idnits 2.17.1 draft-dkg-lamps-samples-02.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document date (24 December 2019) is 1585 days in the past. Is this intentional? Checking references for intended status: Informational ---------------------------------------------------------------------------- No issues found here. Summary: 0 errors (**), 0 flaws (~~), 1 warning (==), 1 comment (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 lamps D.K. Gillmor 3 Internet-Draft ACLU 4 Intended status: Informational 24 December 2019 5 Expires: 26 June 2020 7 S/MIME Example Keys and Certificates 8 draft-dkg-lamps-samples-02 10 Abstract 12 The S/MIME development community benefits from sharing samples of 13 signed or encrypted data. This document facilitates such 14 collaboration by defining a small set of X.509v3 certificates and 15 keys for use when generating such samples. 17 Status of This Memo 19 This Internet-Draft is submitted in full conformance with the 20 provisions of BCP 78 and BCP 79. 22 Internet-Drafts are working documents of the Internet Engineering 23 Task Force (IETF). Note that other groups may also distribute 24 working documents as Internet-Drafts. The list of current Internet- 25 Drafts is at https://datatracker.ietf.org/drafts/current/. 27 Internet-Drafts are draft documents valid for a maximum of six months 28 and may be updated, replaced, or obsoleted by other documents at any 29 time. It is inappropriate to use Internet-Drafts as reference 30 material or to cite them other than as "work in progress." 32 This Internet-Draft will expire on 26 June 2020. 34 Copyright Notice 36 Copyright (c) 2019 IETF Trust and the persons identified as the 37 document authors. All rights reserved. 39 This document is subject to BCP 78 and the IETF Trust's Legal 40 Provisions Relating to IETF Documents (https://trustee.ietf.org/ 41 license-info) in effect on the date of publication of this document. 42 Please review these documents carefully, as they describe your rights 43 and restrictions with respect to this document. Code Components 44 extracted from this document must include Simplified BSD License text 45 as described in Section 4.e of the Trust Legal Provisions and are 46 provided without warranty as described in the Simplified BSD License. 48 Table of Contents 50 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 51 1.1. Requirements Language . . . . . . . . . . . . . . . . . . 3 52 1.2. Terminology . . . . . . . . . . . . . . . . . . . . . . . 3 53 1.3. Prior Work . . . . . . . . . . . . . . . . . . . . . . . 3 54 2. Background . . . . . . . . . . . . . . . . . . . . . . . . . 3 55 2.1. Certificate Usage . . . . . . . . . . . . . . . . . . . . 3 56 2.2. Certificate Expiration . . . . . . . . . . . . . . . . . 4 57 2.3. Certificate Revocation . . . . . . . . . . . . . . . . . 4 58 2.4. Using the CA in Test Suites . . . . . . . . . . . . . . . 4 59 2.5. Certificate Chains . . . . . . . . . . . . . . . . . . . 5 60 2.6. Passwords . . . . . . . . . . . . . . . . . . . . . . . . 5 61 3. Example Certificate Authority . . . . . . . . . . . . . . . . 5 62 3.1. Certificate Authority Certificate . . . . . . . . . . . . 5 63 3.2. Certificate Authority Secret Key . . . . . . . . . . . . 6 64 4. Alice's Sample . . . . . . . . . . . . . . . . . . . . . . . 7 65 4.1. Alice's End-Entity Certificate . . . . . . . . . . . . . 7 66 4.2. Alice's Private Key Material . . . . . . . . . . . . . . 8 67 4.3. PKCS12 Object for Alice . . . . . . . . . . . . . . . . . 9 68 5. Bob's Sample . . . . . . . . . . . . . . . . . . . . . . . . 11 69 5.1. Bob's End-Entity Certificate . . . . . . . . . . . . . . 11 70 5.2. Bob's Private Key Material . . . . . . . . . . . . . . . 12 71 5.3. PKCS12 Object for Bob . . . . . . . . . . . . . . . . . . 12 72 6. Security Considerations . . . . . . . . . . . . . . . . . . . 14 73 7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 14 74 8. Document Considerations . . . . . . . . . . . . . . . . . . . 14 75 8.1. Document History . . . . . . . . . . . . . . . . . . . . 14 76 8.1.1. Substantive Changes from -01 to -02 . . . . . . . . . 14 77 8.1.2. Substantive Changes from -00 to -01 . . . . . . . . . 15 78 9. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 15 79 10. References . . . . . . . . . . . . . . . . . . . . . . . . . 15 80 10.1. Normative References . . . . . . . . . . . . . . . . . . 15 81 10.2. Informative References . . . . . . . . . . . . . . . . . 16 82 Author's Address . . . . . . . . . . . . . . . . . . . . . . . . 16 84 1. Introduction 86 The S/MIME ([RFC8551]) development community, in particular the 87 e-mail development community, benefits from sharing samples of signed 88 and/or encrypted data. Often the exact key material used does not 89 matter because the properties being tested pertain to implementation 90 correctness, completeness or interoperability of the overall system. 91 However, without access to the relevant secret key material, a sample 92 is useless. 94 This document defines a small set of X.509v3 certificates ([RFC5280]) 95 and secret keys for use when generating or operating on such samples. 97 An example certificate authority is supplied, and samples are 98 provided for two "personas", Alice and Bob. 100 1.1. Requirements Language 102 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 103 "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and 104 "OPTIONAL" in this document are to be interpreted as described in BCP 105 14 [RFC2119] [RFC8174] when, and only when, they appear in all 106 capitals, as shown here. 108 1.2. Terminology 110 * "Certificate Authority" (or "CA") is a party capable of issuing 111 X.509 certificates 113 * "End-Entity" is a party that is capable of using X.509 114 certificates (and their corresponding secret key material) 116 * "Mail User Agent" (or "MUA") is a program that generates or 117 handles [RFC5322] e-mail messages. 119 1.3. Prior Work 121 [RFC4134] contains some sample certificates, as well as messages of 122 various S/MIME formats. That older work has unacceptably old 123 algorithm choices that may introduce failures when testing modern 124 systems: in 2019, some tools explicitly mark 1024-bit RSA and 125 1024-bit DSS as weak. 127 This earlier document also does not use the now widely-accepted PEM 128 encoding for the objects, and instead embeds runnable perl code to 129 extract them from the document. 131 It also includes examples of messages and other structures which are 132 greater in ambition than this document intends to be. This document 133 intends to focus specifically on identity and key material, as a 134 starting point for other documents that can develop examples or test 135 cases from them. 137 2. Background 139 2.1. Certificate Usage 141 These X.509 certificates ([RFC5280]) are designed for use with S/MIME 142 protections ([RFC8551]) for e-mail ([RFC5322]). 144 In particular, they should be usable with signed and encrypted 145 messages. 147 2.2. Certificate Expiration 149 The certificates included in this draft expire in 2052. This should 150 be sufficiently far in the future that they will be useful for a few 151 decades. However, when testing tools in the far future (or when 152 playing with clock skew scenarios), care should be taken to consider 153 the certificate validity window. 155 Due to this lengthy expiration window, these certificates will not be 156 particularly useful to test or evaluate the interaction between 157 certificate expiration and protected messages. 159 2.3. Certificate Revocation 161 Because these are expected to be used in test suites or examples, and 162 we do not expect there to be online network services in these use 163 cases, we do not expect these certificates to produce any revocation 164 artifacts. 166 As a result, there are no OCSP or CRL indicators in any of the 167 certificates. 169 2.4. Using the CA in Test Suites 171 To use these end-entity certificates in a piece of software (for 172 example, in a test suite or an interoperability matrix), most tools 173 will need to accept the example CA (Section 3) as a legitimate root 174 authority. 176 Note that some tooling behaves differently for certificates validated 177 by "locally-installed root CAs" than for pre-installed "system-level" 178 root CAs). For example, many common implementations of HPKP 179 ([RFC7469]) only applied the designed protections when dealing with a 180 certificate issued by a pre-installed "system-level" root CA, and 181 were disabled when dealing with a certificate issued by a "locally- 182 installed root CA". 184 To test some tooling specifically, it may be necessary to install the 185 root CA as a "system-level" root CA. 187 2.5. Certificate Chains 189 In most real-world examples, X.509 certificates are deployed with a 190 chain of more than one X.509 certificate. In particular, there is 191 typically a long-lived root CA that users' software knows about upon 192 installation, and the end-entity certificate is issued by an 193 intermediate CA, which is in turn issued by the root CA. 195 The examples presented in this document use a simple two-link 196 certificate chain, and therefore may be unsuitable for simulating 197 some real-world deployments. 199 In particular, testing the use of a "transvalid" certificate (an end- 200 entity certificate that is supplied without its intermediate 201 certificate) is not possible with the configuration here. 203 2.6. Passwords 205 Each secret key presented in this draft is unprotected (it has no 206 password). 208 As such, the secret key objects are not suitable for verifying 209 interoperable password protection schemes. 211 However, the PKCS#12 [RFC7292] objects do have simple textual 212 passwords, because tooling for dealing with passwordless PKCS#12 213 objects is underdeveloped at the time of this draft. 215 3. Example Certificate Authority 217 The example Certificate Authority has the following information: 219 * Name: "Sample LAMPS Certificate Authority" 221 3.1. Certificate Authority Certificate 222 -----BEGIN CERTIFICATE----- 223 MIIDLTCCAhWgAwIBAgIULXcNXGI2bZp38sV7cF6VcQfnKDwwDQYJKoZIhvcNAQEN 224 BQAwLTErMCkGA1UEAxMiU2FtcGxlIExBTVBTIENlcnRpZmljYXRlIEF1dGhvcml0 225 eTAgFw0xOTExMjAwNjU0MThaGA8yMDUyMDkyNzA2NTQxOFowLTErMCkGA1UEAxMi 226 U2FtcGxlIExBTVBTIENlcnRpZmljYXRlIEF1dGhvcml0eTCCASIwDQYJKoZIhvcN 227 AQEBBQADggEPADCCAQoCggEBAMUfZ8+NYSh6h36zQcXBo5B6ficAcBJ1f3aLxyN8 228 QXB83XuP8aDRWQ9uJvJpQkWVH4zx96/E/zI0t0lDMYtZNqra16h+gxbHJgoq2pRw 229 RCOiyYu/p2vzvvZ1dtFTMc/mIigjA/73kokui62j1EFy//fNVIihkVS3rAweq+fI 230 8qJHSMhdc2aYa9wOP0eGe/HTiDYgT4L4f2HTGMGGwQgj1vub0gpR4YHmNqr0GyEA 231 63mHUQUZpnmN1FEl+nVFA5Ntu4uF++qf/tkTji89/eXYBdKX2yUdTeTIKoCI65IL 232 EXxezjTc8aFjf/8E0aWGVZR/DtCsjWOh/s/mV7n/YPyb4+ECAwEAAaNDMEEwDwYD 233 VR0TAQH/BAUwAwEB/zAPBgNVHQ8BAf8EBQMDBwYAMB0GA1UdDgQWBBS3Uk1zwIg9 234 ssN6WgzzlPf3gKJ32zANBgkqhkiG9w0BAQ0FAAOCAQEALsU91Bmhc6EgCNr7inY2 235 2gYPnosJ+kZ1eC0hvHIK9e0Tx74RmhTOe8M2C9YXQKehHpRaX+DLcjup6scoH/bT 236 u0THbmzeOy29TTiFcyV9BK+SEKQWW4s98Fwdk9fPWcflHtYvqxjooAV3vHbt6Xmp 237 KrKDz/jdg7t0ptI4zSqAf3wNppiJoswlOHBUnH2W1MIYkWQ4jYj5socblVlklHOr 238 ykKUiEZAbjU+C1+0FhT4HgLjBB9R4H1H0JRKsggWiZBBJ6UpN0dTN4iD0mDVa0jy 239 sJqqWnIViy/xaSDcNaWJmU3o2KmkMkdpinoJ5uLkAHQqXjFaujdU1PkufeA7v3uG 240 Rw== 241 -----END CERTIFICATE----- 243 3.2. Certificate Authority Secret Key 244 -----BEGIN RSA PRIVATE KEY----- 245 MIIEpQIBAAKCAQEAxR9nz41hKHqHfrNBxcGjkHp+JwBwEnV/dovHI3xBcHzde4/x 246 oNFZD24m8mlCRZUfjPH3r8T/MjS3SUMxi1k2qtrXqH6DFscmCiralHBEI6LJi7+n 247 a/O+9nV20VMxz+YiKCMD/veSiS6LraPUQXL/981UiKGRVLesDB6r58jyokdIyF1z 248 Zphr3A4/R4Z78dOINiBPgvh/YdMYwYbBCCPW+5vSClHhgeY2qvQbIQDreYdRBRmm 249 eY3UUSX6dUUDk227i4X76p/+2ROOLz395dgF0pfbJR1N5MgqgIjrkgsRfF7ONNzx 250 oWN//wTRpYZVlH8O0KyNY6H+z+ZXuf9g/Jvj4QIDAQABAoIBAQC6LWFU7IkZPDEA 251 /7ldV/huGuNPXuB67rLGelpJL7B219gwPdHPPCrLohPy3GuVYLT94AM55evJtXRv 252 I6GFpWs2j58kKukQ+GL7M2Ji1G3m4ndNIGS2Vu7DxEnGhrcDTq5wDjJV++pQ2r9d 253 7uAoOL99glcW/NJQm3FJuSZPssFHdjfzFrirRUwLPq9RoYsvst/EECxoq5WOZbeM 254 OsyGJ0ARsJpvBhIMFq/6eo/dFfTR4qba3BP0RksbETRNUk7ld2iQJ9huZkThNz1l 255 lxMpvpYRCHkmM8CIVzvb0IsCBmio/5YpShP3PVB39Zw5XDs/A9Yn5b46hjEX45mn 256 HTqaAz/JAoGBAN7ayderxL4C0jm8aif3wWMazXetuU8dU0jeYAmYCNl+R6dxtBSI 257 KAv770caDfDD7wxmjBDqEIBqIHYUPo3ouXiGt6r3WWNEzvRp3VbOS9TfR0MQys1K 258 WAgroB7mSJUG14I/JTpuFqwqN+VBXNTND2zb7ULj9UYOedIgxBqNCkbbAoGBAOJw 259 3r2tQNGBaT2VKlp5Jflvy09OOFaypdqMujSkbLi/gfU2WulYw8hti9yjsJdeAhv7 260 jk8LBIfiXyByXk/qc+IcEov79Uq5x44lV/KiP4FcZ3kGVMYmr2ldTa+JJ0gtIkDh 261 ZKVzw6SaXnqxbygCtNY+DRxCTBGcCpZQCkZhjIbzAoGBAJPjd1zjRU2fC6l66quZ 262 U8GT0NRh+f6RhGpwACV9uimzDpQE9a9GZ+UEDFcP6D5lmCaPitXSrp65Ts9tQdHk 263 pehg5lPTj4M772btNhBcGKCsh1rvMtYnRuItKTY4NeSHxM5PX0I2Ol+IKM2/oX4q 264 ktj33aytIGCcTKVwTxMbk71PAoGACVtImOXTy9RhGN5VBbAD1a684+YDhfGT0NgH 265 ya0RoQCoyg0Y7JNyY5HDOba50UddJvLaCoIWCddcvuZ65yp0517plUcv94p9qG36 266 mFgD78B1thaA4j8u+FeWoi40pVLYG340vnFuIBsQ1FkIksqp1kByIjzLD982wMdF 267 5Wqad+kCgYEAjqXkzyFiD71D6g205kwwPzoIV8unmNMsvNn3UFF50/MS/f/ubTTy 268 FoHYUt5E/YiHbPRyr8zTzSGWUGhV286jRPq4iCwhd2ZQDRw1DuqNooQAqQeY93nS 269 YDg6U+BjPWQx0lN4LucF+BKwXWQ8ZNdwxjs8SSf6XQMVco4LiUZBOyo= 270 -----END RSA PRIVATE KEY----- 272 4. Alice's Sample 274 Alice has the following information: 276 * Name: "Alice Lovelace" 278 * E-mail Address: "alice@smime.example" 280 4.1. Alice's End-Entity Certificate 281 -----BEGIN CERTIFICATE----- 282 MIIDbjCCAlagAwIBAgIUZ4K0WXNSS8H0cUcZavD9EYqqTAswDQYJKoZIhvcNAQEN 283 BQAwLTErMCkGA1UEAxMiU2FtcGxlIExBTVBTIENlcnRpZmljYXRlIEF1dGhvcml0 284 eTAgFw0xOTExMjAwNjU0MThaGA8yMDUyMDkyNzA2NTQxOFowGTEXMBUGA1UEAxMO 285 QWxpY2UgTG92ZWxhY2UwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDD 286 7q35ZdG2JAzzJGNZDZ9sV7AKh0hlRfoFjTZN5m4RegQAYSyag43ouWi1xRN0avf0 287 UTYrwjK04qRdV7GzCACoEKq/xiNUOsjfJXzbCublN3fZMOXDshKKBqThlK75SjA9 288 Czxg7ejGoiY/iidk0e91neK30SCCaBTJlfR2ZDrPk73IPMeksxoTatfF9hw9dDA+ 289 /Hi1yptN/aG0Q/s9icFrxr6y2zQXsjuQPmjMZgj10aD9cazWVgRYCgflhmA0V1uQ 290 l1wobYU8DAVxVn+GgabqyjGQMoythIK0Gn5+ofwxXXUM/zbU+g6+1ISdoXxRRFtq 291 2GzbIqkAHZZQm+BbnFrhAgMBAAGjgZcwgZQwDAYDVR0TAQH/BAIwADAeBgNVHREE 292 FzAVgRNhbGljZUBzbWltZS5leGFtcGxlMBMGA1UdJQQMMAoGCCsGAQUFBwMEMA8G 293 A1UdDwEB/wQFAwMHoAAwHQYDVR0OBBYEFKwuVFqk/VUYry7oZkQ40SXR1wB5MB8G 294 A1UdIwQYMBaAFLdSTXPAiD2yw3paDPOU9/eAonfbMA0GCSqGSIb3DQEBDQUAA4IB 295 AQB76o4Yz7yrVSFcpXqLrcGtdI4q93aKCXECCCzNQLp4yesh6brqaZHNJtwYcJ5T 296 qbUym9hJ70iJE4jGNN+yAZR1ltte0HFKYIBKM4EJumG++2hqbUaLz4tl06BHaQPC 297 v/9NiNY7q9R9c/B6s1YzHhwqkWht2a+AtgJ4BkpG+g+MmZMQV/Ao7RwLFKJ9OlMW 298 LBmEXFcpIJN0HpPasT0nEl/MmotSu+8RnClAi3yFfyTKb+8rD7VxuyXetqDZ6dU/ 299 9/iqD/SZS7OQIjywtd343mACz3B1RlFxMHSA6dQAf2btGumqR0KiAp3KkYRAePoa 300 JqYkB7Zad06ngFl0G0FHON+7 301 -----END CERTIFICATE----- 303 4.2. Alice's Private Key Material 304 -----BEGIN RSA PRIVATE KEY----- 305 MIIEogIBAAKCAQEAw+6t+WXRtiQM8yRjWQ2fbFewCodIZUX6BY02TeZuEXoEAGEs 306 moON6LlotcUTdGr39FE2K8IytOKkXVexswgAqBCqv8YjVDrI3yV82wrm5Td32TDl 307 w7ISigak4ZSu+UowPQs8YO3oxqImP4onZNHvdZ3it9EggmgUyZX0dmQ6z5O9yDzH 308 pLMaE2rXxfYcPXQwPvx4tcqbTf2htEP7PYnBa8a+sts0F7I7kD5ozGYI9dGg/XGs 309 1lYEWAoH5YZgNFdbkJdcKG2FPAwFcVZ/hoGm6soxkDKMrYSCtBp+fqH8MV11DP82 310 1PoOvtSEnaF8UURbaths2yKpAB2WUJvgW5xa4QIDAQABAoIBAA7vrwuIG4iLDwGq 311 EHjFdRXJSX5D+dzejMTHkxA1NMbYSl3NCp1s0fCf0b+pmmYRkX1qg3qqfzsS2/zR 312 ppZDUel9+8ZK0H6nTJDWRsJb/mYS6GwCMkHM3WTwRLl9oCkY4ryEksHA4THjQo8t 313 dPtWla6drp7crmHClXMYn143HdSdCIB9StRPkSgyHjyFLOThReOog2Nsm7eShmov 314 7WkMuESFku5OHFPLUw5FyLEzHJar8ZI7qYbT7X6IamXOf9aTMPDA1rqAcix+4KQa 315 zF3cNY1xgq/yIvtsv6oyknTStw1i3i46PWzMWf845Eayunrg8e6F3hWt7zndjXWQ 316 Jg/gAAECgYEA3SLlO2tGdb5gWHwzzZAnTzBMo1Z3toEN25LetuSmY7mxkjMTRDAi 317 5VOdpSXrVFaT5r8qwU9yFEm+OuB6k52CVbTE1Fp96JlbzYjZnKaLn5OG8+HSLdtn 318 1vj1XyCGRDJKJ8GaZpZp+WvBfp6449WpSgupXMdIOM8jfekgTEh6rgECgYEA4tKM 319 Da3tFEEyVy9ZSxZV9ep9dhE7kmVQnr2pvt2YfJTiKnSo2kkj/qKoMi2PhS8ZO0JQ 320 J90bDngqI5sIo/OGi+hwYRmcKCrvfnfJUEq3v+3BFQYPDfwktgiBu5TGDNimFA2t 321 l+23SwwCPfjPh5frk8GTq0IslRhXY3djNPhhbOECgYAojSegN9HZ8alVUKFnRtIO 322 kXrcURTu4MebxlkVDOT+UKUhfEBCNtmPWEAGcueutZm1rMS4Yks3MTazMUsJGs81 323 zEpz7ow8RTMyg6/0LA5amwEaZATY5+0o3MqSQTKd+uLiW3xm55pTZNE82PpqvVmn 324 /G94VgsGb+XARynnEzt8AQKBgDER356t+9Yf7KYT5jtqT5pt6kp6m+ql5HUTDv/t 325 rKl3BB6vMkBXBmR2B/EjDiN/9vNs+y5ElS/iKyucxJfDfV4TIQzAn5nJABraC0FF 326 iM8KvnSv5N3fqImA+Z/9JYNt8y/vbZiqoranmGyTwUHSSfKjNDEelcqDg5RPJbU1 327 7s3BAoGAdqDEx0K1sW/e0pOtb97fBNIRgUemSUctUiaV1imwIku1wuxVvD8z92xh 328 g0DszHZfhSIvZwrhxF0VqPEgh1mDWVfuSHG1g74gDyPy5p3OnEnrk4bloBhXit2Z 329 pUSPj7ME4rNqAEXlfdVUPq4T1Yq95lDMafQlCmUZU0DnuAy19dc= 330 -----END RSA PRIVATE KEY----- 332 4.3. PKCS12 Object for Alice 334 This PKCS12 ([RFC7292]) object contains the same information as 335 presented in Section 4.1, Section 4.2, and Section 3.1. 337 It is locked with the simple five-letter password "alice". 339 -----BEGIN PKCS12----- 340 MIINxQIBAzCCDV0GCSqGSIb3DQEHAaCCDU4Egg1KMIINRjCCBC8GCSqGSIb3DQEH 341 BqCCBCAwggQcAgEAMIIEFQYJKoZIhvcNAQcBMBwGCiqGSIb3DQEMAQMwDgQIxzMo 342 cGN7mdMCAhQ3gIID6L6IPosvmOWsvjWwTaxivUEtkMgTVVh7Gk79/JzaHKRw6Vsb 343 N+Ji8GrrjU/Q24DQ8G/z7T3afyEWV18Kbiduxq5m9ZPLEKctF1HETwutywp6rBOd 344 tOYw1jrj7C2QsJOwMElf5nHeA+XYiim2KR6d0nFtX/pwZAaw7jnaBCGci2KQNOgL 345 9QYO5ulHkOBoSaOABKXuJcCIhFMgf4wRjgwFRPdzCzxOEEv7njAeFHz4msfqScVb 346 hdi3ZqWFdklFA2jiTtg0VvrkH1cOHlSMdG98JoYPw7FSHFMVOMNUEyHnJ5N1WlWy 347 2A4FxcHo50CKX5vN+5aiNmRynU6h0vEHzKFT6IcyI6BrArfrLAl8BaihU7As4Qae 348 EQPiH7A6ENs9dv8fzBST02UlZK9B8oLvh2YmCNMDuVRLrj6BvriDfAgRYCrLvUqf 349 oIQM4wPEQMKf5V/UMCBUHYLVXPxIlzJ96Ai5JEjI6gAPVSfFDSZbsYsX9SPXAG3l 350 Edd51X1PeEv4ayc1cbhQ4lEpyu9g3M5jzP9lteiYyygAxGUrPZri4tNJ3in55E2D 351 AJsze8FNWhGoHyoWawgf2nm5E+U83gFJkzj/9HDe/owEOPGPgJvRLsMaizdiCLJG 352 jgAGPCCvZW7uqOl/YSu1GIZg/AEZMJu+hh2Q3asOPkpZ3rGEFeVlSeU/d0CIZQqA 353 SZpULDhtq4upRsq5aA2nI91HHPzr7v7XV7jTpSx2ycbuu8kPGvmvlWX5pvE7ffwj 354 CWHfSAokYLc8FNXluneJi7ePcGTSbNHg8eTMg3AWb3vGOCgmIbqt896AgsbcYsAr 355 +049yZL5b08p76A3ZzNkkNR8q0BgYenCiuT+Bs2VB25kbHbkozPJl/BaMYN4uAuA 356 sLc6peraLilf/gv5jTgcaHlf9gqIv3pn6vKha6GptrZL1u8AU7XX1lA8s2ICBY92 357 VtqUpffBEVLg2qr84Br4ZGIJ5iW4EQT6FASVvXtKenP0wNAe5ZX/HD5JnhzhQww3 358 bxpzYP+vderrbYyyUBKvnZUd+wgfiGjVxcuv3MGw/ca0KxdQ/7OCpatJnFmkaBk1 359 KSOzFG4kXzGYl64PUvJy0WYcO+sCtNze3FqjWWKTXTuBoeccyuekWDXeEL/6UocJ 360 pt0oRGxF3PqHnC9RTwGXtfkF6dBmterFuHFrQYgs2m5vMX7/80SgZ11NL7t7H4OO 361 7Wt3GHgwvK5nwwgAYYn5crRIxy1awpjmQvtA+0F+R/542w3Otyc1bmoOAzj5R8Z1 362 PGA/oeUq8Q7VkwCq1cMi6eX261vvXvBdcLr42hrnrZRYnsHJ/XRg6uz7hQcaKH5+ 363 qul5JdgwggOvBgkqhkiG9w0BBwagggOgMIIDnAIBADCCA5UGCSqGSIb3DQEHATAc 364 BgoqhkiG9w0BDAEDMA4ECH2Bt5G6lvBfAgIUbYCCA2gMr1bPEerGCQBxD+3Chj3T 365 PU5Zc8ij1MQJU/UruW2mM8zaZSEMxpr7tHw1YvcBl0YrLACWfvOpAtDahD3RPGpF 366 Gk7roO039CJHdCU6bI3IKkdCyNuYdIwhKuctbhXxhD7V0aUuWF7SVNmG7Yin9OWj 367 2Oyw3NkzaD2jZV1HxKACwEn4gn8Bc5T6jJ4FzQjaf4THmVdvqthjFmUVSYfz+akY 368 l2c0x3xggePOdf3nH0ReHl/yXUly7keILIsYeDq5Tg4SC7kFntbxEO5VPbHlzxQ1 369 XQfaQvl5Nzz41vOOAGgW1h0iliAU7qlpT/ej+PKJZwtLa3pw+LrPwqaVWTXfWyBq 370 NA89QfuoGXbqmIPNaC+wNjE4II9r3Uc0i96Jhhkyqz9Tni/42JuxTR4mo4bbixn4 371 qBHTZ5oUicHSto0EMaydWnE32xBbqEOUF36lYC2Xi9SAn8CIqwtV/J3WwFQRwji7 372 YcABIXsKo5dw9RLIWJw2yRRhcUw1+VozS4v4G0GSdZVJGo1r1H1Oc5e0pJwHX7pW 373 7LrLYN1ZBmiee+kkafPafFdojbBl77aUk0qkoBmhAt4XpXnfMoFBDQH7PfzBNy9d 374 USFsKqv0ALSsCNBdse2hBbTTr3xst0R1ulXcZ2rwbAQfXk/Duy+JjtWO7O47rAvR 375 t4+KzQm6QlrHBWS8vv24HrPlgeTjRbXGH5clTYgbDknypHpmb0e9fGI14ECnIB3K 376 q9ubADclJsyB+K+dUzkfaQjEMKLfWWKYPWNmo2NJ1uKknd4116hlD4r1HW2e07qk 377 NbUn2XroJSBknK0+CqxMJqYkL9IUgiLxxB+dFA6GqOIbcD3PXLD/klO3GgveMvV7 378 8az3LfpMuKD0WJfCw4RidGFRgU0AIu2y/GdawRERLbEA3u6ayxe901c60oWFI6td 379 3bBpaNy2K+hryq2u+NByFa5EixBO+U9HQd7xcYL6Z64DpKsLJRENkWquiTYdzSji 380 KECQIIC1iQEv/WNWzYFE0/Mw5TutLjkP95E1NCZJotUetGgxISLcEB4NhzFHLsgg 381 RA27SvtDZ36sD8LTEqwSBrw4f/b+ER66ZU1rJB+N99rmMRg02wGd/9si0S15Ntww 382 TkMiCJv/7dv2kTPTD1dG3kuNSH9EspnQ7Ih4LF5P2O4SVswVUC4GUzCCBVwGCSqG 383 SIb3DQEHAaCCBU0EggVJMIIFRTCCBUEGCyqGSIb3DQEMCgECoIIE7jCCBOowHAYK 384 KoZIhvcNAQwBAzAOBAgeMVJxqpj2fQICFPsEggTITkrmiezeN/JQ7nBhIMPWgFWZ 385 KGsfA5h7jHKKj5qaA0KssGIUEstvfPX5sz/X/zwQv+V4gXeHUP+ODoOcD56wiTWg 386 VBOO1eZ439bhyRCMC5cQUbjeSmpTsABvQNIHUaJ1i9DMzVwct6rBfODvS7mr8/wi 387 wF+sQca/NoxltbiH+YXn7qcMq9dC7U0Nm/b65djhgp0lhP2/zSelvwFssUx6c/8s 388 hQIqn+6/vDOEVwPYg7KqZdtLn2ulIUlzO4WCvpPckGoBb1pOT+dNWXLqsYWQb9aE 389 hmQYjSeteMDzLSaaz9Qm3yf/sokkT/tUtq1XOLn9oT7ZAgahl24T422SNCQKglGJ 390 wmw91YuhLK2hhDEfP1Ax7q4vvT9b23qkRybYtOov+IBeQw88lcJ8bqKMoWUE0BBm 391 fkmqrfYXAaK54ZUlEm2MQMwuTDTNmns9IzVSeULaA3SUGXFEVhs2rvjgMcG85lRz 392 qz8r/wqZhLpoAuNo8rvCueAE+O95svpFCVXfsp+ehh+yCx8xaqLLJnIE6+1r51ls 393 LUcIw3S/DyoJwVq8Q06J1cQpZzJoS8697TCY6jHtgzKchGV0HauPX+44kPn2VnSF 394 sVxazp2binUO/r/Mdtxkjxpfs0cwM3hcxQDllGJDs1AIj7xQvV9YwzgbVb02U8Ln 395 IhR9qLSCGEXsl8pndM+GL55Q+TWhTTBRPGhTCsyHMpLORif4Qwh005eVMOxKkGbk 396 /5hdl3/s8nM6yXFiZ7ZDH/LQDcOW13TPVq1U7Ws+4zUbvYl1a4Mfqn0d2KIBv0tf 397 NEO1BzwHZ3XRq36RP8srR8pFPwW/yQywQhL/k3pdH2guTJHBTC/HGFLa0+RbQjGh 398 zsKHjef00sAR4WTV+/Dw0/afGNUgJ69288BryEasj3+tji4RDx/gMPQs3zvoE0VX 399 MPOlxqNrVtBdJiep36sxokssPNutQQauDBPG0nvMejjyvjHK2oFgz88dwRIxeWOI 400 dr81RYN9ak50hJfEG8li6c5W3NpvtcMncAGLFsgkxIKW7PJqT6jYZ51KQlxhzv28 401 5KlU8RQT6qOZc6IM8O6gPMNUoaDh2mcuia4qChutwCzjHL1ernrOy4OihmLu/X6I 402 uoY6MJPb3fdbWK7y5s8ltwh2ubTKAh5MvZhox6p7007nfRAgMenHh9bx0sgho/pC 403 tp5V/8EG/WL8/DIDQbuzYeqPVJvSX6EUDnHdkZkTnsNYWEHi0f1BMwqDOMEKLaVa 404 4it++qCQbrMJw/gO1eGWFfzQ5vYP0mqm/OKWKmbyfgo2pRkhqlmvgKKM9Y3Cm4hr 405 t85Y/7Q8RSXxOiPnwUl0vYLx4q6/c0/1tEccVdTRN+YB3NTQk6ONacs0EQf8WKoW 406 2U748qgDb3NCh+tliCf4Aw9oWR478rzU36hkLRmSfxRHJwJspHF1v3xGrrWs9syk 407 YTqv6tasytWGG8trwGJA/HRFrQ0QlWrMkNVyw3UjLQW0T8YVi0xGyNtx3K4bw4ir 408 lZIdZhLe+JoVHaAd8FEtIuvUlC9KCI5YJm9ELN7D1y6PyQ3Cm8U7R7zRcYkruHtb 409 hukumLkKBYKukQb3fJNyeUrQU0QBNct9j2YQ5ssX3BL27OFNQXxay5eF/i0IJkf5 410 baAMsso4MUAwGQYJKoZIhvcNAQkUMQweCgBhAGwAaQBjAGUwIwYJKoZIhvcNAQkV 411 MRYEFKwuVFqk/VUYry7oZkQ40SXR1wB5MF8wTzALBglghkgBZQMEAgMEQDazWV14 412 R5Ze7BE+lc47t07S5FAX8y5JA8ocPsxl4OF2br4ekbv4hroGjK3Y04Mklsm7glKQ 413 Mr2Ty/Cl3gC0fOMECENNGvi+IeEtAgIoAA== 414 -----END PKCS12----- 416 5. Bob's Sample 418 Bob has the following information: 420 * Name: "Bob Babbage" 422 * E-mail Address: "bob@smime.example" 424 5.1. Bob's End-Entity Certificate 426 -----BEGIN CERTIFICATE----- 427 MIIDaTCCAlGgAwIBAgIUIlPuMG0CCx8CzfXJwT4633mmG8IwDQYJKoZIhvcNAQEN 428 BQAwLTErMCkGA1UEAxMiU2FtcGxlIExBTVBTIENlcnRpZmljYXRlIEF1dGhvcml0 429 eTAgFw0xOTExMjAwNjU0MThaGA8yMDUyMDkyNzA2NTQxOFowFjEUMBIGA1UEAxML 430 Qm9iIEJhYmJhZ2UwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDCZjlu 431 Li00rpoCsq2s8SHqb91QPP5bdfzfaJg/G61lHUhfavEX9zZluyMwPPE50wqwV2RJ 432 X5dg0kStyH9s9Ja5D59pPnX8oJJ7XEqNKwxqSfJt7lRmM8BrDvSP55iP7Ofx+O+2 433 MzVA4tA6WUaUy2j9984CMmXH/CHjBK/+w21vSTmzFVGmeTqxxHONbd2zOqQ6Yqr/ 434 LBaHjAWl+tj9Q+2nIjEQFKlWs6vZll3Xwid6+dAxrtpEO5rIpKZcbn40qT1pyDpr 435 ylNk8h3P90nwrOISpdlAJ2p71ZDdLfLd8c6qZGBPjmHwTUnjmH0oy33uBukT73RU 436 W6raD8MwM4AhQ4ETAgMBAAGjgZUwgZIwDAYDVR0TAQH/BAIwADAcBgNVHREEFTAT 437 gRFib2JAc21pbWUuZXhhbXBsZTATBgNVHSUEDDAKBggrBgEFBQcDBDAPBgNVHQ8B 438 Af8EBQMDB6AAMB0GA1UdDgQWBBQBrAKQ6Dj0kN4Z7pXzMnThZgAopzAfBgNVHSME 439 GDAWgBS3Uk1zwIg9ssN6WgzzlPf3gKJ32zANBgkqhkiG9w0BAQ0FAAOCAQEAa/tJ 440 ZPgdlmc7Zbn5bccc1TXNn8qBhECGHma4iSTWczDUmsNjezmDNniM3hs8QOqUZvx4 441 ey6diTlEngrKZ8bnwsX03k9Bn8UDPT5Y5sbxwEHpwKew41LRiLPOZFSh3DzCKYS7 442 HDSXJsJEGop1AwzKxtRss06C35g4ELK0Q2MwLw1u95f0+rC4q+vYndS9NzFyS3Bj 443 MIt37gN+Yy8h/r2wvtPVJ40mYNGmtQhdNuYnr56LOuFMmGiMIYXE8owo6L/kzCcy 444 YxxCy71lbnBOWLGcJz4HmRMdWJMRDV+mgLmTNnN8mPltgQU9gE3KNrYcST9v2kk+ 445 N+cfxLhC0caHFL5G8g== 446 -----END CERTIFICATE----- 448 5.2. Bob's Private Key Material 450 -----BEGIN RSA PRIVATE KEY----- 451 MIIEpAIBAAKCAQEAwmY5bi4tNK6aArKtrPEh6m/dUDz+W3X832iYPxutZR1IX2rx 452 F/c2ZbsjMDzxOdMKsFdkSV+XYNJErch/bPSWuQ+faT51/KCSe1xKjSsMaknybe5U 453 ZjPAaw70j+eYj+zn8fjvtjM1QOLQOllGlMto/ffOAjJlx/wh4wSv/sNtb0k5sxVR 454 pnk6scRzjW3dszqkOmKq/ywWh4wFpfrY/UPtpyIxEBSpVrOr2ZZd18InevnQMa7a 455 RDuayKSmXG5+NKk9acg6a8pTZPIdz/dJ8KziEqXZQCdqe9WQ3S3y3fHOqmRgT45h 456 8E1J45h9KMt97gbpE+90VFuq2g/DMDOAIUOBEwIDAQABAoIBAAvQiKcAmXC9N9D4 457 KQP8t7H20H2C53aJii/NvIsBVJ1zlSVva22ocZ7nK7FP0t1PzTOAbDDlZV7WCKSD 458 LfNiPhLLN0X/LM6It75VkpZXym5fRiOWO3zmokgfZY+lZKlCnaogFfl9zTu/TSZu 459 rJJ4dk4RFG0fwP3RfgG9FDEokWsU7fNS52VCndOWdGIt0EmsZIfX9H8rnnSrSTro 460 Dsk9cQjyjMcCH7X340KDUaVJlRtx+1YlbPTyuKF2nbNjSWfsYhuIOGT4xGm6Trda 461 z6bWjuxH7nNrGKrtO14aE8Xv56sC+J5ulwaIjf/V+eDZVfpVgiXyq6oa6JioPv7u 462 rx7cIQECgYEA9ovqOi/OYdDNQTJXB4LNMtS1WLxgrpzE/SNPEV5XknQ5yf6rrKZ3 463 +lr/r6w2Opr4PY+3/igMoBZcN7YgIM9Drkg6bDLzrS354A9dZLDBNAgCnDR0yY87 464 U3f2ljjpCA2zZrahYhhKsfyMxt2w3cUso299OYgjNwLaLI7LrXvPa4ECgYEAydpv 465 fw+zdEc0xbGGILb4xiiFpJY2s604auZ3/s/y9W3v8LSKrytHHopQOg3GALvQi+Ay 466 LWRBIaJTzEueE6lIYInZI2+WvK2zP2GB21/JX5MI3x7AcRp//1muyhnW3GfyPGpg 467 6zRE45dZPm9nklywl4+yl47ubdOvNyxifBmDxpMCgYAQHb1F6HIZOsjwBhZiS06W 468 kAj6r/Wx9FV8Jp64h+45iJdueNNICem119T26s7wrcikXYytdHi+zjdg/OrEuke2 469 UMpg4EPFgkffOaHlPxiiChQBmfw4YMCECEd6MmYpPJwJjs6l1uirEdMx/LPfC1CL 470 rnIFHL0Qj4MrfnoZ8QnyAQKBgQC6WT2ryPv8MiynAi/4jdL3ZbuTadYQZK98CU7o 471 YGRFbnwf9R0/gC3FJR3RqpuMW9e4+n54Z2C1w12ncnv6XMLj1P8wdrlrcNTVg5hV 472 xYVsBZsgGQzCnhtiyxHRpK82hYQdgHv/SB79GeGbAVBVz9p74X6X6q11mQLeZcx6 473 EzgTnwKBgQDjWmtDk85A0GQuJBR7QOB+CXb39j0a78Qwywpx+XYibmg+N3aD1yJB 474 8VVtHWYbq3wM51EdjxYVagyKd3IKIjnPbBIWIjFWqEgDXmBROwwR8DBpfvff3jh4 475 JjK+LtvnHhhw09KtfCvZGplZYfSfC1tLuodBMNjxUX9u04bqTyqx/g== 476 -----END RSA PRIVATE KEY----- 478 5.3. PKCS12 Object for Bob 480 This PKCS12 ([RFC7292]) object contains the same information as 481 presented in Section 5.1, Section 5.2, and Section 3.1. 483 It is locked with the simple three-letter password "bob". 485 -----BEGIN PKCS12----- 486 MIINuQIBAzCCDVEGCSqGSIb3DQEHAaCCDUIEgg0+MIINOjCCBCcGCSqGSIb3DQEH 487 BqCCBBgwggQUAgEAMIIEDQYJKoZIhvcNAQcBMBwGCiqGSIb3DQEMAQMwDgQIKuAW 488 go5aXBwCAhSWgIID4MdnJrlVYTYYFnsWs8tWL6AD8tW3DBy4QlEpWdIMjCfetDH+ 489 hPblFWNAPEYgDid6Q8XHa8FBVAHQwdLqOMNonlj36WnQeDrMjxbPQiJWDsmD5kw+ 490 opnmG3fbi0pvAfX1fichlee3OmIwOqphr5mypPmgJo9SYq8QVCseXLaSyc3F3Mao 491 WEdEvzpUZCY/8vPp8j/dnTZtF0kcCHAehOXYA0MMB56Eb2DhX3k1eaqeuYhXnu0L 492 joR0tKa1RY5T+hm8n2XHo8pZiIKRZE71oO0PEB+hdqrZsHEJqKYgXOZ+owsiT6cR 493 E0YRcOlqJwX8xfYB6RrQR4iiEZM8POsHFud5W9fL/toQmh//4kU8Jz7HLeKSijRD 494 SzYtYhHN0GclRZsGoesCS3cOMyBR5j2ANgkS6ROrQjtQ239We/9EpeRdcOSaCr/X 495 efcSQwBXRJVdcVe30RFjsjQFmIfbrt/ZOfUW0s7iMNkI3KcwMBppVfPU6wy+XhJM 496 P3MTjsXNl3iHKstvDnYCKq7BVxCH8Q7evGr407QqFfFpRP5sno3HbgN76JkRgD1Q 497 9B0GClinY4b/6QOvccWsa6v32iKCXGJ9ARTFa4ebLCt2N4GRzYKj5MuuB3cbghk9 498 tESGkfyn/iarLg6gYgeUIt8wo+qpo+I7Yw29hiVk3ZH4GSfdnvZbHFUpuVLdVtfl 499 /L4ep2BvNXbBw1DDPm8I+GcHJrTfk8oeTTXPKLvvO2TENMN9pBc+DeQ+qK3Mmt2u 500 UrrM0OmDS1uyS0N57U6t+GWZeAT4Zeu6oU30WjsqM5CIcAfA/2QAbkhGab+nqp4F 501 hEPNMYVvNHXqwAfwbUTg9qDuCqLVjqhS1T8nOVl/bB0NtuTSRjwF3Oz0fbYOulm5 502 IYWl1NjpSY3qnsb7CMGlzeJUGPV5tjqLOOBgVtlVyZSCzw2lZp9nJXCcsboLkF+B 503 l7ZmIzNFh1Ut2W5UZX7bxwJgvW+BIvHY5wuAzMF04GxgygKenCfub01C57hY1Mp+ 504 B05Roe4aqbiaiM7doEKCcZQTAgYzIIZYZxVv0lva7Zl+Qq6UA/uOKAdAIDaZ8b63 505 NRN6KU8ncgATrpNpXA3JRxHirkpp7pBC7Ft0zblD6Dhmo+NzHQEPAALNE122BWzR 506 4PnrUWhvLwN1Tqq9klrXfTFIyvKwoLIwGBTZK69u2uoLX+HioBFNFhhua9Aj6eXe 507 sGBGnMNqFhSqhMlS3amKlDRa9k5kYx94eWgac44DOB33icLPzjAYvwq1EiLDXOB7 508 Q6g05D2zR3nKu1qKAq4NDkRwgaMITvqjwlcf1QXYA8SMeMdsVLTv63bxmxNmMIID 509 rwYJKoZIhvcNAQcGoIIDoDCCA5wCAQAwggOVBgkqhkiG9w0BBwEwHAYKKoZIhvcN 510 AQwBAzAOBAhot+9QPhtLWwICFK6AggNo49L9gonFWOJJv1Q31JN+Y7pc5DHOScfc 511 NSrBBNAM7fcTwBpJzciusYu/HdYBvqG7Kd5hPXIVwdJNXzFphQ8DPd4wcoowJb+8 512 z1zjY/8armxwFGuTz4Zhjnl1xo+32WPdX0j5tr3etKFvRbH5tOjppwUY7kLk6L5X 513 RCLMfVwZBczsB+aIuB02CowxRpj9g5Kb8OsfZbdqdo2A3uDZ6ZjWNalam6VOI2q4 514 SD/iEGqRs7H+lmLTywMdmxxjBVzrcbE5KwczBhr1eMMSwW+hN+EV0cOTZd5A00Rf 515 vHb7LxaKQwqJ2mpSP3ym0YY6r+BENa4Ciok3CTYuti8i2dKWBgmujBBua/aLWfJa 516 xHSwMFeWa22fMgn1KLmEJr0yT9W1i12Li5W47L8mIvAj8PyjZ7ElTAASPWuocrqH 517 qDoSepaufvid0GtdYYE3+2MWMn+RZoyt3ZjJOjtI+N5Zob1MyVtKOdJLSsAaJj0o 518 BdoPK7C6cjXNxw5DGHcKOfrSvPSSNfisnxw+8R/AlshS6DmvRscA22qzbpfDkhFq 519 ydpMa+/K9vN2u07v2ja5ayIaft2NlxorAUF6NMFcI/uoHWweAozfKXb9BSrUlNck 520 X1z8H9m28vkKw9lguUf0TLZyLP8neGD+jMV9vpuH5uuu7nuxdLbbZXsEm70BtUPb 521 k0ZVPYRc6PAqm+5nNGYyp/IsS/iCOV7S/8rUmo0xuzPzj1+K/3eSrjTd8UHxszYo 522 WxP8ph7cJWinnlKNaTBDiG6K7Du17AxcQPjkAvv34iQRgmhmjp1Ae0ZlCEO9p9Ve 523 AMQRTMTG9Ki0XbUTd3Xf0RO5Sy2OBqgUc55kPzrxpmLhT3Si4QFYuRyNXCeSvnaW 524 iV/oQJCSflA1EWqvYKAnCK+a2CUEVQHyiJ1mX9DBeBRACHJhqXJqoHLJP3sqPd9i 525 akrFhfLHVEO5o9FCPb49pxBMg2ElEXxPIycewfDFAUjrYma+FBLELGsj4EZdVAkb 526 YJPzVf5JIq3mMhRQ4v66Ns6G0rk1rp3FKk4CRFygjmrM/jADuWy6av6yViH0Jqew 527 uqEY+zcT/mRiRoiACTqciIXsKnSwnXzf+mcowF7PSMEYxYNk1usverEsUL4XlXv/ 528 eIKBepm/FjVOk1l5pWk7JKfY8rc1zyrXnKOQhTMDpUgwggVYBgkqhkiG9w0BBwGg 529 ggVJBIIFRTCCBUEwggU9BgsqhkiG9w0BDAoBAqCCBO4wggTqMBwGCiqGSIb3DQEM 530 AQMwDgQIO4ck/+gdo4UCAhRFBIIEyPyarONCAchxW15LB6KUfF4AdiHfpTNAuYBF 531 6A/zb8Wz/J4FOcViO+9dx7E/VxeNMvJkmNtFqUEofRlAkGqeeyLDMNVZqLv1N1SU 532 isA5d7Wsu6mfpFx4zdfFtFzHCnUt6DAzcXrlX4gtixthNKbsnrgB+D3YS7oofza4 533 EnPny7xKEBS3XCi6IXefhI3+gzOtg04PNCpeI3d9pt3ew6rndn25roNsIEr+P121 534 DiMCiE3fkxp8bQw4mE2fhWBhPsM0VvwCnGCdLhBP/ihoV2YAF/rtxfb/iI2SlOXF 535 fFh8zE8jlOVTVqF1rBAa43Fcapa1QbEHv83WSmZy4pHObOfGCqU0TFNLwxvbQRI2 536 Kxk0Ljp8dD6d6uatiOzOLr2vsk61AewNDv523vCvuviMlXvMUpJE4LJQ4M2H0VDD 537 4EuSMBmdJyl1P4WE6nMQgKE8bG5d8+YYfcgAY71KXnpq/Kah5zNqkO5RNAhg7LuV 538 ujhFjB6ypA4TRiVrVOiMtK8U+ZAHS54B2VU3LqcHv4F7cf/xZ5SRfRBnboDF18A0 539 WCtpSSf20H21Xl9BeSrZhjc543G4s9e9vjYD2AhCbSQALJQyadXOEUY87ryyTiGZ 540 G6/YoDO7rcsxZVufiV9TK1cz+Kx2pxEb3VgDfLLcziSi5xvYPeFA+HPZ6jGbME4Y 541 KNOtyZBQDINHEja0P5lAfQ1ePg5OfS2lI9k2D5URV6q+LvksElI86tetcUnU8nCj 542 y31M66oJCbQ4v8TKyzDm1WOBAlN8yhfWG6W9Ttapt4qVBfKmPY2Ak+rLNP5qTJ6X 543 m3KDAlqSVNd4KNrQW0FtORWbIU0V2u1+0F3njleGGsXplWfKwwVdkD2Tc462qWdZ 544 CR/Lp4lDrVe4+Ezf52emkaaiha0uALlzU2VGVWoBTgFeHPBUSGG78/tLPuzSfsVm 545 O+8GCPmgLqrZv+QoezGpdFbwcDF+AXaDTTKE90kqMk0ActULlMJXZ7S/edNs9XSL 546 qevUe5u+y3IyV9T0cShd2/xNdBTfzEErT0/NIYJiuGYb3NOxFvjiziOflW2Newdl 547 pM/kh4SW9cJiaDv7zAziztAUK8U4EqoS3N5deM+lK5newIaBBX9fdugEc2lDluPK 548 kM5Jic06B+u6WpcUlMIsDyiH0zXMNoILd1SoU+XvKFXPVDOmg8rpv3Ff3INJE+OQ 549 ODo17XJZGY9FdQiRRN5A5EQsQxYzdeO5ax9sVqGMs0o/5YrXvGzAmQ5KT8DL6qxZ 550 m4fBxomvlEfxbH+vxlKpbmiMaWrAKm7NdrbE9QQlUztQQUbp1nRyV15LzE+v0A9g 551 LXH1ZJNPQjeK5awoCtYeQFKrJCI9KqvmAKXAJqYMbrf7iFo3GPWMvO318vuQhTM7 552 sQiCcUuOGa7mqNGweICWVWJG8qgIbet996oL8N4UJdKk+zg/kVWqP7iaUCKoUArP 553 udFo6+h1fia+EhjcLcR1UJvWicsoUCuUjJsFCMBHUuaYJ9uItVQY3VE301B88Z9M 554 vTxBkS+USLvbjwjHV5PJ38qYUo7y02L50gAi6UWKg+2v2OCfXIg1VmOhfaPUUfSi 555 yn3TOiVGhJeC2uzmuqUoPSimgakY4whGVrzkm82A7C5yv2nMbrmyZACkqqa98TE8 556 MBUGCSqGSIb3DQEJFDEIHgYAYgBvAGIwIwYJKoZIhvcNAQkVMRYEFAGsApDoOPSQ 557 3hnulfMydOFmACinMF8wTzALBglghkgBZQMEAgMEQFP+9F1uFuKVThpIjkbWCN05 558 g57aXR9DKOPLzHQoZ19wUYyP/Nn5D8bG/c2y0+U6BsTe9SEe6pIviN+ul86tdL0E 559 CNLOBlp8HmeXAgIoAA== 560 -----END PKCS12----- 562 6. Security Considerations 564 The keys presented in this document should be considered compromised 565 and insecure, because the secret key material is published and 566 therefore not secret. 568 Applications which maintain blacklists of invalid key material SHOULD 569 include these keys in their lists. 571 7. IANA Considerations 573 IANA has nothing to do for this document. 575 8. Document Considerations 577 [ RFC Editor: please remove this section before publication ] 579 This document is currently edited as markdown. Minor editorial 580 changes can be suggested via merge requests at 581 https://gitlab.com/dkg/lamps-samples or by e-mail to the author. 582 Please direct all significant commentary to the public IETF LAMPS 583 mailing list: "spasm@ietf.org" 585 8.1. Document History 587 8.1.1. Substantive Changes from -01 to -02 589 * PKCS#12 objects are deliberately locked with simple passphrases 591 8.1.2. Substantive Changes from -00 to -01 593 * changed all three keys to use RSA instead of RSA-PSS 595 * set keyEncipherment keyUsage flag instead of dataEncipherment in 596 EE certs 598 9. Acknowledgements 600 This draft was inspired by similar work in the OpenPGP space by 601 Bjarni Runar and juga at [I-D.bre-openpgp-samples]. 603 Eric Rescorla helped spot issues with certificate formats. 605 Sean Turner pointed to [RFC4134] as prior work. 607 10. References 609 10.1. Normative References 611 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 612 Requirement Levels", BCP 14, RFC 2119, 613 DOI 10.17487/RFC2119, March 1997, 614 . 616 [RFC5280] Cooper, D., Santesson, S., Farrell, S., Boeyen, S., 617 Housley, R., and W. Polk, "Internet X.509 Public Key 618 Infrastructure Certificate and Certificate Revocation List 619 (CRL) Profile", RFC 5280, DOI 10.17487/RFC5280, May 2008, 620 . 622 [RFC5322] Resnick, P., Ed., "Internet Message Format", RFC 5322, 623 DOI 10.17487/RFC5322, October 2008, 624 . 626 [RFC7292] Moriarty, K., Ed., Nystrom, M., Parkinson, S., Rusch, A., 627 and M. Scott, "PKCS #12: Personal Information Exchange 628 Syntax v1.1", RFC 7292, DOI 10.17487/RFC7292, July 2014, 629 . 631 [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC 632 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, 633 May 2017, . 635 [RFC8551] Schaad, J., Ramsdell, B., and S. Turner, "Secure/ 636 Multipurpose Internet Mail Extensions (S/MIME) Version 4.0 637 Message Specification", RFC 8551, DOI 10.17487/RFC8551, 638 April 2019, . 640 10.2. Informative References 642 [I-D.bre-openpgp-samples] 643 Einarsson, B., juga, j., and D. Gillmor, "OpenPGP Example 644 Keys and Certificates", Work in Progress, Internet-Draft, 645 draft-bre-openpgp-samples-01, 20 December 2019, 646 . 649 [RFC4134] Hoffman, P., Ed., "Examples of S/MIME Messages", RFC 4134, 650 DOI 10.17487/RFC4134, July 2005, 651 . 653 [RFC7469] Evans, C., Palmer, C., and R. Sleevi, "Public Key Pinning 654 Extension for HTTP", RFC 7469, DOI 10.17487/RFC7469, April 655 2015, . 657 Author's Address 659 Daniel Kahn Gillmor 660 American Civil Liberties Union 661 125 Broad St. 662 New York, NY, 10004 663 United States of America 665 Email: dkg@fifthhorseman.net