lamps D.K. Gillmor, Ed. Internet-Draft ACLU Intended status: Informational 14 May 2021 Expires: 15 November 2021 S/MIME Example Keys and Certificates draft-ietf-lamps-samples-03 Abstract The S/MIME development community benefits from sharing samples of signed or encrypted data. This document facilitates such collaboration by defining a small set of X.509v3 certificates and keys for use when generating such samples. Status of This Memo This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet- Drafts is at https://datatracker.ietf.org/drafts/current/. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." This Internet-Draft will expire on 15 November 2021. Copyright Notice Copyright (c) 2021 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/ license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License. Gillmor Expires 15 November 2021 [Page 1] Internet-Draft S/MIME Example Keys and Certificates May 2021 Table of Contents 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3 1.1. Requirements Language . . . . . . . . . . . . . . . . . . 4 1.2. Terminology . . . . . . . . . . . . . . . . . . . . . . . 4 1.3. Prior Work . . . . . . . . . . . . . . . . . . . . . . . 4 2. Background . . . . . . . . . . . . . . . . . . . . . . . . . 4 2.1. Certificate Usage . . . . . . . . . . . . . . . . . . . . 5 2.2. Certificate Expiration . . . . . . . . . . . . . . . . . 5 2.3. Certificate Revocation . . . . . . . . . . . . . . . . . 5 2.4. Using the CA in Test Suites . . . . . . . . . . . . . . . 5 2.5. Certificate Chains . . . . . . . . . . . . . . . . . . . 6 2.6. Passwords . . . . . . . . . . . . . . . . . . . . . . . . 6 2.7. Secret key origins . . . . . . . . . . . . . . . . . . . 7 3. Example RSA Certification Authority . . . . . . . . . . . . . 7 3.1. RSA Certification Authority Root Certificate . . . . . . 7 3.2. RSA Certification Authority Secret Key . . . . . . . . . 8 3.3. RSA Certification Authority Cross-signed Certificate . . 9 4. Alice's Sample Certificates . . . . . . . . . . . . . . . . . 10 4.1. Alice's Signature Verification End-Entity Certificate . . 10 4.2. Alice's Signing Private Key Material . . . . . . . . . . 11 4.3. Alice's Encryption End-Entity Certificate . . . . . . . . 12 4.4. Alice's Decryption Private Key Material . . . . . . . . . 13 4.5. PKCS12 Object for Alice . . . . . . . . . . . . . . . . . 14 5. Bob's Sample . . . . . . . . . . . . . . . . . . . . . . . . 17 5.1. Bob's Signature Verification End-Entity Certificate . . . 18 5.2. Bob's Signing Private Key Material . . . . . . . . . . . 18 5.3. Bob's Encryption End-Entity Certificate . . . . . . . . . 19 5.4. Bob's Decryption Private Key Material . . . . . . . . . . 20 5.5. PKCS12 Object for Bob . . . . . . . . . . . . . . . . . . 21 6. Example Ed25519 Certification Authority . . . . . . . . . . . 24 6.1. Ed25519 Certification Authority Root Certificate . . . . 25 6.2. Ed25519 Certification Authority Secret Key . . . . . . . 25 6.3. Ed25519 Certification Authority Cross-signed Certificate . . . . . . . . . . . . . . . . . . . . . . . 25 7. Carlos's Sample Certificates . . . . . . . . . . . . . . . . 26 7.1. Carlos's Signature Verification End-Entity Certificate . 26 7.2. Carlos's Signing Private Key Material . . . . . . . . . . 27 7.3. Carlos's Encryption End-Entity Certificate . . . . . . . 27 7.4. Carlos's Decryption Private Key Material . . . . . . . . 27 7.5. PKCS12 Object for Carlos . . . . . . . . . . . . . . . . 28 8. Dana's Sample Certificates . . . . . . . . . . . . . . . . . 29 8.1. Dana's Signature Verification End-Entity Certificate . . 29 8.2. Dana's Signing Private Key Material . . . . . . . . . . . 29 8.3. Dana's Encryption End-Entity Certificate . . . . . . . . 30 8.4. Dana's Decryption Private Key Material . . . . . . . . . 30 8.5. PKCS12 Object for Dana . . . . . . . . . . . . . . . . . 30 9. Security Considerations . . . . . . . . . . . . . . . . . . . 32 Gillmor Expires 15 November 2021 [Page 2] Internet-Draft S/MIME Example Keys and Certificates May 2021 10. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 32 11. Document Considerations . . . . . . . . . . . . . . . . . . . 32 11.1. Document History . . . . . . . . . . . . . . . . . . . . 32 11.1.1. Substantive Changes from draft-ietf-*-02 to draft-ietf-*-03 . . . . . . . . . . . . . . . . . . . 32 11.1.2. Substantive Changes from draft-ietf-*-01 to draft-ietf-*-02 . . . . . . . . . . . . . . . . . . . 32 11.1.3. Substantive Changes from draft-ietf-*-00 to draft-ietf-*-01 . . . . . . . . . . . . . . . . . . . 33 11.1.4. Substantive Changes from draft-dkg-*-05 to draft-ietf-*-00 . . . . . . . . . . . . . . . . . . . 33 11.1.5. Substantive Changes from draft-dkg-*-04 to draft-dkg-*-05 . . . . . . . . . . . . . . . . . . . 33 11.1.6. Substantive Changes from draft-dkg-*-03 to draft-dkg-*-04 . . . . . . . . . . . . . . . . . . . 33 11.1.7. Substantive Changes from draft-dkg-*-02 to draft-dkg-*-03 . . . . . . . . . . . . . . . . . . . 33 11.1.8. Substantive Changes from draft-dkg-*-01 to draft-dkg-*-02 . . . . . . . . . . . . . . . . . . . 33 11.1.9. Substantive Changes from draft-dkg-*-00 to draft-dkg-*-01 . . . . . . . . . . . . . . . . . . . 33 12. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 33 13. References . . . . . . . . . . . . . . . . . . . . . . . . . 34 13.1. Normative References . . . . . . . . . . . . . . . . . . 34 13.2. Informative References . . . . . . . . . . . . . . . . . 35 Author's Address . . . . . . . . . . . . . . . . . . . . . . . . 36 1. Introduction The S/MIME ([RFC8551]) development community, in particular the e-mail development community, benefits from sharing samples of signed and/or encrypted data. Often the exact key material used does not matter because the properties being tested pertain to implementation correctness, completeness or interoperability of the overall system. However, without access to the relevant secret key material, a sample is useless. This document defines a small set of X.509v3 certificates ([RFC5280]) and secret keys for use when generating or operating on such samples. An example RSA certification authority is supplied, and sample RSA certificates are provided for two "personas", Alice and Bob. Additionally, an Ed25519 ([RFC8032]) certification authority is supplied, along with sample Ed25519 certificates for two more "personas", Carlos and Dana. Gillmor Expires 15 November 2021 [Page 3] Internet-Draft S/MIME Example Keys and Certificates May 2021 This document focuses narrowly on functional, well-formed identity and key material. It is a starting point that other documents can use to develop sample signed or encrypted messages, test vectors, or other artifacts for improved interoperability. 1.1. Requirements Language The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all capitals, as shown here. 1.2. Terminology * "Certification Authority" (or "CA") is a party capable of issuing X.509 certificates * "End-Entity" is a party that is capable of using X.509 certificates (and their corresponding secret key material) * "Mail User Agent" (or "MUA") is a program that generates or handles [RFC5322] e-mail messages. 1.3. Prior Work [RFC4134] contains some sample certificates, as well as messages of various S/MIME formats. That older work has unacceptably old algorithm choices that may introduce failures when testing modern systems: in 2019, some tools explicitly mark 1024-bit RSA and 1024-bit DSS as weak. This earlier document also does not use the now widely-accepted PEM encoding for the objects, and instead embeds runnable perl code to extract them from the document. It also includes examples of messages and other structures which are greater in ambition than this document intends to be. [RFC8410] includes an example X25519 certificate that is certified with Ed25519, but it appears to be self-issued, and it is not directly useful in testing an S/MIME-capable MUA. 2. Background Gillmor Expires 15 November 2021 [Page 4] Internet-Draft S/MIME Example Keys and Certificates May 2021 2.1. Certificate Usage These X.509 certificates ([RFC5280]) are designed for use with S/MIME protections ([RFC8551]) for e-mail ([RFC5322]). In particular, they should be usable with signed and encrypted messages, as part of test suites and interoperability frameworks. All end-entity and intermediate CA certificates are marked with Certificate Policies from [TEST-POLICY] indicating that they are intended only for use in testing environments. End-entity certificates are marked with policy 2.16.840.1.101.3.2.1.48.1 and intermediate CAs are marked with policy 2.16.840.1.101.3.2.1.48.2. 2.2. Certificate Expiration The certificates included in this draft expire in 2052. This should be sufficiently far in the future that they will be useful for a few decades. However, when testing tools in the far future (or when playing with clock skew scenarios), care should be taken to consider the certificate validity window. Due to this lengthy expiration window, these certificates will not be particularly useful to test or evaluate the interaction between certificate expiration and protected messages. 2.3. Certificate Revocation Because these are expected to be used in test suites or examples, and we do not expect there to be online network services in these use cases, we do not expect these certificates to produce any revocation artifacts. As a result, there are no OCSP or CRL indicators in any of the certificates. 2.4. Using the CA in Test Suites To use these end-entity certificates in a piece of software (for example, in a test suite or an interoperability matrix), most tools will need to accept either the Example RSA CA (Section 3) or the Example Ed25519 CA (Section 6) as a legitimate root authority. Gillmor Expires 15 November 2021 [Page 5] Internet-Draft S/MIME Example Keys and Certificates May 2021 Note that some tooling behaves differently for certificates validated by "locally-installed root CAs" than for pre-installed "system-level" root CAs). For example, many common implementations of HPKP ([RFC7469]) only applied the designed protections when dealing with a certificate issued by a pre-installed "system-level" root CA, and were disabled when dealing with a certificate issued by a "locally- installed root CA". To test some tooling specifically, it may be necessary to install the root CA as a "system-level" root CA. 2.5. Certificate Chains In most real-world examples, X.509 certificates are deployed with a chain of more than one X.509 certificate. In particular, there is typically a long-lived root CA that users' software knows about upon installation, and the end-entity certificate is issued by an intermediate CA, which is in turn issued by the root CA. The example end-entity certificates in this document can be used with either a simple two-link certificate chain (they are directly certified by their corresponding root CA), or in a three-link chain. For example, Alice's encryption certificate (Section 4.3, "alice.encrypt.crt") can be validated by a peer that directly trusts the Example RSA CA's root cert (Section 3.1, "ca.rsa.crt"): ╔════════════╗ ┌───────────────────┐ ║ ca.rsa.crt ╟─→│ alice.encrypt.crt │ ╚════════════╝ └───────────────────┘ And it can also be validated by a peer that only directly trusts the Example Ed25519 CA's root cert (Section 6.1, "ca.25519.crt"), via an intermediate cross-signed CA cert (Section 3.3, "ca.rsa.cross.crt"): ╔══════════════╗ ┌──────────────────┐ ┌───────────────────┐ ║ ca.25519.crt ╟─→│ ca.rsa.cross.crt ├─→│ alice.encrypt.crt │ ╚══════════════╝ └──────────────────┘ └───────────────────┘ By omitting the cross-signed CA certs, it should be possible to test a "transvalid" certificate (an end-entity certificate that is supplied without its intermediate certificate) in some configurations. 2.6. Passwords Each secret key presented in this draft is unprotected (it has no password). Gillmor Expires 15 November 2021 [Page 6] Internet-Draft S/MIME Example Keys and Certificates May 2021 As such, the secret key objects are not suitable for verifying interoperable password protection schemes. However, the PKCS#12 [RFC7292] objects do have simple textual passwords, because tooling for dealing with passwordless PKCS#12 objects is underdeveloped at the time of this draft. 2.7. Secret key origins The secret RSA keys in this document are all deterministically derived using provable prime generation as found in [FIPS186-4], based on known seeds derived via [SHA256] from simple strings. The secret Ed25519 and X25519 keys in this document are all derived by hashing a simple string. The seeds and their derivation are included in the document for informational purposes, and to allow re-creation of the objects from appropriate tooling. All RSA seeds used are 224 bits long (the first 224 bits of the SHA-256 digest of the origin string), and are represented in hexadecimal. 3. Example RSA Certification Authority The example RSA Certification Authority has the following information: * Name: "Sample LAMPS RSA Certification Authority" 3.1. RSA Certification Authority Root Certificate This cerificate is used to verify certificates issued by the example RSA Certification Authority. Gillmor Expires 15 November 2021 [Page 7] Internet-Draft S/MIME Example Keys and Certificates May 2021 -----BEGIN CERTIFICATE----- MIIDezCCAmOgAwIBAgITcBn0xb/zdaeCQlqp6yZUAGZUCDANBgkqhkiG9w0BAQ0F ADBVMTEwLwYDVQQDEyhTYW1wbGUgTEFNUFMgUlNBIENlcnRpZmljYXRpb24gQXV0 aG9yaXR5MREwDwYDVQQLEwhMQU1QUyBXRzENMAsGA1UEChMESUVURjAgFw0xOTEx MjAwNjU0MThaGA8yMDUyMDkyNzA2NTQxOFowVTExMC8GA1UEAxMoU2FtcGxlIExB TVBTIFJTQSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTERMA8GA1UECxMITEFNUFMg V0cxDTALBgNVBAoTBElFVEYwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB AQC2GGPTEFVNdi0LsiQ79A0Mz2G+LRJlbX2vNo8STibAnyQ9VzFrGJHjUhRX/Omr OP3rDCB2SYfBPVwd0CdC6z9qfJkcVxDc1hK+VS9vKncL0IPUYlkJwWuMpXa1Ielz +zCuV+gjV83Uvn6wTn39MCmymu7nFPzihcuOnbMYOCdMmUbi1Dm8TX9P6itFR3hi IHpSKMbkoXlM1837WaFfx57kBIoIuNjKEyPIuK9wGUAeppc5QAHJg95PPEHNHlmM yhBzClmgkyozRSeSrkxq9XeJKU94lWGaZ0zb4karCur/eiMoCk3YNV8L3styvcMG 1qUDCAaKx6FZEf7hE9RN6L3bAgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYD VR0PAQH/BAQDAgEGMB0GA1UdDgQWBBSRMI58BxcMp/EJKGU2GmccaHb0WTANBgkq hkiG9w0BAQ0FAAOCAQEAY02+M6kP215ji21w/fGQ6qZ0FlbgL3VS/zmoHZ4Jd82Y 5A/Hh/bCaDHI8Cb0tMkF7tU+Ly4LX2ruH5VQLjgntCGsaD+pYAH4eGd7Nleras++ IGnhfdfLQHAIzqAZFNjb0xQ6QjRFQrBRfCJKnvYx5NFmLeTuIjSGEqJhADF7EpVQ X3kYQ52RfeY9EbcaNG0jHlrz9A3XDmpliyZ6ASh+RqVHoNht302WymkZvZMHgBpC RptVcy0EbkILYL3CG0ollTPkuI2Lo7nCZJGplT8HZTbCab/ssCf1YFpqK2SOGchC BUw2pCMnWMNMFQjvFc4QwNNFrRaGOeO4allo52D6eA== -----END CERTIFICATE----- 3.2. RSA Certification Authority Secret Key This secret key material is used by the example RSA Certification Authority to issue new certificates. Gillmor Expires 15 November 2021 [Page 8] Internet-Draft S/MIME Example Keys and Certificates May 2021 -----BEGIN PRIVATE KEY----- MIIE+wIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQC2GGPTEFVNdi0L siQ79A0Mz2G+LRJlbX2vNo8STibAnyQ9VzFrGJHjUhRX/OmrOP3rDCB2SYfBPVwd 0CdC6z9qfJkcVxDc1hK+VS9vKncL0IPUYlkJwWuMpXa1Ielz+zCuV+gjV83Uvn6w Tn39MCmymu7nFPzihcuOnbMYOCdMmUbi1Dm8TX9P6itFR3hiIHpSKMbkoXlM1837 WaFfx57kBIoIuNjKEyPIuK9wGUAeppc5QAHJg95PPEHNHlmMyhBzClmgkyozRSeS rkxq9XeJKU94lWGaZ0zb4karCur/eiMoCk3YNV8L3styvcMG1qUDCAaKx6FZEf7h E9RN6L3bAgMBAAECggEAE3tFhsm7DpgDlro+1Sk1kjbHssR4sOBHb4zrPp6c18PO 6T8gWuBcj1DzOzykNTzaMaDxAia4vuxVJB1mberkNHzTFqyb8bx3ceSEOCT3aoyq 5fiFpR0L6Ba1vgg8RTvNCAIApHNa4pVk0XD8Wq+h7mlUAOYGbie5UO8/P2qWjcOz +zcheyYXJS/iuu0t2/F0ihEWGcXBmoc8D++n7mKst2jkAHD4wlPN2MgVqnmagpBz gobFNmCZyZpDS+PPTtQZ1XvdGF5Sodc+Fz+jpWun1kqxDHE4UIZzDA/HAaBgORbm aEZaVsOs9ZExeqOtqu2fPB7zF/1JKdRk4UJOUxS0OQKBgQDJwonP5RwvO0sYoCiw zuFcYTmN/hI3R3viKuxr19CH6+mvuIU85ooIHF6TiouZwhk+6+Vk7rcXdS554DT4 2RbVrX/5i/MOzx8c8IIwoZJIasLz+vx8F4n6hyhV65bXN7AIBojMh2dt8tP2MZ/R VEfsk4mNmO6yKuzyAfjJziCnCQKBgQDnDH9UYUIPkq0PSvViKQFJFCB9BJPFhld2 pIgoziw/JZzM3W3IWU0KWG7UxS0T3xmn3IX6xmWW4vX1/088ybObZWYP0edb61GM I9DoI5igndLgDwyOL2PFuZh5pqqc09DE+cpJW4nNoudqTNmCrjhmxNCGKgGjlD8z /OkSccvywwKBgDd0ReajRUziEjDxjF2UbzKx8lzJsX4KIs22GIdHqSRCvlcy80Qa 5WN3ULNiyB350HCP69wDFMXYym5rJoQjPvh6GIuhYKv4V8fffxkYv5kx5uWiXZVJ 7v2x+m8rMqlyv+pkyWLV8KKytHmdiBzD+oTWxF7r4ueLjtaxngzxn93pAoGBAKpR rR9PnroKHubSE/drUNZFLvnZwPDv6lO8T978tONL372pUT9KjR8eN31DaMpoQOpc BqvpSoQjBLt1nDysV2krI0RwMIOzAWc0E9C8RMvJ6+RdU50Q1BSyjvLGaKi5AAHk PTk8cGYVO1BCHGlX8p3XYfw0xQaHxtuVCV8eYgCvAoGBAIZeiVhc0YTJOjUadz+0 vSOzA1arg5k2YCPCGf7z+ijM5rbMk7jrYixD6WMjTOkVLHDsVxMBpbA7GhL7TKy5 cepBH1PVwxEIl8dqN+UoeJeBpnHo/cjJ0iCR9/aMJzI+qiUo3OMDR+UH99NIddKN i75GRVLAeW0Izgt09EMEiD9joDswOQYKKwYBBAGSCBIIATErMCkGCWCGSAFlAwQC AgQcpcG3hHYU7WYaawUiNRQotLfwnYzMotmTAt1i6Q== -----END PRIVATE KEY----- This secret key was generated using provable prime generation found in [FIPS186-4] using the seed "a5c1b7847614ed661a6b0522351428b4b7f09d8ccca2d99302dd62e9". This seed is the first 224 bits of the [SHA256] digest of the string "draft-lamps-sample-certs-keygen.ca.rsa.seed". 3.3. RSA Certification Authority Cross-signed Certificate If an e-mail client only trusts the Ed25519 Certification Authority Root Certificate found in Section 6.1, they can use this intermediate CA certificate to verify any end entity certificate issued by the example RSA Certification Authority. Gillmor Expires 15 November 2021 [Page 9] Internet-Draft S/MIME Example Keys and Certificates May 2021 -----BEGIN CERTIFICATE----- MIIC5zCCApmgAwIBAgITcTQnnf8DUsvAdvkX7mUemYos7DAFBgMrZXAwWTE1MDMG A1UEAxMsU2FtcGxlIExBTVBTIEVkMjU1MTkgQ2VydGlmaWNhdGlvbiBBdXRob3Jp dHkxETAPBgNVBAsTCExBTVBTIFdHMQ0wCwYDVQQKEwRJRVRGMCAXDTIwMTIxNTIx MzU0NFoYDzIwNTIwOTI3MDY1NDE4WjBVMTEwLwYDVQQDEyhTYW1wbGUgTEFNUFMg UlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MREwDwYDVQQLEwhMQU1QUyBXRzEN MAsGA1UEChMESUVURjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALYY Y9MQVU12LQuyJDv0DQzPYb4tEmVtfa82jxJOJsCfJD1XMWsYkeNSFFf86as4/esM IHZJh8E9XB3QJ0LrP2p8mRxXENzWEr5VL28qdwvQg9RiWQnBa4yldrUh6XP7MK5X 6CNXzdS+frBOff0wKbKa7ucU/OKFy46dsxg4J0yZRuLUObxNf0/qK0VHeGIgelIo xuSheUzXzftZoV/HnuQEigi42MoTI8i4r3AZQB6mlzlAAcmD3k88Qc0eWYzKEHMK WaCTKjNFJ5KuTGr1d4kpT3iVYZpnTNviRqsK6v96IygKTdg1Xwvey3K9wwbWpQMI BorHoVkR/uET1E3ovdsCAwEAAaN8MHowDwYDVR0TAQH/BAUwAwEB/zAXBgNVHSAE EDAOMAwGCmCGSAFlAwIBMAIwDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBSRMI58 BxcMp/EJKGU2GmccaHb0WTAfBgNVHSMEGDAWgBRropV9uhSb5C0E0Qek0YLkLmuM tTAFBgMrZXADQQAXVKenodj2S7ct9xaQhUZQhpbvFPX7G1fUNH+7hBthwYBQm1gy rSI/zpJ4I9seDTN4e2cWf2BbOhYE4WOgdoUB -----END CERTIFICATE----- 4. Alice's Sample Certificates Alice has the following information: * Name: "Alice Lovelace" * E-mail Address: "alice@smime.example" 4.1. Alice's Signature Verification End-Entity Certificate This certificate is used for verification of signatures made by Alice. Gillmor Expires 15 November 2021 [Page 10] Internet-Draft S/MIME Example Keys and Certificates May 2021 -----BEGIN CERTIFICATE----- MIIDzzCCAregAwIBAgITN0EFee11f0Kpolw69Phqzpqp1zANBgkqhkiG9w0BAQ0F ADBVMTEwLwYDVQQDEyhTYW1wbGUgTEFNUFMgUlNBIENlcnRpZmljYXRpb24gQXV0 aG9yaXR5MREwDwYDVQQLEwhMQU1QUyBXRzENMAsGA1UEChMESUVURjAgFw0xOTEx MjAwNjU0MThaGA8yMDUyMDkyNzA2NTQxOFowOzEXMBUGA1UEAxMOQWxpY2UgTG92 ZWxhY2UxETAPBgNVBAsTCExBTVBTIFdHMQ0wCwYDVQQKEwRJRVRGMIIBIjANBgkq hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtPSJ6Fg4Fj5Nmn9PkrYo0jTkfCv4TfA/ pdO/KLpZbJOAEr0sI7AjaO7B1GuMUFJeSTulamNfCwDcDkY63PQWl+DILs7GxVwX urhYdZlaV5hcUqVAckPvedDBc/3rz4D/esFfs+E7QMFtmd+K04s+A8TCNO12DRVB DpbP4JFD9hsc8prDtpGmFk7rd0q8gqnhxBW2RZAeLqzJOMayCQtws1q7ktkNBR2w ZX5ICjecF1YJFhX4jrnHwp/iELGqqaNXd3/Y0pG7QFecN7836IPPdfTMSiPR+peC rhJZwLSewbWXLJe3VMvbvQjoBMpEYlaJBUIKkO1zQ1Pq90njlsJLOwIDAQABo4Gv MIGsMAwGA1UdEwEB/wQCMAAwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMB4GA1Ud EQQXMBWBE2FsaWNlQHNtaW1lLmV4YW1wbGUwEwYDVR0lBAwwCgYIKwYBBQUHAwQw DgYDVR0PAQH/BAQDAgbAMB0GA1UdDgQWBBS79syyLR0GEhyXrilqkBDTIGZmczAf BgNVHSMEGDAWgBSRMI58BxcMp/EJKGU2GmccaHb0WTANBgkqhkiG9w0BAQ0FAAOC AQEAfJC5d/T2BRJqtvOfdUe005rRzp4oY9mNdSOIGBTWBOMLEXqtzGrJyNW6QbpA A4k2pA9wm2xj0NocJyONKKKmivMV7YUnxpRSN9uUM23g3DfeSWwoo0ZT7YKO5MWp cv9Ifq0S70T2mympzRMhe1W3uR9AbS0saLQHPEJ5sxRSDSsla3AIQ+mFzUkxK37X 0Y1B5kz1v7h7Oty4ADrV+Ye4HJlfKV+9h0ilG01/QPFcaOV69Ax9X5vxhK9/FsUt TGKH6kCtvnbDI3H5oyB87x5MnvU/HENdUeIoM+FMXtRD0qDm4JNj1XxfnYR6eTyl XjCWOO/3PQUnQvDBPuEMITvAAw== -----END CERTIFICATE----- 4.2. Alice's Signing Private Key Material This private key material is used by Alice to create signatures. Gillmor Expires 15 November 2021 [Page 11] Internet-Draft S/MIME Example Keys and Certificates May 2021 -----BEGIN PRIVATE KEY----- MIIE+gIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQC09InoWDgWPk2a f0+StijSNOR8K/hN8D+l078oullsk4ASvSwjsCNo7sHUa4xQUl5JO6VqY18LANwO Rjrc9BaX4MguzsbFXBe6uFh1mVpXmFxSpUByQ+950MFz/evPgP96wV+z4TtAwW2Z 34rTiz4DxMI07XYNFUEOls/gkUP2GxzymsO2kaYWTut3SryCqeHEFbZFkB4urMk4 xrIJC3CzWruS2Q0FHbBlfkgKN5wXVgkWFfiOucfCn+IQsaqpo1d3f9jSkbtAV5w3 vzfog8919MxKI9H6l4KuElnAtJ7BtZcsl7dUy9u9COgEykRiVokFQgqQ7XNDU+r3 SeOWwks7AgMBAAECggEAFKD2DG9A1u77q3u3p2WDH3zueTtiqgaT8u8XO+jhOI/+ HzoX9eo8DIJ/b/G3brwHyfh17JFvLH1zbgsn5bghJTz3r+JcZZ5l3srqMV8t8zjI JEHOKC3szH8gYVKWrIgBAqOt1H9Ti8J2oKk2aymqBFr3ZXpBUCTWpEz2s3FMBUUI qCEsAJqsdEch+kt43X5kvAom7LC1DHiE6RKfhMEub/LGNHSwY4dmzhaG6p95FJ1h s8HoURI2ReVpsTadaKd3KoYNc1lcffmwdZs/hFs7xmmwXKMmlonh1mzHqD1/BqeJ Hc8MP4ueDdyVgIe/uVtlQ9NcRQbuokkDyDYMYV6hzQKBgQD75ahYGFGZznRKtSE3 w/2rUqTYIWxx2PQz5G58PcsTZM89Hj4aZOoLmudHbrTQHluRNcHoXEI62rs0cVPs D7IlZOLfs+SSTeNEXxD57mjyyufpV65OcNc1mSJAmMX2jWQ8ndnOuWPcc5J6fNvT au0a7ZBOaeKHnA8XXL3GYilM9QKBgQC35xKi7f2JmGtsYY21tfRuDUm6EjhMW6b7 GWnI9IXF8TGj15s7oDEYvqSPTJdB6PAb/tZwdbj9mB4qj176x1kB/N7GO974O8UP /PdHkU7duyf5nRq1mrI+yGFHVsGD313rc+akYdKcC207e6IRMST1ZFoznC6qNgpi nNTuDz4ZbwKBgA5Dd9/dKKm77gvY69Objn6oBFuUsO5VaaaSlcsFOL2VZMLCNqQJ +NLFZ7k8xJJQVcEIOT2uE7X/csBKdoUUcnL5nnsqVZQPQwI5G937KQgugylMZLte WmFXlX/w5qzKXtWr3ox9JPFzveSfs1bqZBi1QQmfp0skhBo/jyNvpYUNAoGAMNkw GhcdQW87GY7QFXQ/ePwOmV49lgrCT/BwKPDKl8l5ZgvfL/ddEzWQgH/XraoyHT2T uEuM18+QM73hfLt26RBCHGXK1CUMMzL+fAQc7sjH1YXlkleFASg4rrpcrKqoR+KB YSiayNhAK4yrf+WN66C8VPknbA7us0L1TEbAOAECgYEAtwRiiQwk3BlqENFypyc8 0Q1pxp3U7ciHi8mni0kNcTqe57Y/2o8nY9ISnt1GffMs79YQfRXTRdEm2St6oChI 9Cv5j74LHZXkgEVFfO2Nq/uwSzTZkePk+HoPJo4WtAdokZgRAyyHl0gEae8Rl89e yBX7dutONALjRZFTrg18CuegOzA5BgorBgEEAZIIEggBMSswKQYJYIZIAWUDBAIC BBySyJ1DMNPY4x1P3pudD+bp/BQhQd1lpF5bQ28F -----END PRIVATE KEY----- This secret key was generated using provable prime generation found in [FIPS186-4] using the seed "92c89d4330d3d8e31d4fde9b9d0fe6e9fc142141dd65a45e5b436f05". This seed is the first 224 bits of the [SHA256] digest of the string "draft-lamps-sample-certs-keygen.alice.sign.seed". 4.3. Alice's Encryption End-Entity Certificate This certificate is used to encrypt messages to Alice. Gillmor Expires 15 November 2021 [Page 12] Internet-Draft S/MIME Example Keys and Certificates May 2021 -----BEGIN CERTIFICATE----- MIIDzzCCAregAwIBAgITDy0lvRE5l0rOQlSHoe49NAaKtDANBgkqhkiG9w0BAQ0F ADBVMTEwLwYDVQQDEyhTYW1wbGUgTEFNUFMgUlNBIENlcnRpZmljYXRpb24gQXV0 aG9yaXR5MREwDwYDVQQLEwhMQU1QUyBXRzENMAsGA1UEChMESUVURjAgFw0xOTEx MjAwNjU0MThaGA8yMDUyMDkyNzA2NTQxOFowOzEXMBUGA1UEAxMOQWxpY2UgTG92 ZWxhY2UxETAPBgNVBAsTCExBTVBTIFdHMQ0wCwYDVQQKEwRJRVRGMIIBIjANBgkq hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmpUp+ovBouOP6AFQJ+RpwpODxxzY60n1 lJ53pTeNSiJlWkwtw/cxQq0t4uD2vWYB8gOUH/CVt2Zp1c+auzPKJ2Zu5mY6kHm+ hVB+IthjLeI7Htg6rNeuXq50/TuTSxX5R1I1EXGt8p6hAQVeA5oZ2afHg4b97enV 8gozR0/Nkug4AkXmbk7THNc8vvjMUJanZ/VmS4TgDqXjWShplcI3lcvvBZMswt41 /0HJvmSwqpS6oQcAx3Weag0yCNj1V9V9yu/3DjcYbwW2lJf5NbMHbM1LY4X5chWf NEbkN6hQury/zxnlsukgn+fHbqvwDhJLAgFpW/jA/EB/WI+whUpqtQIDAQABo4Gv MIGsMAwGA1UdEwEB/wQCMAAwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMB4GA1Ud EQQXMBWBE2FsaWNlQHNtaW1lLmV4YW1wbGUwEwYDVR0lBAwwCgYIKwYBBQUHAwQw DgYDVR0PAQH/BAQDAgUgMB0GA1UdDgQWBBSiU0HVRDyAKRV8ASPw546vzfN3DzAf BgNVHSMEGDAWgBSRMI58BxcMp/EJKGU2GmccaHb0WTANBgkqhkiG9w0BAQ0FAAOC AQEALQ1vufCQBX+6OfmdNhnVy491UaTRaVhjDteUIu6S4PYSi/ow+E8TYGNOw6R3 Itm1XP511BF2Zfwu4FHuoQwtOodokuIdJXUVKtRRRLEemqgJUuJz9MRF4jPD0PMc fjhMTBNNI2ll0vuV0t9kUW5uonCdUKvddUcltCp6ojcpUVp6rvXUbkRdsR3KUJw3 wxk0BgvwLhEHOg1yu6DUunCdb62QTbxhXec9i6zi6szDk87zOL23qejFtvhjGJi2 RdFHV1NMYtzJdDsCpM7nc8C04+5zepj9PHU3TkwHuIUxBJ5FQA1ReLNrfx7uIYBX S3wwgDct4A/f28UPnT3+AXmUhw== -----END CERTIFICATE----- 4.4. Alice's Decryption Private Key Material This private key material is used by Alice to decrypt messages. Gillmor Expires 15 November 2021 [Page 13] Internet-Draft S/MIME Example Keys and Certificates May 2021 -----BEGIN PRIVATE KEY----- MIIE+gIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCalSn6i8Gi44/o AVAn5GnCk4PHHNjrSfWUnnelN41KImVaTC3D9zFCrS3i4Pa9ZgHyA5Qf8JW3ZmnV z5q7M8onZm7mZjqQeb6FUH4i2GMt4jse2Dqs165ernT9O5NLFflHUjURca3ynqEB BV4DmhnZp8eDhv3t6dXyCjNHT82S6DgCReZuTtMc1zy++MxQlqdn9WZLhOAOpeNZ KGmVwjeVy+8FkyzC3jX/Qcm+ZLCqlLqhBwDHdZ5qDTII2PVX1X3K7/cONxhvBbaU l/k1swdszUtjhflyFZ80RuQ3qFC6vL/PGeWy6SCf58duq/AOEksCAWlb+MD8QH9Y j7CFSmq1AgMBAAECggEADgxoWEDDRE5yEZ+s7TMw+WH2o+3XOOrryqnsLbOyv34I wAAUWK7qZyjd9rSDOAtBOgFhQNXYhWZlT+0iHslCIfqJMZ8wy1iFHBCIphoMSWs5 /D+idXrUef5Y23rClBxXH0g1UnSGXnpUH4ehV6p1lvZMh4OJKEoMC4cpyd1SzXrw +VGCc1+pXv/tTW3Rb2qoWO9JoWY+Epcssrw5N8OFIFODh4QfbLN6pVTt28aQ4pf/ 1KhLoapjFzXSYp/jrcNjYJ9qRdSAbZsKOJ2yZ0yqjLHDCDipFty+W0pkUZcJhsgu Cg1Stt7tKgSvAV/nEjN8e/vA91/AACKBCNcLzEoLgQKBgQC4eTM6BDCzlusXJBK4 SRC/WwUthJZzfOk2Gmwr0DCTRYhWQSDjBfiQNboazHObVPz45qP10fOt2iPEHeX+ VWAXTNrN69M9lEzxygA3s76lAejBR3FbLWkzLYqPB3oZwSIE7CrWHTXJipFWZv+X FG1R418fnRCUMJ4j85qem5iyqQKBgQDWhQMJu7FC02fr83qsIdLwqhiDtTpwUN3j qfp7JoEZOxbm3TgM1xPAkrQTUgfr2ZhXGtUwsuKHyifxQEycrTkBOg0gqAfG0fnv ybyXK6/guctHJQiy64lL39kPuvQkKB+YO60B/oF6zbyFvqanoKXjpspObN3i3yBU X5/EOu/LLQKBgQCUVwHWeWAgSg+pgBx9jGOnPK4hOCkznRJ7qyuo37Tv+E317lFf vYFvlYSd4CJmmiUCkZTvK3FkL7HrFo/HwSeQFQEt7aDkN8jX9bPPFv8K+UoNgkGp LA8YVFrDQSPyadfNVYvsuXhzJLZSYGjPOGHgI5JufYLDZ4UDK/T97ekQYQKBgDDM ORCxvXTyGiW2USVu3EkaqFDtnMmH27G6LNxuudc/dco2cFWbZ0bbGFN8yYiBCwJl fDGDv7wb5FIgykypqtn4lpvjHUHA6hX90gShT3TTTsZ0SjJJGgZEeV/2qyq+ZdF/ Ya+ecV26BzR1Vfuzs4jBnCuS4DaHgxcuWW2N6pZRAoGAWTovk3xdtE0TZvDerxUY l8hX+vwJGy7uZjegi4cFecSkOR4iekVxrEvEGhpNdEB2GqdLgp6Q6GPdalCG2wc4 7pojp/0inc4RtRRf3nZHaTy00bnSe/0y+t0OUbkRMtXhnViVhCcOt6BUcsHupbu2 Adub72KLk+gvASDduuatGjqgOzA5BgorBgEEAZIIEggBMSswKQYJYIZIAWUDBAIC BBwc90hJ90RfRmxCciUfX5a3f6Bpiz6Ys/Hugge/ -----END PRIVATE KEY----- This secret key was generated using provable prime generation found in [FIPS186-4] using the seed "1cf74849f7445f466c4272251f5f96b77fa0698b3e98b3f1ee8207bf". This seed is the first 224 bits of the [SHA256] digest of the string "draft-lamps-sample-certs-keygen.alice.encrypt.seed". 4.5. PKCS12 Object for Alice This PKCS12 ([RFC7292]) object contains the same information as presented in Section 4.1, Section 4.2, Section 4.3, Section 4.4, and Section 3.1. It is locked with the simple five-letter password "alice". Gillmor Expires 15 November 2021 [Page 14] Internet-Draft S/MIME Example Keys and Certificates May 2021 -----BEGIN PKCS12----- MIIYwAIBAzCCGFgGCSqGSIb3DQEHAaCCGEkEghhFMIIYQTCCBI8GCSqGSIb3DQEH BqCCBIAwggR8AgEAMIIEdQYJKoZIhvcNAQcBMBwGCiqGSIb3DQEMAQMwDgQIWQKs PyUaB9YCAhTCgIIESCsrTOUTY394FyrjkeCBSV1dw7I3o9oZN7N6Ux2KyIamsWiJ 77t7RL1/VSxSBLjVV8Sn5+/o3mFjr5NkyQbWuky33ySVy3HZUdZc2RTooyFEdRi8 x82dzEaVmab7pW4zpt9PTNtjiCMDLs8WQJbco+pKfzP5O5kztKF2TpmHPOqZea2Z 5sfr/RUNeMwdM7KqCCa38Uu0EXuY4YDmoc3grLAKfGx3C+GXn0kkonHNdo00CPwe ulnTbVqDB76u1UUSPHr3OU6Q2plIbyLdRGKTQvW7hj0YcbQilGu6j0PXZA4NfQSm KtVo7sU+udAoL3FM9GxGjpiJul4ATP+4JaqtCGjJAXyI6+xDg4HUmL8yF6IMk99R uHwAOq8kZuxhldLl7jSUBhrDs42OWsYaHtlQTZTiIFfAP1IQeMOkW7GjE0Hx0K2E zXm/peGG0ITKgphQB4FfXYRETjhD7FUvQwVy2DfjapqGsc0yDwg/UDYlz2XSK0hv 7EOuS/SL9Dpbth0DlUAmrVG+XifCT6Ev59XfZRhP72v5T0m1e3/BuX+ZhTdvIapQ Gdjz05KwekTsSc8RaCQ9BlTvpl1eVMsHTPeQOWDw4Bfb8vLd2C3uSUACvzbSBZR0 QzGs7XvSO02EsmvP/J3V4M0b/jvhczSQQUsA2SBuefIHKNwPxGa2Wdn8XW8mJgJH uQda6RpL6jBi5nusGGqEeD6OLhKIwx97QGRi5ZW3q7z9aTAWUp4/DPQk0QVdIA6u PUyKtrZhQTkzp2kkgHJdHxUz1SzdCe6PYRqZMn+eAFuFDHKu3fKWNTNlBxE+hbU1 F6NKmIJ4QtjBr2NkkFdxa66vZzA62ZR1uTVYRFs2P+STUS3RgTsk/dNIehJQRRfX XaFE4lmtFrmQZBAExWTPTFgKeJkqymCeRuOceJX5ej4nEC0ouaxNAkb07FlUrajm WA7y9k5/8J3T1w2uYVcdyVlv129HNvdlqKJzUasLdsyg5+yOWZGJZzRX5tPp/jID vAWD8/8Eo2rGElb8BxJIZEX46To7nkuODbDUcRDjswQ7UB+S+cCcI/qEjnEgyFKP ehxGaTJgxiFof2aKHuRZM207IIvoUAfincgdNBKK/KiTxg63Fb2gHspTqH0w2n7q so4D3rrH8yla1wfMxOnx47EAOwYPSiVDyEBiQmqBm8gbhwMoBueMXu7wKzctC+xG IaaQ4VLzxQfFn5Thxb3Y0yBMLDXVP5ZCye3TCX3JlgjzzkailiTDhvE8sbeKdEJk 0Ui8pGEO+zQR7npzFFK/axe0Al/4lwnyrWX9R9rxDSDr2kLDxPtfbNQLpgPXfEpO SN3kLkEWqC6jSko55f5+wP1i3b8NT5gfGjW5Kp42a0zoq/5huFdVqhrmw5lVlrc2 oSipVTtaeWXeEQJeq6uA6xiqnH0uhBJQh4IQEBmpStIpxbKD8i1F1kqIFHv7WpEh MKE8qq4wggR3BgkqhkiG9w0BBwagggRoMIIEZAIBADCCBF0GCSqGSIb3DQEHATAc BgoqhkiG9w0BDAEDMA4ECPoEFEHQGB9dAgIU5oCCBDAOrGHyN47xktt1J1VvWQZN BYIMFzLN6p2/zKotGf7EMdgSdwlxkhKTWxunfoP/gfRD6boXTAA7ukJDsHXZrfXF KjI4HI2oa/NihwqctphcLonBJXcofuHv+loP9MPLtwtzPrLxQIC2neas5QW6ygLM h4gyvWSQXU7f8ZscbiVH3g8R5dcHOzFuEdjnlkDEfvhrchYsP2o4gVoj43VVk6tk UV+6mIeDGqMB8T+CDWjzcWHabN/2ZDXSuh65fPOSfmIbxsvRtuJMU+ODsziUAK7L nnLPmnk1M5mEwJNL3W93CHZTqf6fXxyEjlyE9OIPEBvHyYHg7yQ77+D08KJJ1dVG kPC1yjwoIci2uXJpTMvu8F6Nw/MLKKUpkEqKKwj9k3u86x7wHsP+aqtCZRQxZfgw RlroNuvBl3RZnPRYsv0gYXhIJLf+TPqTxEqZvcz0GcbFdaIonPs7BmI3yQDXo53f rKkf4Fx6xcrLC7Lk4GRFkaB9oYSz30Mxvvj5KMUt4uvdKgynT0aw2uKTF9ocQMqN O1s+tMeXlFEVkPqKZey9aJLewdwGvBDMZx3Qp9CDMmPvBMIYBmEHXE1Hi8VCPiE7 sjrx0s3zI9LmJfswVcOOV/xmOyF7XM0Hn3+m8/pP1v7bIPl8od4BYN9RE67fKanv /3H18VUvaFXXwRSfIN3a5p0083XwkkgzJqFGxHppppWwZNAfXqP2n0JhfWqur6+f N/tXF3MV7r//8nkKWGfDyOJo3hn601BMZlsLBqCbYchtY3iGbnLmTcgzGNdLSnSE GWPIyWh512QA69wxguGLCQzd8Jqf+0+Bc4ZPVPZ/jfbSbR6dsYHoi6Yr7ngW720N PxXn3I1k0h3w94DIa3dp7jz5NUpmb1qeBt06ueYiZoAxgKs8hpo4KiuCYYPAikD5 3SPV4kQXBOBMWMBCVEDaf/fjAYJ0Wyl6z3gb0vIdQXuVWQTMNHyvfKJJ7bt95pKw tfadAxAQk1qTZjK47GFOHynqCD0blo3rSUWYpwKkqOYEhauBT/JUW5KvsZQwMvDf FKFDdUR5Xhgz5DaGTY4QdHAdnjIuUG0niHqSuGGgKwUQ33uBtHifaEFLFMWitujP NPO3niZEHTt/uUup3lXeDBVXl+FKYG2Z4lBXjJ/tXrJ+fhr7aMvHSBBG57YhhlDt oqoah138a49jiaY5I0l0tRxTZ+8dDwKOuWfQJoPDsOl0qXcIT8WAHEmnLsLo8TE+ /yCIAYtgrYonbKhEYTliQCSeXXKVLjiPwBnw655i3jUt4PbQpQg+v9uM5sACJs3V Gillmor Expires 15 November 2021 [Page 15] Internet-Draft S/MIME Example Keys and Certificates May 2021 A30fa9DSAx299MFicKN2c2L75CmOLhOe/9qke6END49P1898uYmPg9DQ7MwSBN6S P98bbF4CKzgYHQpo1nLKLkpv91brjlJPP6CS63A5YyIJ6yKHksO3LfWu73bHqXRn MIID/wYJKoZIhvcNAQcGoIID8DCCA+wCAQAwggPlBgkqhkiG9w0BBwEwHAYKKoZI hvcNAQwBAzAOBAidIqBxZFwvagICFCKAggO4foBE9nhZu0eKb/b/1iebuyBbEh0W QD8kz4dK8r9UmWzGuv6HEldGqyv2dmdMtKonDaF/+70EcPiH38BzFsu/CastRnR8 4Cinf+ttgOnE07OjIsszsPMA7967LOw00DABH9DkGs0v4Jo86T9NdT2OOzyytji7 Ibe716O7weJIVOdi623dV6Wx3Zy8gQn+WvIU03QcLErGGvkt3RHl3IztWRFNbZte 5iGI+eARoS2z+Dg/HtzUhSbnDUZI2TL8L5OnXZnfCq4vLDaM3s5vCWHNKTZscxZu fQ8StiE6lXX+5idtV975r7ZR5HGiafbUb9t0mYjksV4W+l0IjIubZIcK1fqK/gZD HQRNmsulxluli9Lkx5XB2fg+T/IJd5ookeuof/OU23N7F5qXgg8xVXs/eJtAmn8B b5uGD27TkA6/q7+2I9GVnpT8IAKSLss4nKMfu3IMgDvouvtEvSmzmOAXGW9NqP4x cGkruV+vm9pK7Tf0RMf3nqOdArF+Rzh+IFBhvbUBQe59xrsQesvQ0nFQCK70WYzU LILeucMGapqu1tmpUyqUTYKaKLabEX0PZFe5a46fOV9UFBRlTeOQykzV7Y3QQStm 0hi6uI3oqkho+6TZwZMuoqEEcF7+yBgU1OLYEGdxRXOPAOPTl/A3UK9Kn/MPmW5d mhCHX20UgXIOJMlqHBS0cGT0qAx60Oqr8EHar0kEHb5ASoMNUY7mLK8MvjY5IX+4 7s2GdmruNaFMf653OTgvuzlfdzTmJX79VFuh/6eoklRb5MtxngPtn33Oi2i7rDG3 JrcjFAQPavK4YuYef9J1jUEGpKFNQIARf30WM0w8KqWx2Ye1K4QlUvsb2niARTPC uLITkxqlC5VN8C385kmzS7Je9ScGbXtPF48Z5UpdWEFIl9MYHdzgkYVE4i3cg/Zl Ocggjyhu/+NmJ4AhZ6kQ/PhR1SrDHb1kaYZ39n+TKS8gRGDXFCsPPQiUub7KRou1 ptga7v5BK5bZcZpUA9DFoZDN37QBJD4k/wPfykenHgNQDzPDzBc0Ae0QmBAn1Z6O xqEz3V5n7YdP07yLlPV767MuKa6X7iwquZ9JCx5oto2TQZ4bpGZ8zakPpMr0ifCh fiUn4A6d6S5Kvab5WrcTVFThq2wYiXgJCI8ZBItrLR48b7hd8wP3pLxz+dCDeGq7 l21HgQ/9xXvRKm16XBp/AIMH6zXhzneyhlYfwbiyXPRwgYJLzvvA5Wus1GPK+Idh a77RkO7XOKsiDUWaFbVpiI0cFTCCBZQGCSqGSIb3DQEHAaCCBYUEggWBMIIFfTCC BXkGCyqGSIb3DQEMCgECoIIFJjCCBSIwHAYKKoZIhvcNAQwBAzAOBAh6FxEuZVQC kwICFA4EggUAdvl1dkrMJ5FSjZlKPSjK4VLfNDkeErJ9qmzIKptgIq/+VLM1ha+5 1rvF9r644zv/AIH2xZ3PQxOloEwdbH2G+Jtkhjrmgz6vLi1O4oqo4mXfs6yeMHR1 I1MqzOwjd9o9SOyXGogfdoLWyEPs6qEhEZnNGMrjg8nJa/rbqhCuBW1NhH01hN15 75JsFluQS38SlaKnB+1ZcZHq1JglCf31471WKHwfJC/AimJ1SHekIU6WjDhVnICo hY4dzD1MCMFc2/6p90ft+Jf3Azn8a+dBF4iyqNcJShzqlJAgCoP9/4j93UXZmaoz srBfQsZERH05ZkbIXvfik30Yts161abqsrGaVIj/mbr7YnHF9qefXo/68FISBYn8 jwackB3MhsFPJ+OiDgaLb6Was/Mrv4Lv2e0z2d+yvjFXPL8GSfBkhomSx3hW84aR L2d8zqyG0EkH25H4Yl+2G2y8hVQc3STPav+VXMxJFs6D3JHneG/Uf+dcKZSNbP8G +huahpUFwKaY6edhlMcw1qshVh0tAWJ/lksftZX9dURUihGe01GIqwr3pUAebldu hZAYKovSF6Ehfc2KXLWB6cabVoWVJA0y8sOSjUgsNMqsg28+aMb9YWgue2kkU+1h myihPWONcvDdVNKh22ApA109g4SJ1ImrAhLzt/OsIHZabDKzSIZ92y42FJqo2prR 0w7oWJbZ+S7Hsf7DtJfX+f1h5lQ0s5x7AtwLsTwgDUhquOCVkTUvphvaV1fFX2rc 887Aq4adqHRMqcPqYufkEgY4ZPMXVWyldGsmEWtwt77GwlHWvqeIjdtwxZdfLuBu bVf8JET3TYjKfETWgNH7FnquM9YMk/uRV/ga8Dy2sIaui3ilslubCUF4wjKVJx1C gcSfKqt6c6dEyZdlorOXeeO2rtaTvyqgmrRrpWH+x17Qpw48WTJNl0wGVPO2bQrZ UlTeNRXM+UzRZjZ/IYOgDz2iX78yI2yCJoSCEbJtcFiKk57H6nuPUYhE38Iqalay qNmcHvyTJeZnoATW8Lqd4P/vMA0icOTNeK6fqJzvYugFfckaIJK4zqEg8nQBwPCX NMO7QfasJA3D62K8na/gpuB4qhzpt5Bvl9keztWxYeKQhynCoHmeDC3fjAeAUbSd NLiVma/NInsUxFUaawNiQNOlnOA05rGJQFAxwS/E0h7ecCYD528HvDpdFBVJSwv6 8EWEeJYZnuGTmwJ4cSV7BcrRLIkAOB8WVircR8SBnXeHjC2hJ9sFW3NtvKDYs16B QIt8gmRzt+ZPtfslLFuM6Cd0wcR4x1Vv40XFuCxditgPysLYDyXlxDNmuzFvVu+D JsQnP41T/nZSAas+Z2Mkq4YEr9XbOivqo+8rIh3UZvhBC4ijIKXCFn6qT2cTgR+3 zjLshKAzLAf6XDzsetIcp+mrNCELGWsu7nchgr/g+ETsFgL1Di28ixldIZn6eO7i Gillmor Expires 15 November 2021 [Page 16] Internet-Draft S/MIME Example Keys and Certificates May 2021 3LMRFKVo17meNR4gQ2vgH/6RdQvBUNy8wUepQUkyQVqLwVSBruDKKln7rnhyUaAm Oc0E7W9rwlx2109FFbiDB2tWfy7wnvwoHO3oKGSukpFXxV5YoGT2WFxPRk2kmc2q EOuR/McGo/RSjXfcjs/sL6H2w0MjXndbog4ih3JATQC/VbEejjL/V3VV4YNoHuE5 IOr1kymb2fUSfsXr/X+zghRkeNr+pGsr2EPgzRerQuEVe5TO6Kmjj04xQDAZBgkq hkiG9w0BCRQxDB4KAGEAbABpAGMAZTAjBgkqhkiG9w0BCRUxFgQUolNB1UQ8gCkV fAEj8OeOr83zdw8wggWUBgkqhkiG9w0BBwGgggWFBIIFgTCCBX0wggV5BgsqhkiG 9w0BDAoBAqCCBSYwggUiMBwGCiqGSIb3DQEMAQMwDgQIqrgO3KJrI7ICAhSlBIIF AApC2Q85LiwsTo6zuc/hFolYG7JeXbtX+jpO6wFEGBCg/M/5oL4733CCKwQp53IH jtsDNw7ixtrirxSQRECxgdwSF0PaEZEIvui72NO2uvhGBmlrlX0IlwE7S3hurLaV R586mbqej5FfzjS7IzirlD5x8fWtNDVr9r6AuCVum2gSQf/h19HcQtiJdwzlSsFh Mk4dzIwTxz5Ndul/uSKmVO2WyuVnJTnOtZzGeCsHHAUD47zlb+5VHdBlJb4QbH9U JjAau5mU3K0G8FiOxiycL7IphduovzUOA54/L56HpVfrhLAEtdxZxj40rYRmuHOt QWOX49cUpjchVU8mFMT2juAkDSHO8Bqc6W5ZejMPf9Y9BpeHIgkPAzYyPOeMvYwH J2nL0rwKKjtdpXo9fwOzMhmR8jgMDPl/sbtZvBSrciM889aJS/4mxH52erNYMnbZ Jdz4B1A/awqoy8/yA6kc6xWVdcTvpzmtRxkJkP6Aa/Vq87ti21apsOouPqhAQgnw tfRC/B3RgSF60TRsnm6/aeOFAOEuQf8khuYVKAll4zx20odvx/nBlzYH6dcYH5MV ugbNK4/uBpa7W8qwk2pP8n8VgSpxqYjYX613vPWwZ9tH1yQBzFd5va49VsInVrnS BGXP2pWbkdvl/ndftqhBCncXcsMZCYn4YVD+hdfBpuqfhO8070oOHGkZwwxT1Ge6 BR81T0YF5zS9+vOZUpl2Ynfoc6Yycu+BFqRGEJXeQYAFdjzeHBS/XsTWoBIspwBY hpyGQIIakEbIa0/Yg5lOfs+wslHUHMqd49rsyAVyCgJOgil1CcJO0CxqWYGbWzjz Qs3cYHmiN4ZtC81/1MC+IDS2DlW5Pj87jxXq5hImwhmxrCbe0YD8uPHJ9XVot11B Pll/llf0Ff4r88HihgAXG1Skwr9ovkbUy+mlQn0KOoC2egoT4SR1CbJnVWgM72KH jjO5HHpdXgARhp80HzKCNEcay89bT8zQSzTDXrDMkdO5//Xl8P+cfteHkzOEIXQK 28ufy/5LU+iLb/jQ7qlLZvKNQVFt4KnMSlHF2/3QsJv0At3LTIb27jVbfIico0Wd pYG6V848UJ5lP3YzUGDAkDxlzJ22KK6dE0AfmJYtI+WhSk4PW/oSf6tq34+jJFcj LZ8scEvblrAuEAGhk+BGwKIuyI2KiF/KeCSytAp5GA6VoExP3YnyvUTixQqKtCVw 52JYETq+YFJfPI3+3C9+A80heBHSvDpztWGFL6E1Ouy22D/Fx+8n9t+0Nsqb5Fkv 7JCg6SQB/1Hm2LPIx0wGVoyul+sHG820yLKRtnzxJigDvROvBpvZodCW5WGzw6Nc YEQ6qZK51xJ1XUSEGmj0cGwNlmLQjA6nn8H18Id2dOEJOJSbzR5DqZfb8MH0uU2H uAc7IsvdrNObXYPRmlk1pfLEvN2JGIB3ClZmaZ6A44bvTKLQPl4jGHpxudu5TpiB 2n6kUVVgd8C9zkLOmd7Y4+FdfaTQ6RvBrCv0B+sWMh8ASYEXHkYEav+VKJRBKRtQ L+zbT1iBo6BZNi3cpc/OtOEkkZmeddlFMZ8iLq+nxGyc9ffn4PF78uneBcN0gl5Y bpdUDy3d+ylyhOo+Sb9cY0yY5nzUpf9F5V0/50L3eyi/YO4NltgY+YeUPjts46ID rwYPrgMS421DwyFaTxVFHUWpy7AHRPRtz5IgoQg2S9iYMUAwGQYJKoZIhvcNAQkU MQweCgBhAGwAaQBjAGUwIwYJKoZIhvcNAQkVMRYEFLv2zLItHQYSHJeuKWqQENMg ZmZzMF8wTzALBglghkgBZQMEAgMEQDlL+RWzXUXKOK3W0+XKpnhzbSgygDPAhmlC fzBpa2Ou3onz/fc+TPyyoXdaGpz+wocWA3g5jBWg3x8Q5ON23EMECPU5AIa9olDB AgIoAA== -----END PKCS12----- 5. Bob's Sample Bob has the following information: * Name: "Bob Babbage" * E-mail Address: "bob@smime.example" Gillmor Expires 15 November 2021 [Page 17] Internet-Draft S/MIME Example Keys and Certificates May 2021 5.1. Bob's Signature Verification End-Entity Certificate This certificate is used for verification of signatures made by Bob. -----BEGIN CERTIFICATE----- MIIDyjCCArKgAwIBAgITaqOkD33fBy/kGaVsmPv8LghbwzANBgkqhkiG9w0BAQ0F ADBVMTEwLwYDVQQDEyhTYW1wbGUgTEFNUFMgUlNBIENlcnRpZmljYXRpb24gQXV0 aG9yaXR5MREwDwYDVQQLEwhMQU1QUyBXRzENMAsGA1UEChMESUVURjAgFw0xOTEx MjAwNjU0MThaGA8yMDUyMDkyNzA2NTQxOFowODEUMBIGA1UEAxMLQm9iIEJhYmJh Z2UxETAPBgNVBAsTCExBTVBTIFdHMQ0wCwYDVQQKEwRJRVRGMIIBIjANBgkqhkiG 9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5nAF0glRof9NjBKke6g+7RLrOgRfwQjcH+2z m0Af67FJRNrEwTuOutlWamUA3p9+wb7XqizVHOQhVesjwgp8PJpo8Adm8ar84d2t tey1OVdxaCJuNe7SJjfrwShB6NvAm7S8CDG3+EapkO9fzn2pWwaREQ6twWtHi1QT 51PduRtiQ1oqsuJk8LBDgUMZlKUsaXfF8GKzJlGuaLRl5/3Kfr9+b6VkCDuxTZYL Zxt6+a3/QkaC3I9m2ygPubtHFJB5P5+s8boROSKm1OB1gsLow8eF9S7OtcGGeooZ JiJUQCR14NaU5bIyfKEZV2YStXwdztoEJJ2fRURIK+8YnwlB3QIDAQABo4GtMIGq MAwGA1UdEwEB/wQCMAAwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMBwGA1UdEQQV MBOBEWJvYkBzbWltZS5leGFtcGxlMBMGA1UdJQQMMAoGCCsGAQUFBwMEMA4GA1Ud DwEB/wQEAwIGwDAdBgNVHQ4EFgQUF8WEe9Cn73aQOLizbwi8krWeK5QwHwYDVR0j BBgwFoAUkTCOfAcXDKfxCShlNhpnHGh29FkwDQYJKoZIhvcNAQENBQADggEBAAuI HBlSzjFLhh85KHCq/fBLkaaR8Qbc9gnpj2WqMgwWQfIBqWAFBet3qduR6i0fV5At Ekc7GS67T7k3WOt2WxkvB+9sy5kmk7TZ+BtBfO93Bm1zrgRiiVxuU5Fc9EJp5BJh Cgu3et97Zt8cbuHeUfoE1pp/0ERUlP+e1M4f2W9NpmPZG1bXSViMIIhcZ8DwM7CP s47VHveVD6y6T9tA4gSnzGMZ3O0PpuBclNjqcllmUeYup5vWtCXQZDLMGI/2aTPr 5kwic53yJvma7phSLb0tXCYLkP2PZUKGTKSOTBi2fv2S68TFtcV+/E9oqdYYFkSF sQuJdp+NGywuXUbKXBY= -----END CERTIFICATE----- 5.2. Bob's Signing Private Key Material This private key material is used by Bob to create signatures. Gillmor Expires 15 November 2021 [Page 18] Internet-Draft S/MIME Example Keys and Certificates May 2021 -----BEGIN PRIVATE KEY----- MIIE+wIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDmcAXSCVGh/02M EqR7qD7tEus6BF/BCNwf7bObQB/rsUlE2sTBO4662VZqZQDen37BvteqLNUc5CFV 6yPCCnw8mmjwB2bxqvzh3a217LU5V3FoIm417tImN+vBKEHo28CbtLwIMbf4RqmQ 71/OfalbBpERDq3Ba0eLVBPnU925G2JDWiqy4mTwsEOBQxmUpSxpd8XwYrMmUa5o tGXn/cp+v35vpWQIO7FNlgtnG3r5rf9CRoLcj2bbKA+5u0cUkHk/n6zxuhE5IqbU 4HWCwujDx4X1Ls61wYZ6ihkmIlRAJHXg1pTlsjJ8oRlXZhK1fB3O2gQknZ9FREgr 7xifCUHdAgMBAAECggEABcQg1fTtieZ+O/aNdU149NK0qx97GLTBjIguQEDDBVFK 2lu4PhBg9AdgAUqLH1PE+eq65JaGZwvFH8X1Ms2AKiRzYsPOQIoJ4n1hc69uiEN9 Ykcv4QHOvvqtCtWYjJyb5By9WPeLH6QynJ6FlBoSqxhURSWyYfTuwqt1OHEhsUuH d3N5BmbFiRBNj4aIA9zz+i5xL0m33kMKai/Ajj3sI0AJsZ5ZVAhYbC8sCt1Xevb6 i41p9S6GSwGC19by+1y9WC1QGtb5GDotvChMvmZS/O3NeDc6xC/LZoQcHNVgiZd7 f1g6iEkJlCYK+D7xsd7Y630w75Haj0vnlhiJObSA+wKBgQDxv8jp2D6IVRGgYfaC nUU3Mg70wagX1fgPHO9Sk6e9c8CgORh2uwWjpTawu88xBGFyZ+xnWqr7GCNsltas 3m94ri4A4R94+5uL8+oOLC26gMDfzATd1Q3k/h919YLk89tonQEUbCFZJdphThEb vg2W+nNsEVcQGuClzhX0AyGMswKBgQD0BYk3sdGQbBA/hYD1EYsZfYebUiYv2lTt VGRgTohKFclRAWOtGP9YRbKyEVkBLhjgkXzS9xGqKywP71z9Iny+zDGbzk8ElB/g lS7GFGX50TG0ISfaFWTYdxt4mN9pduZE2blT/26uyU8DXCEBhF/OqhwQjJqKTYTT Rl3Ara5fLwKBgQDQyVtjIyD2q8naY2D8c4mo3vHtzyc21tQzcUD8Z4vSYps1hbos KN/48qJmRv3tjqP+o+SXasYKsFE/4pIroLxTVNNkbQm6ektfttwpO1yPG834OwLk 97HVWOig/tX6mOWg1yBsm+q9TKTrrvm1pRGlmE6BQgSYYy4r5O4u3VlnYwKBgQCl B4FvWyDhTVQHwaAfHUg3av/k+T++KSg6gVKJF1Nw1x8ZW5kvnbJC3pAlgTnyZFyK s5n5iwI1VZEtDbKTt1kqKCp8tqAV9p9AYWQKrgzxUJsOuUWcZc+X3aWEf87IIpNE iQKfXiZaquZ23T2tKvsoZz8nqg9x7U8hG3uYLV26HQKBgCOJ/C21yW25NwZ5FUdh PsQmVH7+YydJaLzHS/c7PrOgQFRMdejvAku/eYJbKbUv7qsJFIG4i/IG0CfVmu/B ax5fbfYZtoB/0zxWaLkIEStVWaKrSKRdTrNzTAOreeJKsY4RNp6rvmpgojbmIGA1 Tg8Mup0xQ8F4d28rtUeynHxzoDswOQYKKwYBBAGSCBIIATErMCkGCWCGSAFlAwQC AgQc9K+qy7VHPzYOBqwy4AGI/kFzrhXJm88EOouPbg== -----END PRIVATE KEY----- This secret key was generated using provable prime generation found in [FIPS186-4] using the seed "f4afaacbb5473f360e06ac32e00188fe4173ae15c99bcf043a8b8f6e". This seed is the first 224 bits of the [SHA256] digest of the string "draft-lamps-sample-certs-keygen.bob.sign.seed". 5.3. Bob's Encryption End-Entity Certificate This certificate is used to encrypt messages to Bob. Gillmor Expires 15 November 2021 [Page 19] Internet-Draft S/MIME Example Keys and Certificates May 2021 -----BEGIN CERTIFICATE----- MIIDyjCCArKgAwIBAgITMHxHQA+GJjocYtLrgy+WwNeGlDANBgkqhkiG9w0BAQ0F ADBVMTEwLwYDVQQDEyhTYW1wbGUgTEFNUFMgUlNBIENlcnRpZmljYXRpb24gQXV0 aG9yaXR5MREwDwYDVQQLEwhMQU1QUyBXRzENMAsGA1UEChMESUVURjAgFw0xOTEx MjAwNjU0MThaGA8yMDUyMDkyNzA2NTQxOFowODEUMBIGA1UEAxMLQm9iIEJhYmJh Z2UxETAPBgNVBAsTCExBTVBTIFdHMQ0wCwYDVQQKEwRJRVRGMIIBIjANBgkqhkiG 9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqtHAlBNMiBIk8iJqwHk/yDoFWwj8P9Z1uYdq 1aqIuofvjoAyjdA8TbsBRGdmvaIOSQOepsNjW1ko7lE8HlDs9JHn1E+tzH3mKfn+ G2erY+alkMJTXPvMAUdCA8+e1OJ7k91gYXDpzIWrP3Kc0xTlsJ8tGJ6mhydJX3wP 0/HuyHpfKQQfDusPH8S5yidPciWuB7Wj0X4xY1pUAz2rSSAlnGvhEzKFbW43BPjY XPUnRWMtXFya1djq6Eb9M/klbhdZheDLLsjLUSXYU70r9VXGM/qcjd/NhWYphCeB cqswaM5mXLYdm0mFmqoecF62mUE0DiNdhwKTtnefd0cll+D3FQIDAQABo4GtMIGq MAwGA1UdEwEB/wQCMAAwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMBwGA1UdEQQV MBOBEWJvYkBzbWltZS5leGFtcGxlMBMGA1UdJQQMMAoGCCsGAQUFBwMEMA4GA1Ud DwEB/wQEAwIFIDAdBgNVHQ4EFgQUSrOsMVMCSZxN42554CVhlT6IYiUwHwYDVR0j BBgwFoAUkTCOfAcXDKfxCShlNhpnHGh29FkwDQYJKoZIhvcNAQENBQADggEBAGZa Xm87evc/aRDWHNaO0pw12MtMnLJKmlaRna4O9oVEl2vWHYBLzHq/JBmP9mg20XK6 VPdx/DXNJUXaT/ipPPZxcaK45G6SfLv3O+LicylqVEFwr974kCEUHSRimAOHf36K 0YY0aBMPuxqrIONVBejYvP+JrCJ5jvv8y/HFkKXJKNT3QFK/kdNiojFMgE2K7JFb /GATsodsBlks+ZreTXldn9kurQT5w6SvPBYyV12+/uW57wHuAIMGmaPxo7YgLTAL kgBaLuyXlJ6t4h68syk0gBoynd7j6XWX5N7M8rvn0bcBOByLc9t83vlz4vhhM+Zs rC90rHyWKmwwzOYKXww= -----END CERTIFICATE----- 5.4. Bob's Decryption Private Key Material This private key material is used by Bob to decrypt messages. Gillmor Expires 15 November 2021 [Page 20] Internet-Draft S/MIME Example Keys and Certificates May 2021 -----BEGIN PRIVATE KEY----- MIIE/AIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQCq0cCUE0yIEiTy ImrAeT/IOgVbCPw/1nW5h2rVqoi6h++OgDKN0DxNuwFEZ2a9og5JA56mw2NbWSju UTweUOz0kefUT63MfeYp+f4bZ6tj5qWQwlNc+8wBR0IDz57U4nuT3WBhcOnMhas/ cpzTFOWwny0YnqaHJ0lffA/T8e7Iel8pBB8O6w8fxLnKJ09yJa4HtaPRfjFjWlQD PatJICWca+ETMoVtbjcE+Nhc9SdFYy1cXJrV2OroRv0z+SVuF1mF4MsuyMtRJdhT vSv1VcYz+pyN382FZimEJ4FyqzBozmZcth2bSYWaqh5wXraZQTQOI12HApO2d593 RyWX4PcVAgMBAAECggEAEvPt6aAQjEJzHfiKnqt1U7p4UKb5Ef4yFrE7PdTLkeK2 RjncIhb6MeevVs8gO6co7Zn8tuUT95U3cOXLhVOWTvaHYeurTXaknICz3IeOoSl8 skiVZko70uJ8pR6asWUlr/zOjlEwZ7RnEUWet97oM0YeA07LDFDkF7eUq//6bfzT ewr/QfDDsv+erwJBh+9CRHOJyTuDH1WeGxYV8VK3M6VhdTjFxXxFhrQ4pBe5J/UA 17Bd2GM8Urg6VYzVo6x4ajnc1H/ezYLdc459poTffv6Fg2trqFVAj2IrQlAeqjda lemsa6Np801mUGknq3fjKS13RYGBv/48rCHOT8eRgQKBgQDM5TuS4ANQjOYoOgtF xoVjbVlndOo+SmdFkZihzQHxcbLY9HXe5HlbLf1IMXz/nERxl+SmYuuJk0EdiM9r HOCcHRLfBmC7t0GdVvLDHSAX8Ec47LbtKZqyM1U9dn7Z+5q4iywqpaP8pP3+oY57 cgtQax1jle3xhRAj65cl1RBmQQKBgQDVbLqK6wKDfSdZuMZGUtOY0rtamBDCgEU6 rEqBAyCPy5NpF1pomUFcYKWT/wbReFqtuyq2OyiATB0yHHMko46BUtN7qX/m/skt DHWXVWs1+G4IgEMVokM9jjrkgdY5grrJ68sagKC+bgv35BizHPIqgQuO6qnPSrM9 bevwbQEj1QKBgQCiPE/zeBSnzyjeaTdLxGkR1R+ZX2WqdNdYqnQkiWMkflaSmt5J 4raEj+GhLC5BZsZ6+z480M6XXFWOwSkbMv5WHl824KHvgKcfoh0OiR1EVyjN1gDx wKOQvjycMhs3FpXn0arjCczS2wGSgPGEpUR4JJhcpfaF6kphZsWDWzVlAQKBgQC2 ivbKltNhj4w2q1m7EGC3F5bzl5jOI1QTKQXYbspM8zwz6KuFR3+l+Wvlt30ncJ9u dOXFU7gCdBeMotTBA7uBVUxZOtKQyl9bTorNU1wNn1zNnJbETDLi1WH9zCdkrTIC PtFK67WQ6yMFdWzC1gEy5YjzRjbTe/rukbP5weH1uQKBgQC+WfachEmQ3NcxSjbR kUxCcida8REewWh4AldU8U0gFcFxF6YwQI8I7ujtnCK2RKTECG9HCyaDXgMwfArV zf17a9xDJL2LQKrJ9ATeSo34o9zIkpbJL0NCHHocOqYdHU+VO2ZE4Gu8DKk3siVH XAaJ/RJSEqAIMOgwfGuHOhhto6A7MDkGCisGAQQBkggSCAExKzApBglghkgBZQME AgIEHJjImYZSlYkp6InjQZ87/Q7f4KyhXaMGDe34oeg= -----END PRIVATE KEY----- This secret key was generated using provable prime generation found in [FIPS186-4] using the seed "98c8998652958929e889e3419f3bfd0edfe0aca15da3060dedf8a1e8". This seed is the first 224 bits of the [SHA256] digest of the string "draft-lamps-sample-certs-keygen.bob.encrypt.seed". 5.5. PKCS12 Object for Bob This PKCS12 ([RFC7292]) object contains the same information as presented in Section 5.1, Section 5.2, Section 5.3, Section 5.4, and Section 3.1. It is locked with the simple three-letter password "bob". Gillmor Expires 15 November 2021 [Page 21] Internet-Draft S/MIME Example Keys and Certificates May 2021 -----BEGIN PKCS12----- MIIYsAIBAzCCGEgGCSqGSIb3DQEHAaCCGDkEghg1MIIYMTCCBIcGCSqGSIb3DQEH BqCCBHgwggR0AgEAMIIEbQYJKoZIhvcNAQcBMBwGCiqGSIb3DQEMAQMwDgQIe/d6 qDQ/28QCAhQGgIIEQJKA5kzRVm9d6rEwC/0RyBSgpPuSROUQTjspt6EhBZlgHc3u FTCPaO5P/vpeWaCnBRarGFn3DmqA3JT+59bmRpGdiP3Zrlk2EbHi0yrd2P3UFDnX qRkkI+7pf6eOHWJRniS1APVXnfNqNyqgdbaTq+jPJF8C2oQVWhddDKphCLtw2WFD 87Exe6LcdcON0T3jIR+GA4hESmgBJrYRqcYmUH1ycbiJLaN2mzB5XYZay7yzB7id sFUvVg1rsxHtadFsKVsu3socdJzkE1sq4dFbuwtOe7VwWeWN8Q0O5vJY9cnao94j X5ylNcl1DkrD9vuyXxDlvXciqVwLj54SO+MplCak0motOeMDv+W/h8fWRFm9HFVy dXiIS3iIzUMjjQR238260aRZph+KM+KDIRtBtDJ6sMqYqoyulviw1uk1lMlUOEzf NZosWGrOsSEd0KQnIDMIz0P3j0E4WzLDih43LVedYIQCtZ3qiDX/qzBZenHr43Pj f1DzUqrB9ODH+FhA7i1yfLfckMPn8i0Q/DnCJvgNDhOEqDdGeccuF+HbTHENKv/Q 5XmulWIb8IwLXFMgvLFej31M5Evtgq4tct7Kz/W4ABCMbyUs2KUhjILGwNm0eqUW xJXhlWVtAevnNHCMHUHeCTdPgdLWmlKCIezyvsx5u+pM4D74hZXMu6mtRT2WoijH enxuadehCL2McCYkLeapyhPJw8oxNQcbqZi29nBVyW6cOdokaLkg/CH/aCdLkV6L zMRHuKtbgXYZiAdM9A+GYJ/bOC3NARnG8GWLeccGhUJsYdAouqNfQgXp9yd9VOsE muiJDcunL0qS8a+np0roTdo16aDwCFcHvy9N+bmlgOF6qtA2xAips2tzXFi+cS3W T/pKtwjcB0s/MeMtvFBXzdArN6GWGx/IPHIrOYTJH/H6qAX12s1otCsEqi0mua44 JmnlJXUzMuO7X7yS/CF15VkkUMPJbCRfor7pjXfQuOIYPSo9pMhHndBPnBLq9AzB X3l2TNM4SIklZOzaSDzqj5bvDACn/O6Yhr+w2NATB0TV4p1vGI3aHHNuZPV3BPsU SmDHe+8fuFX2ipzo5tjoh86lNdIi0q/ouWup/k/1ySOUrcJVHP+i9nPtNOwgPIiv z41RohJx5dnGnYIvcjEdsTfVOfe+SOS8cGZqGvO3nRWnUVwcIC9RTt3/6S5UXPbJ ATLk8SR6ALFI+J/SlNBbVxiYNm+xEoRIqkGormxFjay3h3+G7KGpQ7uN1L4k/AT5 0J7AkYoU4rziF8Ze00UGuzMB47y0ZaIM7U/xfUNAALH8ucmLYQI9TcJUCXPOSD63 q41tXO/LyGeJgy8QC3vWOqbCBRLHscGvAJz/NDBh4+z2r9XMT+1UXmWcJ02LQg9O qZYBAxKOOsNpdwxSul5V2JRDRVtj0ps6Ac2SsXznnJFMRRMaXtnNH7JXqXB7MIIE bwYJKoZIhvcNAQcGoIIEYDCCBFwCAQAwggRVBgkqhkiG9w0BBwEwHAYKKoZIhvcN AQwBAzAOBAjiGuDSkfG4UwICFLWAggQogyL08hPtUl52dkO+BVimcGXW3FmDrT0D gU3Drd0P76KzYzd2lLuGb9dx84wx0XnFIXeBM4F3QSDbCK4tOuJ6JRaEeUoCAyZd XyHtLjVeuozt2xHBDUgQVEO1dZHtk1VUbRX0LGmGnaBj/d9AQs55CH+IveZc10hC gDVi767NiMeje4PvFQy2l4GBgkM18d3zS55SmhM7EkTpbkxWD33pZZKzM56RoRXD LB9oL44NzghfRwz4m4dqS3M2+u6gr21yC7vztnLZChU6F8+huVa1FZy7vs5BPIKV 7jzoo8GKXicKiu0IFolgBbVJ3qDrT5HQ996EPdVFex86GTOpXo0FtK3D3I1yA3gi ihrW8QOzf9ASjDsnjzSJgg2WyvQcBYPXsWb8uI9ryL2xJpdwMuuYR7Fnq9e8HyHd Gyp0CkXW52oPPjuUIOwuJH2Amucwba9Y25OgVdT3ScVMCMkVAcwNA2fA7cRR5z1O V4fq/Kgy/dxfE/6s2XMhK4Ff2lLZv8W+3yVqczJEI2VNrLpbS/nTJzNQ0LNIuA87 zyTRTRp3NixJVEOrMm5A1TI0MHOg8SHO061iLOMxSN3AoniUFWOCkSbujLRf82ju iXENwYgIHx2nz6MHiSgR0DDytDN+vhy0NZ9cJuvWnr9S6hqBEH6AsDJ/5mBs40ek 4lZYErGQtscjhHypRB7y9BJfKnKBHDkkpqja273rv+2lZEnXOWApTKXNJ8ixWuBT 19dKx+ui5DsA5a5Dqi5uXtxpBHZhdRUsivKfvJN3/f8GxhTINgsq6fUgQXrs/aL7 ZznlKBMOFA0eaY5LYlkdOdOVsHskKcn+yevBvm3XPjPXyzvwSPjBIhMM2Sf1UQOr HnOey0IMNK4yz3faol8juOtPEEMdDCMRpgw4xqFTY+HOU5FUyOUb9hJaBUCU2O5K 8jcOcPm7PRWGmCKxvNFFI9O+SvTQ2P0TN4845C/pFbefambcODf2q5WG730QMXC3 ArXHk3NrBs43djkHk8A+21uTlVfoNLBbuASzxdek/m8YQU4li4+5/nsQFB2tBy/y b1q3yiaxxCQ8zPWCdcQJir56qpIj5jYzD4IZDITPlF1G9Vt/2ykmEUerRhxD/uar MHnxQRySYCK5/EBeil4MWl5T/PlZ9EWjgRGdwwk/XY0DPSuaAwgixbApuillyxHq dPWViQbhs4Z1dNbhhiW30brcQeJ8UJy0h16yaBXHGoLaeZW2C+6BJMu1Lwgvgfjs zjd68X4hWvxwEhtLPRw9YYVqBf90wmI2N/bOc77YWuRGmyWSYtB6kHBBEWD7jzIy Gillmor Expires 15 November 2021 [Page 22] Internet-Draft S/MIME Example Keys and Certificates May 2021 DUyF6xTYl+LGT/Hii/wYypsYyF/weCSnYVGFipKDrEl8wwHldK5yfgsiwqrQcyAG R3Gsm/fJbIBFgqCkBSz2OKZofvkT52ZJo+o2LdvA3wkwggP/BgkqhkiG9w0BBwag ggPwMIID7AIBADCCA+UGCSqGSIb3DQEHATAcBgoqhkiG9w0BDAEDMA4ECEyHXPVs ncxTAgIUQ4CCA7j7eVyD9inewNbLNe/S00qi9VdBtXZrqiNNg3yxJ7Vuitpy7G/T uCBfqZ2D9A1YHVvL+8ECumxTKMnC21vxPlMVGRhHAi0O/XYIW/bzBT76Cf5AFXFx sjXgd5n0QQLf3uyMbCUNYB9GLN1sqZ4os+VeG5/icL4CDEpeVdKggR2UywvpQV4q CcTnABwekbTvBWbwpwme7miK2o+fNKIaxmMnVimqQLw8fB66WBqIJSaTcZhnnPuQ 9S4BMq0dSPrk4XRHuBkgYoo5sOvImGzgPQkIkjOpxsOliKpbn/3K4TQwPGh1dSgC OizzfMGj9Xf5dG2GxCH3/qdmVw0hszIo+KOG/ULmHwAjI4jY6/najq26bzblYRki k+cPy29AWHfYVFEuu5Q+sVwE1gwAyC4N3sK2k8ImesVldAAxu6q3RJ8m++CGlTW6 Df337ADOj6u01Ox5zEKlZ5vDudajdcktuqgRkIgB2vabF4M4B++nnHfQs0bJ5T9y uZwtWabXSMdaparAutRYPrhHz9EiyKmwDAMV++OL1NqMyloDeXb+1h2Z/DqdpDTJ 8zB2OIMoA6tEbhosiF8FKxzB0uBDWWGPbABKlilM+7ZRHGkw7fp14hKIluywaehh hmmC7uznApUqT1ZvQuH5eGKnLZxn/BpVh+NnV5q9tGrFJ4KAgbu1AP6om2CsloDg pc7DJ4cyyx3AckJvVaOVx4KGl+iN7DxzgRG8MzgR+w2bRzHTd7QuopWRRn3oWqzX I/6YrPNjW+bvVchMfeddo5hLD58JvNaK//QtfHQb1DrXCXA7Fs/wG6Ta9gOrbklj GbB8ClspBraxYp3MiUPIDkzw3YYmTf/P9zGhw/nwucR6sguC165NWkMYcOASjcyd +7A/Ni+O7DZ4T0wF1SPH9Arbls4SNCKGPKAQhBWhZDN1nldrWboJEy/sMHAg7pyM rhI7BF2c4DicIVcYUZ+dK36vRJ7a0V0zlAnKFAAyClw9k7mRml61z5RthyK55Nkv uXH5UCJZMgv7SAU3+ExQ75pmV8mM9XKrkHorkrXmGcDYvt7oRry9UcWHc8h8srVM CZQKoCSv8C2L/E8/7pjXl1sn6YL+kQ2ACkV8Jw7UXHWyEf0XWf/R7CV4+jeJVizQ cGLsX29O0lGeJjDyHMJA1JUFyc0Uc0F9lRsTPGgrrTTo74zMoLzstSDIGw5k2d1n Mka0MWXO4B8JDDVDdAckUwz29cuzLg7m2AbU3dPqnVdO4ALEgjokzVETnTH2/odf s/ymMIIFmAYJKoZIhvcNAQcBoIIFiQSCBYUwggWBMIIFfQYLKoZIhvcNAQwKAQKg ggUuMIIFKjAcBgoqhkiG9w0BDAEDMA4ECI7/QgJtNtktAgIU7ASCBQgXBP8kjxSM lA99hMWickSjzMRulhZcpuirDr/NmwwaYCdQ+BA1APHK4tWmuzmNRzjfuRUHYzcX THwOOYSml5u0d8ijKOhcXuN2cDgQXfy2yyjQrWcw+ZKCXTaJhm06qw68Gl947keP g6+GLbon0/NPA9yCXdBA+p9a/sLCAZWfj+Ge0ECuI9ITiACV8ByqTG0kGbTVDAOg B2w4o4yxie2BZqOmvUnceb7fg08vThSx/U6lx6w9QngIHE3ItfGOOw7MPvxZW8pj 436Pz3FOzK3PljR8SQWqtyXymAFDEfvaMHBIKbljAfPcGFZCCvZulYnV/YtZxWye s323HpGFC0ACRzI2Bf+SynkRbglOj6jqhctGFchhq5GtSuKwxj75vxklOnoLW3RF bZB2qAxmCFJmBpboVILoPLYN397N2RhQKCIS2rx5LEX/xYPDpVraIZVI23j+n84n 3vI3nI4nQrWDSEBN5tT4jcTvg9D1ErzgV8m/IcMELp+9hlb+i4xyCndiYAX51Obv gerzxfh1pX79Q9h/9xWnKLBwFODofeOuSuzTIqhYsh+si8w0F54pn5+XYSfDUwXO QsjhUYP9R5HCtuE3RIeSHmUga27TJFN+rqaxhCmTD6OvtDAkh1DKsChppVpGi1XK +BM4uUfDyvqju/frKg2i/eQM9bsN9tJVNZfmUjJCfw2ozBrg3VyVZPy6R9ldJpjK QVKoXfDnNqVriIiG7TcaMNx+JYsxSVhUBRy9KZwhQsTWhbsUqIlzw5p14i7QkHJJ FIS9/sHfDyV5hSz67+HWm2tlkqF7Ul0C2WzO8cnQMPSQyoDoiDjKiaxwZKiX+xFS ql5whDBVlMJFGr10k4UmQqEoPkSj0TRnayenTV+lQXmqUx4GOliCRfuOHIXK+r6o OoEBjyLO+Ryu4Tr1aigFXKiuoodRGNa1j6uHNwHj4cvvbBkrMudjeJSMnVQA3Ezy YL1+kPU0m3/t6mrM/JnYp3gYlViLyxCkUp/i1EcOvS0jmJQHvyqPUQGnXDiq9Gf+ MLiKLv4FqzybP8AnblB6+ILjhWP55PZhhdp8OK+uah4G5UwgFsPTrpie4ELYJ4rJ 01Z2IBHNzch+Fy6FXCruuKi1h/IOp3h7QnLtjnulvC/hDDPXILFGNLCIVDv99FrY LHzG3EpwL8DgsadcAohLL641sNYDsBho/pGYaAwJo2JfLcXXO/GcTdu/ry1dEX2+ O4QKFSrno3r33aqGgG4c/Qn+ZEi3D4mgjib84WcRQZPds3LGkQXIDtpcET3VpB1J eXhr3ucLT9FIUf99HA8ViDGvdd0Ih/cLDk8Ozblg2xdYKwMJV6NYwWvA7OYPBryw GRjbvT6sa/vqpe9v+4YPczYL4PJJXLnll3jbCOCFJ7OBjq1pPS2op8s5LpWXgQtT vxDq9rajwyVxR2Lfje06LrQxmAINTA8/xOMpkg2Hy7Uo2HOCnA0vPWATR13bTSXd Gillmor Expires 15 November 2021 [Page 23] Internet-Draft S/MIME Example Keys and Certificates May 2021 tvN1nq6KjdHnZZBZEKTXtn2VR6wIlq/K1wCLSYx58zEE8w52dSLo7xM8NEDSZyiF sTmvJvANcCgH9VRvCAzT+oKlntVxIo3WVS6h734qGjQ0r+DIwS+e0zEY00jxqtXx SR4WiWU+Gu26a93CptUJ43xMGPm9ejoe754oHsBXCMGT+tEelnGedUZdubwfMz6S OJvZxjV2K6xVEn/X5D0Ze6jXfm1BuhuBwzMCaoCpmn2QMTwwFQYJKoZIhvcNAQkU MQgeBgBiAG8AYjAjBgkqhkiG9w0BCRUxFgQUSrOsMVMCSZxN42554CVhlT6IYiUw ggWQBgkqhkiG9w0BBwGgggWBBIIFfTCCBXkwggV1BgsqhkiG9w0BDAoBAqCCBSYw ggUiMBwGCiqGSIb3DQEMAQMwDgQII2LYrVswSIECAhR2BIIFAMshejgTFzITz7hq JkiP9aeH9JVVVHSfuzg8YJte35Ws4d31jNO5SJwCohwcfrZ2/s1LL5+CpkbtKZVH Uih1p0V77m6wDNejLKGER7Zz5Oh5Vuvmuz68G9BTKHpfldNXlBU4CTBLIoaPJ93L zrHVDxwvYPYEz5GmSbVwW2OBZwHjpTpLrDnSwbtc4pIIwjhrqucc9WA891cyuPdV I8ljxuEGoQM9VOd9Id//ApmsiLng7cXfcHmO3oKb372b0V53yf7zXDn2tGibvYJj 1eKL9QsRH1MfCPE5k5D50iaXbcpq7B7G44aOKLRRHwx4z8DSftQ3Kz5tlO6WB2lZ b+YOEn54sBOeEnDmuj8BZrphVcb63mT0uN0nVmapLhsnG8HCKWkQaiHQwzpinR2v VcziZP8TQkxYPjnw2CzTkK4KnABRcZ1CaCtWwWutXQdPId5UsOF7jcncYjocJYlU 54NDPOZo7cAz4iihEORMeckxrFRemEpNqDn5/+yY1gSHNWNl4hzwYVnfp5IjgE0Y dJcUALAu7ZOGTOlcyaDnQkBSEFjGoT99V68tQfgk8uDPzr3CTyBGVQGjqKFAauez Htk7kixhqERiPPQ3Tk9U8lgwtLIyi8b2L4unNDj2AgHM+7Z90tHjW7mfk7mYbVjh ons4InEw5FiFYe5y0d0Z2kmyCKrz7WKJTCZ/IJ9vRkvd48xT5bTOQCzKfbZoryMM EstVmW85khWpHcbHhAU9KTqoIxDQTnxWQxQzFi8KXNPBJ4Qy7rp40P8ApMT5ddX9 31uZKZYaTtjxesMosp+ZF2uUh6id1Um/maTXZgrEE9AZ5SorlclRrZ3Mf3O98Rfy JjN23jbzVAKJcnerCZtP7xGg4sG3grI6zZ7ZlJmeOsv047ihSwcg7IR+PCdaguEp uSa6fwYnGgHbILNNrBVB/3+ohRdpLNynbcBXot/WT05/v0dg9bdxAkC2N/pcFUTX FVk+R9O4LfJUu5+WOzZ539y2keD2e4h3/EcUfu3gduZTf9m58TUYeexFDeRueoDl Zd6t31TN6gNpUOMVcashOnx6e/TwZdi/BYZcsvXnSXQO4lK/UT7XLDDzpI2MFhRP HSvQImONOTbu8hSEBhQQD4nvUh6J+qo8MpheesJ1QRqNt8R16TfRaItH4KES8Snj wyVrpRVMub+aPOLBuzGblCUZxybPXd7fZGLKt+x4H5HKWWbN4m3J0/YgeRYrunDD 3I6U8rRC1mzrogZkqp5etYGT1AVgNfjaADL/FN+CVyjgo7tqSGndTNMhDJNee346 w5Jxz4CtWb93AKWb5nHJu05xXJp2OkpbJ3J8CvdpOQbFfpGYesRavVH0GcwY9h6w Oz7J5U2zVB0OF9/9tAvAItd0YtbAt7qSK1SLKLwXdt18+NHtHrWURS8msGbtguaB 3FEInTYsUsafT2JIw17m+aI1oqK7N9vgOn12oQyGYl92xNRFqB8kjKpQuh7TwQgi jNqGK9vOhZUDqg8CSTYPwOdOIx6Bfghn9lvcs/EkoB5c7dizVhCs1I1ncHZkhIFq nMbOEVl9FXM86ZeE3nekOGXGTDRu2QpuVgD0K8/6TODB6TMLL8yWr8ds7fwJXU0r NrLfKDie16En6/3+TuBqoqajdlYwaTRYYG/8YXFiGZ413XhjrkP1OXKkz/OtdLIa g6pmBIDoeUCCiDPDBJobDH2f+jpzMTwwFQYJKoZIhvcNAQkUMQgeBgBiAG8AYjAj BgkqhkiG9w0BCRUxFgQUF8WEe9Cn73aQOLizbwi8krWeK5QwXzBPMAsGCWCGSAFl AwQCAwRAfOXgg9B0m7kIxySptHcG/y4B6QwUH80E7GdroberTesDhYKYf0BCxSwN wr0+uHwOtaa3iuPcHpIygAtHAOvdDgQInW+pd7qujQUCAigA -----END PKCS12----- 6. Example Ed25519 Certification Authority The example Ed25519 Certification Authority has the following information: * Name: "Sample LAMPS Ed25519 Certification Authority" Gillmor Expires 15 November 2021 [Page 24] Internet-Draft S/MIME Example Keys and Certificates May 2021 6.1. Ed25519 Certification Authority Root Certificate This certificate is used to verify certificates issued by the example Ed25519 Certification Authority. -----BEGIN CERTIFICATE----- MIIBtzCCAWmgAwIBAgITH59R65FuWGNFHoyc0N3iWesrXzAFBgMrZXAwWTE1MDMG A1UEAxMsU2FtcGxlIExBTVBTIEVkMjU1MTkgQ2VydGlmaWNhdGlvbiBBdXRob3Jp dHkxETAPBgNVBAsTCExBTVBTIFdHMQ0wCwYDVQQKEwRJRVRGMCAXDTIwMTIxNTIx MzU0NFoYDzIwNTIxMjE1MjEzNTQ0WjBZMTUwMwYDVQQDEyxTYW1wbGUgTEFNUFMg RWQyNTUxOSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTERMA8GA1UECxMITEFNUFMg V0cxDTALBgNVBAoTBElFVEYwKjAFBgMrZXADIQCEgUZ9yI/rkX/82DihqzVIZQZ+ RKE3URyp+eN2TxJDBKNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMC AQYwHQYDVR0OBBYEFGuilX26FJvkLQTRB6TRguQua4y1MAUGAytlcANBAAT3T+Jj w5uooVELMI2DzCYtjU9rnxFE9NaMp5elOelf/Wxc3Wd89UJTvqN3JZmXrv4Fg0jB SHqS/mTcQIFaHgI= -----END CERTIFICATE----- 6.2. Ed25519 Certification Authority Secret Key This secret key material is used by the example Ed25519 Certification Authority to issue new certificates. -----BEGIN PRIVATE KEY----- MC4CAQAwBQYDK2VwBCIEIAt889xRDvxNT8ak53T7tzKuSn6CQDe8fIdjrCiSFRcp -----END PRIVATE KEY----- This secret key is the [SHA256] digest of the ASCII string "draft- lamps-sample-certs-keygen.ca.25519.seed". 6.3. Ed25519 Certification Authority Cross-signed Certificate If an e-mail client only trusts the RSA Certification Authority Root Certificate found in Section 3.1, they can use this intermediate CA certificate to verify any end entity certificate issued by the example Ed25519 Certification Authority. Gillmor Expires 15 November 2021 [Page 25] Internet-Draft S/MIME Example Keys and Certificates May 2021 -----BEGIN CERTIFICATE----- MIICvzCCAaegAwIBAgITR49T5oAgYhF5+eBYQ3ZBZIMuujANBgkqhkiG9w0BAQsF ADBVMTEwLwYDVQQDEyhTYW1wbGUgTEFNUFMgUlNBIENlcnRpZmljYXRpb24gQXV0 aG9yaXR5MREwDwYDVQQLEwhMQU1QUyBXRzENMAsGA1UEChMESUVURjAgFw0yMDEy MTUyMTM1NDRaGA8yMDUyMDkyNzA2NTQxOFowWTE1MDMGA1UEAxMsU2FtcGxlIExB TVBTIEVkMjU1MTkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxETAPBgNVBAsTCExB TVBTIFdHMQ0wCwYDVQQKEwRJRVRGMCowBQYDK2VwAyEAhIFGfciP65F//Ng4oas1 SGUGfkShN1Ecqfnjdk8SQwSjfDB6MA8GA1UdEwEB/wQFMAMBAf8wFwYDVR0gBBAw DjAMBgpghkgBZQMCATACMA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQUa6KVfboU m+QtBNEHpNGC5C5rjLUwHwYDVR0jBBgwFoAUkTCOfAcXDKfxCShlNhpnHGh29Fkw DQYJKoZIhvcNAQELBQADggEBAHdUlo6cO0/YS6gMtuj7iNJjI5PaZ3F6muSjl+Ai MCPHGJaeVTzhcEnSNlvjXnM77Npxk2Z20342+sveBxfd80ZbTmVTek2IzaVdhxUi kEX4pCh28u+b+87BLQjb5Jmhph7105zqC0vxOtJS2y8zSdK2l8SwI/U6jlgEZJGv pcH5x9eLtrgmDGGqbHDv5BaAGGkM6pIwuw5xdukxKTMt6rXLLLqAX3xenDaY0rxo SkbeHUYO19MQ7LZmoKYe4Y/J7v4P+62cdjJi1Ob9qpGbvbQwh43GgkYZdTFY2qlY Uj0cLXSzdaBIXllPGCscqC058bGO+gdYJ241EclbB5nm88Q= -----END CERTIFICATE----- 7. Carlos's Sample Certificates Carlos has the following information: * Name: "Carlos Turing" * E-mail Address: "carlos@smime.example" 7.1. Carlos's Signature Verification End-Entity Certificate This certificate is used for verification of signatures made by Carlos. -----BEGIN CERTIFICATE----- MIICBzCCAbmgAwIBAgITP14fVCTRtAFDeA9zwYoXhR52ljAFBgMrZXAwWTE1MDMG A1UEAxMsU2FtcGxlIExBTVBTIEVkMjU1MTkgQ2VydGlmaWNhdGlvbiBBdXRob3Jp dHkxETAPBgNVBAsTCExBTVBTIFdHMQ0wCwYDVQQKEwRJRVRGMCAXDTIwMTIxNTIx MzU0NFoYDzIwNTIxMjE1MjEzNTQ0WjA6MRYwFAYDVQQDEw1DYXJsb3MgVHVyaW5n MREwDwYDVQQLEwhMQU1QUyBXRzENMAsGA1UEChMESUVURjAqMAUGAytlcAMhAMLO gDIs3mHITYRNYO+RnOedrq5/HuQHXSPyAKaS98ito4GwMIGtMAwGA1UdEwEB/wQC MAAwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMB8GA1UdEQQYMBaBFGNhcmxvc0Bz bWltZS5leGFtcGxlMBMGA1UdJQQMMAoGCCsGAQUFBwMEMA4GA1UdDwEB/wQEAwIG wDAdBgNVHQ4EFgQUZIXjO5wdWs3mC7oafwi+xJzMhD8wHwYDVR0jBBgwFoAUa6KV fboUm+QtBNEHpNGC5C5rjLUwBQYDK2VwA0EASWxvdJhtfO7zjO9wypAto3Fga8ik 9EsAvl8MCUCBw91Rmrj01P8jiAmCwxsb9VR4PPcq6GIjXCnjB5UrV/4XBw== -----END CERTIFICATE----- Gillmor Expires 15 November 2021 [Page 26] Internet-Draft S/MIME Example Keys and Certificates May 2021 7.2. Carlos's Signing Private Key Material This private key material is used by Carlos to create signatures. -----BEGIN PRIVATE KEY----- MC4CAQAwBQYDK2VwBCIEILvvxL741LfX+Ep3Iyye3Cjr4JmONIVYhZPM4M9N1IHY -----END PRIVATE KEY----- This secret key is the [SHA256] digest of the ASCII string "draft- lamps-sample-certs-keygen.carlos.sign.25519.seed". 7.3. Carlos's Encryption End-Entity Certificate This certificate is used to encrypt messages to Carlos. It contains an SMIMECapabilities extension to indicate that Carlos's MUA expects ECDH with HKDF using SHA-256; uses AES-128 key wrap, as indicated in [RFC8418]. -----BEGIN CERTIFICATE----- MIICNDCCAeagAwIBAgITfz0Bv+b1OMAT79aCh3arViNvhDAFBgMrZXAwWTE1MDMG A1UEAxMsU2FtcGxlIExBTVBTIEVkMjU1MTkgQ2VydGlmaWNhdGlvbiBBdXRob3Jp dHkxETAPBgNVBAsTCExBTVBTIFdHMQ0wCwYDVQQKEwRJRVRGMCAXDTIwMTIxNTIx MzU0NFoYDzIwNTIxMjE1MjEzNTQ0WjA6MRYwFAYDVQQDEw1DYXJsb3MgVHVyaW5n MREwDwYDVQQLEwhMQU1QUyBXRzENMAsGA1UEChMESUVURjAqMAUGAytlbgMhAC5o MczTIMiddTUYTc/WymEqXw8hZm1QbIz2xX2gFDx0o4HdMIHaMCsGCSqGSIb3DQEJ DwQeMBwwGgYLKoZIhvcNAQkQAxMwCwYJYIZIAWUDBAEFMAwGA1UdEwEB/wQCMAAw FwYDVR0gBBAwDjAMBgpghkgBZQMCATABMB8GA1UdEQQYMBaBFGNhcmxvc0BzbWlt ZS5leGFtcGxlMBMGA1UdJQQMMAoGCCsGAQUFBwMEMA4GA1UdDwEB/wQEAwIDCDAd BgNVHQ4EFgQUgSmg+iOgSyCMDXgA3u3aFss0JbkwHwYDVR0jBBgwFoAUa6KVfboU m+QtBNEHpNGC5C5rjLUwBQYDK2VwA0EA3jEXyWtu/jK7ZZrnc89k3gzfai2As+ZV NRfRCcYIQbvSRShV3x4WXtZd07hLSOtWL7sg6oBdTMUEFgDAJRRGBg== -----END CERTIFICATE----- 7.4. Carlos's Decryption Private Key Material This private key material is used by Carlos to decrypt messages. -----BEGIN PRIVATE KEY----- MC4CAQAwBQYDK2VuBCIEIIH5782H/otrhLy9Dtvzt79ffsvpcVXgdUczTdUvSQsK -----END PRIVATE KEY----- This secret key is the [SHA256] digest of the ASCII string "draft- lamps-sample-certs-keygen.carlos.encrypt.25519.seed". Gillmor Expires 15 November 2021 [Page 27] Internet-Draft S/MIME Example Keys and Certificates May 2021 7.5. PKCS12 Object for Carlos This PKCS12 ([RFC7292]) object contains the same information as presented in Section 7.1, Section 7.2, Section 7.3, Section 7.4, and Section 6.1. It is locked with the simple five-letter password "carlos". -----BEGIN PKCS12----- MIIJ9gIBAzCCCY4GCSqGSIb3DQEHAaCCCX8Eggl7MIIJdzCCAvcGCSqGSIb3DQEH BqCCAugwggLkAgEAMIIC3QYJKoZIhvcNAQcBMBwGCiqGSIb3DQEMAQMwDgQIwS3R pT1mkyMCAhS7gIICsGKkBm0nci9VHfqxOTWy/lkKyQeF5bwsF/9gZrqUym1KtHZF a4rSJIPUctmzqVnhGmfW9m+LEi7Em9rRmUIQbDZt4kQDG5eDk7AdhyDnB3uZDG1W 4cAeUVUiojGLgHFGe2/iIhW+JQTCbGDsAXqowalvoZZ5mJx98Rzb77JXyiKgY/a6 uiolRqr27yj0e9CGkA385Hp9n4gcqyGuZ5OYUa0zKRtZB+Zdqcu/365uTP3MUgud 3kK/ESRMRjdRGERlaD84fuhKvI9Elf6yoUkpwW7yHuDTVsLPWeuoPcpOIe/oT7cm HIoQNb2dTY0+HmSCNe3vbHiELsOzUSUat6JhE/uTHiJUVtL01NMcACdvXKqT1eXG DdD+Em9N0Di93m2qmXrP1N/AoKGTheB28XwsRicnoBvn4TKULQHaMx/UreYrX3AK yJJ4/8ENKQ+UipGt5xBKs/aLnWI9L75Cy3JP5v5myc4T1mvqjlVlay42o5nQYycF tOVjtI/TaBDi5lMBS+r4RPqAp2LfApjrBy6Z0hNLahEO7jsCfyDuxu/UBmncjueG T9OTzN0HwxhwpqfVWVbZzqo2k/7Tu1HVR4LoGQR/+Z6+v3DnLugRVahleObk7ZjX HPaO/EunXeokrJouz94jKgo1nTpRKfQ40AnXtKpbrY/457hI+fiODYh6JVdkUgXP 4f5vuwqiPPY0b/MCr9b+TPNLM1kVpkE1nFsrItNtD9XvktnKBHmSzRXxqeNowQKW nKyUnvV5iUjxdbiE4xX8/fl4TLSL4+Z4SlJZn376LWpAN82PtgfI6uYJkacvBkxz Eulxbw96hRbEraIwRkwijOfUV7UjoCPjMYA8Zh1x5JTiE4UWWLs8aq9tM0Z16sVz C1GhT9snSmeWuTtIqOSqJ+lnAbEZzfj4DSRcdUYwggKvBgkqhkiG9w0BBwagggKg MIICnAIBADCCApUGCSqGSIb3DQEHATAcBgoqhkiG9w0BDAEDMA4ECOMzXMste/8a AgIUlICCAmgXa+q2JhTLvWsj5SKLdMninTk5uB6HhOsDKYR9GDg/cABqUFxycROG JeJuewIRkJhsfdXJi+TSRtnQOqpyVM9oRUdxcbGuCI98fEbLmVyr7KF8GudTgC+b y+76DSmhfyPgFn02rHwnMb88Zu1SpvrEAY/sifQy957dbRA8oAUvfGhR5sVL7Mrz 6GtTtYgPNkKvjnNS3Tv1tOxHLwWWsxzW5/6AKY9hc4XuPJSY0jdEUW2PSIggoZQW jwlfb97H4Vvn/p8S/qKTUcsGXzFEn1WGXX+yp6acRABooK9Kg+qtNmPJl/nXgVib GuCffGVC4IGxxqJaCaGHIUEfBmNRSW/p6JbIASKUshw7iFeZVAfRcwN8mbMsJShk qgNy/KQGBSnbrzTZhoNPrUlMArU/Egccf6LpuMZP8PdeSueG3tM/xOt8D4tZmEyK pmcuQqXenFZIXdbleUB96OKXqrn4Nf77rMd5VL/R263jDCh9hw5IZIWzyN3HsxrR Qa0PjHFbQudoOEcfYwEmU9t5Av4o1flRLLV4m75ZZjKEtBZ0P4P8+7sYiaBf+9lk SL38WglKJ7EfGm7T0+L1fciDEyYH/L7B9OcIGlUsSBBYeOjsmY8gnw9sgt3UcK3g ZX+xiXIHV18yBY10EDaWy/ipv2lmYdw2EoPVwrS3jZ0gGLu8hNDkn1W6l2mJvZMa cKN/cuOL3m/EDpdXEDe9NEmufm5C3QwATW8NjoV4vUkZ9V+jQOCghq4rwot4+dHY 1GAAUfhchjfJgwR1ISzy8ZpO6KTGDuer5Vu1acpB3Mq/GZPqM8SucAl8P1fK6pwL MIICNwYJKoZIhvcNAQcGoIICKDCCAiQCAQAwggIdBgkqhkiG9w0BBwEwHAYKKoZI hvcNAQwBAzAOBAho9g0tQyYTvwICFIGAggHwqGucSvjuG1dKf42hcgjkAUEv5NW5 pX3C+Qfe6Nb4gxPw8yIu8vCdymupa3bBI7Qxd/ickCQAo7E2JGr5qjc6ftx6Us/H 5ySspVi9cz5qOVRTVwSQn+jttPCmtBq17PPyBlqT4U0dNeSDT87+ea3W/u/QQdwa Q3jdV9U5Li7Ni5F4ZDFIkmtUPEfrr0p4cgSAUDv6ZZBjpesM5WOIrEcNNHtkWjS4 jVvNMS64s1/rg1CA3FKjyQ/R8mNi7+FlPV2CKT1FD1iXgU6MLM1SS7JFR05maI/t HQtxFBFZkbYcKCGokz47e53MYvbtYR8nobZLJ5EJh9jHPZUjrNIl7hXxh7iOsZ36 N+3hn/2OM2uuB0fviJFwOoHu+c7HCaBUzSekpVGnEfxTEUXq9FT9utqhzuixEE+L Gillmor Expires 15 November 2021 [Page 28] Internet-Draft S/MIME Example Keys and Certificates May 2021 KQ3+19d5TXgYKpWsS3B54+uZee11QZ3ejDh1NvdkWj0EuQ7C1hf2zEi7q35OdllW tCNzIuf1Ls5mO+ezjXBtkAYByaykiUjubfFPNKowGhKOiZpq9IG2mWaXCJe1BWha iFpTET+HehLSK9OYvHj39jvx/Cpmtq3j1OFsy7l3n7n7OhmFaNrPmra/vgKFRUbV brijCLOemLbbg7JfKQpe4VXBpT9OAj6t38LCtV2IAoxKr9Ctxueq/AdINDCBxAYJ KoZIhvcNAQcBoIG2BIGzMIGwMIGtBgsqhkiG9w0BDAoBAqBaMFgwHAYKKoZIhvcN AQwBAzAOBAgNhfODEdzSrQICFF0EOCEqFie1peicS9OSXNQjLwbN3kO8lYM2HqeS ZoEKJ4JSFlV1kWW3xwfu5aZKrGEYBfGMd8renRijMUIwGwYJKoZIhvcNAQkUMQ4e DABjAGEAcgBsAG8AczAjBgkqhkiG9w0BCRUxFgQUgSmg+iOgSyCMDXgA3u3aFss0 JbkwgcQGCSqGSIb3DQEHAaCBtgSBszCBsDCBrQYLKoZIhvcNAQwKAQKgWjBYMBwG CiqGSIb3DQEMAQMwDgQINFcqIEMfd9UCAhS1BDgZruEsSaBY+Cm9WKR8HhH3JXh+ AoMSrwkDCKytWt+MNIXB0jY2QZHDbN3uFn7qHw06MDthnKniazFCMBsGCSqGSIb3 DQEJFDEOHgwAYwBhAHIAbABvAHMwIwYJKoZIhvcNAQkVMRYEFGSF4zucHVrN5gu6 Gn8IvsSczIQ/MF8wTzALBglghkgBZQMEAgMEQEy0qwQQs3QR/VwU7MgIK6ZCWGF9 0SgeIWjctI024YVnsTg1i8dbFW8rPanAovq3K+gwPqtRoYsjE6KPCycGzX0ECJDj aZkfy4FnAgIoAA== -----END PKCS12----- 8. Dana's Sample Certificates Dana has the following information: * Name: "Dana Hopper" * E-mail Address: "dna@smime.example" 8.1. Dana's Signature Verification End-Entity Certificate This certificate is used for verification of signatures made by Dana. -----BEGIN CERTIFICATE----- MIICAzCCAbWgAwIBAgITaWZI+hVtn8pQZviAmPmBXzWfnjAFBgMrZXAwWTE1MDMG A1UEAxMsU2FtcGxlIExBTVBTIEVkMjU1MTkgQ2VydGlmaWNhdGlvbiBBdXRob3Jp dHkxETAPBgNVBAsTCExBTVBTIFdHMQ0wCwYDVQQKEwRJRVRGMCAXDTIwMTIxNTIx MzU0NFoYDzIwNTIxMjE1MjEzNTQ0WjA4MRQwEgYDVQQDEwtEYW5hIEhvcHBlcjER MA8GA1UECxMITEFNUFMgV0cxDTALBgNVBAoTBElFVEYwKjAFBgMrZXADIQCy2h3h hkaKDY67PuCuNLnnrQiHdSWYpPlgFsOif85vrqOBrjCBqzAMBgNVHRMBAf8EAjAA MBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAdBgNVHREEFjAUgRJkYW5hQHNtaW1l LmV4YW1wbGUwEwYDVR0lBAwwCgYIKwYBBQUHAwQwDgYDVR0PAQH/BAQDAgbAMB0G A1UdDgQWBBRIA4bBabh4ba7e88wGsDOsVzLdljAfBgNVHSMEGDAWgBRropV9uhSb 5C0E0Qek0YLkLmuMtTAFBgMrZXADQQAqTjekfJCBctK5gm1kAnOvxPCe/xGTU9bm E42ScgS/GIPMyPgdeIn67Y9WkY715VgkZdw/PPlnSakKL+zj3zAO -----END CERTIFICATE----- 8.2. Dana's Signing Private Key Material This private key material is used by Dana to create signatures. Gillmor Expires 15 November 2021 [Page 29] Internet-Draft S/MIME Example Keys and Certificates May 2021 -----BEGIN PRIVATE KEY----- MC4CAQAwBQYDK2VwBCIEINZ8GPfmQh2AMp+uNIsZMbzvyTOltwvEt13usjnUaW4N -----END PRIVATE KEY----- This secret key is the [SHA256] digest of the ASCII string "draft- lamps-sample-certs-keygen.dana.sign.25519.seed". 8.3. Dana's Encryption End-Entity Certificate This certificate is used to encrypt messages to Dana. It contains an SMIMECapabilities extension to indicate that Dana's MUA expects ECDH with HKDF using SHA-256; uses AES-128 key wrap, as indicated in [RFC8418]. -----BEGIN CERTIFICATE----- MIICMDCCAeKgAwIBAgITDksKNqnvupyaO2gkjlIdwN7zpzAFBgMrZXAwWTE1MDMG A1UEAxMsU2FtcGxlIExBTVBTIEVkMjU1MTkgQ2VydGlmaWNhdGlvbiBBdXRob3Jp dHkxETAPBgNVBAsTCExBTVBTIFdHMQ0wCwYDVQQKEwRJRVRGMCAXDTIwMTIxNTIx MzU0NFoYDzIwNTIxMjE1MjEzNTQ0WjA4MRQwEgYDVQQDEwtEYW5hIEhvcHBlcjER MA8GA1UECxMITEFNUFMgV0cxDTALBgNVBAoTBElFVEYwKjAFBgMrZW4DIQDgMaI2 AWkU9LG8CvaRHgDSEY9d72Y8ENZeMwibPugkVKOB2zCB2DArBgkqhkiG9w0BCQ8E HjAcMBoGCyqGSIb3DQEJEAMTMAsGCWCGSAFlAwQBBTAMBgNVHRMBAf8EAjAAMBcG A1UdIAQQMA4wDAYKYIZIAWUDAgEwATAdBgNVHREEFjAUgRJkYW5hQHNtaW1lLmV4 YW1wbGUwEwYDVR0lBAwwCgYIKwYBBQUHAwQwDgYDVR0PAQH/BAQDAgMIMB0GA1Ud DgQWBBSd303UBe+a7GCGvCdtBOnOWtyPpDAfBgNVHSMEGDAWgBRropV9uhSb5C0E 0Qek0YLkLmuMtTAFBgMrZXADQQC9eaCofJkXN6GbED+J2ZLcQvah8kBwLIcDzxpP ZYQkN5IIWwXW7D9PEMTGdWlhe9h8IvluIuzIqTpyXKaWiY4K -----END CERTIFICATE----- 8.4. Dana's Decryption Private Key Material This private key material is used by Dana to decrypt messages. -----BEGIN PRIVATE KEY----- MC4CAQAwBQYDK2VuBCIEIGxZt8L7lY48OEq4gs/smQ4weDhRNMlYHG21StivPfz3 -----END PRIVATE KEY----- This seed is the [SHA256] digest of the ASCII string "draft-lamps- sample-certs-keygen.dana.encrypt.25519.seed". 8.5. PKCS12 Object for Dana This PKCS12 ([RFC7292]) object contains the same information as presented in Section 8.1, Section 8.2, Section 8.3, Section 8.4, and Section 6.1. It is locked with the simple four-letter password "dana". Gillmor Expires 15 November 2021 [Page 30] Internet-Draft S/MIME Example Keys and Certificates May 2021 -----BEGIN PKCS12----- MIIJ3gIBAzCCCXYGCSqGSIb3DQEHAaCCCWcEggljMIIJXzCCAu8GCSqGSIb3DQEH BqCCAuAwggLcAgEAMIIC1QYJKoZIhvcNAQcBMBwGCiqGSIb3DQEMAQMwDgQIZNqH TA2APx0CAhQXgIICqK+HFHF6dF5qwlWM6MRCXw11VKrcYBff65iLABPyGvWENnVM TTPpDLqbGm6Yd2eLntPZvJoVe5Sf2+DW4q3BZ9aKuEdneBBk8mDJ6/Lq1+wFxY5k WaBHTA68eH9ovHvrGaK8MkxBSoK7x05uD95di3m5y9XQFU1YsBB6miqD3mUsaPVE FeSrFr9aaylqcG9vP9uohbSe19szDmY41/cuKx7C1Qq6hd06TK8rw8aRg0pfrYCu WuXHQ9pTNf0gNWaLI0vJgo5DrkZzSX+2imCTTjgjbarBCKbRHesA1oXNpFHT8wl6 npErKI6tknS9TYimz/Laidjs431+HWlBll4pDxfSb+gasoGgH8kANnxrlNpm36i7 EmfFcRfloucJFovOjLijAPb8zUfmT0XSLYKQLIHgwShY2A+b+tmZgx/JU/6/eIxw z76wCYQ3n1HTFu+DpmIDF7hlkJAc7OFEoo3hhXSe41vJtTz2dw1Dq5kiR7i6MAXe GiI5ZpUpuTf5ICO9ZHmbQPOnf/fTN17KhvoJnc0dCGj3L9KPzeeKo/xOBY6DUVkx nc/KdEDuajISt1MSZWO/j2lEhlYalOU6x9xvPOG61hue1lesEcAnnMFYArcn6gH+ MDp6zrXbhemPTwITwiwgUWWYAQEuXIEvoYv1qC0izF8yqfB7EEaO1GRwNdUl3HS6 FjR2/hGXaZnqFyEkDPv8U0MYY0tXknuA/XNpqW0NaXwUf4DEZzG3Negjqa9irXSr bze5aTl7CshrxTy77ff4XgsZzbHbJANY+1Z82k9L9d2kYd7PJtn4F/q6YUvHNTB8 JoHvlLU+gP+QYYCHl3v/lsNYtkFe7CzCjJchr9X8Ru+2A6wdDDCskQmUHLXEWOtD pjLHGfOI9lqKGUcZbQd8pTsMuiL6MIICpwYJKoZIhvcNAQcGoIICmDCCApQCAQAw ggKNBgkqhkiG9w0BBwEwHAYKKoZIhvcNAQwBAzAOBAjxuoiaSZDbnwICFH+AggJg k2hcNYtO0+15uLqXdiNhr5Q0JkYcrHdo0wR6G5AgLmwI+TYi+P8EZUjDIJ4TJ3b4 6xv7+3pT8cbEFf6PXcfS8/sCfM7FaV3SpLACLZbBJV52OKE0CAgALX++E7UyqHju Ty6WnTIE3k+m9dH0dBMAhV/xGcXT91WBVDr9XkAa6dqhrbHS2VMUMfSdl6nJLwGc y5zVBZzzkV3LhejJRCqY3l+5quwabzumcDwtsVMz8/3j4TwGZzkvRP1+EbYLuAKp 94rfXAgzGt6f1WwRx7OsGKzcQpSjISw6x51tOaWZK/QnrhdOMt415a9t79HrJ3h7 8hqC+HfMTnCNtHEkEntGrlVqKF+isCoHBP/s1k+ZZ6WuASfgJcJMvFgyQ2LMyBVs AEelovX94Pz1c9PNzgNPSth0CQA1CJJcbLjueZNU4fNmgYuv/OOvTYZZklDQjjAk wZXlkNM70wsR0QFHZm5CpOQKEPxJUoIuSN77Q5wxP+VJYMYKfPhUYIQd3TQsqGXl wXbGLvtrz/anmPJFEy0qIPPjwsR9vtN/xYU09t6QHX2bTGN/eWmoqaUrXHCzlW8j lobS4CgeofaObNYse8dzsfd1BxjhDQ+cvewdDtVBmmm4Z9GG9Mn/Cxm5GI+twH/R W/tTMCny9EiQV0e+PtAj2rpnsuQbOZka06jEykg6/Ydv9kTjFT8SBSQxtAse2nbY shdZE/BhkCHyd+Mlj6AFiChsB0htP2dZLFLB8EkKCdB2DdEG/EcJcA5jVx54LG6w ZVGRr452XJTcn3zTUXFj63D13pHBTuwBvJvO5pVRFh8wggI3BgkqhkiG9w0BBwag ggIoMIICJAIBADCCAh0GCSqGSIb3DQEHATAcBgoqhkiG9w0BDAEDMA4ECOfJ/s3Y f5bgAgIUnYCCAfDRW6wHeNExBEJGRcj9eGUoBcXpSJCKCckJSh2ZLMepS0YBgtPk VDmQheb/A+1CgATSdG2qkNr3f4ACTZYJtyjBlOn6Z2oV/In0nyFXyPTKW+SeTM6N 1jfcKq2GIgL1687t+PNbYgH/+9QgDvcKiHEFqaQjpzYpyk2CuRdVEbq4r7c/K9h/ 2NO44aUq/Covon04rk/RG+HnJauQVC+iwuWcVpcoePF1XyP2onx6y8D7dxflKRhP u6HmD9f68ZwacQzaIodR9q8BJ5bOnabHfYZZuA4KIp7C2zUqEwCMbFkQRJmNfm1D G/huDK9Bdox436RGm3kP/XuJ8qNCYNS+8GblnX4gV3bO2MpBr+M+Q7Jk5v1xE2Su /9YHKaI6ok5cI3obozU6PuQzPSN7Yfi/MGC342ZXV5zjnCzGCK/VKRsvdk0f18w5 oKgibwGPMUXwvY/nVuWMNwkqQUXPsXSU80eTzkvx/oInldp5sHf0lxzaG+quxFwr GZ8v8i61YJis33pievIe9wwptrscGxQ7CahFtgIEUxzTc1usZOEGF/eQp9hciIZD MXUCs38nEe7N01QcKRgmuqIYHNt+6OUcljXuoJdLGcMEdXTqi2yVW7peopBTRvPz z0tJpPZlxtAmw/Hl2zTBiZ0h6zsuRcRcx6ieMIHABgkqhkiG9w0BBwGggbIEga8w gawwgakGCyqGSIb3DQEMCgECoFowWDAcBgoqhkiG9w0BDAEDMA4ECL2Bz1vW+YZk AgIUugQ4YOyEjke53NDvCFR0ciUHZ7ref9/wPx5TgV3qzGhfR4bP2rdpiOt9hAHV K5cmUAR7+wjAJiYdLUQxPjAXBgkqhkiG9w0BCRQxCh4IAGQAYQBuAGEwIwYJKoZI hvcNAQkVMRYEFJ3fTdQF75rsYIa8J20E6c5a3I+kMIHABgkqhkiG9w0BBwGggbIE Gillmor Expires 15 November 2021 [Page 31] Internet-Draft S/MIME Example Keys and Certificates May 2021 ga8wgawwgakGCyqGSIb3DQEMCgECoFowWDAcBgoqhkiG9w0BDAEDMA4ECFw78Uk8 K64uAgIU+gQ4id0jRb3JyEM5fdpaeQR+YEeMn+Y5KavplVD5HtgQQY9hhppbQqG4 af7KY+MT6xus6oNEQeJAE5wxPjAXBgkqhkiG9w0BCRQxCh4IAGQAYQBuAGEwIwYJ KoZIhvcNAQkVMRYEFEgDhsFpuHhtrt7zzAawM6xXMt2WMF8wTzALBglghkgBZQME AgMEQNHejohTj3Ewlp/2L19mtFcwBM/tTp7REjcOo+n9jtpzeFVve9dkr76JVAHh naFM+2tfOF7j5tW5Pn13nEEr0skECC5Dkkzl2MltAgIoAA== -----END PKCS12----- 9. Security Considerations The keys presented in this document should be considered compromised and insecure, because the secret key material is published and therefore not secret. Applications which maintain blacklists of invalid key material SHOULD include these keys in their lists. 10. IANA Considerations IANA has nothing to do for this document. 11. Document Considerations [ RFC Editor: please remove this section before publication ] This document is currently edited as markdown. Minor editorial changes can be suggested via merge requests at https://gitlab.com/dkg/lamps-samples or by e-mail to the author. Please direct all significant commentary to the public IETF LAMPS mailing list: "spasm@ietf.org" 11.1. Document History 11.1.1. Substantive Changes from draft-ietf-*-02 to draft-ietf-*-03 * Correct encoding of S/MIME Capabilities extension. * Change "Certificate Authority" to "Certification Authority". * Add CertificatePolicies to all intermediate and end-entity certificates. * Add organization and organizational unit to all certificates. 11.1.2. Substantive Changes from draft-ietf-*-01 to draft-ietf-*-02 * Added cross-signed certificates for both CAs Gillmor Expires 15 November 2021 [Page 32] Internet-Draft S/MIME Example Keys and Certificates May 2021 * Added S/MIME Capabilities extension for Carlos and Dana's encryption keys, indicating preferred ECDH parameters. * Ensure no serial numbers are negative. * Encode keyUsage extensions in minimum-length BIT STRINGs. 11.1.3. Substantive Changes from draft-ietf-*-00 to draft-ietf-*-01 * Added Curve25519 sample certificates (new CA, Carlos, and Dana) 11.1.4. Substantive Changes from draft-dkg-*-05 to draft-ietf-*-00 * WG adoption (dkg moves from Author to Editor) 11.1.5. Substantive Changes from draft-dkg-*-04 to draft-dkg-*-05 * PEM blobs are now "sourcecode", not "artwork" 11.1.6. Substantive Changes from draft-dkg-*-03 to draft-dkg-*-04 * Describe deterministic key generation * label PEM blobs with filenames in XML 11.1.7. Substantive Changes from draft-dkg-*-02 to draft-dkg-*-03 * Alice and Bob now each have two distinct certificates: one for signing, one for encryption, and public keys to match. 11.1.8. Substantive Changes from draft-dkg-*-01 to draft-dkg-*-02 * PKCS#12 objects are deliberately locked with simple passphrases 11.1.9. Substantive Changes from draft-dkg-*-00 to draft-dkg-*-01 * changed all three keys to use RSA instead of RSA-PSS * set keyEncipherment keyUsage flag instead of dataEncipherment in EE certs 12. Acknowledgements This draft was inspired by similar work in the OpenPGP space by Bjarni Runar and juga at [I-D.bre-openpgp-samples]. Eric Rescorla helped spot issues with certificate formats. Gillmor Expires 15 November 2021 [Page 33] Internet-Draft S/MIME Example Keys and Certificates May 2021 Sean Turner pointed to [RFC4134] as prior work. Deb Cooley suggested that Alice and Bob should have separate certificates for signing and encryption. Wolfgang Hommel helped to build reproducible encrypted PKCS#12 objects. Carsten Bormann got the XML "sourcecode" markup working for this draft. David A. Cooper identified problems with the certificates and suggested corrections. Lijun Liao helped get the terminology right. 13. References 13.1. Normative References [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, DOI 10.17487/RFC2119, March 1997, . [RFC5280] Cooper, D., Santesson, S., Farrell, S., Boeyen, S., Housley, R., and W. Polk, "Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile", RFC 5280, DOI 10.17487/RFC5280, May 2008, . [RFC5322] Resnick, P., Ed., "Internet Message Format", RFC 5322, DOI 10.17487/RFC5322, October 2008, . [RFC7292] Moriarty, K., Ed., Nystrom, M., Parkinson, S., Rusch, A., and M. Scott, "PKCS #12: Personal Information Exchange Syntax v1.1", RFC 7292, DOI 10.17487/RFC7292, July 2014, . [RFC8032] Josefsson, S. and I. Liusvaara, "Edwards-Curve Digital Signature Algorithm (EdDSA)", RFC 8032, DOI 10.17487/RFC8032, January 2017, . [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, May 2017, . Gillmor Expires 15 November 2021 [Page 34] Internet-Draft S/MIME Example Keys and Certificates May 2021 [RFC8551] Schaad, J., Ramsdell, B., and S. Turner, "Secure/ Multipurpose Internet Mail Extensions (S/MIME) Version 4.0 Message Specification", RFC 8551, DOI 10.17487/RFC8551, April 2019, . 13.2. Informative References [FIPS186-4] "Digital Signature Standard (DSS)", National Institute of Standards and Technology report, DOI 10.6028/nist.fips.186-4, July 2013, . [I-D.bre-openpgp-samples] Einarsson, B. R., juga, and D. K. Gillmor, "OpenPGP Example Keys and Certificates", Work in Progress, Internet-Draft, draft-bre-openpgp-samples-01, 20 December 2019, . [RFC4134] Hoffman, P., Ed., "Examples of S/MIME Messages", RFC 4134, DOI 10.17487/RFC4134, July 2005, . [RFC7469] Evans, C., Palmer, C., and R. Sleevi, "Public Key Pinning Extension for HTTP", RFC 7469, DOI 10.17487/RFC7469, April 2015, . [RFC8410] Josefsson, S. and J. Schaad, "Algorithm Identifiers for Ed25519, Ed448, X25519, and X448 for Use in the Internet X.509 Public Key Infrastructure", RFC 8410, DOI 10.17487/RFC8410, August 2018, . [RFC8418] Housley, R., "Use of the Elliptic Curve Diffie-Hellman Key Agreement Algorithm with X25519 and X448 in the Cryptographic Message Syntax (CMS)", RFC 8418, DOI 10.17487/RFC8418, August 2018, . [SHA256] Dang, Q., "Secure Hash Standard", National Institute of Standards and Technology report, DOI 10.6028/nist.fips.180-4, July 2015, . Gillmor Expires 15 November 2021 [Page 35] Internet-Draft S/MIME Example Keys and Certificates May 2021 [TEST-POLICY] NIST - Computer Security Divisiion (CSD), "Test Certificate Policy to Support PKI Pilots and Testing", May 2012, . Author's Address Daniel Kahn Gillmor (editor) American Civil Liberties Union 125 Broad St. New York, NY, 10004 United States of America Email: dkg@fifthhorseman.net Gillmor Expires 15 November 2021 [Page 36]