Please note that the date you requested in the address for this web page is not an actual date upon which a change occurred to this item of legislation. You are being shown the legislation from , which is the first date before then upon which a change was made.
ANNEX I CU.K. Requirements for construction, testing, installation, and inspection
Appendix 11
COMMON SECURITY MECHANISMS U.K.
PART BU.K. SECOND-GENERATION TACHOGRAPH SYSTEM
9.KEYS AND CERTIFICATESU.K.
9.3. Certificates U.K.
9.3.2 Certificate Content U.K.
CSM_136All certificates shall have the structure shown in the certificate profile in Table 4.U.K.
| Table 4 | ||||
| Certificate Profile version 1 | ||||
| Field | Field ID | Tag | Length (bytes) | ASN.1 data type(see Appendix 1) |
|---|---|---|---|---|
| ECC Certificate | C | ‘7F 21’ | var | |
| ECC Certificate Body | B | ‘7F 4E’ | var | |
| Certificate Profile Identifier | CPI | ‘5F 29’ | ‘01’ |  |
| Certificate Authority Reference | CAR | ‘42’ | ‘08’ |  |
| Certificate Holder Authorisation | CHA | ‘5F 4C’ | ‘07’ |   |
| Public Key | PK | ‘7F 49’ | var | |
| Domain Parameters | DP | ‘06’ | var |  |
| Public Point | PP | ‘86’ | var |  |
| Certificate Holder Reference | CHR | ‘5F 20’ | ‘08’ |  |
| Certificate Effective Date | CEfD | ‘5F 25’ | ‘04’ |  |
| Certificate Expiration Date | CExD | ‘5F 24’ | ‘04’ |  |
| ECC Certificate Signature | S | ‘5F 37’ | var |  |
Note: the Field ID will be used in later sections of this Appendix to indicate individual fields of a certificate, e.g. X.CAR is the Certificate Authority Reference mentioned in the certificate of user X.U.K.
9.3.2.1Certificate Profile IdentifierU.K.
CSM_137Certificates shall use a Certificate Profile Identifier to indicate the certificate profile used. Version 1, as specified in Table 4, shall be identified by a value of ‘00’.U.K.
9.3.2.2Certificate Authority ReferenceU.K.
CSM_138The Certificate Authority Reference shall be used to identify the public key to be used to verify the certificate signature. The Certificate Authority Reference shall therefore be equal to the Certificate Holder Reference in the certificate of the corresponding certificate authority.U.K.
CSM_139An ERCA root certificate shall be self-signed, i.e., the Certificate Authority Reference and the Certificate Holder Reference in the certificate shall be equal.U.K.
CSM_140For an ERCA link certificate, the Certificate Holder Reference shall be equal to the CHR of the new ERCA root certificate. The Certificate Authority Reference for a link certificate shall be equal to the CHR of the previous ERCA root certificate.U.K.
9.3.2.3Certificate Holder AuthorisationU.K.
[F1CSM_141 The Certificate Holder Authorisation shall be used to identify the type of certificate. It consists of the six most significant bytes of the Tachograph Application ID, concatenated with the equipment type, which indicates the type of equipment for which the certificate is intended. In the case of a VU certificate, a driver card certificate or a workshop card certificate, the equipment type is also used to differentiate between a certificate for Mutual Authentication and a certificate for creating digital signatures (see section 9.1 and Appendix 1, data type EquipmentType).] U.K.
Textual Amendments
9.3.2.4Public KeyU.K.
The Public Key nests two data elements: the standardized domain parameters to be used with the public key in the certificate and the value of the public point.
CSM_142The data element Domain Parameters shall contain one of the object identifiers specified in Table 1 to reference a set of standardized domain parameters.U.K.
CSM_143The data element Public Point shall contain the public point. Elliptic curve public points shall be converted to octet strings as specified in [TR-03111]. The uncompressed encoding format shall be used. When recovering an elliptic curve point from its encoded format, the validations described in [TR-03111] shall always be carried out.U.K.
9.3.2.5Certificate Holder ReferenceU.K.
CSM_144The Certificate Holder Reference is an identifier for the public key provided in the certificate. It shall be used to reference this public key in other certificates.U.K.
CSM_145For card certificates and external GNSS facility certificates, the Certificate Holder Reference shall have the 
data type specified in Appendix 1.U.K.
CSM_146For vehicle units, the manufacturer, when requesting a certificate, may or may not know the manufacturer-specific serial number of the VU for which that certificate and the associated private key is intended. In the first case, the Certificate Holder Reference shall have the 
data type specified in Appendix 1. In the latter case, the Certificate Holder Reference shall have the 
data type specified in Appendix 1.U.K.
[F2Note: For a card certificate, the value of the CHR shall be equal to the value of the cardExtendedSerialNumber in EF_ICC; see Appendix 2. For an EGF certificate, the value of the CHR shall be equal to the value of the sensorGNSSSerialNumber in EF_ICC; see Appendix 14. For a VU certificate, the value of the CHR shall be equal to the vuSerialNumber element of VuIdentification, see Appendix 1, unless the manufacturer does not know the manufacturer-specific serial number at the time the certificate is requested.] U.K.
