idnits 2.17.1 draft-ietf-pkix-dhpop-03.txt: -(788): Line appears to be too long, but this could be caused by non-ascii characters in UTF-8 encoding Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- ** Looks like you're using RFC 2026 boilerplate. This must be updated to follow RFC 3978/3979, as updated by RFC 4748. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- ** Missing expiration date. The document expiration date should appear on the first and last page. ** The document seems to lack a 1id_guidelines paragraph about Internet-Drafts being working documents. ** The document seems to lack a 1id_guidelines paragraph about 6 months document validity -- however, there's a paragraph with a matching beginning. Boilerplate error? ** The document seems to lack a 1id_guidelines paragraph about the list of current Internet-Drafts -- however, there's a paragraph with a matching beginning. Boilerplate error? ** The document seems to lack a 1id_guidelines paragraph about the list of Shadow Directories -- however, there's a paragraph with a matching beginning. Boilerplate error? ** The document is more than 15 pages and seems to lack a Table of Contents. == There are 2 instances of lines with non-ascii characters in the document. == No 'Intended status' indicated for this document; assuming Proposed Standard == The page length should not exceed 58 lines per page, but there was 1 longer page, the longest (page 1) being 1164 lines Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- ** The document seems to lack an IANA Considerations section. (See Section 2.2 of https://www.ietf.org/id-info/checklist for how to handle the case when there are no actions for IANA.) ** The document seems to lack separate sections for Informative/Normative References. All references will be assumed normative when checking for downward references. ** The document seems to lack a both a reference to RFC 2119 and the recommended RFC 2119 boilerplate, even if it appears to use RFC 2119 keywords. RFC 2119 keyword, line 15: '...hat other groups MAY also distribute w...' RFC 2119 keyword, line 19: '... months and MAY be updated, replaced...' RFC 2119 keyword, line 172: '...Serial IssuerAndSerialNumber OPTIONAL,...' RFC 2119 keyword, line 410: '...Serial IssuerAndSerialNumber OPTIONAL,...' Miscellaneous warnings: ---------------------------------------------------------------------------- -- The document seems to lack a disclaimer for pre-RFC5378 work, but may have content which was first submitted before 10 November 2008. If you have contacted all the original authors and they are all willing to grant the BCP78 rights to the IETF Trust, then this is fine, and you can ignore this comment. If not, you may need to add the pre-RFC5378 disclaimer. (See the Legal Provisions document at https://trustee.ietf.org/license-info for more information.) -- The document date (November 19, 2000) is 8552 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) -- Looks like a reference, but probably isn't: '0' on line 1014 -- Looks like a reference, but probably isn't: '3' on line 555 -- Possible downref: Non-RFC (?) normative reference: ref. 'FIPS-186' ** Obsolete normative reference: RFC 2314 (Obsoleted by RFC 2986) ** Downref: Normative reference to an Informational RFC: RFC 2104 ** Obsolete normative reference: RFC 2459 (ref. 'PROFILE') (Obsoleted by RFC 3280) Summary: 13 errors (**), 0 flaws (~~), 3 warnings (==), 5 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 1 Internet Draft Hemma Prafullchandra (XETI) 2 Expires in 6 months Jim Schaad (Microsoft) 3 November 19, 2000 5 Diffie-Hellman Proof-of-Possession Algorithms 6 8 Status of this Memo 10 This document is an Internet-Draft and is in full conformance with 11 all provisions of Section 10 of RFC2026. Internet-Drafts are working 12 documents of the Internet Engineering Task Force (IETF), its areas, 13 and its working groups. Internet-Drafts are working documents of the 14 Internet Engineering Task Force (IETF), its areas, and its working 15 groups. Note that other groups MAY also distribute working 16 documents as Internet-Drafts. 18 Internet-Drafts are draft documents valid for a maximum of six 19 months and MAY be updated, replaced, or obsoleted by other documents 20 at any time. It is inappropriate to use Internet-Drafts as 21 reference material or to cite them other than as "work in progress." 23 The list of current Internet-Drafts can be accessed at" 24 http://www.ietf.org/ietf/1id-abstracts.txt" 26 The list of Internet-Draft Shadow Directories can be accessed at" 27 http://www.ietf.org/shadow.html." 29 To learn the current status of any Internet-Draft, please check the 30 "1id-abstracts.txt" listing contained in the Internet-Drafts Shadow 31 Directories on ftp.is.co.za (Africa), nic.nordu.net (Europe), 32 munari.oz.au Pacific Rim), ds.internic.net (US East Coast), or 33 ftp.isi.edu (US West Coast). 35 Abstract 37 This document describes two methods for producing an integrity check 38 value from a Diffie-Hellman key pair. This behavior is needed for 39 such operations as creating the signature of a PKCS #10 40 certification request. These algorithms are designed to provide a 41 proof-of-possession rather than general purpose signing. 43 1. Introduction 45 PKCS #10 [RFC2314] defines a syntax for certification requests. It 46 assumes that the public key being requested for certification 47 corresponds to an algorithm that is capable of signing/encrypting. 48 Diffie-Hellman (DH) is a key agreement algorithm and as such cannot 49 be directly used for signing or encryption. 51 This document describes two new proof-of-possession algorithms using 52 the Diffie-Hellman key agreement process to provide a shared secret 53 as the basis of an integrity check value. In the first algorithm, 54 the value is constructed for a specific recipient/verifier by using 55 a public key of that verifier. In the second algorithm, the value 56 is constructed for arbitrary verifiers. 58 2. Terminology 60 Prafullchandra, Schaad 1 61 The following definitions will be used in this document 63 DH certificate = a certificate whose SubjectPublicKey is a DH public 64 value and is signed with any signature algorithm (e.g. RSA or DSA). 66 3. Static DH Proof-of-Possession Process 68 The steps for creating a DH POP are: 70 1. An entity (E) chooses the group parameters for a DH key 71 agreement. 73 This is done simply by selecting the group parameters from a 74 certificate for the recipient of the POP process. 76 A certificate with the correct group parameters has to be 77 available. Let these common DH parameters be g and p; and let 78 this DH key-pair be known as the Recipient key pair (Rpub and 79 Rpriv). 81 Rpub = g^x mod p (where x=Rpriv, the private DH value and 82 ^ denotes exponentiation) 84 2. The entity generates a DH public/private key-pair using the 85 parameters from step 1. 87 For an entity E: 88 Epriv = DH private value = y 89 Epub = DH public value = g^y mod p 91 3. The POP computation process will then consist of: 93 a) The value to be signed is obtained. (For a RFC2314 object, the 94 value is the DER encoded certificationRequestInfo field 95 represented as an octet string.) This will be the `text' 96 referred to in [RFC2104], the data to which HMAC-SHA1 is 97 applied. 99 b) A shared DH secret is computed, as follows, 101 shared secret = ZZ = g^xy mod p 103 [This is done by the entity E as Rpub^y and by the Recipient 104 as Epub^x, where Rpub is retrieved from the Recipient's DH 105 certificate (or is the one that was locally generated by the 106 Entity) and Epub is retrieved from the actual certification 107 request. ] 109 Prafullchandra, Schaad 2 110 c) A temporary key K is derived from the shared secret ZZ as 111 follows: 113 K = SHA1(LeadingInfo | ZZ | TrailingInfo), 114 where "|" means concatenation. 116 LeadingInfo ::= Subject Distinguished Name from certificate 117 TrailingInfo ::= Issuer Distinguished Name from certificate 119 d) Compute HMAC-SHA1 over the data `text' as per [RFC2104] as: 121 SHA1(K XOR opad, SHA1(K XOR ipad, text)) 123 where, 124 opad (outer pad) = the byte 0x36 repeated 64 times and 125 ipad (inner pad) = the byte 0x5C repeated 64 times. 127 Namely, 128 (1) Append zeros to the end of K to create a 64 byte string 129 (e.g., if K is of length 16 bytes it will be appended with 130 48 zero bytes 0x00). 131 (2) XOR (bitwise exclusive-OR) the 64 byte string computed 132 in step (1) with ipad. 133 (3) Append the data stream `text' to the 64 byte string 134 resulting from step (2). 135 (4) Apply SHA1 to the stream generated in step (3). 136 (5) XOR (bitwise exclusive-OR) the 64 byte string computed 137 in step (1) with opad. 138 (6) Append the SHA1 result from step (4) to the 64 byte 139 string resulting from step (5). 140 (7) Apply SHA1 to the stream generated in step (6) and 141 output the result. 143 Sample code is also provided in [RFC2104]. 145 e) The output of (d) is encoded as a BIT STRING (the Signature 146 value). 148 The POP verification process requires the Recipient to carry out 149 steps (a) through (d) and then simply compare the result of step (d) 150 with what it received as the signature component. If they match then 151 the following can be concluded: 153 a) The Entity possesses the private key corresponding to the 154 public key in the certification request because it needed the 155 private key to calculate the shared secret; and 156 b) Only the Recipient that the entity sent the request to could 157 actually verify the request because they would require their 158 own private key to compute the same shared secret. In the case 159 where the recipient is a Certification Authority, this 160 protects the Entity from rogue CAs. 162 Prafullchandra, Schaad 3 163 ASN Encoding 165 The ASN.1 structures associated with the static Diffie-Hellman POP 166 algorithm are: 168 id-dhPop-static-HMAC-SHA1 OBJECT IDENTIFIER ::= { id-pkix 169 id-alg(6) 3} 171 DhPopStatic ::= SEQUENCE { 172 issuerAndSerial IssuerAndSerialNumber OPTIONAL, 173 hashValue MessageDigest 174 } 176 issuerAndSerial is the issuer name and serial number of the 177 certificate from which the public key was obtained. The 178 issuerAndSerial field is omitted if the public key did not come 179 from a certificate. 181 hashValue contains the result of the SHA-1 HMAC operation in step 182 3d. 184 DhPopStatic is encoded as a BIT STRING and is the signature value 185 (i.e. encodes the above sequence instead of the raw output from 3d). 187 4. Discrete Logarithm Signature 189 The use of a single set of parameters for an entire public key 190 infrastructure allows all keys in the group to be attacked together. 192 For this reason we need to create a proof of possession for Diffie- 193 Hellman keys that does not require the use of a common set of 194 parameters. 196 The method outlined in this document is the same as used by the 197 Digital Signature Algorithm, but we have removed the restrictions 198 imposed by the [FIPS-186] standard. The use of this method does 199 impose some additional restrictions on the set of keys that may be 200 used, however if the key generation algorithm documented in [DH- 201 X9.42] is used the required restrictions are met. The additional 202 restrictions are the requirement for the existence of a q parameter. 203 Adding the q parameter is generally accepted as a good practice as 204 it allows for checking of small group attacks. 206 The following definitions are used in the rest of this section: 208 p is a large prime 209 g = h(p-1)/q mod p , 210 where h is any integer 1 < h < p-1 such that h(p-1) mod q > 1 211 (g has order q mod p) 212 q is a large prime 213 j is a large integer such that p = qj + 1 215 x is a randomly or pseudo-randomly generated integer with 217 Prafullchandra, Schaad 4 218 1 < x < q 219 y = g^x mod p 221 Note: These definitions match the ones in [DH-X9.42]. 223 4.1 Expanding the Digest Value 225 Besides the addition of a q parameter, [FIPS-186] also imposes size 226 restrictions on the parameters. The length of q must be 160-bits 227 (matching output of the SHA-1 digest algorithm) and length of p must 228 be 1024-bits. The size restriction on p is eliminated in this 229 document, but the size restriction on q is replaced with the 230 requirement that q must be at least 160-bits. (The size restriction 231 on q is identical with that in [DH-X9.42].) 233 Given that there is not a random length-hashing algorithm, a hash 234 value of the message will need to be derived such that the hash is 235 in the range from 0 to q-1. If the length of q is greater than 160- 236 bits then a method must be provided to expand the hash length. 238 The method for expanding the digest value used in this section does 239 not add any additional security beyond the 160-bits provided by SHA. 240 The value being signed is increased mainly to enhance the difficulty 241 of reversing the signature process. 243 This algorithm produces m the value to be signed. 245 Let L = the size of q (i.e. 2^L <= q < 2^(L+1)). 246 Let M be the original message to be signed. 248 1. Compute d = SHA-1(M), the SHA-1 digest of the original message. 250 2. If L == 160 then m = d. 252 3. If L > 160 then follow steps (a) through (d) below. 254 a) Set n = L / 160, where / represents integer division, 255 consequently, if L = 200, n = 1. 256 b) Set m = d, the initial computed digest value. 257 c) For i = 0 to n - 1 258 m = m | SHA(m), where "|" means concatenation. 259 d) m = LEFTMOST(m, L-1), where LEFTMOST returns the L-1 left most 260 bits of m. 262 Thus the final result of the process meets the criteria that 0 <= m 263 < q. 265 4.2 Signature Computation Algorithm 267 The signature algorithm produces the pair of values (r, s), which is 268 the signature. The signature is computed as follows: 270 Given m, the value to be signed, as well as the parameters defined 271 earlier in section 5. 273 Prafullchandra, Schaad 5 274 1. Generate a random or pseudorandom integer k, such that 0 < k^-1 < 275 q. 277 2. Compute r = (g^k mod p) mod q. 279 3. If r is zero, repeat from step 1. 281 4. Compute s = (k^-1 (m + xr)) mod q. 283 5. If s is zero, repeat from step 1. 285 4.3 Signature Verification Algorithm 287 The signature verification process is far more complicated than is 288 normal for the Digital Signature Algorithm, as some assumptions 289 about the validity of parameters cannot be taken for granted. 291 Given a message m to be validated, the signature value pair (r, s) 292 and the parameters for the key. 294 1. Perform a strong verification that p is a prime number. 296 2. Perform a strong verification that q is a prime number. 298 3. Verify that q is a factor of p-1, if any of the above checks fail 299 then the signature cannot be verified and must be considered a 300 failure. 302 4. Verify that r and s are in the range [1, q-1]. 304 5. Compute w = (s^-1) mod q. 306 6. Compute u1 = m*w mod q. 308 7. Compute u2 = r*w mod q. 310 8. Compute v = ((g^u1 * y^u2) mod p) mod q. 312 9. Compare v and r, if they are the same then the signature verified 313 correctly. 315 4.4 ASN Encoding 317 The signature is encoded using 319 id-alg-dhPOP OBJECT IDENTIFIER ::= {id-pkix id-alg(6) 4} 321 The parameters for id-alg-dhPOP are encoded as DomainParameters 322 (imported from [PROFILE]). The parameters may be omitted in the 323 signature, as they must exist in the associated key request. 325 The signature value pair r and s are encoded using Dss-Sig-Value 326 (imported from [PROFILE]). 328 Prafullchandra, Schaad 6 329 5. Security Considerations 331 In the static DH POP algorithm, an appropriate value can be produced 332 by either party. Thus this algorithm only provides integrity and 333 not origination service. The Discrete Logarithm algorithm provides 334 both integrity checking and origination checking. 336 All the security in this system is provided by the secrecy of the 337 private keying material. If either sender or recipient private keys 338 are disclosed, all messages sent or received using that key are 339 compromised. Similarly, loss of the private key results in an 340 inability to read messages sent using that key. 342 Selection of parameters can be of paramount importance. In the 343 selection of parameters one must take into account the community/ 344 group of entities that one wishes to be able to communicate with. 345 In choosing a set of parameters one must also be sure to avoid small 346 groups. [FIPS-186] Appendixes 2 and 3 contain information on the 347 selection of parameters. The practices outlined in this document 348 will lead to better selection of parameters. 350 6. References 352 [FIPS-186] Federal Information Processing Standards Publication 353 (FIPS PUB) 186, "Digital Signature Standard", 354 1994 May 19. 356 [RFC2314] B. Kaliski, "PKCS #10: Certification Request Syntax 357 v1.5", RFC 2314, October 1997 359 [RFC2104] H. Krawczyk, M. Bellare, R. Canetti, "HMAC: Keyed- 360 Hashing for Message Authentication", RFC 2104, 361 February 1997. 363 [PROFILE] R. Housley, W. Ford, W. Polk, D. Solo, "Internet 364 X.509 Public Key Infrastructure: Certificate and CRL 365 Profile", RFC 2459, January 1999. 367 [DH-X9.42] E. Rescorla, "Diffie-Hellman Key Agreement Method". 368 RFC 2631, June 1999. 370 7. Author's Addresses 372 Hemma Prafullchandra 373 XETI Inc. 374 5150 El Camino Real, #A-32 375 Los Altos, CA 94022 376 (640) 694-6812 377 hemma@xeti.com 379 Jim Schaad 381 jimsch@exmsft.com 383 Prafullchandra, Schaad 7 384 Appendix A. ASN.1 Module 386 DH-Sign DEFINITIONS IMPLICIT TAGS ::= 388 BEGIN 389 --EXPORTS ALL 390 -- The types and values defined in this module are exported for use 391 in 392 -- the other ASN.1 modules. Other applications may use them for 393 their 394 -- own purposes. 396 IMPORTS 397 IssuerAndSerialNumber, MessageDigest 398 FROM CryptographicMessageSyntax { iso(1) member-body(2) 399 us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) 400 modules(0) cms(1) } 402 Dss-Sig-Value, DomainParameters 403 FROM PKIX1Explicit88 {iso(1) identified-organization(3) dod(6) 404 internet(1) security(5) mechanisms(5) pkix(7) id-mod(0) 405 id-pkix1-explicit-88(1)}; 407 id-dh-sig-hmac-sha1 OBJECT IDENTIFIER ::= {id-pkix id-alg(6) 3} 409 DhSigStatic ::= SEQUENCE { 410 IssuerAndSerial IssuerAndSerialNumber OPTIONAL, 411 hashValue MessageDigest 412 } 414 id-alg-dh-pop OBJECT IDENTIFIER ::= {id-pkix id-alg(6) 4} 416 END 418 Prafullchandra, Schaad 8 419 Appendix B. Example of Static DH Proof-of-Possession 421 The following example follows the steps described earlier in section 422 3. 424 Step 1: Establishing common Diffie-Hellman parameters. Assume the 425 parameters are as in the DER encoded certificate. The certificate 426 contains a DH public key signed by a CA with a DSA signing key. 428 0 30 939: SEQUENCE { 429 4 30 872: SEQUENCE { 430 8 A0 3: [0] { 431 10 02 1: INTEGER 2 432 : } 433 13 02 6: INTEGER 434 : 00 DA 39 B6 E2 CB 435 21 30 11: SEQUENCE { 436 23 06 7: OBJECT IDENTIFIER dsaWithSha1 (1 2 840 10040 4 3) 437 32 05 0: NULL 438 : } 439 34 30 72: SEQUENCE { 440 36 31 11: SET { 441 38 30 9: SEQUENCE { 442 40 06 3: OBJECT IDENTIFIER countryName (2 5 4 6) 443 45 13 2: PrintableString 'US' 444 : } 445 : } 446 49 31 17: SET { 447 51 30 15: SEQUENCE { 448 53 06 3: OBJECT IDENTIFIER organizationName (2 5 4 10) 449 58 13 8: PrintableString 'XETI Inc' 450 : } 451 : } 452 68 31 16: SET { 453 70 30 14: SEQUENCE { 454 72 06 3: OBJECT IDENTIFIER organizationalUnitName (2 5 4 455 11) 456 77 13 7: PrintableString 'Testing' 457 : } 458 : } 459 86 31 20: SET { 460 88 30 18: SEQUENCE { 461 90 06 3: OBJECT IDENTIFIER commonName (2 5 4 3) 462 95 13 11: PrintableString 'Root DSA CA' 463 : } 464 : } 465 : } 466 108 30 30: SEQUENCE { 467 110 17 13: UTCTime '990914010557Z' 468 125 17 13: UTCTime '991113010557Z' 469 : } 470 140 30 70: SEQUENCE { 471 142 31 11: SET { 473 Prafullchandra, Schaad 9 474 144 30 9: SEQUENCE { 475 146 06 3: OBJECT IDENTIFIER countryName (2 5 4 6) 476 151 13 2: PrintableString 'US' 477 : } 478 : } 479 155 31 17: SET { 480 157 30 15: SEQUENCE { 481 159 06 3: OBJECT IDENTIFIER organizationName (2 5 4 10) 482 164 13 8: PrintableString 'XETI Inc' 483 : } 484 : } 485 174 31 16: SET { 486 176 30 14: SEQUENCE { 487 178 06 3: OBJECT IDENTIFIER organizationalUnitName (2 5 4 488 11) 489 183 13 7: PrintableString 'Testing' 490 : } 491 : } 492 192 31 18: SET { 493 194 30 16: SEQUENCE { 494 196 06 3: OBJECT IDENTIFIER commonName (2 5 4 3) 495 201 13 9: PrintableString 'DH TestCA' 496 : } 497 : } 498 : } 499 212 30 577: SEQUENCE { 500 216 30 438: SEQUENCE { 501 220 06 7: OBJECT IDENTIFIER dhPublicKey (1 2 840 10046 2 1) 502 229 30 425: SEQUENCE { 503 233 02 129: INTEGER 504 : 00 94 84 E0 45 6C 7F 69 51 62 3E 56 80 7C 68 E7 505 : C5 A9 9E 9E 74 74 94 ED 90 8C 1D C4 E1 4A 14 82 506 : F5 D2 94 0C 19 E3 B9 10 BB 11 B9 E5 A5 FB 8E 21 507 : 51 63 02 86 AA 06 B8 21 36 B6 7F 36 DF D1 D6 68 508 : 5B 79 7C 1D 5A 14 75 1F 6A 93 75 93 CE BB 97 72 509 : 8A F0 0F 23 9D 47 F6 D4 B3 C7 F0 F4 E6 F6 2B C2 510 : 32 E1 89 67 BE 7E 06 AE F8 D0 01 6B 8B 2A F5 02 511 : D7 B6 A8 63 94 83 B0 1B 31 7D 52 1A DE E5 03 85 512 : 27 513 365 02 128: INTEGER 514 : 26 A6 32 2C 5A 2B D4 33 2B 5C DC 06 87 53 3F 90 515 : 06 61 50 38 3E D2 B9 7D 81 1C 12 10 C5 0C 53 D4 516 : 64 D1 8E 30 07 08 8C DD 3F 0A 2F 2C D6 1B 7F 57 517 : 86 D0 DA BB 6E 36 2A 18 E8 D3 BC 70 31 7A 48 B6 518 : 4E 18 6E DD 1F 22 06 EB 3F EA D4 41 69 D9 9B DE 519 : 47 95 7A 72 91 D2 09 7F 49 5C 3B 03 33 51 C8 F1 520 : 39 9A FF 04 D5 6E 7E 94 3D 03 B8 F6 31 15 26 48 521 : 95 A8 5C DE 47 88 B4 69 3A 00 A7 86 9E DA D1 CD 522 496 02 33: INTEGER 523 : 00 E8 72 FA 96 F0 11 40 F5 F2 DC FD 3B 5D 78 94 524 : B1 85 01 E5 69 37 21 F7 25 B9 BA 71 4A FC 60 30 525 : FB 526 531 02 97: INTEGER 527 : 00 A3 91 01 C0 A8 6E A4 4D A0 56 FC 6C FE 1F A7 529 Prafullchandra, Schaad 10 530 : B0 CD 0F 94 87 0C 25 BE 97 76 8D EB E5 A4 09 5D 531 : AB 83 CD 80 0B 35 67 7F 0C 8E A7 31 98 32 85 39 532 : 40 9D 11 98 D8 DE B8 7F 86 9B AF 8D 67 3D B6 76 533 : B4 61 2F 21 E1 4B 0E 68 FF 53 3E 87 DD D8 71 56 534 : 68 47 DC F7 20 63 4B 3C 5F 78 71 83 E6 70 9E E2 535 : 92 536 630 30 26: SEQUENCE { 537 632 03 21: BIT STRING 0 unused bits 538 : 1C D5 3A 0D 17 82 6D 0A 81 75 81 46 10 8E 3E DB 539 : 09 E4 98 34 540 655 02 1: INTEGER 55 541 : } 542 : } 543 : } 544 658 03 132: BIT STRING 0 unused bits 545 : 02 81 80 5F CF 39 AD 62 CF 49 8E D1 CE 66 E2 B1 546 : E6 A7 01 4D 05 C2 77 C8 92 52 42 A9 05 A4 DB E0 547 : 46 79 50 A3 FC 99 3D 3D A6 9B A9 AD BC 62 1C 69 548 : B7 11 A1 C0 2A F1 85 28 F7 68 FE D6 8F 31 56 22 549 : 4D 0A 11 6E 72 3A 02 AF 0E 27 AA F9 ED CE 05 EF 550 : D8 59 92 C0 18 D7 69 6E BD 70 B6 21 D1 77 39 21 551 : E1 AF 7A 3A CF 20 0A B4 2C 69 5F CF 79 67 20 31 552 : 4D F2 C6 ED 23 BF C4 BB 1E D1 71 40 2C 07 D6 F0 553 : 8F C5 1A 554 : } 555 793 A3 85: [3] { 556 795 30 83: SEQUENCE { 557 797 30 29: SEQUENCE { 558 799 06 3: OBJECT IDENTIFIER subjectKeyIdentifier (2 5 29 559 14) 560 804 04 22: OCTET STRING 561 : 04 14 80 DF 59 88 BF EB 17 E1 AD 5E C6 40 A3 42 562 : E5 AC D3 B4 88 78 563 : } 564 828 30 34: SEQUENCE { 565 830 06 3: OBJECT IDENTIFIER authorityKeyIdentifier (2 5 29 566 35) 567 835 01 1: BOOLEAN TRUE 568 838 04 24: OCTET STRING 569 : 30 16 80 14 6A 23 37 55 B9 FD 81 EA E8 4E D3 C9 570 : B7 09 E5 7B 06 E3 68 AA 571 : } 572 864 30 14: SEQUENCE { 573 866 06 3: OBJECT IDENTIFIER keyUsage (2 5 29 15) 574 871 01 1: BOOLEAN TRUE 575 874 04 4: OCTET STRING 576 : 03 02 03 08 577 : } 578 : } 579 : } 580 : } 581 880 30 11: SEQUENCE { 582 882 06 7: OBJECT IDENTIFIER dsaWithSha1 (1 2 840 10040 4 3) 583 891 05 0: NULL 585 Prafullchandra, Schaad 11 586 : } 587 893 03 48: BIT STRING 0 unused bits 588 : 30 2D 02 14 7C 6D D2 CA 1E 32 D1 30 2E 29 66 BC 589 : 06 8B 60 C7 61 16 3B CA 02 15 00 8A 18 DD C1 83 590 : 58 29 A2 8A 67 64 03 92 AB 02 CE 00 B5 94 6A 591 : } 593 Step 2. End Entity/User generates a Diffie-Hellman key-pair using 594 the parameters from the CA certificate. 596 EE DH public key: SunJCE Diffie-Hellman Public Key: 598 Y: 13 63 A1 85 04 8C 46 A8 88 EB F4 5E A8 93 74 AE 599 FD AE 9E 96 27 12 65 C4 4C 07 06 3E 18 FE 94 B8 600 A8 79 48 BD 2E 34 B6 47 CA 04 30 A1 EC 33 FD 1A 601 0B 2D 9E 50 C9 78 0F AE 6A EC B5 6B 6A BE B2 5C 602 DA B2 9F 78 2C B9 77 E2 79 2B 25 BF 2E 0B 59 4A 603 93 4B F8 B3 EC 81 34 AE 97 47 52 E0 A8 29 98 EC 604 D1 B0 CA 2B 6F 7A 8B DB 4E 8D A5 15 7E 7E AF 33 605 62 09 9E 0F 11 44 8C C1 8D A2 11 9E 53 EF B2 E8 607 EE DH private key: 609 X: 32 CC BD B4 B7 7C 44 26 BB 3C 83 42 6E 7D 1B 00 610 86 35 09 71 07 A0 A4 76 B8 DB 5F EC 00 CE 6F C3 612 Step 3. Compute K and the signature. 614 LeadingInfo: DER encoded Subject/Requestor DN (as in the generated 615 Certificate Signing Request) 617 30 4E 31 0B 30 09 06 03 55 04 06 13 02 55 53 31 618 11 30 0F 06 03 55 04 0A 13 08 58 45 54 49 20 49 619 6E 63 31 10 30 0E 06 03 55 04 0B 13 07 54 65 73 620 74 69 6E 67 31 1A 30 18 06 03 55 04 03 13 11 50 621 4B 49 58 20 45 78 61 6D 70 6C 65 20 55 73 65 72 623 TrailingInfo: DER encoded Issuer/Recipient DN (from the certificate 624 described in step 1) 626 30 46 31 0B 30 09 06 03 55 04 06 13 02 55 53 31 627 11 30 0F 06 03 55 04 0A 13 08 58 45 54 49 20 49 628 6E 63 31 10 30 0E 06 03 55 04 0B 13 07 54 65 73 629 74 69 6E 67 31 12 30 10 06 03 55 04 03 13 09 44 630 48 20 54 65 73 74 43 41 632 K: 633 F4 D7 BB 6C C7 2D 21 7F 1C 38 F7 DA 74 2D 51 AD 634 14 40 66 75 636 TBS: the �text� for computing the SHA-1 HMAC. 638 Prafullchandra, Schaad 12 639 30 82 02 98 02 01 00 30 4E 31 0B 30 09 06 03 55 640 04 06 13 02 55 53 31 11 30 0F 06 03 55 04 0A 13 641 08 58 45 54 49 20 49 6E 63 31 10 30 0E 06 03 55 642 04 0B 13 07 54 65 73 74 69 6E 67 31 1A 30 18 06 643 03 55 04 03 13 11 50 4B 49 58 20 45 78 61 6D 70 644 6C 65 20 55 73 65 72 30 82 02 41 30 82 01 B6 06 645 07 2A 86 48 CE 3E 02 01 30 82 01 A9 02 81 81 00 646 94 84 E0 45 6C 7F 69 51 62 3E 56 80 7C 68 E7 C5 647 A9 9E 9E 74 74 94 ED 90 8C 1D C4 E1 4A 14 82 F5 648 D2 94 0C 19 E3 B9 10 BB 11 B9 E5 A5 FB 8E 21 51 649 63 02 86 AA 06 B8 21 36 B6 7F 36 DF D1 D6 68 5B 650 79 7C 1D 5A 14 75 1F 6A 93 75 93 CE BB 97 72 8A 651 F0 0F 23 9D 47 F6 D4 B3 C7 F0 F4 E6 F6 2B C2 32 652 E1 89 67 BE 7E 06 AE F8 D0 01 6B 8B 2A F5 02 D7 653 B6 A8 63 94 83 B0 1B 31 7D 52 1A DE E5 03 85 27 654 02 81 80 26 A6 32 2C 5A 2B D4 33 2B 5C DC 06 87 655 53 3F 90 06 61 50 38 3E D2 B9 7D 81 1C 12 10 C5 656 0C 53 D4 64 D1 8E 30 07 08 8C DD 3F 0A 2F 2C D6 657 1B 7F 57 86 D0 DA BB 6E 36 2A 18 E8 D3 BC 70 31 658 7A 48 B6 4E 18 6E DD 1F 22 06 EB 3F EA D4 41 69 659 D9 9B DE 47 95 7A 72 91 D2 09 7F 49 5C 3B 03 33 660 51 C8 F1 39 9A FF 04 D5 6E 7E 94 3D 03 B8 F6 31 661 15 26 48 95 A8 5C DE 47 88 B4 69 3A 00 A7 86 9E 662 DA D1 CD 02 21 00 E8 72 FA 96 F0 11 40 F5 F2 DC 663 FD 3B 5D 78 94 B1 85 01 E5 69 37 21 F7 25 B9 BA 664 71 4A FC 60 30 FB 02 61 00 A3 91 01 C0 A8 6E A4 665 4D A0 56 FC 6C FE 1F A7 B0 CD 0F 94 87 0C 25 BE 666 97 76 8D EB E5 A4 09 5D AB 83 CD 80 0B 35 67 7F 667 0C 8E A7 31 98 32 85 39 40 9D 11 98 D8 DE B8 7F 668 86 9B AF 8D 67 3D B6 76 B4 61 2F 21 E1 4B 0E 68 669 FF 53 3E 87 DD D8 71 56 68 47 DC F7 20 63 4B 3C 670 5F 78 71 83 E6 70 9E E2 92 30 1A 03 15 00 1C D5 671 3A 0D 17 82 6D 0A 81 75 81 46 10 8E 3E DB 09 E4 672 98 34 02 01 37 03 81 84 00 02 81 80 13 63 A1 85 673 04 8C 46 A8 88 EB F4 5E A8 93 74 AE FD AE 9E 96 674 27 12 65 C4 4C 07 06 3E 18 FE 94 B8 A8 79 48 BD 675 2E 34 B6 47 CA 04 30 A1 EC 33 FD 1A 0B 2D 9E 50 676 C9 78 0F AE 6A EC B5 6B 6A BE B2 5C DA B2 9F 78 677 2C B9 77 E2 79 2B 25 BF 2E 0B 59 4A 93 4B F8 B3 678 EC 81 34 AE 97 47 52 E0 A8 29 98 EC D1 B0 CA 2B 679 6F 7A 8B DB 4E 8D A5 15 7E 7E AF 33 62 09 9E 0F 680 11 44 8C C1 8D A2 11 9E 53 EF B2 E8 682 Certification Request: 684 0 30 793: SEQUENCE { 685 4 30 664: SEQUENCE { 686 8 02 1: INTEGER 0 687 11 30 78: SEQUENCE { 688 13 31 11: SET { 689 15 30 9: SEQUENCE { 690 17 06 3: OBJECT IDENTIFIER countryName (2 5 4 6) 691 22 13 2: PrintableString 'US' 693 Prafullchandra, Schaad 13 694 : } 695 : } 696 26 31 17: SET { 697 28 30 15: SEQUENCE { 698 30 06 3: OBJECT IDENTIFIER organizationName (2 5 4 10) 699 35 13 8: PrintableString 'XETI Inc' 700 : } 701 : } 702 45 31 16: SET { 703 47 30 14: SEQUENCE { 704 49 06 3: OBJECT IDENTIFIER organizationalUnitName (2 5 4 705 11) 706 54 13 7: PrintableString 'Testing' 707 : } 708 : } 709 63 31 26: SET { 710 65 30 24: SEQUENCE { 711 67 06 3: OBJECT IDENTIFIER commonName (2 5 4 3) 712 72 13 17: PrintableString 'PKIX Example User' 713 : } 714 : } 715 : } 716 91 30 577: SEQUENCE { 717 95 30 438: SEQUENCE { 718 99 06 7: OBJECT IDENTIFIER dhPublicKey (1 2 840 10046 2 1) 719 108 30 425: SEQUENCE { 720 112 02 129: INTEGER 721 : 00 94 84 E0 45 6C 7F 69 51 62 3E 56 80 7C 68 E7 722 : C5 A9 9E 9E 74 74 94 ED 90 8C 1D C4 E1 4A 14 82 723 : F5 D2 94 0C 19 E3 B9 10 BB 11 B9 E5 A5 FB 8E 21 724 : 51 63 02 86 AA 06 B8 21 36 B6 7F 36 DF D1 D6 68 725 : 5B 79 7C 1D 5A 14 75 1F 6A 93 75 93 CE BB 97 72 726 : 8A F0 0F 23 9D 47 F6 D4 B3 C7 F0 F4 E6 F6 2B C2 727 : 32 E1 89 67 BE 7E 06 AE F8 D0 01 6B 8B 2A F5 02 728 : D7 B6 A8 63 94 83 B0 1B 31 7D 52 1A DE E5 03 85 729 : 27 730 244 02 128: INTEGER 731 : 26 A6 32 2C 5A 2B D4 33 2B 5C DC 06 87 53 3F 90 732 : 06 61 50 38 3E D2 B9 7D 81 1C 12 10 C5 0C 53 D4 733 : 64 D1 8E 30 07 08 8C DD 3F 0A 2F 2C D6 1B 7F 57 734 : 86 D0 DA BB 6E 36 2A 18 E8 D3 BC 70 31 7A 48 B6 735 : 4E 18 6E DD 1F 22 06 EB 3F EA D4 41 69 D9 9B DE 736 : 47 95 7A 72 91 D2 09 7F 49 5C 3B 03 33 51 C8 F1 737 : 39 9A FF 04 D5 6E 7E 94 3D 03 B8 F6 31 15 26 48 738 : 95 A8 5C DE 47 88 B4 69 3A 00 A7 86 9E DA D1 CD 739 375 02 33: INTEGER 740 : 00 E8 72 FA 96 F0 11 40 F5 F2 DC FD 3B 5D 78 94 741 : B1 85 01 E5 69 37 21 F7 25 B9 BA 71 4A FC 60 30 742 : FB 743 410 02 97: INTEGER 744 : 00 A3 91 01 C0 A8 6E A4 4D A0 56 FC 6C FE 1F A7 745 : B0 CD 0F 94 87 0C 25 BE 97 76 8D EB E5 A4 09 5D 746 : AB 83 CD 80 0B 35 67 7F 0C 8E A7 31 98 32 85 39 747 : 40 9D 11 98 D8 DE B8 7F 86 9B AF 8D 67 3D B6 76 749 Prafullchandra, Schaad 14 750 : B4 61 2F 21 E1 4B 0E 68 FF 53 3E 87 DD D8 71 56 751 : 68 47 DC F7 20 63 4B 3C 5F 78 71 83 E6 70 9E E2 752 : 92 753 509 30 26: SEQUENCE { 754 511 03 21: BIT STRING 0 unused bits 755 : 1C D5 3A 0D 17 82 6D 0A 81 75 81 46 10 8E 3E 756 DB 757 : 09 E4 98 34 758 534 02 1: INTEGER 55 759 : } 760 : } 761 : } 762 537 03 132: BIT STRING 0 unused bits 763 : 02 81 80 13 63 A1 85 04 8C 46 A8 88 EB F4 5E A8 764 : 93 74 AE FD AE 9E 96 27 12 65 C4 4C 07 06 3E 18 765 : FE 94 B8 A8 79 48 BD 2E 34 B6 47 CA 04 30 A1 EC 766 : 33 FD 1A 0B 2D 9E 50 C9 78 0F AE 6A EC B5 6B 6A 767 : BE B2 5C DA B2 9F 78 2C B9 77 E2 79 2B 25 BF 2E 768 : 0B 59 4A 93 4B F8 B3 EC 81 34 AE 97 47 52 E0 A8 769 : 29 98 EC D1 B0 CA 2B 6F 7A 8B DB 4E 8D A5 15 7E 770 : 7E AF 33 62 09 9E 0F 11 44 8C C1 8D A2 11 9E 53 771 : EF B2 E8 772 : } 773 : } 774 672 30 12: SEQUENCE { 775 674 06 8: OBJECT IDENTIFIER dh-sig-hmac-sha1 (1 3 6 1 5 5 7 6 3) 776 684 05 0: NULL 777 : } 778 686 03 109: BIT STRING 0 unused bits 779 : 30 6A 30 52 30 48 31 0B 30 09 06 03 55 04 06 13 780 : 02 55 53 31 11 30 0F 06 03 55 04 0A 13 08 58 45 781 : 54 49 20 49 6E 63 31 10 30 0E 06 03 55 04 0B 13 782 : 07 54 65 73 74 69 6E 67 31 14 30 12 06 03 55 04 783 : 03 13 0B 52 6F 6F 74 20 44 53 41 20 43 41 02 06 784 : 00 DA 39 B6 E2 CB 04 14 1B 17 AD 4E 65 86 1A 6C 785 : 7C 85 FA F7 95 DE 48 93 C5 9D C5 24 786 : } 788 Signature verification requires CA�s private key, the CA certificate 789 and the generated Certification Request. 791 CA DH private key: 793 x: 3E 5D AD FD E5 F4 6B 1B 61 5E 18 F9 0B 84 74 a7 794 52 1E D6 92 BC 34 94 56 F3 0C BE DA 67 7A DD 7D 796 Prafullchandra, Schaad 15 797 Appendix C. Example of Discrete Log Signature 799 Step 1. Generate a Diffie-Hellman Key with length of q being 256- 800 bits. 802 p: 803 94 84 E0 45 6C 7F 69 51 62 3E 56 80 7C 68 E7 C5 804 A9 9E 9E 74 74 94 ED 90 8C 1D C4 E1 4A 14 82 F5 805 D2 94 0C 19 E3 B9 10 BB 11 B9 E5 A5 FB 8E 21 51 806 63 02 86 AA 06 B8 21 36 B6 7F 36 DF D1 D6 68 5B 807 79 7C 1D 5A 14 75 1F 6A 93 75 93 CE BB 97 72 8A 808 F0 0F 23 9D 47 F6 D4 B3 C7 F0 F4 E6 F6 2B C2 32 809 E1 89 67 BE 7E 06 AE F8 D0 01 6B 8B 2A F5 02 D7 810 B6 A8 63 94 83 B0 1B 31 7D 52 1A DE E5 03 85 27 812 q: 813 E8 72 FA 96 F0 11 40 F5 F2 DC FD 3B 5D 78 94 B1 814 85 01 E5 69 37 21 F7 25 B9 BA 71 4A FC 60 30 FB 816 g: 817 26 A6 32 2C 5A 2B D4 33 2B 5C DC 06 87 53 3F 90 818 06 61 50 38 3E D2 B9 7D 81 1C 12 10 C5 0C 53 D4 819 64 D1 8E 30 07 08 8C DD 3F 0A 2F 2C D6 1B 7F 57 820 86 D0 DA BB 6E 36 2A 18 E8 D3 BC 70 31 7A 48 B6 821 4E 18 6E DD 1F 22 06 EB 3F EA D4 41 69 D9 9B DE 822 47 95 7A 72 91 D2 09 7F 49 5C 3B 03 33 51 C8 F1 823 39 9A FF 04 D5 6E 7E 94 3D 03 B8 F6 31 15 26 48 824 95 A8 5C DE 47 88 B4 69 3A 00 A7 86 9E DA D1 CD 826 j: 827 A3 91 01 C0 A8 6E A4 4D A0 56 FC 6C FE 1F A7 B0 828 CD 0F 94 87 0C 25 BE 97 76 8D EB E5 A4 09 5D AB 829 83 CD 80 0B 35 67 7F 0C 8E A7 31 98 32 85 39 40 830 9D 11 98 D8 DE B8 7F 86 9B AF 8D 67 3D B6 76 B4 831 61 2F 21 E1 4B 0E 68 FF 53 3E 87 DD D8 71 56 68 832 47 DC F7 20 63 4B 3C 5F 78 71 83 E6 70 9E E2 92 834 y: 835 5F CF 39 AD 62 CF 49 8E D1 CE 66 E2 B1 E6 A7 01 836 4D 05 C2 77 C8 92 52 42 A9 05 A4 DB E0 46 79 50 837 A3 FC 99 3D 3D A6 9B A9 AD BC 62 1C 69 B7 11 A1 838 C0 2A F1 85 28 F7 68 FE D6 8F 31 56 22 4D 0A 11 839 6E 72 3A 02 AF 0E 27 AA F9 ED CE 05 EF D8 59 92 840 C0 18 D7 69 6E BD 70 B6 21 D1 77 39 21 E1 AF 7A 841 3A CF 20 0A B4 2C 69 5F CF 79 67 20 31 4D F2 C6 842 ED 23 BF C4 BB 1E D1 71 40 2C 07 D6 F0 8F C5 1A 844 seed: 845 1C D5 3A 0D 17 82 6D 0A 81 75 81 46 10 8E 3E DB 846 09 E4 98 34 848 C: 849 00000037 851 Prafullchandra, Schaad 16 852 x: 853 3E 5D AD FD E5 F4 6B 1B 61 5E 18 F9 0B 84 74 a7 854 52 1E D6 92 BC 34 94 56 F3 0C BE DA 67 7A DD 7D 856 Step 2. Form the value to be signed and hash with SHA1. The result 857 of the hash for this example is: 858 5f a2 69 b6 4b 22 91 22 6f 4c fe 68 ec 2b d1 c6 859 d4 21 e5 2c 861 Step 3. The hash value needs to be expanded since |q| = 256. This 862 is done by hashing the hash with SHA1 and appending it to the 863 original hash. The value after this step is: 865 5f a2 69 b6 4b 22 91 22 6f 4c fe 68 ec 2b d1 c6 866 d4 21 e5 2c 64 92 8b c9 5e 34 59 70 bd 62 40 ad 867 6f 26 3b f7 1c a3 b2 cb 869 Next the first 255 bits of this value are taken to be the resulting 870 "hash" value. Note in this case a shift of one bit right is done 871 since the result is to be treated as an integer: 873 2f d1 34 db 25 91 48 91 37 a6 7f 34 76 15 e8 e3 874 6a 10 f2 96 32 49 45 e4 af 1a 2c b8 5e b1 20 56 876 Step 4. The signature value is computed. In this case you get the 877 values 879 R: 880 A1 B5 B4 90 01 34 6B A0 31 6A 73 F5 7D F6 5C 14 881 43 52 D2 10 BF 86 58 87 F7 BC 6E 5A 77 FF C3 4B 883 S: 884 59 40 45 BC 6F 0D DC FF 9D 55 40 1E C4 9E 51 3D 885 66 EF B2 FF 06 40 9A 39 68 75 81 F7 EC 9E BE A1 887 The encoded signature values is then: 889 30 45 02 21 00 A1 B5 B4 90 01 34 6B A0 31 6A 73 890 F5 7D F6 5C 14 43 52 D2 10 BF 86 58 87 F7 BC 6E 891 5A 77 FF C3 4B 02 20 59 40 45 BC 6F 0D DC FF 9D 892 55 40 1E C4 9E 51 3D 66 EF B2 FF 06 40 9A 39 68 893 75 81 F7 EC 9E BE A1 895 Result: 896 30 82 02 c2 30 82 02 67 02 01 00 30 1b 31 19 30 897 17 06 03 55 04 03 13 10 49 45 54 46 20 50 4b 49 898 58 20 53 41 4d 50 4c 45 30 82 02 41 30 82 01 b6 899 06 07 2a 86 48 ce 3e 02 01 30 82 01 a9 02 81 81 900 00 94 84 e0 45 6c 7f 69 51 62 3e 56 80 7c 68 e7 901 c5 a9 9e 9e 74 74 94 ed 90 8c 1d c4 e1 4a 14 82 902 f5 d2 94 0c 19 e3 b9 10 bb 11 b9 e5 a5 fb 8e 21 903 51 63 02 86 aa 06 b8 21 36 b6 7f 36 df d1 d6 68 904 5b 79 7c 1d 5a 14 75 1f 6a 93 75 93 ce bb 97 72 906 Prafullchandra, Schaad 17 907 8a f0 0f 23 9d 47 f6 d4 b3 c7 f0 f4 e6 f6 2b c2 908 32 e1 89 67 be 7e 06 ae f8 d0 01 6b 8b 2a f5 02 909 d7 b6 a8 63 94 83 b0 1b 31 7d 52 1a de e5 03 85 910 27 02 81 80 26 a6 32 2c 5a 2b d4 33 2b 5c dc 06 911 87 53 3f 90 06 61 50 38 3e d2 b9 7d 81 1c 12 10 912 c5 0c 53 d4 64 d1 8e 30 07 08 8c dd 3f 0a 2f 2c 913 d6 1b 7f 57 86 d0 da bb 6e 36 2a 18 e8 d3 bc 70 914 31 7a 48 b6 4e 18 6e dd 1f 22 06 eb 3f ea d4 41 915 69 d9 9b de 47 95 7a 72 91 d2 09 7f 49 5c 3b 03 916 33 51 c8 f1 39 9a ff 04 d5 6e 7e 94 3d 03 b8 f6 917 31 15 26 48 95 a8 5c de 47 88 b4 69 3a 00 a7 86 918 9e da d1 cd 02 21 00 e8 72 fa 96 f0 11 40 f5 f2 919 dc fd 3b 5d 78 94 b1 85 01 e5 69 37 21 f7 25 b9 920 ba 71 4a fc 60 30 fb 02 61 00 a3 91 01 c0 a8 6e 921 a4 4d a0 56 fc 6c fe 1f a7 b0 cd 0f 94 87 0c 25 922 be 97 76 8d eb e5 a4 09 5d ab 83 cd 80 0b 35 67 923 7f 0c 8e a7 31 98 32 85 39 40 9d 11 98 d8 de b8 924 7f 86 9b af 8d 67 3d b6 76 b4 61 2f 21 e1 4b 0e 925 68 ff 53 3e 87 dd d8 71 56 68 47 dc f7 20 63 4b 926 3c 5f 78 71 83 e6 70 9e e2 92 30 1a 03 15 00 1c 927 d5 3a 0d 17 82 6d 0a 81 75 81 46 10 8e 3e db 09 928 e4 98 34 02 01 37 03 81 84 00 02 81 80 5f cf 39 929 ad 62 cf 49 8e d1 ce 66 e2 b1 e6 a7 01 4d 05 c2 930 77 c8 92 52 42 a9 05 a4 db e0 46 79 50 a3 fc 99 931 3d 3d a6 9b a9 ad bc 62 1c 69 b7 11 a1 c0 2a f1 932 85 28 f7 68 fe d6 8f 31 56 22 4d 0a 11 6e 72 3a 933 02 af 0e 27 aa f9 ed ce 05 ef d8 59 92 c0 18 d7 934 69 6e bd 70 b6 21 d1 77 39 21 e1 af 7a 3a cf 20 935 0a b4 2c 69 5f cf 79 67 20 31 4d f2 c6 ed 23 bf 936 c4 bb 1e d1 71 40 2c 07 d6 f0 8f c5 1a a0 00 30 937 0c 06 08 2b 06 01 05 05 07 06 04 05 00 03 47 00 938 30 44 02 20 54 d9 43 8d 0f 9d 42 03 d6 09 aa a1 939 9a 3c 17 09 ae bd ee b3 d1 a0 00 db 7d 8c b8 e4 940 56 e6 57 7b 02 20 44 89 b1 04 f5 40 2b 5f e7 9c 941 f9 a4 97 50 0d ad c3 7a a4 2b b2 2d 5d 79 fb 38 942 8a b4 df bb 88 bc 944 Decoded Version of result: 946 0 30 707: SEQUENCE { 947 4 30 615: SEQUENCE { 948 8 02 1: INTEGER 0 949 11 30 27: SEQUENCE { 950 13 31 25: SET { 951 15 30 23: SEQUENCE { 952 17 06 3: OBJECT IDENTIFIER commonName (2 5 4 3) 953 22 13 16: PrintableString 'IETF PKIX SAMPLE' 954 : } 955 : } 956 : } 957 40 30 577: SEQUENCE { 958 44 30 438: SEQUENCE { 960 Prafullchandra, Schaad 18 961 48 06 7: OBJECT IDENTIFIER dhPublicNumber (1 2 840 10046 2 962 1) 963 57 30 425: SEQUENCE { 964 61 02 129: INTEGER 965 : 00 94 84 E0 45 6C 7F 69 51 62 3E 56 80 7C 68 E7 966 : C5 A9 9E 9E 74 74 94 ED 90 8C 1D C4 E1 4A 14 82 967 : F5 D2 94 0C 19 E3 B9 10 BB 11 B9 E5 A5 FB 8E 21 968 : 51 63 02 86 AA 06 B8 21 36 B6 7F 36 DF D1 D6 68 969 : 5B 79 7C 1D 5A 14 75 1F 6A 93 75 93 CE BB 97 72 970 : 8A F0 0F 23 9D 47 F6 D4 B3 C7 F0 F4 E6 F6 2B C2 971 : 32 E1 89 67 BE 7E 06 AE F8 D0 01 6B 8B 2A F5 02 972 : D7 B6 A8 63 94 83 B0 1B 31 7D 52 1A DE E5 03 85 973 : 27 974 193 02 128: INTEGER 975 : 26 A6 32 2C 5A 2B D4 33 2B 5C DC 06 87 53 3F 90 976 : 06 61 50 38 3E D2 B9 7D 81 1C 12 10 C5 0C 53 D4 977 : 64 D1 8E 30 07 08 8C DD 3F 0A 2F 2C D6 1B 7F 57 978 : 86 D0 DA BB 6E 36 2A 18 E8 D3 BC 70 31 7A 48 B6 979 : 4E 18 6E DD 1F 22 06 EB 3F EA D4 41 69 D9 9B DE 980 : 47 95 7A 72 91 D2 09 7F 49 5C 3B 03 33 51 C8 F1 981 : 39 9A FF 04 D5 6E 7E 94 3D 03 B8 F6 31 15 26 48 982 : 95 A8 5C DE 47 88 B4 69 3A 00 A7 86 9E DA D1 CD 983 324 02 33: INTEGER 984 : 00 E8 72 FA 96 F0 11 40 F5 F2 DC FD 3B 5D 78 94 985 : B1 85 01 E5 69 37 21 F7 25 B9 BA 71 4A FC 60 30 986 : FB 987 359 02 97: INTEGER 988 : 00 A3 91 01 C0 A8 6E A4 4D A0 56 FC 6C FE 1F A7 989 : B0 CD 0F 94 87 0C 25 BE 97 76 8D EB E5 A4 09 5D 990 : AB 83 CD 80 0B 35 67 7F 0C 8E A7 31 98 32 85 39 991 : 40 9D 11 98 D8 DE B8 7F 86 9B AF 8D 67 3D B6 76 992 : B4 61 2F 21 E1 4B 0E 68 FF 53 3E 87 DD D8 71 56 993 : 68 47 DC F7 20 63 4B 3C 5F 78 71 83 E6 70 9E E2 994 : 92 995 458 30 26: SEQUENCE { 996 460 03 21: BIT STRING 0 unused bits 997 : 1C D5 3A 0D 17 82 6D 0A 81 75 81 46 10 8E 3E DB 998 : 09 E4 98 34 999 483 02 1: INTEGER 55 1000 : } 1001 : } 1002 : } 1003 486 03 132: BIT STRING 0 unused bits 1004 : 02 81 80 5F CF 39 AD 62 CF 49 8E D1 CE 66 E2 B1 1005 : E6 A7 01 4D 05 C2 77 C8 92 52 42 A9 05 A4 DB E0 1006 : 46 79 50 A3 FC 99 3D 3D A6 9B A9 AD BC 62 1C 69 1007 : B7 11 A1 C0 2A F1 85 28 F7 68 FE D6 8F 31 56 22 1008 : 4D 0A 11 6E 72 3A 02 AF 0E 27 AA F9 ED CE 05 EF 1009 : D8 59 92 C0 18 D7 69 6E BD 70 B6 21 D1 77 39 21 1010 : E1 AF 7A 3A CF 20 0A B4 2C 69 5F CF 79 67 20 31 1011 : 4D F2 C6 ED 23 BF C4 BB 1E D1 71 40 2C 07 D6 F0 1012 : 8F C5 1A 1013 : } 1014 621 A0 0: [0] 1016 Prafullchandra, Schaad 19 1017 : } 1018 623 30 12: SEQUENCE { 1019 625 06 8: OBJECT IDENTIFIER '1 3 6 1 5 5 7 6 4' 1020 635 05 0: NULL 1021 : } 1022 637 03 72: BIT STRING 0 unused bits 1023 : 30 45 02 21 00 A1 B5 B4 90 01 34 6B A0 31 6A 73 1024 : F5 7D F6 5C 14 43 52 D2 10 BF 86 58 87 F7 BC 6E 1025 : 5A 77 FF C3 4B 02 20 59 40 45 BC 6F 0D DC FF 9D 1026 : 55 40 1E C4 9E 51 3D 66 EF B2 FF 06 40 9A 39 68 1027 : 75 81 F7 EC 9E BE A1 1028 : } 1030 Prafullchandra, Schaad 20 1031 http://www.nwlink.com