idnits 2.17.1 draft-turner-asymmetrickeyformat-04.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document seems to contain a disclaimer for pre-RFC5378 work, and may have content which was first submitted before 10 November 2008. The disclaimer is necessary when there are original authors that you have been unable to contact, or if some do not wish to grant the BCP78 rights to the IETF Trust. If you are able to get all authors (current and original) to grant those rights, you can and should remove the disclaimer; otherwise, the disclaimer is needed and you can ignore this comment. (See the Legal Provisions document at https://trustee.ietf.org/license-info for more information.) -- The document date (March 8, 2009) is 5529 days in the past. Is this intentional? -- Found something which looks like a code comment -- if you have code sections in the document, please surround them with '' and '' lines. Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) -- Looks like a reference, but probably isn't: '0' on line 597 -- Looks like a reference, but probably isn't: '1' on line 599 ** Downref: Normative reference to an Informational draft: draft-ietf-pkix-new-asn1 (ref. 'RFCTBD1') ** Downref: Normative reference to an Informational draft: draft-ietf-smime-new-asn1 (ref. 'RFCTBD2') -- Obsolete informational reference (is this intentional?): RFC 3447 (Obsoleted by RFC 8017) -- Obsolete informational reference (is this intentional?): RFC 5208 (Obsoleted by RFC 5958) Summary: 2 errors (**), 0 flaws (~~), 1 warning (==), 7 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 1 Network Working Group Sean Turner, IECA 2 Internet Draft March 8, 2009 3 Intended Status: Standard Track 4 Obsoletes: 5208 (once approved) 5 Expires: September 8, 2010 7 Asymmetric Key Packages 8 draft-turner-asymmetrickeyformat-04.txt 10 Abstract 12 This document defines the syntax for private key information and a 13 content type for it. Private-key information includes a private key 14 for a specified public-key algorithm and a set of attributes. The 15 Cryptographic Message Syntax (CMS), as defined in RFC 5652, can be 16 used to digitally sign, digest, authenticate, or encrypt the 17 asymmetric key format content type. This document obsoletes RFC 18 5208. 20 Status of this Memo 22 This Internet-Draft is submitted to IETF in full conformance with the 23 provisions of BCP 78 and BCP 79. This document may contain material 24 from IETF Documents or IETF Contributions published or made publicly 25 available before November 10, 2008. The person(s) controlling the 26 copyright in some of this material may not have granted the IETF 27 Trust the right to allow modifications of such material outside the 28 IETF Standards Process. Without obtaining an adequate license from 29 the person(s) controlling the copyright in such materials, this 30 document may not be modified outside the IETF Standards Process, and 31 derivative works of it may not be created outside the IETF Standards 32 Process, except to format it for publication as an RFC or to 33 translate it into languages other than English. 35 Internet-Drafts are working documents of the Internet Engineering 36 Task Force (IETF), its areas, and its working groups. Note that 37 other groups may also distribute working documents as Internet- 38 Drafts. 40 Internet-Drafts are draft documents valid for a maximum of six months 41 and may be updated, replaced, or obsoleted by other documents at any 42 time. It is inappropriate to use Internet-Drafts as reference 43 material or to cite them other than as "work in progress." 45 The list of current Internet-Drafts can be accessed at 46 http://www.ietf.org/ietf/1id-abstracts.txt 47 The list of Internet-Draft Shadow Directories can be accessed at 48 http://www.ietf.org/shadow.html 50 This Internet-Draft will expire on September 8, 2010. 52 Copyright Notice 54 Copyright (c) 2010 IETF Trust and the persons identified as the 55 document authors. All rights reserved. 57 This document is subject to BCP 78 and the IETF Trust's Legal 58 Provisions Relating to IETF Documents 59 (http://trustee.ietf.org/license-info) in effect on the date of 60 publication of this document. Please review these documents 61 carefully, as they describe your rights and restrictions with respect 62 to this document. Code Components extracted from this document must 63 include Simplified BSD License text as described in Section 4.e of 64 the Trust Legal Provisions and are provided without warranty as 65 described in the Simplified BSD License. 67 1. Introduction 69 This document defines the syntax for private key information and a 70 Cryptographic Message Syntax (CMS) [RFC5652] content type for it. 71 Private-key information includes a private key for a specified 72 public-key algorithm and a set of attributes. The CMS can be used to 73 digitally sign, digest, authenticate, or encrypt the asymmetric key 74 format content type. This document obsoletes PKCS#8 v1.2 [RFC5208]. 76 1.1. Requirements Terminology 78 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 79 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 80 document are to be interpreted as described in [RFC2119]. 82 1.2. ASN.1 Syntax Notation 84 The key package is defined using ASN.1 [X.680], [X.681], [X.682], and 85 [X.683]. 87 1.3. Summary of Updates to RFC 5208 89 The following summarizes the updates to [RFC5208]: 91 - Changed the name "PrivateKeyInfo" to "OneAsymmetricKey". This 92 reflects the addition of the public key field to allow both parts 93 of the asymmetric key to be conveyed separately. Not all 94 algorithms will use both fields; however, the publicKey field was 95 added for completeness. 97 - Defined Asymmetric Key Package CMS content type. 99 - Removed redundant IMPLICIT from attributes. 101 - Added publicKey to OneAsymmetricKey and updated the version number. 103 - Added that PKCS#9 attributes may be supported. 105 - Added discussion of compatibility with other private-key formats. 107 - Added requirements for encoding rule set. 109 - Changed imports from PKCS#5 to [RFCTBD1] and [RFCTBD2]. 111 - Replaced ALGORITHM-IDENTIFIER with ALGORITHM from [RFCTBD1]. 113 2. Asymmetric Key Package CMS Content Type 115 The asymmetric key package CMS content type is used to transfer one 116 or more plaintext asymmetric keys from one party to another. An 117 asymmetric key package MAY be encapsulated in one or more CMS 118 protecting content types (see Section 4). Earlier versions of this 119 specification [RFC5208] did not specify a particular encoding rule 120 set, but generators SHOULD use DER [X.690] and receivers SHOULD be 121 prepared to handle BER [X.690] and DER [X.690]. 123 The asymmetric key package content type has the following syntax: 125 ct-asymmetric-key-package CONTENT-TYPE ::= 126 { AsymmetricKeyPackage IDENTIFIED BY id-ct-KP-aKeyPackage } 128 id-ct-KP-aKeyPackage OBJECT IDENTIFIER ::= 129 { joint-iso-itu-t(2) country(16) us(840) organization(1) 130 gov(101) dod(2) infosec(1) formats(2) 131 key-package-content-types(78) 5 132 } 134 AsymmetricKeyPackage ::= SEQUENCE SIZE (1..MAX) OF OneAsymmetricKey 136 OneAsymmetricKey ::= SEQUENCE { 137 version Version, 138 privateKeyAlgorithm PrivateKeyAlgorithmIdentifier, 139 privateKey PrivateKey, 140 attributes [0] Attributes OPTIONAL, 141 ..., 142 [[2: publicKey [1] PublicKey OPTIONAL ]], 143 ... 144 } 145 PrivateKeyInfo ::= OneAsymmetricKey 147 -- PrivateKeyInfo is used by [P12]. If any items tagged as version 148 -- 2 are used, the version must be v2, else the version should be 149 -- v1. When v1, PrivateKeyInfo is the same as it was in [RFC5208]. 151 Version ::= INTEGER { v1(0), v2(1) } (v1, ..., v2, ... ) 153 PrivateKeyAlgorithmIdentifier ::= AlgorithmIdentifier 154 { PUBLIC-KEY, 155 { PrivateKeyAlgorithms } } 157 PrivateKey ::= OCTET STRING 158 -- Content varies based on type of key. The 159 -- algorithm identifier dictates the format of 160 -- the key. 162 PublicKey ::= BIT STRING 163 -- Content varies based on type of key. The 164 -- algorithm identifier dictates the format of 165 -- the key. 167 Attributes ::= SET OF Attribute { { OneAsymmetricKeyAttributes } } 169 The AsymmetricKeyPackage contains one or more OneAsymmetricKey 170 elements. 172 The syntax of OneAsymmetricKey accommodates a version number, an 173 indication of the asymmetric algorithm to be used with the private 174 key, a private key, optional keying material attributes (e.g., 175 userCertificate from [X.520]), and an optional public key. In 176 general, either the public key or the certificate will be present. 177 In very rare cases will both the public key and the certificate be 178 present as this includes two copies of the public key. 179 OneAsymmetricKey is a renamed extension of the PrivateKeyInfo syntax 180 defined in [RFC5208]. The new name better reflects the ability to 181 carry both private and public key components. Backwards 182 compatibility with the original PrivateKeyInfo is preserved via 183 version number. The fields in OneAsymmetricKey are used as follows: 185 - version identifies the version of OneAsymmetricKey. If publicKey 186 is present, then version is set to v2 else version is set to v1. 188 - privateKeyAlgorithm identifies the private-key algorithm and 189 optionally contains parameters associated with the asymmetric key. 190 The algorithm is identified by an object identifier (OID) and the 191 format of the parameters depends on the OID, but the 192 PrivateKeyAlgorithms information object set restricts the 193 permissible OIDs. The value placed in privateKeyAlgorithmIdentifier 194 is the value an originator would apply to indicate which algorithm 195 is to be used with the private key. 197 - privateKey is an OCTET STRING that contains the value of the 198 private key. The interpretation of the content is defined in the 199 registration of the private-key algorithm. For example, a DSA key 200 is an INTEGER, an RSA key is represented as RSAPrivateKey as 201 defined in [RFC3447], and an ECC key is represented as ECPrivateKey 202 as defined in [RFCTBD4]. 204 - attributes is OPTIONAL. It contains information corresponding to 205 the public key (e.g., certificates). The attributes field uses the 206 class ATTRIBUTE which is restricted by the 207 OneAsymmetricKeyAttributes information object set. 208 OneAsymmetricKeyAttributes is an open ended set in this document. 209 Others documents can constrain these values. Attributes from 210 [RFC2985] MAY be supported. 212 - publicKey is OPTIONAL. When present, it contains the public key 213 encoded in a BIT STRING. The structure within the bit string, if 214 any, depends on the privateKeyAlgorithm. For example, a DSA key is 215 an INTEGER. Note that RSA public keys are included in RSAPrivateKey 216 (i.e., n and e are present), as per [RFC3447], and ECC public keys 217 are included in ECPrivateKey (i.e., in the publicKey field), as per 218 [RFCTBD4]. 220 3. Encrypted Private Key Info 222 This section gives the syntax for encrypted private-key information, 223 which is used with [P12]. 225 Encrypted private-key information shall have ASN.1 type 226 EncryptedPrivateKeyInfo: 228 EncryptedPrivateKeyInfo ::= SEQUENCE { 229 encryptionAlgorithm EncryptionAlgorithmIdentifier, 230 encryptedData EncryptedData } 232 EncryptionAlgorithmIdentifier ::= AlgorithmIdentifier 233 { CONTENT-ENCRYPTION, 234 { KeyEncryptionAlgorithms } } 236 EncryptedData ::= OCTET STRING 238 The fields in EncryptedPrivateKeyInfo are used as follows: 240 - encryptionAlgorithm identifies the algorithm under which the 241 private-key information is encrypted. 243 - encryptedData is the result of encrypting the private-key 244 information (i.e., the PrivateKeyInfo). 246 The encryption process involves the following two steps: 248 1. The private-key information is encoded, yielding an octet string. 249 Generators SHOULD use DER [X.690] and receivers SHOULD be 250 prepared to handle BER [X.690] and DER [X.690] 252 2. The result of step 1 is encrypted with the secret key to give an 253 octet string, the result of the encryption process. 255 4. Protecting the AsymmetricKeyPackage 257 CMS protecting content types, [RFC5652] and [RFC5083], can be used to 258 provide security to the AsymmetricKeyPackage: 260 - SignedData can be used to apply a digital signature to the 261 AsymmetricKeyPackage. 263 - EncryptedData can be used to encrypt the AsymmetricKeyPackage with 264 simple symmetric encryption, where the sender and the receiver 265 already share the necessary encryption key. 267 - EnvelopedData can be used to encrypt the AsymmetricKeyPackage with 268 symmetric encryption, where the sender and the receiver do not 269 share the necessary encryption key. 271 - AuthenticatedData can be used to protect the AsymmetricKeyPackage 272 with message authentication codes, where key management information 273 is handled in a manner similar to EnvelopedData. 275 - AuthEnvelopedData can be used to protect the AsymmetricKeyPackage 276 with algorithms that support authenticated encryption, where key 277 management information is handled in a manner similar to 278 EnvelopedData. 280 5. Other Private-Key Format Considerations 282 This document defines the syntax and the semantics for a content type 283 that exchanges asymmetric private keys. There are two other formats 284 that have been used for the transport of asymmetric private keys: 286 - Personal Information Exchange (PFX) Syntax Standard [P12], which is 287 more commonly referred to as PKCS #12 or simply P12, is a transfer 288 syntax for personal identity information, including private keys, 289 certificates, miscellaneous secrets, and extensions. 290 OneAsymmetricKey, PrivateKeyInfo, and EncryptedPrivateKeyInfo can 291 be carried in a P12 message. The private key information, 292 OneAsymmetricKey and PrivateKeyInfo, are carried in the P12 keyBag 293 BAG-TYPE. EncryptedPrivateKeyInfo is carried in the P12 294 pkcs8ShroudedKeyBag BAG-TYPE. In current implementations, the file 295 extensions .pfx and .p12 can be used interchangeably. 297 - Microsoft's private key proprietary transfer syntax. The .pvk file 298 extension is used for local storage. 300 The .pvk and .p12/.pfx formats are not interchangeable; however, 301 conversion tools exist to convert from one format to another. 303 To extract the private key information from the AsymmetricKeyPackage, 304 the encapsulating layers need to be removed. At a minimum, the outer 305 ContentInfo [RFC5652] layer needs to be removed. If the 306 AsymmetricKeyPackage is encapsulated in a SignedData [RFC5652], then 307 the SignedData and EncapsulatedContentInfo layers [RFC5652] also need 308 to be removed. The same is true for EnvelopedData, EncryptedData, and 309 AuthenticatedData all from [RFC5652] as well as AuthEnvelopedData 310 from [RFC5083]. Once all the outer layers are removed, there are as 311 many sets of private key information as there are OneAsymmetricKey 312 structures. OneAsymmetricKey and PrivateKeyInfo are the same 313 structure; therefore, either can be saved as a .p8 file or copied in 314 to the P12 KeyBag BAG-TYPE. Removing encapsulating security layers 315 will invalidate any signature and may expose the key to unauthorized 316 disclosure. 318 .p8 files are sometimes PEM encoded. When .p8 files are PEM encoded 319 they use the .pem file extension. PEM encoding is either the Base64 320 encoding [RFC4648] of the DER encoded EncryptedPrivateKeyInfo 321 sandwiched between: 323 -----BEGIN ENCRYPTED PRIVATE KEY----- 324 -----END ENCRYPTED PRIVATE KEY----- 326 or the Base64 encoding [RFC4648] of the DER encoded PrivateKeyInfo 327 sandwiched between: 329 -----BEGIN PRIVATE KEY----- 330 -----END PRIVATE KEY----- 332 6. Security Considerations 334 Protection of the private-key information is vital to public-key 335 cryptography. Disclosure of the private-key material to another 336 entity can lead to masquerades. The encryption algorithm used in the 337 encryption process must be as 'strong' as the key it is protecting. 339 The asymmetric key package contents are not protected. This content 340 type can be combined with a security protocol to protect the contents 341 of the package. 343 7. IANA Considerations 345 This specification defines a new media type that IANA is requested to 346 add to the registry at: 348 http://www.iana.org/assignments/media-types/application 350 7.1. Registration of media type application/pkcs8 352 To: ietf-types@iana.org 354 Subject: Registration of media type application/pkcs8 356 Type name: application 358 Subtype name: pkcs8 360 Required parameters: None 362 Optional parameters: None 364 Encoding considerations: binary 366 Security considerations: Carries a cryptographic private key 368 Interoperability considerations: 370 The PKCS#8 object inside this MIME type MUST be DER-encoded 371 PrivateKeyInfo. 373 Published specification: --THIS SPECIFICATION-- 375 /** RFC EDITOR: Replace "--THIS SPECIFICATION--" with the RFC # 376 assigned to this document. **/ 378 Applications which use this media type: 380 Any MIME-compliant transport 382 Additional information: 384 Magic number(s): None 385 File extension(s): .p8 386 Macintosh File Type Code(s): 388 Person & email address to contact for further information: 390 Sean Turner 392 Restrictions on usage: none 394 Author: 396 Sean Turner 398 Intended usage: COMMON 400 Change controller: 402 The IESG 404 8. References 406 8.1. Normative References 408 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 409 Requirement Levels", BCP 14, RFC 2119, March 1997. 411 [RFC4648] Josefsson, S., "The Base16, Base32, and Base64 Data 412 Encodings", RFC 4648, October 2006. 414 [RFC5652] Housley, R., "Cryptographic Message Syntax (CMS)", RFC 415 5652, September 2009. 417 [RFCTBD1] Schaad, J., and P. Hoffman, "New ASN.1 Modules for PKIX", 418 draft-ietf-pkix-new-asn1-08, work-in-progress. 420 /** 421 RFC Editor: Please replace "TBD1" with the RFC number being assigned 422 to the draft. Please do this in both the references and the text. 423 **/ 425 [RFCTBD2] Schaad, J., and P. Hoffman, "New ASN.1 Modules for 426 SMIME", draft-ietf-smime-new-asn1-07, work-in-progress. 428 /** 429 RFC Editor: Please replace "TBD2" with the RFC number being assigned 430 to the draft. Please do this in both the references and the text. 431 **/ 433 [X.680] ITU-T Recommendation X.680 (2002) | ISO/IEC 8824-1:2002. 434 Information Technology - Abstract Syntax Notation One. 436 [X.681] ITU-T Recommendation X.681 (2002) | ISO/IEC 8824-2:2002. 437 Information Technology - Abstract Syntax Notation One: 438 Information Object Specification. 440 [X.682] ITU-T Recommendation X.682 (2002) | ISO/IEC 8824-3:2002. 441 Information Technology - Abstract Syntax Notation One: 442 Constraint Specification. 444 [X.683] ITU-T Recommendation X.683 (2002) | ISO/IEC 8824-4:2002. 445 Information Technology - Abstract Syntax Notation One: 446 Parameterization of ASN.1 Specifications. 448 [X.690] ITU-T Recommendation X.690 (2002) | ISO/IEC 8825-1:2002. 449 Information Technology - ASN.1 encoding rules: 450 Specification of Basic Encoding Rules (BER), Canonical 451 Encoding Rules (CER) and Distinguished Encoding Rules 452 (DER). 454 8.2. Informative References 456 [P12] RSA Laboratories, "PKCS #12 v1.0: Personal Information 457 Exchange Syntax", June 1999. 459 [RFC2985] Nystrom, M., and B. Kaliski, "PKCS #9: Selected Object 460 Classes and Attribute Types Version 2.0", RFC 2985, 461 November 2000. 463 [RFC3447] Jonsson, J., and B. Kaliski, "Public-Key Cryptography 464 Standards (PKCS) #1: RSA Cryptography Specifications 465 Version 2.1", RFC 3447, February 2003. 467 [RFC5083] Housley, R., "Cryptographic Message Syntax (CMS) 468 Authenticated-Enveloped-Data Content Type", RFC 5083, 469 November 2007. 471 [RFC5208] Kaliski, B., "PKCS #8: Private Key Information Syntax 472 Standard Version 1.2", RFC 5208, May 2008. 474 [X.520] ITU-T Recommendation X.520 (2005) | ISO/IEC 9594-6:2005, 475 Information technology - Open Systems Interconnection - 476 The Directory: Selected attribute types. 478 [RFCTBD4] Turner, S., and D. Brown, "EC Private Key Info 479 Structure", draft-turner-ecprivatekey-04, work-in- 480 progress. 482 /** 483 RFC Editor: Please replace "TBD4" with the RFC number being assigned 484 to the draft. Please do this in both the references and the text. 485 **/ 487 APPENDIX A: ASN.1 Module 489 This annex provides the normative ASN.1 definitions for the 490 structures described in this specification using ASN.1 as defined in 491 [X.680] through [X.683]. 493 AsymmetricKeyPackageModuleV1 494 { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9) 495 smime(16) modules(0) id-mod-asymmetricKeyPkgV1(50) } 497 DEFINITIONS IMPLICIT TAGS ::= 499 BEGIN 501 -- EXPORTS ALL 503 IMPORTS 505 -- FROM New SMIME ASN.1 [RFCTBD2] 507 CONTENT-TYPE 508 FROM CryptographicMessageSyntax-2009 509 { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9) 510 smime(16) modules(0) cms-2004-02(41) } 512 -- From New PKIX ASN.1 [RFCTBD1] 514 Attribute{}, ATTRIBUTE 515 FROM PKIX-CommonTypes-2009 516 { iso(1) identified-organization(3) dod(6) internet(1) 517 security(5) mechanisms(5) pkix(7) id-mod(0) 518 id-mod-pkixCommon-02(57) } 520 -- From New PKIX ASN.1 [RFCTBD1] 522 AlgorithmIdentifier{}, ALGORITHM, PUBLIC-KEY, CONTENT-ENCRYPTION 523 FROM AlgorithmInformation-2009 524 { iso(1) identified-organization(3) dod(6) internet(1) 525 security(5) mechanisms(5) pkix(7) id-mod(0) 526 id-mod-algorithmInformation-02(58) } 528 ; 530 KeyPackageContentTypes CONTENT-TYPE ::= { 531 ct-asymmetric-key-package, 532 ... -- Expect additional content types -- 533 } 534 ct-asymmetric-key-package CONTENT-TYPE ::= 535 { AsymmetricKeyPackage IDENTIFIED BY id-ct-KP-aKeyPackage } 537 id-ct-KP-aKeyPackage OBJECT IDENTIFIER ::= 538 { joint-iso-itu-t(2) country(16) us(840) organization(1) 539 gov(101) dod(2) infosec(1) formats(2) 540 key-package-content-types(78) 5 541 } 543 AsymmetricKeyPackage ::= SEQUENCE SIZE (1..MAX) OF OneAsymmetricKey 545 OneAsymmetricKey ::= SEQUENCE { 546 version Version, 547 privateKeyAlgorithm PrivateKeyAlgorithmIdentifier, 548 privateKey PrivateKey, 549 attributes [0] Attributes OPTIONAL, 550 ..., 551 [[2: publicKey [1] PublicKey OPTIONAL ]], 552 ... 553 } 555 PrivateKeyInfo ::= OneAsymmetricKey 557 -- PrivateKeyInfo is used by [P12]. If any items tagged as version 558 -- 2 are used, the version must be v2, else the version should be 559 -- v1. When v1, PrivateKeyInfo is the same as it was in [RFC5208]. 561 Version ::= INTEGER {v1(0), v2(1)} (v1, ..., v2, ...) 563 PrivateKeyAlgorithmIdentifier ::= AlgorithmIdentifier 564 { PUBLIC-KEY, 565 { PrivateKeyAlgorithms } } 567 PrivateKey ::= OCTET STRING 568 -- Content varies based on type of key. The 569 -- algorithm identifier dictates the format of 570 -- the key. 572 PublicKey ::= BIT STRING 573 -- Content varies based on type of key. The 574 -- algorithm identifier dictates the format of 575 -- the key. 577 Attributes ::= SET OF Attribute { { OneAsymmetricKeyAttributes } } 579 OneAsymmetricKeyAttributes ATTRIBUTE ::= { 580 ... -- For local profiles 581 } 582 -- An alternate representation that makes full use of ASN.1 583 -- constraints follows. Also note that PUBLIC-KEY needs to be 584 -- imported from the new PKIX ASN.1 Algorithm Information module 585 -- and PrivateKeyAlgorithms needs to be commented out. 587 -- OneAsymmetricKey ::= SEQUENCE { 588 -- version Version, 589 -- privateKeyAlgorithm SEQUENCE { 590 -- algorithm PUBLIC-KEY.&id({PublicKeySet}), 591 -- parameters PUBLIC-KEY.&Params({PublicKeySet} 592 -- {@algorithmIdentifier.algorithm}) 593 -- OPTIONAL} 594 -- privateKey OCTET STRING (CONTAINING 595 -- PUBLIC-KEY.&PrivateKey({PublicKeySet} 596 -- {@KeyValue.algorithm})), 597 -- attributes [0] Attributes OPTIONAL, 598 -- ..., 599 -- [[2: publicKey [1] BIT STRING (CONTAINING 600 -- PUBLIC-KEY.&Params({PublicKeySet} 601 -- {privateKeyAlgorithm.algorithm}) 602 -- OPTIONAL, 603 -- ... 604 -- } 606 EncryptedPrivateKeyInfo ::= SEQUENCE { 607 encryptionAlgorithm EncryptionAlgorithmIdentifier, 608 encryptedData EncryptedData } 610 EncryptionAlgorithmIdentifier ::= AlgorithmIdentifier 611 { CONTENT-ENCRYPTION, 612 { KeyEncryptionAlgorithms } } 614 EncryptedData ::= OCTET STRING -- Encrypted PrivateKeyInfo 616 PrivateKeyAlgorithms ALGORITHM ::= { 617 ... -- Extensible 618 } 620 KeyEncryptionAlgorithms ALGORITHM ::= { 621 ... -- Extensible 622 } 624 END 626 Acknowledgements 628 Many thanks go out to the Burt Kaliski and Jim Randall at RSA. 629 Without the prior version of the document, this one wouldn't exist. 631 I'd also like to thank Pasi Eronen, Alfred Hoenes, Russ Housley, Jim 632 Schaad, and Carl Wallace. 634 Author's Address 636 Sean Turner 637 IECA, Inc. 638 3057 Nutley Street, Suite 106 639 Fairfax, VA 22031 640 USA 642 Email: turners@ieca.com