PKIX1 { }
DEFINITIONS IMPLICIT TAGS ::=
BEGIN
id-ce OBJECT IDENTIFIER  ::=  {joint-iso-ccitt(2) ds(5) 29}
id-ce-authorityKeyIdentifier OBJECT IDENTIFIER ::=  { id-ce 35 }
AuthorityKeyIdentifier ::= SEQUENCE {
      keyIdentifier             [0] KeyIdentifier            OPTIONAL,
      authorityCertIssuer       [1] GeneralNames             OPTIONAL,
      authorityCertSerialNumber [2] CertificateSerialNumber  OPTIONAL }
    -- authorityCertIssuer and authorityCertSerialNumber shall both
    -- be present or both be absgent
KeyIdentifier ::= OCTET STRING
id-ce-subjectKeyIdentifier OBJECT IDENTIFIER ::=  { id-ce 14 }
SubjectKeyIdentifier ::= KeyIdentifier
id-ce-keyUsage OBJECT IDENTIFIER ::=  { id-ce 15 }
KeyUsage ::= BIT STRING {
     digitalSignature        (0),
     nonRepudiation          (1),
     keyEncipherment         (2),
     dataEncipherment        (3),
     keyAgreement            (4),
     keyCertSign             (5),
     cRLSign                 (6),
     encipherOnly            (7),
     decipherOnly            (8) }
id-ce-privateKeyUsagePeriod OBJECT IDENTIFIER ::=  { id-ce 16 }
PrivateKeyUsagePeriod ::= SEQUENCE {
     notBefore       [0]     GeneralizedTime OPTIONAL,
     notAfter        [1]     GeneralizedTime OPTIONAL }
     -- either notBefore or notAfter  [0] EXPLICIT OCTET STRING OPTIONAL,
        sSelector       [1] EXPLICIT OCTET STRING OPTIONAL,
        tSelector       [2] EXPLICIT OCTET STRING OPTIONAL,
        nAddresses      [3] EXPLICIT SET SIZE (1..MAX) OF OCTET STRING }
terminal-type  INTEGER ::= 23
Tentifier,
  encryptionScheme AlgorithmIdentifier }
pkcs-5-id-PBKDF2 OBJECT IDENTIFIER ::= {pkcs-5 12}
pkcs-5-PBKDF2-params ::= SEQUENCE {
  salt CHOICE {
    specified OCTET STRING,
    otherSource AlgorithmIdentifier
  },
  iterationCount INTEGER (1..MAXfo,
	macSalt	        OCTET STRING,
	iterations	INTEGER DEFAULT 1
}
pkcs-12-AuthenticatedSafe ::= SEQUENCE OF pkcs-7-ContentInfo
	-- Data if unencrypted
	-- EncryptedData if password-encrypted
	-- EnvelopedData if public key-encrypted
pkcs-12-SafeContents ::= SEQUENCE OF pkcs-12-SafeBag
pkcs-12-SafeBag ::= SEQUENCE {
	bagId		OBJECT IDENTIFIER,
	bagValue	[0] EXPLICIT ANY DEFINED BY badId,
	bagAttributes	SET OF pkcs-12-PKCS12Attribute OPTIONAL
}
pkcs-12-bagtypes OBJECT IDENTIFIER ::= {pkcs-12 10 1}
pkcs-12-keyBag OBJECT IDENTIFIER ::= {pkcs-12-bagtypes 1}
pkcs-12-pkcs8ShroudedKeyBag OBJECT IDENTIFIER ::= {pkcs-12-bagtypes 2}
pkcs-12-certBag OBJECT IDENTIFIER ::= {pkcs-12-bagtypes 3}
pkcs-12-crlBag OBJECT IDENTIFIER ::= {pkcs-12-bagtypes 4}
pkcs-12-KeyBag ::= pkcs-8-PrivateKeyInfo
pkcs-12-PKCS8ShroudedKeyBag ::= pkcs-8-EncryptedPrivateKeyInfo
pkcs-12-CertBag ::= SEQUENCE {
	certId    OBJECT IDENTIFIER,
	certValue [0] EXPLICIT ANY DEFINED BY certId
}
pkcs-12-CRLBag ::= SEQUENCE {
	crlId		OBJECT IDENTIFIER,
	crlValue	[0] EXPLICIT ANY DEFINED BY crlId
}
pkcs-12-PKCS12Attribute ::= Attribute
pkcs-7-Data ::= OCTET STRING
pkcs-7-EncryptedData ::= SEQUENCE {
    version INTEGER,
    encryptedContentInfo pkcs-7-EncryptedContentInfo,
    unprotectedAttrs [1] IMPLICIT pkcs-7-UnprotectedAttribu1es OPTIONAL }
pkcs-7-EncryptedContentInfo ::= SEQUENCE {
    contentType OBJECT IDENTIFIER,
    contentEncryptionAlgorithm pkcs-7-ContentEncryptionAlgorithmIdentifier,
    encryptedContent [0] IMPLICUTF8Stri STRING OPTIONAL }
pkcs-7-ContentEncryptionAlgorithmIdentifier ::= AlgorithmIdentifier
pkcs-7-UnprotectedAttributes ::= SET SIZE (1..MAX) OF Attribute
id-at-ldap-DC AttributeType ::= { 0 9 2OBJECT IDENTIFIER ::gorithmIdentifier
  },
  iterationCount INTEGER (1..MAXfo,
	macSalt	        OCTET STRING,
	iterations	INTEGER DEFAULT 1
}
pkcs-12-AuthenticatedSafe ::= SEQUENCE OF pkcs-7-ContentInfo
	-- Data if unencrypted
	-- EncryptedData if password-encrypted
	-- EnvelopedData if public key-encrypted
pkcs-12-SafeContents ::= SEQUENCE OF pkcs-12-SafeBag
pkcs-12-SafeBag ::= SEQUENCE {
	bagId		OBJECT IDENTIFIER,
	bagValue	[0] EXPLICIT ANY DEFINED BY badId,
	bagAttributes	SET OF pkcs-12-PKCS12Attribute OPTIONAL
}
pkcs-12-bagtypes OBJECT IDENTIFIER ::= {pkcs-12 10 1}
pkcs-12-keyBag OBJECT IDENTIFIER ::= {pkcs-12-bagtypes 1}
pkcs-12-pkcs8ShroudedKeyBag OBJECT IDENTIFIER ::= {pkcs-12-bagtypes 2}
pkcs-12-certBag O;JECT IDENTIFIERIT OCTET STRING --SHA-1 hash of responder's public key
}
CertID ::= SEQUENCE {
    hashAlgorithm            AlgorithmIdentifier,
    issuerNameHash     OCTET STRING, -- Hash of Issuer's DN
    issuerKeyHash      OCTET STRING, -- Hash of Issuers public key
    serialNumber       CertificateSerialNumber }
CertStatus ::= CHOICE {
    good                [0]     IMPLICIT NULL,
    revoked             [1]     IMPLICIT RevokedInfo,
    unknown             [2]     IMPLICIT UnknownInfo }
SingleResponse ::= SEQUENCE {
   certID                       CertID,
   certStatus                   CertStatus,
   thisUpdate                   GeneralizedTime,
   nextUpdate           [0]     EXPLICIT GeneralizedTime OPTIONAL,
   singleExtensions     [1]     EXPLICIT Extensions OPTIONAL }
RevokedInfo ::= SEQUENCE {
    revocationTime              GeneralizedTime,
    revocationReason    [0]     EXPLICIT CRLReason OPTIONAL }
UnknownInfo ::= NULL -- this can be replaced with an enumeration
END
