Certificate ::= SEQUENCE {
tbsCertificate TBSCertificate, -- 证书主体
signatureAlgorithm AlgorithmIdentifier, -- 证书签名算法标识
signatureValue BIT STRING --证书签名值,是使用signatureAlgorithm部分指定的签名算法对tbsCertificate证书主题部分签名后的值.
}
TBSCertificate ::= SEQUENCE {
version [0] EXPLICIT Version DEFAULT v1, -- 证书版本号
serialNumber CertificateSerialNumber, -- 证书序列号,对同一CA所颁发的证书,序列号唯一标识证书
signature AlgorithmIdentifier, --证书签名算法标识
issuer Name, --证书发行者名称
validity Validity, --证书有效期
subject Name, --证书主体名称
subjectPublicKeyInfo SubjectPublicKeyInfo,--证书公钥
issuerUniqueID [1] IMPLICIT UniqueIdentifier OPTIONAL,
-- 证书发行者ID(可选),只在证书版本2、3中才有
subjectUniqueID [2] IMPLICIT UniqueIdentifier OPTIONAL,
-- 证书主体ID(可选),只在证书版本2、3中才有
extensions [3] EXPLICIT Extensions OPTIONAL
-- 证书扩展段(可选),只在证书版本3中才有
}
Version ::= INTEGER { v1(0), v2(1), v3(2) }
CertificateSerialNumber ::= INTEGER
AlgorithmIdentifier ::= SEQUENCE {
algorithm OBJECT IDENTIFIER,
parameters ANY DEFINED BY algorithm OPTIONAL }
parameters:
Dss-Parms ::= SEQUENCE { -- parameters ,DSA(DSS)算法时的parameters,
RSA算法没有此参数
p INTEGER,
q INTEGER,
g INTEGER }
signatureValue:
Dss-Sig-Value ::= SEQUENCE { -- sha1DSA签名算法时,签名值
r INTEGER,
s INTEGER }
Name ::= CHOICE {
RDNSequence }
RDNSequence ::= SEQUENCE OF RelativeDistinguishedName
RelativeDistinguishedName ::=
SET OF AttributeTypeAndValue
AttributeTypeAndValue ::= SEQUENCE {
type AttributeType,
value AttributeValue }
AttributeType ::= OBJECT IDENTIFIER
AttributeValue ::= ANY DEFINED BY AttributeType
Validity ::= SEQUENCE {
notBefore Time, -- 证书有效期起始时间
notAfter Time -- 证书有效期终止时间
}
Time ::= CHOICE {
utcTime UTCTime,
generalTime GeneralizedTime }
UniqueIdentifier ::= BIT STRING
SubjectPublicKeyInfo ::= SEQUENCE {
algorithm AlgorithmIdentifier, -- 公钥算法
subjectPublicKey BIT STRING -- 公钥值
}
subjectPublicKey:
RSAPublicKey ::= SEQUENCE { -- RSA算法时的公钥值
modulus INTEGER, -- n
publicExponent INTEGER -- e -- }
Extensions ::= SEQUENCE SIZE (1..MAX) OF Extension
Extension ::= SEQUENCE {
extnID OBJECT IDENTIFIER,
critical BOOLEAN DEFAULT FALSE,
extnValue OCTET STRING }
