CMSDBKeyManagement.asn (ITU-T X.894 (10/2018))

-- ASN module extracted from ITU-T X.894 (10/2018)

-- 16 Module CMSDBKeyManagement
CMSDBKeyManagement {itu-t recommendation(0) x(24) cms-profile(894) module(0) dBKeyManagement(2) version1(1)}
"/ITU-T/Recommendation/X/CMS-Profile/Module/DBKeyManagement/Version1"
DEFINITIONS AUTOMATIC TAGS ::= 
BEGIN
IMPORTS
ALGORITHM,AlgorithmIdentifier{}
FROM AlgorithmInformation-2009
{iso(1) identified-organization(3) dod(6) internet(1) security(5)
mechanisms(5) pkix(7) id-mod(0) id-mod-algorithmInformation-02(58)}
ATTRIBUTE
FROM PKIX-CommonTypes-2009
{iso(1) identified-organization(3) dod(6) internet(1) security(5)
mechanisms(5) pkix(7) id-mod(0) id-mod-pkixCommon-02(57)}
Attribute{},MessageAuthenticationCodeAlgorithm
FROM CryptographicMessageSyntax-2010
{ iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) modules(0) id-mod-cms-2009(58) }
id-dbekm-recip-info,id-SimpleString,id-UniqueIdentifier
FROM CMSObjectIdentifiers
{iso(1) identified-organization(3) tc68(133) country(16) x9(840)
x9Standards(9) x9-73(73) module(0) oids(1) v2009(1)};
-- X9.73 XML namespace: urn:oid:1.3.133.16.840.9.73 --
KEY-MANAGEMENT ::= TYPE-IDENTIFIER
DB-Encryption-Key-Management	KEY-MANAGEMENT ::= {
dbekmRecipientInfo,
...	-- Expect additional key management objects --
}
dbekmRecipientInfo			KEY-MANAGEMENT ::= {
DBEKMRecipientInfo IDENTIFIED BY id-dbekm-recip-info }
DBEKMRecipientInfo	::= CHOICE {
keyManager		MasterKeyEncryptedHMACkey,
server		DatabaseServerToKeyManager
}
MasterKeyEncryptedHMACkey	::= SEQUENCE {
masterKeyAID	MasterKeyAlgorithmIdentifier OPTIONAL,
hmacKeyAID		MessageAuthenticationCodeAlgorithm OPTIONAL,
encryptedKey	OCTET STRING(SIZE(1..MAX))
}
MasterKeyAlgorithmIdentifier ::=
AlgorithmIdentifier {ALGORITHM,{MasterKeyAlgorithms}}
MasterKeyAlgorithms	ALGORITHM ::= {
...	-- Expect additional algorithm objects --
}
DatabaseServerToKeyManager ::= SEQUENCE {
encryptedKey	MasterKeyEncryptedHMACkey,
uniqueID		UniqueIdentifier OPTIONAL 
				-- May be known system wide --
}
UniqueIdentifier ::= UniqueID{{SchemaIdentifier}}
SchemaIdentifier DBEKM ::= {
simpleString,
...	-- Expect additional schema identifier objects --
}
simpleString	DBEKM ::= {
OID id-SimpleString PARMS SimpleString }
SimpleString	::= UTF8String(SIZE(1..MAX))
DBEKM	::= CLASS {
&id	OBJECT IDENTIFIER UNIQUE,
&Type	OPTIONAL
}
WITH SYNTAX {OID &id [PARMS &Type]}
UniqueID{DBEKM:IOSet} ::= SEQUENCE {
name	DBEKM.&id({IOSet}),
type	DBEKM.&Type({IOSet}{@name}) OPTIONAL
}
DbEKMAttributeSet ::= 
SEQUENCE(SIZE(1..MAX)) OF Attribute{{DbEKMAttributes}}
DbEKMAttributes ATTRIBUTE ::= {
uniqueIdentifier,
...	-- Expect user schema identifier attributes --
}
uniqueIdentifier ATTRIBUTE ::= {
TYPE UniqueIdentifier IDENTIFIED BY id-UniqueIdentifier
}
END