PKCS #10: Certification Request Syntax Version 1.5 (RFC2314)
Original Publication Date: 1998-Mar-01
Included in the Prior Art Database: 2019-Feb-15
Internet Society Requests For Comment (RFCs)
This document describes a syntax for certification requests. This memo provides information for the Internet community. It does not specify an Internet standard of any kind.
Network Working Group B. Kaliski Request for Comments: 2314 RSA Laboratories East Category: Informational March 1998
PKCS #10: Certification Request Syntax Version 1.5
Status of this Memo
This memo provides information for the Internet community. It does not specify an Internet standard of any kind. Distribution of this memo is unlimited.
Copyright (C) The Internet Society (1998). All Rights Reserved.
This document describes a syntax for certification requests.
A certification request consists of a distinguished name, a public key, and optionally a set of attributes, collectively signed by the entity requesting certification. Certification requests are sent to a certification authority, who transforms the request to an X.509 public-key certificate, or a PKCS #6 extended certificate. (In what form the certification authority returns the newly signed certificate is outside the scope of this document. A PKCS #7 message is one possibility.)
The intention of including a set of attributes is twofold: to provide other information about a given entity, such as the postal address to which the signed certificate should be returned if electronic mail is not available, or a "challenge password" by which the entity may later request certificate revocation; and to provide attributes for a PKCS #6 extended certificate. A non-exhaustive list of attributes is given in PKCS #9.
Certification authorities may also require non-electronic forms of request and may return non-electronic replies. It is expected that descriptions of such forms, which are outside the scope of this document, will be available from the certification authority.
Kaliski Informational [Page 1]
RFC 2314 PKCS #10: Certification Request Syntax March 1998
The preliminary intended application of this document is to support PKCS #7 cryptographic messages, but is expected that other applications will be developed.
PKCS #1 RSA Laboratories. PKCS #1: RSA Encryption Standard. Version 1.5, November 1993.
PKCS #6 RSA Laboratories. PKCS #6: Extended-Certificate Syntax. Version 1.5, November 1993.
PKCS #7 RSA Laboratories. PKCS #7: Cryptographic Message Syntax. Version 1.5, November 1993.
PKCS #9 RSA Laboratories. PKCS #9: Selected Attribute Types. Version 1.1, November 1993.
RFC 1424 Kaliski, B., "Privacy Enhancement for Internet Electronic Mail: Part IV: Key Certification and Related Services," RFC 1424, February 1993.
X.208 CCITT. Recommendation X.208: Specification of Abstract Syntax Notation One (ASN.1). 1988.
X.209 CCITT. Recommendation X.209: Specification of Basic Encoding Rules for Abstract Syntax Notation One (ASN.1). 1988.
X.500 CCITT. Recommendation X.500: The Directory-- Overview of Concepts, Models and Services. 1988.
X.501 CCITT. Recommendation X.501: The Directory-- Models. 1988.
X.509 CCITT. Recommendation X.509: The Directory-- Authentication Framework. 1988.
For the purposes of this document, the following definitions appl...