OID: {iso(1) identified-organization(3) ieee(111) standards-association-numbered-series-standards(2) wave-stds(1609) dot2(2) extension-standards(255) dot1(1) interfaces(1) ee-ra(11) major-version-3(3) minor-version-2(2)}
This is the parent structure for all structures exchanged between the EE and the RA. An overview of this structure is as follows:
eeRaCertRequest of type EeRaCertRequest
contains the certificate generation request sent by
the EE to the RA.
raEeCertAck of type RaEeCertAck
contains the RA's acknowledgement of the receipt of
EeRaCertRequestSpdu.
raEeCertInfo of type RaEeCertInfo
contains the information about certificate download.
eeRaDownloadRequest of type EeRaDownloadRequest
contains the download request sent by the EE to
the RA.
eeRaSuccessorEnrollmentCertRequest of type EeEcaCertRequestSpdu
contains a self-signed request
for an enrollment certificate, identical in format to the one submitted
for an initial enrollment certificate. (This becomes a request for a
successor enrollment certificate by virtue of being signed by the current
enrollment certificate.)
EeRaInterfacePdu ::= CHOICE {
eeRaCertRequest EeRaCertRequest,
raEeCertAck RaEeCertAck,
raEeCertInfo RaEeCertInfo,
eeRaDownloadRequest EeRaDownloadRequest,
eeRaSuccessorEnrollmentCertRequest EeEcaCertRequestSpdu,
...
}
This structure contains parameters needed to request different types of authorization certificates. An overview of this structure is as follows:
version of type Uint8 (2)
contains the current version of the structure.
generationTime of type Time32
contains the generation time of EeRaCertRequest.
type of type CertificateType
indicates whether the request is for an explicit or implicit
certificate (see 4.1.1 and 4.1.4.3.2).
tbsCert of type ToBeSignedCertificate (WITH COMPONENTS {
...,
cracaId ('000000'H),
crlSeries (0),
appPermissions PRESENT,
certIssuePermissions ABSENT,
certRequestPermissions ABSENT,
verifyKeyIndicator (WITH COMPONENTS {
verificationKey
})
})
contains the parameters to be used by the ACA to generate
authorization certificate(s).
additionalParams of type AdditionalParams OPTIONAL
shall be present and contain relevant parameters if
the requested certificates are to be generated using the butterfly key
mechanism as specified in 9.3, or if the requested certificates are to be
encrypted without using the butterfly key mechanism. If present, the field
tbsCert.verifyKeyIndicator shall be used as the caterpillar public key for
signing in the butterfly key mechanism.
The definition of validity for a certificate request, including constraints on the fields in this structure, is specified in 10.1.
NOTE:
EeRaCertRequest ::= SEQUENCE {
version Uint8 (2),
generationTime Time32,
type CertificateType,
tbsCert ToBeSignedCertificate (WITH COMPONENTS {
...,
cracaId ('000000'H),
crlSeries (0),
appPermissions PRESENT,
certIssuePermissions ABSENT,
certRequestPermissions ABSENT,
verifyKeyIndicator (WITH COMPONENTS {
verificationKey
})
}),
additionalParams AdditionalParams OPTIONAL,
...
}
This structure contains parameters for the butterfly key mechanism. An overview of this structure is as follows:
original of type ButterflyParamsOriginal
contains the parameters for the original variant.
unified of type ButterflyExpansion
contains the expansion function for signing to be used for
the unified variant. The caterpillar public key and expansion function for
encryption are the same as those for signing.
compactUnified of type ButterflyExpansion
contains the expansion function for signing to be
used for the compact unified variant. The caterpillar public key and
expansion function for encryption are the same as those for signing.
encryptionKey of type PublicEncryptionKey
contains the public key for encrypting the
certificate if the butterfly key mechanism is not used.
AdditionalParams ::= CHOICE {
original ButterflyParamsOriginal,
unified ButterflyExpansion,
compactUnified ButterflyExpansion,
encryptionKey PublicEncryptionKey,
...
}
This structure contains parameters for the original variation of the butterfly key mechanism. An overview of this structure is as follows:
signingExpansion of type ButterflyExpansion
contains the expansion function for signing.
encryptionKey of type PublicEncryptionKey
contains the caterpillar public key for encryption.
encryptionExpansion of type ButterflyExpansion
contains the expansion function for encryption.
ButterflyParamsOriginal ::= SEQUENCE {
signingExpansion ButterflyExpansion,
encryptionKey PublicEncryptionKey,
encryptionExpansion ButterflyExpansion
}
This structure contains material used in the butterfly key calculations as specified in 9.3.5.1 and 9.3.5.2. An overview of this structure is as follows:
ButterflyExpansion ::= CHOICE {
aes128 OCTET STRING (SIZE(16)),
...
}
This structure is used to create the acknowledgement for certificate requests. An overview of this structure is as follows:
version of type Uint8 (2)
contains the current version of the structure.
generationTime of type Time32
contains the generation time of RaEeCertAck.
requestHash of type HashedId8
contains the hash of the corresponding
EeRaCertRequestSpdu.
firstI of type IValue OPTIONAL
shall be present and contain the i-value that will be
associated with the first certificate or the certificate batch that will be
made available to the EE, if the corresponding EeRaCertRequest uses the
butterfly key mechanism as indicated in the field additionalParams. The EE
uses this to form the download filename for the download request as
specified in 8.2.2.
nextDlTime of type Time32
contains the time after which the EE should connect to
the RA to download the certificates.
RaEeCertAck ::= SEQUENCE {
version Uint8 (2),
generationTime Time32,
requestHash HashedId8,
firstI IValue OPTIONAL,
nextDlTime Time32,
...
}
This structure is used to create the info file that accompanies a batch of certificates for download as specified in 8.2.3. It is used when certificates were generated using the butterfly key expansion mechanism specified in 9.3. An overview of this structure is as follows:
version of type Uint8 (2)
contains the current version of the structure.
generationTime of type Time32
contains the generation time of RaEeCertInfo.
currentI of type IValue
contains the i-value associated with the batch of
certificates.
requestHash of type HashedId8
contains the hash of the corresponding
EeRaCertRequestSpdu.
nextDlTime of type Time32
contains the time after which the EE should connect to
the RA to download the certificates.
acpcTreeId of type AcpcTreeId OPTIONAL
shall be present and contain the ACPC Tree Id, if the
certificates were generated using ACPC as specified in 9.5.
RaEeCertInfo ::= SEQUENCE {
version Uint8 (2),
generationTime Time32,
currentI IValue,
requestHash HashedId8,
nextDlTime Time32,
acpcTreeId AcpcTreeId OPTIONAL,
...
}
This structure contains parameters needed to request the download of certificates from the RA. An overview of this structure is as follows:
generationTime of type Time32
contains the generation time of EeRaDownloadRequest.
filename of type UTF8String (SIZE (0..255))
contains the name of the file requested for download,
formed as specified in 8.2.2.
EeRaDownloadRequest ::= SEQUENCE {
generationTime Time32,
filename UTF8String (SIZE (0..255)),
...
}