EANCOM® 2002 S4 Edition 2016 Part II
KEYMAN Security key and certificate management message
5. Segments Layout
 
Previous Segment Segment number: 3 Legend Next Segment
SG4 - C 99 -
USL-SG5
A group of segments containing lists of certificates or public keys. The group shall be used to group together certificates of similar status - i.e., which are still valid, or which may be invalid for some reason.
SG5 - M 9999 -
USC-USA
A group of segments containing the data necessary to validate the security methods applied to the message/package, when asymmetric algorithms are used (as defined in Part 5 of ISO 9735). This group shall be used in the delivery of lists of keys or certificates of similar status.
USC - M 1 -
Certificate
  Function:
  To convey the public key and the credentials of its owner.

Dependency Notes:
1. D5(110,100) If first, then all

Notes:
2. 0536, if a full certificate (including the USR segment) is not used, the only data elements of the certificate shall be a unique certificate reference made of: the certificate reference (0536), the S500 identifying the issuer certification authority or the S500 identifying the certificate owner, including its public key name. In the case of a non-EDIFACT certificate data element 0545 shall also be present.
3. S500/0538, identifies a public key: either of the owner of this certificate, or the public key related to the private key used by the certificate issuer (certification authority or CA) to sign this certificate.
4. 0507, the original character set encoding of the certificate when it was signed. If no value is specified, the character set encoding corresponds to that identified by the character set repertoire standard.
5. 0543, the original character set repertoire of the certificate when it was signed. If no value is specified, the default is defined in the interchange header.
6. S505, when this certificate is transferred, it will use the default service characters defined in part 1 of ISO 9735, or those defined in the service string advice, if used. This data element may specify the service characters used when the certificate was signed. If this data element is not used then they are the default service characters.
7. S501, dates and times involved in the certification process. Four occurrences of this composite data element are possible: one for the certificate generation date and time, one for the certificate start of validity period, one for the certificate end of validity period, one for revocation date and time.
 
EDIFACT
EAN *
Description
0536
Certificate reference
C an..35
O  
If an advanced electronic signature is used, the reference of the qualified certificate is given. This data element is used in combination with DE 0577 (code value 4 = Authenticating party).
S500
SECURITY IDENTIFICATION DETAILS
C
R    
0577
Security party qualifier
M an..3
M *
General explanations
3 = Certificate owner
4 = Authenticating party
Identification of the role of the security parties (signature key owner or trusted third party).
0538
Key name
C an..35
O  
Identification of the public key to verify the digital signature by the recipient.
0511
Security party identification
C an..512
O  
Identification of the trusted third party (trust center) issuing the certificate identified in DE 0536.
For identification of parties it is recommended to use GLN - Format n13.
0513
Security party code list qualifier
C an..3
D *
General explanations
2 = GS1
ZZZ = Mutually agreed
0515
Security party code list responsible agency, coded
C an..3
N    
0586
Security party name
C an..35
N    
0586
Security party name
C an..35
N    
0586
Security party name
C an..35
N    
0545
Certificate syntax and version, coded
C an..3
D  
3 = X.509
Where it is decided to refer to a non-EDIFACT certificate (such as X.509), the certificate syntax and version shall be identified in data element 0545 of the USC segment. Such certificates may be conveyed in an EDIFACT package.
0505
Filter function, coded
C an..3
N    
0507
Original character set encoding, coded
C an..3
N    
0543
Certificate original character set repertoire, coded
C an..3
N    
0546
User authorisation level
C an..35
N    
S505
SERVICE CHARACTER FOR SIGNATURE
C
N    
0551
Service character for signature qualifier
M an..3
     
0548
Service character for signature
M an..4
     
S501
SECURITY DATE AND TIME
C
N    
0517
Date and time qualifier
M an..3
     
0338
Event date
C n..8
     
0314
Event time
C an..15
     
0336
Time offset
C n4
     
0567
Security status, coded
C an..3
N    
0569
Revocation reason, coded
C an..3
N    
Segment Notes:
This segment either contains information regarding the certificate, and identifies the certification authority which has generated the certificate, or is used to identify bilaterally interchanged signature keys.

1. Use of USC for certificate reference:
A certificate reference (DE 0536) and trusted third party (DEG S500, DE  0577 = 4 and DEG S500, DE 511) can be identified.
Example 1:
USC+AXZ4711+4::5412345000006:2+3'

2. Use of USC for reference to signature keys:
Identification of the name of the signature key in DEG S500, DE 0538 (DEG S500, DE 0577 = 3).
The interchange of signature keys and the references have to be bilaterally agreed between the partners.
Example 2:
USC++3:PUBLIC KEY 01'
Previous Segment Next Segment
© Copyright GS1 Edition 2016