
  Tumar CSP v5     PKIX    .
          
 Microsoft - Cryptographic Service Provider (CSP)  JNI   Java-.
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


   .
 ~~~~~~~~~~~~~~~~~~~~

 1.    .   ,      
  ,         (, ).

  ex_ir.cpp          
     .
   
 RFC-4211 Certificate Request Message Format (CRMF)
 RFC-4210 Certificate Management Protocol (CMP)
   5.3.1.   Initialization Request
   5.1.3.1. Shared Secret Information

  ex_ip.cpp          
   ,          
  .
   
 RFC-4210 Certificate Management Protocol (CMP)
   5.3.2.   Initialization Response
   5.1.3.1. Shared Secret Information

 2.   .   ,       
    .

  ex_r.cpp          
    .
   
 RFC-4211 Certificate Request Message Format (CRMF)
 RFC-4210 Certificate Management Protocol (CMP)
   5.3.3.   Certification Request
   5.1.3.3. Signature
 
  ex_r2.cpp  ex_r.cpp.       
       .

  ex_p.cpp         
   ,          
  .
   
 RFC-4210 Certificate Management Protocol (CMP)
   5.3.4.   Certification Response
   5.1.3.3. Signature

  ex_rr.cpp       
       .
   
 RFC-4210 Certificate Management Protocol (CMP)
   5.3.9.   Revocation Request Content
   5.1.3.3. Signature

  ex_rr2.cpp     ex_rr.cpp,    (  ).

  ex_ip_crt.cpp      :
 -  
 -  
 -  

  ex_kur.cpp       
    .
   
 RFC-4211 Certificate Request Message Format (CRMF)
 RFC-4210 Certificate Management Protocol (CMP)
   5.3.5.   Key Update Request Content
   5.1.3.3. Signature
 

 3.    .     .

  ex_genm.cpp         
  ,  .
   
 RFC-4210 Certificate Management Protocol (CMP)
   5.3.19. PKI General Message Content
	
  ex_genp.cpp         
   ,     .
   
 RFC-4210 Certificate Management Protocol (CMP)
   5.3.20. PKI General Response Content


        ().
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 1.  ex_crt.cpp     
     .

 2.  ex_crt_val.cpp     

 3.  ex_crt_prop.cpp     ,  
   , ,     .

 4.  ex_crl.cpp     
     .

 4.  ex_crl2.cpp     
    .

 5.  ex_rev.cpp        .


    OCSP.
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 1.  ex_ocsp_r.cpp       OCSP  
    .
   
 RFC-2560 Online Certificate Status Protocol - OCSP

 2.  ex_ocsp_r2.cpp       OCSP  
        .
   
 RFC-2560 Online Certificate Status Protocol - OCSP

 2.  ex_ocsp_p.cpp       OCSP   
     .
   
 RFC-2560 Online Certificate Status Protocol - OCSP


    .
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 1.  ex_enc.cpp       
     Enveloped PKCS-7 message,     
 PKCS #7: Cryptographic Message Syntax Standard

 2.  ex_enc3.cpp       
      Enveloped PKCS-7 message,     
 PKCS #7: Cryptographic Message Syntax Standard

 3.  ex_dnc.cpp     
   Enveloped PKCS-7 message,     
 PKCS #7: Cryptographic Message Syntax Standard


    .
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 1.  ex_sign.cpp      
  Signed PKCS-7 message,     
 PKCS #7: Cryptographic Message Syntax Standard

 2.  ex_sign_ex.cpp      
  Signed PKCS-7 message,     
 PKCS #7: Cryptographic Message Syntax Standard
    
    -    
    -   
    -   
    -   
    -   
 
 3.  ex_vrf.cpp      
  Signed PKCS-7 message,     
 PKCS #7: Cryptographic Message Syntax Standard
    .

 4.  ex_vrf_a.cpp   ,   ex_vrf.cpp,   
     .

  Signed PKCS-7 message,     
 PKCS #7: Cryptographic Message Syntax Standard
    .

 5.  ex_vrf_ex.cpp      
  Signed PKCS-7 message,     
 PKCS #7: Cryptographic Message Syntax Standard
          
          
 .

 6.  ex_sign_deg.cpp      
    Signed PKCS-7 message,     
 PKCS #7: Cryptographic Message Syntax Standard


     (TimeStamp).
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 1.  ex_tsp_r.cpp       TSA  
      
 RFC-3161 Time-Stamp Protocol (TSP)
 
 2.  ex_tsp_r.cpp -     ex_tsp_r.cpp,     ( ).

 3.  ex_tsp_vrf.cpp      TSA,   
   CMS/Signed PKCS-7 message,     
 RFC-3161 Time-Stamp Protocol (TSP)

 4.  ex_tsp_p.cpp        

 5.  ex_tsp_p7.cpp       
    Signed PKCS-7 message.


  .
 ~~~~~~~~~~~~~~~~~~~~~
 RFC 4210 / CMP

 5.3.19.  PKI General Message Content
 5.3.19.14.   .

    :
      GenMsg:    {id-it 50.1}, PKCS#8
      GenRep:    {id-it 50.1}, < absent >

     :
      GenMsg:    {id-it 50.2}, < absent >
      GenRep:    {id-it 50.2}, PKCS#8

     :
      GenMsg:    {id-it 50.3}, < absent >
      GenRep:    {id-it 50.3}, < absent >

          Shared Secret Information (5.1.3.1.).

       PKCS#8.      28148-89
   CBC.     OTPassword || SharedSecret ( 
   160 ,  CT  1073-2007  3-   150 ).
  PKCS#8      SharedSecret.   
 (transactionID)    (OTPassword),   , . 

       ,  SharedSecret, 
      ,   PKCS#8  
  ,      OTPassword || SharedSecret, 
     .

 1.  ex_genm_dep.cpp       CMP 
          
  .       
 .

 2.  ex_genp_dep.cpp       
 .

 3.  ex_genm_dep2.cpp       CMP 
          
  ,    .

 4.  ex_genp_dep2.cpp       
          
     .

 5.  ex_genm_dep3.cpp       CMP 
          
  ,    .

 6.  ex_genp_dep3.cpp       
   .


    .
 ~~~~~~~~~~~~~~~~~~~~~~~~
 RFC 4210 / CMP

 5.3.19.  PKI General Message Content
 5.3.19.15.    .

   SecretInfo ::= SEQUENCE {
       version     Version DEFAULT v1,
       userKID     KeyIdentifier,
       alias       [0]  IMPLICIT UTF8String OPTIONAL,
       dn          [1]  IMPLICIT UTF8String OPTIONAL,
       secret      [2]  IMPLICIT OCTET STRING OPTIONAL,
       templ       [3]  IMPLICIT UTF8String OPTIONAL,
       valid       [4]  IMPLICIT BOOLEAN DEFAULT TRUE
   }

   Version  ::=  ENUMERATED  {  v1(0), v2(1), v3(2)  }

   KeyIdentifier ::= OCTET STRING

      :
      GenMsg:    {id-it 50.5}, EnvelopedData(SecretInfo) ( alias, dn, secret - )
      GenRep:    {id-it 50.5}, < absent >

      :
      GenMsg:    {id-it 50.6}, EnvelopedData(SecretInfo)
      GenRep:    {id-it 50.6}, < absent >

      :
      GenMsg:    {id-it 50.7}, SecretInfo (  userKID)
      GenRep:    {id-it 50.7}, EnvelopedData(SecretInfo)

      :
      GenMsg:    {id-it 50.8}, SecretInfo (  userKID)
      GenRep:    {id-it 50.8}, < absent >


5.3.19.9.  Revocation Passphrase

...
   1. EncryptedValue = EnvelopedData(SecretInfo).
   2.   userKID  DN-       ,
              .
   3.   secret    ,        .



    /    :
 1.    General Message (5.3.19.1.  CA Protocol Encryption Certificate),
          CMP   .
 2.    SecretInfo       
     CMP ( PKCS#7/CMS EnvelopedData).
 3.  CMP   /      .
 4.      CMP.
 5.  ,  (   RA)   , 
         , /    .
 6.  ,    .

        :
 1.   CMP          
     .
 2.  CMP     CMP.
 3.  ,  (   RA)   .
 4.      SecretInfo,   
       .
 5.  ,    .
 6.        .
 7.    ( SecretInfo).

        :
 1.   CMP    .
 2.  CMP     CMP.
 3.  ,  (   RA)   .
 4.        .
 5.  ,    .


        :
 1.    General Message (5.3.19.1.  CA Protocol Encryption Certificate),
          CMP   .
 2.        CMP
    ( PKCS#7/CMS EnvelopedData).
 3.  CMP     (5.3.19.9.  Revocation Passphrase)   
       .
 4.      CMP.
 5.  ,    .
 6.         .
 7.  ,     .





    .
 ~~~~~~~~~~~~~~~~~~~~~~~~~~

 1. /  CMP-.

 1.1.  ,    .

 1.2.   -    error.



 2.    ir/cr/kur/ccr :

 2.1.     transactionID ,  .

 2.2.       ,  
        ir/cr/kur/ccr body   PKI_TRANS_STATE_WAIT_TIME,
      ip/cp/kup/ccp   
    PKISTATUS_INFO_WAITING    .

 2.3.         .

 2.4.       ,  
        ir/cr/kur/ccr body   PKI_TRANS_STATE_ACCEPT,
      ip/cp/kup/ccp   
    PKISTATUS_INFO_WAITING    .

 2.5.          ,  
        ip/cp/kup/ccp body   PKI_TRANS_STATE_WAIT_ADMIN,
      ip/cp/kup/ccp   
    PKISTATUS_INFO_WAITING    .

 2.6.    ImplicitConfirm,     ,
        ip/cp/kup/ccp.

 2.7.        PKI_TRANS_STATE_WAIT_USER.



 3.    pollReq :

 3.1.     transactionID  ,    error.

 3.2.     PKI_TRANS_STATE_WAIT_USER,
     ip/cp/kup/ccp    .

 3.3.     PKI_TRANS_STATE_ACCEPT:

 3.3.1.         .

 3.3.2.       ,
     pollRep.

 3.3.3.          ,
          ip/cp/kup/ccp body   PKI_TRANS_STATE_WAIT_ADMIN,
     pollRep.

 3.4.     ,
     pollRep.



 4.    certConf :

 4.1.     transactionID  ,    error.

 4.2.       PKI_TRANS_STATE_WAIT_USER,    error.

 4.3.     certConf,  ,
      ,   pkiconf.


---------------------------------------------------
 RFC 4210 / CMP

 5.3.19.  PKI General Message Content
 5.3.19.16.    .

   TransInfo ::= SEQUENCE {
       version     Version DEFAULT v1,
       transactionID OCTET STRING,
       type        [0]  IMPLICIT INTEGER OPTIONAL,
       state       [1]  IMPLICIT INTEGER OPTIONAL,
       dn          [2]  IMPLICIT UTF8String OPTIONAL,
       notBefore   [3]  IMPLICIT GeneralizedTime OPTIONAL,
       notAfter    [4]  IMPLICIT GeneralizedTime OPTIONAL
   }

   Version  ::=  ENUMERATED  {  v1(0), v2(1), v3(2)  }

   TransInfos ::= SEQUENCE OF TransInfo
 
     :
      GenMsg:    {id-it 50.10}, TransInfo | < absent >
      GenRep:    {id-it 50.10}, TransInfos

 1.   TransInfo   ,  
          .
 2.   TransInfo   ,  
    transactionID .


5.3.22.  Polling Request and Response

...
   5.    PollReqContent     certReqId,
            certReqId  .

---------------------------------------------------


 5.    General Message      :

 5.1.    RA,    error.

 5.2.   General Message   .



 6.    pollReq :

 6.1.     transactionID  ,    error.

 6.2.     PKI_TRANS_STATE_WAIT_USER,
       . 3.

 6.3.     PKI_TRANS_STATE_WAIT_ADMIN,
     ip/cp/kup/ccp    .

 6.4.     ,    error.



 7.    certConf :

 7.1.     transactionID  ,    error.

 7.2.     PKI_TRANS_STATE_WAIT_USER,
       . 4.

 7.3.     PKI_TRANS_STATE_WAIT_ADMIN,
       ,  
   ,    
       PKI_TRANS_STATE_WAIT_USER,
     pkiconf.

 7.4.     ,    error.


---------------------------------------------------

 RFC 4210 / CMP

 5.3.19.  PKI General Message Content
 5.3.19.17.      /    .

   OperListCA  ::=  SEQUENCE OF OperInfoCA

   OperInfoCA  ::=  SEQUENCE  {
        operType        OperType,           //   //
        operTime        UTCTime,            //   
        service         OBJECT IDENTIFIER,  // OID   
        serialNumber    OCTET STRING,       //   
        subject         Name,               // DN-  
        notBefore       UTCTime,            //   ()
        notAfter        UTCTime,            //   ()
        keyUsage        INTEGER,            //  
        keyOID          OBJECT IDENTIFIER,  // OID 
        policyList      PolicyList,         //   
        reason          INTEGER OPTIONAL}   //   (   revocation)
 
   OperType ::= ENUMERATED {
        issuing             (0),
        revocation          (1),
        updating            (2) }
 
   PolicyList ::= SEQUENCE OF OBJECT IDENTIFIER

   Period ::= SEQUENCE {
        dateFrom GeneralizedTime,
        dateTo   GeneralizedTime OPTIONAL } //   


         :
      GenMsg:    {id-it 50.11}, Period
      GenRep:    {id-it 50.11}, OperListCA

P.S.

 1.   LDAP   'B'.
 2. : dc=DD;dc=MM;dc=YY;dc=CA,
     YY-, MM-, DD-.
 3.    : "transBody"

---------------------------------------------------

 RFC 4210 / CMP

 5.3.19.  PKI General Message Content
 5.3.19.18.      .


      :
      GenMsg:    {id-it 50.14}, EnvelopedData(UserDataList)
      GenRep:    {id-it 50.14}, < absent >

      :
      GenMsg:    {id-it 50.15}, EnvelopedData(UserDataList)
      GenRep:    {id-it 50.15}, < absent >

      :
      GenMsg:    {id-it 50.16}, UserAttrList
      GenRep:    {id-it 50.16}, EnvelopedData(UserDataList)


   UserAttrList ::= SEQUENCE {
        user    UserName,
        attr    AttributeDescriptionList }

   UserDataList ::= SEQUENCE {
        user    UserName,
        data    AttributeTypeAndValuesList }


   UserName ::= CHOICE {
        object       [0] IMPLICIT LDAPDN,
        userKID      [1] IMPLICIT KeyIdentifier }

   AttributeDescriptionList ::= SEQUENCE OF
        AttributeDescription

   AttributeDescription ::= LDAPString

   LDAPString ::= OCTET STRING

   LDAPDN ::= LDAPString

   AttributeTypeAndValuesList ::= SEQUENCE OF
        AttributeTypeAndValues

   AttributeTypeAndValues ::= SEQUENCE {
        type    AttributeDescription,
        vals    SET OF AttributeValue }

   AttributeValue ::= OCTET STRING

   KeyIdentifier ::= OCTET STRING

---------------------------------------------------

