xmlns:atom="http://www.w3.org/2005/Atom" xmlns:atom="http://www.w3.org/2005/Atom"
Data | Format | Bytes | Obs |
---|---|---|---|
CPI | INTEGER | 1 | Certificate Profile Identifier (‘01’ for this version) |
CAR | OCTET STRING | 8 | Certification Authority Reference |
CHA | OCTET STRING | 7 | Certificate Holder Authorisation |
EOV | TimeReal | 4 | Certificate end of validity. Optional, ‘FF’ padded if not used. |
CHR | OCTET STRING | 8 | Certificate Holder Reference |
n | OCTET STRING | 128 | Public key (modulus) |
e | OCTET STRING | 8 | Public Key (public exponent) |
164 |
The headerlist associated with this certificate content is as follows:
‘4D’ | ‘16’ | ‘5F 29’ | ‘01’ | ‘42’ | ‘08’ | ‘5F 4B’ | ‘07’ | ‘5F 24’ | ‘04’ | ‘5F 20’ | ‘08’ | ‘7F 49’ | ‘05’ | ‘81’ | ‘81 80’ | ‘82’ | ‘08’ |
Extended Headerlist Tag | Length of header list | CPI Tag | CPI Length | CAR Tag | CAR Length | CHA Tag | CHA Length | EOV Tag | EOV Length | CHR Tag | CHR Length | Public Key Tag (Constructed) | Length of subsequent DOs | modulus Tag | modulus length | public exponent Tag | public exponent length |
Equipment (VU or Card):
Data | Equipment serial number | Date | Type | Manufacturer |
---|---|---|---|---|
Length | 4 Bytes | 2 Bytes | 1 Byte | 1 Byte |
Value | Integer | mm yy BCD coding | Manufacturer specific | Manufacturer code |
In the case of a VU, the manufacturer, when requesting certificates, may or may not know the identification of the equipment in which the keys will be inserted.
In the first case, the manufacturer will send the equipment identification with the public key to its Member State authority for certification. The certificate will then contain the equipment identification, and the manufacturer must ensure that keys and certificate are inserted in the intended equipment. The Key identifier has the form shown above.
In the later case, the manufacturer must uniquely identify each certificate request and send this identification with the public key to its Member State authority for certification. The certificate will contain the request identification. The manufacturer must feed back its Member State authority with the assignment of key to equipment (i.e. certificate request identification, equipment identification) after key installation in the equipment. The key identifier has the following form:
Data | Certificate request serial number | Date | Type | Manufacturer |
---|---|---|---|---|
Length | 4 Bytes | 2 Bytes | 1 Byte | 1 Byte |
Value | Integer | mm yy BCD coding | ‘FF’ | Manufacturer code |
Certification Authority:
Data | Authority Identification | Key serial number | Additional info | Identifier |
---|---|---|---|---|
Length | 4 Bytes | 1 Byte | 2 Bytes | 1 Byte |
Value | 1 Byte nation numerical code 3 Bytes nation alphanumerical code | Integer | additional coding (CA specific) ‘FF FF’ if not used | ‘01’ |
The key serial number is used to distinguish the different keys of a Member State, in the case the key is changed.