version 1.5, 2018/09/12 01:21:34 |
version 1.6, 2023/07/17 03:57:21 |
|
|
#define KRL_SECTION_FINGERPRINT_SHA1 3 |
#define KRL_SECTION_FINGERPRINT_SHA1 3 |
#define KRL_SECTION_SIGNATURE 4 |
#define KRL_SECTION_SIGNATURE 4 |
#define KRL_SECTION_FINGERPRINT_SHA256 5 |
#define KRL_SECTION_FINGERPRINT_SHA256 5 |
|
#define KRL_SECTION_EXTENSION 255 |
|
|
2. Certificate section |
2. Certificate section |
|
|
|
|
#define KRL_SECTION_CERT_SERIAL_RANGE 0x21 |
#define KRL_SECTION_CERT_SERIAL_RANGE 0x21 |
#define KRL_SECTION_CERT_SERIAL_BITMAP 0x22 |
#define KRL_SECTION_CERT_SERIAL_BITMAP 0x22 |
#define KRL_SECTION_CERT_KEY_ID 0x23 |
#define KRL_SECTION_CERT_KEY_ID 0x23 |
|
#define KRL_SECTION_CERT_EXTENSION 0x39 |
|
|
2.1 Certificate serial list section |
2.1 Certificate serial list section |
|
|
|
|
This section must contain at least one "key_id". This section may appear |
This section must contain at least one "key_id". This section may appear |
multiple times. |
multiple times. |
|
|
|
2.5. Certificate Extension subsections |
|
|
|
This subsection type provides a generic extension mechanism to the |
|
certificates KRL section that may be used to provide optional or critical |
|
data. |
|
|
|
Extensions are stored in subsections of type |
|
KRL_SECTION_CERT_EXTENSION with the following contents: |
|
|
|
string extension_name |
|
boolean is_critical |
|
string extension_contents. |
|
|
|
Where "extension_name" describes the type of extension. It is |
|
recommended that user extensions follow "cert-name@domain.org" naming. |
|
|
|
The "is_critical" indicates whether this extension is mandatory or |
|
optional. If true, then any unsupported extension encountered should |
|
result in KRL parsing failure. If false, then it may be safely be |
|
ignored. |
|
|
|
The "extension_contents" contains the body of the extension. |
|
|
3. Explicit key sections |
3. Explicit key sections |
|
|
These sections, identified as KRL_SECTION_EXPLICIT_KEY, revoke keys |
These sections, identified as KRL_SECTION_EXPLICIT_KEY, revoke keys |
|
|
|
|
This section may appear multiple times. |
This section may appear multiple times. |
|
|
5. KRL signature sections |
5. Extension sections |
|
|
|
This section type provides a generic extension mechanism to the KRL |
|
format that may be used to provide optional or critical data. |
|
|
|
Extensions are recorded in sections of type KRL_SECTION_EXTENSION |
|
with the following contents: |
|
|
|
string extension_name |
|
boolean is_critical |
|
string extension_contents. |
|
|
|
Where "extension_name" describes the type of extension. It is |
|
recommended that user extensions follow "name@domain.org" naming. |
|
|
|
The "is_critical" indicates whether this extension is mandatory or |
|
optional. If true, then any unsupported extension encountered should |
|
result in KRL parsing failure. If false, then it may be safely be |
|
ignored. |
|
|
|
The "extension_contents" contains the body of the extension. |
|
|
|
6. KRL signature sections |
|
|
The KRL_SECTION_SIGNATURE section serves a different purpose to the |
The KRL_SECTION_SIGNATURE section serves a different purpose to the |
preceding ones: to provide cryptographic authentication of a KRL that |
preceding ones: to provide cryptographic authentication of a KRL that |