..ub-integer-options)
ub-integer-options INTEGER ::= 256
ESSPrivacyMark ::= CHOICE {
pString PrintableString (SIZE (1..ub-privacy-mark-length)),
utf8String UTF8String (SIZE (1..MAX))}
ub-privacy-mark-length INTEGER ::= 128
SecurityCategories ::= SET SIZE (1..ub-security-categories) OF
SecurityCategoryub-security-categories INTEGER ::= 64
SecurityCategory ::= SEQUENCE {
type [0] OBJECT IDENTIFIER,
value [1] ANY DEFINED BY type – defined by type
}
——注:上述 SecurityCategory 句法生成的十六位編碼與 X.411 規范提供的以下 SecurityCategory 句法所生成的十六進制編碼相同:
–
–SecurityCategory ::= SEQUENCE {
– type [0] SECURITY-CATEGORY,
– value [1] ANY DEFINED BY type }
–
–SECURITY-CATEGORY MACRO ::=
–BEGIN
–TYPE NOTATION ::= type | empty
–VALUE NOTATION ::= value (VALUE OBJECT IDENTIFIER)
–END
——安全標簽的等價物(Equivalent Security Labels)
EquivalentLabels ::= SEQUENCE OF ESSSecurityLabel
id-aa-equivalentLabels OBJECT IDENTIFIER ::= { iso(1) member-body(2)
us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) id-aa(2) 9}——郵件列表擴展歷史語法(Mail List Expansion History Syntax)
MLExpansionHistory ::= SEQUENCE
SIZE (1..ub-ml-expansion-history) OF MLDataid-aa-mlExpandHistory OBJECT IDENTIFIER ::= { iso(1) member-body(2)
us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) id-aa(2) 3}ub-ml-expansion-history INTEGER ::= 64
MLData ::= SEQUENCE {
mailListIdentifier EntityIdentifier,
expansionTime GeneralizedTime,
mlReceiptPolicy MLReceiptPolicy OPTIONAL }
EntityIdentifier ::= CHOICE {
issuerAndSerialNumber IssuerAndSerialNumber,
subjectKeyIdentifier SubjectKeyIdentifier }
MLReceiptPolicy ::= CHOICE {
none [0] NULL,
insteadOf [1] SEQUENCE SIZE (1..MAX) OF GeneralNames,
inAdditionTo [2] SEQUENCE SIZE (1..MAX) OF GeneralNames }
——簽字證書屬性定義(Signing Certificate Attribute Definition)
SigningCertificate ::= SEQUENCE {
certs SEQUENCE OF ESSCertID,
policies SEQUENCE OF PolicyInformation OPTIONAL}
id-aa-signingCertificate OBJECT IDENTIFIER ::= { iso(1)
member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs9(9)
smime(16) id-aa(2) 12 }ESSCertID ::= SEQUENCE {
certHash Hash,
issuerSerial IssuerSerial OPTIONAL}
Hash ::= OCTET STRING – SHA1 hash of entire certificate
IssuerSerial ::= SEQUENCE {
issuer GeneralNames,
serialNumber CertificateSerialNumber}
END – of ExtendedSecurityServices
推薦文章: