WebCrypto GOST: Class: PFX

Constructor

new PFX()

PFX format syntax

This format corresponds to the data model presented above, with wrappers for privacy and integrity. This section makes free reference to PKCS #7 GostASN1.ContentInfo
All modes of direct exchange use the same PDU format. ASN.1 and BER- encoding ensure platform independence.
This standard has one ASN.1 export: PFX. This is the outer integrity wrapper.

Instances of PFX contain:

A version indicator. The version shall be v3 for this version of this document.
A PKCS #7 ContentInfo, whose contentType is signedData in public- key integrity mode and data in password integrity mode.
An optional instance of MacData, present only in password integrity. This object, if present, contains a PKCS #7 DigestInfo, which holds the MAC value, a macSalt, and an iterationCount. As described in Appendix B, the MAC key is derived from the password, the macSalt, and the iterationCount; the MAC is computed from the authSafe value and the MAC key via HMAC. The password and the MAC key are not actually present anywhere in the PFX. The salt and (to a certain extent) the iteration count thwarts dictionary attacks against the integrity password.

 PFX ::= SEQUENCE {
     version     INTEGER {v3(3)}(v3,...),
     authSafe    ContentInfo,
     macData     MacData OPTIONAL
 }

 MacData ::= SEQUENCE {
     mac         DigestInfo,
     macSalt     OCTET STRING,
     iterations  INTEGER DEFAULT 1
     -- Note: The default is for historical reasons and its
     --       use is deprecated.
 }

See GostASN1.ContentInfo

RFC 7292 references http://tools.ietf.org/html/rfc7292