--#comment "Copyright (C) Microsoft Corporation, 1996-1999. All rights reserved."--
--#comment "ASN.1 definitions for PFXNSCP"--

--#oid array--         -- object identifier is 16-node fixed array
--#SS.basic lenptr--   -- set of and sequence of w/o size constraint
--#SS.sized lenptr--   -- set of and sequence of w/  size constraint

PFXNSCP
DEFINITIONS IMPLICIT TAGS ::=
BEGIN

-------------------------------
-- shorthand
ObjectID ::= OBJECT IDENTIFIER --#oid array--
ObjID   ::= OBJECT IDENTIFIER
Version ::= INTEGER {v1 (1)}

-------------------------------
-- from PKCS #7
ContentType ::= ObjectID

ContentInfo ::= SEQUENCE {
    contentType ContentType,
    content     [0] EXPLICIT ANY OPTIONAL
}

RSAData ::=  OCTET STRING --#public--

-------------------------------
-- from PKCS #8

PrivateKeyInfo ::= SEQUENCE {
  version             Version,
  privateKeyAlgorithm PrivateKeyAlgorithmIdentifier,
  privateKey          OCTET STRING,
  attributes          [0] IMPLICIT Attributes OPTIONAL 
} --#public--

PrivateKeyAlgorithmIdentifier ::= AlgorithmIdentifier
Attributes ::= SET --#public-- OF Attribute
Attribute ::= ANY


EncryptedPrivateKeyInfo ::= SEQUENCE {
    encryptionAlgorithm     EncryptionAlgorithmIdentifier,
    encryptedData           EncryptedData
} --#public--

EncryptionAlgorithmIdentifier ::= AlgorithmIdentifier

EncryptedData ::= SEQUENCE {
    version             Version,
    encryptedContentInfo    EncryptedContentInfo
} --#public--

EncryptedContentInfo ::= SEQUENCE {
    contentType             ContentType,
    contentEncryptionAlg    ContentEncryptionAlgorithmIdentifier,
    encryptedContent        [0] IMPLICIT EncryptedContent OPTIONAL 
} 

ContentEncryptionAlgorithmIdentifier ::= AlgorithmIdentifier
EncryptedContent ::= OCTET STRING

-------------------------------
-- other pkcs
AlgorithmIdentifier     ::=     SEQUENCE {
	algorithm                               ObjectID,
	parameters                              ANY DEFINED BY algorithm OPTIONAL
}

PBEParameter ::= SEQUENCE {
    salt                    OCTET STRING (SIZE(8)),
    iterationCount          INTEGER 
} --#public--

DigestInfo ::= SEQUENCE {
	digestAlgorithm                 DigestAlgorithmIdentifier,
	digest                                  Digest
} 

DigestAlgorithmIdentifier ::= AlgorithmIdentifier

Digest ::= OCTET STRING


-------------------------------
-- imports
rsa1 ObjID                  ::= { iso(1) member-body(2) us(840) rsadsi(113549) }
pkcs-12 ObjID                 ::= { rsa1 pkcs(1) 12 }

-------------------------------
-- defines 
TransportMode ::= ObjID

pkcs-12ModeIds  ObjID         ::= { pkcs-12 1 }

off-lineTransportMode ObjID   ::= { pkcs-12ModeIds 1 }






PFX ::= SEQUENCE {
    macData     [0] MacData OPTIONAL,
    authSafe    [1] ContentInfo
	-- signedData in public-key integrity mode, and 
	-- data in password integrity mode. 
} --#public--

MacData ::= SEQUENCE {
    safeMAC         DigestInfo,
    macSalt         BIT STRING
} 

AuthenticatedSafe ::= SEQUENCE {
    version         Version         DEFAULT v1,
    transportMode   TransportMode   DEFAULT off-lineTransportMode,
    privacySalt     BIT STRING      OPTIONAL,
    baggage         Baggage     OPTIONAL,
	-- Not subject to
	-- PFX encryption
    safe            ContentInfo
	-- contentType is encryptedData in pwd privacy mode
	-- and envelopedData in pub key privacy mode
} --#public--

Baggage ::= SET OF BaggageItem

BaggageItem ::= SEQUENCE {
    espvks          SET OF ESPVK,
    unencryptedSecrets  SET OF SafeBag 
}

ESPVK ::= SEQUENCE {
    espvkObjID      ObjID,
    espvkData       PVKSupportingData,
    espvkCipherText [0] EXPLICIT ANY DEFINED BY espvkObjID
} --#public--

PVKSupportingData ::= SEQUENCE {
    assocCerts      SET OF Thumbprint, -- zero or more
    regenerable     BOOLEAN DEFAULT FALSE,
    nickname        BMPString,          -- unicode
    pvkAdditional   PvkAdditional OPTIONAL
} --#public--

Thumbprint ::= DigestInfo

PvkAdditional ::= SEQUENCE {
    pvkAdditionalType   ObjID,
    pvkAdditionalContent [0] EXPLICIT ANY DEFINED BY pvkAdditionalType
} --#public--

SafeContents ::= SET --#public-- OF SafeBag

SafeBag ::= SEQUENCE {
    safeBagType     ObjID,
    safeBagContent  ANY DEFINED BY safeBagType,
    safeBagName     BMPString OPTIONAL
} --#public--

KeyBag ::= SET OF PrivateKey

PrivateKey ::= SEQUENCE {
    pvkData     PVKSupportingData,
    pkcs8data   PrivateKeyInfo      -- import from PKCS #8
} --#public--

CertCRLBag ::= SET --#public-- OF CertCRL
    
CertCRL ::= SEQUENCE {
    bagId       ObjID,
    value       [0] EXPLICIT ANY DEFINED BY bagId
} --#public--

X509Bag ::= SEQUENCE {
    certOrCRL   ContentInfo
} --#public--

SDSICertBag ::= SEQUENCE {
    value       IA5String
} --#public--

SecretBag ::= SET OF Secret

Secret ::= SEQUENCE {
    secretName  BMPString, -- unicode
    secretType  ObjID,    -- ADDED MATTT, won't compile as spec 0.020 reads
    value       ANY DEFINED BY secretType,
    secretAdditional    SecretAdditional OPTIONAL
} --#public--

SecretAdditional ::= SEQUENCE {
    secretAdditionalType    ObjID,
    secretAdditionalContent     [0] EXPLICIT ANY DEFINED BY secretAdditionalType
} --#public--


END