The International Organization
for Standardization
  
The United Nations Economic
Commission for Europe
 
 
  
Syntax 4 Part 11 > Message description > Segment clarification
  
  
  Service message type specifications - Segment clarification (4.1) 
KEYMAN
  
 
>> Next
 
Pos 
 
Tag
Name
S
R
 
  
 
 
KEYMAN
Security key and certificate management message
 
 
0010
 
  
Message header
A service segment starting and uniquely identifying a message. The message type code for the security key and certificate management message is KEYMAN.

Note:
messages conforming to this document must contain the following data in segment UNH, composite S009:

Data element  0065 KEYMAN
              0052 4
              0054 1
              0051 UN
M
1
 
0020
 
  
SG1
USE-USX-SG2
A group of segments containing all information necessary to carry key, certificate or certification path management requests, deliveries and notices.
C
999
 
0030
 
  
Security message relation
A segment identifying a relationship to an earlier message, such as a KEYMAN request.
M
1
 
0040
 
  
Security references
A segment identifying a link to an earlier message, such as a request. The composite data element "security date and time" may contain the original generation date and time of the referenced message.
C
1
 
0050
 
  
SG2
USF-USA-SG3
A group of segments containing a single key, single certificate, or group of certificates forming a certification path.
M
9
 
0060
 
  
Key management function
A segment identifying the function of the group it triggers, either a request or a delivery. When used for indicating elements of the certification paths, the certificate sequence number shall indicate the position of the following certificate within the certification path. It may be used on its own for list retrieval, with no certificate present. There may be several different USF segments within the same message, if more than one key or certificate is handled. However, there shall be no mixture of request functions and delivery functions.  The USF segment may also specify the filter function used for binary fields of the USA segment immediately following this segment.
M
1
 
0070
 
  
Security algorithm
A segment identifying a security algorithm, the technical usage made of it, and containing the technical parameters required (as defined in Part 5 of ISO 9735). This segment shall be used for symmetric key requests, discontinuation or delivery. It may also be used for an asymmetric key pair request.
C
1
 
0080
 
  
SG3
USC-USA-USR
A group of segments containing the data necessary to validate the security methods applied to the message/package, when asymmetric algorithms are used (as defined in Part 5 of ISO 9735). This group shall be used in the request or delivery of keys and certificates.

Either the full certificate segment group (including the USR segment), or the only data elements necessary to identify unambiguously the asymmetric key pair used, shall be present in the USC segment. The presence of a full certificate may be avoided if the certificate has already been exchanged by the two parties, or if it may be retrieved from a database.

Where it is desired to refer to a non-EDIFACT certificate (such as X.509), the certificate syntax and version shall be identified in data element 0545 of the USC segment.. Such certificates may be conveyed in an EDIFACT packagereference in USC (0536) shall contain the reference identification number (0802) from the UNO segment of the package containing the non-EDIFACT certificate, and no other data elements (in order to distinguish it from an EDIFACT certificate reference).
C
1
 
0090
 
  
Certificate
A segment containing the credentials of the certificate owner and identifying the certification authority which has generated the certificate (as defined in Part 5 of ISO 9735). This segment shall be used for certificate requests such as renewal, or asymmetric key requests such as discontinuation, and for certificate deliveries.
M
1
 
0100
 
  
Security algorithm
A segment identifying a security algorithm, the technical usage made of it, and containing the technical parameters required (as defined in Part 5 of ISO 9735). This segment shall be used for certificate requests such as credentials registration, and for certificate deliveries.
C
3
 
0110
 
  
Security result
A segment containing the result of the security functions applied to the certificate by the certification authority (as defined in Part 5 of ISO 9735). This segment shall be used for certificate validation or certificate deliveries.
C
1
 
0120
 
  
SG4
USL-SG5
A group of segments containing lists of certificates or public keys. The group shall be used to group together certificates of similar status - ie which are still valid, or which may be invalid for some reason.
C
99
 
0130
 
  
Security list status
A segment identifying valid, revoked, unknown or discontinued items. These items may be certificates (eg valid, revoked) or public keys (eg valid or discontinued). There may be several different USL segments within this message, if the delivery implies more than one list of certificates or public keys. The different lists may be identified by the list parameters.
M
1
 
0140
 
  
SG5
USC-USA-USR
A group of segments containing the data necessary to validate the security methods applied to the message/package, when asymmetric algorithms are used (as defined in Part 5 of ISO 9735). This group shall be used in the delivery of lists of keys or certificates of similar status.
M
9999
 
0150
 
  
Certificate
A segment containing the credentials of the certificate owner and identifying the certification authority which has generated the certificate (as defined in Part 5 of ISO 9735). This segment shall be used either in the full certificate using in addition the USA and USR segments, or may alternatively indicate the certificate reference number or key name, in which case the message shall be signed using security header and trailer segment groups.
M
1
 
0160
 
  
Security algorithm
A segment identifying a security algorithm, the technical usage made of it, and containing the technical parameters required (as defined in Part 5 of ISO 9735). If it is required to indicate the algorithms used with a certificate, this segment shall be used.
C
3
 
0170
 
  
Security result
A segment containing the result of the security functions applied to the certificate by the certification authority (as defined in Part 5 of ISO 9735). If it is required to sign a certificate, this segment shall be used.
C
1
 
0180
 
  
Message trailer
A service segment ending a message, giving the total number of segments and the control reference number of the message.
M
1
 
 
 
 
4
  
4.1
4.2
4.3
 
 
Generated by GEFEG.FX
UN D.22B Syntax
  
  
  
  
2022-12-20