ASN.1 module Ieee1609Dot2Dot1EeRaInterface

OID: {iso(1) identified-organization(3) ieee(111) standards-association-numbered-series-standards(2) wave-stds(1609) dot2(2) extension-standards(255) dot1(1) interfaces(1) ee-ra(11) major-version-3(3) minor-version-2(2)}

Imports:

Data Elements:

EeRaInterfacePdu

This is the parent structure for all structures exchanged between the EE and the RA. An overview of this structure is as follows:

EeRaInterfacePdu ::= CHOICE { eeRaCertRequest EeRaCertRequest, raEeCertAck RaEeCertAck, raEeCertInfo RaEeCertInfo, eeRaDownloadRequest EeRaDownloadRequest, eeRaSuccessorEnrollmentCertRequest EeEcaCertRequestSpdu, ... }

EeRaCertRequest

This structure contains parameters needed to request different types of authorization certificates. An overview of this structure is as follows:

The definition of validity for a certificate request, including constraints on the fields in this structure, is specified in 10.1.

NOTE:

  1. In the case where the butterfly key mechanism is used to derive the certificate encryption key, the value j is not communicated to the ACA. However, the EE that receives the certificate response can only decrypt the response if it knows j. The RA is therefore anticipated to store j so that it can be associated with the appropriate certificate response.
  2. If the type of id is LinkageData, the contents of the field in the request are replaced by random data by the RA when it sends the individual certificate requests to the ACA. The ACA then in turn replaces that data with the linkage values generated with the help of the LAs; see Annex F.
  3. This document does not specify a method to include an encryptionKey in the requested certificates, if the butterfly key mechanism is used. The EE using such a certificate to sign a message cannot request that the response is encrypted to the certificate. Instead, it can request an encrypted response using the tbsData.headerInfo.encryptionKey field of the SignedData; see 6.3.9, 6.3.33, 6.3.34, and 6.3.36 of IEEE Std 1609.2 for more details.
EeRaCertRequest ::= SEQUENCE { version Uint8 (2), generationTime Time32, type CertificateType, tbsCert ToBeSignedCertificate (WITH COMPONENTS { ..., cracaId ('000000'H), crlSeries (0), appPermissions PRESENT, certIssuePermissions ABSENT, certRequestPermissions ABSENT, verifyKeyIndicator (WITH COMPONENTS { verificationKey }) }), additionalParams AdditionalParams OPTIONAL, ... }

AdditionalParams

This structure contains parameters for the butterfly key mechanism. An overview of this structure is as follows:

AdditionalParams ::= CHOICE { original ButterflyParamsOriginal, unified ButterflyExpansion, compactUnified ButterflyExpansion, encryptionKey PublicEncryptionKey, ... }

ButterflyParamsOriginal

This structure contains parameters for the original variation of the butterfly key mechanism. An overview of this structure is as follows:

ButterflyParamsOriginal ::= SEQUENCE { signingExpansion ButterflyExpansion, encryptionKey PublicEncryptionKey, encryptionExpansion ButterflyExpansion }

ButterflyExpansion

This structure contains material used in the butterfly key calculations as specified in 9.3.5.1 and 9.3.5.2. An overview of this structure is as follows:

ButterflyExpansion ::= CHOICE { aes128 OCTET STRING (SIZE(16)), ... }

RaEeCertAck

This structure is used to create the acknowledgement for certificate requests. An overview of this structure is as follows:

RaEeCertAck ::= SEQUENCE { version Uint8 (2), generationTime Time32, requestHash HashedId8, firstI IValue OPTIONAL, nextDlTime Time32, ... }

RaEeCertInfo

This structure is used to create the info file that accompanies a batch of certificates for download as specified in 8.2.3. It is used when certificates were generated using the butterfly key expansion mechanism specified in 9.3. An overview of this structure is as follows:

RaEeCertInfo ::= SEQUENCE { version Uint8 (2), generationTime Time32, currentI IValue, requestHash HashedId8, nextDlTime Time32, acpcTreeId AcpcTreeId OPTIONAL, ... }

EeRaDownloadRequest

This structure contains parameters needed to request the download of certificates from the RA. An overview of this structure is as follows:

EeRaDownloadRequest ::= SEQUENCE { generationTime Time32, filename UTF8String (SIZE (0..255)), ... }