znc: Fix call to g++-uc

[openwrt/svn-archive/archive.git] / net / sscep / patches / 001-certnanny.patch

This patch adds support for signing requests with an existing key.
It was taken from CertNanny <http://www.cynops.de/oss/CertNanny/>

diff -uN sscep/Makefile sscep-ng2/Makefile
--- sscep/Makefile      2003-01-22 06:23:18.000000000 +0100
+++ sscep-ng2/Makefile  2006-04-25 19:38:49.000000000 +0200
@@ -7,13 +7,14 @@
 
 CC     = gcc
 CFLAGS = -Wall -O 
+LDLIBS = -lcrypto
 
 MAN    = sscep.8
 PROG   = sscep
 OBJS    = sscep.o init.o net.o sceputils.o pkcs7.o ias.o fileutils.o
 
 $(PROG): $(OBJS)
-       $(CC) $(CFLAGS) -lcrypto -o $(PROG) $(OBJS) 
+       $(CC) $(CFLAGS) $(CPPFLAGS) $(LDFLAGS) -o $(PROG) $(OBJS) $(LDLIBS) 
 
 clean:
        rm -f $(PROG) $(OBJS) $(MAN) core
diff -uN sscep/README sscep-ng2/README
--- sscep/README        2003-04-17 07:49:46.000000000 +0200
+++ sscep-ng2/README    2006-04-28 10:27:44.000000000 +0200
@@ -51,11 +51,13 @@
 o iPlanet CMS (getca and enroll works)*
 o VeriSign Onsite (getca and enroll works)**
 o Entrust VPN Connect (getca and enroll works)***
+o OpenCA (getca, enroll, getcrl and automatic approval works)****
 
 (*) by default, subjectAltName extensions are dropped from certificate
 (**) only DNS subjectAltName allowed (demo mode)
 (***) demo requires to use /C=US/O=Entrust
-
+(****) automatic approval according to newer SCEP drafts requires
+       OpenCA 0.9.2.4 or higher
 
 HOW TO COMPILE
 ==============
@@ -76,7 +78,7 @@
 
 $ ./sscep
 
-sscep version 20030131
+sscep version 2005XXXX
 
 Usage: ./sscep OPERATION [OPTIONS]
 
@@ -103,6 +105,8 @@
 OPTIONS for OPERATION enroll are
   -k <file>         Private key file
   -r <file>         Certificate request file
+  -K <file>         Signature private key file
+  -O <file>         Signature certificate (used instead of self-signed)
   -l <file>         Write enrolled certificate in file
   -e <file>         Use different CA cert for encryption
   -L <file>         Write selfsigned certificate in file
@@ -152,6 +156,16 @@
 CAIdentifier   Some CAs require you to define this. Example: mydomain.com
                Command line option: -i
 
+CheckSubjectName
+               Check subject DN in the certificate return by the CA. The 
+               default is to match on the public key only. Up to version
+               20040325 sscep checked on the subject DN only, which is a
+               problem e.g. if the CA adds a SER attribute, enforces a 
+               naming policy or fixes encoding errors (e.g. with Java keytool
+               and DC).
+               Example: yes
+               Command line option: -C
+
 CertReqFile    Certificate request file created with mkrequest.
                Example: ./local.csr
                Command line option: -r
@@ -171,6 +185,21 @@
                the signature. Example: ./enc.crt
                Command line option: -e
 
+SignCertFile    Instead of creating a self-signed certificate from the
+               new key pair use an already existing certficate/key to
+               sign the SCEP request. If the "old" certificate and
+               key is used, the CA can verify that the holder of the
+               private key for an existing certificate re-enrolls for
+               a renewal certificate, allowing for automatic approval
+               of the request. Requires specification of the corresponding
+               signature private key file (-K, SignKeyFile). 
+               Example: ./sig.crt
+               Command line option: -O
+
+SignKeyFile    See SignCertFile. Specifies the corresponding private key.
+               Example: ./sig.key
+               Command line option: -K
+
 FingerPrint    Display fingerprint algorithm. Available algorithms are md5
                and sha1. Default is md5.
                Command line option: -F
@@ -367,6 +396,23 @@
 the challenge password), it returns SUCCESS as a first reply. Otherwise, the
 enrollment requires manual signing and authentication (perhaps a phone call).
 
+Newer SCEP draft versions allow to use the existing certificate (issued
+by the CA) to authenticate a renewal request. In this context, the SCEP
+request with the new public key is signed with the old certificate and
+key (instead of using a self-signed certificate created from the new
+key pair).
+To use this feature, use the command line options -O and -K to specify
+the old certificate and private key (SignCertFile and SignCertKey
+in the configuration file).
+The actual behaviour of the SCEP server depends on the CA policy and
+on the capabilities of the SCEP server (not all servers implement
+this feature, using the existing certificate with an older SCEP server
+may or may not work, depending on implementation).
+
+Note: Newer versions of OpenCA (http://www.openca.info/) support
+an SCEP server that is capable of automatically approving SCEP requests
+signed with the already existing key pair.
+
 
 STEP 5 - Use certificate
 ========================
diff -uN sscep/cmd.h sscep-ng2/cmd.h
--- sscep/cmd.h 2003-01-30 08:57:34.000000000 +0100
+++ sscep-ng2/cmd.h     2006-04-28 10:01:10.000000000 +0200
@@ -16,6 +16,9 @@
 int c_flag;
 char *c_char;
 
+/* Check subject DN */
+int C_flag;
+
 /* Debug? */
 int d_flag;
 
@@ -51,10 +54,18 @@
 char *k_char;
 int k_flag;
 
+/* Private key of already existing certificate */
+char *K_char;
+int K_flag;
+
 /* Request count */
 int n_flag;
 int n_num;
 
+/* Already existing certificate (to be renewed) */
+char *O_char; 
+int O_flag;
+
 /* Proxy */
 char *p_char; 
 int p_flag;
diff -uN sscep/draft-nourse-scep-11.txt sscep-ng2/draft-nourse-scep-11.txt
--- sscep/draft-nourse-scep-11.txt      1970-01-01 01:00:00.000000000 +0100
+++ sscep-ng2/draft-nourse-scep-11.txt  2006-04-25 16:27:03.000000000 +0200
@@ -0,0 +1,2367 @@
+
+INTERNET DRAFT                                           Xiaoyi Liu
+draft-nourse-scep-11.txt                                 Cheryl Madson
+expires 11 Aug 2005                                    David  McGrew
+(revised 11 Feb 2005)                                    Andrew Nourse 
+                                                         Cisco Systems
+
+Category: Informational                                  11 Feb 2005
+
+
+Cisco Systems' Simple Certificate Enrollment Protocol(SCEP): 
+
+Status of this Memo
+
+This document is an Internet-Draft and is NOT offered in accordance
+with Section 10 of RFC2026, and the author does not provide the IETF
+with any rights other than to publish as an Internet-Draft
+
+Internet-Drafts are working documents of the Internet Engineering Task
+Force (IETF), its areas, and its working groups.  Note that other
+groups may also distribute working documents as Internet-Drafts.
+
+Internet-Drafts are draft documents valid for a maximum of six months
+and may be updated, replaced, or obsoleted by other documents at any
+time.  It is inappropriate to use Internet- Drafts as reference
+material or to cite them other than as "work in progress."
+
+The list of current Internet-Drafts can be accessed at
+http://www.ietf.org/ietf/1id-abstracts.txt
+
+The list of Internet-Draft Shadow Directories can be accessed at
+http://www.ietf.org/shadow.html.
+
+This memo provides information for the Internet community.  This memo
+does not specify an Internet standard of any kind.  Distribution of
+this memo is unlimited.
+
+By submitting this Internet-Draft, I certify that any applicable patent
+or other IPR claims of which I am aware have been disclosed, or will be
+disclosed, and any of which I become aware will be disclosed, in accordance
+with RFC 3668.
+
+Abstract
+
+This document specifies the Simple Certificate Enrollment Protocol,
+a PKI communication protocol which leverages existing technology by
+using PKCS#7 and PKCS#10.  SCEP is the evolution of the enrollment
+protocol developed by Verisign, Inc. for Cisco Systems, Inc.
+It now enjoys wide support in both client and CA implementations.
+
+
+Table of Contents
+
+   1.   Introduction . . . . . . . . . . . . . . . . . . . . . . .   2
+   2.   The Goal of SCEP . . . . . . . . . . . . . . . . . . . . .   3
+   2.1  SCEP Entity types  . . . . . . . . . . . . . . . . . . . .   3
+   2.2  SCEP Operations Overview . . . . . . . . . . . . . . . . .   7
+   2.3  PKI Operation Transactional Behavior . . . . . . . . . . .  10
+   2.4  Security . . . . . . . . . . . . . . . . . . . . . . . . .  12
+   3.   Transport Protocol . . . . . . . . . . . . . . . . . . . .  13
+   4.   Secure Transportation: PKCS #7 . . . . . . . . . . . . . .  14
+   4.1  SCEP Message Format  . . . . . . . . . . . . . . . . . . .  14
+
+\fLiu/Madson/McGrew/Nourse                                      [Page 2]
+
+Cisco Systems' Simple Certificate Enrollment Protocol          Feb 2005
+
+   4.2  Signed Transaction Attributes  . . . . . . . . . . . . . .  15
+   5.   SCEP Transaction Specification . . . . . . . . . . . . . .  16
+   5.1  Certificate Enrollment . . . . . . . . . . . . . . . . . .  16
+   5.2  Poll for Requester Initial Certificate . . . . . . . . . .  22
+   5.3  Certificate Access . . . . . . . . . . . . . . . . . . . .  26
+   5.4  CRL Access   . . . . . . . . . . . . . . . . . . . . . . .  27
+   5.5  Get Certificate Authority Certificate  . . . . . . . . . .  31
+   5.6  Get Certificate Authority Certificate Chain  . . . . . . .  33
+   6.   Security Considerations  . . . . . . . . . . . . . . . . .  33 
+   7.   Intellectual Propoerty . . . . . . . . . . . . . . . . . .  33
+   8.   References . . . . . . . . . . . . . . . . . . . . . . . .  33
+   Appendix A. Cisco Requester Subject Name Definition . . . . . .  34
+   Appendix B. IPSEC Client Enrollment Certificate Request . . . .  35
+   Appendix C. Private OID Definitions   . . . . . . . . . . . . .  36
+   Appendix D. Obtaining CRL by LDAP Query . . . . . . . . . . . .  36
+   Appendix E. SCEP State Transitions  . . . . . . . . . . . . . .  37
+   Appendix F. CA Capabilities . . . . . . . . . . . . . . . . . .  40
+   Appendix G. Certificate Renewal and CA Key Rollover . . . . . .  41
+   Appendix H. PKIOperation via HTTP POST Message. . . . . . . . .  42
+   Appendix Y. Author Contact Information. . . . . . . . . . . . .  43
+   Appendix Z. Copyright Section . . . . . . . . . . . . . . . . .  43
+
+Section 1. Introduction
+
+Public key technology is becoming more widely deployed and is becoming
+the basis for standards based security, such as the Internet Engineering
+Task Force's IPSEC and IKE protocols.  With the use of public key
+certificates in network security protocols comes the need for a
+certificate management protocol that Public Key Infrastructure (PKI)
+clients and Certificate Authority servers can use to support certificate
+life cycle operations such as certificate enrollment and revocation, and
+certificate and CRL access.
+
+In the following, Section 2 gives an overview of the PKI operations,
+and Section 2.4 describes the security goals of the protocol and the
+mechanisms used to achieve them.  The transport protocol and the
+security protocol PKCS#7 are described at Section 3 and Section 4,
+respectively.  The last section, Section 5, specifies each PKI
+operation in terms of the message formats and the data structures of
+each operation.
+
+The appendices provide detailed specifications and examples. Requester
+subject names are specified in Appendix A, attribute OIDs are
+specified in Appendix C , and the SCEP state transitions are described
+in Appendix E.  An example of a certificate enrollment request is
+provided in Appendix B, and an example LDAP query URL encoding is
+provided in Appendix D.
+
+The authors would like to thank Peter William of ValiCert, Inc.
+(formerly of Verisign, Inc) and Alex Deacon of Verisign, Inc. and
+Christopher Welles of IRE, Inc. for their contributions to this protocol
+and to this document.
+
+\fLiu/Madson/McGrew/Nourse                                      [Page 3]
+
+Cisco Systems' Simple Certificate Enrollment Protocol          Feb 2005
+
+2.0 The Goal of SCEP
+The goal of SCEP is to support the secure issuance of certificates to
+network devices in a scalable manner, using existing technology whenever
+possible.  The protocol supports the following operations:
+
+  CA and RA public key distribution 
+  Certificate enrollment 
+  Certificate revocation 
+  Certificate query 
+  CRL query 
+
+Certificate and CRL access can be achieved by using the LDAP protocol
+(as specified in Appendix D), or by using the query messages defined in
+SCEP.  The use of HTTP certificate and CRL access, and the support of
+CDP as specified in RFC2459, will be specified in a future version of
+this document.  In Section 2.1, we first define PKI entity types as well
+as the properties of each entity type. In Section 2.2, the PKI
+operations are described at functional level. Section 2.3 describes the
+transaction behavior of each PKI operations.  The complete PKI messages
+are covered in Section 5.
+
+2.1 SCEP Entity types
+
+The entity types defined in SCEP are the "requester" type (i.e., IPSEC
+clients), the Certificate Authority (CA) entity type, and the
+Registration Authority entity type (RA).  A requester is sometimes
+called a "SCEP client" in the following.
+
+2.1.1 Requesters
+
+A requester is an entity whose name is defined in a certificate
+subject name field and optionally, in SubjectAltName, a X.509
+certificate V3 extension.  As a requester, a SCEP client is identified
+by a subject name consisting of the following naming attributes:
+  
+  Fully qualified domain name, for example, router.cisco.com 
+ IP address,  Serial number, and/or x.500 distinguished name
+
+The fully qualified domain name is required for a requester that intends
+to use the certificate for ISAKMP.  The IP address, serial number, and
+x.500 distinguished name are optional name attributes.  In the
+certificate enrollment request, the PKCS#10 subject field contains the
+required and optional name attributes.  The distinguished name, if any,
+should be the subject name field, while any domain name, serial number,
+or IP address supplied should be in the subjectAltName field. The
+subject name field may be empty (if there is no distinguished name)
+or the subjectAltName may be omitted, but not both.
+
+It is important to note that a client named as Alice.cisco.com is
+different than a client named as Alice.cisco.com plus the IP address
+name attribute 117.96.1.219. From CA point of view, the Distinguished
+names assigned in these two cases are distinct names.
+
+
+\fLiu/Madson/McGrew/Nourse                                      [Page 4]
+
+Cisco Systems' Simple Certificate Enrollment Protocol          Feb 2005
+
+Entity names which are specified as in the IPSEC profile (i.e., FQDN, IP
+address and User FQDN) must be presented in certificate's SubjectAltName
+extension. Multiple IPSEC entity names, (if any) are encoded as multiple
+values of a single SubjectAltName extension.  The CA has the authority
+to assign a distinguished name to a requester, whether or not one was
+included in the request. The assigned DN should contain the SCEP client
+names as the relative DN.
+
+The attribute identifiers and an example of SCEP client subject name are
+specified in Appendix A. Appendix B has an example from Cisco VPN Client
+enrollment request.
+  
+2.1.1.1  Local Key/Certificate/CRL Storage and Certificate-name uniqueness
+
+A requester is required to generate asymmetric key pairs and to provide
+storage to store its private keys.  If the requester does not have enough
+permanent memory to save its certificate, then it should be able to query
+its own certificate from the CA or an LDAP server, once the certificate
+has been issued.  The public key pairs can be generated with a specific
+key usage. The key usage is conveyed to the CA through the certificate
+enrollment request.  All current SCEP client implementations expect that
+there will be only one pair of keys for a given subject name
+and key usage combination and CA, at any time.  This property is called
+the certificate-name uniqueness property, and it implies that a CA that
+implements SCEP will enforce the unique mapping between a SCEP client
+subject name and its key pairs with a given key usage. At any time, if
+the subject name is changed, or if the key is updated, the existing
+certificate would have to be revoked before a new one could be issued.
+
+It is desirable that the CA enforce certificate-name uniqueness, but
+it is not mandatory.  However a CA that does not enforce uniqueness
+must provide some other mechanism to prevent the re-transmission of an
+enrollment request by a SCEP client from creating a second certificate
+or certificate request, nor can the second request merely be rejected.
+If a client times out from polling for a pending request it can 
+resynchronize by reissuing the original request with the original
+subject name, key, and transaction ID.  This should return the status of
+the original transaction, including the certificate if it was granted.
+It should not create a new transaction unless the original cert has been
+revoked, or the transaction arrives more than halfway through the
+validity time of the original certificate.
+
+An enrollment request that occurs more than halfway through the validity
+time of an existing certificate for the same subject name and key usage
+MAY be interpreted as a re-enrollment or renewal request and accepted.
+A new certificate with new validity dates may be issued, even though 
+the old one is still valid, if the CA policy permits, as described in
+2.1.1.3.  See also appendix G.
+
+2.1.1.2 Requester authentication
+
+As with every protocol that uses public-key cryptography, the
+association between the public keys used in the protocol and the
+identities with which they are associated must be authenticated in a
+\fLiu/Madson/McGrew/Nourse                                      [Page 5]
+
+Cisco Systems' Simple Certificate Enrollment Protocol          Feb 2005
+
+cryptographically secure manner.  This requirement is needed to
+prevent a "man in the middle" attack, in which an adversary that can
+manipulate the data as it travels between the protocol participants
+can subvert the security of the protocol.  To satisfy this
+requirement, SCEP provides two authentication methods: manual
+authentication, and authentication based on pre-shared secret.  In the
+manual mode, the requester is required to wait until its identity can
+be verified by the CA operator using any reliable out-of-band
+method. To prevent a "man-in-the-middle" attack, a SHA-1 or MD5
+`fingerprint' generated on the PKCS#10 (before PKCS #7 enveloping and
+signing) must be compared out-of-band between the server and the
+requester.  SCEP clients and CAs (or RAs, if appropriate) must display
+this fingerprint to the operator to enable this verification if manual
+mode is used.  Failing to provide this information leaves the protocol
+vulnerable to attack by sophisticated adversaries.  When utilizing a
+pre-shared secret scheme, the server should distribute a shared secret
+to the requester which can uniquely associate the enrollment request
+with the given end entity. The distribution of the secret must be
+private: only the end entity should know this secret. The actual
+binding mechanism between the requester and the secret is subject to
+the server policy and implementation.  When creating the enrollment
+request, the requester is asked to provide a challenge password. When
+using the pre-shared secret scheme, the requester must enter the
+re-distributed secret as the password. In the manual authentication
+case, the challenge password only used to authenticate a request for
+the certificate's revokation.  This challenge password is included as
+a PKCS#10 attribute, and is sent to the server as encrypted data.  The
+PKCS#7 envelope protects the privacy of the challenge password with
+DES encryption.
+
+2.1.1.3  Requester Uses Existing CA-Issued or Self-Signed Certificates
+
+In this protocol, the communication between the requester and the
+certificate authority is secured by using PKCS#7 as the messaging
+protocol. PKCS#7, however, is a protocol which assumes the
+communicating entities already possess the peer's certificates and
+requires both parties use the issuer names and issuer assigned
+certificate serial numbers to identify the certificate in order to
+verify the signature and decrypt the message.  If the requesting
+system already has a certificate issued by the CA, that certificate
+may be presented as credentials for the renewal of that certificate if
+the CA supports the "Renewal" capability and the CA policy permits the
+certificate to be renewed. If the requester has no certificate issued
+by the CA, or if the CA does not support and permit renewal, the
+requestor must generate a self-signed certificate with the requester
+subject name (the same name later used in the PKCS#10) as both issuer
+and subject name.  During the certificate enrollment, the requester
+will first post itself as the signing authority by attaching the
+self-signed certificate to the signed certificate request.  When the
+Certificate Authority makes the envelope on the issued certificate
+using the public key included in the self-signed certificate, it
+should use the same issuer name and serial number as conveyed in the
+self-signed certificate to inform the end entity on which private key
+should be used to open the envelope.
+\fLiu/Madson/McGrew/Nourse                                      [Page 6]
+
+Cisco Systems' Simple Certificate Enrollment Protocol          Feb 2005
+
+Note that when a client enrolls for separate encryption and signature
+certificates, it may use the signature certificate to sign both
+requests, and then expect its signature key to be used to encrypt
+both responses.  In any case, the recipientinfo on the envelope should 
+reflect the key used to encrypt the request.
+
+2.1.1.4 Trusted CA Store
+ 
+To support interoperability between IPSEC peers whose certificates are
+issued by different CA, SCEP allows the users to configure multiple
+trusted certificates.  Trusted certificates are have been configured as
+such in the client, based on some out-of-band means such as a "fingerprint".
+These trusted certificates are used to verify certificate chains that end
+in those certificates.
+
+2.1.2 Certificate Authority
+
+A Certificate Authority(CA) is an entity whose name is defined in the
+certificate issuer name field. Before any PKI operations can begin,
+the CA generates its own public key pair and creates a self-signed CA
+certificate, or causes another CA to issue a certificate to it.
+Associated with the CA certificate is a fingerprint which will be used
+by the requester to authenticate the received CA certificate if it is
+self-signed.  The fingerprint is created by calculating a SHA-1 or MD5
+hash on the whole CA certificate.  Before any requester can start its
+enrollment, this CA certificate has to be configured at the entity
+side securely.  For IPSEC clients, the client certificates must have
+SubjectAltName extension.  To utilize LDAP as a CRL query protocol,
+the certificates must have a CRL Distribution Point. Key usage is
+optional. Without key usage, the public key is assumed as a general
+purpose public key and it can be used for all the purposes.
+
+A Certificate Authority may enforce certain name policy. When using
+X.500 directory name as the subject name, all the name attributes
+specified in the PKCS#10 request should be included as Relative DN. All
+the name attributes as defined in RFC2459 should be specified in the
+SubjectAltName.  An example is provided in Appendix A.
+
+ If there is no LDAP query protocol support, the Certificate Authority
+should answer certificate and CRL queries, and to this end it should be
+online all the time.
+
+The updating of the CA's public key is addressed in Appendix G.
+ 
+2.1.3 Registration Authorities
+
+In an environment where an RA is present, a requester performs
+enrollment through the RA. In order to setup a secure channel with an RA
+using PKCS#7, the RA certificate(s) have to be obtained by the client
+in addition to the CA certificate(s).
+
+In the following, the CA and RA are specified as one entity in the
+context of PKI operation definitions.
+\fLiu/Madson/McGrew/Nourse                                      [Page 7]
+Cisco Systems' Simple Certificate Enrollment Protocol          Feb 2005
+2.2 SCEP Operations Overview
+
+In this section, we give a high level overview of the PKI operations as
+defined in SCEP.
+
+2.2.1 Requester Initialization
+
+The requester initialization includes the key pair generation and the
+configuring of the required information to communicate with the
+certificate authority.
+
+2.2.1.1  Key Pairs
+
+Before a requester can start PKI transaction, it must have at least one
+asymmetric key pair, using the selected algorithm (the RSA algorithm is
+required in SCEP, and is the only algorithm in current implementations).
+
+Key pairs may be intended for particular purposes, such as encryption only,
+or signing only.  The usage of any associated certificate can be restricted
+by adding key usage and extended key usage attributes to the PKCS#10.
+
+2.2.1.2 Required Information
+
+A requester is required to have the following information configured
+before starting any PKI operations:
+
+1. the certificate authority IP address or fully-qualified domain name, 
+2. the certificate authority HTTP CGI script path, and 
+   the HTTP proxy information in case there is no direct Internet
+   connection to the server,
+3. If CRLs are being published by the CA to an LDAP directory server,
+   and there is a CRL Distribution Point containing only an X.500 directory
+   name, then the client will need to know the LDAP server fully-qualified
+   domain name or IP address.  CRL Distribution Points are discussed in
+   more detail in RFC 2459.
+
+
+2.2.2  CA/RA Certificate Distribution
+
+Before any PKI operation can be started, the requester needs to get
+the CA/RA certificates. At this time, since no public key has been
+
+\fLiu/Madson/McGrew/Nourse                                      [Page 8]
+
+Cisco Systems' Simple Certificate Enrollment Protocol          Feb 2005
+
+exchanged between the requester and the CA/RA, the message to get the
+CA/RA certificate can not be secured using PKCS#7 protocol. Instead, the
+CA/RA certificate distribution is implemented as a clear HTTP Get
+operation. After the requester gets the CA certificate, it has to
+authenticate the CA certificate by comparing the finger print with the
+CA/RA operator. Since the RA certificates are signed by the CA, there is
+no need to authenticate the RA certificates.
+
+This operation is defined as a transaction consisting of one HTTP Get
+message and one HTTP Response message:
+
+         REQUESTER                           CA SERVER 
+  Get CA/RA Cert: HTTP Get message 
+     -----------------------------> 
+                              CA/RA Cert download: HTTP Response message 
+                                <--------------------------------------- 
+     Compute finger print and 
+     call CA operator. 
+                                    Receive call and check finger print 
+
+If an RA is in use, a degenerated PKCS#7 with a certificate chain 
+consisting of both RA and CA certificates is sent back to the end
+entity. Otherwise the CA certificate is directly sent back as the
+HTTP response payload.   
+
+  
+2.2.3 Certificate Enrollment
+
+A requester starts an enrollment transaction by creating a certificate
+request using PKCS#10 and sends it to the CA/RA enveloped using the
+PKCS#7. After the CA/RA receives the request, it will either
+automatically approve the request and send the certificate back, or it
+will require the requester to wait until the operator can manually
+authenticate the identity of the requester.  Two attributes are
+included in the PKCS#10 certificate request - a Challenge Password
+attribute and an optional ExtensionReq attribute which will be a
+sequence of extensions the requester would like to be included in its
+V3 certificate extensions.  The Challenge Password may be used to
+authenticate either the enrollment request itself, or a verbal
+revocation request for the issued certificate in the event of key
+compromise or other reason.
+
+In the automatic mode, the transaction consists of one PKCSReq PKI
+Message, and one CertRep PKI message. In the manual mode, the requester
+enters into polling mode by periodically sending a GetCertInitial PKI
+message to the server, until the server operator completes the manual
+authentication, after which the CA will respond to GetCertInitial by
+returning the issued certificate.  A  CA MAY run in automatic mode for
+preapproved requests, and manual mode for the rest.  A request with a
+non-null password is not necessarily a pre-approved request. It is up
+to the CA server to decide.   Polling mode is entered whenever the
+server returns a PENDING response.
+
+\fLiu/Madson/McGrew/Nourse                                      [Page 9]
+Cisco Systems' Simple Certificate Enrollment Protocol          Feb 2005
+
+
+The transaction in automatic mode: 
+
+         REQUESTER                           CA SERVER      
+
+PKCSReq: PKI cert. enrollment msg
+     --------------------------------> CertRep: pkiStatus = SUCCESS
+                                      certificate attached
+                                       <------------------------------
+     Receive issued certificate. 
+
+The transaction in manual mode: 
+
+         REQUESTER                           CA SERVER 
+     PKCSReq: PKI cert. enrollment msg 
+     --------------------------------> CertRep: pkiStatus = PENDING 
+                                       <------------------------------
+     GetCertInitial: polling msg 
+     --------------------------------> CertRep: pkiStatus = PENDING 
+                                       <------------------------------
+     ................. <manual identity authentication................
+  
+     GetCertInitial: polling msg 
+     --------------------------------> CertRep: pkiStatus = SUCCESS
+                                      certificate attached
+                                       <------------------------------
+     Receive issued certificate. 
+
+2.2.4 Requester Certificate Revocation
+
+A requester should be able to revoke its own certificate. Currently
+the revocation is implemented as a manual process. In order to revoke a
+certificate, the requester makes a phone call to the CA server
+operator. The operator will come back asking the ChallengePassword
+(which has been sent to the server as an attribute of the PKCS#10
+certificate request). If the ChallengePassword matches, the certificate
+is revoked. The reason of the revocation is documented by CA/RA.
+
+2.2.5 Certificate  Access
+
+There are two methods to query certificates. The first method is to use
+LDAP as a query protocol. Using LDAP to query assumes the client
+understand the LDAP scheme supported by the CA. The SCEP client assumes
+that the subject DN name in the certificate is used as the URL to query the
+certificate. The standard attributes (userCertificate and caCertificate)
+are used as filter.
+
+For the environment where LDAP is not available, a certificate query
+message is defined to retrieve the certificates from the CA.
+
+To query a certificate from the certificate authority, a requester
+sends a request consisting of the certificate's issuer name and the
+serial number. This assumes that the requester has saved the issuer
+
+\fLiu/Madson/McGrew/Nourse                                      [Page 10]
+
+Cisco Systems' Simple Certificate Enrollment Protocol          Feb 2005
+
+name and the serial number of the issued certificate from the previous
+enrollment transaction.  The transaction to query a certificate consists
+of one GetCert PKI message and one CertRep PKI message:
+
+         REQUESTER                           CA SERVER 
+     GetCert: PKI cert query msg 
+     -------------------------------> CertRep:  pkiStatus = SUCCESS
+                                     certificate 
+attached
+                                      <-----------------------------
+     Receive the certificate. 
+
+2.2.6 CRL Distribution
+
+The CA/RA will not "push" the CRL to the end entities. The query of the
+CRL can only be initialized by the requester.
+
+There are three methods to query CRL.
+
+The CRL may be retrieved by a simple HTTP GET.  If the CA supports this
+method, it should encode the URL into a CRL Distribution Point extension
+in the certificates it issues.  Support for this method should be
+incorporated in new and updated clients, but may not be in older
+versions.
+
+The second method is to query CRL using LDAP. This assumes the CA server
+supports CRL LDAP publishing and issues the CRL Distribution Point in
+the certificate.  The CRL Distribution Point is encoded as a DN. Please
+refer to Appendix D for the examples of CRL Distribution Point.
+
+The third method is implemented for the CA which does not support LDAP
+CRL publishing or does not implement the CRL Distribution Point. In this
+case, a CRL query is composed by creating a message consists of the CA
+issuer name and the CA's certificate serial number.  This method is
+deprecated because it does not scale well and requires the CA to be a
+high-availability service.
+
+The message is sent to the CA in the same way as the other SCEP
+requests: The transaction to query CRL consists of one GetCRL PKI
+message and one CertRep PKI message which have no certificates but CRL.
+
+         REQUESTER                           CA SERVER 
+     GetCRL: PKI CRL query msg 
+     ----------------------------------> CertRep:  CRL attached 
+                                       <-------------------------------- 
+
+2.3  PKI Operation Transactional Behavior
+
+As described before, a PKI operation is a transaction consisting of the
+messages exchanged between a requester and the CA/RA. This section
+will specify the transaction behavior on both the requester and the
+
+
+\fLiu/Madson/McGrew/Nourse                                      [Page 11]
+
+Cisco Systems' Simple Certificate Enrollment Protocol          Feb 2005
+
+certificate authority server.  Because the protocol is basically a two
+way communication protocol without a confirmation message from the
+initiating side, state and state resynchronization rules have to be
+defined, in case any error happens at either side.  Before the state
+transition can be defined, the notion of transaction identifier has to
+be defined first.
+  
+2.3.1 Transaction Identifier
+
+A transaction identifier is a string generated by the entity when
+starting a transaction. Since all the PKI operations defined in this
+protocol are initiated by the requester, it is the responsibility of
+the requester to generate a unique string as the transaction
+identifier. All the PKI messages exchanged for a given PKI transaction
+must carry the same transaction identifier.  The transaction identifier
+is generated as a SHA-1 or MD5 hash on the public key value for which the
+enrollment request is made. This allows the SCEP client to reuse the
+same transaction identifier if it is reissuing a request for the same
+certificate (i.e. a certificate with the same subject, issuer, and key).
+The SCEP protocol requires that transaction identifiers be unique, so
+that queries can be matched up with transactions.  For this reason, in
+those cases in which separate signing and encryption certificates are
+issued to the same requester, the keys must be different.  
+ 
+2.3.2 State Transitions in Certificate Enrollment
+
+The requester state transitions during enrollment operation are
+indicated in the diagram below:
+                                    +-<------+ 
+                                    |        | 
+                                   GetCertInitial triggered by timeout or 
+                                    |        |    manual authentication 
+                                    |        | 
+     [CERT-NONEXISTANT] ------> [CERT-REQ-PENDING] ---> [CERT-ISSUED] 
+           |           PKCSReq          |        CertRep with SUCCESS 
+           |                            | 
+           |                            | 
+           +--------<-------------------+ 
+           request rejected, timeout, or error
+
+As described in the section 2.2.3, certificate enrollment starts at the
+state CERT-NONEXISTANT. Sending PKCSReq changes the state to
+CERT-REQ-PENDING. Receiving CertRep with SUCCESS status changes the
+state to CERT-ISSUED. In the case the server sending back the response
+with pending status, the requester will keep polling certificate
+response by sending GetCertInitial to the server, until either a CertRep
+with SUCCESS status is received, or the maximum polling number has been
+exceeded.
+
+If an error or timeout occurs in the CERT-REQ-PENDING state, the end
+entity will transition to the CERT-NONEXISTANT state. 
+
+
+\fLiu/Madson/McGrew/Nourse                                      [Page 12]
+
+Cisco Systems' Simple Certificate Enrollment Protocol          Feb 2005
+
+
+The client administrator will, eventually, start up another enrollment
+request.  It is important to note that, as long as the requester does
+not change its subject name or keys, the same transaction id will be
+used in the "new" transaction. This is important because based on this
+transaction id, the certificate authority server can recognize this as
+an existing transaction instead of a new one.
+
+  
+2.3.3 Transaction Behavior of Certificate/CRL Access
+
+There is no state maintained during certificate access and CRL access
+transaction. When using the certificate query and CRL query messages
+defined in this protocol, the transaction identifier is still required
+so that the requester can match the response message with the
+upstanding request message. When using LDAP to query the certificate and
+the CRL, the behavior is specified by the LDAP protocol.
+
+2.4 Security
+
+The security goals of SCEP are that no adversary can: 
+
+o subvert the public key/identity binding from that intended, 
+o discover the identity information in the enrollment requests and
+  issued certificates, 
+o cause the revocation of certificates with any non-negligible
+  probability. 
+
+Here an adversary is any entity other than the requester and the CA
+(and optionally the RA) participating in the protocol that is
+computationally limited, but that can manipulate data during
+transmission (that is, a man-in-the-middle).  The precise meaning of
+'computationally limited' depends on the implementer's choice of
+cryptographic hash functions and ciphers.  The required algorithms are
+RSA, DES, and either SHA-1 or MD5, depending on the "SHA-1" CA Capability.
+[See Appendix F].
+
+The first and second goals are met through the use of PKCS#7 and PKCS#10
+encryption and digital signatures using authenticated public keys.  The
+CA's public key is authenticated via the checking of the CA fingerprint,
+as specified in Section 2.1.2, and the SCEP client's public key is
+authenticated through the manual authentication or pre-shared secret
+authentication, as specified in Section 2.1.1.2.  The third goal is met
+through the use of a Challenge Password for revocation, that is chosen
+by the SCEP client and communicated to the CA protected by the PKCS#7
+encryption, as specified in Section 2.2.4.
+
+The motivation of the first security goal is straightforward.  The
+motivation for the second security goal is to protect the identity
+information in the enrollment requests and certificates.  For example,
+two IPSEC hosts behind a firewall may need to exchange certificates, and
+may need to enroll certificates with a CA that is outside of a firewall.
+Most networks with firewalls seek to prevent IP addresses and DNS
+
+\fLiu/Madson/McGrew/Nourse                                      [Page 13]
+
+Cisco Systems' Simple Certificate Enrollment Protocol          Feb 2005
+
+information from the trusted network leaving that network.  The second
+goal enables the hosts in this example to enroll with a CA outside the
+firewall without revealing this information.  The motivation for the
+third security goal is to protect the SCEP clients from denial of
+service attacks.
+
+Section 3 Transport Protocol
+
+In the SCEP protocol, HTTP is used as the transport protocol for the PKI
+messages.
+
+3.1 HTTP "GET" and "POST" Message Format
+
+The following is the syntax definition of a HTTP GET message sent from
+a requester to a certificate authority server:
+
+Request = "GET " CGI-PATH CGI-PROG "?operation=" OPERATION "&message=" MESSAGE 
+where: 
+  CGI-PATH defines the actual CGI path to invoke the CGI program which
+  parses the request. 
+  CGI-PROG is set to be the string "pkiclient.exe".  This is intended
+  to be the program that the CA will use to handle the SCEP transactions,
+  though the CA may ignore CGI-PROG and use only the CGI-PATH. 
+  OPERATION is set to be the string "PKIOperation" when the GET message
+  carries a PKI message to request certificates or CRL; OPERATION is set
+  to be the string "GetCACaps", "GetCACert", "GetNextCACert" or
+  "GetCACertChain" when the GET operation is used to get CA capabilities,
+  CA/RA certificate, the replacement CA/RA certificates for when the
+  current ones expire, or the CA Cert chain  (respectively).
+
+  When OPERATION is "PKIOperation", MESSAGE is a base64-encoded PKI message,
+  When OPERATION is GetCACert, MESSAGE is a CRL distribution
+  point in URI format,  otherwise, MESSAGE is a string which represents
+  the certificate authority issuer identifier. 
+
+SCEP uses the HTTP "GET" and "POST" messages to request information from the CA.
+Requests for CA certificates or capabilities are sent in the clear, using "GET",
+with the OPERATION and MESSAGE fields identifying the requested data.
+CRLs may also be requested in the clear if the CA supports it.
+
+Other types of requests are sent using the PKCS#7 secure protocol.
+These may be issued by means of a GET operation with
+OPERATION and MESSAGE parameters in the Request-URL. OPERATION
+identifies the type of GET operation, and MESSAGE is actually the PKCS#7
+message Base64-Encoded.
+
+For example. a requester may submit a message via HTTP to the server
+as follows:
+
+GET /cgi-bin/pkiclient.exe?operation=PKIOperation&message=MIAGCSqGSIb3D
+QEHA6CAMIACAQAxgDCBzAIBADB2MGIxETAPBgNVBAcTCE ......AAAAAA== 
+\fLiu/Madson/McGrew/Nourse                                      [Page 13a]
+
+If supported by the CA, the message may also be sent via HTTP POST:
+
+POST /cgi-bin/pkiclient.exe?operation=PKIOperation
+
+This is further described in Appendix H.
+To determine if the CA supports POST, use the GetCACaps message described
+in Appendix F.
+
+
+3.2 Response Message Format
+
+For each GET operation, the CA/RA server will return a MIME object via
+HTTP. For a GET operation with PKIOperation as its type, the response is
+tagged as having a Content Type of application/x-pki-message.  The body
+of this message is a BER encoded binary PKI message. The following is an
+example of the response:
+
+"Content-Type:application/x-pki-message\n\n"<BER-encoded PKI msg>
+
+In the case of GET operation with a type of GetCACert the MIME content
+type returned will depend on whether or not an RA is in use.  If there
+is no RA, only the CA certificate is sent back in the response, and
+the response has the content type tagged as
+application/x-x509-ca-cert. the body of the response is a DER encoded
+binary X.509 certificate. For example:
+
+"Content-Type:application/x-x509-ca-cert\n\n"<BER-encoded X509>
+
+If there is an RA, the RA certificates are sent back together with the
+CA certificates, a certificate-only PKCS#7 SignedData is sent back in
+the response where the SignerInfo is empty. Section 5 has the detailed
+definition of the message format in this case.  The content type is
+application/x-x509-ca-ra-cert. 
+
+The response to GetNextCACert is always a certificates-only PKCS#7
+SignedData with a content type of application/x-x509-ca-ra-cert. 
+If there is an RA, The signer is the current RA certificate.  Otherwise,
+the signer is the current CA certificate.
+
+If the CA supports it, PKIOperation may also be done via an HTTP POST.
+This is described in Appendix H.
+
+\fLiu/Madson/McGrew/Nourse                                      [Page 14]
+
+Cisco Systems' Simple Certificate Enrollment Protocol          Feb 2005
+
+Section 4  Secure Transportation: PKCS#7
+
+PKCS#7 is a general enveloping mechanism that enables both signed and
+encrypted transmission of arbitrary data. It is widely implemented and
+included in the RSA tool kit.  In this section, the general PKCS#7
+enveloped PKI message format is specified.  The complete PKCS#7 message
+format for each PKI transaction will be covered in Section 5.
+
+4.1 SCEP Message Format
+
+As a transaction message, a SCEP message has a set of transaction
+specific attributes and an information portion. Employing PKCS#7
+protocol, the transaction specific attributes are encoded as a set of
+authenticated attributes of the SignedData. The information portion will
+first be encrypted to become Enveloped Data, and then the digest of the
+enveloped information portion is included as one of the message digest
+attributes and being signed together with the other transaction specific
+attributes.
+
+By applying both enveloping and signing transformations, a SCEP message
+is protected both for the integrity of its end-end-transition
+information and the confidentiality of its information portion. The
+advantage of this technique over the conventional transaction message
+format is that, the signed transaction type information and the status
+of the transaction can be determined prior to invoke security handling
+procedures specific to the information portion being processed.
+
+The following is an example of a SCEP message with its enveloped and
+signed data portion represented by pkcsPKISigned and
+pkcsPKIEnveloped. The out-most of any PKI message is a blob of
+ContentInfo, with its content type set to SignedData and the actual
+signed data as the content.
+
+\fLiu/Madson/McGrew/Nourse                                      [Page 15]
+
+Cisco Systems' Simple Certificate Enrollment Protocol          Feb 2005
+
+  pkiMessage ContentInfo ::= { 
+      contentType {pkcs-7 signedData(2)} 
+      content pkcsPKISigned 
+  } 
+  pkcsPKISigned SignedData ::= { 
+      version 1 
+      digestAlgorithm { iso(1) member-body(2) US(840) rsadsi(113549) 
+                        digestAlgorithm(2) 5} 
+      contentInfo { 
+          contentType {pkcs-7 1} --  data content identifier 
+          content pkcsPKIEnvelope -- enveloped information portion 
+      } 
+      certificates   -- signer certificate chain 
+      signerInfo     -- including signed transaction info and the digest 
+                     -- of the enveloped information portion as the 
+                     -- authenticated attributes 
+  } 
+  pkcsPKIEnveloped EnvelopedData ::= { 
+      version 0 
+      recipientInfos -- information required to open the envelop 
+      encryptedContentInfo { 
+          contentType {pkcs-7 1}  -- data content identifier 
+          contentEncryptionAlgorithm 
+          encryptedContent     -- encrypted information portion 
+      } 
+  } 
+
+4.2 Signed Transaction Attributes
+
+The following transaction attributes are encoded as authenticated
+attributes.  Please refer to Appendix B for the OID definitions.
+
+transactionID      PrintableString  -- Decimal value as a string 
+  messageType        PrintableString  -- Decimal value as a string 
+  pkiStatus          PrintableString  -- Decimal value as a string 
+  failinfo           PrintableString  -- Decimal value as a string 
+  senderNonce        Octet String 
+  recipientNonce     Octet String 
+
+where: 
+
+  The transactionID is an attribute which uniquely identify a 
+  transaction.  This attribute is required in all PKI messages. 
+
+  The messageType attribute specify the type of operation performed by the 
+  transaction. This attribute is required in all PKI
+  messages. Currently, the following message types are defined: 
+
+    PKCSReq (19)  -- Permits use of PKCS#10 certificate request 
+    CertRep (3)   -- Response to certificate or CRL request 
+    GetCertInitial (20)  -- Certificate polling in manual enrollment 
+    GetCert (21)  -- Retrieve a certificate 
+    GetCRL  (22)  -- Retrieve a CRL
+
+\fLiu/Madson/McGrew/Nourse                                      [Page 16]
+
+Cisco Systems' Simple Certificate Enrollment Protocol          Feb 2005
+
+
+  All response message will include transaction status information which
+  is defined as pkiStatus attribute: 
+
+          SUCCESS (0)   -- request granted 
+          FAILURE (2)   -- request rejected 
+          PENDING (3)   -- request pending for manual approval.
+
+  If the status in the response is FAILURE, the failinfo attribute will
+  contain one of the following failure reasons: 
+
+        badAlg (0)  -- Unrecognized or unsupported algorithm ident 
+        badMessageCheck (1)  -- integrity check failed 
+        badRequest (2)  -- transaction not permitted or supported 
+        badTime (3)  -- Message time field was not sufficiently close
+                        to the system time 
+        badCertId (4)  -- No certificate could be identified matching
+                          the provided criteria 
+
+  The attributes of senderNonce and recipientNonce are the 16 byte
+  random numbers generated for each transaction to prevent the replay
+  attack. 
+
+When a requester sends a PKI message to the server, a senderNonce is
+included in the message. After the server processes the request, it will
+send back the requester senderNonce as the recipientNonce and generates
+another nonce as the senderNonce in the response message.  Because the
+proposed pki protocol is a two-way communication protocol, it is clear
+that the nonce can only be used by the requester to prevent the
+replay. The server has to employ extra state related information to
+prevent a replay attack.
+
+Section 5. SCEP Transaction Specification
+
+In this section each SCEP transaction is specified in terms of the
+complete messages exchanged during the transaction.
+  
+5.1 Certificate Enrollment
+
+The certificate enrollment transaction consists of one PKCSReq message
+sent to the certificate authority from a requester, and one CertRep
+message sent back from the server. The pkiStatus returned in the
+response message is either SUCCESS, or FAILURE, or PENDING.  The
+information portion of a PKCSReq message is a PKCS#10 certificate
+request, which contains the subject Distinguished Name, the subject
+public key, and two attributes, a ChallengePassword attribute to be used
+for revocation, and an optional ExtensionReq attribute which will be a
+sequence of extensions the requester expects to be included in its V3
+certificate extensions. One of the extension attribute specifies the key
+usage.  If the request is granted, the pkiStatus is set to SUCCESS, and
+the certificate is returned in CertRep; if the request is rejected, the
+
+
+\fLiu/Madson/McGrew/Nourse                                      [Page 17]
+
+Cisco Systems' Simple Certificate Enrollment Protocol          Feb 2005
+
+pkiStatus is set to FAILURE; if the server requires manual approval of
+the request, the pkiStatus is set to PENDING. The messages exchanged
+in the manual authentication mode is further specified in Section 5.2.
+
+Precondition:
+  Both the requester and the certificate authority have completed their
+  initialization process. The requester has already been configured
+  with the CA/RA certificate. 
+
+Postcondition: 
+  Either the certificate is received by the requester, or the end
+  entity is notified to do the manual authentication, or the request
+  is rejected. 
+  
+5.1.1 PKCSReq Message Format
+
+A PKCSReq message is created by following the steps defined below: 
+  
+1.  Create a PKCS#10 certificate request which is signed by the end 
+    entity's private key, corresponding to the public key included in
+    the PKCS#10 certificate request. This constitutes the information
+    portion of PKCSReq. 
+
+2.  Encrypt the PKCS#10 certificate request using a randomly generated 
+    content-encryption key. This content-encryption key is then 
+    encrypted by the CA's* public key and included in the recipientInfo.
+    This step completes the "envelope" for the PKCS#10 certificate
+    request. 
+
+3.  Generate a unique string as the transaction id. 
+
+4.  Generate a 16 byte random number as senderNonce. 
+
+5.  Generate message digest on the enveloped PKCS#10 certificate request
+    using the selected digest algorithm. 
+
+6.  Create SignedData by adding the requester's self- or CA-certificate
+    as the  signer's public key certificate. Include the message type,
+    transaction id, the senderNonce and the message digest as the
+    authenticated attributes and sign the attributes using the end 
+    entity's private key. This completes the SignedData. 
+
+7.  The SignedData is prepended with the ContenInfo blob which indicates
+    a SignedData object. This final step completes the create of a
+    complete PKCSReq PKI message. 
+
+In the following, the PKCSReq message is defined following the ASN.1
+notation.
+
+For readability, the values of a field is either represented by a quoted
+string which specifies the intended value, or a constant when the value
+is known.
+
+
+\fLiu/Madson/McGrew/Nourse                                      [Page 18]
+
+Cisco Systems' Simple Certificate Enrollment Protocol          Feb 2005
+
+  -- PKCSReq information portion 
+  pkcsCertReq CertificationRequest ::= {   -- PKCS#10 
+      version 0 
+      subject  "the requester's subject name" 
+      subjectPublicKeyInfo { 
+          algorithm {pkcs-1 1}  -- rsa encryption 
+          subjectPublicKey "DER encoding of the requester's public key"
+      } 
+      attributes { 
+          challengePassword {{pkcs-9 7} "password string" } 
+          extensions 
+      } 
+      signatureAlgorithm {pkcs-1 4} -- MD5WithRSAEncryption 
+      signature "bit string which is created by signing inner content 
+                of the defined pkcsCertReq using requester's private
+                key, corresponding to the public key included in 
+                subjectPublicKeyInfo." 
+  } 
+  -- Enveloped information portion 
+  pkcsCertReqEnvelope EnvelopeData ::= {   -- PKCS#7 
+      version 0 
+      recipientInfo { 
+          version 0 
+          issuerAndSerialNumber { 
+              issuer  "the CA issuer name" 
+              serialNumber  "the CA certificate serial number" 
+          } 
+          keyEncryptionAlgorithm  {pkcs-1 1}  -- rsa encryption 
+          encryptedKey "content-encryption key
+                        encrypted by CA public key"
+      } 
+      encryptedContentInfo { 
+          contentType {pkcs-7 1}  -- data content 
+          contentEncryptionAlgorithm  "object identifier 
+                                       for DES encryption" 
+          encryptedContent  "encrypted pkcsCertReq using the content-
+                             encryption key" 
+      } 
+  } 
+  -- Signed PKCSReq 
+  pkcsCertReqSigned SignedData ::= { -- PKCS#7 
+      version 1 
+      digestAlgorithm {iso(1) member-body(2) US(840) rsadsi(113549) 
+                       digestAlgorithm(2) 5} 
+      contentInfo { 
+          contentType {pkcs-7 1} -- data content identifier 
+          content  pkcsCertReqEnvelope 
+      } 
+     certificate {   -- requester self-signed or CA-issued certificate 
+          version 3 
+          serialNumber  "the transaction id associated with enrollment"
+          signature {pkcs-1 4}  -- md5WithRSAEncryption 
+
+
+\fLiu/Madson/McGrew/Nourse                                      [Page 19]
+
+Cisco Systems' Simple Certificate Enrollment Protocol          Feb 2005
+
+     issuer " the requester's subject name" 
+          validity { 
+              notBefore "a UTC time" 
+              notAfter  "a UTC time" 
+          } 
+          subject  "the requester's subject name" 
+          subjectPublicKeyInfo { 
+              algorithm {pkcs-1 1} 
+              subjectPublicKey "DER encoding of requester's public key"
+          } 
+          signatureAlgorithm {pkcs-1 4} 
+          signature "the signature generated by using the requester's 
+                     private key corresponding to the public key in 
+                     this certificate." 
+      } 
+      signerInfo  { 
+          version 1 
+          issuerAndSerialNumber { 
+              issuer "the requester's subject name" 
+              serialNumber "the transaction id associated 
+                            with the enrollment" 
+          } 
+          digestAlgorithm {iso(0) member-body(2) US(840) rsadsi(113549) 
+                           digestAlgorithm(2) 5} 
+          authenticateAttributes { 
+              contentType  {{pkcs-9 3} {pkcs-7 1}} 
+              messageDigest {{pkcs-9 4} "an octet string"} 
+              transaction-id {{id-attributes transId(7)} "printable
+                                                          string"}
+                             -- this transaction id will be used 
+                             -- together with the subject name as
+                             -- the identifier of the requester's key
+                             -- pair during enrollment 
+              messageType {{id-attributes messageType(2)} "PKCSReq"}
+              senderNonce {{id-attributes senderNonce(5)} 
+                           "a random number encoded as a string"} 
+          } 
+          digestEncryptionAlgorithm {pkcs-1 1} -- rsa encryption 
+          encryptedDigest "encrypted digest of the authenticated
+                           attributes using requester's private key"
+      } 
+  }
+  pkcsReq PKIMessage ::= { 
+      contentType {pkcs-7 2} 
+      content pkcsCertRepSigned 
+  } 
+  
+
+
+
+
+
+
+
+\fLiu/Madson/McGrew/Nourse                                      [Page 20]
+
+Cisco Systems' Simple Certificate Enrollment Protocol          Feb 2005
+
+5.1.2 CertRep Message Format
+
+The response to an SCEP enrollment request is a CertRep message.
+
+5.1.2.1 PENDING Response
+
+When the CA is configured to manually authenticate the requester,
+the CertRep is returned with the attribute pkiStatus set to PENDING.
+The data portion for this message is null. Only the transaction
+required attributes are sent back.
+
+CertRepSigned  SignedData ::= { -- PKCS#7 
+    version 1 
+    digestAlgorithm {iso(1) member-body(2) US(840) rsadsi(113549) 
+                     digestAlgorithm(2) 5} 
+    contentInfo {contentType {pkcs-7 1}  -- empty content 
+    } 
+    signerInfo { 
+        version 1 
+        issuerAndSerialNumber { 
+           issuer "name of CA that issued the CA [RA] cert" 
+           serialNumber "the serial number of the CA [RA] cert" 
+        } 
+        digestAlgorithm (iso(1) member-body(2) US(840) rsadsi(113549) 
+                         digestAlgorithm(2) 5} 
+        authenticateAttributes { 
+            contentType {{pkcs-9 3} {pkcs-7 1}} 
+            messageDigest {{pkcs-9 4} NULL} 
+            messageType {{id-attribute messageType(0)} "CertRep"} 
+            transaction-id {{id-attributes transid(7)} "printablestring"}
+                           --- same transaction id used in PKCSReq 
+            pkiStatus  {{id-attributes pkiStatus(3)} "PENDING"} 
+            recipientNonce {{id-attributes recipientNonce(6)}<16 bytes>}
+            senderNonce {{id-attributes senderNonce(5)} <16 bytes>}
+        } 
+        digestEncrytionAlgorithm {pkcs-1 1} 
+        encryptedDigest  "encrypted message digest of the authenticated
+                         attributes using the CA's [RA's] private key"
+     } 
+} 
+CertRep PKIMessage ::= { 
+    contentType {pkcs-7 2} 
+    content CertRepSigned 
+} 
+
+5.1.2.2 Failure Response
+
+In this case, the CertRep sent back to the requester is same as in
+the PENDING case, except that the pkiStatus attribute is set to FAILURE,
+and the failInfo attribute should be included:
+
+    pkistatus {{id-attributes pkiStatus(3)} "FAILURE"} 
+    failInfo {{id-attributes failInfo(4)} "the reason to reject"} 
+
+\fLiu/Madson/McGrew/Nourse                                      [Page 21]
+
+Cisco Systems' Simple Certificate Enrollment Protocol          Feb 2005
+  
+5.1.2.3  SUCCESS response
+
+In this case, the information portion of CertRep will be a degenerated
+PKCS#7 which contains the requester's certificate. It is then enveloped
+and signed as below:
+
+pkcsCertRep SignedData ::= { -- PKCS#7 
+    version 1 
+    digestAlgorithm {iso(1) member-body(2) US(840) rsadsi(113549) 
+                     digestAlgorithm(2) 5} 
+    contentInfo { -- empty content since this is degenerated PKCS#7 
+        contentType {pkcs-7 1} 
+    } 
+    certificates { 
+        certificate { -- issued requester's certificate  // must be first
+            version 3 
+            serialNumber "issued requester's certificate serial number"
+            signature {pkcs-1 4}  -- md5WithRSAEncryption 
+            issuer "the certificate authority issuer name" 
+            validity { 
+                notBefore "UTC time" 
+                notAfter "UTC time" 
+            } 
+            subject  "the requester subject name as given in PKCS#10" 
+            subjectPublicKeyInfo { 
+                algorithm {pkcs-1 1} 
+                subjectPublicKey "a DER encoding of requester public
+                                  key as given in PKCS#10" 
+            } 
+            extensions  " the extensions as given in PKCS#10" 
+            signatureAlgorithm {pkcs-1 4} 
+            signature " the certificate authority signature" 
+        } 
+        certificate "the certificate authority certificate" (optional)
+        certificate "the registration authority certificate(s)" (optional) 
+    } 
+} 
+pkcsCertRepEnvelope EnvelopedData ::= {  -- PKCS#7 
+    version 0 
+    recipientInfo { 
+        version 0 
+        issuerAndSerialNumber { -- use issuer name and serial number as
+                                -- conveyed in requester's self-signed 
+                                -- certificate, included in the PKCSReq 
+            issuer  "the requester's subject name" 
+            serialNumber "the serial number defined by the requester in
+                          its self-signed certificate" 
+        } 
+        keyEncryptionAlgorithm {pkcs-1 1} 
+        encryptedKey "content-encrypt key encrypted by the requester's 
+                      public key which is same key as authenticated in 
+                      the requester's certificate" 
+    } 
+
+
+\fLiu/Madson/McGrew/Nourse                                      [Page 22]
+
+Cisco Systems' Simple Certificate Enrollment Protocol          Feb 2005
+
+    encryptedContentInfo { 
+        contentType {pkcs-7 1}  -- data content identifier 
+        contentEncryptionAlgorithm "OID for DES encryption" 
+        encryptedContent "encrypted pkcsCertRep using content encryption 
+                          key" 
+    } 
+} 
+pkcsCertRepSigned SignedData ::= { -- PKCS#7 
+    version 1 
+    digestAlgorithm {iso(1) member-body(2) US(840) rsadsi(113549) 
+                     digestAlgorithm(2) 5} 
+    contentInfo { 
+        contentType {pkcs-7 1} 
+        content pkcsCertRepEnvelope 
+    } 
+    signerInfo { 
+        version 1 
+        issuerAndSerialNumber { 
+            issuer "the certificate authority issuer name" 
+            serialNumber "the CA certificate's serial number" 
+        } 
+        digestAlgorithm {iso(1), member-body(2) US(840) rsadsi(113549) 
+                         digestAlgorithm(2) 5} 
+        authenticateAttributes { 
+            contentType {{pkcs-9 3} {pkcs-7 1}} 
+            messageDigest {{pkcs-9 4} "a octet string"} 
+            messageType {{id-attribute messageType(2)} "CertRep"} 
+            transaction-id {{id-attributes transId(7)} "printable
+                                                        string"}
+                          -- same transaction id as given in PKCSReq 
+            pkiStatus {{id-attributes pkiStatus(3) "SUCCESS"} 
+            recipientNonce {{id-attribute recipientNonce(6)}<16 bytes>}
+            senderNonce {{ id-attributes senderNonce(5) <16 bytes>} 
+        } 
+        digestEncryptionAlgorithm {pkcs-1 1} 
+        encryptedDigest "encrypted digest of authenticate attributes 
+                         using CA's private key " 
+    } 
+} 
+CertRep PKIMessage ::= { 
+    contentType {pkcs-7 2} 
+    content pkcsCertRepSigned 
+} 
+  
+5.2 Poll for Requester Initial Certificate
+
+Either triggered by the PENDING status received from the CertRep, or by
+the non-response timeout for the previous PKCSReq, a requester will
+enter the polling state by periodically sending GetCertInitial to the
+server, until either the request is granted and the certificate is sent
+back, or the request is rejected, or the configured time limit for
+polling is exceeded.
+
+
+\fLiu/Madson/McGrew/Nourse                                      [Page 23]
+
+Cisco Systems' Simple Certificate Enrollment Protocol          Feb 2005
+
+
+Since GetCertInitial is part of the enrollment, the messages exchanged
+during the polling period should carry the same transaction identifier
+as the previous PKCSReq.
+
+PreCondition 
+    Either the requester has received a CertRep with pkiStatus set to be 
+    PENDING, or the previous PKCSReq has timed out. 
+
+PostContition 
+    The requester has either received the certificate, or be rejected of
+    its request, or the polling period ended as a failure. 
+  
+5.2.1 GetCertInitial Message Format
+
+Since at this time the certificate has not been issued, the requester
+can only use the requester's subject name, combined with the
+transaction identifier, to identify the polled certificate request.
+
+The certificate authority server must be able to uniquely identify the
+polled certificate request.  A subject name can have more than one
+outstanding certificate request (with different key usage attributes).
+
+-- Information portion
+
+pkcsGetCertInitial issuerAndSubject ::= { 
+    issuer "the certificate authority issuer name" 
+    subject "the requester subject name as given in PKCS#10" 
+} 
+pkcsGetCertInitialEnvelope EnvelopedData ::= { 
+    version 0 
+    recipientInfo { 
+        version 0 
+        issuerAndSerialNumber { 
+            issuer  "the CA issuer name" 
+            serialNumber "the CA certificate serial number" 
+        } 
+        keyEncryptionAlgorithm {pkcs-1 1} 
+        encryptedKey "content-encrypt key encrypted by CA's public key"
+    } 
+    encryptedContentInfo { 
+        contentType {pkcs-7 1}  -- data content 
+        contentEncryptionAlgorithm "OID for DES encryption" 
+        encryptedContent "encrypted getCertInital" 
+    } 
+} 
+pkcsGetCertInitialSigned SignedData ::= { -- PKCS#7 
+    version 1 
+    digestAlgorithm {iso(1) member-body(2) US(840) rsadsi(113549) 
+                     digestAlgorithm(2) 5} 
+    contentInfo { 
+        contentType {pkcs-7 1} 
+
+
+\fLiu/Madson/McGrew/Nourse                                      [Page 24]
+
+Cisco Systems' Simple Certificate Enrollment Protocol          Feb 2005
+
+        content pkcsGetCertIntialEnvelope 
+    } 
+     certificate {   -- the requester's self-signed certificate 
+         version 3 
+         serialNumber  "the transaction id associated with enrollment"
+         signature {pkcs-1 4}  -- md5WithRSAEncryption 
+         issuer " the requester's subject name" 
+         validity { 
+             notBefore "a UTC time" 
+             notAfter  "a UTC time" 
+         } 
+         subject  "the requester's subject name" 
+         subjectPublicKeyInfo { 
+             algorithm {pkcs-1 1} 
+             subjectPublicKey "DER encoding of requester's public key"
+         } 
+         signatureAlgorithm {pkcs-1 4} 
+         signature "the signature generated by using the requester's 
+                    private key corresponding to the public key in 
+                    this certificate." 
+     } 
+    signerInfo { 
+        version 1 
+        issuerAndSerialNumber { 
+            issuer "requester's subject name" 
+            serialNumber "the transaction id used in previous PKCSReq"
+        } 
+        digestAlgorithm {iso(1), member-body(2) US(840) rsadsi(113549) 
+                         digestAlgorithm(2) 5} 
+        authenticateAttributes { 
+            contentType {{pkcs-9 3} {pkcs-7 1}} 
+            messageDigest {{pkcs-9 4} "an octet string"} 
+                            -- digest of getCertInitial 
+            messageType {{id-attribute messageType(2)} "GetCertInitial"}
+            transaction-id {{id-attributes transId(7)} "printable
+                                                        string"} 
+                          -- same transaction idused in previous PKCSReq
+            senderNonce {{id-attribute senderNonce(3)} 0x<16 bytes>} 
+        } 
+        digestEncryptionAlgorithm {pkcs-1 1} 
+        encryptedDigest "encrypted digest of authenticateAttributes" 
+    } 
+} 
+GetCertInitial PKIMessage ::= { 
+    contentType {pkcs-7 2} 
+    content pkcsGetCertInitialSigned 
+} 
+
+
+
+5.2.2 GetCertInitial Response Message Format
+
+The response messages for GetCertInitial are the same as for PKCSReq.
+
+\fLiu/Madson/McGrew/Nourse                                      [Page 25]
+
+Cisco Systems' Simple Certificate Enrollment Protocol          Feb 2005
+  
+5.3  Certificate Access
+
+The certificate query message defined in this section is an option when
+the LDAP server is not available to provide the certificate query.  A
+requester should be able to query an issued certificate from the
+certificate authority, as long as the issuer name and the issuer
+assigned certificate serial number is known to the requesting end
+entity. This transaction is not intended to provide the service as a
+certificate directory service. A more complicated query mechanism would
+have to be defined in order to allow a requester to query a certificate
+using various different fields.
+
+This transaction consists of one GetCert message sent to the server by
+a requester, and one CertRep message sent back from the server.
+
+PreCondition 
+   The queried certificate have been issued by the certificate authority
+   and the issuer assigned serial number is known. 
+
+PostCondition 
+    Either the certificate is sent back or the request is rejected. 
+  
+  
+5.3.1 GetCert Message Format
+
+The queried certificate is identified by its issuer name and the issuer
+assigned serial number. If this is a query for an arbitrary requester's
+certificate, the requesting requester should includes its own CA issued
+certificate in the signed envelope. If this is a query for its own
+certificate (assume the requester lost the issued certificate, or does
+not have enough non-volatile memory to save the certificate), then the
+self-signed certificate has to be included in the signed envelope.
+
+  pkcsGetCert issuerAndSerialNumber ::= { 
+      issuer "the certificate issuer name" 
+      serialNumber "the certificate serial number" 
+  } 
+  pkcsGetCertEnvelope EnvelopedData ::= { 
+      version 0 
+      recipientInfo { 
+          version 0 
+          issuerAndSerialNumber { 
+              issuer  "the CA [RA] issuer name" 
+              serialNumber "the CA [RA] certificate serial number" 
+          } 
+          keyEncryptionAlgorithm {pkcs-1 1} 
+          encryptedKey "content-encrypt key encrypted 
+                        by CA [RA] public key"
+      } 
+
+
+
+
+
+\fLiu/Madson/McGrew/Nourse                                      [Page 26]
+
+Cisco Systems' Simple Certificate Enrollment Protocol          Feb 2005
+
+
+      encryptedContentInfo { 
+          contentType {pkcs-7 1}  -- data content 
+          contentEncryptionAlgorithm "OID for DES encryption" 
+          encryptedContent "encrypted pkcsGetCert using the content 
+                            encryption key" 
+      } 
+  } 
+  pkcsGetCertSigned SignedData ::= { 
+      version 1 
+      digestAlgorithm {iso(1) member-body(2) US(840) rsadsi(113549) 
+                       digestAlgorithm(2) 5} 
+      contentInfo { 
+          contentType {pkcs-7 1} 
+          content pkcsGetCertEnvelope 
+      } 
+      certificates { 
+          certificate "CA issued certificate" 
+                      or "self-signed certificate" 
+      } 
+      signerInfo { 
+          version 1 
+          issuerAndSerialNumber { 
+              issuer "the requester's subject name" 
+              serialNumber "requester's certificate serial number" 
+          } 
+          digestAlgorithm {iso(1), member-body(2) US(840) rsadsi(113549) 
+                           digestAlgorithm(2) 5} 
+          authenticateAttributes { 
+              contentType {{pkcs-9 3} {pkcs-7 1}} 
+              messageDigest {{pkcs-9 4} "an octet string"} 
+                              -- digest of pkcsGetCertEnvelope 
+              messageType {{id-attribute messageType(2)} "GetCert"} 
+              transaction-id {{id-attributes transId(7)} "printable
+                                                          string"} 
+              senderNonce {{id-attribute senderNonce(3)} <16 bytes>} 
+          } 
+          digestEncryptionAlgorithm {pkcs-1 1} 
+          encryptedDigest "encrypted digest of authenticateAttributes"
+      } 
+  } 
+  GetCert PKIMessage ::= { 
+      contentType {pkcs-7 2} 
+      content pkcsGetCertSigned 
+  } 
+
+
+
+
+
+
+
+
+
+\fLiu/Madson/McGrew/Nourse                                      [Page 27]
+
+Cisco Systems' Simple Certificate Enrollment Protocol          Feb 2005
+
+
+5.3.2 CertRep Message Format
+
+In this case, the CertRep from the server is same as the CertRep for the
+PKCSReq, except that the server will only either grant the request or
+reject the request. Also, the recipientInfo should use the CA issuer
+name and CA assigned serial number to identify the requester's key pair
+since at this time, the requester has received its own certificate.
+  
+5.4  CRL Access
+
+The CRL query message defined in this section is an option when the LDAP
+server is not available to provide the CRL query.  In the PKI protocol
+proposed here, only the requester can initiate the transaction to
+download CRL. A requester sends GetCRL request to the server and the
+server sends back CertRep whose information portion is a degenerated
+PKCS#7 which contains only the most recent CRL. The size of CRL included
+in the CertRep should be determined by the implementation.
+
+PreCondition 
+    The certificate authority certificate has been downloaded to the end
+    entity. 
+
+PostCondition 
+    CRL sent back to the requester. 
+  
+5.4.1 GetCRL Message format
+
+The CRL is identified by using both CA's issuer name and the CA
+certificate's serial number:
+
+  pkcsGetCRL issuerAndSerialNumber { 
+      issuer "the certificate authority issuer name" 
+      serialNumber "certificate authority certificate's serial number" 
+  } 
+
+When the CRLDistributionPoint is supported, the pkcsGetCRL is defined as
+the following:
+
+  pkcsGetCRL SEQUENCE { 
+      crlIssuer  issuerAndSerialNumber 
+      distributionPoint CE-CRLDistPoints 
+  } 
+
+where CE-CRLDisPoints is defined in X.509, but must contain only one
+CRL distribution point.
+
+
+
+
+
+
+
+
+
+
+\fLiu/Madson/McGrew/Nourse                                      [Page 28]
+
+Cisco Systems' Simple Certificate Enrollment Protocol          Feb 2005
+
+  pkcsGetCRLEnvelope EnvelopedData ::= { 
+      version 0 
+      recipientInfo { 
+          version 0 
+          issuerAndSerialNumber { 
+              issuer  "the certificate authority (or RA) issuer name" 
+              serialNumber "the CA (RA) certificate's serial number" 
+          } 
+          keyEncryptionAlgorithm {pkcs-1 1} 
+          encryptedKey "content-encrypt key encrypted by CA (RA) public key" 
+      } 
+      encryptedContentInfo { 
+          contentType {pkcs-7 1}  -- data content 
+          contentEncryptionAlgorithm "OID for DES encryption" 
+          encryptedContent "encrypted pkcsGetCRL" 
+      } 
+  } 
+  pkcsGetCRLSigned SignedData ::= { 
+      version 1 
+      digestAlgorithm {iso(1) member-body(2) US(840) rsadsi(113549) 
+                       digestAlgorithm(2) 5} 
+      contentInfo { 
+          contentType {pkcs-7 1} 
+          content pkcsGetCRLEnvelope 
+      } 
+      certificates { 
+         certificate "CA-issued or self-signed requester's certificate" 
+      } 
+      signerInfo { 
+          version 1 
+          issuerAndSerialNumber { 
+              issuer "the requester's issuer name" 
+              serialNumber "the requester's certificate serial number" 
+          } 
+          digestAlgorithm {iso(1), member-body(2) US(840) rsadsi(113549) 
+                           digestAlgorithm(2) 5} 
+          authenticateAttributes { 
+              contentType {{pkcs-9 3} {pkcs-7 1}} 
+              messageDigest {{pkcs-9 4} 0x<16/20 bytes>} 
+                              -- digest of pkcsGetCRLEnvelope 
+              messageType {{id-attribute messageType(2)} "CertCRL"} 
+              transaction-id {{id-attributes transId(7)} "printable
+                                                          string"} 
+              senderNonce {{id-attribute senderNonce(3)} <16 bytes>}
+          } 
+          digestEncryptionAlgorithm {pkcs-1 1} 
+          encryptedDigest "encrypted digest of authenticateAttributes"
+      } 
+  } 
+  GetCRL PKIMessage ::= { 
+      contentType {pkcs-7 2} 
+      content pkcsGetCRLSigned 
+  } 
+
+\fLiu/Madson/McGrew/Nourse                                      [Page 29]
+
+Cisco Systems' Simple Certificate Enrollment Protocol          Feb 2005
+
+
+5.4.2  CertRep Message Format
+
+The CRL is sent back to the requester through CertRep message. The
+information portion of this message is a degenerated PKCS#7 SignedData
+which contains only a CRL.
+
+  pkcsCertRep SignedData ::= { 
+      version 1 
+      digestAlgorithm {iso(1) member-body(2) US(840) rsadsi(113549) 
+                       digestAlgorithm(2) 5} 
+      contentInfo { 
+          contentType {pkcs-7 1} 
+      } 
+      crl { 
+          signature {pkcs-1 4} 
+          issuer "the certificate authority issuer name" 
+          lastUpdate "UTC time" 
+          nextUpdate "UTC time" 
+          revokedCertificate { 
+              -- the first entry 
+              userCertificate "certificate serial number" 
+              revocationData "UTC time" 
+              .... 
+              -- last entry 
+              userCertificate "certificate serial number" 
+              revocationData "UTC time" 
+      } 
+  } 
+  pkcsCertRepEnvelope EnvelopedData ::= { 
+      version 0 
+      recipientInfo { 
+          version 0 
+          issuerAndSerialNumber { 
+              issuer  "the requester's issuer name" 
+              serialNumber "the requester certificate serial number" 
+          } 
+          keyEncryptionAlgorithm {pkcs-1 1} 
+          encryptedKey "content-encrypt key encrypted by requester's 
+                        public key " 
+      } 
+      encryptedContentInfo { 
+          contentType {pkcs-7 1}  -- data content 
+          contentEncryptionAlgorithm "OID for DES encryption" 
+          encryptedContent "encrypted pkcsCertRep using requester's 
+                            public key" 
+      } 
+  } 
+ 
+
+
+
+
+
+\fLiu/Madson/McGrew/Nourse                                      [Page 30]
+
+Cisco Systems' Simple Certificate Enrollment Protocol          Feb 2005
+
+
+  pkcsCertRepSigned SignedData ::= { -- PKCS#7 
+      version 1 
+      digestAlgorithm {iso(1) member-body(2) US(840) rsadsi(113549) 
+                       digestAlgorithm(2) 5} 
+      contentInfo { 
+          contentType {pkcs-7 1} 
+          content pkcsCertRepEnvelope 
+      } 
+      signerInfo { 
+          version 1 
+          issuerAndSerialNumber { 
+              issuer "the certificate authority issuer name" 
+              serialNumber "the CA certificate's serial number" 
+          } 
+          digestAlgorithm {iso(1), member-body(2) US(840) rsadsi(113549) 
+                           digestAlgorithm(2) 5} 
+          authenticateAttributes { 
+              contentType {{pkcs-9 3} {pkcs-7 1}} 
+              messageDigest {{pkcs-9 4} "an octet string"} 
+                            -- digest of pkcsCertRepEnvelope 
+              messageType {{id-attribute messageType(2)} "CertRep"} 
+              transaction-id {{id-attributes transId(7)} "printable
+                                                          string"} 
+                            -- same transaction id as given in PKCSReq 
+              pkiStatus {{id-attributes pkiStatus(3) "SUCCESS"} 
+              recipientNonce{{id-attribute recipientNonce(6)}<16 bytes>}
+              senderNonce {{id-attribute senderNonce (5) 0x<16 bytes>} 
+          } 
+          digestEncryptionAlgorithm {pkcs-1 1} 
+          encryptedDigest "encrypted digest of authenticatedAttributes
+                           using CA private key" 
+      } 
+  } 
+  
+
+NOTE:The PKCS#7 EncryptedContent is specified as an octet string, but
+SCEP entities must also accept a sequence of octet strings as a valid
+alternate encoding.   
+
+This alternate encoding must be accepted wherever PKCS #7 Enveloped
+Data is specified in this document.  
+
+
+
+
+
+
+
+
+
+
+
+\fLiu/Madson/McGrew/Nourse                                      [Page 31]
+
+Cisco Systems' Simple Certificate Enrollment Protocol          Feb 2005
+
+5.5 Get Certificate Authority Certificate
+
+Before any transaction begins, end entities have to get the CA (and
+possibly RA) certificate(s) first.  Since the requester may have no CA
+certificates or CA public keys at all, this message can not be
+encrypted and the response must be authenticated by out-of-band means.
+These certs are obtained by means of an HTTP GET message.  To get the
+CA certificate, the requester does a "HTTP GET" with a URL that
+identifies a CGI script on the server and an optional CA issuer
+identifier as the parameter to the CGI script.  The response is either
+a single X.509 CA certificate ("CA mode"), or a PKCS7 message
+containing the CA certificate and RA certificates ("RA mode").  The
+client can determine which mode the CA operates in by which response
+it gets.  Once the CA certificate is received by the requester, a
+fingerprint is generated using either the SHA-1 or the MD5 hash
+algorithm on the whole CA certificate.  If the requester does not have
+a certificate path to a trusted CA certificate, this fingerprint may
+be used to verify the certificate, by some positive out-of-band means,
+such as a phone call.
+
+5.5.1 GetCACert HTTP Message Format 
+   "GET" CGI-PATH CGI-PROG "?operation=GetCACert" "&message=" CA-IDENT 
+    where: 
+       CGI-PATH defines the actual CGI path to invoke the CGI program
+       which parses the request. 
+       CGI-PROG is set to be the string "pkiclient.exe" and this is
+        expected to be the program that the CA will use to handle the
+        SCEP transactions.
+        CA-IDENT is any string which is understood by the CA.
+        For example, it could be a domain name like ietf.org.
+       If a certificate authority has multiple CA certificates
+       this field can be used to distinguish which is required.
+       Otherwise it may be ignored.
+  
+5.5.2 Response
+
+The response for GetCACert is different between the case where the CA
+directly communicated with the requester during the enrollment, and the
+case where a RA exists and the requester communicates with the RA
+during the enrollment.
+
+5.5.2.1 CA Certificate Only Response
+
+A binary X.509 CA certificate is sent back as a MIME object with a
+Content-Type of application/x-x509-ca-cert.
+
+5.5.2.2 CA and RA Certificates Response 
+
+When an RA exists,  both CA and RA certificates must be sent back in
+the response to the GetCACert request.  The RA certificate(s) must be
+signed by the CA.   A certificates-only PKCS#7 SignedData is used to
+carry the certificates to the requester, with a Content-Type of
+application/x-x509-ca-ra-cert.
+
+\fLiu/Madson/McGrew/Nourse                                      [Page 32]
+
+5.5.3 Get Next Certificate Authority Certificate
+
+5.5.3.1 GetNextCACert HTTP Message Format 
+   "GET" CGI-PATH CGI-PROG "?operation=GetNextCACert" "&message=" CA-IDENT 
+
+The response to this message is a PKCS#7 certificates-only message containing
+a CA certificate (and possibly RA certificates) to be used when the current CA
+certificate expires, signed with the current CA cert (or RA certificate, if
+the CA is in RA mode.  Note that a PKCS#7 is returned even in CA mode.
+
+5.5.3.2 GetCACaps HTTP Message Format 
+   "GET" CGI-PATH CGI-PROG "?operation=GetCACaps" "&message=" CA-IDENT 
+
+This message requests capabilities from CA.  The response is a list of
+text capabilities, as defined in Appendix F.  Support for this message
+is optional, but if it is not supported, the client should assume that
+none of the capabilities in Appendix F are supported.
+
+5.6 Get Certificate Authority Certificate Chain
+
+GetCACertChain provides  a way to get the entire certificate chain.
+
+5.6.1 GetCACertChain HTTP Message Format 
+
+   "GET" CGI-SCRIPT "?" "operation=GetCACertChain" "&" "message" CA-IDENT 
+    where CGI-SCRIPT and CA-IDENT are as described for GetCACert.
+  
+5.6.2 Response
+
+The response for GetCACertChain is a certificates-only PKCS#7 SignedData
+to carry the certificates to the requester, with a Content-Type of
+application/x-x509-ca-ra-cert-chain.
+
+5.6.3 Backwards Compatability
+
+Versions of SCEP prior to revision 3 do not support GetCACertChain.
+Certificate Authorities written to these prior versions will not be
+able to process the message and may return an HTML error.
+
+To avoid this, clients should send the GetCACert message first.  If the
+returned certificate is self-signed or is signed by a Certificate
+Authority that is trusted by the client, then it is not necessary to
+send the GetCACertChain message and it should not be sent.
+
+If a Certificate Authority is configured with a certificate that is
+not either self-signed or has a self-signed issuer, then it should
+support this message.  In other words, it should be supported if the
+CA hierarchy is more than two-deep.
+
+An old CA in a two-deep hierarchy might still get this message from
+a client if the client did not trust either that CA or its issuer.
+In that event, the certificate cannot be trusted anyway. In any case
+the CA must not crash or hang upon the receipt of the message and the
+client must be able to handle whatever error is returned by the CA,
+including an HTML error or an ungraceful disconnect.
+
+\fLiu/Madson/McGrew/Nourse                                      [Page 33]
+
+Cisco Systems' Simple Certificate Enrollment Protocol          Feb 2005
+
+The following is the ASN.1 definition of Cert-Only PKCS#7: 
+
+  certOnly SignedData ::= { 
+      version 1 
+      digestAlgorithm {iso(1) member-body(2) US(840) rsadsi(113549) 
+                       digestAlgorithm(2) 5} 
+
+contentInfo { 
+          contentType {pkcs-7 1} -- data content identifier 
+          content  -- NULL 
+      } 
+      certificates   -- the RA and CA certificates. 
+  } 
+
+  CARACerts PKIMessage ::= {  -- special pki message sent in the clear 
+      contentType {pkcs-7 2} 
+      content certOnly 
+  } 
+
+
+6.0 Security Considerations
+
+This entire document is about security. Common security considerations
+such as keeping private keys truly private and using adequate lengths
+for symmetric and asymmetric keys must be followed in order to maintain
+the security of this protocol.
+
+
+7.0 Intellectual Property
+
+This protcol includes the optional use of Certificate Revocation List
+Distribution Point (CRLDP) technology, which is a patented technology
+of Entrust Technologies, Inc. (Method for Efficient Management of
+Certificate Revocation Lists and Update Information (U.S. Patent
+5,699,431)). Please contact Entrust Technologies, Inc.
+(www.entrust.com) for more information on licensing CRLDP technology.
+
+
+8.0 References
+
+[PKCS7] Kaliski, B., "PKCS #7: Cryptographic Message Syntax Version
+1.5", RFC 2315, March 1998.
+
+[PKCS10] Kaliski, B., "PKCS #10: Certification Request Syntax Version
+1.5", RFC 2314, March 1998.
+
+[RFC2459] Housley, R., ec. al., "Internet X.509 Public Key
+Infrastructure Certificate and CRL Profile", RFC 2459, January 1999.
+
+
+
+
+
+
+\fLiu/Madson/McGrew/Nourse                                      [Page 34]
+
+Cisco Systems' Simple Certificate Enrollment Protocol          Feb 2005
+
+Appendix A: Cisco Requester Subject Name Definition
+
+The ip address and the FQDN of a SCEP client should be included in the
+V3 extension subjectAltName. When the subjectAltName extension attribute
+is present, both the subjectAltName fields and the subjectName field could
+have the IP address and the FQDN information.
+
+When the X.500 directory is used by the CA to define the name space, the
+subject name defined above become a RDN which is part of DN binded to
+the requester's public key in the certificate.
+
+
+A sample of DN assigned by Entrust CA is given below (assume the same 
+ciscoRouterAlice is used as the requester defined subject name): 
+
+    OU = InteropTesting, O = Entrust Technologies, C = CA 
+    RDN = {"alice.cisco.com", "172.21.114.67", "22334455"} 
+
+
+\fLiu/Madson/McGrew/Nourse                                      [Page 35]
+
+Cisco Systems' Simple Certificate Enrollment Protocol          Feb 2005
+
+Appendix B:  IPSEC Client Enrollment Certificate Request
+
+The following is the certificate enrollment request (PKCS#10) as created
+by Cisco VPN Client:
+
+-----END NEW CERTIFICATE REQUEST----- 
+   0 30  439: SEQUENCE { 
+   4 30  288:   SEQUENCE { 
+   8 02    1:     INTEGER 0 
+  11 30   57:     SEQUENCE { 
+  13 31   55:       SET { 
+  15 30   53:         SEQUENCE { 
+  17 06    3:           OBJECT IDENTIFIER commonName (2 5 4 3) 
+  22 13   46:           PrintableString 
+            :             'For Xiaoyi, IPSEC attrs in alternate name 
+                           extn'
+            :           } 
+            :         } 
+            :       } 
+  70 30  158:     SEQUENCE { 
+  73 30   13:       SEQUENCE { 
+  75 06    9:         OBJECT IDENTIFIER rsaEncryption (1 2 840 113549 1
+                                                       1 1) 
+  86 05    0:         NULL 
+            :         } 
+  88 03  140:       BIT STRING 0 unused bits 
+            :         30 81 88 02 81 80 73 DB 1D D5 65 AA EF C7 D4 8E 
+            :         AA 6E EB 46 AC 91 2A 0F 50 51 17 AD 50 A2 2A F2 
+            :         CE BE F1 E4 22 8C D7 61 A1 6C 87 61 62 92 CB A6 
+            :         80 EA B4 0F 09 9D 18 5F 39 A3 02 0E DB 38 4C E4 
+            :         8A 63 2E 72 8B DC BE 9E ED 6C 1A 47 DE 13 1B 0F 
+            :         83 29 4D 3E 08 86 FF 08 2B 43 09 EF 67 A7 6B EA 
+            :         77 62 30 35 4D A9 0F 0F DF CC 44 F5 4D 2C 2E 19 
+            :         E8 63 94 AC 84 A4 D0 01 E1 E3 97 16 CD 86 64 18 
+            :                 [ Another 11 bytes skipped ] 
+            :       } 
+ 231 A0   63:     [0] { 
+ 233 30   61:       SEQUENCE { 
+ 235 06    9:         OBJECT IDENTIFIER extensionReq (1 2 840 113549 1 9
+                                                      14) 
+ 246 31   48:         SET { 
+ 248 30   46:           SEQUENCE { 
+ 250 30   44:             SEQUENCE { 
+ 252 06    3:               OBJECT IDENTIFIER subjectAltName (2 5 29 17) 
+ 257 04   37:               OCTET STRING 
+                              30 23 87 04 01 02 03 04 81 0D 65 6D 61 69
+
+
+\fLiu/Madson/McGrew/Nourse                                      [Page 36]
+
+Cisco Systems' Simple Certificate Enrollment Protocol          Feb 2005
+
+                              6C 40 69 72 65 2E 63 6F 6D 82 0C 66 71 64
+                              6E 2E 69 72 65 2E 63 6F 6D 
+            :               } 
+            :             } 
+            :           } 
+            :         } 
+            :       } 
+            :     } 
+
+ 296 30   13:   SEQUENCE { 
+ 298 06    9:     OBJECT IDENTIFIER md5withRSAEncryption (1 2 840 113549 
+                                                          1 1 4) 
+ 309 05    0:     NULL 
+            :     } 
+ 311 03  129:   BIT STRING 0 unused bits 
+            :     19 60 55 45 7F 72 FD 4E E5 3F D2 66 B0 77 13 9A 
+            :     87 86 75 6A E1 36 C6 B6 21 71 68 BD 96 F0 B4 60 
+            :     95 8F 12 F1 65 33 16 FD 46 8A 63 19 90 40 B4 B7 
+            :     2C B5 AC 63 17 50 28 F0 CD A4 F0 00 4E D2 DE 6D 
+            :     C3 4F F5 CB 03 4D C8 D8 31 5A 7C 01 47 D2 2B 91 
+            :     B5 48 55 C8 A7 0B DD 45 D3 4A 8D 94 04 3A 6C B0 
+            :     A7 1D 64 74 AB 8A F7 FF 82 C7 22 0A 2A 95 FB 24 
+            :     88 AA B6 27 83 C1 EC 5E A0 BA 0C BA 2E 6D 50 C7 
+            :   } 
+  
+
+Appendix C:   Private OID Definitions
+
+The OIDs used in defining pkiStatus are VeriSign self-maintained
+OIDs. Please note, work is in progress to replace the VeriSign owned
+object identifiers with the standard object identifiers. Once the
+standarlization is completed, this documentation will be updated.
+
+id-VeriSign   OBJECT_IDENTIFIER ::= {2 16 US(840) 1 VeriSign(113733)} 
+id-pki        OBJECT_IDENTIFIER ::= {id-VeriSign pki(1)} 
+id-attributes OBJECT_IDENTIFIER ::= {id-pki attributes(9)} 
+id-messageType  OBJECT_IDENTIFIER ::= {id-attributes messageType(2)} 
+id-pkiStatus    OBJECT_IDENTIFIER ::= {id-attributes pkiStatus(3)} 
+id-failInfo     OBJECT_IDENTIFIER ::= {id-attributes failInfo(4)} 
+id-senderNonce  OBJECT_IDENTIFIER ::= {id-attributes senderNonce(5)} 
+id-recipientNonce OBJECT_IDENTIFIER ::= {id-attributes recipientNonce(6)} 
+id-transId        OBJECT_IDENTIFIER ::= {id-attributes transId(7)} 
+id-extensionReq   OBJECT_IDENTIFIER ::= {id-attributes extensionReq(8)}
+
+
+\fLiu/Madson/McGrew/Nourse                                      [Page 37]
+
+Cisco Systems' Simple Certificate Enrollment Protocol          Feb 2005
+
+ Appendix D:   CRL Query by means of LDAP
+
+ In order to retrieve the CRL by means of LDAP, the client needs to know
+ where in the directory it is stored.  The certificate must contain a
+ CRL Distribution Point extension encoded as a DN or as an LDAP URI.
+
+For example, the certificate issued by Entrust VPN contains
+the following DN as the CRL distribution point:
+
+
+
+CN = CRL1, O = cisco, C = US.
+
+ The asn.1 encoding of this distribution point is:
+
+     30 2C 31 0B 30 09 06 03 55 04 06 13 02 55 53 31 0E 30 0C 06 
+     03 55 04 0A 13 05 63 69 73 63 6F 31 0D 30 0B 06 03 55 04 03 
+     13 04 43 52 4C 31 
+  
+
+The ldap form would be:
+
+ldap://servername/CN=CRL1,O=cisco,C=US
+
+
+
+Appendix E:  SCEP State Transitions
+
+SCEP state transitions are based on transaction identifier. The design
+goal is to ensure the synchronization between the CA and the requester
+under various error situations.
+
+
+An identity is defined by the combination of FQDN, the IP address and
+the client serial number.  FQDN is the required name attribute. It is
+important to notice that, a client named as Alice.cisco.com is different
+from the client named as Alice.cisco.com plus IPAddress 117.96.1.219.
+
+Each enrollment transaction is uniquely associated with a transaction
+identifier. Because the enrollment transaction could be interrupted by
+various errors, including network connection errors or client reboot,
+the SCEP client generates a transaction identifier by calculating a
+hash on the public key value for which the enrollment is requested. This
+retains the same transaction identifier throughout the enrollment
+transaction, even if the client has rebooted or timed out, and issues a
+new enrollment request for the same key pair.  It also provides the way
+for the CA to uniquely identify a transaction in its database.  At the
+requester side, it generates a transaction identifier which is included
+in PKCSReq.  If the CA returns a response of PENDING, the requester
+will poll by periodically sending out GetCertInitial with the same
+transaction identifier until either a response other than PENDING is
+obtained, or the configured maximum time has elapsed.
+
+If the client times out or the client reboots, the client administrator
+will start another enrollment transaction with the same key pair.  The
+second enrollment will have the transaction idenifier.  At the server
+side, instead of accepting the PKCSReq as a new enrollment request, it
+should respond as if another GetCertInitial message had been sent with
+that transaction ID.  In another word, the second PKCSReq should be
+taken as a resynchronization message to allow the enrollment resume as
+the same transaction.
+
+It is important to keep the transaction id unique since SCEP requires the
+same policy and same identity be applied to the same subject name and
+
+
+\fLiu/Madson/McGrew/Nourse                                      [Page 38]
+
+Cisco Systems' Simple Certificate Enrollment Protocol          Feb 2005
+
+key pair binding.  In the current implementation, an SCEP client can
+only assume one identity. At any time, only one key pair, with a given
+key usage, can be associated with the same identity.
+
+The following gives several examples of client to CA transactions.
+
+Client actions are indicated in the left column, CA actions are
+indicated in the right column.  A blank action signifies that no message
+was received.  Note that these examples assume that the CA enforces the
+certificate-name uniqueness property defined in Section 2.1.1.1.
+
+The first transaction, for example, would read like this: 
+ "Client Sends PKCSReq message with transaction ID 1 to the 
+  CA.  The CA signs the certificate and constructs a CertRep Message 
+  containing the signed certificate with a transaction ID 1.  The client 
+  receives the message and installs the cert locally." 
+
+Successful Enrollment Case: no manual authentication 
+PKCSReq (1)             ----------> CA Signs Cert 
+Client Installs Cert    <---------- CertRep (1) SIGNED CERT 
+
+
+
+Successful Enrollment Case:  manual authentication required 
+PKCSReq (10)            ----------> Cert Request goes into Queue 
+Client Polls            <---------- CertRep (10) PENDING 
+GetCertInitial (10)     ----------> Still pending 
+Client Polls            <---------- CertRep (10) PENDING 
+GetCertInitial (10)     ----------> Still pending 
+Client Polls            <---------- CertRep (10) PENDING 
+GetCertInitial (10)     ----------> Still pending 
+Client Polls            <---------- CertRep (10) PENDING 
+GetCertInitial (10)     ----------> Cert has been signed 
+Client Installs Cert    <---------- CertRep (10) SIGNED CERT 
+
+
+
+Resync Case - CA Receive and Signs PKCSReq, Client Did not receive 
+CertRep: 
+
+PKCSReq (3)           ----------> Cert Request goes into queue 
+                      <---------- CertRep (3) PENDING 
+GetCertInitial (3)    ----------> 
+                      <---------- CertRep (3) PENDING 
+GetCertInitial (3)    -----------> 
+                      <----------- CA signed Cert and sent back
+                                   CertRep(3) 
+(Time Out) 
+PKCSReq (3)           ----------> Cert already signed, sent back to
+                                  client 
+Client Installs Cert  <---------- CertRep (3) SIGNED CERT 
+
+
+
+\fLiu/Madson/McGrew/Nourse                                      [Page 39]
+
+Cisco Systems' Simple Certificate Enrollment Protocol          Feb 2005
+
+
+Case when NVRAM is lost and client has to generate a new key pair, there
+is no change of name information:
+
+PKCSReq (4)           ----------> CA Signs Cert 
+Client Installs Cert  <---------- CertRep (4) SIGNED CERT 
+(Client looses Cert) 
+PKCSReq (5)           ----------> There is already a valid cert with 
+                                  this DN. 
+Client Admin Revokes  <---------- CertRep (5) OVERLAPPING CERT ERROR 
+PKCSReq (5)           ----------> CA Signs Cert 
+Client Installs Cert  <---------- CertRep (5) SIGNED CERT 
+
+
+Case when client admin resync the enrollment using a different PKCS#10: 
+PKCSReq (6)             ----------> CA Signs Cert 
+                        <---------- CertRep (6) SIGNED CERT 
+(Client timeout and admin starts another enrollment with a different
+ PKCS#10, but the same transaction id) 
+PKCSReq (6)  with different PKCS#10 
+                        ----------> There is already a valid cert with 
+                                    this entity (by checking FQDN). 
+                        <---------- CertRep (6) INVALID PKCS#10 CERT
+                                     ERROR 
+Client admin either revokes the existing cert 
+or corrects the error by enrolling with 
+the same PKCS#10 as the first PKCSReq(6) 
+PKCSReq (6)             ----------> CA find the existing Cert 
+Client Installs Cert    <---------- CertRep (6) SIGNED CERT 
+
+
+Resync case when server is slow in response: 
+PKCSReq (13)    ---------->  Cert Request goes into Queue 
+                <----------  CertRep (13) PENDING 
+GetCertInitial  ----------> Still pending 
+                <----------  CertRep (13) PENDING 
+GetCertInitial  ---------->  Still pending 
+                <----------  CertRep (13) PENDING 
+GetCertInitial  ---------->  Still pending 
+                <----------  CertRep (13) PENDING 
+GetCertInitial  ---------->  Still pending 
+(TimeOut)       <----------  CertRep (13) PENDING 
+* Case 1 
+PKCSReq (13)          ---------->  Still pending 
+Client polls          <----------  CertRep (13) PENDING 
+CertCertInitial       ---------->  Cert has been signed 
+Client Installs Cert  <----------  CertRep (13) SIGNED CERT 
+* Case 2 
+PKCSReq (13)          ----------> Cert has been signed 
+Client Installs Cert  <---------- CertRep (13) SIGNED CERT 
+
+
+
+
+\fLiu/Madson/McGrew/Nourse                                      [Page 40]
+
+Cisco Systems' Simple Certificate Enrollment Protocol          Feb 2005
+
+Appendix F. CA Capabilities
+
+The response for a GetCACaps message is a list of CA capabilities, in
+plain text, separated by <LF> characters, as follows (quotation marks
+are NOT sent):
+
+Keyword               Description
+
+"GetNextCACert"       CA Supports the GetNextCACert message.
+"POSTPKIOperation"    PKIOPeration messages may be sent via HTTP POST.
+"SHA-1"                      CA Supports the SHA-1 hashing algorithm in 
+                     signatures and fingerprints.  If present, the
+                     client SHOULD use SHA-1.  If absent, the client
+                     MUST use MD5 to maintain backward compatability.
+"Renewal"            Clients may use current certificate and key to
+                     authenticate an enrollment request for a new
+                     certificate.  
+
+A client must be able to accept and ignore any unknown keywords that
+might be sent back by a CA that implements a future version of SCEP.
+
+Example:
+
+GET /cgi-bin/pkiclient.exe?operation=GetCACaps&message=myca
+
+returns:
+
+GetNextCACert
+POSTPKIOperation
+
+This means that the CA supports the GetNextCACert message and allows
+PKIOperation messages (PKCSreq, GetCert, GetCertInitial...) to be sent
+using HTTP POST.
+
+
+\fLiu/Madson/McGrew/Nourse                                      [Page 41]
+
+Cisco Systems' Simple Certificate Enrollment Protocol          Feb 2005
+
+Appendix G. Certificate Renewal and CA Key Rollover
+
+To renew a client certificate, use the PKCSreq message and sign it with
+the existing client certificate instead of a self-signed certificate.
+
+To obtain the new CA certificate prior to the expiration of the current
+one, use the GetNextCACert message if the CA supports it.
+
+To obtain a new client certificate signed by the new CA certificate,
+use the new CA or RA certificate in the message envelope.
+
+
+Example:
+
+GetNextCACert           ----------> 
+                       <---------- CertRep (3) New CA certificate
+
+PKCSReq* (1)            ----------> CA Signs certificate with NEW key
+Client Stores Cert      <---------- CertRep (3) Certificate issued
+for installation when               from NEW CA certificate and keypair.
+existing cert expires.
+
+
+*enveloped for new CA or RA cert and keypair.  The CA will use the
+envelope to determine which key and certificate to use to issue the 
+client certificate.
+
+
+\fLiu/Madson/McGrew/Nourse                                      [Page 42]
+
+Cisco Systems' Simple Certificate Enrollment Protocol          Feb 2005
+
+Appendix H. PKIOperation via HTTP POST Message
+
+If the remote CA supports it, any of the PKCS#7-encoded SCEP messages
+may be sent via HTTP POST instead of HTTP GET.   This is allowed for
+any SCEP message except GetCACert, GetCACertChain, GetNextCACert,
+or GetCACaps.  In this form of the message, Base 64 encoding is not
+used.
+
+POST /cgi-bin/pkiclient.exe?operation=PKIOperation
+<binary PKCS7 data>
+
+The client can verify that the CA supports SCEP messages via POST by
+looking for the "POSTPKIOperation" capability (See Appendix F).
+
+
+
+
+
+
+\fLiu/Madson/McGrew/Nourse                                      [Page 43]
+
+Cisco Systems' Simple Certificate Enrollment Protocol          Feb 2005
+
+Appendix Y. Author Contact Information
+
+Xiaoyi Liu                     Cheryl Madson
+Cisco                          Cisco
+510 McCarthy Drive             510 McCarthy Drive
+Milpitas, CA                   Milpitas, CA.
+xliu@cisco.com                 cmadson@cisco.com
+
+
+David McGrew                   Andrew Nourse
+Cisco                          Cisco                           
+170 West Tasman Drive          510 McCarthy Drive
+San Jose, CA 94134             Milpitas, CA.
+mcgrew@cisco.com               nourse@cisco.com
+
+
+
+
+Appendix Z.  Copyright Section
+
+Copyright (C) The Internet Society (2005). This document is subject
+to the rights, licenses and restrictions contained in BCP 78, and
+except as set forth therein, the authors retain all their rights.
+
+This document and the information contained herein are provided on an
+"AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS
+OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET
+ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED,
+INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE
+INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
+WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
+
+
+
+
+This draft expires 11 Aug 2005
+
+[End of draft-nourse-scep-11.txt]
+
diff -uN sscep/fileutils.c sscep-ng2/fileutils.c
--- sscep/fileutils.c   2003-04-15 12:53:45.000000000 +0200
+++ sscep-ng2/fileutils.c       2006-04-28 10:03:24.000000000 +0200
@@ -55,8 +55,11 @@
        PKCS7                   *p7;
        STACK_OF(X509)          *certs;
        X509                    *cert = NULL;
+       ASN1_BIT_STRING         *cert_pubkey = NULL;
        FILE                    *fp;
        int                     i;
+       ASN1_BIT_STRING         *request_pubkey = 
+                                       request->req_info->pubkey->public_key;
 
        localcert = NULL;
 
@@ -66,29 +69,44 @@
 
        /* Find cert */
        for (i = 0; i < sk_X509_num(certs); i++) {
-               char buffer[1024];
-
                cert = sk_X509_value(certs, i);
+               cert_pubkey = X509_get_X509_PUBKEY(cert)->public_key;
+#define fu_print_name(n) \
+       X509_NAME_print_ex_fp(stdout,(n),0,XN_FLAG_RFC2253|ASN1_STRFLGS_SHOW_TYPE)
                if (v_flag) {
-                       printf("%s: found certificate with\n"
-                               "  subject: %s\n", pname,
-                               X509_NAME_oneline(X509_get_subject_name(cert),
-                                       buffer, sizeof(buffer)));
-                       printf("  issuer: %s\n", 
-                               X509_NAME_oneline(X509_get_issuer_name(cert),
-                                       buffer, sizeof(buffer)));
+                       printf("%s: found certificate with\n  subject: ", pname);
+                       fu_print_name(X509_get_subject_name(cert));
+                       printf("\n  issuer:  "); 
+                       fu_print_name(X509_get_issuer_name(cert));
+                       printf("\n");
                }
-               /* The subject has to match that of our request */
-               if (!X509_NAME_cmp(X509_get_subject_name(cert),
+               /* The public keys of the request and certificate must match */
+               if (M_ASN1_BIT_STRING_cmp(request_pubkey,cert_pubkey) != 0) {
+                       if (v_flag)
+                               printf("  public keys of request and certificate don't match\n");
+                       continue;
+               }
+               /* The subject has to match that of our request,
+                  if the "Compare subject DN" flag is set */
+               if (C_flag && X509_NAME_cmp(X509_get_subject_name(cert),
                        X509_REQ_get_subject_name(request))) {
-
-                       /* The subject cannot be the issuer (selfsigned) */
-                       if (X509_NAME_cmp(X509_get_subject_name(cert),
-                               X509_get_issuer_name(cert))) {
-                                       localcert = cert;       
-                                       break;
+                       if (v_flag) {
+                               printf("  certificate subject names doesn't match request subject name:\n           ");
+                               fu_print_name(X509_REQ_get_subject_name(request));
+                               printf("\n");
                        }
-               }       
+                       continue;
+               }
+#undef fu_print_name
+               /* The subject cannot be the issuer (selfsigned) */
+               if (!X509_NAME_cmp(X509_get_subject_name(cert),
+                       X509_get_issuer_name(cert))) {
+                       if (v_flag)
+                               printf("  certificate is self signed\n");
+                       continue;
+               }
+               localcert = cert;       
+               break;
        }
        if (localcert == NULL) {
                fprintf(stderr, "%s: cannot find requested certificate\n",
@@ -320,34 +338,36 @@
 /* Read local certificate (GetCert and GetCrl) */
 
 void
-read_local_cert(void) {
-       if (!l_flag || !(localfile = fopen(l_char, "r"))) {
-               fprintf(stderr, "%s: cannot open local cert file\n", pname);
+read_cert(X509** cert, char* filename) {
+        FILE *file;
+       if (!(file = fopen(filename, "r"))) {
+               fprintf(stderr, "%s: cannot open cert file %s\n", pname, filename);
                exit (SCEP_PKISTATUS_FILE);
        }
-       if (!PEM_read_X509(localfile, &localcert, NULL, NULL)) {
-               fprintf(stderr, "%s: error while reading local cert\n", pname);
+       if (!PEM_read_X509(file, cert, NULL, NULL)) {
+               fprintf(stderr, "%s: error while reading cert %s\n", pname, filename);
                ERR_print_errors_fp(stderr);
                exit (SCEP_PKISTATUS_FILE);
        }
-       fclose(localfile);
+       fclose(file);
 }
 
 /* Read private key */
 
 void
-read_key(void) {
+read_key(EVP_PKEY** key, char* filename) {
+        FILE *file;
        /* Read private key file */
-       if (!k_flag || !(keyfile = fopen(k_char, "r"))) {
-               fprintf(stderr, "%s: cannot open private key file\n", pname);
+       if (!(file = fopen(filename, "r"))) {
+               fprintf(stderr, "%s: cannot open private key file %s\n", pname, filename);
                exit (SCEP_PKISTATUS_FILE);
        }
-       if (!PEM_read_PrivateKey(keyfile, &rsa, NULL, NULL)) {
-               fprintf(stderr, "%s: error while reading private key\n", pname);
+       if (!PEM_read_PrivateKey(file, key, NULL, NULL)) {
+               fprintf(stderr, "%s: error while reading private key %s\n", pname, filename);
                ERR_print_errors_fp(stderr);
                exit (SCEP_PKISTATUS_FILE);
        }
-       fclose(keyfile);
+       fclose(file);
 }
 
 /* Read PKCS#10 request */
diff -uN sscep/init.c sscep-ng2/init.c
--- sscep/init.c        2003-01-31 10:07:16.000000000 +0100
+++ sscep-ng2/init.c    2006-04-28 10:11:40.000000000 +0200
@@ -61,6 +61,9 @@
                                        if (!(i_char = strdup(str2))) 
                                                error_memory();
                                        }
+                       } else if (!strncmp(str1, "CheckSubjectName", 16)) {
+                               if (!strncmp(str2, "yes", 3) && !C_flag)
+                                       C_flag = 1;
                        } else if (!strncmp(str1, "CertReqFile", 11)) {
                                if (!r_flag) {
                                        r_flag = 1;
@@ -114,6 +117,12 @@
                                        if (!(l_char = strdup(str2)))
                                                error_memory();
                                }
+                       } else if (!strncmp(str1, "SignCertFile", 12)) {
+                               if (!O_flag) {
+                                       O_flag = 1;
+                                       if (!(O_char = strdup(str2)))
+                                               error_memory();
+                               }
                        } else if (!strncmp(str1, "MaxPollCount", 12)) {
                                if (!n_flag) {
                                        n_flag = 1;
@@ -130,6 +139,12 @@
                                        if (!(k_char = strdup(str2))) 
                                                error_memory();
                                        }
+                       } else if (!strncmp(str1, "SignKeyFile", 11)) {
+                               if (!K_flag) {
+                                       K_flag = 1;
+                                       if (!(K_char = strdup(str2))) 
+                                               error_memory();
+                                       }
                        } else if (!strncmp(str1, "SelfSignedFile", 15)) {
                                if (!L_flag) {
                                        L_flag = 1;
diff -uN sscep/pkcs7.c sscep-ng2/pkcs7.c
--- sscep/pkcs7.c       2003-02-10 06:04:48.000000000 +0100
+++ sscep-ng2/pkcs7.c   2006-04-26 13:40:34.000000000 +0200
@@ -28,7 +28,8 @@
        PKCS7                   *p7enc;
        PKCS7_SIGNER_INFO       *si;
        STACK_OF(X509_ATTRIBUTE) *attributes;
-       X509                    *signer = NULL;
+       X509                    *signercert = NULL;
+       EVP_PKEY                *signerkey = NULL;
 
        /* Create a new sender nonce for all messages 
         * XXXXXXXXXXXXXX should it be per transaction? */
@@ -47,7 +48,8 @@
                        s->request_type_str = SCEP_REQUEST_PKCSREQ_STR;
 
                        /* Signer cert */
-                       signer = s->selfsigned;
+                       signercert = s->signercert;
+                       signerkey = s->signerkey;
 
                        /* Create inner PKCS#7  */
                        if (v_flag)
@@ -71,7 +73,8 @@
                        s->request_type_str = SCEP_REQUEST_GETCERTINIT_STR;
 
                        /* Signer cert */
-                       signer = s->selfsigned;
+                       signercert = s->signercert;
+                       signerkey = s->signerkey;
 
                        /* Create inner PKCS#7  */
                        if (v_flag)
@@ -95,7 +98,8 @@
                        s->request_type_str = SCEP_REQUEST_GETCERT_STR;
 
                        /* Signer cert */
-                       signer = localcert;
+                       signercert = localcert;
+                       signerkey = rsa;
 
                        /* Read data in memory bio */
                        databio = BIO_new(BIO_s_mem());
@@ -115,7 +119,8 @@
                        s->request_type_str = SCEP_REQUEST_GETCRL_STR;
 
                        /* Signer cert */
-                       signer = localcert;
+                       signercert = localcert;
+                       signerkey = rsa;
 
                        /* Read data in memory bio */
                        databio = BIO_new(BIO_s_mem());
@@ -217,9 +222,9 @@
        }
 
        /* Add signer certificate  and signature */
-       PKCS7_add_certificate(s->request_p7, signer);
+       PKCS7_add_certificate(s->request_p7, signercert);
        if ((si = PKCS7_add_signature(s->request_p7,
-                               signer, rsa, sig_alg)) == NULL) {
+                               signercert, signerkey, sig_alg)) == NULL) {
                fprintf(stderr, "%s: error adding PKCS#7 signature\n", pname);
                ERR_print_errors_fp(stderr);
                exit (SCEP_PKISTATUS_P7);
@@ -317,7 +322,8 @@
        STACK_OF(X509_ATTRIBUTE)        *attribs;
        char                            *p;
        unsigned char                   buffer[1024];
-       X509                            *recipient;
+       X509                            *recipientcert;
+       EVP_PKEY                        *recipientkey;
 
        /* Create new memory BIO for outer PKCS#7 */
        memorybio = BIO_new(BIO_s_mem());
@@ -547,10 +553,14 @@
 
        /* Decrypt the inner PKCS#7 */
        if ((s->request_type == SCEP_REQUEST_PKCSREQ) ||
-          (s->request_type == SCEP_REQUEST_GETCERTINIT))
-               recipient = s->selfsigned;
-       else
-               recipient = localcert;
+           (s->request_type == SCEP_REQUEST_GETCERTINIT)) {
+               recipientcert = s->signercert;
+               recipientkey = s->signerkey;
+       }
+       else {
+               recipientcert = localcert;
+               recipientkey = rsa;
+       }
        if (v_flag)
                printf("%s: reading inner PKCS#7\n",pname);
        p7enc = d2i_PKCS7_bio(outbio, NULL);
@@ -568,7 +578,7 @@
        outbio = BIO_new(BIO_s_mem());
        if (v_flag)
                printf("%s: decrypting inner PKCS#7\n",pname);
-       if (PKCS7_decrypt(p7enc, rsa, recipient, outbio, 0) == 0) {
+       if (PKCS7_decrypt(p7enc, recipientkey, recipientcert, outbio, 0) == 0) {
                fprintf(stderr, "%s: error decrypting inner PKCS#7\n", pname);
                ERR_print_errors_fp(stderr);
                exit (SCEP_PKISTATUS_P7);
diff -uN sscep/sceputils.c sscep-ng2/sceputils.c
--- sscep/sceputils.c   2003-02-09 14:18:23.000000000 +0100
+++ sscep-ng2/sceputils.c       2006-04-25 16:27:03.000000000 +0200
@@ -156,7 +156,8 @@
        }
 
        /* Copy the pointer and return */
-       s->selfsigned = cert;
+       s->signercert = cert;
+       s->signerkey = rsa;
        return (0);
 }
 
diff -uN sscep/sscep.c sscep-ng2/sscep.c
--- sscep/sscep.c       2003-04-17 07:47:04.000000000 +0200
+++ sscep-ng2/sscep.c   2006-04-28 11:06:16.000000000 +0200
@@ -53,12 +53,15 @@
        }
        /* Skip first parameter and parse the rest of the command */
        optind++;
-       while ((c = getopt(argc, argv, "c:de:E:f:F:i:k:l:L:n:p:r:Rs:S:t:T:u:vw:")) != -1)
+       while ((c = getopt(argc, argv, "c:Cde:E:f:F:i:k:K:l:L:n:O:p:r:Rs:S:t:T:u:vw:")) != -1)
                 switch(c) {
                        case 'c':
                                c_flag = 1;
                                c_char = optarg;
                                break;
+                       case 'C':
+                               C_flag = 1;
+                               break;
                        case 'd':
                                d_flag = 1;
                                break;
@@ -86,6 +89,10 @@
                                k_flag = 1;
                                k_char = optarg;
                                break;
+                       case 'K':
+                               K_flag = 1;
+                               K_char = optarg;
+                               break;
                        case 'l':
                                l_flag = 1;
                                l_char = optarg;
@@ -98,6 +105,10 @@
                                n_flag = 1;
                                n_num = atoi(optarg);
                                break;
+                       case 'O':
+                               O_flag = 1;
+                               O_char = optarg;
+                               break;
                        case 'p':
                                p_flag = 1;
                                p_char = optarg;
@@ -137,6 +148,7 @@
                                w_char = optarg;
                                break;
                        default:
+                         printf("argv: %s\n", argv[optind]);
                                usage();
                 }
        argc -= optind;
@@ -402,15 +414,38 @@
                case SCEP_OPERATION_GETCERT:
                case SCEP_OPERATION_GETCRL:
                        /* Read local certificate */
-                       read_local_cert();
+                       if (!l_flag) {
+                         fprintf(stderr, "%s: missing local cert (-l)\n", pname);
+                         exit (SCEP_PKISTATUS_FILE);
+                       }
+                       read_cert(&localcert, l_char);
 
                case SCEP_OPERATION_ENROLL:
                        /*
                         * Read in CA cert, private key and certificate
                         * request in global variables.
                         */
-                       read_ca_cert();
-                       read_key();
+                       read_ca_cert();
+
+                       if (!k_flag) {
+                         fprintf(stderr, "%s: missing private key (-k)\n", pname);
+                         exit (SCEP_PKISTATUS_FILE);
+                       }
+                       read_key(&rsa, k_char);
+
+                       if ((K_flag && !O_flag) || (!K_flag && O_flag)) {
+                         fprintf(stderr, "%s: -O also requires -K (and vice-versa)\n", pname);
+                         exit (SCEP_PKISTATUS_FILE);
+                       }
+
+                       if (K_flag) {
+                         read_key(&renewal_key, K_char);
+                       }
+
+                       if (O_flag) {
+                         read_cert(&renewal_cert, O_char);
+                       }
+
                        if (operation_flag == SCEP_OPERATION_ENROLL)
                                read_request();
 
@@ -426,7 +461,14 @@
                        if (v_flag)
                                  fprintf(stdout, "%s: generating selfsigned "
                                        "certificate\n", pname);
-                       new_selfsigned(&scep_t);
+
+                       if (! O_flag) 
+                         new_selfsigned(&scep_t);
+                       else {
+                         /* Use existing certificate */
+                         scep_t.signercert = renewal_cert;
+                         scep_t.signerkey = renewal_key;
+                       }
 
                        /* Write the selfsigned certificate if requested */
                        if (L_flag) {
@@ -436,7 +478,7 @@
                                          "file for writing\n", pname);
                                        exit (SCEP_PKISTATUS_ERROR);
                                }
-                               if (PEM_write_X509(fp,scep_t.selfsigned) != 1) {
+                               if (PEM_write_X509(fp,scep_t.signercert) != 1) {
                                        fprintf(stderr, "%s: error while "
                                          "writing certificate file\n", pname);
                                        ERR_print_errors_fp(stderr);
@@ -643,7 +685,8 @@
 
 void
 usage() {
-       fprintf(stdout, "\nsscep version %s\n\n" , VERSION);
+       fprintf(stdout, "\nsscep version %s using %s\n\n" , 
+               VERSION,SSLeay_version(SSLEAY_VERSION));
        fprintf(stdout, "Usage: %s OPERATION [OPTIONS]\n"
        "\nAvailable OPERATIONs are\n"
        "  getca             Get CA/RA certificate(s)\n"
@@ -665,6 +708,8 @@
        "\nOPTIONS for OPERATION enroll are\n"
        "  -k <file>         Private key file\n"
        "  -r <file>         Certificate request file\n"
+       "  -K <file>         Signature private key file, use with -O\n"
+       "  -O <file>         Signature certificate (used instead of self-signed)\n"
        "  -l <file>         Write enrolled certificate in file\n"
        "  -e <file>         Use different CA cert for encryption\n"
        "  -L <file>         Write selfsigned certificate in file\n"
@@ -672,6 +717,8 @@
        "  -T <secs>         Max polling time in seconds\n"
        "  -n <count>        Max number of GetCertInitial requests\n"
        "  -R                Resume interrupted enrollment\n"
+       "  -C                Check subject DN in the certificate return by the\n"
+       "                    CA (default is to match on the public key only)\n"
        "\nOPTIONS for OPERATION getcert are\n"
        "  -k <file>         Private key file\n"
        "  -l <file>         Local certificate file\n"
diff -uN sscep/sscep.h sscep-ng2/sscep.h
--- sscep/sscep.h       2003-04-17 07:50:04.000000000 +0200
+++ sscep-ng2/sscep.h   2006-04-28 10:46:49.000000000 +0200
@@ -36,10 +36,9 @@
 #include <openssl/objects.h>
 #include <openssl/asn1_mac.h>
 
-
 /* Global defines */
 
-#define        VERSION "20030417"
+#define        VERSION "20060428"
 
 /* SCEP operations */
 int operation_flag;
@@ -128,13 +127,13 @@
 X509 *encert;
 X509 *localcert;
 X509 *othercert;
+X509 *renewal_cert;
 X509_REQ *request;
 EVP_PKEY *rsa;
+EVP_PKEY *renewal_key;
 X509_CRL *crl;
 FILE *cafile;
 FILE *reqfile;
-FILE *keyfile;
-FILE *localfile;
 FILE *otherfile;
 FILE *crlfile;
 
@@ -207,7 +206,9 @@
        int recipient_nonce_len;
 
        /* Certificates */
-       X509 *selfsigned;
+       X509 *signercert;
+       EVP_PKEY *signerkey;
+
        EVP_PKEY *pkey;
 
        /* Request */
@@ -251,13 +252,13 @@
 int init_scep(void);
 
 /* Read RSA private key file */
-void read_key(void);
+void read_key(EVP_PKEY** key, char* filename);
 
 /* Read CA certificate file */
 void read_ca_cert(void);
 
 /* Read local certificate file */
-void read_local_cert(void);
+void read_cert(X509** cert, char* filename);
 
 /* Read certificate request and private key */
 void read_request(void);