Network Working Group M. Nystrom Request for Comments: 2985 B. Kaliski Category: Informational RSA Security November 2000 PKCS #9: Selected Object Class and Attribute Types
Version 2.0
Status of this Memo
pm是什么岗位This memo provides information for the Internet community. It does
not specify an Internet standard of any kind. Distribution of this
memo is unlimited.
Copyright Notice
Copyright (C) The Internet Society (2000). All Rights Rerved. Abstract
This memo reprents a republication of PKCS #9 v2.0 from RSA
Laboratories’ Public-Key Cryptography Standards (PKCS) ries, and
change control is retained within the PKCS process. The body of this
document, except for the curity considerations ction, is taken
directly from that specification.
This memo provides a lection of object class and attribute types
for u in conjunction with public-key cryptography and Lightweight
Directory Access Protocol (LDAP) accessible directories. It also
includes ASN.1 syntax for all constructs.
Table of Contents
1. Introduction (2)
2. Definitions, notation and document convention (2)
2.1 Definitions (2)
2.2 Notation and document convention (3)
3. Overview (4)
4. Auxiliary object class (5)
4.1 The "pkcsEntity" auxiliary object class (5)
4.2 The "naturalPerson" auxiliary object class (6)
5. Selected attribute types (6)
5.1 Attribute types for u with the "pkcsEntity" object class .. 6
5.2 Attribute types for u with the "naturalPerson" object class 7
5.3 Attribute types for u in PKCS #7 data (12)
5.4 Attribute types for u in PKCS #10 certificate requests (16)
Nystrom & Kaliski Informational [Page 1]
5.5 Attribute types for u in PKCS #12 "PFX" PDUs or PKCS #15
tokens (17)
5.6 Attributes defined in S/MIMIE (18)
6. Matching rules (19)
6.1 Ca ignore match (19)
6.2 Signing time match (20)cpk是什么
7. Security Considerations (20)
8. Authors’ Address (21)
A. ASN.1 module (22)
B. BNF schema summary (30)
B.1 Syntaxes (30)
B.2 Object class (31)
B.3 Attribute types (32)
B.4 Matching rules (36)
C. Intellectual property considerations (37)
D. Revision history (37)
E. References (39)
F. Contact information & About PKCS (41)
Full Copyright Statement (41)
1. Introduction
另一个自己This document defines two new auxiliary object class, pkcsEntity
and naturalPerson, and lected attribute types for u with the
class. It also defines some attribute types for u in conjunction with PKCS #7 [14] (and S/MIME CMS [3]) digitally signed messages,
PKCS #10 [16] certificate-signing requests, PKCS #12 [17] personal
information exchanges and PKCS #15 [18] cryptographic tokens.
Matching rules for u with the attributes are also defined,
whenever necessary.
2. Definitions, notation and document conventions
2.1 Definitions
For the purpos of this document, the following definitions apply.
ASN.1 Abstract Syntax Notation One, as defined in [5].
Attributes An ASN.1 type that specifies a t of attributes.
Each attribute contains an attribute type (specified by object identifier) and one or more attribute
values. Some attribute types are restricted in their definition to have a single value; others may have
multiple values. This type is defined in [7]. Nystrom & Kaliski Informational [Page 2]
CertificationRequestInfo
An ASN.1 type that specifies a subject name, a public key, and a t of attributes. This type is defined
in [16].
ContentInfo An ASN.1 type that specifies content exchanged
between entities. The contentType field, which has
type OBJECT IDENTIFIER, specifies the content type,
and the content field, who type is defined by the
contentType field, contains the content value. This type is defined in [14] and [3].
PrivateKeyInfo A type that specifies a private key and a t of
extended attributes. This type and the associated
EncryptedPrivateKeyInfo type are defined in [15].
SignerInfo A type that specifies per-signer information in the
signed-data content type, including a t of
attributes authenticated by the signer, and a t of attributes not authenticated by the signer. This
type is defined in [14] and [3].
DER Distinguished Encoding Rules for ASN.1, as defined in [6].
UCS Universal Multiple-Octet Coded Character Set, as
defined in [11].
UTF8String UCS Transformation Format encoded string. The UTF-8 encoding is defined in [11].
2.2 Notation and document conventions
In this document, all attribute type and object class definitions are written in the ASN.1 value notation defined in [5]. Appendix B
contains most of the definitions written in the augmented BNF
notation defined in [2] as well. This has been done in an attempt to simplify the task of integrating this work into LDAP [22] development environments.
The keywords "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in [1].
Nystrom & Kaliski Informational [Page 3]
3. Overview
This document specifies two new auxiliary object class, pkcsEntity and naturalPerson, and some new attribute types and matching rules.
All ASN.1 object class, attributes, matching rules and types are
exported for u in other environments.
建群怎么建Attribute types defined in this document that are uful in
conjunction with storage of PKCS-related data and the pkcsEntity
object class includes PKCS #12 PFX PDUs, PKCS #15 tokens and
encrypted private keys.不耐烦的近义词
Attribute types defined in this document that are uful in
conjunction with PKCS #10 certificate requests and the naturalPerson object class includes electronic-mail address, pudonym,
unstructured name, and unstructured address.
Attribute types defined in this document that are uful in PKCS #7
digitally signed messages are content type, message digest, signing
网购团购
time, quence number, random nonce and countersignature. The
attributes would be ud in the authenticatedAttributes and
unauthenticatedAttributes fields of a SignerInfo or an
AuthenticatedData ([3]) value.
Attribute types that are uful especially in PKCS #10 certification requests are the challenge password and the extension-request
attribute. The attributes would be ud in the attributes field of a CertificationRequestInfo value.
Note - The attributes types (from [8]) in Table 1, and probably
veral others, might also be helpful in PKCS #10, PKCS #12 and PKCS #15-aware applications.
Nystrom & Kaliski Informational [Page 4]
businessCategory preferredDeliveryMethod
commonName prentationAddress
countryName registeredAddress
description roleOccupant
destinationIndicator rialNumber
facsimileTelephoneNumber stateOrProvinceName
iSDNAddress streetAddress
localityName supportedApplicationContext
member surname
objectClass telephoneNumber
organizationName teletexTerminalIdentifier
physicalDeliveryOfficeName telexNumber
postalAddress title学习的英语怎么说
postalCode x121Address
postOfficeBox
Table 1: ISO/IEC 9594-6 attribute types uful in PKCS documents
4. Auxiliary object class
This document defines two new auxiliary object class: pkcsEntity
and naturalPerson.
4.1 The pkcsEntity auxiliary object class
The pkcsEntity object class is a general-purpo auxiliary object
class that is intended to hold attributes about PKCS-related
entities. It has been designed for u within directory rvices
bad on the LDAP protocol [22] and the X.500 family of protocols,
where support for PKCS-defined attributes is considered uful.
pkcsEntity OBJECT-CLASS ::= {
SUBCLASS OF { top }
KIND auxiliary
MAY CONTAIN { PKCSEntityAttributeSet }
ID pkcs-9-oc-pkcsEntity
}
PKCSEntityAttributeSet ATTRIBUTE ::= {
pKCS7PDU |
urPKCS12 |
pKCS15Token |
encryptedPrivateKeyInfo,
... -- For future extensions
}
Attributes in the PKCSEntityAttributeSet are defined in Section 5. Nystrom & Kaliski Informational [Page 5]
4.2 The naturalPerson auxiliary object class
心灵的感悟The naturalPerson object class is a general-purpo auxiliary object class that is intended to hold attributes about human beings. It has been designed for u within directory rvices bad on the LDAP
protocol [22] and the X.500 family of protocols, where support for
the attributes is considered uful.
naturalPerson OBJECT-CLASS ::= {
SUBCLASS OF { top }
KIND auxiliary
MAY CONTAIN { NaturalPersonAttributeSet }
ID pkcs-9-oc-naturalPerson
}
NaturalPersonAttributeSet ATTRIBUTE ::= {
emailAddress |
unstructuredName |
unstructuredAddress |
dateOfBirth |
placeOfBirth |
gender |
countryOfCitizenship |
countryOfResidence |
pudonym |
rialNumber,
... -- For future extensions
}
Attributes in the NaturalPersonAttributeSet are defined in Section 5.
5. Selected attribute types
5.1 Attribute types for u with the "pkcsEntity" object class
5.1.1 PKCS #7 PDU
PKCS #7 provides veral formats for enveloped, signed and otherwi protected data. When such information is stored in a directory
rvice, the pKCS7PDU attribute may be ud.
pKCS7PDU ATTRIBUTE ::= {
WITH SYNTAX ContentInfo
ID pkcs-9-at-pkcs7PDU
}
Nystrom & Kaliski Informational [Page 6]