PKCS #12: Personal Information Exchange Syntax v1.1

（Public Key Cryptography Standard）
PKCS #12 v1.1 describes a transfer syntax for personal identity information, including private keys, certificates, miscellaneous secrets, and extensions.

Machines, applications, browsers, Internet kiosks, and so on, that support this standard will allow a user to import, export, and exercise a single set of personal identity information.

This standard supports direct transfer of personal information under several privacy and integrity modes.

---

• Exchange Modes

There are four combinations of privacy modes and integrity modes.

The privacy modes use encryption to protect personal information from exposure,
and the integrity modes protect personal information from tampering.

privacy modes:
–> Public-key privacy mode
–> Password privacy mode

integrity modes:
–> Public-key integrity mode
–> Password integrity mode

---

PFX ::= SEQUENCE {    version    INTEGER {v3(3)}(v3,...),    authSafe   ContentInfo,    macData    MacData OPTIONAL}MacData ::= SEQUENCE {    mac        DigestInfo,    macSalt    OCTET STRING,    iterations INTEGER DEFAULT 1    -- Note: The default is for historical reasons and its    -- use is deprecated.}AuthenticatedSafe ::= SEQUENCE OF ContentInfo    -- Data if unencrypted    -- EncryptedData if password-encrypted    -- EnvelopedData if public key-encrypted

---

• The SafeBag Type

The SafeContents type is made up of SafeBags. Each SafeBag holds one piece of information —- a key, a certificate, etc. —- which is
identified by an object identifier.

SafeContents ::= SEQUENCE OF SafeBagSafeBag ::= SEQUENCE {    bagId           BAG-TYPE.&id ({PKCS12BagSet})    bagValue [0]    EXPLICIT BAG-TYPE.&Type({PKCS12BagSet}{@bagId}),    bagAttributes   SET OF PKCS12Attribute OPTIONAL}PKCS12Attribute ::= SEQUENCE {    attrId        ATTRIBUTE.&id ({PKCS12AttrSet}),    attrValues    SET OF ATTRIBUTE.&Type ({PKCS12AttrSet}{@attrId})} -- This type is compatible with the X.500 type ’Attribute’PKCS12AttrSet ATTRIBUTE ::= {    friendlyName | -- from PKCS #9 [23]    localKeyId,    -- from PKCS #9    ... -- Other attributes are allowed}

Six types of SafeBags are defined in this version:

bagtypes OBJECT IDENTIFIER ::= {pkcs-12 10 1}BAG-TYPE ::= TYPE-IDENTIFIERkeyBag BAG-TYPE ::=    {KeyBag IDENTIFIED BY {bagtypes 1}}pkcs8ShroudedKeyBag BAG-TYPE ::=    {PKCS8ShroudedKeyBag IDENTIFIED BY {bagtypes 2}}certBag BAG-TYPE ::=    {CertBag IDENTIFIED BY {bagtypes 3}}crlBag BAG-TYPE ::=    {CRLBag IDENTIFIED BY {bagtypes 4}}secretBag BAG-TYPE ::=    {SecretBag IDENTIFIED BY {bagtypes 5}}safeContentsBag BAG-TYPE ::=    {SafeContents IDENTIFIED BY {bagtypes 6}}PKCS12BagSet BAG-TYPE ::= {    keyBag |    pkcs8ShroudedKeyBag |    certBag |    crlBag |    secretBag |    safeContentsBag,    ... -- For future extensions}

1、The KeyBag Type

A KeyBag is a PKCS #8 PrivateKeyInfo. Note that a KeyBag contains only one private key.
KeyBag是PKCS＃8 PrivateKeyInfo。 注意一个KeyBag包含只有一个私钥。

KeyBag ::= PrivateKeyInfo

2、The PKCS8ShroudedKeyBag Type

A PKCS8ShroudedKeyBag holds a private key, which has been shrouded in accordance with PKCS #8. Note that a PKCS8ShroudedKeyBag holds only one shrouded private key.
根据PKCS＃8，PKCS8ShroudedKeyBag拥有一个隐藏的私钥。 请注意，PKCS8ShroudedKeyBag仅保留一个隐藏的私钥。

PKCS8ShroudedKeyBag ::= EncryptedPrivateKeyInfo

3、The CertBag Type

A CertBag contains a certificate of a certain type. Object identifiers are used to distinguish between different certificate types.
CertBag包含某种类型的证书。对象标识符用于区分不同的证书类型。

CertBag ::= SEQUENCE {    certId      BAG-TYPE.&id ({CertTypes}),    certValue   [0] EXPLICIT BAG-TYPE.&Type ({CertTypes}{@certId})}x509Certificate BAG-TYPE ::=    {OCTET STRING IDENTIFIED BY {certTypes 1}}    -- DER-encoded X.509 certificate stored in OCTET STRINGsdsiCertificate BAG-TYPE ::=    {IA5String IDENTIFIED BY {certTypes 2}}    -- Base64-encoded SDSI certificate stored in IA5StringCertTypes BAG-TYPE ::= {    x509Certificate |    sdsiCertificate,... -- For future extensions}

4、The CRLBag Type

A CRLBag contains a Certificate Revocation List (CRL) of a certain type. Object identifiers are used to distinguish between different CRL types.
CRLBag包含某个证书撤销列表（CRL）类型。 对象标识符用于区分不同的CRL类型。

CRLBag ::= SEQUENCE {    crlId      BAG-TYPE.&id ({CRLTypes}),    crlValue   [0] EXPLICIT BAG-TYPE.&Type ({CRLTypes}{@crlId})}x509CRL BAG-TYPE ::=    {OCTET STRING IDENTIFIED BY {crlTypes 1}}    -- DER-encoded X.509 CRL stored in OCTET STRINGCRLTypes BAG-TYPE ::= {    x509CRL,    ... -- For future extensions}

5、The SecretBag Type

Each of the user’s miscellaneous personal secrets is contained in an instance of SecretBag, which holds an object identifier-dependent value. Note that a SecretBag contains only one secret.
每个用户的杂项个人秘密包含在SecretBag的实例中，SecretBag保存对象标识符相关值。 注意，SecretBag只包含一个秘密。

SecretBag ::= SEQUENCE {    secretTypeId    BAG-TYPE.&id ({SecretTypes}),    secretValue     [0] EXPLICIT BAG-TYPE.&Type ({SecretTypes} {@secretTypeId})}SecretTypes BAG-TYPE ::= {    ... -- For future extensions}

Implementers can add values to this set at their own discretion.

6、The SafeContents Type

The sixth type of bag that can be held in a SafeBag is a SafeContents. This recursive structure allows for arbitrary nesting of multiple KeyBags, PKCS8ShroudedKeyBags, CertBags, CRLBags, and SecretBags within the top-level SafeContents.
第六种类型的包是可以保存在SafeBag中的SafeContents。 这个递归结构允许在顶层SafeContents中任意嵌套多个KeyBags，PKCS8ShroudedKeyBags，CertBags，CRLBags和SecretBags。

• Using PFX PDUs

1、Creating PFX PDUs

1. It is somewhat clear from the ASN.1 how to make a number of instances of SafeContents, each containing a number of (possibly nested) instances of SafeBag. Let us assume, therefore, a number of instances SC_1, SC_2,…, SC_n of SafeContents. Note that there can be a more or less arbitrary number of instances of SafeContents in a PFX PDU. As will be seen in step 2, each instance can be encrypted (or not) separately.

2. For each SCI, depending on the chosen encryption option,

   A）If SC_i is not to be encrypted, make a ContentInfo CI_i holding content type Data. The contents of the Data OCTET STRING shall be a BER-encoding of SC_i (including tag, length, and value octets).

   B） If SC_i is to be encrypted with a password, make a ContentInfo CI_i of type EncryptedData. The encryptedContentInfo field of CI_i has its contentType field set to data and its encryptedContent field set to the encryption of the BER-encoding of SC_i (note that the tag and length octets shall be present).

   C） If SC_i is to be encrypted with a public key, make a ContentInfo CI_i of type EnvelopedData in essentially the same fashion as the EncryptedData ContentInfo was made in B.

3. Make an instance of AuthenticatedSafe by stringing together the
   CI_i’s in a SEQUENCE.

4. Make a ContentInfo T holding content type Data. The contents of the Data OCTET STRING shall be a BER-encoding of the AuthenticatedSafe value (including tag, length, and value octets).

5. For integrity protection,

   A） If the PFX PDU is to be authenticated with a digital signature, make a ContentInfo C of type SignedData. The contentInfo field of the SignedData in C has T in it. C is the ContentInfo in the top-level PFX structure.

   B） If the PFX PDU is to be authenticated with HMAC, then an HMAC with SHA-1, SHA-224, SHA-256, SHA-384, SHA-512, SHA-512/224, or SHA-512/256 is computed on the contents of the Data in T (i.e., excluding the OCTET STRING tag and length bytes). This is exactly what would be initially digested in step 5A if public-key authentication were being used.

2、Importing Keys, etc., from a PFX PDU

---