-
Notifications
You must be signed in to change notification settings - Fork 5
Expand file tree
/
Copy pathPkix-Key-Attest-2025.asn
More file actions
111 lines (92 loc) · 5.59 KB
/
Pkix-Key-Attest-2025.asn
File metadata and controls
111 lines (92 loc) · 5.59 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
PKIX-Evidence-2025
{ iso(1) identified-organization(3) dod(6) internet(1)
security(5) mechanisms(5) pkix(7) id-mod(0)
id-mod-pkix-evidence-2025(TBDMOD) }
DEFINITIONS IMPLICIT TAGS ::=
BEGIN
Evidence ::= SEQUENCE {
tbs TbsEvidence,
signatures SEQUENCE SIZE (0..MAX) OF SignatureBlock,
intermediateCertificates [0] SEQUENCE OF Certificate OPTIONAL
-- As defined in RFC 5280
}
TbsEvidence ::= SEQUENCE {
version INTEGER,
reportedEntities SEQUENCE SIZE (1..MAX) OF ReportedEntity
}
ReportedEntity ::= SEQUENCE {
entityType OBJECT IDENTIFIER,
claims SEQUENCE SIZE (1..MAX) OF ReportedClaim
}
ReportedClaim ::= SEQUENCE {
claimType OBJECT IDENTIFIER,
value ClaimValue OPTIONAL
}
ClaimValue ::= CHOICE {
bytes [0] OCTET STRING,
utf8String [1] UTF8String,
bool [2] BOOLEAN,
time [3] GeneralizedTime,
int [4] INTEGER,
oid [5] OBJECT IDENTIFIER,
null [6] NULL
}
SignatureBlock ::= SEQUENCE {
sid SignerIdentifier,
signatureAlgorithm AlgorithmIdentifier,
signatureValue OCTET STRING
}
SignerIdentifier ::= SEQUENCE {
keyId [0] EXPLICIT OCTET STRING OPTIONAL,
subjectPublicKeyInfo [1] EXPLICIT SubjectPublicKeyInfo OPTIONAL,
-- As defined in RFC 5280
certificate [2] EXPLICIT Certificate OPTIONAL
-- As defined in RFC 5280
}
EvidenceKeyCapabilities ::= SEQUENCE OF OBJECT IDENTIFIER
id-evidence OBJECT IDENTIFIER ::= { 1 2 3 999 }
id-evidence-entity OBJECT IDENTIFIER ::= { id-evidence 0 }
id-evidence-entity-transaction OBJECT IDENTIFIER ::= { id-evidence-entity 0 }
id-evidence-entity-platform OBJECT IDENTIFIER ::= { id-evidence-entity 1 }
id-evidence-entity-key OBJECT IDENTIFIER ::= { id-evidence-entity 2 }
id-evidence-claim OBJECT IDENTIFIER ::= { id-evidence 1 }
id-evidence-claim-transaction OBJECT IDENTIFIER ::= { id-evidence-claim 0 }
id-evidence-claim-transaction-nonce OBJECT IDENTIFIER ::= { id-evidence-claim-transaction 0 }
id-evidence-claim-transaction-timestamp OBJECT IDENTIFIER ::= { id-evidence-claim-transaction 1 }
id-evidence-claim-transaction-ak-spki OBJECT IDENTIFIER ::= { id-evidence-claim-transaction 2 }
id-evidence-claim-platform OBJECT IDENTIFIER ::= { id-evidence-claim 1 }
id-evidence-claim-platform-vendor OBJECT IDENTIFIER ::= { id-evidence-claim-platform 0 }
id-evidence-claim-platform-oemid OBJECT IDENTIFIER ::= { id-evidence-claim-platform 1 }
id-evidence-claim-platform-hwmodel OBJECT IDENTIFIER ::= { id-evidence-claim-platform 2 }
id-evidence-claim-platform-hwversion OBJECT IDENTIFIER ::= { id-evidence-claim-platform 3 }
id-evidence-claim-platform-hwserial OBJECT IDENTIFIER ::= { id-evidence-claim-platform 4 }
id-evidence-claim-platform-swname OBJECT IDENTIFIER ::= { id-evidence-claim-platform 5 }
id-evidence-claim-platform-swversion OBJECT IDENTIFIER ::= { id-evidence-claim-platform 6 }
id-evidence-claim-platform-debugstat OBJECT IDENTIFIER ::= { id-evidence-claim-platform 7 }
id-evidence-claim-platform-uptime OBJECT IDENTIFIER ::= { id-evidence-claim-platform 8 }
id-evidence-claim-platform-bootcount OBJECT IDENTIFIER ::= { id-evidence-claim-platform 9 }
id-evidence-claim-platform-usermods OBJECT IDENTIFIER ::= { id-evidence-claim-platform 10 }
id-evidence-claim-platform-fipsboot OBJECT IDENTIFIER ::= { id-evidence-claim-platform 11 }
id-evidence-claim-platform-fipsver OBJECT IDENTIFIER ::= { id-evidence-claim-platform 12 }
id-evidence-claim-platform-fipslevel OBJECT IDENTIFIER ::= { id-evidence-claim-platform 13 }
id-evidence-claim-platform-fipsmodule OBJECT IDENTIFIER ::= { id-evidence-claim-platform 14 }
id-evidence-claim-key OBJECT IDENTIFIER ::= { id-evidence-claim 2 }
id-evidence-claim-key-identifier OBJECT IDENTIFIER ::= { id-evidence-claim-key 0 }
id-evidence-claim-key-spki OBJECT IDENTIFIER ::= { id-evidence-claim-key 1 }
id-evidence-claim-key-extractable OBJECT IDENTIFIER ::= { id-evidence-claim-key 2 }
id-evidence-claim-key-sensitive OBJECT IDENTIFIER ::= { id-evidence-claim-key 3 }
id-evidence-claim-key-never-extractable OBJECT IDENTIFIER ::= { id-evidence-claim-key 4 }
id-evidence-claim-key-local OBJECT IDENTIFIER ::= { id-evidence-claim-key 5 }
id-evidence-claim-key-expiry OBJECT IDENTIFIER ::= { id-evidence-claim-key 6 }
id-evidence-claim-key-purpose OBJECT IDENTIFIER ::= { id-evidence-claim-key 7 }
id-evidence-key-capability OBJECT IDENTIFIER ::= { id-evidence 2 }
id-evidence-key-capability-encrypt OBJECT IDENTIFIER ::= { id-evidence-key-capability 0 }
id-evidence-key-capability-decrypt OBJECT IDENTIFIER ::= { id-evidence-key-capability 1 }
id-evidence-key-capability-wrap OBJECT IDENTIFIER ::= { id-evidence-key-capability 2 }
id-evidence-key-capability-unwrap OBJECT IDENTIFIER ::= { id-evidence-key-capability 3 }
id-evidence-key-capability-sign OBJECT IDENTIFIER ::= { id-evidence-key-capability 4 }
id-evidence-key-capability-sign-recover OBJECT IDENTIFIER ::= { id-evidence-key-capability 5 }
id-evidence-key-capability-verify OBJECT IDENTIFIER ::= { id-evidence-key-capability 6 }
id-evidence-key-capability-verify-recover OBJECT IDENTIFIER ::= { id-evidence-key-capability 7 }
id-evidence-key-capability-derive OBJECT IDENTIFIER ::= { id-evidence-key-capability 8 }
END