idnits 2.17.1 draft-ietf-lamps-samples-06.txt: -(267): Line appears to be too long, but this could be caused by non-ascii characters in UTF-8 encoding -(269): Line appears to be too long, but this could be caused by non-ascii characters in UTF-8 encoding -(275): Line appears to be too long, but this could be caused by non-ascii characters in UTF-8 encoding -(276): Line appears to be too long, but this could be caused by non-ascii characters in UTF-8 encoding -(277): Line appears to be too long, but this could be caused by non-ascii characters in UTF-8 encoding Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- == There are 6 instances of lines with non-ascii characters in the document. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- == There are 16 instances of lines with non-RFC2606-compliant FQDNs in the document. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document date (13 December 2021) is 858 days in the past. Is this intentional? Checking references for intended status: Informational ---------------------------------------------------------------------------- No issues found here. Summary: 0 errors (**), 0 flaws (~~), 3 warnings (==), 1 comment (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 lamps D.K. Gillmor, Ed. 3 Internet-Draft ACLU 4 Intended status: Informational 13 December 2021 5 Expires: 16 June 2022 7 S/MIME Example Keys and Certificates 8 draft-ietf-lamps-samples-06 10 Abstract 12 The S/MIME development community benefits from sharing samples of 13 signed or encrypted data. This document facilitates such 14 collaboration by defining a small set of X.509v3 certificates and 15 keys for use when generating such samples. 17 Status of This Memo 19 This Internet-Draft is submitted in full conformance with the 20 provisions of BCP 78 and BCP 79. 22 Internet-Drafts are working documents of the Internet Engineering 23 Task Force (IETF). Note that other groups may also distribute 24 working documents as Internet-Drafts. The list of current Internet- 25 Drafts is at https://datatracker.ietf.org/drafts/current/. 27 Internet-Drafts are draft documents valid for a maximum of six months 28 and may be updated, replaced, or obsoleted by other documents at any 29 time. It is inappropriate to use Internet-Drafts as reference 30 material or to cite them other than as "work in progress." 32 This Internet-Draft will expire on 16 June 2022. 34 Copyright Notice 36 Copyright (c) 2021 IETF Trust and the persons identified as the 37 document authors. All rights reserved. 39 This document is subject to BCP 78 and the IETF Trust's Legal 40 Provisions Relating to IETF Documents (https://trustee.ietf.org/ 41 license-info) in effect on the date of publication of this document. 42 Please review these documents carefully, as they describe your rights 43 and restrictions with respect to this document. Code Components 44 extracted from this document must include Revised BSD License text as 45 described in Section 4.e of the Trust Legal Provisions and are 46 provided without warranty as described in the Revised BSD License. 48 Table of Contents 50 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3 51 1.1. Requirements Language . . . . . . . . . . . . . . . . . . 4 52 1.2. Terminology . . . . . . . . . . . . . . . . . . . . . . . 4 53 1.3. Prior Work . . . . . . . . . . . . . . . . . . . . . . . 4 54 2. Background . . . . . . . . . . . . . . . . . . . . . . . . . 5 55 2.1. Certificate Usage . . . . . . . . . . . . . . . . . . . . 5 56 2.2. Certificate Expiration . . . . . . . . . . . . . . . . . 5 57 2.3. Certificate Revocation . . . . . . . . . . . . . . . . . 5 58 2.4. Using the CA in Test Suites . . . . . . . . . . . . . . . 5 59 2.5. Certificate Chains . . . . . . . . . . . . . . . . . . . 6 60 2.6. Passwords . . . . . . . . . . . . . . . . . . . . . . . . 6 61 2.7. Secret key origins . . . . . . . . . . . . . . . . . . . 7 62 3. Example RSA Certification Authority . . . . . . . . . . . . . 7 63 3.1. RSA Certification Authority Root Certificate . . . . . . 7 64 3.2. RSA Certification Authority Secret Key . . . . . . . . . 8 65 3.3. RSA Certification Authority Cross-signed Certificate . . 9 66 4. Alice's Sample Certificates . . . . . . . . . . . . . . . . . 10 67 4.1. Alice's Signature Verification End-Entity Certificate . . 10 68 4.2. Alice's Signing Private Key Material . . . . . . . . . . 11 69 4.3. Alice's Encryption End-Entity Certificate . . . . . . . . 12 70 4.4. Alice's Decryption Private Key Material . . . . . . . . . 13 71 4.5. PKCS12 Object for Alice . . . . . . . . . . . . . . . . . 14 72 5. Bob's Sample . . . . . . . . . . . . . . . . . . . . . . . . 17 73 5.1. Bob's Signature Verification End-Entity Certificate . . . 17 74 5.2. Bob's Signing Private Key Material . . . . . . . . . . . 18 75 5.3. Bob's Encryption End-Entity Certificate . . . . . . . . . 19 76 5.4. Bob's Decryption Private Key Material . . . . . . . . . . 20 77 5.5. PKCS12 Object for Bob . . . . . . . . . . . . . . . . . . 21 78 6. Example Ed25519 Certification Authority . . . . . . . . . . . 24 79 6.1. Ed25519 Certification Authority Root Certificate . . . . 24 80 6.2. Ed25519 Certification Authority Secret Key . . . . . . . 25 81 6.3. Ed25519 Certification Authority Cross-signed 82 Certificate . . . . . . . . . . . . . . . . . . . . . . . 25 83 7. Carlos's Sample Certificates . . . . . . . . . . . . . . . . 26 84 7.1. Carlos's Signature Verification End-Entity Certificate . 26 85 7.2. Carlos's Signing Private Key Material . . . . . . . . . . 27 86 7.3. Carlos's Encryption End-Entity Certificate . . . . . . . 27 87 7.4. Carlos's Decryption Private Key Material . . . . . . . . 27 88 7.5. PKCS12 Object for Carlos . . . . . . . . . . . . . . . . 28 89 8. Dana's Sample Certificates . . . . . . . . . . . . . . . . . 30 90 8.1. Dana's Signature Verification End-Entity Certificate . . 31 91 8.2. Dana's Signing Private Key Material . . . . . . . . . . . 31 92 8.3. Dana's Encryption End-Entity Certificate . . . . . . . . 31 93 8.4. Dana's Decryption Private Key Material . . . . . . . . . 32 94 8.5. PKCS12 Object for Dana . . . . . . . . . . . . . . . . . 32 95 9. Security Considerations . . . . . . . . . . . . . . . . . . . 34 96 10. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 34 97 11. Document Considerations . . . . . . . . . . . . . . . . . . . 34 98 11.1. Document History . . . . . . . . . . . . . . . . . . . . 34 99 11.1.1. Substantive Changes from draft-ietf-*-04 to 100 draft-ietf-*-05 . . . . . . . . . . . . . . . . . . . 34 101 11.1.2. Substantive Changes from draft-ietf-*-04 to 102 draft-ietf-*-05 . . . . . . . . . . . . . . . . . . . 34 103 11.1.3. Substantive Changes from draft-ietf-*-03 to 104 draft-ietf-*-04 . . . . . . . . . . . . . . . . . . . 34 105 11.1.4. Substantive Changes from draft-ietf-*-02 to 106 draft-ietf-*-03 . . . . . . . . . . . . . . . . . . . 34 107 11.1.5. Substantive Changes from draft-ietf-*-01 to 108 draft-ietf-*-02 . . . . . . . . . . . . . . . . . . . 35 109 11.1.6. Substantive Changes from draft-ietf-*-00 to 110 draft-ietf-*-01 . . . . . . . . . . . . . . . . . . . 35 111 11.1.7. Substantive Changes from draft-dkg-*-05 to 112 draft-ietf-*-00 . . . . . . . . . . . . . . . . . . . 35 113 11.1.8. Substantive Changes from draft-dkg-*-04 to 114 draft-dkg-*-05 . . . . . . . . . . . . . . . . . . . 35 115 11.1.9. Substantive Changes from draft-dkg-*-03 to 116 draft-dkg-*-04 . . . . . . . . . . . . . . . . . . . 35 117 11.1.10. Substantive Changes from draft-dkg-*-02 to 118 draft-dkg-*-03 . . . . . . . . . . . . . . . . . . . 35 119 11.1.11. Substantive Changes from draft-dkg-*-01 to 120 draft-dkg-*-02 . . . . . . . . . . . . . . . . . . . 35 121 11.1.12. Substantive Changes from draft-dkg-*-00 to 122 draft-dkg-*-01 . . . . . . . . . . . . . . . . . . . 35 123 12. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 36 124 13. References . . . . . . . . . . . . . . . . . . . . . . . . . 36 125 13.1. Normative References . . . . . . . . . . . . . . . . . . 36 126 13.2. Informative References . . . . . . . . . . . . . . . . . 37 127 Author's Address . . . . . . . . . . . . . . . . . . . . . . . . 38 129 1. Introduction 131 The S/MIME ([RFC8551]) development community, in particular the 132 e-mail development community, benefits from sharing samples of signed 133 and/or encrypted data. Often the exact key material used does not 134 matter because the properties being tested pertain to implementation 135 correctness, completeness or interoperability of the overall system. 136 However, without access to the relevant secret key material, a sample 137 is useless. 139 This document defines a small set of X.509v3 certificates ([RFC5280]) 140 and secret keys for use when generating or operating on such samples. 142 An example RSA certification authority is supplied, and sample RSA 143 certificates are provided for two "personas", Alice and Bob. 145 Additionally, an Ed25519 ([RFC8032]) certification authority is 146 supplied, along with sample Ed25519 certificates for two more 147 "personas", Carlos and Dana. 149 This document focuses narrowly on functional, well-formed identity 150 and key material. It is a starting point that other documents can 151 use to develop sample signed or encrypted messages, test vectors, or 152 other artifacts for improved interoperability. 154 1.1. Requirements Language 156 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 157 "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and 158 "OPTIONAL" in this document are to be interpreted as described in BCP 159 14 [RFC2119] [RFC8174] when, and only when, they appear in all 160 capitals, as shown here. 162 1.2. Terminology 164 * "Certification Authority" (or "CA") is a party capable of issuing 165 X.509 certificates 167 * "End-Entity" is a party that is capable of using X.509 168 certificates (and their corresponding secret key material) 170 * "Mail User Agent" (or "MUA") is a program that generates or 171 handles [RFC5322] e-mail messages. 173 1.3. Prior Work 175 [RFC4134] contains some sample certificates, as well as messages of 176 various S/MIME formats. That older work has unacceptably old 177 algorithm choices that may introduce failures when testing modern 178 systems: in 2019, some tools explicitly mark 1024-bit RSA and 179 1024-bit DSS as weak. 181 This earlier document also does not use the now widely-accepted PEM 182 encoding (see [RFC7468]) for the objects, and instead embeds runnable 183 Perl code to extract them from the document. 185 It also includes examples of messages and other structures which are 186 greater in ambition than this document intends to be. 188 [RFC8410] includes an example X25519 certificate that is certified 189 with Ed25519, but it appears to be self-issued, and it is not 190 directly useful in testing an S/MIME-capable MUA. 192 2. Background 194 2.1. Certificate Usage 196 These X.509 certificates ([RFC5280]) are designed for use with S/MIME 197 protections ([RFC8551]) for e-mail ([RFC5322]). 199 In particular, they should be usable with signed and encrypted 200 messages, as part of test suites and interoperability frameworks. 202 All end-entity and intermediate CA certificates are marked with 203 Certificate Policies from [TEST-POLICY] indicating that they are 204 intended only for use in testing environments. End-entity 205 certificates are marked with policy 2.16.840.1.101.3.2.1.48.1 and 206 intermediate CAs are marked with policy 2.16.840.1.101.3.2.1.48.2. 208 2.2. Certificate Expiration 210 The certificates included in this draft expire in 2052. This should 211 be sufficiently far in the future that they will be useful for a few 212 decades. However, when testing tools in the far future (or when 213 playing with clock skew scenarios), care should be taken to consider 214 the certificate validity window. 216 Due to this lengthy expiration window, these certificates will not be 217 particularly useful to test or evaluate the interaction between 218 certificate expiration and protected messages. 220 2.3. Certificate Revocation 222 Because these are expected to be used in test suites or examples, and 223 we do not expect there to be online network services in these use 224 cases, we do not expect these certificates to produce any revocation 225 artifacts. 227 As a result, none of the certificates include either an OCSP 228 indicator (see id-ad-ocsp as defined in the Authority Information 229 Access X.509 extension in S.4.2.2.1 of [RFC5280]) or a CRL indicator 230 (see the CRL Disttribution Points X.509 extension as defined in 231 S.4.2.1.13 of [RFC5280]). 233 2.4. Using the CA in Test Suites 235 To use these end-entity certificates in a piece of software (for 236 example, in a test suite or an interoperability matrix), most tools 237 will need to accept either the Example RSA CA (Section 3) or the 238 Example Ed25519 CA (Section 6) as a legitimate root authority. 240 Note that some tooling behaves differently for certificates validated 241 by "locally-installed root CAs" than for pre-installed "system-level" 242 root CAs). For example, many common implementations of HPKP 243 ([RFC7469]) only applied the designed protections when dealing with a 244 certificate issued by a pre-installed "system-level" root CA, and 245 were disabled when dealing with a certificate issued by a "locally- 246 installed root CA". 248 To test some tooling specifically, it may be necessary to install the 249 root CA as a "system-level" root CA. 251 2.5. Certificate Chains 253 In most real-world examples, X.509 certificates are deployed with a 254 chain of more than one X.509 certificate. In particular, there is 255 typically a long-lived root CA that users' software knows about upon 256 installation, and the end-entity certificate is issued by an 257 intermediate CA, which is in turn issued by the root CA. 259 The example end-entity certificates in this document can be used with 260 either a simple two-link certificate chain (they are directly 261 certified by their corresponding root CA), or in a three-link chain. 263 For example, Alice's encryption certificate (Section 4.3, 264 alice.encrypt.crt) can be validated by a peer that directly trusts 265 the Example RSA CA's root cert (Section 3.1, ca.rsa.crt): 267 ╔════════════╗ ┌───────────────────┐ 268 ║ ca.rsa.crt ╟─→│ alice.encrypt.crt │ 269 ╚════════════╝ └───────────────────┘ 271 And it can also be validated by a peer that only directly trusts the 272 Example Ed25519 CA's root cert (Section 6.1, ca.25519.crt), via an 273 intermediate cross-signed CA cert (Section 3.3, ca.rsa.cross.crt): 275 ╔══════════════╗ ┌──────────────────┐ ┌───────────────────┐ 276 ║ ca.25519.crt ╟─→│ ca.rsa.cross.crt ├─→│ alice.encrypt.crt │ 277 ╚══════════════╝ └──────────────────┘ └───────────────────┘ 279 By omitting the cross-signed CA certs, it should be possible to test 280 a "transvalid" certificate (an end-entity certificate that is 281 supplied without its intermediate certificate) in some 282 configurations. 284 2.6. Passwords 286 Each secret key presented in this draft is unprotected (it has no 287 password). 289 As such, the secret key objects are not suitable for verifying 290 interoperable password protection schemes. 292 However, the PKCS#12 [RFC7292] objects do have simple textual 293 passwords, because tooling for dealing with passwordless PKCS#12 294 objects is underdeveloped at the time of this draft. 296 2.7. Secret key origins 298 The secret RSA keys in this document are all deterministically 299 derived using provable prime generation as found in [FIPS186-4], 300 based on known seeds derived via [SHA256] from simple strings. The 301 secret Ed25519 and X25519 keys in this document are all derived by 302 hashing a simple string. The seeds and their derivation are included 303 in the document for informational purposes, and to allow re-creation 304 of the objects from appropriate tooling. 306 All RSA seeds used are 224 bits long (the first 224 bits of the 307 SHA-256 digest of the origin string), and are represented in 308 hexadecimal. 310 3. Example RSA Certification Authority 312 The example RSA Certification Authority has the following 313 information: 315 * Name: Sample LAMPS RSA Certification Authority 317 3.1. RSA Certification Authority Root Certificate 319 This certificate is used to verify certificates issued by the example 320 RSA Certification Authority. 322 -----BEGIN CERTIFICATE----- 323 MIIDezCCAmOgAwIBAgITcBn0xb/zdaeCQlqp6yZUAGZUCDANBgkqhkiG9w0BAQ0F 324 ADBVMQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQLEwhMQU1QUyBXRzExMC8GA1UEAxMo 325 U2FtcGxlIExBTVBTIFJTQSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAgFw0xOTEx 326 MjAwNjU0MThaGA8yMDUyMDkyNzA2NTQxOFowVTENMAsGA1UEChMESUVURjERMA8G 327 A1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNhbXBsZSBMQU1QUyBSU0EgQ2VydGlm 328 aWNhdGlvbiBBdXRob3JpdHkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB 329 AQC2GGPTEFVNdi0LsiQ79A0Mz2G+LRJlbX2vNo8STibAnyQ9VzFrGJHjUhRX/Omr 330 OP3rDCB2SYfBPVwd0CdC6z9qfJkcVxDc1hK+VS9vKncL0IPUYlkJwWuMpXa1Ielz 331 +zCuV+gjV83Uvn6wTn39MCmymu7nFPzihcuOnbMYOCdMmUbi1Dm8TX9P6itFR3hi 332 IHpSKMbkoXlM1837WaFfx57kBIoIuNjKEyPIuK9wGUAeppc5QAHJg95PPEHNHlmM 333 yhBzClmgkyozRSeSrkxq9XeJKU94lWGaZ0zb4karCur/eiMoCk3YNV8L3styvcMG 334 1qUDCAaKx6FZEf7hE9RN6L3bAgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYD 335 VR0PAQH/BAQDAgEGMB0GA1UdDgQWBBSRMI58BxcMp/EJKGU2GmccaHb0WTANBgkq 336 hkiG9w0BAQ0FAAOCAQEACDXWlJGjzKadNMPcFlZInZC+Hl7RLrcBDR25jMCXg9yL 337 IwGVEcNp2fH4+YHTRTGLH81aPADMdUGHgpfcfqwjesavt/mO0T0S0LjJ0RVm93fE 338 heSNUHUigVR9njTVw2EBz7e2p+v3tOsMnunvm6PIDgHxx0W6mjzMX7lG74bJfo+v 339 dx+jI/aXt+iih5pi7/2Yu9eTDVu+S52wsnF89BEJeV0r+EmGDxUv47D+5KuQpKM9 340 U/isXpwC6K/36T8RhhdOQXDq0Mt91TZ4dJTT0m3cmo80zzcxsKMDStZHOOzCBtBq 341 uIbwWw5Oa72o/Iwg9v+W0WkSBCWEadf/uK+cRicxrQ== 342 -----END CERTIFICATE----- 344 3.2. RSA Certification Authority Secret Key 346 This secret key material is used by the example RSA Certification 347 Authority to issue new certificates. 349 -----BEGIN PRIVATE KEY----- 350 MIIE+wIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQC2GGPTEFVNdi0L 351 siQ79A0Mz2G+LRJlbX2vNo8STibAnyQ9VzFrGJHjUhRX/OmrOP3rDCB2SYfBPVwd 352 0CdC6z9qfJkcVxDc1hK+VS9vKncL0IPUYlkJwWuMpXa1Ielz+zCuV+gjV83Uvn6w 353 Tn39MCmymu7nFPzihcuOnbMYOCdMmUbi1Dm8TX9P6itFR3hiIHpSKMbkoXlM1837 354 WaFfx57kBIoIuNjKEyPIuK9wGUAeppc5QAHJg95PPEHNHlmMyhBzClmgkyozRSeS 355 rkxq9XeJKU94lWGaZ0zb4karCur/eiMoCk3YNV8L3styvcMG1qUDCAaKx6FZEf7h 356 E9RN6L3bAgMBAAECggEAE3tFhsm7DpgDlro+1Sk1kjbHssR4sOBHb4zrPp6c18PO 357 6T8gWuBcj1DzOzykNTzaMaDxAia4vuxVJB1mberkNHzTFqyb8bx3ceSEOCT3aoyq 358 5fiFpR0L6Ba1vgg8RTvNCAIApHNa4pVk0XD8Wq+h7mlUAOYGbie5UO8/P2qWjcOz 359 +zcheyYXJS/iuu0t2/F0ihEWGcXBmoc8D++n7mKst2jkAHD4wlPN2MgVqnmagpBz 360 gobFNmCZyZpDS+PPTtQZ1XvdGF5Sodc+Fz+jpWun1kqxDHE4UIZzDA/HAaBgORbm 361 aEZaVsOs9ZExeqOtqu2fPB7zF/1JKdRk4UJOUxS0OQKBgQDJwonP5RwvO0sYoCiw 362 zuFcYTmN/hI3R3viKuxr19CH6+mvuIU85ooIHF6TiouZwhk+6+Vk7rcXdS554DT4 363 2RbVrX/5i/MOzx8c8IIwoZJIasLz+vx8F4n6hyhV65bXN7AIBojMh2dt8tP2MZ/R 364 VEfsk4mNmO6yKuzyAfjJziCnCQKBgQDnDH9UYUIPkq0PSvViKQFJFCB9BJPFhld2 365 pIgoziw/JZzM3W3IWU0KWG7UxS0T3xmn3IX6xmWW4vX1/088ybObZWYP0edb61GM 366 I9DoI5igndLgDwyOL2PFuZh5pqqc09DE+cpJW4nNoudqTNmCrjhmxNCGKgGjlD8z 367 /OkSccvywwKBgDd0ReajRUziEjDxjF2UbzKx8lzJsX4KIs22GIdHqSRCvlcy80Qa 368 5WN3ULNiyB350HCP69wDFMXYym5rJoQjPvh6GIuhYKv4V8fffxkYv5kx5uWiXZVJ 369 7v2x+m8rMqlyv+pkyWLV8KKytHmdiBzD+oTWxF7r4ueLjtaxngzxn93pAoGBAKpR 370 rR9PnroKHubSE/drUNZFLvnZwPDv6lO8T978tONL372pUT9KjR8eN31DaMpoQOpc 371 BqvpSoQjBLt1nDysV2krI0RwMIOzAWc0E9C8RMvJ6+RdU50Q1BSyjvLGaKi5AAHk 372 PTk8cGYVO1BCHGlX8p3XYfw0xQaHxtuVCV8eYgCvAoGBAIZeiVhc0YTJOjUadz+0 373 vSOzA1arg5k2YCPCGf7z+ijM5rbMk7jrYixD6WMjTOkVLHDsVxMBpbA7GhL7TKy5 374 cepBH1PVwxEIl8dqN+UoeJeBpnHo/cjJ0iCR9/aMJzI+qiUo3OMDR+UH99NIddKN 375 i75GRVLAeW0Izgt09EMEiD9joDswOQYKKwYBBAGSCBIIATErMCkGCWCGSAFlAwQC 376 AgQcpcG3hHYU7WYaawUiNRQotLfwnYzMotmTAt1i6Q== 377 -----END PRIVATE KEY----- 379 This secret key was generated using provable prime generation found 380 in [FIPS186-4] using the seed 381 a5c1b7847614ed661a6b0522351428b4b7f09d8ccca2d99302dd62e9. This seed 382 is the first 224 bits of the [SHA256] digest of the string draft- 383 lamps-sample-certs-keygen.ca.rsa.seed. 385 3.3. RSA Certification Authority Cross-signed Certificate 387 If an e-mail client only trusts the Ed25519 Certification Authority 388 Root Certificate found in Section 6.1, they can use this intermediate 389 CA certificate to verify any end entity certificate issued by the 390 example RSA Certification Authority. 392 -----BEGIN CERTIFICATE----- 393 MIIC5zCCApmgAwIBAgITcTQnnf8DUsvAdvkX7mUemYos7DAFBgMrZXAwWTENMAsG 394 A1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxNTAzBgNVBAMTLFNhbXBsZSBM 395 QU1QUyBFZDI1NTE5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MCAXDTIwMTIxNTIx 396 MzU0NFoYDzIwNTIwOTI3MDY1NDE4WjBVMQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQL 397 EwhMQU1QUyBXRzExMC8GA1UEAxMoU2FtcGxlIExBTVBTIFJTQSBDZXJ0aWZpY2F0 398 aW9uIEF1dGhvcml0eTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALYY 399 Y9MQVU12LQuyJDv0DQzPYb4tEmVtfa82jxJOJsCfJD1XMWsYkeNSFFf86as4/esM 400 IHZJh8E9XB3QJ0LrP2p8mRxXENzWEr5VL28qdwvQg9RiWQnBa4yldrUh6XP7MK5X 401 6CNXzdS+frBOff0wKbKa7ucU/OKFy46dsxg4J0yZRuLUObxNf0/qK0VHeGIgelIo 402 xuSheUzXzftZoV/HnuQEigi42MoTI8i4r3AZQB6mlzlAAcmD3k88Qc0eWYzKEHMK 403 WaCTKjNFJ5KuTGr1d4kpT3iVYZpnTNviRqsK6v96IygKTdg1Xwvey3K9wwbWpQMI 404 BorHoVkR/uET1E3ovdsCAwEAAaN8MHowDwYDVR0TAQH/BAUwAwEB/zAXBgNVHSAE 405 EDAOMAwGCmCGSAFlAwIBMAIwDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBSRMI58 406 BxcMp/EJKGU2GmccaHb0WTAfBgNVHSMEGDAWgBRropV9uhSb5C0E0Qek0YLkLmuM 407 tTAFBgMrZXADQQBnQ+0eFP/BBKz8bVELVEPw9WFXwIGnyH7rrmLQJSE5GJmm7cYX 408 FFJBGyc3NWzlxxyfJLsh0yYh04dxdM8R5hcD 409 -----END CERTIFICATE----- 411 4. Alice's Sample Certificates 413 Alice has the following information: 415 * Name: Alice Lovelace 417 * E-mail Address: alice@smime.example 419 4.1. Alice's Signature Verification End-Entity Certificate 421 This certificate is used for verification of signatures made by 422 Alice. 424 -----BEGIN CERTIFICATE----- 425 MIIDzzCCAregAwIBAgITN0EFee11f0Kpolw69Phqzpqp1zANBgkqhkiG9w0BAQ0F 426 ADBVMQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQLEwhMQU1QUyBXRzExMC8GA1UEAxMo 427 U2FtcGxlIExBTVBTIFJTQSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAgFw0xOTEx 428 MjAwNjU0MThaGA8yMDUyMDkyNzA2NTQxOFowOzENMAsGA1UEChMESUVURjERMA8G 429 A1UECxMITEFNUFMgV0cxFzAVBgNVBAMTDkFsaWNlIExvdmVsYWNlMIIBIjANBgkq 430 hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtPSJ6Fg4Fj5Nmn9PkrYo0jTkfCv4TfA/ 431 pdO/KLpZbJOAEr0sI7AjaO7B1GuMUFJeSTulamNfCwDcDkY63PQWl+DILs7GxVwX 432 urhYdZlaV5hcUqVAckPvedDBc/3rz4D/esFfs+E7QMFtmd+K04s+A8TCNO12DRVB 433 DpbP4JFD9hsc8prDtpGmFk7rd0q8gqnhxBW2RZAeLqzJOMayCQtws1q7ktkNBR2w 434 ZX5ICjecF1YJFhX4jrnHwp/iELGqqaNXd3/Y0pG7QFecN7836IPPdfTMSiPR+peC 435 rhJZwLSewbWXLJe3VMvbvQjoBMpEYlaJBUIKkO1zQ1Pq90njlsJLOwIDAQABo4Gv 436 MIGsMAwGA1UdEwEB/wQCMAAwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMB4GA1Ud 437 EQQXMBWBE2FsaWNlQHNtaW1lLmV4YW1wbGUwEwYDVR0lBAwwCgYIKwYBBQUHAwQw 438 DgYDVR0PAQH/BAQDAgbAMB0GA1UdDgQWBBS79syyLR0GEhyXrilqkBDTIGZmczAf 439 BgNVHSMEGDAWgBSRMI58BxcMp/EJKGU2GmccaHb0WTANBgkqhkiG9w0BAQ0FAAOC 440 AQEAc4miNqfOqaBpI3f+CpJDhxtuZ2P9HjQEQ+v6BdP7GKJ19naIs3BjJOd64roA 441 KHAp+c284VvyVXWJ99FMX8q2ZUQMxH+xh6oAfzcozmnd6XaVWHg4eHIjSo27PmhK 442 E1oAJKKhDbdbEcZXL2+x1V+duGymWtaD01DZZukKYr7agyHahiXRn/C9cy31wbqN 443 sy9x0fjPQg6+DqatiQpMz9EIae6aCHHBhOiPU7IPkazgPYgkLD59fk4PGHnYxs1F 444 hdO6zZk9E8zwlc1ALgZa/iSbczisqckN3qGehD2s16jMhwFXLJtBiN+uCDgNG/D0 445 qyTbY4fgKieUHx/tHuzUszZxJg== 446 -----END CERTIFICATE----- 448 4.2. Alice's Signing Private Key Material 450 This private key material is used by Alice to create signatures. 452 -----BEGIN PRIVATE KEY----- 453 MIIE+gIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQC09InoWDgWPk2a 454 f0+StijSNOR8K/hN8D+l078oullsk4ASvSwjsCNo7sHUa4xQUl5JO6VqY18LANwO 455 Rjrc9BaX4MguzsbFXBe6uFh1mVpXmFxSpUByQ+950MFz/evPgP96wV+z4TtAwW2Z 456 34rTiz4DxMI07XYNFUEOls/gkUP2GxzymsO2kaYWTut3SryCqeHEFbZFkB4urMk4 457 xrIJC3CzWruS2Q0FHbBlfkgKN5wXVgkWFfiOucfCn+IQsaqpo1d3f9jSkbtAV5w3 458 vzfog8919MxKI9H6l4KuElnAtJ7BtZcsl7dUy9u9COgEykRiVokFQgqQ7XNDU+r3 459 SeOWwks7AgMBAAECggEAFKD2DG9A1u77q3u3p2WDH3zueTtiqgaT8u8XO+jhOI/+ 460 HzoX9eo8DIJ/b/G3brwHyfh17JFvLH1zbgsn5bghJTz3r+JcZZ5l3srqMV8t8zjI 461 JEHOKC3szH8gYVKWrIgBAqOt1H9Ti8J2oKk2aymqBFr3ZXpBUCTWpEz2s3FMBUUI 462 qCEsAJqsdEch+kt43X5kvAom7LC1DHiE6RKfhMEub/LGNHSwY4dmzhaG6p95FJ1h 463 s8HoURI2ReVpsTadaKd3KoYNc1lcffmwdZs/hFs7xmmwXKMmlonh1mzHqD1/BqeJ 464 Hc8MP4ueDdyVgIe/uVtlQ9NcRQbuokkDyDYMYV6hzQKBgQD75ahYGFGZznRKtSE3 465 w/2rUqTYIWxx2PQz5G58PcsTZM89Hj4aZOoLmudHbrTQHluRNcHoXEI62rs0cVPs 466 D7IlZOLfs+SSTeNEXxD57mjyyufpV65OcNc1mSJAmMX2jWQ8ndnOuWPcc5J6fNvT 467 au0a7ZBOaeKHnA8XXL3GYilM9QKBgQC35xKi7f2JmGtsYY21tfRuDUm6EjhMW6b7 468 GWnI9IXF8TGj15s7oDEYvqSPTJdB6PAb/tZwdbj9mB4qj176x1kB/N7GO974O8UP 469 /PdHkU7duyf5nRq1mrI+yGFHVsGD313rc+akYdKcC207e6IRMST1ZFoznC6qNgpi 470 nNTuDz4ZbwKBgA5Dd9/dKKm77gvY69Objn6oBFuUsO5VaaaSlcsFOL2VZMLCNqQJ 471 +NLFZ7k8xJJQVcEIOT2uE7X/csBKdoUUcnL5nnsqVZQPQwI5G937KQgugylMZLte 472 WmFXlX/w5qzKXtWr3ox9JPFzveSfs1bqZBi1QQmfp0skhBo/jyNvpYUNAoGAMNkw 473 GhcdQW87GY7QFXQ/ePwOmV49lgrCT/BwKPDKl8l5ZgvfL/ddEzWQgH/XraoyHT2T 474 uEuM18+QM73hfLt26RBCHGXK1CUMMzL+fAQc7sjH1YXlkleFASg4rrpcrKqoR+KB 475 YSiayNhAK4yrf+WN66C8VPknbA7us0L1TEbAOAECgYEAtwRiiQwk3BlqENFypyc8 476 0Q1pxp3U7ciHi8mni0kNcTqe57Y/2o8nY9ISnt1GffMs79YQfRXTRdEm2St6oChI 477 9Cv5j74LHZXkgEVFfO2Nq/uwSzTZkePk+HoPJo4WtAdokZgRAyyHl0gEae8Rl89e 478 yBX7dutONALjRZFTrg18CuegOzA5BgorBgEEAZIIEggBMSswKQYJYIZIAWUDBAIC 479 BBySyJ1DMNPY4x1P3pudD+bp/BQhQd1lpF5bQ28F 480 -----END PRIVATE KEY----- 482 This secret key was generated using provable prime generation found 483 in [FIPS186-4] using the seed 484 92c89d4330d3d8e31d4fde9b9d0fe6e9fc142141dd65a45e5b436f05. This seed 485 is the first 224 bits of the [SHA256] digest of the string draft- 486 lamps-sample-certs-keygen.alice.sign.seed. 488 4.3. Alice's Encryption End-Entity Certificate 490 This certificate is used to encrypt messages to Alice. 492 -----BEGIN CERTIFICATE----- 493 MIIDzzCCAregAwIBAgITDy0lvRE5l0rOQlSHoe49NAaKtDANBgkqhkiG9w0BAQ0F 494 ADBVMQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQLEwhMQU1QUyBXRzExMC8GA1UEAxMo 495 U2FtcGxlIExBTVBTIFJTQSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAgFw0xOTEx 496 MjAwNjU0MThaGA8yMDUyMDkyNzA2NTQxOFowOzENMAsGA1UEChMESUVURjERMA8G 497 A1UECxMITEFNUFMgV0cxFzAVBgNVBAMTDkFsaWNlIExvdmVsYWNlMIIBIjANBgkq 498 hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmpUp+ovBouOP6AFQJ+RpwpODxxzY60n1 499 lJ53pTeNSiJlWkwtw/cxQq0t4uD2vWYB8gOUH/CVt2Zp1c+auzPKJ2Zu5mY6kHm+ 500 hVB+IthjLeI7Htg6rNeuXq50/TuTSxX5R1I1EXGt8p6hAQVeA5oZ2afHg4b97enV 501 8gozR0/Nkug4AkXmbk7THNc8vvjMUJanZ/VmS4TgDqXjWShplcI3lcvvBZMswt41 502 /0HJvmSwqpS6oQcAx3Weag0yCNj1V9V9yu/3DjcYbwW2lJf5NbMHbM1LY4X5chWf 503 NEbkN6hQury/zxnlsukgn+fHbqvwDhJLAgFpW/jA/EB/WI+whUpqtQIDAQABo4Gv 504 MIGsMAwGA1UdEwEB/wQCMAAwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMB4GA1Ud 505 EQQXMBWBE2FsaWNlQHNtaW1lLmV4YW1wbGUwEwYDVR0lBAwwCgYIKwYBBQUHAwQw 506 DgYDVR0PAQH/BAQDAgUgMB0GA1UdDgQWBBSiU0HVRDyAKRV8ASPw546vzfN3DzAf 507 BgNVHSMEGDAWgBSRMI58BxcMp/EJKGU2GmccaHb0WTANBgkqhkiG9w0BAQ0FAAOC 508 AQEAgUl4oJyxMpwWpAylOvK6NEbMl1gD5H14EC4Muxq1u0q2XgXOSBHI6DfX/4LD 509 sfx7fSIus8gWVY3WqMeuOA7IizkBD+GDEu8uKveERRXZncxGwy2MfbH1Ib3U8QzT 510 jqB8+dz2AwYeMxODWq9opwtA/lTOkRg8uuivZfg/m5fFo/QshlHNaaTDVEXsU4Ps 511 98Hm/3gznbvhdjFbZbi4oZ3tAadRlE5K9JiQaJYOnUmGpfB8PPwDR6chMZeegSQA 512 W++OIKqHrg/WEh4yiuPfqmAvX2hZkPpivNJYdTPUXTSO7K459CyqbqG+sNOo2kc1 513 nTXl85RHNrVKQK+L0YWY1Q+hWA== 514 -----END CERTIFICATE----- 516 4.4. Alice's Decryption Private Key Material 518 This private key material is used by Alice to decrypt messages. 520 -----BEGIN PRIVATE KEY----- 521 MIIE+gIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCalSn6i8Gi44/o 522 AVAn5GnCk4PHHNjrSfWUnnelN41KImVaTC3D9zFCrS3i4Pa9ZgHyA5Qf8JW3ZmnV 523 z5q7M8onZm7mZjqQeb6FUH4i2GMt4jse2Dqs165ernT9O5NLFflHUjURca3ynqEB 524 BV4DmhnZp8eDhv3t6dXyCjNHT82S6DgCReZuTtMc1zy++MxQlqdn9WZLhOAOpeNZ 525 KGmVwjeVy+8FkyzC3jX/Qcm+ZLCqlLqhBwDHdZ5qDTII2PVX1X3K7/cONxhvBbaU 526 l/k1swdszUtjhflyFZ80RuQ3qFC6vL/PGeWy6SCf58duq/AOEksCAWlb+MD8QH9Y 527 j7CFSmq1AgMBAAECggEADgxoWEDDRE5yEZ+s7TMw+WH2o+3XOOrryqnsLbOyv34I 528 wAAUWK7qZyjd9rSDOAtBOgFhQNXYhWZlT+0iHslCIfqJMZ8wy1iFHBCIphoMSWs5 529 /D+idXrUef5Y23rClBxXH0g1UnSGXnpUH4ehV6p1lvZMh4OJKEoMC4cpyd1SzXrw 530 +VGCc1+pXv/tTW3Rb2qoWO9JoWY+Epcssrw5N8OFIFODh4QfbLN6pVTt28aQ4pf/ 531 1KhLoapjFzXSYp/jrcNjYJ9qRdSAbZsKOJ2yZ0yqjLHDCDipFty+W0pkUZcJhsgu 532 Cg1Stt7tKgSvAV/nEjN8e/vA91/AACKBCNcLzEoLgQKBgQC4eTM6BDCzlusXJBK4 533 SRC/WwUthJZzfOk2Gmwr0DCTRYhWQSDjBfiQNboazHObVPz45qP10fOt2iPEHeX+ 534 VWAXTNrN69M9lEzxygA3s76lAejBR3FbLWkzLYqPB3oZwSIE7CrWHTXJipFWZv+X 535 FG1R418fnRCUMJ4j85qem5iyqQKBgQDWhQMJu7FC02fr83qsIdLwqhiDtTpwUN3j 536 qfp7JoEZOxbm3TgM1xPAkrQTUgfr2ZhXGtUwsuKHyifxQEycrTkBOg0gqAfG0fnv 537 ybyXK6/guctHJQiy64lL39kPuvQkKB+YO60B/oF6zbyFvqanoKXjpspObN3i3yBU 538 X5/EOu/LLQKBgQCUVwHWeWAgSg+pgBx9jGOnPK4hOCkznRJ7qyuo37Tv+E317lFf 539 vYFvlYSd4CJmmiUCkZTvK3FkL7HrFo/HwSeQFQEt7aDkN8jX9bPPFv8K+UoNgkGp 540 LA8YVFrDQSPyadfNVYvsuXhzJLZSYGjPOGHgI5JufYLDZ4UDK/T97ekQYQKBgDDM 541 ORCxvXTyGiW2USVu3EkaqFDtnMmH27G6LNxuudc/dco2cFWbZ0bbGFN8yYiBCwJl 542 fDGDv7wb5FIgykypqtn4lpvjHUHA6hX90gShT3TTTsZ0SjJJGgZEeV/2qyq+ZdF/ 543 Ya+ecV26BzR1Vfuzs4jBnCuS4DaHgxcuWW2N6pZRAoGAWTovk3xdtE0TZvDerxUY 544 l8hX+vwJGy7uZjegi4cFecSkOR4iekVxrEvEGhpNdEB2GqdLgp6Q6GPdalCG2wc4 545 7pojp/0inc4RtRRf3nZHaTy00bnSe/0y+t0OUbkRMtXhnViVhCcOt6BUcsHupbu2 546 Adub72KLk+gvASDduuatGjqgOzA5BgorBgEEAZIIEggBMSswKQYJYIZIAWUDBAIC 547 BBwc90hJ90RfRmxCciUfX5a3f6Bpiz6Ys/Hugge/ 548 -----END PRIVATE KEY----- 550 This secret key was generated using provable prime generation found 551 in [FIPS186-4] using the seed 552 1cf74849f7445f466c4272251f5f96b77fa0698b3e98b3f1ee8207bf. This seed 553 is the first 224 bits of the [SHA256] digest of the string draft- 554 lamps-sample-certs-keygen.alice.encrypt.seed. 556 4.5. PKCS12 Object for Alice 558 This PKCS12 ([RFC7292]) object contains the same information as 559 presented in Section 4.1, Section 4.2, Section 4.3, Section 4.4, and 560 Section 3.3. 562 It is locked with the simple five-letter password alice. 564 -----BEGIN PKCS12----- 565 MIIX+AIBAzCCF8AGCSqGSIb3DQEHAaCCF7EEghetMIIXqTCCBI8GCSqGSIb3DQEH 566 BqCCBIAwggR8AgEAMIIEdQYJKoZIhvcNAQcBMBwGCiqGSIb3DQEMAQMwDgQIWQKs 567 PyUaB9YCAhTCgIIESCsrTOUTY394FyrjkeCBSV1dw7I3o9oZN7N6Ux2KyIamsWiJ 568 77t7RL1/VSxSBLjVV8Sn5+/o3mFjr5NkyQbWuky33ySVy3HZUdZc2RTooyFEdRi8 569 x82dzEaVmab7pW4zpoG/IVR6OTizcWJOooGoE0ORim6y2G+iRZ3ePBUq0+8eSNYW 570 +jIWov9abdFqj9j1bQKj/Hrdje2TCdl6a9sSlTFYvIxBWUdPlZDwvCQqwiCWmXeI 571 6T9EpZldksDjr5N+zFhSLoRwABGRU8jXSU9AEsem9DFxoqZq8VsQcegQFY6aJcZO 572 Xel7IECIAgK8nZlKCTzyNVALxeFw0ijWnW4ltDaqcC6GepmuINiqqdD94YAOHxRl 573 1lKU4mLknSJ36W4T7vaI4fp98sK0nGpaDzQheu6BbQ+dVd44q52MDwvqvD0Y7UjF 574 IVEP3V9Ebfn641CR0mIcVCUynxb3aaKjhgBKTGbYsKtPue974rDPIArMs2Heo8y3 575 cq+f7Jce0IVCglRatN6rSyJBF8JlBQW5pZGco8AwTM1pK3RrdIDziheA8DIBB+KT 576 4JZBO6UprlcZ5wBY6ncXWa5E4feb57Cd3bB+zJuubBX9f4yG/J0cSF59w92c/6Qb 577 i4EFk6tAiz19PxuLLwjco71e69Jiav19Ph/WJpf/XCEurw7K+VAeZALFW41G/D30 578 WIBRC2shisHB3j8+3fNPcvi4Fy3EkZNW4lrZFAjbBtloCxk5rcfRS7vxucAvC5X9 579 4bm0xEcdOysnuplH77u+CWWxjCk414SlKZTUbwc1a0B6yRDvojUMZkDzMqsxyYjn 580 JG5QhMFQrTyALwCgJsP/rAf5xPhG2p+9Qul0yiBIIZwvKNKRQKL+YLcvYvTh1bhj 581 rUflYzzvviyXCy9LcX2GBop9yBFJzIcmKfL0MGua6WIkWX2BIjhGTtu6VThmRHuf 582 OsqNg/ZrNCTYa7e1D6gwP5uFRecSZdASf+0XTe6M7e/vaN4Go4A3H8+d53SYQP6n 583 pTt/a0DTHzY77aNMh+mzkIHC1W3zUdlS48tUyJMiAN3Tt+RfhHZfgloJ7IdcYdM2 584 O1I+UD/5L9ghxN8dh13Fi3rDyn6Y5xB1xFuZ0mLjoEI+3Pr1+B9Kgf+o/hxFttfx 585 1uP1XcHt0a4gBr6g7fwGNssfw5S6g6hS9UDTAYOpvLaatil2TZmeYZzij19ssv36 586 kr1VaRV9xcQCbY05ucD+buymFXPn/rhVdxhgIydmvOtdzDozy0WFDTvgjUBNeRnC 587 eMVD6AlWdWOlmBqOcIlJS0aY2FWm8Kju62XZA8YIRowlLysuq3zIqDmzmqJFKwuA 588 mRMZmUVhophMEn86rwob3Z87gNbyy1U/dXi+s6Vybx/kiwDXjfyhWBnhn1gkhgiv 589 oOhGtt+yAliCVuHQlEloQeQN04C5QTU0d1WOj489Ft6wpvm0tqcl6NpnRYUhbCoF 590 XhFr4wswggR3BgkqhkiG9w0BBwagggRoMIIEZAIBADCCBF0GCSqGSIb3DQEHATAc 591 BgoqhkiG9w0BDAEDMA4ECPoEFEHQGB9dAgIU5oCCBDAOrGHyN47xktt1J1VvWQZN 592 BYIMFzLN6p2/zKotGf7EMdgSdwlxkhKTWxunfoP/gfRD6boXTAA7ukJDsHXZrfXF 593 KjI4HI2oa/NihwqctphcLonBJXcofuHv+loP9MPLtwu3Mo1wsWTiHpf5XmxMoZQw 594 fbrp2ohLugJO1ZRB9RfAUpaAhtFg91pLOtXEpz7GULEyOnYh9R8iu9bSel8bpl4S 595 +AoxzXD4gYiEU6Yi0/47aRstd3H4u3ERDnUKSoqVstslRSKnK/WrGYUwoy7kNDwy 596 DBitfosMY0rpWEe5rXTBwJkBodcl3LBpDbNzdbrZw+e+yObJ9zfRlMpl0xVfoiji 597 q9UbRdgN2yo0RKwF6c63V2RdF5tjQHnNIM3K3tC9zEis11jgn9LeOLB9Cd1qyE4P 598 WfmHN0gwqDF1eX96TmUipmYM63H6jcbnSc6p7eIZtCrqGjhsTqFwcMg04WaXWeHD 599 ffLXSZdzIUB+zfC8tftUUEOUX3tX4l1oU7K8uAuQTSK/AXwUj+MbQVhlz8te4FVr 600 w4ulZ184IYqhD3VdIOxXiZkfSKChRz8/7QacrXFvfKkrcrxS2iHMoxhoJ7WETNtI 601 slW5R5runj61r50VT4HCFNFQfGBbTtV9AdP7yka9aQDWxPCoXFgeb1Q01F/BigzW 602 02JP5Lcrw7ia0y88QbTzWhi57d4he5OIp0wHUiGPh7s792mlltvuSpRKJkOXWv6h 603 qAj5AsBB8JNvgXP71Ytx2vMdjw6gqzQcxASJ4UHQg0CxmiODLUP+FHAY1CPNSjbR 604 pHrTi1UFi/+9hYneQci++qPvkCqMuGHVxamd4OLanGJN1NxE1DyMeduapX5rXuPn 605 g66LPey9GQuE3SBNC2dmjuOy7d8fWXEZqhqLtPfsuwVzdnWb1uAcjRfQPNo+uWe4 606 zihYisXK3lqA557dRqdSv+6GL6/OZQOCTaYMyZIWD9jS2gU6T3q2j8uk1LNcL9n8 607 aSpQ5xWspBXpzXo39fG6CMeqzZlFCqrvQwYhdXbtxn9Ox/pimmWOlcqAxv+xythW 608 BMx+il1JEdbCj015wjmsCWNPWlM4AVSholpZhs9Mq6rvgBXi1HJgjD0DpSLCE0xh 609 /GNoXoOX3LrxfCIDEhT8LyZ2NE59yh3t6pm88soFzaAghdjb1Fkc79nBbcl4NLKg 610 SmL/7GktkxEznOiSYfnfJ905kjZC08d8RnoGfrDDUWD2ZIhbbxOCq4E3E0Zt13aH 611 JOXRBOZLC9L2JNeSNiBZZGykh+Pi4TsIzXL2UPQ+dy4DDaEf8yamyY04dlhFsnhD 612 qr94Y9E3O/rpF0yUb2gCehEgT9nppVuMeridsCkHqemmgVr/52Xv/XK9dx4+YBjL 613 4/3Id0/yVJURqDIHH8o4ogF4rflkzOalrZ9nJFugP0UM8oNysaL9yr7/Dli1juV0 614 MIIDZwYJKoZIhvcNAQcGoIIDWDCCA1QCAQAwggNNBgkqhkiG9w0BBwEwHAYKKoZI 615 hvcNAQwBAzAOBAidIqBxZFwvagICFCKAggMgTzrUv4/12Jqnv3AL+P6990uX1ybZ 616 NcTwC+hMRV0Ho0FuAAybzdSRBAaZch1+8GheU8yz7IYWmLn1PNHxlZ8inIYfmTfk 617 Pa34Rk8s/RxJIe8LMYL1qjk/FMq/Fpgc0S65S6bXvJ69Hb8gtAoGW8P1b0dd9bvG 618 NbAk00h5r+IWiH4U8zGpcqWDWRgieGICsY00Hvx4KKMV6FIjFVCTZevORVoyzmSX 619 ZZgxqrbjw4CZqOWReHPI3aEt5xVX3BihRGi4EIyia6yU10VOZTGBKqWUeKmOA5Gw 620 SX3mH/kLiya3gwwGvdq1ncXcl7V1STN1HFyp4ebGKg4CsZ6NkWjocwq2PwM/TqoZ 621 5i02tqvOeR8lX7LrSegxGH81Kw3nMV4dH5txoVt9hddZCKKGcJ5Z8FlzxFP4BFuF 622 7hOmRpUPdxiahJ/GkXDVIAw6BJKd4Q9e6sjJYxTeq4uOP6V4PMuDU7F98X/d9sEx 623 2X3b1cJxuA7xtOnKAPsWEyWBg98B+CKG6KwO5s8TlZVmlk15FCUjvFoKCiWIKF4N 624 vGLiWOIP/jJ9N6Gqp4gNbm51zNFGZ7gZAtvsBSGQSOUPgfZcx2mRxpBmcX8tm5YJ 625 hmY9EDK13umUUGKrPOrG8c7/MVAQegSKqQuXSfMK6KknXGe7jwjs7xaQaRm9fFHS 626 0KbGU3MsLxRGjW/jzjUNAEWDiSYPCVo8E/kd8LETvjAowF772y9o0X1ZzcP7HWcl 627 oYcO/WSSh4e+FAbgqLo/8KIkGzJ23BAcdx8XAtxzUZhRdHaItnwaJsfTr4TCwq8C 628 XxJG5u44/z6imqQrVOaXQfvk6sSNGdG62TkacYg2K63D9hcg+TbZPPVSStWXyj8S 629 N84anzTOxb1yx6aw6IL+uBLC4jISgNFijaF5pwjLSbgTs5Z7skZdCam80xYmdJVO 630 ES/uqFCQFUSamXXNbotviQk8jWuJFz+BXzPYJN3t+3mp6SmgTZ2zP8FUQEE4GbSH 631 DqYV621DcWRo/mao8xzX/mvkKm4ddGBldiusoHZaL4gdo2A1qThSMnMBsciC+jEj 632 DqOr70XhHccTDW8wggWUBgkqhkiG9w0BBwGgggWFBIIFgTCCBX0wggV5BgsqhkiG 633 9w0BDAoBAqCCBSYwggUiMBwGCiqGSIb3DQEMAQMwDgQIehcRLmVUApMCAhQOBIIF 634 AHb5dXZKzCeRUo2ZSj0oyuFS3zQ5HhKyfapsyCqbYCKv/lSzNYWvuda7xfa+uOM7 635 /wCB9sWdz0MTpaBMHWx9hvibZIY65oM+ry4tTuKKqOJl37OsnjB0dSNTKszsI3fa 636 PUjslxqIH3aC1shD7OqhIRGZzRjK44PJyWv626oQrgVtTYR9NYTdee+SbBZbkEt/ 637 EpWipwftWXGR6tSYJQn99eO9Vih8HyQvwIpidUh3pCFOlow4VZyAqIWOHcw9TAjB 638 XNv+qfdH7fiX9wM5/GvnQReIsqjXCUoc6pSQIAqD/f+I/d1F2ZmqM7KwX0LGRER9 639 OWZGyF734pN9GLbNetWm6rKxmlSI/5m6+2Jxxfann16P+vBSEgWJ/I8GnJAdzIbB 640 Tyfjog4Gi2+lmrPzK7+C79ntM9nfsr4xVzy/BknwZIaJksd4VvOGkS9nfM6shtBJ 641 B9uR+GJfthtsvIVUHN0kz2r/lVzMSRbOg9yR53hv1H/nXCmUjWz/BvobmoaVBcCm 642 mOnnYZTHMNarIVYdLQFif5ZLH7WV/XVEVIoRntNRiKsK96VAHm5XboWQGCqL0heh 643 IX3Nily1genGm1aFlSQNMvLDko1ILDTKrINvPmjG/WFoLntpJFPtYZsooT1jjXLw 644 3VTSodtgKQNdPYOEidSJqwIS87fzrCB2Wmwys0iGfdsuNhSaqNqa0dMO6FiW2fku 645 x7H+w7SX1/n9YeZUNLOcewLcC7E8IA1IarjglZE1L6Yb2ldXxV9q3PPOwKuGnah0 646 TKnD6mLn5BIGOGTzF1VspXRrJhFrcLe+xsJR1r6niI3bcMWXXy7gbm1X/CRE902I 647 ynxE1oDR+xZ6rjPWDJP7kVf4GvA8trCGrot4pbJbmwlBeMIylScdQoHEnyqrenOn 648 RMmXZaKzl3njtq7Wk78qoJq0a6Vh/sde0KcOPFkyTZdMBlTztm0K2VJU3jUVzPlM 649 0WY2fyGDoA89ol+/MiNsgiaEghGybXBYipOex+p7j1GIRN/CKmpWsqjZnB78kyXm 650 Z6AE1vC6neD/7zANInDkzXiun6ic72LoBX3JGiCSuM6hIPJ0AcDwlzTDu0H2rCQN 651 w+tivJ2v4KbgeKoc6beQb5fZHs7VsWHikIcpwqB5ngwt34wHgFG0nTS4lZmvzSJ7 652 FMRVGmsDYkDTpZzgNOaxiUBQMcEvxNIe3nAmA+dvB7w6XRQVSUsL+vBFhHiWGZ7h 653 k5sCeHElewXK0SyJADgfFlYq3EfEgZ13h4wtoSfbBVtzbbyg2LNegUCLfIJkc7fm 654 T7X7JSxbjOgndMHEeMdVb+NFxbgsXYrYD8rC2A8l5cQzZrsxb1bvgybEJz+NU/52 655 UgGrPmdjJKuGBK/V2zor6qPvKyId1Gb4QQuIoyClwhZ+qk9nE4Eft84y7ISgMywH 656 +lw87HrSHKfpqzQhCxlrLu53IYK/4PhE7BYC9Q4tvIsZXSGZ+nju4tyzERSlaNe5 657 njUeIENr4B/+kXULwVDcvMFHqUFJMkFai8FUga7gyipZ+654clGgJjnNBO1va8Jc 658 dtdPRRW4gwdrVn8u8J78KBzt6ChkrpKRV8VeWKBk9lhcT0ZNpJnNqhDrkfzHBqP0 659 Uo133I7P7C+h9sNDI153W6IOIodyQE0Av1WxHo4y/1d1VeGDaB7hOSDq9ZMpm9n1 660 En7F6/1/s4IUZHja/qRrK9hD4M0Xq0LhFXuUzuipo49OMUAwGQYJKoZIhvcNAQkU 661 MQweCgBhAGwAaQBjAGUwIwYJKoZIhvcNAQkVMRYEFKJTQdVEPIApFXwBI/Dnjq/N 662 83cPMIIFlAYJKoZIhvcNAQcBoIIFhQSCBYEwggV9MIIFeQYLKoZIhvcNAQwKAQKg 663 ggUmMIIFIjAcBgoqhkiG9w0BDAEDMA4ECKq4DtyiayOyAgIUpQSCBQAKQtkPOS4s 664 LE6Os7nP4RaJWBuyXl27V/o6TusBRBgQoPzP+aC+O99wgisEKedyB47bAzcO4sba 665 4q8UkERAsYHcEhdD2hGRCL7ou9jTtrr4RgZpa5V9CJcBO0t4bqy2lUefOpm6no+R 666 X840uyM4q5Q+cfH1rTQ1a/a+gLglbptoEkH/4dfR3ELYiXcM5UrBYTJOHcyME8c+ 667 TXbpf7kiplTtlsrlZyU5zrWcxngrBxwFA+O85W/uVR3QZSW+EGx/VCYwGruZlNyt 668 BvBYjsYsnC+yKYXbqL81DgOePy+eh6VX64SwBLXcWcY+NK2EZrhzrUFjl+PXFKY3 669 IVVPJhTE9o7gJA0hzvAanOluWXozD3/WPQaXhyIJDwM2MjznjL2MBydpy9K8Cio7 670 XaV6PX8DszIZkfI4DAz5f7G7WbwUq3IjPPPWiUv+JsR+dnqzWDJ22SXc+AdQP2sK 671 qMvP8gOpHOsVlXXE76c5rUcZCZD+gGv1avO7YttWqbDqLj6oQEIJ8LX0Qvwd0YEh 672 etE0bJ5uv2njhQDhLkH/JIbmFSgJZeM8dtKHb8f5wZc2B+nXGB+TFboGzSuP7gaW 673 u1vKsJNqT/J/FYEqcamI2F+td7z1sGfbR9ckAcxXeb2uPVbCJ1a50gRlz9qVm5Hb 674 5f53X7aoQQp3F3LDGQmJ+GFQ/oXXwabqn4TvNO9KDhxpGcMMU9RnugUfNU9GBec0 675 vfrzmVKZdmJ36HOmMnLvgRakRhCV3kGABXY83hwUv17E1qASLKcAWIachkCCGpBG 676 yGtP2IOZTn7PsLJR1BzKnePa7MgFcgoCToIpdQnCTtAsalmBm1s480LN3GB5ojeG 677 bQvNf9TAviA0tg5VuT4/O48V6uYSJsIZsawm3tGA/LjxyfV1aLddQT5Zf5ZX9BX+ 678 K/PB4oYAFxtUpMK/aL5G1MvppUJ9CjqAtnoKE+EkdQmyZ1VoDO9ih44zuRx6XV4A 679 EYafNB8ygjRHGsvPW0/M0Es0w16wzJHTuf/15fD/nH7Xh5MzhCF0CtvLn8v+S1Po 680 i2/40O6pS2byjUFRbeCpzEpRxdv90LCb9ALdy0yG9u41W3yInKNFnaWBulfOPFCe 681 ZT92M1BgwJA8ZcydtiiunRNAH5iWLSPloUpOD1v6En+rat+PoyRXIy2fLHBL25aw 682 LhABoZPgRsCiLsiNiohfyngksrQKeRgOlaBMT92J8r1E4sUKirQlcOdiWBE6vmBS 683 XzyN/twvfgPNIXgR0rw6c7VhhS+hNTrsttg/xcfvJ/bftDbKm+RZL+yQoOkkAf9R 684 5tizyMdMBlaMrpfrBxvNtMiykbZ88SYoA70Trwab2aHQluVhs8OjXGBEOqmSudcS 685 dV1EhBpo9HBsDZZi0IwOp5/B9fCHdnThCTiUm80eQ6mX2/DB9LlNh7gHOyLL3azT 686 m12D0ZpZNaXyxLzdiRiAdwpWZmmegOOG70yi0D5eIxh6cbnbuU6Ygdp+pFFVYHfA 687 vc5Czpne2OPhXX2k0Okbwawr9AfrFjIfAEmBFx5GBGr/lSiUQSkbUC/s209YgaOg 688 WTYt3KXPzrThJJGZnnXZRTGfIi6vp8RsnPX35+Dxe/Lp3gXDdIJeWG6XVA8t3fsp 689 coTqPkm/XGNMmOZ81KX/ReVdP+dC93sov2DuDZbYGPmHlD47bOOiA68GD64DEuNt 690 Q8MhWk8VRR1FqcuwB0T0bc+SIKEINkvYmDFAMBkGCSqGSIb3DQEJFDEMHgoAYQBs 691 AGkAYwBlMCMGCSqGSIb3DQEJFTEWBBS79syyLR0GEhyXrilqkBDTIGZmczAvMB8w 692 BwYFKw4DAhoEFO/nnMx9hi1oZ0S+JkJAu+H3/jPzBAj1OQCGvaJQwQICKAA= 693 -----END PKCS12----- 695 5. Bob's Sample 697 Bob has the following information: 699 * Name: Bob Babbage 701 * E-mail Address: bob@smime.example 703 5.1. Bob's Signature Verification End-Entity Certificate 705 This certificate is used for verification of signatures made by Bob. 707 -----BEGIN CERTIFICATE----- 708 MIIDyjCCArKgAwIBAgITaqOkD33fBy/kGaVsmPv8LghbwzANBgkqhkiG9w0BAQ0F 709 ADBVMQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQLEwhMQU1QUyBXRzExMC8GA1UEAxMo 710 U2FtcGxlIExBTVBTIFJTQSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAgFw0xOTEx 711 MjAwNjU0MThaGA8yMDUyMDkyNzA2NTQxOFowODENMAsGA1UEChMESUVURjERMA8G 712 A1UECxMITEFNUFMgV0cxFDASBgNVBAMTC0JvYiBCYWJiYWdlMIIBIjANBgkqhkiG 713 9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5nAF0glRof9NjBKke6g+7RLrOgRfwQjcH+2z 714 m0Af67FJRNrEwTuOutlWamUA3p9+wb7XqizVHOQhVesjwgp8PJpo8Adm8ar84d2t 715 tey1OVdxaCJuNe7SJjfrwShB6NvAm7S8CDG3+EapkO9fzn2pWwaREQ6twWtHi1QT 716 51PduRtiQ1oqsuJk8LBDgUMZlKUsaXfF8GKzJlGuaLRl5/3Kfr9+b6VkCDuxTZYL 717 Zxt6+a3/QkaC3I9m2ygPubtHFJB5P5+s8boROSKm1OB1gsLow8eF9S7OtcGGeooZ 718 JiJUQCR14NaU5bIyfKEZV2YStXwdztoEJJ2fRURIK+8YnwlB3QIDAQABo4GtMIGq 719 MAwGA1UdEwEB/wQCMAAwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMBwGA1UdEQQV 720 MBOBEWJvYkBzbWltZS5leGFtcGxlMBMGA1UdJQQMMAoGCCsGAQUFBwMEMA4GA1Ud 721 DwEB/wQEAwIGwDAdBgNVHQ4EFgQUF8WEe9Cn73aQOLizbwi8krWeK5QwHwYDVR0j 722 BBgwFoAUkTCOfAcXDKfxCShlNhpnHGh29FkwDQYJKoZIhvcNAQENBQADggEBAG7e 723 QY6Px7WZC5vCbF5hjOitxoz3oyM+LRcSTGWoYXdmlwsNUzy31pE3dtADvevRtsP8 724 uN7xyfK6XZBzhShA/BtkkqYGiFvXDpluOxWmqC0WPmc1PNK2mHil+pGMfvnUwnxd 725 6gKcHED5p+bUhDyIH2fy9hGyeOUs8nvi+7/HwBipN+nA/PfsPn+aU4l1K6qDoG/i 726 kwyuiWcFFlc5yE5rkAe2J0/a4+HtzNmTK4jB/4GbyI6xlUszPlEqKE+Es10Xut/y 727 UWL5nKKaqpRRd07Pq371MpFQs2+zXt4fGheKzZU3XXrIPcAPyJjWiyU1DzpqgSJM 728 OIp/HtXdFscHb9+Qic8= 729 -----END CERTIFICATE----- 731 5.2. Bob's Signing Private Key Material 733 This private key material is used by Bob to create signatures. 735 -----BEGIN PRIVATE KEY----- 736 MIIE+wIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDmcAXSCVGh/02M 737 EqR7qD7tEus6BF/BCNwf7bObQB/rsUlE2sTBO4662VZqZQDen37BvteqLNUc5CFV 738 6yPCCnw8mmjwB2bxqvzh3a217LU5V3FoIm417tImN+vBKEHo28CbtLwIMbf4RqmQ 739 71/OfalbBpERDq3Ba0eLVBPnU925G2JDWiqy4mTwsEOBQxmUpSxpd8XwYrMmUa5o 740 tGXn/cp+v35vpWQIO7FNlgtnG3r5rf9CRoLcj2bbKA+5u0cUkHk/n6zxuhE5IqbU 741 4HWCwujDx4X1Ls61wYZ6ihkmIlRAJHXg1pTlsjJ8oRlXZhK1fB3O2gQknZ9FREgr 742 7xifCUHdAgMBAAECggEABcQg1fTtieZ+O/aNdU149NK0qx97GLTBjIguQEDDBVFK 743 2lu4PhBg9AdgAUqLH1PE+eq65JaGZwvFH8X1Ms2AKiRzYsPOQIoJ4n1hc69uiEN9 744 Ykcv4QHOvvqtCtWYjJyb5By9WPeLH6QynJ6FlBoSqxhURSWyYfTuwqt1OHEhsUuH 745 d3N5BmbFiRBNj4aIA9zz+i5xL0m33kMKai/Ajj3sI0AJsZ5ZVAhYbC8sCt1Xevb6 746 i41p9S6GSwGC19by+1y9WC1QGtb5GDotvChMvmZS/O3NeDc6xC/LZoQcHNVgiZd7 747 f1g6iEkJlCYK+D7xsd7Y630w75Haj0vnlhiJObSA+wKBgQDxv8jp2D6IVRGgYfaC 748 nUU3Mg70wagX1fgPHO9Sk6e9c8CgORh2uwWjpTawu88xBGFyZ+xnWqr7GCNsltas 749 3m94ri4A4R94+5uL8+oOLC26gMDfzATd1Q3k/h919YLk89tonQEUbCFZJdphThEb 750 vg2W+nNsEVcQGuClzhX0AyGMswKBgQD0BYk3sdGQbBA/hYD1EYsZfYebUiYv2lTt 751 VGRgTohKFclRAWOtGP9YRbKyEVkBLhjgkXzS9xGqKywP71z9Iny+zDGbzk8ElB/g 752 lS7GFGX50TG0ISfaFWTYdxt4mN9pduZE2blT/26uyU8DXCEBhF/OqhwQjJqKTYTT 753 Rl3Ara5fLwKBgQDQyVtjIyD2q8naY2D8c4mo3vHtzyc21tQzcUD8Z4vSYps1hbos 754 KN/48qJmRv3tjqP+o+SXasYKsFE/4pIroLxTVNNkbQm6ektfttwpO1yPG834OwLk 755 97HVWOig/tX6mOWg1yBsm+q9TKTrrvm1pRGlmE6BQgSYYy4r5O4u3VlnYwKBgQCl 756 B4FvWyDhTVQHwaAfHUg3av/k+T++KSg6gVKJF1Nw1x8ZW5kvnbJC3pAlgTnyZFyK 757 s5n5iwI1VZEtDbKTt1kqKCp8tqAV9p9AYWQKrgzxUJsOuUWcZc+X3aWEf87IIpNE 758 iQKfXiZaquZ23T2tKvsoZz8nqg9x7U8hG3uYLV26HQKBgCOJ/C21yW25NwZ5FUdh 759 PsQmVH7+YydJaLzHS/c7PrOgQFRMdejvAku/eYJbKbUv7qsJFIG4i/IG0CfVmu/B 760 ax5fbfYZtoB/0zxWaLkIEStVWaKrSKRdTrNzTAOreeJKsY4RNp6rvmpgojbmIGA1 761 Tg8Mup0xQ8F4d28rtUeynHxzoDswOQYKKwYBBAGSCBIIATErMCkGCWCGSAFlAwQC 762 AgQc9K+qy7VHPzYOBqwy4AGI/kFzrhXJm88EOouPbg== 763 -----END PRIVATE KEY----- 765 This secret key was generated using provable prime generation found 766 in [FIPS186-4] using the seed 767 f4afaacbb5473f360e06ac32e00188fe4173ae15c99bcf043a8b8f6e. This seed 768 is the first 224 bits of the [SHA256] digest of the string draft- 769 lamps-sample-certs-keygen.bob.sign.seed. 771 5.3. Bob's Encryption End-Entity Certificate 773 This certificate is used to encrypt messages to Bob. 775 -----BEGIN CERTIFICATE----- 776 MIIDyjCCArKgAwIBAgITMHxHQA+GJjocYtLrgy+WwNeGlDANBgkqhkiG9w0BAQ0F 777 ADBVMQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQLEwhMQU1QUyBXRzExMC8GA1UEAxMo 778 U2FtcGxlIExBTVBTIFJTQSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAgFw0xOTEx 779 MjAwNjU0MThaGA8yMDUyMDkyNzA2NTQxOFowODENMAsGA1UEChMESUVURjERMA8G 780 A1UECxMITEFNUFMgV0cxFDASBgNVBAMTC0JvYiBCYWJiYWdlMIIBIjANBgkqhkiG 781 9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqtHAlBNMiBIk8iJqwHk/yDoFWwj8P9Z1uYdq 782 1aqIuofvjoAyjdA8TbsBRGdmvaIOSQOepsNjW1ko7lE8HlDs9JHn1E+tzH3mKfn+ 783 G2erY+alkMJTXPvMAUdCA8+e1OJ7k91gYXDpzIWrP3Kc0xTlsJ8tGJ6mhydJX3wP 784 0/HuyHpfKQQfDusPH8S5yidPciWuB7Wj0X4xY1pUAz2rSSAlnGvhEzKFbW43BPjY 785 XPUnRWMtXFya1djq6Eb9M/klbhdZheDLLsjLUSXYU70r9VXGM/qcjd/NhWYphCeB 786 cqswaM5mXLYdm0mFmqoecF62mUE0DiNdhwKTtnefd0cll+D3FQIDAQABo4GtMIGq 787 MAwGA1UdEwEB/wQCMAAwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMBwGA1UdEQQV 788 MBOBEWJvYkBzbWltZS5leGFtcGxlMBMGA1UdJQQMMAoGCCsGAQUFBwMEMA4GA1Ud 789 DwEB/wQEAwIFIDAdBgNVHQ4EFgQUSrOsMVMCSZxN42554CVhlT6IYiUwHwYDVR0j 790 BBgwFoAUkTCOfAcXDKfxCShlNhpnHGh29FkwDQYJKoZIhvcNAQENBQADggEBAC2c 791 Y8FgaxgB+Dx9gAFj35ae1vgzYiWI3Ax3FSxogo/GzpK//LB4215oeBuKXbm0ixBn 792 4nojxD7PMlM0i+ilAvVNJNaHY9TtgIgq8V/C0C7vL8SdBN01e5ZRI764ohu9ivYv 793 Ixvvt7gzvSTpe+NUT1i09xNgsC8v19WB/BwkqMAgDqMxqCxT4fyrvVwpxNBke75j 794 E6Q3xCjfdOWYcfMLK7EsTSgimYuonZjN7v/yqTdjn/iVH+agL/2MlSfiU36w/Yf1 795 7EM09uKGH/Javh+2Vjd0j8rE/q2Iaac5VI91M6xz5oDZUknycBKKinR+nJWMt5AK 796 UAaL2Mjl3YtrUGBpxxY= 797 -----END CERTIFICATE----- 799 5.4. Bob's Decryption Private Key Material 801 This private key material is used by Bob to decrypt messages. 803 -----BEGIN PRIVATE KEY----- 804 MIIE/AIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQCq0cCUE0yIEiTy 805 ImrAeT/IOgVbCPw/1nW5h2rVqoi6h++OgDKN0DxNuwFEZ2a9og5JA56mw2NbWSju 806 UTweUOz0kefUT63MfeYp+f4bZ6tj5qWQwlNc+8wBR0IDz57U4nuT3WBhcOnMhas/ 807 cpzTFOWwny0YnqaHJ0lffA/T8e7Iel8pBB8O6w8fxLnKJ09yJa4HtaPRfjFjWlQD 808 PatJICWca+ETMoVtbjcE+Nhc9SdFYy1cXJrV2OroRv0z+SVuF1mF4MsuyMtRJdhT 809 vSv1VcYz+pyN382FZimEJ4FyqzBozmZcth2bSYWaqh5wXraZQTQOI12HApO2d593 810 RyWX4PcVAgMBAAECggEAEvPt6aAQjEJzHfiKnqt1U7p4UKb5Ef4yFrE7PdTLkeK2 811 RjncIhb6MeevVs8gO6co7Zn8tuUT95U3cOXLhVOWTvaHYeurTXaknICz3IeOoSl8 812 skiVZko70uJ8pR6asWUlr/zOjlEwZ7RnEUWet97oM0YeA07LDFDkF7eUq//6bfzT 813 ewr/QfDDsv+erwJBh+9CRHOJyTuDH1WeGxYV8VK3M6VhdTjFxXxFhrQ4pBe5J/UA 814 17Bd2GM8Urg6VYzVo6x4ajnc1H/ezYLdc459poTffv6Fg2trqFVAj2IrQlAeqjda 815 lemsa6Np801mUGknq3fjKS13RYGBv/48rCHOT8eRgQKBgQDM5TuS4ANQjOYoOgtF 816 xoVjbVlndOo+SmdFkZihzQHxcbLY9HXe5HlbLf1IMXz/nERxl+SmYuuJk0EdiM9r 817 HOCcHRLfBmC7t0GdVvLDHSAX8Ec47LbtKZqyM1U9dn7Z+5q4iywqpaP8pP3+oY57 818 cgtQax1jle3xhRAj65cl1RBmQQKBgQDVbLqK6wKDfSdZuMZGUtOY0rtamBDCgEU6 819 rEqBAyCPy5NpF1pomUFcYKWT/wbReFqtuyq2OyiATB0yHHMko46BUtN7qX/m/skt 820 DHWXVWs1+G4IgEMVokM9jjrkgdY5grrJ68sagKC+bgv35BizHPIqgQuO6qnPSrM9 821 bevwbQEj1QKBgQCiPE/zeBSnzyjeaTdLxGkR1R+ZX2WqdNdYqnQkiWMkflaSmt5J 822 4raEj+GhLC5BZsZ6+z480M6XXFWOwSkbMv5WHl824KHvgKcfoh0OiR1EVyjN1gDx 823 wKOQvjycMhs3FpXn0arjCczS2wGSgPGEpUR4JJhcpfaF6kphZsWDWzVlAQKBgQC2 824 ivbKltNhj4w2q1m7EGC3F5bzl5jOI1QTKQXYbspM8zwz6KuFR3+l+Wvlt30ncJ9u 825 dOXFU7gCdBeMotTBA7uBVUxZOtKQyl9bTorNU1wNn1zNnJbETDLi1WH9zCdkrTIC 826 PtFK67WQ6yMFdWzC1gEy5YjzRjbTe/rukbP5weH1uQKBgQC+WfachEmQ3NcxSjbR 827 kUxCcida8REewWh4AldU8U0gFcFxF6YwQI8I7ujtnCK2RKTECG9HCyaDXgMwfArV 828 zf17a9xDJL2LQKrJ9ATeSo34o9zIkpbJL0NCHHocOqYdHU+VO2ZE4Gu8DKk3siVH 829 XAaJ/RJSEqAIMOgwfGuHOhhto6A7MDkGCisGAQQBkggSCAExKzApBglghkgBZQME 830 AgIEHJjImYZSlYkp6InjQZ87/Q7f4KyhXaMGDe34oeg= 831 -----END PRIVATE KEY----- 833 This secret key was generated using provable prime generation found 834 in [FIPS186-4] using the seed 835 98c8998652958929e889e3419f3bfd0edfe0aca15da3060dedf8a1e8. This seed 836 is the first 224 bits of the [SHA256] digest of the string draft- 837 lamps-sample-certs-keygen.bob.encrypt.seed. 839 5.5. PKCS12 Object for Bob 841 This PKCS12 ([RFC7292]) object contains the same information as 842 presented in Section 5.1, Section 5.2, Section 5.3, Section 5.4, and 843 Section 3.3. 845 It is locked with the simple three-letter password bob. 847 -----BEGIN PKCS12----- 848 MIIX6AIBAzCCF7AGCSqGSIb3DQEHAaCCF6EEghedMIIXmTCCBIcGCSqGSIb3DQEH 849 BqCCBHgwggR0AgEAMIIEbQYJKoZIhvcNAQcBMBwGCiqGSIb3DQEMAQMwDgQI6NTC 850 of68mzgCAhQXgIIEQDuXJ0vv86loQC7vz26FjGylSr7mt6epUVNUtlEn9tbsIjjw 851 IGpu0eRzEk8ezAfzL0R5NaeVKkoFDvihn7NOoclhWPt66SJmiss54pRRkrVlTVwf 852 qY9tHeWQShQQjBU0suq9MOIJYZDfsT+aFJJNVSPNid4mj8npvP3p5d0M7Jh8kQUp 853 Ia+/YWQD8KX7GtJ6ObyhF88gxuWs0a5GqXqE3qIC3ULOQVE13SORmql5Tvxyr9iK 854 f/J9pfWmmr7uHsztBO9mzze872PBQ27Zgc2sojR5FcxHZWFQvUxRkjzMGDh/QC15 855 5j+Nc+eke8KJSh0PoO8/RPbDjbPekPd1JKvAr+eU/ksw205ldcZqVUVyQTLFghr8 856 G8thAh/SzUPeZ5Ag6FLLCxBuaj8HDyFC7hIoYjaNuPd3QxtTrgAuDFzB6+SlEfGj 857 MFxd4m1gXJYOm0OaKE+rRAHZ8KtGnr43vK/QAnSkW6G1evZc0kcAW7fNfAg8Oqzk 858 J84xBrc9OwF+IFMYJteYEGcsb49Djzb5QDwusMDQ2SBJatNsFNMTv8+w79toyMWd 859 fEaqmdQ6GvZOf9rNNSWVgT+g7EGAEUtA1cXrz5cuHdFN5qcKM0+948++A59BB9dw 860 2+J+YSZ/3XxUGP/4zFwJE6ZgrjZYl5h9uqxE+tABVZVvtv16hJgXojFlyRUe6DY7 861 Mxt0a/NomXzNM/cXrqJ1tnhaCSTBdeUSvgQi2U6k9y76Jj4Mc1T7tUG7rZHvyAyE 862 q4WBZ6U+GD89Agrg2pSn+zVS2BJc68P1WRRqsX87yaD60UuGuoIphCkYnxfSCmdX 863 O3aZOG3/3l37FkViFooPJ+91t455P2vyiDS0gfUffpH+jWyC6c4lbs5mmQW/HlMy 864 cKNbIzvlvRhC5xwgS6T8jaJjMTSOdX6G/gxIx+JOmPpZT3uJ1IQtn1Kec0uhq3B9 865 i9pBQwPTzzE0oLac9QHiVDl7EWWfAQQENSKuGkZ2yDx32sdLU62l1N6w3anUIv41 866 cAZjqEB5AWpDPCO/9yVtrpnN9FfFx0q4XC9qkTCwFh07YSXrZ/o1c9XO36wZ9Osp 867 YI3M4bWFDXOdMiNr/RxnBC/cOs3UsYgpnV7Po5hSmxb5Ncew6g7YN71lkY0UXk0k 868 5zCkATF2Qu9wfA35BX+N4eghN5ArQjgS7so6ohw9C1egknScU5CiJJ2XsXGKPxsw 869 L12O+kQRv5/s1QxGbru2C/oKeQnBR8cuWrtYXFLHXhGl8i8pcX0OO6ABYRenqJsq 870 EDJf5MppbN486UivL/mq0dgHHpl99rmtXJaBaq+aSF8bZGZUOTMOcI0mhlq2kcWT 871 F1wrwFt7iMPAg4SxJTAFaxnIlLvesxGQLWvnaQyK+l4Rua9C7HxONrp2tDh9Qwie 872 Yo30dRbOQR4xD3SEHloH9UMei2E8hXMztS5tPFIgKuiTVqQid26C5rcP7kV+MIIE 873 bwYJKoZIhvcNAQcGoIIEYDCCBFwCAQAwggRVBgkqhkiG9w0BBwEwHAYKKoZIhvcN 874 AQwBAzAOBAjEoygdzjeRWwICFCeAggQoV/qxKd0svQ+7Pkd6VDs7zPVlHbxynt78 875 MAz98oshJ0OyG5RXL++heW2+x5u6lmNhD5LjgLjcUToGCYDwJFzqI8QiwgCvcpfE 876 obiCI2+Ev9FZ7H8gRsASIP1DDaiYXuO3xJrAaQM77uLek6T18X+BsmvRWzRpN4Hi 877 JyKFPX5mcBX6AgFaVLJKhZ/GXcTuxFga8uA2sFzxridzgW3120ghCLDx9aL/8JVo 878 9DaxMqo8aS0gL1yasjidAd6bkiPnZNztEIYWBHy7jq468KjmxO6XL3sn6VOIgjRL 879 PSSYcPKktZWhxlQgEg+OdOLzli4PqA/7ILbcPQ/wk6XA19uzmxTO2zhk8lBaGb+p 880 C84Kf2cYaI1RkpHzEmqPs3EpJMbBhwxVT7Gw2nfTmMIKCUfRfxCqtWOhC3pEo/Nn 881 9MnZq5iqb5tJ6tUAqSkXYN+/JEM5g9Yf94m5JAlbnxYDMhWU5Mz0v00hxCd4jn8/ 882 fK0st+vTPpbIFXH6XeKrGwYyKBluycM2jExXsjbLnX2aINShCDuxn/LOO6hYGkcc 883 7+G/kQjacDlbdJ5LtaZwbfU7p4AR+OxaqA4lr5uk+OFcMW2lF+Bbwim2F5gs3NW3 884 1KDtsrgyHTPNal8vjuWtPmZhqBR+0lwmTmaGdVmG0Q3EOthXPmB7k/iRobS/JwFV 885 oi0u6wkwelCkYplObE9RqCjx78Xts+0M/WVlGkjnuhWthv8pvK8L3C/eQLVXLlrn 886 Yf2DlWVQH64S3U/TjEwVrOVNpfqAST7KJy85JWTnShGqySRB8h+LYBHa60YiCBg3 887 Qn6ZOn/aJN+dxOm1JthNJojB6DSt+gEIDr1XWQJjmiy2Bg4DnM8wRa58jfxWi/wH 888 a8tHGpq8DdJhKRIWvOK2YveUQ01KWVAxNnzYmREGHQGEc9d4kp5hBltX7Xh1+OWT 889 zDa9Zqgq0+l2SffVerERsY0KuCo6g7DCOieyDsWJEtKF3LsAcYclWq7X0RYk5ta0 890 MKcG4kXZ6KJOkTynZQTtuBOJ8t7g2u0PxzxZxgLit2ukd5zm8KIdoTdUgz7Q5ZVO 891 ukxK4S9mn6Slfkea0k4mxRh6wttcDJ5jr7yv5iEIvQ3J2XqH64W70fm5tbD3l3W5 892 fyaBxTpmb5rX7oqE0WOjtr1GVurbydUVnvBD7Jxir5tmnGsdUvRPeGYy6x4K86wH 893 b7IU9GEqyS44J/P2p0s+6/tOCtiS1kGRGkf5UEkEqmKu0rzhZVBx2ImqjwmOqy0c 894 xYnPItLdV6FVRX0Pvc7ROnqdRABpNo9bClEENR80v+hnqyh1MARDWOdUCZtccf6l 895 ttG5ihCcK8LunDF//qXcgFZsRvSwzAWhJkHbubpAJmkbDS7Zv25yvo/bG5VyXGqF 896 eAbSQHM5JJQWy9daTEeo41n2tyZu9Ubjxo7w3QhtF3UwggNnBgkqhkiG9w0BBwag 897 ggNYMIIDVAIBADCCA00GCSqGSIb3DQEHATAcBgoqhkiG9w0BDAEDMA4ECCwvAkUo 898 pFtUAgIU0oCCAyAyxF7F1HQNryZd8PlbEy/f1R8MWtVQDEIJ30eTlaate/rS5RO9 899 9MOlglCc43bhk6iHzZuJ9FV/fWlFaJ6JmFPkyLPif8Rn/9EFTXGVq7smLvk0POCU 900 BBq/rI378tu9DbVT1JiWULvvD4bzwvChBSTlzNUo5HGRNfS/J3mLmm35c1ETYktH 901 L05NM86Yv2RUiTpRYDDK99heCYRwflrV6CPv+pJ5mNtniN0L4VtIPhSNczLoUZgL 902 hraX4qqQ82NN9VR+WBoQjvLfJSMtYxqCxkEc7uKG/cu0EJ5QAv3ufvTLq5TajXRd 903 Yb4Vvjxuik7WLKK4lXSMyFgvgY/NRL9zLFETTEJgpDHcfYgMmSKVy9gxZ+8S6i69 904 8okItTqJxnKZM1c/C+aAVaQb+ZiB805ntsp06zCYQljN4cnIlaMphAqf6ht6eg8M 905 77I2/ZTnDw0ED/0ZGVvNKoqSE+Twito4KcZ3b9e8B15gZYhtzoE62x4kHEYYqM4+ 906 TVxey+9pkTGK5Y4xeDld/WiML3t/7G4jdub05Wwnu4YzqHGqKFV6gFgLqSAVlWvU 907 Ytn5/Ox+MjHet0tSU4ByIkbjL8G+nInc9KFBZ7udc/Qwqsn394BT0k/b4LNSvatK 908 JFl1z/VlnA//DyiGc1l1KWqBPLJ+0Bq0gzKse9bCFtNuYPnQf1INuRuCjxhdsCbu 909 CMgu2r3l7lVRscL7KbpD//cjjWza7C816hzZ21TJWLAe5HxmLs7Etnpu+/R7LwYI 910 jpeQPVTNzdnt7FM+bf4rWwkxfoEx/lSvV/Fdp+WGrMZ7+2VK1PHThIUo9yJRN30z 911 aLpRyzLR5i9qt6yyk1cLxtztoBIBmb/GvJEXEOWF80r92+LlI53sHdnqD+0+mgRE 912 LfnsE6vCQE5hyI9lxXalyqVUdspAsMQA5Zs94fctvZ27UzVtE5EuY6X9/4UrE7Fj 913 bdg7jWHVbGO/KvMa0UvgRxbglAJLAN6CwdMT1Cbca01MrmK9pcZBMKuJDcUibmQO 914 mzeunDJBT+BVbNRSo0zKAAfEWonFNgNdqjE9uMXzlhaIbGFlDxXhfPt9NDCCBZgG 915 CSqGSIb3DQEHAaCCBYkEggWFMIIFgTCCBX0GCyqGSIb3DQEMCgECoIIFLjCCBSow 916 HAYKKoZIhvcNAQwBAzAOBAh3So2X8cem5gICFDIEggUIhIUw+YkTW0xCm9S8Kn3k 917 Fm6mI68Da4CD0b/5H2QU0UaMg1DT05TwCybWFIsjdEmHhXALvxQ53nTZyIEYp5Jf 918 6ICOwXBm3Vn5TL9472L6e5RPG2li1IrowR0nzFxr7oiSNWMhmv9NZbBNtHbH9KfT 919 HCMlouIhOnxFX+yP8YzGfiiqNLgHX7xEVWVhLBglJeet6c1xxMHR/b7z2DuI6k3U 920 p5NArfNwbZpT/SzLO+jqBwfFsMPXa1jmqi3W+q0xUt+obsfb7jK7ha9e+oegW7yY 921 fklgXJObY0YxuFbiJYJb+vnOb/qBiO15/b0xifxA/R6X6cv96T79I+9fvUOHQnQ5 922 bEKXFymxd9FD2UtxcWAOhD7R3iwtPGNx4WgEOe2nOPBP4OXgk/Rvq9bTkF/1mojn 923 MN7oer90NsvVEEx0x6Yoayy+ncolfxAeui9LJ6Cso/bYNA7fw9GvEkC9tSCiO65L 924 He9O1qHss08eXUi4Nrp7zh95T5/sC8HU+blhj8asE3ofJGb8l7SrAREoVLI4D3iA 925 xHE7E79i5Lf/J/3eisxZXdL4nU+4bk3fuZqqScQL7BlkZPtzcDJTCcoRG0jvNCA2 926 lWvzfwzrNmo5SWHXQ29It5wpGFJPRKFRIdg88GNxGwzNoxye1pnaQR/9JCjL2RSW 927 RhuS7bIXLKC8DlLlCUgzPoiD8UEPBhNcX7OiOSlgL0KW70qcH+jqVuSq/3t6kWlE 928 i0fL2OZU3s8r0hq34nuXe4pkO1VUTafZ4nOlrLFYsLj67+P/abtH67LUYgI0xZQ5 929 VcywY0BN6CrxCKY2Dgkvf9+YtidysDkS5tfDMYmSEQyAORJVHKvipXeMjTblV5v/ 930 FhgoxXCS/FeqzEHQLioCxVsnluEaE4KukXBdJYpUJg26kuTp+kY/plzq9hLU4aF4 931 37ah/yIwI97SmulsM799Ru1tx0bigIdoB354sj6S2UcSQaEXAEf8i3ljXvK63zC4 932 pDA4i37IGUqHVaH1I6bmmPqBgw3jNW7NMNUsldwawSbDAyRAw2LtI62U4DL6B6Lb 933 1Cri2oAydd6YogP5eGYxfYEpjzIQ+jmElUctKPc63Fc8OVINytooTi6o/SIwDovp 934 WT+6liQ8M2vNcH4NSGitMcp98K1RnlstAErNtNf+pfe0NoUP9f7xpajiEFKjjTtC 935 FHY2eOrdaaiZG9xjOuviDmJ/4gvtdfCjpfOrwtqeYiHFvmWYgxiUfMFvuMYTYGJ9 936 LdVS+rWYrjC+srQi2lPyci8JzRZFG3SV7OktujZFHANqpRVF4mFBV+hR7AYouU89 937 BpkjFSkOFSOBQF9eEbK3O+6iiWYznrDie3CW2chuK7eeYEj9z69xBKJ+pfNuji1w 938 jx7UiSd7Wfdhohc2MKPuSJYVXCK36xeN2sh0YpmFX0o23PL41XooO9M1oTKGxPNJ 939 u1O3gGOV9Oeczd8+mta3OEM0TbGhA/Uwgpq8itG1CkL4nzaH3Gt59l3bL7ACyM5X 940 Pl8eve57SsQcarGbLs8pN3KBOC8p/ETo24WZdDJSzzAf+Kk/ObsXgFcH/u+0bi4Y 941 TnnrZg1O4Eiw3WJHpaRshAwrt1l4wK6R5QDIMRS2WxTzW1k+CuP13LG2c6x+SexW 942 zMwhkDCrNGVubXnfPwbwUGXes1+jMr4vWkklFSFJG5vR0ol8wwVbTFt/cFgv0QjM 943 BOsZDYlXzziQAoERKa6EBvl4d/ygICU3KzE8MBUGCSqGSIb3DQEJFDEIHgYAYgBv 944 AGIwIwYJKoZIhvcNAQkVMRYEFEqzrDFTAkmcTeNueeAlYZU+iGIlMIIFkAYJKoZI 945 hvcNAQcBoIIFgQSCBX0wggV5MIIFdQYLKoZIhvcNAQwKAQKgggUmMIIFIjAcBgoq 946 hkiG9w0BDAEDMA4ECJJKzeDj9Jy9AgIULwSCBQDqW3Z5nt8HxRRIJlcwYDdGa8lE 947 TK58VexJYzhLMwO6OtM0J6JyhKcknJYIWL754aozGhFh3wJfP0YJ5u2x6lWeNJwW 948 1mRW8htE5MR1FntBeQC1+KrhmwDXhPe03/r1yiefs6lq33MuB2N9WZCCKr7SLcFA 949 0UdVZNM5sbm34/7c2QMbl/yp20mE8dypNsjVFuUX9ermiBkTQiNdp5mENpYkualW 950 I22asZVowGOQdIgwnW238RMO+Ai8/1tY3H7kvR50aziujLDwVY9LDRZLEsmD5YXt 951 BR9BjpGwvPMx9kq2pKvpbVamS7N4jdEWdMNc/v0/hl/ZIBmxroztkd+IseV3ntJH 952 gCufXSNzSjb2vOUB2Ouu9mH9J2wpIW80Q9g297aOoV+MOoWrqkjJzcKz887/MZ9z 953 UeTBj8eLxUgvw/udhCt7t6C+xfyNqvMEVKRb4TAKu7f9vsI750n1fXkIuS7h9qQV 954 H1PKyVCl+WmfV4soJ71UVW86oMdow09PCmzIDAut0mRJ6640Tez7umv+PJd3WLk/ 955 j8ge3RtFP0S5sQ4fyhmaP43ZkOJkybLvap1EW/OLPaqd/rSS1sLQwdQ4kaqJlouG 956 1iyVK8pLgobITNwZfRzvOakKTmo35dQkYzixB2zuJVY7ZXuiDD/7sWRNfcU8J8XT 957 z6Y+p5Cr+3MKbrWzw5agJ9+TtH1fORqr6Fm0bvgfhVDl5lGgBQNTgwg+2Gy+qFoF 958 qVoFwKpnCRutB5rFiUHW7B1fKp9RL9BZhdvNfTb5tlvDlK06uiemwI2nvnEQabAN 959 Toc8eZ6d6yqrlSkYj4xbyneoL7ydkViKt5gCB5+F+diTt40IN5PDJKLkemUOdwGy 960 BTbWvcwAFhL5hChoHQguJOqG1J7zq6Hsh4H893s5gVWBOshfadz78vwE3aPnCZ4Y 961 ZX/e9uiVsq67N7EblcB7IcE15y1bR0H7MXoJXumjCJx0VxZbRv228NrvUsFx+mFn 962 so6xsGZCrH62hkqI9lSdlRyCLxd+vjyg7xQOIXqVTIeGHP/Kie0SJNzYf2bsdrNU 963 A1EtlA32ti+My8eko2X1PFYCg3mX9NY3XoPJpacvpzZ5Uj/ie0Vnl6q8S7PdOjqx 964 YlT7QBk/qPGKCiIYyG+TRKDLNr8vTNnOGVUVxsp5vp36Pf3vaCzeddrUvd6P7Puj 965 1ymz4dmvd/OOuOCtZ9lFiOqD9bHZ4BSwJR6Myr/jrprRIBGQn7QCqFDSg2N1lXqa 966 1tqxKF7tRJIkq2UDQmR3Sgiv+wdQGlGNRiwNGZmNme8O1kRTbT7mCjmLfYWD50z6 967 JP8q09HS+1gXfYqfbvDLQTHMQl/fxL/zmkF8xlMqtoLSIDkNvesyiT9g/JwN9X0G 968 hanzi3B3kMWI7lqkhO+If5SNI7Ct928YQTEfPEm79J1UGmXZBtdt9lOKK7M5b6F0 969 5TCkOp7RN7SXw+UGYx53kUspR0HNwqRa7rqXT4RodxVcnghGT4qA/rb1uQZZzWnv 970 TuuZolIhOxpdmhJVZdQoEWVx/w/EERdNLivqzHykeiv7OiSy4FhrgWWmWipJRB2v 971 cgezn/v8XSIG+KJKRLzyfx44P6senjcgmKRBITgJ85rU/uoLNGjLjEfwQb6x5Lit 972 KqNfcqN2PB3q3/Om4Ft5BeWk2uGXAObLe98s27rZe0iOT5eqyftyiWlMXLS0bIkg 973 xSrxDA2LJW5Gf8F58zE8MBUGCSqGSIb3DQEJFDEIHgYAYgBvAGIwIwYJKoZIhvcN 974 AQkVMRYEFBfFhHvQp+92kDi4s28IvJK1niuUMC8wHzAHBgUrDgMCGgQUFQ+BtZ/3 975 gX+Re8eKDEP/OBp2V1YECDNLqWo6a8ZVAgIoAA== 976 -----END PKCS12----- 978 6. Example Ed25519 Certification Authority 980 The example Ed25519 Certification Authority has the following 981 information: 983 * Name: Sample LAMPS Ed25519 Certification Authority 985 6.1. Ed25519 Certification Authority Root Certificate 987 This certificate is used to verify certificates issued by the example 988 Ed25519 Certification Authority. 990 -----BEGIN CERTIFICATE----- 991 MIIBtzCCAWmgAwIBAgITH59R65FuWGNFHoyc0N3iWesrXzAFBgMrZXAwWTENMAsG 992 A1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxNTAzBgNVBAMTLFNhbXBsZSBM 993 QU1QUyBFZDI1NTE5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MCAXDTIwMTIxNTIx 994 MzU0NFoYDzIwNTIxMjE1MjEzNTQ0WjBZMQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQL 995 EwhMQU1QUyBXRzE1MDMGA1UEAxMsU2FtcGxlIExBTVBTIEVkMjU1MTkgQ2VydGlm 996 aWNhdGlvbiBBdXRob3JpdHkwKjAFBgMrZXADIQCEgUZ9yI/rkX/82DihqzVIZQZ+ 997 RKE3URyp+eN2TxJDBKNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMC 998 AQYwHQYDVR0OBBYEFGuilX26FJvkLQTRB6TRguQua4y1MAUGAytlcANBAFAJrlWo 999 QjzwT0ph7rXe023x3GaLPMXMwQI2Of+apkdG2mH9ID6PE1bu3gRRqIH5w2tyS+xF 1000 Jw0ouxcJyAyXEQ4= 1001 -----END CERTIFICATE----- 1003 6.2. Ed25519 Certification Authority Secret Key 1005 This secret key material is used by the example Ed25519 Certification 1006 Authority to issue new certificates. 1008 -----BEGIN PRIVATE KEY----- 1009 MC4CAQAwBQYDK2VwBCIEIAt889xRDvxNT8ak53T7tzKuSn6CQDe8fIdjrCiSFRcp 1010 -----END PRIVATE KEY----- 1012 This secret key is the [SHA256] digest of the ASCII string draft- 1013 lamps-sample-certs-keygen.ca.25519.seed. 1015 6.3. Ed25519 Certification Authority Cross-signed Certificate 1017 If an e-mail client only trusts the RSA Certification Authority Root 1018 Certificate found in Section 3.1, they can use this intermediate CA 1019 certificate to verify any end entity certificate issued by the 1020 example Ed25519 Certification Authority. 1022 -----BEGIN CERTIFICATE----- 1023 MIICvzCCAaegAwIBAgITR49T5oAgYhF5+eBYQ3ZBZIMuujANBgkqhkiG9w0BAQsF 1024 ADBVMQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQLEwhMQU1QUyBXRzExMC8GA1UEAxMo 1025 U2FtcGxlIExBTVBTIFJTQSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAgFw0yMDEy 1026 MTUyMTM1NDRaGA8yMDUyMDkyNzA2NTQxOFowWTENMAsGA1UEChMESUVURjERMA8G 1027 A1UECxMITEFNUFMgV0cxNTAzBgNVBAMTLFNhbXBsZSBMQU1QUyBFZDI1NTE5IENl 1028 cnRpZmljYXRpb24gQXV0aG9yaXR5MCowBQYDK2VwAyEAhIFGfciP65F//Ng4oas1 1029 SGUGfkShN1Ecqfnjdk8SQwSjfDB6MA8GA1UdEwEB/wQFMAMBAf8wFwYDVR0gBBAw 1030 DjAMBgpghkgBZQMCATACMA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQUa6KVfboU 1031 m+QtBNEHpNGC5C5rjLUwHwYDVR0jBBgwFoAUkTCOfAcXDKfxCShlNhpnHGh29Fkw 1032 DQYJKoZIhvcNAQELBQADggEBAGV0x0OEzgYlRKixMcztiikxxJDbmRat1pcipD15 1033 1n8kiBoGhsT4fNZJVoL0OQBa/WTMntL+qcAk2itqZCNIeZeGklUljXBAz5tkDRAF 1034 f/v99LEcsZTcuIbnJqz35danQkp4/upG4hPkfx+nbc1bsVylrITwIGOpnGhz7z3m 1035 VCk03DFE3Qt4w9mlv9yuMse33nmsBGXog/XZvM2JRY0iKt0xksQqQD9uYm7MoMeH 1036 qQs3Ot7EaoPj54xyWvy42run6TLUye64D94SNjB/q/wjL96bsVIKGrRn10T1ybCh 1037 4F5HD00hQZgP15Dlb1rg+vskN8MSk5nuD+6z1VsugioW0+k= 1038 -----END CERTIFICATE----- 1040 7. Carlos's Sample Certificates 1042 Carlos has the following information: 1044 * Name: Carlos Turing 1046 * E-mail Address: carlos@smime.example 1048 7.1. Carlos's Signature Verification End-Entity Certificate 1050 This certificate is used for verification of signatures made by 1051 Carlos. 1053 -----BEGIN CERTIFICATE----- 1054 MIICBzCCAbmgAwIBAgITP14fVCTRtAFDeA9zwYoXhR52ljAFBgMrZXAwWTENMAsG 1055 A1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxNTAzBgNVBAMTLFNhbXBsZSBM 1056 QU1QUyBFZDI1NTE5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MCAXDTIwMTIxNTIx 1057 MzU0NFoYDzIwNTIxMjE1MjEzNTQ0WjA6MQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQL 1058 EwhMQU1QUyBXRzEWMBQGA1UEAxMNQ2FybG9zIFR1cmluZzAqMAUGAytlcAMhAMLO 1059 gDIs3mHITYRNYO+RnOedrq5/HuQHXSPyAKaS98ito4GwMIGtMAwGA1UdEwEB/wQC 1060 MAAwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMB8GA1UdEQQYMBaBFGNhcmxvc0Bz 1061 bWltZS5leGFtcGxlMBMGA1UdJQQMMAoGCCsGAQUFBwMEMA4GA1UdDwEB/wQEAwIG 1062 wDAdBgNVHQ4EFgQUZIXjO5wdWs3mC7oafwi+xJzMhD8wHwYDVR0jBBgwFoAUa6KV 1063 fboUm+QtBNEHpNGC5C5rjLUwBQYDK2VwA0EAwVGQWbdy6FQIpTFsaWvG2/US2fnS 1064 6B+BzgCrkGQKWX1WgkTj4MEOqL+0cFXLr7ZQ2DQUo2iXyTAu58BR6btcCQ== 1065 -----END CERTIFICATE----- 1067 7.2. Carlos's Signing Private Key Material 1069 This private key material is used by Carlos to create signatures. 1071 -----BEGIN PRIVATE KEY----- 1072 MC4CAQAwBQYDK2VwBCIEILvvxL741LfX+Ep3Iyye3Cjr4JmONIVYhZPM4M9N1IHY 1073 -----END PRIVATE KEY----- 1075 This secret key is the [SHA256] digest of the ASCII string draft- 1076 lamps-sample-certs-keygen.carlos.sign.25519.seed. 1078 7.3. Carlos's Encryption End-Entity Certificate 1080 This certificate is used to encrypt messages to Carlos. It contains 1081 an SMIMECapabilities extension to indicate that Carlos's MUA expects 1082 ECDH with HKDF using SHA-256; uses AES-128 key wrap, as indicated in 1083 [RFC8418]. 1085 -----BEGIN CERTIFICATE----- 1086 MIICNDCCAeagAwIBAgITfz0Bv+b1OMAT79aCh3arViNvhDAFBgMrZXAwWTENMAsG 1087 A1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxNTAzBgNVBAMTLFNhbXBsZSBM 1088 QU1QUyBFZDI1NTE5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MCAXDTIwMTIxNTIx 1089 MzU0NFoYDzIwNTIxMjE1MjEzNTQ0WjA6MQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQL 1090 EwhMQU1QUyBXRzEWMBQGA1UEAxMNQ2FybG9zIFR1cmluZzAqMAUGAytlbgMhAC5o 1091 MczTIMiddTUYTc/WymEqXw8hZm1QbIz2xX2gFDx0o4HdMIHaMCsGCSqGSIb3DQEJ 1092 DwQeMBwwGgYLKoZIhvcNAQkQAxMwCwYJYIZIAWUDBAEFMAwGA1UdEwEB/wQCMAAw 1093 FwYDVR0gBBAwDjAMBgpghkgBZQMCATABMB8GA1UdEQQYMBaBFGNhcmxvc0BzbWlt 1094 ZS5leGFtcGxlMBMGA1UdJQQMMAoGCCsGAQUFBwMEMA4GA1UdDwEB/wQEAwIDCDAd 1095 BgNVHQ4EFgQUgSmg+iOgSyCMDXgA3u3aFss0JbkwHwYDVR0jBBgwFoAUa6KVfboU 1096 m+QtBNEHpNGC5C5rjLUwBQYDK2VwA0EAzss75UzFuADPfd4hQdo5jyAQ3GvkyyvI 1097 BdBGnWtJ1eT1WuMaIMhi1rH4vPGPd9scwW+sqd9fG+pv3MShl+zKAQ== 1098 -----END CERTIFICATE----- 1100 7.4. Carlos's Decryption Private Key Material 1102 This private key material is used by Carlos to decrypt messages. 1104 -----BEGIN PRIVATE KEY----- 1105 MC4CAQAwBQYDK2VuBCIEIIH5782H/otrhLy9Dtvzt79ffsvpcVXgdUczTdUvSQsK 1106 -----END PRIVATE KEY----- 1108 This secret key is the [SHA256] digest of the ASCII string draft- 1109 lamps-sample-certs-keygen.carlos.encrypt.25519.seed. 1111 7.5. PKCS12 Object for Carlos 1113 This PKCS12 ([RFC7292]) object contains the same information as 1114 presented in Section 7.1, Section 7.2, Section 7.3, Section 7.4, and 1115 Section 6.3. 1117 It is locked with the simple five-letter password carlos. 1119 -----BEGIN PKCS12----- 1120 MIIYJAIBAzCCF+wGCSqGSIb3DQEHAaCCF90EghfZMIIX1TCCBJ8GCSqGSIb3DQEH 1121 BqCCBJAwggSMAgEAMIIEhQYJKoZIhvcNAQcBMBwGCiqGSIb3DQEMAQMwDgQI7xhQ 1122 zoEDt2UCAhQIgIIEWMgzPbEtNf6qVctx2p5i7x6wAz15AjqfNv+qiIHQtPljZ23b 1123 BjHWAdxuri+jbwV+jY1JWwMG7CvikBZN0EeWkjeTC5R6RFz0QPoK5cetdcu1gyX1 1124 /ugrG48vgnrNwxfZOaBzRUuudLB0FI0ns436XPPgAPx9lCZ+jZesjfj38mSB+qb6 1125 SxFbZc9ix4bMgPMqCyjF6o1TL25HGCfN562sNcG/xLqNT94wvw1Ofibd1ywuunlE 1126 Mm/L/G31U8ZehA27XHHSKXOTkSxQ7cNCh9ZfU9tpFm8XMo6s30BQRCHubF+VLzso 1127 7xPhtc8/ldcl9MyLnpSBzYhPbHwIxbDo9DxqN7N8latA+WKXT0YlR+bCfF9XQnbH 1128 xFKk08U51XCT8mBp8BdAHp2n60XwDfBm3eQPJfc5TOyfoLOEkJNbC+dA88hb97zv 1129 Uw8bW91YtiU2XvIrKUajJVlXHCBFZnCnFwst+f19T5PFGPAj7s4mZdPWnQTtLyjw 1130 pHnuT4/U5w1sHAvf2oZ0PdUNq/yqjdKARxsRvS7lBTcci89Lto0OwF4TRzi/vdFZ 1131 X5bBhf/WYY6gacG1X9pzTPl5qp3doOwwhxXIvoneQFVAP21yI0imrus+66mxB6Gd 1132 wQf8iZMniS/1Gpu1N5XUUSL1B/qcxYK72YOK12ChpgzEETwJ7Y0lYrbOsJt8IhE1 1133 WxsDy6nWLA2c8/1OU16l1mIgrVoKVOs0ZkK2dCDYdr0qKqeKgdHqp3INeUKX1ZQo 1134 k/kYAD6Mo0QkjW5fPbt/vQWSspjTKzpcz3NgQYKMcFqlB8P186nb4BvrDky0BM3i 1135 P7mXpcRb42WSY77xpeUDhUg1q6fnlTdtm5NdUZkuSgpHpQUrs945KTkxfLReErSd 1136 15OAAnODb5T8+5JdXOLAgHnPPezRuof1LQZsytsx4nC92OrboC2Yn3hHEqcgqQYE 1137 BywzDNGuA8ISEmdKvo7AgaJvoFEvLDmas8T5I2yuWQ9mDXMurgKFxheMSpHpZiPc 1138 JE/n45ooSH+uX3HDUVmjUOYQf35udyurbS772Zrptguek6VdjV3F6GV0Q4X3wIo9 1139 llV+aFe2/v3Mm/tt+h0KW8XVfBOB62uvb7ac7ipBjAHBeGYFQeVkmI0Nzvizk1lA 1140 jKtmIGZ8MwBp2e6rpu3g9rCbCz53LxWB4yJYgGc6NQmWxWQGjLUqdOkYuQwEdjr9 1141 6hpZbtXvXs+jcDO8OACg9kfjX6EzK2kVXoGdy7tPMH6ElXEaSf4tzIhfwvwNapj5 1142 7smeQbXQj/v9HC9XbgdslB89V1wAcU1PG/xBjEulm6O9EN8xhEXfegzIGxJ7JcVq 1143 7kaxdX6BPPH4iW2Bwbv+FFvSQOwMf1SVjpE/LcV5JxkYrfT2cEinTcZsEFfP5XOZ 1144 aJw3xmya24L2ynjNfljmpK1xg38OkzeCVebkeQ82OAYequb/iTz2yyfaeUoXbNlR 1145 wcc++JwAWlkj6FS/dy5gwLTGvUBkMIIEdwYJKoZIhvcNAQcGoIIEaDCCBGQCAQAw 1146 ggRdBgkqhkiG9w0BBwEwHAYKKoZIhvcNAQwBAzAOBAjBHiWMROp4AgICFOKAggQw 1147 FC71dSM3kMdsEhcjRPE+6YRmvktReM0XxK7+5FTD6tGJsl6gglHIre4gC3LKekFp 1148 4P346gebmSflwp1v/7ReLpNPXngK98HXfVcxHYFXWKOYdgHSVqGBbpH6v961C6XW 1149 PGwIvQ9+H6R6Np1gw3CZ2CJN1paFKmciHmCDkc1iPKbr0I8J5fruol7SS1WMnWFQ 1150 AWk+EuR+Di9vNYD0+7QyNANu1Ud9yvlLaPxCcrgZBccXe/om07penmWPwVuXq2aq 1151 zc2/vUq3JLqrg5d5OiP4ZEwksvSIBzZSNlAM08D1Ez4fDmMt9iRvlztujOKad/Gc 1152 bwhhy/kUZ+HliTA5ItnZRJSXtsICwpH2DqJ4MnvtQtOjcl72uyFOigC/DANDjSYo 1153 YJn44h4dx351AyuF6wpyRwYfaXzjAaQ39SsEQpvSzzZmKYrsgjQEwIoWv0EcBvqR 1154 AQjHVBnJK/ZFNhTHDlD5RrXtkM3VLU5zhiNtsMWAj0gAN0DNBqHP8y9ZqVInWWjF 1155 YvoThcpHuwKI+pRto0fLsZxwWaZiCqAs8tJpF/iXcUoCm6+eGXNBBbBwzABaMC0S 1156 c3HyhQ9luuQeq0m5WbulGfXKFA7OAo+pWnivbHjIoEOVeJgnLYLT2ImOOypKYepN 1157 48kyVBAJ8y5QDnG82/4GU7VSW8ZztIbAWzhVFuEejuhd3V6bvPxI36lYrPeObees 1158 c1WuaQgDvHf1VFjoGCZRDW0Nw/kxmvWqwnfLmhZVo8LbIJGTstMt+rNvAD7zhtCM 1159 M3LhWfT/IYI4xCQFpP+ENG9DZFHpVorRrAVu9OwbXGSJOGUx0ISlZiBA3Gtou59W 1160 NN089EprACk7VDIQlzOS8Ox5vwo8UwqEKWt+537xIbclanc6pIYz6F6RgwEHb+T4 1161 4xKEbE/cNLJHQEJJZ8tF4afN3DENPLMnDoyAbetPrJILomZEayKfkY+dkXFGiyxU 1162 xslhk+JR7Utc4e+WNCZ0hnUyid0ZE7qjMUFSzdYoSmPZttM4zRh4qpCfXTyhvQkI 1163 G88dNenQ/b51VCCNfWqRKytrpnhZQYKd7SuNQLh2GAL/urlWtYq5rDRDKGLv7vmu 1164 0NloL4xJjWVlUSGsSjlOigZNfvphEDqYimIGXhiU6uAQN64suvWMVMNoNIwcZVrP 1165 zZQUky59Ct6ahnc5cdSwWWmwKxJj1GHtvn82tMoR2LtERJMx/hEdqrCSNXvrIeZl 1166 ozwSh9mXupO6Fa0KIpf0txZl6zK1/8F3xvly0lyxpsYwrTeTlGKm2y/RMUYp8tDJ 1167 zUZu34oeOogonerOnSIU7kEM0slXJs16lIrReFI46ZQ3XGB98MLuCser+5SzzgvY 1168 Bf+alMAiz8qUTFMBuLFFoM0IRCsSmaaclSBB2NjpFOVjR+sajmxWEcN4lPO604Ru 1169 N0cFylKAYe9BJlxhNFx1AjCCA2cGCSqGSIb3DQEHBqCCA1gwggNUAgEAMIIDTQYJ 1170 KoZIhvcNAQcBMBwGCiqGSIb3DQEMAQMwDgQIkUQBCq0OgUgCAhQ3gIIDIFJKEkt8 1171 ErFDpHJT+IOyrxR/ULSFmO5aBopLCJd44vSqxcHl1EEH0LQ3bAedxiiI8Go4iy3H 1172 Aw9nvpyvkZTrXWfhZqgsLsuD3AYHVHVCO/9pmZe4gWuWosR7PMI6RUoE4f00My5+ 1173 kmm5gRpJ6Ol0SUG7yZ5P+ESc7emwkjzPqQds29WegzFgU4lLVk0UMq76a14m80or 1174 kWpjWpWddkid+Ku7cr8vU9BOpkTObmg9Gd8T1GGliQa1UvvyOxRKtdwOMOjM0OBs 1175 pmc4RFNk49zLbsTaOZIgiv2CN6aCL7ZVqGNrnHfkglKV5uq119hnTkr8rPvXqgcK 1176 vnc6bvMQUp388wzYzjkLQw0oS8+Jr3NaJefj65e0MZlPOOA+uGPHKo2XXRndy6np 1177 /ASNEj7nAYQUTBwu4/GIdjmaCwauTiyvYMZOyVlp0mISZ4+YfeZTFqpjX/K39RFK 1178 ubLSQHpevhn5vFUO90/94U1FQkLCGQ1V4xcDe2SZe0NF3B+dJw5R+NjE8Nvv1VfQ 1179 isw/Qv3MlTTqz8VFBtbPdg77rwzVnSJuHinrVW9FwlDTNA9hhDbnBeZdyZkeEBUT 1180 ddjOGGeudc6SYbp4Dy9hsmr5x4o0GKsUJWyItO8+NPbKfFYpYB97NsaoiNQN1wXG 1181 LD8zKNZ9VKlpeW9n8b8/j61jxCiWwQILeGAuDsLpFxaQEtOBiDmzXKZjC45Efp1E 1182 +Wps/rpEIpYnAF6hoj292amDbenkPsq0TlYuo3u1M4PqqBwQ0FC72ssNlM9uUNTI 1183 G1q83GH3snnarr59+DpiIaTZkEhj3fBh+9dJnbzxPhHT2d0cze4eTF3nhG9u1cxL 1184 fE1qruycIWkHXF0XsVnzw6CwEToLWNr06QOjsKBTAsMmMd0w6WWeL+b1DO26avlu 1185 6tx83SCPp7EoxPdwFYB2Jqg4+KT/L87RtuPzHlGeFsh7QhCfI8Qk7CAkfk67Zhv1 1186 PFWsYKcJZvAuZHZXiSrMPY9NEB2DaDBGN/DFnwk4JVjlj9ACJ98MY+c2id8dkuTd 1187 ejwtalC1VPehC2HhqRR/9oGnIFzh0drCi20JMIIFogYJKoZIhvcNAQcBoIIFkwSC 1188 BY8wggWLMIIFhwYLKoZIhvcNAQwKAQKgggUmMIIFIjAcBgoqhkiG9w0BDAEDMA4E 1189 CPaeHSwq2qj1AgIUjgSCBQA6OexrotUYcswY06ija4HfeLQQYbDA9+UjC5xEi6QX 1190 FRIAXfT1zoqZ6R+9sYnyCNqZWRzsKR6+OswWSlPjsgC6CXI3YO/MjtDo/MSif6Mw 1191 O5ZIxqPYcbslKDF6Og7MQ8C+tRu2qfu7e6ufkw/cyO3BXNyOU6tS7iCbNlVn28EF 1192 6W/14HvXsQ4mv1yAwvoWa5G9hettvwxMIL3KADLkEI40abpzbH/LOMXEAPHghunQ 1193 xijllviwYQKEJGqJmtShpBOxBGHkTik0b8xJK5LfX+oSowehO8yv7/z52c9x9RKY 1194 p2jLPudBByeA93iWhaUIe+p3ueexS4hmjegshjXE3LBm9ppZ1zWhJr8ipA/DY/1g 1195 KGy3tM5OUYc8CGbWstJfQ9dxsse8qG1WmwhNtCj5heXWMGZgsbt53+eSoirgJVFq 1196 40NzVryc3BEc+JS/d+U7MeL7ySdvGRHZ9kb8ItdsDcNAPMhvN/XXhALSBs5GWec5 1197 dqAUYyd5GREVCOqoPkKx/secOOGUkHl2unUD3ub+6JDXplSyiQulS04EXLZJqPWN 1198 yEK2wWCPsWquhTvVJCB6W/xcgtdY0zq7fiq0sZf6qPjb4s+hIDZXSWENh1VnuJBg 1199 9e40G/jh4M+vEdrLPpOLLCEhpiVxzRyQG0eP3EL8EWBZd71lX45VgGt+ZXVoNuDY 1200 PcLuQAHYcN8Sixg+8gTakuJGUwYGBy5tRjAWGGdtd2cuWrvtKxjooP/gLQ8hVAFi 1201 Dedo7ab5t8xar5lhG2ftAH59CqP5+Sr3ZpIkldu1lxlJHxDO0Pws1EyVkwllrxNO 1202 li3ETTwUeyENPswGPN+cTgKMJvPf5sCVlUWCS7I7pRPUUx5F4mebz/Drgeuqr54D 1203 feXu4zvDxUHUQGrb6g2bIxlvDU6/CJo11LVpRLRWWc3YfBSvOYwUjCehyK2kaC9/ 1204 FhlRvqDZGuFFjKB04QanP0M7H6f31iH05a2gakxYhWw9wPysEw+Te/KJp/TBJnsX 1205 YjQCDDi1A69Pq/Xo1IONutCKKq/gQKpku53acvTYtdEscbNEschY4PWjbsy8h/tF 1206 HAm90g3eCxGqIU18Vb6bErm4x/wurBw2025yXTK4LEOc6ZyZi53RAsUBPjcob+xh 1207 urBScAwv1mEIzH5luy5yvF/jjkJBl11SgYVfRZFTEGZs/l6h4REGwe1SaCyCa2pn 1208 eojFOlxk1pHe4QTlbjfv19xAvurpzUu9e9Hfl7M7c3V3WFXiyMUlqNS9CNRDEj4G 1209 Re35XVrehDrymodsAsIzyxU1iQvAN2BD1BeZI286YagK2mZX/q/YWCq2s0HGyESa 1210 XdBoVm7JzkrQt4q+Am4fi8SNrKNVQD8x3b7UQ1EQ23L/MnS3+p2jaw4evnrnuoy3 1211 eihOofuRVdbECvMCurGom72zCjC8KcVZ8yssWYIZKQjRr3dgdGUFiaJ6jA+Xgxws 1212 2GGMgTu6G3/Y1AOrF96qC0G6geHjPbByWGKKSPEqswyllsYlk4m2j+JU/BEh44+8 1213 lCdPfg0eAkanNdyJoXbYBxFRDaAxeKUEnNtwZ/wo4yLAJBdoo2extWP/9kvrEfII 1214 qqiVUAZNS2pKx6apysRtRDWzmm4leoc41lQ7yK+OT+d/Kkq9iiFrpj4esbJYHe7C 1215 RA18+Sc4nwNAsJrF4zBWN3eBfxk1YRDT8zTEsIyyMpes1xHm6KJq1rpfWDdjpEgJ 1216 IzFOMCMGCSqGSIb3DQEJFTEWBBRAtwlRIx9e+C9k2MGQwb2AVNthojAnBgkqhkiG 1217 9w0BCRQxGh4YAGMAYQByAGwAbwBzAC4AMgA1ADUAMQA5MIIFogYJKoZIhvcNAQcB 1218 oIIFkwSCBY8wggWLMIIFhwYLKoZIhvcNAQwKAQKgggUmMIIFIjAcBgoqhkiG9w0B 1219 DAEDMA4ECMEFrpUx/mJTAgIUIgSCBQAJ3iJnERsIV+zUmXifQtXp08dtGZ4th5vJ 1220 1sGGtredTpyG/xZCI91P27VtdvAJLJO1fvqRVTqwztJJ109vimnYaeMlnQPwFjmE 1221 tHATQcrpVPd4k6Vq3DnRKu71118pR4nTNnCS3IzwnTgGZeZJvz0wOWdqOgrUX7v4 1222 DuLvMOmecTBWvJcy8ypN2itfuDQ2J9o/G3kmExzmDkHRuFB1LtkCZTus1JS7AJ8Y 1223 MnoWJmmOItF3lDURRxOCFY4fhs+EEhOMz7gvvRWxtnUXqNj7hq02shVO8zDjUgxL 1224 oKMOfD3hj2O+3+woRrvvTgVHKP/rlorn/m0SYy7JCcJ+oC3PPhFqlDLKFsBZfqgE 1225 DWezGXAvevOnHVVyqmNo32iSV8kJggFwv1K6tJkR55lILvwl/dKeSiPk7NpImngw 1226 /5vhTCLAelZMU4QqdTp5tFgzKcH25kU4b6DFKs4IGRDXbrdKEk8TV4jNIoivv4KS 1227 kKjPVdkXZkqmn39e8D2VGDb6j/t1hD3kI2WgYwWN5GKQlcWIwYdVncINkimkjmlM 1228 1rTk6hF8rma/BiN6RfJMs6JsNduLIKebtiMoVLFc91MwQbAbY0GZ35GTKunQURrT 1229 abAJZiVOSFzrArLEsEteQBBu9kph2rdwMIv3+cAVQDsYckAhQhRDXQwvOjYnUwsM 1230 XB/Xde3hkngm6g+4ZYSftC5pKOhBamHoR8q0xggFmGA2gsmA/AMCkamhrhfYDYlG 1231 Bg5SZJwZVI/Wq+8mpZ+mXKsIkKo/piYVXl/RLSJLmksBwg5nETOsQtAh0wzn5Fv9 1232 sqbcJzVboZgZ+zxbGQW6d0MNFoFJ33G6CJ1tGmqS5TK1BuADGGCZNNSph4IK/WW7 1233 /8XHS1Vh4fs3XMoqlA50XNtk9Rymxb9Vwr5CbRGUzVT0mkJbPm8M5SzMSWKawhfv 1234 F/ecrBdz+Z+nN05ULBIEJXv00fLZZ5dNNWs+Nwa+A1NqSIjrrvy0rkd42dneA0ss 1235 kjMCsI1qy/pwmpxBOnvGu2/GN6pWqTm2kNuJtFSWnGUU6zecz0jP0jC10j33EQAl 1236 d22usIzIA2VGoojA7xO07UacQ+w4axa2eOOATApdU8Vs+621GO2Yb5On27aEMbs2 1237 dm9D0XoION5u1hXfgSg175sVA0IStIT/2ktkyC5fUJJYDB4klpPG0EBTwRfqOvqG 1238 Kf27ZDhxHY8DZySh6idUJMAGfMpUnpIOlX3tWroRMEMWBnao7Pfy9n1Q1ySGWFRo 1239 DD1BkfNZXabovM6qdpGD2zbp+MAFF7l/fsV4otDH2UjC1jpPyibVyUYme3/9et65 1240 H2WtzCC6+ARR3FHGiR+6JBcKbov1VEy1XW2IeDLdUCOFWoiRyWDkUFyKLtKPOncH 1241 +4NczdYh+EyvHijf3N8Dyiw/lnSLHmYFlBULYjRFbplIlPw0iJdDLLW6A8z78cO5 1242 hqkKRbXIxM9jKMM3ccqYFiKeVAHmbEX5AEvQau387acVkEwDORqXuvXN9GVdteNn 1243 BIe5kd9p+m+SONqUkmPJGRUJdt2kwVFvpW/woLS+tAk5Ys3u5eDfH0av59lp8xKa 1244 /vLaoBTtSiUIU/KuXt3D7yas/Ybo1etc02KO913dd8ByjWdozhD8aLF0o9PEeBPC 1245 ttm93YSrv7ttH1LF5vfhi9xq+yGhbEvbJHtD6y5g7KeUekwfXMxd0C8M1OyakcHH 1246 Arh3TJZ3WDFOMCMGCSqGSIb3DQEJFTEWBBRB2kp/JAu+EV0KnNDuwZWyHH7/azAn 1247 BgkqhkiG9w0BCRQxGh4YAGMAYQByAGwAbwBzAC4AMgA1ADUAMQA5MC8wHzAHBgUr 1248 DgMCGgQUS7gZkMK++JTD92Cctznb5uLKdvEECJmBdZIPusX5AgIoAA== 1249 -----END PKCS12----- 1251 8. Dana's Sample Certificates 1253 Dana has the following information: 1255 * Name: Dana Hopper 1257 * E-mail Address: dna@smime.example 1259 8.1. Dana's Signature Verification End-Entity Certificate 1261 This certificate is used for verification of signatures made by Dana. 1263 -----BEGIN CERTIFICATE----- 1264 MIICAzCCAbWgAwIBAgITaWZI+hVtn8pQZviAmPmBXzWfnjAFBgMrZXAwWTENMAsG 1265 A1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxNTAzBgNVBAMTLFNhbXBsZSBM 1266 QU1QUyBFZDI1NTE5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MCAXDTIwMTIxNTIx 1267 MzU0NFoYDzIwNTIxMjE1MjEzNTQ0WjA4MQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQL 1268 EwhMQU1QUyBXRzEUMBIGA1UEAxMLRGFuYSBIb3BwZXIwKjAFBgMrZXADIQCy2h3h 1269 hkaKDY67PuCuNLnnrQiHdSWYpPlgFsOif85vrqOBrjCBqzAMBgNVHRMBAf8EAjAA 1270 MBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAdBgNVHREEFjAUgRJkYW5hQHNtaW1l 1271 LmV4YW1wbGUwEwYDVR0lBAwwCgYIKwYBBQUHAwQwDgYDVR0PAQH/BAQDAgbAMB0G 1272 A1UdDgQWBBRIA4bBabh4ba7e88wGsDOsVzLdljAfBgNVHSMEGDAWgBRropV9uhSb 1273 5C0E0Qek0YLkLmuMtTAFBgMrZXADQQDpORBZitzXGYUjxnoKVLIcWL5xner97it5 1274 VKxEf8E7AeAp96POPEu//2jXnh4qAT40ymW0wrqxU1NT8WW/dSgC 1275 -----END CERTIFICATE----- 1277 8.2. Dana's Signing Private Key Material 1279 This private key material is used by Dana to create signatures. 1281 -----BEGIN PRIVATE KEY----- 1282 MC4CAQAwBQYDK2VwBCIEINZ8GPfmQh2AMp+uNIsZMbzvyTOltwvEt13usjnUaW4N 1283 -----END PRIVATE KEY----- 1285 This secret key is the [SHA256] digest of the ASCII string draft- 1286 lamps-sample-certs-keygen.dana.sign.25519.seed. 1288 8.3. Dana's Encryption End-Entity Certificate 1290 This certificate is used to encrypt messages to Dana. It contains an 1291 SMIMECapabilities extension to indicate that Dana's MUA expects ECDH 1292 with HKDF using SHA-256; uses AES-128 key wrap, as indicated in 1293 [RFC8418]. 1295 -----BEGIN CERTIFICATE----- 1296 MIICMDCCAeKgAwIBAgITDksKNqnvupyaO2gkjlIdwN7zpzAFBgMrZXAwWTENMAsG 1297 A1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxNTAzBgNVBAMTLFNhbXBsZSBM 1298 QU1QUyBFZDI1NTE5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MCAXDTIwMTIxNTIx 1299 MzU0NFoYDzIwNTIxMjE1MjEzNTQ0WjA4MQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQL 1300 EwhMQU1QUyBXRzEUMBIGA1UEAxMLRGFuYSBIb3BwZXIwKjAFBgMrZW4DIQDgMaI2 1301 AWkU9LG8CvaRHgDSEY9d72Y8ENZeMwibPugkVKOB2zCB2DArBgkqhkiG9w0BCQ8E 1302 HjAcMBoGCyqGSIb3DQEJEAMTMAsGCWCGSAFlAwQBBTAMBgNVHRMBAf8EAjAAMBcG 1303 A1UdIAQQMA4wDAYKYIZIAWUDAgEwATAdBgNVHREEFjAUgRJkYW5hQHNtaW1lLmV4 1304 YW1wbGUwEwYDVR0lBAwwCgYIKwYBBQUHAwQwDgYDVR0PAQH/BAQDAgMIMB0GA1Ud 1305 DgQWBBSd303UBe+a7GCGvCdtBOnOWtyPpDAfBgNVHSMEGDAWgBRropV9uhSb5C0E 1306 0Qek0YLkLmuMtTAFBgMrZXADQQD6f7DCCxXzpnY3BwmrIuf/SNQSf//Otri7USkd 1307 9GF+VthGS+9KJ4HTBCh0ZGuHIU9EgnfgdSL1UR3WUkL7tv8A 1308 -----END CERTIFICATE----- 1310 8.4. Dana's Decryption Private Key Material 1312 This private key material is used by Dana to decrypt messages. 1314 -----BEGIN PRIVATE KEY----- 1315 MC4CAQAwBQYDK2VuBCIEIGxZt8L7lY48OEq4gs/smQ4weDhRNMlYHG21StivPfz3 1316 -----END PRIVATE KEY----- 1318 This seed is the [SHA256] digest of the ASCII string draft-lamps- 1319 sample-certs-keygen.dana.encrypt.25519.seed. 1321 8.5. PKCS12 Object for Dana 1323 This PKCS12 ([RFC7292]) object contains the same information as 1324 presented in Section 8.1, Section 8.2, Section 8.3, Section 8.4, and 1325 Section 6.3. 1327 It is locked with the simple four-letter password dana. 1329 -----BEGIN PKCS12----- 1330 MIIKtgIBAzCCCn4GCSqGSIb3DQEHAaCCCm8EggprMIIKZzCCAu8GCSqGSIb3DQEH 1331 BqCCAuAwggLcAgEAMIIC1QYJKoZIhvcNAQcBMBwGCiqGSIb3DQEMAQMwDgQIZNqH 1332 TA2APx0CAhQXgIICqK+HFHF6dF5qwlWM6MRCXw11VKrcYBff65iLABPyGvWENnVM 1333 TTPpDLqbGm6Yd2eLntPZvJoVe5Sf2+DW4q3BZ9aKuEdneBBk8mDJ6/Lq1+wFxY5k 1334 WaBHTA6LNml/NkM3za/fr4abKFQnu6DZgZDGbZh2BsgCMmO9TeHgZyepsh3WP4ZO 1335 aYDvSD0LiEzerDPlOBgjYahcNLjv/Dn/dFxtOO3or010TTUoQCqeHJOoq3hJtSI+ 1336 8n0iXk6gtf1/ROj6JRt/3Aqz/mLMIhuxIg/5K1wxY9AwFT4oyflapNJozGg9qwGi 1337 PWVtEy3QDNvAs3bDfiNQqAfJOEHv2z3Ran7sYuz3vE0FnPfA81oWbazlydjB0P/B 1338 OQ+s6VLbsAosnZq9jv2ZVrCDaDAl/g7oD7fY8qmaC6O2q5/Z3KusfMt+r9En2v81 1339 H2vjgrpxnDIXjYuLZdrnNE/slRtqadOGR/WQ358RG+yUmRUbHYHGnkjn9fOGLasI 1340 ZUV0aowivcWyF/kR7QV3VVexgqJMX6k1vzSXRoJ/tnA+1/WPWy1mCJeljGOgYqSV 1341 txtVB61Qmc2XP48F7wyaQZvdAU9zfe11/tHAaKKJWBpE1lIuAEkGtIP6ozYJBFjH 1342 I11tBA8fijTnug+S4OvSgjtsRV/+kSEiW4F+pwE8RuTYfUu7q+Ew0LYdLgkH5OyE 1343 sn0b62UFpR/E1D9exWzohrFbIdUCbjtssXucruAqPNhW/abT0zicWu5nvf+Pniow 1344 2VxvhwoGt5jZ+lkaR5Z+1/GpbMgq47EUyGCgKv+5GAcJxUxINZqLbACJ/MhLfYPB 1345 eJrXz8f5Cigm1wZLisYCqnuc8cGCXjNqNkUlqtzodM8xv4gcgT/zILxmJTZP2q4n 1346 YA4yBQx5/n2G2dZC+pf3kAfbXcp0MIICpwYJKoZIhvcNAQcGoIICmDCCApQCAQAw 1347 ggKNBgkqhkiG9w0BBwEwHAYKKoZIhvcNAQwBAzAOBAjxuoiaSZDbnwICFH+AggJg 1348 k2hcNYtO0+15uLqXdiNhr5Q0JkYcrHdo0wR6G5AgLmwI+TYi+P8EZUjDIJ4TJ3b4 1349 6xv7+3pT8cbEFf6PXcfS8/sCfM7FaV3SpLACLZbBJV52OKE0CAgALZOLuIz5mGVU 1350 tWI2h1x587KeIv5GRPIxumDebT3Gmkkp9Qoi55hjTgn68olSgDaJF8o5wnfODhkS 1351 o110a3x9OwkJSN1AXfmBfj33KnT8Dc4bTfAZy1S5o1zCtaEqnct2Urb4PeO3LfHB 1352 ErBsvY8HE4D7qh6P5ftXHQHAx/b3hbU8jQP1tR0N9Oh0SiLi//ebCeGXWQRdVjL5 1353 +VQrhlQF5d4Kz9Zx79oC36g7C2BxCQomur/F9TT12NPzPpaEGGo6ljB6myAHnYw9 1354 rCxbSxBvbtEtlgJnxxb1Y5Q4ukgyjzK6431Bwq2+iNL0vGc9o2c5ELUPU9zGeLBZ 1355 tXWvdX27aOHjusPfDZl70C5zHiYs1FU6Tkn9Aotc424Q3d2IRTTcYnnjs1VSi1Sr 1356 4bRyB8zBAQmdQrniBW++7eJm3m/EOU0Yy0noUT169m8KNJrmSspMvKS6pyiYHR4I 1357 BvAIkRIjvdtQvJdQJ+Uyr+HH5daE6golW1917b2bXj/41mvXYkJY6W8x0km1RYhH 1358 QJZphWlvNcrHKo46Unk48Qc/5J5tI+6UDTXFr//V34vcpQ2ktp0MAKl1rBH549ef 1359 CsGQTGoq8XHPhksehEEMRmOJDeKTVkKx8xNhbwb395yFCIxfF2NHeDLXP+JyW+nH 1360 Iy2fnBDlyTiPF7YXyGiPjPAgK8LS8GUE+Zq2rWqrGNkwggM/BgkqhkiG9w0BBwag 1361 ggMwMIIDLAIBADCCAyUGCSqGSIb3DQEHATAcBgoqhkiG9w0BDAEDMA4ECOfJ/s3Y 1362 f5bgAgIUnYCCAvi4NaYP4lpAtuXtE02Zqgl9aLFwsj9B/rikBo6O1ZR/lsryJ4PJ 1363 VGYy6NyBPjG67glJVMYiI3Hge+j66FXKXD/AaiMVD21ZmfrH935Sl4ZUKS9tpTJL 1364 QDw3ejpDEDqJUFJZJ/ybgpRAKoNjhcE3B7F7+WMI8Pr70M1Fbw7ytUCAjOf18sIW 1365 prUA8f8O9dLiGgiWyjE5HMzSXEib5IMRpq5x4Q28pBrT8rVYgoQSSyVkfHtU7LDi 1366 Bm68RfBgEl7jIqLdrt2kKxHC3/lC4xXQgFNXeQO56aRp8Yu4VpoRwraVLUO3tJk+ 1367 pf1zFfmUei/JtiFlC6uf0PvC2B5h6kAZocE1lLxGIDFH7fTd6dzP7qTDbUQ+uEk3 1368 qsgktT2pcoVnxTanvQmTCEZM9ZKCX5/z7Gkm+z83lGLDDU9oNyRSrxHrRBIvgH4w 1369 3aGH1v6kfYOWwwwaghQOQIZFyzGVRKXsP7AslL+n4ti831TxqSUZX2qy9LpI4Tjp 1370 5A/NLMKo3uqmHFlTLnnYUqoppe88FNY8T/LXnHp0KTkuXFmdKJtp1/ydqh18jBk7 1371 nfLcQFdf1R/5okysblRtaMujlhelymT7MoM8u5C8ceIO7uWX8NI5B/IB+Yn2BvzZ 1372 9LXoSia/wHjTu7UK610o7WOq9qTYe1i1x+HsmJaOC6hpaQh6b33VWDrHJbl7c/4Z 1373 tvQ9qAzqkqIhFWMRXNK+32jFVAgXrD8U1QHW2ip5s7W/Xtm1AegrhG1nSQgJezYl 1374 OnE/t2PDWuPeW94kR0uv1fNsh6plLyZYf/BaqhoGCHsa/ipD86viVSZDgJ8ASVLF 1375 eLUK3HYFMhJ+MLEzZJffYZAOnbYoyNPNc0vc7dpbk+ZMnlb5bDFcMCpm7+fWOjsC 1376 nsNNL9nqQlNHHCJRKGuxO5rujftbPM7R3GLT9d/u5e9YY5cX0RiDLxomFfflj2Yh 1377 uRoyX+8WzESt98I/KmAraWKXnxOP1FEWajtNCrnGCezDKO3xEHTQhECpg+z7O4mj 1378 MjN6MIHABgkqhkiG9w0BBwGggbIEga8wgawwgakGCyqGSIb3DQEMCgECoFowWDAc 1379 BgoqhkiG9w0BDAEDMA4ECL2Bz1vW+YZkAgIUugQ4YOyEjke53NDvCFR0ciUHZ7re 1380 f9/wPx5TgV3qzGhfR4bP2rdpiOt9hAHVK5cmUAR7+wjAJiYdLUQxPjAXBgkqhkiG 1381 9w0BCRQxCh4IAGQAYQBuAGEwIwYJKoZIhvcNAQkVMRYEFJ3fTdQF75rsYIa8J20E 1382 6c5a3I+kMIHABgkqhkiG9w0BBwGggbIEga8wgawwgakGCyqGSIb3DQEMCgECoFow 1383 WDAcBgoqhkiG9w0BDAEDMA4ECFw78Uk8K64uAgIU+gQ4id0jRb3JyEM5fdpaeQR+ 1384 YEeMn+Y5KavplVD5HtgQQY9hhppbQqG4af7KY+MT6xus6oNEQeJAE5wxPjAXBgkq 1385 hkiG9w0BCRQxCh4IAGQAYQBuAGEwIwYJKoZIhvcNAQkVMRYEFEgDhsFpuHhtrt7z 1386 zAawM6xXMt2WMC8wHzAHBgUrDgMCGgQUzSoHpcIerV21CvCOjAe5ZVhs2M8ECC5D 1387 kkzl2MltAgIoAA== 1388 -----END PKCS12----- 1390 9. Security Considerations 1392 The keys presented in this document should be considered compromised 1393 and insecure, because the secret key material is published and 1394 therefore not secret. 1396 Any application which maintains a denylist of invalid key material 1397 SHOULD include these keys in its list. 1399 10. IANA Considerations 1401 IANA has nothing to do for this document. 1403 11. Document Considerations 1405 [ RFC Editor: please remove this section before publication ] 1407 This document is currently edited as markdown. Minor editorial 1408 changes can be suggested via merge requests at 1409 https://gitlab.com/dkg/lamps-samples or by e-mail to the author. 1410 Please direct all significant commentary to the public IETF LAMPS 1411 mailing list: spasm@ietf.org 1413 11.1. Document History 1415 11.1.1. Substantive Changes from draft-ietf-*-04 to draft-ietf-*-05 1417 * Added outbound references for acronyms PEM, CRL, and OCSP, thanks 1418 Stewart Brant. 1420 11.1.2. Substantive Changes from draft-ietf-*-04 to draft-ietf-*-05 1422 * Switch from SHA512 to SHA1 as MAC checksum in PKCS#12 objects, for 1423 interop with Keychain Access on macOS. 1425 11.1.3. Substantive Changes from draft-ietf-*-03 to draft-ietf-*-04 1427 * Order subject/issuer DN components by scope. 1429 * Put cross-signed intermediate CA certificates into PKCS#12 instead 1430 of self-signed root CA certificates. 1432 11.1.4. Substantive Changes from draft-ietf-*-02 to draft-ietf-*-03 1434 * Correct encoding of S/MIME Capabilities extension. 1436 * Change "Certificate Authority" to "Certification Authority". 1438 * Add CertificatePolicies to all intermediate and end-entity 1439 certificates. 1441 * Add organization and organizational unit to all certificates. 1443 11.1.5. Substantive Changes from draft-ietf-*-01 to draft-ietf-*-02 1445 * Added cross-signed certificates for both CAs 1447 * Added S/MIME Capabilities extension for Carlos and Dana's 1448 encryption keys, indicating preferred ECDH parameters. 1450 * Ensure no serial numbers are negative. 1452 * Encode keyUsage extensions in minimum-length BIT STRINGs. 1454 11.1.6. Substantive Changes from draft-ietf-*-00 to draft-ietf-*-01 1456 * Added Curve25519 sample certificates (new CA, Carlos, and Dana) 1458 11.1.7. Substantive Changes from draft-dkg-*-05 to draft-ietf-*-00 1460 * WG adoption (dkg moves from Author to Editor) 1462 11.1.8. Substantive Changes from draft-dkg-*-04 to draft-dkg-*-05 1464 * PEM blobs are now sourcecode, not artwork 1466 11.1.9. Substantive Changes from draft-dkg-*-03 to draft-dkg-*-04 1468 * Describe deterministic key generation 1470 * label PEM blobs with filenames in XML 1472 11.1.10. Substantive Changes from draft-dkg-*-02 to draft-dkg-*-03 1474 * Alice and Bob now each have two distinct certificates: one for 1475 signing, one for encryption, and public keys to match. 1477 11.1.11. Substantive Changes from draft-dkg-*-01 to draft-dkg-*-02 1479 * PKCS#12 objects are deliberately locked with simple passphrases 1481 11.1.12. Substantive Changes from draft-dkg-*-00 to draft-dkg-*-01 1483 * changed all three keys to use RSA instead of RSA-PSS 1484 * set keyEncipherment keyUsage flag instead of dataEncipherment in 1485 EE certs 1487 12. Acknowledgements 1489 This draft was inspired by similar work in the OpenPGP space by 1490 Bjarni Runar and juga at [I-D.bre-openpgp-samples]. 1492 Eric Rescorla helped spot issues with certificate formats. 1494 Sean Turner pointed to [RFC4134] as prior work. 1496 Deb Cooley suggested that Alice and Bob should have separate 1497 certificates for signing and encryption. 1499 Wolfgang Hommel helped to build reproducible encrypted PKCS#12 1500 objects. 1502 Carsten Bormann got the XML sourcecode markup working for this draft. 1504 David A. Cooper identified problems with the certificates and 1505 suggested corrections. 1507 Lijun Liao helped get the terminology right. 1509 Stewart Brant and Roman Danyliw provided editorial suggestions. 1511 13. References 1513 13.1. Normative References 1515 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 1516 Requirement Levels", BCP 14, RFC 2119, 1517 DOI 10.17487/RFC2119, March 1997, 1518 . 1520 [RFC5280] Cooper, D., Santesson, S., Farrell, S., Boeyen, S., 1521 Housley, R., and W. Polk, "Internet X.509 Public Key 1522 Infrastructure Certificate and Certificate Revocation List 1523 (CRL) Profile", RFC 5280, DOI 10.17487/RFC5280, May 2008, 1524 . 1526 [RFC5322] Resnick, P., Ed., "Internet Message Format", RFC 5322, 1527 DOI 10.17487/RFC5322, October 2008, 1528 . 1530 [RFC7292] Moriarty, K., Ed., Nystrom, M., Parkinson, S., Rusch, A., 1531 and M. Scott, "PKCS #12: Personal Information Exchange 1532 Syntax v1.1", RFC 7292, DOI 10.17487/RFC7292, July 2014, 1533 . 1535 [RFC8032] Josefsson, S. and I. Liusvaara, "Edwards-Curve Digital 1536 Signature Algorithm (EdDSA)", RFC 8032, 1537 DOI 10.17487/RFC8032, January 2017, 1538 . 1540 [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC 1541 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, 1542 May 2017, . 1544 [RFC8551] Schaad, J., Ramsdell, B., and S. Turner, "Secure/ 1545 Multipurpose Internet Mail Extensions (S/MIME) Version 4.0 1546 Message Specification", RFC 8551, DOI 10.17487/RFC8551, 1547 April 2019, . 1549 13.2. Informative References 1551 [FIPS186-4] 1552 "Digital Signature Standard (DSS)", National Institute of 1553 Standards and Technology report, 1554 DOI 10.6028/nist.fips.186-4, July 2013, 1555 . 1557 [I-D.bre-openpgp-samples] 1558 Einarsson, B. R., juga, and D. K. Gillmor, "OpenPGP 1559 Example Keys and Certificates", Work in Progress, 1560 Internet-Draft, draft-bre-openpgp-samples-01, 20 December 1561 2019, . 1564 [RFC4134] Hoffman, P., Ed., "Examples of S/MIME Messages", RFC 4134, 1565 DOI 10.17487/RFC4134, July 2005, 1566 . 1568 [RFC7468] Josefsson, S. and S. Leonard, "Textual Encodings of PKIX, 1569 PKCS, and CMS Structures", RFC 7468, DOI 10.17487/RFC7468, 1570 April 2015, . 1572 [RFC7469] Evans, C., Palmer, C., and R. Sleevi, "Public Key Pinning 1573 Extension for HTTP", RFC 7469, DOI 10.17487/RFC7469, April 1574 2015, . 1576 [RFC8410] Josefsson, S. and J. Schaad, "Algorithm Identifiers for 1577 Ed25519, Ed448, X25519, and X448 for Use in the Internet 1578 X.509 Public Key Infrastructure", RFC 8410, 1579 DOI 10.17487/RFC8410, August 2018, 1580 . 1582 [RFC8418] Housley, R., "Use of the Elliptic Curve Diffie-Hellman Key 1583 Agreement Algorithm with X25519 and X448 in the 1584 Cryptographic Message Syntax (CMS)", RFC 8418, 1585 DOI 10.17487/RFC8418, August 2018, 1586 . 1588 [SHA256] Dang, Q., "Secure Hash Standard", National Institute of 1589 Standards and Technology report, 1590 DOI 10.6028/nist.fips.180-4, July 2015, 1591 . 1593 [TEST-POLICY] 1594 NIST - Computer Security Divisiion (CSD), "Test 1595 Certificate Policy to Support PKI Pilots and Testing", May 1596 2012, . 1599 Author's Address 1601 Daniel Kahn Gillmor (editor) 1602 American Civil Liberties Union 1603 125 Broad St. 1604 New York, NY, 10004 1605 United States of America 1607 Email: dkg@fifthhorseman.net