# RFC 5912 ASN.1 2009 Modules
RFC 5912 translates the PKIX module suite from 1988 ASN.1 syntax to the
parameterized 2009 ASN.1 syntax. `synta-certificate` exposes the generated
types from five of these modules. These modules provide base types and
algorithm information object class definitions used across the 2009-syntax
PKIX suite; no builder classes are provided.
All types are accessible via the Rust `synta_certificate` crate. From Python,
the OID constants and type descriptions below serve as a reference for
interoperating with software that uses RFC 5912-style parameterized types.
## Module overview
| `pkix_common_types` | §2 | `ATTRIBUTE`, `EXTENSION`, `MATCHING-RULE` classes and concrete types |
| `alg_info_types` | §3 | `DIGEST-ALGORITHM`, `SIGNATURE-ALGORITHM`, `PUBLIC-KEY` classes |
| `pkixalgs_2009_types` | §4 | PKIX algorithm identifiers in 2009 syntax |
| `pkix1_explicit_types` | §5 | RFC 5280 explicit-tag types in 2009 syntax |
| `pkix1_implicit_types` | §6 | RFC 5280 implicit-tag types in 2009 syntax |
## pkix_common_types — RFC 5912 §2
Provides the information object class definitions and the concrete parameterized
types derived from them.
Key types:
| `AttributeSet` | `SEQUENCE { type ATTRIBUTE.&id, values SET OF ATTRIBUTE.&Type }` |
| `SingleAttribute` | Single-valued ATTRIBUTE instance |
| `Extension` | `SEQUENCE { extnID OID, critical BOOLEAN DEFAULT FALSE, extnValue OCTET STRING }` |
| `SecurityCategory` | Security category label (type OID + value OCTET STRING) |
The `ATTRIBUTE`, `EXTENSION`, and `MATCHING-RULE` information object class
definitions carry no DER encoding and are emitted as documentation comments
only.
## alg_info_types — RFC 5912 §3
Provides the parameterized `AlgorithmIdentifier` and the algorithm information
object classes.
Key types:
| `ParamOptions` | ENUMERATED: `required`, `preferredPresent`, `preferredAbsent`, `absent`, `empty` |
| `AlgorithmIdentifier2009` | `SEQUENCE { algorithm OID, parameters ANY OPTIONAL }` |
| `SmimeCapability` | `SEQUENCE { capabilityID OID, parameters ANY OPTIONAL }` |
| `SmimeCapabilities` | `SEQUENCE OF SmimeCapability` |
The CLASS definitions (`DIGEST-ALGORITHM`, `SIGNATURE-ALGORITHM`, `PUBLIC-KEY`,
`KEY-TRANSPORT`, `KEY-AGREE`, `KEY-WRAP`, `KEY-DERIVATION`, `MAC-ALGORITHM`,
`CONTENT-ENCRYPTION`, `ALGORITHM`) carry no DER encoding.
## pkixalgs_2009_types — RFC 5912 §4
Re-encodes the RFC 3279 algorithm identifier module in 2009 ASN.1 syntax.
This module provides algorithm OID constants and parameter types for DSA, DH,
ECDSA, and RSASSA-PSS using the parameterized `AlgorithmIdentifier2009` type.
## pkix1_explicit_types — RFC 5912 §5
Re-encodes the RFC 5280 explicit-tag module (`PKIX1Explicit88`) in 2009 syntax.
Provides the standard X.509 types using parameterized classes: `Certificate`,
`TBSCertificate`, `Name`, `GeneralName`, `AlgorithmIdentifier`, and related
structures, with formal information object class constraints.
## pkix1_implicit_types — RFC 5912 §6
Re-encodes the RFC 5280 implicit-tag module (`PKIX1Implicit88`) in 2009 syntax.
Provides the X.509 extension and general-name types with formal constraints:
`SubjectAltName`, `BasicConstraints`, `KeyUsage`, `ExtendedKeyUsage`, and so
on.
## When to use these modules
These modules are primarily useful when:
- Interoperating with software that validates or generates ASN.1 with formal
`ALGORITHM` or `EXTENSION` information object class constraints.
- Generating or parsing `SmimeCapabilities` attributes in S/MIME contexts.
- Working with protocol implementations that use `AlgorithmIdentifier2009`
(i.e. with formal constraint checking rather than `ANY OPTIONAL` parameters).
For most Python PKI use cases, the types at the `synta_certificate` crate root
(generated from the 1988-syntax RFC 5280 modules) are sufficient. See
[Certificate](certificate.md), [CRL](crl.md), and [X.509 Extension Value
Builders](ext-builders.md).