INTERNATIONAL
STANDARD

ISO
15782-2

--`,,```,,,,````-`-`,,`,,`,`,,`---

First edition
2001-11-01

Banking — Certificate management —
Part 2:
Certificate extensions
Banque — Gestion des certificats —
Partie 2: Extensions des certificats

Reference number
ISO 15782-2:2001(E)

© ISO 2001
Copyright International Organization for Standardization
Provided by IHS under license with ISO
No reproduction or networking permitted without license from IHS

Not for Resale


ISO 15782-2:2001(E)

PDF disclaimer

This PDF file may contain embedded typefaces. In accordance with Adobe's licensing policy, this file may be printed or viewed but shall not
be edited unless the typefaces which are embedded are licensed to and installed on the computer performing the editing. In downloading this
file, parties accept therein the responsibility of not infringing Adobe's licensing policy. The ISO Central Secretariat accepts no liability in this
area.
Details of the software products used to create this PDF file can be found in the General Info relative to the file; the PDF-creation parameters
were optimized for printing. Every care has been taken to ensure that the file is suitable for use by ISO member bodies. In the unlikely event
that a problem relating to it is found, please inform the Central Secretariat at the address given below.

© ISO 2001
All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized in any form or by any means, electronic
or mechanical, including photocopying and microfilm, without permission in writing from either ISO at the address below or ISO's member body
in the country of the requester.
ISO copyright office
Case postale 56 • CH-1211 Geneva 20
Tel. + 41 22 749 01 11
Fax + 41 22 749 09 47
E-mail
Web www.iso.ch
Printed in Switzerland

ii

Copyright International Organization for Standardization
Provided by IHS under license with ISO
No reproduction or networking permitted without license from IHS

© ISO 2001 – All rights reserved
Not for Resale

--`,,```,,,,````-`-`,,`,,`,`,,`---


Adobe is a trademark of Adobe Systems Incorporated.


ISO 15782-2:2001(E)

Contents

Page

Foreword.....................................................................................................................................................................iv
1

Scope .............................................................................................................................................................. 1

2

Normative references .................................................................................................................................... 1

3

Terms and definitions ................................................................................................................................... 2

4

Abbreviations................................................................................................................................................. 6

5

Extensions...................................................................................................................................................... 7


6
6.1
6.2

Key and policy information .......................................................................................................................... 8
Requirements................................................................................................................................................. 8
Certificate and CRL extensions ................................................................................................................... 9

7
7.1
7.2

Certificate subject and certificate issuer attributes................................................................................. 14
Requirements............................................................................................................................................... 14
Certificate and CRL extensions ................................................................................................................. 15

8
8.1
8.2
8.3

Certification path constraints..................................................................................................................... 17
Requirements............................................................................................................................................... 17
Certificate extensions ................................................................................................................................. 19
Certification path processing procedure .................................................................................................. 21

9
9.1
9.2


Basic CRL extensions ................................................................................................................................. 24
Management requirements ......................................................................................................................... 24
Basic CRL and CRL entry extensions ....................................................................................................... 25

10
10.1
10.2
10.3
10.4

CRL distribution points and delta-CRLs ................................................................................................... 27
Requirements............................................................................................................................................... 27
Certificate extensions ................................................................................................................................. 28
CRL and CRL entry extensions.................................................................................................................. 29
Matching rules ............................................................................................................................................. 31

Annex A (informative) Examples of the use of certification path constraints .................................................... 36
Bibliography .............................................................................................................................................................. 38

iii

© ISO 2001 – All rights reserved

Copyright International Organization for Standardization
Provided by IHS under license with ISO
No reproduction or networking permitted without license from IHS

Not for Resale


--`,,```,,,,````-`-`,,`,,`,`,,`---

Introduction .................................................................................................................................................................v


ISO 15782-2:2001(E)

Foreword
ISO (the International Organization for Standardization) is a worldwide federation of national standards bodies (ISO
member bodies). The work of preparing International Standards is normally carried out through ISO technical
committees. Each member body interested in a subject for which a technical committee has been established has
the right to be represented on that committee. International organizations, governmental and non-governmental, in
liaison with ISO, also take part in the work. ISO collaborates closely with the International Electrotechnical
Commission (IEC) on all matters of electrotechnical standardization.
International Standards are drafted in accordance with the rules given in the ISO/IEC Directives, Part 3.
Draft International Standards adopted by the technical committees are circulated to the member bodies for voting.
Publication as an International Standard requires approval by at least 75 % of the member bodies casting a vote.
Attention is drawn to the possibility that some of the elements of this part of ISO 15782 may be the subject of
patent rights. ISO shall not be held responsible for identifying any or all such patent rights.
International Standard ISO 15782-2 was prepared by Technical Committee ISO/TC 68, Banking, securities and
other financial services, Subcommittee SC 2, Security management and general banking operations.
ISO 15782 consists of the following parts, under the general title Banking — Certificate management:
—

Part 1: Public key certificates

—

Part 2: Certificate extensions


Annex A of this part of ISO 15782 is for information only.

--`,,```,,,,````-`-`,,`,,`,`,,`---

iv

Copyright International Organization for Standardization
Provided by IHS under license with ISO
No reproduction or networking permitted without license from IHS

© ISO 2001 – All rights reserved
Not for Resale


ISO 15782-2:2001(E)

Introduction
This part of ISO 15782 extracts and adopts selected definitions of certificate extensions from ISO 9594-8 and adds
control requirements and other information required for financial institution use.
While the techniques specified in this part of ISO 15782 are designed to maintain the integrity of financial
messages, the Standard does not guarantee that a particular implementation is secure. It is the responsibility of the
financial institution to put an overall process in place with the necessary controls to ensure that the process is
securely implemented. Furthermore, the controls should include the application of appropriate audit tests in order to
validate compliance.
The binding association between the identity of the owner of a public key and that key shall be documented in
order to prove the ownership of a public key. This binding is called a “public key certificate”. Public key certificates
are generated by a trusted third entity known as a Certification Authority (CA).

--`,,```,,,,````-`-`,,`,,`,`,,`---


v

© ISO 2001 – All rights reserved

Copyright International Organization for Standardization
Provided by IHS under license with ISO
No reproduction or networking permitted without license from IHS

Not for Resale


--`,,```,,,,````-`-`,,`,,`,`,,`---

Copyright International Organization for Standardization
Provided by IHS under license with ISO
No reproduction or networking permitted without license from IHS

Not for Resale


INTERNATIONAL STANDARD

ISO 15782-2:2001(E)

Banking — Certificate management —
Part 2:
Certificate extensions

1


Scope

This part of ISO 15782


extracts and adopts selected definitions of certificate extensions from ISO/IEC 9594-8;



specifies additional requirements when certificate extensions are used by the financial services industry.

This part of ISO 15782 is to be used with financial institution standards, including ISO 15782-1.
NOTE
Distinguished Encoding Rules (DER) of ASN.1 for encoding of ASN.1-defined certificate extensions are specified in
ISO/IEC 8825-1. The DER rules defined by ISO/IEC 9594-8 are incomplete and can lead to ambiguities when encoding some
values.

2

Normative references

The following normative documents contain provisions which, through reference in this text, constitute provisions of
this part of ISO 15782. For dated references, subsequent amendments to, or revisions of, any of these publications
do not apply. However, parties to agreements based on this part of ISO 15782 are encouraged to investigate the
possibility of applying the most recent editions of the normative documents indicated below. For undated
references, the latest edition of the normative document referred to applies. Members of ISO and IEC maintain
registers of currently valid International Standards.
ISO/IEC 9594-2 | ITU-T Recommendation X.501, Information technology — Open Systems Interconnection — The
Directory: Models
ISO/IEC 9594-8:1998 | ITU-T Recommendation X.509 (1997), Information technology — Open Systems

Interconnection — The Directory: Authentication framework
ISO/IEC 9834-1 | CCITT Recommendation X.660 Information technology — Open Systems Interconnection —
Procedures for the operation of OSI Registration Authorities: General procedures
ISO/IEC 10021-4 | ITU-T Recommendation X.411, Information technology — Message Handling Systems
(MHS) — Message transfer system: Abstract service definition and procedures
ISO 15782-1:—1), Banking — Certificate management — Part 1: Public key certificates
RFC 791:19812), Internet protocol

1)

To be published.

2)

Obsoletes RFC 760; obsoleted by RFC 1060.

1

© ISO 2001 – All rights reserved

--`,,```,,,,````-`-`,,`,,`,`,,`---

Copyright International Organization for Standardization
Provided by IHS under license with ISO
No reproduction or networking permitted without license from IHS

Not for Resale


ISO 15782-2:2001(E)


RFC 822:19823), Standard for the format of ARPA Internet text messages
RFC 1035:19874), Domain names — Implementation and specification
RFC 1630:1994, Universal resource identifiers in WWW: A unifying syntax for the expression of names and
addresses of objects on the network as used in the world-wide web
FIPS-PUB 140-1:1993, Security requirements for cryptographic modules

3

Terms and definitions

For the purposes of this part of ISO 15782, the following terms and definitions apply.
3.1
attribute
characteristic of an entity
3.2
CA certificate
certificate whose subject is a Certification Authority (CA) and whose associated private key is used to sign
certificates
3.3
certificate
public key and identity of an entity together with some other information, rendered unforgeable by signing the
certificate information with the private key of the certifying authority that issued that public key certificate
3.4
certificate hold
suspension of the validity of a certificate
3.5
certificate policy
named set of rules that indicates the applicability of a certificate to a particular community and/or class of
application with common security requirements

EXAMPLE
A particular certificate policy might indicate the applicability of a type of certificate to the authentication of
electronic data interchange transactions for the trading of goods within a given price range.
--`,,```,,,,````-`-`,,`,,`,`,,`---

NOTE 1
The certificate policy should be used by the user of the certificate to decide whether or not to accept the binding
between the subject (of the certificate) and the public key. A subset of the components in the certificate policy framework are
given concrete values to define a certificate policy. The certificate policy is represented by a registered object identifier in the
X.509, version 3 certificate. The object owner also registers a textual description of the policy and makes it available to the
relying parties.
NOTE 2
The certificate policy object identifier can be included in the following extensions in the X.509, version 3 certificates:
certificate policies, policy mappings and policy constraints. The object identifier(s) may appear in none, some, or all of these
fields. These object identifiers may be the same (referring to the same certificate policy) or may be different (referring to different
certificate policies).

3.6
Certificate Revocation List
CRL
list of revoked certificates

3)

Obsoletes RFC 733; updated by RFC 987; updated by RFC 1327.

4) Obsoletes RFC 973; obsoleted by RFC 2136; obsoleted by RFC 2137; updated by RFC 1348; updated by RFC 1995;
updated by RFC 1996; updated by RFC 2065; updated by RFC 2181; updated by RFC 2308.

2


Copyright International Organization for Standardization
Provided by IHS under license with ISO
No reproduction or networking permitted without license from IHS

© ISO 2001 – All rights reserved
Not for Resale


ISO 15782-2:2001(E)

3.7
certificate-using system
implementation of those functions defined in this part of ISO 15782 that are used by a certificate user
3.8
certification
process of creating a public key or attribute certificate for an entity
3.9
Certification Authority
CA
entity trusted by one or more entities to create assign and revoke or hold public key certificates
--`,,```,,,,````-`-`,,`,,`,`,,`---

3.10
certification path
ordered sequence of certificates of entities which, together with the public key of the initial entity in the path, can be
processed to obtain the public key of the final entity in the path
3.11
Certification Practice Statement
CPS

statement of the practices which a certification authority employs in issuing certificates
3.12
compromise
violation of the security of a system such that an unauthorized disclosure of sensitive information may have
occurred
3.13
CRL distribution point
directory entry or other distribution source for Certificate Revocation Lists (CRLs)
NOTE
A CRL distributed through a CRL distribution point may contain revocation entries for only a subset of the full set of
certificates issued by one CA or may contain revocation entries for multiple CAs.

3.14
cross certification
process by which two CAs mutually certify each other’s public keys
See policy mapping (3.37).
3.15
cryptographic key
key
parameter that determines the operation of a cryptographic function
NOTE

Cryptographic functions include:



the transformation from plain text to cipher text and vice versa;




synchronized generation of keying material;



digital signature generation or validation.

3.16
cryptographic module
set of hardware, firmware, software or some combination thereof, that implements cryptographic logic,
cryptographic processes, or both

3

© ISO 2001 – All rights reserved

Copyright International Organization for Standardization
Provided by IHS under license with ISO
No reproduction or networking permitted without license from IHS

Not for Resale


ISO 15782-2:2001(E)

3.17
cryptography
discipline which embodies principles, means and methods for the transformation of data in order to hide its
information content, prevent its undetected modification, prevent its unauthorized use or a combination thereof
3.18
data integrity

property whereby data has not been altered or destroyed
3.19
delta-CRL
partial Certificate Revocation List (CRL) indicating only changes since a prior CRL issue
3.20
digital signature
signature
cryptographic transformation of data which, when associated with a data unit, provides the services of origin
authentication and data integrity and may support signer non-repudiation
3.21
directory
repository
method for distributing or making available certificates or Certificate Revocation Lists (CRLs)
EXAMPLE

A data base or an X.500 Directory.

3.22
distinguished name
globally unique name for an entity
NOTE
Methods for determining global uniqueness are outside the scope of this part of ISO 15782. Note that an entity may
be issued more than one certificate with the same distinguished name.

3.23
end certificate
last certificate considered in a certificate chain
3.24
end entity
certificate subject which uses its private key for purposes other than signing certificates

3.25
entity
legal or natural person who is a Certification Authority (CA), Registration Authority (RA) or end entity
3.26
financial message
communication containing information which has financial implications
3.27
intermediate certificates
certificate considered in a certificate chain other than the first or end certificate
3.28
key
see cryptographic key (3.15)
3.29
key agreement
method for negotiating a key value on-line without transferring the key, even in an encrypted form
EXAMPLE

The Diffie-Hellman technique.

--`,,```,,,,````-`-`,,`,,`,`,,`---

4

Copyright International Organization for Standardization
Provided by IHS under license with ISO
No reproduction or networking permitted without license from IHS

© ISO 2001 – All rights reserved
Not for Resale



ISO 15782-2:2001(E)

3.30
key pair
·public key cryptographyÒ public key and its corresponding private key
3.31
keying material
data, such as keys, certificates and initialization vectors, necessary to establish and maintain cryptographic keying
relationships
3.32
key pair updating
re-certification or replacement of a CA’s public/private key pair
3.33
message
data to be signed
3.34
module
see cryptographic module (3.16)
3.35
non-repudiation
service which provides proof beyond a reasonable doubt of the integrity and origin of data which can be validated
by a third entity
NOTE
The non-repudiation service protects against the signing entity falsely denying the action and may provide
rebuttable presumption. It requires that appropriate processes and procedures (e.g., registration, audit trails, contractual
arrangements, personnel, etc.) be in place.

3.36
optional

not required by this part of ISO 15782 or not required to meet an optional provision of this part of ISO 15782
NOTE

Not to be confused with the ASN.1 key word “OPTIONAL”.

3.37
policy mapping
recognition that, when a Certification Authority (CA) in one domain certifies a CA in another domain, a particular
certificate policy in the second domain may be considered by the authority of the first domain to be equivalent (but
not necessarily identical in all respects) to a particular certificate policy in the first domain
See cross certification (3.14).
3.38
policy qualifier
policy-dependent information that accompanies a certificate policy identifier in an X.509 certificate
3.39
private key
·asymmetric (public) key cryptosystemÒ key of an entity’s key pair which is known only by that entity
3.40
public key
·asymmetric (public) key cryptosystemÒ key of an entity’s key pair which is publicly known

--`,,```,,,,````-`-`,,`,,`,`,,`---

5

© ISO 2001 – All rights reserved

Copyright International Organization for Standardization
Provided by IHS under license with ISO
No reproduction or networking permitted without license from IHS


Not for Resale


ISO 15782-2:2001(E)

3.41
Registration Authority
RA
entity that is responsible for identification and authentication of subjects of certificates, but is not a Certification
Authority (CA) and hence does not sign or issue certificates
NOTE
An RA may assist in the certificate application process, revocation process, or both. The RA does not need to be a
separate body, but can be part of the CA.

3.42
relying party
recipient of a certificate who acts in reliance on that certificate, digital signatures verified using that certificate, or
both
3.43
signature
see digital signature (3.20)
3.44
subject
entity whose public key is certified in a public key certificate
3.45
subject CA
Certification Authority (CA) that is certified by the issuing CA and hence complies with the certificate policy of the
issuing CA
3.46

subject end entity
end entity that is the subject of a certificate
3.47
user
see relying party (3.42)

4

Abbreviations

The following abbreviations are used in this part of ISO 15782.
Abbreviation

Meaning

ASN.1

Abstract Syntax Notation

CA

Certification Authority

DIT

Directory Information Tree

CRL

Certificate Revocation List


ITU

International Telecommunication Union

--`,,```,,,,````-`-`,,`,,`,`,,`---

NOTE 1
The notation used in this part of ISO 15782 is a variant of the X.509 notation for certificates, certification paths and
related information.
NOTE 2
The use of a bold, sans serif font such as “CertReqData” or “CRLEntry” denotes the use of Abstract Syntax
Notation (ASN.1). Where it makes sense to do so, the ASN.1 term is used in place of normal text.

6

Copyright International Organization for Standardization
Provided by IHS under license with ISO
No reproduction or networking permitted without license from IHS

© ISO 2001 – All rights reserved
Not for Resale


ISO 15782-2:2001(E)

5

Extensions




subject’s public key;



issuer’s public key;



issuer’s CRLs.

--`,,```,,,,````-`-`,,`,,`,`,,`---

Version 3 certificates as defined in ISO/IEC 9594-8 provide a mechanism for CAs to append additional information
about the:

This additional information is encoded in the form of extensions to certificates.
These extensions are specified in the following areas:
a) Key and policy information: These certificate and CRL extensions convey additional information about the keys
involved, including key identifiers for subject and issuer keys, indicators of intended or restricted key usage
and indicators of certificate policy.
b) Certificate subject and issuer attributes: These certificate and CRL extensions support alternative names, of
various name forms, for a certificate subject, a certificate issuer, or a CRL issuer. These extensions can also
convey additional attribute information about the certificate subject, to assist a relying party in being confident
that the certificate subject is a particular person or entity.
c) Certification path constraints: These certificate extensions allow constraint specifications to be included in CA
certificates, i.e. certificates for CAs issued by other CAs, to facilitate the automated processing of certification
paths when multiple certificate policies are involved. Multiple certificate policies arise when policies vary for
different applications in an environment or when interoperation with external environments occurs. The

constraints may restrict the types of certificates that can be issued by the subject CA or that may occur
subsequently in a certification path.
d) Basic CRL extensions: These CRL extensions allow a CRL to include indications of revocation reason, to
provide for temporary suspension of a certificate and to include CRL-issue sequence numbers to allow relying
parties to detect missing CRLs in a sequence from one CRL issuer.
e) CRL distribution points and delta-CRLs: These certificate and CRL extensions allow the complete set of
revocation information from one CA to be partitioned into separate CRLs and allow revocation information from
multiple CAs to be combined in one CRL. These extensions also support the use of partial CRLs indicating
only changes since an earlier CRL issue.
Inclusion of any extension in a certificate or CRL is at the option of the authority issuing that certificate or CRL.
In a certificate or CRL, an extension is flagged as being either critical or non-critical. If an extension is flagged
critical and a certificate-using system does not recognize the extension type or does not implement the semantics
of the extension, then that system shall consider the certificate invalid. If an extension is flagged non-critical, a
certificate-using system that does not recognize or implement that extension type may process the remainder of the
certificate ignoring the extension. Extension type definitions in this part of ISO 15782 indicate if the extension is
always critical, always non-critical, or if criticality can be decided by the certificate or CRL issuer. The reason for
requiring some extensions to be always non-critical is to allow certificate-using implementations which do not need
to use such extensions to omit support for them without jeopardizing the ability to interoperate with all certification
authorities.
These extensions provide a variety of methods to increase the amount of information that the certificate conveys to
facilitate automated certificate processing. The extensions are intended to allow explicit management of trust and
policies corresponding to the differing needs within an organization and certification across hierarchies.

7

© ISO 2001 – All rights reserved

Copyright International Organization for Standardization
Provided by IHS under license with ISO
No reproduction or networking permitted without license from IHS


Not for Resale


ISO 15782-2:2001(E)

A certificate-using system may require certain non-critical extensions to be present in a certificate in order for that
certificate to be considered acceptable. The need for inclusion of such extensions may be:
a)

implied by local policy rules of the relying party, or

b)

a CA policy rule indicated to the certificate-using system by inclusion of a particular certificate policy identifier
in the certificate policies extension with that extension being flagged critical.

There shall be no more than one instance of each extension type in any certificate, CRL, or CRL entry,
respectively.
Subclause 10.4 also defines matching rules to facilitate the selection of certificates or CRLs with specific
characteristics from multiple-valued attributes holding multiple certificates or CRLs.
Implementers are cautioned that the level of complexity inherent in


policy mappings extension (see 6.2.8),



name constraints extension (see 8.2.3),




policy constraints extension (see 8.2.4) and



matching rules (see 10.4)

is significantly greater than that of the rest of this part of ISO 15782. The decision to implement these extensions
should be based on business and risk after consideration of alternative architectures or alternative methods.

6
6.1

Key and policy information
Requirements

The following requirements relate to key and policy information:
a)

CA key pair updating can occur at regular intervals or in special circumstances. There is a need for a certificate
extension to convey an identifier of the public key to be used to verify the certificate signature. A certificateusing system can use such identifiers in finding the correct CA certificate for validating the certificate issuer's
public key.

b)

In general, a certificate subject has different public keys and, correspondingly, different certificates for different
purposes, e.g. digital signature, encipherment and key agreement. A certificate extension is needed to assist a
relying party in selecting the correct certificate for a given subject for a particular purpose or to allow a CA to
stipulate that a certified key may only be used for a particular purpose.


c)

Subject key pair updating can occur at regular intervals or in special circumstances. There is a need for a
certificate extension to convey an identifier to distinguish between different public keys for the same subject
used at different points in time. A certificate-using system can use such identifiers in finding the correct
certificate.

d)

With digital signature keys, the usage period for the signing private key is typically shorter than that for the
verifying public key. In the event of a private key compromise, the period of exposure can be limited if the
signature verifier knows the legitimate use period for the private key. There is therefore a requirement to be
able to indicate the usage period of the private key in a certificate.

e)

Because certificates may be used in environments where multiple certificate policies apply, provision needs to
be made for including certificate policy information in certificates.

f)

When cross-certifying from one organization to another, it can sometimes be agreed that certain of the two
organizations' policies can be considered equivalent. A CA certificate needs to allow the certificate issuer to
indicate that one of its own certificate policies is equivalent to another certificate policy in the domain of the
subject CA. This is known as policy mapping.

--`,,```,,,,````-`-`,,`,,`,`,,`---

8

Copyright International
Organization for Standardization
Provided by IHS under license with ISO
No reproduction or networking permitted without license from IHS

© ISO 2001 – All rights reserved
Not for Resale


ISO 15782-2:2001(E)

g)

A user of an encipherment or digital signature system which uses certificates defined in ISO 15782-1 and this
part of ISO 15782 needs to be able to determine in advance the algorithms supported by other users.

6.2

Certificate and CRL extensions

6.2.1

Overview

a)

authority key identifier;

b)


subject key identifier;

c)

key usage;

d)

extended key usage

e)

private key usage period;

f)

certificate policies;

g)

policy mappings.

These extensions shall be used only as certificate extensions, except for authority key identifier which may also be
used as a CRL extension. Unless noted otherwise, these extensions may be used in both CA certificates and end
entity certificates.
In addition, a directory attribute is defined to support the selection of an algorithm for use when communicating with
a remote end entity using certificates as defined in ISO 15782-1 and in this part of ISO 15782.
6.2.2

Authority key identifier extension


This extension, which may be used as either a certificate extension or CRL extension, identifies the public key to be
used to verify the signature on this certificate or CRL. It enables distinct keys used by the same CA to be
distinguished (e.g. as key updating occurs). This extension is defined as follows:
authorityKeyIdentifier EXTENSION ::= {
SYNTAX
AuthorityKeyIdentifier
IDENTIFIED BY id-ce-authorityKeyIdentifier }
AuthorityKeyIdentifier ::= SEQUENCE {
keyIdentifier
[0] KeyIdentifier
OPTIONAL,
authorityCertIssuer
[1] GeneralNames
OPTIONAL,
authorityCertSerialNumber [2] CertificateSerialNumber OPTIONAL
}
( WITH COMPONENTS {..., authorityCertIssuer PRESENT,
authorityCertSerialNumber PRESENT} |
WITH COMPONENTS
{..., authorityCertIssuer ABSENT,
authorityCertSerialNumber
ABSENT} )
KeyIdentifier ::= OCTET STRING
The key may be identified by:


an explicit key identifier in the keyIdentifier component;




by identification of a certificate for the key (giving certificate issuer in the authorityCertIssuer component and
certificate serial number in the authorityCertSerialNumber component); or

9

© ISO 2001 – All rights reserved

Copyright International Organization for Standardization
Provided by IHS under license with ISO
No reproduction or networking permitted without license from IHS

Not for Resale

--`,,```,,,,````-`-`,,`,,`,`,,`---

The following extensions are defined:


ISO 15782-2:2001(E)



by both explicit key identifier and identification of a certificate for the key.

If both forms of identification are used, then the certificate or CRL issuer shall ensure they are consistent.
A key identifier shall be unique with respect to all key identifiers for the issuing authority for the certificate or CRL
containing the extension. An implementation which supports this extension is not required to be able to process all
name forms in the authorityCertIssuer component. See 7.2.2 for details of the GeneralNames type.
Certification authorities shall assign certificate serial numbers such that every (issuer, certificate serial number) pair

uniquely identifies a single certificate.
This extension is always non-critical.
6.2.3

Subject key identifier extension

This extension identifies the public key being certified. It enables distinct keys used by the same subject to be
differentiated (e.g. as key updating occurs). This extension is defined as follows:
subjectKeyIdentifier EXTENSION ::= {
SYNTAX
SubjectKeyIdentifier
IDENTIFIED BY id-ce-subjectKeyIdentifier }
SubjectKeyIdentifier ::= KeyIdentifier
A key identifier shall be unique with respect to all key identifiers for the subject with which it is used. This extension
is always non-critical.
6.2.4

Key usage extension

This extension, which indicates the purpose for which the certified public key is used, is defined as follows:

KeyUsage ::= BIT STRING {
digitalSignature
nonRepudiation
keyEncipherment
dataEncipherment
keyAgreement
keyCertSign
cRLSign
encipherOnly

decipherOnly

--`,,```,,,,````-`-`,,`,,`,`,,`---

keyUsage EXTENSION ::= {
SYNTAX
KeyUsage
IDENTIFIED BY id-ce-keyUsage }
(0),
(1),
(2),
(3),
(4),
(5),
(6),
(7),
(8) }

Bits in the KeyUsage field are as follows:
a)

digitalSignature: asserted when the subject public key is used with a digital signature mechanism to support
security services other than non-repudiation (bit 1), certificate signing (bit 5), or revocation information signing
(bit 6). Digital signature mechanisms are often used for entity authentication and data origin authentication with
integrity;

10

Copyright International Organization for Standardization
Provided by IHS under license with ISO

No reproduction or networking permitted without license from IHS

© ISO 2001 – All rights reserved
Not for Resale


ISO 15782-2:2001(E)

b)

nonRepudiation: for verifying a digital signature applied to an object to support the delivery of the nonrepudiation service [excluding certificate or CRL signing as in f) or g)]5);

c)

keyEncipherment: for enciphering keys or other security information, e.g. for key transport;

CAs shall set the keyEncipherment bit when the public key is used for enciphering keys or other security
information.
d)

dataEncipherment: for enciphering user data, but not keys or other security information as in c) above;

CAs shall set the dataEncipherment bit when the public key is used for enciphering user data, but not keys or other
security information.
e)

keyAgreement: for use as a public key agreement key;

CAs shall set the keyAgreement bit when the public key is used as a key agreement key.
f)


keyCertSign: for verifying a CA’s signature on certificates;

CAs shall set the keyCertSign bit when the public key may be used to sign certificates. This bit shall only be set in
CA certificates.
g)

cRLSign: for verifying a CA’s signature on CRLs.

CAs must set the cRLSign bit when the public key may be used to sign CRLs.
h)

The encipherOnly and decipherOnly key usages are intended to provide support for key agreement
schemes where separate shared secret keys are used in each direction of communication. In such a scheme,
a user has more than one set of key pairs and bits 7 (encipherOnly) and 8 (decipherOnly) are used to
distinguish between the two types. The originator of a message would use the recipient's public key certificate
with bits 4 (keyAgreement) and 7 (encipherOnly) to create a key encryption key. The recipient would use the
originator's certificate with bits 4 (keyAgreement) and 8 (decipherOnly) to create the key encryption key.
Typically the originator would pass his own certificate with bits 4 and 8 along with the message. Financial
systems are not required to implement a key management scheme where the symmetric keys used in each
direction of communication are derived from separate public key pairs. The encipherOnly and decipherOnly
shall not both be set to TRUE.

CAs shall include this extension in all CA and end entity certificates and indicate that the extension is critical by
setting the criticality flag to “true”.
CAs shall set the key usage bits according to the valid key usage combinations as illustrated and described in
ISO 15782-1:—, subclause 9.1.3 and Table 8.
6.2.5

Extended key usage extension


This extension indicates one or more purposes for which the certified public key may be used, in addition to or in
place of the basic purposes indicated in the key usage extension. This extension is defined as follows:
extKeyUsage EXTENSION ::= {
SYNTAX
SEQUENCE SIZE (1..MAX) OF KeyPurposeId
IDENTIFIED BY id-ce-extKeyUsage }
KeyPurposeId ::= OBJECT IDENTIFIER

5) Non repudiation is only a business issue, whereas digital signature and encryption are technical issues, consequently the
key usage bits in a certificate should not address non repudiation.

11

--`,,```,,,,````-`-`,,`,,`,`,,`---

© ISO 2001 – All rights reserved

Copyright International Organization for Standardization
Provided by IHS under license with ISO
No reproduction or networking permitted without license from IHS

Not for Resale


ISO 15782-2:2001(E)

Key purposes may be defined by any organization with a need. Object identifiers used to identify key purposes
shall be assigned in accordance with ISO/IEC 9834-1 | CCITT Rec. X.660.
This extension may, at the option of the certificate issuer, be either critical or non-critical.

If the extension is flagged critical, then the certificate shall be used only for one of the purposes indicated.
If the extension is flagged non-critical, then it indicates the intended purpose or purposes of the key and may be
used in finding the correct key/certificate of an entity that has multiple keys/certificates. It is an advisory extension
and does not imply that usage of the key is restricted by the certification authority to the purpose indicated. (Using
applications may nevertheless require that a particular purpose be indicated in order for the certificate to be
acceptable to that application.)
If a certificate contains both a critical key usage extension and a critical extended key usage extension, then both
extensions shall be processed independently and the certificate shall only be used for a purpose consistent with
both extensions. If there is no purpose consistent with both extensions, then the certificate shall not be used for any
purpose.
6.2.6

Private key usage period extension

--`,,```,,,,````-`-`,,`,,`,`,,`---

This extension indicates the period of use of the private key corresponding to the certified public key. It is
applicable only for digital signature keys. This extension is defined as follows:
privateKeyUsagePeriod EXTENSION ::= {
SYNTAX
PrivateKeyUsagePeriod
IDENTIFIED BY id-ce-privateKeyUsagePeriod }
PrivateKeyUsagePeriod ::= SEQUENCE {
notBefore [0] GeneralizedTime OPTIONAL,
notAfter
[1] GeneralizedTime OPTIONAL }
( WITH COMPONENTS {..., notBefore PRESENT} |
WITH COMPONENTS
{..., notAfter PRESENT} )
The notBefore component indicates the earliest date and time at which the private key could be used for signing. If

the notBefore component is not present, then no information is provided as to when the period of valid use of the
private key commences. The notAfter component indicates the latest date and time at which the private key could
be used for signing. If the notAfter component is not present, then no information is provided as to when the period
of valid use of the private key concludes.
The period of valid use of the private key may be different from the certified validity of the public key as indicated by
the certificate validity period. With digital signature keys, the usage period for the signing private key is typically
shorter than that for the verifying public key.
This extension is always non-critical.
NOTE 1
While this extension is not strictly prohibited from being used with other than signature certificates, it is not logical to
use this extension with a certificate other than a signature certificate.
NOTE 2
For digital signature, the private key is used to generate digital signatures. If a validity period is given for the
signature private key, then the key may only be used to generate signatures within the validity period. For key management, the
private key is used to decrypt encrypted items. Limiting a key management private key would inhibit decryption of encrypted
data, hence, it would be unwise to assign a validity period to a key management private key because that would inhibit
decryption of past data after the validity period expires.

6.2.7

Certificate policies extension

This extension lists certificate policies, recognized by the issuing CA, that apply to the certificate, together with
optional qualifier information pertaining to these certificate policies. Typically, different certificate policies will relate
to different applications which may use the certified key. This extension is defined as follows:

12

Copyright International Organization for Standardization
Provided by IHS under license with ISO

No reproduction or networking permitted without license from IHS

© ISO 2001 – All rights reserved
Not for Resale


ISO 15782-2:2001(E)

certificatePolicies EXTENSION ::= {
SYNTAX
CertificatePoliciesSyntax
IDENTIFIED BY id-ce-certificatePolicies }
CertificatePoliciesSyntax ::= SEQUENCE SIZE (1..MAX) OF PolicyInformation
PolicyInformation ::= SEQUENCE {
policyIdentifier
CertPolicyId,
policyQualifiers
SEQUENCE SIZE (1..MAX) OF PolicyQualifierInfo

OPTIONAL }

CertPolicyId ::= OBJECT IDENTIFIER
PolicyQualifierInfo ::= SEQUENCE {
policyQualifierId CERT-POLICY-QUALIFIER.&id
({SupportedPolicyQualifiers}),
qualifier CERT-POLICY-QUALIFIER.&Qualifier
({SupportedPolicyQualifiers}{@policyQualifierId})
OPTIONAL }
--`,,```,,,,````-`-`,,`,,`,`,,`---


SupportedPolicyQualifiers CERT-POLICY-QUALIFIER ::= { ... }
A value of the PolicyInformation type identifies and conveys qualifier information for one certificate policy. The
component policyIdentifier contains an identifier of a certificate policy and the component policyQualifiers
contains policy qualifier values for that element.
This extension may, at the option of the certificate issuer, be either critical or non-critical.
If the extension is flagged critical, it indicates that the certificate shall only be used for the purpose and in
accordance with the rules implied by one of the indicated certificate policies. The rules of a particular policy may
require the certificate-using system to process the qualifier value in a particular way.
If the extension is flagged non-critical, use of this extension does not necessarily constrain use of the certificate to
the policies listed. However, a relying party may require a particular policy to be present in order to use the
certificate (see 8.3). Policy qualifiers may, at the option of the relying party, be processed or ignored.
Certificate policies and certificate policy qualifier types may be defined by any organization with a need. Object
identifiers used to identify certificate policies and certificate policy qualifier types shall be assigned in accordance
with ISO/IEC 9834-1 | CCITT Rec. X.660. The following ASN.1 object class is used in defining certificate policy
qualifier types:
CERT-POLICY-QUALIFIER ::= CLASS {
&id
OBJECT IDENTIFIER UNIQUE,
&Qualifier
OPTIONAL }
WITH SYNTAX {
POLICY-QUALIFIER-ID &id
[QUALIFIER-TYPE &Qualifier] }
A definition of a policy qualifier type shall include:


a statement of the semantics of the possible values;




an indication of whether the qualifier identifier may appear in a certificate policies extension without an
accompanying value and, if so, the implied semantics in such a case.

A qualifier may be specified as having any ASN.1 type. When the qualifier is anticipated to be used primarily with
applications that do not have ASN.1 decoding functions, it is recommended that the type OCTET STRING be
specified. The ASN.1 OCTET STRING value can then convey a qualifier value encoded according to any
convention specified by the policy element defining organization.

13

© ISO 2001 – All rights reserved

Copyright International Organization for Standardization
Provided by IHS under license with ISO
No reproduction or networking permitted without license from IHS

Not for Resale


ISO 15782-2:2001(E)

6.2.8

Policy mappings extension

This extension, which shall be used in CA certificates only, allows a certificate issuer to indicate that, for the
purposes of the user of a certification path containing this certificate, one of the issuer's certificate policies can be
considered equivalent to a different certificate policy used in the subject CA's domain. This extension is defined as
follows:
policyMappings EXTENSION ::= {

SYNTAX
PolicyMappingsSyntax
IDENTIFIED BY id-ce-policyMappings }
PolicyMappingsSyntax ::= SEQUENCE SIZE (1..MAX) OF SEQUENCE {
issuerDomainPolicy
CertPolicyId,
subjectDomainPolicy
CertPolicyId }
The issuerDomainPolicy component indicates a certificate policy that is recognized in the issuing CA’s domain
and that can be considered equivalent to the certificate policy indicated in the subjectDomainPolicy component
that is recognized in the subject CA’s domain.
This extension is always non-critical.
NOTE 1
Policy mapping implies significant administrative overheads and the involvement of suitably diligent and authorized
personnel in related decision-making. In general, it is preferable to agree upon more global use of common policies than it is to
apply policy mapping. See annex A.
NOTE 2
simple.

6.2.9

It is anticipated that policy mapping will be practical only in limited environments in which policy statements are very

Supported algorithms attribute

A Directory attribute is defined to support the selection of an algorithm for use when communicating with a remote
end entity using certificates. The following ASN.1 defines this (multi-valued) attribute:
supportedAlgorithms ATTRIBUTE ::= {
WITH SYNTAX
SupportedAlgorithm

EQUALITY MATCHING RULE algorithmIdentifierMatch
ID
id-at-supportedAlgorithms }
SupportedAlgorithm ::= SEQUENCE {
algorithmIdentifier
AlgorithmIdentifier,
intendedUsage
[0] KeyUsage OPTIONAL,
intendedCertificatePolicies [1] CertificatePoliciesSyntax OPTIONAL }
Each value of the multi-valued attribute shall have a distinct algorithmIdentifier value. The value of the
intendedUsage component provides an indication of the intended usage of the algorithm. The value of the
intendedCertificatePolicies component identifies the certificate policies and, optionally, certificate policy qualifiers
with which the identified algorithm may be used.

7

Certificate subject and certificate issuer attributes

7.1

Requirements

a)

--`,,```,,,,````-`-`,,`,,`,`,,`---

The following requirements relate to certificate subject and certificate issuer attributes:
Certificates need to be usable by applications that employ a variety of name forms, including:



internet electronic mail names;

14

Copyright International Organization for Standardization
Provided by IHS under license with ISO
No reproduction or networking permitted without license from IHS

© ISO 2001 – All rights reserved
Not for Resale