dn: cn=schema
attributeTypes: (2.16.840.1.113730.3.8.17.1.11 NAME 'ipk11Private' DESC 'Is private to application' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE X-ORIGIN 'IPA v4.1' )
attributeTypes: (2.16.840.1.113730.3.8.17.1.12 NAME 'ipk11Modifiable' DESC 'Can be modified by application' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE X-ORIGIN 'IPA v4.1' )
attributeTypes: (2.16.840.1.113730.3.8.17.1.13 NAME 'ipk11Label' DESC 'Description' EQUALITY caseExactMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'IPA v4.1' )
attributeTypes: (2.16.840.1.113730.3.8.17.1.14 NAME 'ipk11Copyable' DESC 'Can be copied by application' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE X-ORIGIN 'IPA v4.1' )
attributeTypes: (2.16.840.1.113730.3.8.17.1.15 NAME 'ipk11Destroyable' DESC 'Can be destroyed by application' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE X-ORIGIN 'IPA v4.1' )
attributeTypes: (2.16.840.1.113730.3.8.17.1.16 NAME 'ipk11Trusted' DESC 'Can be trusted by application' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE X-ORIGIN 'IPA v4.1' )
attributeTypes: (2.16.840.1.113730.3.8.17.1.17 NAME 'ipk11CheckValue' DESC 'Checksum' EQUALITY octetStringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 X-ORIGIN 'IPA v4.1' )
attributeTypes: (2.16.840.1.113730.3.8.17.1.18 NAME 'ipk11StartDate' DESC 'Validity start date' EQUALITY generalizedTimeMatch ORDERING generalizedTimeOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGLE-VALUE X-ORIGIN 'IPA v4.1' )
attributeTypes: (2.16.840.1.113730.3.8.17.1.19 NAME 'ipk11EndDate' DESC 'Validity end date' EQUALITY generalizedTimeMatch ORDERING generalizedTimeOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGLE-VALUE X-ORIGIN 'IPA v4.1' )
attributeTypes: (2.16.840.1.113730.3.8.17.1.1 NAME 'ipk11UniqueId' DESC 'Meaningless unique identifier' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'IPA v4.1' )
attributeTypes: (2.16.840.1.113730.3.8.17.1.20 NAME 'ipk11PublicKeyInfo' DESC 'DER-encoding of SubjectPublicKeyInfo of associated public key' EQUALITY octetStringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 X-ORIGIN 'IPA v4.1' )
attributeTypes: (2.16.840.1.113730.3.8.17.1.21 NAME 'ipk11Distrusted' DESC 'Must not be trusted by application' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE X-ORIGIN 'IPA v4.1' )
attributeTypes: (2.16.840.1.113730.3.8.17.1.22 NAME 'ipk11Subject' DESC 'DER-encoding of subject name' EQUALITY octetStringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 SINGLE-VALUE X-ORIGIN 'IPA v4.1' )
attributeTypes: (2.16.840.1.113730.3.8.17.1.23 NAME 'ipk11Id' DESC 'Key association identifier' EQUALITY octetStringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 SINGLE-VALUE X-ORIGIN 'IPA v4.1' )
attributeTypes: (2.16.840.1.113730.3.8.17.1.24 NAME 'ipk11Local' DESC 'Was created locally on token' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE X-ORIGIN 'IPA v4.1' )
attributeTypes: (2.16.840.1.113730.3.8.17.1.41 NAME 'ipk11KeyType' DESC 'Key type' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'IPA v4.1' )
attributeTypes: (2.16.840.1.113730.3.8.17.1.42 NAME 'ipk11Derive' DESC 'Key supports key derivation' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE X-ORIGIN 'IPA v4.1' )
attributeTypes: (2.16.840.1.113730.3.8.17.1.43 NAME 'ipk11KeyGenMechanism' DESC 'Mechanism used to generate this key' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'IPA v4.1' )
attributeTypes: (2.16.840.1.113730.3.8.17.1.44 NAME 'ipk11AllowedMechanisms' DESC 'Space-separated list of mechanisms allowed to be used with this key' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'IPA v4.1' )
attributeTypes: (2.16.840.1.113730.3.8.17.1.51 NAME 'ipk11Encrypt' DESC 'Key supports encryption' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE X-ORIGIN 'IPA v4.1' )
attributeTypes: (2.16.840.1.113730.3.8.17.1.52 NAME 'ipk11Verify' DESC 'Key supports verification where the signature is an appendix to the data' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE X-ORIGIN 'IPA v4.1' )
attributeTypes: (2.16.840.1.113730.3.8.17.1.53 NAME 'ipk11VerifyRecover' DESC 'Key supports verification where data is recovered from the signature' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE X-ORIGIN 'IPA v4.1' )
attributeTypes: (2.16.840.1.113730.3.8.17.1.54 NAME 'ipk11Wrap' DESC 'Key supports wrapping' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE X-ORIGIN 'IPA v4.1' )
attributeTypes: (2.16.840.1.113730.3.8.17.1.55 NAME 'ipk11WrapTemplate' DESC 'DN of template of keys which can be wrapped using this key' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE X-ORIGIN 'IPA v4.1' )
attributeTypes: (2.16.840.1.113730.3.8.17.1.61 NAME 'ipk11Sensitive' DESC 'Key is sensitive' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE X-ORIGIN 'IPA v4.1' )
attributeTypes: (2.16.840.1.113730.3.8.17.1.62 NAME 'ipk11Decrypt' DESC 'Key supports decryption' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE X-ORIGIN 'IPA v4.1' )
attributeTypes: (2.16.840.1.113730.3.8.17.1.63 NAME 'ipk11Sign' DESC 'Key supports signatures where the signature is an appendix to the data' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE X-ORIGIN 'IPA v4.1' )
attributeTypes: (2.16.840.1.113730.3.8.17.1.64 NAME 'ipk11SignRecover' DESC 'Key supports signatures where data can be recovered from the signature' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE X-ORIGIN 'IPA v4.1' )
attributeTypes: (2.16.840.1.113730.3.8.17.1.65 NAME 'ipk11Unwrap' DESC 'Key supports unwrapping' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE X-ORIGIN 'IPA v4.1' )
attributeTypes: (2.16.840.1.113730.3.8.17.1.66 NAME 'ipk11Extractable' DESC 'Key is extractable and can be wrapped' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE X-ORIGIN 'IPA v4.1' )
attributeTypes: (2.16.840.1.113730.3.8.17.1.67 NAME 'ipk11AlwaysSensitive' DESC 'Key has always been sensitive' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE X-ORIGIN 'IPA v4.1' )
attributeTypes: (2.16.840.1.113730.3.8.17.1.68 NAME 'ipk11NeverExtractable' DESC 'Key has never been extractable' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE X-ORIGIN 'IPA v4.1' )
attributeTypes: (2.16.840.1.113730.3.8.17.1.69 NAME 'ipk11WrapWithTrusted' DESC 'Key can only be wrapped with a trusted wrapping key' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE X-ORIGIN 'IPA v4.1' )
attributeTypes: (2.16.840.1.113730.3.8.17.1.70 NAME 'ipk11UnwrapTemplate' DESC 'DN of template to apply to keys unwrapped using this key' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE X-ORIGIN 'IPA v4.1' )
attributeTypes: (2.16.840.1.113730.3.8.17.1.71 NAME 'ipk11AlwaysAuthenticate' DESC 'User has to authenticate for each use with this key' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE X-ORIGIN 'IPA v4.1' )
objectClasses: (2.16.840.1.113730.3.8.17.2.1 NAME 'ipk11Object' DESC 'Object' SUP top STRUCTURAL MUST ipk11UniqueId X-ORIGIN 'IPA v4.1' )
objectClasses: (2.16.840.1.113730.3.8.17.2.2 NAME 'ipk11StorageObject' DESC 'Storage object' SUP top ABSTRACT MAY ( ipk11Private $ ipk11Modifiable $ ipk11Label $ ipk11Copyable $ ipk11Destroyable ) X-ORIGIN 'IPA v4.1' )
objectClasses: (2.16.840.1.113730.3.8.17.2.5 NAME 'ipk11Key' DESC 'Key' SUP ipk11StorageObject ABSTRACT MAY ( ipk11KeyType $ ipk11Id $ ipk11StartDate $ ipk11EndDate $ ipk11Derive $ ipk11Local $ ipk11KeyGenMechanism $ ipk11AllowedMechanisms ) X-ORIGIN 'IPA v4.1' )
objectClasses: (2.16.840.1.113730.3.8.17.2.6 NAME 'ipk11PublicKey' DESC 'Public key' SUP ipk11Key AUXILIARY MAY ( ipk11Subject $ ipk11Encrypt $ ipk11Verify $ ipk11VerifyRecover $ ipk11Wrap $ ipk11Trusted $ ipk11WrapTemplate $ ipk11Distrusted $ ipk11PublicKeyInfo ) X-ORIGIN 'IPA v4.1' )
objectClasses: (2.16.840.1.113730.3.8.17.2.7 NAME 'ipk11PrivateKey' DESC 'Private key' SUP ipk11Key AUXILIARY MAY ( ipk11Subject $ ipk11Sensitive $ ipk11Decrypt $ ipk11Sign $ ipk11SignRecover $ ipk11Unwrap $ ipk11Extractable $ ipk11AlwaysSensitive $ ipk11NeverExtractable $ ipk11WrapWithTrusted $ ipk11UnwrapTemplate $ ipk11AlwaysAuthenticate $ ipk11PublicKeyInfo ) X-ORIGIN 'IPA v4.1' )
objectClasses: (2.16.840.1.113730.3.8.17.2.8 NAME 'ipk11SecretKey' DESC 'Secret key' SUP ipk11Key AUXILIARY MAY ( ipk11Sensitive $ ipk11Encrypt $ ipk11Decrypt $ ipk11Sign $ ipk11Verify $ ipk11Wrap $ ipk11Unwrap $ ipk11Extractable $ ipk11AlwaysSensitive $ ipk11NeverExtractable $ ipk11CheckValue $ ipk11WrapWithTrusted $ ipk11Trusted $ ipk11WrapTemplate $ ipk11UnwrapTemplate ) X-ORIGIN 'IPA v4.1' )