idnits 2.17.1 draft-ietf-smime-examples-02.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- ** Looks like you're using RFC 2026 boilerplate. This must be updated to follow RFC 3978/3979, as updated by RFC 4748. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- ** Missing expiration date. The document expiration date should appear on the first and last page. ** The document seems to lack a 1id_guidelines paragraph about 6 months document validity -- however, there's a paragraph with a matching beginning. Boilerplate error? ** The document is more than 15 pages and seems to lack a Table of Contents. == No 'Intended status' indicated for this document; assuming Proposed Standard == The page length should not exceed 58 lines per page, but there was 1 longer page, the longest (page 1) being 4851 lines Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- ** The document seems to lack an IANA Considerations section. (See Section 2.2 of https://www.ietf.org/id-info/checklist for how to handle the case when there are no actions for IANA.) ** There are 497 instances of too long lines in the document, the longest one being 17 characters in excess of 72. ** There are 12 instances of lines with control characters in the document. Miscellaneous warnings: ---------------------------------------------------------------------------- -- The document seems to lack a disclaimer for pre-RFC5378 work, but may have content which was first submitted before 10 November 2008. If you have contacted all the original authors and they are all willing to grant the BCP78 rights to the IETF Trust, then this is fine, and you can ignore this comment. If not, you may need to add the pre-RFC5378 disclaimer. (See the Legal Provisions document at https://trustee.ietf.org/license-info for more information.) -- The document date (September 29, 1999) is 8976 days in the past. Is this intentional? -- Found something which looks like a code comment -- if you have code sections in the document, please surround them with '' and '' lines. Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) -- Missing reference section? 'CMS' on line 4000 looks like a reference -- Missing reference section? 'SMIME-MSG' on line 4004 looks like a reference -- Missing reference section? 'SMIME-ESS' on line 4006 looks like a reference -- Missing reference section? 'PKIX' on line 4002 looks like a reference -- Missing reference section? '0' on line 3854 looks like a reference -- Missing reference section? '3' on line 2958 looks like a reference -- Missing reference section? '1' on line 3677 looks like a reference -- Missing reference section? 'PH' on line 4818 looks like a reference -- Missing reference section? 'JS' on line 4819 looks like a reference -- Missing reference section? 'BR' on line 4817 looks like a reference Summary: 7 errors (**), 0 flaws (~~), 2 warnings (==), 13 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 1 Internet Draft Editor: Paul Hoffman 2 draft-ietf-smime-examples-02.txt Internet Mail Consortium 3 September 29, 1999 4 Expires in six months 6 Examples of S/MIME Messages 8 Status of this memo 10 This document is an Internet-Draft and is in full conformance with all 11 provisions of Section 10 of RFC2026. 13 Internet-Drafts are working documents of the Internet Engineering Task 14 Force (IETF), its areas, and its working groups. Note that other 15 groups may also distribute working documents as Internet-Drafts. 17 Internet-Drafts are draft documents valid for a maximum of six months 18 and may be updated, replaced, or obsoleted by other documents at any 19 time. It is inappropriate to use Internet- Drafts as reference 20 material or to cite them other than as "work in progress." 22 The list of current Internet-Drafts can be accessed at 23 http://www.ietf.org/ietf/1id-abstracts.txt 25 The list of Internet-Draft Shadow Directories can be accessed at 26 http://www.ietf.org/shadow.html. 28 Abstract 30 This document gives examples of message bodies formatted using S/MIME. 31 Specifically, it has examples of Cryptographic Message Syntax (CMS) 32 objects, S/MIME messages (including the MIME formatting), and Enhanced 33 Security Services for S/MIME (ESS). It includes examples of most or all 34 common CMS and ESS formats; in addition, it gives examples that show 35 common pitfalls in implementing CMS. The purpose of this document is to 36 help increase interoperability for S/MIME and other protocols that rely 37 on CMS. 39 This draft is being discussed on the 'ietf-smime' mailing list. To 40 join the list, send a message to with the 41 single word "subscribe" in the body of the message. Also, there is a 42 Web site for the mailing list at . 44 1. Introduction 46 The examples in this document show the structure and format of CMS 47 message bodies, as described in [CMS]. They are useful to implementors 48 who use protocols that rely on CMS, such as the S/MIME message format 49 protocol. There are also examples of simple S/MIME messages [SMIME-MSG] 50 (including the MIME headers), and ESS messages [SMIME-ESS]. 52 Every example in this document has been checked by two different 53 implementors. This strongly indicates (but does not assure) that the 54 examples are correct. All CMS implementors must read the CMS document 55 carefully before implementing from it. No one should use the examples 56 in this document as stand-alone explanations of how to create CMS 57 message bodies. 59 This document explicitly does not attempt to cover many PKIX [PKIX] 60 examples. Documents with examples of that format may be forthcoming. 62 2. Contributions To This Document 64 The examples shown here will be created and validated by many different 65 people. In the example listings in Appendix B, there is a tag with the 66 initials of the creator of the example, and one or more tags for the 67 people who validated the example. 69 Some of the examples are of mis-implementations of CMS and ESS. That 70 is, if a developer reading the CMS or ESS specification created a 71 message body that was illegal, and another developer agreed that the 72 mis-reading was potentially a pitfall for later developers, that 73 message body is also included here. To make it clear which examples are 74 bad, they are all put into a single section of this document with 75 (hopefully) explicit headings. 77 To contribute an implementation of an unimplemented example listed in 78 this document, to verify that you got the same results as an example 79 listed here, or to suggest a new example that should be listed, please 80 contact the document author at the address listed near the end of the 81 document. 83 3. Constants Used in the Examples 85 This section defines the data used in the rest of the document. The names 86 of the constants indicate their use. For example, AlicePrivDSSSign is the 87 private part of Alice's DSS signing key. 89 - Alice is the creator of the message bodies in this spec. 91 - Bob is the recipient of the messages. 93 - Carl is a CA. 95 - Diane sometimes gets involved with these folks. 97 - Erica also sometimes gets involved. 99 3.1 Content of documents 101 ExContent is the following sentence: 102 This is some sample content. 103 That is, it is the string of characters starting with "T" up to and 104 including the ".". 106 The hex for ExContent is 107 5468 6973 2069 7320 736f 6d65 2073 616d 706c 6520 636f 6e74 656e 742e 109 The MD5 hash of ExContent is 110 9898 cac8 fab7 691f f89d c207 24e7 4a04 112 The SHA-1 hash of ExContent is 113 406a ec08 5279 ba6e 1602 2d9e 0629 c022 9687 dd48 115 3.2 Private Keys 117 The following private keys are needed to create the samples. 118 To find the public keys, see the certificates in the next section. 120 AlicePrivDSSSign = 121 0 30 331: SEQUENCE { 122 4 02 1: INTEGER 0 123 7 30 299: SEQUENCE { 124 11 06 7: OBJECT IDENTIFIER dsa (1 2 840 10040 4 1) 125 : (ANSI X9.57 algorithm) 126 20 30 286: SEQUENCE { 127 24 02 129: INTEGER 128 : 00 81 8D CD ED 83 EA 0A 9E 39 3E C2 48 28 A3 E4 129 : 47 93 DD 0E D7 A8 0E EC 53 C5 AB 84 08 4F FF 94 130 : E1 73 48 7E 0C D6 F3 44 48 D1 FE 9F AF A4 A1 89 131 : 2F E1 D9 30 C8 36 DE 3F 9B BF B7 4C DC 5F 69 8A 132 : E4 75 D0 37 0C 91 08 95 9B DE A7 5E F9 FC F4 9F 133 : 2F DD 43 A8 8B 54 F1 3F B0 07 08 47 4D 5D 88 C3 134 : C3 B5 B3 E3 55 08 75 D5 39 76 10 C4 78 BD FF 9D 135 : B0 84 97 37 F2 E4 51 1B B5 E4 09 96 5C F3 7E 5B 136 : DB 137 156 02 21: INTEGER 138 : 00 E2 47 A6 1A 45 66 B8 13 C6 DA 8F B8 37 21 2B 139 : 62 8B F7 93 CD 140 179 02 128: INTEGER 141 : 26 38 D0 14 89 32 AA 39 FB 3E 6D D9 4B 59 6A 4C 142 : 76 23 39 04 02 35 5C F2 CB 1A 30 C3 1E 50 5D DD 143 : 9B 59 E2 CD AA 05 3D 58 C0 7B A2 36 B8 6E 07 AF 144 : 7D 8A 42 25 A7 F4 75 CF 4A 08 5E 4B 3E 90 F8 6D 145 : EA 9C C9 21 8A 3B 76 14 E9 CE 2E 5D A3 07 CD 23 146 : 85 B8 2F 30 01 7C 6D 49 89 11 89 36 44 BD F8 C8 147 : 95 4A 53 56 B5 E2 F9 73 EC 1A 61 36 1F 11 7F C2 148 : BD ED D1 50 FF 98 74 C2 D1 81 4A 60 39 BA 36 39 149 : } 150 : } 151 310 04 23: OCTET STRING, encapsulates { 152 312 02 21: INTEGER 153 : 00 BB 44 46 D1 A5 C9 46 07 2E D0 FE 7A D6 92 07 154 : F0 9A 85 89 3F 155 : } 156 : } 158 AlicePrivRSASign = 159 0 30 630: SEQUENCE { 160 4 02 1: INTEGER 0 161 7 30 13: SEQUENCE { 162 9 06 9: OBJECT IDENTIFIER rsaEncryption (1 2 840 113549 1 1 1) 163 : (PKCS #1) 164 20 05 0: NULL 165 : } 166 22 04 608: OCTET STRING, encapsulates { 167 26 30 604: SEQUENCE { 168 30 02 1: INTEGER 0 169 33 02 129: INTEGER 170 : 00 E0 89 73 39 8D D8 F5 F5 E8 87 76 39 7F 4E B0 171 : 05 BB 53 83 DE 0F B7 AB DC 7D C7 75 29 0D 05 2E 172 : 6D 12 DF A6 86 26 D4 D2 6F AA 58 29 FC 97 EC FA 173 : 82 51 0F 30 80 BE B1 50 9E 46 44 F1 2C BB D8 32 174 : CF C6 68 6F 07 D9 B0 60 AC BE EE 34 09 6A 13 F5 175 : F7 05 05 93 DF 5E BA 35 56 D9 61 FF 19 7F C9 81 176 : E6 F8 6C EA 87 40 70 EF AC 6D 2C 74 9F 2D FA 55 177 : 3A B9 99 77 02 A6 48 52 8C 4E F3 57 38 57 74 57 178 : 5F 179 165 02 3: INTEGER 65537 180 170 02 128: INTEGER 181 : 00 A4 03 C3 27 47 76 34 34 6C A6 86 B5 79 49 01 182 : 4B 2E 8A D2 C8 62 B2 C7 D7 48 09 6A 8B 91 F7 36 183 : F2 75 D6 E8 CD 15 90 60 27 31 47 35 64 4D 95 CD 184 : 67 63 CE B4 9F 56 AC 2F 37 6E 1C EE 0E BF 28 2D 185 : F4 39 90 6F 34 D8 6E 08 5B D5 65 6A D8 41 F3 13 186 : D7 2D 39 5E FE 33 CB FF 29 E4 03 0B 3D 05 A2 8F 187 : B7 F1 8E A2 76 37 B0 79 57 D3 2F 2B DE 87 06 22 188 : 7D 04 66 5E C9 1B AF 8B 1A C3 EC 91 44 AB 7F 21 189 301 02 65: INTEGER 190 : 00 F6 D6 E0 22 21 4C 5F 0A 70 FF 27 FC E5 B3 50 191 : 6A 9D E5 0F B5 85 96 C6 40 FA A8 0A B4 9B 9B 0C 192 : 55 C2 01 1D F9 37 82 8A 14 C8 F2 93 0E 92 CD A5 193 : 66 21 B9 3C D2 06 BF B4 55 31 C9 DC AD CA 98 2D 194 : D1 195 368 02 65: INTEGER 196 : 00 E8 DE B0 11 25 09 D2 02 51 01 DE 8A E8 98 50 197 : F5 77 77 61 A4 45 93 6B 08 55 96 73 5D F4 C8 5B 198 : 12 93 22 73 8B 7F D3 70 7F F5 A4 AA BB 74 FD 3C 199 : 22 6A DA 38 91 2A 86 5B 6C 14 E8 AE 4C 9E FA 8E 200 : 2F 201 435 02 65: INTEGER 202 : 00 97 4C F0 87 9B 17 7F EE 1B 83 1B 14 B6 0B 6A 203 : 90 5F 86 27 51 E1 B7 A0 7F F5 E4 88 E3 59 B9 F9 204 : 1E 9B D3 29 77 38 22 48 D7 22 B1 25 98 BA 3D 59 205 : 53 B7 FA 1E 20 B2 C8 51 16 23 75 93 51 E7 AB CD 206 : F1 207 502 02 64: INTEGER 208 : 2C F0 24 5B FA A0 CD 85 22 EA D0 6E 4F FA 6C CD 209 : 21 D3 C8 E4 F1 84 44 48 64 73 D7 29 8F 7E 46 8C 210 : EC 15 DE E4 51 B3 94 E7 2C 99 2D 55 65 7B 24 EA 211 : A3 62 1F 3E 6C 4D 67 41 11 3B E1 BE E9 83 02 83 212 568 02 64: INTEGER 213 : 58 88 D9 A1 50 38 84 6A AB 03 BC BB DF 4B F4 9C 214 : 6F B8 B4 2A 25 FB F6 E4 05 2F 6E E2 88 89 21 6F 215 : 4B 25 9E D0 AB 50 93 CA BF 40 71 EC 21 25 C5 7F 216 : FB 02 E9 21 96 B8 33 CD E2 C6 95 EE 6F 8D 5F 28 217 : } 218 : } 219 : } 221 BobPrivDHEncrypt = 222 0 30 355: SEQUENCE { 223 4 02 1: INTEGER 0 224 7 30 312: SEQUENCE { 225 11 06 7: OBJECT IDENTIFIER dhPublicNumber (1 2 840 10046 2 1) 226 : (ANSI X9.42 number-type) 227 20 30 299: SEQUENCE { 228 24 02 129: INTEGER 229 : 00 EC 2C CD A4 EF 9A 26 2F 62 A7 BB 23 4D DF 2B 230 : 25 C1 68 D2 9E A9 45 5B 36 F1 94 89 1A AF 7D 11 231 : 24 9D 3D B9 3C 29 E8 D7 23 80 33 A6 9E 45 02 BB 232 : AA CC 9E 28 05 95 A0 B3 17 76 C1 F7 25 35 61 02 233 : 41 92 27 0C 5E AE 48 E5 F3 6E 38 EF 91 D1 CF 37 234 : FE 9A 40 97 C8 2D 35 9E 9D 93 C6 F8 15 AF 3F DA 235 : 74 3A B7 C4 93 B5 B9 BB 76 6C 1F A8 7E BC 3A AA 236 : 43 0A 81 64 FC 63 F0 7B 71 98 FA C0 38 79 10 1A 237 : 33 238 156 02 129: INTEGER 239 : 00 BA 0B D7 74 3D E7 34 E5 4C 13 A7 95 96 BB F1 240 : E4 61 37 08 FB 12 C7 FB 9C 91 77 06 99 35 F0 48 241 : 24 96 33 12 01 7E 8D EC 0B F6 B2 C0 63 A7 15 C5 242 : 5E 95 86 A2 73 C5 49 46 37 79 60 FD 77 05 09 48 243 : 9B 70 8D 3C 05 F6 CE 44 2C 7F 7D 1B 2B 15 DD F3 244 : 05 2F BE 85 20 8F 8D F9 B4 A0 45 74 2B F4 3B 9D 245 : 42 62 34 27 27 81 8E 6F 0F 5E 62 85 89 CC ED 21 246 : C3 91 70 06 54 EE 70 A8 92 55 5B 6E 19 22 4D 62 247 : A7 248 288 02 33: INTEGER 249 : 00 C3 AB 4A 30 79 B3 D3 97 4E CA F5 A2 7D C7 70 250 : A3 45 F3 B3 A2 86 05 D2 3E 49 F9 9F D9 0A B3 BE 251 : BD 252 : } 253 : } 254 323 04 34: OCTET STRING, encapsulates { 255 325 02 32: INTEGER 256 : 20 FC 67 82 EE CF 4A A6 C8 E5 83 D2 8C 3B 8A D2 257 : 45 32 11 27 32 6C 86 EC 66 CA 71 AD F0 19 4D F7 258 : } 259 : } 261 BobPrivRSAEncrypt = 262 0 30 630: SEQUENCE { 263 4 02 1: INTEGER 0 264 7 30 13: SEQUENCE { 265 9 06 9: OBJECT IDENTIFIER rsaEncryption (1 2 840 113549 1 1 1) 266 : (PKCS #1) 267 20 05 0: NULL 268 : } 269 22 04 608: OCTET STRING, encapsulates { 270 26 30 604: SEQUENCE { 271 30 02 1: INTEGER 0 272 33 02 129: INTEGER 273 : 00 E4 4B FF 18 B8 24 57 F4 77 FF 6E 73 7B 93 71 274 : 5C BC 33 1A 92 92 72 23 D8 41 46 D0 CD 11 3A 04 275 : B3 8E AF 82 9D BD 51 1E 17 7A F2 76 2C 2B 86 39 276 : A7 BD D7 8D 1A 53 EC E4 00 D5 E8 EC A2 36 B1 ED 277 : E2 50 E2 32 09 8A 3F 9F 99 25 8F B8 4E AB B9 7D 278 : D5 96 65 DA 16 A0 C5 BE 0E AE 44 5B EF 5E F4 A7 279 : 29 CB 82 DD AC 44 E9 AA 93 94 29 0E F8 18 D6 C8 280 : 57 5E F2 76 C4 F2 11 60 38 B9 1B 3C 1D 97 C9 6A 281 : F1 282 165 02 3: INTEGER 65537 283 170 02 129: INTEGER 284 : 00 AE 73 E4 5B 5F 5B 66 5A C9 D7 C6 EF 38 5F 53 285 : 21 2A 2F 62 FE DE 29 9A 7A 86 67 36 E7 7D 62 78 286 : 75 3D 73 A0 BC 29 0E F3 8F BD C3 C9 C9 B6 F8 BA 287 : D6 13 9B C3 97 7A CA 6A F0 B8 85 65 4E 0F BD A7 288 : A8 F7 54 06 41 BD EB DC 20 77 90 DF 61 9B 9A 6F 289 : 74 DE EA 3B D4 9C 87 60 ED 76 84 F1 6A 30 37 D5 290 : E0 90 16 F8 80 47 C3 19 6B ED 75 77 BA 4A ED 39 291 : B6 5D 02 47 3B 5F 1B C8 1C AB CB E8 F5 26 3F A4 292 : 81 293 302 02 65: INTEGER 294 : 00 FF DF 09 A0 56 0B 42 52 9E C4 4D 93 B3 B0 49 295 : BB DE E7 81 7D 28 99 D0 B1 48 BA 0B 39 E1 1C 7B 296 : 22 18 33 B6 40 F6 BF DC AE 1D D0 A1 AD 04 71 5A 297 : 61 0A 6E 3B CE 30 DA 36 9F 65 25 29 BB A7 0E 7F 298 : 0B 299 369 02 65: INTEGER 300 : 00 E4 69 68 18 5F F9 57 D0 7C 66 89 0F BA 63 1D 301 : 72 CB 20 A4 81 76 64 89 CD 7D D1 C2 27 A9 2E AC 302 : 7A 56 9A 85 07 D9 30 03 A3 03 AB 7F 88 92 50 24 303 : 01 AA 1B 07 1F 20 4C B7 C9 7B 56 F7 B6 C2 7E AB 304 : 73 305 436 02 64: INTEGER 306 : 57 36 6C 8F 8C 04 76 6C B6 D4 EE 24 44 00 F8 80 307 : E2 AF 42 01 A9 0F 14 84 F8 E7 00 E0 8F 8C 27 A4 308 : 2D 5F A2 E5 6D B5 63 C0 AD 44 E9 76 91 A7 19 49 309 : 2E 46 F8 77 85 4B 3B 87 04 F0 AF D2 D8 54 26 95 310 502 02 64: INTEGER 311 : 64 A1 0F AC 55 74 1B BD 0D 61 7B 17 03 CD B0 E6 312 : A7 19 1D 80 AF F1 41 48 D8 1A B6 88 14 A0 2C 7A 313 : C5 76 D4 0F 0E 1F 7A 2A B2 6E 37 04 AB 39 45 73 314 : BA 46 A8 0F 8D 82 5F 22 14 05 CF A2 A3 F3 7C 83 315 568 02 64: INTEGER 316 : 26 1E 1D 1C A1 98 2B E4 DB 38 E8 57 6E 6B 73 19 317 : 88 61 3A FA 74 4A 36 8B 47 68 5D 50 EB 26 E3 EA 318 : 7D 9B 4E 65 A9 AF 7B AB 4B 2E 76 51 3D A8 D0 11 319 : AB A3 D6 A8 C0 27 36 1D 54 0B AA A7 D1 6D 8D FA 320 : } 321 : } 322 : } 324 CarlPrivDSSSign = 325 0 30 330: SEQUENCE { 326 4 02 1: INTEGER 0 327 7 30 299: SEQUENCE { 328 11 06 7: OBJECT IDENTIFIER dsa (1 2 840 10040 4 1) 329 : (ANSI X9.57 algorithm) 330 20 30 286: SEQUENCE { 331 24 02 129: INTEGER 332 : 00 B6 49 18 3E 8A 44 C1 29 71 94 4C 01 C4 12 C1 333 : 7A 79 CB 54 4D AB 1E 81 FB C6 4C B3 0E 94 09 06 334 : EB 01 D4 B1 C8 71 4B C7 45 C0 50 25 5D 9C FC DA 335 : E4 6D D3 E2 86 48 84 82 7D BA 15 95 4A 16 F6 46 336 : ED DD F6 98 D2 BB 7E 8A 0A 8A BA 16 7B B9 50 01 337 : 48 93 8B EB 25 15 51 97 55 DC 8F 53 0E 10 A9 50 338 : FC 70 B7 CD 30 54 FD DA DE A8 AA 22 B5 A1 AF 8B 339 : CC 02 88 E7 8B 70 5F B9 AD E1 08 D4 6D 29 2D D6 340 : E9 341 156 02 21: INTEGER 342 : 00 DD C1 2F DF 53 CE 0B 34 60 77 3E 02 A4 BF 8A 343 : 5D 98 B9 10 D5 344 179 02 128: INTEGER 345 : 0C EE 57 9B 4B BD DA B6 07 6A 74 37 4F 55 7F 9D 346 : ED BC 61 0D EB 46 59 3C 56 0B 2B 5B 0C 91 CE A5 347 : 62 52 69 CA E1 6D 3E BD BF FE E1 B7 B9 2B 61 3C 348 : AD CB AE 45 E3 06 AC 8C 22 9D 9C 44 87 0B C7 CD 349 : F0 1C D9 B5 4E 5D 73 DE AF 0E C9 1D 5A 51 F5 4F 350 : 44 79 35 5A 73 AA 7F 46 51 1F A9 42 16 9C 48 EB 351 : 8A 79 61 B4 D5 2F 53 22 44 63 1F 86 B8 A3 58 06 352 : 25 F8 29 C0 EF BA E0 75 F0 42 C4 63 65 52 9B 0A 353 : } 354 : } 355 310 04 22: OCTET STRING, encapsulates { 356 312 02 20: INTEGER 357 : 19 B3 38 A5 21 62 31 50 E5 7F B9 3E 08 46 78 D1 358 : 3E B5 E5 72 359 : } 360 : } 362 CarlPrivRSASign = 363 0 30 630: SEQUENCE { 364 4 02 1: INTEGER 0 365 7 30 13: SEQUENCE { 366 9 06 9: OBJECT IDENTIFIER rsaEncryption (1 2 840 113549 1 1 1) 367 : (PKCS #1) 368 20 05 0: NULL 369 : } 370 22 04 608: OCTET STRING, encapsulates { 371 26 30 604: SEQUENCE { 372 30 02 1: INTEGER 0 373 33 02 129: INTEGER 374 : 00 E4 4B FF 18 B8 24 57 F4 77 FF 6E 73 7B 93 71 375 : 5C BC 33 1A 92 92 72 23 D8 41 46 D0 CD 11 3A 04 376 : B3 8E AF 82 9D BD 51 1E 17 7A F2 76 2C 2B 86 39 377 : A7 BD D7 8D 1A 53 EC E4 00 D5 E8 EC A2 36 B1 ED 378 : E2 50 E2 32 09 8A 3F 9F 99 25 8F B8 4E AB B9 7D 379 : D5 96 65 DA 16 A0 C5 BE 0E AE 44 5B EF 5E F4 A7 380 : 29 CB 82 DD AC 44 E9 AA 93 94 29 0E F8 18 D6 C8 381 : 57 5E F2 76 C4 F2 11 60 38 B9 1B 3C 1D 97 C9 6A 382 : F1 383 165 02 3: INTEGER 65537 384 170 02 129: INTEGER 385 : 00 AE 73 E4 5B 5F 5B 66 5A C9 D7 C6 EF 38 5F 53 386 : 21 2A 2F 62 FE DE 29 9A 7A 86 67 36 E7 7D 62 78 387 : 75 3D 73 A0 BC 29 0E F3 8F BD C3 C9 C9 B6 F8 BA 388 : D6 13 9B C3 97 7A CA 6A F0 B8 85 65 4E 0F BD A7 389 : A8 F7 54 06 41 BD EB DC 20 77 90 DF 61 9B 9A 6F 390 : 74 DE EA 3B D4 9C 87 60 ED 76 84 F1 6A 30 37 D5 391 : E0 90 16 F8 80 47 C3 19 6B ED 75 77 BA 4A ED 39 392 : B6 5D 02 47 3B 5F 1B C8 1C AB CB E8 F5 26 3F A4 393 : 81 394 302 02 65: INTEGER 395 : 00 FF DF 09 A0 56 0B 42 52 9E C4 4D 93 B3 B0 49 396 : BB DE E7 81 7D 28 99 D0 B1 48 BA 0B 39 E1 1C 7B 397 : 22 18 33 B6 40 F6 BF DC AE 1D D0 A1 AD 04 71 5A 398 : 61 0A 6E 3B CE 30 DA 36 9F 65 25 29 BB A7 0E 7F 399 : 0B 400 369 02 65: INTEGER 401 : 00 E4 69 68 18 5F F9 57 D0 7C 66 89 0F BA 63 1D 402 : 72 CB 20 A4 81 76 64 89 CD 7D D1 C2 27 A9 2E AC 403 : 7A 56 9A 85 07 D9 30 03 A3 03 AB 7F 88 92 50 24 404 : 01 AA 1B 07 1F 20 4C B7 C9 7B 56 F7 B6 C2 7E AB 405 : 73 406 436 02 64: INTEGER 407 : 57 36 6C 8F 8C 04 76 6C B6 D4 EE 24 44 00 F8 80 408 : E2 AF 42 01 A9 0F 14 84 F8 E7 00 E0 8F 8C 27 A4 409 : 2D 5F A2 E5 6D B5 63 C0 AD 44 E9 76 91 A7 19 49 410 : 2E 46 F8 77 85 4B 3B 87 04 F0 AF D2 D8 54 26 95 411 502 02 64: INTEGER 412 : 64 A1 0F AC 55 74 1B BD 0D 61 7B 17 03 CD B0 E6 413 : A7 19 1D 80 AF F1 41 48 D8 1A B6 88 14 A0 2C 7A 414 : C5 76 D4 0F 0E 1F 7A 2A B2 6E 37 04 AB 39 45 73 415 : BA 46 A8 0F 8D 82 5F 22 14 05 CF A2 A3 F3 7C 83 416 568 02 64: INTEGER 417 : 26 1E 1D 1C A1 98 2B E4 DB 38 E8 57 6E 6B 73 19 418 : 88 61 3A FA 74 4A 36 8B 47 68 5D 50 EB 26 E3 EA 419 : 7D 9B 4E 65 A9 AF 7B AB 4B 2E 76 51 3D A8 D0 11 420 : AB A3 D6 A8 C0 27 36 1D 54 0B AA A7 D1 6D 8D FA 421 : } 422 : } 423 : } 425 DianePrivDHEncrypt = 426 0 30 354: SEQUENCE { 427 4 02 1: INTEGER 0 428 7 30 311: SEQUENCE { 429 11 06 7: OBJECT IDENTIFIER dhPublicNumber (1 2 840 10046 2 1) 430 : (ANSI X9.42 number-type) 431 20 30 298: SEQUENCE { 432 24 02 129: INTEGER 433 : 00 CA 6E 91 C2 B0 BD A8 58 F2 31 21 74 BB 1F E4 434 : 10 BD D0 93 A2 7E 61 E1 3D BA 23 04 16 D0 66 39 435 : BD 3B CD 05 74 48 F1 03 70 95 F4 05 63 6D 2E BF 436 : 9A B7 FF 97 FF 39 BB 63 DB 4D A4 71 D8 94 9A B4 437 : F2 8A 3D 9F B7 5D 8D CA E2 AF B5 0F CF 05 65 82 438 : 68 6E 43 D2 F4 04 5F 03 8B F9 50 F5 C8 6C 05 26 439 : BC BF 36 0F 5C C3 51 6A 67 E8 75 32 66 78 91 63 440 : E8 FE 34 E7 19 B6 70 6C 78 38 36 82 D2 34 36 C2 441 : DF 442 156 02 128: INTEGER 443 : 6E D6 76 36 4B E4 59 07 57 5F 18 9A 10 D2 31 5C 444 : A6 10 B0 26 96 42 4D 7C A3 A1 D3 9E A5 80 B2 1F 445 : 37 11 49 7C 8A 99 D8 56 3F 93 51 ED 6E 54 FB 6E 446 : DB B2 FC 34 C0 E7 CA 1E 58 2B D5 3D 3B DC AE 71 447 : 21 D9 3B 56 B8 A7 F6 4D 22 52 5F 41 BA D5 1E 82 448 : 69 6C DD 70 71 CC 6C 3B EF 84 A9 71 8B A9 3B 2A 449 : 09 F8 BD FD CB 51 BC 2E 2E CA 3E 30 8C FA 54 9E 450 : 7D 0D 03 E2 DF 63 62 6D F3 50 82 27 DC D1 99 F7 451 287 02 33: INTEGER 452 : 00 AA 05 65 FB DD 4E A8 02 F1 34 39 E7 A3 FC 7D 453 : 46 10 B8 5D F0 2E F2 C5 D1 5E A2 74 4C DA 0F 4E 454 : 1F 455 : } 456 : } 457 322 04 34: OCTET STRING, encapsulates { 458 324 02 32: INTEGER 459 : 58 2E 89 AB 57 34 7D 3C F5 9A 75 CB 7D 99 8A 19 460 : 2F 3C 7A A6 85 C9 2F 1B 5A 47 03 E3 82 16 E4 9B 461 : } 462 : } 464 DianePrivDSSSign = 465 0 30 331: SEQUENCE { 466 4 02 1: INTEGER 0 467 7 30 299: SEQUENCE { 468 11 06 7: OBJECT IDENTIFIER dsa (1 2 840 10040 4 1) 469 : (ANSI X9.57 algorithm) 470 20 30 286: SEQUENCE { 471 24 02 129: INTEGER 472 : 00 B6 49 18 3E 8A 44 C1 29 71 94 4C 01 C4 12 C1 473 : 7A 79 CB 54 4D AB 1E 81 FB C6 4C B3 0E 94 09 06 474 : EB 01 D4 B1 C8 71 4B C7 45 C0 50 25 5D 9C FC DA 475 : E4 6D D3 E2 86 48 84 82 7D BA 15 95 4A 16 F6 46 476 : ED DD F6 98 D2 BB 7E 8A 0A 8A BA 16 7B B9 50 01 477 : 48 93 8B EB 25 15 51 97 55 DC 8F 53 0E 10 A9 50 478 : FC 70 B7 CD 30 54 FD DA DE A8 AA 22 B5 A1 AF 8B 479 : CC 02 88 E7 8B 70 5F B9 AD E1 08 D4 6D 29 2D D6 480 : E9 481 156 02 21: INTEGER 482 : 00 DD C1 2F DF 53 CE 0B 34 60 77 3E 02 A4 BF 8A 483 : 5D 98 B9 10 D5 484 179 02 128: INTEGER 485 : 0C EE 57 9B 4B BD DA B6 07 6A 74 37 4F 55 7F 9D 486 : ED BC 61 0D EB 46 59 3C 56 0B 2B 5B 0C 91 CE A5 487 : 62 52 69 CA E1 6D 3E BD BF FE E1 B7 B9 2B 61 3C 488 : AD CB AE 45 E3 06 AC 8C 22 9D 9C 44 87 0B C7 CD 489 : F0 1C D9 B5 4E 5D 73 DE AF 0E C9 1D 5A 51 F5 4F 490 : 44 79 35 5A 73 AA 7F 46 51 1F A9 42 16 9C 48 EB 491 : 8A 79 61 B4 D5 2F 53 22 44 63 1F 86 B8 A3 58 06 492 : 25 F8 29 C0 EF BA E0 75 F0 42 C4 63 65 52 9B 0A 493 : } 494 : } 495 310 04 23: OCTET STRING, encapsulates { 496 312 02 21: INTEGER 497 : 00 96 95 F9 E0 C1 E0 41 2D 32 0F 8B 42 52 93 2A 498 : E6 1E 0E 21 29 499 : } 500 : } 502 DianePrivRSASignEncrypt = 503 0 30 631: SEQUENCE { 504 4 02 1: INTEGER 0 505 7 30 13: SEQUENCE { 506 9 06 9: OBJECT IDENTIFIER rsaEncryption (1 2 840 113549 1 1 1) 507 : (PKCS #1) 508 20 05 0: NULL 509 : } 510 22 04 609: OCTET STRING, encapsulates { 511 26 30 605: SEQUENCE { 512 30 02 1: INTEGER 0 513 33 02 129: INTEGER 514 : 00 D6 FD B8 C0 70 C6 4C 25 EC EA CF EA 7C BB A2 515 : 62 FA F0 E6 32 3A 53 FF B1 92 5A 17 F4 20 E1 99 516 : 24 82 0A D0 F6 7C FB 44 CA 8B 27 06 F1 7E 26 03 517 : A9 76 9D CF EC A0 2C 70 96 F2 83 42 F6 D4 B7 28 518 : 0A BB F8 BF 4A 4C 19 3F 07 DB A0 C1 60 1E B7 7E 519 : 67 F7 DE B1 C3 60 49 AC 45 D7 F8 C6 EF 08 37 21 520 : 93 47 EE F0 73 35 72 B0 02 C4 F3 11 C3 5E 47 E5 521 : 0A B7 83 F1 DB 74 69 64 8B 44 1D 95 5D CD 28 C0 522 : 85 523 165 02 3: INTEGER 65537 524 170 02 128: INTEGER 525 : 3D BD CD C2 0E 61 14 5B 4B E7 BF 60 23 04 2B C5 526 : 6B 35 A5 96 45 23 FC 69 7D 93 3C 0F D3 25 96 BA 527 : 62 52 42 E2 96 CF FE 58 80 8F EB B1 8C BD D4 0D 528 : 65 D0 3A 77 45 24 9E 0C EB 86 80 C3 AC 21 11 71 529 : 44 E3 B2 A8 A9 2E AC 17 D2 A3 84 25 63 B5 BC 2F 530 : 1E DD F6 21 FF 15 20 24 5B F1 80 2F D5 41 0E 32 531 : 24 F7 D4 4A 32 9E B9 49 D8 19 8E 3F 39 8D 62 BD 532 : 80 FC 0C 24 92 93 E4 C3 D7 05 91 53 BB 96 B6 41 533 301 02 65: INTEGER 534 : 00 F3 B8 3F 4A D1 94 B0 91 60 13 41 92 0D 8D 44 535 : 3F 77 1D FF 96 23 44 08 D4 0B 70 C9 1A AF E9 90 536 : 94 F2 B0 D5 5F 4F 19 85 50 A1 90 91 AE BD 05 76 537 : 52 B3 22 D8 A8 7C 8E 54 7F 00 72 4F 36 75 68 73 538 : B5 539 368 02 65: INTEGER 540 : 00 E1 D2 E7 11 57 06 AE 72 95 22 16 AA 02 B4 5A 541 : ED 4E 9D 82 11 4F 96 3C 86 C9 10 8D 56 7B 31 75 542 : 79 69 E7 75 68 38 00 4B 2E D2 26 32 DD B1 E2 E0 543 : 2C 54 80 0A 75 BA D1 66 96 1B B0 0E A0 7E D2 BB 544 : 91 545 435 02 65: INTEGER 546 : 00 AF B6 BC DB 22 73 43 41 EC B4 B5 67 A9 A1 99 547 : FC EF D2 8E FD 1D FB E5 29 8B FE 0A DF D4 C8 5E 548 : 57 25 0A 5D 2B D4 09 A0 56 5B C5 B1 62 FC 20 BE 549 : 08 2D E3 07 B5 A1 E7 B3 FF C4 C0 A5 5F AC 12 5C 550 : A9 551 502 02 65: INTEGER 552 : 00 B9 98 41 FC 08 50 1F 73 60 8A 01 A2 7C 52 8A 553 : 20 5A EA 2C 89 D9 A5 19 DD 94 C6 1B C3 25 C0 82 554 : 51 E4 EE 2B 9A 19 DC 73 ED E9 1D 27 D4 F8 6C 03 555 : DD AB 1D 08 7B B5 AC 7F E9 82 9B F1 89 8A 71 DB 556 : 61 557 569 02 64: INTEGER 558 : 01 07 21 97 5F 7A 60 A8 FD 5A 5C 07 DF A8 DE F7 559 : E2 B1 34 7D FC EB 91 BD B0 73 74 C8 C4 BE 3F 58 560 : 45 30 06 90 B3 AC 69 CC B3 F7 3F 7C AC C7 B8 1B 561 : 65 A1 16 39 39 B0 E3 74 7D CF CD C5 AC 6C BF E5 562 : } 563 : } 564 : } 566 EricaPrivDHEncryptBobParam = 567 0 30 355: SEQUENCE { 568 4 02 1: INTEGER 0 569 7 30 312: SEQUENCE { 570 11 06 7: OBJECT IDENTIFIER dhPublicNumber (1 2 840 10046 2 1) 571 : (ANSI X9.42 number-type) 572 20 30 299: SEQUENCE { 573 24 02 129: INTEGER 574 : 00 EC 2C CD A4 EF 9A 26 2F 62 A7 BB 23 4D DF 2B 575 : 25 C1 68 D2 9E A9 45 5B 36 F1 94 89 1A AF 7D 11 576 : 24 9D 3D B9 3C 29 E8 D7 23 80 33 A6 9E 45 02 BB 577 : AA CC 9E 28 05 95 A0 B3 17 76 C1 F7 25 35 61 02 578 : 41 92 27 0C 5E AE 48 E5 F3 6E 38 EF 91 D1 CF 37 579 : FE 9A 40 97 C8 2D 35 9E 9D 93 C6 F8 15 AF 3F DA 580 : 74 3A B7 C4 93 B5 B9 BB 76 6C 1F A8 7E BC 3A AA 581 : 43 0A 81 64 FC 63 F0 7B 71 98 FA C0 38 79 10 1A 582 : 33 583 156 02 129: INTEGER 584 : 00 BA 0B D7 74 3D E7 34 E5 4C 13 A7 95 96 BB F1 585 : E4 61 37 08 FB 12 C7 FB 9C 91 77 06 99 35 F0 48 586 : 24 96 33 12 01 7E 8D EC 0B F6 B2 C0 63 A7 15 C5 587 : 5E 95 86 A2 73 C5 49 46 37 79 60 FD 77 05 09 48 588 : 9B 70 8D 3C 05 F6 CE 44 2C 7F 7D 1B 2B 15 DD F3 589 : 05 2F BE 85 20 8F 8D F9 B4 A0 45 74 2B F4 3B 9D 590 : 42 62 34 27 27 81 8E 6F 0F 5E 62 85 89 CC ED 21 591 : C3 91 70 06 54 EE 70 A8 92 55 5B 6E 19 22 4D 62 592 : A7 593 288 02 33: INTEGER 594 : 00 C3 AB 4A 30 79 B3 D3 97 4E CA F5 A2 7D C7 70 595 : A3 45 F3 B3 A2 86 05 D2 3E 49 F9 9F D9 0A B3 BE 596 : BD 597 : } 598 : } 599 323 04 34: OCTET STRING, encapsulates { 600 325 02 32: INTEGER 601 : 48 64 11 E4 17 01 12 E6 C1 D3 9C 70 7D 7C A6 97 602 : 95 BD C8 95 07 F7 CF 41 11 A7 13 91 FB 30 3D 8C 603 : } 604 : } 606 MailListTripleDES = 607 255e 0d1c 07b6 46df b313 4cc8 43ba 8aa7 1f02 5b7c 0838 251f 609 MailListRC2 = 610 b70a 25fb c9d8 6a86 050c e0d7 11ea d4d9 612 3.3 Certificates 614 Note that Bob's and Diane's Diffie-Hellman encryption keys do *not* 615 share Diffie-Hellman parameters; however, Bob and Erica share Diffie- 616 Hellman parameters. 618 AliceDSSSignByCarlNoInherit = 619 0 30 734: SEQUENCE { 620 4 30 669: SEQUENCE { 621 8 A0 3: [0] { 622 10 02 1: INTEGER 2 623 : } 624 13 02 2: INTEGER 200 625 17 30 9: SEQUENCE { 626 19 06 7: OBJECT IDENTIFIER dsaWithSha1 (1 2 840 10040 4 3) 627 : (ANSI X9.57 algorithm) 628 : } 629 28 30 18: SEQUENCE { 630 30 31 16: SET { 631 32 30 14: SEQUENCE { 632 34 06 3: OBJECT IDENTIFIER commonName (2 5 4 3) 633 : (X.520 id-at (2 5 4)) 634 39 13 7: PrintableString 'CarlDSS' 635 : } 636 : } 637 : } 638 48 30 30: SEQUENCE { 639 50 17 13: UTCTime '990817011049Z' 640 65 17 13: UTCTime '391231235959Z' 641 : } 642 80 30 19: SEQUENCE { 643 82 31 17: SET { 644 84 30 15: SEQUENCE { 645 86 06 3: OBJECT IDENTIFIER commonName (2 5 4 3) 646 : (X.520 id-at (2 5 4)) 647 91 13 8: PrintableString 'AliceDSS' 648 : } 649 : } 650 : } 651 101 30 438: SEQUENCE { 652 105 30 299: SEQUENCE { 653 109 06 7: OBJECT IDENTIFIER dsa (1 2 840 10040 4 1) 654 : (ANSI X9.57 algorithm) 655 118 30 286: SEQUENCE { 656 122 02 129: INTEGER 657 : 00 81 8D CD ED 83 EA 0A 9E 39 3E C2 48 28 A3 E4 658 : 47 93 DD 0E D7 A8 0E EC 53 C5 AB 84 08 4F FF 94 659 : E1 73 48 7E 0C D6 F3 44 48 D1 FE 9F AF A4 A1 89 660 : 2F E1 D9 30 C8 36 DE 3F 9B BF B7 4C DC 5F 69 8A 661 : E4 75 D0 37 0C 91 08 95 9B DE A7 5E F9 FC F4 9F 662 : 2F DD 43 A8 8B 54 F1 3F B0 07 08 47 4D 5D 88 C3 663 : C3 B5 B3 E3 55 08 75 D5 39 76 10 C4 78 BD FF 9D 664 : B0 84 97 37 F2 E4 51 1B B5 E4 09 96 5C F3 7E 5B 665 : DB 666 254 02 21: INTEGER 667 : 00 E2 47 A6 1A 45 66 B8 13 C6 DA 8F B8 37 21 2B 668 : 62 8B F7 93 CD 669 277 02 128: INTEGER 670 : 26 38 D0 14 89 32 AA 39 FB 3E 6D D9 4B 59 6A 4C 671 : 76 23 39 04 02 35 5C F2 CB 1A 30 C3 1E 50 5D DD 672 : 9B 59 E2 CD AA 05 3D 58 C0 7B A2 36 B8 6E 07 AF 673 : 7D 8A 42 25 A7 F4 75 CF 4A 08 5E 4B 3E 90 F8 6D 674 : EA 9C C9 21 8A 3B 76 14 E9 CE 2E 5D A3 07 CD 23 675 : 85 B8 2F 30 01 7C 6D 49 89 11 89 36 44 BD F8 C8 676 : 95 4A 53 56 B5 E2 F9 73 EC 1A 61 36 1F 11 7F C2 677 : BD ED D1 50 FF 98 74 C2 D1 81 4A 60 39 BA 36 39 678 : } 679 : } 680 408 03 132: BIT STRING 0 unused bits, encapsulates { 681 412 02 128: INTEGER 682 : 5C E3 B9 5A 75 14 96 0B A9 7A DD E3 3F A9 EC AC 683 : 5E DC BD B7 13 11 34 A6 16 89 28 11 23 D9 34 86 684 : 67 75 75 13 12 3D 43 5B 6F E5 51 BF FA 89 F2 A2 685 : 1B 3E 24 7D 3D 07 8D 5B 63 C8 BB 45 A5 A0 4A E3 686 : 85 D6 CE 06 80 3F E8 23 7E 1A F2 24 AB 53 1A B8 687 : 27 0D 1E EF 08 BF 66 14 80 5C 62 AC 65 FA 15 8B 688 : F1 BB 34 D4 D2 96 37 F6 61 47 B2 C4 32 84 F0 7E 689 : 41 40 FD 46 A7 63 4E 33 F2 A5 E2 F4 F2 83 E5 B8 690 : } 691 : } 692 543 A3 131: [3] { 693 546 30 128: SEQUENCE { 694 549 30 32: SEQUENCE { 695 551 06 3: OBJECT IDENTIFIER subjectAltName (2 5 29 17) 696 : (X.509 id-ce (2 5 29)) 697 556 04 25: OCTET STRING, encapsulates { 698 558 30 23: SEQUENCE { 699 560 81 21: [1] 'aliceDss@examples.com' 700 : } 701 : } 702 : } 703 583 30 12: SEQUENCE { 704 585 06 3: OBJECT IDENTIFIER basicConstraints (2 5 29 19) 705 : (X.509 id-ce (2 5 29)) 706 590 01 1: BOOLEAN TRUE 707 593 04 2: OCTET STRING, encapsulates { 708 595 30 0: SEQUENCE {} 709 : } 710 : } 711 597 30 14: SEQUENCE { 712 599 06 3: OBJECT IDENTIFIER keyUsage (2 5 29 15) 713 : (X.509 id-ce (2 5 29)) 714 604 01 1: BOOLEAN TRUE 715 607 04 4: OCTET STRING, encapsulates { 716 609 03 2: BIT STRING 6 unused bits 717 : '11'B 718 : } 719 : } 720 613 30 31: SEQUENCE { 721 615 06 3: OBJECT IDENTIFIER authorityKeyIdentifier (2 5 29 35) 722 : (X.509 id-ce (2 5 29)) 723 620 04 24: OCTET STRING, encapsulates { 724 622 30 22: SEQUENCE { 725 624 80 20: [0] 726 : 70 44 3E 82 2E 6F 87 DE 4A D3 75 E3 3D 20 BC 43 727 : 2B 93 F1 1F 728 : } 729 : } 730 : } 731 646 30 29: SEQUENCE { 732 648 06 3: OBJECT IDENTIFIER subjectKeyIdentifier (2 5 29 14) 733 : (X.509 id-ce (2 5 29)) 734 653 04 22: OCTET STRING 735 : 04 14 BE 6C A1 B3 E3 C1 F7 ED 43 70 A4 CE 13 01 736 : E2 FD E3 97 FE CD 737 : } 738 : } 739 : } 740 : } 741 677 30 9: SEQUENCE { 742 679 06 7: OBJECT IDENTIFIER dsaWithSha1 (1 2 840 10040 4 3) 743 : (ANSI X9.57 algorithm) 744 : } 745 688 03 48: BIT STRING 0 unused bits, encapsulates { 746 691 30 45: SEQUENCE { 747 693 02 21: INTEGER 748 : 00 98 B0 C6 3F CF 71 47 5A 35 A9 4A 8F C0 F8 24 749 : 05 E8 46 94 8E 750 716 02 20: INTEGER 751 : 5B 9F 48 C0 8C A1 C1 02 9C 44 EA E9 A1 87 C1 A5 752 : 7F 28 2D BB 753 : } 754 : } 755 : } 757 AliceRSASignByCarl = 758 0 30 514: SEQUENCE { 759 4 30 367: SEQUENCE { 760 8 A0 3: [0] { 761 10 02 1: INTEGER 2 762 : } 763 13 02 16: INTEGER 764 : 46 34 6B C7 80 00 56 BC 11 D3 6E 2E C4 10 B3 B0 765 31 30 9: SEQUENCE { 766 33 06 5: OBJECT IDENTIFIER sha-1WithRSAEncryption (1 3 14 3 2 29) 767 : (Oddball OIW OID) 768 40 05 0: NULL 769 : } 770 42 30 18: SEQUENCE { 771 44 31 16: SET { 772 46 30 14: SEQUENCE { 773 48 06 3: OBJECT IDENTIFIER commonName (2 5 4 3) 774 : (X.520 id-at (2 5 4)) 775 53 13 7: PrintableString 'CarlRSA' 776 : } 777 : } 778 : } 779 62 30 30: SEQUENCE { 780 64 17 13: UTCTime '990919010847Z' 781 79 17 13: UTCTime '391231235959Z' 782 : } 783 94 30 19: SEQUENCE { 784 96 31 17: SET { 785 98 30 15: SEQUENCE { 786 100 06 3: OBJECT IDENTIFIER commonName (2 5 4 3) 787 : (X.520 id-at (2 5 4)) 788 105 13 8: PrintableString 'AliceRSA' 789 : } 790 : } 791 : } 792 115 30 159: SEQUENCE { 793 118 30 13: SEQUENCE { 794 120 06 9: OBJECT IDENTIFIER rsaEncryption (1 2 840 113549 1 1 1) 795 : (PKCS #1) 796 131 05 0: NULL 797 : } 798 133 03 141: BIT STRING 0 unused bits, encapsulates { 799 137 30 137: SEQUENCE { 800 140 02 129: INTEGER 801 : 00 E0 89 73 39 8D D8 F5 F5 E8 87 76 39 7F 4E B0 802 : 05 BB 53 83 DE 0F B7 AB DC 7D C7 75 29 0D 05 2E 803 : 6D 12 DF A6 86 26 D4 D2 6F AA 58 29 FC 97 EC FA 804 : 82 51 0F 30 80 BE B1 50 9E 46 44 F1 2C BB D8 32 805 : CF C6 68 6F 07 D9 B0 60 AC BE EE 34 09 6A 13 F5 806 : F7 05 05 93 DF 5E BA 35 56 D9 61 FF 19 7F C9 81 807 : E6 F8 6C EA 87 40 70 EF AC 6D 2C 74 9F 2D FA 55 808 : 3A B9 99 77 02 A6 48 52 8C 4E F3 57 38 57 74 57 809 : 5F 810 272 02 3: INTEGER 65537 811 : } 812 : } 813 : } 814 277 A3 96: [3] { 815 279 30 94: SEQUENCE { 816 281 30 12: SEQUENCE { 817 283 06 3: OBJECT IDENTIFIER basicConstraints (2 5 29 19) 818 : (X.509 id-ce (2 5 29)) 819 288 01 1: BOOLEAN TRUE 820 291 04 2: OCTET STRING, encapsulates { 821 293 30 0: SEQUENCE {} 822 : } 823 : } 824 295 30 14: SEQUENCE { 825 297 06 3: OBJECT IDENTIFIER keyUsage (2 5 29 15) 826 : (X.509 id-ce (2 5 29)) 827 302 01 1: BOOLEAN TRUE 828 305 04 4: OCTET STRING, encapsulates { 829 307 03 2: BIT STRING 6 unused bits 830 : '11'B 831 : } 832 : } 833 311 30 31: SEQUENCE { 834 313 06 3: OBJECT IDENTIFIER authorityKeyIdentifier (2 5 29 35) 835 : (X.509 id-ce (2 5 29)) 836 318 04 24: OCTET STRING, encapsulates { 837 320 30 22: SEQUENCE { 838 322 80 20: [0] 839 : E9 E0 90 27 AC 78 20 7A 9A D3 4C F2 42 37 4E 22 840 : AE 9E 38 BB 841 : } 842 : } 843 : } 844 344 30 29: SEQUENCE { 845 346 06 3: OBJECT IDENTIFIER subjectKeyIdentifier (2 5 29 14) 846 : (X.509 id-ce (2 5 29)) 847 351 04 22: OCTET STRING 848 : 04 14 77 D2 B4 D1 B7 4C 8A 8A A3 CE 45 9D CE EC 849 : 3C A0 3A E3 FF 50 850 : } 851 : } 852 : } 853 : } 854 375 30 9: SEQUENCE { 855 377 06 5: OBJECT IDENTIFIER sha-1WithRSAEncryption (1 3 14 3 2 29) 856 : (Oddball OIW OID) 857 384 05 0: NULL 858 : } 859 386 03 129: BIT STRING 0 unused bits 860 : BF 34 32 E6 FC 6A 88 41 7D F0 5C 99 A1 93 B7 49 861 : B7 02 52 1E CB 84 AC 93 D7 58 2B 00 A1 9C C4 48 862 : 48 99 DD 02 C3 C6 05 F8 D2 25 F1 A3 9C C9 33 01 863 : 8A 76 0E 6F 77 43 A3 BF E1 E6 B3 6A 04 79 39 EE 864 : E1 E9 E5 9D 50 07 8B 22 DC 12 50 E3 F3 B4 3D 9E 865 : E5 93 9E B1 CD 33 F9 E0 AB 98 71 09 F8 EB B0 FC 866 : 9C EC F1 88 D8 AE 03 D1 FE 60 E1 62 14 B1 A2 23 867 : D2 C8 8D 18 1F 5E EE 9B 72 02 27 C2 85 3D 04 2E 868 : } 870 BobDHEncryptByCarl = 871 0 30 866: SEQUENCE { 872 4 30 801: SEQUENCE { 873 8 A0 3: [0] { 874 10 02 1: INTEGER 2 875 : } 876 13 02 2: INTEGER 201 877 17 30 9: SEQUENCE { 878 19 06 7: OBJECT IDENTIFIER dsaWithSha1 (1 2 840 10040 4 3) 879 : (ANSI X9.57 algorithm) 880 : } 881 28 30 18: SEQUENCE { 882 30 31 16: SET { 883 32 30 14: SEQUENCE { 884 34 06 3: OBJECT IDENTIFIER commonName (2 5 4 3) 885 : (X.520 id-at (2 5 4)) 886 39 13 7: PrintableString 'CarlDSS' 887 : } 888 : } 889 : } 890 48 30 30: SEQUENCE { 891 50 17 13: UTCTime '990817011828Z' 892 65 17 13: UTCTime '391231235959Z' 893 : } 894 80 30 16: SEQUENCE { 895 82 31 14: SET { 896 84 30 12: SEQUENCE { 897 86 06 3: OBJECT IDENTIFIER commonName (2 5 4 3) 898 : (X.520 id-at (2 5 4)) 899 91 13 5: PrintableString 'bobDH' 900 : } 901 : } 902 : } 903 98 30 578: SEQUENCE { 904 102 30 439: SEQUENCE { 905 106 06 7: OBJECT IDENTIFIER dhPublicNumber (1 2 840 10046 2 1) 906 : (ANSI X9.42 number-type) 907 115 30 426: SEQUENCE { 908 119 02 129: INTEGER 909 : 00 EC 2C CD A4 EF 9A 26 2F 62 A7 BB 23 4D DF 2B 910 : 25 C1 68 D2 9E A9 45 5B 36 F1 94 89 1A AF 7D 11 911 : 24 9D 3D B9 3C 29 E8 D7 23 80 33 A6 9E 45 02 BB 912 : AA CC 9E 28 05 95 A0 B3 17 76 C1 F7 25 35 61 02 913 : 41 92 27 0C 5E AE 48 E5 F3 6E 38 EF 91 D1 CF 37 914 : FE 9A 40 97 C8 2D 35 9E 9D 93 C6 F8 15 AF 3F DA 915 : 74 3A B7 C4 93 B5 B9 BB 76 6C 1F A8 7E BC 3A AA 916 : 43 0A 81 64 FC 63 F0 7B 71 98 FA C0 38 79 10 1A 917 : 33 918 251 02 129: INTEGER 919 : 00 BA 0B D7 74 3D E7 34 E5 4C 13 A7 95 96 BB F1 920 : E4 61 37 08 FB 12 C7 FB 9C 91 77 06 99 35 F0 48 921 : 24 96 33 12 01 7E 8D EC 0B F6 B2 C0 63 A7 15 C5 922 : 5E 95 86 A2 73 C5 49 46 37 79 60 FD 77 05 09 48 923 : 9B 70 8D 3C 05 F6 CE 44 2C 7F 7D 1B 2B 15 DD F3 924 : 05 2F BE 85 20 8F 8D F9 B4 A0 45 74 2B F4 3B 9D 925 : 42 62 34 27 27 81 8E 6F 0F 5E 62 85 89 CC ED 21 926 : C3 91 70 06 54 EE 70 A8 92 55 5B 6E 19 22 4D 62 927 : A7 928 383 02 33: INTEGER 929 : 00 C3 AB 4A 30 79 B3 D3 97 4E CA F5 A2 7D C7 70 930 : A3 45 F3 B3 A2 86 05 D2 3E 49 F9 9F D9 0A B3 BE 931 : BD 932 418 02 97: INTEGER 933 : 01 34 FE C2 33 48 EB F6 3B 97 D9 E4 97 A7 60 A5 934 : 25 69 34 FB FD 46 2A D6 C9 C4 C5 F7 D6 F4 04 19 935 : 8D 94 D9 8A 37 68 69 67 55 FB F2 6B 0E 47 C5 5B 936 : 0B 4B 0E 1C 1A 8B 7B 75 B7 AA C3 AA D7 EB 3B DA 937 : 2A 8D 02 87 37 47 83 D7 31 B4 25 A8 AC BB 11 88 938 : 53 1C 11 92 B6 69 E7 2E 90 C1 7A FC 87 F4 F6 D7 939 : 1A 940 517 30 26: SEQUENCE { 941 519 03 21: BIT STRING 0 unused bits 942 : B9 FF 1C 93 44 67 37 D1 B2 F8 57 9A 32 4A C9 4A 943 : FF 3B EC 1E 944 542 02 1: INTEGER 29 945 : } 946 : } 947 : } 948 545 03 132: BIT STRING 0 unused bits, encapsulates { 949 549 02 128: INTEGER 950 : 6F D4 F6 CD 94 9A 6E AF 5B 57 17 96 75 BB 0F B9 951 : 48 E9 90 37 0D 15 20 C2 55 1E 13 E2 AE 71 17 84 952 : C3 0E 74 AE 8A 55 7F 28 7D 8B D7 28 22 9C 76 46 953 : D7 3B 4F 9D D1 4D 1B B2 DB 51 94 C5 6D 54 96 40 954 : 38 8A 38 81 63 4A 8C C3 1E 09 89 74 A6 58 D5 C8 955 : 5A 3D CF BB B8 23 7F 9C 1F 7D 78 FA 9E F9 90 9E 956 : 91 E7 4B C2 A4 BE 45 06 78 42 58 3D 9F 63 2C EF 957 : 84 D4 67 E5 FB C6 6D A2 36 29 67 90 46 DB 4E 48 958 : } 959 : } 960 680 A3 127: [3] { 961 682 30 125: SEQUENCE { 962 684 30 29: SEQUENCE { 963 686 06 3: OBJECT IDENTIFIER subjectAltName (2 5 29 17) 964 : (X.509 id-ce (2 5 29)) 965 691 04 22: OCTET STRING, encapsulates { 966 693 30 20: SEQUENCE { 967 695 81 18: [1] 'bobDh@examples.com' 968 : } 969 : } 970 : } 971 715 30 12: SEQUENCE { 972 717 06 3: OBJECT IDENTIFIER basicConstraints (2 5 29 19) 973 : (X.509 id-ce (2 5 29)) 974 722 01 1: BOOLEAN TRUE 975 725 04 2: OCTET STRING, encapsulates { 976 727 30 0: SEQUENCE {} 977 : } 978 : } 979 729 30 14: SEQUENCE { 980 731 06 3: OBJECT IDENTIFIER keyUsage (2 5 29 15) 981 : (X.509 id-ce (2 5 29)) 982 736 01 1: BOOLEAN TRUE 983 739 04 4: OCTET STRING, encapsulates { 984 741 03 2: BIT STRING 3 unused bits 985 : '10000'B 986 : } 987 : } 988 745 30 31: SEQUENCE { 989 747 06 3: OBJECT IDENTIFIER authorityKeyIdentifier (2 5 29 35) 990 : (X.509 id-ce (2 5 29)) 991 752 04 24: OCTET STRING, encapsulates { 992 754 30 22: SEQUENCE { 993 756 80 20: [0] 994 : 70 44 3E 82 2E 6F 87 DE 4A D3 75 E3 3D 20 BC 43 995 : 2B 93 F1 1F 996 : } 997 : } 998 : } 999 778 30 29: SEQUENCE { 1000 780 06 3: OBJECT IDENTIFIER subjectKeyIdentifier (2 5 29 14) 1001 : (X.509 id-ce (2 5 29)) 1002 785 04 22: OCTET STRING 1003 : 04 14 26 FF 19 48 C3 59 33 68 56 8D 7E C8 80 68 1004 : 5C CF 3C 72 DD 26 1005 : } 1006 : } 1007 : } 1008 : } 1009 809 30 9: SEQUENCE { 1010 811 06 7: OBJECT IDENTIFIER dsaWithSha1 (1 2 840 10040 4 3) 1011 : (ANSI X9.57 algorithm) 1012 : } 1013 820 03 48: BIT STRING 0 unused bits, encapsulates { 1014 823 30 45: SEQUENCE { 1015 825 02 20: INTEGER 1016 : 15 EA 15 43 E3 49 22 86 C1 BB E5 DA E4 0E B8 09 1017 : E0 D5 72 35 1018 847 02 21: INTEGER 1019 : 00 AE 4F 51 29 73 71 75 A9 81 EB ED 9D 5E 00 19 1020 : 7E F0 DE 5A D6 1021 : } 1022 : } 1023 : } 1025 BobRSASignByCarl = 1026 0 30 512: SEQUENCE { 1027 4 30 365: SEQUENCE { 1028 8 A0 3: [0] { 1029 10 02 1: INTEGER 2 1030 : } 1031 13 02 16: INTEGER 1032 : 46 34 6B C7 80 00 56 BC 11 D3 6E 2E CD 5D 71 D0 1033 31 30 9: SEQUENCE { 1034 33 06 5: OBJECT IDENTIFIER sha-1WithRSAEncryption (1 3 14 3 2 29) 1035 : (Oddball OIW OID) 1036 40 05 0: NULL 1037 : } 1038 42 30 18: SEQUENCE { 1039 44 31 16: SET { 1040 46 30 14: SEQUENCE { 1041 48 06 3: OBJECT IDENTIFIER commonName (2 5 4 3) 1042 : (X.520 id-at (2 5 4)) 1043 53 13 7: PrintableString 'CarlRSA' 1044 : } 1045 : } 1046 : } 1047 62 30 30: SEQUENCE { 1048 64 17 13: UTCTime '990919010902Z' 1049 79 17 13: UTCTime '391231235959Z' 1050 : } 1051 94 30 17: SEQUENCE { 1052 96 31 15: SET { 1053 98 30 13: SEQUENCE { 1054 100 06 3: OBJECT IDENTIFIER commonName (2 5 4 3) 1055 : (X.520 id-at (2 5 4)) 1056 105 13 6: PrintableString 'BobRSA' 1057 : } 1058 : } 1059 : } 1060 113 30 159: SEQUENCE { 1061 116 30 13: SEQUENCE { 1062 118 06 9: OBJECT IDENTIFIER rsaEncryption (1 2 840 113549 1 1 1) 1063 : (PKCS #1) 1064 129 05 0: NULL 1065 : } 1066 131 03 141: BIT STRING 0 unused bits, encapsulates { 1067 135 30 137: SEQUENCE { 1068 138 02 129: INTEGER 1069 : 00 CA 5C E1 2E EC CF C1 3B 5D 10 1B DF 54 35 71 1070 : 99 0A 09 D8 3D E4 61 BF A0 BE 0A BE 11 A4 3C B5 1071 : 38 41 41 48 04 E1 5B B1 17 1C 53 B5 F4 C5 15 D3 1072 : FE 0C FB 0C AC EA 80 18 36 03 7E 41 93 53 D7 40 1073 : 74 49 DB D9 C6 AF FE D6 CA 0D CA 01 84 8F A1 E9 1074 : A3 00 21 27 51 D5 40 19 AA E3 C0 30 78 5B A0 B2 1075 : E6 C1 2D 24 36 CB AE 44 10 82 B0 DD 74 D7 F6 EB 1076 : 51 27 B2 A7 B6 AD 78 CA A7 1B 59 51 18 EF 28 0C 1077 : 53 1078 270 02 3: INTEGER 65537 1079 : } 1080 : } 1081 : } 1082 275 A3 96: [3] { 1083 277 30 94: SEQUENCE { 1084 279 30 12: SEQUENCE { 1085 281 06 3: OBJECT IDENTIFIER basicConstraints (2 5 29 19) 1086 : (X.509 id-ce (2 5 29)) 1087 286 01 1: BOOLEAN TRUE 1088 289 04 2: OCTET STRING, encapsulates { 1089 291 30 0: SEQUENCE {} 1090 : } 1091 : } 1092 293 30 14: SEQUENCE { 1093 295 06 3: OBJECT IDENTIFIER keyUsage (2 5 29 15) 1094 : (X.509 id-ce (2 5 29)) 1095 300 01 1: BOOLEAN TRUE 1096 303 04 4: OCTET STRING, encapsulates { 1097 305 03 2: BIT STRING 5 unused bits 1098 : '100'B 1099 : } 1100 : } 1101 309 30 31: SEQUENCE { 1102 311 06 3: OBJECT IDENTIFIER authorityKeyIdentifier (2 5 29 35) 1103 : (X.509 id-ce (2 5 29)) 1104 316 04 24: OCTET STRING, encapsulates { 1105 318 30 22: SEQUENCE { 1106 320 80 20: [0] 1107 : E9 E0 90 27 AC 78 20 7A 9A D3 4C F2 42 37 4E 22 1108 : AE 9E 38 BB 1109 : } 1110 : } 1111 : } 1112 342 30 29: SEQUENCE { 1113 344 06 3: OBJECT IDENTIFIER subjectKeyIdentifier (2 5 29 14) 1114 : (X.509 id-ce (2 5 29)) 1115 349 04 22: OCTET STRING 1116 : 04 14 E8 F4 B8 67 D8 B3 96 A4 2A F3 11 AA 29 D3 1117 : 95 5A 86 16 B4 24 1118 : } 1119 : } 1120 : } 1121 : } 1122 373 30 9: SEQUENCE { 1123 375 06 5: OBJECT IDENTIFIER sha-1WithRSAEncryption (1 3 14 3 2 29) 1124 : (Oddball OIW OID) 1125 382 05 0: NULL 1126 : } 1127 384 03 129: BIT STRING 0 unused bits 1128 : 98 FA AF 7D 21 01 AA B3 88 BC F1 EF 12 5F 4D 58 1129 : 30 D8 8E 4E BC E1 2C B2 7E 68 57 8D 0C 43 5C D7 1130 : 1E 45 D1 F7 95 33 E2 A0 75 CA 13 C8 53 BC 33 26 1131 : 9B B3 C8 50 DF CD 84 6A 1B E8 48 C8 42 D0 81 63 1132 : 6C 33 19 BE 02 69 F6 16 31 7F D4 99 DF 80 7A F3 1133 : 3B F8 1B 29 7D 26 51 37 03 22 3F F6 15 3D 30 F3 1134 : 32 8A F1 AE 97 DE D7 F5 16 A9 A7 AD C7 15 AF 53 1135 : 3E A8 25 91 B2 C4 5F 4E 6A 15 57 47 50 BC B2 FA 1136 : } 1138 CarlDSSSelf = 1139 0 30 667: SEQUENCE { 1140 4 30 602: SEQUENCE { 1141 8 A0 3: [0] { 1142 10 02 1: INTEGER 2 1143 : } 1144 13 02 1: INTEGER 1 1145 16 30 9: SEQUENCE { 1146 18 06 7: OBJECT IDENTIFIER dsaWithSha1 (1 2 840 10040 4 3) 1147 : (ANSI X9.57 algorithm) 1148 : } 1149 27 30 18: SEQUENCE { 1150 29 31 16: SET { 1151 31 30 14: SEQUENCE { 1152 33 06 3: OBJECT IDENTIFIER commonName (2 5 4 3) 1153 : (X.520 id-at (2 5 4)) 1154 38 13 7: PrintableString 'CarlDSS' 1155 : } 1156 : } 1157 : } 1158 47 30 30: SEQUENCE { 1159 49 17 13: UTCTime '990816225050Z' 1160 64 17 13: UTCTime '391231235959Z' 1161 : } 1162 79 30 18: SEQUENCE { 1163 81 31 16: SET { 1164 83 30 14: SEQUENCE { 1165 85 06 3: OBJECT IDENTIFIER commonName (2 5 4 3) 1166 : (X.520 id-at (2 5 4)) 1167 90 13 7: PrintableString 'CarlDSS' 1168 : } 1169 : } 1170 : } 1171 99 30 439: SEQUENCE { 1172 103 30 299: SEQUENCE { 1173 107 06 7: OBJECT IDENTIFIER dsa (1 2 840 10040 4 1) 1174 : (ANSI X9.57 algorithm) 1175 116 30 286: SEQUENCE { 1176 120 02 129: INTEGER 1177 : 00 B6 49 18 3E 8A 44 C1 29 71 94 4C 01 C4 12 C1 1178 : 7A 79 CB 54 4D AB 1E 81 FB C6 4C B3 0E 94 09 06 1179 : EB 01 D4 B1 C8 71 4B C7 45 C0 50 25 5D 9C FC DA 1180 : E4 6D D3 E2 86 48 84 82 7D BA 15 95 4A 16 F6 46 1181 : ED DD F6 98 D2 BB 7E 8A 0A 8A BA 16 7B B9 50 01 1182 : 48 93 8B EB 25 15 51 97 55 DC 8F 53 0E 10 A9 50 1183 : FC 70 B7 CD 30 54 FD DA DE A8 AA 22 B5 A1 AF 8B 1184 : CC 02 88 E7 8B 70 5F B9 AD E1 08 D4 6D 29 2D D6 1185 : E9 1186 252 02 21: INTEGER 1187 : 00 DD C1 2F DF 53 CE 0B 34 60 77 3E 02 A4 BF 8A 1188 : 5D 98 B9 10 D5 1189 275 02 128: INTEGER 1190 : 0C EE 57 9B 4B BD DA B6 07 6A 74 37 4F 55 7F 9D 1191 : ED BC 61 0D EB 46 59 3C 56 0B 2B 5B 0C 91 CE A5 1192 : 62 52 69 CA E1 6D 3E BD BF FE E1 B7 B9 2B 61 3C 1193 : AD CB AE 45 E3 06 AC 8C 22 9D 9C 44 87 0B C7 CD 1194 : F0 1C D9 B5 4E 5D 73 DE AF 0E C9 1D 5A 51 F5 4F 1195 : 44 79 35 5A 73 AA 7F 46 51 1F A9 42 16 9C 48 EB 1196 : 8A 79 61 B4 D5 2F 53 22 44 63 1F 86 B8 A3 58 06 1197 : 25 F8 29 C0 EF BA E0 75 F0 42 C4 63 65 52 9B 0A 1198 : } 1199 : } 1200 406 03 133: BIT STRING 0 unused bits, encapsulates { 1201 410 02 129: INTEGER 1202 : 00 99 87 74 27 03 66 A0 B1 C0 AD DC 2C 75 BB E1 1203 : 6C 44 9C DA 21 6D 4D 47 6D B1 62 09 E9 D8 AE 1E 1204 : F2 3A B4 94 B1 A3 8E 7A 9B 71 4E 00 94 C9 B4 25 1205 : 4E B9 60 96 19 24 01 F3 62 0C FE 75 C0 FB CE D8 1206 : 68 00 E3 FD D5 70 4F DF 23 96 19 06 94 F4 B1 61 1207 : 8F 3A 57 B1 08 11 A4 0B 26 25 F0 52 76 81 EA 0B 1208 : 62 0D 95 2A E6 86 BA 72 B2 A7 50 83 0B AA 27 CD 1209 : 1B A9 4D 89 9A D7 8D 18 39 84 3F 8B C5 56 4D 80 1210 : 7A 1211 : } 1212 : } 1213 542 A3 66: [3] { 1214 544 30 64: SEQUENCE { 1215 546 30 15: SEQUENCE { 1216 548 06 3: OBJECT IDENTIFIER basicConstraints (2 5 29 19) 1217 : (X.509 id-ce (2 5 29)) 1218 553 01 1: BOOLEAN TRUE 1219 556 04 5: OCTET STRING, encapsulates { 1220 558 30 3: SEQUENCE { 1221 560 01 1: BOOLEAN TRUE 1222 : } 1223 : } 1224 : } 1225 563 30 14: SEQUENCE { 1226 565 06 3: OBJECT IDENTIFIER keyUsage (2 5 29 15) 1227 : (X.509 id-ce (2 5 29)) 1228 570 01 1: BOOLEAN TRUE 1229 573 04 4: OCTET STRING, encapsulates { 1230 575 03 2: BIT STRING 1 unused bits 1231 : '1100001'B 1232 : } 1233 : } 1234 579 30 29: SEQUENCE { 1235 581 06 3: OBJECT IDENTIFIER subjectKeyIdentifier (2 5 29 14) 1236 : (X.509 id-ce (2 5 29)) 1237 586 04 22: OCTET STRING 1238 : 04 14 70 44 3E 82 2E 6F 87 DE 4A D3 75 E3 3D 20 1239 : BC 43 2B 93 F1 1F 1240 : } 1241 : } 1242 : } 1243 : } 1244 610 30 9: SEQUENCE { 1245 612 06 7: OBJECT IDENTIFIER dsaWithSha1 (1 2 840 10040 4 3) 1246 : (ANSI X9.57 algorithm) 1247 : } 1248 621 03 48: BIT STRING 0 unused bits, encapsulates { 1249 624 30 45: SEQUENCE { 1250 626 02 20: INTEGER 1251 : 6B A9 F0 4E 7A 5A 79 E3 F9 BE 3D 2B C9 06 37 E9 1252 : 11 17 A1 13 1253 648 02 21: INTEGER 1254 : 00 8F 34 69 2A 8B B1 3C 03 79 94 32 4D 12 1F CE 1255 : 89 FB 46 B2 3B 1256 : } 1257 : } 1258 : } 1260 DianeDHEncryptByCarl = 1261 0 30 869: SEQUENCE { 1262 4 30 805: SEQUENCE { 1263 8 A0 3: [0] { 1264 10 02 1: INTEGER 2 1265 : } 1266 13 02 2: INTEGER 211 1267 17 30 9: SEQUENCE { 1268 19 06 7: OBJECT IDENTIFIER dsaWithSha1 (1 2 840 10040 4 3) 1269 : (ANSI X9.57 algorithm) 1270 : } 1271 28 30 18: SEQUENCE { 1272 30 31 16: SET { 1273 32 30 14: SEQUENCE { 1274 34 06 3: OBJECT IDENTIFIER commonName (2 5 4 3) 1275 : (X.520 id-at (2 5 4)) 1276 39 13 7: PrintableString 'CarlDSS' 1277 : } 1278 : } 1279 : } 1280 48 30 30: SEQUENCE { 1281 50 17 13: UTCTime '990817021657Z' 1282 65 17 13: UTCTime '391231235959Z' 1283 : } 1284 80 30 18: SEQUENCE { 1285 82 31 16: SET { 1286 84 30 14: SEQUENCE { 1287 86 06 3: OBJECT IDENTIFIER commonName (2 5 4 3) 1288 : (X.520 id-at (2 5 4)) 1289 91 13 7: PrintableString 'DianeDH' 1290 : } 1291 : } 1292 : } 1293 100 30 577: SEQUENCE { 1294 104 30 438: SEQUENCE { 1295 108 06 7: OBJECT IDENTIFIER dhPublicNumber (1 2 840 10046 2 1) 1296 : (ANSI X9.42 number-type) 1297 117 30 425: SEQUENCE { 1298 121 02 129: INTEGER 1299 : 00 CA 6E 91 C2 B0 BD A8 58 F2 31 21 74 BB 1F E4 1300 : 10 BD D0 93 A2 7E 61 E1 3D BA 23 04 16 D0 66 39 1301 : BD 3B CD 05 74 48 F1 03 70 95 F4 05 63 6D 2E BF 1302 : 9A B7 FF 97 FF 39 BB 63 DB 4D A4 71 D8 94 9A B4 1303 : F2 8A 3D 9F B7 5D 8D CA E2 AF B5 0F CF 05 65 82 1304 : 68 6E 43 D2 F4 04 5F 03 8B F9 50 F5 C8 6C 05 26 1305 : BC BF 36 0F 5C C3 51 6A 67 E8 75 32 66 78 91 63 1306 : E8 FE 34 E7 19 B6 70 6C 78 38 36 82 D2 34 36 C2 1307 : DF 1308 253 02 128: INTEGER 1309 : 6E D6 76 36 4B E4 59 07 57 5F 18 9A 10 D2 31 5C 1310 : A6 10 B0 26 96 42 4D 7C A3 A1 D3 9E A5 80 B2 1F 1311 : 37 11 49 7C 8A 99 D8 56 3F 93 51 ED 6E 54 FB 6E 1312 : DB B2 FC 34 C0 E7 CA 1E 58 2B D5 3D 3B DC AE 71 1313 : 21 D9 3B 56 B8 A7 F6 4D 22 52 5F 41 BA D5 1E 82 1314 : 69 6C DD 70 71 CC 6C 3B EF 84 A9 71 8B A9 3B 2A 1315 : 09 F8 BD FD CB 51 BC 2E 2E CA 3E 30 8C FA 54 9E 1316 : 7D 0D 03 E2 DF 63 62 6D F3 50 82 27 DC D1 99 F7 1317 384 02 33: INTEGER 1318 : 00 AA 05 65 FB DD 4E A8 02 F1 34 39 E7 A3 FC 7D 1319 : 46 10 B8 5D F0 2E F2 C5 D1 5E A2 74 4C DA 0F 4E 1320 : 1F 1321 419 02 97: INTEGER 1322 : 01 30 CD 03 82 CD 3F 32 3A 5F 16 5E F2 13 5F 52 1323 : 1B DF FF AA 3B 06 3C 7F 81 26 1C B7 0C A0 14 09 1324 : 1B 5D 26 FD 71 33 8C F2 AC 41 7E 0D AC 35 95 90 1325 : 7E A5 AD AB 55 50 80 F0 D2 B9 2A 11 4D 76 45 76 1326 : 3F 0C 38 AE 72 59 C6 EC BD EF E7 6E 60 23 93 B9 1327 : 27 02 44 7E 4A D3 DA 39 3A 9A 63 43 3C 1B 23 C5 1328 : 62 1329 518 30 26: SEQUENCE { 1330 520 03 21: BIT STRING 0 unused bits 1331 : D0 FD D6 E0 46 97 D1 A7 7F BB FF 9A 43 F0 62 64 1332 : B3 7C 97 AB 1333 543 02 1: INTEGER 122 1334 : } 1335 : } 1336 : } 1337 546 03 132: BIT STRING 0 unused bits, encapsulates { 1338 550 02 128: INTEGER 1339 : 60 5E 6E EF 61 55 77 3F 9D 6A 11 10 F4 D3 C9 B8 1340 : 72 A0 1F 89 DF E4 BC 21 FD E4 9F 50 D6 8F 8E F9 1341 : 67 97 14 E0 34 19 8F 3D 58 52 1E DC 5D 05 4E 4F 1342 : C6 88 85 78 AC 01 6C 35 CE 86 6D 90 4B 58 48 2E 1343 : 0F B2 E3 2A 4E 47 C3 B1 4D 2A 7A C9 B7 E5 C6 68 1344 : 8A 73 AE 53 21 B3 CF 09 C4 62 A3 E8 B0 BB DC DE 1345 : 0D 2E 66 48 37 A8 DB A2 4B FB DB FA A6 92 4B 41 1346 : 0A C6 54 0B 8B 1A 9D 2F FF 60 0B 0B 08 D9 42 3F 1347 : } 1348 : } 1349 681 A3 129: [3] { 1350 684 30 127: SEQUENCE { 1351 686 30 31: SEQUENCE { 1352 688 06 3: OBJECT IDENTIFIER subjectAltName (2 5 29 17) 1353 : (X.509 id-ce (2 5 29)) 1354 693 04 24: OCTET STRING, encapsulates { 1355 695 30 22: SEQUENCE { 1356 697 81 20: [1] 'dianeDh@examples.com' 1357 : } 1358 : } 1359 : } 1360 719 30 12: SEQUENCE { 1361 721 06 3: OBJECT IDENTIFIER basicConstraints (2 5 29 19) 1362 : (X.509 id-ce (2 5 29)) 1363 726 01 1: BOOLEAN TRUE 1364 729 04 2: OCTET STRING, encapsulates { 1365 731 30 0: SEQUENCE {} 1366 : } 1367 : } 1368 733 30 14: SEQUENCE { 1369 735 06 3: OBJECT IDENTIFIER keyUsage (2 5 29 15) 1370 : (X.509 id-ce (2 5 29)) 1371 740 01 1: BOOLEAN TRUE 1372 743 04 4: OCTET STRING, encapsulates { 1373 745 03 2: BIT STRING 3 unused bits 1374 : '10000'B 1375 : } 1376 : } 1377 749 30 31: SEQUENCE { 1378 751 06 3: OBJECT IDENTIFIER authorityKeyIdentifier (2 5 29 35) 1379 : (X.509 id-ce (2 5 29)) 1380 756 04 24: OCTET STRING, encapsulates { 1381 758 30 22: SEQUENCE { 1382 760 80 20: [0] 1383 : 70 44 3E 82 2E 6F 87 DE 4A D3 75 E3 3D 20 BC 43 1384 : 2B 93 F1 1F 1385 : } 1386 : } 1387 : } 1388 782 30 29: SEQUENCE { 1389 784 06 3: OBJECT IDENTIFIER subjectKeyIdentifier (2 5 29 14) 1390 : (X.509 id-ce (2 5 29)) 1391 789 04 22: OCTET STRING 1392 : 04 14 47 F3 4F CD 75 7D A8 52 21 A8 61 36 57 B5 1393 : F8 9A EE DB 30 46 1394 : } 1395 : } 1396 : } 1397 : } 1398 813 30 9: SEQUENCE { 1399 815 06 7: OBJECT IDENTIFIER dsaWithSha1 (1 2 840 10040 4 3) 1400 : (ANSI X9.57 algorithm) 1401 : } 1402 824 03 47: BIT STRING 0 unused bits, encapsulates { 1403 827 30 44: SEQUENCE { 1404 829 02 20: INTEGER 1405 : 7D 64 1E 1F 4B F3 EC 6F 34 2C B2 E4 64 70 8F 3E 1406 : 6A C0 72 A2 1407 851 02 20: INTEGER 1408 : 4B EA C1 0C F1 CD F7 7A 9D 76 CA 27 6E D0 BE F2 1409 : D8 9B 6A 6D 1410 : } 1411 : } 1412 : } 1414 DianeDSSSignByCarlInherit = 1415 0 30 442: SEQUENCE { 1416 4 30 377: SEQUENCE { 1417 8 A0 3: [0] { 1418 10 02 1: INTEGER 2 1419 : } 1420 13 02 2: INTEGER 210 1421 17 30 9: SEQUENCE { 1422 19 06 7: OBJECT IDENTIFIER dsaWithSha1 (1 2 840 10040 4 3) 1423 : (ANSI X9.57 algorithm) 1424 : } 1425 28 30 18: SEQUENCE { 1426 30 31 16: SET { 1427 32 30 14: SEQUENCE { 1428 34 06 3: OBJECT IDENTIFIER commonName (2 5 4 3) 1429 : (X.520 id-at (2 5 4)) 1430 39 13 7: PrintableString 'CarlDSS' 1431 : } 1432 : } 1433 : } 1434 48 30 30: SEQUENCE { 1435 50 17 13: UTCTime '990817020810Z' 1436 65 17 13: UTCTime '391231235959Z' 1437 : } 1438 80 30 19: SEQUENCE { 1439 82 31 17: SET { 1440 84 30 15: SEQUENCE { 1441 86 06 3: OBJECT IDENTIFIER commonName (2 5 4 3) 1442 : (X.520 id-at (2 5 4)) 1443 91 13 8: PrintableString 'DianeDSS' 1444 : } 1445 : } 1446 : } 1447 101 30 147: SEQUENCE { 1448 104 30 9: SEQUENCE { 1449 106 06 7: OBJECT IDENTIFIER dsa (1 2 840 10040 4 1) 1450 : (ANSI X9.57 algorithm) 1451 : } 1452 115 03 133: BIT STRING 0 unused bits, encapsulates { 1453 119 02 129: INTEGER 1454 : 00 A0 00 17 78 2C EE 7E 81 53 2E 2E 61 08 0F A1 1455 : 9B 51 52 1A DA 59 A8 73 2F 12 25 B6 08 CB CA EF 1456 : 2A 44 76 8A 52 09 EA BD 05 22 D5 0F F6 FD 46 D7 1457 : AF 99 38 09 0E 13 CB 4F 2C DD 1C 34 F7 1C BF 25 1458 : FF 23 D3 3B 59 E7 82 97 37 BE 31 24 D8 18 C8 F3 1459 : 49 39 5B B7 E2 E5 27 7E FC 8C 45 72 5B 7E 3E 8F 1460 : 68 4D DD 46 7A 22 BE 8E FF CC DA 39 29 A3 39 E5 1461 : 9F 43 E9 55 C9 D7 5B A6 81 67 CC C0 AA CD 2E C5 1462 : 23 1463 : } 1464 : } 1465 251 A3 131: [3] { 1466 254 30 128: SEQUENCE { 1467 257 30 32: SEQUENCE { 1468 259 06 3: OBJECT IDENTIFIER subjectAltName (2 5 29 17) 1469 : (X.509 id-ce (2 5 29)) 1470 264 04 25: OCTET STRING, encapsulates { 1471 266 30 23: SEQUENCE { 1472 268 81 21: [1] 'dianeDss@examples.com' 1473 : } 1474 : } 1475 : } 1476 291 30 12: SEQUENCE { 1477 293 06 3: OBJECT IDENTIFIER basicConstraints (2 5 29 19) 1478 : (X.509 id-ce (2 5 29)) 1479 298 01 1: BOOLEAN TRUE 1480 301 04 2: OCTET STRING, encapsulates { 1481 303 30 0: SEQUENCE {} 1482 : } 1483 : } 1484 305 30 14: SEQUENCE { 1485 307 06 3: OBJECT IDENTIFIER keyUsage (2 5 29 15) 1486 : (X.509 id-ce (2 5 29)) 1487 312 01 1: BOOLEAN TRUE 1488 315 04 4: OCTET STRING, encapsulates { 1489 317 03 2: BIT STRING 6 unused bits 1490 : '11'B 1491 : } 1492 : } 1493 321 30 31: SEQUENCE { 1494 323 06 3: OBJECT IDENTIFIER authorityKeyIdentifier (2 5 29 35) 1495 : (X.509 id-ce (2 5 29)) 1496 328 04 24: OCTET STRING, encapsulates { 1497 330 30 22: SEQUENCE { 1498 332 80 20: [0] 1499 : 70 44 3E 82 2E 6F 87 DE 4A D3 75 E3 3D 20 BC 43 1500 : 2B 93 F1 1F 1501 : } 1502 : } 1503 : } 1504 354 30 29: SEQUENCE { 1505 356 06 3: OBJECT IDENTIFIER subjectKeyIdentifier (2 5 29 14) 1506 : (X.509 id-ce (2 5 29)) 1507 361 04 22: OCTET STRING 1508 : 04 14 64 30 99 7D 5C DC 45 0B 99 3A 52 2F 16 BF 1509 : 58 50 DD CE 2B 18 1510 : } 1511 : } 1512 : } 1513 : } 1514 385 30 9: SEQUENCE { 1515 387 06 7: OBJECT IDENTIFIER dsaWithSha1 (1 2 840 10040 4 3) 1516 : (ANSI X9.57 algorithm) 1517 : } 1518 396 03 48: BIT STRING 0 unused bits, encapsulates { 1519 399 30 45: SEQUENCE { 1520 401 02 20: INTEGER 1521 : 7E 0C 0C 81 17 B4 9A 54 B2 C3 30 EB 8A C4 3C C2 1522 : 52 36 9E 95 1523 423 02 21: INTEGER 1524 : 00 C6 9F 17 C2 71 4B AC 2E 39 8D 3D 10 1F 9A B3 1525 : 4D B6 F9 11 A3 1526 : } 1527 : } 1528 : } 1530 DianeRSASignEncryptByCarl = 1531 0 30 514: SEQUENCE { 1532 4 30 367: SEQUENCE { 1533 8 A0 3: [0] { 1534 10 02 1: INTEGER 2 1535 : } 1536 13 02 16: INTEGER 1537 : 46 34 6B C7 80 00 56 BC 11 D3 6E 2E D5 9A 30 90 1538 31 30 9: SEQUENCE { 1539 33 06 5: OBJECT IDENTIFIER sha-1WithRSAEncryption (1 3 14 3 2 29) 1540 : (Oddball OIW OID) 1541 40 05 0: NULL 1542 : } 1543 42 30 18: SEQUENCE { 1544 44 31 16: SET { 1545 46 30 14: SEQUENCE { 1546 48 06 3: OBJECT IDENTIFIER commonName (2 5 4 3) 1547 : (X.520 id-at (2 5 4)) 1548 53 13 7: PrintableString 'CarlRSA' 1549 : } 1550 : } 1551 : } 1552 62 30 30: SEQUENCE { 1553 64 17 13: UTCTime '990919010916Z' 1554 79 17 13: UTCTime '391231235959Z' 1555 : } 1556 94 30 19: SEQUENCE { 1557 96 31 17: SET { 1558 98 30 15: SEQUENCE { 1559 100 06 3: OBJECT IDENTIFIER commonName (2 5 4 3) 1560 : (X.520 id-at (2 5 4)) 1561 105 13 8: PrintableString 'DianeRSA' 1562 : } 1563 : } 1564 : } 1565 115 30 159: SEQUENCE { 1566 118 30 13: SEQUENCE { 1567 120 06 9: OBJECT IDENTIFIER rsaEncryption (1 2 840 113549 1 1 1) 1568 : (PKCS #1) 1569 131 05 0: NULL 1570 : } 1571 133 03 141: BIT STRING 0 unused bits, encapsulates { 1572 137 30 137: SEQUENCE { 1573 140 02 129: INTEGER 1574 : 00 D6 FD B8 C0 70 C6 4C 25 EC EA CF EA 7C BB A2 1575 : 62 FA F0 E6 32 3A 53 FF B1 92 5A 17 F4 20 E1 99 1576 : 24 82 0A D0 F6 7C FB 44 CA 8B 27 06 F1 7E 26 03 1577 : A9 76 9D CF EC A0 2C 70 96 F2 83 42 F6 D4 B7 28 1578 : 0A BB F8 BF 4A 4C 19 3F 07 DB A0 C1 60 1E B7 7E 1579 : 67 F7 DE B1 C3 60 49 AC 45 D7 F8 C6 EF 08 37 21 1580 : 93 47 EE F0 73 35 72 B0 02 C4 F3 11 C3 5E 47 E5 1581 : 0A B7 83 F1 DB 74 69 64 8B 44 1D 95 5D CD 28 C0 1582 : 85 1583 272 02 3: INTEGER 65537 1584 : } 1585 : } 1586 : } 1587 277 A3 96: [3] { 1588 279 30 94: SEQUENCE { 1589 281 30 12: SEQUENCE { 1590 283 06 3: OBJECT IDENTIFIER basicConstraints (2 5 29 19) 1591 : (X.509 id-ce (2 5 29)) 1592 288 01 1: BOOLEAN TRUE 1593 291 04 2: OCTET STRING, encapsulates { 1594 293 30 0: SEQUENCE {} 1595 : } 1596 : } 1597 295 30 14: SEQUENCE { 1598 297 06 3: OBJECT IDENTIFIER keyUsage (2 5 29 15) 1599 : (X.509 id-ce (2 5 29)) 1600 302 01 1: BOOLEAN TRUE 1601 305 04 4: OCTET STRING, encapsulates { 1602 307 03 2: BIT STRING 5 unused bits 1603 : '111'B 1604 : } 1605 : } 1606 311 30 31: SEQUENCE { 1607 313 06 3: OBJECT IDENTIFIER authorityKeyIdentifier (2 5 29 35) 1608 : (X.509 id-ce (2 5 29)) 1609 318 04 24: OCTET STRING, encapsulates { 1610 320 30 22: SEQUENCE { 1611 322 80 20: [0] 1612 : E9 E0 90 27 AC 78 20 7A 9A D3 4C F2 42 37 4E 22 1613 : AE 9E 38 BB 1614 : } 1615 : } 1616 : } 1617 344 30 29: SEQUENCE { 1618 346 06 3: OBJECT IDENTIFIER subjectKeyIdentifier (2 5 29 14) 1619 : (X.509 id-ce (2 5 29)) 1620 351 04 22: OCTET STRING 1621 : 04 14 8C F3 CB 75 0E 8D 31 F6 D4 29 DA 44 92 75 1622 : B8 FE ED 4F 39 0C 1623 : } 1624 : } 1625 : } 1626 : } 1627 375 30 9: SEQUENCE { 1628 377 06 5: OBJECT IDENTIFIER sha-1WithRSAEncryption (1 3 14 3 2 29) 1629 : (Oddball OIW OID) 1630 384 05 0: NULL 1631 : } 1632 386 03 129: BIT STRING 0 unused bits 1633 : CA 88 C7 37 A9 AE 26 CB 2B 79 82 22 4F 4A 0D 1C 1634 : A7 20 B2 E0 68 F5 42 DE 59 6B B3 FD 25 C0 39 B8 1635 : EB C0 8B 69 A2 16 55 CE 06 7E 26 5F C6 5E 51 02 1636 : 3F 95 D5 A7 F7 F2 7D 23 6F 2B AC 7C CB 6F 90 0F 1637 : 44 5D 44 22 53 D5 42 38 18 C4 52 D7 B8 AB 82 6F 1638 : AC B6 BC A9 E7 13 44 36 76 16 23 00 12 6B 6F 7D 1639 : C6 C9 BE 79 2C B9 2D 69 D3 1D B1 1D BA 5A 20 85 1640 : CA 5B 88 46 36 B5 E5 0E 15 85 B7 E2 5E 7B CA 1A 1641 : } 1643 EricaDHEncryptByCarl = 1644 0 30 745: SEQUENCE { 1645 4 30 680: SEQUENCE { 1646 8 A0 3: [0] { 1647 10 02 1: INTEGER 2 1648 : } 1649 13 02 2: INTEGER 212 1650 17 30 9: SEQUENCE { 1651 19 06 7: OBJECT IDENTIFIER dsaWithSha1 (1 2 840 10040 4 3) 1652 : (ANSI X9.57 algorithm) 1653 : } 1654 28 30 18: SEQUENCE { 1655 30 31 16: SET { 1656 32 30 14: SEQUENCE { 1657 34 06 3: OBJECT IDENTIFIER commonName (2 5 4 3) 1658 : (X.520 id-at (2 5 4)) 1659 39 13 7: PrintableString 'CarlDSS' 1660 : } 1661 : } 1662 : } 1663 48 30 30: SEQUENCE { 1664 50 17 13: UTCTime '990817021716Z' 1665 65 17 13: UTCTime '391231235959Z' 1666 : } 1667 80 30 18: SEQUENCE { 1668 82 31 16: SET { 1669 84 30 14: SEQUENCE { 1670 86 06 3: OBJECT IDENTIFIER commonName (2 5 4 3) 1671 : (X.520 id-at (2 5 4)) 1672 91 13 7: PrintableString 'EricaDH' 1673 : } 1674 : } 1675 : } 1676 100 30 452: SEQUENCE { 1677 104 30 312: SEQUENCE { 1678 108 06 7: OBJECT IDENTIFIER dhPublicNumber (1 2 840 10046 2 1) 1679 : (ANSI X9.42 number-type) 1680 117 30 299: SEQUENCE { 1681 121 02 129: INTEGER 1682 : 00 EC 2C CD A4 EF 9A 26 2F 62 A7 BB 23 4D DF 2B 1683 : 25 C1 68 D2 9E A9 45 5B 36 F1 94 89 1A AF 7D 11 1684 : 24 9D 3D B9 3C 29 E8 D7 23 80 33 A6 9E 45 02 BB 1685 : AA CC 9E 28 05 95 A0 B3 17 76 C1 F7 25 35 61 02 1686 : 41 92 27 0C 5E AE 48 E5 F3 6E 38 EF 91 D1 CF 37 1687 : FE 9A 40 97 C8 2D 35 9E 9D 93 C6 F8 15 AF 3F DA 1688 : 74 3A B7 C4 93 B5 B9 BB 76 6C 1F A8 7E BC 3A AA 1689 : 43 0A 81 64 FC 63 F0 7B 71 98 FA C0 38 79 10 1A 1690 : 33 1691 253 02 129: INTEGER 1692 : 00 BA 0B D7 74 3D E7 34 E5 4C 13 A7 95 96 BB F1 1693 : E4 61 37 08 FB 12 C7 FB 9C 91 77 06 99 35 F0 48 1694 : 24 96 33 12 01 7E 8D EC 0B F6 B2 C0 63 A7 15 C5 1695 : 5E 95 86 A2 73 C5 49 46 37 79 60 FD 77 05 09 48 1696 : 9B 70 8D 3C 05 F6 CE 44 2C 7F 7D 1B 2B 15 DD F3 1697 : 05 2F BE 85 20 8F 8D F9 B4 A0 45 74 2B F4 3B 9D 1698 : 42 62 34 27 27 81 8E 6F 0F 5E 62 85 89 CC ED 21 1699 : C3 91 70 06 54 EE 70 A8 92 55 5B 6E 19 22 4D 62 1700 : A7 1701 385 02 33: INTEGER 1702 : 00 C3 AB 4A 30 79 B3 D3 97 4E CA F5 A2 7D C7 70 1703 : A3 45 F3 B3 A2 86 05 D2 3E 49 F9 9F D9 0A B3 BE 1704 : BD 1705 : } 1706 : } 1707 420 03 133: BIT STRING 0 unused bits, encapsulates { 1708 424 02 129: INTEGER 1709 : 00 D1 2B E4 1D 3E BA 18 CF 75 20 C6 C7 5E C3 C4 1710 : 6C EA F3 23 D9 09 1F 46 98 F4 CE 59 B9 B6 CE E8 1711 : 3A C6 18 F8 59 77 1B 99 B0 DA DC C0 9D 09 E4 AF 1712 : F9 61 91 2C 47 CC 47 5E DF 2B 33 76 F3 67 EC 77 1713 : E8 2C 37 30 A1 89 5D F3 C8 F6 5C 16 4A E4 B7 8C 1714 : F5 7B D5 38 FD 14 AC E8 7A C2 7D EE 07 90 27 0A 1715 : 7C 87 A8 A2 E2 70 35 EA 6E DE 9E 50 31 6B E9 09 1716 : DA 25 1A 01 8E E3 FF 26 1C 75 F5 C3 CE 5A F5 9E 1717 : 85 1718 : } 1719 : } 1720 556 A3 129: [3] { 1721 559 30 127: SEQUENCE { 1722 561 30 31: SEQUENCE { 1723 563 06 3: OBJECT IDENTIFIER subjectAltName (2 5 29 17) 1724 : (X.509 id-ce (2 5 29)) 1725 568 04 24: OCTET STRING, encapsulates { 1726 570 30 22: SEQUENCE { 1727 572 81 20: [1] 'ericaDh@examples.com' 1728 : } 1729 : } 1730 : } 1731 594 30 12: SEQUENCE { 1732 596 06 3: OBJECT IDENTIFIER basicConstraints (2 5 29 19) 1733 : (X.509 id-ce (2 5 29)) 1734 601 01 1: BOOLEAN TRUE 1735 604 04 2: OCTET STRING, encapsulates { 1736 606 30 0: SEQUENCE {} 1737 : } 1738 : } 1739 608 30 14: SEQUENCE { 1740 610 06 3: OBJECT IDENTIFIER keyUsage (2 5 29 15) 1741 : (X.509 id-ce (2 5 29)) 1742 615 01 1: BOOLEAN TRUE 1743 618 04 4: OCTET STRING, encapsulates { 1744 620 03 2: BIT STRING 3 unused bits 1745 : '10000'B 1746 : } 1747 : } 1748 624 30 31: SEQUENCE { 1749 626 06 3: OBJECT IDENTIFIER authorityKeyIdentifier (2 5 29 35) 1750 : (X.509 id-ce (2 5 29)) 1751 631 04 24: OCTET STRING, encapsulates { 1752 633 30 22: SEQUENCE { 1753 635 80 20: [0] 1754 : 70 44 3E 82 2E 6F 87 DE 4A D3 75 E3 3D 20 BC 43 1755 : 2B 93 F1 1F 1756 : } 1757 : } 1758 : } 1759 657 30 29: SEQUENCE { 1760 659 06 3: OBJECT IDENTIFIER subjectKeyIdentifier (2 5 29 14) 1761 : (X.509 id-ce (2 5 29)) 1762 664 04 22: OCTET STRING 1763 : 04 14 8D 53 1D 61 55 7F 60 35 6D A6 36 A2 C5 93 1764 : F8 9A FD C0 75 74 1765 : } 1766 : } 1767 : } 1768 : } 1769 688 30 9: SEQUENCE { 1770 690 06 7: OBJECT IDENTIFIER dsaWithSha1 (1 2 840 10040 4 3) 1771 : (ANSI X9.57 algorithm) 1772 : } 1773 699 03 48: BIT STRING 0 unused bits, encapsulates { 1774 702 30 45: SEQUENCE { 1775 704 02 20: INTEGER 1776 : 3E 51 42 08 E3 52 2E AA BB 8F BD 18 38 71 CB 98 1777 : 83 BE 47 9E 1778 726 02 21: INTEGER 1779 : 00 B4 B3 15 85 99 11 06 40 1F 40 59 8D D4 1B 2D 1780 : CD 81 F1 E8 68 1781 : } 1782 : } 1783 : } 1785 3.4 CRLs 1787 CarlCRL is a CRL from Carl that contains three revocations. 1789 CarlDSSCRLForAll = 1790 0 30 216: SEQUENCE { 1791 3 30 153: SEQUENCE { 1792 6 30 9: SEQUENCE { 1793 8 06 7: OBJECT IDENTIFIER dsaWithSha1 (1 2 840 10040 4 3) 1794 : (ANSI X9.57 algorithm) 1795 : } 1796 17 30 18: SEQUENCE { 1797 19 31 16: SET { 1798 21 30 14: SEQUENCE { 1799 23 06 3: OBJECT IDENTIFIER commonName (2 5 4 3) 1800 : (X.520 id-at (2 5 4)) 1801 28 13 7: PrintableString 'CarlDSS' 1802 : } 1803 : } 1804 : } 1805 37 17 13: UTCTime '990827070000Z' 1806 52 30 105: SEQUENCE { 1807 54 30 19: SEQUENCE { 1808 56 02 2: INTEGER 200 1809 60 17 13: UTCTime '990822070000Z' 1810 : } 1811 75 30 19: SEQUENCE { 1812 77 02 2: INTEGER 201 1813 81 17 13: UTCTime '990822070000Z' 1814 : } 1815 96 30 19: SEQUENCE { 1816 98 02 2: INTEGER 211 1817 102 17 13: UTCTime '990822070000Z' 1818 : } 1819 117 30 19: SEQUENCE { 1820 119 02 2: INTEGER 210 1821 123 17 13: UTCTime '990822070000Z' 1822 : } 1823 138 30 19: SEQUENCE { 1824 140 02 2: INTEGER 212 1825 144 17 13: UTCTime '990824070000Z' 1826 : } 1827 : } 1828 : } 1829 159 30 9: SEQUENCE { 1830 161 06 7: OBJECT IDENTIFIER dsaWithSha1 (1 2 840 10040 4 3) 1831 : (ANSI X9.57 algorithm) 1832 : } 1833 170 03 47: BIT STRING 0 unused bits, encapsulates { 1834 173 30 44: SEQUENCE { 1835 175 02 20: INTEGER 1836 : 7E 65 52 76 33 FE 34 73 17 D1 F7 96 F9 A0 D4 D8 1837 : 6D 5C 7D 3D 1838 197 02 20: INTEGER 1839 : 02 7A 5B B7 D5 5B 18 C1 CF 87 EF 7E DA 24 F3 2A 1840 : 83 9C 35 A1 1841 : } 1842 : } 1843 : } 1845 CarlDSSCRLForCarl = 1846 0 30 131: SEQUENCE { 1847 3 30 68: SEQUENCE { 1848 5 30 9: SEQUENCE { 1849 7 06 7: OBJECT IDENTIFIER dsaWithSha1 (1 2 840 10040 4 3) 1850 : (ANSI X9.57 algorithm) 1851 : } 1852 16 30 18: SEQUENCE { 1853 18 31 16: SET { 1854 20 30 14: SEQUENCE { 1855 22 06 3: OBJECT IDENTIFIER commonName (2 5 4 3) 1856 : (X.520 id-at (2 5 4)) 1857 27 13 7: PrintableString 'CarlDSS' 1858 : } 1859 : } 1860 : } 1861 36 17 13: UTCTime '990825070000Z' 1862 51 30 20: SEQUENCE { 1863 53 30 18: SEQUENCE { 1864 55 02 1: INTEGER 1 1865 58 17 13: UTCTime '990822070000Z' 1866 : } 1867 : } 1868 : } 1869 73 30 9: SEQUENCE { 1870 75 06 7: OBJECT IDENTIFIER dsaWithSha1 (1 2 840 10040 4 3) 1871 : (ANSI X9.57 algorithm) 1872 : } 1873 84 03 48: BIT STRING 0 unused bits, encapsulates { 1874 87 30 45: SEQUENCE { 1875 89 02 21: INTEGER 1876 : 00 B3 1F C5 4F 7A 3D EC 76 D5 60 F9 DE 79 22 EC 1877 : 4F B0 90 FE 97 1878 112 02 20: INTEGER 1879 : 5A 8B C3 84 BC 66 87 1B BF 79 82 5B 0A 5D 07 F6 1880 : BA A9 05 29 1881 : } 1882 : } 1883 : } 1885 CarlDSSCRLEmpty = 1886 0 30 109: SEQUENCE { 1887 2 30 46: SEQUENCE { 1888 4 30 9: SEQUENCE { 1889 6 06 7: OBJECT IDENTIFIER dsaWithSha1 (1 2 840 10040 4 3) 1890 : (ANSI X9.57 algorithm) 1891 : } 1892 15 30 18: SEQUENCE { 1893 17 31 16: SET { 1894 19 30 14: SEQUENCE { 1895 21 06 3: OBJECT IDENTIFIER commonName (2 5 4 3) 1896 : (X.520 id-at (2 5 4)) 1897 26 13 7: PrintableString 'CarlDSS' 1898 : } 1899 : } 1900 : } 1901 35 17 13: UTCTime '990820070000Z' 1902 : } 1903 50 30 9: SEQUENCE { 1904 52 06 7: OBJECT IDENTIFIER dsaWithSha1 (1 2 840 10040 4 3) 1905 : (ANSI X9.57 algorithm) 1906 : } 1907 61 03 48: BIT STRING 0 unused bits, encapsulates { 1908 64 30 45: SEQUENCE { 1909 66 02 20: INTEGER 1910 : 62 3F 36 17 31 58 2E 67 50 79 F5 09 4B 8C AD D4 1911 : 6B F4 64 9F 1912 88 02 21: INTEGER 1913 : 00 B5 3B 4E A1 4C 7B FD 0F C3 8D 9B B6 FE C3 5D 1914 : 6F DE 65 28 7D 1915 : } 1916 : } 1917 : } 1919 CarlRSACRLForAll = 1920 0 30 307: SEQUENCE { 1921 4 30 157: SEQUENCE { 1922 7 30 13: SEQUENCE { 1923 9 06 9: OBJECT IDENTIFIER 1924 : md5withRSAEncryption (1 2 840 113549 1 1 4) 1925 : (PKCS #1) 1926 20 05 0: NULL 1927 : } 1928 22 30 18: SEQUENCE { 1929 24 31 16: SET { 1930 26 30 14: SEQUENCE { 1931 28 06 3: OBJECT IDENTIFIER commonName (2 5 4 3) 1932 : (X.520 id-at (2 5 4)) 1933 33 13 7: PrintableString 'CarlRSA' 1934 : } 1935 : } 1936 : } 1937 42 17 13: UTCTime '990827070000Z' 1938 57 30 105: SEQUENCE { 1939 59 30 33: SEQUENCE { 1940 61 02 16: INTEGER 1941 : 46 34 6B C7 80 00 56 BC 11 D3 6E 2E C4 10 B3 B0 1942 79 17 13: UTCTime '990822070000Z' 1943 : } 1944 94 30 33: SEQUENCE { 1945 96 02 16: INTEGER 1946 : 46 34 6B C7 80 00 56 BC 11 D3 6E 2E D5 9A 30 90 1947 114 17 13: UTCTime '990822070000Z' 1948 : } 1949 129 30 33: SEQUENCE { 1950 131 02 16: INTEGER 1951 : 46 34 6B C7 80 00 56 BC 11 D3 6E 2E CD 5D 71 D0 1952 149 17 13: UTCTime '990824070000Z' 1953 : } 1954 : } 1955 : } 1956 164 30 13: SEQUENCE { 1957 166 06 9: OBJECT IDENTIFIER md5withRSAEncryption (1 2 840 113549 1 1 4) 1958 : (PKCS #1) 1959 177 05 0: NULL 1960 : } 1961 179 03 129: BIT STRING 0 unused bits 1962 : BF B3 97 AA 53 F0 32 21 16 2B 77 92 7A 6B BB 97 1963 : C8 DC EA F1 FA 66 16 30 0E B5 9E 5C F0 81 D4 5E 1964 : B3 6E C1 88 6B 8C D4 5E C5 4D FB 47 5E 66 F3 5D 1965 : AB E5 B4 18 36 60 A8 4D 9C 3C 89 EC 6F 27 BF 35 1966 : 50 71 81 C2 B9 44 5B 62 89 19 12 31 A9 7B 9A D3 1967 : CC 66 CB 11 D9 0B 10 47 77 AD 4F 22 D9 E5 7F 30 1968 : F2 5B FC 94 51 A5 58 76 3B 1F A8 46 A6 1F F6 A1 1969 : DE 55 A1 ED 31 88 69 97 0F 08 D3 D4 0C 60 5B 1E 1970 : } 1972 CarlRSACRLForCarl = 1973 0 30 236: SEQUENCE { 1974 3 30 87: SEQUENCE { 1975 5 30 13: SEQUENCE { 1976 7 06 9: OBJECT IDENTIFIER 1977 : md5withRSAEncryption (1 2 840 113549 1 1 4) 1978 : (PKCS #1) 1979 18 05 0: NULL 1980 : } 1981 20 30 18: SEQUENCE { 1982 22 31 16: SET { 1983 24 30 14: SEQUENCE { 1984 26 06 3: OBJECT IDENTIFIER commonName (2 5 4 3) 1985 : (X.520 id-at (2 5 4)) 1986 31 13 7: PrintableString 'CarlRSA' 1987 : } 1988 : } 1989 : } 1990 40 17 13: UTCTime '990825070000Z' 1991 55 30 35: SEQUENCE { 1992 57 30 33: SEQUENCE { 1993 59 02 16: INTEGER 1994 : 46 34 6B C7 80 00 56 BC 11 D3 6E 2E 9F F2 50 20 1995 77 17 13: UTCTime '990822070000Z' 1996 : } 1997 : } 1998 : } 1999 92 30 13: SEQUENCE { 2000 94 06 9: OBJECT IDENTIFIER md5withRSAEncryption (1 2 840 113549 1 1 4) 2001 : (PKCS #1) 2002 105 05 0: NULL 2003 : } 2004 107 03 129: BIT STRING 0 unused bits 2005 : 21 EF 21 D4 C1 1A 85 95 49 6B CA 45 62 DC D7 09 2006 : FF A9 51 2E 8E D9 47 18 FA F8 E5 72 DD 4F ED 74 2007 : 74 E3 F3 65 32 65 28 2C 9A 1D 57 E5 D5 26 06 EA 2008 : D5 E6 23 95 84 8D 0E 89 9E EE 9B 0C 2F CE 07 F7 2009 : A3 D1 6B 85 4C 0F FF E6 DD FC DC CD 73 2C 1E 7D 2010 : DC B0 71 C5 4C FC 01 6E 52 57 69 1E 39 63 DF 12 2011 : 22 30 C7 13 55 94 05 6E 2A 00 A9 5B C4 2A 66 94 2012 : 62 CE 36 33 C2 2B 63 47 25 9D F3 DE 70 EE 00 56 2013 : } 2015 CarlRSACRLEmpty = 2016 0 30 199: SEQUENCE { 2017 3 30 50: SEQUENCE { 2018 5 30 13: SEQUENCE { 2019 7 06 9: OBJECT IDENTIFIER 2020 : md5withRSAEncryption (1 2 840 113549 1 1 4) 2021 : (PKCS #1) 2022 18 05 0: NULL 2023 : } 2024 20 30 18: SEQUENCE { 2025 22 31 16: SET { 2026 24 30 14: SEQUENCE { 2027 26 06 3: OBJECT IDENTIFIER commonName (2 5 4 3) 2028 : (X.520 id-at (2 5 4)) 2029 31 13 7: PrintableString 'CarlRSA' 2030 : } 2031 : } 2032 : } 2033 40 17 13: UTCTime '990820070000Z' 2034 : } 2035 55 30 13: SEQUENCE { 2036 57 06 9: OBJECT IDENTIFIER md5withRSAEncryption (1 2 840 113549 1 1 4) 2037 : (PKCS #1) 2038 68 05 0: NULL 2039 : } 2040 70 03 129: BIT STRING 0 unused bits 2041 : A9 C5 21 B8 13 7C 74 F3 B5 11 EC 04 F3 20 45 86 2042 : 1E 0B 6E 7F 83 6D 5F F4 34 76 06 59 25 0E 04 3D 2043 : 88 09 88 81 37 C4 DC 20 98 FA 17 81 0B 37 94 AC 2044 : B4 8F 7B 51 89 14 A4 CB 72 73 14 07 BC 22 9C 40 2045 : A1 07 FC 44 7C 85 0F 0B 88 D1 EE E1 0E AF F6 16 2046 : 74 AD A1 AF C1 00 75 00 64 EA A5 9A F6 0B 08 A2 2047 : DB 95 19 5F A6 A7 B9 39 45 25 0A 0E F6 5E 84 E7 2048 : F8 B9 5A C9 18 C2 0E B8 A0 96 BE 81 3A 80 6D C9 2049 : } 2051 4. Trivial Examples 2053 This section covers examples of small CMS types. 2055 4.1 ContentInfo with Data type, BER 2057 The object is a ContentInfo containing a Data object in BER format that is 2058 ExContent. 2060 0 30 NDEF: SEQUENCE { 2061 2 06 9: OBJECT IDENTIFIER data (1 2 840 113549 1 7 1) 2062 : (PKCS #7) 2063 13 A0 NDEF: [0] { 2064 15 24 NDEF: OCTET STRING { 2065 17 04 4: OCTET STRING 2066 : 54 68 69 73 2067 23 04 24: OCTET STRING 2068 : 20 69 73 20 73 6F 6D 65 20 73 61 6D 70 6C 65 20 2069 : 63 6F 6E 74 65 6E 74 2E 2070 : } 2071 : } 2072 : } 2074 4.2 ContentInfo with Data type, DER 2076 The object is a ContentInfo containing a Data object in DER format that is 2077 ExContent. 2079 0 30 43: SEQUENCE { 2080 2 06 9: OBJECT IDENTIFIER data (1 2 840 113549 1 7 1) 2081 : (PKCS #7) 2082 13 A0 30: [0] { 2083 15 04 28: OCTET STRING 2084 : 54 68 69 73 20 69 73 20 73 6F 6D 65 20 73 61 6D 2085 : 70 6C 65 20 63 6F 6E 74 65 6E 74 2E 2086 : } 2087 : } 2089 5. Signed-data 2091 5.1 Basic signed content, DSS 2093 A SignedData with no attribute certificates, signed by Alice using 2094 DH-DSS, just her certificate (not Carl's root cert), no CRL. The 2095 message is ExContent, and is included in the eContent. There are no 2096 signed or unsigned attributes. 2098 0 30 183: SEQUENCE { 2099 3 06 9: OBJECT IDENTIFIER signedData (1 2 840 113549 1 7 2) 2100 : (PKCS #7) 2101 14 A0 169: [0] { 2102 17 30 166: SEQUENCE { 2103 20 02 1: INTEGER 1 2104 23 31 11: SET { 2105 25 30 9: SEQUENCE { 2106 27 06 5: OBJECT IDENTIFIER sha1 (1 3 14 3 2 26) 2107 : (OIW) 2108 34 05 0: NULL 2109 : } 2110 : } 2111 36 30 43: SEQUENCE { 2112 38 06 9: OBJECT IDENTIFIER data (1 2 840 113549 1 7 1) 2113 : (PKCS #7) 2114 49 A0 30: [0] { 2115 51 04 28: OCTET STRING 2116 : 54 68 69 73 20 69 73 20 73 6F 6D 65 20 73 61 6D 2117 : 70 6C 65 20 63 6F 6E 74 65 6E 74 2E 2118 : } 2119 : } 2120 81 31 103: SET { 2121 83 30 101: SEQUENCE { 2122 85 02 1: INTEGER 1 2123 88 30 24: SEQUENCE { 2124 90 30 18: SEQUENCE { 2125 92 31 16: SET { 2126 94 30 14: SEQUENCE { 2127 96 06 3: OBJECT IDENTIFIER commonName (2 5 4 3) 2128 : (X.520 id-at (2 5 4)) 2129 101 13 7: PrintableString 'CarlDSS' 2130 : } 2131 : } 2132 : } 2133 110 02 2: INTEGER 200 2134 : } 2135 114 30 9: SEQUENCE { 2136 116 06 5: OBJECT IDENTIFIER sha1 (1 3 14 3 2 26) 2137 : (OIW) 2138 123 05 0: NULL 2139 : } 2140 125 30 9: SEQUENCE { 2141 127 06 7: OBJECT IDENTIFIER dsa (1 2 840 10040 4 1) 2142 : (ANSI X9.57 algorithm) 2143 : } 2144 136 04 48: OCTET STRING 2145 : 30 2D 02 14 70 9B 27 7D 99 E7 D2 0C C6 C5 21 0B 2146 : 4B E2 21 B7 BD 8D 48 29 02 15 00 8B 2C 0C 06 CB 2147 : 4A B5 06 4B A8 4C 0E 78 D1 3B 90 E9 D1 9F A4 00 2148 : } 2149 : } 2150 : } 2151 : } 2152 : } 2154 5.2 Basic signed content, RSA 2156 Same as 5.1, except using RSA signatures. A SignedData with no 2157 attribute certificates, signed by Alice using RSA, just her certificate 2158 (not Carl's root cert), no CRL. The message is ExContent, and is 2159 included in the eContent. There are no signed or unsigned attributes. 2161 0 30 286: SEQUENCE { 2162 4 06 9: OBJECT IDENTIFIER signedData (1 2 840 113549 1 7 2) 2163 : (PKCS #7) 2164 15 A0 271: [0] { 2165 19 30 267: SEQUENCE { 2166 23 02 1: INTEGER 1 2167 26 31 11: SET { 2168 28 30 9: SEQUENCE { 2169 30 06 5: OBJECT IDENTIFIER sha1 (1 3 14 3 2 26) 2170 : (OIW) 2171 37 05 0: NULL 2172 : } 2173 : } 2174 39 30 43: SEQUENCE { 2175 41 06 9: OBJECT IDENTIFIER data (1 2 840 113549 1 7 1) 2176 : (PKCS #7) 2177 52 A0 30: [0] { 2178 54 04 28: OCTET STRING 2179 : 54 68 69 73 20 69 73 20 73 6F 6D 65 20 73 61 6D 2180 : 70 6C 65 20 63 6F 6E 74 65 6E 74 2E 2181 : } 2182 : } 2183 84 31 203: SET { 2184 87 30 200: SEQUENCE { 2185 90 02 1: INTEGER 1 2186 93 30 38: SEQUENCE { 2187 95 30 18: SEQUENCE { 2188 97 31 16: SET { 2189 99 30 14: SEQUENCE { 2190 101 06 3: OBJECT IDENTIFIER commonName (2 5 4 3) 2191 : (X.520 id-at (2 5 4)) 2192 106 13 7: PrintableString 'CarlRSA' 2193 : } 2194 : } 2195 : } 2196 115 02 16: INTEGER 2197 : 46 34 6B C7 80 00 56 BC 11 D3 6E 2E C4 10 B3 B0 2198 : } 2199 133 30 9: SEQUENCE { 2200 135 06 5: OBJECT IDENTIFIER sha1 (1 3 14 3 2 26) 2201 : (OIW) 2202 142 05 0: NULL 2203 : } 2204 144 30 13: SEQUENCE { 2205 146 06 9: OBJECT IDENTIFIER 2206 : rsaEncryption (1 2 840 113549 1 1 1) 2207 : (PKCS #1) 2208 157 05 0: NULL 2209 : } 2210 159 04 128: OCTET STRING 2211 : 2F 23 82 D2 F3 09 5F B8 0C 58 EB 4E 9D BF 89 9A 2212 : 81 E5 75 C4 91 3D D3 D0 D5 7B B6 D5 FE 94 A1 8A 2213 : AC E3 C4 84 F5 CD 60 4E 27 95 F6 CF 00 86 76 75 2214 : 3F 2B F0 E7 D4 02 67 A7 F5 C7 8D 16 04 A5 B3 B5 2215 : E7 D9 32 F0 24 EF E7 20 44 D5 9F 07 C5 53 24 FA 2216 : CE 01 1D 0F 17 13 A7 2A 95 9D 2B E4 03 95 14 0B 2217 : E9 39 0D BA CE 6E 9C 9E 0C E8 98 E6 55 13 D4 68 2218 : 6F D0 07 D7 A2 B1 62 4C E3 8F AF FD E0 D5 5D C7 2219 : } 2220 : } 2221 : } 2222 : } 2223 : } 2225 5.3 Basic signed content, detached content 2227 Same as 5.1, except with no eContent. A SignedData with no attribute 2228 certificates, signed by Alice using DH-DSS, just her certificate (not 2229 Carl's root cert), no CRL. The message is ExContent, but the eContent 2230 is not included. There are no signed or unsigned attributes. 2232 0 30 151: SEQUENCE { 2233 3 06 9: OBJECT IDENTIFIER signedData (1 2 840 113549 1 7 2) 2234 : (PKCS #7) 2235 14 A0 137: [0] { 2236 17 30 134: SEQUENCE { 2237 20 02 1: INTEGER 1 2238 23 31 11: SET { 2239 25 30 9: SEQUENCE { 2240 27 06 5: OBJECT IDENTIFIER sha1 (1 3 14 3 2 26) 2241 : (OIW) 2242 34 05 0: NULL 2243 : } 2244 : } 2245 36 30 11: SEQUENCE { 2246 38 06 9: OBJECT IDENTIFIER data (1 2 840 113549 1 7 1) 2247 : (PKCS #7) 2248 : } 2249 49 31 103: SET { 2250 51 30 101: SEQUENCE { 2251 53 02 1: INTEGER 1 2252 56 30 24: SEQUENCE { 2253 58 30 18: SEQUENCE { 2254 60 31 16: SET { 2255 62 30 14: SEQUENCE { 2256 64 06 3: OBJECT IDENTIFIER commonName (2 5 4 3) 2257 : (X.520 id-at (2 5 4)) 2258 69 13 7: PrintableString 'CarlDSS' 2259 : } 2260 : } 2261 : } 2262 78 02 2: INTEGER 200 2263 : } 2264 82 30 9: SEQUENCE { 2265 84 06 5: OBJECT IDENTIFIER sha1 (1 3 14 3 2 26) 2266 : (OIW) 2267 91 05 0: NULL 2268 : } 2269 93 30 9: SEQUENCE { 2270 95 06 7: OBJECT IDENTIFIER dsa (1 2 840 10040 4 1) 2271 : (ANSI X9.57 algorithm) 2272 : } 2273 104 04 48: OCTET STRING 2274 : 30 2D 02 14 5E 5E 6B 69 04 A2 62 5D 8B 45 B2 55 2275 : F9 75 1C 12 4E 88 88 21 02 15 00 A3 C1 48 23 E0 2276 : 08 35 6F 25 22 7A 1E B6 14 BC E4 75 91 DB 25 00 2277 : } 2278 : } 2279 : } 2280 : } 2281 : } 2283 5.4 Fancier signed content 2285 Same as 5.1, but includes Carl's root cert, Carl's CRL, some signed and 2286 unsigned attributes (Countersignature by Diane). A SignedData with no 2287 attribute certificates, signed by Alice using DH-DSS, her certificate 2288 and Carl's root cert, Carl's DSS CRL. The message is ExContent, and is 2289 included in the eContent. The signed attributes are Content Type, 2290 Message Digest and Signing Time; the unsigned attributes are content 2291 hint and counter signature. 2293 0 30 2152: SEQUENCE { 2294 4 06 9: OBJECT IDENTIFIER signedData (1 2 840 113549 1 7 2) 2295 : (PKCS #7) 2296 15 A0 2137: [0] { 2297 19 30 2133: SEQUENCE { 2298 23 02 1: INTEGER 3 2299 26 31 11: SET { 2300 28 30 9: SEQUENCE { 2301 30 06 5: OBJECT IDENTIFIER sha1 (1 3 14 3 2 26) 2302 : (OIW) 2303 37 05 0: NULL 2304 : } 2305 : } 2306 39 30 43: SEQUENCE { 2307 41 06 9: OBJECT IDENTIFIER data (1 2 840 113549 1 7 1) 2308 : (PKCS #7) 2309 52 A0 30: [0] { 2310 54 04 28: OCTET STRING 2311 : 54 68 69 73 20 69 73 20 73 6F 6D 65 20 73 61 6D 2312 : 70 6C 65 20 63 6F 6E 74 65 6E 74 2E 2313 : } 2314 : } 2315 84 A0 1409: [0] { 2316 88 30 667: SEQUENCE { 2317 92 30 602: SEQUENCE { 2318 96 A0 3: [0] { 2319 98 02 1: INTEGER 2 2320 : } 2321 101 02 1: INTEGER 1 2322 104 30 9: SEQUENCE { 2323 106 06 7: OBJECT IDENTIFIER dsaWithSha1 (1 2 840 10040 4 3) 2324 : (ANSI X9.57 algorithm) 2325 : } 2326 115 30 18: SEQUENCE { 2327 117 31 16: SET { 2328 119 30 14: SEQUENCE { 2329 121 06 3: OBJECT IDENTIFIER commonName (2 5 4 3) 2330 : (X.520 id-at (2 5 4)) 2331 126 13 7: PrintableString 'CarlDSS' 2332 : } 2333 : } 2334 : } 2335 135 30 30: SEQUENCE { 2336 137 17 13: UTCTime '990816225050Z' 2337 152 17 13: UTCTime '391231235959Z' 2338 : } 2339 167 30 18: SEQUENCE { 2340 169 31 16: SET { 2341 171 30 14: SEQUENCE { 2342 173 06 3: OBJECT IDENTIFIER commonName (2 5 4 3) 2343 : (X.520 id-at (2 5 4)) 2344 178 13 7: PrintableString 'CarlDSS' 2345 : } 2346 : } 2347 : } 2348 187 30 439: SEQUENCE { 2349 191 30 299: SEQUENCE { 2350 195 06 7: OBJECT IDENTIFIER dsa (1 2 840 10040 4 1) 2351 : (ANSI X9.57 algorithm) 2352 204 30 286: SEQUENCE { 2353 208 02 129: INTEGER 2354 : 00 B6 49 18 3E 8A 44 C1 29 71 94 4C 01 C4 12 C1 2355 : 7A 79 CB 54 4D AB 1E 81 FB C6 4C B3 0E 94 09 06 2356 : EB 01 D4 B1 C8 71 4B C7 45 C0 50 25 5D 9C FC DA 2357 : E4 6D D3 E2 86 48 84 82 7D BA 15 95 4A 16 F6 46 2358 : ED DD F6 98 D2 BB 7E 8A 0A 8A BA 16 7B B9 50 01 2359 : 48 93 8B EB 25 15 51 97 55 DC 8F 53 0E 10 A9 50 2360 : FC 70 B7 CD 30 54 FD DA DE A8 AA 22 B5 A1 AF 8B 2361 : CC 02 88 E7 8B 70 5F B9 AD E1 08 D4 6D 29 2D D6 2362 : E9 2363 340 02 21: INTEGER 2364 : 00 DD C1 2F DF 53 CE 0B 34 60 77 3E 02 A4 BF 8A 2365 : 5D 98 B9 10 D5 2366 363 02 128: INTEGER 2367 : 0C EE 57 9B 4B BD DA B6 07 6A 74 37 4F 55 7F 9D 2368 : ED BC 61 0D EB 46 59 3C 56 0B 2B 5B 0C 91 CE A5 2369 : 62 52 69 CA E1 6D 3E BD BF FE E1 B7 B9 2B 61 3C 2370 : AD CB AE 45 E3 06 AC 8C 22 9D 9C 44 87 0B C7 CD 2371 : F0 1C D9 B5 4E 5D 73 DE AF 0E C9 1D 5A 51 F5 4F 2372 : 44 79 35 5A 73 AA 7F 46 51 1F A9 42 16 9C 48 EB 2373 : 8A 79 61 B4 D5 2F 53 22 44 63 1F 86 B8 A3 58 06 2374 : 25 F8 29 C0 EF BA E0 75 F0 42 C4 63 65 52 9B 0A 2375 : } 2376 : } 2377 494 03 133: BIT STRING 0 unused bits, encapsulates { 2378 498 02 129: INTEGER 2379 : 00 99 87 74 27 03 66 A0 B1 C0 AD DC 2C 75 BB E1 2380 : 6C 44 9C DA 21 6D 4D 47 6D B1 62 09 E9 D8 AE 1E 2381 : F2 3A B4 94 B1 A3 8E 7A 9B 71 4E 00 94 C9 B4 25 2382 : 4E B9 60 96 19 24 01 F3 62 0C FE 75 C0 FB CE D8 2383 : 68 00 E3 FD D5 70 4F DF 23 96 19 06 94 F4 B1 61 2384 : 8F 3A 57 B1 08 11 A4 0B 26 25 F0 52 76 81 EA 0B 2385 : 62 0D 95 2A E6 86 BA 72 B2 A7 50 83 0B AA 27 CD 2386 : 1B A9 4D 89 9A D7 8D 18 39 84 3F 8B C5 56 4D 80 2387 : 7A 2388 : } 2389 : } 2390 630 A3 66: [3] { 2391 632 30 64: SEQUENCE { 2392 634 30 15: SEQUENCE { 2393 636 06 3: OBJECT IDENTIFIER basicConstraints (2 5 29 19) 2394 : (X.509 id-ce (2 5 29)) 2395 641 01 1: BOOLEAN TRUE 2396 644 04 5: OCTET STRING, encapsulates { 2397 646 30 3: SEQUENCE { 2398 648 01 1: BOOLEAN TRUE 2399 : } 2400 : } 2401 : } 2402 651 30 14: SEQUENCE { 2403 653 06 3: OBJECT IDENTIFIER keyUsage (2 5 29 15) 2404 : (X.509 id-ce (2 5 29)) 2405 658 01 1: BOOLEAN TRUE 2406 661 04 4: OCTET STRING, encapsulates { 2407 663 03 2: BIT STRING 1 unused bits 2408 : '1100001'B 2409 : } 2410 : } 2411 667 30 29: SEQUENCE { 2412 669 06 3: OBJECT IDENTIFIER 2413 : subjectKeyIdentifier (2 5 29 14) 2414 : (X.509 id-ce (2 5 29)) 2415 674 04 22: OCTET STRING 2416 : 04 14 70 44 3E 82 2E 6F 87 DE 4A D3 75 E3 3D 20 2417 : BC 43 2B 93 F1 1F 2418 : } 2419 : } 2420 : } 2421 : } 2422 698 30 9: SEQUENCE { 2423 700 06 7: OBJECT IDENTIFIER dsaWithSha1 (1 2 840 10040 4 3) 2424 : (ANSI X9.57 algorithm) 2425 : } 2426 709 03 48: BIT STRING 0 unused bits, encapsulates { 2427 712 30 45: SEQUENCE { 2428 714 02 20: INTEGER 2429 : 6B A9 F0 4E 7A 5A 79 E3 F9 BE 3D 2B C9 06 37 E9 2430 : 11 17 A1 13 2431 736 02 21: INTEGER 2432 : 00 8F 34 69 2A 8B B1 3C 03 79 94 32 4D 12 1F CE 2433 : 89 FB 46 B2 3B 2434 : } 2435 : } 2436 : } 2437 759 30 734: SEQUENCE { 2438 763 30 669: SEQUENCE { 2439 767 A0 3: [0] { 2440 769 02 1: INTEGER 2 2441 : } 2442 772 02 2: INTEGER 200 2443 776 30 9: SEQUENCE { 2444 778 06 7: OBJECT IDENTIFIER dsaWithSha1 (1 2 840 10040 4 3) 2445 : (ANSI X9.57 algorithm) 2446 : } 2447 787 30 18: SEQUENCE { 2448 789 31 16: SET { 2449 791 30 14: SEQUENCE { 2450 793 06 3: OBJECT IDENTIFIER commonName (2 5 4 3) 2451 : (X.520 id-at (2 5 4)) 2452 798 13 7: PrintableString 'CarlDSS' 2453 : } 2454 : } 2455 : } 2456 807 30 30: SEQUENCE { 2457 809 17 13: UTCTime '990817011049Z' 2458 824 17 13: UTCTime '391231235959Z' 2459 : } 2460 839 30 19: SEQUENCE { 2461 841 31 17: SET { 2462 843 30 15: SEQUENCE { 2463 845 06 3: OBJECT IDENTIFIER commonName (2 5 4 3) 2464 : (X.520 id-at (2 5 4)) 2465 850 13 8: PrintableString 'AliceDSS' 2466 : } 2467 : } 2468 : } 2469 860 30 438: SEQUENCE { 2470 864 30 299: SEQUENCE { 2471 868 06 7: OBJECT IDENTIFIER dsa (1 2 840 10040 4 1) 2472 : (ANSI X9.57 algorithm) 2473 877 30 286: SEQUENCE { 2474 881 02 129: INTEGER 2475 : 00 81 8D CD ED 83 EA 0A 9E 39 3E C2 48 28 A3 E4 2476 : 47 93 DD 0E D7 A8 0E EC 53 C5 AB 84 08 4F FF 94 2477 : E1 73 48 7E 0C D6 F3 44 48 D1 FE 9F AF A4 A1 89 2478 : 2F E1 D9 30 C8 36 DE 3F 9B BF B7 4C DC 5F 69 8A 2479 : E4 75 D0 37 0C 91 08 95 9B DE A7 5E F9 FC F4 9F 2480 : 2F DD 43 A8 8B 54 F1 3F B0 07 08 47 4D 5D 88 C3 2481 : C3 B5 B3 E3 55 08 75 D5 39 76 10 C4 78 BD FF 9D 2482 : B0 84 97 37 F2 E4 51 1B B5 E4 09 96 5C F3 7E 5B 2483 : DB 2484 1013 02 21: INTEGER 2485 : 00 E2 47 A6 1A 45 66 B8 13 C6 DA 8F B8 37 21 2B 2486 : 62 8B F7 93 CD 2487 1036 02 128: INTEGER 2488 : 26 38 D0 14 89 32 AA 39 FB 3E 6D D9 4B 59 6A 4C 2489 : 76 23 39 04 02 35 5C F2 CB 1A 30 C3 1E 50 5D DD 2490 : 9B 59 E2 CD AA 05 3D 58 C0 7B A2 36 B8 6E 07 AF 2491 : 7D 8A 42 25 A7 F4 75 CF 4A 08 5E 4B 3E 90 F8 6D 2492 : EA 9C C9 21 8A 3B 76 14 E9 CE 2E 5D A3 07 CD 23 2493 : 85 B8 2F 30 01 7C 6D 49 89 11 89 36 44 BD F8 C8 2494 : 95 4A 53 56 B5 E2 F9 73 EC 1A 61 36 1F 11 7F C2 2495 : BD ED D1 50 FF 98 74 C2 D1 81 4A 60 39 BA 36 39 2496 : } 2497 : } 2498 1167 03 132: BIT STRING 0 unused bits, encapsulates { 2499 1171 02 128: INTEGER 2500 : 5C E3 B9 5A 75 14 96 0B A9 7A DD E3 3F A9 EC AC 2501 : 5E DC BD B7 13 11 34 A6 16 89 28 11 23 D9 34 86 2502 : 67 75 75 13 12 3D 43 5B 6F E5 51 BF FA 89 F2 A2 2503 : 1B 3E 24 7D 3D 07 8D 5B 63 C8 BB 45 A5 A0 4A E3 2504 : 85 D6 CE 06 80 3F E8 23 7E 1A F2 24 AB 53 1A B8 2505 : 27 0D 1E EF 08 BF 66 14 80 5C 62 AC 65 FA 15 8B 2506 : F1 BB 34 D4 D2 96 37 F6 61 47 B2 C4 32 84 F0 7E 2507 : 41 40 FD 46 A7 63 4E 33 F2 A5 E2 F4 F2 83 E5 B8 2508 : } 2509 : } 2510 1302 A3 131: [3] { 2511 1305 30 128: SEQUENCE { 2512 1308 30 32: SEQUENCE { 2513 1310 06 3: OBJECT IDENTIFIER subjectAltName (2 5 29 17) 2514 : (X.509 id-ce (2 5 29)) 2515 1315 04 25: OCTET STRING, encapsulates { 2516 1317 30 23: SEQUENCE { 2517 1319 81 21: [1] 'aliceDss@examples.com' 2518 : } 2519 : } 2520 : } 2521 1342 30 12: SEQUENCE { 2522 1344 06 3: OBJECT IDENTIFIER basicConstraints (2 5 29 19) 2523 : (X.509 id-ce (2 5 29)) 2524 1349 01 1: BOOLEAN TRUE 2525 1352 04 2: OCTET STRING, encapsulates { 2526 1354 30 0: SEQUENCE {} 2527 : } 2528 : } 2529 1356 30 14: SEQUENCE { 2530 1358 06 3: OBJECT IDENTIFIER keyUsage (2 5 29 15) 2531 : (X.509 id-ce (2 5 29)) 2532 1363 01 1: BOOLEAN TRUE 2533 1366 04 4: OCTET STRING, encapsulates { 2534 1368 03 2: BIT STRING 6 unused bits 2535 : '11'B 2536 : } 2537 : } 2538 1372 30 31: SEQUENCE { 2539 1374 06 3: OBJECT IDENTIFIER 2540 : authorityKeyIdentifier (2 5 29 35) 2541 : (X.509 id-ce (2 5 29)) 2542 1379 04 24: OCTET STRING, encapsulates { 2543 1381 30 22: SEQUENCE { 2544 1383 80 20: [0] 2545 : 70 44 3E 82 2E 6F 87 DE 4A D3 75 E3 3D 20 BC 43 2546 : 2B 93 F1 1F 2547 : } 2548 : } 2549 : } 2550 1405 30 29: SEQUENCE { 2551 1407 06 3: OBJECT IDENTIFIER 2552 : subjectKeyIdentifier (2 5 29 14) 2553 : (X.509 id-ce (2 5 29)) 2554 1412 04 22: OCTET STRING 2555 : 04 14 BE 6C A1 B3 E3 C1 F7 ED 43 70 A4 CE 13 01 2556 : E2 FD E3 97 FE CD 2557 : } 2558 : } 2559 : } 2560 : } 2561 1436 30 9: SEQUENCE { 2562 1438 06 7: OBJECT IDENTIFIER dsaWithSha1 (1 2 840 10040 4 3) 2563 : (ANSI X9.57 algorithm) 2564 : } 2565 1447 03 48: BIT STRING 0 unused bits, encapsulates { 2566 1450 30 45: SEQUENCE { 2567 1452 02 21: INTEGER 2568 : 00 98 B0 C6 3F CF 71 47 5A 35 A9 4A 8F C0 F8 24 2569 : 05 E8 46 94 8E 2570 1475 02 20: INTEGER 2571 : 5B 9F 48 C0 8C A1 C1 02 9C 44 EA E9 A1 87 C1 A5 2572 : 7F 28 2D BB 2573 : } 2574 : } 2575 : } 2576 : } 2577 1497 A1 219: [1] { 2578 1500 30 216: SEQUENCE { 2579 1503 30 153: SEQUENCE { 2580 1506 30 9: SEQUENCE { 2581 1508 06 7: OBJECT IDENTIFIER dsaWithSha1 (1 2 840 10040 4 3) 2582 : (ANSI X9.57 algorithm) 2583 : } 2584 1517 30 18: SEQUENCE { 2585 1519 31 16: SET { 2586 1521 30 14: SEQUENCE { 2587 1523 06 3: OBJECT IDENTIFIER commonName (2 5 4 3) 2588 : (X.520 id-at (2 5 4)) 2589 1528 13 7: PrintableString 'CarlDSS' 2590 : } 2591 : } 2592 : } 2593 1537 17 13: UTCTime '990827070000Z' 2594 1552 30 105: SEQUENCE { 2595 1554 30 19: SEQUENCE { 2596 1556 02 2: INTEGER 200 2597 1560 17 13: UTCTime '990822070000Z' 2598 : } 2599 1575 30 19: SEQUENCE { 2600 1577 02 2: INTEGER 201 2601 1581 17 13: UTCTime '990822070000Z' 2602 : } 2603 1596 30 19: SEQUENCE { 2604 1598 02 2: INTEGER 211 2605 1602 17 13: UTCTime '990822070000Z' 2606 : } 2607 1617 30 19: SEQUENCE { 2608 1619 02 2: INTEGER 210 2609 1623 17 13: UTCTime '990822070000Z' 2610 : } 2611 1638 30 19: SEQUENCE { 2612 1640 02 2: INTEGER 212 2613 1644 17 13: UTCTime '990824070000Z' 2614 : } 2615 : } 2616 : } 2617 1659 30 9: SEQUENCE { 2618 1661 06 7: OBJECT IDENTIFIER dsaWithSha1 (1 2 840 10040 4 3) 2619 : (ANSI X9.57 algorithm) 2620 : } 2621 1670 03 47: BIT STRING 0 unused bits, encapsulates { 2622 1673 30 44: SEQUENCE { 2623 1675 02 20: INTEGER 2624 : 7E 65 52 76 33 FE 34 73 17 D1 F7 96 F9 A0 D4 D8 2625 : 6D 5C 7D 3D 2626 1697 02 20: INTEGER 2627 : 02 7A 5B B7 D5 5B 18 C1 CF 87 EF 7E DA 24 F3 2A 2628 : 83 9C 35 A1 2629 : } 2630 : } 2631 : } 2632 : } 2633 1719 31 433: SET { 2634 1723 30 429: SEQUENCE { 2635 1727 02 1: INTEGER 3 2636 1730 80 20: [0] 2637 : BE 6C A1 B3 E3 C1 F7 ED 43 70 A4 CE 13 01 E2 FD 2638 : E3 97 FE CD 2639 1752 30 9: SEQUENCE { 2640 1754 06 5: OBJECT IDENTIFIER sha1 (1 3 14 3 2 26) 2641 : (OIW) 2642 1761 05 0: NULL 2643 : } 2644 1763 A0 93: [0] { 2645 1765 30 24: SEQUENCE { 2646 1767 06 9: OBJECT IDENTIFIER 2647 : contentType (1 2 840 113549 1 9 3) 2648 : (PKCS #9 (1 2 840 113549 1 9)) 2649 1778 31 11: SET { 2650 1780 06 9: OBJECT IDENTIFIER data (1 2 840 113549 1 7 1) 2651 : (PKCS #7) 2652 : } 2653 : } 2654 1791 30 28: SEQUENCE { 2655 1793 06 9: OBJECT IDENTIFIER 2656 : signingTime (1 2 840 113549 1 9 5) 2657 : (PKCS #9 (1 2 840 113549 1 9)) 2658 1804 31 15: SET { 2659 1806 17 13: UTCTime '990912025153Z' 2660 : } 2661 : } 2662 1821 30 35: SEQUENCE { 2663 1823 06 9: OBJECT IDENTIFIER 2664 : messageDigest (1 2 840 113549 1 9 4) 2665 : (PKCS #9 (1 2 840 113549 1 9)) 2666 1834 31 22: SET { 2667 1836 04 20: OCTET STRING 2668 : 40 6A EC 08 52 79 BA 6E 16 02 2D 9E 06 29 C0 22 2669 : 96 87 DD 48 2670 : } 2671 : } 2672 : } 2673 1858 30 9: SEQUENCE { 2674 1860 06 7: OBJECT IDENTIFIER dsa (1 2 840 10040 4 1) 2675 : (ANSI X9.57 algorithm) 2676 : } 2677 1869 04 48: OCTET STRING, encapsulates { 2678 1871 30 45: SEQUENCE { 2679 1873 02 21: INTEGER 2680 : 00 BC AF 04 79 B7 BF 42 AC EB BB 7B C2 D0 8C B3 2681 : 53 20 83 F1 BC 2682 1869 04 48: OCTET STRING 2683 : 30 2D 02 15 00 BC AF 04 79 B7 BF 42 AC EB BB 7B 2684 : C2 D0 8C B3 53 20 83 F1 BC 02 14 69 96 55 5D FB 2685 : 78 1E 95 E7 5B B8 05 5D 21 12 08 F5 5F 34 29 00 2686 1919 A1 234: [1] { 2687 1922 30 47: SEQUENCE { 2688 1924 06 11: OBJECT IDENTIFIER 2689 : id-aa-contentHint (1 2 840 113549 1 9 16 2 4) 2690 : (S/MIME Authenticated Attributes (1 2 840 113549 1 9 16 2)) 2691 1937 31 32: SET { 2692 1939 30 30: SEQUENCE { 2693 1941 0C 17: UTF8String (1997) 'SMime Example 5.4' 2694 1960 06 9: OBJECT IDENTIFIER data (1 2 840 113549 1 7 1) 2695 : (PKCS #7) 2696 : } 2697 : } 2698 : } 2699 1971 30 182: SEQUENCE { 2700 1974 06 9: OBJECT IDENTIFIER 2701 : countersignature (1 2 840 113549 1 9 6) 2702 : (PKCS #9 (1 2 840 113549 1 9)) 2703 1985 31 168: SET { 2704 1988 30 165: SEQUENCE { 2705 1991 02 1: INTEGER 1 2706 1994 30 24: SEQUENCE { 2707 1996 30 18: SEQUENCE { 2708 1998 31 16: SET { 2709 2000 30 14: SEQUENCE { 2710 2002 06 3: OBJECT IDENTIFIER commonName (2 5 4 3) 2711 : (X.520 id-at (2 5 4)) 2712 2007 13 7: PrintableString 'CarlDSS' 2713 : } 2714 : } 2715 : } 2716 2016 02 2: INTEGER 210 2717 : } 2718 2020 30 9: SEQUENCE { 2719 2022 06 5: OBJECT IDENTIFIER sha1 (1 3 14 3 2 26) 2720 : (OIW) 2721 2029 05 0: NULL 2722 : } 2723 2031 A0 63: [0] { 2724 2033 30 24: SEQUENCE { 2725 2035 06 9: OBJECT IDENTIFIER 2726 : contentType (1 2 840 113549 1 9 3) 2727 : (PKCS #9 (1 2 840 113549 1 9)) 2728 2046 31 11: SET { 2729 2048 06 9: OBJECT IDENTIFIER 2730 : data (1 2 840 113549 1 7 1) 2731 : (PKCS #7) 2732 : } 2733 : } 2734 2059 30 35: SEQUENCE { 2735 2061 06 9: OBJECT IDENTIFIER 2736 : messageDigest (1 2 840 113549 1 9 4) 2737 : (PKCS #9 (1 2 840 113549 1 9)) 2738 2072 31 22: SET { 2739 2074 04 20: OCTET STRING 2740 : 73 57 91 A6 3E 88 33 6E 51 31 81 E0 11 08 46 8C 2741 : EE 50 E3 5B 2742 : } 2743 : } 2744 : } 2745 2096 30 9: SEQUENCE { 2746 2098 06 7: OBJECT IDENTIFIER dsa (1 2 840 10040 4 1) 2747 : (ANSI X9.57 algorithm) 2748 : } 2749 2107 04 47: OCTET STRING 2750 : 30 2D 02 14 4A C8 41 50 E9 22 70 C6 FB F9 23 25 2751 : A1 37 B6 3D 5E 5E 67 3E 02 15 00 AC BA 9C B9 56 2752 : 8E 86 AE 19 29 D2 8D F3 6B 48 B5 DD 62 B7 C7 2753 : } 2754 : } 2755 : } 2756 : } 2757 : } 2758 : } 2759 : } 2760 : } 2761 : } 2763 5.5 All RSA signed message 2765 Same as 5.2, but includes Carl's RSA root cert (but no CRL). A 2766 SignedData with no attribute certificates, signed by Alice using RSA, 2767 her certificate and Carl's root cert, no CRL. The message is ExContent, 2768 and is included in the eContent. There are no signed or unsigned 2769 attributes. 2771 0 30 1295: SEQUENCE { 2772 4 06 9: OBJECT IDENTIFIER signedData (1 2 840 113549 1 7 2) 2773 : (PKCS #7) 2774 15 A0 1280: [0] { 2775 19 30 1276: SEQUENCE { 2776 23 02 1: INTEGER 1 2777 26 31 11: SET { 2778 28 30 9: SEQUENCE { 2779 30 06 5: OBJECT IDENTIFIER sha1 (1 3 14 3 2 26) 2780 : (OIW) 2781 37 05 0: NULL 2782 : } 2783 : } 2784 39 30 43: SEQUENCE { 2785 41 06 9: OBJECT IDENTIFIER data (1 2 840 113549 1 7 1) 2786 : (PKCS #7) 2787 52 A0 30: [0] { 2788 54 04 28: OCTET STRING 2789 : 54 68 69 73 20 69 73 20 73 6F 6D 65 20 73 61 6D 2790 : 70 6C 65 20 63 6F 6E 74 65 6E 74 2E 2791 : } 2792 : } 2793 84 A0 1005: [0] { 2794 88 30 483: SEQUENCE { 2795 92 30 336: SEQUENCE { 2796 96 A0 3: [0] { 2797 98 02 1: INTEGER 2 2798 : } 2799 101 02 16: INTEGER 2800 : 46 34 6B C7 80 00 56 BC 11 D3 6E 2E 9F F2 50 20 2801 119 30 9: SEQUENCE { 2802 121 06 5: OBJECT IDENTIFIER 2803 : sha-1WithRSAEncryption (1 3 14 3 2 29) 2804 : (Oddball OIW OID) 2805 128 05 0: NULL 2806 : } 2807 130 30 18: SEQUENCE { 2808 132 31 16: SET { 2809 134 30 14: SEQUENCE { 2810 136 06 3: OBJECT IDENTIFIER commonName (2 5 4 3) 2811 : (X.520 id-at (2 5 4)) 2812 141 13 7: PrintableString 'CarlRSA' 2813 : } 2814 : } 2815 : } 2816 150 30 30: SEQUENCE { 2817 152 17 13: UTCTime '990919010746Z' 2818 167 17 13: UTCTime '391231235959Z' 2819 : } 2820 182 30 18: SEQUENCE { 2821 184 31 16: SET { 2822 186 30 14: SEQUENCE { 2823 188 06 3: OBJECT IDENTIFIER commonName (2 5 4 3) 2824 : (X.520 id-at (2 5 4)) 2825 193 13 7: PrintableString 'CarlRSA' 2826 : } 2827 : } 2828 : } 2829 202 30 159: SEQUENCE { 2830 205 30 13: SEQUENCE { 2831 207 06 9: OBJECT IDENTIFIER 2832 : rsaEncryption (1 2 840 113549 1 1 1) 2833 : (PKCS #1) 2834 218 05 0: NULL 2835 : } 2836 220 03 141: BIT STRING 0 unused bits, encapsulates { 2837 224 30 137: SEQUENCE { 2838 227 02 129: INTEGER 2839 : 00 E4 4B FF 18 B8 24 57 F4 77 FF 6E 73 7B 93 71 2840 : 5C BC 33 1A 92 92 72 23 D8 41 46 D0 CD 11 3A 04 2841 : B3 8E AF 82 9D BD 51 1E 17 7A F2 76 2C 2B 86 39 2842 : A7 BD D7 8D 1A 53 EC E4 00 D5 E8 EC A2 36 B1 ED 2843 : E2 50 E2 32 09 8A 3F 9F 99 25 8F B8 4E AB B9 7D 2844 : D5 96 65 DA 16 A0 C5 BE 0E AE 44 5B EF 5E F4 A7 2845 : 29 CB 82 DD AC 44 E9 AA 93 94 29 0E F8 18 D6 C8 2846 : 57 5E F2 76 C4 F2 11 60 38 B9 1B 3C 1D 97 C9 6A 2847 : F1 2848 359 02 3: INTEGER 65537 2849 : } 2850 : } 2851 : } 2852 364 A3 66: [3] { 2853 366 30 64: SEQUENCE { 2854 368 30 15: SEQUENCE { 2855 370 06 3: OBJECT IDENTIFIER basicConstraints (2 5 29 19) 2856 : (X.509 id-ce (2 5 29)) 2857 375 01 1: BOOLEAN TRUE 2858 378 04 5: OCTET STRING, encapsulates { 2859 380 30 3: SEQUENCE { 2860 382 01 1: BOOLEAN TRUE 2861 : } 2862 : } 2863 : } 2864 385 30 14: SEQUENCE { 2865 387 06 3: OBJECT IDENTIFIER keyUsage (2 5 29 15) 2866 : (X.509 id-ce (2 5 29)) 2867 392 01 1: BOOLEAN TRUE 2868 395 04 4: OCTET STRING, encapsulates { 2869 397 03 2: BIT STRING 1 unused bits 2870 : '1100001'B 2871 : } 2872 : } 2873 401 30 29: SEQUENCE { 2874 403 06 3: OBJECT IDENTIFIER 2875 : subjectKeyIdentifier (2 5 29 14) 2876 : (X.509 id-ce (2 5 29)) 2877 408 04 22: OCTET STRING 2878 : 04 14 E9 E0 90 27 AC 78 20 7A 9A D3 4C F2 42 37 2879 : 4E 22 AE 9E 38 BB 2880 : } 2881 : } 2882 : } 2883 : } 2884 432 30 9: SEQUENCE { 2885 434 06 5: OBJECT IDENTIFIER 2886 : sha-1WithRSAEncryption (1 3 14 3 2 29) 2887 : (Oddball OIW OID) 2888 441 05 0: NULL 2889 : } 2890 443 03 129: BIT STRING 0 unused bits 2891 : 2B 71 B4 B7 6C 4E 08 C2 EA A9 3D 52 DE 77 76 9D 2892 : 40 F7 26 70 5F 30 AC 06 78 0A 9B C7 22 55 C3 72 2893 : 6A 86 9E C3 54 40 02 53 85 61 75 D9 0F 35 71 BE 2894 : D7 4E 4B B6 B7 8C 00 CE 15 32 38 70 9B 3C EE 72 2895 : 0A 22 8F B1 1B 3C D0 BD 97 15 C7 EB 52 31 E1 51 2896 : A1 3D 5A F2 EA 90 A1 99 DD 8B FD 18 0C 2C 8A C4 2897 : 89 62 7F 6B 69 B3 F2 BF DE C5 44 E3 D1 E1 86 74 2898 : 57 34 68 73 90 06 FA AC 6B 96 9E 5F 80 90 3B BC 2899 : } 2900 575 30 514: SEQUENCE { 2901 579 30 367: SEQUENCE { 2902 583 A0 3: [0] { 2903 585 02 1: INTEGER 2 2904 : } 2905 588 02 16: INTEGER 2906 : 46 34 6B C7 80 00 56 BC 11 D3 6E 2E C4 10 B3 B0 2907 606 30 9: SEQUENCE { 2908 608 06 5: OBJECT IDENTIFIER 2909 : sha-1WithRSAEncryption (1 3 14 3 2 29) 2910 : (Oddball OIW OID) 2911 615 05 0: NULL 2912 : } 2913 617 30 18: SEQUENCE { 2914 619 31 16: SET { 2915 621 30 14: SEQUENCE { 2916 623 06 3: OBJECT IDENTIFIER commonName (2 5 4 3) 2917 : (X.520 id-at (2 5 4)) 2918 628 13 7: PrintableString 'CarlRSA' 2919 : } 2920 : } 2921 : } 2922 637 30 30: SEQUENCE { 2923 639 17 13: UTCTime '990919010847Z' 2924 654 17 13: UTCTime '391231235959Z' 2925 : } 2926 669 30 19: SEQUENCE { 2927 671 31 17: SET { 2928 673 30 15: SEQUENCE { 2929 675 06 3: OBJECT IDENTIFIER commonName (2 5 4 3) 2930 : (X.520 id-at (2 5 4)) 2931 680 13 8: PrintableString 'AliceRSA' 2932 : } 2933 : } 2934 : } 2935 690 30 159: SEQUENCE { 2936 693 30 13: SEQUENCE { 2937 695 06 9: OBJECT IDENTIFIER 2938 : rsaEncryption (1 2 840 113549 1 1 1) 2939 : (PKCS #1) 2940 706 05 0: NULL 2941 : } 2942 708 03 141: BIT STRING 0 unused bits, encapsulates { 2943 712 30 137: SEQUENCE { 2944 715 02 129: INTEGER 2945 : 00 E0 89 73 39 8D D8 F5 F5 E8 87 76 39 7F 4E B0 2946 : 05 BB 53 83 DE 0F B7 AB DC 7D C7 75 29 0D 05 2E 2947 : 6D 12 DF A6 86 26 D4 D2 6F AA 58 29 FC 97 EC FA 2948 : 82 51 0F 30 80 BE B1 50 9E 46 44 F1 2C BB D8 32 2949 : CF C6 68 6F 07 D9 B0 60 AC BE EE 34 09 6A 13 F5 2950 : F7 05 05 93 DF 5E BA 35 56 D9 61 FF 19 7F C9 81 2951 : E6 F8 6C EA 87 40 70 EF AC 6D 2C 74 9F 2D FA 55 2952 : 3A B9 99 77 02 A6 48 52 8C 4E F3 57 38 57 74 57 2953 : 5F 2954 847 02 3: INTEGER 65537 2955 : } 2956 : } 2957 : } 2958 852 A3 96: [3] { 2959 854 30 94: SEQUENCE { 2960 856 30 12: SEQUENCE { 2961 858 06 3: OBJECT IDENTIFIER basicConstraints (2 5 29 19) 2962 : (X.509 id-ce (2 5 29)) 2963 863 01 1: BOOLEAN TRUE 2964 866 04 2: OCTET STRING, encapsulates { 2965 868 30 0: SEQUENCE {} 2966 : } 2967 : } 2968 870 30 14: SEQUENCE { 2969 872 06 3: OBJECT IDENTIFIER keyUsage (2 5 29 15) 2970 : (X.509 id-ce (2 5 29)) 2971 877 01 1: BOOLEAN TRUE 2972 880 04 4: OCTET STRING, encapsulates { 2973 882 03 2: BIT STRING 6 unused bits 2974 : '11'B 2975 : } 2976 : } 2977 886 30 31: SEQUENCE { 2978 888 06 3: OBJECT IDENTIFIER 2979 : authorityKeyIdentifier (2 5 29 35) 2980 : (X.509 id-ce (2 5 29)) 2981 893 04 24: OCTET STRING, encapsulates { 2982 895 30 22: SEQUENCE { 2983 897 80 20: [0] 2984 : E9 E0 90 27 AC 78 20 7A 9A D3 4C F2 42 37 4E 22 2985 : AE 9E 38 BB 2986 : } 2987 : } 2988 : } 2989 919 30 29: SEQUENCE { 2990 921 06 3: OBJECT IDENTIFIER 2991 : subjectKeyIdentifier (2 5 29 14) 2992 : (X.509 id-ce (2 5 29)) 2993 926 04 22: OCTET STRING 2994 : 04 14 77 D2 B4 D1 B7 4C 8A 8A A3 CE 45 9D CE EC 2995 : 3C A0 3A E3 FF 50 2996 : } 2997 : } 2998 : } 2999 : } 3000 950 30 9: SEQUENCE { 3001 952 06 5: OBJECT IDENTIFIER 3002 : sha-1WithRSAEncryption (1 3 14 3 2 29) 3003 : (Oddball OIW OID) 3004 959 05 0: NULL 3005 : } 3006 961 03 129: BIT STRING 0 unused bits 3007 : BF 34 32 E6 FC 6A 88 41 7D F0 5C 99 A1 93 B7 49 3008 : B7 02 52 1E CB 84 AC 93 D7 58 2B 00 A1 9C C4 48 3009 : 48 99 DD 02 C3 C6 05 F8 D2 25 F1 A3 9C C9 33 01 3010 : 8A 76 0E 6F 77 43 A3 BF E1 E6 B3 6A 04 79 39 EE 3011 : E1 E9 E5 9D 50 07 8B 22 DC 12 50 E3 F3 B4 3D 9E 3012 : E5 93 9E B1 CD 33 F9 E0 AB 98 71 09 F8 EB B0 FC 3013 : 9C EC F1 88 D8 AE 03 D1 FE 60 E1 62 14 B1 A2 23 3014 : D2 C8 8D 18 1F 5E EE 9B 72 02 27 C2 85 3D 04 2E 3015 : } 3016 : } 3017 1093 31 203: SET { 3018 1096 30 200: SEQUENCE { 3019 1099 02 1: INTEGER 1 3020 1102 30 38: SEQUENCE { 3021 1104 30 18: SEQUENCE { 3022 1106 31 16: SET { 3023 1108 30 14: SEQUENCE { 3024 1110 06 3: OBJECT IDENTIFIER commonName (2 5 4 3) 3025 : (X.520 id-at (2 5 4)) 3026 1115 13 7: PrintableString 'CarlRSA' 3027 : } 3028 : } 3029 : } 3030 1124 02 16: INTEGER 3031 : 46 34 6B C7 80 00 56 BC 11 D3 6E 2E C4 10 B3 B0 3032 : } 3033 1142 30 9: SEQUENCE { 3034 1144 06 5: OBJECT IDENTIFIER sha1 (1 3 14 3 2 26) 3035 : (OIW) 3036 1151 05 0: NULL 3037 : } 3038 1153 30 13: SEQUENCE { 3039 1155 06 9: OBJECT IDENTIFIER 3040 : rsaEncryption (1 2 840 113549 1 1 1) 3041 : (PKCS #1) 3042 1166 05 0: NULL 3043 : } 3044 1168 04 128: OCTET STRING 3045 : 2F 23 82 D2 F3 09 5F B8 0C 58 EB 4E 9D BF 89 9A 3046 : 81 E5 75 C4 91 3D D3 D0 D5 7B B6 D5 FE 94 A1 8A 3047 : AC E3 C4 84 F5 CD 60 4E 27 95 F6 CF 00 86 76 75 3048 : 3F 2B F0 E7 D4 02 67 A7 F5 C7 8D 16 04 A5 B3 B5 3049 : E7 D9 32 F0 24 EF E7 20 44 D5 9F 07 C5 53 24 FA 3050 : CE 01 1D 0F 17 13 A7 2A 95 9D 2B E4 03 95 14 0B 3051 : E9 39 0D BA CE 6E 9C 9E 0C E8 98 E6 55 13 D4 68 3052 : 6F D0 07 D7 A2 B1 62 4C E3 8F AF FD E0 D5 5D C7 3053 : } 3054 : } 3055 : } 3056 : } 3057 : } 3059 5.6 Multiple signers 3061 Similar to 5.1, but the message is also signed by Diane. Two 3062 SignedDatas (one for Alice, one for Diane) with no attribute 3063 certificates, each signed using DH-DSS, Alice's and Diane's certificate 3064 (not Carl's root cert), no CRL. The message is ExContent, and is 3065 included in the eContent. There are no signed or unsigned attributes. 3067 0 30 289: SEQUENCE { 3068 4 06 9: OBJECT IDENTIFIER signedData (1 2 840 113549 1 7 2) 3069 : (PKCS #7) 3070 15 A0 274: [0] { 3071 19 30 270: SEQUENCE { 3072 23 02 1: INTEGER 1 3073 26 31 11: SET { 3074 28 30 9: SEQUENCE { 3075 30 06 5: OBJECT IDENTIFIER sha1 (1 3 14 3 2 26) 3076 : (OIW) 3077 37 05 0: NULL 3078 : } 3079 : } 3080 39 30 43: SEQUENCE { 3081 41 06 9: OBJECT IDENTIFIER data (1 2 840 113549 1 7 1) 3082 : (PKCS #7) 3083 52 A0 30: [0] { 3084 54 04 28: OCTET STRING 3085 : 54 68 69 73 20 69 73 20 73 6F 6D 65 20 73 61 6D 3086 : 70 6C 65 20 63 6F 6E 74 65 6E 74 2E 3087 : } 3088 : } 3089 84 31 206: SET { 3090 87 30 101: SEQUENCE { 3091 89 02 1: INTEGER 1 3092 92 30 24: SEQUENCE { 3093 94 30 18: SEQUENCE { 3094 96 31 16: SET { 3095 98 30 14: SEQUENCE { 3096 100 06 3: OBJECT IDENTIFIER commonName (2 5 4 3) 3097 : (X.520 id-at (2 5 4)) 3098 105 13 7: PrintableString 'CarlDSS' 3099 : } 3100 : } 3101 : } 3102 114 02 2: INTEGER 200 3103 : } 3104 118 30 9: SEQUENCE { 3105 120 06 5: OBJECT IDENTIFIER sha1 (1 3 14 3 2 26) 3106 : (OIW) 3107 127 05 0: NULL 3108 : } 3109 129 30 9: SEQUENCE { 3110 131 06 7: OBJECT IDENTIFIER dsa (1 2 840 10040 4 1) 3111 : (ANSI X9.57 algorithm) 3112 : } 3113 140 04 48: OCTET STRING, encapsulates { 3114 142 30 44: SEQUENCE { 3115 144 02 20: INTEGER 3116 : 01 1A 49 BA 75 B0 A7 62 36 FC E9 7D AE F7 C5 57 3117 : 02 86 98 8E 3118 166 02 20: INTEGER 3119 : 6D 1B A8 BD 51 10 51 26 F3 89 96 E6 B8 F1 AF 5E 3120 : 55 DD 3D 21 3121 : } 3122 : } 3123 : } 3124 190 30 101: SEQUENCE { 3125 192 02 1: INTEGER 1 3126 195 30 24: SEQUENCE { 3127 197 30 18: SEQUENCE { 3128 199 31 16: SET { 3129 201 30 14: SEQUENCE { 3130 203 06 3: OBJECT IDENTIFIER commonName (2 5 4 3) 3131 : (X.520 id-at (2 5 4)) 3132 208 13 7: PrintableString 'CarlDSS' 3133 : } 3134 : } 3135 : } 3136 217 02 2: INTEGER 210 3137 : } 3138 221 30 9: SEQUENCE { 3139 223 06 5: OBJECT IDENTIFIER sha1 (1 3 14 3 2 26) 3140 : (OIW) 3141 230 05 0: NULL 3142 : } 3143 232 30 9: SEQUENCE { 3144 234 06 7: OBJECT IDENTIFIER dsa (1 2 840 10040 4 1) 3145 : (ANSI X9.57 algorithm) 3146 : } 3147 243 04 48: OCTET STRING 3148 : 30 2D 02 15 00 CF 86 F1 54 70 E3 AD 5A 54 EC FE 3149 : F3 CF F5 0C 8E 9E A2 64 7F 02 14 61 1A 9D 19 31 3150 : 47 A0 32 A7 A0 27 D3 91 03 C4 07 E0 72 8D 8E 00 3151 : } 3152 : } 3153 : } 3154 : } 3155 : } 3157 5.7 Signing using SKI 3159 Same as 5.1, but the signature uses the SKI instead of the 3160 issuer/serial number in the cert. A SignedData with no attribute 3161 certificates, signed by Alice using DH-DSS, just her certificate (not 3162 Carl's root cert), identified by the SKI, no CRL. The message is 3163 ExContent, and is included in the eContent. There are no signed or 3164 unsigned attributes. 3166 0 30 179: SEQUENCE { 3167 3 06 9: OBJECT IDENTIFIER signedData (1 2 840 113549 1 7 2) 3168 : (PKCS #7) 3169 14 A0 165: [0] { 3170 17 30 162: SEQUENCE { 3171 20 02 1: INTEGER 3 3172 23 31 11: SET { 3173 25 30 9: SEQUENCE { 3174 27 06 5: OBJECT IDENTIFIER sha1 (1 3 14 3 2 26) 3175 : (OIW) 3176 34 05 0: NULL 3177 : } 3178 : } 3179 36 30 43: SEQUENCE { 3180 38 06 9: OBJECT IDENTIFIER data (1 2 840 113549 1 7 1) 3181 : (PKCS #7) 3182 49 A0 30: [0] { 3183 51 04 28: OCTET STRING 3184 : 54 68 69 73 20 69 73 20 73 6F 6D 65 20 73 61 6D 3185 : 70 6C 65 20 63 6F 6E 74 65 6E 74 2E 3186 : } 3187 : } 3188 81 31 99: SET { 3189 83 30 97: SEQUENCE { 3190 85 02 1: INTEGER 3 3191 88 80 20: [0] 3192 : BE 6C A1 B3 E3 C1 F7 ED 43 70 A4 CE 13 01 E2 FD 3193 : E3 97 FE CD 3194 110 30 9: SEQUENCE { 3195 112 06 5: OBJECT IDENTIFIER sha1 (1 3 14 3 2 26) 3196 : (OIW) 3197 119 05 0: NULL 3198 : } 3199 121 30 9: SEQUENCE { 3200 123 06 7: OBJECT IDENTIFIER dsa (1 2 840 10040 4 1) 3201 : (ANSI X9.57 algorithm) 3202 : } 3203 132 04 48: OCTET STRING 3204 : 30 2D 02 14 4F F6 62 B6 CA 8D D6 CC A8 A8 CA 9A 3205 : C9 CB 96 96 2C 1D DA 8F 02 15 00 B7 E2 9D 06 1E 3206 : F8 22 5E 93 FE 0B A6 BF F0 3C 29 ED 15 85 83 00 3207 : } 3208 : } 3209 : } 3210 : } 3211 : } 3213 5.8 S/MIME multipart/signed message 3215 A full S/MIME message, including MIME, that includes the body part from 3216 5.3 and the body containing the content of the message. 3218 MIME-Version: 1.0 3219 Content-Type: multipart/signed; 3220 protocol="application/x-pkcs7-signature"; 3221 micalg=SHA1; 3222 boundary="----=_NextPart_000_0000_01BEF8B8.4F7D5F80" 3224 ------=_NextPart_000_0000_01BEF8B8.4F7D5F80 3226 This is some sample content. 3227 ------=_NextPart_000_0000_01BEF8B8.4F7D5F80 3228 Content-Type: application/x-pkcs7-signature; 3229 name="smime.p7s" 3230 Content-Transfer-Encoding: base64 3231 Content-Disposition: attachment; 3232 filename="smime.p7s" 3234 MIGXBgkqhkiG9w0BBwKggYkwgYYCAQExCzAJBgUrDgMCGgUAMAsGCSqGSIb3DQEHAT 3235 FnMGUCAQEwGDASMRAwDgYDVQQDEwdDYXJsRFNTAgIAyDAJBgUrDgMCGgUAMAkGByqG 3236 SM44BAEEMDAtAhReXmtpBKJiXYtFslX5dRwSToiIIQIVAKPBSCPgCDVvJSJ6HrYUvO 3237 R1kdslAA== 3239 ------=_NextPart_000_0000_01BEF8B8.4F7D5F80-- 3241 5.9 S/MIME application/pkcs7-mime signed message 3243 A full S/MIME message, including MIME, that includes the body part from 3244 5.1. 3246 Subject: Example 5.9 3247 MIME-Version: 1.0 3248 Content-Type: application/pkcs7-mime; name="smime.p7m"; 3249 smime-type=signed-data 3250 Content-Transfer-Encoding: base64 3251 Content-Disposition: attachment; filename="smime.p7m" 3253 MIG3BgkqhkiG9w0BBwKggakwgaYCAQExCzAJBgUrDgMCGgUAMCsGCSqGSIb3DQEHAa 3254 AeBBxUaGlzIGlzIHNvbWUgc2FtcGxlIGNvbnRlbnQuMWcwZQIBATAYMBIxEDAOBgNV 3255 BAMTB0NhcmxEU1MCAgDIMAkGBSsOAwIaBQAwCQYHKoZIzjgEAQQwMC0CFHCbJ32Z59 3256 IMxsUhC0viIbe9jUgpAhUAiywMBstKtQZLqEwOeNE7kOnRn6QA 3258 6. Enveloped-data 3260 6.1 Basic encrypted content, TripleDES and DH 3262 An EnvelopedData from Alice to Bob of ExContent using TripleDES for 3263 encrypting and Diffie-Hellman for key management. Does not have a 3264 OriginatorInfo or any attributes. 3266 0 30 355: SEQUENCE { 3267 4 06 9: OBJECT IDENTIFIER envelopedData (1 2 840 113549 1 7 3) 3268 : (PKCS #7) 3269 15 A0 340: [0] { 3270 19 30 336: SEQUENCE { 3271 23 02 1: INTEGER 2 3272 26 31 260: SET { 3273 30 A1 256: [1] { 3274 34 02 1: INTEGER 3 3275 37 A0 150: [0] { 3276 40 A1 147: [1] { 3277 43 30 9: SEQUENCE { 3278 45 06 7: OBJECT IDENTIFIER 3279 : dhPublicNumber (1 2 840 10046 2 1) 3280 : (ANSI X9.42 number-type) 3281 : } 3282 54 03 133: BIT STRING 0 unused bits, encapsulates { 3283 58 02 129: INTEGER 3284 : 00 C2 A4 56 E7 80 6C 11 EC 48 01 F7 0E FA B0 20 3285 : D2 9C 6F 31 2C 85 F8 4A 9C B2 B8 BA 17 B6 F5 28 3286 : 31 BC B2 5E 53 D3 8C C9 B5 E3 79 20 8F 03 E5 67 3287 : 7F 4E 02 6A 2E C2 67 7F 71 9A 44 0B EC C0 7D 19 3288 : 6F EE 5F 2E D5 32 00 D4 7C C2 16 56 7E ED AF 68 3289 : DD 0C 73 68 95 36 CE 5C 51 AD 2E 20 64 D0 1E 3B 3290 : C8 57 3D 65 40 B8 1A CD 6D A7 CB 1C 9E C5 83 73 3291 : 66 DD D2 86 EE E1 9C ED B1 9D 30 32 41 4C 52 3D 3292 : 18 3293 : } 3294 : } 3295 : } 3296 190 30 26: SEQUENCE { 3297 192 06 7: OBJECT IDENTIFIER dhPublicNumber (1 2 840 10046 2 1) 3298 : (ANSI X9.42 number-type) 3299 201 30 15: SEQUENCE { 3300 203 06 11: OBJECT IDENTIFIER '1 2 840 113549 1 9 16 3 6' 3301 216 05 0: NULL 3302 : } 3303 : } 3304 218 30 70: SEQUENCE { 3305 220 30 68: SEQUENCE { 3306 222 30 24: SEQUENCE { 3307 224 30 18: SEQUENCE { 3308 226 31 16: SET { 3309 228 30 14: SEQUENCE { 3310 230 06 3: OBJECT IDENTIFIER commonName (2 5 4 3) 3311 : (X.520 id-at (2 5 4)) 3312 235 13 7: PrintableString 'CarlDSS' 3313 : } 3314 : } 3315 : } 3316 244 02 2: INTEGER 201 3317 : } 3318 248 04 40: OCTET STRING 3319 : 51 46 57 41 34 1C D6 C7 CD 36 4B A4 93 B7 16 E6 3320 : 2E F0 58 24 9C 6D 4B E9 90 8B 0F 46 B8 E5 93 19 3321 : FF 7C F0 56 4D 4F FA F5 3322 : } 3323 : } 3324 : } 3325 : } 3326 290 30 67: SEQUENCE { 3327 292 06 9: OBJECT IDENTIFIER data (1 2 840 113549 1 7 1) 3328 : (PKCS #7) 3329 303 30 20: SEQUENCE { 3330 305 06 8: OBJECT IDENTIFIER des-EDE3-CBC (1 2 840 113549 3 7) 3331 : (RSADSI encryptionAlgorithm (1 2 840 113549 3)) 3332 315 04 8: OCTET STRING 3333 : EE F2 1F EE 80 08 CE 6A 3334 : } 3335 325 80 32: [0] 3336 : 9E BB 6C 9E B8 14 43 2C CB B2 90 8E A4 7D 8A D8 3337 : AE 96 88 73 08 80 95 3E D1 DF E8 2F 4F DC 73 98 3338 : } 3339 : } 3340 : } 3341 : } 3343 Some additional information on this example: 3345 3DES CEK 3346 cd 4f 7c 83 73 c4 26 ce 5d b0 cd ea 7c 16 15 cb 3347 2f 8c a8 20 16 0e c8 2a 3349 Ephemeral X (reverse the bytes) 3350 2e 92 4e b9 2a bd ab 1e cb 5b d8 3b c5 6c b0 ef 3351 2d 89 7b 0e e7 d6 33 8c 1f 33 81 6d 2d d1 61 4f 3353 ZZ 3354 de 42 2f c3 fb 44 ab ce 71 3f f6 3a aa dc 09 d1 3355 ca 30 97 22 73 eb de 6a af 87 e1 74 62 60 73 c7 3356 93 1f 2e 26 b3 09 8f 1c 93 31 33 63 5f 0e ad 89 3357 89 f5 1a cb 8c 3f b7 8f 50 b3 9a fe 06 b0 8a 68 3358 c0 f7 b1 fe 20 af 96 f2 a6 cf de 12 1e 74 f9 38 3359 d1 90 da 4d 10 45 b2 6a be 3f f9 3b 61 c0 6d 8f 3360 bc 2e c8 a3 e6 d8 e2 a8 52 ea 58 65 b3 93 99 b7 3361 77 91 67 e6 04 e5 ca ce 46 86 b0 83 17 d9 de 1d 3363 3DES KEK (no parity check) 3364 02 1f 67 5c 92 58 e5 5a 2a fb 3b ed 94 6b 39 8a 3365 b1 38 a7 8c 63 fc d6 14 3367 wrapped key 3368 51 46 57 41 34 1c d6 c7 cd 36 4b a4 93 b7 16 e6 3369 2e f0 58 24 9c 6d 4b e9 90 8b 0f 46 b8 e5 93 19 3370 ff 7c f0 56 4d 4f fa f5 3372 3DES CEK 3373 1c b6 57 1a 25 bc f8 13 5b 01 1a d5 a2 46 31 7a 3374 85 fe 4f 62 45 4a 2a 43 3376 6.2 Basic encrypted content, TripleDES and RSA 3378 Same as 6.1, except with RSA for key management. An EnvelopedData from 3379 Alice to Bob of ExContent using TripleDES for encrypting and RSA for 3380 key management. Does not have a OriginatorInfo or any attributes. 3382 0 30 NDEF: SEQUENCE { 3383 2 06 9: OBJECT IDENTIFIER envelopedData (1 2 840 113549 1 7 3) 3384 : (PKCS #7) 3385 13 A0 NDEF: [0] { 3386 15 30 NDEF: SEQUENCE { 3387 17 02 1: INTEGER 0 3388 20 31 192: SET { 3389 23 30 189: SEQUENCE { 3390 26 02 1: INTEGER 0 3391 29 30 38: SEQUENCE { 3392 31 30 18: SEQUENCE { 3393 33 31 16: SET { 3394 35 30 14: SEQUENCE { 3395 37 06 3: OBJECT IDENTIFIER commonName (2 5 4 3) 3396 : (X.520 id-at (2 5 4)) 3397 42 13 7: PrintableString 'CarlRSA' 3398 : } 3399 : } 3400 : } 3401 51 02 16: INTEGER 3402 : 46 34 6B C7 80 00 56 BC 11 D3 6E 2E CD 5D 71 D0 3403 : } 3404 69 30 13: SEQUENCE { 3405 71 06 9: OBJECT IDENTIFIER 3406 : rsaEncryption (1 2 840 113549 1 1 1) 3407 : (PKCS #1) 3408 82 05 0: NULL 3409 : } 3410 84 04 128: OCTET STRING 3411 : C5 C0 8F 67 12 9C 10 49 49 14 5D 80 D6 24 50 59 3412 : 38 41 5C B7 5B B0 0B 12 15 CD 54 80 8E 62 A3 AF 3413 : D1 15 29 A6 6C B5 C0 32 F7 39 5F 0C 2F 32 90 65 3414 : 5C E3 D5 2B 55 F6 21 37 09 5A 9A B4 96 D4 96 20 3415 : 49 06 93 67 EA 0B C1 20 3D 5D B2 63 7E 8C F9 89 3416 : F3 9F BF 1E 19 ED 36 04 83 05 8A 15 5A 92 A4 8A 3417 : B4 3E 89 C1 69 35 0D 74 B7 81 7F 02 CB 7A D7 65 3418 : 51 05 15 B6 78 0F F2 B4 80 F7 60 7A 2B 75 88 E9 3419 : } 3420 : } 3421 215 30 NDEF: SEQUENCE { 3422 217 06 9: OBJECT IDENTIFIER data (1 2 840 113549 1 7 1) 3423 : (PKCS #7) 3424 228 30 20: SEQUENCE { 3425 230 06 8: OBJECT IDENTIFIER des-EDE3-CBC (1 2 840 113549 3 7) 3426 : (RSADSI encryptionAlgorithm (1 2 840 113549 3)) 3427 240 04 8: OCTET STRING 3428 : F4 CF FA 43 74 39 12 F4 3429 : } 3430 250 A0 NDEF: [0] { 3431 252 04 176: OCTET STRING 3432 : 1B CE BA D7 65 FB BC 60 05 95 65 42 3F 60 DB 2D 3433 : 78 C5 F2 7F 93 34 95 E2 62 F3 99 3E D8 A2 CB C8 3434 : E5 50 10 D8 45 CD 27 EF 83 3B 3B B0 41 E6 D7 2A 3435 : DE 57 53 AF 10 97 1F 89 3D 6A 97 B8 BF E1 72 2B 3436 : F0 D6 9B E5 09 D4 6B D6 F4 BA FF 50 6A 3C F0 16 3437 : 8C DD F4 34 E5 85 CC A9 03 1E DE E3 71 19 7F 89 3438 : 9D 27 2D 71 93 53 A8 CC 15 79 58 15 36 C3 53 7B 3439 : 22 51 AD 8F 31 AB 60 3A 1C B7 65 5A 5F 90 16 7B 3440 : 2B 5D 1E 0A B4 D5 A1 64 93 DD 4F 4D 31 81 84 80 3441 : 60 C3 56 99 CC A1 C0 C8 AE 10 9E 4C C8 5E F0 18 3442 : A9 32 30 00 93 12 7B FC 14 BF 7C D4 74 B4 B0 6C 3443 : } 3444 : } 3445 : } 3446 : } 3447 : } 3449 6.3 Basic encrypted content, RC2/40 and RSA 3451 Same as 6.1, except using RC2/40 for encryption and RSA for key 3452 management. An EnvelopedData from Alice to Bob of ExContent using 3453 RC2/40 for encrypting and RSA for key management. Does not have a 3454 OriginatorInfo or any attributes. 3456 0 30 NDEF: SEQUENCE { 3457 2 06 9: OBJECT IDENTIFIER envelopedData (1 2 840 113549 1 7 3) 3458 : (PKCS #7) 3459 13 A0 NDEF: [0] { 3460 15 30 NDEF: SEQUENCE { 3461 17 02 1: INTEGER 0 3462 20 31 192: SET { 3463 23 30 189: SEQUENCE { 3464 26 02 1: INTEGER 0 3465 29 30 38: SEQUENCE { 3466 31 30 18: SEQUENCE { 3467 33 31 16: SET { 3468 35 30 14: SEQUENCE { 3469 37 06 3: OBJECT IDENTIFIER commonName (2 5 4 3) 3470 : (X.520 id-at (2 5 4)) 3471 42 13 7: PrintableString 'CarlRSA' 3472 : } 3473 : } 3474 : } 3475 51 02 16: INTEGER 3476 : 46 34 6B C7 80 00 56 BC 11 D3 6E 2E CD 5D 71 D0 3477 : } 3478 69 30 13: SEQUENCE { 3479 71 06 9: OBJECT IDENTIFIER 3480 : rsaEncryption (1 2 840 113549 1 1 1) 3481 : (PKCS #1) 3482 82 05 0: NULL 3483 : } 3484 84 04 128: OCTET STRING 3485 : 84 00 78 AC A9 6A F9 ED BE 27 7F A1 45 FE 73 4B 3486 : 05 54 14 D7 DF 9B 27 11 68 97 E6 32 76 A3 D6 48 3487 : B4 4D E4 15 B0 BF A8 58 1F 5D F2 5C 30 A8 E9 C7 3488 : 63 E4 95 B4 AB 2A 36 3E 69 9C 59 0D 67 5F F2 82 3489 : 15 21 7B 1A 3B 59 68 AA F1 B0 C6 8C DB 0E B2 54 3490 : DC 33 D1 64 D1 4C A9 74 08 14 11 8A 16 74 6A 3A 3491 : F0 33 35 1C 34 70 33 BF 0A C6 44 91 C8 B1 21 BC 3492 : B1 A3 65 DD 14 BC 05 D7 E2 E7 DC 7F 3A 59 7E 1F 3493 : } 3494 : } 3495 215 30 NDEF: SEQUENCE { 3496 217 06 9: OBJECT IDENTIFIER data (1 2 840 113549 1 7 1) 3497 : (PKCS #7) 3498 228 30 26: SEQUENCE { 3499 230 06 8: OBJECT IDENTIFIER rc2CBC (1 2 840 113549 3 2) 3500 : (RSADSI encryptionAlgorithm (1 2 840 113549 3)) 3501 240 30 14: SEQUENCE { 3502 242 02 2: INTEGER 160 3503 246 04 8: OCTET STRING 3504 : 9C 04 D2 19 2E 2A 55 A1 3505 : } 3506 : } 3507 256 A0 NDEF: [0] { 3508 258 04 176: OCTET STRING 3509 : 8E 87 2E 22 E4 30 61 9B 96 CC EA AD 0C D6 D7 03 3510 : 1B 14 60 37 8B 1A 80 2C 12 4F 76 B7 76 77 E2 07 3511 : 84 33 0B CC 65 EB 5B 32 9B 68 F3 86 6D 7D B1 A2 3512 : 44 10 1D C0 14 E1 F2 C6 F1 28 17 BA 86 D5 2F 6D 3513 : 37 DF 82 EB D1 2D 24 80 71 62 4D 0D A8 69 10 A9 3514 : E1 45 75 86 4D AB 83 61 5B 70 7D 6D C2 5D F3 80 3515 : 31 D3 70 FD 73 2D 75 4D 93 54 9F 3A A8 A8 DC 30 3516 : 34 FD 49 36 88 97 37 4F 24 0F FB 03 22 4C 64 EA 3517 : 33 EB C5 C6 23 87 01 72 13 6F E7 62 3D 12 62 0D 3518 : FB 44 88 32 24 91 05 46 8D 0E 00 39 8A 14 8A CA 3519 : 19 58 4B 8F BD BB 35 89 AF F9 99 16 91 F0 E7 BD 3520 : } 3521 : } 3522 : } 3523 : } 3524 : } 3526 6.4 Encrypted content, two recipients, no shared keying material 3528 Same as 6.1, except sent to both Bob and Diane. An EnvelopedData from 3529 Alice to Bob and Diane of ExContent using TripleDES for encrypting and 3530 Diffie-Hellman for key management. Does not have a OriginatorInfo or 3531 any attributes. 3533 0 30 615: SEQUENCE { 3534 4 06 9: OBJECT IDENTIFIER envelopedData (1 2 840 113549 1 7 3) 3535 : (PKCS #7) 3536 15 A0 600: [0] { 3537 19 30 596: SEQUENCE { 3538 23 02 1: INTEGER 2 3539 26 31 520: SET { 3540 30 A1 256: [1] { 3541 34 02 1: INTEGER 3 3542 37 A0 150: [0] { 3543 40 A1 147: [1] { 3544 43 30 9: SEQUENCE { 3545 45 06 7: OBJECT IDENTIFIER 3546 : dhPublicNumber (1 2 840 10046 2 1) 3547 : (ANSI X9.42 number-type) 3548 : } 3549 54 03 133: BIT STRING 0 unused bits 3550 : 02 81 80 03 CA 05 2E 78 63 86 95 7D C6 E3 38 08 3551 : 33 D3 5E 06 FB C5 98 FA DE 66 42 2E 6F BB 35 47 3552 : 73 EE 7F 43 82 83 0C 8D EF 1F 61 8F 52 C6 5C BB 3553 : 85 46 09 CD 0A 1E 75 44 51 AC B8 AB 85 88 C6 B3 3554 : 06 97 C9 47 B2 8A 56 55 8B BE D3 3C C9 3A F0 A8 3555 : D5 4C 3A 56 19 9B 65 75 E9 2B 14 66 D8 BB 66 70 3556 : 2E 64 46 41 BD 33 E1 50 F8 D5 CA A5 74 6A 09 01 3557 : D3 6D 74 85 21 33 53 AB C2 3D 2A 08 40 CF F9 AC 3558 : 2D F7 D0 00 3559 : } 3560 : } 3561 190 30 26: SEQUENCE { 3562 192 06 7: OBJECT IDENTIFIER dhPublicNumber (1 2 840 10046 2 1) 3563 : (ANSI X9.42 number-type) 3564 201 30 15: SEQUENCE { 3565 203 06 11: OBJECT IDENTIFIER '1 2 840 113549 1 9 16 3 6' 3566 216 05 0: NULL 3567 : } 3568 : } 3569 218 30 70: SEQUENCE { 3570 220 30 68: SEQUENCE { 3571 222 30 24: SEQUENCE { 3572 224 30 18: SEQUENCE { 3573 226 31 16: SET { 3574 228 30 14: SEQUENCE { 3575 230 06 3: OBJECT IDENTIFIER commonName (2 5 4 3) 3576 : (X.520 id-at (2 5 4)) 3577 235 13 7: PrintableString 'CarlDSS' 3578 : } 3579 : } 3580 : } 3581 244 02 2: INTEGER 211 3582 : } 3583 248 04 40: OCTET STRING 3584 : 88 24 7C 52 73 C3 02 FF DB 89 49 08 0E BD EE 0E 3585 : 49 18 47 19 B4 95 5F 16 12 B9 ED 34 4F 99 6B 2F 3586 : CA 8E 94 87 56 66 08 51 3587 : } 3588 : } 3589 : } 3590 290 A1 256: [1] { 3591 294 02 1: INTEGER 3 3592 297 A0 150: [0] { 3593 300 A1 147: [1] { 3594 303 30 9: SEQUENCE { 3595 305 06 7: OBJECT IDENTIFIER 3596 : dhPublicNumber (1 2 840 10046 2 1) 3597 : (ANSI X9.42 number-type) 3598 : } 3599 314 03 133: BIT STRING 0 unused bits 3600 : 02 81 80 5C 58 72 3E C6 68 91 0F F8 EB 07 EB C1 3601 : 46 60 13 4B 7A D4 E5 AC 61 0C 67 D1 0D 0A AB E8 3602 : 81 31 25 6A B5 E6 F3 EF 53 9D E7 51 B5 1D A4 E3 3603 : 38 C7 EB 95 D9 80 D8 85 65 76 12 FB 7A 9E F2 B1 3604 : 3F 38 1F EA F2 7C 61 26 63 73 AA 22 E2 FD 15 9A 3605 : 9C 17 31 58 0C 4E A0 DE 84 89 B7 81 70 62 3E 9B 3606 : 45 47 AD B9 FC 94 95 A5 99 F4 86 8D 0B CE 74 EC 3607 : 71 DC CA A6 71 37 31 01 4C 8C 01 59 8C 49 AE FC 3608 : FB 64 EA 00 3609 : } 3610 : } 3611 450 30 26: SEQUENCE { 3612 452 06 7: OBJECT IDENTIFIER dhPublicNumber (1 2 840 10046 2 1) 3613 : (ANSI X9.42 number-type) 3614 461 30 15: SEQUENCE { 3615 463 06 11: OBJECT IDENTIFIER '1 2 840 113549 1 9 16 3 6' 3616 476 05 0: NULL 3617 : } 3618 : } 3619 478 30 70: SEQUENCE { 3620 480 30 68: SEQUENCE { 3621 482 30 24: SEQUENCE { 3622 484 30 18: SEQUENCE { 3623 486 31 16: SET { 3624 488 30 14: SEQUENCE { 3625 490 06 3: OBJECT IDENTIFIER commonName (2 5 4 3) 3626 : (X.520 id-at (2 5 4)) 3627 495 13 7: PrintableString 'CarlDSS' 3628 : } 3629 : } 3630 : } 3631 504 02 2: INTEGER 201 3632 : } 3633 508 04 40: OCTET STRING 3634 : 39 2A 16 D1 21 2B 72 38 0C 40 01 55 A1 17 19 04 3635 : BE FD 24 9B 33 E5 1C BC C5 D8 7B A7 45 15 D2 5B 3636 : E5 5A 09 A5 22 18 7B DF 3637 : } 3638 : } 3639 : } 3640 : } 3641 550 30 67: SEQUENCE { 3642 552 06 9: OBJECT IDENTIFIER data (1 2 840 113549 1 7 1) 3643 : (PKCS #7) 3644 563 30 20: SEQUENCE { 3645 565 06 8: OBJECT IDENTIFIER des-EDE3-CBC (1 2 840 113549 3 7) 3646 : (RSADSI encryptionAlgorithm (1 2 840 113549 3)) 3647 575 04 8: OCTET STRING 3648 : 13 E3 41 9C 85 30 15 1F 3649 : } 3650 585 80 32: [0] 3651 : BA 8F 71 D9 C8 92 CE D4 08 A7 F5 73 91 29 6D E1 3652 : 33 08 DE C4 58 C2 A2 7B F0 9A 4B 06 44 EF D6 E5 3653 : } 3654 : } 3655 : } 3656 : } 3658 6.5 Encrypted content, two recipients, shared keying material 3660 Same as 6.4, except sent to Bob and Erica using keys that have shared 3661 parameters so the result does not include the UKMs. An EnvelopedData 3662 from Alice to Bob and Erica of ExContent using TripleDES for encrypting 3663 and Diffie-Hellman for key management. Does not have a OriginatorInfo 3664 or any attributes. Uses BobPubDHSharedEncrypt and 3665 DianePubDHSharedEncrypt for keys. 3667 0 30 426: SEQUENCE { 3668 4 06 9: OBJECT IDENTIFIER envelopedData (1 2 840 113549 1 7 3) 3669 : (PKCS #7) 3670 15 A0 411: [0] { 3671 19 30 407: SEQUENCE { 3672 23 02 1: INTEGER 2 3673 26 31 331: SET { 3674 30 A1 327: [1] { 3675 34 02 1: INTEGER 3 3676 37 A0 150: [0] { 3677 40 A1 147: [1] { 3678 43 30 9: SEQUENCE { 3679 45 06 7: OBJECT IDENTIFIER 3680 : dhPublicNumber (1 2 840 10046 2 1) 3681 : (ANSI X9.42 number-type) 3682 : } 3683 54 03 133: BIT STRING 0 unused bits 3684 : 02 81 80 1E 6F B8 49 59 86 A9 EE 34 17 29 BC A0 3685 : 5A 84 51 AB CE 9A 41 38 B6 29 A7 7C 49 24 8D 83 3686 : A6 A0 F8 2C 9A 1B 1D A9 86 64 62 89 4B F9 5B 35 3687 : 93 0C 36 D3 F7 06 51 D5 4A 5E AD DC 76 D2 ED 53 3688 : 46 1A D4 0A 84 5B 26 A7 D0 4C 9A D6 24 A1 9E BA 3689 : D2 21 30 7B 45 C5 36 CC 2B 4A 4F 19 77 0D 48 22 3690 : 79 66 D9 EB 51 4A 5A 3B 5D 25 E5 FA 58 79 0F 53 3691 : 49 1B 1F E9 F9 79 73 0D BC 49 61 ED DB 4D 81 67 3692 : 9E 68 A8 00 3693 : } 3694 : } 3695 190 30 26: SEQUENCE { 3696 192 06 7: OBJECT IDENTIFIER dhPublicNumber (1 2 840 10046 2 1) 3697 : (ANSI X9.42 number-type) 3698 201 30 15: SEQUENCE { 3699 203 06 11: OBJECT IDENTIFIER '1 2 840 113549 1 9 16 3 6' 3700 216 05 0: NULL 3701 : } 3702 : } 3703 218 30 140: SEQUENCE { 3704 221 30 68: SEQUENCE { 3705 223 30 24: SEQUENCE { 3706 225 30 18: SEQUENCE { 3707 227 31 16: SET { 3708 229 30 14: SEQUENCE { 3709 231 06 3: OBJECT IDENTIFIER commonName (2 5 4 3) 3710 : (X.520 id-at (2 5 4)) 3711 236 13 7: PrintableString 'CarlDSS' 3712 : } 3713 : } 3714 : } 3715 245 02 2: INTEGER 201 3716 : } 3717 249 04 40: OCTET STRING 3718 : FF 20 83 91 5F 10 CF 38 80 DF 50 20 46 C3 30 3B 3719 : 7D 2B E3 DB C1 18 07 E3 07 85 2B 6C AB 26 07 B9 3720 : 2C E5 DD 89 40 7D E9 D5 3721 : } 3722 291 30 68: SEQUENCE { 3723 293 30 24: SEQUENCE { 3724 295 30 18: SEQUENCE { 3725 297 31 16: SET { 3726 299 30 14: SEQUENCE { 3727 301 06 3: OBJECT IDENTIFIER commonName (2 5 4 3) 3728 : (X.520 id-at (2 5 4)) 3729 306 13 7: PrintableString 'CarlDSS' 3730 : } 3731 : } 3732 : } 3733 315 02 2: INTEGER 212 3734 : } 3735 319 04 40: OCTET STRING 3736 : BF 13 C2 4A A2 D4 08 6A 2B 60 4A B8 A1 6D 31 43 3737 : F7 6B AE 35 64 23 D0 E6 80 79 BE 5F 25 2C 51 E3 3738 : B9 0E 44 F3 83 79 B4 0E 3739 : } 3740 : } 3741 : } 3742 : } 3743 361 30 67: SEQUENCE { 3744 363 06 9: OBJECT IDENTIFIER data (1 2 840 113549 1 7 1) 3745 : (PKCS #7) 3746 374 30 20: SEQUENCE { 3747 376 06 8: OBJECT IDENTIFIER des-EDE3-CBC (1 2 840 113549 3 7) 3748 : (RSADSI encryptionAlgorithm (1 2 840 113549 3)) 3749 386 04 8: OCTET STRING 3750 : 23 DF 7F DB 3D 98 00 F8 3751 : } 3752 396 80 32: [0] 3753 : 74 29 02 33 4D 51 2E C4 C5 AE 32 D8 7F 9B 01 EB 3754 : D2 CD C2 32 0A AA 90 8D A9 91 F3 21 32 8E 4E 76 3755 : } 3756 : } 3757 : } 3758 : } 3760 6.6 Encrypted content, TripleDES and DH, previously-distributed keys 3762 Same as 6.1, except sent using a previously-distributed key. An 3763 EnvelopedData from Alice to Bob of ExContent using TripleDES for 3764 encrypting and Diffie-Hellman for key management, using the 3765 MailListTripleDES key. Does not have a OriginatorInfo or any 3766 attributes. 3768 Subject: Test subject 3769 MIME-Version: 1.0 3770 Content-Type: application/x-pkcs7-mime; 3771 name="smime.p7m"; 3772 smime-type=enveloped-data 3773 Content-Transfer-Encoding: base64 3774 Content-Disposition: attachment; 3775 filename="smime.p7m" 3776 X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2115.300 3778 MIAGCSqGSIb3DQEHA6CAMIACAQIxggFdoYIBBAIBA6CBlaGBkjAJBgcqhkjOPgIBA4 3779 GEAAKBgE348O8WYkb+mh9JywImIJ1j0PIj84SnpKclqO31EcScZzkSiQQP+gqphImf 3780 EwIGh7P7ywuoFuxdot8C2X/nDubhrrKImG3Z96h/FAh6/rgA6P10r2yesV1QvqfGgY 3781 Bh9+o9zq/S1+Q8ssFH9j1nZzTLLL3rrG8W4ztmu4qX+Q89MB8GCyqGSIb3DQEJEAMF 3782 MBAGCyqGSIb3DQEJEAMHAgE6MEYwRDAYMBIxEDAOBgNVBAMTB0NhcmxEU1MCAgDJBC 3783 hTEv/IiYb58fJpBc1MQAJ1FSG33LdFbpRq8QirMU12JiHd9qAJjj9ColMCAQQwEwQR 3784 TWFpbExpc3RUcmlwbGVERVMwDwYLKoZIhvcNAQkQAwYFAAQo/JV25qipslbuubZDLs 3785 lEB93Y4rGtOJHpymNu+u5Fe7bpypVtjw4VWjCABgkqhkiG9w0BBwEwGQYIKoZIhvcN 3786 AwIwDQIBOgQIj3hP9Fg2yEqggAQg4lYLOgn0NuOrSALLvtN4NzeVtYJ07hsW2OZ7Fq 3787 QNmuoAAAAAAAAAAAAA 3789 6.7 Encrypted content, RC2/40 and RSA, previously-distributed keys 3791 Same as 6.1, except sent using a previously-distributed key. An 3792 EnvelopedData from Alice to Bob of ExContent using RC2/40 for 3793 encrypting and RSA for key management, using the MailListRC2 key. Does 3794 not have a OriginatorInfo or any attributes. 3796 XXXXX 3798 6.8 S/MIME application/pkcs7-mime encrypted message 3800 A full S/MIME message, including MIME, that includes the body part from 3801 6.1. 3803 XXXXX 3805 7. Digested-data 3807 A DigestedData from Alice to Bob of ExContent using SHA-1. 3809 0 30 90: SEQUENCE { 3810 2 06 9: OBJECT IDENTIFIER digestedData (1 2 840 113549 1 7 5) 3811 : (PKCS #7) 3812 13 A0 77: [0] { 3813 15 30 75: SEQUENCE { 3814 17 02 1: INTEGER 0 3815 20 30 7: SEQUENCE { 3816 22 06 5: OBJECT IDENTIFIER sha1 (1 3 14 3 2 26) 3817 : (OIW) 3818 : } 3819 29 30 39: SEQUENCE { 3820 31 06 9: OBJECT IDENTIFIER data (1 2 840 113549 1 7 1) 3821 : (PKCS #7) 3822 42 A0 26: [0] { 3823 44 04 24: OCTET STRING 3824 : 54 68 69 73 20 73 6F 6D 65 20 73 61 6D 70 65 20 3825 : 63 6F 6E 74 65 6E 74 2E 3826 : } 3827 : } 3828 70 04 20: OCTET STRING 3829 : 40 6A EC 08 52 79 BA 6E 16 02 2D 9E 06 29 C0 22 3830 : 96 87 DD 48 3831 : } 3832 : } 3833 : } 3835 8. Encrypted-data 3837 An EncryptedData from Alice to Bob of ExContent with no attributes. 3839 0 30 87: SEQUENCE { 3840 2 06 9: OBJECT IDENTIFIER encryptedData (1 2 840 113549 1 7 6) 3841 : (PKCS #7) 3842 13 A0 74: [0] { 3843 15 30 72: SEQUENCE { 3844 17 02 1: INTEGER 0 3845 20 30 67: SEQUENCE { 3846 22 06 9: OBJECT IDENTIFIER data (1 2 840 113549 1 7 1) 3847 : (PKCS #7) 3848 33 30 20: SEQUENCE { 3849 35 06 8: OBJECT IDENTIFIER des-EDE3-CBC (1 2 840 113549 3 7) 3850 : (RSADSI encryptionAlgorithm (1 2 840 113549 3)) 3851 45 04 8: OCTET STRING 3852 : B3 6B 6B FB 62 31 08 4E 3853 : } 3854 55 80 32: [0] 3855 : D7 6F D1 17 8F BD 02 F8 42 31 F5 C1 D2 A2 F7 4A 3856 : 41 59 48 29 64 F6 75 24 82 54 22 3D AF 9A F8 E4 3857 : } 3858 : } 3859 : } 3860 : } 3862 The TripleDES key is: 3863 73 7c 79 1f 25 ea d0 e0 46 29 25 43 52 f7 dc 62 3864 91 e5 cb 26 91 7a da 32 3866 9. Authenticated-data 3868 9.1 Authenticated data with no autenticated attributes 3870 An AutenticatedData from Alice to Bob using XXXXXXXXXX with no 3871 authenticated attributes. 3873 XXXXX 3875 9.2 Authenticated data with autenticated attributes 3877 An AutenticatedData from Alice to Bob using XXXXXXXXXX with the 3878 content-type and message-digest authenticated attributes. 3880 XXXXX 3882 10. Key Wrapping 3884 This section shows the steps needed to wrap keys, as described in 3885 section 12.6 of [CMS]. 3887 10.1 Wrapping RC2 3889 This example shows how to wrap an RC2 key. 3891 The CEK to be wrapped is 3892 b70a 25fb c9d8 6a86 050c e0d7 11ea d4d9 3894 The random value used is 3895 4845 cce7 fd12 50 3897 The hash of the CEK is 3898 0a6f f19f db40 4988 3900 The CEK initialization vector is 3901 c7d9 0059 b29e 97f7 3903 The KEK is 3904 fd04 fd08 0607 07fb 0003 feff fd02 fe05 3906 The "Pre Encrypt #1" is 3907 10b7 0a25 fbc9 d86a 8605 0ce0 d711 ead4 3908 d9 4845 cce7 fd12 500a 6ff1 9fdb 4049 88 3910 The "Pre Encrypt #2" is 3911 a7 f7 1f a3 07 8a a9 9f 32 99 8e ff 9e d7 8c ac 3912 b8 70 ce 04 f5 55 8c e4 60 12 93 37 59 a2 1d a0 3913 f7 97 9e b2 59 00 d9 c7 3915 The wrapped CEK is 3916 70e6 99fb 5701 f783 3330 fb71 e87c 85a4 3917 20bd c99a f05d 22af 5a0e 48d3 5f31 3898 3918 6cba afb4 b28d 4f35 3920 10.2 Wrapping TripleDES 3922 This example shows how to wrap an TripleDES key. 3924 The CEK to be wrapped is 3925 2923 bf85 e06d d6ae 5291 49f1 f1ba e9ea b3a7 da3d 860d 3e98 3927 The hash of the CEK is 3928 181b 7e96 86e04a4e 3930 The CEK initialization vector is 3931 5dd4 cbfc 96f5 453b 3933 The KEK is 3934 255e 0d1c 07b6 46df b313 4cc8 43ba 8aa7 1f02 5b7c 0838 251f 3936 The "Pre Encrypt #1" is 3937 29 23 bf 85 e0 6d d6 ae 52 91 49 f1 f1 ba e9 ea 3938 b3 a7 da 3d 86 0d 3e 98 18 1b 7e 96 86 e0 4a 4e 3940 The "Pre Encrypt #2" is 3941 49 84 9d 72 5f cc 4d a4 f6 60 79 7a 3b 97 1f 5c 3942 03 cc 92 ef 04 32 9a b4 2a dd 75 c6 89 a7 c1 cf 3943 3b 45 f5 96 fc cb d4 5d 3945 The wrapped CEK is 3946 69 01 07 61 8e f0 92 b3 b4 8c a1 79 6b 23 4a e9 3947 fa 33 eb b4 15 96 04 03 7d b5 d6 a8 4e b3 aa c2 3948 76 8c 63 27 75 a4 67 d4 3950 11. ESS Examples 3952 11.1 ReceiptRequest 3954 Alice asks Diane for a reciept on the message in 5.1. 3956 XXXXX 3958 11.2 Receipt 3960 Diane gives Alice a receipt for the message in 11.1. 3962 XXXXX 3964 11.3 eSSSecurityLabel 3966 Alice includes a security label in the message in 5.1. 3968 XXXXX 3970 11.4 EquivalentLabels 3972 Alice uses an EquivalentLabels in the message in 11.3. 3974 XXXXX 3976 11.5 mlExpansionHistory 3978 The mailing list sends a message with a mlExpansionHistory attribute. 3980 XXXXX 3982 11.6 SigningCertificate 3984 Alice uses a SigningCertificate attribute in the message in 5.1. 3986 XXXXX 3988 12. Security Considerations 3990 Because this document shows examples of S/MIME, CMS, and ESS messages, 3991 this document also inherits all of the security considerations from 3992 [SMIME-MSG], [CMS], and [SMIME-ESS]. 3994 The Perl script in Appendix B writes to the user's local hard drive. A 3995 malicious attacker could modify the Perl script in this document. Be 3996 sure to read the Perl code carefully before executing it. 3998 A. References 4000 [CMS] Cryptographic Message Syntax, RFC 2630. 4002 [PKIX] PKIX Certificate and CRL Profile, RFC 2459. 4004 [SMIME-MSG] S/MIME Version 3 Message Specification. RFC 2633. 4006 [SMIME-ESS] Enhanced Security Services for S/MIME, RFC 2634. 4008 B. Binaries of the Examples 4010 This section contains the binaries of the examples shown in the rest of 4011 the document. The binaries are stored in a modified Base64 format. 4012 There is a Perl program that, when run over the contents of this 4013 document, will extract the following binaries and write them out to 4014 disk. The program works with Perl for Unix and Windows 95/98/NT (and 4015 possibly Macintosh). 4017 B.1 How the binaries and extractor works 4019 The program in the next section looks for lines that begin with a '|' 4020 character (or some whitespace followed by a '|'), ignoring all other 4021 lines. If the line begins with '|', the second character tells what 4022 kind of line it is: 4023 A line that begins with |* is a comment 4024 A line that begins with |> gives the name of a new file to start 4025 A line that begins with |< tells to end the file (and checks the 4026 file name for sanity) 4027 A line that begins with |anythingelse is a Base64 line 4029 The program writes out a series of files, so you should run this in an 4030 empty directory. The program will overwrite files (if it can), but won't 4031 delete other files already in the directory. 4033 Run this program with this document as the standard input, such as: 4034 extractsample " and "|<" markers, remove any page breaks, and remove the "|" 4038 in the first column of each line. The result is a valid Base64 blob that 4039 can be processed by any Base64 decoder. 4041 B.2 Example extraction program 4043 #!/usr/bin/perl 4045 # CMS Samples extraction program. v 1.1 4047 # Get all the input as an array of lines 4048 @AllIn = (); while () { push(@AllIn, $_) } 4050 $Base64Chars = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqr' . 4051 'stuvwxyz0123456789+/='; 4052 $LineCount = 0; $CurrFile = ''; 4054 foreach $Line (@AllIn) { 4055 $LineCount++; # Keep the line counter for error messages 4056 $Line =~ s/^\s*//; # Get rid of leading whitespace 4057 chomp($Line); # Get rid of CR or CRLF at the end of the line 4058 if(substr($Line, 0, 1) ne '|') { next } # Not a special line 4059 elsif(substr($Line, 1, 1) eq '*') { next } # It is a comment 4060 elsif(substr($Line, 1, 1) eq '>') 4061 { &StartNewFile(substr($Line, 2)) } # Start a new file 4062 elsif(substr($Line, 1, 1) eq '<') 4063 { &EndCurrFile(substr($Line, 2)) } # End the current file 4064 else { &DoBase64(substr($Line, 1)) } # It is a line of Base64 4065 } 4067 sub StartNewFile { 4068 $TheNewFile = shift(@_); 4069 if($CurrFile ne '') { die "Was about to start a new file at " . 4070 "line $LineCount, but the old file, $CurrFile, was open\n" } 4071 open(OUT, ">$TheNewFile") or 4072 die "Could not open $TheNewFile for writing: $!\n"; 4073 binmode(OUT); # This is needed for Windows, is a noop on Unix 4074 $CurrFile = $TheNewFile; 4075 $LeftOver = 0; # Amount left from previous Base64 character 4076 $NextPos = 0; # Bit position to start the next Base64 character 4077 # (bits are numbered 01234567) 4078 $OutString = ''; # Holds the text going out to the file 4079 } 4081 sub EndCurrFile { 4082 $FileToEnd = shift(@_); 4083 if($CurrFile ne $FileToEnd) { die "Was about to close " . 4084 "$FileToEnd at line $LineCount, but that name didn't match " . 4085 "the name of the currently open file, $CurrFile\n" } 4086 print OUT $OutString; 4087 close(OUT); 4088 $CurrFile = ''; 4089 } 4091 sub DoBase64 { 4092 $TheIn = shift(@_); 4093 if($CurrFile eq '') { die "Got some Base64 at line $LineCount, " . 4094 "but appear to not be writing to any particular file" } 4095 @Chars = split(//, $TheIn); # Make an array of the characters 4096 foreach $ThisChar (@Chars) { 4097 # $ThisVal is the position in the string and the Base64 value 4098 $ThisVal = index($Base64Chars, $ThisChar); 4099 if($ThisVal == -1) { die "At line $LineCount, found the " . 4100 "character $ThisChar, which is not a Base64 character\n" } 4101 if($ThisVal == 64) { last } # It is a "=", so we're done 4102 if ($NextPos == 0 ) { 4103 # Don't output anything, just fill the left of $LeftOver 4104 $LeftOver = $ThisVal * 4; 4105 $NextPos = 6; 4106 } elsif ($NextPos == 2) { 4107 # Add $ThisVal to $LeftOver, output, and reset 4108 $OutString .= chr($LeftOver + $ThisVal); 4109 $LeftOver = 0; 4110 $NextPos = 0; 4111 } elsif ($NextPos == 4) { 4112 # Add upper 4 bits of $ThisVal to $LeftOver and output 4113 $Upper4 = ($ThisVal & 60); 4114 $OutString .= chr($LeftOver + ($Upper4/4)); 4115 $LeftOver = (($ThisVal - $Upper4) * 64); 4116 $NextPos = 2; 4117 } elsif ($NextPos == 6) { 4118 # Add upper 2 bits of $ThisVal to $LeftOver and output 4119 $Upper2 = ($ThisVal & 48); 4120 $OutString .= chr($LeftOver + ($Upper2/16)); 4121 $LeftOver = (($ThisVal - $Upper2) * 16); 4122 $NextPos = 4; 4123 } else { die "\$NextPos has an illegal value: $NextPos." } 4124 } 4125 } 4127 C. Examples by section 4129 Example from section 3.1 (content) 4131 |* ExContent is just the message 4132 |* Creator: [PH] 4133 |>ExContent.bin 4134 |VGhpcyBpcyBzb21lIHNhbXBsZSBjb250ZW50Lg== 4135 |AlicePrivDSSSign.pri 4142 |MIIBSwIBADCCASsGByqGSM44BAEwggEeAoGBAIGNze2D6gqeOT7CSCij5EeT3Q7XqA7sU8 4143 |WrhAhP/5Thc0h+DNbzREjR/p+vpKGJL+HZMMg23j+bv7dM3F9piuR10DcMkQiVm96nXvn8 4144 |9J8v3UOoi1TxP7AHCEdNXYjDw7Wz41UIddU5dhDEeL3/nbCElzfy5FEbteQJllzzflvbAh 4145 |UA4kemGkVmuBPG2o+4NyErYov3k80CgYAmONAUiTKqOfs+bdlLWWpMdiM5BAI1XPLLGjDD 4146 |HlBd3ZtZ4s2qBT1YwHuiNrhuB699ikIlp/R1z0oIXks+kPht6pzJIYo7dhTpzi5dowfNI4 4147 |W4LzABfG1JiRGJNkS9+MiVSlNWteL5c+waYTYfEX/Cve3RUP+YdMLRgUpgObo2OQQXAhUA 4148 |u0RG0aXJRgcu0P561pIH8JqFiT8= 4149 |AlicePrivRSASign.pri 4154 |MIICdgIBADANBgkqhkiG9w0BAQEFAASCAmAwggJcAgEAAoGBAOCJczmN2PX16Id2OX9OsA 4155 |W7U4PeD7er3H3HdSkNBS5tEt+mhibU0m+qWCn8l+z6glEPMIC+sVCeRkTxLLvYMs/GaG8H 4156 |2bBgrL7uNAlqE/X3BQWT3166NVbZYf8Zf8mB5vhs6odAcO+sbSx0ny36VTq5mXcCpkhSjE 4157 |7zVzhXdFdfAgMBAAECgYAApAPDJ0d2NDRspoa1eUkBSy6K0shissfXSAlqi5H3NvJ11ujN 4158 |FZBgJzFHNWRNlc1nY860n1asLzduHO4Ovygt9DmQbzTYbghb1WVq2EHzE9ctOV7+M8v/Ke 4159 |QDCz0Foo+38Y6idjeweVfTLyvehwYifQRmXskbr4saw+yRRKt/IQJBAPbW4CIhTF8KcP8n 4160 |/OWzUGqd5Q+1hZbGQPqoCrSbmwxVwgEd+TeCihTI8pMOks2lZiG5PNIGv7RVMcncrcqYLd 4161 |ECQQDo3rARJQnSAlEB3oromFD1d3dhpEWTawhVlnNd9MhbEpMic4t/03B/9aSqu3T9PCJq 4162 |2jiRKoZbbBTorkye+o4vAkEAl0zwh5sXf+4bgxsUtgtqkF+GJ1Hht6B/9eSI41m5+R6b0y 4163 |l3OCJI1yKxJZi6PVlTt/oeILLIURYjdZNR56vN8QJALPAkW/qgzYUi6tBuT/pszSHTyOTx 4164 |hERIZHPXKY9+RozsFd7kUbOU5yyZLVVleyTqo2IfPmxNZ0ERO+G+6YMCgwJAWIjZoVA4hG 4165 |qrA7y730v0nG+4tCol+/bkBS9u4oiJIW9LJZ7Qq1CTyr9AcewhJcV/+wLpIZa4M83ixpXu 4166 |b41fKA== 4167 |BobPrivDHEncrypt.pri 4172 |MIIBYwIBADCCATgGByqGSM4+AgEwggErAoGBAOwszaTvmiYvYqe7I03fKyXBaNKeqUVbNv 4173 |GUiRqvfREknT25PCno1yOAM6aeRQK7qsyeKAWVoLMXdsH3JTVhAkGSJwxerkjl824475HR 4174 |zzf+mkCXyC01np2TxvgVrz/adDq3xJO1ubt2bB+ofrw6qkMKgWT8Y/B7cZj6wDh5EBozAo 4175 |GBALoL13Q95zTlTBOnlZa78eRhNwj7Esf7nJF3Bpk18EgkljMSAX6N7Av2ssBjpxXFXpWG 4176 |onPFSUY3eWD9dwUJSJtwjTwF9s5ELH99GysV3fMFL76FII+N+bSgRXQr9DudQmI0JyeBjm 4177 |8PXmKFicztIcORcAZU7nCoklVbbhkiTWKnAiEAw6tKMHmz05dOyvWifcdwo0Xzs6KGBdI+ 4178 |Sfmf2Qqzvr0EIgIgIPxngu7PSqbI5YPSjDuK0kUyEScybIbsZspxrfAZTfc= 4179 |BobPrivRSAEncrypt.pri 4184 |MIICdgIBADANBgkqhkiG9w0BAQEFAASCAmAwggJcAgEAAoGBAORL/xi4JFf0d/9uc3uTcV 4185 |y8MxqSknIj2EFG0M0ROgSzjq+Cnb1RHhd68nYsK4Y5p73XjRpT7OQA1ejsojax7eJQ4jIJ 4186 |ij+fmSWPuE6ruX3VlmXaFqDFvg6uRFvvXvSnKcuC3axE6aqTlCkO+BjWyFde8nbE8hFgOL 4187 |kbPB2XyWrxAgMBAAECgYEArnPkW19bZlrJ18bvOF9TISovYv7eKZp6hmc2531ieHU9c6C8 4188 |KQ7zj73Dycm2+LrWE5vDl3rKavC4hWVOD72nqPdUBkG969wgd5DfYZuab3Te6jvUnIdg7X 4189 |aE8WowN9XgkBb4gEfDGWvtdXe6Su05tl0CRztfG8gcq8vo9SY/pIECQQD/3wmgVgtCUp7E 4190 |TZOzsEm73ueBfSiZ0LFIugs54Rx7IhgztkD2v9yuHdChrQRxWmEKbjvOMNo2n2UlKbunDn 4191 |8LAkEA5GloGF/5V9B8ZokPumMdcssgpIF2ZInNfdHCJ6kurHpWmoUH2TADowOrf4iSUCQB 4192 |qhsHHyBMt8l7Vve2wn6rcwJAVzZsj4wEdmy21O4kRAD4gOKvQgGpDxSE+OcA4I+MJ6QtX6 4193 |LlbbVjwK1E6XaRpxlJLkb4d4VLO4cE8K/S2FQmlQJAZKEPrFV0G70NYXsXA82w5qcZHYCv 4194 |8UFI2Bq2iBSgLHrFdtQPDh96KrJuNwSrOUVzukaoD42CXyIUBc+io/N8gwJAJh4dHKGYK+ 4195 |TbOOhXbmtzGYhhOvp0SjaLR2hdUOsm4+p9m05lqa97q0sudlE9qNARq6PWqMAnNh1UC6qn 4196 |0W2N+g== 4197 |CarlPrivDSSSign.pri 4202 |MIIBSgIBADCCASsGByqGSM44BAEwggEeAoGBALZJGD6KRMEpcZRMAcQSwXp5y1RNqx6B+8 4203 |ZMsw6UCQbrAdSxyHFLx0XAUCVdnPza5G3T4oZIhIJ9uhWVShb2Ru3d9pjSu36KCoq6Fnu5 4204 |UAFIk4vrJRVRl1Xcj1MOEKlQ/HC3zTBU/dreqKoitaGvi8wCiOeLcF+5reEI1G0pLdbpAh 4205 |UA3cEv31POCzRgdz4CpL+KXZi5ENUCgYAM7lebS73atgdqdDdPVX+d7bxhDetGWTxWCytb 4206 |DJHOpWJSacrhbT69v/7ht7krYTyty65F4wasjCKdnESHC8fN8BzZtU5dc96vDskdWlH1T0 4207 |R5NVpzqn9GUR+pQhacSOuKeWG01S9TIkRjH4a4o1gGJfgpwO+64HXwQsRjZVKbCgQWAhQZ 4208 |szilIWIxUOV/uT4IRnjRPrXlcg== 4209 |CarlPrivRSASign.pri 4214 |MIICdgIBADANBgkqhkiG9w0BAQEFAASCAmAwggJcAgEAAoGBAORL/xi4JFf0d/9uc3uTcV 4215 |y8MxqSknIj2EFG0M0ROgSzjq+Cnb1RHhd68nYsK4Y5p73XjRpT7OQA1ejsojax7eJQ4jIJ 4216 |ij+fmSWPuE6ruX3VlmXaFqDFvg6uRFvvXvSnKcuC3axE6aqTlCkO+BjWyFde8nbE8hFgOL 4217 |kbPB2XyWrxAgMBAAECgYEArnPkW19bZlrJ18bvOF9TISovYv7eKZp6hmc2531ieHU9c6C8 4218 |KQ7zj73Dycm2+LrWE5vDl3rKavC4hWVOD72nqPdUBkG969wgd5DfYZuab3Te6jvUnIdg7X 4219 |aE8WowN9XgkBb4gEfDGWvtdXe6Su05tl0CRztfG8gcq8vo9SY/pIECQQD/3wmgVgtCUp7E 4220 |TZOzsEm73ueBfSiZ0LFIugs54Rx7IhgztkD2v9yuHdChrQRxWmEKbjvOMNo2n2UlKbunDn 4221 |8LAkEA5GloGF/5V9B8ZokPumMdcssgpIF2ZInNfdHCJ6kurHpWmoUH2TADowOrf4iSUCQB 4222 |qhsHHyBMt8l7Vve2wn6rcwJAVzZsj4wEdmy21O4kRAD4gOKvQgGpDxSE+OcA4I+MJ6QtX6 4223 |LlbbVjwK1E6XaRpxlJLkb4d4VLO4cE8K/S2FQmlQJAZKEPrFV0G70NYXsXA82w5qcZHYCv 4224 |8UFI2Bq2iBSgLHrFdtQPDh96KrJuNwSrOUVzukaoD42CXyIUBc+io/N8gwJAJh4dHKGYK+ 4225 |TbOOhXbmtzGYhhOvp0SjaLR2hdUOsm4+p9m05lqa97q0sudlE9qNARq6PWqMAnNh1UC6qn 4226 |0W2N+g== 4227 |DianePrivDHEncrypt.pri 4232 |MIIBYgIBADCCATcGByqGSM4+AgEwggEqAoGBAMpukcKwvahY8jEhdLsf5BC90JOifmHhPb 4233 |ojBBbQZjm9O80FdEjxA3CV9AVjbS6/mrf/l/85u2PbTaRx2JSatPKKPZ+3XY3K4q+1D88F 4234 |ZYJobkPS9ARfA4v5UPXIbAUmvL82D1zDUWpn6HUyZniRY+j+NOcZtnBseDg2gtI0NsLfAo 4235 |GAbtZ2NkvkWQdXXxiaENIxXKYQsCaWQk18o6HTnqWAsh83EUl8ipnYVj+TUe1uVPtu27L8 4236 |NMDnyh5YK9U9O9yucSHZO1a4p/ZNIlJfQbrVHoJpbN1wccxsO++EqXGLqTsqCfi9/ctRvC 4237 |4uyj4wjPpUnn0NA+LfY2Jt81CCJ9zRmfcCIQCqBWX73U6oAvE0Oeej/H1GELhd8C7yxdFe 4238 |onRM2g9OHwQiAiBYLomrVzR9PPWadct9mYoZLzx6poXJLxtaRwPjghbkmw== 4239 |DianePrivRSASignEncrypt.pri 4244 |MIICdwIBADANBgkqhkiG9w0BAQEFAASCAmEwggJdAgEAAoGBANb9uMBwxkwl7OrP6ny7om 4245 |L68OYyOlP/sZJaF/Qg4ZkkggrQ9nz7RMqLJwbxfiYDqXadz+ygLHCW8oNC9tS3KAq7+L9K 4246 |TBk/B9ugwWAet35n996xw2BJrEXX+MbvCDchk0fu8HM1crACxPMRw15H5Qq3g/HbdGlki0 4247 |QdlV3NKMCFAgMBAAECgYA9vc3CDmEUW0vnv2AjBCvFazWllkUj/Gl9kzwP0yWWumJSQuKW 4248 |z/5YgI/rsYy91A1l0Dp3RSSeDOuGgMOsIRFxROOyqKkurBfSo4QlY7W8Lx7d9iH/FSAkW/ 4249 |GAL9VBDjIk99RKMp65SdgZjj85jWK9gPwMJJKT5MPXBZFTu5a2QQJBAPO4P0rRlLCRYBNB 4250 |kg2NRD93Hf+WI0QI1AtwyRqv6ZCU8rDVX08ZhVChkJGuvQV2UrMi2Kh8jlR/AHJPNnVoc7 4251 |UCQQDh0ucRVwaucpUiFqoCtFrtTp2CEU+WPIbJEI1WezF1eWnndWg4AEsu0iYy3bHi4CxU 4252 |gAp1utFmlhuwDqB+0ruRAkEAr7a82yJzQ0HstLVnqaGZ/O/Sjv0d++Upi/4K39TIXlclCl 4253 |0r1AmgVlvFsWL8IL4ILeMHtaHns//EwKVfrBJcqQJBALmYQfwIUB9zYIoBonxSiiBa6iyJ 4254 |2aUZ3ZTGG8MlwIJR5O4rmhncc+3pHSfU+GwD3asdCHu1rH/pgpvxiYpx22ECQAEHIZdfem 4255 |Co/VpcB9+o3vfisTR9/OuRvbBzdMjEvj9YRTAGkLOsacyz9z98rMe4G2WhFjk5sON0fc/N 4256 |xaxsv+U= 4257 |DianePrivDSSSign.pri 4262 |MIIBSwIBADCCASsGByqGSM44BAEwggEeAoGBALZJGD6KRMEpcZRMAcQSwXp5y1RNqx6B+8 4263 |ZMsw6UCQbrAdSxyHFLx0XAUCVdnPza5G3T4oZIhIJ9uhWVShb2Ru3d9pjSu36KCoq6Fnu5 4264 |UAFIk4vrJRVRl1Xcj1MOEKlQ/HC3zTBU/dreqKoitaGvi8wCiOeLcF+5reEI1G0pLdbpAh 4265 |UA3cEv31POCzRgdz4CpL+KXZi5ENUCgYAM7lebS73atgdqdDdPVX+d7bxhDetGWTxWCytb 4266 |DJHOpWJSacrhbT69v/7ht7krYTyty65F4wasjCKdnESHC8fN8BzZtU5dc96vDskdWlH1T0 4267 |R5NVpzqn9GUR+pQhacSOuKeWG01S9TIkRjH4a4o1gGJfgpwO+64HXwQsRjZVKbCgQXAhUA 4268 |lpX54MHgQS0yD4tCUpMq5h4OISk= 4269 |EricaPrivDHEncryptBobParam.pri 4274 |MIIBYwIBADCCATgGByqGSM4+AgEwggErAoGBAOwszaTvmiYvYqe7I03fKyXBaNKeqUVbNv 4275 |GUiRqvfREknT25PCno1yOAM6aeRQK7qsyeKAWVoLMXdsH3JTVhAkGSJwxerkjl824475HR 4276 |zzf+mkCXyC01np2TxvgVrz/adDq3xJO1ubt2bB+ofrw6qkMKgWT8Y/B7cZj6wDh5EBozAo 4277 |GBALoL13Q95zTlTBOnlZa78eRhNwj7Esf7nJF3Bpk18EgkljMSAX6N7Av2ssBjpxXFXpWG 4278 |onPFSUY3eWD9dwUJSJtwjTwF9s5ELH99GysV3fMFL76FII+N+bSgRXQr9DudQmI0JyeBjm 4279 |8PXmKFicztIcORcAZU7nCoklVbbhkiTWKnAiEAw6tKMHmz05dOyvWifcdwo0Xzs6KGBdI+ 4280 |Sfmf2Qqzvr0EIgIgSGQR5BcBEubB05xwfXyml5W9yJUH989BEacTkfswPYw= 4281 |MailListTripleDES.bin 4286 |JV4NHAe2Rt+zE0zIQ7qKpx8CW3wIOCUf 4287 |MailListRc2.bin 4292 |tw0KJfvJ2GqGBQzg1xHq1Nk= 4293 |AliceDSSSignByCarlNoInherit.cer 4300 |MIIC3jCCAp2gAwIBAgICAMgwCQYHKoZIzjgEAzASMRAwDgYDVQQDEwdDYXJsRFNTMB4XDT 4301 |k5MDgxNzAxMTA0OVoXDTM5MTIzMTIzNTk1OVowEzERMA8GA1UEAxMIQWxpY2VEU1MwggG2 4302 |MIIBKwYHKoZIzjgEATCCAR4CgYEAgY3N7YPqCp45PsJIKKPkR5PdDteoDuxTxauECE//lO 4303 |FzSH4M1vNESNH+n6+koYkv4dkwyDbeP5u/t0zcX2mK5HXQNwyRCJWb3qde+fz0ny/dQ6iL 4304 |VPE/sAcIR01diMPDtbPjVQh11Tl2EMR4vf+dsISXN/LkURu15AmWXPN+W9sCFQDiR6YaRW 4305 |a4E8baj7g3IStii/eTzQKBgCY40BSJMqo5+z5t2UtZakx2IzkEAjVc8ssaMMMeUF3dm1ni 4306 |zaoFPVjAe6I2uG4Hr32KQiWn9HXPSgheSz6Q+G3qnMkhijt2FOnOLl2jB80jhbgvMAF8bU 4307 |mJEYk2RL34yJVKU1a14vlz7BphNh8Rf8K97dFQ/5h0wtGBSmA5ujY5A4GEAAKBgFzjuVp1 4308 |FJYLqXrd4z+p7Kxe3L23ExE0phaJKBEj2TSGZ3V1ExI9Q1tv5VG/+onyohs+JH09B41bY8 4309 |i7RaWgSuOF1s4GgD/oI34a8iSrUxq4Jw0e7wi/ZhSAXGKsZfoVi/G7NNTSljf2YUeyxDKE 4310 |8H5BQP1Gp2NOM/Kl4vTyg+W4o4GDMIGAMCAGA1UdEQQZMBeBFWFsaWNlRHNzQGV4YW1wbG 4311 |VzLmNvbTAMBgNVHRMBAf8EAjAAMA4GA1UdDwEB/wQEAwIGwDAfBgNVHSMEGDAWgBRwRD6C 4312 |Lm+H3krTdeM9ILxDK5PxHzAdBgNVHQ4EFgQUvmyhs+PB9+1DcKTOEwHi/eOX/s0wCQYHKo 4313 |ZIzjgEAwMwADAtAhUAmLDGP89xR1o1qUqPwPgkBehGlI4CFFufSMCMocECnETq6aGHwaV/ 4314 |KC27 4315 |AliceRSASignByCarl.cer 4320 |MIICAjCCAW+gAwIBAgIQRjRrx4AAVrwR024uxBCzsDAJBgUrDgMCHQUAMBIxEDAOBgNVBA 4321 |MTB0NhcmxSU0EwHhcNOTkwOTE5MDEwODQ3WhcNMzkxMjMxMjM1OTU5WjATMREwDwYDVQQD 4322 |EwhBbGljZVJTQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA4IlzOY3Y9fXoh3Y5f0 4323 |6wBbtTg94Pt6vcfcd1KQ0FLm0S36aGJtTSb6pYKfyX7PqCUQ8wgL6xUJ5GRPEsu9gyz8Zo 4324 |bwfZsGCsvu40CWoT9fcFBZPfXro1Vtlh/xl/yYHm+Gzqh0Bw76xtLHSfLfpVOrmZdwKmSF 4325 |KMTvNXOFd0V18CAwEAAaNgMF4wDAYDVR0TAQH/BAIwADAOBgNVHQ8BAf8EBAMCBsAwHwYD 4326 |VR0jBBgwFoAU6eCQJ6x4IHqa00zyQjdOIq6eOLswHQYDVR0OBBYEFHfStNG3TIqKo85Fnc 4327 |7sPKA64/9QMAkGBSsOAwIdBQADgYEAvzQy5vxqiEF98FyZoZO3SbcCUh7LhKyT11grAKGc 4328 |xEhImd0Cw8YF+NIl8aOcyTMBinYOb3dDo7/h5rNqBHk57uHp5Z1QB4si3BJQ4/O0PZ7lk5 4329 |6xzTP54KuYcQn467D8nOzxiNiuA9H+YOFiFLGiI9LIjRgfXu6bcgInwoU9BC4= 4330 |BobDHEncryptByCarl.cer 4335 |MIIDYjCCAyGgAwIBAgICAMkwCQYHKoZIzjgEAzASMRAwDgYDVQQDEwdDYXJsRFNTMB4XDT 4336 |k5MDgxNzAxMTgyOFoXDTM5MTIzMTIzNTk1OVowEDEOMAwGA1UEAxMFYm9iREgwggJCMIIB 4337 |twYHKoZIzj4CATCCAaoCgYEA7CzNpO+aJi9ip7sjTd8rJcFo0p6pRVs28ZSJGq99ESSdPb 4338 |k8KejXI4Azpp5FAruqzJ4oBZWgsxd2wfclNWECQZInDF6uSOXzbjjvkdHPN/6aQJfILTWe 4339 |nZPG+BWvP9p0OrfEk7W5u3ZsH6h+vDqqQwqBZPxj8HtxmPrAOHkQGjMCgYEAugvXdD3nNO 4340 |VME6eVlrvx5GE3CPsSx/uckXcGmTXwSCSWMxIBfo3sC/aywGOnFcVelYaic8VJRjd5YP13 4341 |BQlIm3CNPAX2zkQsf30bKxXd8wUvvoUgj435tKBFdCv0O51CYjQnJ4GObw9eYoWJzO0hw5 4342 |FwBlTucKiSVVtuGSJNYqcCIQDDq0owebPTl07K9aJ9x3CjRfOzooYF0j5J+Z/ZCrO+vQJh 4343 |ATT+wjNI6/Y7l9nkl6dgpSVpNPv9RirWycTF99b0BBmNlNmKN2hpZ1X78msOR8VbC0sOHB 4344 |qLe3W3qsOq1+s72iqNAoc3R4PXMbQlqKy7EYhTHBGStmnnLpDBevyH9PbXGjAaAxUAuf8c 4345 |k0RnN9Gy+FeaMkrJSv877B4CAR0DgYQAAoGAb9T2zZSabq9bVxeWdbsPuUjpkDcNFSDCVR 4346 |4T4q5xF4TDDnSuilV/KH2L1yginHZG1ztPndFNG7LbUZTFbVSWQDiKOIFjSozDHgmJdKZY 4347 |1chaPc+7uCN/nB99ePqe+ZCekedLwqS+RQZ4Qlg9n2Ms74TUZ+X7xm2iNilnkEbbTkijfz 4348 |B9MB0GA1UdEQQWMBSBEmJvYkRoQGV4YW1wbGVzLmNvbTAMBgNVHRMBAf8EAjAAMA4GA1Ud 4349 |DwEB/wQEAwIDCDAfBgNVHSMEGDAWgBRwRD6CLm+H3krTdeM9ILxDK5PxHzAdBgNVHQ4EFg 4350 |QUJv8ZSMNZM2hWjX7IgGhczzxy3SYwCQYHKoZIzjgEAwMwADAtAhQV6hVD40kihsG75drk 4351 |DrgJ4NVyNQIVAK5PUSlzcXWpgevtnV4AGX7w3lrW 4352 |BobRSASignByCarl.cer 4357 |MIICADCCAW2gAwIBAgIQRjRrx4AAVrwR024uzV1x0DAJBgUrDgMCHQUAMBIxEDAOBgNVBA 4358 |MTB0NhcmxSU0EwHhcNOTkwOTE5MDEwOTAyWhcNMzkxMjMxMjM1OTU5WjARMQ8wDQYDVQQD 4359 |EwZCb2JSU0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMpc4S7sz8E7XRAb31Q1cZ 4360 |kKCdg95GG/oL4KvhGkPLU4QUFIBOFbsRccU7X0xRXT/gz7DKzqgBg2A35Bk1PXQHRJ29nG 4361 |r/7Wyg3KAYSPoemjACEnUdVAGarjwDB4W6Cy5sEtJDbLrkQQgrDddNf261Ensqe2rXjKpx 4362 |tZURjvKAxTAgMBAAGjYDBeMAwGA1UdEwEB/wQCMAAwDgYDVR0PAQH/BAQDAgUgMB8GA1Ud 4363 |IwQYMBaAFOngkCeseCB6mtNM8kI3TiKunji7MB0GA1UdDgQWBBTo9Lhn2LOWpCrzEaop05 4364 |Vahha0JDAJBgUrDgMCHQUAA4GBAJj6r30hAaqziLzx7xJfTVgw2I5OvOEssn5oV40MQ1zX 4365 |HkXR95Uz4qB1yhPIU7wzJpuzyFDfzYRqG+hIyELQgWNsMxm+Amn2FjF/1JnfgHrzO/gbKX 4366 |0mUTcDIj/2FT0w8zKK8a6X3tf1FqmnrccVr1M+qCWRssRfTmoVV0dQvLL6 4367 |CarlDSSSelf.cer 4372 |MIICmzCCAlqgAwIBAgIBATAJBgcqhkjOOAQDMBIxEDAOBgNVBAMTB0NhcmxEU1MwHhcNOT 4373 |kwODE2MjI1MDUwWhcNMzkxMjMxMjM1OTU5WjASMRAwDgYDVQQDEwdDYXJsRFNTMIIBtzCC 4374 |ASsGByqGSM44BAEwggEeAoGBALZJGD6KRMEpcZRMAcQSwXp5y1RNqx6B+8ZMsw6UCQbrAd 4375 |SxyHFLx0XAUCVdnPza5G3T4oZIhIJ9uhWVShb2Ru3d9pjSu36KCoq6Fnu5UAFIk4vrJRVR 4376 |l1Xcj1MOEKlQ/HC3zTBU/dreqKoitaGvi8wCiOeLcF+5reEI1G0pLdbpAhUA3cEv31POCz 4377 |Rgdz4CpL+KXZi5ENUCgYAM7lebS73atgdqdDdPVX+d7bxhDetGWTxWCytbDJHOpWJSacrh 4378 |bT69v/7ht7krYTyty65F4wasjCKdnESHC8fN8BzZtU5dc96vDskdWlH1T0R5NVpzqn9GUR 4379 |+pQhacSOuKeWG01S9TIkRjH4a4o1gGJfgpwO+64HXwQsRjZVKbCgOBhQACgYEAmYd0JwNm 4380 |oLHArdwsdbvhbESc2iFtTUdtsWIJ6diuHvI6tJSxo456m3FOAJTJtCVOuWCWGSQB82IM/n 4381 |XA+87YaADj/dVwT98jlhkGlPSxYY86V7EIEaQLJiXwUnaB6gtiDZUq5oa6crKnUIMLqifN 4382 |G6lNiZrXjRg5hD+LxVZNgHqjQjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAg 4383 |GGMB0GA1UdDgQWBBRwRD6CLm+H3krTdeM9ILxDK5PxHzAJBgcqhkjOOAQDAzAAMC0CFGup 4384 |8E56Wnnj+b49K8kGN+kRF6ETAhUAjzRpKouxPAN5lDJNEh/OiftGsjs= 4385 |CarlRSASelf.cer 4389 |MIIB4zCCAVCgAwIBAgIQRjRrx4AAVrwR024un/JQIDAJBgUrDgMCHQUAMBIxEDAOBgNVBA 4390 |MTB0NhcmxSU0EwHhcNOTkwOTE5MDEwNzQ2WhcNMzkxMjMxMjM1OTU5WjASMRAwDgYDVQQD 4391 |EwdDYXJsUlNBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDkS/8YuCRX9Hf/bnN7k3 4392 |FcvDMakpJyI9hBRtDNEToEs46vgp29UR4XevJ2LCuGOae9140aU+zkANXo7KI2se3iUOIy 4393 |CYo/n5klj7hOq7l91ZZl2hagxb4OrkRb7170pynLgt2sROmqk5QpDvgY1shXXvJ2xPIRYD 4394 |i5Gzwdl8lq8QIDAQABo0IwQDAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBhjAd 4395 |BgNVHQ4EFgQU6eCQJ6x4IHqa00zyQjdOIq6eOLswCQYFKw4DAh0FAAOBgQArcbS3bE4Iwu 4396 |qpPVLed3adQPcmcF8wrAZ4CpvHIlXDcmqGnsNUQAJThWF12Q81cb7XTku2t4wAzhUyOHCb 4397 |PO5yCiKPsRs80L2XFcfrUjHhUaE9WvLqkKGZ3Yv9GAwsisSJYn9rabPyv97FROPR4YZ0Vz 4398 |Roc5AG+qxrlp5fgJA7vA== 4399 |DianeDHEncryptByCarl.cer 4404 |MIIDZTCCAyWgAwIBAgICANMwCQYHKoZIzjgEAzASMRAwDgYDVQQDEwdDYXJsRFNTMB4XDT 4405 |k5MDgxNzAyMTY1N1oXDTM5MTIzMTIzNTk1OVowEjEQMA4GA1UEAxMHRGlhbmVESDCCAkEw 4406 |ggG2BgcqhkjOPgIBMIIBqQKBgQDKbpHCsL2oWPIxIXS7H+QQvdCTon5h4T26IwQW0GY5vT 4407 |vNBXRI8QNwlfQFY20uv5q3/5f/Obtj202kcdiUmrTyij2ft12NyuKvtQ/PBWWCaG5D0vQE 4408 |XwOL+VD1yGwFJry/Ng9cw1FqZ+h1MmZ4kWPo/jTnGbZwbHg4NoLSNDbC3wKBgG7WdjZL5F 4409 |kHV18YmhDSMVymELAmlkJNfKOh056lgLIfNxFJfIqZ2FY/k1HtblT7btuy/DTA58oeWCvV 4410 |PTvcrnEh2TtWuKf2TSJSX0G61R6CaWzdcHHMbDvvhKlxi6k7Kgn4vf3LUbwuLso+MIz6VJ 4411 |59DQPi32NibfNQgifc0Zn3AiEAqgVl+91OqALxNDnno/x9RhC4XfAu8sXRXqJ0TNoPTh8C 4412 |YQEwzQOCzT8yOl8WXvITX1Ib3/+qOwY8f4EmHLcMoBQJG10m/XEzjPKsQX4NrDWVkH6lra 4413 |tVUIDw0rkqEU12RXY/DDiuclnG7L3v525gI5O5JwJEfkrT2jk6mmNDPBsjxWIwGgMVAND9 4414 |1uBGl9Gnf7v/mkPwYmSzfJerAgF6A4GEAAKBgGBebu9hVXc/nWoREPTTybhyoB+J3+S8If 4415 |3kn1DWj475Z5cU4DQZjz1YUh7cXQVOT8aIhXisAWw1zoZtkEtYSC4PsuMqTkfDsU0qesm3 4416 |5cZoinOuUyGzzwnEYqPosLvc3g0uZkg3qNuiS/vb+qaSS0EKxlQLixqdL/9gCwsI2UI/o4 4417 |GBMH8wHwYDVR0RBBgwFoEUZGlhbmVEaEBleGFtcGxlcy5jb20wDAYDVR0TAQH/BAIwADAO 4418 |BgNVHQ8BAf8EBAMCAwgwHwYDVR0jBBgwFoAUcEQ+gi5vh95K03XjPSC8QyuT8R8wHQYDVR 4419 |0OBBYEFEfzT811fahSIahhNle1+Jru2zBGMAkGByqGSM44BAMDLwAwLAIUfWQeH0vz7G80 4420 |LLLkZHCPPmrAcqICFEvqwQzxzfd6nXbKJ27QvvLYm2pt 4421 |DianeDSSSignByCarlInherit.cer 4426 |MIIBujCCAXmgAwIBAgICANIwCQYHKoZIzjgEAzASMRAwDgYDVQQDEwdDYXJsRFNTMB4XDT 4427 |k5MDgxNzAyMDgxMFoXDTM5MTIzMTIzNTk1OVowEzERMA8GA1UEAxMIRGlhbmVEU1MwgZMw 4428 |CQYHKoZIzjgEAQOBhQACgYEAoAAXeCzufoFTLi5hCA+hm1FSGtpZqHMvEiW2CMvK7ypEdo 4429 |pSCeq9BSLVD/b9RtevmTgJDhPLTyzdHDT3HL8l/yPTO1nngpc3vjEk2BjI80k5W7fi5Sd+ 4430 |/IxFclt+Po9oTd1GeiK+jv/M2jkpoznln0PpVcnXW6aBZ8zAqs0uxSOjgYMwgYAwIAYDVR 4431 |0RBBkwF4EVZGlhbmVEc3NAZXhhbXBsZXMuY29tMAwGA1UdEwEB/wQCMAAwDgYDVR0PAQH/ 4432 |BAQDAgbAMB8GA1UdIwQYMBaAFHBEPoIub4feStN14z0gvEMrk/EfMB0GA1UdDgQWBBRkMJ 4433 |l9XNxFC5k6Ui8Wv1hQ3c4rGDAJBgcqhkjOOAQDAzAAMC0CFH4MDIEXtJpUssMw64rEPMJS 4434 |Np6VAhUAxp8XwnFLrC45jT0QH5qzTbb5EaM= 4435 |DianeRSASignEncryptByCarl.cer 4440 |MIICAjCCAW+gAwIBAgIQRjRrx4AAVrwR024u1ZowkDAJBgUrDgMCHQUAMBIxEDAOBgNVBA 4441 |MTB0NhcmxSU0EwHhcNOTkwOTE5MDEwOTE2WhcNMzkxMjMxMjM1OTU5WjATMREwDwYDVQQD 4442 |EwhEaWFuZVJTQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA1v24wHDGTCXs6s/qfL 4443 |uiYvrw5jI6U/+xkloX9CDhmSSCCtD2fPtEyosnBvF+JgOpdp3P7KAscJbyg0L21LcoCrv4 4444 |v0pMGT8H26DBYB63fmf33rHDYEmsRdf4xu8INyGTR+7wczVysALE8xHDXkflCreD8dt0aW 4445 |SLRB2VXc0owIUCAwEAAaNgMF4wDAYDVR0TAQH/BAIwADAOBgNVHQ8BAf8EBAMCBeAwHwYD 4446 |VR0jBBgwFoAU6eCQJ6x4IHqa00zyQjdOIq6eOLswHQYDVR0OBBYEFIzzy3UOjTH21CnaRJ 4447 |J1uP7tTzkMMAkGBSsOAwIdBQADgYEAyojHN6muJssreYIiT0oNHKcgsuBo9ULeWWuz/SXA 4448 |ObjrwItpohZVzgZ+Jl/GXlECP5XVp/fyfSNvK6x8y2+QD0RdRCJT1UI4GMRS17irgm+str 4449 |yp5xNENnYWIwASa299xsm+eSy5LWnTHbEduloghcpbiEY2teUOFYW34l57yho= 4450 |EricaDHEncryptByCarl.cer 4455 |MIIC6TCCAqigAwIBAgICANQwCQYHKoZIzjgEAzASMRAwDgYDVQQDEwdDYXJsRFNTMB4XDT 4456 |k5MDgxNzAyMTcxNloXDTM5MTIzMTIzNTk1OVowEjEQMA4GA1UEAxMHRXJpY2FESDCCAcQw 4457 |ggE4BgcqhkjOPgIBMIIBKwKBgQDsLM2k75omL2KnuyNN3yslwWjSnqlFWzbxlIkar30RJJ 4458 |09uTwp6NcjgDOmnkUCu6rMnigFlaCzF3bB9yU1YQJBkicMXq5I5fNuOO+R0c83/ppAl8gt 4459 |NZ6dk8b4Fa8/2nQ6t8STtbm7dmwfqH68OqpDCoFk/GPwe3GY+sA4eRAaMwKBgQC6C9d0Pe 4460 |c05UwTp5WWu/HkYTcI+xLH+5yRdwaZNfBIJJYzEgF+jewL9rLAY6cVxV6VhqJzxUlGN3lg 4461 |/XcFCUibcI08BfbORCx/fRsrFd3zBS++hSCPjfm0oEV0K/Q7nUJiNCcngY5vD15ihYnM7S 4462 |HDkXAGVO5wqJJVW24ZIk1ipwIhAMOrSjB5s9OXTsr1on3HcKNF87OihgXSPkn5n9kKs769 4463 |A4GFAAKBgQDRK+QdProYz3Ugxsdew8Rs6vMj2QkfRpj0zlm5ts7oOsYY+Fl3G5mw2tzAnQ 4464 |nkr/lhkSxHzEde3yszdvNn7HfoLDcwoYld88j2XBZK5LeM9XvVOP0UrOh6wn3uB5AnCnyH 4465 |qKLicDXqbt6eUDFr6QnaJRoBjuP/Jhx19cPOWvWehaOBgTB/MB8GA1UdEQQYMBaBFGVyaW 4466 |NhRGhAZXhhbXBsZXMuY29tMAwGA1UdEwEB/wQCMAAwDgYDVR0PAQH/BAQDAgMIMB8GA1Ud 4467 |IwQYMBaAFHBEPoIub4feStN14z0gvEMrk/EfMB0GA1UdDgQWBBSNUx1hVX9gNW2mNqLFk/ 4468 |ia/cB1dDAJBgcqhkjOOAQDAzAAMC0CFD5RQgjjUi6qu4+9GDhxy5iDvkeeAhUAtLMVhZkR 4469 |BkAfQFmN1BstzYHx6Gg= 4470 |CarlDSSCRLEmpty.crl 4477 |MG0wLjAJBgcqhkjOOAQDMBIxEDAOBgNVBAMTB0NhcmxEU1MXDTk5MDgyMDA3MDAwMFowCQ 4478 |YHKoZIzjgEAwMwADAtAhRiPzYXMVguZ1B59QlLjK3Ua/RknwIVALU7TqFMe/0Pw42btv7D 4479 |XW/eZSh9 4480 |CarlDSSCRLForAll.crl 4485 |MIHYMIGZMAkGByqGSM44BAMwEjEQMA4GA1UEAxMHQ2FybERTUxcNOTkwODI3MDcwMDAwWj 4486 |BpMBMCAgDIFw05OTA4MjIwNzAwMDBaMBMCAgDJFw05OTA4MjIwNzAwMDBaMBMCAgDTFw05 4487 |OTA4MjIwNzAwMDBaMBMCAgDSFw05OTA4MjIwNzAwMDBaMBMCAgDUFw05OTA4MjQwNzAwMD 4488 |BaMAkGByqGSM44BAMDLwAwLAIUfmVSdjP+NHMX0feW+aDU2G1cfT0CFAJ6W7fVWxjBz4fv 4489 |ftok8yqDnDWh 4490 |CarlDSSCRLForCarl.crl 4495 |MIGDMEQwCQYHKoZIzjgEAzASMRAwDgYDVQQDEwdDYXJsRFNTFw05OTA4MjUwNzAwMDBaMB 4496 |QwEgIBARcNOTkwODIyMDcwMDAwWjAJBgcqhkjOOAQDAzAAMC0CFQCzH8VPej3sdtVg+d55 4497 |IuxPsJD+lwIUWovDhLxmhxu/eYJbCl0H9rqpBSk= 4498 |CarlRSACRLEmpty.crl 4503 |MIHHMDIwDQYJKoZIhvcNAQEEBQAwEjEQMA4GA1UEAxMHQ2FybFJTQRcNOTkwODIwMDcwMD 4504 |AwWjANBgkqhkiG9w0BAQQFAAOBgQCpxSG4E3x087UR7ATzIEWGHgtuf4NtX/Q0dgZZJQ4E 4505 |PYgJiIE3xNwgmPoXgQs3lKy0j3tRiRSky3JzFAe8IpxAoQf8RHyFDwuI0e7hDq/2FnStoa 4506 |/BAHUAZOqlmvYLCKLblRlfpqe5OUUlCg72XoTn+LlayRjCDriglr6BOoBtyQ== 4507 |CarlRSACRLForAll.crl 4512 |MIIBMzCBnTANBgkqhkiG9w0BAQQFADASMRAwDgYDVQQDEwdDYXJsUlNBFw05OTA4MjcwNz 4513 |AwMDBaMGkwIQIQRjRrx4AAVrwR024uxBCzsBcNOTkwODIyMDcwMDAwWjAhAhBGNGvHgABW 4514 |vBHTbi7VmjCQFw05OTA4MjIwNzAwMDBaMCECEEY0a8eAAFa8EdNuLs1dcdAXDTk5MDgyND 4515 |A3MDAwMFowDQYJKoZIhvcNAQEEBQADgYEAv7OXqlPwMiEWK3eSemu7l8jc6vH6ZhYwDrWe 4516 |XPCB1F6zbsGIa4zUXsVN+0deZvNdq+W0GDZgqE2cPInsbye/NVBxgcK5RFtiiRkSMal7mt 4517 |PMZssR2QsQR3etTyLZ5X8w8lv8lFGlWHY7H6hGph/2od5Voe0xiGmXDwjT1AxgWx4= 4518 |CarlRSACRLForCarl.crl 4523 |MIHsMFcwDQYJKoZIhvcNAQEEBQAwEjEQMA4GA1UEAxMHQ2FybFJTQRcNOTkwODI1MDcwMD 4524 |AwWjAjMCECEEY0a8eAAFa8EdNuLp/yUCAXDTk5MDgyMjA3MDAwMFowDQYJKoZIhvcNAQEE 4525 |BQADgYEAIe8h1MEahZVJa8pFYtzXCf+pUS6O2UcY+vjlct1P7XR04/NlMmUoLJodV+XVJg 4526 |bq1eYjlYSNDome7psML84H96PRa4VMD//m3fzczXMsHn3csHHFTPwBblJXaR45Y98SIjDH 4527 |E1WUBW4qAKlbxCpmlGLONjPCK2NHJZ3z3nDuAFY= 4528 |4.1.bin 4535 |MIAGCSqGSIb3DQEHAaCAJIAEBFRoaXMEGCBpcyBzb21lIHNhbXBsZSBjb250ZW50LgAAAA 4536 |AAAA== 4537 |<4.1.bin 4539 |* Example from section 4.2 4540 |* Creator: [JS] 4541 |>4.2.bin 4542 |MCsGCSqGSIb3DQEHAaAeBBxUaGlzIGlzIHNvbWUgc2FtcGxlIGNvbnRlbnQu 4543 |<4.2.bin 4545 |* Example from section 5.1 4546 |* Creator: [JS] 4547 |>5.1.bin 4548 |MIG3BgkqhkiG9w0BBwKggakwgaYCAQExCzAJBgUrDgMCGgUAMCsGCSqGSIb3DQEHAaAeBB 4549 |xUaGlzIGlzIHNvbWUgc2FtcGxlIGNvbnRlbnQuMWcwZQIBATAYMBIxEDAOBgNVBAMTB0Nh 4550 |cmxEU1MCAgDIMAkGBSsOAwIaBQAwCQYHKoZIzjgEAQQwMC0CFHCbJ32Z59IMxsUhC0viIb 4551 |e9jUgpAhUAiywMBstKtQZLqEwOeNE7kOnRn6QA 4552 |<5.1.bin 4554 |* Example from section 5.2 4555 |* Creator: [JS] 4556 |>5.2.bin 4557 |MIIBHgYJKoZIhvcNAQcCoIIBDzCCAQsCAQExCzAJBgUrDgMCGgUAMCsGCSqGSIb3DQEHAa 4558 |AeBBxUaGlzIGlzIHNvbWUgc2FtcGxlIGNvbnRlbnQuMYHLMIHIAgEBMCYwEjEQMA4GA1UE 4559 |AxMHQ2FybFJTQQIQRjRrx4AAVrwR024uxBCzsDAJBgUrDgMCGgUAMA0GCSqGSIb3DQEBAQ 4560 |UABIGALyOC0vMJX7gMWOtOnb+JmoHldcSRPdPQ1Xu21f6UoYqs48SE9c1gTieV9s8AhnZ1 4561 |Pyvw59QCZ6f1x40WBKWztefZMvAk7+cgRNWfB8VTJPrOAR0PFxOnKpWdK+QDlRQL6TkNus 4562 |5unJ4M6JjmVRPUaG/QB9eisWJM44+v/eDVXcc= 4563 |<5.2.bin 4565 |* Example from section 5.3 4566 |* Creator: [JS] 4567 |>5.3.bin 4568 |MIGXBgkqhkiG9w0BBwKggYkwgYYCAQExCzAJBgUrDgMCGgUAMAsGCSqGSIb3DQEHATFnMG 4569 |UCAQEwGDASMRAwDgYDVQQDEwdDYXJsRFNTAgIAyDAJBgUrDgMCGgUAMAkGByqGSM44BAEE 4570 |MDAtAhReXmtpBKJiXYtFslX5dRwSToiIIQIVAKPBSCPgCDVvJSJ6HrYUvOR1kdslAA== 4571 |<5.3.bin 4573 |* Example from section 5.4 4574 |* Creator: [JS] 4575 |>5.4.bin 4576 |MIIIaAYJKoZIhvcNAQcCoIIIWTCCCFUCAQMxCzAJBgUrDgMCGgUAMCsGCSqGSIb3DQEHAa 4577 |AeBBxUaGlzIGlzIHNvbWUgc2FtcGxlIGNvbnRlbnQuoIIFgTCCApswggJaoAMCAQICAQEw 4578 |CQYHKoZIzjgEAzASMRAwDgYDVQQDEwdDYXJsRFNTMB4XDTk5MDgxNjIyNTA1MFoXDTM5MT 4579 |IzMTIzNTk1OVowEjEQMA4GA1UEAxMHQ2FybERTUzCCAbcwggErBgcqhkjOOAQBMIIBHgKB 4580 |gQC2SRg+ikTBKXGUTAHEEsF6ectUTasegfvGTLMOlAkG6wHUschxS8dFwFAlXZz82uRt0+ 4581 |KGSISCfboVlUoW9kbt3faY0rt+igqKuhZ7uVABSJOL6yUVUZdV3I9TDhCpUPxwt80wVP3a 4582 |3qiqIrWhr4vMAojni3Bfua3hCNRtKS3W6QIVAN3BL99Tzgs0YHc+AqS/il2YuRDVAoGADO 4583 |5Xm0u92rYHanQ3T1V/ne28YQ3rRlk8VgsrWwyRzqViUmnK4W0+vb/+4be5K2E8rcuuReMG 4584 |rIwinZxEhwvHzfAc2bVOXXPerw7JHVpR9U9EeTVac6p/RlEfqUIWnEjrinlhtNUvUyJEYx 4585 |+GuKNYBiX4KcDvuuB18ELEY2VSmwoDgYUAAoGBAJmHdCcDZqCxwK3cLHW74WxEnNohbU1H 4586 |bbFiCenYrh7yOrSUsaOOeptxTgCUybQlTrlglhkkAfNiDP51wPvO2GgA4/3VcE/fI5YZBp 4587 |T0sWGPOlexCBGkCyYl8FJ2geoLYg2VKuaGunKyp1CDC6onzRupTYma140YOYQ/i8VWTYB6 4588 |o0IwQDAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBhjAdBgNVHQ4EFgQUcEQ+gi 4589 |5vh95K03XjPSC8QyuT8R8wCQYHKoZIzjgEAwMwADAtAhRrqfBOelp54/m+PSvJBjfpEReh 4590 |EwIVAI80aSqLsTwDeZQyTRIfzon7RrI7MIIC3jCCAp2gAwIBAgICAMgwCQYHKoZIzjgEAz 4591 |ASMRAwDgYDVQQDEwdDYXJsRFNTMB4XDTk5MDgxNzAxMTA0OVoXDTM5MTIzMTIzNTk1OVow 4592 |EzERMA8GA1UEAxMIQWxpY2VEU1MwggG2MIIBKwYHKoZIzjgEATCCAR4CgYEAgY3N7YPqCp 4593 |45PsJIKKPkR5PdDteoDuxTxauECE//lOFzSH4M1vNESNH+n6+koYkv4dkwyDbeP5u/t0zc 4594 |X2mK5HXQNwyRCJWb3qde+fz0ny/dQ6iLVPE/sAcIR01diMPDtbPjVQh11Tl2EMR4vf+dsI 4595 |SXN/LkURu15AmWXPN+W9sCFQDiR6YaRWa4E8baj7g3IStii/eTzQKBgCY40BSJMqo5+z5t 4596 |2UtZakx2IzkEAjVc8ssaMMMeUF3dm1nizaoFPVjAe6I2uG4Hr32KQiWn9HXPSgheSz6Q+G 4597 |3qnMkhijt2FOnOLl2jB80jhbgvMAF8bUmJEYk2RL34yJVKU1a14vlz7BphNh8Rf8K97dFQ 4598 |/5h0wtGBSmA5ujY5A4GEAAKBgFzjuVp1FJYLqXrd4z+p7Kxe3L23ExE0phaJKBEj2TSGZ3 4599 |V1ExI9Q1tv5VG/+onyohs+JH09B41bY8i7RaWgSuOF1s4GgD/oI34a8iSrUxq4Jw0e7wi/ 4600 |ZhSAXGKsZfoVi/G7NNTSljf2YUeyxDKE8H5BQP1Gp2NOM/Kl4vTyg+W4o4GDMIGAMCAGA1 4601 |UdEQQZMBeBFWFsaWNlRHNzQGV4YW1wbGVzLmNvbTAMBgNVHRMBAf8EAjAAMA4GA1UdDwEB 4602 |/wQEAwIGwDAfBgNVHSMEGDAWgBRwRD6CLm+H3krTdeM9ILxDK5PxHzAdBgNVHQ4EFgQUvm 4603 |yhs+PB9+1DcKTOEwHi/eOX/s0wCQYHKoZIzjgEAwMwADAtAhUAmLDGP89xR1o1qUqPwPgk 4604 |BehGlI4CFFufSMCMocECnETq6aGHwaV/KC27oYHbMIHYMIGZMAkGByqGSM44BAMwEjEQMA 4605 |4GA1UEAxMHQ2FybERTUxcNOTkwODI3MDcwMDAwWjBpMBMCAgDIFw05OTA4MjIwNzAwMDBa 4606 |MBMCAgDJFw05OTA4MjIwNzAwMDBaMBMCAgDTFw05OTA4MjIwNzAwMDBaMBMCAgDSFw05OT 4607 |A4MjIwNzAwMDBaMBMCAgDUFw05OTA4MjQwNzAwMDBaMAkGByqGSM44BAMDLwAwLAIUfmVS 4608 |djP+NHMX0feW+aDU2G1cfT0CFAJ6W7fVWxjBz4fvftok8yqDnDWhMYIBsTCCAa0CAQOAFL 4609 |5sobPjwfftQ3CkzhMB4v3jl/7NMAkGBSsOAwIaBQCgXTAYBgkqhkiG9w0BCQMxCwYJKoZI 4610 |hvcNAQcBMBwGCSqGSIb3DQEJBTEPFw05OTA5MTIwMjUxNTNaMCMGCSqGSIb3DQEJBDEWBB 4611 |RAauwIUnm6bhYCLZ4GKcAilofdSDAJBgcqhkjOOAQBBDAwLQIVALyvBHm3v0Ks67t7wtCM 4612 |s1Mgg/G8AhRpllVd+3geledbuAVdIRII9V80KQChgeowLwYLKoZIhvcNAQkQAgQxIDAeDB 4613 |FTTWltZSBFeGFtcGxlIDUuNAYJKoZIhvcNAQcBMIG2BgkqhkiG9w0BCQYxgagwgaUCAQEw 4614 |GDASMRAwDgYDVQQDEwdDYXJsRFNTAgIA0jAJBgUrDgMCGgUAoD8wGAYJKoZIhvcNAQkDMQ 4615 |sGCSqGSIb3DQEHATAjBgkqhkiG9w0BCQQxFgQUc1eRpj6IM25RMYHgEQhGjO5Q41swCQYH 4616 |KoZIzjgEAQQvMC0CFErIQVDpInDG+/kjJaE3tj1eXmc+AhUArLqcuVaOhq4ZKdKN82tItd 4617 |1it8c= 4618 |<5.4.bin 4620 |* Example from section 5.5 4621 |* Creator: [JS] 4622 |>5.5.bin 4623 |MIIFDwYJKoZIhvcNAQcCoIIFADCCBPwCAQExCzAJBgUrDgMCGgUAMCsGCSqGSIb3DQEHAa 4624 |AeBBxUaGlzIGlzIHNvbWUgc2FtcGxlIGNvbnRlbnQuoIID7TCCAeMwggFQoAMCAQICEEY0 4625 |a8eAAFa8EdNuLp/yUCAwCQYFKw4DAh0FADASMRAwDgYDVQQDEwdDYXJsUlNBMB4XDTk5MD 4626 |kxOTAxMDc0NloXDTM5MTIzMTIzNTk1OVowEjEQMA4GA1UEAxMHQ2FybFJTQTCBnzANBgkq 4627 |hkiG9w0BAQEFAAOBjQAwgYkCgYEA5Ev/GLgkV/R3/25ze5NxXLwzGpKSciPYQUbQzRE6BL 4628 |OOr4KdvVEeF3rydiwrhjmnvdeNGlPs5ADV6OyiNrHt4lDiMgmKP5+ZJY+4Tqu5fdWWZdoW 4629 |oMW+Dq5EW+9e9Kcpy4LdrETpqpOUKQ74GNbIV17ydsTyEWA4uRs8HZfJavECAwEAAaNCME 4630 |AwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAYYwHQYDVR0OBBYEFOngkCeseCB6 4631 |mtNM8kI3TiKunji7MAkGBSsOAwIdBQADgYEAK3G0t2xOCMLqqT1S3nd2nUD3JnBfMKwGeA 4632 |qbxyJVw3Jqhp7DVEACU4VhddkPNXG+105LtreMAM4VMjhwmzzucgoij7EbPNC9lxXH61Ix 4633 |4VGhPVry6pChmd2L/RgMLIrEiWJ/a2mz8r/exUTj0eGGdFc0aHOQBvqsa5aeX4CQO7wwgg 4634 |ICMIIBb6ADAgECAhBGNGvHgABWvBHTbi7EELOwMAkGBSsOAwIdBQAwEjEQMA4GA1UEAxMH 4635 |Q2FybFJTQTAeFw05OTA5MTkwMTA4NDdaFw0zOTEyMzEyMzU5NTlaMBMxETAPBgNVBAMTCE 4636 |FsaWNlUlNBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDgiXM5jdj19eiHdjl/TrAF 4637 |u1OD3g+3q9x9x3UpDQUubRLfpoYm1NJvqlgp/Jfs+oJRDzCAvrFQnkZE8Sy72DLPxmhvB9 4638 |mwYKy+7jQJahP19wUFk99eujVW2WH/GX/Jgeb4bOqHQHDvrG0sdJ8t+lU6uZl3AqZIUoxO 4639 |81c4V3RXXwIDAQABo2AwXjAMBgNVHRMBAf8EAjAAMA4GA1UdDwEB/wQEAwIGwDAfBgNVHS 4640 |MEGDAWgBTp4JAnrHggeprTTPJCN04irp44uzAdBgNVHQ4EFgQUd9K00bdMioqjzkWdzuw8 4641 |oDrj/1AwCQYFKw4DAh0FAAOBgQC/NDLm/GqIQX3wXJmhk7dJtwJSHsuErJPXWCsAoZzESE 4642 |iZ3QLDxgX40iXxo5zJMwGKdg5vd0Ojv+Hms2oEeTnu4enlnVAHiyLcElDj87Q9nuWTnrHN 4643 |M/ngq5hxCfjrsPyc7PGI2K4D0f5g4WIUsaIj0siNGB9e7ptyAifChT0ELjGByzCByAIBAT 4644 |AmMBIxEDAOBgNVBAMTB0NhcmxSU0ECEEY0a8eAAFa8EdNuLsQQs7AwCQYFKw4DAhoFADAN 4645 |BgkqhkiG9w0BAQEFAASBgC8jgtLzCV+4DFjrTp2/iZqB5XXEkT3T0NV7ttX+lKGKrOPEhP 4646 |XNYE4nlfbPAIZ2dT8r8OfUAmen9ceNFgSls7Xn2TLwJO/nIETVnwfFUyT6zgEdDxcTpyqV 4647 |nSvkA5UUC+k5DbrObpyeDOiY5lUT1Ghv0AfXorFiTOOPr/3g1V3H 4648 |<5.5.bin 4650 |* Example from section 5.6 4651 |* Creator: [JS] 4652 |>5.6.bin 4653 |MIIBIQYJKoZIhvcNAQcCoIIBEjCCAQ4CAQExCzAJBgUrDgMCGgUAMCsGCSqGSIb3DQEHAa 4654 |AeBBxUaGlzIGlzIHNvbWUgc2FtcGxlIGNvbnRlbnQuMYHOMGUCAQEwGDASMRAwDgYDVQQD 4655 |EwdDYXJsRFNTAgIAyDAJBgUrDgMCGgUAMAkGByqGSM44BAEEMDAsAhQBGkm6dbCnYjb86X 4656 |2u98VXAoaYjgIUbRuovVEQUSbziZbmuPGvXlXdPSEAADBlAgEBMBgwEjEQMA4GA1UEAxMH 4657 |Q2FybERTUwICANIwCQYFKw4DAhoFADAJBgcqhkjOOAQBBDAwLQIVAM+G8VRw461aVOz+88 4658 |/1DI6eomR/AhRhGp0ZMUegMqegJ9ORA8QH4HKNjgA= 4659 |<5.6.bin 4661 |* Example from section 5.7 4662 |* Creator: [JS] 4663 |>5.7.bin 4664 |MIGzBgkqhkiG9w0BBwKggaUwgaICAQMxCzAJBgUrDgMCGgUAMCsGCSqGSIb3DQEHAaAeBB 4665 |xUaGlzIGlzIHNvbWUgc2FtcGxlIGNvbnRlbnQuMWMwYQIBA4AUvmyhs+PB9+1DcKTOEwHi 4666 |/eOX/s0wCQYFKw4DAhoFADAJBgcqhkjOOAQBBDAwLQIUT/ZitsqN1syoqMqaycuWliwd2o 4667 |8CFQC34p0GHvgiXpP+C6a/8Dwp7RWFgwA= 4668 |<5.7.bin 4670 |* Example from section 5.8 4671 |* Creator: [JS] 4672 |>5.8.eml 4673 |TUlNRS1WZXJzaW9uOiAxLjANCkNvbnRlbnQtVHlwZTogbXVsdGlwYXJ0L3NpZ25lZDsNCg 4674 |lwcm90b2NvbD0iYXBwbGljYXRpb24veC1wa2NzNy1zaWduYXR1cmUiOw0KCW1pY2FsZz1T 4675 |SEExOw0KCWJvdW5kYXJ5PSItLS0tPV9OZXh0UGFydF8wMDBfMDAwMF8wMUJFRjhCOC40Rj 4676 |dENUY4MCINCg0KLS0tLS0tPV9OZXh0UGFydF8wMDBfMDAwMF8wMUJFRjhCOC40RjdENUY4 4677 |MA0KDQpUaGlzIGlzIHNvbWUgc2FtcGxlIGNvbnRlbnQuDQotLS0tLS09X05leHRQYXJ0Xz 4678 |AwMF8wMDAwXzAxQkVGOEI4LjRGN0Q1RjgwDQpDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9u 4679 |L3gtcGtjczctc2lnbmF0dXJlOw0KCW5hbWU9InNtaW1lLnA3cyINCkNvbnRlbnQtVHJhbn 4680 |NmZXItRW5jb2Rpbmc6IGJhc2U2NA0KQ29udGVudC1EaXNwb3NpdGlvbjogYXR0YWNobWVu 4681 |dDsNCglmaWxlbmFtZT0ic21pbWUucDdzIg0KDQpNSUdYQmdrcWhraUc5dzBCQndLZ2dZa3 4682 |dnWVlDQVFFeEN6QUpCZ1VyRGdNQ0dnVUFNQXNHQ1NxR1NJYjNEUUVIQVRGbk1HVUNBUUV3 4683 |R0RBUw0KTVJBd0RnWURWUVFERXdkRFlYSnNSRk5UQWdJQXlEQUpCZ1VyRGdNQ0dnVUFNQW 4684 |tHQnlxR1NNNDRCQUVFTURBdEFoUmVYbXRwQktKaVhZdEYNCnNsWDVkUndTVG9pSUlRSVZB 4685 |S1BCU0NQZ0NEVnZKU0o2SHJZVXZPUjFrZHNsQUE9PQ0KDQotLS0tLS09X05leHRQYXJ0Xz 4686 |AwMF8wMDAwXzAxQkVGOEI4LjRGN0Q1RjgwLS0NCg== 4687 |<5.8.eml 4689 |* Example from section 5.9 4690 |* Creator: [JS] 4691 |>5.9.eml 4692 |U3ViamVjdDogRXhhbXBsZSA1LjkNCk1JTUUtVmVyc2lvbjogMS4wDQpDb250ZW50LVR5cG 4693 |U6IGFwcGxpY2F0aW9uL3BrY3M3LW1pbWU7IG5hbWU9InNtaW1lLnA3bSI7IHNtaW1lLXR5 4694 |cGU9c2lnbmVkLWRhdGENCkNvbnRlbnQtVHJhbnNmZXItRW5jb2Rpbmc6IGJhc2U2NA0KQ2 4695 |9udGVudC1EaXNwb3NpdGlvbjogYXR0YWNobWVudDsgZmlsZW5hbWU9InNtaW1lLnA3bSIN 4696 |Cg0KTUlHM0Jna3Foa2lHOXcwQkJ3S2dnYWt3Z2FZQ0FRRXhDekFKQmdVckRnTUNHZ1VBTU 4697 |NzR0NTcUdTSWIzRFFFSEFhQWVCQnhVYUdseklHbHoNCklITnZiV1VnYzJGdGNHeGxJR052 4698 |Ym5SbGJuUXVNV2N3WlFJQkFUQVlNQkl4RURBT0JnTlZCQU1UQjBOaGNteEVVMU1DQWdESU 4699 |1Ba0dCU3NPDQpBd0lhQlFBd0NRWUhLb1pJempnRUFRUXdNQzBDRkhDYkozMlo1OUlNeHNV 4700 |aEMwdmlJYmU5alVncEFoVUFpeXdNQnN0S3RRWkxxRXdPZU5FNw0Ka09uUm42UUENCg== 4701 |<5.9.eml 4703 |* Example from section 6.1 4704 |* Creator: [JS] 4705 |>6.1.bin 4706 |MIIBYwYJKoZIhvcNAQcDoIIBVDCCAVACAQIxggEEoYIBAAIBA6CBlqGBkzAJBgcqhkjOPg 4707 |IBA4GFAAKBgQDCpFbngGwR7EgB9w76sCDSnG8xLIX4SpyyuLoXtvUoMbyyXlPTjMm143kg 4708 |jwPlZ39OAmouwmd/cZpEC+zAfRlv7l8u1TIA1HzCFlZ+7a9o3QxzaJU2zlxRrS4gZNAeO8 4709 |hXPWVAuBrNbafLHJ7Fg3Nm3dKG7uGc7bGdMDJBTFI9GDAaBgcqhkjOPgIBMA8GCyqGSIb3 4710 |DQEJEAMGBQAwRjBEMBgwEjEQMA4GA1UEAxMHQ2FybERTUwICAMkEKFFGV0E0HNbHzTZLpJ 4711 |O3FuYu8FgknG1L6ZCLD0a45ZMZ/3zwVk1P+vUwQwYJKoZIhvcNAQcBMBQGCCqGSIb3DQMH 4712 |BAju8h/ugAjOaoAgnrtsnrgUQyzLspCOpH2K2K6WiHMIgJU+0d/oL0/cc5g= 4713 |<6.1.bin 4715 |* Example from section 6.2 4716 |* Creator: [JS] 4717 |>6.2.bin 4718 |MIAGCSqGSIb3DQEHA6CAMIACAQAxgcAwgb0CAQAwJjASMRAwDgYDVQQDEwdDYXJsUlNBAh 4719 |BGNGvHgABWvBHTbi7NXXHQMA0GCSqGSIb3DQEBAQUABIGAxcCPZxKcEElJFF2A1iRQWThB 4720 |XLdbsAsSFc1UgI5io6/RFSmmbLXAMvc5XwwvMpBlXOPVK1X2ITcJWpq0ltSWIEkGk2fqC8 4721 |EgPV2yY36M+Ynzn78eGe02BIMFihVakqSKtD6JwWk1DXS3gX8Cy3rXZVEFFbZ4D/K0gPdg 4722 |eit1iOkwgAYJKoZIhvcNAQcBMBQGCCqGSIb3DQMHBAj0z/pDdDkS9KCABIGwG86612X7vG 4723 |AFlWVCP2DbLXjF8n+TNJXiYvOZPtiiy8jlUBDYRc0n74M7O7BB5tcq3ldTrxCXH4k9ape4 4724 |v+FyK/DWm+UJ1GvW9Lr/UGo88BaM3fQ05YXMqQMe3uNxGX+JnSctcZNTqMwVeVgVNsNTey 4725 |JRrY8xq2A6HLdlWl+QFnsrXR4KtNWhZJPdT00xgYSAYMNWmcyhwMiuEJ5MyF7wGKkyMACT 4726 |Env8FL981HS0sGwAAAAAAAAAAAAA 4727 |<6.2.bin 4729 |* Example from section 6.3 4730 |* Creator: [JS] 4731 |>6.3.bin 4732 |MIAGCSqGSIb3DQEHA6CAMIACAQAxgcAwgb0CAQAwJjASMRAwDgYDVQQDEwdDYXJsUlNBAh 4733 |BGNGvHgABWvBHTbi7NXXHQMA0GCSqGSIb3DQEBAQUABIGAhAB4rKlq+e2+J3+hRf5zSwVU 4734 |FNffmycRaJfmMnaj1ki0TeQVsL+oWB9d8lwwqOnHY+SVtKsqNj5pnFkNZ1/yghUhexo7WW 4735 |iq8bDGjNsOslTcM9Fk0UypdAgUEYoWdGo68DM1HDRwM78KxkSRyLEhvLGjZd0UvAXX4ufc 4736 |fzpZfh8wgAYJKoZIhvcNAQcBMBoGCCqGSIb3DQMCMA4CAgCgBAicBNIZLipVoaCABIGwjo 4737 |cuIuQwYZuWzOqtDNbXAxsUYDeLGoAsEk92t3Z34geEMwvMZetbMpto84ZtfbGiRBAdwBTh 4738 |8sbxKBe6htUvbTffguvRLSSAcWJNDahpEKnhRXWGTauDYVtwfW3CXfOAMdNw/XMtdU2TVJ 4739 |86qKjcMDT9STaIlzdPJA/7AyJMZOoz68XGI4cBchNv52I9EmIN+0SIMiSRBUaNDgA5ihSK 4740 |yhlYS4+9uzWJr/mZFpHw570AAAAAAAAAAAAA 4741 |<6.3.bin 4743 |* Example from section 6.4 4744 |* Creator: [JS] 4745 |>6.4.bin 4746 |MIICZwYJKoZIhvcNAQcDoIICWDCCAlQCAQIxggIIoYIBAAIBA6CBlqGBkzAJBgcqhkjOPg 4747 |IBA4GFAAKBgAPKBS54Y4aVfcbjOAgz014G+8WY+t5mQi5vuzVHc+5/Q4KDDI3vH2GPUsZc 4748 |u4VGCc0KHnVEUay4q4WIxrMGl8lHsopWVYu+0zzJOvCo1Uw6VhmbZXXpKxRm2LtmcC5kRk 4749 |G9M+FQ+NXKpXRqCQHTbXSFITNTq8I9KghAz/msLffQADAaBgcqhkjOPgIBMA8GCyqGSIb3 4750 |DQEJEAMGBQAwRjBEMBgwEjEQMA4GA1UEAxMHQ2FybERTUwICANMEKIgkfFJzwwL/24lJCA 4751 |697g5JGEcZtJVfFhK57TRPmWsvyo6Uh1ZmCFGhggEAAgEDoIGWoYGTMAkGByqGSM4+AgED 4752 |gYUAAoGAXFhyPsZokQ/46wfrwUZgE0t61OWsYQxn0Q0Kq+iBMSVqtebz71Od51G1HaTjOM 4753 |frldmA2IVldhL7ep7ysT84H+ryfGEmY3OqIuL9FZqcFzFYDE6g3oSJt4FwYj6bRUetufyU 4754 |laWZ9IaNC8507HHcyqZxNzEBTIwBWYxJrvz7ZOoAMBoGByqGSM4+AgEwDwYLKoZIhvcNAQ 4755 |kQAwYFADBGMEQwGDASMRAwDgYDVQQDEwdDYXJsRFNTAgIAyQQoOSoW0SErcjgMQAFVoRcZ 4756 |BL79JJsz5Ry8xdh7p0UV0lvlWgmlIhh73zBDBgkqhkiG9w0BBwEwFAYIKoZIhvcNAwcECB 4757 |PjQZyFMBUfgCC6j3HZyJLO1Ain9XORKW3hMwjexFjConvwmksGRO/W5Q== 4758 |<6.4.bin 4760 |* Example from section 6.5 4761 |* Creator: [JS] 4762 |>6.5.bin 4763 |MIIBqgYJKoZIhvcNAQcDoIIBmzCCAZcCAQIxggFLoYIBRwIBA6CBlqGBkzAJBgcqhkjOPg 4764 |IBA4GFAAKBgB5vuElZhqnuNBcpvKBahFGrzppBOLYpp3xJJI2DpqD4LJobHamGZGKJS/lb 4765 |NZMMNtP3BlHVSl6t3HbS7VNGGtQKhFsmp9BMmtYkoZ660iEwe0XFNswrSk8Zdw1IInlm2e 4766 |tRSlo7XSXl+lh5D1NJGx/p+XlzDbxJYe3bTYFnnmioADAaBgcqhkjOPgIBMA8GCyqGSIb3 4767 |DQEJEAMGBQAwgYwwRDAYMBIxEDAOBgNVBAMTB0NhcmxEU1MCAgDJBCj/IIORXxDPOIDfUC 4768 |BGwzA7fSvj28EYB+MHhStsqyYHuSzl3YlAfenVMEQwGDASMRAwDgYDVQQDEwdDYXJsRFNT 4769 |AgIA1AQovxPCSqLUCGorYEq4oW0xQ/drrjVkI9DmgHm+XyUsUeO5DkTzg3m0DjBDBgkqhk 4770 |iG9w0BBwEwFAYIKoZIhvcNAwcECCPff9s9mAD4gCB0KQIzTVEuxMWuMth/mwHr0s3CMgqq 4771 |kI2pkfMhMo5Odg== 4772 |<6.5.bin 4774 |* Example from section 6.6 4775 |* Creator: [JS] 4776 |>6.6.eml 4777 |U3ViamVjdDogVGVzdCBzdWJqZWN0DQpNSU1FLVZlcnNpb246IDEuMA0KQ29udGVudC1UeX 4778 |BlOiBhcHBsaWNhdGlvbi94LXBrY3M3LW1pbWU7DQoJbmFtZT0ic21pbWUucDdtIjsNCglz 4779 |bWltZS10eXBlPWVudmVsb3BlZC1kYXRhDQpDb250ZW50LVRyYW5zZmVyLUVuY29kaW5nOi 4780 |BiYXNlNjQNCkNvbnRlbnQtRGlzcG9zaXRpb246IGF0dGFjaG1lbnQ7DQoJZmlsZW5hbWU9 4781 |InNtaW1lLnA3bSINClgtTWltZU9MRTogUHJvZHVjZWQgQnkgTWljcm9zb2Z0IE1pbWVPTE 4782 |UgVjUuMDAuMjExNS4zMDANCg0KTUlBR0NTcUdTSWIzRFFFSEE2Q0FNSUFDQVFJeGdnRmRv 4783 |WUlCQkFJQkE2Q0JsYUdCa2pBSkJnY3Foa2pPUGdJQkE0R0VBQUtCZ0UzNA0KOE84V1lrYi 4784 |ttaDlKeXdJbUlKMWowUElqODRTbnBLY2xxTzMxRWNTY1p6a1NpUVFQK2dxcGhJbWZFd0lH 4785 |aDdQN3l3dW9GdXhkb3Q4Qw0KMlgvbkR1YmhycktJbUczWjk2aC9GQWg2L3JnQTZQMTByMn 4786 |llc1YxUXZxZkdnWUJoOStvOXpxL1MxK1E4c3NGSDlqMW5aelRMTEwzcg0Kckc4VzR6dG11 4787 |NHFYK1E4OU1COEdDeXFHU0liM0RRRUpFQU1GTUJBR0N5cUdTSWIzRFFFSkVBTUhBZ0U2TU 4788 |VZd1JEQVlNQkl4RURBTw0KQmdOVkJBTVRCME5oY214RVUxTUNBZ0RKQkNoVEV2L0lpWWI1 4789 |OGZKcEJjMU1RQUoxRlNHMzNMZEZicFJxOFFpck1VMTJKaUhkOXFBSg0Kamo5Q29sTUNBUV 4790 |F3RXdRUlRXRnBiRXhwYzNSVWNtbHdiR1ZFUlZNd0R3WUxLb1pJaHZjTkFRa1FBd1lGQUFR 4791 |by9KVjI1cWlwc2xidQ0KdWJaRExzbEVCOTNZNHJHdE9KSHB5bU51K3U1RmU3YnB5cFZ0an 4792 |c0VldqQ0FCZ2txaGtpRzl3MEJCd0V3R1FZSUtvWklodmNOQXdJdw0KRFFJQk9nUUlqM2hQ 4793 |OUZnMnlFcWdnQVFnNGxZTE9nbjBOdU9yU0FMTHZ0TjROemVWdFlKMDdoc1cyT1o3RnFRTm 4794 |11b0FBQUFBQUFBQQ0KQUFBQQ0K 4795 |<6.6.eml 4797 |* Example from section 7.0 4798 |* Creator: [JS] 4799 |>7.0.bin 4800 |MFoGCSqGSIb3DQEHBaBNMEsCAQAwBwYFKw4DAhowJwYJKoZIhvcNAQcBoBoEGFRoaXMgc2 4801 |9tZSBzYW1wZSBjb250ZW50LgQUQGrsCFJ5um4WAi2eBinAIpaH3Ug= 4802 |<7.0.bin 4804 |* Example from section 8.0 4805 |* Creator: [JS] 4806 |>8.0.bin 4807 |MFcGCSqGSIb3DQEHBqBKMEgCAQAwQwYJKoZIhvcNAQcBMBQGCCqGSIb3DQMHBAiza2v7Yj 4808 |EIToAg12/RF4+9AvhCMfXB0qL3SkFZSClk9nUkglQiPa+a+OQ= 4809 |<8.0.bin 4811 D. Acknowledgments 4813 The following people contributed ideas and/or examples to this 4814 document. They are listed by their real names, with the initials used 4815 in the examples after their names. 4817 Blake Ramsdell [BR] 4818 Paul Hoffman [PH] 4819 Jim Schaad [JS] 4820 . . . 4822 The examples are displayed with a modified version of Peter Gutmann's 4823 "dumpasn1" program. Peter and Jim Schaad and Blake Ramsdell have been 4824 updating the program based on input from the process of writing this 4825 draft. 4827 E. Differences between -01 and -02 4829 Added a whole bunch of examples, all from Jim Schaad. Andrew 4830 Farrell and Blake Ramsdell had contributed some earlier examples 4831 of keys and certs. 4833 3. Added Erica. 4835 3.2: Added DianePrivDHEncrypt and DianePrivDSSSign. 4837 11.2 and 11.3: Made the receipts come from Diane. 4839 B.2: Added binmode because Windows is stupid about I/O. 4841 Renumbered the appendixes. 4843 F. Editor's Address 4845 Paul Hoffman 4846 Internet Mail Consortium 4847 127 Segre Place 4848 Santa Cruz, CA 95060 USA 4849 phoffman@imc.org