draft-ietf-smime-examples-01.txt   draft-ietf-smime-examples-02.txt 
Internet Draft Editor: Paul Hoffman Internet Draft Editor: Paul Hoffman
draft-ietf-smime-examples-01.txt Internet Mail Consortium draft-ietf-smime-examples-02.txt Internet Mail Consortium
June 25, 1999 September 29, 1999
Expires in six months Expires in six months
Examples of S/MIME Messages Examples of S/MIME Messages
Status of this memo Status of this memo
This document is an Internet-Draft and is in full conformance with all
provisions of Section 10 of RFC2026.
Internet-Drafts are working documents of the Internet Engineering Task Internet-Drafts are working documents of the Internet Engineering Task
Force (IETF), its areas, and its working groups. Note that other Force (IETF), its areas, and its working groups. Note that other
groups may also distribute working documents as Internet-Drafts. groups may also distribute working documents as Internet-Drafts.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet- Drafts as reference time. It is inappropriate to use Internet- Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
To view the list Internet-Draft Shadow Directories, see The list of current Internet-Drafts can be accessed at
http://www.ietf.org/shadow.html. http://www.ietf.org/ietf/1id-abstracts.txt
This document is an Internet-Draft and is in full conformance with all The list of Internet-Draft Shadow Directories can be accessed at
provisions of Section 10 of RFC2026. http://www.ietf.org/shadow.html.
Abstract Abstract
This document gives examples of message bodies formatted using S/MIME. This document gives examples of message bodies formatted using S/MIME.
Specifically, it has examples of Cryptographic Message Syntax (CMS) Specifically, it has examples of Cryptographic Message Syntax (CMS)
objects, S/MIME messages (including the MIME formatting), and Enhanced objects, S/MIME messages (including the MIME formatting), and Enhanced
Security Services for S/MIME (ESS). It includes examples of most or all Security Services for S/MIME (ESS). It includes examples of most or all
common CMS and ESS formats; in addition, it gives examples that show common CMS and ESS formats; in addition, it gives examples that show
common pitfalls in implementing CMS. The purpose of this document is to common pitfalls in implementing CMS. The purpose of this document is to
help increase interoperability for S/MIME and other protocols that rely help increase interoperability for S/MIME and other protocols that rely
skipping to change at line 61 skipping to change at line 64
examples are correct. All CMS implementors must read the CMS document examples are correct. All CMS implementors must read the CMS document
carefully before implementing from it. No one should use the examples carefully before implementing from it. No one should use the examples
in this document as stand-alone explanations of how to create CMS in this document as stand-alone explanations of how to create CMS
message bodies. message bodies.
This document explicitly does not attempt to cover many PKIX [PKIX] This document explicitly does not attempt to cover many PKIX [PKIX]
examples. Documents with examples of that format may be forthcoming. examples. Documents with examples of that format may be forthcoming.
2. Contributions To This Document 2. Contributions To This Document
The examples shown here were created and validated by many different The examples shown here will be created and validated by many different
people. In the example listings, there is a tag with the initials of people. In the example listings in Appendix B, there is a tag with the
the creator of the example, and one or more tags for the people who initials of the creator of the example, and one or more tags for the
validated the example. people who validated the example.
Some of the examples are of mis-implementations of CMS and ESS. That Some of the examples are of mis-implementations of CMS and ESS. That
is, if a developer reading the CMS or ESS specification created a is, if a developer reading the CMS or ESS specification created a
message body that was illegal, and another developer agreed that the message body that was illegal, and another developer agreed that the
mis-reading was potentially a pitfall for later developers, that mis-reading was potentially a pitfall for later developers, that
message body is also included here. To make it clear which examples are message body is also included here. To make it clear which examples are
bad, they are all put into a single section of this document with bad, they are all put into a single section of this document with
(hopefully) explicit headings. (hopefully) explicit headings.
To contribute an implementation of an unimplemented example listed in To contribute an implementation of an unimplemented example listed in
skipping to change at line 94 skipping to change at line 97
private part of Alice's DSS signing key. private part of Alice's DSS signing key.
- Alice is the creator of the message bodies in this spec. - Alice is the creator of the message bodies in this spec.
- Bob is the recipient of the messages. - Bob is the recipient of the messages.
- Carl is a CA. - Carl is a CA.
- Diane sometimes gets involved with these folks. - Diane sometimes gets involved with these folks.
- Erica also sometimes gets involved.
3.1 Content of documents 3.1 Content of documents
ExContent is the following sentence: ExContent is the following sentence:
This is some sample content. This is some sample content.
That is, it is the string of characters starting with "T" up to and That is, it is the string of characters starting with "T" up to and
including the ".". including the ".".
The hex for ExContent is The hex for ExContent is
5468 6973 2069 7320 736f 6d65 2073 616d 706c 6520 636f 6e74 656e 742e 5468 6973 2069 7320 736f 6d65 2073 616d 706c 6520 636f 6e74 656e 742e
The MD5 hash of ExContent is The MD5 hash of ExContent is
9898 cac8 fab7 691f f89d c207 24e7 4a04 9898 cac8 fab7 691f f89d c207 24e7 4a04
The SHA-1 hash of ExContent is The SHA-1 hash of ExContent is
406a ec08 5279 ba6e 1602 2d9e 0629 c022 9687 dd48 406a ec08 5279 ba6e 1602 2d9e 0629 c022 9687 dd48
3.2 Keys 3.2 Private Keys
The following keys are needed to create the samples. Note that The following private keys are needed to create the samples.
BobPubDHEncrypt and DianePubDHEncrypt do *not* share Diffie-Hellman To find the public keys, see the certificates in the next section.
parameters; however, Bob and Erica share Diffie-Hellman parameters.
AlicePrivDSSSign = XXXXX AlicePrivDSSSign =
AlicePrivRSASign = XXXXX 0 30 331: SEQUENCE {
AlicePubDSSSign = XXXXX 4 02 1: INTEGER 0
AlicePubRSASign = XXXXX 7 30 299: SEQUENCE {
BobPrivDHEncrypt = XXXXX 11 06 7: OBJECT IDENTIFIER dsa (1 2 840 10040 4 1)
BobPrivRSAEncrypt = XXXXX : (ANSI X9.57 algorithm)
BobPubDHEncrypt = XXXXX 20 30 286: SEQUENCE {
BobPubRSAEncrypt = XXXXX 24 02 129: INTEGER
CarlPrivDSSSign = XXXXX : 00 81 8D CD ED 83 EA 0A 9E 39 3E C2 48 28 A3 E4
CarlPrivRSASign = XXXXX : 47 93 DD 0E D7 A8 0E EC 53 C5 AB 84 08 4F FF 94
CarlPubDSSSign = XXXXX : E1 73 48 7E 0C D6 F3 44 48 D1 FE 9F AF A4 A1 89
CarlPubRSASign = XXXXX : 2F E1 D9 30 C8 36 DE 3F 9B BF B7 4C DC 5F 69 8A
DianePubDSSSign = XXXXX : E4 75 D0 37 0C 91 08 95 9B DE A7 5E F9 FC F4 9F
DianePubRSASignEncrypt = XXXXX : 2F DD 43 A8 8B 54 F1 3F B0 07 08 47 4D 5D 88 C3
DianePubDHEncrypt = XXXXX : C3 B5 B3 E3 55 08 75 D5 39 76 10 C4 78 BD FF 9D
EricaPubDHEncryptBobParam = XXXXX : B0 84 97 37 F2 E4 51 1B B5 E4 09 96 5C F3 7E 5B
EricaPrivDHEncryptBobParam = XXXXX : DB
MailListTripleDES = XXXXX 156 02 21: INTEGER
MailListRC2 = XXXXX : 00 E2 47 A6 1A 45 66 B8 13 C6 DA 8F B8 37 21 2B
: 62 8B F7 93 CD
179 02 128: INTEGER
: 26 38 D0 14 89 32 AA 39 FB 3E 6D D9 4B 59 6A 4C
: 76 23 39 04 02 35 5C F2 CB 1A 30 C3 1E 50 5D DD
: 9B 59 E2 CD AA 05 3D 58 C0 7B A2 36 B8 6E 07 AF
: 7D 8A 42 25 A7 F4 75 CF 4A 08 5E 4B 3E 90 F8 6D
: EA 9C C9 21 8A 3B 76 14 E9 CE 2E 5D A3 07 CD 23
: 85 B8 2F 30 01 7C 6D 49 89 11 89 36 44 BD F8 C8
: 95 4A 53 56 B5 E2 F9 73 EC 1A 61 36 1F 11 7F C2
: BD ED D1 50 FF 98 74 C2 D1 81 4A 60 39 BA 36 39
: }
: }
310 04 23: OCTET STRING, encapsulates {
312 02 21: INTEGER
: 00 BB 44 46 D1 A5 C9 46 07 2E D0 FE 7A D6 92 07
: F0 9A 85 89 3F
: }
: }
AlicePrivRSASign =
0 30 630: SEQUENCE {
4 02 1: INTEGER 0
7 30 13: SEQUENCE {
9 06 9: OBJECT IDENTIFIER rsaEncryption (1 2 840 113549 1 1 1)
: (PKCS #1)
20 05 0: NULL
: }
22 04 608: OCTET STRING, encapsulates {
26 30 604: SEQUENCE {
30 02 1: INTEGER 0
33 02 129: INTEGER
: 00 E0 89 73 39 8D D8 F5 F5 E8 87 76 39 7F 4E B0
: 05 BB 53 83 DE 0F B7 AB DC 7D C7 75 29 0D 05 2E
: 6D 12 DF A6 86 26 D4 D2 6F AA 58 29 FC 97 EC FA
: 82 51 0F 30 80 BE B1 50 9E 46 44 F1 2C BB D8 32
: CF C6 68 6F 07 D9 B0 60 AC BE EE 34 09 6A 13 F5
: F7 05 05 93 DF 5E BA 35 56 D9 61 FF 19 7F C9 81
: E6 F8 6C EA 87 40 70 EF AC 6D 2C 74 9F 2D FA 55
: 3A B9 99 77 02 A6 48 52 8C 4E F3 57 38 57 74 57
: 5F
165 02 3: INTEGER 65537
170 02 128: INTEGER
: 00 A4 03 C3 27 47 76 34 34 6C A6 86 B5 79 49 01
: 4B 2E 8A D2 C8 62 B2 C7 D7 48 09 6A 8B 91 F7 36
: F2 75 D6 E8 CD 15 90 60 27 31 47 35 64 4D 95 CD
: 67 63 CE B4 9F 56 AC 2F 37 6E 1C EE 0E BF 28 2D
: F4 39 90 6F 34 D8 6E 08 5B D5 65 6A D8 41 F3 13
: D7 2D 39 5E FE 33 CB FF 29 E4 03 0B 3D 05 A2 8F
: B7 F1 8E A2 76 37 B0 79 57 D3 2F 2B DE 87 06 22
: 7D 04 66 5E C9 1B AF 8B 1A C3 EC 91 44 AB 7F 21
301 02 65: INTEGER
: 00 F6 D6 E0 22 21 4C 5F 0A 70 FF 27 FC E5 B3 50
: 6A 9D E5 0F B5 85 96 C6 40 FA A8 0A B4 9B 9B 0C
: 55 C2 01 1D F9 37 82 8A 14 C8 F2 93 0E 92 CD A5
: 66 21 B9 3C D2 06 BF B4 55 31 C9 DC AD CA 98 2D
: D1
368 02 65: INTEGER
: 00 E8 DE B0 11 25 09 D2 02 51 01 DE 8A E8 98 50
: F5 77 77 61 A4 45 93 6B 08 55 96 73 5D F4 C8 5B
: 12 93 22 73 8B 7F D3 70 7F F5 A4 AA BB 74 FD 3C
: 22 6A DA 38 91 2A 86 5B 6C 14 E8 AE 4C 9E FA 8E
: 2F
435 02 65: INTEGER
: 00 97 4C F0 87 9B 17 7F EE 1B 83 1B 14 B6 0B 6A
: 90 5F 86 27 51 E1 B7 A0 7F F5 E4 88 E3 59 B9 F9
: 1E 9B D3 29 77 38 22 48 D7 22 B1 25 98 BA 3D 59
: 53 B7 FA 1E 20 B2 C8 51 16 23 75 93 51 E7 AB CD
: F1
502 02 64: INTEGER
: 2C F0 24 5B FA A0 CD 85 22 EA D0 6E 4F FA 6C CD
: 21 D3 C8 E4 F1 84 44 48 64 73 D7 29 8F 7E 46 8C
: EC 15 DE E4 51 B3 94 E7 2C 99 2D 55 65 7B 24 EA
: A3 62 1F 3E 6C 4D 67 41 11 3B E1 BE E9 83 02 83
568 02 64: INTEGER
: 58 88 D9 A1 50 38 84 6A AB 03 BC BB DF 4B F4 9C
: 6F B8 B4 2A 25 FB F6 E4 05 2F 6E E2 88 89 21 6F
: 4B 25 9E D0 AB 50 93 CA BF 40 71 EC 21 25 C5 7F
: FB 02 E9 21 96 B8 33 CD E2 C6 95 EE 6F 8D 5F 28
: }
: }
: }
BobPrivDHEncrypt =
0 30 355: SEQUENCE {
4 02 1: INTEGER 0
7 30 312: SEQUENCE {
11 06 7: OBJECT IDENTIFIER dhPublicNumber (1 2 840 10046 2 1)
: (ANSI X9.42 number-type)
20 30 299: SEQUENCE {
24 02 129: INTEGER
: 00 EC 2C CD A4 EF 9A 26 2F 62 A7 BB 23 4D DF 2B
: 25 C1 68 D2 9E A9 45 5B 36 F1 94 89 1A AF 7D 11
: 24 9D 3D B9 3C 29 E8 D7 23 80 33 A6 9E 45 02 BB
: AA CC 9E 28 05 95 A0 B3 17 76 C1 F7 25 35 61 02
: 41 92 27 0C 5E AE 48 E5 F3 6E 38 EF 91 D1 CF 37
: FE 9A 40 97 C8 2D 35 9E 9D 93 C6 F8 15 AF 3F DA
: 74 3A B7 C4 93 B5 B9 BB 76 6C 1F A8 7E BC 3A AA
: 43 0A 81 64 FC 63 F0 7B 71 98 FA C0 38 79 10 1A
: 33
156 02 129: INTEGER
: 00 BA 0B D7 74 3D E7 34 E5 4C 13 A7 95 96 BB F1
: E4 61 37 08 FB 12 C7 FB 9C 91 77 06 99 35 F0 48
: 24 96 33 12 01 7E 8D EC 0B F6 B2 C0 63 A7 15 C5
: 5E 95 86 A2 73 C5 49 46 37 79 60 FD 77 05 09 48
: 9B 70 8D 3C 05 F6 CE 44 2C 7F 7D 1B 2B 15 DD F3
: 05 2F BE 85 20 8F 8D F9 B4 A0 45 74 2B F4 3B 9D
: 42 62 34 27 27 81 8E 6F 0F 5E 62 85 89 CC ED 21
: C3 91 70 06 54 EE 70 A8 92 55 5B 6E 19 22 4D 62
: A7
288 02 33: INTEGER
: 00 C3 AB 4A 30 79 B3 D3 97 4E CA F5 A2 7D C7 70
: A3 45 F3 B3 A2 86 05 D2 3E 49 F9 9F D9 0A B3 BE
: BD
: }
: }
323 04 34: OCTET STRING, encapsulates {
325 02 32: INTEGER
: 20 FC 67 82 EE CF 4A A6 C8 E5 83 D2 8C 3B 8A D2
: 45 32 11 27 32 6C 86 EC 66 CA 71 AD F0 19 4D F7
: }
: }
BobPrivRSAEncrypt =
0 30 630: SEQUENCE {
4 02 1: INTEGER 0
7 30 13: SEQUENCE {
9 06 9: OBJECT IDENTIFIER rsaEncryption (1 2 840 113549 1 1 1)
: (PKCS #1)
20 05 0: NULL
: }
22 04 608: OCTET STRING, encapsulates {
26 30 604: SEQUENCE {
30 02 1: INTEGER 0
33 02 129: INTEGER
: 00 E4 4B FF 18 B8 24 57 F4 77 FF 6E 73 7B 93 71
: 5C BC 33 1A 92 92 72 23 D8 41 46 D0 CD 11 3A 04
: B3 8E AF 82 9D BD 51 1E 17 7A F2 76 2C 2B 86 39
: A7 BD D7 8D 1A 53 EC E4 00 D5 E8 EC A2 36 B1 ED
: E2 50 E2 32 09 8A 3F 9F 99 25 8F B8 4E AB B9 7D
: D5 96 65 DA 16 A0 C5 BE 0E AE 44 5B EF 5E F4 A7
: 29 CB 82 DD AC 44 E9 AA 93 94 29 0E F8 18 D6 C8
: 57 5E F2 76 C4 F2 11 60 38 B9 1B 3C 1D 97 C9 6A
: F1
165 02 3: INTEGER 65537
170 02 129: INTEGER
: 00 AE 73 E4 5B 5F 5B 66 5A C9 D7 C6 EF 38 5F 53
: 21 2A 2F 62 FE DE 29 9A 7A 86 67 36 E7 7D 62 78
: 75 3D 73 A0 BC 29 0E F3 8F BD C3 C9 C9 B6 F8 BA
: D6 13 9B C3 97 7A CA 6A F0 B8 85 65 4E 0F BD A7
: A8 F7 54 06 41 BD EB DC 20 77 90 DF 61 9B 9A 6F
: 74 DE EA 3B D4 9C 87 60 ED 76 84 F1 6A 30 37 D5
: E0 90 16 F8 80 47 C3 19 6B ED 75 77 BA 4A ED 39
: B6 5D 02 47 3B 5F 1B C8 1C AB CB E8 F5 26 3F A4
: 81
302 02 65: INTEGER
: 00 FF DF 09 A0 56 0B 42 52 9E C4 4D 93 B3 B0 49
: BB DE E7 81 7D 28 99 D0 B1 48 BA 0B 39 E1 1C 7B
: 22 18 33 B6 40 F6 BF DC AE 1D D0 A1 AD 04 71 5A
: 61 0A 6E 3B CE 30 DA 36 9F 65 25 29 BB A7 0E 7F
: 0B
369 02 65: INTEGER
: 00 E4 69 68 18 5F F9 57 D0 7C 66 89 0F BA 63 1D
: 72 CB 20 A4 81 76 64 89 CD 7D D1 C2 27 A9 2E AC
: 7A 56 9A 85 07 D9 30 03 A3 03 AB 7F 88 92 50 24
: 01 AA 1B 07 1F 20 4C B7 C9 7B 56 F7 B6 C2 7E AB
: 73
436 02 64: INTEGER
: 57 36 6C 8F 8C 04 76 6C B6 D4 EE 24 44 00 F8 80
: E2 AF 42 01 A9 0F 14 84 F8 E7 00 E0 8F 8C 27 A4
: 2D 5F A2 E5 6D B5 63 C0 AD 44 E9 76 91 A7 19 49
: 2E 46 F8 77 85 4B 3B 87 04 F0 AF D2 D8 54 26 95
502 02 64: INTEGER
: 64 A1 0F AC 55 74 1B BD 0D 61 7B 17 03 CD B0 E6
: A7 19 1D 80 AF F1 41 48 D8 1A B6 88 14 A0 2C 7A
: C5 76 D4 0F 0E 1F 7A 2A B2 6E 37 04 AB 39 45 73
: BA 46 A8 0F 8D 82 5F 22 14 05 CF A2 A3 F3 7C 83
568 02 64: INTEGER
: 26 1E 1D 1C A1 98 2B E4 DB 38 E8 57 6E 6B 73 19
: 88 61 3A FA 74 4A 36 8B 47 68 5D 50 EB 26 E3 EA
: 7D 9B 4E 65 A9 AF 7B AB 4B 2E 76 51 3D A8 D0 11
: AB A3 D6 A8 C0 27 36 1D 54 0B AA A7 D1 6D 8D FA
: }
: }
: }
CarlPrivDSSSign =
0 30 330: SEQUENCE {
4 02 1: INTEGER 0
7 30 299: SEQUENCE {
11 06 7: OBJECT IDENTIFIER dsa (1 2 840 10040 4 1)
: (ANSI X9.57 algorithm)
20 30 286: SEQUENCE {
24 02 129: INTEGER
: 00 B6 49 18 3E 8A 44 C1 29 71 94 4C 01 C4 12 C1
: 7A 79 CB 54 4D AB 1E 81 FB C6 4C B3 0E 94 09 06
: EB 01 D4 B1 C8 71 4B C7 45 C0 50 25 5D 9C FC DA
: E4 6D D3 E2 86 48 84 82 7D BA 15 95 4A 16 F6 46
: ED DD F6 98 D2 BB 7E 8A 0A 8A BA 16 7B B9 50 01
: 48 93 8B EB 25 15 51 97 55 DC 8F 53 0E 10 A9 50
: FC 70 B7 CD 30 54 FD DA DE A8 AA 22 B5 A1 AF 8B
: CC 02 88 E7 8B 70 5F B9 AD E1 08 D4 6D 29 2D D6
: E9
156 02 21: INTEGER
: 00 DD C1 2F DF 53 CE 0B 34 60 77 3E 02 A4 BF 8A
: 5D 98 B9 10 D5
179 02 128: INTEGER
: 0C EE 57 9B 4B BD DA B6 07 6A 74 37 4F 55 7F 9D
: ED BC 61 0D EB 46 59 3C 56 0B 2B 5B 0C 91 CE A5
: 62 52 69 CA E1 6D 3E BD BF FE E1 B7 B9 2B 61 3C
: AD CB AE 45 E3 06 AC 8C 22 9D 9C 44 87 0B C7 CD
: F0 1C D9 B5 4E 5D 73 DE AF 0E C9 1D 5A 51 F5 4F
: 44 79 35 5A 73 AA 7F 46 51 1F A9 42 16 9C 48 EB
: 8A 79 61 B4 D5 2F 53 22 44 63 1F 86 B8 A3 58 06
: 25 F8 29 C0 EF BA E0 75 F0 42 C4 63 65 52 9B 0A
: }
: }
310 04 22: OCTET STRING, encapsulates {
312 02 20: INTEGER
: 19 B3 38 A5 21 62 31 50 E5 7F B9 3E 08 46 78 D1
: 3E B5 E5 72
: }
: }
CarlPrivRSASign =
0 30 630: SEQUENCE {
4 02 1: INTEGER 0
7 30 13: SEQUENCE {
9 06 9: OBJECT IDENTIFIER rsaEncryption (1 2 840 113549 1 1 1)
: (PKCS #1)
20 05 0: NULL
: }
22 04 608: OCTET STRING, encapsulates {
26 30 604: SEQUENCE {
30 02 1: INTEGER 0
33 02 129: INTEGER
: 00 E4 4B FF 18 B8 24 57 F4 77 FF 6E 73 7B 93 71
: 5C BC 33 1A 92 92 72 23 D8 41 46 D0 CD 11 3A 04
: B3 8E AF 82 9D BD 51 1E 17 7A F2 76 2C 2B 86 39
: A7 BD D7 8D 1A 53 EC E4 00 D5 E8 EC A2 36 B1 ED
: E2 50 E2 32 09 8A 3F 9F 99 25 8F B8 4E AB B9 7D
: D5 96 65 DA 16 A0 C5 BE 0E AE 44 5B EF 5E F4 A7
: 29 CB 82 DD AC 44 E9 AA 93 94 29 0E F8 18 D6 C8
: 57 5E F2 76 C4 F2 11 60 38 B9 1B 3C 1D 97 C9 6A
: F1
165 02 3: INTEGER 65537
170 02 129: INTEGER
: 00 AE 73 E4 5B 5F 5B 66 5A C9 D7 C6 EF 38 5F 53
: 21 2A 2F 62 FE DE 29 9A 7A 86 67 36 E7 7D 62 78
: 75 3D 73 A0 BC 29 0E F3 8F BD C3 C9 C9 B6 F8 BA
: D6 13 9B C3 97 7A CA 6A F0 B8 85 65 4E 0F BD A7
: A8 F7 54 06 41 BD EB DC 20 77 90 DF 61 9B 9A 6F
: 74 DE EA 3B D4 9C 87 60 ED 76 84 F1 6A 30 37 D5
: E0 90 16 F8 80 47 C3 19 6B ED 75 77 BA 4A ED 39
: B6 5D 02 47 3B 5F 1B C8 1C AB CB E8 F5 26 3F A4
: 81
302 02 65: INTEGER
: 00 FF DF 09 A0 56 0B 42 52 9E C4 4D 93 B3 B0 49
: BB DE E7 81 7D 28 99 D0 B1 48 BA 0B 39 E1 1C 7B
: 22 18 33 B6 40 F6 BF DC AE 1D D0 A1 AD 04 71 5A
: 61 0A 6E 3B CE 30 DA 36 9F 65 25 29 BB A7 0E 7F
: 0B
369 02 65: INTEGER
: 00 E4 69 68 18 5F F9 57 D0 7C 66 89 0F BA 63 1D
: 72 CB 20 A4 81 76 64 89 CD 7D D1 C2 27 A9 2E AC
: 7A 56 9A 85 07 D9 30 03 A3 03 AB 7F 88 92 50 24
: 01 AA 1B 07 1F 20 4C B7 C9 7B 56 F7 B6 C2 7E AB
: 73
436 02 64: INTEGER
: 57 36 6C 8F 8C 04 76 6C B6 D4 EE 24 44 00 F8 80
: E2 AF 42 01 A9 0F 14 84 F8 E7 00 E0 8F 8C 27 A4
: 2D 5F A2 E5 6D B5 63 C0 AD 44 E9 76 91 A7 19 49
: 2E 46 F8 77 85 4B 3B 87 04 F0 AF D2 D8 54 26 95
502 02 64: INTEGER
: 64 A1 0F AC 55 74 1B BD 0D 61 7B 17 03 CD B0 E6
: A7 19 1D 80 AF F1 41 48 D8 1A B6 88 14 A0 2C 7A
: C5 76 D4 0F 0E 1F 7A 2A B2 6E 37 04 AB 39 45 73
: BA 46 A8 0F 8D 82 5F 22 14 05 CF A2 A3 F3 7C 83
568 02 64: INTEGER
: 26 1E 1D 1C A1 98 2B E4 DB 38 E8 57 6E 6B 73 19
: 88 61 3A FA 74 4A 36 8B 47 68 5D 50 EB 26 E3 EA
: 7D 9B 4E 65 A9 AF 7B AB 4B 2E 76 51 3D A8 D0 11
: AB A3 D6 A8 C0 27 36 1D 54 0B AA A7 D1 6D 8D FA
: }
: }
: }
DianePrivDHEncrypt =
0 30 354: SEQUENCE {
4 02 1: INTEGER 0
7 30 311: SEQUENCE {
11 06 7: OBJECT IDENTIFIER dhPublicNumber (1 2 840 10046 2 1)
: (ANSI X9.42 number-type)
20 30 298: SEQUENCE {
24 02 129: INTEGER
: 00 CA 6E 91 C2 B0 BD A8 58 F2 31 21 74 BB 1F E4
: 10 BD D0 93 A2 7E 61 E1 3D BA 23 04 16 D0 66 39
: BD 3B CD 05 74 48 F1 03 70 95 F4 05 63 6D 2E BF
: 9A B7 FF 97 FF 39 BB 63 DB 4D A4 71 D8 94 9A B4
: F2 8A 3D 9F B7 5D 8D CA E2 AF B5 0F CF 05 65 82
: 68 6E 43 D2 F4 04 5F 03 8B F9 50 F5 C8 6C 05 26
: BC BF 36 0F 5C C3 51 6A 67 E8 75 32 66 78 91 63
: E8 FE 34 E7 19 B6 70 6C 78 38 36 82 D2 34 36 C2
: DF
156 02 128: INTEGER
: 6E D6 76 36 4B E4 59 07 57 5F 18 9A 10 D2 31 5C
: A6 10 B0 26 96 42 4D 7C A3 A1 D3 9E A5 80 B2 1F
: 37 11 49 7C 8A 99 D8 56 3F 93 51 ED 6E 54 FB 6E
: DB B2 FC 34 C0 E7 CA 1E 58 2B D5 3D 3B DC AE 71
: 21 D9 3B 56 B8 A7 F6 4D 22 52 5F 41 BA D5 1E 82
: 69 6C DD 70 71 CC 6C 3B EF 84 A9 71 8B A9 3B 2A
: 09 F8 BD FD CB 51 BC 2E 2E CA 3E 30 8C FA 54 9E
: 7D 0D 03 E2 DF 63 62 6D F3 50 82 27 DC D1 99 F7
287 02 33: INTEGER
: 00 AA 05 65 FB DD 4E A8 02 F1 34 39 E7 A3 FC 7D
: 46 10 B8 5D F0 2E F2 C5 D1 5E A2 74 4C DA 0F 4E
: 1F
: }
: }
322 04 34: OCTET STRING, encapsulates {
324 02 32: INTEGER
: 58 2E 89 AB 57 34 7D 3C F5 9A 75 CB 7D 99 8A 19
: 2F 3C 7A A6 85 C9 2F 1B 5A 47 03 E3 82 16 E4 9B
: }
: }
DianePrivDSSSign =
0 30 331: SEQUENCE {
4 02 1: INTEGER 0
7 30 299: SEQUENCE {
11 06 7: OBJECT IDENTIFIER dsa (1 2 840 10040 4 1)
: (ANSI X9.57 algorithm)
20 30 286: SEQUENCE {
24 02 129: INTEGER
: 00 B6 49 18 3E 8A 44 C1 29 71 94 4C 01 C4 12 C1
: 7A 79 CB 54 4D AB 1E 81 FB C6 4C B3 0E 94 09 06
: EB 01 D4 B1 C8 71 4B C7 45 C0 50 25 5D 9C FC DA
: E4 6D D3 E2 86 48 84 82 7D BA 15 95 4A 16 F6 46
: ED DD F6 98 D2 BB 7E 8A 0A 8A BA 16 7B B9 50 01
: 48 93 8B EB 25 15 51 97 55 DC 8F 53 0E 10 A9 50
: FC 70 B7 CD 30 54 FD DA DE A8 AA 22 B5 A1 AF 8B
: CC 02 88 E7 8B 70 5F B9 AD E1 08 D4 6D 29 2D D6
: E9
156 02 21: INTEGER
: 00 DD C1 2F DF 53 CE 0B 34 60 77 3E 02 A4 BF 8A
: 5D 98 B9 10 D5
179 02 128: INTEGER
: 0C EE 57 9B 4B BD DA B6 07 6A 74 37 4F 55 7F 9D
: ED BC 61 0D EB 46 59 3C 56 0B 2B 5B 0C 91 CE A5
: 62 52 69 CA E1 6D 3E BD BF FE E1 B7 B9 2B 61 3C
: AD CB AE 45 E3 06 AC 8C 22 9D 9C 44 87 0B C7 CD
: F0 1C D9 B5 4E 5D 73 DE AF 0E C9 1D 5A 51 F5 4F
: 44 79 35 5A 73 AA 7F 46 51 1F A9 42 16 9C 48 EB
: 8A 79 61 B4 D5 2F 53 22 44 63 1F 86 B8 A3 58 06
: 25 F8 29 C0 EF BA E0 75 F0 42 C4 63 65 52 9B 0A
: }
: }
310 04 23: OCTET STRING, encapsulates {
312 02 21: INTEGER
: 00 96 95 F9 E0 C1 E0 41 2D 32 0F 8B 42 52 93 2A
: E6 1E 0E 21 29
: }
: }
DianePrivRSASignEncrypt =
0 30 631: SEQUENCE {
4 02 1: INTEGER 0
7 30 13: SEQUENCE {
9 06 9: OBJECT IDENTIFIER rsaEncryption (1 2 840 113549 1 1 1)
: (PKCS #1)
20 05 0: NULL
: }
22 04 609: OCTET STRING, encapsulates {
26 30 605: SEQUENCE {
30 02 1: INTEGER 0
33 02 129: INTEGER
: 00 D6 FD B8 C0 70 C6 4C 25 EC EA CF EA 7C BB A2
: 62 FA F0 E6 32 3A 53 FF B1 92 5A 17 F4 20 E1 99
: 24 82 0A D0 F6 7C FB 44 CA 8B 27 06 F1 7E 26 03
: A9 76 9D CF EC A0 2C 70 96 F2 83 42 F6 D4 B7 28
: 0A BB F8 BF 4A 4C 19 3F 07 DB A0 C1 60 1E B7 7E
: 67 F7 DE B1 C3 60 49 AC 45 D7 F8 C6 EF 08 37 21
: 93 47 EE F0 73 35 72 B0 02 C4 F3 11 C3 5E 47 E5
: 0A B7 83 F1 DB 74 69 64 8B 44 1D 95 5D CD 28 C0
: 85
165 02 3: INTEGER 65537
170 02 128: INTEGER
: 3D BD CD C2 0E 61 14 5B 4B E7 BF 60 23 04 2B C5
: 6B 35 A5 96 45 23 FC 69 7D 93 3C 0F D3 25 96 BA
: 62 52 42 E2 96 CF FE 58 80 8F EB B1 8C BD D4 0D
: 65 D0 3A 77 45 24 9E 0C EB 86 80 C3 AC 21 11 71
: 44 E3 B2 A8 A9 2E AC 17 D2 A3 84 25 63 B5 BC 2F
: 1E DD F6 21 FF 15 20 24 5B F1 80 2F D5 41 0E 32
: 24 F7 D4 4A 32 9E B9 49 D8 19 8E 3F 39 8D 62 BD
: 80 FC 0C 24 92 93 E4 C3 D7 05 91 53 BB 96 B6 41
301 02 65: INTEGER
: 00 F3 B8 3F 4A D1 94 B0 91 60 13 41 92 0D 8D 44
: 3F 77 1D FF 96 23 44 08 D4 0B 70 C9 1A AF E9 90
: 94 F2 B0 D5 5F 4F 19 85 50 A1 90 91 AE BD 05 76
: 52 B3 22 D8 A8 7C 8E 54 7F 00 72 4F 36 75 68 73
: B5
368 02 65: INTEGER
: 00 E1 D2 E7 11 57 06 AE 72 95 22 16 AA 02 B4 5A
: ED 4E 9D 82 11 4F 96 3C 86 C9 10 8D 56 7B 31 75
: 79 69 E7 75 68 38 00 4B 2E D2 26 32 DD B1 E2 E0
: 2C 54 80 0A 75 BA D1 66 96 1B B0 0E A0 7E D2 BB
: 91
435 02 65: INTEGER
: 00 AF B6 BC DB 22 73 43 41 EC B4 B5 67 A9 A1 99
: FC EF D2 8E FD 1D FB E5 29 8B FE 0A DF D4 C8 5E
: 57 25 0A 5D 2B D4 09 A0 56 5B C5 B1 62 FC 20 BE
: 08 2D E3 07 B5 A1 E7 B3 FF C4 C0 A5 5F AC 12 5C
: A9
502 02 65: INTEGER
: 00 B9 98 41 FC 08 50 1F 73 60 8A 01 A2 7C 52 8A
: 20 5A EA 2C 89 D9 A5 19 DD 94 C6 1B C3 25 C0 82
: 51 E4 EE 2B 9A 19 DC 73 ED E9 1D 27 D4 F8 6C 03
: DD AB 1D 08 7B B5 AC 7F E9 82 9B F1 89 8A 71 DB
: 61
569 02 64: INTEGER
: 01 07 21 97 5F 7A 60 A8 FD 5A 5C 07 DF A8 DE F7
: E2 B1 34 7D FC EB 91 BD B0 73 74 C8 C4 BE 3F 58
: 45 30 06 90 B3 AC 69 CC B3 F7 3F 7C AC C7 B8 1B
: 65 A1 16 39 39 B0 E3 74 7D CF CD C5 AC 6C BF E5
: }
: }
: }
EricaPrivDHEncryptBobParam =
0 30 355: SEQUENCE {
4 02 1: INTEGER 0
7 30 312: SEQUENCE {
11 06 7: OBJECT IDENTIFIER dhPublicNumber (1 2 840 10046 2 1)
: (ANSI X9.42 number-type)
20 30 299: SEQUENCE {
24 02 129: INTEGER
: 00 EC 2C CD A4 EF 9A 26 2F 62 A7 BB 23 4D DF 2B
: 25 C1 68 D2 9E A9 45 5B 36 F1 94 89 1A AF 7D 11
: 24 9D 3D B9 3C 29 E8 D7 23 80 33 A6 9E 45 02 BB
: AA CC 9E 28 05 95 A0 B3 17 76 C1 F7 25 35 61 02
: 41 92 27 0C 5E AE 48 E5 F3 6E 38 EF 91 D1 CF 37
: FE 9A 40 97 C8 2D 35 9E 9D 93 C6 F8 15 AF 3F DA
: 74 3A B7 C4 93 B5 B9 BB 76 6C 1F A8 7E BC 3A AA
: 43 0A 81 64 FC 63 F0 7B 71 98 FA C0 38 79 10 1A
: 33
156 02 129: INTEGER
: 00 BA 0B D7 74 3D E7 34 E5 4C 13 A7 95 96 BB F1
: E4 61 37 08 FB 12 C7 FB 9C 91 77 06 99 35 F0 48
: 24 96 33 12 01 7E 8D EC 0B F6 B2 C0 63 A7 15 C5
: 5E 95 86 A2 73 C5 49 46 37 79 60 FD 77 05 09 48
: 9B 70 8D 3C 05 F6 CE 44 2C 7F 7D 1B 2B 15 DD F3
: 05 2F BE 85 20 8F 8D F9 B4 A0 45 74 2B F4 3B 9D
: 42 62 34 27 27 81 8E 6F 0F 5E 62 85 89 CC ED 21
: C3 91 70 06 54 EE 70 A8 92 55 5B 6E 19 22 4D 62
: A7
288 02 33: INTEGER
: 00 C3 AB 4A 30 79 B3 D3 97 4E CA F5 A2 7D C7 70
: A3 45 F3 B3 A2 86 05 D2 3E 49 F9 9F D9 0A B3 BE
: BD
: }
: }
323 04 34: OCTET STRING, encapsulates {
325 02 32: INTEGER
: 48 64 11 E4 17 01 12 E6 C1 D3 9C 70 7D 7C A6 97
: 95 BD C8 95 07 F7 CF 41 11 A7 13 91 FB 30 3D 8C
: }
: }
MailListTripleDES =
255e 0d1c 07b6 46df b313 4cc8 43ba 8aa7 1f02 5b7c 0838 251f
MailListRC2 =
b70a 25fb c9d8 6a86 050c e0d7 11ea d4d9
3.3 Certificates 3.3 Certificates
AliceDSSSignByCarlNoInherit = XXXXX Note that Bob's and Diane's Diffie-Hellman encryption keys do *not*
AliceRSASignByCarl = XXXXX share Diffie-Hellman parameters; however, Bob and Erica share Diffie-
BobDHEncryptByCarl = XXXXX Hellman parameters.
CarlDSSSelf = XXXXX
CarlRSASelf = XXXXX AliceDSSSignByCarlNoInherit =
DianeDSSSignByCarlInherit = XXXXX 0 30 734: SEQUENCE {
DianeDHEncryptByCarl = XXXXX 4 30 669: SEQUENCE {
DianeRSASignEncryptByCarl = XXXXX 8 A0 3: [0] {
EricaDHEncryptByCarl = XXXXX 10 02 1: INTEGER 2
: }
13 02 2: INTEGER 200
17 30 9: SEQUENCE {
19 06 7: OBJECT IDENTIFIER dsaWithSha1 (1 2 840 10040 4 3)
: (ANSI X9.57 algorithm)
: }
28 30 18: SEQUENCE {
30 31 16: SET {
32 30 14: SEQUENCE {
34 06 3: OBJECT IDENTIFIER commonName (2 5 4 3)
: (X.520 id-at (2 5 4))
39 13 7: PrintableString 'CarlDSS'
: }
: }
: }
48 30 30: SEQUENCE {
50 17 13: UTCTime '990817011049Z'
65 17 13: UTCTime '391231235959Z'
: }
80 30 19: SEQUENCE {
82 31 17: SET {
84 30 15: SEQUENCE {
86 06 3: OBJECT IDENTIFIER commonName (2 5 4 3)
: (X.520 id-at (2 5 4))
91 13 8: PrintableString 'AliceDSS'
: }
: }
: }
101 30 438: SEQUENCE {
105 30 299: SEQUENCE {
109 06 7: OBJECT IDENTIFIER dsa (1 2 840 10040 4 1)
: (ANSI X9.57 algorithm)
118 30 286: SEQUENCE {
122 02 129: INTEGER
: 00 81 8D CD ED 83 EA 0A 9E 39 3E C2 48 28 A3 E4
: 47 93 DD 0E D7 A8 0E EC 53 C5 AB 84 08 4F FF 94
: E1 73 48 7E 0C D6 F3 44 48 D1 FE 9F AF A4 A1 89
: 2F E1 D9 30 C8 36 DE 3F 9B BF B7 4C DC 5F 69 8A
: E4 75 D0 37 0C 91 08 95 9B DE A7 5E F9 FC F4 9F
: 2F DD 43 A8 8B 54 F1 3F B0 07 08 47 4D 5D 88 C3
: C3 B5 B3 E3 55 08 75 D5 39 76 10 C4 78 BD FF 9D
: B0 84 97 37 F2 E4 51 1B B5 E4 09 96 5C F3 7E 5B
: DB
254 02 21: INTEGER
: 00 E2 47 A6 1A 45 66 B8 13 C6 DA 8F B8 37 21 2B
: 62 8B F7 93 CD
277 02 128: INTEGER
: 26 38 D0 14 89 32 AA 39 FB 3E 6D D9 4B 59 6A 4C
: 76 23 39 04 02 35 5C F2 CB 1A 30 C3 1E 50 5D DD
: 9B 59 E2 CD AA 05 3D 58 C0 7B A2 36 B8 6E 07 AF
: 7D 8A 42 25 A7 F4 75 CF 4A 08 5E 4B 3E 90 F8 6D
: EA 9C C9 21 8A 3B 76 14 E9 CE 2E 5D A3 07 CD 23
: 85 B8 2F 30 01 7C 6D 49 89 11 89 36 44 BD F8 C8
: 95 4A 53 56 B5 E2 F9 73 EC 1A 61 36 1F 11 7F C2
: BD ED D1 50 FF 98 74 C2 D1 81 4A 60 39 BA 36 39
: }
: }
408 03 132: BIT STRING 0 unused bits, encapsulates {
412 02 128: INTEGER
: 5C E3 B9 5A 75 14 96 0B A9 7A DD E3 3F A9 EC AC
: 5E DC BD B7 13 11 34 A6 16 89 28 11 23 D9 34 86
: 67 75 75 13 12 3D 43 5B 6F E5 51 BF FA 89 F2 A2
: 1B 3E 24 7D 3D 07 8D 5B 63 C8 BB 45 A5 A0 4A E3
: 85 D6 CE 06 80 3F E8 23 7E 1A F2 24 AB 53 1A B8
: 27 0D 1E EF 08 BF 66 14 80 5C 62 AC 65 FA 15 8B
: F1 BB 34 D4 D2 96 37 F6 61 47 B2 C4 32 84 F0 7E
: 41 40 FD 46 A7 63 4E 33 F2 A5 E2 F4 F2 83 E5 B8
: }
: }
543 A3 131: [3] {
546 30 128: SEQUENCE {
549 30 32: SEQUENCE {
551 06 3: OBJECT IDENTIFIER subjectAltName (2 5 29 17)
: (X.509 id-ce (2 5 29))
556 04 25: OCTET STRING, encapsulates {
558 30 23: SEQUENCE {
560 81 21: [1] 'aliceDss@examples.com'
: }
: }
: }
583 30 12: SEQUENCE {
585 06 3: OBJECT IDENTIFIER basicConstraints (2 5 29 19)
: (X.509 id-ce (2 5 29))
590 01 1: BOOLEAN TRUE
593 04 2: OCTET STRING, encapsulates {
595 30 0: SEQUENCE {}
: }
: }
597 30 14: SEQUENCE {
599 06 3: OBJECT IDENTIFIER keyUsage (2 5 29 15)
: (X.509 id-ce (2 5 29))
604 01 1: BOOLEAN TRUE
607 04 4: OCTET STRING, encapsulates {
609 03 2: BIT STRING 6 unused bits
: '11'B
: }
: }
613 30 31: SEQUENCE {
615 06 3: OBJECT IDENTIFIER authorityKeyIdentifier (2 5 29 35)
: (X.509 id-ce (2 5 29))
620 04 24: OCTET STRING, encapsulates {
622 30 22: SEQUENCE {
624 80 20: [0]
: 70 44 3E 82 2E 6F 87 DE 4A D3 75 E3 3D 20 BC 43
: 2B 93 F1 1F
: }
: }
: }
646 30 29: SEQUENCE {
648 06 3: OBJECT IDENTIFIER subjectKeyIdentifier (2 5 29 14)
: (X.509 id-ce (2 5 29))
653 04 22: OCTET STRING
: 04 14 BE 6C A1 B3 E3 C1 F7 ED 43 70 A4 CE 13 01
: E2 FD E3 97 FE CD
: }
: }
: }
: }
677 30 9: SEQUENCE {
679 06 7: OBJECT IDENTIFIER dsaWithSha1 (1 2 840 10040 4 3)
: (ANSI X9.57 algorithm)
: }
688 03 48: BIT STRING 0 unused bits, encapsulates {
691 30 45: SEQUENCE {
693 02 21: INTEGER
: 00 98 B0 C6 3F CF 71 47 5A 35 A9 4A 8F C0 F8 24
: 05 E8 46 94 8E
716 02 20: INTEGER
: 5B 9F 48 C0 8C A1 C1 02 9C 44 EA E9 A1 87 C1 A5
: 7F 28 2D BB
: }
: }
: }
AliceRSASignByCarl =
0 30 514: SEQUENCE {
4 30 367: SEQUENCE {
8 A0 3: [0] {
10 02 1: INTEGER 2
: }
13 02 16: INTEGER
: 46 34 6B C7 80 00 56 BC 11 D3 6E 2E C4 10 B3 B0
31 30 9: SEQUENCE {
33 06 5: OBJECT IDENTIFIER sha-1WithRSAEncryption (1 3 14 3 2 29)
: (Oddball OIW OID)
40 05 0: NULL
: }
42 30 18: SEQUENCE {
44 31 16: SET {
46 30 14: SEQUENCE {
48 06 3: OBJECT IDENTIFIER commonName (2 5 4 3)
: (X.520 id-at (2 5 4))
53 13 7: PrintableString 'CarlRSA'
: }
: }
: }
62 30 30: SEQUENCE {
64 17 13: UTCTime '990919010847Z'
79 17 13: UTCTime '391231235959Z'
: }
94 30 19: SEQUENCE {
96 31 17: SET {
98 30 15: SEQUENCE {
100 06 3: OBJECT IDENTIFIER commonName (2 5 4 3)
: (X.520 id-at (2 5 4))
105 13 8: PrintableString 'AliceRSA'
: }
: }
: }
115 30 159: SEQUENCE {
118 30 13: SEQUENCE {
120 06 9: OBJECT IDENTIFIER rsaEncryption (1 2 840 113549 1 1 1)
: (PKCS #1)
131 05 0: NULL
: }
133 03 141: BIT STRING 0 unused bits, encapsulates {
137 30 137: SEQUENCE {
140 02 129: INTEGER
: 00 E0 89 73 39 8D D8 F5 F5 E8 87 76 39 7F 4E B0
: 05 BB 53 83 DE 0F B7 AB DC 7D C7 75 29 0D 05 2E
: 6D 12 DF A6 86 26 D4 D2 6F AA 58 29 FC 97 EC FA
: 82 51 0F 30 80 BE B1 50 9E 46 44 F1 2C BB D8 32
: CF C6 68 6F 07 D9 B0 60 AC BE EE 34 09 6A 13 F5
: F7 05 05 93 DF 5E BA 35 56 D9 61 FF 19 7F C9 81
: E6 F8 6C EA 87 40 70 EF AC 6D 2C 74 9F 2D FA 55
: 3A B9 99 77 02 A6 48 52 8C 4E F3 57 38 57 74 57
: 5F
272 02 3: INTEGER 65537
: }
: }
: }
277 A3 96: [3] {
279 30 94: SEQUENCE {
281 30 12: SEQUENCE {
283 06 3: OBJECT IDENTIFIER basicConstraints (2 5 29 19)
: (X.509 id-ce (2 5 29))
288 01 1: BOOLEAN TRUE
291 04 2: OCTET STRING, encapsulates {
293 30 0: SEQUENCE {}
: }
: }
295 30 14: SEQUENCE {
297 06 3: OBJECT IDENTIFIER keyUsage (2 5 29 15)
: (X.509 id-ce (2 5 29))
302 01 1: BOOLEAN TRUE
305 04 4: OCTET STRING, encapsulates {
307 03 2: BIT STRING 6 unused bits
: '11'B
: }
: }
311 30 31: SEQUENCE {
313 06 3: OBJECT IDENTIFIER authorityKeyIdentifier (2 5 29 35)
: (X.509 id-ce (2 5 29))
318 04 24: OCTET STRING, encapsulates {
320 30 22: SEQUENCE {
322 80 20: [0]
: E9 E0 90 27 AC 78 20 7A 9A D3 4C F2 42 37 4E 22
: AE 9E 38 BB
: }
: }
: }
344 30 29: SEQUENCE {
346 06 3: OBJECT IDENTIFIER subjectKeyIdentifier (2 5 29 14)
: (X.509 id-ce (2 5 29))
351 04 22: OCTET STRING
: 04 14 77 D2 B4 D1 B7 4C 8A 8A A3 CE 45 9D CE EC
: 3C A0 3A E3 FF 50
: }
: }
: }
: }
375 30 9: SEQUENCE {
377 06 5: OBJECT IDENTIFIER sha-1WithRSAEncryption (1 3 14 3 2 29)
: (Oddball OIW OID)
384 05 0: NULL
: }
386 03 129: BIT STRING 0 unused bits
: BF 34 32 E6 FC 6A 88 41 7D F0 5C 99 A1 93 B7 49
: B7 02 52 1E CB 84 AC 93 D7 58 2B 00 A1 9C C4 48
: 48 99 DD 02 C3 C6 05 F8 D2 25 F1 A3 9C C9 33 01
: 8A 76 0E 6F 77 43 A3 BF E1 E6 B3 6A 04 79 39 EE
: E1 E9 E5 9D 50 07 8B 22 DC 12 50 E3 F3 B4 3D 9E
: E5 93 9E B1 CD 33 F9 E0 AB 98 71 09 F8 EB B0 FC
: 9C EC F1 88 D8 AE 03 D1 FE 60 E1 62 14 B1 A2 23
: D2 C8 8D 18 1F 5E EE 9B 72 02 27 C2 85 3D 04 2E
: }
BobDHEncryptByCarl =
0 30 866: SEQUENCE {
4 30 801: SEQUENCE {
8 A0 3: [0] {
10 02 1: INTEGER 2
: }
13 02 2: INTEGER 201
17 30 9: SEQUENCE {
19 06 7: OBJECT IDENTIFIER dsaWithSha1 (1 2 840 10040 4 3)
: (ANSI X9.57 algorithm)
: }
28 30 18: SEQUENCE {
30 31 16: SET {
32 30 14: SEQUENCE {
34 06 3: OBJECT IDENTIFIER commonName (2 5 4 3)
: (X.520 id-at (2 5 4))
39 13 7: PrintableString 'CarlDSS'
: }
: }
: }
48 30 30: SEQUENCE {
50 17 13: UTCTime '990817011828Z'
65 17 13: UTCTime '391231235959Z'
: }
80 30 16: SEQUENCE {
82 31 14: SET {
84 30 12: SEQUENCE {
86 06 3: OBJECT IDENTIFIER commonName (2 5 4 3)
: (X.520 id-at (2 5 4))
91 13 5: PrintableString 'bobDH'
: }
: }
: }
98 30 578: SEQUENCE {
102 30 439: SEQUENCE {
106 06 7: OBJECT IDENTIFIER dhPublicNumber (1 2 840 10046 2 1)
: (ANSI X9.42 number-type)
115 30 426: SEQUENCE {
119 02 129: INTEGER
: 00 EC 2C CD A4 EF 9A 26 2F 62 A7 BB 23 4D DF 2B
: 25 C1 68 D2 9E A9 45 5B 36 F1 94 89 1A AF 7D 11
: 24 9D 3D B9 3C 29 E8 D7 23 80 33 A6 9E 45 02 BB
: AA CC 9E 28 05 95 A0 B3 17 76 C1 F7 25 35 61 02
: 41 92 27 0C 5E AE 48 E5 F3 6E 38 EF 91 D1 CF 37
: FE 9A 40 97 C8 2D 35 9E 9D 93 C6 F8 15 AF 3F DA
: 74 3A B7 C4 93 B5 B9 BB 76 6C 1F A8 7E BC 3A AA
: 43 0A 81 64 FC 63 F0 7B 71 98 FA C0 38 79 10 1A
: 33
251 02 129: INTEGER
: 00 BA 0B D7 74 3D E7 34 E5 4C 13 A7 95 96 BB F1
: E4 61 37 08 FB 12 C7 FB 9C 91 77 06 99 35 F0 48
: 24 96 33 12 01 7E 8D EC 0B F6 B2 C0 63 A7 15 C5
: 5E 95 86 A2 73 C5 49 46 37 79 60 FD 77 05 09 48
: 9B 70 8D 3C 05 F6 CE 44 2C 7F 7D 1B 2B 15 DD F3
: 05 2F BE 85 20 8F 8D F9 B4 A0 45 74 2B F4 3B 9D
: 42 62 34 27 27 81 8E 6F 0F 5E 62 85 89 CC ED 21
: C3 91 70 06 54 EE 70 A8 92 55 5B 6E 19 22 4D 62
: A7
383 02 33: INTEGER
: 00 C3 AB 4A 30 79 B3 D3 97 4E CA F5 A2 7D C7 70
: A3 45 F3 B3 A2 86 05 D2 3E 49 F9 9F D9 0A B3 BE
: BD
418 02 97: INTEGER
: 01 34 FE C2 33 48 EB F6 3B 97 D9 E4 97 A7 60 A5
: 25 69 34 FB FD 46 2A D6 C9 C4 C5 F7 D6 F4 04 19
: 8D 94 D9 8A 37 68 69 67 55 FB F2 6B 0E 47 C5 5B
: 0B 4B 0E 1C 1A 8B 7B 75 B7 AA C3 AA D7 EB 3B DA
: 2A 8D 02 87 37 47 83 D7 31 B4 25 A8 AC BB 11 88
: 53 1C 11 92 B6 69 E7 2E 90 C1 7A FC 87 F4 F6 D7
: 1A
517 30 26: SEQUENCE {
519 03 21: BIT STRING 0 unused bits
: B9 FF 1C 93 44 67 37 D1 B2 F8 57 9A 32 4A C9 4A
: FF 3B EC 1E
542 02 1: INTEGER 29
: }
: }
: }
545 03 132: BIT STRING 0 unused bits, encapsulates {
549 02 128: INTEGER
: 6F D4 F6 CD 94 9A 6E AF 5B 57 17 96 75 BB 0F B9
: 48 E9 90 37 0D 15 20 C2 55 1E 13 E2 AE 71 17 84
: C3 0E 74 AE 8A 55 7F 28 7D 8B D7 28 22 9C 76 46
: D7 3B 4F 9D D1 4D 1B B2 DB 51 94 C5 6D 54 96 40
: 38 8A 38 81 63 4A 8C C3 1E 09 89 74 A6 58 D5 C8
: 5A 3D CF BB B8 23 7F 9C 1F 7D 78 FA 9E F9 90 9E
: 91 E7 4B C2 A4 BE 45 06 78 42 58 3D 9F 63 2C EF
: 84 D4 67 E5 FB C6 6D A2 36 29 67 90 46 DB 4E 48
: }
: }
680 A3 127: [3] {
682 30 125: SEQUENCE {
684 30 29: SEQUENCE {
686 06 3: OBJECT IDENTIFIER subjectAltName (2 5 29 17)
: (X.509 id-ce (2 5 29))
691 04 22: OCTET STRING, encapsulates {
693 30 20: SEQUENCE {
695 81 18: [1] 'bobDh@examples.com'
: }
: }
: }
715 30 12: SEQUENCE {
717 06 3: OBJECT IDENTIFIER basicConstraints (2 5 29 19)
: (X.509 id-ce (2 5 29))
722 01 1: BOOLEAN TRUE
725 04 2: OCTET STRING, encapsulates {
727 30 0: SEQUENCE {}
: }
: }
729 30 14: SEQUENCE {
731 06 3: OBJECT IDENTIFIER keyUsage (2 5 29 15)
: (X.509 id-ce (2 5 29))
736 01 1: BOOLEAN TRUE
739 04 4: OCTET STRING, encapsulates {
741 03 2: BIT STRING 3 unused bits
: '10000'B
: }
: }
745 30 31: SEQUENCE {
747 06 3: OBJECT IDENTIFIER authorityKeyIdentifier (2 5 29 35)
: (X.509 id-ce (2 5 29))
752 04 24: OCTET STRING, encapsulates {
754 30 22: SEQUENCE {
756 80 20: [0]
: 70 44 3E 82 2E 6F 87 DE 4A D3 75 E3 3D 20 BC 43
: 2B 93 F1 1F
: }
: }
: }
778 30 29: SEQUENCE {
780 06 3: OBJECT IDENTIFIER subjectKeyIdentifier (2 5 29 14)
: (X.509 id-ce (2 5 29))
785 04 22: OCTET STRING
: 04 14 26 FF 19 48 C3 59 33 68 56 8D 7E C8 80 68
: 5C CF 3C 72 DD 26
: }
: }
: }
: }
809 30 9: SEQUENCE {
811 06 7: OBJECT IDENTIFIER dsaWithSha1 (1 2 840 10040 4 3)
: (ANSI X9.57 algorithm)
: }
820 03 48: BIT STRING 0 unused bits, encapsulates {
823 30 45: SEQUENCE {
825 02 20: INTEGER
: 15 EA 15 43 E3 49 22 86 C1 BB E5 DA E4 0E B8 09
: E0 D5 72 35
847 02 21: INTEGER
: 00 AE 4F 51 29 73 71 75 A9 81 EB ED 9D 5E 00 19
: 7E F0 DE 5A D6
: }
: }
: }
BobRSASignByCarl =
0 30 512: SEQUENCE {
4 30 365: SEQUENCE {
8 A0 3: [0] {
10 02 1: INTEGER 2
: }
13 02 16: INTEGER
: 46 34 6B C7 80 00 56 BC 11 D3 6E 2E CD 5D 71 D0
31 30 9: SEQUENCE {
33 06 5: OBJECT IDENTIFIER sha-1WithRSAEncryption (1 3 14 3 2 29)
: (Oddball OIW OID)
40 05 0: NULL
: }
42 30 18: SEQUENCE {
44 31 16: SET {
46 30 14: SEQUENCE {
48 06 3: OBJECT IDENTIFIER commonName (2 5 4 3)
: (X.520 id-at (2 5 4))
53 13 7: PrintableString 'CarlRSA'
: }
: }
: }
62 30 30: SEQUENCE {
64 17 13: UTCTime '990919010902Z'
79 17 13: UTCTime '391231235959Z'
: }
94 30 17: SEQUENCE {
96 31 15: SET {
98 30 13: SEQUENCE {
100 06 3: OBJECT IDENTIFIER commonName (2 5 4 3)
: (X.520 id-at (2 5 4))
105 13 6: PrintableString 'BobRSA'
: }
: }
: }
113 30 159: SEQUENCE {
116 30 13: SEQUENCE {
118 06 9: OBJECT IDENTIFIER rsaEncryption (1 2 840 113549 1 1 1)
: (PKCS #1)
129 05 0: NULL
: }
131 03 141: BIT STRING 0 unused bits, encapsulates {
135 30 137: SEQUENCE {
138 02 129: INTEGER
: 00 CA 5C E1 2E EC CF C1 3B 5D 10 1B DF 54 35 71
: 99 0A 09 D8 3D E4 61 BF A0 BE 0A BE 11 A4 3C B5
: 38 41 41 48 04 E1 5B B1 17 1C 53 B5 F4 C5 15 D3
: FE 0C FB 0C AC EA 80 18 36 03 7E 41 93 53 D7 40
: 74 49 DB D9 C6 AF FE D6 CA 0D CA 01 84 8F A1 E9
: A3 00 21 27 51 D5 40 19 AA E3 C0 30 78 5B A0 B2
: E6 C1 2D 24 36 CB AE 44 10 82 B0 DD 74 D7 F6 EB
: 51 27 B2 A7 B6 AD 78 CA A7 1B 59 51 18 EF 28 0C
: 53
270 02 3: INTEGER 65537
: }
: }
: }
275 A3 96: [3] {
277 30 94: SEQUENCE {
279 30 12: SEQUENCE {
281 06 3: OBJECT IDENTIFIER basicConstraints (2 5 29 19)
: (X.509 id-ce (2 5 29))
286 01 1: BOOLEAN TRUE
289 04 2: OCTET STRING, encapsulates {
291 30 0: SEQUENCE {}
: }
: }
293 30 14: SEQUENCE {
295 06 3: OBJECT IDENTIFIER keyUsage (2 5 29 15)
: (X.509 id-ce (2 5 29))
300 01 1: BOOLEAN TRUE
303 04 4: OCTET STRING, encapsulates {
305 03 2: BIT STRING 5 unused bits
: '100'B
: }
: }
309 30 31: SEQUENCE {
311 06 3: OBJECT IDENTIFIER authorityKeyIdentifier (2 5 29 35)
: (X.509 id-ce (2 5 29))
316 04 24: OCTET STRING, encapsulates {
318 30 22: SEQUENCE {
320 80 20: [0]
: E9 E0 90 27 AC 78 20 7A 9A D3 4C F2 42 37 4E 22
: AE 9E 38 BB
: }
: }
: }
342 30 29: SEQUENCE {
344 06 3: OBJECT IDENTIFIER subjectKeyIdentifier (2 5 29 14)
: (X.509 id-ce (2 5 29))
349 04 22: OCTET STRING
: 04 14 E8 F4 B8 67 D8 B3 96 A4 2A F3 11 AA 29 D3
: 95 5A 86 16 B4 24
: }
: }
: }
: }
373 30 9: SEQUENCE {
375 06 5: OBJECT IDENTIFIER sha-1WithRSAEncryption (1 3 14 3 2 29)
: (Oddball OIW OID)
382 05 0: NULL
: }
384 03 129: BIT STRING 0 unused bits
: 98 FA AF 7D 21 01 AA B3 88 BC F1 EF 12 5F 4D 58
: 30 D8 8E 4E BC E1 2C B2 7E 68 57 8D 0C 43 5C D7
: 1E 45 D1 F7 95 33 E2 A0 75 CA 13 C8 53 BC 33 26
: 9B B3 C8 50 DF CD 84 6A 1B E8 48 C8 42 D0 81 63
: 6C 33 19 BE 02 69 F6 16 31 7F D4 99 DF 80 7A F3
: 3B F8 1B 29 7D 26 51 37 03 22 3F F6 15 3D 30 F3
: 32 8A F1 AE 97 DE D7 F5 16 A9 A7 AD C7 15 AF 53
: 3E A8 25 91 B2 C4 5F 4E 6A 15 57 47 50 BC B2 FA
: }
CarlDSSSelf =
0 30 667: SEQUENCE {
4 30 602: SEQUENCE {
8 A0 3: [0] {
10 02 1: INTEGER 2
: }
13 02 1: INTEGER 1
16 30 9: SEQUENCE {
18 06 7: OBJECT IDENTIFIER dsaWithSha1 (1 2 840 10040 4 3)
: (ANSI X9.57 algorithm)
: }
27 30 18: SEQUENCE {
29 31 16: SET {
31 30 14: SEQUENCE {
33 06 3: OBJECT IDENTIFIER commonName (2 5 4 3)
: (X.520 id-at (2 5 4))
38 13 7: PrintableString 'CarlDSS'
: }
: }
: }
47 30 30: SEQUENCE {
49 17 13: UTCTime '990816225050Z'
64 17 13: UTCTime '391231235959Z'
: }
79 30 18: SEQUENCE {
81 31 16: SET {
83 30 14: SEQUENCE {
85 06 3: OBJECT IDENTIFIER commonName (2 5 4 3)
: (X.520 id-at (2 5 4))
90 13 7: PrintableString 'CarlDSS'
: }
: }
: }
99 30 439: SEQUENCE {
103 30 299: SEQUENCE {
107 06 7: OBJECT IDENTIFIER dsa (1 2 840 10040 4 1)
: (ANSI X9.57 algorithm)
116 30 286: SEQUENCE {
120 02 129: INTEGER
: 00 B6 49 18 3E 8A 44 C1 29 71 94 4C 01 C4 12 C1
: 7A 79 CB 54 4D AB 1E 81 FB C6 4C B3 0E 94 09 06
: EB 01 D4 B1 C8 71 4B C7 45 C0 50 25 5D 9C FC DA
: E4 6D D3 E2 86 48 84 82 7D BA 15 95 4A 16 F6 46
: ED DD F6 98 D2 BB 7E 8A 0A 8A BA 16 7B B9 50 01
: 48 93 8B EB 25 15 51 97 55 DC 8F 53 0E 10 A9 50
: FC 70 B7 CD 30 54 FD DA DE A8 AA 22 B5 A1 AF 8B
: CC 02 88 E7 8B 70 5F B9 AD E1 08 D4 6D 29 2D D6
: E9
252 02 21: INTEGER
: 00 DD C1 2F DF 53 CE 0B 34 60 77 3E 02 A4 BF 8A
: 5D 98 B9 10 D5
275 02 128: INTEGER
: 0C EE 57 9B 4B BD DA B6 07 6A 74 37 4F 55 7F 9D
: ED BC 61 0D EB 46 59 3C 56 0B 2B 5B 0C 91 CE A5
: 62 52 69 CA E1 6D 3E BD BF FE E1 B7 B9 2B 61 3C
: AD CB AE 45 E3 06 AC 8C 22 9D 9C 44 87 0B C7 CD
: F0 1C D9 B5 4E 5D 73 DE AF 0E C9 1D 5A 51 F5 4F
: 44 79 35 5A 73 AA 7F 46 51 1F A9 42 16 9C 48 EB
: 8A 79 61 B4 D5 2F 53 22 44 63 1F 86 B8 A3 58 06
: 25 F8 29 C0 EF BA E0 75 F0 42 C4 63 65 52 9B 0A
: }
: }
406 03 133: BIT STRING 0 unused bits, encapsulates {
410 02 129: INTEGER
: 00 99 87 74 27 03 66 A0 B1 C0 AD DC 2C 75 BB E1
: 6C 44 9C DA 21 6D 4D 47 6D B1 62 09 E9 D8 AE 1E
: F2 3A B4 94 B1 A3 8E 7A 9B 71 4E 00 94 C9 B4 25
: 4E B9 60 96 19 24 01 F3 62 0C FE 75 C0 FB CE D8
: 68 00 E3 FD D5 70 4F DF 23 96 19 06 94 F4 B1 61
: 8F 3A 57 B1 08 11 A4 0B 26 25 F0 52 76 81 EA 0B
: 62 0D 95 2A E6 86 BA 72 B2 A7 50 83 0B AA 27 CD
: 1B A9 4D 89 9A D7 8D 18 39 84 3F 8B C5 56 4D 80
: 7A
: }
: }
542 A3 66: [3] {
544 30 64: SEQUENCE {
546 30 15: SEQUENCE {
548 06 3: OBJECT IDENTIFIER basicConstraints (2 5 29 19)
: (X.509 id-ce (2 5 29))
553 01 1: BOOLEAN TRUE
556 04 5: OCTET STRING, encapsulates {
558 30 3: SEQUENCE {
560 01 1: BOOLEAN TRUE
: }
: }
: }
563 30 14: SEQUENCE {
565 06 3: OBJECT IDENTIFIER keyUsage (2 5 29 15)
: (X.509 id-ce (2 5 29))
570 01 1: BOOLEAN TRUE
573 04 4: OCTET STRING, encapsulates {
575 03 2: BIT STRING 1 unused bits
: '1100001'B
: }
: }
579 30 29: SEQUENCE {
581 06 3: OBJECT IDENTIFIER subjectKeyIdentifier (2 5 29 14)
: (X.509 id-ce (2 5 29))
586 04 22: OCTET STRING
: 04 14 70 44 3E 82 2E 6F 87 DE 4A D3 75 E3 3D 20
: BC 43 2B 93 F1 1F
: }
: }
: }
: }
610 30 9: SEQUENCE {
612 06 7: OBJECT IDENTIFIER dsaWithSha1 (1 2 840 10040 4 3)
: (ANSI X9.57 algorithm)
: }
621 03 48: BIT STRING 0 unused bits, encapsulates {
624 30 45: SEQUENCE {
626 02 20: INTEGER
: 6B A9 F0 4E 7A 5A 79 E3 F9 BE 3D 2B C9 06 37 E9
: 11 17 A1 13
648 02 21: INTEGER
: 00 8F 34 69 2A 8B B1 3C 03 79 94 32 4D 12 1F CE
: 89 FB 46 B2 3B
: }
: }
: }
DianeDHEncryptByCarl =
0 30 869: SEQUENCE {
4 30 805: SEQUENCE {
8 A0 3: [0] {
10 02 1: INTEGER 2
: }
13 02 2: INTEGER 211
17 30 9: SEQUENCE {
19 06 7: OBJECT IDENTIFIER dsaWithSha1 (1 2 840 10040 4 3)
: (ANSI X9.57 algorithm)
: }
28 30 18: SEQUENCE {
30 31 16: SET {
32 30 14: SEQUENCE {
34 06 3: OBJECT IDENTIFIER commonName (2 5 4 3)
: (X.520 id-at (2 5 4))
39 13 7: PrintableString 'CarlDSS'
: }
: }
: }
48 30 30: SEQUENCE {
50 17 13: UTCTime '990817021657Z'
65 17 13: UTCTime '391231235959Z'
: }
80 30 18: SEQUENCE {
82 31 16: SET {
84 30 14: SEQUENCE {
86 06 3: OBJECT IDENTIFIER commonName (2 5 4 3)
: (X.520 id-at (2 5 4))
91 13 7: PrintableString 'DianeDH'
: }
: }
: }
100 30 577: SEQUENCE {
104 30 438: SEQUENCE {
108 06 7: OBJECT IDENTIFIER dhPublicNumber (1 2 840 10046 2 1)
: (ANSI X9.42 number-type)
117 30 425: SEQUENCE {
121 02 129: INTEGER
: 00 CA 6E 91 C2 B0 BD A8 58 F2 31 21 74 BB 1F E4
: 10 BD D0 93 A2 7E 61 E1 3D BA 23 04 16 D0 66 39
: BD 3B CD 05 74 48 F1 03 70 95 F4 05 63 6D 2E BF
: 9A B7 FF 97 FF 39 BB 63 DB 4D A4 71 D8 94 9A B4
: F2 8A 3D 9F B7 5D 8D CA E2 AF B5 0F CF 05 65 82
: 68 6E 43 D2 F4 04 5F 03 8B F9 50 F5 C8 6C 05 26
: BC BF 36 0F 5C C3 51 6A 67 E8 75 32 66 78 91 63
: E8 FE 34 E7 19 B6 70 6C 78 38 36 82 D2 34 36 C2
: DF
253 02 128: INTEGER
: 6E D6 76 36 4B E4 59 07 57 5F 18 9A 10 D2 31 5C
: A6 10 B0 26 96 42 4D 7C A3 A1 D3 9E A5 80 B2 1F
: 37 11 49 7C 8A 99 D8 56 3F 93 51 ED 6E 54 FB 6E
: DB B2 FC 34 C0 E7 CA 1E 58 2B D5 3D 3B DC AE 71
: 21 D9 3B 56 B8 A7 F6 4D 22 52 5F 41 BA D5 1E 82
: 69 6C DD 70 71 CC 6C 3B EF 84 A9 71 8B A9 3B 2A
: 09 F8 BD FD CB 51 BC 2E 2E CA 3E 30 8C FA 54 9E
: 7D 0D 03 E2 DF 63 62 6D F3 50 82 27 DC D1 99 F7
384 02 33: INTEGER
: 00 AA 05 65 FB DD 4E A8 02 F1 34 39 E7 A3 FC 7D
: 46 10 B8 5D F0 2E F2 C5 D1 5E A2 74 4C DA 0F 4E
: 1F
419 02 97: INTEGER
: 01 30 CD 03 82 CD 3F 32 3A 5F 16 5E F2 13 5F 52
: 1B DF FF AA 3B 06 3C 7F 81 26 1C B7 0C A0 14 09
: 1B 5D 26 FD 71 33 8C F2 AC 41 7E 0D AC 35 95 90
: 7E A5 AD AB 55 50 80 F0 D2 B9 2A 11 4D 76 45 76
: 3F 0C 38 AE 72 59 C6 EC BD EF E7 6E 60 23 93 B9
: 27 02 44 7E 4A D3 DA 39 3A 9A 63 43 3C 1B 23 C5
: 62
518 30 26: SEQUENCE {
520 03 21: BIT STRING 0 unused bits
: D0 FD D6 E0 46 97 D1 A7 7F BB FF 9A 43 F0 62 64
: B3 7C 97 AB
543 02 1: INTEGER 122
: }
: }
: }
546 03 132: BIT STRING 0 unused bits, encapsulates {
550 02 128: INTEGER
: 60 5E 6E EF 61 55 77 3F 9D 6A 11 10 F4 D3 C9 B8
: 72 A0 1F 89 DF E4 BC 21 FD E4 9F 50 D6 8F 8E F9
: 67 97 14 E0 34 19 8F 3D 58 52 1E DC 5D 05 4E 4F
: C6 88 85 78 AC 01 6C 35 CE 86 6D 90 4B 58 48 2E
: 0F B2 E3 2A 4E 47 C3 B1 4D 2A 7A C9 B7 E5 C6 68
: 8A 73 AE 53 21 B3 CF 09 C4 62 A3 E8 B0 BB DC DE
: 0D 2E 66 48 37 A8 DB A2 4B FB DB FA A6 92 4B 41
: 0A C6 54 0B 8B 1A 9D 2F FF 60 0B 0B 08 D9 42 3F
: }
: }
681 A3 129: [3] {
684 30 127: SEQUENCE {
686 30 31: SEQUENCE {
688 06 3: OBJECT IDENTIFIER subjectAltName (2 5 29 17)
: (X.509 id-ce (2 5 29))
693 04 24: OCTET STRING, encapsulates {
695 30 22: SEQUENCE {
697 81 20: [1] 'dianeDh@examples.com'
: }
: }
: }
719 30 12: SEQUENCE {
721 06 3: OBJECT IDENTIFIER basicConstraints (2 5 29 19)
: (X.509 id-ce (2 5 29))
726 01 1: BOOLEAN TRUE
729 04 2: OCTET STRING, encapsulates {
731 30 0: SEQUENCE {}
: }
: }
733 30 14: SEQUENCE {
735 06 3: OBJECT IDENTIFIER keyUsage (2 5 29 15)
: (X.509 id-ce (2 5 29))
740 01 1: BOOLEAN TRUE
743 04 4: OCTET STRING, encapsulates {
745 03 2: BIT STRING 3 unused bits
: '10000'B
: }
: }
749 30 31: SEQUENCE {
751 06 3: OBJECT IDENTIFIER authorityKeyIdentifier (2 5 29 35)
: (X.509 id-ce (2 5 29))
756 04 24: OCTET STRING, encapsulates {
758 30 22: SEQUENCE {
760 80 20: [0]
: 70 44 3E 82 2E 6F 87 DE 4A D3 75 E3 3D 20 BC 43
: 2B 93 F1 1F
: }
: }
: }
782 30 29: SEQUENCE {
784 06 3: OBJECT IDENTIFIER subjectKeyIdentifier (2 5 29 14)
: (X.509 id-ce (2 5 29))
789 04 22: OCTET STRING
: 04 14 47 F3 4F CD 75 7D A8 52 21 A8 61 36 57 B5
: F8 9A EE DB 30 46
: }
: }
: }
: }
813 30 9: SEQUENCE {
815 06 7: OBJECT IDENTIFIER dsaWithSha1 (1 2 840 10040 4 3)
: (ANSI X9.57 algorithm)
: }
824 03 47: BIT STRING 0 unused bits, encapsulates {
827 30 44: SEQUENCE {
829 02 20: INTEGER
: 7D 64 1E 1F 4B F3 EC 6F 34 2C B2 E4 64 70 8F 3E
: 6A C0 72 A2
851 02 20: INTEGER
: 4B EA C1 0C F1 CD F7 7A 9D 76 CA 27 6E D0 BE F2
: D8 9B 6A 6D
: }
: }
: }
DianeDSSSignByCarlInherit =
0 30 442: SEQUENCE {
4 30 377: SEQUENCE {
8 A0 3: [0] {
10 02 1: INTEGER 2
: }
13 02 2: INTEGER 210
17 30 9: SEQUENCE {
19 06 7: OBJECT IDENTIFIER dsaWithSha1 (1 2 840 10040 4 3)
: (ANSI X9.57 algorithm)
: }
28 30 18: SEQUENCE {
30 31 16: SET {
32 30 14: SEQUENCE {
34 06 3: OBJECT IDENTIFIER commonName (2 5 4 3)
: (X.520 id-at (2 5 4))
39 13 7: PrintableString 'CarlDSS'
: }
: }
: }
48 30 30: SEQUENCE {
50 17 13: UTCTime '990817020810Z'
65 17 13: UTCTime '391231235959Z'
: }
80 30 19: SEQUENCE {
82 31 17: SET {
84 30 15: SEQUENCE {
86 06 3: OBJECT IDENTIFIER commonName (2 5 4 3)
: (X.520 id-at (2 5 4))
91 13 8: PrintableString 'DianeDSS'
: }
: }
: }
101 30 147: SEQUENCE {
104 30 9: SEQUENCE {
106 06 7: OBJECT IDENTIFIER dsa (1 2 840 10040 4 1)
: (ANSI X9.57 algorithm)
: }
115 03 133: BIT STRING 0 unused bits, encapsulates {
119 02 129: INTEGER
: 00 A0 00 17 78 2C EE 7E 81 53 2E 2E 61 08 0F A1
: 9B 51 52 1A DA 59 A8 73 2F 12 25 B6 08 CB CA EF
: 2A 44 76 8A 52 09 EA BD 05 22 D5 0F F6 FD 46 D7
: AF 99 38 09 0E 13 CB 4F 2C DD 1C 34 F7 1C BF 25
: FF 23 D3 3B 59 E7 82 97 37 BE 31 24 D8 18 C8 F3
: 49 39 5B B7 E2 E5 27 7E FC 8C 45 72 5B 7E 3E 8F
: 68 4D DD 46 7A 22 BE 8E FF CC DA 39 29 A3 39 E5
: 9F 43 E9 55 C9 D7 5B A6 81 67 CC C0 AA CD 2E C5
: 23
: }
: }
251 A3 131: [3] {
254 30 128: SEQUENCE {
257 30 32: SEQUENCE {
259 06 3: OBJECT IDENTIFIER subjectAltName (2 5 29 17)
: (X.509 id-ce (2 5 29))
264 04 25: OCTET STRING, encapsulates {
266 30 23: SEQUENCE {
268 81 21: [1] 'dianeDss@examples.com'
: }
: }
: }
291 30 12: SEQUENCE {
293 06 3: OBJECT IDENTIFIER basicConstraints (2 5 29 19)
: (X.509 id-ce (2 5 29))
298 01 1: BOOLEAN TRUE
301 04 2: OCTET STRING, encapsulates {
303 30 0: SEQUENCE {}
: }
: }
305 30 14: SEQUENCE {
307 06 3: OBJECT IDENTIFIER keyUsage (2 5 29 15)
: (X.509 id-ce (2 5 29))
312 01 1: BOOLEAN TRUE
315 04 4: OCTET STRING, encapsulates {
317 03 2: BIT STRING 6 unused bits
: '11'B
: }
: }
321 30 31: SEQUENCE {
323 06 3: OBJECT IDENTIFIER authorityKeyIdentifier (2 5 29 35)
: (X.509 id-ce (2 5 29))
328 04 24: OCTET STRING, encapsulates {
330 30 22: SEQUENCE {
332 80 20: [0]
: 70 44 3E 82 2E 6F 87 DE 4A D3 75 E3 3D 20 BC 43
: 2B 93 F1 1F
: }
: }
: }
354 30 29: SEQUENCE {
356 06 3: OBJECT IDENTIFIER subjectKeyIdentifier (2 5 29 14)
: (X.509 id-ce (2 5 29))
361 04 22: OCTET STRING
: 04 14 64 30 99 7D 5C DC 45 0B 99 3A 52 2F 16 BF
: 58 50 DD CE 2B 18
: }
: }
: }
: }
385 30 9: SEQUENCE {
387 06 7: OBJECT IDENTIFIER dsaWithSha1 (1 2 840 10040 4 3)
: (ANSI X9.57 algorithm)
: }
396 03 48: BIT STRING 0 unused bits, encapsulates {
399 30 45: SEQUENCE {
401 02 20: INTEGER
: 7E 0C 0C 81 17 B4 9A 54 B2 C3 30 EB 8A C4 3C C2
: 52 36 9E 95
423 02 21: INTEGER
: 00 C6 9F 17 C2 71 4B AC 2E 39 8D 3D 10 1F 9A B3
: 4D B6 F9 11 A3
: }
: }
: }
DianeRSASignEncryptByCarl =
0 30 514: SEQUENCE {
4 30 367: SEQUENCE {
8 A0 3: [0] {
10 02 1: INTEGER 2
: }
13 02 16: INTEGER
: 46 34 6B C7 80 00 56 BC 11 D3 6E 2E D5 9A 30 90
31 30 9: SEQUENCE {
33 06 5: OBJECT IDENTIFIER sha-1WithRSAEncryption (1 3 14 3 2 29)
: (Oddball OIW OID)
40 05 0: NULL
: }
42 30 18: SEQUENCE {
44 31 16: SET {
46 30 14: SEQUENCE {
48 06 3: OBJECT IDENTIFIER commonName (2 5 4 3)
: (X.520 id-at (2 5 4))
53 13 7: PrintableString 'CarlRSA'
: }
: }
: }
62 30 30: SEQUENCE {
64 17 13: UTCTime '990919010916Z'
79 17 13: UTCTime '391231235959Z'
: }
94 30 19: SEQUENCE {
96 31 17: SET {
98 30 15: SEQUENCE {
100 06 3: OBJECT IDENTIFIER commonName (2 5 4 3)
: (X.520 id-at (2 5 4))
105 13 8: PrintableString 'DianeRSA'
: }
: }
: }
115 30 159: SEQUENCE {
118 30 13: SEQUENCE {
120 06 9: OBJECT IDENTIFIER rsaEncryption (1 2 840 113549 1 1 1)
: (PKCS #1)
131 05 0: NULL
: }
133 03 141: BIT STRING 0 unused bits, encapsulates {
137 30 137: SEQUENCE {
140 02 129: INTEGER
: 00 D6 FD B8 C0 70 C6 4C 25 EC EA CF EA 7C BB A2
: 62 FA F0 E6 32 3A 53 FF B1 92 5A 17 F4 20 E1 99
: 24 82 0A D0 F6 7C FB 44 CA 8B 27 06 F1 7E 26 03
: A9 76 9D CF EC A0 2C 70 96 F2 83 42 F6 D4 B7 28
: 0A BB F8 BF 4A 4C 19 3F 07 DB A0 C1 60 1E B7 7E
: 67 F7 DE B1 C3 60 49 AC 45 D7 F8 C6 EF 08 37 21
: 93 47 EE F0 73 35 72 B0 02 C4 F3 11 C3 5E 47 E5
: 0A B7 83 F1 DB 74 69 64 8B 44 1D 95 5D CD 28 C0
: 85
272 02 3: INTEGER 65537
: }
: }
: }
277 A3 96: [3] {
279 30 94: SEQUENCE {
281 30 12: SEQUENCE {
283 06 3: OBJECT IDENTIFIER basicConstraints (2 5 29 19)
: (X.509 id-ce (2 5 29))
288 01 1: BOOLEAN TRUE
291 04 2: OCTET STRING, encapsulates {
293 30 0: SEQUENCE {}
: }
: }
295 30 14: SEQUENCE {
297 06 3: OBJECT IDENTIFIER keyUsage (2 5 29 15)
: (X.509 id-ce (2 5 29))
302 01 1: BOOLEAN TRUE
305 04 4: OCTET STRING, encapsulates {
307 03 2: BIT STRING 5 unused bits
: '111'B
: }
: }
311 30 31: SEQUENCE {
313 06 3: OBJECT IDENTIFIER authorityKeyIdentifier (2 5 29 35)
: (X.509 id-ce (2 5 29))
318 04 24: OCTET STRING, encapsulates {
320 30 22: SEQUENCE {
322 80 20: [0]
: E9 E0 90 27 AC 78 20 7A 9A D3 4C F2 42 37 4E 22
: AE 9E 38 BB
: }
: }
: }
344 30 29: SEQUENCE {
346 06 3: OBJECT IDENTIFIER subjectKeyIdentifier (2 5 29 14)
: (X.509 id-ce (2 5 29))
351 04 22: OCTET STRING
: 04 14 8C F3 CB 75 0E 8D 31 F6 D4 29 DA 44 92 75
: B8 FE ED 4F 39 0C
: }
: }
: }
: }
375 30 9: SEQUENCE {
377 06 5: OBJECT IDENTIFIER sha-1WithRSAEncryption (1 3 14 3 2 29)
: (Oddball OIW OID)
384 05 0: NULL
: }
386 03 129: BIT STRING 0 unused bits
: CA 88 C7 37 A9 AE 26 CB 2B 79 82 22 4F 4A 0D 1C
: A7 20 B2 E0 68 F5 42 DE 59 6B B3 FD 25 C0 39 B8
: EB C0 8B 69 A2 16 55 CE 06 7E 26 5F C6 5E 51 02
: 3F 95 D5 A7 F7 F2 7D 23 6F 2B AC 7C CB 6F 90 0F
: 44 5D 44 22 53 D5 42 38 18 C4 52 D7 B8 AB 82 6F
: AC B6 BC A9 E7 13 44 36 76 16 23 00 12 6B 6F 7D
: C6 C9 BE 79 2C B9 2D 69 D3 1D B1 1D BA 5A 20 85
: CA 5B 88 46 36 B5 E5 0E 15 85 B7 E2 5E 7B CA 1A
: }
EricaDHEncryptByCarl =
0 30 745: SEQUENCE {
4 30 680: SEQUENCE {
8 A0 3: [0] {
10 02 1: INTEGER 2
: }
13 02 2: INTEGER 212
17 30 9: SEQUENCE {
19 06 7: OBJECT IDENTIFIER dsaWithSha1 (1 2 840 10040 4 3)
: (ANSI X9.57 algorithm)
: }
28 30 18: SEQUENCE {
30 31 16: SET {
32 30 14: SEQUENCE {
34 06 3: OBJECT IDENTIFIER commonName (2 5 4 3)
: (X.520 id-at (2 5 4))
39 13 7: PrintableString 'CarlDSS'
: }
: }
: }
48 30 30: SEQUENCE {
50 17 13: UTCTime '990817021716Z'
65 17 13: UTCTime '391231235959Z'
: }
80 30 18: SEQUENCE {
82 31 16: SET {
84 30 14: SEQUENCE {
86 06 3: OBJECT IDENTIFIER commonName (2 5 4 3)
: (X.520 id-at (2 5 4))
91 13 7: PrintableString 'EricaDH'
: }
: }
: }
100 30 452: SEQUENCE {
104 30 312: SEQUENCE {
108 06 7: OBJECT IDENTIFIER dhPublicNumber (1 2 840 10046 2 1)
: (ANSI X9.42 number-type)
117 30 299: SEQUENCE {
121 02 129: INTEGER
: 00 EC 2C CD A4 EF 9A 26 2F 62 A7 BB 23 4D DF 2B
: 25 C1 68 D2 9E A9 45 5B 36 F1 94 89 1A AF 7D 11
: 24 9D 3D B9 3C 29 E8 D7 23 80 33 A6 9E 45 02 BB
: AA CC 9E 28 05 95 A0 B3 17 76 C1 F7 25 35 61 02
: 41 92 27 0C 5E AE 48 E5 F3 6E 38 EF 91 D1 CF 37
: FE 9A 40 97 C8 2D 35 9E 9D 93 C6 F8 15 AF 3F DA
: 74 3A B7 C4 93 B5 B9 BB 76 6C 1F A8 7E BC 3A AA
: 43 0A 81 64 FC 63 F0 7B 71 98 FA C0 38 79 10 1A
: 33
253 02 129: INTEGER
: 00 BA 0B D7 74 3D E7 34 E5 4C 13 A7 95 96 BB F1
: E4 61 37 08 FB 12 C7 FB 9C 91 77 06 99 35 F0 48
: 24 96 33 12 01 7E 8D EC 0B F6 B2 C0 63 A7 15 C5
: 5E 95 86 A2 73 C5 49 46 37 79 60 FD 77 05 09 48
: 9B 70 8D 3C 05 F6 CE 44 2C 7F 7D 1B 2B 15 DD F3
: 05 2F BE 85 20 8F 8D F9 B4 A0 45 74 2B F4 3B 9D
: 42 62 34 27 27 81 8E 6F 0F 5E 62 85 89 CC ED 21
: C3 91 70 06 54 EE 70 A8 92 55 5B 6E 19 22 4D 62
: A7
385 02 33: INTEGER
: 00 C3 AB 4A 30 79 B3 D3 97 4E CA F5 A2 7D C7 70
: A3 45 F3 B3 A2 86 05 D2 3E 49 F9 9F D9 0A B3 BE
: BD
: }
: }
420 03 133: BIT STRING 0 unused bits, encapsulates {
424 02 129: INTEGER
: 00 D1 2B E4 1D 3E BA 18 CF 75 20 C6 C7 5E C3 C4
: 6C EA F3 23 D9 09 1F 46 98 F4 CE 59 B9 B6 CE E8
: 3A C6 18 F8 59 77 1B 99 B0 DA DC C0 9D 09 E4 AF
: F9 61 91 2C 47 CC 47 5E DF 2B 33 76 F3 67 EC 77
: E8 2C 37 30 A1 89 5D F3 C8 F6 5C 16 4A E4 B7 8C
: F5 7B D5 38 FD 14 AC E8 7A C2 7D EE 07 90 27 0A
: 7C 87 A8 A2 E2 70 35 EA 6E DE 9E 50 31 6B E9 09
: DA 25 1A 01 8E E3 FF 26 1C 75 F5 C3 CE 5A F5 9E
: 85
: }
: }
556 A3 129: [3] {
559 30 127: SEQUENCE {
561 30 31: SEQUENCE {
563 06 3: OBJECT IDENTIFIER subjectAltName (2 5 29 17)
: (X.509 id-ce (2 5 29))
568 04 24: OCTET STRING, encapsulates {
570 30 22: SEQUENCE {
572 81 20: [1] 'ericaDh@examples.com'
: }
: }
: }
594 30 12: SEQUENCE {
596 06 3: OBJECT IDENTIFIER basicConstraints (2 5 29 19)
: (X.509 id-ce (2 5 29))
601 01 1: BOOLEAN TRUE
604 04 2: OCTET STRING, encapsulates {
606 30 0: SEQUENCE {}
: }
: }
608 30 14: SEQUENCE {
610 06 3: OBJECT IDENTIFIER keyUsage (2 5 29 15)
: (X.509 id-ce (2 5 29))
615 01 1: BOOLEAN TRUE
618 04 4: OCTET STRING, encapsulates {
620 03 2: BIT STRING 3 unused bits
: '10000'B
: }
: }
624 30 31: SEQUENCE {
626 06 3: OBJECT IDENTIFIER authorityKeyIdentifier (2 5 29 35)
: (X.509 id-ce (2 5 29))
631 04 24: OCTET STRING, encapsulates {
633 30 22: SEQUENCE {
635 80 20: [0]
: 70 44 3E 82 2E 6F 87 DE 4A D3 75 E3 3D 20 BC 43
: 2B 93 F1 1F
: }
: }
: }
657 30 29: SEQUENCE {
659 06 3: OBJECT IDENTIFIER subjectKeyIdentifier (2 5 29 14)
: (X.509 id-ce (2 5 29))
664 04 22: OCTET STRING
: 04 14 8D 53 1D 61 55 7F 60 35 6D A6 36 A2 C5 93
: F8 9A FD C0 75 74
: }
: }
: }
: }
688 30 9: SEQUENCE {
690 06 7: OBJECT IDENTIFIER dsaWithSha1 (1 2 840 10040 4 3)
: (ANSI X9.57 algorithm)
: }
699 03 48: BIT STRING 0 unused bits, encapsulates {
702 30 45: SEQUENCE {
704 02 20: INTEGER
: 3E 51 42 08 E3 52 2E AA BB 8F BD 18 38 71 CB 98
: 83 BE 47 9E
726 02 21: INTEGER
: 00 B4 B3 15 85 99 11 06 40 1F 40 59 8D D4 1B 2D
: CD 81 F1 E8 68
: }
: }
: }
3.4 CRLs 3.4 CRLs
CarlCRL is a CRL from Carl that contains three revocations. CarlCRL is a CRL from Carl that contains three revocations.
CarlCRL = XXXXX CarlDSSCRLForAll =
0 30 216: SEQUENCE {
3 30 153: SEQUENCE {
6 30 9: SEQUENCE {
8 06 7: OBJECT IDENTIFIER dsaWithSha1 (1 2 840 10040 4 3)
: (ANSI X9.57 algorithm)
: }
17 30 18: SEQUENCE {
19 31 16: SET {
21 30 14: SEQUENCE {
23 06 3: OBJECT IDENTIFIER commonName (2 5 4 3)
: (X.520 id-at (2 5 4))
28 13 7: PrintableString 'CarlDSS'
: }
: }
: }
37 17 13: UTCTime '990827070000Z'
52 30 105: SEQUENCE {
54 30 19: SEQUENCE {
56 02 2: INTEGER 200
60 17 13: UTCTime '990822070000Z'
: }
75 30 19: SEQUENCE {
77 02 2: INTEGER 201
81 17 13: UTCTime '990822070000Z'
: }
96 30 19: SEQUENCE {
98 02 2: INTEGER 211
102 17 13: UTCTime '990822070000Z'
: }
117 30 19: SEQUENCE {
119 02 2: INTEGER 210
123 17 13: UTCTime '990822070000Z'
: }
138 30 19: SEQUENCE {
140 02 2: INTEGER 212
144 17 13: UTCTime '990824070000Z'
: }
: }
: }
159 30 9: SEQUENCE {
161 06 7: OBJECT IDENTIFIER dsaWithSha1 (1 2 840 10040 4 3)
: (ANSI X9.57 algorithm)
: }
170 03 47: BIT STRING 0 unused bits, encapsulates {
173 30 44: SEQUENCE {
175 02 20: INTEGER
: 7E 65 52 76 33 FE 34 73 17 D1 F7 96 F9 A0 D4 D8
: 6D 5C 7D 3D
197 02 20: INTEGER
: 02 7A 5B B7 D5 5B 18 C1 CF 87 EF 7E DA 24 F3 2A
: 83 9C 35 A1
: }
: }
: }
CarlDSSCRLForCarl =
0 30 131: SEQUENCE {
3 30 68: SEQUENCE {
5 30 9: SEQUENCE {
7 06 7: OBJECT IDENTIFIER dsaWithSha1 (1 2 840 10040 4 3)
: (ANSI X9.57 algorithm)
: }
16 30 18: SEQUENCE {
18 31 16: SET {
20 30 14: SEQUENCE {
22 06 3: OBJECT IDENTIFIER commonName (2 5 4 3)
: (X.520 id-at (2 5 4))
27 13 7: PrintableString 'CarlDSS'
: }
: }
: }
36 17 13: UTCTime '990825070000Z'
51 30 20: SEQUENCE {
53 30 18: SEQUENCE {
55 02 1: INTEGER 1
58 17 13: UTCTime '990822070000Z'
: }
: }
: }
73 30 9: SEQUENCE {
75 06 7: OBJECT IDENTIFIER dsaWithSha1 (1 2 840 10040 4 3)
: (ANSI X9.57 algorithm)
: }
84 03 48: BIT STRING 0 unused bits, encapsulates {
87 30 45: SEQUENCE {
89 02 21: INTEGER
: 00 B3 1F C5 4F 7A 3D EC 76 D5 60 F9 DE 79 22 EC
: 4F B0 90 FE 97
112 02 20: INTEGER
: 5A 8B C3 84 BC 66 87 1B BF 79 82 5B 0A 5D 07 F6
: BA A9 05 29
: }
: }
: }
CarlDSSCRLEmpty =
0 30 109: SEQUENCE {
2 30 46: SEQUENCE {
4 30 9: SEQUENCE {
6 06 7: OBJECT IDENTIFIER dsaWithSha1 (1 2 840 10040 4 3)
: (ANSI X9.57 algorithm)
: }
15 30 18: SEQUENCE {
17 31 16: SET {
19 30 14: SEQUENCE {
21 06 3: OBJECT IDENTIFIER commonName (2 5 4 3)
: (X.520 id-at (2 5 4))
26 13 7: PrintableString 'CarlDSS'
: }
: }
: }
35 17 13: UTCTime '990820070000Z'
: }
50 30 9: SEQUENCE {
52 06 7: OBJECT IDENTIFIER dsaWithSha1 (1 2 840 10040 4 3)
: (ANSI X9.57 algorithm)
: }
61 03 48: BIT STRING 0 unused bits, encapsulates {
64 30 45: SEQUENCE {
66 02 20: INTEGER
: 62 3F 36 17 31 58 2E 67 50 79 F5 09 4B 8C AD D4
: 6B F4 64 9F
88 02 21: INTEGER
: 00 B5 3B 4E A1 4C 7B FD 0F C3 8D 9B B6 FE C3 5D
: 6F DE 65 28 7D
: }
: }
: }
CarlRSACRLForAll =
0 30 307: SEQUENCE {
4 30 157: SEQUENCE {
7 30 13: SEQUENCE {
9 06 9: OBJECT IDENTIFIER
: md5withRSAEncryption (1 2 840 113549 1 1 4)
: (PKCS #1)
20 05 0: NULL
: }
22 30 18: SEQUENCE {
24 31 16: SET {
26 30 14: SEQUENCE {
28 06 3: OBJECT IDENTIFIER commonName (2 5 4 3)
: (X.520 id-at (2 5 4))
33 13 7: PrintableString 'CarlRSA'
: }
: }
: }
42 17 13: UTCTime '990827070000Z'
57 30 105: SEQUENCE {
59 30 33: SEQUENCE {
61 02 16: INTEGER
: 46 34 6B C7 80 00 56 BC 11 D3 6E 2E C4 10 B3 B0
79 17 13: UTCTime '990822070000Z'
: }
94 30 33: SEQUENCE {
96 02 16: INTEGER
: 46 34 6B C7 80 00 56 BC 11 D3 6E 2E D5 9A 30 90
114 17 13: UTCTime '990822070000Z'
: }
129 30 33: SEQUENCE {
131 02 16: INTEGER
: 46 34 6B C7 80 00 56 BC 11 D3 6E 2E CD 5D 71 D0
149 17 13: UTCTime '990824070000Z'
: }
: }
: }
164 30 13: SEQUENCE {
166 06 9: OBJECT IDENTIFIER md5withRSAEncryption (1 2 840 113549 1 1 4)
: (PKCS #1)
177 05 0: NULL
: }
179 03 129: BIT STRING 0 unused bits
: BF B3 97 AA 53 F0 32 21 16 2B 77 92 7A 6B BB 97
: C8 DC EA F1 FA 66 16 30 0E B5 9E 5C F0 81 D4 5E
: B3 6E C1 88 6B 8C D4 5E C5 4D FB 47 5E 66 F3 5D
: AB E5 B4 18 36 60 A8 4D 9C 3C 89 EC 6F 27 BF 35
: 50 71 81 C2 B9 44 5B 62 89 19 12 31 A9 7B 9A D3
: CC 66 CB 11 D9 0B 10 47 77 AD 4F 22 D9 E5 7F 30
: F2 5B FC 94 51 A5 58 76 3B 1F A8 46 A6 1F F6 A1
: DE 55 A1 ED 31 88 69 97 0F 08 D3 D4 0C 60 5B 1E
: }
CarlRSACRLForCarl =
0 30 236: SEQUENCE {
3 30 87: SEQUENCE {
5 30 13: SEQUENCE {
7 06 9: OBJECT IDENTIFIER
: md5withRSAEncryption (1 2 840 113549 1 1 4)
: (PKCS #1)
18 05 0: NULL
: }
20 30 18: SEQUENCE {
22 31 16: SET {
24 30 14: SEQUENCE {
26 06 3: OBJECT IDENTIFIER commonName (2 5 4 3)
: (X.520 id-at (2 5 4))
31 13 7: PrintableString 'CarlRSA'
: }
: }
: }
40 17 13: UTCTime '990825070000Z'
55 30 35: SEQUENCE {
57 30 33: SEQUENCE {
59 02 16: INTEGER
: 46 34 6B C7 80 00 56 BC 11 D3 6E 2E 9F F2 50 20
77 17 13: UTCTime '990822070000Z'
: }
: }
: }
92 30 13: SEQUENCE {
94 06 9: OBJECT IDENTIFIER md5withRSAEncryption (1 2 840 113549 1 1 4)
: (PKCS #1)
105 05 0: NULL
: }
107 03 129: BIT STRING 0 unused bits
: 21 EF 21 D4 C1 1A 85 95 49 6B CA 45 62 DC D7 09
: FF A9 51 2E 8E D9 47 18 FA F8 E5 72 DD 4F ED 74
: 74 E3 F3 65 32 65 28 2C 9A 1D 57 E5 D5 26 06 EA
: D5 E6 23 95 84 8D 0E 89 9E EE 9B 0C 2F CE 07 F7
: A3 D1 6B 85 4C 0F FF E6 DD FC DC CD 73 2C 1E 7D
: DC B0 71 C5 4C FC 01 6E 52 57 69 1E 39 63 DF 12
: 22 30 C7 13 55 94 05 6E 2A 00 A9 5B C4 2A 66 94
: 62 CE 36 33 C2 2B 63 47 25 9D F3 DE 70 EE 00 56
: }
CarlRSACRLEmpty =
0 30 199: SEQUENCE {
3 30 50: SEQUENCE {
5 30 13: SEQUENCE {
7 06 9: OBJECT IDENTIFIER
: md5withRSAEncryption (1 2 840 113549 1 1 4)
: (PKCS #1)
18 05 0: NULL
: }
20 30 18: SEQUENCE {
22 31 16: SET {
24 30 14: SEQUENCE {
26 06 3: OBJECT IDENTIFIER commonName (2 5 4 3)
: (X.520 id-at (2 5 4))
31 13 7: PrintableString 'CarlRSA'
: }
: }
: }
40 17 13: UTCTime '990820070000Z'
: }
55 30 13: SEQUENCE {
57 06 9: OBJECT IDENTIFIER md5withRSAEncryption (1 2 840 113549 1 1 4)
: (PKCS #1)
68 05 0: NULL
: }
70 03 129: BIT STRING 0 unused bits
: A9 C5 21 B8 13 7C 74 F3 B5 11 EC 04 F3 20 45 86
: 1E 0B 6E 7F 83 6D 5F F4 34 76 06 59 25 0E 04 3D
: 88 09 88 81 37 C4 DC 20 98 FA 17 81 0B 37 94 AC
: B4 8F 7B 51 89 14 A4 CB 72 73 14 07 BC 22 9C 40
: A1 07 FC 44 7C 85 0F 0B 88 D1 EE E1 0E AF F6 16
: 74 AD A1 AF C1 00 75 00 64 EA A5 9A F6 0B 08 A2
: DB 95 19 5F A6 A7 B9 39 45 25 0A 0E F6 5E 84 E7
: F8 B9 5A C9 18 C2 0E B8 A0 96 BE 81 3A 80 6D C9
: }
4. Trivial Examples 4. Trivial Examples
This section covers examples of small CMS types. This section covers examples of small CMS types.
4.1 ContentInfo with Data type, BER 4.1 ContentInfo with Data type, BER
The object is a ContentInfo containing a Data object in BER format that is The object is a ContentInfo containing a Data object in BER format that is
ExContent. ExContent.
XXXXX 0 30 NDEF: SEQUENCE {
2 06 9: OBJECT IDENTIFIER data (1 2 840 113549 1 7 1)
: (PKCS #7)
13 A0 NDEF: [0] {
15 24 NDEF: OCTET STRING {
17 04 4: OCTET STRING
: 54 68 69 73
23 04 24: OCTET STRING
: 20 69 73 20 73 6F 6D 65 20 73 61 6D 70 6C 65 20
: 63 6F 6E 74 65 6E 74 2E
: }
: }
: }
4.2 ContentInfo with Data type, DER 4.2 ContentInfo with Data type, DER
The object is a ContentInfo containing a Data object in DER format that is The object is a ContentInfo containing a Data object in DER format that is
ExContent. ExContent.
DataTypeDER.bin: 0 30 43: SEQUENCE {
2 06 9: OBJECT IDENTIFIER data (1 2 840 113549 1 7 1)
XXXXX : (PKCS #7)
13 A0 30: [0] {
15 04 28: OCTET STRING
: 54 68 69 73 20 69 73 20 73 6F 6D 65 20 73 61 6D
: 70 6C 65 20 63 6F 6E 74 65 6E 74 2E
: }
: }
5. Signed-data 5. Signed-data
5.1 Basic signed content, DSS 5.1 Basic signed content, DSS
A SignedData with no attribute certificates, signed by Alice using A SignedData with no attribute certificates, signed by Alice using
DH-DSS, just her certificate (not Carl's root cert), no CRL. The DH-DSS, just her certificate (not Carl's root cert), no CRL. The
message is ExContent, and is included in the eContent. There are no message is ExContent, and is included in the eContent. There are no
signed or unsigned attributes. signed or unsigned attributes.
XXXXX 0 30 183: SEQUENCE {
3 06 9: OBJECT IDENTIFIER signedData (1 2 840 113549 1 7 2)
: (PKCS #7)
14 A0 169: [0] {
17 30 166: SEQUENCE {
20 02 1: INTEGER 1
23 31 11: SET {
25 30 9: SEQUENCE {
27 06 5: OBJECT IDENTIFIER sha1 (1 3 14 3 2 26)
: (OIW)
34 05 0: NULL
: }
: }
36 30 43: SEQUENCE {
38 06 9: OBJECT IDENTIFIER data (1 2 840 113549 1 7 1)
: (PKCS #7)
49 A0 30: [0] {
51 04 28: OCTET STRING
: 54 68 69 73 20 69 73 20 73 6F 6D 65 20 73 61 6D
: 70 6C 65 20 63 6F 6E 74 65 6E 74 2E
: }
: }
81 31 103: SET {
83 30 101: SEQUENCE {
85 02 1: INTEGER 1
88 30 24: SEQUENCE {
90 30 18: SEQUENCE {
92 31 16: SET {
94 30 14: SEQUENCE {
96 06 3: OBJECT IDENTIFIER commonName (2 5 4 3)
: (X.520 id-at (2 5 4))
101 13 7: PrintableString 'CarlDSS'
: }
: }
: }
110 02 2: INTEGER 200
: }
114 30 9: SEQUENCE {
116 06 5: OBJECT IDENTIFIER sha1 (1 3 14 3 2 26)
: (OIW)
123 05 0: NULL
: }
125 30 9: SEQUENCE {
127 06 7: OBJECT IDENTIFIER dsa (1 2 840 10040 4 1)
: (ANSI X9.57 algorithm)
: }
136 04 48: OCTET STRING
: 30 2D 02 14 70 9B 27 7D 99 E7 D2 0C C6 C5 21 0B
: 4B E2 21 B7 BD 8D 48 29 02 15 00 8B 2C 0C 06 CB
: 4A B5 06 4B A8 4C 0E 78 D1 3B 90 E9 D1 9F A4 00
: }
: }
: }
: }
: }
5.2 Basic signed content, RSA 5.2 Basic signed content, RSA
Same as 5.1, except using RSA signatures. A SignedData with no Same as 5.1, except using RSA signatures. A SignedData with no
attribute certificates, signed by Alice using RSA, just her certificate attribute certificates, signed by Alice using RSA, just her certificate
(not Carl's root cert), no CRL. The message is ExContent, and is (not Carl's root cert), no CRL. The message is ExContent, and is
included in the eContent. There are no signed or unsigned attributes. included in the eContent. There are no signed or unsigned attributes.
XXXXX 0 30 286: SEQUENCE {
4 06 9: OBJECT IDENTIFIER signedData (1 2 840 113549 1 7 2)
: (PKCS #7)
15 A0 271: [0] {
19 30 267: SEQUENCE {
23 02 1: INTEGER 1
26 31 11: SET {
28 30 9: SEQUENCE {
30 06 5: OBJECT IDENTIFIER sha1 (1 3 14 3 2 26)
: (OIW)
37 05 0: NULL
: }
: }
39 30 43: SEQUENCE {
41 06 9: OBJECT IDENTIFIER data (1 2 840 113549 1 7 1)
: (PKCS #7)
52 A0 30: [0] {
54 04 28: OCTET STRING
: 54 68 69 73 20 69 73 20 73 6F 6D 65 20 73 61 6D
: 70 6C 65 20 63 6F 6E 74 65 6E 74 2E
: }
: }
84 31 203: SET {
87 30 200: SEQUENCE {
90 02 1: INTEGER 1
93 30 38: SEQUENCE {
95 30 18: SEQUENCE {
97 31 16: SET {
99 30 14: SEQUENCE {
101 06 3: OBJECT IDENTIFIER commonName (2 5 4 3)
: (X.520 id-at (2 5 4))
106 13 7: PrintableString 'CarlRSA'
: }
: }
: }
115 02 16: INTEGER
: 46 34 6B C7 80 00 56 BC 11 D3 6E 2E C4 10 B3 B0
: }
133 30 9: SEQUENCE {
135 06 5: OBJECT IDENTIFIER sha1 (1 3 14 3 2 26)
: (OIW)
142 05 0: NULL
: }
144 30 13: SEQUENCE {
146 06 9: OBJECT IDENTIFIER
: rsaEncryption (1 2 840 113549 1 1 1)
: (PKCS #1)
157 05 0: NULL
: }
159 04 128: OCTET STRING
: 2F 23 82 D2 F3 09 5F B8 0C 58 EB 4E 9D BF 89 9A
: 81 E5 75 C4 91 3D D3 D0 D5 7B B6 D5 FE 94 A1 8A
: AC E3 C4 84 F5 CD 60 4E 27 95 F6 CF 00 86 76 75
: 3F 2B F0 E7 D4 02 67 A7 F5 C7 8D 16 04 A5 B3 B5
: E7 D9 32 F0 24 EF E7 20 44 D5 9F 07 C5 53 24 FA
: CE 01 1D 0F 17 13 A7 2A 95 9D 2B E4 03 95 14 0B
: E9 39 0D BA CE 6E 9C 9E 0C E8 98 E6 55 13 D4 68
: 6F D0 07 D7 A2 B1 62 4C E3 8F AF FD E0 D5 5D C7
: }
: }
: }
: }
: }
5.3 Basic signed content, detached content 5.3 Basic signed content, detached content
Same as 5.1, except with no eContent. A SignedData with no attribute Same as 5.1, except with no eContent. A SignedData with no attribute
certificates, signed by Alice using DH-DSS, just her certificate (not certificates, signed by Alice using DH-DSS, just her certificate (not
Carl's root cert), no CRL. The message is ExContent, but the eContent Carl's root cert), no CRL. The message is ExContent, but the eContent
is not included. There are no signed or unsigned attributes. is not included. There are no signed or unsigned attributes.
XXXXX 0 30 151: SEQUENCE {
3 06 9: OBJECT IDENTIFIER signedData (1 2 840 113549 1 7 2)
: (PKCS #7)
14 A0 137: [0] {
17 30 134: SEQUENCE {
20 02 1: INTEGER 1
23 31 11: SET {
25 30 9: SEQUENCE {
27 06 5: OBJECT IDENTIFIER sha1 (1 3 14 3 2 26)
: (OIW)
34 05 0: NULL
: }
: }
36 30 11: SEQUENCE {
38 06 9: OBJECT IDENTIFIER data (1 2 840 113549 1 7 1)
: (PKCS #7)
: }
49 31 103: SET {
51 30 101: SEQUENCE {
53 02 1: INTEGER 1
56 30 24: SEQUENCE {
58 30 18: SEQUENCE {
60 31 16: SET {
62 30 14: SEQUENCE {
64 06 3: OBJECT IDENTIFIER commonName (2 5 4 3)
: (X.520 id-at (2 5 4))
69 13 7: PrintableString 'CarlDSS'
: }
: }
: }
78 02 2: INTEGER 200
: }
82 30 9: SEQUENCE {
84 06 5: OBJECT IDENTIFIER sha1 (1 3 14 3 2 26)
: (OIW)
91 05 0: NULL
: }
93 30 9: SEQUENCE {
95 06 7: OBJECT IDENTIFIER dsa (1 2 840 10040 4 1)
: (ANSI X9.57 algorithm)
: }
104 04 48: OCTET STRING
: 30 2D 02 14 5E 5E 6B 69 04 A2 62 5D 8B 45 B2 55
: F9 75 1C 12 4E 88 88 21 02 15 00 A3 C1 48 23 E0
: 08 35 6F 25 22 7A 1E B6 14 BC E4 75 91 DB 25 00
: }
: }
: }
: }
: }
5.4 Fancier signed content 5.4 Fancier signed content
Same as 5.1, but includes Carl's root cert, Carl's CRL, some signed and Same as 5.1, but includes Carl's root cert, Carl's CRL, some signed and
unsigned attributes (Countersignature by Diane). A SignedData with no unsigned attributes (Countersignature by Diane). A SignedData with no
attribute certificates, signed by Alice using DH-DSS, her certificate attribute certificates, signed by Alice using DH-DSS, her certificate
and Carl's root cert, Carl's DSS CRL. The message is ExContent, and is and Carl's root cert, Carl's DSS CRL. The message is ExContent, and is
included in the eContent. The signed attributes are Content Type, included in the eContent. The signed attributes are Content Type,
Message Digest and Signing Time; the unsigned attributes are XXXXX. Message Digest and Signing Time; the unsigned attributes are content
hint and counter signature.
XXXXX 0 30 2152: SEQUENCE {
4 06 9: OBJECT IDENTIFIER signedData (1 2 840 113549 1 7 2)
: (PKCS #7)
15 A0 2137: [0] {
19 30 2133: SEQUENCE {
23 02 1: INTEGER 3
26 31 11: SET {
28 30 9: SEQUENCE {
30 06 5: OBJECT IDENTIFIER sha1 (1 3 14 3 2 26)
: (OIW)
37 05 0: NULL
: }
: }
39 30 43: SEQUENCE {
41 06 9: OBJECT IDENTIFIER data (1 2 840 113549 1 7 1)
: (PKCS #7)
52 A0 30: [0] {
54 04 28: OCTET STRING
: 54 68 69 73 20 69 73 20 73 6F 6D 65 20 73 61 6D
: 70 6C 65 20 63 6F 6E 74 65 6E 74 2E
: }
: }
84 A0 1409: [0] {
88 30 667: SEQUENCE {
92 30 602: SEQUENCE {
96 A0 3: [0] {
98 02 1: INTEGER 2
: }
101 02 1: INTEGER 1
104 30 9: SEQUENCE {
106 06 7: OBJECT IDENTIFIER dsaWithSha1 (1 2 840 10040 4 3)
: (ANSI X9.57 algorithm)
: }
115 30 18: SEQUENCE {
117 31 16: SET {
119 30 14: SEQUENCE {
121 06 3: OBJECT IDENTIFIER commonName (2 5 4 3)
: (X.520 id-at (2 5 4))
126 13 7: PrintableString 'CarlDSS'
: }
: }
: }
135 30 30: SEQUENCE {
137 17 13: UTCTime '990816225050Z'
152 17 13: UTCTime '391231235959Z'
: }
167 30 18: SEQUENCE {
169 31 16: SET {
171 30 14: SEQUENCE {
173 06 3: OBJECT IDENTIFIER commonName (2 5 4 3)
: (X.520 id-at (2 5 4))
178 13 7: PrintableString 'CarlDSS'
: }
: }
: }
187 30 439: SEQUENCE {
191 30 299: SEQUENCE {
195 06 7: OBJECT IDENTIFIER dsa (1 2 840 10040 4 1)
: (ANSI X9.57 algorithm)
204 30 286: SEQUENCE {
208 02 129: INTEGER
: 00 B6 49 18 3E 8A 44 C1 29 71 94 4C 01 C4 12 C1
: 7A 79 CB 54 4D AB 1E 81 FB C6 4C B3 0E 94 09 06
: EB 01 D4 B1 C8 71 4B C7 45 C0 50 25 5D 9C FC DA
: E4 6D D3 E2 86 48 84 82 7D BA 15 95 4A 16 F6 46
: ED DD F6 98 D2 BB 7E 8A 0A 8A BA 16 7B B9 50 01
: 48 93 8B EB 25 15 51 97 55 DC 8F 53 0E 10 A9 50
: FC 70 B7 CD 30 54 FD DA DE A8 AA 22 B5 A1 AF 8B
: CC 02 88 E7 8B 70 5F B9 AD E1 08 D4 6D 29 2D D6
: E9
340 02 21: INTEGER
: 00 DD C1 2F DF 53 CE 0B 34 60 77 3E 02 A4 BF 8A
: 5D 98 B9 10 D5
363 02 128: INTEGER
: 0C EE 57 9B 4B BD DA B6 07 6A 74 37 4F 55 7F 9D
: ED BC 61 0D EB 46 59 3C 56 0B 2B 5B 0C 91 CE A5
: 62 52 69 CA E1 6D 3E BD BF FE E1 B7 B9 2B 61 3C
: AD CB AE 45 E3 06 AC 8C 22 9D 9C 44 87 0B C7 CD
: F0 1C D9 B5 4E 5D 73 DE AF 0E C9 1D 5A 51 F5 4F
: 44 79 35 5A 73 AA 7F 46 51 1F A9 42 16 9C 48 EB
: 8A 79 61 B4 D5 2F 53 22 44 63 1F 86 B8 A3 58 06
: 25 F8 29 C0 EF BA E0 75 F0 42 C4 63 65 52 9B 0A
: }
: }
494 03 133: BIT STRING 0 unused bits, encapsulates {
498 02 129: INTEGER
: 00 99 87 74 27 03 66 A0 B1 C0 AD DC 2C 75 BB E1
: 6C 44 9C DA 21 6D 4D 47 6D B1 62 09 E9 D8 AE 1E
: F2 3A B4 94 B1 A3 8E 7A 9B 71 4E 00 94 C9 B4 25
: 4E B9 60 96 19 24 01 F3 62 0C FE 75 C0 FB CE D8
: 68 00 E3 FD D5 70 4F DF 23 96 19 06 94 F4 B1 61
: 8F 3A 57 B1 08 11 A4 0B 26 25 F0 52 76 81 EA 0B
: 62 0D 95 2A E6 86 BA 72 B2 A7 50 83 0B AA 27 CD
: 1B A9 4D 89 9A D7 8D 18 39 84 3F 8B C5 56 4D 80
: 7A
: }
: }
630 A3 66: [3] {
632 30 64: SEQUENCE {
634 30 15: SEQUENCE {
636 06 3: OBJECT IDENTIFIER basicConstraints (2 5 29 19)
: (X.509 id-ce (2 5 29))
641 01 1: BOOLEAN TRUE
644 04 5: OCTET STRING, encapsulates {
646 30 3: SEQUENCE {
648 01 1: BOOLEAN TRUE
: }
: }
: }
651 30 14: SEQUENCE {
653 06 3: OBJECT IDENTIFIER keyUsage (2 5 29 15)
: (X.509 id-ce (2 5 29))
658 01 1: BOOLEAN TRUE
661 04 4: OCTET STRING, encapsulates {
663 03 2: BIT STRING 1 unused bits
: '1100001'B
: }
: }
667 30 29: SEQUENCE {
669 06 3: OBJECT IDENTIFIER
: subjectKeyIdentifier (2 5 29 14)
: (X.509 id-ce (2 5 29))
674 04 22: OCTET STRING
: 04 14 70 44 3E 82 2E 6F 87 DE 4A D3 75 E3 3D 20
: BC 43 2B 93 F1 1F
: }
: }
: }
: }
698 30 9: SEQUENCE {
700 06 7: OBJECT IDENTIFIER dsaWithSha1 (1 2 840 10040 4 3)
: (ANSI X9.57 algorithm)
: }
709 03 48: BIT STRING 0 unused bits, encapsulates {
712 30 45: SEQUENCE {
714 02 20: INTEGER
: 6B A9 F0 4E 7A 5A 79 E3 F9 BE 3D 2B C9 06 37 E9
: 11 17 A1 13
736 02 21: INTEGER
: 00 8F 34 69 2A 8B B1 3C 03 79 94 32 4D 12 1F CE
: 89 FB 46 B2 3B
: }
: }
: }
759 30 734: SEQUENCE {
763 30 669: SEQUENCE {
767 A0 3: [0] {
769 02 1: INTEGER 2
: }
772 02 2: INTEGER 200
776 30 9: SEQUENCE {
778 06 7: OBJECT IDENTIFIER dsaWithSha1 (1 2 840 10040 4 3)
: (ANSI X9.57 algorithm)
: }
787 30 18: SEQUENCE {
789 31 16: SET {
791 30 14: SEQUENCE {
793 06 3: OBJECT IDENTIFIER commonName (2 5 4 3)
: (X.520 id-at (2 5 4))
798 13 7: PrintableString 'CarlDSS'
: }
: }
: }
807 30 30: SEQUENCE {
809 17 13: UTCTime '990817011049Z'
824 17 13: UTCTime '391231235959Z'
: }
839 30 19: SEQUENCE {
841 31 17: SET {
843 30 15: SEQUENCE {
845 06 3: OBJECT IDENTIFIER commonName (2 5 4 3)
: (X.520 id-at (2 5 4))
850 13 8: PrintableString 'AliceDSS'
: }
: }
: }
860 30 438: SEQUENCE {
864 30 299: SEQUENCE {
868 06 7: OBJECT IDENTIFIER dsa (1 2 840 10040 4 1)
: (ANSI X9.57 algorithm)
877 30 286: SEQUENCE {
881 02 129: INTEGER
: 00 81 8D CD ED 83 EA 0A 9E 39 3E C2 48 28 A3 E4
: 47 93 DD 0E D7 A8 0E EC 53 C5 AB 84 08 4F FF 94
: E1 73 48 7E 0C D6 F3 44 48 D1 FE 9F AF A4 A1 89
: 2F E1 D9 30 C8 36 DE 3F 9B BF B7 4C DC 5F 69 8A
: E4 75 D0 37 0C 91 08 95 9B DE A7 5E F9 FC F4 9F
: 2F DD 43 A8 8B 54 F1 3F B0 07 08 47 4D 5D 88 C3
: C3 B5 B3 E3 55 08 75 D5 39 76 10 C4 78 BD FF 9D
: B0 84 97 37 F2 E4 51 1B B5 E4 09 96 5C F3 7E 5B
: DB
1013 02 21: INTEGER
: 00 E2 47 A6 1A 45 66 B8 13 C6 DA 8F B8 37 21 2B
: 62 8B F7 93 CD
1036 02 128: INTEGER
: 26 38 D0 14 89 32 AA 39 FB 3E 6D D9 4B 59 6A 4C
: 76 23 39 04 02 35 5C F2 CB 1A 30 C3 1E 50 5D DD
: 9B 59 E2 CD AA 05 3D 58 C0 7B A2 36 B8 6E 07 AF
: 7D 8A 42 25 A7 F4 75 CF 4A 08 5E 4B 3E 90 F8 6D
: EA 9C C9 21 8A 3B 76 14 E9 CE 2E 5D A3 07 CD 23
: 85 B8 2F 30 01 7C 6D 49 89 11 89 36 44 BD F8 C8
: 95 4A 53 56 B5 E2 F9 73 EC 1A 61 36 1F 11 7F C2
: BD ED D1 50 FF 98 74 C2 D1 81 4A 60 39 BA 36 39
: }
: }
1167 03 132: BIT STRING 0 unused bits, encapsulates {
1171 02 128: INTEGER
: 5C E3 B9 5A 75 14 96 0B A9 7A DD E3 3F A9 EC AC
: 5E DC BD B7 13 11 34 A6 16 89 28 11 23 D9 34 86
: 67 75 75 13 12 3D 43 5B 6F E5 51 BF FA 89 F2 A2
: 1B 3E 24 7D 3D 07 8D 5B 63 C8 BB 45 A5 A0 4A E3
: 85 D6 CE 06 80 3F E8 23 7E 1A F2 24 AB 53 1A B8
: 27 0D 1E EF 08 BF 66 14 80 5C 62 AC 65 FA 15 8B
: F1 BB 34 D4 D2 96 37 F6 61 47 B2 C4 32 84 F0 7E
: 41 40 FD 46 A7 63 4E 33 F2 A5 E2 F4 F2 83 E5 B8
: }
: }
1302 A3 131: [3] {
1305 30 128: SEQUENCE {
1308 30 32: SEQUENCE {
1310 06 3: OBJECT IDENTIFIER subjectAltName (2 5 29 17)
: (X.509 id-ce (2 5 29))
1315 04 25: OCTET STRING, encapsulates {
1317 30 23: SEQUENCE {
1319 81 21: [1] 'aliceDss@examples.com'
: }
: }
: }
1342 30 12: SEQUENCE {
1344 06 3: OBJECT IDENTIFIER basicConstraints (2 5 29 19)
: (X.509 id-ce (2 5 29))
1349 01 1: BOOLEAN TRUE
1352 04 2: OCTET STRING, encapsulates {
1354 30 0: SEQUENCE {}
: }
: }
1356 30 14: SEQUENCE {
1358 06 3: OBJECT IDENTIFIER keyUsage (2 5 29 15)
: (X.509 id-ce (2 5 29))
1363 01 1: BOOLEAN TRUE
1366 04 4: OCTET STRING, encapsulates {
1368 03 2: BIT STRING 6 unused bits
: '11'B
: }
: }
1372 30 31: SEQUENCE {
1374 06 3: OBJECT IDENTIFIER
: authorityKeyIdentifier (2 5 29 35)
: (X.509 id-ce (2 5 29))
1379 04 24: OCTET STRING, encapsulates {
1381 30 22: SEQUENCE {
1383 80 20: [0]
: 70 44 3E 82 2E 6F 87 DE 4A D3 75 E3 3D 20 BC 43
: 2B 93 F1 1F
: }
: }
: }
1405 30 29: SEQUENCE {
1407 06 3: OBJECT IDENTIFIER
: subjectKeyIdentifier (2 5 29 14)
: (X.509 id-ce (2 5 29))
1412 04 22: OCTET STRING
: 04 14 BE 6C A1 B3 E3 C1 F7 ED 43 70 A4 CE 13 01
: E2 FD E3 97 FE CD
: }
: }
: }
: }
1436 30 9: SEQUENCE {
1438 06 7: OBJECT IDENTIFIER dsaWithSha1 (1 2 840 10040 4 3)
: (ANSI X9.57 algorithm)
: }
1447 03 48: BIT STRING 0 unused bits, encapsulates {
1450 30 45: SEQUENCE {
1452 02 21: INTEGER
: 00 98 B0 C6 3F CF 71 47 5A 35 A9 4A 8F C0 F8 24
: 05 E8 46 94 8E
1475 02 20: INTEGER
: 5B 9F 48 C0 8C A1 C1 02 9C 44 EA E9 A1 87 C1 A5
: 7F 28 2D BB
: }
: }
: }
: }
1497 A1 219: [1] {
1500 30 216: SEQUENCE {
1503 30 153: SEQUENCE {
1506 30 9: SEQUENCE {
1508 06 7: OBJECT IDENTIFIER dsaWithSha1 (1 2 840 10040 4 3)
: (ANSI X9.57 algorithm)
: }
1517 30 18: SEQUENCE {
1519 31 16: SET {
1521 30 14: SEQUENCE {
1523 06 3: OBJECT IDENTIFIER commonName (2 5 4 3)
: (X.520 id-at (2 5 4))
1528 13 7: PrintableString 'CarlDSS'
: }
: }
: }
1537 17 13: UTCTime '990827070000Z'
1552 30 105: SEQUENCE {
1554 30 19: SEQUENCE {
1556 02 2: INTEGER 200
1560 17 13: UTCTime '990822070000Z'
: }
1575 30 19: SEQUENCE {
1577 02 2: INTEGER 201
1581 17 13: UTCTime '990822070000Z'
: }
1596 30 19: SEQUENCE {
1598 02 2: INTEGER 211
1602 17 13: UTCTime '990822070000Z'
: }
1617 30 19: SEQUENCE {
1619 02 2: INTEGER 210
1623 17 13: UTCTime '990822070000Z'
: }
1638 30 19: SEQUENCE {
1640 02 2: INTEGER 212
1644 17 13: UTCTime '990824070000Z'
: }
: }
: }
1659 30 9: SEQUENCE {
1661 06 7: OBJECT IDENTIFIER dsaWithSha1 (1 2 840 10040 4 3)
: (ANSI X9.57 algorithm)
: }
1670 03 47: BIT STRING 0 unused bits, encapsulates {
1673 30 44: SEQUENCE {
1675 02 20: INTEGER
: 7E 65 52 76 33 FE 34 73 17 D1 F7 96 F9 A0 D4 D8
: 6D 5C 7D 3D
1697 02 20: INTEGER
: 02 7A 5B B7 D5 5B 18 C1 CF 87 EF 7E DA 24 F3 2A
: 83 9C 35 A1
: }
: }
: }
: }
1719 31 433: SET {
1723 30 429: SEQUENCE {
1727 02 1: INTEGER 3
1730 80 20: [0]
: BE 6C A1 B3 E3 C1 F7 ED 43 70 A4 CE 13 01 E2 FD
: E3 97 FE CD
1752 30 9: SEQUENCE {
1754 06 5: OBJECT IDENTIFIER sha1 (1 3 14 3 2 26)
: (OIW)
1761 05 0: NULL
: }
1763 A0 93: [0] {
1765 30 24: SEQUENCE {
1767 06 9: OBJECT IDENTIFIER
: contentType (1 2 840 113549 1 9 3)
: (PKCS #9 (1 2 840 113549 1 9))
1778 31 11: SET {
1780 06 9: OBJECT IDENTIFIER data (1 2 840 113549 1 7 1)
: (PKCS #7)
: }
: }
1791 30 28: SEQUENCE {
1793 06 9: OBJECT IDENTIFIER
: signingTime (1 2 840 113549 1 9 5)
: (PKCS #9 (1 2 840 113549 1 9))
1804 31 15: SET {
1806 17 13: UTCTime '990912025153Z'
: }
: }
1821 30 35: SEQUENCE {
1823 06 9: OBJECT IDENTIFIER
: messageDigest (1 2 840 113549 1 9 4)
: (PKCS #9 (1 2 840 113549 1 9))
1834 31 22: SET {
1836 04 20: OCTET STRING
: 40 6A EC 08 52 79 BA 6E 16 02 2D 9E 06 29 C0 22
: 96 87 DD 48
: }
: }
: }
1858 30 9: SEQUENCE {
1860 06 7: OBJECT IDENTIFIER dsa (1 2 840 10040 4 1)
: (ANSI X9.57 algorithm)
: }
1869 04 48: OCTET STRING, encapsulates {
1871 30 45: SEQUENCE {
1873 02 21: INTEGER
: 00 BC AF 04 79 B7 BF 42 AC EB BB 7B C2 D0 8C B3
: 53 20 83 F1 BC
1869 04 48: OCTET STRING
: 30 2D 02 15 00 BC AF 04 79 B7 BF 42 AC EB BB 7B
: C2 D0 8C B3 53 20 83 F1 BC 02 14 69 96 55 5D FB
: 78 1E 95 E7 5B B8 05 5D 21 12 08 F5 5F 34 29 00
1919 A1 234: [1] {
1922 30 47: SEQUENCE {
1924 06 11: OBJECT IDENTIFIER
: id-aa-contentHint (1 2 840 113549 1 9 16 2 4)
: (S/MIME Authenticated Attributes (1 2 840 113549 1 9 16 2))
1937 31 32: SET {
1939 30 30: SEQUENCE {
1941 0C 17: UTF8String (1997) 'SMime Example 5.4'
1960 06 9: OBJECT IDENTIFIER data (1 2 840 113549 1 7 1)
: (PKCS #7)
: }
: }
: }
1971 30 182: SEQUENCE {
1974 06 9: OBJECT IDENTIFIER
: countersignature (1 2 840 113549 1 9 6)
: (PKCS #9 (1 2 840 113549 1 9))
1985 31 168: SET {
1988 30 165: SEQUENCE {
1991 02 1: INTEGER 1
1994 30 24: SEQUENCE {
1996 30 18: SEQUENCE {
1998 31 16: SET {
2000 30 14: SEQUENCE {
2002 06 3: OBJECT IDENTIFIER commonName (2 5 4 3)
: (X.520 id-at (2 5 4))
2007 13 7: PrintableString 'CarlDSS'
: }
: }
: }
2016 02 2: INTEGER 210
: }
2020 30 9: SEQUENCE {
2022 06 5: OBJECT IDENTIFIER sha1 (1 3 14 3 2 26)
: (OIW)
2029 05 0: NULL
: }
2031 A0 63: [0] {
2033 30 24: SEQUENCE {
2035 06 9: OBJECT IDENTIFIER
: contentType (1 2 840 113549 1 9 3)
: (PKCS #9 (1 2 840 113549 1 9))
2046 31 11: SET {
2048 06 9: OBJECT IDENTIFIER
: data (1 2 840 113549 1 7 1)
: (PKCS #7)
: }
: }
2059 30 35: SEQUENCE {
2061 06 9: OBJECT IDENTIFIER
: messageDigest (1 2 840 113549 1 9 4)
: (PKCS #9 (1 2 840 113549 1 9))
2072 31 22: SET {
2074 04 20: OCTET STRING
: 73 57 91 A6 3E 88 33 6E 51 31 81 E0 11 08 46 8C
: EE 50 E3 5B
: }
: }
: }
2096 30 9: SEQUENCE {
2098 06 7: OBJECT IDENTIFIER dsa (1 2 840 10040 4 1)
: (ANSI X9.57 algorithm)
: }
2107 04 47: OCTET STRING
: 30 2D 02 14 4A C8 41 50 E9 22 70 C6 FB F9 23 25
: A1 37 B6 3D 5E 5E 67 3E 02 15 00 AC BA 9C B9 56
: 8E 86 AE 19 29 D2 8D F3 6B 48 B5 DD 62 B7 C7
: }
: }
: }
: }
: }
: }
: }
: }
: }
5.5 All RSA signed message 5.5 All RSA signed message
Same as 5.2, but includes Carl's RSA root cert (but no CRL). A Same as 5.2, but includes Carl's RSA root cert (but no CRL). A
SignedData with no attribute certificates, signed by Alice using RSA, SignedData with no attribute certificates, signed by Alice using RSA,
her certificate and Carl's root cert, no CRL. The message is ExContent, her certificate and Carl's root cert, no CRL. The message is ExContent,
and is included in the eContent. There are no signed or unsigned and is included in the eContent. There are no signed or unsigned
attributes. attributes.
XXXXX 0 30 1295: SEQUENCE {
4 06 9: OBJECT IDENTIFIER signedData (1 2 840 113549 1 7 2)
: (PKCS #7)
15 A0 1280: [0] {
19 30 1276: SEQUENCE {
23 02 1: INTEGER 1
26 31 11: SET {
28 30 9: SEQUENCE {
30 06 5: OBJECT IDENTIFIER sha1 (1 3 14 3 2 26)
: (OIW)
37 05 0: NULL
: }
: }
39 30 43: SEQUENCE {
41 06 9: OBJECT IDENTIFIER data (1 2 840 113549 1 7 1)
: (PKCS #7)
52 A0 30: [0] {
54 04 28: OCTET STRING
: 54 68 69 73 20 69 73 20 73 6F 6D 65 20 73 61 6D
: 70 6C 65 20 63 6F 6E 74 65 6E 74 2E
: }
: }
84 A0 1005: [0] {
88 30 483: SEQUENCE {
92 30 336: SEQUENCE {
96 A0 3: [0] {
98 02 1: INTEGER 2
: }
101 02 16: INTEGER
: 46 34 6B C7 80 00 56 BC 11 D3 6E 2E 9F F2 50 20
119 30 9: SEQUENCE {
121 06 5: OBJECT IDENTIFIER
: sha-1WithRSAEncryption (1 3 14 3 2 29)
: (Oddball OIW OID)
128 05 0: NULL
: }
130 30 18: SEQUENCE {
132 31 16: SET {
134 30 14: SEQUENCE {
136 06 3: OBJECT IDENTIFIER commonName (2 5 4 3)
: (X.520 id-at (2 5 4))
141 13 7: PrintableString 'CarlRSA'
: }
: }
: }
150 30 30: SEQUENCE {
152 17 13: UTCTime '990919010746Z'
167 17 13: UTCTime '391231235959Z'
: }
182 30 18: SEQUENCE {
184 31 16: SET {
186 30 14: SEQUENCE {
188 06 3: OBJECT IDENTIFIER commonName (2 5 4 3)
: (X.520 id-at (2 5 4))
193 13 7: PrintableString 'CarlRSA'
: }
: }
: }
202 30 159: SEQUENCE {
205 30 13: SEQUENCE {
207 06 9: OBJECT IDENTIFIER
: rsaEncryption (1 2 840 113549 1 1 1)
: (PKCS #1)
218 05 0: NULL
: }
220 03 141: BIT STRING 0 unused bits, encapsulates {
224 30 137: SEQUENCE {
227 02 129: INTEGER
: 00 E4 4B FF 18 B8 24 57 F4 77 FF 6E 73 7B 93 71
: 5C BC 33 1A 92 92 72 23 D8 41 46 D0 CD 11 3A 04
: B3 8E AF 82 9D BD 51 1E 17 7A F2 76 2C 2B 86 39
: A7 BD D7 8D 1A 53 EC E4 00 D5 E8 EC A2 36 B1 ED
: E2 50 E2 32 09 8A 3F 9F 99 25 8F B8 4E AB B9 7D
: D5 96 65 DA 16 A0 C5 BE 0E AE 44 5B EF 5E F4 A7
: 29 CB 82 DD AC 44 E9 AA 93 94 29 0E F8 18 D6 C8
: 57 5E F2 76 C4 F2 11 60 38 B9 1B 3C 1D 97 C9 6A
: F1
359 02 3: INTEGER 65537
: }
: }
: }
364 A3 66: [3] {
366 30 64: SEQUENCE {
368 30 15: SEQUENCE {
370 06 3: OBJECT IDENTIFIER basicConstraints (2 5 29 19)
: (X.509 id-ce (2 5 29))
375 01 1: BOOLEAN TRUE
378 04 5: OCTET STRING, encapsulates {
380 30 3: SEQUENCE {
382 01 1: BOOLEAN TRUE
: }
: }
: }
385 30 14: SEQUENCE {
387 06 3: OBJECT IDENTIFIER keyUsage (2 5 29 15)
: (X.509 id-ce (2 5 29))
392 01 1: BOOLEAN TRUE
395 04 4: OCTET STRING, encapsulates {
397 03 2: BIT STRING 1 unused bits
: '1100001'B
: }
: }
401 30 29: SEQUENCE {
403 06 3: OBJECT IDENTIFIER
: subjectKeyIdentifier (2 5 29 14)
: (X.509 id-ce (2 5 29))
408 04 22: OCTET STRING
: 04 14 E9 E0 90 27 AC 78 20 7A 9A D3 4C F2 42 37
: 4E 22 AE 9E 38 BB
: }
: }
: }
: }
432 30 9: SEQUENCE {
434 06 5: OBJECT IDENTIFIER
: sha-1WithRSAEncryption (1 3 14 3 2 29)
: (Oddball OIW OID)
441 05 0: NULL
: }
443 03 129: BIT STRING 0 unused bits
: 2B 71 B4 B7 6C 4E 08 C2 EA A9 3D 52 DE 77 76 9D
: 40 F7 26 70 5F 30 AC 06 78 0A 9B C7 22 55 C3 72
: 6A 86 9E C3 54 40 02 53 85 61 75 D9 0F 35 71 BE
: D7 4E 4B B6 B7 8C 00 CE 15 32 38 70 9B 3C EE 72
: 0A 22 8F B1 1B 3C D0 BD 97 15 C7 EB 52 31 E1 51
: A1 3D 5A F2 EA 90 A1 99 DD 8B FD 18 0C 2C 8A C4
: 89 62 7F 6B 69 B3 F2 BF DE C5 44 E3 D1 E1 86 74
: 57 34 68 73 90 06 FA AC 6B 96 9E 5F 80 90 3B BC
: }
575 30 514: SEQUENCE {
579 30 367: SEQUENCE {
583 A0 3: [0] {
585 02 1: INTEGER 2
: }
588 02 16: INTEGER
: 46 34 6B C7 80 00 56 BC 11 D3 6E 2E C4 10 B3 B0
606 30 9: SEQUENCE {
608 06 5: OBJECT IDENTIFIER
: sha-1WithRSAEncryption (1 3 14 3 2 29)
: (Oddball OIW OID)
615 05 0: NULL
: }
617 30 18: SEQUENCE {
619 31 16: SET {
621 30 14: SEQUENCE {
623 06 3: OBJECT IDENTIFIER commonName (2 5 4 3)
: (X.520 id-at (2 5 4))
628 13 7: PrintableString 'CarlRSA'
: }
: }
: }
637 30 30: SEQUENCE {
639 17 13: UTCTime '990919010847Z'
654 17 13: UTCTime '391231235959Z'
: }
669 30 19: SEQUENCE {
671 31 17: SET {
673 30 15: SEQUENCE {
675 06 3: OBJECT IDENTIFIER commonName (2 5 4 3)
: (X.520 id-at (2 5 4))
680 13 8: PrintableString 'AliceRSA'
: }
: }
: }
690 30 159: SEQUENCE {
693 30 13: SEQUENCE {
695 06 9: OBJECT IDENTIFIER
: rsaEncryption (1 2 840 113549 1 1 1)
: (PKCS #1)
706 05 0: NULL
: }
708 03 141: BIT STRING 0 unused bits, encapsulates {
712 30 137: SEQUENCE {
715 02 129: INTEGER
: 00 E0 89 73 39 8D D8 F5 F5 E8 87 76 39 7F 4E B0
: 05 BB 53 83 DE 0F B7 AB DC 7D C7 75 29 0D 05 2E
: 6D 12 DF A6 86 26 D4 D2 6F AA 58 29 FC 97 EC FA
: 82 51 0F 30 80 BE B1 50 9E 46 44 F1 2C BB D8 32
: CF C6 68 6F 07 D9 B0 60 AC BE EE 34 09 6A 13 F5
: F7 05 05 93 DF 5E BA 35 56 D9 61 FF 19 7F C9 81
: E6 F8 6C EA 87 40 70 EF AC 6D 2C 74 9F 2D FA 55
: 3A B9 99 77 02 A6 48 52 8C 4E F3 57 38 57 74 57
: 5F
847 02 3: INTEGER 65537
: }
: }
: }
852 A3 96: [3] {
854 30 94: SEQUENCE {
856 30 12: SEQUENCE {
858 06 3: OBJECT IDENTIFIER basicConstraints (2 5 29 19)
: (X.509 id-ce (2 5 29))
863 01 1: BOOLEAN TRUE
866 04 2: OCTET STRING, encapsulates {
868 30 0: SEQUENCE {}
: }
: }
870 30 14: SEQUENCE {
872 06 3: OBJECT IDENTIFIER keyUsage (2 5 29 15)
: (X.509 id-ce (2 5 29))
877 01 1: BOOLEAN TRUE
880 04 4: OCTET STRING, encapsulates {
882 03 2: BIT STRING 6 unused bits
: '11'B
: }
: }
886 30 31: SEQUENCE {
888 06 3: OBJECT IDENTIFIER
: authorityKeyIdentifier (2 5 29 35)
: (X.509 id-ce (2 5 29))
893 04 24: OCTET STRING, encapsulates {
895 30 22: SEQUENCE {
897 80 20: [0]
: E9 E0 90 27 AC 78 20 7A 9A D3 4C F2 42 37 4E 22
: AE 9E 38 BB
: }
: }
: }
919 30 29: SEQUENCE {
921 06 3: OBJECT IDENTIFIER
: subjectKeyIdentifier (2 5 29 14)
: (X.509 id-ce (2 5 29))
926 04 22: OCTET STRING
: 04 14 77 D2 B4 D1 B7 4C 8A 8A A3 CE 45 9D CE EC
: 3C A0 3A E3 FF 50
: }
: }
: }
: }
950 30 9: SEQUENCE {
952 06 5: OBJECT IDENTIFIER
: sha-1WithRSAEncryption (1 3 14 3 2 29)
: (Oddball OIW OID)
959 05 0: NULL
: }
961 03 129: BIT STRING 0 unused bits
: BF 34 32 E6 FC 6A 88 41 7D F0 5C 99 A1 93 B7 49
: B7 02 52 1E CB 84 AC 93 D7 58 2B 00 A1 9C C4 48
: 48 99 DD 02 C3 C6 05 F8 D2 25 F1 A3 9C C9 33 01
: 8A 76 0E 6F 77 43 A3 BF E1 E6 B3 6A 04 79 39 EE
: E1 E9 E5 9D 50 07 8B 22 DC 12 50 E3 F3 B4 3D 9E
: E5 93 9E B1 CD 33 F9 E0 AB 98 71 09 F8 EB B0 FC
: 9C EC F1 88 D8 AE 03 D1 FE 60 E1 62 14 B1 A2 23
: D2 C8 8D 18 1F 5E EE 9B 72 02 27 C2 85 3D 04 2E
: }
: }
1093 31 203: SET {
1096 30 200: SEQUENCE {
1099 02 1: INTEGER 1
1102 30 38: SEQUENCE {
1104 30 18: SEQUENCE {
1106 31 16: SET {
1108 30 14: SEQUENCE {
1110 06 3: OBJECT IDENTIFIER commonName (2 5 4 3)
: (X.520 id-at (2 5 4))
1115 13 7: PrintableString 'CarlRSA'
: }
: }
: }
1124 02 16: INTEGER
: 46 34 6B C7 80 00 56 BC 11 D3 6E 2E C4 10 B3 B0
: }
1142 30 9: SEQUENCE {
1144 06 5: OBJECT IDENTIFIER sha1 (1 3 14 3 2 26)
: (OIW)
1151 05 0: NULL
: }
1153 30 13: SEQUENCE {
1155 06 9: OBJECT IDENTIFIER
: rsaEncryption (1 2 840 113549 1 1 1)
: (PKCS #1)
1166 05 0: NULL
: }
1168 04 128: OCTET STRING
: 2F 23 82 D2 F3 09 5F B8 0C 58 EB 4E 9D BF 89 9A
: 81 E5 75 C4 91 3D D3 D0 D5 7B B6 D5 FE 94 A1 8A
: AC E3 C4 84 F5 CD 60 4E 27 95 F6 CF 00 86 76 75
: 3F 2B F0 E7 D4 02 67 A7 F5 C7 8D 16 04 A5 B3 B5
: E7 D9 32 F0 24 EF E7 20 44 D5 9F 07 C5 53 24 FA
: CE 01 1D 0F 17 13 A7 2A 95 9D 2B E4 03 95 14 0B
: E9 39 0D BA CE 6E 9C 9E 0C E8 98 E6 55 13 D4 68
: 6F D0 07 D7 A2 B1 62 4C E3 8F AF FD E0 D5 5D C7
: }
: }
: }
: }
: }
5.6 Multiple signers 5.6 Multiple signers
Similar to 5.1, but the message is also signed by Diane. Two Similar to 5.1, but the message is also signed by Diane. Two
SignedDatas (one for Alice, one for Diane) with no attribute SignedDatas (one for Alice, one for Diane) with no attribute
certificates, each signed using DH-DSS, Alice's and Diane's certificate certificates, each signed using DH-DSS, Alice's and Diane's certificate
(not Carl's root cert), no CRL. The message is ExContent, and is (not Carl's root cert), no CRL. The message is ExContent, and is
included in the eContent. There are no signed or unsigned attributes. included in the eContent. There are no signed or unsigned attributes.
XXXXX 0 30 289: SEQUENCE {
4 06 9: OBJECT IDENTIFIER signedData (1 2 840 113549 1 7 2)
: (PKCS #7)
15 A0 274: [0] {
19 30 270: SEQUENCE {
23 02 1: INTEGER 1
26 31 11: SET {
28 30 9: SEQUENCE {
30 06 5: OBJECT IDENTIFIER sha1 (1 3 14 3 2 26)
: (OIW)
37 05 0: NULL
: }
: }
39 30 43: SEQUENCE {
41 06 9: OBJECT IDENTIFIER data (1 2 840 113549 1 7 1)
: (PKCS #7)
52 A0 30: [0] {
54 04 28: OCTET STRING
: 54 68 69 73 20 69 73 20 73 6F 6D 65 20 73 61 6D
: 70 6C 65 20 63 6F 6E 74 65 6E 74 2E
: }
: }
84 31 206: SET {
87 30 101: SEQUENCE {
89 02 1: INTEGER 1
92 30 24: SEQUENCE {
94 30 18: SEQUENCE {
96 31 16: SET {
98 30 14: SEQUENCE {
100 06 3: OBJECT IDENTIFIER commonName (2 5 4 3)
: (X.520 id-at (2 5 4))
105 13 7: PrintableString 'CarlDSS'
: }
: }
: }
114 02 2: INTEGER 200
: }
118 30 9: SEQUENCE {
120 06 5: OBJECT IDENTIFIER sha1 (1 3 14 3 2 26)
: (OIW)
127 05 0: NULL
: }
129 30 9: SEQUENCE {
131 06 7: OBJECT IDENTIFIER dsa (1 2 840 10040 4 1)
: (ANSI X9.57 algorithm)
: }
140 04 48: OCTET STRING, encapsulates {
142 30 44: SEQUENCE {
144 02 20: INTEGER
: 01 1A 49 BA 75 B0 A7 62 36 FC E9 7D AE F7 C5 57
: 02 86 98 8E
166 02 20: INTEGER
: 6D 1B A8 BD 51 10 51 26 F3 89 96 E6 B8 F1 AF 5E
: 55 DD 3D 21
: }
: }
: }
190 30 101: SEQUENCE {
192 02 1: INTEGER 1
195 30 24: SEQUENCE {
197 30 18: SEQUENCE {
199 31 16: SET {
201 30 14: SEQUENCE {
203 06 3: OBJECT IDENTIFIER commonName (2 5 4 3)
: (X.520 id-at (2 5 4))
208 13 7: PrintableString 'CarlDSS'
: }
: }
: }
217 02 2: INTEGER 210
: }
221 30 9: SEQUENCE {
223 06 5: OBJECT IDENTIFIER sha1 (1 3 14 3 2 26)
: (OIW)
230 05 0: NULL
: }
232 30 9: SEQUENCE {
234 06 7: OBJECT IDENTIFIER dsa (1 2 840 10040 4 1)
: (ANSI X9.57 algorithm)
: }
243 04 48: OCTET STRING
: 30 2D 02 15 00 CF 86 F1 54 70 E3 AD 5A 54 EC FE
: F3 CF F5 0C 8E 9E A2 64 7F 02 14 61 1A 9D 19 31
: 47 A0 32 A7 A0 27 D3 91 03 C4 07 E0 72 8D 8E 00
: }
: }
: }
: }
: }
5.7 Signing using SKI 5.7 Signing using SKI
Same as 5.1, but the signature uses the SKI instead of the Same as 5.1, but the signature uses the SKI instead of the
issuer/serial number in the cert. A SignedData with no attribute issuer/serial number in the cert. A SignedData with no attribute
certificates, signed by Alice using DH-DSS, just her certificate (not certificates, signed by Alice using DH-DSS, just her certificate (not
Carl's root cert), identified by the SKI, no CRL. The message is Carl's root cert), identified by the SKI, no CRL. The message is
ExContent, and is included in the eContent. There are no signed or ExContent, and is included in the eContent. There are no signed or
unsigned attributes. unsigned attributes.
XXXXX 0 30 179: SEQUENCE {
3 06 9: OBJECT IDENTIFIER signedData (1 2 840 113549 1 7 2)
: (PKCS #7)
14 A0 165: [0] {
17 30 162: SEQUENCE {
20 02 1: INTEGER 3
23 31 11: SET {
25 30 9: SEQUENCE {
27 06 5: OBJECT IDENTIFIER sha1 (1 3 14 3 2 26)
: (OIW)
34 05 0: NULL
: }
: }
36 30 43: SEQUENCE {
38 06 9: OBJECT IDENTIFIER data (1 2 840 113549 1 7 1)
: (PKCS #7)
49 A0 30: [0] {
51 04 28: OCTET STRING
: 54 68 69 73 20 69 73 20 73 6F 6D 65 20 73 61 6D
: 70 6C 65 20 63 6F 6E 74 65 6E 74 2E
: }
: }
81 31 99: SET {
83 30 97: SEQUENCE {
85 02 1: INTEGER 3
88 80 20: [0]
: BE 6C A1 B3 E3 C1 F7 ED 43 70 A4 CE 13 01 E2 FD
: E3 97 FE CD
110 30 9: SEQUENCE {
112 06 5: OBJECT IDENTIFIER sha1 (1 3 14 3 2 26)
: (OIW)
119 05 0: NULL
: }
121 30 9: SEQUENCE {
123 06 7: OBJECT IDENTIFIER dsa (1 2 840 10040 4 1)
: (ANSI X9.57 algorithm)
: }
132 04 48: OCTET STRING
: 30 2D 02 14 4F F6 62 B6 CA 8D D6 CC A8 A8 CA 9A
: C9 CB 96 96 2C 1D DA 8F 02 15 00 B7 E2 9D 06 1E
: F8 22 5E 93 FE 0B A6 BF F0 3C 29 ED 15 85 83 00
: }
: }
: }
: }
: }
5.8 S/MIME multipart/signed message 5.8 S/MIME multipart/signed message
A full S/MIME message, including MIME, that includes the body part from A full S/MIME message, including MIME, that includes the body part from
5.3 and the body containing the content of the message. 5.3 and the body containing the content of the message.
XXXXX MIME-Version: 1.0
Content-Type: multipart/signed;
protocol="application/x-pkcs7-signature";
micalg=SHA1;
boundary="----=_NextPart_000_0000_01BEF8B8.4F7D5F80"
------=_NextPart_000_0000_01BEF8B8.4F7D5F80
This is some sample content.
------=_NextPart_000_0000_01BEF8B8.4F7D5F80
Content-Type: application/x-pkcs7-signature;
name="smime.p7s"
Content-Transfer-Encoding: base64
Content-Disposition: attachment;
filename="smime.p7s"
MIGXBgkqhkiG9w0BBwKggYkwgYYCAQExCzAJBgUrDgMCGgUAMAsGCSqGSIb3DQEHAT
FnMGUCAQEwGDASMRAwDgYDVQQDEwdDYXJsRFNTAgIAyDAJBgUrDgMCGgUAMAkGByqG
SM44BAEEMDAtAhReXmtpBKJiXYtFslX5dRwSToiIIQIVAKPBSCPgCDVvJSJ6HrYUvO
R1kdslAA==
------=_NextPart_000_0000_01BEF8B8.4F7D5F80--
5.9 S/MIME application/pkcs7-mime signed message 5.9 S/MIME application/pkcs7-mime signed message
A full S/MIME message, including MIME, that includes the body part from A full S/MIME message, including MIME, that includes the body part from
5.1. 5.1.
XXXXX Subject: Example 5.9
MIME-Version: 1.0
Content-Type: application/pkcs7-mime; name="smime.p7m";
smime-type=signed-data
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="smime.p7m"
MIG3BgkqhkiG9w0BBwKggakwgaYCAQExCzAJBgUrDgMCGgUAMCsGCSqGSIb3DQEHAa
AeBBxUaGlzIGlzIHNvbWUgc2FtcGxlIGNvbnRlbnQuMWcwZQIBATAYMBIxEDAOBgNV
BAMTB0NhcmxEU1MCAgDIMAkGBSsOAwIaBQAwCQYHKoZIzjgEAQQwMC0CFHCbJ32Z59
IMxsUhC0viIbe9jUgpAhUAiywMBstKtQZLqEwOeNE7kOnRn6QA
6. Enveloped-data 6. Enveloped-data
6.1 Basic encrypted content, TripleDES and DH 6.1 Basic encrypted content, TripleDES and DH
An EnvelopedData from Alice to Bob of ExContent using TripleDES for An EnvelopedData from Alice to Bob of ExContent using TripleDES for
encrypting and Diffie-Hellman for key management. Does not have a encrypting and Diffie-Hellman for key management. Does not have a
OriginatorInfo or any attributes. OriginatorInfo or any attributes.
XXXXX 0 30 355: SEQUENCE {
4 06 9: OBJECT IDENTIFIER envelopedData (1 2 840 113549 1 7 3)
: (PKCS #7)
15 A0 340: [0] {
19 30 336: SEQUENCE {
23 02 1: INTEGER 2
26 31 260: SET {
30 A1 256: [1] {
34 02 1: INTEGER 3
37 A0 150: [0] {
40 A1 147: [1] {
43 30 9: SEQUENCE {
45 06 7: OBJECT IDENTIFIER
: dhPublicNumber (1 2 840 10046 2 1)
: (ANSI X9.42 number-type)
: }
54 03 133: BIT STRING 0 unused bits, encapsulates {
58 02 129: INTEGER
: 00 C2 A4 56 E7 80 6C 11 EC 48 01 F7 0E FA B0 20
: D2 9C 6F 31 2C 85 F8 4A 9C B2 B8 BA 17 B6 F5 28
: 31 BC B2 5E 53 D3 8C C9 B5 E3 79 20 8F 03 E5 67
: 7F 4E 02 6A 2E C2 67 7F 71 9A 44 0B EC C0 7D 19
: 6F EE 5F 2E D5 32 00 D4 7C C2 16 56 7E ED AF 68
: DD 0C 73 68 95 36 CE 5C 51 AD 2E 20 64 D0 1E 3B
: C8 57 3D 65 40 B8 1A CD 6D A7 CB 1C 9E C5 83 73
: 66 DD D2 86 EE E1 9C ED B1 9D 30 32 41 4C 52 3D
: 18
: }
: }
: }
190 30 26: SEQUENCE {
192 06 7: OBJECT IDENTIFIER dhPublicNumber (1 2 840 10046 2 1)
: (ANSI X9.42 number-type)
201 30 15: SEQUENCE {
203 06 11: OBJECT IDENTIFIER '1 2 840 113549 1 9 16 3 6'
216 05 0: NULL
: }
: }
218 30 70: SEQUENCE {
220 30 68: SEQUENCE {
222 30 24: SEQUENCE {
224 30 18: SEQUENCE {
226 31 16: SET {
228 30 14: SEQUENCE {
230 06 3: OBJECT IDENTIFIER commonName (2 5 4 3)
: (X.520 id-at (2 5 4))
235 13 7: PrintableString 'CarlDSS'
: }
: }
: }
244 02 2: INTEGER 201
: }
248 04 40: OCTET STRING
: 51 46 57 41 34 1C D6 C7 CD 36 4B A4 93 B7 16 E6
: 2E F0 58 24 9C 6D 4B E9 90 8B 0F 46 B8 E5 93 19
: FF 7C F0 56 4D 4F FA F5
: }
: }
: }
: }
290 30 67: SEQUENCE {
292 06 9: OBJECT IDENTIFIER data (1 2 840 113549 1 7 1)
: (PKCS #7)
303 30 20: SEQUENCE {
305 06 8: OBJECT IDENTIFIER des-EDE3-CBC (1 2 840 113549 3 7)
: (RSADSI encryptionAlgorithm (1 2 840 113549 3))
315 04 8: OCTET STRING
: EE F2 1F EE 80 08 CE 6A
: }
325 80 32: [0]
: 9E BB 6C 9E B8 14 43 2C CB B2 90 8E A4 7D 8A D8
: AE 96 88 73 08 80 95 3E D1 DF E8 2F 4F DC 73 98
: }
: }
: }
: }
Some additional information on this example:
3DES CEK
cd 4f 7c 83 73 c4 26 ce 5d b0 cd ea 7c 16 15 cb
2f 8c a8 20 16 0e c8 2a
Ephemeral X (reverse the bytes)
2e 92 4e b9 2a bd ab 1e cb 5b d8 3b c5 6c b0 ef
2d 89 7b 0e e7 d6 33 8c 1f 33 81 6d 2d d1 61 4f
ZZ
de 42 2f c3 fb 44 ab ce 71 3f f6 3a aa dc 09 d1
ca 30 97 22 73 eb de 6a af 87 e1 74 62 60 73 c7
93 1f 2e 26 b3 09 8f 1c 93 31 33 63 5f 0e ad 89
89 f5 1a cb 8c 3f b7 8f 50 b3 9a fe 06 b0 8a 68
c0 f7 b1 fe 20 af 96 f2 a6 cf de 12 1e 74 f9 38
d1 90 da 4d 10 45 b2 6a be 3f f9 3b 61 c0 6d 8f
bc 2e c8 a3 e6 d8 e2 a8 52 ea 58 65 b3 93 99 b7
77 91 67 e6 04 e5 ca ce 46 86 b0 83 17 d9 de 1d
3DES KEK (no parity check)
02 1f 67 5c 92 58 e5 5a 2a fb 3b ed 94 6b 39 8a
b1 38 a7 8c 63 fc d6 14
wrapped key
51 46 57 41 34 1c d6 c7 cd 36 4b a4 93 b7 16 e6
2e f0 58 24 9c 6d 4b e9 90 8b 0f 46 b8 e5 93 19
ff 7c f0 56 4d 4f fa f5
3DES CEK
1c b6 57 1a 25 bc f8 13 5b 01 1a d5 a2 46 31 7a
85 fe 4f 62 45 4a 2a 43
6.2 Basic encrypted content, TripleDES and RSA 6.2 Basic encrypted content, TripleDES and RSA
Same as 6.1, except with RSA for key management. An EnvelopedData from Same as 6.1, except with RSA for key management. An EnvelopedData from
Alice to Bob of ExContent using TripleDES for encrypting and RSA for Alice to Bob of ExContent using TripleDES for encrypting and RSA for
key management. Does not have a OriginatorInfo or any attributes. key management. Does not have a OriginatorInfo or any attributes.
XXXXX 0 30 NDEF: SEQUENCE {
2 06 9: OBJECT IDENTIFIER envelopedData (1 2 840 113549 1 7 3)
: (PKCS #7)
13 A0 NDEF: [0] {
15 30 NDEF: SEQUENCE {
17 02 1: INTEGER 0
20 31 192: SET {
23 30 189: SEQUENCE {
26 02 1: INTEGER 0
29 30 38: SEQUENCE {
31 30 18: SEQUENCE {
33 31 16: SET {
35 30 14: SEQUENCE {
37 06 3: OBJECT IDENTIFIER commonName (2 5 4 3)
: (X.520 id-at (2 5 4))
42 13 7: PrintableString 'CarlRSA'
: }
: }
: }
51 02 16: INTEGER
: 46 34 6B C7 80 00 56 BC 11 D3 6E 2E CD 5D 71 D0
: }
69 30 13: SEQUENCE {
71 06 9: OBJECT IDENTIFIER
: rsaEncryption (1 2 840 113549 1 1 1)
: (PKCS #1)
82 05 0: NULL
: }
84 04 128: OCTET STRING
: C5 C0 8F 67 12 9C 10 49 49 14 5D 80 D6 24 50 59
: 38 41 5C B7 5B B0 0B 12 15 CD 54 80 8E 62 A3 AF
: D1 15 29 A6 6C B5 C0 32 F7 39 5F 0C 2F 32 90 65
: 5C E3 D5 2B 55 F6 21 37 09 5A 9A B4 96 D4 96 20
: 49 06 93 67 EA 0B C1 20 3D 5D B2 63 7E 8C F9 89
: F3 9F BF 1E 19 ED 36 04 83 05 8A 15 5A 92 A4 8A
: B4 3E 89 C1 69 35 0D 74 B7 81 7F 02 CB 7A D7 65
: 51 05 15 B6 78 0F F2 B4 80 F7 60 7A 2B 75 88 E9
: }
: }
215 30 NDEF: SEQUENCE {
217 06 9: OBJECT IDENTIFIER data (1 2 840 113549 1 7 1)
: (PKCS #7)
228 30 20: SEQUENCE {
230 06 8: OBJECT IDENTIFIER des-EDE3-CBC (1 2 840 113549 3 7)
: (RSADSI encryptionAlgorithm (1 2 840 113549 3))
240 04 8: OCTET STRING
: F4 CF FA 43 74 39 12 F4
: }
250 A0 NDEF: [0] {
252 04 176: OCTET STRING
: 1B CE BA D7 65 FB BC 60 05 95 65 42 3F 60 DB 2D
: 78 C5 F2 7F 93 34 95 E2 62 F3 99 3E D8 A2 CB C8
: E5 50 10 D8 45 CD 27 EF 83 3B 3B B0 41 E6 D7 2A
: DE 57 53 AF 10 97 1F 89 3D 6A 97 B8 BF E1 72 2B
: F0 D6 9B E5 09 D4 6B D6 F4 BA FF 50 6A 3C F0 16
: 8C DD F4 34 E5 85 CC A9 03 1E DE E3 71 19 7F 89
: 9D 27 2D 71 93 53 A8 CC 15 79 58 15 36 C3 53 7B
: 22 51 AD 8F 31 AB 60 3A 1C B7 65 5A 5F 90 16 7B
: 2B 5D 1E 0A B4 D5 A1 64 93 DD 4F 4D 31 81 84 80
: 60 C3 56 99 CC A1 C0 C8 AE 10 9E 4C C8 5E F0 18
: A9 32 30 00 93 12 7B FC 14 BF 7C D4 74 B4 B0 6C
: }
: }
: }
: }
: }
6.3 Basic encrypted content, RC2/40 and RSA 6.3 Basic encrypted content, RC2/40 and RSA
Same as 6.1, except using RC2/40 for encryption and RSA for key Same as 6.1, except using RC2/40 for encryption and RSA for key
management. An EnvelopedData from Alice to Bob of ExContent using management. An EnvelopedData from Alice to Bob of ExContent using
RC2/40 for encrypting and RSA for key management. Does not have a RC2/40 for encrypting and RSA for key management. Does not have a
OriginatorInfo or any attributes. OriginatorInfo or any attributes.
XXXXX 0 30 NDEF: SEQUENCE {
2 06 9: OBJECT IDENTIFIER envelopedData (1 2 840 113549 1 7 3)
: (PKCS #7)
13 A0 NDEF: [0] {
15 30 NDEF: SEQUENCE {
17 02 1: INTEGER 0
20 31 192: SET {
23 30 189: SEQUENCE {
26 02 1: INTEGER 0
29 30 38: SEQUENCE {
31 30 18: SEQUENCE {
33 31 16: SET {
35 30 14: SEQUENCE {
37 06 3: OBJECT IDENTIFIER commonName (2 5 4 3)
: (X.520 id-at (2 5 4))
42 13 7: PrintableString 'CarlRSA'
: }
: }
: }
51 02 16: INTEGER
: 46 34 6B C7 80 00 56 BC 11 D3 6E 2E CD 5D 71 D0
: }
69 30 13: SEQUENCE {
71 06 9: OBJECT IDENTIFIER
: rsaEncryption (1 2 840 113549 1 1 1)
: (PKCS #1)
82 05 0: NULL
: }
84 04 128: OCTET STRING
: 84 00 78 AC A9 6A F9 ED BE 27 7F A1 45 FE 73 4B
: 05 54 14 D7 DF 9B 27 11 68 97 E6 32 76 A3 D6 48
: B4 4D E4 15 B0 BF A8 58 1F 5D F2 5C 30 A8 E9 C7
: 63 E4 95 B4 AB 2A 36 3E 69 9C 59 0D 67 5F F2 82
: 15 21 7B 1A 3B 59 68 AA F1 B0 C6 8C DB 0E B2 54
: DC 33 D1 64 D1 4C A9 74 08 14 11 8A 16 74 6A 3A
: F0 33 35 1C 34 70 33 BF 0A C6 44 91 C8 B1 21 BC
: B1 A3 65 DD 14 BC 05 D7 E2 E7 DC 7F 3A 59 7E 1F
: }
: }
215 30 NDEF: SEQUENCE {
217 06 9: OBJECT IDENTIFIER data (1 2 840 113549 1 7 1)
: (PKCS #7)
228 30 26: SEQUENCE {
230 06 8: OBJECT IDENTIFIER rc2CBC (1 2 840 113549 3 2)
: (RSADSI encryptionAlgorithm (1 2 840 113549 3))
240 30 14: SEQUENCE {
242 02 2: INTEGER 160
246 04 8: OCTET STRING
: 9C 04 D2 19 2E 2A 55 A1
: }
: }
256 A0 NDEF: [0] {
258 04 176: OCTET STRING
: 8E 87 2E 22 E4 30 61 9B 96 CC EA AD 0C D6 D7 03
: 1B 14 60 37 8B 1A 80 2C 12 4F 76 B7 76 77 E2 07
: 84 33 0B CC 65 EB 5B 32 9B 68 F3 86 6D 7D B1 A2
: 44 10 1D C0 14 E1 F2 C6 F1 28 17 BA 86 D5 2F 6D
: 37 DF 82 EB D1 2D 24 80 71 62 4D 0D A8 69 10 A9
: E1 45 75 86 4D AB 83 61 5B 70 7D 6D C2 5D F3 80
: 31 D3 70 FD 73 2D 75 4D 93 54 9F 3A A8 A8 DC 30
: 34 FD 49 36 88 97 37 4F 24 0F FB 03 22 4C 64 EA
: 33 EB C5 C6 23 87 01 72 13 6F E7 62 3D 12 62 0D
: FB 44 88 32 24 91 05 46 8D 0E 00 39 8A 14 8A CA
: 19 58 4B 8F BD BB 35 89 AF F9 99 16 91 F0 E7 BD
: }
: }
: }
: }
: }
6.4 Encrypted content, two recipients, no shared keying material 6.4 Encrypted content, two recipients, no shared keying material
Same as 6.1, except sent to both Bob and Diane. An EnvelopedData from Same as 6.1, except sent to both Bob and Diane. An EnvelopedData from
Alice to Bob and Diane of ExContent using TripleDES for encrypting and Alice to Bob and Diane of ExContent using TripleDES for encrypting and
Diffie-Hellman for key management. Does not have a OriginatorInfo or Diffie-Hellman for key management. Does not have a OriginatorInfo or
any attributes. any attributes.
XXXXX 0 30 615: SEQUENCE {
4 06 9: OBJECT IDENTIFIER envelopedData (1 2 840 113549 1 7 3)
: (PKCS #7)
15 A0 600: [0] {
19 30 596: SEQUENCE {
23 02 1: INTEGER 2
26 31 520: SET {
30 A1 256: [1] {
34 02 1: INTEGER 3
37 A0 150: [0] {
40 A1 147: [1] {
43 30 9: SEQUENCE {
45 06 7: OBJECT IDENTIFIER
: dhPublicNumber (1 2 840 10046 2 1)
: (ANSI X9.42 number-type)
: }
54 03 133: BIT STRING 0 unused bits
: 02 81 80 03 CA 05 2E 78 63 86 95 7D C6 E3 38 08
: 33 D3 5E 06 FB C5 98 FA DE 66 42 2E 6F BB 35 47
: 73 EE 7F 43 82 83 0C 8D EF 1F 61 8F 52 C6 5C BB
: 85 46 09 CD 0A 1E 75 44 51 AC B8 AB 85 88 C6 B3
: 06 97 C9 47 B2 8A 56 55 8B BE D3 3C C9 3A F0 A8
: D5 4C 3A 56 19 9B 65 75 E9 2B 14 66 D8 BB 66 70
: 2E 64 46 41 BD 33 E1 50 F8 D5 CA A5 74 6A 09 01
: D3 6D 74 85 21 33 53 AB C2 3D 2A 08 40 CF F9 AC
: 2D F7 D0 00
: }
: }
190 30 26: SEQUENCE {
192 06 7: OBJECT IDENTIFIER dhPublicNumber (1 2 840 10046 2 1)
: (ANSI X9.42 number-type)
201 30 15: SEQUENCE {
203 06 11: OBJECT IDENTIFIER '1 2 840 113549 1 9 16 3 6'
216 05 0: NULL
: }
: }
218 30 70: SEQUENCE {
220 30 68: SEQUENCE {
222 30 24: SEQUENCE {
224 30 18: SEQUENCE {
226 31 16: SET {
228 30 14: SEQUENCE {
230 06 3: OBJECT IDENTIFIER commonName (2 5 4 3)
: (X.520 id-at (2 5 4))
235 13 7: PrintableString 'CarlDSS'
: }
: }
: }
244 02 2: INTEGER 211
: }
248 04 40: OCTET STRING
: 88 24 7C 52 73 C3 02 FF DB 89 49 08 0E BD EE 0E
: 49 18 47 19 B4 95 5F 16 12 B9 ED 34 4F 99 6B 2F
: CA 8E 94 87 56 66 08 51
: }
: }
: }
290 A1 256: [1] {
294 02 1: INTEGER 3
297 A0 150: [0] {
300 A1 147: [1] {
303 30 9: SEQUENCE {
305 06 7: OBJECT IDENTIFIER
: dhPublicNumber (1 2 840 10046 2 1)
: (ANSI X9.42 number-type)
: }
314 03 133: BIT STRING 0 unused bits
: 02 81 80 5C 58 72 3E C6 68 91 0F F8 EB 07 EB C1
: 46 60 13 4B 7A D4 E5 AC 61 0C 67 D1 0D 0A AB E8
: 81 31 25 6A B5 E6 F3 EF 53 9D E7 51 B5 1D A4 E3
: 38 C7 EB 95 D9 80 D8 85 65 76 12 FB 7A 9E F2 B1
: 3F 38 1F EA F2 7C 61 26 63 73 AA 22 E2 FD 15 9A
: 9C 17 31 58 0C 4E A0 DE 84 89 B7 81 70 62 3E 9B
: 45 47 AD B9 FC 94 95 A5 99 F4 86 8D 0B CE 74 EC
: 71 DC CA A6 71 37 31 01 4C 8C 01 59 8C 49 AE FC
: FB 64 EA 00
: }
: }
450 30 26: SEQUENCE {
452 06 7: OBJECT IDENTIFIER dhPublicNumber (1 2 840 10046 2 1)
: (ANSI X9.42 number-type)
461 30 15: SEQUENCE {
463 06 11: OBJECT IDENTIFIER '1 2 840 113549 1 9 16 3 6'
476 05 0: NULL
: }
: }
478 30 70: SEQUENCE {
480 30 68: SEQUENCE {
482 30 24: SEQUENCE {
484 30 18: SEQUENCE {
486 31 16: SET {
488 30 14: SEQUENCE {
490 06 3: OBJECT IDENTIFIER commonName (2 5 4 3)
: (X.520 id-at (2 5 4))
495 13 7: PrintableString 'CarlDSS'
: }
: }
: }
504 02 2: INTEGER 201
: }
508 04 40: OCTET STRING
: 39 2A 16 D1 21 2B 72 38 0C 40 01 55 A1 17 19 04
: BE FD 24 9B 33 E5 1C BC C5 D8 7B A7 45 15 D2 5B
: E5 5A 09 A5 22 18 7B DF
: }
: }
: }
: }
550 30 67: SEQUENCE {
552 06 9: OBJECT IDENTIFIER data (1 2 840 113549 1 7 1)
: (PKCS #7)
563 30 20: SEQUENCE {
565 06 8: OBJECT IDENTIFIER des-EDE3-CBC (1 2 840 113549 3 7)
: (RSADSI encryptionAlgorithm (1 2 840 113549 3))
575 04 8: OCTET STRING
: 13 E3 41 9C 85 30 15 1F
: }
585 80 32: [0]
: BA 8F 71 D9 C8 92 CE D4 08 A7 F5 73 91 29 6D E1
: 33 08 DE C4 58 C2 A2 7B F0 9A 4B 06 44 EF D6 E5
: }
: }
: }
: }
6.5 Encrypted content, two recipients, shared keying material 6.5 Encrypted content, two recipients, shared keying material
Same as 6.4, except sent to Bob and Erica using keys that have shared Same as 6.4, except sent to Bob and Erica using keys that have shared
parameters so the result does not include the UKMs. An EnvelopedData parameters so the result does not include the UKMs. An EnvelopedData
from Alice to Bob and Erica of ExContent using TripleDES for encrypting from Alice to Bob and Erica of ExContent using TripleDES for encrypting
and Diffie-Hellman for key management. Does not have a OriginatorInfo and Diffie-Hellman for key management. Does not have a OriginatorInfo
or any attributes. Uses BobPubDHSharedEncrypt and or any attributes. Uses BobPubDHSharedEncrypt and
DianePubDHSharedEncrypt for keys. DianePubDHSharedEncrypt for keys.
XXXXX 0 30 426: SEQUENCE {
4 06 9: OBJECT IDENTIFIER envelopedData (1 2 840 113549 1 7 3)
: (PKCS #7)
15 A0 411: [0] {
19 30 407: SEQUENCE {
23 02 1: INTEGER 2
26 31 331: SET {
30 A1 327: [1] {
34 02 1: INTEGER 3
37 A0 150: [0] {
40 A1 147: [1] {
43 30 9: SEQUENCE {
45 06 7: OBJECT IDENTIFIER
: dhPublicNumber (1 2 840 10046 2 1)
: (ANSI X9.42 number-type)
: }
54 03 133: BIT STRING 0 unused bits
: 02 81 80 1E 6F B8 49 59 86 A9 EE 34 17 29 BC A0
: 5A 84 51 AB CE 9A 41 38 B6 29 A7 7C 49 24 8D 83
: A6 A0 F8 2C 9A 1B 1D A9 86 64 62 89 4B F9 5B 35
: 93 0C 36 D3 F7 06 51 D5 4A 5E AD DC 76 D2 ED 53
: 46 1A D4 0A 84 5B 26 A7 D0 4C 9A D6 24 A1 9E BA
: D2 21 30 7B 45 C5 36 CC 2B 4A 4F 19 77 0D 48 22
: 79 66 D9 EB 51 4A 5A 3B 5D 25 E5 FA 58 79 0F 53
: 49 1B 1F E9 F9 79 73 0D BC 49 61 ED DB 4D 81 67
: 9E 68 A8 00
: }
: }
190 30 26: SEQUENCE {
192 06 7: OBJECT IDENTIFIER dhPublicNumber (1 2 840 10046 2 1)
: (ANSI X9.42 number-type)
201 30 15: SEQUENCE {
203 06 11: OBJECT IDENTIFIER '1 2 840 113549 1 9 16 3 6'
216 05 0: NULL
: }
: }
218 30 140: SEQUENCE {
221 30 68: SEQUENCE {
223 30 24: SEQUENCE {
225 30 18: SEQUENCE {
227 31 16: SET {
229 30 14: SEQUENCE {
231 06 3: OBJECT IDENTIFIER commonName (2 5 4 3)
: (X.520 id-at (2 5 4))
236 13 7: PrintableString 'CarlDSS'
: }
: }
: }
245 02 2: INTEGER 201
: }
249 04 40: OCTET STRING
: FF 20 83 91 5F 10 CF 38 80 DF 50 20 46 C3 30 3B
: 7D 2B E3 DB C1 18 07 E3 07 85 2B 6C AB 26 07 B9
: 2C E5 DD 89 40 7D E9 D5
: }
291 30 68: SEQUENCE {
293 30 24: SEQUENCE {
295 30 18: SEQUENCE {
297 31 16: SET {
299 30 14: SEQUENCE {
301 06 3: OBJECT IDENTIFIER commonName (2 5 4 3)
: (X.520 id-at (2 5 4))
306 13 7: PrintableString 'CarlDSS'
: }
: }
: }
315 02 2: INTEGER 212
: }
319 04 40: OCTET STRING
: BF 13 C2 4A A2 D4 08 6A 2B 60 4A B8 A1 6D 31 43
: F7 6B AE 35 64 23 D0 E6 80 79 BE 5F 25 2C 51 E3
: B9 0E 44 F3 83 79 B4 0E
: }
: }
: }
: }
361 30 67: SEQUENCE {
363 06 9: OBJECT IDENTIFIER data (1 2 840 113549 1 7 1)
: (PKCS #7)
374 30 20: SEQUENCE {
376 06 8: OBJECT IDENTIFIER des-EDE3-CBC (1 2 840 113549 3 7)
: (RSADSI encryptionAlgorithm (1 2 840 113549 3))
386 04 8: OCTET STRING
: 23 DF 7F DB 3D 98 00 F8
: }
396 80 32: [0]
: 74 29 02 33 4D 51 2E C4 C5 AE 32 D8 7F 9B 01 EB
: D2 CD C2 32 0A AA 90 8D A9 91 F3 21 32 8E 4E 76
: }
: }
: }
: }
6.6 Encrypted content, TripleDES and DH, previously-distributed keys 6.6 Encrypted content, TripleDES and DH, previously-distributed keys
Same as 6.1, except sent using a previously-distributed key. An Same as 6.1, except sent using a previously-distributed key. An
EnvelopedData from Alice to Bob of ExContent using TripleDES for EnvelopedData from Alice to Bob of ExContent using TripleDES for
encrypting and Diffie-Hellman for key management, using the encrypting and Diffie-Hellman for key management, using the
MailListTripleDES key. Does not have a OriginatorInfo or any MailListTripleDES key. Does not have a OriginatorInfo or any
attributes. attributes.
XXXXX Subject: Test subject
MIME-Version: 1.0
Content-Type: application/x-pkcs7-mime;
name="smime.p7m";
smime-type=enveloped-data
Content-Transfer-Encoding: base64
Content-Disposition: attachment;
filename="smime.p7m"
X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2115.300
MIAGCSqGSIb3DQEHA6CAMIACAQIxggFdoYIBBAIBA6CBlaGBkjAJBgcqhkjOPgIBA4
GEAAKBgE348O8WYkb+mh9JywImIJ1j0PIj84SnpKclqO31EcScZzkSiQQP+gqphImf
EwIGh7P7ywuoFuxdot8C2X/nDubhrrKImG3Z96h/FAh6/rgA6P10r2yesV1QvqfGgY
Bh9+o9zq/S1+Q8ssFH9j1nZzTLLL3rrG8W4ztmu4qX+Q89MB8GCyqGSIb3DQEJEAMF
MBAGCyqGSIb3DQEJEAMHAgE6MEYwRDAYMBIxEDAOBgNVBAMTB0NhcmxEU1MCAgDJBC
hTEv/IiYb58fJpBc1MQAJ1FSG33LdFbpRq8QirMU12JiHd9qAJjj9ColMCAQQwEwQR
TWFpbExpc3RUcmlwbGVERVMwDwYLKoZIhvcNAQkQAwYFAAQo/JV25qipslbuubZDLs
lEB93Y4rGtOJHpymNu+u5Fe7bpypVtjw4VWjCABgkqhkiG9w0BBwEwGQYIKoZIhvcN
AwIwDQIBOgQIj3hP9Fg2yEqggAQg4lYLOgn0NuOrSALLvtN4NzeVtYJ07hsW2OZ7Fq
QNmuoAAAAAAAAAAAAA
6.7 Encrypted content, RC2/40 and RSA, previously-distributed keys 6.7 Encrypted content, RC2/40 and RSA, previously-distributed keys
Same as 6.1, except sent using a previously-distributed key. An Same as 6.1, except sent using a previously-distributed key. An
EnvelopedData from Alice to Bob of ExContent using TripleDES for EnvelopedData from Alice to Bob of ExContent using RC2/40 for
encrypting and RSA for key management, using the MailListRC2 key. Does encrypting and RSA for key management, using the MailListRC2 key. Does
not have a OriginatorInfo or any attributes. not have a OriginatorInfo or any attributes.
XXXXX XXXXX
6.8 S/MIME application/pkcs7-mime encrypted message 6.8 S/MIME application/pkcs7-mime encrypted message
A full S/MIME message, including MIME, that includes the body part from A full S/MIME message, including MIME, that includes the body part from
6.1. 6.1.
XXXXX XXXXX
7. Digested-data 7. Digested-data
A DigestedData from Alice to Bob of ExContent using SHA-1. A DigestedData from Alice to Bob of ExContent using SHA-1.
XXXXX 0 30 90: SEQUENCE {
2 06 9: OBJECT IDENTIFIER digestedData (1 2 840 113549 1 7 5)
: (PKCS #7)
13 A0 77: [0] {
15 30 75: SEQUENCE {
17 02 1: INTEGER 0
20 30 7: SEQUENCE {
22 06 5: OBJECT IDENTIFIER sha1 (1 3 14 3 2 26)
: (OIW)
: }
29 30 39: SEQUENCE {
31 06 9: OBJECT IDENTIFIER data (1 2 840 113549 1 7 1)
: (PKCS #7)
42 A0 26: [0] {
44 04 24: OCTET STRING
: 54 68 69 73 20 73 6F 6D 65 20 73 61 6D 70 65 20
: 63 6F 6E 74 65 6E 74 2E
: }
: }
70 04 20: OCTET STRING
: 40 6A EC 08 52 79 BA 6E 16 02 2D 9E 06 29 C0 22
: 96 87 DD 48
: }
: }
: }
8. Encrypted-data 8. Encrypted-data
An EncryptedData from Alice to Bob of ExContent with no attributes. An EncryptedData from Alice to Bob of ExContent with no attributes.
XXXXX 0 30 87: SEQUENCE {
2 06 9: OBJECT IDENTIFIER encryptedData (1 2 840 113549 1 7 6)
: (PKCS #7)
13 A0 74: [0] {
15 30 72: SEQUENCE {
17 02 1: INTEGER 0
20 30 67: SEQUENCE {
22 06 9: OBJECT IDENTIFIER data (1 2 840 113549 1 7 1)
: (PKCS #7)
33 30 20: SEQUENCE {
35 06 8: OBJECT IDENTIFIER des-EDE3-CBC (1 2 840 113549 3 7)
: (RSADSI encryptionAlgorithm (1 2 840 113549 3))
45 04 8: OCTET STRING
: B3 6B 6B FB 62 31 08 4E
: }
55 80 32: [0]
: D7 6F D1 17 8F BD 02 F8 42 31 F5 C1 D2 A2 F7 4A
: 41 59 48 29 64 F6 75 24 82 54 22 3D AF 9A F8 E4
: }
: }
: }
: }
The TripleDES key is:
73 7c 79 1f 25 ea d0 e0 46 29 25 43 52 f7 dc 62
91 e5 cb 26 91 7a da 32
9. Authenticated-data 9. Authenticated-data
9.1 Authenticated data with no autenticated attributes 9.1 Authenticated data with no autenticated attributes
An AutenticatedData from Alice to Bob using XXXXXXXXXX with no An AutenticatedData from Alice to Bob using XXXXXXXXXX with no
authenticated attributes. authenticated attributes.
XXXXX XXXXX
skipping to change at line 372 skipping to change at line 3894
This section shows the steps needed to wrap keys, as described in This section shows the steps needed to wrap keys, as described in
section 12.6 of [CMS]. section 12.6 of [CMS].
10.1 Wrapping RC2 10.1 Wrapping RC2
This example shows how to wrap an RC2 key. This example shows how to wrap an RC2 key.
The CEK to be wrapped is The CEK to be wrapped is
b70a 25fb c9d8 6a86 050c e0d7 11ea d4d9 b70a 25fb c9d8 6a86 050c e0d7 11ea d4d9
The hash of the CEK is
0a6f f19f db40 4988
The random value used is The random value used is
4845 cce7 fd12 50 4845 cce7 fd12 50
The hash of the CEK is
0a6f f19f db40 4988
The CEK initialization vector is The CEK initialization vector is
c7d9 0059 b29e 97f7 c7d9 0059 b29e 97f7
The KEK is The KEK is
fd04 fd08 0607 07fb 0003 feff fd02 fe05 fd04 fd08 0607 07fb 0003 feff fd02 fe05
The "Pre Encrypt #1" is The "Pre Encrypt #1" is
10b7 0a25 fbc9 d86a 8605 0ce0 d711 ead4 10b7 0a25 fbc9 d86a 8605 0ce0 d711 ead4
d9 4845 cce7 fd12 500a 6ff1 9fdb 4049 88 d9 4845 cce7 fd12 500a 6ff1 9fdb 4049 88
skipping to change at line 400 skipping to change at line 3922
b870 ce04 f555 8ce4 6012 9337 59a2 1da0 b870 ce04 f555 8ce4 6012 9337 59a2 1da0
f797 9eb2 5900 d9c7 f797 9eb2 5900 d9c7
The wrapped CEK is The wrapped CEK is
70e6 99fb 5701 f783 3330 fb71 e87c 85a4 70e6 99fb 5701 f783 3330 fb71 e87c 85a4
20bd c99a f05d 22af 5a0e 48d3 5f31 3898 20bd c99a f05d 22af 5a0e 48d3 5f31 3898
6cba afb4 b28d 4f35 6cba afb4 b28d 4f35
10.2 Wrapping TripleDES 10.2 Wrapping TripleDES
XXXXX This example shows how to wrap an TripleDES key.
The CEK to be wrapped is
2923 bf85 e06d d6ae 5291 49f1 f1ba e9ea b3a7 da3d 860d 3e98
The hash of the CEK is
181b 7e96 86e04a4e
The CEK initialization vector is
5dd4 cbfc 96f5 453b
The KEK is
255e 0d1c 07b6 46df b313 4cc8 43ba 8aa7 1f02 5b7c 0838 251f
The "Pre Encrypt #1" is
29 23 bf 85 e0 6d d6 ae 52 91 49 f1 f1 ba e9 ea
b3 a7 da 3d 86 0d 3e 98 18 1b 7e 96 86 e0 4a 4e
The "Pre Encrypt #2" is
49 84 9d 72 5f cc 4d a4 f6 60 79 7a 3b 97 1f 5c
03 cc 92 ef 04 32 9a b4 2a dd 75 c6 89 a7 c1 cf
3b 45 f5 96 fc cb d4 5d
The wrapped CEK is
69 01 07 61 8e f0 92 b3 b4 8c a1 79 6b 23 4a e9
fa 33 eb b4 15 96 04 03 7d b5 d6 a8 4e b3 aa c2
76 8c 63 27 75 a4 67 d4
11. ESS Examples 11. ESS Examples
11.1 ReceiptRequest 11.1 ReceiptRequest
Alice asks Bob for a reciept on the message in 5.1. Alice asks Diane for a reciept on the message in 5.1.
XXXXX XXXXX
11.2 Receipt 11.2 Receipt
Bob gives Alice a receipt for the message in 11.1. Diane gives Alice a receipt for the message in 11.1.
XXXXX XXXXX
11.3 eSSSecurityLabel 11.3 eSSSecurityLabel
Alice includes a security label in the message in 5.1. Alice includes a security label in the message in 5.1.
XXXXX XXXXX
11.4 EquivalentLabels 11.4 EquivalentLabels
skipping to change at line 525 skipping to change at line 4073
{ &EndCurrFile(substr($Line, 2)) } # End the current file { &EndCurrFile(substr($Line, 2)) } # End the current file
else { &DoBase64(substr($Line, 1)) } # It is a line of Base64 else { &DoBase64(substr($Line, 1)) } # It is a line of Base64
} }
sub StartNewFile { sub StartNewFile {
$TheNewFile = shift(@_); $TheNewFile = shift(@_);
if($CurrFile ne '') { die "Was about to start a new file at " . if($CurrFile ne '') { die "Was about to start a new file at " .
"line $LineCount, but the old file, $CurrFile, was open\n" } "line $LineCount, but the old file, $CurrFile, was open\n" }
open(OUT, ">$TheNewFile") or open(OUT, ">$TheNewFile") or
die "Could not open $TheNewFile for writing: $!\n"; die "Could not open $TheNewFile for writing: $!\n";
binmode(OUT); # This is needed for Windows, is a noop on Unix
$CurrFile = $TheNewFile; $CurrFile = $TheNewFile;
$LeftOver = 0; # Amount left from previous Base64 character $LeftOver = 0; # Amount left from previous Base64 character
$NextPos = 0; # Bit position to start the next Base64 character $NextPos = 0; # Bit position to start the next Base64 character
# (bits are numbered 01234567) # (bits are numbered 01234567)
$OutString = ''; # Holds the text going out to the file $OutString = ''; # Holds the text going out to the file
} }
sub EndCurrFile { sub EndCurrFile {
$FileToEnd = shift(@_); $FileToEnd = shift(@_);
if($CurrFile ne $FileToEnd) { die "Was about to close " . if($CurrFile ne $FileToEnd) { die "Was about to close " .
skipping to change at line 578 skipping to change at line 4127
} elsif ($NextPos == 6) { } elsif ($NextPos == 6) {
# Add upper 2 bits of $ThisVal to $LeftOver and output # Add upper 2 bits of $ThisVal to $LeftOver and output
$Upper2 = ($ThisVal & 48); $Upper2 = ($ThisVal & 48);
$OutString .= chr($LeftOver + ($Upper2/16)); $OutString .= chr($LeftOver + ($Upper2/16));
$LeftOver = (($ThisVal - $Upper2) * 16); $LeftOver = (($ThisVal - $Upper2) * 16);
$NextPos = 4; $NextPos = 4;
} else { die "\$NextPos has an illegal value: $NextPos." } } else { die "\$NextPos has an illegal value: $NextPos." }
} }
} }
B.3 Examples by section C. Examples by section
B.3.1 Examples from section 3.1 Example from section 3.1 (content)
|* ExContent is just the message; creator: [PH] |* ExContent is just the message
|* Creator: [PH]
|>ExContent.bin |>ExContent.bin
|VGhpcyBpcyBzb21lIHNhbXBsZSBjb250ZW50Lg== |VGhpcyBpcyBzb21lIHNhbXBsZSBjb250ZW50Lg==
|<ExContent.bin |<ExContent.bin
B.3.2 Examples from section 3.2 Examples from section 3.2 (private keys)
|* Here is the gang of keys |* AlicePrivDSSSign.pri
|>AlicePrivDSSSign.key |* Creator: [JS]
|blablahblah |>AlicePrivDSSSign.pri
|moreblahblahblah |MIIBSwIBADCCASsGByqGSM44BAEwggEeAoGBAIGNze2D6gqeOT7CSCij5EeT3Q7XqA7sU8
|<AlicePrivDSSSign.key |WrhAhP/5Thc0h+DNbzREjR/p+vpKGJL+HZMMg23j+bv7dM3F9piuR10DcMkQiVm96nXvn8
|>AlicePrivRSASign.key |9J8v3UOoi1TxP7AHCEdNXYjDw7Wz41UIddU5dhDEeL3/nbCElzfy5FEbteQJllzzflvbAh
|BlablahblaH |UA4kemGkVmuBPG2o+4NyErYov3k80CgYAmONAUiTKqOfs+bdlLWWpMdiM5BAI1XPLLGjDD
|MoreblahblahBlah |HlBd3ZtZ4s2qBT1YwHuiNrhuB699ikIlp/R1z0oIXks+kPht6pzJIYo7dhTpzi5dowfNI4
|<AlicePrivRSASign.key |W4LzABfG1JiRGJNkS9+MiVSlNWteL5c+waYTYfEX/Cve3RUP+YdMLRgUpgObo2OQQXAhUA
. . . |u0RG0aXJRgcu0P561pIH8JqFiT8=
|<AlicePrivDSSSign.pri
B.10.1 Examples from section 10.1 |* AlicePrivRSASign.pri
|* Creator: [JS]
|>AlicePrivRSASign.pri
|MIICdgIBADANBgkqhkiG9w0BAQEFAASCAmAwggJcAgEAAoGBAOCJczmN2PX16Id2OX9OsA
|W7U4PeD7er3H3HdSkNBS5tEt+mhibU0m+qWCn8l+z6glEPMIC+sVCeRkTxLLvYMs/GaG8H
|2bBgrL7uNAlqE/X3BQWT3166NVbZYf8Zf8mB5vhs6odAcO+sbSx0ny36VTq5mXcCpkhSjE
|7zVzhXdFdfAgMBAAECgYAApAPDJ0d2NDRspoa1eUkBSy6K0shissfXSAlqi5H3NvJ11ujN
|FZBgJzFHNWRNlc1nY860n1asLzduHO4Ovygt9DmQbzTYbghb1WVq2EHzE9ctOV7+M8v/Ke
|QDCz0Foo+38Y6idjeweVfTLyvehwYifQRmXskbr4saw+yRRKt/IQJBAPbW4CIhTF8KcP8n
|/OWzUGqd5Q+1hZbGQPqoCrSbmwxVwgEd+TeCihTI8pMOks2lZiG5PNIGv7RVMcncrcqYLd
|ECQQDo3rARJQnSAlEB3oromFD1d3dhpEWTawhVlnNd9MhbEpMic4t/03B/9aSqu3T9PCJq
|2jiRKoZbbBTorkye+o4vAkEAl0zwh5sXf+4bgxsUtgtqkF+GJ1Hht6B/9eSI41m5+R6b0y
|l3OCJI1yKxJZi6PVlTt/oeILLIURYjdZNR56vN8QJALPAkW/qgzYUi6tBuT/pszSHTyOTx
|hERIZHPXKY9+RozsFd7kUbOU5yyZLVVleyTqo2IfPmxNZ0ERO+G+6YMCgwJAWIjZoVA4hG
|qrA7y730v0nG+4tCol+/bkBS9u4oiJIW9LJZ7Qq1CTyr9AcewhJcV/+wLpIZa4M83ixpXu
|b41fKA==
|<AlicePrivRSASign.pri
|* The CEK to be wrapped |* BobPrivDHEncrypt.pri
|>RC2CEK.bin |* Creator: [JS]
|<RC2CEK.bin |>BobPrivDHEncrypt.pri
|MIIBYwIBADCCATgGByqGSM4+AgEwggErAoGBAOwszaTvmiYvYqe7I03fKyXBaNKeqUVbNv
|GUiRqvfREknT25PCno1yOAM6aeRQK7qsyeKAWVoLMXdsH3JTVhAkGSJwxerkjl824475HR
|zzf+mkCXyC01np2TxvgVrz/adDq3xJO1ubt2bB+ofrw6qkMKgWT8Y/B7cZj6wDh5EBozAo
|GBALoL13Q95zTlTBOnlZa78eRhNwj7Esf7nJF3Bpk18EgkljMSAX6N7Av2ssBjpxXFXpWG
|onPFSUY3eWD9dwUJSJtwjTwF9s5ELH99GysV3fMFL76FII+N+bSgRXQr9DudQmI0JyeBjm
|8PXmKFicztIcORcAZU7nCoklVbbhkiTWKnAiEAw6tKMHmz05dOyvWifcdwo0Xzs6KGBdI+
|Sfmf2Qqzvr0EIgIgIPxngu7PSqbI5YPSjDuK0kUyEScybIbsZspxrfAZTfc=
|<BobPrivDHEncrypt.pri
|* The hash of the CEK |* BobPrivRSAEncrypt.pri
|>RC2CEKHash.bin |* Creator: [JS]
|<RC2CEKHash.bin |>BobPrivRSAEncrypt.pri
|MIICdgIBADANBgkqhkiG9w0BAQEFAASCAmAwggJcAgEAAoGBAORL/xi4JFf0d/9uc3uTcV
|y8MxqSknIj2EFG0M0ROgSzjq+Cnb1RHhd68nYsK4Y5p73XjRpT7OQA1ejsojax7eJQ4jIJ
|ij+fmSWPuE6ruX3VlmXaFqDFvg6uRFvvXvSnKcuC3axE6aqTlCkO+BjWyFde8nbE8hFgOL
|kbPB2XyWrxAgMBAAECgYEArnPkW19bZlrJ18bvOF9TISovYv7eKZp6hmc2531ieHU9c6C8
|KQ7zj73Dycm2+LrWE5vDl3rKavC4hWVOD72nqPdUBkG969wgd5DfYZuab3Te6jvUnIdg7X
|aE8WowN9XgkBb4gEfDGWvtdXe6Su05tl0CRztfG8gcq8vo9SY/pIECQQD/3wmgVgtCUp7E
|TZOzsEm73ueBfSiZ0LFIugs54Rx7IhgztkD2v9yuHdChrQRxWmEKbjvOMNo2n2UlKbunDn
|8LAkEA5GloGF/5V9B8ZokPumMdcssgpIF2ZInNfdHCJ6kurHpWmoUH2TADowOrf4iSUCQB
|qhsHHyBMt8l7Vve2wn6rcwJAVzZsj4wEdmy21O4kRAD4gOKvQgGpDxSE+OcA4I+MJ6QtX6
|LlbbVjwK1E6XaRpxlJLkb4d4VLO4cE8K/S2FQmlQJAZKEPrFV0G70NYXsXA82w5qcZHYCv
|8UFI2Bq2iBSgLHrFdtQPDh96KrJuNwSrOUVzukaoD42CXyIUBc+io/N8gwJAJh4dHKGYK+
|TbOOhXbmtzGYhhOvp0SjaLR2hdUOsm4+p9m05lqa97q0sudlE9qNARq6PWqMAnNh1UC6qn
|0W2N+g==
|<BobPrivRSAEncrypt.pri
|* The random value used |* CarlPrivDSSSign.pri
|>RC2Rand.bin |* Creator: [JS]
|<RC2Rand.bin |>CarlPrivDSSSign.pri
|MIIBSgIBADCCASsGByqGSM44BAEwggEeAoGBALZJGD6KRMEpcZRMAcQSwXp5y1RNqx6B+8
|ZMsw6UCQbrAdSxyHFLx0XAUCVdnPza5G3T4oZIhIJ9uhWVShb2Ru3d9pjSu36KCoq6Fnu5
|UAFIk4vrJRVRl1Xcj1MOEKlQ/HC3zTBU/dreqKoitaGvi8wCiOeLcF+5reEI1G0pLdbpAh
|UA3cEv31POCzRgdz4CpL+KXZi5ENUCgYAM7lebS73atgdqdDdPVX+d7bxhDetGWTxWCytb
|DJHOpWJSacrhbT69v/7ht7krYTyty65F4wasjCKdnESHC8fN8BzZtU5dc96vDskdWlH1T0
|R5NVpzqn9GUR+pQhacSOuKeWG01S9TIkRjH4a4o1gGJfgpwO+64HXwQsRjZVKbCgQWAhQZ
|szilIWIxUOV/uT4IRnjRPrXlcg==
|<CarlPrivDSSSign.pri
|* The CEK initialization vector |* CarlPrivRSASign.pri
|>RC2CEKIV.bin |* Creator: [JS]
|<RC2CEKIV.bin |>CarlPrivRSASign.pri
|MIICdgIBADANBgkqhkiG9w0BAQEFAASCAmAwggJcAgEAAoGBAORL/xi4JFf0d/9uc3uTcV
|y8MxqSknIj2EFG0M0ROgSzjq+Cnb1RHhd68nYsK4Y5p73XjRpT7OQA1ejsojax7eJQ4jIJ
|ij+fmSWPuE6ruX3VlmXaFqDFvg6uRFvvXvSnKcuC3axE6aqTlCkO+BjWyFde8nbE8hFgOL
|kbPB2XyWrxAgMBAAECgYEArnPkW19bZlrJ18bvOF9TISovYv7eKZp6hmc2531ieHU9c6C8
|KQ7zj73Dycm2+LrWE5vDl3rKavC4hWVOD72nqPdUBkG969wgd5DfYZuab3Te6jvUnIdg7X
|aE8WowN9XgkBb4gEfDGWvtdXe6Su05tl0CRztfG8gcq8vo9SY/pIECQQD/3wmgVgtCUp7E
|TZOzsEm73ueBfSiZ0LFIugs54Rx7IhgztkD2v9yuHdChrQRxWmEKbjvOMNo2n2UlKbunDn
|8LAkEA5GloGF/5V9B8ZokPumMdcssgpIF2ZInNfdHCJ6kurHpWmoUH2TADowOrf4iSUCQB
|qhsHHyBMt8l7Vve2wn6rcwJAVzZsj4wEdmy21O4kRAD4gOKvQgGpDxSE+OcA4I+MJ6QtX6
|LlbbVjwK1E6XaRpxlJLkb4d4VLO4cE8K/S2FQmlQJAZKEPrFV0G70NYXsXA82w5qcZHYCv
|8UFI2Bq2iBSgLHrFdtQPDh96KrJuNwSrOUVzukaoD42CXyIUBc+io/N8gwJAJh4dHKGYK+
|TbOOhXbmtzGYhhOvp0SjaLR2hdUOsm4+p9m05lqa97q0sudlE9qNARq6PWqMAnNh1UC6qn
|0W2N+g==
|<CarlPrivRSASign.pri
|* The KEK |* DianePrivDHEncrypt.pri
|>RC2KEK.bin |* Creator: [JS]
|<RC2KEK.bin |>DianePrivDHEncrypt.pri
|MIIBYgIBADCCATcGByqGSM4+AgEwggEqAoGBAMpukcKwvahY8jEhdLsf5BC90JOifmHhPb
|ojBBbQZjm9O80FdEjxA3CV9AVjbS6/mrf/l/85u2PbTaRx2JSatPKKPZ+3XY3K4q+1D88F
|ZYJobkPS9ARfA4v5UPXIbAUmvL82D1zDUWpn6HUyZniRY+j+NOcZtnBseDg2gtI0NsLfAo
|GAbtZ2NkvkWQdXXxiaENIxXKYQsCaWQk18o6HTnqWAsh83EUl8ipnYVj+TUe1uVPtu27L8
|NMDnyh5YK9U9O9yucSHZO1a4p/ZNIlJfQbrVHoJpbN1wccxsO++EqXGLqTsqCfi9/ctRvC
|4uyj4wjPpUnn0NA+LfY2Jt81CCJ9zRmfcCIQCqBWX73U6oAvE0Oeej/H1GELhd8C7yxdFe
|onRM2g9OHwQiAiBYLomrVzR9PPWadct9mYoZLzx6poXJLxtaRwPjghbkmw==
|<DianePrivDHEncrypt.pri
|* The "Pre Encrypt #1" |* DianePrivRSASignEncrypt.pri
|>RC2Pre1.bin |* Creator: [JS]
|<RC2Pre1.bin |>DianePrivRSASignEncrypt.pri
|MIICdwIBADANBgkqhkiG9w0BAQEFAASCAmEwggJdAgEAAoGBANb9uMBwxkwl7OrP6ny7om
|L68OYyOlP/sZJaF/Qg4ZkkggrQ9nz7RMqLJwbxfiYDqXadz+ygLHCW8oNC9tS3KAq7+L9K
|TBk/B9ugwWAet35n996xw2BJrEXX+MbvCDchk0fu8HM1crACxPMRw15H5Qq3g/HbdGlki0
|QdlV3NKMCFAgMBAAECgYA9vc3CDmEUW0vnv2AjBCvFazWllkUj/Gl9kzwP0yWWumJSQuKW
|z/5YgI/rsYy91A1l0Dp3RSSeDOuGgMOsIRFxROOyqKkurBfSo4QlY7W8Lx7d9iH/FSAkW/
|GAL9VBDjIk99RKMp65SdgZjj85jWK9gPwMJJKT5MPXBZFTu5a2QQJBAPO4P0rRlLCRYBNB
|kg2NRD93Hf+WI0QI1AtwyRqv6ZCU8rDVX08ZhVChkJGuvQV2UrMi2Kh8jlR/AHJPNnVoc7
|UCQQDh0ucRVwaucpUiFqoCtFrtTp2CEU+WPIbJEI1WezF1eWnndWg4AEsu0iYy3bHi4CxU
|gAp1utFmlhuwDqB+0ruRAkEAr7a82yJzQ0HstLVnqaGZ/O/Sjv0d++Upi/4K39TIXlclCl
|0r1AmgVlvFsWL8IL4ILeMHtaHns//EwKVfrBJcqQJBALmYQfwIUB9zYIoBonxSiiBa6iyJ
|2aUZ3ZTGG8MlwIJR5O4rmhncc+3pHSfU+GwD3asdCHu1rH/pgpvxiYpx22ECQAEHIZdfem
|Co/VpcB9+o3vfisTR9/OuRvbBzdMjEvj9YRTAGkLOsacyz9z98rMe4G2WhFjk5sON0fc/N
|xaxsv+U=
|<DianePrivRSASignEncrypt.pri
|* The "Pre Encrypt #2" |* DianePrivDSSSign.pri
|>RC2Pre2.bin |* Creator: [JS]
|<RC2Pre2.bin |>DianePrivDSSSign.pri
|MIIBSwIBADCCASsGByqGSM44BAEwggEeAoGBALZJGD6KRMEpcZRMAcQSwXp5y1RNqx6B+8
|ZMsw6UCQbrAdSxyHFLx0XAUCVdnPza5G3T4oZIhIJ9uhWVShb2Ru3d9pjSu36KCoq6Fnu5
|UAFIk4vrJRVRl1Xcj1MOEKlQ/HC3zTBU/dreqKoitaGvi8wCiOeLcF+5reEI1G0pLdbpAh
|UA3cEv31POCzRgdz4CpL+KXZi5ENUCgYAM7lebS73atgdqdDdPVX+d7bxhDetGWTxWCytb
|DJHOpWJSacrhbT69v/7ht7krYTyty65F4wasjCKdnESHC8fN8BzZtU5dc96vDskdWlH1T0
|R5NVpzqn9GUR+pQhacSOuKeWG01S9TIkRjH4a4o1gGJfgpwO+64HXwQsRjZVKbCgQXAhUA
|lpX54MHgQS0yD4tCUpMq5h4OISk=
|<DianePrivDSSSign.pri
|* The wrapped CEK |* EricaPrivDHEncryptBobParam.pri
|>RC2Wrapped.bin |* Creator: [JS]
|<RC2Wrapped.bin |>EricaPrivDHEncryptBobParam.pri
|MIIBYwIBADCCATgGByqGSM4+AgEwggErAoGBAOwszaTvmiYvYqe7I03fKyXBaNKeqUVbNv
|GUiRqvfREknT25PCno1yOAM6aeRQK7qsyeKAWVoLMXdsH3JTVhAkGSJwxerkjl824475HR
|zzf+mkCXyC01np2TxvgVrz/adDq3xJO1ubt2bB+ofrw6qkMKgWT8Y/B7cZj6wDh5EBozAo
|GBALoL13Q95zTlTBOnlZa78eRhNwj7Esf7nJF3Bpk18EgkljMSAX6N7Av2ssBjpxXFXpWG
|onPFSUY3eWD9dwUJSJtwjTwF9s5ELH99GysV3fMFL76FII+N+bSgRXQr9DudQmI0JyeBjm
|8PXmKFicztIcORcAZU7nCoklVbbhkiTWKnAiEAw6tKMHmz05dOyvWifcdwo0Xzs6KGBdI+
|Sfmf2Qqzvr0EIgIgSGQR5BcBEubB05xwfXyml5W9yJUH989BEacTkfswPYw=
|<EricaPrivDHEncryptBobParam.pri
C. Acknowledgments |* MailListTripleDES.bin
|* Creator: [JS]
|>MailListTripleDES.bin
|JV4NHAe2Rt+zE0zIQ7qKpx8CW3wIOCUf
|<MailListTripleDES.bin
|* MailListRc2.bin
|* Creator: [JS]
|>MailListRc2.bin
|tw0KJfvJ2GqGBQzg1xHq1Nk=
|<MailListRc2.bin
Examples from section 3.3 (certificates)
|* AliceDSSSignByCarlNoInherit.cer
|* Creator: [JS]
|>AliceDSSSignByCarlNoInherit.cer
|MIIC3jCCAp2gAwIBAgICAMgwCQYHKoZIzjgEAzASMRAwDgYDVQQDEwdDYXJsRFNTMB4XDT
|k5MDgxNzAxMTA0OVoXDTM5MTIzMTIzNTk1OVowEzERMA8GA1UEAxMIQWxpY2VEU1MwggG2
|MIIBKwYHKoZIzjgEATCCAR4CgYEAgY3N7YPqCp45PsJIKKPkR5PdDteoDuxTxauECE//lO
|FzSH4M1vNESNH+n6+koYkv4dkwyDbeP5u/t0zcX2mK5HXQNwyRCJWb3qde+fz0ny/dQ6iL
|VPE/sAcIR01diMPDtbPjVQh11Tl2EMR4vf+dsISXN/LkURu15AmWXPN+W9sCFQDiR6YaRW
|a4E8baj7g3IStii/eTzQKBgCY40BSJMqo5+z5t2UtZakx2IzkEAjVc8ssaMMMeUF3dm1ni
|zaoFPVjAe6I2uG4Hr32KQiWn9HXPSgheSz6Q+G3qnMkhijt2FOnOLl2jB80jhbgvMAF8bU
|mJEYk2RL34yJVKU1a14vlz7BphNh8Rf8K97dFQ/5h0wtGBSmA5ujY5A4GEAAKBgFzjuVp1
|FJYLqXrd4z+p7Kxe3L23ExE0phaJKBEj2TSGZ3V1ExI9Q1tv5VG/+onyohs+JH09B41bY8
|i7RaWgSuOF1s4GgD/oI34a8iSrUxq4Jw0e7wi/ZhSAXGKsZfoVi/G7NNTSljf2YUeyxDKE
|8H5BQP1Gp2NOM/Kl4vTyg+W4o4GDMIGAMCAGA1UdEQQZMBeBFWFsaWNlRHNzQGV4YW1wbG
|VzLmNvbTAMBgNVHRMBAf8EAjAAMA4GA1UdDwEB/wQEAwIGwDAfBgNVHSMEGDAWgBRwRD6C
|Lm+H3krTdeM9ILxDK5PxHzAdBgNVHQ4EFgQUvmyhs+PB9+1DcKTOEwHi/eOX/s0wCQYHKo
|ZIzjgEAwMwADAtAhUAmLDGP89xR1o1qUqPwPgkBehGlI4CFFufSMCMocECnETq6aGHwaV/
|KC27
|<AliceDSSSignByCarlNoInherit.cer
|* AliceRSASignByCarl.cer
|* Creator: [JS]
|>AliceRSASignByCarl.cer
|MIICAjCCAW+gAwIBAgIQRjRrx4AAVrwR024uxBCzsDAJBgUrDgMCHQUAMBIxEDAOBgNVBA
|MTB0NhcmxSU0EwHhcNOTkwOTE5MDEwODQ3WhcNMzkxMjMxMjM1OTU5WjATMREwDwYDVQQD
|EwhBbGljZVJTQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA4IlzOY3Y9fXoh3Y5f0
|6wBbtTg94Pt6vcfcd1KQ0FLm0S36aGJtTSb6pYKfyX7PqCUQ8wgL6xUJ5GRPEsu9gyz8Zo
|bwfZsGCsvu40CWoT9fcFBZPfXro1Vtlh/xl/yYHm+Gzqh0Bw76xtLHSfLfpVOrmZdwKmSF
|KMTvNXOFd0V18CAwEAAaNgMF4wDAYDVR0TAQH/BAIwADAOBgNVHQ8BAf8EBAMCBsAwHwYD
|VR0jBBgwFoAU6eCQJ6x4IHqa00zyQjdOIq6eOLswHQYDVR0OBBYEFHfStNG3TIqKo85Fnc
|7sPKA64/9QMAkGBSsOAwIdBQADgYEAvzQy5vxqiEF98FyZoZO3SbcCUh7LhKyT11grAKGc
|xEhImd0Cw8YF+NIl8aOcyTMBinYOb3dDo7/h5rNqBHk57uHp5Z1QB4si3BJQ4/O0PZ7lk5
|6xzTP54KuYcQn467D8nOzxiNiuA9H+YOFiFLGiI9LIjRgfXu6bcgInwoU9BC4=
|<AliceRSASignByCarl.cer
|* BobDHEncryptByCarl.cer
|* Creator: [JS]
|>BobDHEncryptByCarl.cer
|MIIDYjCCAyGgAwIBAgICAMkwCQYHKoZIzjgEAzASMRAwDgYDVQQDEwdDYXJsRFNTMB4XDT
|k5MDgxNzAxMTgyOFoXDTM5MTIzMTIzNTk1OVowEDEOMAwGA1UEAxMFYm9iREgwggJCMIIB
|twYHKoZIzj4CATCCAaoCgYEA7CzNpO+aJi9ip7sjTd8rJcFo0p6pRVs28ZSJGq99ESSdPb
|k8KejXI4Azpp5FAruqzJ4oBZWgsxd2wfclNWECQZInDF6uSOXzbjjvkdHPN/6aQJfILTWe
|nZPG+BWvP9p0OrfEk7W5u3ZsH6h+vDqqQwqBZPxj8HtxmPrAOHkQGjMCgYEAugvXdD3nNO
|VME6eVlrvx5GE3CPsSx/uckXcGmTXwSCSWMxIBfo3sC/aywGOnFcVelYaic8VJRjd5YP13
|BQlIm3CNPAX2zkQsf30bKxXd8wUvvoUgj435tKBFdCv0O51CYjQnJ4GObw9eYoWJzO0hw5
|FwBlTucKiSVVtuGSJNYqcCIQDDq0owebPTl07K9aJ9x3CjRfOzooYF0j5J+Z/ZCrO+vQJh
|ATT+wjNI6/Y7l9nkl6dgpSVpNPv9RirWycTF99b0BBmNlNmKN2hpZ1X78msOR8VbC0sOHB
|qLe3W3qsOq1+s72iqNAoc3R4PXMbQlqKy7EYhTHBGStmnnLpDBevyH9PbXGjAaAxUAuf8c
|k0RnN9Gy+FeaMkrJSv877B4CAR0DgYQAAoGAb9T2zZSabq9bVxeWdbsPuUjpkDcNFSDCVR
|4T4q5xF4TDDnSuilV/KH2L1yginHZG1ztPndFNG7LbUZTFbVSWQDiKOIFjSozDHgmJdKZY
|1chaPc+7uCN/nB99ePqe+ZCekedLwqS+RQZ4Qlg9n2Ms74TUZ+X7xm2iNilnkEbbTkijfz
|B9MB0GA1UdEQQWMBSBEmJvYkRoQGV4YW1wbGVzLmNvbTAMBgNVHRMBAf8EAjAAMA4GA1Ud
|DwEB/wQEAwIDCDAfBgNVHSMEGDAWgBRwRD6CLm+H3krTdeM9ILxDK5PxHzAdBgNVHQ4EFg
|QUJv8ZSMNZM2hWjX7IgGhczzxy3SYwCQYHKoZIzjgEAwMwADAtAhQV6hVD40kihsG75drk
|DrgJ4NVyNQIVAK5PUSlzcXWpgevtnV4AGX7w3lrW
|<BobDHEncryptByCarl.cer
|* BobRSASignByCarl.cer
|* Creator: [JS]
|>BobRSASignByCarl.cer
|MIICADCCAW2gAwIBAgIQRjRrx4AAVrwR024uzV1x0DAJBgUrDgMCHQUAMBIxEDAOBgNVBA
|MTB0NhcmxSU0EwHhcNOTkwOTE5MDEwOTAyWhcNMzkxMjMxMjM1OTU5WjARMQ8wDQYDVQQD
|EwZCb2JSU0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMpc4S7sz8E7XRAb31Q1cZ
|kKCdg95GG/oL4KvhGkPLU4QUFIBOFbsRccU7X0xRXT/gz7DKzqgBg2A35Bk1PXQHRJ29nG
|r/7Wyg3KAYSPoemjACEnUdVAGarjwDB4W6Cy5sEtJDbLrkQQgrDddNf261Ensqe2rXjKpx
|tZURjvKAxTAgMBAAGjYDBeMAwGA1UdEwEB/wQCMAAwDgYDVR0PAQH/BAQDAgUgMB8GA1Ud
|IwQYMBaAFOngkCeseCB6mtNM8kI3TiKunji7MB0GA1UdDgQWBBTo9Lhn2LOWpCrzEaop05
|Vahha0JDAJBgUrDgMCHQUAA4GBAJj6r30hAaqziLzx7xJfTVgw2I5OvOEssn5oV40MQ1zX
|HkXR95Uz4qB1yhPIU7wzJpuzyFDfzYRqG+hIyELQgWNsMxm+Amn2FjF/1JnfgHrzO/gbKX
|0mUTcDIj/2FT0w8zKK8a6X3tf1FqmnrccVr1M+qCWRssRfTmoVV0dQvLL6
|<BobRSASignByCarl.cer
|* CarlDSSSelf.cer
|* Creator: [JS]
|>CarlDSSSelf.cer
|MIICmzCCAlqgAwIBAgIBATAJBgcqhkjOOAQDMBIxEDAOBgNVBAMTB0NhcmxEU1MwHhcNOT
|kwODE2MjI1MDUwWhcNMzkxMjMxMjM1OTU5WjASMRAwDgYDVQQDEwdDYXJsRFNTMIIBtzCC
|ASsGByqGSM44BAEwggEeAoGBALZJGD6KRMEpcZRMAcQSwXp5y1RNqx6B+8ZMsw6UCQbrAd
|SxyHFLx0XAUCVdnPza5G3T4oZIhIJ9uhWVShb2Ru3d9pjSu36KCoq6Fnu5UAFIk4vrJRVR
|l1Xcj1MOEKlQ/HC3zTBU/dreqKoitaGvi8wCiOeLcF+5reEI1G0pLdbpAhUA3cEv31POCz
|Rgdz4CpL+KXZi5ENUCgYAM7lebS73atgdqdDdPVX+d7bxhDetGWTxWCytbDJHOpWJSacrh
|bT69v/7ht7krYTyty65F4wasjCKdnESHC8fN8BzZtU5dc96vDskdWlH1T0R5NVpzqn9GUR
|+pQhacSOuKeWG01S9TIkRjH4a4o1gGJfgpwO+64HXwQsRjZVKbCgOBhQACgYEAmYd0JwNm
|oLHArdwsdbvhbESc2iFtTUdtsWIJ6diuHvI6tJSxo456m3FOAJTJtCVOuWCWGSQB82IM/n
|XA+87YaADj/dVwT98jlhkGlPSxYY86V7EIEaQLJiXwUnaB6gtiDZUq5oa6crKnUIMLqifN
|G6lNiZrXjRg5hD+LxVZNgHqjQjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAg
|GGMB0GA1UdDgQWBBRwRD6CLm+H3krTdeM9ILxDK5PxHzAJBgcqhkjOOAQDAzAAMC0CFGup
|8E56Wnnj+b49K8kGN+kRF6ETAhUAjzRpKouxPAN5lDJNEh/OiftGsjs=
|<CarlDSSSelf.cer
|* CarlRSASelf.cer
|>CarlRSASelf.cer
|MIIB4zCCAVCgAwIBAgIQRjRrx4AAVrwR024un/JQIDAJBgUrDgMCHQUAMBIxEDAOBgNVBA
|MTB0NhcmxSU0EwHhcNOTkwOTE5MDEwNzQ2WhcNMzkxMjMxMjM1OTU5WjASMRAwDgYDVQQD
|EwdDYXJsUlNBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDkS/8YuCRX9Hf/bnN7k3
|FcvDMakpJyI9hBRtDNEToEs46vgp29UR4XevJ2LCuGOae9140aU+zkANXo7KI2se3iUOIy
|CYo/n5klj7hOq7l91ZZl2hagxb4OrkRb7170pynLgt2sROmqk5QpDvgY1shXXvJ2xPIRYD
|i5Gzwdl8lq8QIDAQABo0IwQDAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBhjAd
|BgNVHQ4EFgQU6eCQJ6x4IHqa00zyQjdOIq6eOLswCQYFKw4DAh0FAAOBgQArcbS3bE4Iwu
|qpPVLed3adQPcmcF8wrAZ4CpvHIlXDcmqGnsNUQAJThWF12Q81cb7XTku2t4wAzhUyOHCb
|PO5yCiKPsRs80L2XFcfrUjHhUaE9WvLqkKGZ3Yv9GAwsisSJYn9rabPyv97FROPR4YZ0Vz
|Roc5AG+qxrlp5fgJA7vA==
|<CarlRSASelf.cer
|* DianeDHEncryptByCarl.cer
|* Creator: [JS]
|>DianeDHEncryptByCarl.cer
|MIIDZTCCAyWgAwIBAgICANMwCQYHKoZIzjgEAzASMRAwDgYDVQQDEwdDYXJsRFNTMB4XDT
|k5MDgxNzAyMTY1N1oXDTM5MTIzMTIzNTk1OVowEjEQMA4GA1UEAxMHRGlhbmVESDCCAkEw
|ggG2BgcqhkjOPgIBMIIBqQKBgQDKbpHCsL2oWPIxIXS7H+QQvdCTon5h4T26IwQW0GY5vT
|vNBXRI8QNwlfQFY20uv5q3/5f/Obtj202kcdiUmrTyij2ft12NyuKvtQ/PBWWCaG5D0vQE
|XwOL+VD1yGwFJry/Ng9cw1FqZ+h1MmZ4kWPo/jTnGbZwbHg4NoLSNDbC3wKBgG7WdjZL5F
|kHV18YmhDSMVymELAmlkJNfKOh056lgLIfNxFJfIqZ2FY/k1HtblT7btuy/DTA58oeWCvV
|PTvcrnEh2TtWuKf2TSJSX0G61R6CaWzdcHHMbDvvhKlxi6k7Kgn4vf3LUbwuLso+MIz6VJ
|59DQPi32NibfNQgifc0Zn3AiEAqgVl+91OqALxNDnno/x9RhC4XfAu8sXRXqJ0TNoPTh8C
|YQEwzQOCzT8yOl8WXvITX1Ib3/+qOwY8f4EmHLcMoBQJG10m/XEzjPKsQX4NrDWVkH6lra
|tVUIDw0rkqEU12RXY/DDiuclnG7L3v525gI5O5JwJEfkrT2jk6mmNDPBsjxWIwGgMVAND9
|1uBGl9Gnf7v/mkPwYmSzfJerAgF6A4GEAAKBgGBebu9hVXc/nWoREPTTybhyoB+J3+S8If
|3kn1DWj475Z5cU4DQZjz1YUh7cXQVOT8aIhXisAWw1zoZtkEtYSC4PsuMqTkfDsU0qesm3
|5cZoinOuUyGzzwnEYqPosLvc3g0uZkg3qNuiS/vb+qaSS0EKxlQLixqdL/9gCwsI2UI/o4
|GBMH8wHwYDVR0RBBgwFoEUZGlhbmVEaEBleGFtcGxlcy5jb20wDAYDVR0TAQH/BAIwADAO
|BgNVHQ8BAf8EBAMCAwgwHwYDVR0jBBgwFoAUcEQ+gi5vh95K03XjPSC8QyuT8R8wHQYDVR
|0OBBYEFEfzT811fahSIahhNle1+Jru2zBGMAkGByqGSM44BAMDLwAwLAIUfWQeH0vz7G80
|LLLkZHCPPmrAcqICFEvqwQzxzfd6nXbKJ27QvvLYm2pt
|<DianeDHEncryptByCarl.cer
|* DianeDSSSignByCarlInherit.cer
|* Creator: [JS]
|>DianeDSSSignByCarlInherit.cer
|MIIBujCCAXmgAwIBAgICANIwCQYHKoZIzjgEAzASMRAwDgYDVQQDEwdDYXJsRFNTMB4XDT
|k5MDgxNzAyMDgxMFoXDTM5MTIzMTIzNTk1OVowEzERMA8GA1UEAxMIRGlhbmVEU1MwgZMw
|CQYHKoZIzjgEAQOBhQACgYEAoAAXeCzufoFTLi5hCA+hm1FSGtpZqHMvEiW2CMvK7ypEdo
|pSCeq9BSLVD/b9RtevmTgJDhPLTyzdHDT3HL8l/yPTO1nngpc3vjEk2BjI80k5W7fi5Sd+
|/IxFclt+Po9oTd1GeiK+jv/M2jkpoznln0PpVcnXW6aBZ8zAqs0uxSOjgYMwgYAwIAYDVR
|0RBBkwF4EVZGlhbmVEc3NAZXhhbXBsZXMuY29tMAwGA1UdEwEB/wQCMAAwDgYDVR0PAQH/
|BAQDAgbAMB8GA1UdIwQYMBaAFHBEPoIub4feStN14z0gvEMrk/EfMB0GA1UdDgQWBBRkMJ
|l9XNxFC5k6Ui8Wv1hQ3c4rGDAJBgcqhkjOOAQDAzAAMC0CFH4MDIEXtJpUssMw64rEPMJS
|Np6VAhUAxp8XwnFLrC45jT0QH5qzTbb5EaM=
|<DianeDSSSignByCarlInherit.cer
|* DianeRSASignEncryptByCarl.cer
|* Creator: [JS]
|>DianeRSASignEncryptByCarl.cer
|MIICAjCCAW+gAwIBAgIQRjRrx4AAVrwR024u1ZowkDAJBgUrDgMCHQUAMBIxEDAOBgNVBA
|MTB0NhcmxSU0EwHhcNOTkwOTE5MDEwOTE2WhcNMzkxMjMxMjM1OTU5WjATMREwDwYDVQQD
|EwhEaWFuZVJTQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA1v24wHDGTCXs6s/qfL
|uiYvrw5jI6U/+xkloX9CDhmSSCCtD2fPtEyosnBvF+JgOpdp3P7KAscJbyg0L21LcoCrv4
|v0pMGT8H26DBYB63fmf33rHDYEmsRdf4xu8INyGTR+7wczVysALE8xHDXkflCreD8dt0aW
|SLRB2VXc0owIUCAwEAAaNgMF4wDAYDVR0TAQH/BAIwADAOBgNVHQ8BAf8EBAMCBeAwHwYD
|VR0jBBgwFoAU6eCQJ6x4IHqa00zyQjdOIq6eOLswHQYDVR0OBBYEFIzzy3UOjTH21CnaRJ
|J1uP7tTzkMMAkGBSsOAwIdBQADgYEAyojHN6muJssreYIiT0oNHKcgsuBo9ULeWWuz/SXA
|ObjrwItpohZVzgZ+Jl/GXlECP5XVp/fyfSNvK6x8y2+QD0RdRCJT1UI4GMRS17irgm+str
|yp5xNENnYWIwASa299xsm+eSy5LWnTHbEduloghcpbiEY2teUOFYW34l57yho=
|<DianeRSASignEncryptByCarl.cer
|* EricaDHEncryptByCarl.cer
|* Creator: [JS]
|>EricaDHEncryptByCarl.cer
|MIIC6TCCAqigAwIBAgICANQwCQYHKoZIzjgEAzASMRAwDgYDVQQDEwdDYXJsRFNTMB4XDT
|k5MDgxNzAyMTcxNloXDTM5MTIzMTIzNTk1OVowEjEQMA4GA1UEAxMHRXJpY2FESDCCAcQw
|ggE4BgcqhkjOPgIBMIIBKwKBgQDsLM2k75omL2KnuyNN3yslwWjSnqlFWzbxlIkar30RJJ
|09uTwp6NcjgDOmnkUCu6rMnigFlaCzF3bB9yU1YQJBkicMXq5I5fNuOO+R0c83/ppAl8gt
|NZ6dk8b4Fa8/2nQ6t8STtbm7dmwfqH68OqpDCoFk/GPwe3GY+sA4eRAaMwKBgQC6C9d0Pe
|c05UwTp5WWu/HkYTcI+xLH+5yRdwaZNfBIJJYzEgF+jewL9rLAY6cVxV6VhqJzxUlGN3lg
|/XcFCUibcI08BfbORCx/fRsrFd3zBS++hSCPjfm0oEV0K/Q7nUJiNCcngY5vD15ihYnM7S
|HDkXAGVO5wqJJVW24ZIk1ipwIhAMOrSjB5s9OXTsr1on3HcKNF87OihgXSPkn5n9kKs769
|A4GFAAKBgQDRK+QdProYz3Ugxsdew8Rs6vMj2QkfRpj0zlm5ts7oOsYY+Fl3G5mw2tzAnQ
|nkr/lhkSxHzEde3yszdvNn7HfoLDcwoYld88j2XBZK5LeM9XvVOP0UrOh6wn3uB5AnCnyH
|qKLicDXqbt6eUDFr6QnaJRoBjuP/Jhx19cPOWvWehaOBgTB/MB8GA1UdEQQYMBaBFGVyaW
|NhRGhAZXhhbXBsZXMuY29tMAwGA1UdEwEB/wQCMAAwDgYDVR0PAQH/BAQDAgMIMB8GA1Ud
|IwQYMBaAFHBEPoIub4feStN14z0gvEMrk/EfMB0GA1UdDgQWBBSNUx1hVX9gNW2mNqLFk/
|ia/cB1dDAJBgcqhkjOOAQDAzAAMC0CFD5RQgjjUi6qu4+9GDhxy5iDvkeeAhUAtLMVhZkR
|BkAfQFmN1BstzYHx6Gg=
|<EricaDHEncryptByCarl.cer
Examples from seciton 3.4 (CRLs)
|* CarlDSSCRLEmpty.crl
|* Creator: [JS]
|>CarlDSSCRLEmpty.crl
|MG0wLjAJBgcqhkjOOAQDMBIxEDAOBgNVBAMTB0NhcmxEU1MXDTk5MDgyMDA3MDAwMFowCQ
|YHKoZIzjgEAwMwADAtAhRiPzYXMVguZ1B59QlLjK3Ua/RknwIVALU7TqFMe/0Pw42btv7D
|XW/eZSh9
|<CarlDSSCRLEmpty.crl
|* CarlDSSCRLForAll.crl
|* Creator: [JS]
|>CarlDSSCRLForAll.crl
|MIHYMIGZMAkGByqGSM44BAMwEjEQMA4GA1UEAxMHQ2FybERTUxcNOTkwODI3MDcwMDAwWj
|BpMBMCAgDIFw05OTA4MjIwNzAwMDBaMBMCAgDJFw05OTA4MjIwNzAwMDBaMBMCAgDTFw05
|OTA4MjIwNzAwMDBaMBMCAgDSFw05OTA4MjIwNzAwMDBaMBMCAgDUFw05OTA4MjQwNzAwMD
|BaMAkGByqGSM44BAMDLwAwLAIUfmVSdjP+NHMX0feW+aDU2G1cfT0CFAJ6W7fVWxjBz4fv
|ftok8yqDnDWh
|<CarlDSSCRLForAll.crl
|* CarlDSSCRLForCarl.crl
|* Creator: [JS]
|>CarlDSSCRLForCarl.crl
|MIGDMEQwCQYHKoZIzjgEAzASMRAwDgYDVQQDEwdDYXJsRFNTFw05OTA4MjUwNzAwMDBaMB
|QwEgIBARcNOTkwODIyMDcwMDAwWjAJBgcqhkjOOAQDAzAAMC0CFQCzH8VPej3sdtVg+d55
|IuxPsJD+lwIUWovDhLxmhxu/eYJbCl0H9rqpBSk=
|<CarlDSSCRLForCarl.crl
|* CarlRSACRLEmpty.crl
|* Creator: [JS]
|>CarlRSACRLEmpty.crl
|MIHHMDIwDQYJKoZIhvcNAQEEBQAwEjEQMA4GA1UEAxMHQ2FybFJTQRcNOTkwODIwMDcwMD
|AwWjANBgkqhkiG9w0BAQQFAAOBgQCpxSG4E3x087UR7ATzIEWGHgtuf4NtX/Q0dgZZJQ4E
|PYgJiIE3xNwgmPoXgQs3lKy0j3tRiRSky3JzFAe8IpxAoQf8RHyFDwuI0e7hDq/2FnStoa
|/BAHUAZOqlmvYLCKLblRlfpqe5OUUlCg72XoTn+LlayRjCDriglr6BOoBtyQ==
|<CarlRSACRLEmpty.crl
|* CarlRSACRLForAll.crl
|* Creator: [JS]
|>CarlRSACRLForAll.crl
|MIIBMzCBnTANBgkqhkiG9w0BAQQFADASMRAwDgYDVQQDEwdDYXJsUlNBFw05OTA4MjcwNz
|AwMDBaMGkwIQIQRjRrx4AAVrwR024uxBCzsBcNOTkwODIyMDcwMDAwWjAhAhBGNGvHgABW
|vBHTbi7VmjCQFw05OTA4MjIwNzAwMDBaMCECEEY0a8eAAFa8EdNuLs1dcdAXDTk5MDgyND
|A3MDAwMFowDQYJKoZIhvcNAQEEBQADgYEAv7OXqlPwMiEWK3eSemu7l8jc6vH6ZhYwDrWe
|XPCB1F6zbsGIa4zUXsVN+0deZvNdq+W0GDZgqE2cPInsbye/NVBxgcK5RFtiiRkSMal7mt
|PMZssR2QsQR3etTyLZ5X8w8lv8lFGlWHY7H6hGph/2od5Voe0xiGmXDwjT1AxgWx4=
|<CarlRSACRLForAll.crl
|* CarlRSACRLForCarl.crl
|* Creator: [JS]
|>CarlRSACRLForCarl.crl
|MIHsMFcwDQYJKoZIhvcNAQEEBQAwEjEQMA4GA1UEAxMHQ2FybFJTQRcNOTkwODI1MDcwMD
|AwWjAjMCECEEY0a8eAAFa8EdNuLp/yUCAXDTk5MDgyMjA3MDAwMFowDQYJKoZIhvcNAQEE
|BQADgYEAIe8h1MEahZVJa8pFYtzXCf+pUS6O2UcY+vjlct1P7XR04/NlMmUoLJodV+XVJg
|bq1eYjlYSNDome7psML84H96PRa4VMD//m3fzczXMsHn3csHHFTPwBblJXaR45Y98SIjDH
|E1WUBW4qAKlbxCpmlGLONjPCK2NHJZ3z3nDuAFY=
|<CarlRSACRLForCarl.crl
Examples from the rest of the document, by section
|* Example from section 4.1
|* Creator: [JS]
|>4.1.bin
|MIAGCSqGSIb3DQEHAaCAJIAEBFRoaXMEGCBpcyBzb21lIHNhbXBsZSBjb250ZW50LgAAAA
|AAAA==
|<4.1.bin
|* Example from section 4.2
|* Creator: [JS]
|>4.2.bin
|MCsGCSqGSIb3DQEHAaAeBBxUaGlzIGlzIHNvbWUgc2FtcGxlIGNvbnRlbnQu
|<4.2.bin
|* Example from section 5.1
|* Creator: [JS]
|>5.1.bin
|MIG3BgkqhkiG9w0BBwKggakwgaYCAQExCzAJBgUrDgMCGgUAMCsGCSqGSIb3DQEHAaAeBB
|xUaGlzIGlzIHNvbWUgc2FtcGxlIGNvbnRlbnQuMWcwZQIBATAYMBIxEDAOBgNVBAMTB0Nh
|cmxEU1MCAgDIMAkGBSsOAwIaBQAwCQYHKoZIzjgEAQQwMC0CFHCbJ32Z59IMxsUhC0viIb
|e9jUgpAhUAiywMBstKtQZLqEwOeNE7kOnRn6QA
|<5.1.bin
|* Example from section 5.2
|* Creator: [JS]
|>5.2.bin
|MIIBHgYJKoZIhvcNAQcCoIIBDzCCAQsCAQExCzAJBgUrDgMCGgUAMCsGCSqGSIb3DQEHAa
|AeBBxUaGlzIGlzIHNvbWUgc2FtcGxlIGNvbnRlbnQuMYHLMIHIAgEBMCYwEjEQMA4GA1UE
|AxMHQ2FybFJTQQIQRjRrx4AAVrwR024uxBCzsDAJBgUrDgMCGgUAMA0GCSqGSIb3DQEBAQ
|UABIGALyOC0vMJX7gMWOtOnb+JmoHldcSRPdPQ1Xu21f6UoYqs48SE9c1gTieV9s8AhnZ1
|Pyvw59QCZ6f1x40WBKWztefZMvAk7+cgRNWfB8VTJPrOAR0PFxOnKpWdK+QDlRQL6TkNus
|5unJ4M6JjmVRPUaG/QB9eisWJM44+v/eDVXcc=
|<5.2.bin
|* Example from section 5.3
|* Creator: [JS]
|>5.3.bin
|MIGXBgkqhkiG9w0BBwKggYkwgYYCAQExCzAJBgUrDgMCGgUAMAsGCSqGSIb3DQEHATFnMG
|UCAQEwGDASMRAwDgYDVQQDEwdDYXJsRFNTAgIAyDAJBgUrDgMCGgUAMAkGByqGSM44BAEE
|MDAtAhReXmtpBKJiXYtFslX5dRwSToiIIQIVAKPBSCPgCDVvJSJ6HrYUvOR1kdslAA==
|<5.3.bin
|* Example from section 5.4
|* Creator: [JS]
|>5.4.bin
|MIIIaAYJKoZIhvcNAQcCoIIIWTCCCFUCAQMxCzAJBgUrDgMCGgUAMCsGCSqGSIb3DQEHAa
|AeBBxUaGlzIGlzIHNvbWUgc2FtcGxlIGNvbnRlbnQuoIIFgTCCApswggJaoAMCAQICAQEw
|CQYHKoZIzjgEAzASMRAwDgYDVQQDEwdDYXJsRFNTMB4XDTk5MDgxNjIyNTA1MFoXDTM5MT
|IzMTIzNTk1OVowEjEQMA4GA1UEAxMHQ2FybERTUzCCAbcwggErBgcqhkjOOAQBMIIBHgKB
|gQC2SRg+ikTBKXGUTAHEEsF6ectUTasegfvGTLMOlAkG6wHUschxS8dFwFAlXZz82uRt0+
|KGSISCfboVlUoW9kbt3faY0rt+igqKuhZ7uVABSJOL6yUVUZdV3I9TDhCpUPxwt80wVP3a
|3qiqIrWhr4vMAojni3Bfua3hCNRtKS3W6QIVAN3BL99Tzgs0YHc+AqS/il2YuRDVAoGADO
|5Xm0u92rYHanQ3T1V/ne28YQ3rRlk8VgsrWwyRzqViUmnK4W0+vb/+4be5K2E8rcuuReMG
|rIwinZxEhwvHzfAc2bVOXXPerw7JHVpR9U9EeTVac6p/RlEfqUIWnEjrinlhtNUvUyJEYx
|+GuKNYBiX4KcDvuuB18ELEY2VSmwoDgYUAAoGBAJmHdCcDZqCxwK3cLHW74WxEnNohbU1H
|bbFiCenYrh7yOrSUsaOOeptxTgCUybQlTrlglhkkAfNiDP51wPvO2GgA4/3VcE/fI5YZBp
|T0sWGPOlexCBGkCyYl8FJ2geoLYg2VKuaGunKyp1CDC6onzRupTYma140YOYQ/i8VWTYB6
|o0IwQDAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBhjAdBgNVHQ4EFgQUcEQ+gi
|5vh95K03XjPSC8QyuT8R8wCQYHKoZIzjgEAwMwADAtAhRrqfBOelp54/m+PSvJBjfpEReh
|EwIVAI80aSqLsTwDeZQyTRIfzon7RrI7MIIC3jCCAp2gAwIBAgICAMgwCQYHKoZIzjgEAz
|ASMRAwDgYDVQQDEwdDYXJsRFNTMB4XDTk5MDgxNzAxMTA0OVoXDTM5MTIzMTIzNTk1OVow
|EzERMA8GA1UEAxMIQWxpY2VEU1MwggG2MIIBKwYHKoZIzjgEATCCAR4CgYEAgY3N7YPqCp
|45PsJIKKPkR5PdDteoDuxTxauECE//lOFzSH4M1vNESNH+n6+koYkv4dkwyDbeP5u/t0zc
|X2mK5HXQNwyRCJWb3qde+fz0ny/dQ6iLVPE/sAcIR01diMPDtbPjVQh11Tl2EMR4vf+dsI
|SXN/LkURu15AmWXPN+W9sCFQDiR6YaRWa4E8baj7g3IStii/eTzQKBgCY40BSJMqo5+z5t
|2UtZakx2IzkEAjVc8ssaMMMeUF3dm1nizaoFPVjAe6I2uG4Hr32KQiWn9HXPSgheSz6Q+G
|3qnMkhijt2FOnOLl2jB80jhbgvMAF8bUmJEYk2RL34yJVKU1a14vlz7BphNh8Rf8K97dFQ
|/5h0wtGBSmA5ujY5A4GEAAKBgFzjuVp1FJYLqXrd4z+p7Kxe3L23ExE0phaJKBEj2TSGZ3
|V1ExI9Q1tv5VG/+onyohs+JH09B41bY8i7RaWgSuOF1s4GgD/oI34a8iSrUxq4Jw0e7wi/
|ZhSAXGKsZfoVi/G7NNTSljf2YUeyxDKE8H5BQP1Gp2NOM/Kl4vTyg+W4o4GDMIGAMCAGA1
|UdEQQZMBeBFWFsaWNlRHNzQGV4YW1wbGVzLmNvbTAMBgNVHRMBAf8EAjAAMA4GA1UdDwEB
|/wQEAwIGwDAfBgNVHSMEGDAWgBRwRD6CLm+H3krTdeM9ILxDK5PxHzAdBgNVHQ4EFgQUvm
|yhs+PB9+1DcKTOEwHi/eOX/s0wCQYHKoZIzjgEAwMwADAtAhUAmLDGP89xR1o1qUqPwPgk
|BehGlI4CFFufSMCMocECnETq6aGHwaV/KC27oYHbMIHYMIGZMAkGByqGSM44BAMwEjEQMA
|4GA1UEAxMHQ2FybERTUxcNOTkwODI3MDcwMDAwWjBpMBMCAgDIFw05OTA4MjIwNzAwMDBa
|MBMCAgDJFw05OTA4MjIwNzAwMDBaMBMCAgDTFw05OTA4MjIwNzAwMDBaMBMCAgDSFw05OT
|A4MjIwNzAwMDBaMBMCAgDUFw05OTA4MjQwNzAwMDBaMAkGByqGSM44BAMDLwAwLAIUfmVS
|djP+NHMX0feW+aDU2G1cfT0CFAJ6W7fVWxjBz4fvftok8yqDnDWhMYIBsTCCAa0CAQOAFL
|5sobPjwfftQ3CkzhMB4v3jl/7NMAkGBSsOAwIaBQCgXTAYBgkqhkiG9w0BCQMxCwYJKoZI
|hvcNAQcBMBwGCSqGSIb3DQEJBTEPFw05OTA5MTIwMjUxNTNaMCMGCSqGSIb3DQEJBDEWBB
|RAauwIUnm6bhYCLZ4GKcAilofdSDAJBgcqhkjOOAQBBDAwLQIVALyvBHm3v0Ks67t7wtCM
|s1Mgg/G8AhRpllVd+3geledbuAVdIRII9V80KQChgeowLwYLKoZIhvcNAQkQAgQxIDAeDB
|FTTWltZSBFeGFtcGxlIDUuNAYJKoZIhvcNAQcBMIG2BgkqhkiG9w0BCQYxgagwgaUCAQEw
|GDASMRAwDgYDVQQDEwdDYXJsRFNTAgIA0jAJBgUrDgMCGgUAoD8wGAYJKoZIhvcNAQkDMQ
|sGCSqGSIb3DQEHATAjBgkqhkiG9w0BCQQxFgQUc1eRpj6IM25RMYHgEQhGjO5Q41swCQYH
|KoZIzjgEAQQvMC0CFErIQVDpInDG+/kjJaE3tj1eXmc+AhUArLqcuVaOhq4ZKdKN82tItd
|1it8c=
|<5.4.bin
|* Example from section 5.5
|* Creator: [JS]
|>5.5.bin
|MIIFDwYJKoZIhvcNAQcCoIIFADCCBPwCAQExCzAJBgUrDgMCGgUAMCsGCSqGSIb3DQEHAa
|AeBBxUaGlzIGlzIHNvbWUgc2FtcGxlIGNvbnRlbnQuoIID7TCCAeMwggFQoAMCAQICEEY0
|a8eAAFa8EdNuLp/yUCAwCQYFKw4DAh0FADASMRAwDgYDVQQDEwdDYXJsUlNBMB4XDTk5MD
|kxOTAxMDc0NloXDTM5MTIzMTIzNTk1OVowEjEQMA4GA1UEAxMHQ2FybFJTQTCBnzANBgkq
|hkiG9w0BAQEFAAOBjQAwgYkCgYEA5Ev/GLgkV/R3/25ze5NxXLwzGpKSciPYQUbQzRE6BL
|OOr4KdvVEeF3rydiwrhjmnvdeNGlPs5ADV6OyiNrHt4lDiMgmKP5+ZJY+4Tqu5fdWWZdoW
|oMW+Dq5EW+9e9Kcpy4LdrETpqpOUKQ74GNbIV17ydsTyEWA4uRs8HZfJavECAwEAAaNCME
|AwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAYYwHQYDVR0OBBYEFOngkCeseCB6
|mtNM8kI3TiKunji7MAkGBSsOAwIdBQADgYEAK3G0t2xOCMLqqT1S3nd2nUD3JnBfMKwGeA
|qbxyJVw3Jqhp7DVEACU4VhddkPNXG+105LtreMAM4VMjhwmzzucgoij7EbPNC9lxXH61Ix
|4VGhPVry6pChmd2L/RgMLIrEiWJ/a2mz8r/exUTj0eGGdFc0aHOQBvqsa5aeX4CQO7wwgg
|ICMIIBb6ADAgECAhBGNGvHgABWvBHTbi7EELOwMAkGBSsOAwIdBQAwEjEQMA4GA1UEAxMH
|Q2FybFJTQTAeFw05OTA5MTkwMTA4NDdaFw0zOTEyMzEyMzU5NTlaMBMxETAPBgNVBAMTCE
|FsaWNlUlNBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDgiXM5jdj19eiHdjl/TrAF
|u1OD3g+3q9x9x3UpDQUubRLfpoYm1NJvqlgp/Jfs+oJRDzCAvrFQnkZE8Sy72DLPxmhvB9
|mwYKy+7jQJahP19wUFk99eujVW2WH/GX/Jgeb4bOqHQHDvrG0sdJ8t+lU6uZl3AqZIUoxO
|81c4V3RXXwIDAQABo2AwXjAMBgNVHRMBAf8EAjAAMA4GA1UdDwEB/wQEAwIGwDAfBgNVHS
|MEGDAWgBTp4JAnrHggeprTTPJCN04irp44uzAdBgNVHQ4EFgQUd9K00bdMioqjzkWdzuw8
|oDrj/1AwCQYFKw4DAh0FAAOBgQC/NDLm/GqIQX3wXJmhk7dJtwJSHsuErJPXWCsAoZzESE
|iZ3QLDxgX40iXxo5zJMwGKdg5vd0Ojv+Hms2oEeTnu4enlnVAHiyLcElDj87Q9nuWTnrHN
|M/ngq5hxCfjrsPyc7PGI2K4D0f5g4WIUsaIj0siNGB9e7ptyAifChT0ELjGByzCByAIBAT
|AmMBIxEDAOBgNVBAMTB0NhcmxSU0ECEEY0a8eAAFa8EdNuLsQQs7AwCQYFKw4DAhoFADAN
|BgkqhkiG9w0BAQEFAASBgC8jgtLzCV+4DFjrTp2/iZqB5XXEkT3T0NV7ttX+lKGKrOPEhP
|XNYE4nlfbPAIZ2dT8r8OfUAmen9ceNFgSls7Xn2TLwJO/nIETVnwfFUyT6zgEdDxcTpyqV
|nSvkA5UUC+k5DbrObpyeDOiY5lUT1Ghv0AfXorFiTOOPr/3g1V3H
|<5.5.bin
|* Example from section 5.6
|* Creator: [JS]
|>5.6.bin
|MIIBIQYJKoZIhvcNAQcCoIIBEjCCAQ4CAQExCzAJBgUrDgMCGgUAMCsGCSqGSIb3DQEHAa
|AeBBxUaGlzIGlzIHNvbWUgc2FtcGxlIGNvbnRlbnQuMYHOMGUCAQEwGDASMRAwDgYDVQQD
|EwdDYXJsRFNTAgIAyDAJBgUrDgMCGgUAMAkGByqGSM44BAEEMDAsAhQBGkm6dbCnYjb86X
|2u98VXAoaYjgIUbRuovVEQUSbziZbmuPGvXlXdPSEAADBlAgEBMBgwEjEQMA4GA1UEAxMH
|Q2FybERTUwICANIwCQYFKw4DAhoFADAJBgcqhkjOOAQBBDAwLQIVAM+G8VRw461aVOz+88
|/1DI6eomR/AhRhGp0ZMUegMqegJ9ORA8QH4HKNjgA=
|<5.6.bin
|* Example from section 5.7
|* Creator: [JS]
|>5.7.bin
|MIGzBgkqhkiG9w0BBwKggaUwgaICAQMxCzAJBgUrDgMCGgUAMCsGCSqGSIb3DQEHAaAeBB
|xUaGlzIGlzIHNvbWUgc2FtcGxlIGNvbnRlbnQuMWMwYQIBA4AUvmyhs+PB9+1DcKTOEwHi
|/eOX/s0wCQYFKw4DAhoFADAJBgcqhkjOOAQBBDAwLQIUT/ZitsqN1syoqMqaycuWliwd2o
|8CFQC34p0GHvgiXpP+C6a/8Dwp7RWFgwA=
|<5.7.bin
|* Example from section 5.8
|* Creator: [JS]
|>5.8.eml
|TUlNRS1WZXJzaW9uOiAxLjANCkNvbnRlbnQtVHlwZTogbXVsdGlwYXJ0L3NpZ25lZDsNCg
|lwcm90b2NvbD0iYXBwbGljYXRpb24veC1wa2NzNy1zaWduYXR1cmUiOw0KCW1pY2FsZz1T
|SEExOw0KCWJvdW5kYXJ5PSItLS0tPV9OZXh0UGFydF8wMDBfMDAwMF8wMUJFRjhCOC40Rj
|dENUY4MCINCg0KLS0tLS0tPV9OZXh0UGFydF8wMDBfMDAwMF8wMUJFRjhCOC40RjdENUY4
|MA0KDQpUaGlzIGlzIHNvbWUgc2FtcGxlIGNvbnRlbnQuDQotLS0tLS09X05leHRQYXJ0Xz
|AwMF8wMDAwXzAxQkVGOEI4LjRGN0Q1RjgwDQpDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9u
|L3gtcGtjczctc2lnbmF0dXJlOw0KCW5hbWU9InNtaW1lLnA3cyINCkNvbnRlbnQtVHJhbn
|NmZXItRW5jb2Rpbmc6IGJhc2U2NA0KQ29udGVudC1EaXNwb3NpdGlvbjogYXR0YWNobWVu
|dDsNCglmaWxlbmFtZT0ic21pbWUucDdzIg0KDQpNSUdYQmdrcWhraUc5dzBCQndLZ2dZa3
|dnWVlDQVFFeEN6QUpCZ1VyRGdNQ0dnVUFNQXNHQ1NxR1NJYjNEUUVIQVRGbk1HVUNBUUV3
|R0RBUw0KTVJBd0RnWURWUVFERXdkRFlYSnNSRk5UQWdJQXlEQUpCZ1VyRGdNQ0dnVUFNQW
|tHQnlxR1NNNDRCQUVFTURBdEFoUmVYbXRwQktKaVhZdEYNCnNsWDVkUndTVG9pSUlRSVZB
|S1BCU0NQZ0NEVnZKU0o2SHJZVXZPUjFrZHNsQUE9PQ0KDQotLS0tLS09X05leHRQYXJ0Xz
|AwMF8wMDAwXzAxQkVGOEI4LjRGN0Q1RjgwLS0NCg==
|<5.8.eml
|* Example from section 5.9
|* Creator: [JS]
|>5.9.eml
|U3ViamVjdDogRXhhbXBsZSA1LjkNCk1JTUUtVmVyc2lvbjogMS4wDQpDb250ZW50LVR5cG
|U6IGFwcGxpY2F0aW9uL3BrY3M3LW1pbWU7IG5hbWU9InNtaW1lLnA3bSI7IHNtaW1lLXR5
|cGU9c2lnbmVkLWRhdGENCkNvbnRlbnQtVHJhbnNmZXItRW5jb2Rpbmc6IGJhc2U2NA0KQ2
|9udGVudC1EaXNwb3NpdGlvbjogYXR0YWNobWVudDsgZmlsZW5hbWU9InNtaW1lLnA3bSIN
|Cg0KTUlHM0Jna3Foa2lHOXcwQkJ3S2dnYWt3Z2FZQ0FRRXhDekFKQmdVckRnTUNHZ1VBTU
|NzR0NTcUdTSWIzRFFFSEFhQWVCQnhVYUdseklHbHoNCklITnZiV1VnYzJGdGNHeGxJR052
|Ym5SbGJuUXVNV2N3WlFJQkFUQVlNQkl4RURBT0JnTlZCQU1UQjBOaGNteEVVMU1DQWdESU
|1Ba0dCU3NPDQpBd0lhQlFBd0NRWUhLb1pJempnRUFRUXdNQzBDRkhDYkozMlo1OUlNeHNV
|aEMwdmlJYmU5alVncEFoVUFpeXdNQnN0S3RRWkxxRXdPZU5FNw0Ka09uUm42UUENCg==
|<5.9.eml
|* Example from section 6.1
|* Creator: [JS]
|>6.1.bin
|MIIBYwYJKoZIhvcNAQcDoIIBVDCCAVACAQIxggEEoYIBAAIBA6CBlqGBkzAJBgcqhkjOPg
|IBA4GFAAKBgQDCpFbngGwR7EgB9w76sCDSnG8xLIX4SpyyuLoXtvUoMbyyXlPTjMm143kg
|jwPlZ39OAmouwmd/cZpEC+zAfRlv7l8u1TIA1HzCFlZ+7a9o3QxzaJU2zlxRrS4gZNAeO8
|hXPWVAuBrNbafLHJ7Fg3Nm3dKG7uGc7bGdMDJBTFI9GDAaBgcqhkjOPgIBMA8GCyqGSIb3
|DQEJEAMGBQAwRjBEMBgwEjEQMA4GA1UEAxMHQ2FybERTUwICAMkEKFFGV0E0HNbHzTZLpJ
|O3FuYu8FgknG1L6ZCLD0a45ZMZ/3zwVk1P+vUwQwYJKoZIhvcNAQcBMBQGCCqGSIb3DQMH
|BAju8h/ugAjOaoAgnrtsnrgUQyzLspCOpH2K2K6WiHMIgJU+0d/oL0/cc5g=
|<6.1.bin
|* Example from section 6.2
|* Creator: [JS]
|>6.2.bin
|MIAGCSqGSIb3DQEHA6CAMIACAQAxgcAwgb0CAQAwJjASMRAwDgYDVQQDEwdDYXJsUlNBAh
|BGNGvHgABWvBHTbi7NXXHQMA0GCSqGSIb3DQEBAQUABIGAxcCPZxKcEElJFF2A1iRQWThB
|XLdbsAsSFc1UgI5io6/RFSmmbLXAMvc5XwwvMpBlXOPVK1X2ITcJWpq0ltSWIEkGk2fqC8
|EgPV2yY36M+Ynzn78eGe02BIMFihVakqSKtD6JwWk1DXS3gX8Cy3rXZVEFFbZ4D/K0gPdg
|eit1iOkwgAYJKoZIhvcNAQcBMBQGCCqGSIb3DQMHBAj0z/pDdDkS9KCABIGwG86612X7vG
|AFlWVCP2DbLXjF8n+TNJXiYvOZPtiiy8jlUBDYRc0n74M7O7BB5tcq3ldTrxCXH4k9ape4
|v+FyK/DWm+UJ1GvW9Lr/UGo88BaM3fQ05YXMqQMe3uNxGX+JnSctcZNTqMwVeVgVNsNTey
|JRrY8xq2A6HLdlWl+QFnsrXR4KtNWhZJPdT00xgYSAYMNWmcyhwMiuEJ5MyF7wGKkyMACT
|Env8FL981HS0sGwAAAAAAAAAAAAA
|<6.2.bin
|* Example from section 6.3
|* Creator: [JS]
|>6.3.bin
|MIAGCSqGSIb3DQEHA6CAMIACAQAxgcAwgb0CAQAwJjASMRAwDgYDVQQDEwdDYXJsUlNBAh
|BGNGvHgABWvBHTbi7NXXHQMA0GCSqGSIb3DQEBAQUABIGAhAB4rKlq+e2+J3+hRf5zSwVU
|FNffmycRaJfmMnaj1ki0TeQVsL+oWB9d8lwwqOnHY+SVtKsqNj5pnFkNZ1/yghUhexo7WW
|iq8bDGjNsOslTcM9Fk0UypdAgUEYoWdGo68DM1HDRwM78KxkSRyLEhvLGjZd0UvAXX4ufc
|fzpZfh8wgAYJKoZIhvcNAQcBMBoGCCqGSIb3DQMCMA4CAgCgBAicBNIZLipVoaCABIGwjo
|cuIuQwYZuWzOqtDNbXAxsUYDeLGoAsEk92t3Z34geEMwvMZetbMpto84ZtfbGiRBAdwBTh
|8sbxKBe6htUvbTffguvRLSSAcWJNDahpEKnhRXWGTauDYVtwfW3CXfOAMdNw/XMtdU2TVJ
|86qKjcMDT9STaIlzdPJA/7AyJMZOoz68XGI4cBchNv52I9EmIN+0SIMiSRBUaNDgA5ihSK
|yhlYS4+9uzWJr/mZFpHw570AAAAAAAAAAAAA
|<6.3.bin
|* Example from section 6.4
|* Creator: [JS]
|>6.4.bin
|MIICZwYJKoZIhvcNAQcDoIICWDCCAlQCAQIxggIIoYIBAAIBA6CBlqGBkzAJBgcqhkjOPg
|IBA4GFAAKBgAPKBS54Y4aVfcbjOAgz014G+8WY+t5mQi5vuzVHc+5/Q4KDDI3vH2GPUsZc
|u4VGCc0KHnVEUay4q4WIxrMGl8lHsopWVYu+0zzJOvCo1Uw6VhmbZXXpKxRm2LtmcC5kRk
|G9M+FQ+NXKpXRqCQHTbXSFITNTq8I9KghAz/msLffQADAaBgcqhkjOPgIBMA8GCyqGSIb3
|DQEJEAMGBQAwRjBEMBgwEjEQMA4GA1UEAxMHQ2FybERTUwICANMEKIgkfFJzwwL/24lJCA
|697g5JGEcZtJVfFhK57TRPmWsvyo6Uh1ZmCFGhggEAAgEDoIGWoYGTMAkGByqGSM4+AgED
|gYUAAoGAXFhyPsZokQ/46wfrwUZgE0t61OWsYQxn0Q0Kq+iBMSVqtebz71Od51G1HaTjOM
|frldmA2IVldhL7ep7ysT84H+ryfGEmY3OqIuL9FZqcFzFYDE6g3oSJt4FwYj6bRUetufyU
|laWZ9IaNC8507HHcyqZxNzEBTIwBWYxJrvz7ZOoAMBoGByqGSM4+AgEwDwYLKoZIhvcNAQ
|kQAwYFADBGMEQwGDASMRAwDgYDVQQDEwdDYXJsRFNTAgIAyQQoOSoW0SErcjgMQAFVoRcZ
|BL79JJsz5Ry8xdh7p0UV0lvlWgmlIhh73zBDBgkqhkiG9w0BBwEwFAYIKoZIhvcNAwcECB
|PjQZyFMBUfgCC6j3HZyJLO1Ain9XORKW3hMwjexFjConvwmksGRO/W5Q==
|<6.4.bin
|* Example from section 6.5
|* Creator: [JS]
|>6.5.bin
|MIIBqgYJKoZIhvcNAQcDoIIBmzCCAZcCAQIxggFLoYIBRwIBA6CBlqGBkzAJBgcqhkjOPg
|IBA4GFAAKBgB5vuElZhqnuNBcpvKBahFGrzppBOLYpp3xJJI2DpqD4LJobHamGZGKJS/lb
|NZMMNtP3BlHVSl6t3HbS7VNGGtQKhFsmp9BMmtYkoZ660iEwe0XFNswrSk8Zdw1IInlm2e
|tRSlo7XSXl+lh5D1NJGx/p+XlzDbxJYe3bTYFnnmioADAaBgcqhkjOPgIBMA8GCyqGSIb3
|DQEJEAMGBQAwgYwwRDAYMBIxEDAOBgNVBAMTB0NhcmxEU1MCAgDJBCj/IIORXxDPOIDfUC
|BGwzA7fSvj28EYB+MHhStsqyYHuSzl3YlAfenVMEQwGDASMRAwDgYDVQQDEwdDYXJsRFNT
|AgIA1AQovxPCSqLUCGorYEq4oW0xQ/drrjVkI9DmgHm+XyUsUeO5DkTzg3m0DjBDBgkqhk
|iG9w0BBwEwFAYIKoZIhvcNAwcECCPff9s9mAD4gCB0KQIzTVEuxMWuMth/mwHr0s3CMgqq
|kI2pkfMhMo5Odg==
|<6.5.bin
|* Example from section 6.6
|* Creator: [JS]
|>6.6.eml
|U3ViamVjdDogVGVzdCBzdWJqZWN0DQpNSU1FLVZlcnNpb246IDEuMA0KQ29udGVudC1UeX
|BlOiBhcHBsaWNhdGlvbi94LXBrY3M3LW1pbWU7DQoJbmFtZT0ic21pbWUucDdtIjsNCglz
|bWltZS10eXBlPWVudmVsb3BlZC1kYXRhDQpDb250ZW50LVRyYW5zZmVyLUVuY29kaW5nOi
|BiYXNlNjQNCkNvbnRlbnQtRGlzcG9zaXRpb246IGF0dGFjaG1lbnQ7DQoJZmlsZW5hbWU9
|InNtaW1lLnA3bSINClgtTWltZU9MRTogUHJvZHVjZWQgQnkgTWljcm9zb2Z0IE1pbWVPTE
|UgVjUuMDAuMjExNS4zMDANCg0KTUlBR0NTcUdTSWIzRFFFSEE2Q0FNSUFDQVFJeGdnRmRv
|WUlCQkFJQkE2Q0JsYUdCa2pBSkJnY3Foa2pPUGdJQkE0R0VBQUtCZ0UzNA0KOE84V1lrYi
|ttaDlKeXdJbUlKMWowUElqODRTbnBLY2xxTzMxRWNTY1p6a1NpUVFQK2dxcGhJbWZFd0lH
|aDdQN3l3dW9GdXhkb3Q4Qw0KMlgvbkR1YmhycktJbUczWjk2aC9GQWg2L3JnQTZQMTByMn
|llc1YxUXZxZkdnWUJoOStvOXpxL1MxK1E4c3NGSDlqMW5aelRMTEwzcg0Kckc4VzR6dG11
|NHFYK1E4OU1COEdDeXFHU0liM0RRRUpFQU1GTUJBR0N5cUdTSWIzRFFFSkVBTUhBZ0U2TU
|VZd1JEQVlNQkl4RURBTw0KQmdOVkJBTVRCME5oY214RVUxTUNBZ0RKQkNoVEV2L0lpWWI1
|OGZKcEJjMU1RQUoxRlNHMzNMZEZicFJxOFFpck1VMTJKaUhkOXFBSg0Kamo5Q29sTUNBUV
|F3RXdRUlRXRnBiRXhwYzNSVWNtbHdiR1ZFUlZNd0R3WUxLb1pJaHZjTkFRa1FBd1lGQUFR
|by9KVjI1cWlwc2xidQ0KdWJaRExzbEVCOTNZNHJHdE9KSHB5bU51K3U1RmU3YnB5cFZ0an
|c0VldqQ0FCZ2txaGtpRzl3MEJCd0V3R1FZSUtvWklodmNOQXdJdw0KRFFJQk9nUUlqM2hQ
|OUZnMnlFcWdnQVFnNGxZTE9nbjBOdU9yU0FMTHZ0TjROemVWdFlKMDdoc1cyT1o3RnFRTm
|11b0FBQUFBQUFBQQ0KQUFBQQ0K
|<6.6.eml
|* Example from section 7.0
|* Creator: [JS]
|>7.0.bin
|MFoGCSqGSIb3DQEHBaBNMEsCAQAwBwYFKw4DAhowJwYJKoZIhvcNAQcBoBoEGFRoaXMgc2
|9tZSBzYW1wZSBjb250ZW50LgQUQGrsCFJ5um4WAi2eBinAIpaH3Ug=
|<7.0.bin
|* Example from section 8.0
|* Creator: [JS]
|>8.0.bin
|MFcGCSqGSIb3DQEHBqBKMEgCAQAwQwYJKoZIhvcNAQcBMBQGCCqGSIb3DQMHBAiza2v7Yj
|EIToAg12/RF4+9AvhCMfXB0qL3SkFZSClk9nUkglQiPa+a+OQ=
|<8.0.bin
D. Acknowledgments
The following people contributed ideas and/or examples to this The following people contributed ideas and/or examples to this
document. They are listed by their real names, with the initials used document. They are listed by their real names, with the initials used
in the examples after their names. in the examples after their names.
Blake Ramsdell [BR] Blake Ramsdell [BR]
Paul Hoffman [PH] Paul Hoffman [PH]
Jim Schaad [JS] Jim Schaad [JS]
. . . . . .
The examples are displayed with a modified version of Peter Gutmann's The examples are displayed with a modified version of Peter Gutmann's
"dumpasn1" program. "dumpasn1" program. Peter and Jim Schaad and Blake Ramsdell have been
updating the program based on input from the process of writing this
D. Differences between -00 and -01 draft.
Title, Abstract, Intro: Added examples of S/MIME messages (including
the MIME) and ESS messages to the general description.
3.2: Changed Diane's RSA key to be for both signing and encrypting.
Added Erica's DH keys, which share Bob's parameters.
3.3: Changed Alice's DSS cert to explicitly not inherit Carl's DSS
parameters. Changed Diane's DSS cert to explicitly inherit Carl's DSS
parameters. Changed Diane's RSA cert to be for both signing and
encrypting. Gave Erica a DH cert.
5.6, 5.7, 5.8: Renumbered to 5.5, 5.6, 5.7. E. Differences between -01 and -02
5.8, 5.9: New examples of signed S/MIME messages. Added a whole bunch of examples, all from Jim Schaad. Andrew
Farrell and Blake Ramsdell had contributed some earlier examples
of keys and certs.
6.4: Removed the keys that were used in only that section. 3. Added Erica.
6.8: New example of encrypted S/MIME message. 3.2: Added DianePrivDHEncrypt and DianePrivDSSSign.
10: Added entire section. 11.2 and 11.3: Made the receipts come from Diane.
11: Added entire section. B.2: Added binmode because Windows is stupid about I/O.
12: Added entire section. Renumbered the appendixes.
E. Editor's Address F. Editor's Address
Paul Hoffman Paul Hoffman
Internet Mail Consortium Internet Mail Consortium
127 Segre Place 127 Segre Place
Santa Cruz, CA 95060 USA Santa Cruz, CA 95060 USA
phoffman@imc.org phoffman@imc.org
 End of changes. 

This html diff was produced by rfcdiff 1.23, available from http://www.levkowetz.com/ietf/tools/rfcdiff/