Contents   Messages   Segments   Composites   Data elements   Codes        
  
  Service message type specifications  KEYMAN   EDIFACT  Syntax Version 4  
  
 
 
KEYMAN    
Security key and certificate management message
   
 
 
0010   
  UNH Message header
    A service segment starting and uniquely identifying a message.
The message type code for the security key and certificate management message is KEYMAN.

Note: messages conforming to this document must contain the following data in segment UNH, composite S009:

Data element  0065 KEYMAN
              0052 4
              0054 1
              0051 UN
 
M  
1  
0020   
  SG1 USE-USX-SG2
    A group of segments containing all information necessary to carry key, certificate or certification path management requests, deliveries and notices.
 
C  
999  
0030   
  USE Security message relation
    A segment identifying a relationship to an earlier message, such as a KEYMAN request.
 
M  
1  
0040   
  USX Security references
    A segment identifying a link to an earlier message, such as a request. The composite data element "security date and time" may contain the original generation date and time of the referenced message.
 
C  
1  
0050   
  SG2 USF-USA-SG3
    A group of segments containing a single key, single certificate, or group of certificates forming a certification path.
 
M  
9  
0060   
  USF Key management function
    A segment identifying the function of the group it triggers, either a request or a delivery. When used for indicating elements of the certification paths, the certificate sequence number shall indicate the position of the following certificate within the certification path. It may be used on its own for list retrieval, with no certificate present. There may be several different USF segments within the same message, if more than one key or certificate is handled. However, there shall be no mixture of request functions and delivery functions.  The USF segment may also specify the filter function used for binary fields of the USA segment immediately following this segment.
 
M  
1  
0070   
  USA Security algorithm
    A segment identifying a security algorithm, the technical usage made of it, and containing the technical parameters required (as defined in Part 5 of ISO 9735). This segment shall be used for symmetric key requests, discontinuation or delivery. It may also be used for an asymmetric key pair request.
 
C  
1  
0080   
  SG3 USC-USA-USR
    A group of segments containing the data necessary to validate the security methods applied to the message/package, when asymmetric algorithms are used (as defined in Part 5 of ISO 9735). This group shall be used in the request or delivery of keys and certificates.

Either the full certificate segment group (including the USR segment), or the only data elements necessary to identify unambiguously the asymmetric key pair used, shall be present in the USC segment. The presence of a full certificate may be avoided if the certificate has already been exchanged by the two parties, or if it may be retrieved from a database.

Where it is desired to refer to a non-EDIFACT certificate (such as X.509), the certificate syntax and version shall be identified in data element 0545 of the USC segment..  Such certificates may be conveyed in an EDIFACT packagereference in USC (0536) shall contain the reference identification number (0802) from the UNO segment of the package containing the non-EDIFACT certificate, and no other data elements (in order to distinguish it from an EDIFACT certificate reference).
 
C  
1  
0090   
  USC Certificate
    A segment containing the credentials of the certificate owner and identifying the certification authority which has generated the certificate (as defined in Part 5 of ISO 9735). This segment shall be used for certificate requests such as renewal, or asymmetric key requests such as discontinuation, and for certificate deliveries.
 
M  
1  
0100   
  USA Security algorithm
    A segment identifying a security algorithm, the technical usage made of it, and containing the technical parameters required (as defined in Part 5 of ISO 9735). This segment shall be used for certificate requests such as credentials registration, and for certificate deliveries.
 
C  
3  
0110   
  USR Security result
    A segment containing the result of the security functions applied to the certificate by the certification authority (as defined in Part 5 of ISO 9735). This segment shall be used for certificate validation or certificate deliveries.
 
C  
1  
0120   
  SG4 USL-SG5
    A group of segments containing lists of certificates or public keys. The group shall be used to group together certificates of similar status - ie which are still valid, or which may be invalid for some reason.
 
C  
99  
0130   
  USL Security list status
    A segment identifying valid, revoked, unknown or discontinued items. These items may be certificates (eg valid, revoked) or public keys (eg valid or discontinued). There may be several different USL segments within this message, if the delivery implies more than one list of certificates or public keys. The different lists may be identified by the list parameters.
 
M  
1  
0140   
  SG5 USC-USA-USR
    A group of segments containing the data necessary to validate the security methods applied to the message/package, when asymmetric algorithms are used (as defined in Part 5 of ISO 9735). This group shall be used in the delivery of lists of keys or certificates of similar status.
 
M  
9999  
0150   
  USC Certificate
    A segment containing the credentials of the certificate owner and identifying the certification authority which has generated the certificate (as defined in Part 5 of ISO 9735). This segment shall be used either in the full certificate using in addition the USA and USR segments, or may alternatively indicate the certificate reference number or key name, in which case the message shall be signed using security header and trailer segment groups.
 
M  
1  
0160   
  USA Security algorithm
    A segment identifying a security algorithm, the technical usage made of it, and containing the technical parameters required (as defined in Part 5 of ISO 9735). If it is required to indicate the algorithms used with a certificate, this segment shall be used.
 
C  
3  
0170   
  USR Security result
    A segment containing the result of the security functions applied to the certificate by the certification authority (as defined in Part 5 of ISO 9735). If it is required to sign a certificate, this segment shall be used.
 
C  
1  
0180   
  UNT Message trailer
    A service segment ending a message, giving the total number of segments and the control reference number of the message.
 
M  
1  
 
  Date  2002-05-23