| Internet-Draft | S/MIME Example Keys and Certificates | December 2021 |
| Gillmor | Expires 16 June 2022 | [Page] |
- Workgroup:
- lamps
- Internet-Draft:
- draft-ietf-lamps-samples-06
- Published:
- Intended Status:
- Informational
- Expires:
S/MIME Example Keys and Certificates
Abstract
The S/MIME development community benefits from sharing samples of signed or encrypted data. This document facilitates such collaboration by defining a small set of X.509v3 certificates and keys for use when generating such samples.¶
Status of This Memo
This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79.¶
Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet-Drafts is at https://datatracker.ietf.org/drafts/current/.¶
Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress."¶
This Internet-Draft will expire on 16 June 2022.¶
Copyright Notice
Copyright (c) 2021 IETF Trust and the persons identified as the document authors. All rights reserved.¶
This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Revised BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Revised BSD License.¶
1. Introduction
The S/MIME ([RFC8551]) development community, in particular the e-mail development community, benefits from sharing samples of signed and/or encrypted data. Often the exact key material used does not matter because the properties being tested pertain to implementation correctness, completeness or interoperability of the overall system. However, without access to the relevant secret key material, a sample is useless.¶
This document defines a small set of X.509v3 certificates ([RFC5280]) and secret keys for use when generating or operating on such samples.¶
An example RSA certification authority is supplied, and sample RSA certificates are provided for two "personas", Alice and Bob.¶
Additionally, an Ed25519 ([RFC8032]) certification authority is supplied, along with sample Ed25519 certificates for two more "personas", Carlos and Dana.¶
This document focuses narrowly on functional, well-formed identity and key material. It is a starting point that other documents can use to develop sample signed or encrypted messages, test vectors, or other artifacts for improved interoperability.¶
1.1. Requirements Language
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all capitals, as shown here.¶
1.3. Prior Work
[RFC4134] contains some sample certificates, as well as messages of various S/MIME formats. That older work has unacceptably old algorithm choices that may introduce failures when testing modern systems: in 2019, some tools explicitly mark 1024-bit RSA and 1024-bit DSS as weak.¶
This earlier document also does not use the now widely-accepted PEM encoding (see [RFC7468]) for the objects, and instead embeds runnable Perl code to extract them from the document.¶
It also includes examples of messages and other structures which are greater in ambition than this document intends to be.¶
[RFC8410] includes an example X25519 certificate that is certified with Ed25519, but it appears to be self-issued, and it is not directly useful in testing an S/MIME-capable MUA.¶
2. Background
2.1. Certificate Usage
These X.509 certificates ([RFC5280]) are designed for use with S/MIME protections ([RFC8551]) for e-mail ([RFC5322]).¶
In particular, they should be usable with signed and encrypted messages, as part of test suites and interoperability frameworks.¶
All end-entity and intermediate CA certificates are marked with Certificate Policies from [TEST-POLICY] indicating that they are intended only for use in testing environments. End-entity certificates are marked with policy 2.16.840.1.101.3.2.1.48.1 and intermediate CAs are marked with policy 2.16.840.1.101.3.2.1.48.2.¶
2.2. Certificate Expiration
The certificates included in this draft expire in 2052. This should be sufficiently far in the future that they will be useful for a few decades. However, when testing tools in the far future (or when playing with clock skew scenarios), care should be taken to consider the certificate validity window.¶
Due to this lengthy expiration window, these certificates will not be particularly useful to test or evaluate the interaction between certificate expiration and protected messages.¶
2.3. Certificate Revocation
Because these are expected to be used in test suites or examples, and we do not expect there to be online network services in these use cases, we do not expect these certificates to produce any revocation artifacts.¶
As a result, none of the certificates include either an OCSP indicator (see id-ad-ocsp as defined in the Authority Information Access X.509 extension in S.4.2.2.1 of [RFC5280]) or a CRL indicator (see the CRL Disttribution Points X.509 extension as defined in S.4.2.1.13 of [RFC5280]).¶
2.4. Using the CA in Test Suites
To use these end-entity certificates in a piece of software (for example, in a test suite or an interoperability matrix), most tools will need to accept either the Example RSA CA (Section 3) or the Example Ed25519 CA (Section 6) as a legitimate root authority.¶
Note that some tooling behaves differently for certificates validated by "locally-installed root CAs" than for pre-installed "system-level" root CAs). For example, many common implementations of HPKP ([RFC7469]) only applied the designed protections when dealing with a certificate issued by a pre-installed "system-level" root CA, and were disabled when dealing with a certificate issued by a "locally-installed root CA".¶
To test some tooling specifically, it may be necessary to install the root CA as a "system-level" root CA.¶
2.5. Certificate Chains
In most real-world examples, X.509 certificates are deployed with a chain of more than one X.509 certificate. In particular, there is typically a long-lived root CA that users' software knows about upon installation, and the end-entity certificate is issued by an intermediate CA, which is in turn issued by the root CA.¶
The example end-entity certificates in this document can be used with either a simple two-link certificate chain (they are directly certified by their corresponding root CA), or in a three-link chain.¶
For example, Alice's encryption certificate (Section 4.3, alice.encrypt.crt) can be validated by a peer that directly trusts the Example RSA CA's root cert (Section 3.1, ca.rsa.crt):¶
╔════════════╗ ┌───────────────────┐ ║ ca.rsa.crt ╟─→│ alice.encrypt.crt │ ╚════════════╝ └───────────────────┘¶
And it can also be validated by a peer that only directly trusts the Example Ed25519 CA's root cert (Section 6.1, ca.25519.crt), via an intermediate cross-signed CA cert (Section 3.3, ca.rsa.cross.crt):¶
╔══════════════╗ ┌──────────────────┐ ┌───────────────────┐ ║ ca.25519.crt ╟─→│ ca.rsa.cross.crt ├─→│ alice.encrypt.crt │ ╚══════════════╝ └──────────────────┘ └───────────────────┘¶
By omitting the cross-signed CA certs, it should be possible to test a "transvalid" certificate (an end-entity certificate that is supplied without its intermediate certificate) in some configurations.¶
2.6. Passwords
Each secret key presented in this draft is unprotected (it has no password).¶
As such, the secret key objects are not suitable for verifying interoperable password protection schemes.¶
However, the PKCS#12 [RFC7292] objects do have simple textual passwords, because tooling for dealing with passwordless PKCS#12 objects is underdeveloped at the time of this draft.¶
2.7. Secret key origins
The secret RSA keys in this document are all deterministically derived using provable prime generation as found in [FIPS186-4], based on known seeds derived via [SHA256] from simple strings. The secret Ed25519 and X25519 keys in this document are all derived by hashing a simple string. The seeds and their derivation are included in the document for informational purposes, and to allow re-creation of the objects from appropriate tooling.¶
All RSA seeds used are 224 bits long (the first 224 bits of the SHA-256 digest of the origin string), and are represented in hexadecimal.¶
3. Example RSA Certification Authority
The example RSA Certification Authority has the following information:¶
- Name:
Sample LAMPS RSA Certification Authority¶
3.1. RSA Certification Authority Root Certificate
This certificate is used to verify certificates issued by the example RSA Certification Authority.¶
-----BEGIN CERTIFICATE----- MIIDezCCAmOgAwIBAgITcBn0xb/zdaeCQlqp6yZUAGZUCDANBgkqhkiG9w0BAQ0F ADBVMQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQLEwhMQU1QUyBXRzExMC8GA1UEAxMo U2FtcGxlIExBTVBTIFJTQSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAgFw0xOTEx MjAwNjU0MThaGA8yMDUyMDkyNzA2NTQxOFowVTENMAsGA1UEChMESUVURjERMA8G A1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNhbXBsZSBMQU1QUyBSU0EgQ2VydGlm aWNhdGlvbiBBdXRob3JpdHkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB AQC2GGPTEFVNdi0LsiQ79A0Mz2G+LRJlbX2vNo8STibAnyQ9VzFrGJHjUhRX/Omr OP3rDCB2SYfBPVwd0CdC6z9qfJkcVxDc1hK+VS9vKncL0IPUYlkJwWuMpXa1Ielz +zCuV+gjV83Uvn6wTn39MCmymu7nFPzihcuOnbMYOCdMmUbi1Dm8TX9P6itFR3hi IHpSKMbkoXlM1837WaFfx57kBIoIuNjKEyPIuK9wGUAeppc5QAHJg95PPEHNHlmM yhBzClmgkyozRSeSrkxq9XeJKU94lWGaZ0zb4karCur/eiMoCk3YNV8L3styvcMG 1qUDCAaKx6FZEf7hE9RN6L3bAgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYD VR0PAQH/BAQDAgEGMB0GA1UdDgQWBBSRMI58BxcMp/EJKGU2GmccaHb0WTANBgkq hkiG9w0BAQ0FAAOCAQEACDXWlJGjzKadNMPcFlZInZC+Hl7RLrcBDR25jMCXg9yL IwGVEcNp2fH4+YHTRTGLH81aPADMdUGHgpfcfqwjesavt/mO0T0S0LjJ0RVm93fE heSNUHUigVR9njTVw2EBz7e2p+v3tOsMnunvm6PIDgHxx0W6mjzMX7lG74bJfo+v dx+jI/aXt+iih5pi7/2Yu9eTDVu+S52wsnF89BEJeV0r+EmGDxUv47D+5KuQpKM9 U/isXpwC6K/36T8RhhdOQXDq0Mt91TZ4dJTT0m3cmo80zzcxsKMDStZHOOzCBtBq uIbwWw5Oa72o/Iwg9v+W0WkSBCWEadf/uK+cRicxrQ== -----END CERTIFICATE-----¶
3.3. RSA Certification Authority Cross-signed Certificate
If an e-mail client only trusts the Ed25519 Certification Authority Root Certificate found in Section 6.1, they can use this intermediate CA certificate to verify any end entity certificate issued by the example RSA Certification Authority.¶
-----BEGIN CERTIFICATE----- MIIC5zCCApmgAwIBAgITcTQnnf8DUsvAdvkX7mUemYos7DAFBgMrZXAwWTENMAsG A1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxNTAzBgNVBAMTLFNhbXBsZSBM QU1QUyBFZDI1NTE5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MCAXDTIwMTIxNTIx MzU0NFoYDzIwNTIwOTI3MDY1NDE4WjBVMQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQL EwhMQU1QUyBXRzExMC8GA1UEAxMoU2FtcGxlIExBTVBTIFJTQSBDZXJ0aWZpY2F0 aW9uIEF1dGhvcml0eTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALYY Y9MQVU12LQuyJDv0DQzPYb4tEmVtfa82jxJOJsCfJD1XMWsYkeNSFFf86as4/esM IHZJh8E9XB3QJ0LrP2p8mRxXENzWEr5VL28qdwvQg9RiWQnBa4yldrUh6XP7MK5X 6CNXzdS+frBOff0wKbKa7ucU/OKFy46dsxg4J0yZRuLUObxNf0/qK0VHeGIgelIo xuSheUzXzftZoV/HnuQEigi42MoTI8i4r3AZQB6mlzlAAcmD3k88Qc0eWYzKEHMK WaCTKjNFJ5KuTGr1d4kpT3iVYZpnTNviRqsK6v96IygKTdg1Xwvey3K9wwbWpQMI BorHoVkR/uET1E3ovdsCAwEAAaN8MHowDwYDVR0TAQH/BAUwAwEB/zAXBgNVHSAE EDAOMAwGCmCGSAFlAwIBMAIwDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBSRMI58 BxcMp/EJKGU2GmccaHb0WTAfBgNVHSMEGDAWgBRropV9uhSb5C0E0Qek0YLkLmuM tTAFBgMrZXADQQBnQ+0eFP/BBKz8bVELVEPw9WFXwIGnyH7rrmLQJSE5GJmm7cYX FFJBGyc3NWzlxxyfJLsh0yYh04dxdM8R5hcD -----END CERTIFICATE-----¶
4. Alice's Sample Certificates
Alice has the following information:¶
4.1. Alice's Signature Verification End-Entity Certificate
This certificate is used for verification of signatures made by Alice.¶
-----BEGIN CERTIFICATE----- MIIDzzCCAregAwIBAgITN0EFee11f0Kpolw69Phqzpqp1zANBgkqhkiG9w0BAQ0F ADBVMQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQLEwhMQU1QUyBXRzExMC8GA1UEAxMo U2FtcGxlIExBTVBTIFJTQSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAgFw0xOTEx MjAwNjU0MThaGA8yMDUyMDkyNzA2NTQxOFowOzENMAsGA1UEChMESUVURjERMA8G A1UECxMITEFNUFMgV0cxFzAVBgNVBAMTDkFsaWNlIExvdmVsYWNlMIIBIjANBgkq hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtPSJ6Fg4Fj5Nmn9PkrYo0jTkfCv4TfA/ pdO/KLpZbJOAEr0sI7AjaO7B1GuMUFJeSTulamNfCwDcDkY63PQWl+DILs7GxVwX urhYdZlaV5hcUqVAckPvedDBc/3rz4D/esFfs+E7QMFtmd+K04s+A8TCNO12DRVB DpbP4JFD9hsc8prDtpGmFk7rd0q8gqnhxBW2RZAeLqzJOMayCQtws1q7ktkNBR2w ZX5ICjecF1YJFhX4jrnHwp/iELGqqaNXd3/Y0pG7QFecN7836IPPdfTMSiPR+peC rhJZwLSewbWXLJe3VMvbvQjoBMpEYlaJBUIKkO1zQ1Pq90njlsJLOwIDAQABo4Gv MIGsMAwGA1UdEwEB/wQCMAAwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMB4GA1Ud EQQXMBWBE2FsaWNlQHNtaW1lLmV4YW1wbGUwEwYDVR0lBAwwCgYIKwYBBQUHAwQw DgYDVR0PAQH/BAQDAgbAMB0GA1UdDgQWBBS79syyLR0GEhyXrilqkBDTIGZmczAf BgNVHSMEGDAWgBSRMI58BxcMp/EJKGU2GmccaHb0WTANBgkqhkiG9w0BAQ0FAAOC AQEAc4miNqfOqaBpI3f+CpJDhxtuZ2P9HjQEQ+v6BdP7GKJ19naIs3BjJOd64roA KHAp+c284VvyVXWJ99FMX8q2ZUQMxH+xh6oAfzcozmnd6XaVWHg4eHIjSo27PmhK E1oAJKKhDbdbEcZXL2+x1V+duGymWtaD01DZZukKYr7agyHahiXRn/C9cy31wbqN sy9x0fjPQg6+DqatiQpMz9EIae6aCHHBhOiPU7IPkazgPYgkLD59fk4PGHnYxs1F hdO6zZk9E8zwlc1ALgZa/iSbczisqckN3qGehD2s16jMhwFXLJtBiN+uCDgNG/D0 qyTbY4fgKieUHx/tHuzUszZxJg== -----END CERTIFICATE-----¶
4.2. Alice's Signing Private Key Material
This private key material is used by Alice to create signatures.¶
-----BEGIN PRIVATE KEY----- MIIE+gIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQC09InoWDgWPk2a f0+StijSNOR8K/hN8D+l078oullsk4ASvSwjsCNo7sHUa4xQUl5JO6VqY18LANwO Rjrc9BaX4MguzsbFXBe6uFh1mVpXmFxSpUByQ+950MFz/evPgP96wV+z4TtAwW2Z 34rTiz4DxMI07XYNFUEOls/gkUP2GxzymsO2kaYWTut3SryCqeHEFbZFkB4urMk4 xrIJC3CzWruS2Q0FHbBlfkgKN5wXVgkWFfiOucfCn+IQsaqpo1d3f9jSkbtAV5w3 vzfog8919MxKI9H6l4KuElnAtJ7BtZcsl7dUy9u9COgEykRiVokFQgqQ7XNDU+r3 SeOWwks7AgMBAAECggEAFKD2DG9A1u77q3u3p2WDH3zueTtiqgaT8u8XO+jhOI/+ HzoX9eo8DIJ/b/G3brwHyfh17JFvLH1zbgsn5bghJTz3r+JcZZ5l3srqMV8t8zjI JEHOKC3szH8gYVKWrIgBAqOt1H9Ti8J2oKk2aymqBFr3ZXpBUCTWpEz2s3FMBUUI qCEsAJqsdEch+kt43X5kvAom7LC1DHiE6RKfhMEub/LGNHSwY4dmzhaG6p95FJ1h s8HoURI2ReVpsTadaKd3KoYNc1lcffmwdZs/hFs7xmmwXKMmlonh1mzHqD1/BqeJ Hc8MP4ueDdyVgIe/uVtlQ9NcRQbuokkDyDYMYV6hzQKBgQD75ahYGFGZznRKtSE3 w/2rUqTYIWxx2PQz5G58PcsTZM89Hj4aZOoLmudHbrTQHluRNcHoXEI62rs0cVPs D7IlZOLfs+SSTeNEXxD57mjyyufpV65OcNc1mSJAmMX2jWQ8ndnOuWPcc5J6fNvT au0a7ZBOaeKHnA8XXL3GYilM9QKBgQC35xKi7f2JmGtsYY21tfRuDUm6EjhMW6b7 GWnI9IXF8TGj15s7oDEYvqSPTJdB6PAb/tZwdbj9mB4qj176x1kB/N7GO974O8UP /PdHkU7duyf5nRq1mrI+yGFHVsGD313rc+akYdKcC207e6IRMST1ZFoznC6qNgpi nNTuDz4ZbwKBgA5Dd9/dKKm77gvY69Objn6oBFuUsO5VaaaSlcsFOL2VZMLCNqQJ +NLFZ7k8xJJQVcEIOT2uE7X/csBKdoUUcnL5nnsqVZQPQwI5G937KQgugylMZLte WmFXlX/w5qzKXtWr3ox9JPFzveSfs1bqZBi1QQmfp0skhBo/jyNvpYUNAoGAMNkw GhcdQW87GY7QFXQ/ePwOmV49lgrCT/BwKPDKl8l5ZgvfL/ddEzWQgH/XraoyHT2T uEuM18+QM73hfLt26RBCHGXK1CUMMzL+fAQc7sjH1YXlkleFASg4rrpcrKqoR+KB YSiayNhAK4yrf+WN66C8VPknbA7us0L1TEbAOAECgYEAtwRiiQwk3BlqENFypyc8 0Q1pxp3U7ciHi8mni0kNcTqe57Y/2o8nY9ISnt1GffMs79YQfRXTRdEm2St6oChI 9Cv5j74LHZXkgEVFfO2Nq/uwSzTZkePk+HoPJo4WtAdokZgRAyyHl0gEae8Rl89e yBX7dutONALjRZFTrg18CuegOzA5BgorBgEEAZIIEggBMSswKQYJYIZIAWUDBAIC BBySyJ1DMNPY4x1P3pudD+bp/BQhQd1lpF5bQ28F -----END PRIVATE KEY-----¶
This secret key was generated using provable prime generation found in [FIPS186-4] using the seed 92c89d4330d3d8e31d4fde9b9d0fe6e9fc142141dd65a45e5b436f05.
This seed is the first 224 bits of the [SHA256] digest of the string draft-lamps-sample-certs-keygen.alice.sign.seed.¶
4.3. Alice's Encryption End-Entity Certificate
This certificate is used to encrypt messages to Alice.¶
-----BEGIN CERTIFICATE----- MIIDzzCCAregAwIBAgITDy0lvRE5l0rOQlSHoe49NAaKtDANBgkqhkiG9w0BAQ0F ADBVMQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQLEwhMQU1QUyBXRzExMC8GA1UEAxMo U2FtcGxlIExBTVBTIFJTQSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAgFw0xOTEx MjAwNjU0MThaGA8yMDUyMDkyNzA2NTQxOFowOzENMAsGA1UEChMESUVURjERMA8G A1UECxMITEFNUFMgV0cxFzAVBgNVBAMTDkFsaWNlIExvdmVsYWNlMIIBIjANBgkq hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmpUp+ovBouOP6AFQJ+RpwpODxxzY60n1 lJ53pTeNSiJlWkwtw/cxQq0t4uD2vWYB8gOUH/CVt2Zp1c+auzPKJ2Zu5mY6kHm+ hVB+IthjLeI7Htg6rNeuXq50/TuTSxX5R1I1EXGt8p6hAQVeA5oZ2afHg4b97enV 8gozR0/Nkug4AkXmbk7THNc8vvjMUJanZ/VmS4TgDqXjWShplcI3lcvvBZMswt41 /0HJvmSwqpS6oQcAx3Weag0yCNj1V9V9yu/3DjcYbwW2lJf5NbMHbM1LY4X5chWf NEbkN6hQury/zxnlsukgn+fHbqvwDhJLAgFpW/jA/EB/WI+whUpqtQIDAQABo4Gv MIGsMAwGA1UdEwEB/wQCMAAwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMB4GA1Ud EQQXMBWBE2FsaWNlQHNtaW1lLmV4YW1wbGUwEwYDVR0lBAwwCgYIKwYBBQUHAwQw DgYDVR0PAQH/BAQDAgUgMB0GA1UdDgQWBBSiU0HVRDyAKRV8ASPw546vzfN3DzAf BgNVHSMEGDAWgBSRMI58BxcMp/EJKGU2GmccaHb0WTANBgkqhkiG9w0BAQ0FAAOC AQEAgUl4oJyxMpwWpAylOvK6NEbMl1gD5H14EC4Muxq1u0q2XgXOSBHI6DfX/4LD sfx7fSIus8gWVY3WqMeuOA7IizkBD+GDEu8uKveERRXZncxGwy2MfbH1Ib3U8QzT jqB8+dz2AwYeMxODWq9opwtA/lTOkRg8uuivZfg/m5fFo/QshlHNaaTDVEXsU4Ps 98Hm/3gznbvhdjFbZbi4oZ3tAadRlE5K9JiQaJYOnUmGpfB8PPwDR6chMZeegSQA W++OIKqHrg/WEh4yiuPfqmAvX2hZkPpivNJYdTPUXTSO7K459CyqbqG+sNOo2kc1 nTXl85RHNrVKQK+L0YWY1Q+hWA== -----END CERTIFICATE-----¶
4.4. Alice's Decryption Private Key Material
This private key material is used by Alice to decrypt messages.¶
-----BEGIN PRIVATE KEY----- MIIE+gIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCalSn6i8Gi44/o AVAn5GnCk4PHHNjrSfWUnnelN41KImVaTC3D9zFCrS3i4Pa9ZgHyA5Qf8JW3ZmnV z5q7M8onZm7mZjqQeb6FUH4i2GMt4jse2Dqs165ernT9O5NLFflHUjURca3ynqEB BV4DmhnZp8eDhv3t6dXyCjNHT82S6DgCReZuTtMc1zy++MxQlqdn9WZLhOAOpeNZ KGmVwjeVy+8FkyzC3jX/Qcm+ZLCqlLqhBwDHdZ5qDTII2PVX1X3K7/cONxhvBbaU l/k1swdszUtjhflyFZ80RuQ3qFC6vL/PGeWy6SCf58duq/AOEksCAWlb+MD8QH9Y j7CFSmq1AgMBAAECggEADgxoWEDDRE5yEZ+s7TMw+WH2o+3XOOrryqnsLbOyv34I wAAUWK7qZyjd9rSDOAtBOgFhQNXYhWZlT+0iHslCIfqJMZ8wy1iFHBCIphoMSWs5 /D+idXrUef5Y23rClBxXH0g1UnSGXnpUH4ehV6p1lvZMh4OJKEoMC4cpyd1SzXrw +VGCc1+pXv/tTW3Rb2qoWO9JoWY+Epcssrw5N8OFIFODh4QfbLN6pVTt28aQ4pf/ 1KhLoapjFzXSYp/jrcNjYJ9qRdSAbZsKOJ2yZ0yqjLHDCDipFty+W0pkUZcJhsgu Cg1Stt7tKgSvAV/nEjN8e/vA91/AACKBCNcLzEoLgQKBgQC4eTM6BDCzlusXJBK4 SRC/WwUthJZzfOk2Gmwr0DCTRYhWQSDjBfiQNboazHObVPz45qP10fOt2iPEHeX+ VWAXTNrN69M9lEzxygA3s76lAejBR3FbLWkzLYqPB3oZwSIE7CrWHTXJipFWZv+X FG1R418fnRCUMJ4j85qem5iyqQKBgQDWhQMJu7FC02fr83qsIdLwqhiDtTpwUN3j qfp7JoEZOxbm3TgM1xPAkrQTUgfr2ZhXGtUwsuKHyifxQEycrTkBOg0gqAfG0fnv ybyXK6/guctHJQiy64lL39kPuvQkKB+YO60B/oF6zbyFvqanoKXjpspObN3i3yBU X5/EOu/LLQKBgQCUVwHWeWAgSg+pgBx9jGOnPK4hOCkznRJ7qyuo37Tv+E317lFf vYFvlYSd4CJmmiUCkZTvK3FkL7HrFo/HwSeQFQEt7aDkN8jX9bPPFv8K+UoNgkGp LA8YVFrDQSPyadfNVYvsuXhzJLZSYGjPOGHgI5JufYLDZ4UDK/T97ekQYQKBgDDM ORCxvXTyGiW2USVu3EkaqFDtnMmH27G6LNxuudc/dco2cFWbZ0bbGFN8yYiBCwJl fDGDv7wb5FIgykypqtn4lpvjHUHA6hX90gShT3TTTsZ0SjJJGgZEeV/2qyq+ZdF/ Ya+ecV26BzR1Vfuzs4jBnCuS4DaHgxcuWW2N6pZRAoGAWTovk3xdtE0TZvDerxUY l8hX+vwJGy7uZjegi4cFecSkOR4iekVxrEvEGhpNdEB2GqdLgp6Q6GPdalCG2wc4 7pojp/0inc4RtRRf3nZHaTy00bnSe/0y+t0OUbkRMtXhnViVhCcOt6BUcsHupbu2 Adub72KLk+gvASDduuatGjqgOzA5BgorBgEEAZIIEggBMSswKQYJYIZIAWUDBAIC BBwc90hJ90RfRmxCciUfX5a3f6Bpiz6Ys/Hugge/ -----END PRIVATE KEY-----¶
This secret key was generated using provable prime generation found in [FIPS186-4] using the seed 1cf74849f7445f466c4272251f5f96b77fa0698b3e98b3f1ee8207bf.
This seed is the first 224 bits of the [SHA256] digest of the string draft-lamps-sample-certs-keygen.alice.encrypt.seed.¶
4.5. PKCS12 Object for Alice
This PKCS12 ([RFC7292]) object contains the same information as presented in Section 4.1, Section 4.2, Section 4.3, Section 4.4, and Section 3.3.¶
It is locked with the simple five-letter password alice.¶
-----BEGIN PKCS12----- MIIX+AIBAzCCF8AGCSqGSIb3DQEHAaCCF7EEghetMIIXqTCCBI8GCSqGSIb3DQEH BqCCBIAwggR8AgEAMIIEdQYJKoZIhvcNAQcBMBwGCiqGSIb3DQEMAQMwDgQIWQKs PyUaB9YCAhTCgIIESCsrTOUTY394FyrjkeCBSV1dw7I3o9oZN7N6Ux2KyIamsWiJ 77t7RL1/VSxSBLjVV8Sn5+/o3mFjr5NkyQbWuky33ySVy3HZUdZc2RTooyFEdRi8 x82dzEaVmab7pW4zpoG/IVR6OTizcWJOooGoE0ORim6y2G+iRZ3ePBUq0+8eSNYW +jIWov9abdFqj9j1bQKj/Hrdje2TCdl6a9sSlTFYvIxBWUdPlZDwvCQqwiCWmXeI 6T9EpZldksDjr5N+zFhSLoRwABGRU8jXSU9AEsem9DFxoqZq8VsQcegQFY6aJcZO Xel7IECIAgK8nZlKCTzyNVALxeFw0ijWnW4ltDaqcC6GepmuINiqqdD94YAOHxRl 1lKU4mLknSJ36W4T7vaI4fp98sK0nGpaDzQheu6BbQ+dVd44q52MDwvqvD0Y7UjF IVEP3V9Ebfn641CR0mIcVCUynxb3aaKjhgBKTGbYsKtPue974rDPIArMs2Heo8y3 cq+f7Jce0IVCglRatN6rSyJBF8JlBQW5pZGco8AwTM1pK3RrdIDziheA8DIBB+KT 4JZBO6UprlcZ5wBY6ncXWa5E4feb57Cd3bB+zJuubBX9f4yG/J0cSF59w92c/6Qb i4EFk6tAiz19PxuLLwjco71e69Jiav19Ph/WJpf/XCEurw7K+VAeZALFW41G/D30 WIBRC2shisHB3j8+3fNPcvi4Fy3EkZNW4lrZFAjbBtloCxk5rcfRS7vxucAvC5X9 4bm0xEcdOysnuplH77u+CWWxjCk414SlKZTUbwc1a0B6yRDvojUMZkDzMqsxyYjn JG5QhMFQrTyALwCgJsP/rAf5xPhG2p+9Qul0yiBIIZwvKNKRQKL+YLcvYvTh1bhj rUflYzzvviyXCy9LcX2GBop9yBFJzIcmKfL0MGua6WIkWX2BIjhGTtu6VThmRHuf OsqNg/ZrNCTYa7e1D6gwP5uFRecSZdASf+0XTe6M7e/vaN4Go4A3H8+d53SYQP6n pTt/a0DTHzY77aNMh+mzkIHC1W3zUdlS48tUyJMiAN3Tt+RfhHZfgloJ7IdcYdM2 O1I+UD/5L9ghxN8dh13Fi3rDyn6Y5xB1xFuZ0mLjoEI+3Pr1+B9Kgf+o/hxFttfx 1uP1XcHt0a4gBr6g7fwGNssfw5S6g6hS9UDTAYOpvLaatil2TZmeYZzij19ssv36 kr1VaRV9xcQCbY05ucD+buymFXPn/rhVdxhgIydmvOtdzDozy0WFDTvgjUBNeRnC eMVD6AlWdWOlmBqOcIlJS0aY2FWm8Kju62XZA8YIRowlLysuq3zIqDmzmqJFKwuA mRMZmUVhophMEn86rwob3Z87gNbyy1U/dXi+s6Vybx/kiwDXjfyhWBnhn1gkhgiv oOhGtt+yAliCVuHQlEloQeQN04C5QTU0d1WOj489Ft6wpvm0tqcl6NpnRYUhbCoF XhFr4wswggR3BgkqhkiG9w0BBwagggRoMIIEZAIBADCCBF0GCSqGSIb3DQEHATAc BgoqhkiG9w0BDAEDMA4ECPoEFEHQGB9dAgIU5oCCBDAOrGHyN47xktt1J1VvWQZN BYIMFzLN6p2/zKotGf7EMdgSdwlxkhKTWxunfoP/gfRD6boXTAA7ukJDsHXZrfXF KjI4HI2oa/NihwqctphcLonBJXcofuHv+loP9MPLtwu3Mo1wsWTiHpf5XmxMoZQw fbrp2ohLugJO1ZRB9RfAUpaAhtFg91pLOtXEpz7GULEyOnYh9R8iu9bSel8bpl4S +AoxzXD4gYiEU6Yi0/47aRstd3H4u3ERDnUKSoqVstslRSKnK/WrGYUwoy7kNDwy DBitfosMY0rpWEe5rXTBwJkBodcl3LBpDbNzdbrZw+e+yObJ9zfRlMpl0xVfoiji q9UbRdgN2yo0RKwF6c63V2RdF5tjQHnNIM3K3tC9zEis11jgn9LeOLB9Cd1qyE4P WfmHN0gwqDF1eX96TmUipmYM63H6jcbnSc6p7eIZtCrqGjhsTqFwcMg04WaXWeHD ffLXSZdzIUB+zfC8tftUUEOUX3tX4l1oU7K8uAuQTSK/AXwUj+MbQVhlz8te4FVr w4ulZ184IYqhD3VdIOxXiZkfSKChRz8/7QacrXFvfKkrcrxS2iHMoxhoJ7WETNtI slW5R5runj61r50VT4HCFNFQfGBbTtV9AdP7yka9aQDWxPCoXFgeb1Q01F/BigzW 02JP5Lcrw7ia0y88QbTzWhi57d4he5OIp0wHUiGPh7s792mlltvuSpRKJkOXWv6h qAj5AsBB8JNvgXP71Ytx2vMdjw6gqzQcxASJ4UHQg0CxmiODLUP+FHAY1CPNSjbR pHrTi1UFi/+9hYneQci++qPvkCqMuGHVxamd4OLanGJN1NxE1DyMeduapX5rXuPn g66LPey9GQuE3SBNC2dmjuOy7d8fWXEZqhqLtPfsuwVzdnWb1uAcjRfQPNo+uWe4 zihYisXK3lqA557dRqdSv+6GL6/OZQOCTaYMyZIWD9jS2gU6T3q2j8uk1LNcL9n8 aSpQ5xWspBXpzXo39fG6CMeqzZlFCqrvQwYhdXbtxn9Ox/pimmWOlcqAxv+xythW BMx+il1JEdbCj015wjmsCWNPWlM4AVSholpZhs9Mq6rvgBXi1HJgjD0DpSLCE0xh /GNoXoOX3LrxfCIDEhT8LyZ2NE59yh3t6pm88soFzaAghdjb1Fkc79nBbcl4NLKg SmL/7GktkxEznOiSYfnfJ905kjZC08d8RnoGfrDDUWD2ZIhbbxOCq4E3E0Zt13aH JOXRBOZLC9L2JNeSNiBZZGykh+Pi4TsIzXL2UPQ+dy4DDaEf8yamyY04dlhFsnhD qr94Y9E3O/rpF0yUb2gCehEgT9nppVuMeridsCkHqemmgVr/52Xv/XK9dx4+YBjL 4/3Id0/yVJURqDIHH8o4ogF4rflkzOalrZ9nJFugP0UM8oNysaL9yr7/Dli1juV0 MIIDZwYJKoZIhvcNAQcGoIIDWDCCA1QCAQAwggNNBgkqhkiG9w0BBwEwHAYKKoZI hvcNAQwBAzAOBAidIqBxZFwvagICFCKAggMgTzrUv4/12Jqnv3AL+P6990uX1ybZ NcTwC+hMRV0Ho0FuAAybzdSRBAaZch1+8GheU8yz7IYWmLn1PNHxlZ8inIYfmTfk Pa34Rk8s/RxJIe8LMYL1qjk/FMq/Fpgc0S65S6bXvJ69Hb8gtAoGW8P1b0dd9bvG NbAk00h5r+IWiH4U8zGpcqWDWRgieGICsY00Hvx4KKMV6FIjFVCTZevORVoyzmSX ZZgxqrbjw4CZqOWReHPI3aEt5xVX3BihRGi4EIyia6yU10VOZTGBKqWUeKmOA5Gw SX3mH/kLiya3gwwGvdq1ncXcl7V1STN1HFyp4ebGKg4CsZ6NkWjocwq2PwM/TqoZ 5i02tqvOeR8lX7LrSegxGH81Kw3nMV4dH5txoVt9hddZCKKGcJ5Z8FlzxFP4BFuF 7hOmRpUPdxiahJ/GkXDVIAw6BJKd4Q9e6sjJYxTeq4uOP6V4PMuDU7F98X/d9sEx 2X3b1cJxuA7xtOnKAPsWEyWBg98B+CKG6KwO5s8TlZVmlk15FCUjvFoKCiWIKF4N vGLiWOIP/jJ9N6Gqp4gNbm51zNFGZ7gZAtvsBSGQSOUPgfZcx2mRxpBmcX8tm5YJ hmY9EDK13umUUGKrPOrG8c7/MVAQegSKqQuXSfMK6KknXGe7jwjs7xaQaRm9fFHS 0KbGU3MsLxRGjW/jzjUNAEWDiSYPCVo8E/kd8LETvjAowF772y9o0X1ZzcP7HWcl oYcO/WSSh4e+FAbgqLo/8KIkGzJ23BAcdx8XAtxzUZhRdHaItnwaJsfTr4TCwq8C XxJG5u44/z6imqQrVOaXQfvk6sSNGdG62TkacYg2K63D9hcg+TbZPPVSStWXyj8S N84anzTOxb1yx6aw6IL+uBLC4jISgNFijaF5pwjLSbgTs5Z7skZdCam80xYmdJVO ES/uqFCQFUSamXXNbotviQk8jWuJFz+BXzPYJN3t+3mp6SmgTZ2zP8FUQEE4GbSH DqYV621DcWRo/mao8xzX/mvkKm4ddGBldiusoHZaL4gdo2A1qThSMnMBsciC+jEj DqOr70XhHccTDW8wggWUBgkqhkiG9w0BBwGgggWFBIIFgTCCBX0wggV5BgsqhkiG 9w0BDAoBAqCCBSYwggUiMBwGCiqGSIb3DQEMAQMwDgQIehcRLmVUApMCAhQOBIIF AHb5dXZKzCeRUo2ZSj0oyuFS3zQ5HhKyfapsyCqbYCKv/lSzNYWvuda7xfa+uOM7 /wCB9sWdz0MTpaBMHWx9hvibZIY65oM+ry4tTuKKqOJl37OsnjB0dSNTKszsI3fa PUjslxqIH3aC1shD7OqhIRGZzRjK44PJyWv626oQrgVtTYR9NYTdee+SbBZbkEt/ EpWipwftWXGR6tSYJQn99eO9Vih8HyQvwIpidUh3pCFOlow4VZyAqIWOHcw9TAjB XNv+qfdH7fiX9wM5/GvnQReIsqjXCUoc6pSQIAqD/f+I/d1F2ZmqM7KwX0LGRER9 OWZGyF734pN9GLbNetWm6rKxmlSI/5m6+2Jxxfann16P+vBSEgWJ/I8GnJAdzIbB Tyfjog4Gi2+lmrPzK7+C79ntM9nfsr4xVzy/BknwZIaJksd4VvOGkS9nfM6shtBJ B9uR+GJfthtsvIVUHN0kz2r/lVzMSRbOg9yR53hv1H/nXCmUjWz/BvobmoaVBcCm mOnnYZTHMNarIVYdLQFif5ZLH7WV/XVEVIoRntNRiKsK96VAHm5XboWQGCqL0heh IX3Nily1genGm1aFlSQNMvLDko1ILDTKrINvPmjG/WFoLntpJFPtYZsooT1jjXLw 3VTSodtgKQNdPYOEidSJqwIS87fzrCB2Wmwys0iGfdsuNhSaqNqa0dMO6FiW2fku x7H+w7SX1/n9YeZUNLOcewLcC7E8IA1IarjglZE1L6Yb2ldXxV9q3PPOwKuGnah0 TKnD6mLn5BIGOGTzF1VspXRrJhFrcLe+xsJR1r6niI3bcMWXXy7gbm1X/CRE902I ynxE1oDR+xZ6rjPWDJP7kVf4GvA8trCGrot4pbJbmwlBeMIylScdQoHEnyqrenOn RMmXZaKzl3njtq7Wk78qoJq0a6Vh/sde0KcOPFkyTZdMBlTztm0K2VJU3jUVzPlM 0WY2fyGDoA89ol+/MiNsgiaEghGybXBYipOex+p7j1GIRN/CKmpWsqjZnB78kyXm Z6AE1vC6neD/7zANInDkzXiun6ic72LoBX3JGiCSuM6hIPJ0AcDwlzTDu0H2rCQN w+tivJ2v4KbgeKoc6beQb5fZHs7VsWHikIcpwqB5ngwt34wHgFG0nTS4lZmvzSJ7 FMRVGmsDYkDTpZzgNOaxiUBQMcEvxNIe3nAmA+dvB7w6XRQVSUsL+vBFhHiWGZ7h k5sCeHElewXK0SyJADgfFlYq3EfEgZ13h4wtoSfbBVtzbbyg2LNegUCLfIJkc7fm T7X7JSxbjOgndMHEeMdVb+NFxbgsXYrYD8rC2A8l5cQzZrsxb1bvgybEJz+NU/52 UgGrPmdjJKuGBK/V2zor6qPvKyId1Gb4QQuIoyClwhZ+qk9nE4Eft84y7ISgMywH +lw87HrSHKfpqzQhCxlrLu53IYK/4PhE7BYC9Q4tvIsZXSGZ+nju4tyzERSlaNe5 njUeIENr4B/+kXULwVDcvMFHqUFJMkFai8FUga7gyipZ+654clGgJjnNBO1va8Jc dtdPRRW4gwdrVn8u8J78KBzt6ChkrpKRV8VeWKBk9lhcT0ZNpJnNqhDrkfzHBqP0 Uo133I7P7C+h9sNDI153W6IOIodyQE0Av1WxHo4y/1d1VeGDaB7hOSDq9ZMpm9n1 En7F6/1/s4IUZHja/qRrK9hD4M0Xq0LhFXuUzuipo49OMUAwGQYJKoZIhvcNAQkU MQweCgBhAGwAaQBjAGUwIwYJKoZIhvcNAQkVMRYEFKJTQdVEPIApFXwBI/Dnjq/N 83cPMIIFlAYJKoZIhvcNAQcBoIIFhQSCBYEwggV9MIIFeQYLKoZIhvcNAQwKAQKg ggUmMIIFIjAcBgoqhkiG9w0BDAEDMA4ECKq4DtyiayOyAgIUpQSCBQAKQtkPOS4s LE6Os7nP4RaJWBuyXl27V/o6TusBRBgQoPzP+aC+O99wgisEKedyB47bAzcO4sba 4q8UkERAsYHcEhdD2hGRCL7ou9jTtrr4RgZpa5V9CJcBO0t4bqy2lUefOpm6no+R X840uyM4q5Q+cfH1rTQ1a/a+gLglbptoEkH/4dfR3ELYiXcM5UrBYTJOHcyME8c+ TXbpf7kiplTtlsrlZyU5zrWcxngrBxwFA+O85W/uVR3QZSW+EGx/VCYwGruZlNyt BvBYjsYsnC+yKYXbqL81DgOePy+eh6VX64SwBLXcWcY+NK2EZrhzrUFjl+PXFKY3 IVVPJhTE9o7gJA0hzvAanOluWXozD3/WPQaXhyIJDwM2MjznjL2MBydpy9K8Cio7 XaV6PX8DszIZkfI4DAz5f7G7WbwUq3IjPPPWiUv+JsR+dnqzWDJ22SXc+AdQP2sK qMvP8gOpHOsVlXXE76c5rUcZCZD+gGv1avO7YttWqbDqLj6oQEIJ8LX0Qvwd0YEh etE0bJ5uv2njhQDhLkH/JIbmFSgJZeM8dtKHb8f5wZc2B+nXGB+TFboGzSuP7gaW u1vKsJNqT/J/FYEqcamI2F+td7z1sGfbR9ckAcxXeb2uPVbCJ1a50gRlz9qVm5Hb 5f53X7aoQQp3F3LDGQmJ+GFQ/oXXwabqn4TvNO9KDhxpGcMMU9RnugUfNU9GBec0 vfrzmVKZdmJ36HOmMnLvgRakRhCV3kGABXY83hwUv17E1qASLKcAWIachkCCGpBG yGtP2IOZTn7PsLJR1BzKnePa7MgFcgoCToIpdQnCTtAsalmBm1s480LN3GB5ojeG bQvNf9TAviA0tg5VuT4/O48V6uYSJsIZsawm3tGA/LjxyfV1aLddQT5Zf5ZX9BX+ K/PB4oYAFxtUpMK/aL5G1MvppUJ9CjqAtnoKE+EkdQmyZ1VoDO9ih44zuRx6XV4A EYafNB8ygjRHGsvPW0/M0Es0w16wzJHTuf/15fD/nH7Xh5MzhCF0CtvLn8v+S1Po i2/40O6pS2byjUFRbeCpzEpRxdv90LCb9ALdy0yG9u41W3yInKNFnaWBulfOPFCe ZT92M1BgwJA8ZcydtiiunRNAH5iWLSPloUpOD1v6En+rat+PoyRXIy2fLHBL25aw LhABoZPgRsCiLsiNiohfyngksrQKeRgOlaBMT92J8r1E4sUKirQlcOdiWBE6vmBS XzyN/twvfgPNIXgR0rw6c7VhhS+hNTrsttg/xcfvJ/bftDbKm+RZL+yQoOkkAf9R 5tizyMdMBlaMrpfrBxvNtMiykbZ88SYoA70Trwab2aHQluVhs8OjXGBEOqmSudcS dV1EhBpo9HBsDZZi0IwOp5/B9fCHdnThCTiUm80eQ6mX2/DB9LlNh7gHOyLL3azT m12D0ZpZNaXyxLzdiRiAdwpWZmmegOOG70yi0D5eIxh6cbnbuU6Ygdp+pFFVYHfA vc5Czpne2OPhXX2k0Okbwawr9AfrFjIfAEmBFx5GBGr/lSiUQSkbUC/s209YgaOg WTYt3KXPzrThJJGZnnXZRTGfIi6vp8RsnPX35+Dxe/Lp3gXDdIJeWG6XVA8t3fsp coTqPkm/XGNMmOZ81KX/ReVdP+dC93sov2DuDZbYGPmHlD47bOOiA68GD64DEuNt Q8MhWk8VRR1FqcuwB0T0bc+SIKEINkvYmDFAMBkGCSqGSIb3DQEJFDEMHgoAYQBs AGkAYwBlMCMGCSqGSIb3DQEJFTEWBBS79syyLR0GEhyXrilqkBDTIGZmczAvMB8w BwYFKw4DAhoEFO/nnMx9hi1oZ0S+JkJAu+H3/jPzBAj1OQCGvaJQwQICKAA= -----END PKCS12-----¶
5. Bob's Sample
Bob has the following information:¶
5.1. Bob's Signature Verification End-Entity Certificate
This certificate is used for verification of signatures made by Bob.¶
-----BEGIN CERTIFICATE----- MIIDyjCCArKgAwIBAgITaqOkD33fBy/kGaVsmPv8LghbwzANBgkqhkiG9w0BAQ0F ADBVMQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQLEwhMQU1QUyBXRzExMC8GA1UEAxMo U2FtcGxlIExBTVBTIFJTQSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAgFw0xOTEx MjAwNjU0MThaGA8yMDUyMDkyNzA2NTQxOFowODENMAsGA1UEChMESUVURjERMA8G A1UECxMITEFNUFMgV0cxFDASBgNVBAMTC0JvYiBCYWJiYWdlMIIBIjANBgkqhkiG 9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5nAF0glRof9NjBKke6g+7RLrOgRfwQjcH+2z m0Af67FJRNrEwTuOutlWamUA3p9+wb7XqizVHOQhVesjwgp8PJpo8Adm8ar84d2t tey1OVdxaCJuNe7SJjfrwShB6NvAm7S8CDG3+EapkO9fzn2pWwaREQ6twWtHi1QT 51PduRtiQ1oqsuJk8LBDgUMZlKUsaXfF8GKzJlGuaLRl5/3Kfr9+b6VkCDuxTZYL Zxt6+a3/QkaC3I9m2ygPubtHFJB5P5+s8boROSKm1OB1gsLow8eF9S7OtcGGeooZ JiJUQCR14NaU5bIyfKEZV2YStXwdztoEJJ2fRURIK+8YnwlB3QIDAQABo4GtMIGq MAwGA1UdEwEB/wQCMAAwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMBwGA1UdEQQV MBOBEWJvYkBzbWltZS5leGFtcGxlMBMGA1UdJQQMMAoGCCsGAQUFBwMEMA4GA1Ud DwEB/wQEAwIGwDAdBgNVHQ4EFgQUF8WEe9Cn73aQOLizbwi8krWeK5QwHwYDVR0j BBgwFoAUkTCOfAcXDKfxCShlNhpnHGh29FkwDQYJKoZIhvcNAQENBQADggEBAG7e QY6Px7WZC5vCbF5hjOitxoz3oyM+LRcSTGWoYXdmlwsNUzy31pE3dtADvevRtsP8 uN7xyfK6XZBzhShA/BtkkqYGiFvXDpluOxWmqC0WPmc1PNK2mHil+pGMfvnUwnxd 6gKcHED5p+bUhDyIH2fy9hGyeOUs8nvi+7/HwBipN+nA/PfsPn+aU4l1K6qDoG/i kwyuiWcFFlc5yE5rkAe2J0/a4+HtzNmTK4jB/4GbyI6xlUszPlEqKE+Es10Xut/y UWL5nKKaqpRRd07Pq371MpFQs2+zXt4fGheKzZU3XXrIPcAPyJjWiyU1DzpqgSJM OIp/HtXdFscHb9+Qic8= -----END CERTIFICATE-----¶
5.2. Bob's Signing Private Key Material
This private key material is used by Bob to create signatures.¶
-----BEGIN PRIVATE KEY----- MIIE+wIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDmcAXSCVGh/02M EqR7qD7tEus6BF/BCNwf7bObQB/rsUlE2sTBO4662VZqZQDen37BvteqLNUc5CFV 6yPCCnw8mmjwB2bxqvzh3a217LU5V3FoIm417tImN+vBKEHo28CbtLwIMbf4RqmQ 71/OfalbBpERDq3Ba0eLVBPnU925G2JDWiqy4mTwsEOBQxmUpSxpd8XwYrMmUa5o tGXn/cp+v35vpWQIO7FNlgtnG3r5rf9CRoLcj2bbKA+5u0cUkHk/n6zxuhE5IqbU 4HWCwujDx4X1Ls61wYZ6ihkmIlRAJHXg1pTlsjJ8oRlXZhK1fB3O2gQknZ9FREgr 7xifCUHdAgMBAAECggEABcQg1fTtieZ+O/aNdU149NK0qx97GLTBjIguQEDDBVFK 2lu4PhBg9AdgAUqLH1PE+eq65JaGZwvFH8X1Ms2AKiRzYsPOQIoJ4n1hc69uiEN9 Ykcv4QHOvvqtCtWYjJyb5By9WPeLH6QynJ6FlBoSqxhURSWyYfTuwqt1OHEhsUuH d3N5BmbFiRBNj4aIA9zz+i5xL0m33kMKai/Ajj3sI0AJsZ5ZVAhYbC8sCt1Xevb6 i41p9S6GSwGC19by+1y9WC1QGtb5GDotvChMvmZS/O3NeDc6xC/LZoQcHNVgiZd7 f1g6iEkJlCYK+D7xsd7Y630w75Haj0vnlhiJObSA+wKBgQDxv8jp2D6IVRGgYfaC nUU3Mg70wagX1fgPHO9Sk6e9c8CgORh2uwWjpTawu88xBGFyZ+xnWqr7GCNsltas 3m94ri4A4R94+5uL8+oOLC26gMDfzATd1Q3k/h919YLk89tonQEUbCFZJdphThEb vg2W+nNsEVcQGuClzhX0AyGMswKBgQD0BYk3sdGQbBA/hYD1EYsZfYebUiYv2lTt VGRgTohKFclRAWOtGP9YRbKyEVkBLhjgkXzS9xGqKywP71z9Iny+zDGbzk8ElB/g lS7GFGX50TG0ISfaFWTYdxt4mN9pduZE2blT/26uyU8DXCEBhF/OqhwQjJqKTYTT Rl3Ara5fLwKBgQDQyVtjIyD2q8naY2D8c4mo3vHtzyc21tQzcUD8Z4vSYps1hbos KN/48qJmRv3tjqP+o+SXasYKsFE/4pIroLxTVNNkbQm6ektfttwpO1yPG834OwLk 97HVWOig/tX6mOWg1yBsm+q9TKTrrvm1pRGlmE6BQgSYYy4r5O4u3VlnYwKBgQCl B4FvWyDhTVQHwaAfHUg3av/k+T++KSg6gVKJF1Nw1x8ZW5kvnbJC3pAlgTnyZFyK s5n5iwI1VZEtDbKTt1kqKCp8tqAV9p9AYWQKrgzxUJsOuUWcZc+X3aWEf87IIpNE iQKfXiZaquZ23T2tKvsoZz8nqg9x7U8hG3uYLV26HQKBgCOJ/C21yW25NwZ5FUdh PsQmVH7+YydJaLzHS/c7PrOgQFRMdejvAku/eYJbKbUv7qsJFIG4i/IG0CfVmu/B ax5fbfYZtoB/0zxWaLkIEStVWaKrSKRdTrNzTAOreeJKsY4RNp6rvmpgojbmIGA1 Tg8Mup0xQ8F4d28rtUeynHxzoDswOQYKKwYBBAGSCBIIATErMCkGCWCGSAFlAwQC AgQc9K+qy7VHPzYOBqwy4AGI/kFzrhXJm88EOouPbg== -----END PRIVATE KEY-----¶
This secret key was generated using provable prime generation found in [FIPS186-4] using the seed f4afaacbb5473f360e06ac32e00188fe4173ae15c99bcf043a8b8f6e.
This seed is the first 224 bits of the [SHA256] digest of the string draft-lamps-sample-certs-keygen.bob.sign.seed.¶
5.3. Bob's Encryption End-Entity Certificate
This certificate is used to encrypt messages to Bob.¶
-----BEGIN CERTIFICATE----- MIIDyjCCArKgAwIBAgITMHxHQA+GJjocYtLrgy+WwNeGlDANBgkqhkiG9w0BAQ0F ADBVMQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQLEwhMQU1QUyBXRzExMC8GA1UEAxMo U2FtcGxlIExBTVBTIFJTQSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAgFw0xOTEx MjAwNjU0MThaGA8yMDUyMDkyNzA2NTQxOFowODENMAsGA1UEChMESUVURjERMA8G A1UECxMITEFNUFMgV0cxFDASBgNVBAMTC0JvYiBCYWJiYWdlMIIBIjANBgkqhkiG 9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqtHAlBNMiBIk8iJqwHk/yDoFWwj8P9Z1uYdq 1aqIuofvjoAyjdA8TbsBRGdmvaIOSQOepsNjW1ko7lE8HlDs9JHn1E+tzH3mKfn+ G2erY+alkMJTXPvMAUdCA8+e1OJ7k91gYXDpzIWrP3Kc0xTlsJ8tGJ6mhydJX3wP 0/HuyHpfKQQfDusPH8S5yidPciWuB7Wj0X4xY1pUAz2rSSAlnGvhEzKFbW43BPjY XPUnRWMtXFya1djq6Eb9M/klbhdZheDLLsjLUSXYU70r9VXGM/qcjd/NhWYphCeB cqswaM5mXLYdm0mFmqoecF62mUE0DiNdhwKTtnefd0cll+D3FQIDAQABo4GtMIGq MAwGA1UdEwEB/wQCMAAwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMBwGA1UdEQQV MBOBEWJvYkBzbWltZS5leGFtcGxlMBMGA1UdJQQMMAoGCCsGAQUFBwMEMA4GA1Ud DwEB/wQEAwIFIDAdBgNVHQ4EFgQUSrOsMVMCSZxN42554CVhlT6IYiUwHwYDVR0j BBgwFoAUkTCOfAcXDKfxCShlNhpnHGh29FkwDQYJKoZIhvcNAQENBQADggEBAC2c Y8FgaxgB+Dx9gAFj35ae1vgzYiWI3Ax3FSxogo/GzpK//LB4215oeBuKXbm0ixBn 4nojxD7PMlM0i+ilAvVNJNaHY9TtgIgq8V/C0C7vL8SdBN01e5ZRI764ohu9ivYv Ixvvt7gzvSTpe+NUT1i09xNgsC8v19WB/BwkqMAgDqMxqCxT4fyrvVwpxNBke75j E6Q3xCjfdOWYcfMLK7EsTSgimYuonZjN7v/yqTdjn/iVH+agL/2MlSfiU36w/Yf1 7EM09uKGH/Javh+2Vjd0j8rE/q2Iaac5VI91M6xz5oDZUknycBKKinR+nJWMt5AK UAaL2Mjl3YtrUGBpxxY= -----END CERTIFICATE-----¶
5.4. Bob's Decryption Private Key Material
This private key material is used by Bob to decrypt messages.¶
-----BEGIN PRIVATE KEY----- MIIE/AIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQCq0cCUE0yIEiTy ImrAeT/IOgVbCPw/1nW5h2rVqoi6h++OgDKN0DxNuwFEZ2a9og5JA56mw2NbWSju UTweUOz0kefUT63MfeYp+f4bZ6tj5qWQwlNc+8wBR0IDz57U4nuT3WBhcOnMhas/ cpzTFOWwny0YnqaHJ0lffA/T8e7Iel8pBB8O6w8fxLnKJ09yJa4HtaPRfjFjWlQD PatJICWca+ETMoVtbjcE+Nhc9SdFYy1cXJrV2OroRv0z+SVuF1mF4MsuyMtRJdhT vSv1VcYz+pyN382FZimEJ4FyqzBozmZcth2bSYWaqh5wXraZQTQOI12HApO2d593 RyWX4PcVAgMBAAECggEAEvPt6aAQjEJzHfiKnqt1U7p4UKb5Ef4yFrE7PdTLkeK2 RjncIhb6MeevVs8gO6co7Zn8tuUT95U3cOXLhVOWTvaHYeurTXaknICz3IeOoSl8 skiVZko70uJ8pR6asWUlr/zOjlEwZ7RnEUWet97oM0YeA07LDFDkF7eUq//6bfzT ewr/QfDDsv+erwJBh+9CRHOJyTuDH1WeGxYV8VK3M6VhdTjFxXxFhrQ4pBe5J/UA 17Bd2GM8Urg6VYzVo6x4ajnc1H/ezYLdc459poTffv6Fg2trqFVAj2IrQlAeqjda lemsa6Np801mUGknq3fjKS13RYGBv/48rCHOT8eRgQKBgQDM5TuS4ANQjOYoOgtF xoVjbVlndOo+SmdFkZihzQHxcbLY9HXe5HlbLf1IMXz/nERxl+SmYuuJk0EdiM9r HOCcHRLfBmC7t0GdVvLDHSAX8Ec47LbtKZqyM1U9dn7Z+5q4iywqpaP8pP3+oY57 cgtQax1jle3xhRAj65cl1RBmQQKBgQDVbLqK6wKDfSdZuMZGUtOY0rtamBDCgEU6 rEqBAyCPy5NpF1pomUFcYKWT/wbReFqtuyq2OyiATB0yHHMko46BUtN7qX/m/skt DHWXVWs1+G4IgEMVokM9jjrkgdY5grrJ68sagKC+bgv35BizHPIqgQuO6qnPSrM9 bevwbQEj1QKBgQCiPE/zeBSnzyjeaTdLxGkR1R+ZX2WqdNdYqnQkiWMkflaSmt5J 4raEj+GhLC5BZsZ6+z480M6XXFWOwSkbMv5WHl824KHvgKcfoh0OiR1EVyjN1gDx wKOQvjycMhs3FpXn0arjCczS2wGSgPGEpUR4JJhcpfaF6kphZsWDWzVlAQKBgQC2 ivbKltNhj4w2q1m7EGC3F5bzl5jOI1QTKQXYbspM8zwz6KuFR3+l+Wvlt30ncJ9u dOXFU7gCdBeMotTBA7uBVUxZOtKQyl9bTorNU1wNn1zNnJbETDLi1WH9zCdkrTIC PtFK67WQ6yMFdWzC1gEy5YjzRjbTe/rukbP5weH1uQKBgQC+WfachEmQ3NcxSjbR kUxCcida8REewWh4AldU8U0gFcFxF6YwQI8I7ujtnCK2RKTECG9HCyaDXgMwfArV zf17a9xDJL2LQKrJ9ATeSo34o9zIkpbJL0NCHHocOqYdHU+VO2ZE4Gu8DKk3siVH XAaJ/RJSEqAIMOgwfGuHOhhto6A7MDkGCisGAQQBkggSCAExKzApBglghkgBZQME AgIEHJjImYZSlYkp6InjQZ87/Q7f4KyhXaMGDe34oeg= -----END PRIVATE KEY-----¶
This secret key was generated using provable prime generation found in [FIPS186-4] using the seed 98c8998652958929e889e3419f3bfd0edfe0aca15da3060dedf8a1e8.
This seed is the first 224 bits of the [SHA256] digest of the string draft-lamps-sample-certs-keygen.bob.encrypt.seed.¶
5.5. PKCS12 Object for Bob
This PKCS12 ([RFC7292]) object contains the same information as presented in Section 5.1, Section 5.2, Section 5.3, Section 5.4, and Section 3.3.¶
It is locked with the simple three-letter password bob.¶
-----BEGIN PKCS12----- MIIX6AIBAzCCF7AGCSqGSIb3DQEHAaCCF6EEghedMIIXmTCCBIcGCSqGSIb3DQEH BqCCBHgwggR0AgEAMIIEbQYJKoZIhvcNAQcBMBwGCiqGSIb3DQEMAQMwDgQI6NTC of68mzgCAhQXgIIEQDuXJ0vv86loQC7vz26FjGylSr7mt6epUVNUtlEn9tbsIjjw IGpu0eRzEk8ezAfzL0R5NaeVKkoFDvihn7NOoclhWPt66SJmiss54pRRkrVlTVwf qY9tHeWQShQQjBU0suq9MOIJYZDfsT+aFJJNVSPNid4mj8npvP3p5d0M7Jh8kQUp Ia+/YWQD8KX7GtJ6ObyhF88gxuWs0a5GqXqE3qIC3ULOQVE13SORmql5Tvxyr9iK f/J9pfWmmr7uHsztBO9mzze872PBQ27Zgc2sojR5FcxHZWFQvUxRkjzMGDh/QC15 5j+Nc+eke8KJSh0PoO8/RPbDjbPekPd1JKvAr+eU/ksw205ldcZqVUVyQTLFghr8 G8thAh/SzUPeZ5Ag6FLLCxBuaj8HDyFC7hIoYjaNuPd3QxtTrgAuDFzB6+SlEfGj MFxd4m1gXJYOm0OaKE+rRAHZ8KtGnr43vK/QAnSkW6G1evZc0kcAW7fNfAg8Oqzk J84xBrc9OwF+IFMYJteYEGcsb49Djzb5QDwusMDQ2SBJatNsFNMTv8+w79toyMWd fEaqmdQ6GvZOf9rNNSWVgT+g7EGAEUtA1cXrz5cuHdFN5qcKM0+948++A59BB9dw 2+J+YSZ/3XxUGP/4zFwJE6ZgrjZYl5h9uqxE+tABVZVvtv16hJgXojFlyRUe6DY7 Mxt0a/NomXzNM/cXrqJ1tnhaCSTBdeUSvgQi2U6k9y76Jj4Mc1T7tUG7rZHvyAyE q4WBZ6U+GD89Agrg2pSn+zVS2BJc68P1WRRqsX87yaD60UuGuoIphCkYnxfSCmdX O3aZOG3/3l37FkViFooPJ+91t455P2vyiDS0gfUffpH+jWyC6c4lbs5mmQW/HlMy cKNbIzvlvRhC5xwgS6T8jaJjMTSOdX6G/gxIx+JOmPpZT3uJ1IQtn1Kec0uhq3B9 i9pBQwPTzzE0oLac9QHiVDl7EWWfAQQENSKuGkZ2yDx32sdLU62l1N6w3anUIv41 cAZjqEB5AWpDPCO/9yVtrpnN9FfFx0q4XC9qkTCwFh07YSXrZ/o1c9XO36wZ9Osp YI3M4bWFDXOdMiNr/RxnBC/cOs3UsYgpnV7Po5hSmxb5Ncew6g7YN71lkY0UXk0k 5zCkATF2Qu9wfA35BX+N4eghN5ArQjgS7so6ohw9C1egknScU5CiJJ2XsXGKPxsw L12O+kQRv5/s1QxGbru2C/oKeQnBR8cuWrtYXFLHXhGl8i8pcX0OO6ABYRenqJsq EDJf5MppbN486UivL/mq0dgHHpl99rmtXJaBaq+aSF8bZGZUOTMOcI0mhlq2kcWT F1wrwFt7iMPAg4SxJTAFaxnIlLvesxGQLWvnaQyK+l4Rua9C7HxONrp2tDh9Qwie Yo30dRbOQR4xD3SEHloH9UMei2E8hXMztS5tPFIgKuiTVqQid26C5rcP7kV+MIIE bwYJKoZIhvcNAQcGoIIEYDCCBFwCAQAwggRVBgkqhkiG9w0BBwEwHAYKKoZIhvcN AQwBAzAOBAjEoygdzjeRWwICFCeAggQoV/qxKd0svQ+7Pkd6VDs7zPVlHbxynt78 MAz98oshJ0OyG5RXL++heW2+x5u6lmNhD5LjgLjcUToGCYDwJFzqI8QiwgCvcpfE obiCI2+Ev9FZ7H8gRsASIP1DDaiYXuO3xJrAaQM77uLek6T18X+BsmvRWzRpN4Hi JyKFPX5mcBX6AgFaVLJKhZ/GXcTuxFga8uA2sFzxridzgW3120ghCLDx9aL/8JVo 9DaxMqo8aS0gL1yasjidAd6bkiPnZNztEIYWBHy7jq468KjmxO6XL3sn6VOIgjRL PSSYcPKktZWhxlQgEg+OdOLzli4PqA/7ILbcPQ/wk6XA19uzmxTO2zhk8lBaGb+p C84Kf2cYaI1RkpHzEmqPs3EpJMbBhwxVT7Gw2nfTmMIKCUfRfxCqtWOhC3pEo/Nn 9MnZq5iqb5tJ6tUAqSkXYN+/JEM5g9Yf94m5JAlbnxYDMhWU5Mz0v00hxCd4jn8/ fK0st+vTPpbIFXH6XeKrGwYyKBluycM2jExXsjbLnX2aINShCDuxn/LOO6hYGkcc 7+G/kQjacDlbdJ5LtaZwbfU7p4AR+OxaqA4lr5uk+OFcMW2lF+Bbwim2F5gs3NW3 1KDtsrgyHTPNal8vjuWtPmZhqBR+0lwmTmaGdVmG0Q3EOthXPmB7k/iRobS/JwFV oi0u6wkwelCkYplObE9RqCjx78Xts+0M/WVlGkjnuhWthv8pvK8L3C/eQLVXLlrn Yf2DlWVQH64S3U/TjEwVrOVNpfqAST7KJy85JWTnShGqySRB8h+LYBHa60YiCBg3 Qn6ZOn/aJN+dxOm1JthNJojB6DSt+gEIDr1XWQJjmiy2Bg4DnM8wRa58jfxWi/wH a8tHGpq8DdJhKRIWvOK2YveUQ01KWVAxNnzYmREGHQGEc9d4kp5hBltX7Xh1+OWT zDa9Zqgq0+l2SffVerERsY0KuCo6g7DCOieyDsWJEtKF3LsAcYclWq7X0RYk5ta0 MKcG4kXZ6KJOkTynZQTtuBOJ8t7g2u0PxzxZxgLit2ukd5zm8KIdoTdUgz7Q5ZVO ukxK4S9mn6Slfkea0k4mxRh6wttcDJ5jr7yv5iEIvQ3J2XqH64W70fm5tbD3l3W5 fyaBxTpmb5rX7oqE0WOjtr1GVurbydUVnvBD7Jxir5tmnGsdUvRPeGYy6x4K86wH b7IU9GEqyS44J/P2p0s+6/tOCtiS1kGRGkf5UEkEqmKu0rzhZVBx2ImqjwmOqy0c xYnPItLdV6FVRX0Pvc7ROnqdRABpNo9bClEENR80v+hnqyh1MARDWOdUCZtccf6l ttG5ihCcK8LunDF//qXcgFZsRvSwzAWhJkHbubpAJmkbDS7Zv25yvo/bG5VyXGqF eAbSQHM5JJQWy9daTEeo41n2tyZu9Ubjxo7w3QhtF3UwggNnBgkqhkiG9w0BBwag ggNYMIIDVAIBADCCA00GCSqGSIb3DQEHATAcBgoqhkiG9w0BDAEDMA4ECCwvAkUo pFtUAgIU0oCCAyAyxF7F1HQNryZd8PlbEy/f1R8MWtVQDEIJ30eTlaate/rS5RO9 9MOlglCc43bhk6iHzZuJ9FV/fWlFaJ6JmFPkyLPif8Rn/9EFTXGVq7smLvk0POCU BBq/rI378tu9DbVT1JiWULvvD4bzwvChBSTlzNUo5HGRNfS/J3mLmm35c1ETYktH L05NM86Yv2RUiTpRYDDK99heCYRwflrV6CPv+pJ5mNtniN0L4VtIPhSNczLoUZgL hraX4qqQ82NN9VR+WBoQjvLfJSMtYxqCxkEc7uKG/cu0EJ5QAv3ufvTLq5TajXRd Yb4Vvjxuik7WLKK4lXSMyFgvgY/NRL9zLFETTEJgpDHcfYgMmSKVy9gxZ+8S6i69 8okItTqJxnKZM1c/C+aAVaQb+ZiB805ntsp06zCYQljN4cnIlaMphAqf6ht6eg8M 77I2/ZTnDw0ED/0ZGVvNKoqSE+Twito4KcZ3b9e8B15gZYhtzoE62x4kHEYYqM4+ TVxey+9pkTGK5Y4xeDld/WiML3t/7G4jdub05Wwnu4YzqHGqKFV6gFgLqSAVlWvU Ytn5/Ox+MjHet0tSU4ByIkbjL8G+nInc9KFBZ7udc/Qwqsn394BT0k/b4LNSvatK JFl1z/VlnA//DyiGc1l1KWqBPLJ+0Bq0gzKse9bCFtNuYPnQf1INuRuCjxhdsCbu CMgu2r3l7lVRscL7KbpD//cjjWza7C816hzZ21TJWLAe5HxmLs7Etnpu+/R7LwYI jpeQPVTNzdnt7FM+bf4rWwkxfoEx/lSvV/Fdp+WGrMZ7+2VK1PHThIUo9yJRN30z aLpRyzLR5i9qt6yyk1cLxtztoBIBmb/GvJEXEOWF80r92+LlI53sHdnqD+0+mgRE LfnsE6vCQE5hyI9lxXalyqVUdspAsMQA5Zs94fctvZ27UzVtE5EuY6X9/4UrE7Fj bdg7jWHVbGO/KvMa0UvgRxbglAJLAN6CwdMT1Cbca01MrmK9pcZBMKuJDcUibmQO mzeunDJBT+BVbNRSo0zKAAfEWonFNgNdqjE9uMXzlhaIbGFlDxXhfPt9NDCCBZgG CSqGSIb3DQEHAaCCBYkEggWFMIIFgTCCBX0GCyqGSIb3DQEMCgECoIIFLjCCBSow HAYKKoZIhvcNAQwBAzAOBAh3So2X8cem5gICFDIEggUIhIUw+YkTW0xCm9S8Kn3k Fm6mI68Da4CD0b/5H2QU0UaMg1DT05TwCybWFIsjdEmHhXALvxQ53nTZyIEYp5Jf 6ICOwXBm3Vn5TL9472L6e5RPG2li1IrowR0nzFxr7oiSNWMhmv9NZbBNtHbH9KfT HCMlouIhOnxFX+yP8YzGfiiqNLgHX7xEVWVhLBglJeet6c1xxMHR/b7z2DuI6k3U p5NArfNwbZpT/SzLO+jqBwfFsMPXa1jmqi3W+q0xUt+obsfb7jK7ha9e+oegW7yY fklgXJObY0YxuFbiJYJb+vnOb/qBiO15/b0xifxA/R6X6cv96T79I+9fvUOHQnQ5 bEKXFymxd9FD2UtxcWAOhD7R3iwtPGNx4WgEOe2nOPBP4OXgk/Rvq9bTkF/1mojn MN7oer90NsvVEEx0x6Yoayy+ncolfxAeui9LJ6Cso/bYNA7fw9GvEkC9tSCiO65L He9O1qHss08eXUi4Nrp7zh95T5/sC8HU+blhj8asE3ofJGb8l7SrAREoVLI4D3iA xHE7E79i5Lf/J/3eisxZXdL4nU+4bk3fuZqqScQL7BlkZPtzcDJTCcoRG0jvNCA2 lWvzfwzrNmo5SWHXQ29It5wpGFJPRKFRIdg88GNxGwzNoxye1pnaQR/9JCjL2RSW RhuS7bIXLKC8DlLlCUgzPoiD8UEPBhNcX7OiOSlgL0KW70qcH+jqVuSq/3t6kWlE i0fL2OZU3s8r0hq34nuXe4pkO1VUTafZ4nOlrLFYsLj67+P/abtH67LUYgI0xZQ5 VcywY0BN6CrxCKY2Dgkvf9+YtidysDkS5tfDMYmSEQyAORJVHKvipXeMjTblV5v/ FhgoxXCS/FeqzEHQLioCxVsnluEaE4KukXBdJYpUJg26kuTp+kY/plzq9hLU4aF4 37ah/yIwI97SmulsM799Ru1tx0bigIdoB354sj6S2UcSQaEXAEf8i3ljXvK63zC4 pDA4i37IGUqHVaH1I6bmmPqBgw3jNW7NMNUsldwawSbDAyRAw2LtI62U4DL6B6Lb 1Cri2oAydd6YogP5eGYxfYEpjzIQ+jmElUctKPc63Fc8OVINytooTi6o/SIwDovp WT+6liQ8M2vNcH4NSGitMcp98K1RnlstAErNtNf+pfe0NoUP9f7xpajiEFKjjTtC FHY2eOrdaaiZG9xjOuviDmJ/4gvtdfCjpfOrwtqeYiHFvmWYgxiUfMFvuMYTYGJ9 LdVS+rWYrjC+srQi2lPyci8JzRZFG3SV7OktujZFHANqpRVF4mFBV+hR7AYouU89 BpkjFSkOFSOBQF9eEbK3O+6iiWYznrDie3CW2chuK7eeYEj9z69xBKJ+pfNuji1w jx7UiSd7Wfdhohc2MKPuSJYVXCK36xeN2sh0YpmFX0o23PL41XooO9M1oTKGxPNJ u1O3gGOV9Oeczd8+mta3OEM0TbGhA/Uwgpq8itG1CkL4nzaH3Gt59l3bL7ACyM5X Pl8eve57SsQcarGbLs8pN3KBOC8p/ETo24WZdDJSzzAf+Kk/ObsXgFcH/u+0bi4Y TnnrZg1O4Eiw3WJHpaRshAwrt1l4wK6R5QDIMRS2WxTzW1k+CuP13LG2c6x+SexW zMwhkDCrNGVubXnfPwbwUGXes1+jMr4vWkklFSFJG5vR0ol8wwVbTFt/cFgv0QjM BOsZDYlXzziQAoERKa6EBvl4d/ygICU3KzE8MBUGCSqGSIb3DQEJFDEIHgYAYgBv AGIwIwYJKoZIhvcNAQkVMRYEFEqzrDFTAkmcTeNueeAlYZU+iGIlMIIFkAYJKoZI hvcNAQcBoIIFgQSCBX0wggV5MIIFdQYLKoZIhvcNAQwKAQKgggUmMIIFIjAcBgoq hkiG9w0BDAEDMA4ECJJKzeDj9Jy9AgIULwSCBQDqW3Z5nt8HxRRIJlcwYDdGa8lE TK58VexJYzhLMwO6OtM0J6JyhKcknJYIWL754aozGhFh3wJfP0YJ5u2x6lWeNJwW 1mRW8htE5MR1FntBeQC1+KrhmwDXhPe03/r1yiefs6lq33MuB2N9WZCCKr7SLcFA 0UdVZNM5sbm34/7c2QMbl/yp20mE8dypNsjVFuUX9ermiBkTQiNdp5mENpYkualW I22asZVowGOQdIgwnW238RMO+Ai8/1tY3H7kvR50aziujLDwVY9LDRZLEsmD5YXt BR9BjpGwvPMx9kq2pKvpbVamS7N4jdEWdMNc/v0/hl/ZIBmxroztkd+IseV3ntJH gCufXSNzSjb2vOUB2Ouu9mH9J2wpIW80Q9g297aOoV+MOoWrqkjJzcKz887/MZ9z UeTBj8eLxUgvw/udhCt7t6C+xfyNqvMEVKRb4TAKu7f9vsI750n1fXkIuS7h9qQV H1PKyVCl+WmfV4soJ71UVW86oMdow09PCmzIDAut0mRJ6640Tez7umv+PJd3WLk/ j8ge3RtFP0S5sQ4fyhmaP43ZkOJkybLvap1EW/OLPaqd/rSS1sLQwdQ4kaqJlouG 1iyVK8pLgobITNwZfRzvOakKTmo35dQkYzixB2zuJVY7ZXuiDD/7sWRNfcU8J8XT z6Y+p5Cr+3MKbrWzw5agJ9+TtH1fORqr6Fm0bvgfhVDl5lGgBQNTgwg+2Gy+qFoF qVoFwKpnCRutB5rFiUHW7B1fKp9RL9BZhdvNfTb5tlvDlK06uiemwI2nvnEQabAN Toc8eZ6d6yqrlSkYj4xbyneoL7ydkViKt5gCB5+F+diTt40IN5PDJKLkemUOdwGy BTbWvcwAFhL5hChoHQguJOqG1J7zq6Hsh4H893s5gVWBOshfadz78vwE3aPnCZ4Y ZX/e9uiVsq67N7EblcB7IcE15y1bR0H7MXoJXumjCJx0VxZbRv228NrvUsFx+mFn so6xsGZCrH62hkqI9lSdlRyCLxd+vjyg7xQOIXqVTIeGHP/Kie0SJNzYf2bsdrNU A1EtlA32ti+My8eko2X1PFYCg3mX9NY3XoPJpacvpzZ5Uj/ie0Vnl6q8S7PdOjqx YlT7QBk/qPGKCiIYyG+TRKDLNr8vTNnOGVUVxsp5vp36Pf3vaCzeddrUvd6P7Puj 1ymz4dmvd/OOuOCtZ9lFiOqD9bHZ4BSwJR6Myr/jrprRIBGQn7QCqFDSg2N1lXqa 1tqxKF7tRJIkq2UDQmR3Sgiv+wdQGlGNRiwNGZmNme8O1kRTbT7mCjmLfYWD50z6 JP8q09HS+1gXfYqfbvDLQTHMQl/fxL/zmkF8xlMqtoLSIDkNvesyiT9g/JwN9X0G hanzi3B3kMWI7lqkhO+If5SNI7Ct928YQTEfPEm79J1UGmXZBtdt9lOKK7M5b6F0 5TCkOp7RN7SXw+UGYx53kUspR0HNwqRa7rqXT4RodxVcnghGT4qA/rb1uQZZzWnv TuuZolIhOxpdmhJVZdQoEWVx/w/EERdNLivqzHykeiv7OiSy4FhrgWWmWipJRB2v cgezn/v8XSIG+KJKRLzyfx44P6senjcgmKRBITgJ85rU/uoLNGjLjEfwQb6x5Lit KqNfcqN2PB3q3/Om4Ft5BeWk2uGXAObLe98s27rZe0iOT5eqyftyiWlMXLS0bIkg xSrxDA2LJW5Gf8F58zE8MBUGCSqGSIb3DQEJFDEIHgYAYgBvAGIwIwYJKoZIhvcN AQkVMRYEFBfFhHvQp+92kDi4s28IvJK1niuUMC8wHzAHBgUrDgMCGgQUFQ+BtZ/3 gX+Re8eKDEP/OBp2V1YECDNLqWo6a8ZVAgIoAA== -----END PKCS12-----¶
6. Example Ed25519 Certification Authority
The example Ed25519 Certification Authority has the following information:¶
- Name:
Sample LAMPS Ed25519 Certification Authority¶
6.1. Ed25519 Certification Authority Root Certificate
This certificate is used to verify certificates issued by the example Ed25519 Certification Authority.¶
-----BEGIN CERTIFICATE----- MIIBtzCCAWmgAwIBAgITH59R65FuWGNFHoyc0N3iWesrXzAFBgMrZXAwWTENMAsG A1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxNTAzBgNVBAMTLFNhbXBsZSBM QU1QUyBFZDI1NTE5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MCAXDTIwMTIxNTIx MzU0NFoYDzIwNTIxMjE1MjEzNTQ0WjBZMQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQL EwhMQU1QUyBXRzE1MDMGA1UEAxMsU2FtcGxlIExBTVBTIEVkMjU1MTkgQ2VydGlm aWNhdGlvbiBBdXRob3JpdHkwKjAFBgMrZXADIQCEgUZ9yI/rkX/82DihqzVIZQZ+ RKE3URyp+eN2TxJDBKNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMC AQYwHQYDVR0OBBYEFGuilX26FJvkLQTRB6TRguQua4y1MAUGAytlcANBAFAJrlWo QjzwT0ph7rXe023x3GaLPMXMwQI2Of+apkdG2mH9ID6PE1bu3gRRqIH5w2tyS+xF Jw0ouxcJyAyXEQ4= -----END CERTIFICATE-----¶
6.3. Ed25519 Certification Authority Cross-signed Certificate
If an e-mail client only trusts the RSA Certification Authority Root Certificate found in Section 3.1, they can use this intermediate CA certificate to verify any end entity certificate issued by the example Ed25519 Certification Authority.¶
-----BEGIN CERTIFICATE----- MIICvzCCAaegAwIBAgITR49T5oAgYhF5+eBYQ3ZBZIMuujANBgkqhkiG9w0BAQsF ADBVMQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQLEwhMQU1QUyBXRzExMC8GA1UEAxMo U2FtcGxlIExBTVBTIFJTQSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAgFw0yMDEy MTUyMTM1NDRaGA8yMDUyMDkyNzA2NTQxOFowWTENMAsGA1UEChMESUVURjERMA8G A1UECxMITEFNUFMgV0cxNTAzBgNVBAMTLFNhbXBsZSBMQU1QUyBFZDI1NTE5IENl cnRpZmljYXRpb24gQXV0aG9yaXR5MCowBQYDK2VwAyEAhIFGfciP65F//Ng4oas1 SGUGfkShN1Ecqfnjdk8SQwSjfDB6MA8GA1UdEwEB/wQFMAMBAf8wFwYDVR0gBBAw DjAMBgpghkgBZQMCATACMA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQUa6KVfboU m+QtBNEHpNGC5C5rjLUwHwYDVR0jBBgwFoAUkTCOfAcXDKfxCShlNhpnHGh29Fkw DQYJKoZIhvcNAQELBQADggEBAGV0x0OEzgYlRKixMcztiikxxJDbmRat1pcipD15 1n8kiBoGhsT4fNZJVoL0OQBa/WTMntL+qcAk2itqZCNIeZeGklUljXBAz5tkDRAF f/v99LEcsZTcuIbnJqz35danQkp4/upG4hPkfx+nbc1bsVylrITwIGOpnGhz7z3m VCk03DFE3Qt4w9mlv9yuMse33nmsBGXog/XZvM2JRY0iKt0xksQqQD9uYm7MoMeH qQs3Ot7EaoPj54xyWvy42run6TLUye64D94SNjB/q/wjL96bsVIKGrRn10T1ybCh 4F5HD00hQZgP15Dlb1rg+vskN8MSk5nuD+6z1VsugioW0+k= -----END CERTIFICATE-----¶
7. Carlos's Sample Certificates
Carlos has the following information:¶
7.1. Carlos's Signature Verification End-Entity Certificate
This certificate is used for verification of signatures made by Carlos.¶
-----BEGIN CERTIFICATE----- MIICBzCCAbmgAwIBAgITP14fVCTRtAFDeA9zwYoXhR52ljAFBgMrZXAwWTENMAsG A1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxNTAzBgNVBAMTLFNhbXBsZSBM QU1QUyBFZDI1NTE5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MCAXDTIwMTIxNTIx MzU0NFoYDzIwNTIxMjE1MjEzNTQ0WjA6MQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQL EwhMQU1QUyBXRzEWMBQGA1UEAxMNQ2FybG9zIFR1cmluZzAqMAUGAytlcAMhAMLO gDIs3mHITYRNYO+RnOedrq5/HuQHXSPyAKaS98ito4GwMIGtMAwGA1UdEwEB/wQC MAAwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMB8GA1UdEQQYMBaBFGNhcmxvc0Bz bWltZS5leGFtcGxlMBMGA1UdJQQMMAoGCCsGAQUFBwMEMA4GA1UdDwEB/wQEAwIG wDAdBgNVHQ4EFgQUZIXjO5wdWs3mC7oafwi+xJzMhD8wHwYDVR0jBBgwFoAUa6KV fboUm+QtBNEHpNGC5C5rjLUwBQYDK2VwA0EAwVGQWbdy6FQIpTFsaWvG2/US2fnS 6B+BzgCrkGQKWX1WgkTj4MEOqL+0cFXLr7ZQ2DQUo2iXyTAu58BR6btcCQ== -----END CERTIFICATE-----¶
7.2. Carlos's Signing Private Key Material
This private key material is used by Carlos to create signatures.¶
-----BEGIN PRIVATE KEY----- MC4CAQAwBQYDK2VwBCIEILvvxL741LfX+Ep3Iyye3Cjr4JmONIVYhZPM4M9N1IHY -----END PRIVATE KEY-----¶
This secret key is the [SHA256] digest of the ASCII string draft-lamps-sample-certs-keygen.carlos.sign.25519.seed.¶
7.3. Carlos's Encryption End-Entity Certificate
This certificate is used to encrypt messages to Carlos. It contains an SMIMECapabilities extension to indicate that Carlos's MUA expects ECDH with HKDF using SHA-256; uses AES-128 key wrap, as indicated in [RFC8418].¶
-----BEGIN CERTIFICATE----- MIICNDCCAeagAwIBAgITfz0Bv+b1OMAT79aCh3arViNvhDAFBgMrZXAwWTENMAsG A1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxNTAzBgNVBAMTLFNhbXBsZSBM QU1QUyBFZDI1NTE5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MCAXDTIwMTIxNTIx MzU0NFoYDzIwNTIxMjE1MjEzNTQ0WjA6MQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQL EwhMQU1QUyBXRzEWMBQGA1UEAxMNQ2FybG9zIFR1cmluZzAqMAUGAytlbgMhAC5o MczTIMiddTUYTc/WymEqXw8hZm1QbIz2xX2gFDx0o4HdMIHaMCsGCSqGSIb3DQEJ DwQeMBwwGgYLKoZIhvcNAQkQAxMwCwYJYIZIAWUDBAEFMAwGA1UdEwEB/wQCMAAw FwYDVR0gBBAwDjAMBgpghkgBZQMCATABMB8GA1UdEQQYMBaBFGNhcmxvc0BzbWlt ZS5leGFtcGxlMBMGA1UdJQQMMAoGCCsGAQUFBwMEMA4GA1UdDwEB/wQEAwIDCDAd BgNVHQ4EFgQUgSmg+iOgSyCMDXgA3u3aFss0JbkwHwYDVR0jBBgwFoAUa6KVfboU m+QtBNEHpNGC5C5rjLUwBQYDK2VwA0EAzss75UzFuADPfd4hQdo5jyAQ3GvkyyvI BdBGnWtJ1eT1WuMaIMhi1rH4vPGPd9scwW+sqd9fG+pv3MShl+zKAQ== -----END CERTIFICATE-----¶
7.4. Carlos's Decryption Private Key Material
This private key material is used by Carlos to decrypt messages.¶
-----BEGIN PRIVATE KEY----- MC4CAQAwBQYDK2VuBCIEIIH5782H/otrhLy9Dtvzt79ffsvpcVXgdUczTdUvSQsK -----END PRIVATE KEY-----¶
This secret key is the [SHA256] digest of the ASCII string draft-lamps-sample-certs-keygen.carlos.encrypt.25519.seed.¶
7.5. PKCS12 Object for Carlos
This PKCS12 ([RFC7292]) object contains the same information as presented in Section 7.1, Section 7.2, Section 7.3, Section 7.4, and Section 6.3.¶
It is locked with the simple five-letter password carlos.¶
-----BEGIN PKCS12----- MIIYJAIBAzCCF+wGCSqGSIb3DQEHAaCCF90EghfZMIIX1TCCBJ8GCSqGSIb3DQEH BqCCBJAwggSMAgEAMIIEhQYJKoZIhvcNAQcBMBwGCiqGSIb3DQEMAQMwDgQI7xhQ zoEDt2UCAhQIgIIEWMgzPbEtNf6qVctx2p5i7x6wAz15AjqfNv+qiIHQtPljZ23b BjHWAdxuri+jbwV+jY1JWwMG7CvikBZN0EeWkjeTC5R6RFz0QPoK5cetdcu1gyX1 /ugrG48vgnrNwxfZOaBzRUuudLB0FI0ns436XPPgAPx9lCZ+jZesjfj38mSB+qb6 SxFbZc9ix4bMgPMqCyjF6o1TL25HGCfN562sNcG/xLqNT94wvw1Ofibd1ywuunlE Mm/L/G31U8ZehA27XHHSKXOTkSxQ7cNCh9ZfU9tpFm8XMo6s30BQRCHubF+VLzso 7xPhtc8/ldcl9MyLnpSBzYhPbHwIxbDo9DxqN7N8latA+WKXT0YlR+bCfF9XQnbH xFKk08U51XCT8mBp8BdAHp2n60XwDfBm3eQPJfc5TOyfoLOEkJNbC+dA88hb97zv Uw8bW91YtiU2XvIrKUajJVlXHCBFZnCnFwst+f19T5PFGPAj7s4mZdPWnQTtLyjw pHnuT4/U5w1sHAvf2oZ0PdUNq/yqjdKARxsRvS7lBTcci89Lto0OwF4TRzi/vdFZ X5bBhf/WYY6gacG1X9pzTPl5qp3doOwwhxXIvoneQFVAP21yI0imrus+66mxB6Gd wQf8iZMniS/1Gpu1N5XUUSL1B/qcxYK72YOK12ChpgzEETwJ7Y0lYrbOsJt8IhE1 WxsDy6nWLA2c8/1OU16l1mIgrVoKVOs0ZkK2dCDYdr0qKqeKgdHqp3INeUKX1ZQo k/kYAD6Mo0QkjW5fPbt/vQWSspjTKzpcz3NgQYKMcFqlB8P186nb4BvrDky0BM3i P7mXpcRb42WSY77xpeUDhUg1q6fnlTdtm5NdUZkuSgpHpQUrs945KTkxfLReErSd 15OAAnODb5T8+5JdXOLAgHnPPezRuof1LQZsytsx4nC92OrboC2Yn3hHEqcgqQYE BywzDNGuA8ISEmdKvo7AgaJvoFEvLDmas8T5I2yuWQ9mDXMurgKFxheMSpHpZiPc JE/n45ooSH+uX3HDUVmjUOYQf35udyurbS772Zrptguek6VdjV3F6GV0Q4X3wIo9 llV+aFe2/v3Mm/tt+h0KW8XVfBOB62uvb7ac7ipBjAHBeGYFQeVkmI0Nzvizk1lA jKtmIGZ8MwBp2e6rpu3g9rCbCz53LxWB4yJYgGc6NQmWxWQGjLUqdOkYuQwEdjr9 6hpZbtXvXs+jcDO8OACg9kfjX6EzK2kVXoGdy7tPMH6ElXEaSf4tzIhfwvwNapj5 7smeQbXQj/v9HC9XbgdslB89V1wAcU1PG/xBjEulm6O9EN8xhEXfegzIGxJ7JcVq 7kaxdX6BPPH4iW2Bwbv+FFvSQOwMf1SVjpE/LcV5JxkYrfT2cEinTcZsEFfP5XOZ aJw3xmya24L2ynjNfljmpK1xg38OkzeCVebkeQ82OAYequb/iTz2yyfaeUoXbNlR wcc++JwAWlkj6FS/dy5gwLTGvUBkMIIEdwYJKoZIhvcNAQcGoIIEaDCCBGQCAQAw ggRdBgkqhkiG9w0BBwEwHAYKKoZIhvcNAQwBAzAOBAjBHiWMROp4AgICFOKAggQw FC71dSM3kMdsEhcjRPE+6YRmvktReM0XxK7+5FTD6tGJsl6gglHIre4gC3LKekFp 4P346gebmSflwp1v/7ReLpNPXngK98HXfVcxHYFXWKOYdgHSVqGBbpH6v961C6XW PGwIvQ9+H6R6Np1gw3CZ2CJN1paFKmciHmCDkc1iPKbr0I8J5fruol7SS1WMnWFQ AWk+EuR+Di9vNYD0+7QyNANu1Ud9yvlLaPxCcrgZBccXe/om07penmWPwVuXq2aq zc2/vUq3JLqrg5d5OiP4ZEwksvSIBzZSNlAM08D1Ez4fDmMt9iRvlztujOKad/Gc bwhhy/kUZ+HliTA5ItnZRJSXtsICwpH2DqJ4MnvtQtOjcl72uyFOigC/DANDjSYo YJn44h4dx351AyuF6wpyRwYfaXzjAaQ39SsEQpvSzzZmKYrsgjQEwIoWv0EcBvqR AQjHVBnJK/ZFNhTHDlD5RrXtkM3VLU5zhiNtsMWAj0gAN0DNBqHP8y9ZqVInWWjF YvoThcpHuwKI+pRto0fLsZxwWaZiCqAs8tJpF/iXcUoCm6+eGXNBBbBwzABaMC0S c3HyhQ9luuQeq0m5WbulGfXKFA7OAo+pWnivbHjIoEOVeJgnLYLT2ImOOypKYepN 48kyVBAJ8y5QDnG82/4GU7VSW8ZztIbAWzhVFuEejuhd3V6bvPxI36lYrPeObees c1WuaQgDvHf1VFjoGCZRDW0Nw/kxmvWqwnfLmhZVo8LbIJGTstMt+rNvAD7zhtCM M3LhWfT/IYI4xCQFpP+ENG9DZFHpVorRrAVu9OwbXGSJOGUx0ISlZiBA3Gtou59W NN089EprACk7VDIQlzOS8Ox5vwo8UwqEKWt+537xIbclanc6pIYz6F6RgwEHb+T4 4xKEbE/cNLJHQEJJZ8tF4afN3DENPLMnDoyAbetPrJILomZEayKfkY+dkXFGiyxU xslhk+JR7Utc4e+WNCZ0hnUyid0ZE7qjMUFSzdYoSmPZttM4zRh4qpCfXTyhvQkI G88dNenQ/b51VCCNfWqRKytrpnhZQYKd7SuNQLh2GAL/urlWtYq5rDRDKGLv7vmu 0NloL4xJjWVlUSGsSjlOigZNfvphEDqYimIGXhiU6uAQN64suvWMVMNoNIwcZVrP zZQUky59Ct6ahnc5cdSwWWmwKxJj1GHtvn82tMoR2LtERJMx/hEdqrCSNXvrIeZl ozwSh9mXupO6Fa0KIpf0txZl6zK1/8F3xvly0lyxpsYwrTeTlGKm2y/RMUYp8tDJ zUZu34oeOogonerOnSIU7kEM0slXJs16lIrReFI46ZQ3XGB98MLuCser+5SzzgvY Bf+alMAiz8qUTFMBuLFFoM0IRCsSmaaclSBB2NjpFOVjR+sajmxWEcN4lPO604Ru N0cFylKAYe9BJlxhNFx1AjCCA2cGCSqGSIb3DQEHBqCCA1gwggNUAgEAMIIDTQYJ KoZIhvcNAQcBMBwGCiqGSIb3DQEMAQMwDgQIkUQBCq0OgUgCAhQ3gIIDIFJKEkt8 ErFDpHJT+IOyrxR/ULSFmO5aBopLCJd44vSqxcHl1EEH0LQ3bAedxiiI8Go4iy3H Aw9nvpyvkZTrXWfhZqgsLsuD3AYHVHVCO/9pmZe4gWuWosR7PMI6RUoE4f00My5+ kmm5gRpJ6Ol0SUG7yZ5P+ESc7emwkjzPqQds29WegzFgU4lLVk0UMq76a14m80or kWpjWpWddkid+Ku7cr8vU9BOpkTObmg9Gd8T1GGliQa1UvvyOxRKtdwOMOjM0OBs pmc4RFNk49zLbsTaOZIgiv2CN6aCL7ZVqGNrnHfkglKV5uq119hnTkr8rPvXqgcK vnc6bvMQUp388wzYzjkLQw0oS8+Jr3NaJefj65e0MZlPOOA+uGPHKo2XXRndy6np /ASNEj7nAYQUTBwu4/GIdjmaCwauTiyvYMZOyVlp0mISZ4+YfeZTFqpjX/K39RFK ubLSQHpevhn5vFUO90/94U1FQkLCGQ1V4xcDe2SZe0NF3B+dJw5R+NjE8Nvv1VfQ isw/Qv3MlTTqz8VFBtbPdg77rwzVnSJuHinrVW9FwlDTNA9hhDbnBeZdyZkeEBUT ddjOGGeudc6SYbp4Dy9hsmr5x4o0GKsUJWyItO8+NPbKfFYpYB97NsaoiNQN1wXG LD8zKNZ9VKlpeW9n8b8/j61jxCiWwQILeGAuDsLpFxaQEtOBiDmzXKZjC45Efp1E +Wps/rpEIpYnAF6hoj292amDbenkPsq0TlYuo3u1M4PqqBwQ0FC72ssNlM9uUNTI G1q83GH3snnarr59+DpiIaTZkEhj3fBh+9dJnbzxPhHT2d0cze4eTF3nhG9u1cxL fE1qruycIWkHXF0XsVnzw6CwEToLWNr06QOjsKBTAsMmMd0w6WWeL+b1DO26avlu 6tx83SCPp7EoxPdwFYB2Jqg4+KT/L87RtuPzHlGeFsh7QhCfI8Qk7CAkfk67Zhv1 PFWsYKcJZvAuZHZXiSrMPY9NEB2DaDBGN/DFnwk4JVjlj9ACJ98MY+c2id8dkuTd ejwtalC1VPehC2HhqRR/9oGnIFzh0drCi20JMIIFogYJKoZIhvcNAQcBoIIFkwSC BY8wggWLMIIFhwYLKoZIhvcNAQwKAQKgggUmMIIFIjAcBgoqhkiG9w0BDAEDMA4E CPaeHSwq2qj1AgIUjgSCBQA6OexrotUYcswY06ija4HfeLQQYbDA9+UjC5xEi6QX FRIAXfT1zoqZ6R+9sYnyCNqZWRzsKR6+OswWSlPjsgC6CXI3YO/MjtDo/MSif6Mw O5ZIxqPYcbslKDF6Og7MQ8C+tRu2qfu7e6ufkw/cyO3BXNyOU6tS7iCbNlVn28EF 6W/14HvXsQ4mv1yAwvoWa5G9hettvwxMIL3KADLkEI40abpzbH/LOMXEAPHghunQ xijllviwYQKEJGqJmtShpBOxBGHkTik0b8xJK5LfX+oSowehO8yv7/z52c9x9RKY p2jLPudBByeA93iWhaUIe+p3ueexS4hmjegshjXE3LBm9ppZ1zWhJr8ipA/DY/1g KGy3tM5OUYc8CGbWstJfQ9dxsse8qG1WmwhNtCj5heXWMGZgsbt53+eSoirgJVFq 40NzVryc3BEc+JS/d+U7MeL7ySdvGRHZ9kb8ItdsDcNAPMhvN/XXhALSBs5GWec5 dqAUYyd5GREVCOqoPkKx/secOOGUkHl2unUD3ub+6JDXplSyiQulS04EXLZJqPWN yEK2wWCPsWquhTvVJCB6W/xcgtdY0zq7fiq0sZf6qPjb4s+hIDZXSWENh1VnuJBg 9e40G/jh4M+vEdrLPpOLLCEhpiVxzRyQG0eP3EL8EWBZd71lX45VgGt+ZXVoNuDY PcLuQAHYcN8Sixg+8gTakuJGUwYGBy5tRjAWGGdtd2cuWrvtKxjooP/gLQ8hVAFi Dedo7ab5t8xar5lhG2ftAH59CqP5+Sr3ZpIkldu1lxlJHxDO0Pws1EyVkwllrxNO li3ETTwUeyENPswGPN+cTgKMJvPf5sCVlUWCS7I7pRPUUx5F4mebz/Drgeuqr54D feXu4zvDxUHUQGrb6g2bIxlvDU6/CJo11LVpRLRWWc3YfBSvOYwUjCehyK2kaC9/ FhlRvqDZGuFFjKB04QanP0M7H6f31iH05a2gakxYhWw9wPysEw+Te/KJp/TBJnsX YjQCDDi1A69Pq/Xo1IONutCKKq/gQKpku53acvTYtdEscbNEschY4PWjbsy8h/tF HAm90g3eCxGqIU18Vb6bErm4x/wurBw2025yXTK4LEOc6ZyZi53RAsUBPjcob+xh urBScAwv1mEIzH5luy5yvF/jjkJBl11SgYVfRZFTEGZs/l6h4REGwe1SaCyCa2pn eojFOlxk1pHe4QTlbjfv19xAvurpzUu9e9Hfl7M7c3V3WFXiyMUlqNS9CNRDEj4G Re35XVrehDrymodsAsIzyxU1iQvAN2BD1BeZI286YagK2mZX/q/YWCq2s0HGyESa XdBoVm7JzkrQt4q+Am4fi8SNrKNVQD8x3b7UQ1EQ23L/MnS3+p2jaw4evnrnuoy3 eihOofuRVdbECvMCurGom72zCjC8KcVZ8yssWYIZKQjRr3dgdGUFiaJ6jA+Xgxws 2GGMgTu6G3/Y1AOrF96qC0G6geHjPbByWGKKSPEqswyllsYlk4m2j+JU/BEh44+8 lCdPfg0eAkanNdyJoXbYBxFRDaAxeKUEnNtwZ/wo4yLAJBdoo2extWP/9kvrEfII qqiVUAZNS2pKx6apysRtRDWzmm4leoc41lQ7yK+OT+d/Kkq9iiFrpj4esbJYHe7C RA18+Sc4nwNAsJrF4zBWN3eBfxk1YRDT8zTEsIyyMpes1xHm6KJq1rpfWDdjpEgJ IzFOMCMGCSqGSIb3DQEJFTEWBBRAtwlRIx9e+C9k2MGQwb2AVNthojAnBgkqhkiG 9w0BCRQxGh4YAGMAYQByAGwAbwBzAC4AMgA1ADUAMQA5MIIFogYJKoZIhvcNAQcB oIIFkwSCBY8wggWLMIIFhwYLKoZIhvcNAQwKAQKgggUmMIIFIjAcBgoqhkiG9w0B DAEDMA4ECMEFrpUx/mJTAgIUIgSCBQAJ3iJnERsIV+zUmXifQtXp08dtGZ4th5vJ 1sGGtredTpyG/xZCI91P27VtdvAJLJO1fvqRVTqwztJJ109vimnYaeMlnQPwFjmE tHATQcrpVPd4k6Vq3DnRKu71118pR4nTNnCS3IzwnTgGZeZJvz0wOWdqOgrUX7v4 DuLvMOmecTBWvJcy8ypN2itfuDQ2J9o/G3kmExzmDkHRuFB1LtkCZTus1JS7AJ8Y MnoWJmmOItF3lDURRxOCFY4fhs+EEhOMz7gvvRWxtnUXqNj7hq02shVO8zDjUgxL oKMOfD3hj2O+3+woRrvvTgVHKP/rlorn/m0SYy7JCcJ+oC3PPhFqlDLKFsBZfqgE DWezGXAvevOnHVVyqmNo32iSV8kJggFwv1K6tJkR55lILvwl/dKeSiPk7NpImngw /5vhTCLAelZMU4QqdTp5tFgzKcH25kU4b6DFKs4IGRDXbrdKEk8TV4jNIoivv4KS kKjPVdkXZkqmn39e8D2VGDb6j/t1hD3kI2WgYwWN5GKQlcWIwYdVncINkimkjmlM 1rTk6hF8rma/BiN6RfJMs6JsNduLIKebtiMoVLFc91MwQbAbY0GZ35GTKunQURrT abAJZiVOSFzrArLEsEteQBBu9kph2rdwMIv3+cAVQDsYckAhQhRDXQwvOjYnUwsM XB/Xde3hkngm6g+4ZYSftC5pKOhBamHoR8q0xggFmGA2gsmA/AMCkamhrhfYDYlG Bg5SZJwZVI/Wq+8mpZ+mXKsIkKo/piYVXl/RLSJLmksBwg5nETOsQtAh0wzn5Fv9 sqbcJzVboZgZ+zxbGQW6d0MNFoFJ33G6CJ1tGmqS5TK1BuADGGCZNNSph4IK/WW7 /8XHS1Vh4fs3XMoqlA50XNtk9Rymxb9Vwr5CbRGUzVT0mkJbPm8M5SzMSWKawhfv F/ecrBdz+Z+nN05ULBIEJXv00fLZZ5dNNWs+Nwa+A1NqSIjrrvy0rkd42dneA0ss kjMCsI1qy/pwmpxBOnvGu2/GN6pWqTm2kNuJtFSWnGUU6zecz0jP0jC10j33EQAl d22usIzIA2VGoojA7xO07UacQ+w4axa2eOOATApdU8Vs+621GO2Yb5On27aEMbs2 dm9D0XoION5u1hXfgSg175sVA0IStIT/2ktkyC5fUJJYDB4klpPG0EBTwRfqOvqG Kf27ZDhxHY8DZySh6idUJMAGfMpUnpIOlX3tWroRMEMWBnao7Pfy9n1Q1ySGWFRo DD1BkfNZXabovM6qdpGD2zbp+MAFF7l/fsV4otDH2UjC1jpPyibVyUYme3/9et65 H2WtzCC6+ARR3FHGiR+6JBcKbov1VEy1XW2IeDLdUCOFWoiRyWDkUFyKLtKPOncH +4NczdYh+EyvHijf3N8Dyiw/lnSLHmYFlBULYjRFbplIlPw0iJdDLLW6A8z78cO5 hqkKRbXIxM9jKMM3ccqYFiKeVAHmbEX5AEvQau387acVkEwDORqXuvXN9GVdteNn BIe5kd9p+m+SONqUkmPJGRUJdt2kwVFvpW/woLS+tAk5Ys3u5eDfH0av59lp8xKa /vLaoBTtSiUIU/KuXt3D7yas/Ybo1etc02KO913dd8ByjWdozhD8aLF0o9PEeBPC ttm93YSrv7ttH1LF5vfhi9xq+yGhbEvbJHtD6y5g7KeUekwfXMxd0C8M1OyakcHH Arh3TJZ3WDFOMCMGCSqGSIb3DQEJFTEWBBRB2kp/JAu+EV0KnNDuwZWyHH7/azAn BgkqhkiG9w0BCRQxGh4YAGMAYQByAGwAbwBzAC4AMgA1ADUAMQA5MC8wHzAHBgUr DgMCGgQUS7gZkMK++JTD92Cctznb5uLKdvEECJmBdZIPusX5AgIoAA== -----END PKCS12-----¶
8. Dana's Sample Certificates
Dana has the following information:¶
8.1. Dana's Signature Verification End-Entity Certificate
This certificate is used for verification of signatures made by Dana.¶
-----BEGIN CERTIFICATE----- MIICAzCCAbWgAwIBAgITaWZI+hVtn8pQZviAmPmBXzWfnjAFBgMrZXAwWTENMAsG A1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxNTAzBgNVBAMTLFNhbXBsZSBM QU1QUyBFZDI1NTE5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MCAXDTIwMTIxNTIx MzU0NFoYDzIwNTIxMjE1MjEzNTQ0WjA4MQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQL EwhMQU1QUyBXRzEUMBIGA1UEAxMLRGFuYSBIb3BwZXIwKjAFBgMrZXADIQCy2h3h hkaKDY67PuCuNLnnrQiHdSWYpPlgFsOif85vrqOBrjCBqzAMBgNVHRMBAf8EAjAA MBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAdBgNVHREEFjAUgRJkYW5hQHNtaW1l LmV4YW1wbGUwEwYDVR0lBAwwCgYIKwYBBQUHAwQwDgYDVR0PAQH/BAQDAgbAMB0G A1UdDgQWBBRIA4bBabh4ba7e88wGsDOsVzLdljAfBgNVHSMEGDAWgBRropV9uhSb 5C0E0Qek0YLkLmuMtTAFBgMrZXADQQDpORBZitzXGYUjxnoKVLIcWL5xner97it5 VKxEf8E7AeAp96POPEu//2jXnh4qAT40ymW0wrqxU1NT8WW/dSgC -----END CERTIFICATE-----¶
8.2. Dana's Signing Private Key Material
This private key material is used by Dana to create signatures.¶
-----BEGIN PRIVATE KEY----- MC4CAQAwBQYDK2VwBCIEINZ8GPfmQh2AMp+uNIsZMbzvyTOltwvEt13usjnUaW4N -----END PRIVATE KEY-----¶
This secret key is the [SHA256] digest of the ASCII string draft-lamps-sample-certs-keygen.dana.sign.25519.seed.¶
8.3. Dana's Encryption End-Entity Certificate
This certificate is used to encrypt messages to Dana. It contains an SMIMECapabilities extension to indicate that Dana's MUA expects ECDH with HKDF using SHA-256; uses AES-128 key wrap, as indicated in [RFC8418].¶
-----BEGIN CERTIFICATE----- MIICMDCCAeKgAwIBAgITDksKNqnvupyaO2gkjlIdwN7zpzAFBgMrZXAwWTENMAsG A1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxNTAzBgNVBAMTLFNhbXBsZSBM QU1QUyBFZDI1NTE5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MCAXDTIwMTIxNTIx MzU0NFoYDzIwNTIxMjE1MjEzNTQ0WjA4MQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQL EwhMQU1QUyBXRzEUMBIGA1UEAxMLRGFuYSBIb3BwZXIwKjAFBgMrZW4DIQDgMaI2 AWkU9LG8CvaRHgDSEY9d72Y8ENZeMwibPugkVKOB2zCB2DArBgkqhkiG9w0BCQ8E HjAcMBoGCyqGSIb3DQEJEAMTMAsGCWCGSAFlAwQBBTAMBgNVHRMBAf8EAjAAMBcG A1UdIAQQMA4wDAYKYIZIAWUDAgEwATAdBgNVHREEFjAUgRJkYW5hQHNtaW1lLmV4 YW1wbGUwEwYDVR0lBAwwCgYIKwYBBQUHAwQwDgYDVR0PAQH/BAQDAgMIMB0GA1Ud DgQWBBSd303UBe+a7GCGvCdtBOnOWtyPpDAfBgNVHSMEGDAWgBRropV9uhSb5C0E 0Qek0YLkLmuMtTAFBgMrZXADQQD6f7DCCxXzpnY3BwmrIuf/SNQSf//Otri7USkd 9GF+VthGS+9KJ4HTBCh0ZGuHIU9EgnfgdSL1UR3WUkL7tv8A -----END CERTIFICATE-----¶
8.4. Dana's Decryption Private Key Material
This private key material is used by Dana to decrypt messages.¶
-----BEGIN PRIVATE KEY----- MC4CAQAwBQYDK2VuBCIEIGxZt8L7lY48OEq4gs/smQ4weDhRNMlYHG21StivPfz3 -----END PRIVATE KEY-----¶
This seed is the [SHA256] digest of the ASCII string draft-lamps-sample-certs-keygen.dana.encrypt.25519.seed.¶
8.5. PKCS12 Object for Dana
This PKCS12 ([RFC7292]) object contains the same information as presented in Section 8.1, Section 8.2, Section 8.3, Section 8.4, and Section 6.3.¶
It is locked with the simple four-letter password dana.¶
-----BEGIN PKCS12----- MIIKtgIBAzCCCn4GCSqGSIb3DQEHAaCCCm8EggprMIIKZzCCAu8GCSqGSIb3DQEH BqCCAuAwggLcAgEAMIIC1QYJKoZIhvcNAQcBMBwGCiqGSIb3DQEMAQMwDgQIZNqH TA2APx0CAhQXgIICqK+HFHF6dF5qwlWM6MRCXw11VKrcYBff65iLABPyGvWENnVM TTPpDLqbGm6Yd2eLntPZvJoVe5Sf2+DW4q3BZ9aKuEdneBBk8mDJ6/Lq1+wFxY5k WaBHTA6LNml/NkM3za/fr4abKFQnu6DZgZDGbZh2BsgCMmO9TeHgZyepsh3WP4ZO aYDvSD0LiEzerDPlOBgjYahcNLjv/Dn/dFxtOO3or010TTUoQCqeHJOoq3hJtSI+ 8n0iXk6gtf1/ROj6JRt/3Aqz/mLMIhuxIg/5K1wxY9AwFT4oyflapNJozGg9qwGi PWVtEy3QDNvAs3bDfiNQqAfJOEHv2z3Ran7sYuz3vE0FnPfA81oWbazlydjB0P/B OQ+s6VLbsAosnZq9jv2ZVrCDaDAl/g7oD7fY8qmaC6O2q5/Z3KusfMt+r9En2v81 H2vjgrpxnDIXjYuLZdrnNE/slRtqadOGR/WQ358RG+yUmRUbHYHGnkjn9fOGLasI ZUV0aowivcWyF/kR7QV3VVexgqJMX6k1vzSXRoJ/tnA+1/WPWy1mCJeljGOgYqSV txtVB61Qmc2XP48F7wyaQZvdAU9zfe11/tHAaKKJWBpE1lIuAEkGtIP6ozYJBFjH I11tBA8fijTnug+S4OvSgjtsRV/+kSEiW4F+pwE8RuTYfUu7q+Ew0LYdLgkH5OyE sn0b62UFpR/E1D9exWzohrFbIdUCbjtssXucruAqPNhW/abT0zicWu5nvf+Pniow 2VxvhwoGt5jZ+lkaR5Z+1/GpbMgq47EUyGCgKv+5GAcJxUxINZqLbACJ/MhLfYPB eJrXz8f5Cigm1wZLisYCqnuc8cGCXjNqNkUlqtzodM8xv4gcgT/zILxmJTZP2q4n YA4yBQx5/n2G2dZC+pf3kAfbXcp0MIICpwYJKoZIhvcNAQcGoIICmDCCApQCAQAw ggKNBgkqhkiG9w0BBwEwHAYKKoZIhvcNAQwBAzAOBAjxuoiaSZDbnwICFH+AggJg k2hcNYtO0+15uLqXdiNhr5Q0JkYcrHdo0wR6G5AgLmwI+TYi+P8EZUjDIJ4TJ3b4 6xv7+3pT8cbEFf6PXcfS8/sCfM7FaV3SpLACLZbBJV52OKE0CAgALZOLuIz5mGVU tWI2h1x587KeIv5GRPIxumDebT3Gmkkp9Qoi55hjTgn68olSgDaJF8o5wnfODhkS o110a3x9OwkJSN1AXfmBfj33KnT8Dc4bTfAZy1S5o1zCtaEqnct2Urb4PeO3LfHB ErBsvY8HE4D7qh6P5ftXHQHAx/b3hbU8jQP1tR0N9Oh0SiLi//ebCeGXWQRdVjL5 +VQrhlQF5d4Kz9Zx79oC36g7C2BxCQomur/F9TT12NPzPpaEGGo6ljB6myAHnYw9 rCxbSxBvbtEtlgJnxxb1Y5Q4ukgyjzK6431Bwq2+iNL0vGc9o2c5ELUPU9zGeLBZ tXWvdX27aOHjusPfDZl70C5zHiYs1FU6Tkn9Aotc424Q3d2IRTTcYnnjs1VSi1Sr 4bRyB8zBAQmdQrniBW++7eJm3m/EOU0Yy0noUT169m8KNJrmSspMvKS6pyiYHR4I BvAIkRIjvdtQvJdQJ+Uyr+HH5daE6golW1917b2bXj/41mvXYkJY6W8x0km1RYhH QJZphWlvNcrHKo46Unk48Qc/5J5tI+6UDTXFr//V34vcpQ2ktp0MAKl1rBH549ef CsGQTGoq8XHPhksehEEMRmOJDeKTVkKx8xNhbwb395yFCIxfF2NHeDLXP+JyW+nH Iy2fnBDlyTiPF7YXyGiPjPAgK8LS8GUE+Zq2rWqrGNkwggM/BgkqhkiG9w0BBwag ggMwMIIDLAIBADCCAyUGCSqGSIb3DQEHATAcBgoqhkiG9w0BDAEDMA4ECOfJ/s3Y f5bgAgIUnYCCAvi4NaYP4lpAtuXtE02Zqgl9aLFwsj9B/rikBo6O1ZR/lsryJ4PJ VGYy6NyBPjG67glJVMYiI3Hge+j66FXKXD/AaiMVD21ZmfrH935Sl4ZUKS9tpTJL QDw3ejpDEDqJUFJZJ/ybgpRAKoNjhcE3B7F7+WMI8Pr70M1Fbw7ytUCAjOf18sIW prUA8f8O9dLiGgiWyjE5HMzSXEib5IMRpq5x4Q28pBrT8rVYgoQSSyVkfHtU7LDi Bm68RfBgEl7jIqLdrt2kKxHC3/lC4xXQgFNXeQO56aRp8Yu4VpoRwraVLUO3tJk+ pf1zFfmUei/JtiFlC6uf0PvC2B5h6kAZocE1lLxGIDFH7fTd6dzP7qTDbUQ+uEk3 qsgktT2pcoVnxTanvQmTCEZM9ZKCX5/z7Gkm+z83lGLDDU9oNyRSrxHrRBIvgH4w 3aGH1v6kfYOWwwwaghQOQIZFyzGVRKXsP7AslL+n4ti831TxqSUZX2qy9LpI4Tjp 5A/NLMKo3uqmHFlTLnnYUqoppe88FNY8T/LXnHp0KTkuXFmdKJtp1/ydqh18jBk7 nfLcQFdf1R/5okysblRtaMujlhelymT7MoM8u5C8ceIO7uWX8NI5B/IB+Yn2BvzZ 9LXoSia/wHjTu7UK610o7WOq9qTYe1i1x+HsmJaOC6hpaQh6b33VWDrHJbl7c/4Z tvQ9qAzqkqIhFWMRXNK+32jFVAgXrD8U1QHW2ip5s7W/Xtm1AegrhG1nSQgJezYl OnE/t2PDWuPeW94kR0uv1fNsh6plLyZYf/BaqhoGCHsa/ipD86viVSZDgJ8ASVLF eLUK3HYFMhJ+MLEzZJffYZAOnbYoyNPNc0vc7dpbk+ZMnlb5bDFcMCpm7+fWOjsC nsNNL9nqQlNHHCJRKGuxO5rujftbPM7R3GLT9d/u5e9YY5cX0RiDLxomFfflj2Yh uRoyX+8WzESt98I/KmAraWKXnxOP1FEWajtNCrnGCezDKO3xEHTQhECpg+z7O4mj MjN6MIHABgkqhkiG9w0BBwGggbIEga8wgawwgakGCyqGSIb3DQEMCgECoFowWDAc BgoqhkiG9w0BDAEDMA4ECL2Bz1vW+YZkAgIUugQ4YOyEjke53NDvCFR0ciUHZ7re f9/wPx5TgV3qzGhfR4bP2rdpiOt9hAHVK5cmUAR7+wjAJiYdLUQxPjAXBgkqhkiG 9w0BCRQxCh4IAGQAYQBuAGEwIwYJKoZIhvcNAQkVMRYEFJ3fTdQF75rsYIa8J20E 6c5a3I+kMIHABgkqhkiG9w0BBwGggbIEga8wgawwgakGCyqGSIb3DQEMCgECoFow WDAcBgoqhkiG9w0BDAEDMA4ECFw78Uk8K64uAgIU+gQ4id0jRb3JyEM5fdpaeQR+ YEeMn+Y5KavplVD5HtgQQY9hhppbQqG4af7KY+MT6xus6oNEQeJAE5wxPjAXBgkq hkiG9w0BCRQxCh4IAGQAYQBuAGEwIwYJKoZIhvcNAQkVMRYEFEgDhsFpuHhtrt7z zAawM6xXMt2WMC8wHzAHBgUrDgMCGgQUzSoHpcIerV21CvCOjAe5ZVhs2M8ECC5D kkzl2MltAgIoAA== -----END PKCS12-----¶
9. Security Considerations
The keys presented in this document should be considered compromised and insecure, because the secret key material is published and therefore not secret.¶
Any application which maintains a denylist of invalid key material SHOULD include these keys in its list.¶
10. IANA Considerations
IANA has nothing to do for this document.¶
11. Document Considerations
[ RFC Editor: please remove this section before publication ]¶
This document is currently edited as markdown. Minor editorial
changes can be suggested via merge requests at
https://gitlab.com/dkg/lamps-samples or by e-mail to the
author. Please direct all significant commentary to the public IETF
LAMPS mailing list: spasm@ietf.org¶
11.1. Document History
11.1.1. Substantive Changes from draft-ietf-*-04 to draft-ietf-*-05
- Added outbound references for acronyms PEM, CRL, and OCSP, thanks Stewart Brant.¶
11.1.2. Substantive Changes from draft-ietf-*-04 to draft-ietf-*-05
- Switch from SHA512 to SHA1 as MAC checksum in PKCS#12 objects, for interop with Keychain Access on macOS.¶
11.1.6. Substantive Changes from draft-ietf-*-00 to draft-ietf-*-01
- Added Curve25519 sample certificates (new CA, Carlos, and Dana)¶
11.1.7. Substantive Changes from draft-dkg-*-05 to draft-ietf-*-00
- WG adoption (dkg moves from Author to Editor)¶
11.1.8. Substantive Changes from draft-dkg-*-04 to draft-dkg-*-05
- PEM blobs are now
sourcecode, notartwork¶
11.1.10. Substantive Changes from draft-dkg-*-02 to draft-dkg-*-03
- Alice and Bob now each have two distinct certificates: one for signing, one for encryption, and public keys to match.¶
11.1.11. Substantive Changes from draft-dkg-*-01 to draft-dkg-*-02
- PKCS#12 objects are deliberately locked with simple passphrases¶
12. Acknowledgements
This draft was inspired by similar work in the OpenPGP space by Bjarni Runar and juga at [I-D.bre-openpgp-samples].¶
Eric Rescorla helped spot issues with certificate formats.¶
Sean Turner pointed to [RFC4134] as prior work.¶
Deb Cooley suggested that Alice and Bob should have separate certificates for signing and encryption.¶
Wolfgang Hommel helped to build reproducible encrypted PKCS#12 objects.¶
Carsten Bormann got the XML sourcecode markup working for this draft.¶
David A. Cooper identified problems with the certificates and suggested corrections.¶
Lijun Liao helped get the terminology right.¶
Stewart Brant and Roman Danyliw provided editorial suggestions.¶
13. References
13.1. Normative References
- [RFC2119]
- Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, DOI 10.17487/RFC2119, , <https://www.rfc-editor.org/info/rfc2119>.
- [RFC5280]
- Cooper, D., Santesson, S., Farrell, S., Boeyen, S., Housley, R., and W. Polk, "Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile", RFC 5280, DOI 10.17487/RFC5280, , <https://www.rfc-editor.org/info/rfc5280>.
- [RFC5322]
- Resnick, P., Ed., "Internet Message Format", RFC 5322, DOI 10.17487/RFC5322, , <https://www.rfc-editor.org/info/rfc5322>.
- [RFC7292]
- Moriarty, K., Ed., Nystrom, M., Parkinson, S., Rusch, A., and M. Scott, "PKCS #12: Personal Information Exchange Syntax v1.1", RFC 7292, DOI 10.17487/RFC7292, , <https://www.rfc-editor.org/info/rfc7292>.
- [RFC8032]
- Josefsson, S. and I. Liusvaara, "Edwards-Curve Digital Signature Algorithm (EdDSA)", RFC 8032, DOI 10.17487/RFC8032, , <https://www.rfc-editor.org/info/rfc8032>.
- [RFC8174]
- Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, , <https://www.rfc-editor.org/info/rfc8174>.
- [RFC8551]
- Schaad, J., Ramsdell, B., and S. Turner, "Secure/Multipurpose Internet Mail Extensions (S/MIME) Version 4.0 Message Specification", RFC 8551, DOI 10.17487/RFC8551, , <https://www.rfc-editor.org/info/rfc8551>.
13.2. Informative References
- [FIPS186-4]
- "Digital Signature Standard (DSS)", National Institute of Standards and Technology report, DOI 10.6028/nist.fips.186-4, , <https://doi.org/10.6028/nist.fips.186-4>.
- [I-D.bre-openpgp-samples]
- Einarsson, B. R., juga, and D. K. Gillmor, "OpenPGP Example Keys and Certificates", Work in Progress, Internet-Draft, draft-bre-openpgp-samples-01, , <https://www.ietf.org/archive/id/draft-bre-openpgp-samples-01.txt>.
- [RFC4134]
- Hoffman, P., Ed., "Examples of S/MIME Messages", RFC 4134, DOI 10.17487/RFC4134, , <https://www.rfc-editor.org/info/rfc4134>.
- [RFC7468]
- Josefsson, S. and S. Leonard, "Textual Encodings of PKIX, PKCS, and CMS Structures", RFC 7468, DOI 10.17487/RFC7468, , <https://www.rfc-editor.org/info/rfc7468>.
- [RFC7469]
- Evans, C., Palmer, C., and R. Sleevi, "Public Key Pinning Extension for HTTP", RFC 7469, DOI 10.17487/RFC7469, , <https://www.rfc-editor.org/info/rfc7469>.
- [RFC8410]
- Josefsson, S. and J. Schaad, "Algorithm Identifiers for Ed25519, Ed448, X25519, and X448 for Use in the Internet X.509 Public Key Infrastructure", RFC 8410, DOI 10.17487/RFC8410, , <https://www.rfc-editor.org/info/rfc8410>.
- [RFC8418]
- Housley, R., "Use of the Elliptic Curve Diffie-Hellman Key Agreement Algorithm with X25519 and X448 in the Cryptographic Message Syntax (CMS)", RFC 8418, DOI 10.17487/RFC8418, , <https://www.rfc-editor.org/info/rfc8418>.
- [SHA256]
- Dang, Q., "Secure Hash Standard", National Institute of Standards and Technology report, DOI 10.6028/nist.fips.180-4, , <https://doi.org/10.6028/nist.fips.180-4>.
- [TEST-POLICY]
- NIST - Computer Security Divisiion (CSD), "Test Certificate Policy to Support PKI Pilots and Testing", , <https://csrc.nist.gov/CSRC/media/Projects/Computer-Security-Objects-Register/documents/test_policy.pdf>.
