draft-ietf-lamps-samples-03.txt   draft-ietf-lamps-samples-04.txt 
lamps D.K. Gillmor, Ed. lamps D.K. Gillmor, Ed.
Internet-Draft ACLU Internet-Draft ACLU
Intended status: Informational 14 May 2021 Intended status: Informational 18 May 2021
Expires: 15 November 2021 Expires: 19 November 2021
S/MIME Example Keys and Certificates S/MIME Example Keys and Certificates
draft-ietf-lamps-samples-03 draft-ietf-lamps-samples-04
Abstract Abstract
The S/MIME development community benefits from sharing samples of The S/MIME development community benefits from sharing samples of
signed or encrypted data. This document facilitates such signed or encrypted data. This document facilitates such
collaboration by defining a small set of X.509v3 certificates and collaboration by defining a small set of X.509v3 certificates and
keys for use when generating such samples. keys for use when generating such samples.
Status of This Memo Status of This Memo
skipping to change at page 1, line 33 skipping to change at page 1, line 33
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at https://datatracker.ietf.org/drafts/current/. Drafts is at https://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on 15 November 2021. This Internet-Draft will expire on 19 November 2021.
Copyright Notice Copyright Notice
Copyright (c) 2021 IETF Trust and the persons identified as the Copyright (c) 2021 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents (https://trustee.ietf.org/ Provisions Relating to IETF Documents (https://trustee.ietf.org/
license-info) in effect on the date of publication of this document. license-info) in effect on the date of publication of this document.
Please review these documents carefully, as they describe your rights Please review these documents carefully, as they describe your rights
skipping to change at page 2, line 30 skipping to change at page 2, line 30
3.1. RSA Certification Authority Root Certificate . . . . . . 7 3.1. RSA Certification Authority Root Certificate . . . . . . 7
3.2. RSA Certification Authority Secret Key . . . . . . . . . 8 3.2. RSA Certification Authority Secret Key . . . . . . . . . 8
3.3. RSA Certification Authority Cross-signed Certificate . . 9 3.3. RSA Certification Authority Cross-signed Certificate . . 9
4. Alice's Sample Certificates . . . . . . . . . . . . . . . . . 10 4. Alice's Sample Certificates . . . . . . . . . . . . . . . . . 10
4.1. Alice's Signature Verification End-Entity Certificate . . 10 4.1. Alice's Signature Verification End-Entity Certificate . . 10
4.2. Alice's Signing Private Key Material . . . . . . . . . . 11 4.2. Alice's Signing Private Key Material . . . . . . . . . . 11
4.3. Alice's Encryption End-Entity Certificate . . . . . . . . 12 4.3. Alice's Encryption End-Entity Certificate . . . . . . . . 12
4.4. Alice's Decryption Private Key Material . . . . . . . . . 13 4.4. Alice's Decryption Private Key Material . . . . . . . . . 13
4.5. PKCS12 Object for Alice . . . . . . . . . . . . . . . . . 14 4.5. PKCS12 Object for Alice . . . . . . . . . . . . . . . . . 14
5. Bob's Sample . . . . . . . . . . . . . . . . . . . . . . . . 17 5. Bob's Sample . . . . . . . . . . . . . . . . . . . . . . . . 17
5.1. Bob's Signature Verification End-Entity Certificate . . . 18 5.1. Bob's Signature Verification End-Entity Certificate . . . 17
5.2. Bob's Signing Private Key Material . . . . . . . . . . . 18 5.2. Bob's Signing Private Key Material . . . . . . . . . . . 18
5.3. Bob's Encryption End-Entity Certificate . . . . . . . . . 19 5.3. Bob's Encryption End-Entity Certificate . . . . . . . . . 19
5.4. Bob's Decryption Private Key Material . . . . . . . . . . 20 5.4. Bob's Decryption Private Key Material . . . . . . . . . . 20
5.5. PKCS12 Object for Bob . . . . . . . . . . . . . . . . . . 21 5.5. PKCS12 Object for Bob . . . . . . . . . . . . . . . . . . 21
6. Example Ed25519 Certification Authority . . . . . . . . . . . 24 6. Example Ed25519 Certification Authority . . . . . . . . . . . 24
6.1. Ed25519 Certification Authority Root Certificate . . . . 25 6.1. Ed25519 Certification Authority Root Certificate . . . . 24
6.2. Ed25519 Certification Authority Secret Key . . . . . . . 25 6.2. Ed25519 Certification Authority Secret Key . . . . . . . 25
6.3. Ed25519 Certification Authority Cross-signed 6.3. Ed25519 Certification Authority Cross-signed
Certificate . . . . . . . . . . . . . . . . . . . . . . . 25 Certificate . . . . . . . . . . . . . . . . . . . . . . . 25
7. Carlos's Sample Certificates . . . . . . . . . . . . . . . . 26 7. Carlos's Sample Certificates . . . . . . . . . . . . . . . . 26
7.1. Carlos's Signature Verification End-Entity Certificate . 26 7.1. Carlos's Signature Verification End-Entity Certificate . 26
7.2. Carlos's Signing Private Key Material . . . . . . . . . . 27 7.2. Carlos's Signing Private Key Material . . . . . . . . . . 27
7.3. Carlos's Encryption End-Entity Certificate . . . . . . . 27 7.3. Carlos's Encryption End-Entity Certificate . . . . . . . 27
7.4. Carlos's Decryption Private Key Material . . . . . . . . 27 7.4. Carlos's Decryption Private Key Material . . . . . . . . 27
7.5. PKCS12 Object for Carlos . . . . . . . . . . . . . . . . 28 7.5. PKCS12 Object for Carlos . . . . . . . . . . . . . . . . 28
8. Dana's Sample Certificates . . . . . . . . . . . . . . . . . 29 8. Dana's Sample Certificates . . . . . . . . . . . . . . . . . 29
8.1. Dana's Signature Verification End-Entity Certificate . . 29 8.1. Dana's Signature Verification End-Entity Certificate . . 29
8.2. Dana's Signing Private Key Material . . . . . . . . . . . 29 8.2. Dana's Signing Private Key Material . . . . . . . . . . . 30
8.3. Dana's Encryption End-Entity Certificate . . . . . . . . 30 8.3. Dana's Encryption End-Entity Certificate . . . . . . . . 30
8.4. Dana's Decryption Private Key Material . . . . . . . . . 30 8.4. Dana's Decryption Private Key Material . . . . . . . . . 30
8.5. PKCS12 Object for Dana . . . . . . . . . . . . . . . . . 30 8.5. PKCS12 Object for Dana . . . . . . . . . . . . . . . . . 31
9. Security Considerations . . . . . . . . . . . . . . . . . . . 32 9. Security Considerations . . . . . . . . . . . . . . . . . . . 32
10. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 32 10. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 32
11. Document Considerations . . . . . . . . . . . . . . . . . . . 32 11. Document Considerations . . . . . . . . . . . . . . . . . . . 32
11.1. Document History . . . . . . . . . . . . . . . . . . . . 32 11.1. Document History . . . . . . . . . . . . . . . . . . . . 33
11.1.1. Substantive Changes from draft-ietf-*-02 to 11.1.1. Substantive Changes from draft-ietf-*-03 to
draft-ietf-*-03 . . . . . . . . . . . . . . . . . . . 32 draft-ietf-*-04 . . . . . . . . . . . . . . . . . . . 33
11.1.2. Substantive Changes from draft-ietf-*-01 to 11.1.2. Substantive Changes from draft-ietf-*-02 to
draft-ietf-*-02 . . . . . . . . . . . . . . . . . . . 32 draft-ietf-*-03 . . . . . . . . . . . . . . . . . . . 33
11.1.3. Substantive Changes from draft-ietf-*-00 to 11.1.3. Substantive Changes from draft-ietf-*-01 to
draft-ietf-*-02 . . . . . . . . . . . . . . . . . . . 33
11.1.4. Substantive Changes from draft-ietf-*-00 to
draft-ietf-*-01 . . . . . . . . . . . . . . . . . . . 33 draft-ietf-*-01 . . . . . . . . . . . . . . . . . . . 33
11.1.4. Substantive Changes from draft-dkg-*-05 to 11.1.5. Substantive Changes from draft-dkg-*-05 to
draft-ietf-*-00 . . . . . . . . . . . . . . . . . . . 33 draft-ietf-*-00 . . . . . . . . . . . . . . . . . . . 33
11.1.5. Substantive Changes from draft-dkg-*-04 to 11.1.6. Substantive Changes from draft-dkg-*-04 to
draft-dkg-*-05 . . . . . . . . . . . . . . . . . . . 33 draft-dkg-*-05 . . . . . . . . . . . . . . . . . . . 33
11.1.6. Substantive Changes from draft-dkg-*-03 to 11.1.7. Substantive Changes from draft-dkg-*-03 to
draft-dkg-*-04 . . . . . . . . . . . . . . . . . . . 33 draft-dkg-*-04 . . . . . . . . . . . . . . . . . . . 33
11.1.7. Substantive Changes from draft-dkg-*-02 to 11.1.8. Substantive Changes from draft-dkg-*-02 to
draft-dkg-*-03 . . . . . . . . . . . . . . . . . . . 33 draft-dkg-*-03 . . . . . . . . . . . . . . . . . . . 34
11.1.8. Substantive Changes from draft-dkg-*-01 to 11.1.9. Substantive Changes from draft-dkg-*-01 to
draft-dkg-*-02 . . . . . . . . . . . . . . . . . . . 33 draft-dkg-*-02 . . . . . . . . . . . . . . . . . . . 34
11.1.9. Substantive Changes from draft-dkg-*-00 to 11.1.10. Substantive Changes from draft-dkg-*-00 to
draft-dkg-*-01 . . . . . . . . . . . . . . . . . . . 33 draft-dkg-*-01 . . . . . . . . . . . . . . . . . . . 34
12. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 33 12. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 34
13. References . . . . . . . . . . . . . . . . . . . . . . . . . 34 13. References . . . . . . . . . . . . . . . . . . . . . . . . . 34
13.1. Normative References . . . . . . . . . . . . . . . . . . 34 13.1. Normative References . . . . . . . . . . . . . . . . . . 34
13.2. Informative References . . . . . . . . . . . . . . . . . 35 13.2. Informative References . . . . . . . . . . . . . . . . . 35
Author's Address . . . . . . . . . . . . . . . . . . . . . . . . 36 Author's Address . . . . . . . . . . . . . . . . . . . . . . . . 36
1. Introduction 1. Introduction
The S/MIME ([RFC8551]) development community, in particular the The S/MIME ([RFC8551]) development community, in particular the
e-mail development community, benefits from sharing samples of signed e-mail development community, benefits from sharing samples of signed
and/or encrypted data. Often the exact key material used does not and/or encrypted data. Often the exact key material used does not
skipping to change at page 8, line 7 skipping to change at page 8, line 7
* Name: "Sample LAMPS RSA Certification Authority" * Name: "Sample LAMPS RSA Certification Authority"
3.1. RSA Certification Authority Root Certificate 3.1. RSA Certification Authority Root Certificate
This cerificate is used to verify certificates issued by the example This cerificate is used to verify certificates issued by the example
RSA Certification Authority. RSA Certification Authority.
-----BEGIN CERTIFICATE----- -----BEGIN CERTIFICATE-----
MIIDezCCAmOgAwIBAgITcBn0xb/zdaeCQlqp6yZUAGZUCDANBgkqhkiG9w0BAQ0F MIIDezCCAmOgAwIBAgITcBn0xb/zdaeCQlqp6yZUAGZUCDANBgkqhkiG9w0BAQ0F
ADBVMTEwLwYDVQQDEyhTYW1wbGUgTEFNUFMgUlNBIENlcnRpZmljYXRpb24gQXV0 ADBVMQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQLEwhMQU1QUyBXRzExMC8GA1UEAxMo
aG9yaXR5MREwDwYDVQQLEwhMQU1QUyBXRzENMAsGA1UEChMESUVURjAgFw0xOTEx U2FtcGxlIExBTVBTIFJTQSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAgFw0xOTEx
MjAwNjU0MThaGA8yMDUyMDkyNzA2NTQxOFowVTExMC8GA1UEAxMoU2FtcGxlIExB MjAwNjU0MThaGA8yMDUyMDkyNzA2NTQxOFowVTENMAsGA1UEChMESUVURjERMA8G
TVBTIFJTQSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTERMA8GA1UECxMITEFNUFMg A1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNhbXBsZSBMQU1QUyBSU0EgQ2VydGlm
V0cxDTALBgNVBAoTBElFVEYwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB aWNhdGlvbiBBdXRob3JpdHkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
AQC2GGPTEFVNdi0LsiQ79A0Mz2G+LRJlbX2vNo8STibAnyQ9VzFrGJHjUhRX/Omr AQC2GGPTEFVNdi0LsiQ79A0Mz2G+LRJlbX2vNo8STibAnyQ9VzFrGJHjUhRX/Omr
OP3rDCB2SYfBPVwd0CdC6z9qfJkcVxDc1hK+VS9vKncL0IPUYlkJwWuMpXa1Ielz OP3rDCB2SYfBPVwd0CdC6z9qfJkcVxDc1hK+VS9vKncL0IPUYlkJwWuMpXa1Ielz
+zCuV+gjV83Uvn6wTn39MCmymu7nFPzihcuOnbMYOCdMmUbi1Dm8TX9P6itFR3hi +zCuV+gjV83Uvn6wTn39MCmymu7nFPzihcuOnbMYOCdMmUbi1Dm8TX9P6itFR3hi
IHpSKMbkoXlM1837WaFfx57kBIoIuNjKEyPIuK9wGUAeppc5QAHJg95PPEHNHlmM IHpSKMbkoXlM1837WaFfx57kBIoIuNjKEyPIuK9wGUAeppc5QAHJg95PPEHNHlmM
yhBzClmgkyozRSeSrkxq9XeJKU94lWGaZ0zb4karCur/eiMoCk3YNV8L3styvcMG yhBzClmgkyozRSeSrkxq9XeJKU94lWGaZ0zb4karCur/eiMoCk3YNV8L3styvcMG
1qUDCAaKx6FZEf7hE9RN6L3bAgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYD 1qUDCAaKx6FZEf7hE9RN6L3bAgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYD
VR0PAQH/BAQDAgEGMB0GA1UdDgQWBBSRMI58BxcMp/EJKGU2GmccaHb0WTANBgkq VR0PAQH/BAQDAgEGMB0GA1UdDgQWBBSRMI58BxcMp/EJKGU2GmccaHb0WTANBgkq
hkiG9w0BAQ0FAAOCAQEAY02+M6kP215ji21w/fGQ6qZ0FlbgL3VS/zmoHZ4Jd82Y hkiG9w0BAQ0FAAOCAQEACDXWlJGjzKadNMPcFlZInZC+Hl7RLrcBDR25jMCXg9yL
5A/Hh/bCaDHI8Cb0tMkF7tU+Ly4LX2ruH5VQLjgntCGsaD+pYAH4eGd7Nleras++ IwGVEcNp2fH4+YHTRTGLH81aPADMdUGHgpfcfqwjesavt/mO0T0S0LjJ0RVm93fE
IGnhfdfLQHAIzqAZFNjb0xQ6QjRFQrBRfCJKnvYx5NFmLeTuIjSGEqJhADF7EpVQ heSNUHUigVR9njTVw2EBz7e2p+v3tOsMnunvm6PIDgHxx0W6mjzMX7lG74bJfo+v
X3kYQ52RfeY9EbcaNG0jHlrz9A3XDmpliyZ6ASh+RqVHoNht302WymkZvZMHgBpC dx+jI/aXt+iih5pi7/2Yu9eTDVu+S52wsnF89BEJeV0r+EmGDxUv47D+5KuQpKM9
RptVcy0EbkILYL3CG0ollTPkuI2Lo7nCZJGplT8HZTbCab/ssCf1YFpqK2SOGchC U/isXpwC6K/36T8RhhdOQXDq0Mt91TZ4dJTT0m3cmo80zzcxsKMDStZHOOzCBtBq
BUw2pCMnWMNMFQjvFc4QwNNFrRaGOeO4allo52D6eA== uIbwWw5Oa72o/Iwg9v+W0WkSBCWEadf/uK+cRicxrQ==
-----END CERTIFICATE----- -----END CERTIFICATE-----
3.2. RSA Certification Authority Secret Key 3.2. RSA Certification Authority Secret Key
This secret key material is used by the example RSA Certification This secret key material is used by the example RSA Certification
Authority to issue new certificates. Authority to issue new certificates.
-----BEGIN PRIVATE KEY----- -----BEGIN PRIVATE KEY-----
MIIE+wIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQC2GGPTEFVNdi0L MIIE+wIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQC2GGPTEFVNdi0L
siQ79A0Mz2G+LRJlbX2vNo8STibAnyQ9VzFrGJHjUhRX/OmrOP3rDCB2SYfBPVwd siQ79A0Mz2G+LRJlbX2vNo8STibAnyQ9VzFrGJHjUhRX/OmrOP3rDCB2SYfBPVwd
skipping to change at page 10, line 6 skipping to change at page 10, line 6
"draft-lamps-sample-certs-keygen.ca.rsa.seed". "draft-lamps-sample-certs-keygen.ca.rsa.seed".
3.3. RSA Certification Authority Cross-signed Certificate 3.3. RSA Certification Authority Cross-signed Certificate
If an e-mail client only trusts the Ed25519 Certification Authority If an e-mail client only trusts the Ed25519 Certification Authority
Root Certificate found in Section 6.1, they can use this intermediate Root Certificate found in Section 6.1, they can use this intermediate
CA certificate to verify any end entity certificate issued by the CA certificate to verify any end entity certificate issued by the
example RSA Certification Authority. example RSA Certification Authority.
-----BEGIN CERTIFICATE----- -----BEGIN CERTIFICATE-----
MIIC5zCCApmgAwIBAgITcTQnnf8DUsvAdvkX7mUemYos7DAFBgMrZXAwWTE1MDMG MIIC5zCCApmgAwIBAgITcTQnnf8DUsvAdvkX7mUemYos7DAFBgMrZXAwWTENMAsG
A1UEAxMsU2FtcGxlIExBTVBTIEVkMjU1MTkgQ2VydGlmaWNhdGlvbiBBdXRob3Jp A1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxNTAzBgNVBAMTLFNhbXBsZSBM
dHkxETAPBgNVBAsTCExBTVBTIFdHMQ0wCwYDVQQKEwRJRVRGMCAXDTIwMTIxNTIx QU1QUyBFZDI1NTE5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MCAXDTIwMTIxNTIx
MzU0NFoYDzIwNTIwOTI3MDY1NDE4WjBVMTEwLwYDVQQDEyhTYW1wbGUgTEFNUFMg MzU0NFoYDzIwNTIwOTI3MDY1NDE4WjBVMQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQL
UlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MREwDwYDVQQLEwhMQU1QUyBXRzEN EwhMQU1QUyBXRzExMC8GA1UEAxMoU2FtcGxlIExBTVBTIFJTQSBDZXJ0aWZpY2F0
MAsGA1UEChMESUVURjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALYY aW9uIEF1dGhvcml0eTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALYY
Y9MQVU12LQuyJDv0DQzPYb4tEmVtfa82jxJOJsCfJD1XMWsYkeNSFFf86as4/esM Y9MQVU12LQuyJDv0DQzPYb4tEmVtfa82jxJOJsCfJD1XMWsYkeNSFFf86as4/esM
IHZJh8E9XB3QJ0LrP2p8mRxXENzWEr5VL28qdwvQg9RiWQnBa4yldrUh6XP7MK5X IHZJh8E9XB3QJ0LrP2p8mRxXENzWEr5VL28qdwvQg9RiWQnBa4yldrUh6XP7MK5X
6CNXzdS+frBOff0wKbKa7ucU/OKFy46dsxg4J0yZRuLUObxNf0/qK0VHeGIgelIo 6CNXzdS+frBOff0wKbKa7ucU/OKFy46dsxg4J0yZRuLUObxNf0/qK0VHeGIgelIo
xuSheUzXzftZoV/HnuQEigi42MoTI8i4r3AZQB6mlzlAAcmD3k88Qc0eWYzKEHMK xuSheUzXzftZoV/HnuQEigi42MoTI8i4r3AZQB6mlzlAAcmD3k88Qc0eWYzKEHMK
WaCTKjNFJ5KuTGr1d4kpT3iVYZpnTNviRqsK6v96IygKTdg1Xwvey3K9wwbWpQMI WaCTKjNFJ5KuTGr1d4kpT3iVYZpnTNviRqsK6v96IygKTdg1Xwvey3K9wwbWpQMI
BorHoVkR/uET1E3ovdsCAwEAAaN8MHowDwYDVR0TAQH/BAUwAwEB/zAXBgNVHSAE BorHoVkR/uET1E3ovdsCAwEAAaN8MHowDwYDVR0TAQH/BAUwAwEB/zAXBgNVHSAE
EDAOMAwGCmCGSAFlAwIBMAIwDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBSRMI58 EDAOMAwGCmCGSAFlAwIBMAIwDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBSRMI58
BxcMp/EJKGU2GmccaHb0WTAfBgNVHSMEGDAWgBRropV9uhSb5C0E0Qek0YLkLmuM BxcMp/EJKGU2GmccaHb0WTAfBgNVHSMEGDAWgBRropV9uhSb5C0E0Qek0YLkLmuM
tTAFBgMrZXADQQAXVKenodj2S7ct9xaQhUZQhpbvFPX7G1fUNH+7hBthwYBQm1gy tTAFBgMrZXADQQBnQ+0eFP/BBKz8bVELVEPw9WFXwIGnyH7rrmLQJSE5GJmm7cYX
rSI/zpJ4I9seDTN4e2cWf2BbOhYE4WOgdoUB FFJBGyc3NWzlxxyfJLsh0yYh04dxdM8R5hcD
-----END CERTIFICATE----- -----END CERTIFICATE-----
4. Alice's Sample Certificates 4. Alice's Sample Certificates
Alice has the following information: Alice has the following information:
* Name: "Alice Lovelace" * Name: "Alice Lovelace"
* E-mail Address: "alice@smime.example" * E-mail Address: "alice@smime.example"
4.1. Alice's Signature Verification End-Entity Certificate 4.1. Alice's Signature Verification End-Entity Certificate
This certificate is used for verification of signatures made by This certificate is used for verification of signatures made by
Alice. Alice.
-----BEGIN CERTIFICATE----- -----BEGIN CERTIFICATE-----
MIIDzzCCAregAwIBAgITN0EFee11f0Kpolw69Phqzpqp1zANBgkqhkiG9w0BAQ0F MIIDzzCCAregAwIBAgITN0EFee11f0Kpolw69Phqzpqp1zANBgkqhkiG9w0BAQ0F
ADBVMTEwLwYDVQQDEyhTYW1wbGUgTEFNUFMgUlNBIENlcnRpZmljYXRpb24gQXV0 ADBVMQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQLEwhMQU1QUyBXRzExMC8GA1UEAxMo
aG9yaXR5MREwDwYDVQQLEwhMQU1QUyBXRzENMAsGA1UEChMESUVURjAgFw0xOTEx U2FtcGxlIExBTVBTIFJTQSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAgFw0xOTEx
MjAwNjU0MThaGA8yMDUyMDkyNzA2NTQxOFowOzEXMBUGA1UEAxMOQWxpY2UgTG92 MjAwNjU0MThaGA8yMDUyMDkyNzA2NTQxOFowOzENMAsGA1UEChMESUVURjERMA8G
ZWxhY2UxETAPBgNVBAsTCExBTVBTIFdHMQ0wCwYDVQQKEwRJRVRGMIIBIjANBgkq A1UECxMITEFNUFMgV0cxFzAVBgNVBAMTDkFsaWNlIExvdmVsYWNlMIIBIjANBgkq
hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtPSJ6Fg4Fj5Nmn9PkrYo0jTkfCv4TfA/ hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtPSJ6Fg4Fj5Nmn9PkrYo0jTkfCv4TfA/
pdO/KLpZbJOAEr0sI7AjaO7B1GuMUFJeSTulamNfCwDcDkY63PQWl+DILs7GxVwX pdO/KLpZbJOAEr0sI7AjaO7B1GuMUFJeSTulamNfCwDcDkY63PQWl+DILs7GxVwX
urhYdZlaV5hcUqVAckPvedDBc/3rz4D/esFfs+E7QMFtmd+K04s+A8TCNO12DRVB urhYdZlaV5hcUqVAckPvedDBc/3rz4D/esFfs+E7QMFtmd+K04s+A8TCNO12DRVB
DpbP4JFD9hsc8prDtpGmFk7rd0q8gqnhxBW2RZAeLqzJOMayCQtws1q7ktkNBR2w DpbP4JFD9hsc8prDtpGmFk7rd0q8gqnhxBW2RZAeLqzJOMayCQtws1q7ktkNBR2w
ZX5ICjecF1YJFhX4jrnHwp/iELGqqaNXd3/Y0pG7QFecN7836IPPdfTMSiPR+peC ZX5ICjecF1YJFhX4jrnHwp/iELGqqaNXd3/Y0pG7QFecN7836IPPdfTMSiPR+peC
rhJZwLSewbWXLJe3VMvbvQjoBMpEYlaJBUIKkO1zQ1Pq90njlsJLOwIDAQABo4Gv rhJZwLSewbWXLJe3VMvbvQjoBMpEYlaJBUIKkO1zQ1Pq90njlsJLOwIDAQABo4Gv
MIGsMAwGA1UdEwEB/wQCMAAwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMB4GA1Ud MIGsMAwGA1UdEwEB/wQCMAAwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMB4GA1Ud
EQQXMBWBE2FsaWNlQHNtaW1lLmV4YW1wbGUwEwYDVR0lBAwwCgYIKwYBBQUHAwQw EQQXMBWBE2FsaWNlQHNtaW1lLmV4YW1wbGUwEwYDVR0lBAwwCgYIKwYBBQUHAwQw
DgYDVR0PAQH/BAQDAgbAMB0GA1UdDgQWBBS79syyLR0GEhyXrilqkBDTIGZmczAf DgYDVR0PAQH/BAQDAgbAMB0GA1UdDgQWBBS79syyLR0GEhyXrilqkBDTIGZmczAf
BgNVHSMEGDAWgBSRMI58BxcMp/EJKGU2GmccaHb0WTANBgkqhkiG9w0BAQ0FAAOC BgNVHSMEGDAWgBSRMI58BxcMp/EJKGU2GmccaHb0WTANBgkqhkiG9w0BAQ0FAAOC
AQEAfJC5d/T2BRJqtvOfdUe005rRzp4oY9mNdSOIGBTWBOMLEXqtzGrJyNW6QbpA AQEAc4miNqfOqaBpI3f+CpJDhxtuZ2P9HjQEQ+v6BdP7GKJ19naIs3BjJOd64roA
A4k2pA9wm2xj0NocJyONKKKmivMV7YUnxpRSN9uUM23g3DfeSWwoo0ZT7YKO5MWp KHAp+c284VvyVXWJ99FMX8q2ZUQMxH+xh6oAfzcozmnd6XaVWHg4eHIjSo27PmhK
cv9Ifq0S70T2mympzRMhe1W3uR9AbS0saLQHPEJ5sxRSDSsla3AIQ+mFzUkxK37X E1oAJKKhDbdbEcZXL2+x1V+duGymWtaD01DZZukKYr7agyHahiXRn/C9cy31wbqN
0Y1B5kz1v7h7Oty4ADrV+Ye4HJlfKV+9h0ilG01/QPFcaOV69Ax9X5vxhK9/FsUt sy9x0fjPQg6+DqatiQpMz9EIae6aCHHBhOiPU7IPkazgPYgkLD59fk4PGHnYxs1F
TGKH6kCtvnbDI3H5oyB87x5MnvU/HENdUeIoM+FMXtRD0qDm4JNj1XxfnYR6eTyl hdO6zZk9E8zwlc1ALgZa/iSbczisqckN3qGehD2s16jMhwFXLJtBiN+uCDgNG/D0
XjCWOO/3PQUnQvDBPuEMITvAAw== qyTbY4fgKieUHx/tHuzUszZxJg==
-----END CERTIFICATE----- -----END CERTIFICATE-----
4.2. Alice's Signing Private Key Material 4.2. Alice's Signing Private Key Material
This private key material is used by Alice to create signatures. This private key material is used by Alice to create signatures.
-----BEGIN PRIVATE KEY----- -----BEGIN PRIVATE KEY-----
MIIE+gIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQC09InoWDgWPk2a MIIE+gIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQC09InoWDgWPk2a
f0+StijSNOR8K/hN8D+l078oullsk4ASvSwjsCNo7sHUa4xQUl5JO6VqY18LANwO f0+StijSNOR8K/hN8D+l078oullsk4ASvSwjsCNo7sHUa4xQUl5JO6VqY18LANwO
Rjrc9BaX4MguzsbFXBe6uFh1mVpXmFxSpUByQ+950MFz/evPgP96wV+z4TtAwW2Z Rjrc9BaX4MguzsbFXBe6uFh1mVpXmFxSpUByQ+950MFz/evPgP96wV+z4TtAwW2Z
skipping to change at page 13, line 7 skipping to change at page 13, line 7
"92c89d4330d3d8e31d4fde9b9d0fe6e9fc142141dd65a45e5b436f05". This "92c89d4330d3d8e31d4fde9b9d0fe6e9fc142141dd65a45e5b436f05". This
seed is the first 224 bits of the [SHA256] digest of the string seed is the first 224 bits of the [SHA256] digest of the string
"draft-lamps-sample-certs-keygen.alice.sign.seed". "draft-lamps-sample-certs-keygen.alice.sign.seed".
4.3. Alice's Encryption End-Entity Certificate 4.3. Alice's Encryption End-Entity Certificate
This certificate is used to encrypt messages to Alice. This certificate is used to encrypt messages to Alice.
-----BEGIN CERTIFICATE----- -----BEGIN CERTIFICATE-----
MIIDzzCCAregAwIBAgITDy0lvRE5l0rOQlSHoe49NAaKtDANBgkqhkiG9w0BAQ0F MIIDzzCCAregAwIBAgITDy0lvRE5l0rOQlSHoe49NAaKtDANBgkqhkiG9w0BAQ0F
ADBVMTEwLwYDVQQDEyhTYW1wbGUgTEFNUFMgUlNBIENlcnRpZmljYXRpb24gQXV0 ADBVMQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQLEwhMQU1QUyBXRzExMC8GA1UEAxMo
aG9yaXR5MREwDwYDVQQLEwhMQU1QUyBXRzENMAsGA1UEChMESUVURjAgFw0xOTEx U2FtcGxlIExBTVBTIFJTQSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAgFw0xOTEx
MjAwNjU0MThaGA8yMDUyMDkyNzA2NTQxOFowOzEXMBUGA1UEAxMOQWxpY2UgTG92 MjAwNjU0MThaGA8yMDUyMDkyNzA2NTQxOFowOzENMAsGA1UEChMESUVURjERMA8G
ZWxhY2UxETAPBgNVBAsTCExBTVBTIFdHMQ0wCwYDVQQKEwRJRVRGMIIBIjANBgkq A1UECxMITEFNUFMgV0cxFzAVBgNVBAMTDkFsaWNlIExvdmVsYWNlMIIBIjANBgkq
hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmpUp+ovBouOP6AFQJ+RpwpODxxzY60n1 hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmpUp+ovBouOP6AFQJ+RpwpODxxzY60n1
lJ53pTeNSiJlWkwtw/cxQq0t4uD2vWYB8gOUH/CVt2Zp1c+auzPKJ2Zu5mY6kHm+ lJ53pTeNSiJlWkwtw/cxQq0t4uD2vWYB8gOUH/CVt2Zp1c+auzPKJ2Zu5mY6kHm+
hVB+IthjLeI7Htg6rNeuXq50/TuTSxX5R1I1EXGt8p6hAQVeA5oZ2afHg4b97enV hVB+IthjLeI7Htg6rNeuXq50/TuTSxX5R1I1EXGt8p6hAQVeA5oZ2afHg4b97enV
8gozR0/Nkug4AkXmbk7THNc8vvjMUJanZ/VmS4TgDqXjWShplcI3lcvvBZMswt41 8gozR0/Nkug4AkXmbk7THNc8vvjMUJanZ/VmS4TgDqXjWShplcI3lcvvBZMswt41
/0HJvmSwqpS6oQcAx3Weag0yCNj1V9V9yu/3DjcYbwW2lJf5NbMHbM1LY4X5chWf /0HJvmSwqpS6oQcAx3Weag0yCNj1V9V9yu/3DjcYbwW2lJf5NbMHbM1LY4X5chWf
NEbkN6hQury/zxnlsukgn+fHbqvwDhJLAgFpW/jA/EB/WI+whUpqtQIDAQABo4Gv NEbkN6hQury/zxnlsukgn+fHbqvwDhJLAgFpW/jA/EB/WI+whUpqtQIDAQABo4Gv
MIGsMAwGA1UdEwEB/wQCMAAwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMB4GA1Ud MIGsMAwGA1UdEwEB/wQCMAAwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMB4GA1Ud
EQQXMBWBE2FsaWNlQHNtaW1lLmV4YW1wbGUwEwYDVR0lBAwwCgYIKwYBBQUHAwQw EQQXMBWBE2FsaWNlQHNtaW1lLmV4YW1wbGUwEwYDVR0lBAwwCgYIKwYBBQUHAwQw
DgYDVR0PAQH/BAQDAgUgMB0GA1UdDgQWBBSiU0HVRDyAKRV8ASPw546vzfN3DzAf DgYDVR0PAQH/BAQDAgUgMB0GA1UdDgQWBBSiU0HVRDyAKRV8ASPw546vzfN3DzAf
BgNVHSMEGDAWgBSRMI58BxcMp/EJKGU2GmccaHb0WTANBgkqhkiG9w0BAQ0FAAOC BgNVHSMEGDAWgBSRMI58BxcMp/EJKGU2GmccaHb0WTANBgkqhkiG9w0BAQ0FAAOC
AQEALQ1vufCQBX+6OfmdNhnVy491UaTRaVhjDteUIu6S4PYSi/ow+E8TYGNOw6R3 AQEAgUl4oJyxMpwWpAylOvK6NEbMl1gD5H14EC4Muxq1u0q2XgXOSBHI6DfX/4LD
Itm1XP511BF2Zfwu4FHuoQwtOodokuIdJXUVKtRRRLEemqgJUuJz9MRF4jPD0PMc sfx7fSIus8gWVY3WqMeuOA7IizkBD+GDEu8uKveERRXZncxGwy2MfbH1Ib3U8QzT
fjhMTBNNI2ll0vuV0t9kUW5uonCdUKvddUcltCp6ojcpUVp6rvXUbkRdsR3KUJw3 jqB8+dz2AwYeMxODWq9opwtA/lTOkRg8uuivZfg/m5fFo/QshlHNaaTDVEXsU4Ps
wxk0BgvwLhEHOg1yu6DUunCdb62QTbxhXec9i6zi6szDk87zOL23qejFtvhjGJi2 98Hm/3gznbvhdjFbZbi4oZ3tAadRlE5K9JiQaJYOnUmGpfB8PPwDR6chMZeegSQA
RdFHV1NMYtzJdDsCpM7nc8C04+5zepj9PHU3TkwHuIUxBJ5FQA1ReLNrfx7uIYBX W++OIKqHrg/WEh4yiuPfqmAvX2hZkPpivNJYdTPUXTSO7K459CyqbqG+sNOo2kc1
S3wwgDct4A/f28UPnT3+AXmUhw== nTXl85RHNrVKQK+L0YWY1Q+hWA==
-----END CERTIFICATE----- -----END CERTIFICATE-----
4.4. Alice's Decryption Private Key Material 4.4. Alice's Decryption Private Key Material
This private key material is used by Alice to decrypt messages. This private key material is used by Alice to decrypt messages.
-----BEGIN PRIVATE KEY----- -----BEGIN PRIVATE KEY-----
MIIE+gIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCalSn6i8Gi44/o MIIE+gIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCalSn6i8Gi44/o
AVAn5GnCk4PHHNjrSfWUnnelN41KImVaTC3D9zFCrS3i4Pa9ZgHyA5Qf8JW3ZmnV AVAn5GnCk4PHHNjrSfWUnnelN41KImVaTC3D9zFCrS3i4Pa9ZgHyA5Qf8JW3ZmnV
z5q7M8onZm7mZjqQeb6FUH4i2GMt4jse2Dqs165ernT9O5NLFflHUjURca3ynqEB z5q7M8onZm7mZjqQeb6FUH4i2GMt4jse2Dqs165ernT9O5NLFflHUjURca3ynqEB
skipping to change at page 14, line 45 skipping to change at page 14, line 45
This secret key was generated using provable prime generation found This secret key was generated using provable prime generation found
in [FIPS186-4] using the seed in [FIPS186-4] using the seed
"1cf74849f7445f466c4272251f5f96b77fa0698b3e98b3f1ee8207bf". This "1cf74849f7445f466c4272251f5f96b77fa0698b3e98b3f1ee8207bf". This
seed is the first 224 bits of the [SHA256] digest of the string seed is the first 224 bits of the [SHA256] digest of the string
"draft-lamps-sample-certs-keygen.alice.encrypt.seed". "draft-lamps-sample-certs-keygen.alice.encrypt.seed".
4.5. PKCS12 Object for Alice 4.5. PKCS12 Object for Alice
This PKCS12 ([RFC7292]) object contains the same information as This PKCS12 ([RFC7292]) object contains the same information as
presented in Section 4.1, Section 4.2, Section 4.3, Section 4.4, and presented in Section 4.1, Section 4.2, Section 4.3, Section 4.4, and
Section 3.1. Section 3.3.
It is locked with the simple five-letter password "alice". It is locked with the simple five-letter password "alice".
-----BEGIN PKCS12----- -----BEGIN PKCS12-----
MIIYwAIBAzCCGFgGCSqGSIb3DQEHAaCCGEkEghhFMIIYQTCCBI8GCSqGSIb3DQEH MIIYKAIBAzCCF8AGCSqGSIb3DQEHAaCCF7EEghetMIIXqTCCBI8GCSqGSIb3DQEH
BqCCBIAwggR8AgEAMIIEdQYJKoZIhvcNAQcBMBwGCiqGSIb3DQEMAQMwDgQIWQKs BqCCBIAwggR8AgEAMIIEdQYJKoZIhvcNAQcBMBwGCiqGSIb3DQEMAQMwDgQIWQKs
PyUaB9YCAhTCgIIESCsrTOUTY394FyrjkeCBSV1dw7I3o9oZN7N6Ux2KyIamsWiJ PyUaB9YCAhTCgIIESCsrTOUTY394FyrjkeCBSV1dw7I3o9oZN7N6Ux2KyIamsWiJ
77t7RL1/VSxSBLjVV8Sn5+/o3mFjr5NkyQbWuky33ySVy3HZUdZc2RTooyFEdRi8 77t7RL1/VSxSBLjVV8Sn5+/o3mFjr5NkyQbWuky33ySVy3HZUdZc2RTooyFEdRi8
x82dzEaVmab7pW4zpt9PTNtjiCMDLs8WQJbco+pKfzP5O5kztKF2TpmHPOqZea2Z x82dzEaVmab7pW4zpoG/IVR6OTizcWJOooGoE0ORim6y2G+iRZ3ePBUq0+8eSNYW
5sfr/RUNeMwdM7KqCCa38Uu0EXuY4YDmoc3grLAKfGx3C+GXn0kkonHNdo00CPwe +jIWov9abdFqj9j1bQKj/Hrdje2TCdl6a9sSlTFYvIxBWUdPlZDwvCQqwiCWmXeI
ulnTbVqDB76u1UUSPHr3OU6Q2plIbyLdRGKTQvW7hj0YcbQilGu6j0PXZA4NfQSm 6T9EpZldksDjr5N+zFhSLoRwABGRU8jXSU9AEsem9DFxoqZq8VsQcegQFY6aJcZO
KtVo7sU+udAoL3FM9GxGjpiJul4ATP+4JaqtCGjJAXyI6+xDg4HUmL8yF6IMk99R Xel7IECIAgK8nZlKCTzyNVALxeFw0ijWnW4ltDaqcC6GepmuINiqqdD94YAOHxRl
uHwAOq8kZuxhldLl7jSUBhrDs42OWsYaHtlQTZTiIFfAP1IQeMOkW7GjE0Hx0K2E 1lKU4mLknSJ36W4T7vaI4fp98sK0nGpaDzQheu6BbQ+dVd44q52MDwvqvD0Y7UjF
zXm/peGG0ITKgphQB4FfXYRETjhD7FUvQwVy2DfjapqGsc0yDwg/UDYlz2XSK0hv IVEP3V9Ebfn641CR0mIcVCUynxb3aaKjhgBKTGbYsKtPue974rDPIArMs2Heo8y3
7EOuS/SL9Dpbth0DlUAmrVG+XifCT6Ev59XfZRhP72v5T0m1e3/BuX+ZhTdvIapQ cq+f7Jce0IVCglRatN6rSyJBF8JlBQW5pZGco8AwTM1pK3RrdIDziheA8DIBB+KT
Gdjz05KwekTsSc8RaCQ9BlTvpl1eVMsHTPeQOWDw4Bfb8vLd2C3uSUACvzbSBZR0 4JZBO6UprlcZ5wBY6ncXWa5E4feb57Cd3bB+zJuubBX9f4yG/J0cSF59w92c/6Qb
QzGs7XvSO02EsmvP/J3V4M0b/jvhczSQQUsA2SBuefIHKNwPxGa2Wdn8XW8mJgJH i4EFk6tAiz19PxuLLwjco71e69Jiav19Ph/WJpf/XCEurw7K+VAeZALFW41G/D30
uQda6RpL6jBi5nusGGqEeD6OLhKIwx97QGRi5ZW3q7z9aTAWUp4/DPQk0QVdIA6u WIBRC2shisHB3j8+3fNPcvi4Fy3EkZNW4lrZFAjbBtloCxk5rcfRS7vxucAvC5X9
PUyKtrZhQTkzp2kkgHJdHxUz1SzdCe6PYRqZMn+eAFuFDHKu3fKWNTNlBxE+hbU1 4bm0xEcdOysnuplH77u+CWWxjCk414SlKZTUbwc1a0B6yRDvojUMZkDzMqsxyYjn
F6NKmIJ4QtjBr2NkkFdxa66vZzA62ZR1uTVYRFs2P+STUS3RgTsk/dNIehJQRRfX JG5QhMFQrTyALwCgJsP/rAf5xPhG2p+9Qul0yiBIIZwvKNKRQKL+YLcvYvTh1bhj
XaFE4lmtFrmQZBAExWTPTFgKeJkqymCeRuOceJX5ej4nEC0ouaxNAkb07FlUrajm rUflYzzvviyXCy9LcX2GBop9yBFJzIcmKfL0MGua6WIkWX2BIjhGTtu6VThmRHuf
WA7y9k5/8J3T1w2uYVcdyVlv129HNvdlqKJzUasLdsyg5+yOWZGJZzRX5tPp/jID OsqNg/ZrNCTYa7e1D6gwP5uFRecSZdASf+0XTe6M7e/vaN4Go4A3H8+d53SYQP6n
vAWD8/8Eo2rGElb8BxJIZEX46To7nkuODbDUcRDjswQ7UB+S+cCcI/qEjnEgyFKP pTt/a0DTHzY77aNMh+mzkIHC1W3zUdlS48tUyJMiAN3Tt+RfhHZfgloJ7IdcYdM2
ehxGaTJgxiFof2aKHuRZM207IIvoUAfincgdNBKK/KiTxg63Fb2gHspTqH0w2n7q O1I+UD/5L9ghxN8dh13Fi3rDyn6Y5xB1xFuZ0mLjoEI+3Pr1+B9Kgf+o/hxFttfx
so4D3rrH8yla1wfMxOnx47EAOwYPSiVDyEBiQmqBm8gbhwMoBueMXu7wKzctC+xG 1uP1XcHt0a4gBr6g7fwGNssfw5S6g6hS9UDTAYOpvLaatil2TZmeYZzij19ssv36
IaaQ4VLzxQfFn5Thxb3Y0yBMLDXVP5ZCye3TCX3JlgjzzkailiTDhvE8sbeKdEJk kr1VaRV9xcQCbY05ucD+buymFXPn/rhVdxhgIydmvOtdzDozy0WFDTvgjUBNeRnC
0Ui8pGEO+zQR7npzFFK/axe0Al/4lwnyrWX9R9rxDSDr2kLDxPtfbNQLpgPXfEpO eMVD6AlWdWOlmBqOcIlJS0aY2FWm8Kju62XZA8YIRowlLysuq3zIqDmzmqJFKwuA
SN3kLkEWqC6jSko55f5+wP1i3b8NT5gfGjW5Kp42a0zoq/5huFdVqhrmw5lVlrc2 mRMZmUVhophMEn86rwob3Z87gNbyy1U/dXi+s6Vybx/kiwDXjfyhWBnhn1gkhgiv
oSipVTtaeWXeEQJeq6uA6xiqnH0uhBJQh4IQEBmpStIpxbKD8i1F1kqIFHv7WpEh oOhGtt+yAliCVuHQlEloQeQN04C5QTU0d1WOj489Ft6wpvm0tqcl6NpnRYUhbCoF
MKE8qq4wggR3BgkqhkiG9w0BBwagggRoMIIEZAIBADCCBF0GCSqGSIb3DQEHATAc XhFr4wswggR3BgkqhkiG9w0BBwagggRoMIIEZAIBADCCBF0GCSqGSIb3DQEHATAc
BgoqhkiG9w0BDAEDMA4ECPoEFEHQGB9dAgIU5oCCBDAOrGHyN47xktt1J1VvWQZN BgoqhkiG9w0BDAEDMA4ECPoEFEHQGB9dAgIU5oCCBDAOrGHyN47xktt1J1VvWQZN
BYIMFzLN6p2/zKotGf7EMdgSdwlxkhKTWxunfoP/gfRD6boXTAA7ukJDsHXZrfXF BYIMFzLN6p2/zKotGf7EMdgSdwlxkhKTWxunfoP/gfRD6boXTAA7ukJDsHXZrfXF
KjI4HI2oa/NihwqctphcLonBJXcofuHv+loP9MPLtwtzPrLxQIC2neas5QW6ygLM KjI4HI2oa/NihwqctphcLonBJXcofuHv+loP9MPLtwu3Mo1wsWTiHpf5XmxMoZQw
h4gyvWSQXU7f8ZscbiVH3g8R5dcHOzFuEdjnlkDEfvhrchYsP2o4gVoj43VVk6tk fbrp2ohLugJO1ZRB9RfAUpaAhtFg91pLOtXEpz7GULEyOnYh9R8iu9bSel8bpl4S
UV+6mIeDGqMB8T+CDWjzcWHabN/2ZDXSuh65fPOSfmIbxsvRtuJMU+ODsziUAK7L +AoxzXD4gYiEU6Yi0/47aRstd3H4u3ERDnUKSoqVstslRSKnK/WrGYUwoy7kNDwy
nnLPmnk1M5mEwJNL3W93CHZTqf6fXxyEjlyE9OIPEBvHyYHg7yQ77+D08KJJ1dVG DBitfosMY0rpWEe5rXTBwJkBodcl3LBpDbNzdbrZw+e+yObJ9zfRlMpl0xVfoiji
kPC1yjwoIci2uXJpTMvu8F6Nw/MLKKUpkEqKKwj9k3u86x7wHsP+aqtCZRQxZfgw q9UbRdgN2yo0RKwF6c63V2RdF5tjQHnNIM3K3tC9zEis11jgn9LeOLB9Cd1qyE4P
RlroNuvBl3RZnPRYsv0gYXhIJLf+TPqTxEqZvcz0GcbFdaIonPs7BmI3yQDXo53f WfmHN0gwqDF1eX96TmUipmYM63H6jcbnSc6p7eIZtCrqGjhsTqFwcMg04WaXWeHD
rKkf4Fx6xcrLC7Lk4GRFkaB9oYSz30Mxvvj5KMUt4uvdKgynT0aw2uKTF9ocQMqN ffLXSZdzIUB+zfC8tftUUEOUX3tX4l1oU7K8uAuQTSK/AXwUj+MbQVhlz8te4FVr
O1s+tMeXlFEVkPqKZey9aJLewdwGvBDMZx3Qp9CDMmPvBMIYBmEHXE1Hi8VCPiE7 w4ulZ184IYqhD3VdIOxXiZkfSKChRz8/7QacrXFvfKkrcrxS2iHMoxhoJ7WETNtI
sjrx0s3zI9LmJfswVcOOV/xmOyF7XM0Hn3+m8/pP1v7bIPl8od4BYN9RE67fKanv slW5R5runj61r50VT4HCFNFQfGBbTtV9AdP7yka9aQDWxPCoXFgeb1Q01F/BigzW
/3H18VUvaFXXwRSfIN3a5p0083XwkkgzJqFGxHppppWwZNAfXqP2n0JhfWqur6+f 02JP5Lcrw7ia0y88QbTzWhi57d4he5OIp0wHUiGPh7s792mlltvuSpRKJkOXWv6h
N/tXF3MV7r//8nkKWGfDyOJo3hn601BMZlsLBqCbYchtY3iGbnLmTcgzGNdLSnSE qAj5AsBB8JNvgXP71Ytx2vMdjw6gqzQcxASJ4UHQg0CxmiODLUP+FHAY1CPNSjbR
GWPIyWh512QA69wxguGLCQzd8Jqf+0+Bc4ZPVPZ/jfbSbR6dsYHoi6Yr7ngW720N pHrTi1UFi/+9hYneQci++qPvkCqMuGHVxamd4OLanGJN1NxE1DyMeduapX5rXuPn
PxXn3I1k0h3w94DIa3dp7jz5NUpmb1qeBt06ueYiZoAxgKs8hpo4KiuCYYPAikD5 g66LPey9GQuE3SBNC2dmjuOy7d8fWXEZqhqLtPfsuwVzdnWb1uAcjRfQPNo+uWe4
3SPV4kQXBOBMWMBCVEDaf/fjAYJ0Wyl6z3gb0vIdQXuVWQTMNHyvfKJJ7bt95pKw zihYisXK3lqA557dRqdSv+6GL6/OZQOCTaYMyZIWD9jS2gU6T3q2j8uk1LNcL9n8
tfadAxAQk1qTZjK47GFOHynqCD0blo3rSUWYpwKkqOYEhauBT/JUW5KvsZQwMvDf aSpQ5xWspBXpzXo39fG6CMeqzZlFCqrvQwYhdXbtxn9Ox/pimmWOlcqAxv+xythW
FKFDdUR5Xhgz5DaGTY4QdHAdnjIuUG0niHqSuGGgKwUQ33uBtHifaEFLFMWitujP BMx+il1JEdbCj015wjmsCWNPWlM4AVSholpZhs9Mq6rvgBXi1HJgjD0DpSLCE0xh
NPO3niZEHTt/uUup3lXeDBVXl+FKYG2Z4lBXjJ/tXrJ+fhr7aMvHSBBG57YhhlDt /GNoXoOX3LrxfCIDEhT8LyZ2NE59yh3t6pm88soFzaAghdjb1Fkc79nBbcl4NLKg
oqoah138a49jiaY5I0l0tRxTZ+8dDwKOuWfQJoPDsOl0qXcIT8WAHEmnLsLo8TE+ SmL/7GktkxEznOiSYfnfJ905kjZC08d8RnoGfrDDUWD2ZIhbbxOCq4E3E0Zt13aH
/yCIAYtgrYonbKhEYTliQCSeXXKVLjiPwBnw655i3jUt4PbQpQg+v9uM5sACJs3V JOXRBOZLC9L2JNeSNiBZZGykh+Pi4TsIzXL2UPQ+dy4DDaEf8yamyY04dlhFsnhD
A30fa9DSAx299MFicKN2c2L75CmOLhOe/9qke6END49P1898uYmPg9DQ7MwSBN6S qr94Y9E3O/rpF0yUb2gCehEgT9nppVuMeridsCkHqemmgVr/52Xv/XK9dx4+YBjL
P98bbF4CKzgYHQpo1nLKLkpv91brjlJPP6CS63A5YyIJ6yKHksO3LfWu73bHqXRn 4/3Id0/yVJURqDIHH8o4ogF4rflkzOalrZ9nJFugP0UM8oNysaL9yr7/Dli1juV0
MIID/wYJKoZIhvcNAQcGoIID8DCCA+wCAQAwggPlBgkqhkiG9w0BBwEwHAYKKoZI MIIDZwYJKoZIhvcNAQcGoIIDWDCCA1QCAQAwggNNBgkqhkiG9w0BBwEwHAYKKoZI
hvcNAQwBAzAOBAidIqBxZFwvagICFCKAggO4foBE9nhZu0eKb/b/1iebuyBbEh0W hvcNAQwBAzAOBAidIqBxZFwvagICFCKAggMgTzrUv4/12Jqnv3AL+P6990uX1ybZ
QD8kz4dK8r9UmWzGuv6HEldGqyv2dmdMtKonDaF/+70EcPiH38BzFsu/CastRnR8 NcTwC+hMRV0Ho0FuAAybzdSRBAaZch1+8GheU8yz7IYWmLn1PNHxlZ8inIYfmTfk
4Cinf+ttgOnE07OjIsszsPMA7967LOw00DABH9DkGs0v4Jo86T9NdT2OOzyytji7 Pa34Rk8s/RxJIe8LMYL1qjk/FMq/Fpgc0S65S6bXvJ69Hb8gtAoGW8P1b0dd9bvG
Ibe716O7weJIVOdi623dV6Wx3Zy8gQn+WvIU03QcLErGGvkt3RHl3IztWRFNbZte NbAk00h5r+IWiH4U8zGpcqWDWRgieGICsY00Hvx4KKMV6FIjFVCTZevORVoyzmSX
5iGI+eARoS2z+Dg/HtzUhSbnDUZI2TL8L5OnXZnfCq4vLDaM3s5vCWHNKTZscxZu ZZgxqrbjw4CZqOWReHPI3aEt5xVX3BihRGi4EIyia6yU10VOZTGBKqWUeKmOA5Gw
fQ8StiE6lXX+5idtV975r7ZR5HGiafbUb9t0mYjksV4W+l0IjIubZIcK1fqK/gZD SX3mH/kLiya3gwwGvdq1ncXcl7V1STN1HFyp4ebGKg4CsZ6NkWjocwq2PwM/TqoZ
HQRNmsulxluli9Lkx5XB2fg+T/IJd5ookeuof/OU23N7F5qXgg8xVXs/eJtAmn8B 5i02tqvOeR8lX7LrSegxGH81Kw3nMV4dH5txoVt9hddZCKKGcJ5Z8FlzxFP4BFuF
b5uGD27TkA6/q7+2I9GVnpT8IAKSLss4nKMfu3IMgDvouvtEvSmzmOAXGW9NqP4x 7hOmRpUPdxiahJ/GkXDVIAw6BJKd4Q9e6sjJYxTeq4uOP6V4PMuDU7F98X/d9sEx
cGkruV+vm9pK7Tf0RMf3nqOdArF+Rzh+IFBhvbUBQe59xrsQesvQ0nFQCK70WYzU 2X3b1cJxuA7xtOnKAPsWEyWBg98B+CKG6KwO5s8TlZVmlk15FCUjvFoKCiWIKF4N
LILeucMGapqu1tmpUyqUTYKaKLabEX0PZFe5a46fOV9UFBRlTeOQykzV7Y3QQStm vGLiWOIP/jJ9N6Gqp4gNbm51zNFGZ7gZAtvsBSGQSOUPgfZcx2mRxpBmcX8tm5YJ
0hi6uI3oqkho+6TZwZMuoqEEcF7+yBgU1OLYEGdxRXOPAOPTl/A3UK9Kn/MPmW5d hmY9EDK13umUUGKrPOrG8c7/MVAQegSKqQuXSfMK6KknXGe7jwjs7xaQaRm9fFHS
mhCHX20UgXIOJMlqHBS0cGT0qAx60Oqr8EHar0kEHb5ASoMNUY7mLK8MvjY5IX+4 0KbGU3MsLxRGjW/jzjUNAEWDiSYPCVo8E/kd8LETvjAowF772y9o0X1ZzcP7HWcl
7s2GdmruNaFMf653OTgvuzlfdzTmJX79VFuh/6eoklRb5MtxngPtn33Oi2i7rDG3 oYcO/WSSh4e+FAbgqLo/8KIkGzJ23BAcdx8XAtxzUZhRdHaItnwaJsfTr4TCwq8C
JrcjFAQPavK4YuYef9J1jUEGpKFNQIARf30WM0w8KqWx2Ye1K4QlUvsb2niARTPC XxJG5u44/z6imqQrVOaXQfvk6sSNGdG62TkacYg2K63D9hcg+TbZPPVSStWXyj8S
uLITkxqlC5VN8C385kmzS7Je9ScGbXtPF48Z5UpdWEFIl9MYHdzgkYVE4i3cg/Zl N84anzTOxb1yx6aw6IL+uBLC4jISgNFijaF5pwjLSbgTs5Z7skZdCam80xYmdJVO
Ocggjyhu/+NmJ4AhZ6kQ/PhR1SrDHb1kaYZ39n+TKS8gRGDXFCsPPQiUub7KRou1 ES/uqFCQFUSamXXNbotviQk8jWuJFz+BXzPYJN3t+3mp6SmgTZ2zP8FUQEE4GbSH
ptga7v5BK5bZcZpUA9DFoZDN37QBJD4k/wPfykenHgNQDzPDzBc0Ae0QmBAn1Z6O DqYV621DcWRo/mao8xzX/mvkKm4ddGBldiusoHZaL4gdo2A1qThSMnMBsciC+jEj
xqEz3V5n7YdP07yLlPV767MuKa6X7iwquZ9JCx5oto2TQZ4bpGZ8zakPpMr0ifCh DqOr70XhHccTDW8wggWUBgkqhkiG9w0BBwGgggWFBIIFgTCCBX0wggV5BgsqhkiG
fiUn4A6d6S5Kvab5WrcTVFThq2wYiXgJCI8ZBItrLR48b7hd8wP3pLxz+dCDeGq7 9w0BDAoBAqCCBSYwggUiMBwGCiqGSIb3DQEMAQMwDgQIehcRLmVUApMCAhQOBIIF
l21HgQ/9xXvRKm16XBp/AIMH6zXhzneyhlYfwbiyXPRwgYJLzvvA5Wus1GPK+Idh AHb5dXZKzCeRUo2ZSj0oyuFS3zQ5HhKyfapsyCqbYCKv/lSzNYWvuda7xfa+uOM7
a77RkO7XOKsiDUWaFbVpiI0cFTCCBZQGCSqGSIb3DQEHAaCCBYUEggWBMIIFfTCC /wCB9sWdz0MTpaBMHWx9hvibZIY65oM+ry4tTuKKqOJl37OsnjB0dSNTKszsI3fa
BXkGCyqGSIb3DQEMCgECoIIFJjCCBSIwHAYKKoZIhvcNAQwBAzAOBAh6FxEuZVQC PUjslxqIH3aC1shD7OqhIRGZzRjK44PJyWv626oQrgVtTYR9NYTdee+SbBZbkEt/
kwICFA4EggUAdvl1dkrMJ5FSjZlKPSjK4VLfNDkeErJ9qmzIKptgIq/+VLM1ha+5 EpWipwftWXGR6tSYJQn99eO9Vih8HyQvwIpidUh3pCFOlow4VZyAqIWOHcw9TAjB
1rvF9r644zv/AIH2xZ3PQxOloEwdbH2G+Jtkhjrmgz6vLi1O4oqo4mXfs6yeMHR1 XNv+qfdH7fiX9wM5/GvnQReIsqjXCUoc6pSQIAqD/f+I/d1F2ZmqM7KwX0LGRER9
I1MqzOwjd9o9SOyXGogfdoLWyEPs6qEhEZnNGMrjg8nJa/rbqhCuBW1NhH01hN15 OWZGyF734pN9GLbNetWm6rKxmlSI/5m6+2Jxxfann16P+vBSEgWJ/I8GnJAdzIbB
75JsFluQS38SlaKnB+1ZcZHq1JglCf31471WKHwfJC/AimJ1SHekIU6WjDhVnICo Tyfjog4Gi2+lmrPzK7+C79ntM9nfsr4xVzy/BknwZIaJksd4VvOGkS9nfM6shtBJ
hY4dzD1MCMFc2/6p90ft+Jf3Azn8a+dBF4iyqNcJShzqlJAgCoP9/4j93UXZmaoz B9uR+GJfthtsvIVUHN0kz2r/lVzMSRbOg9yR53hv1H/nXCmUjWz/BvobmoaVBcCm
srBfQsZERH05ZkbIXvfik30Yts161abqsrGaVIj/mbr7YnHF9qefXo/68FISBYn8 mOnnYZTHMNarIVYdLQFif5ZLH7WV/XVEVIoRntNRiKsK96VAHm5XboWQGCqL0heh
jwackB3MhsFPJ+OiDgaLb6Was/Mrv4Lv2e0z2d+yvjFXPL8GSfBkhomSx3hW84aR IX3Nily1genGm1aFlSQNMvLDko1ILDTKrINvPmjG/WFoLntpJFPtYZsooT1jjXLw
L2d8zqyG0EkH25H4Yl+2G2y8hVQc3STPav+VXMxJFs6D3JHneG/Uf+dcKZSNbP8G 3VTSodtgKQNdPYOEidSJqwIS87fzrCB2Wmwys0iGfdsuNhSaqNqa0dMO6FiW2fku
+huahpUFwKaY6edhlMcw1qshVh0tAWJ/lksftZX9dURUihGe01GIqwr3pUAebldu x7H+w7SX1/n9YeZUNLOcewLcC7E8IA1IarjglZE1L6Yb2ldXxV9q3PPOwKuGnah0
hZAYKovSF6Ehfc2KXLWB6cabVoWVJA0y8sOSjUgsNMqsg28+aMb9YWgue2kkU+1h TKnD6mLn5BIGOGTzF1VspXRrJhFrcLe+xsJR1r6niI3bcMWXXy7gbm1X/CRE902I
myihPWONcvDdVNKh22ApA109g4SJ1ImrAhLzt/OsIHZabDKzSIZ92y42FJqo2prR ynxE1oDR+xZ6rjPWDJP7kVf4GvA8trCGrot4pbJbmwlBeMIylScdQoHEnyqrenOn
0w7oWJbZ+S7Hsf7DtJfX+f1h5lQ0s5x7AtwLsTwgDUhquOCVkTUvphvaV1fFX2rc RMmXZaKzl3njtq7Wk78qoJq0a6Vh/sde0KcOPFkyTZdMBlTztm0K2VJU3jUVzPlM
887Aq4adqHRMqcPqYufkEgY4ZPMXVWyldGsmEWtwt77GwlHWvqeIjdtwxZdfLuBu 0WY2fyGDoA89ol+/MiNsgiaEghGybXBYipOex+p7j1GIRN/CKmpWsqjZnB78kyXm
bVf8JET3TYjKfETWgNH7FnquM9YMk/uRV/ga8Dy2sIaui3ilslubCUF4wjKVJx1C Z6AE1vC6neD/7zANInDkzXiun6ic72LoBX3JGiCSuM6hIPJ0AcDwlzTDu0H2rCQN
gcSfKqt6c6dEyZdlorOXeeO2rtaTvyqgmrRrpWH+x17Qpw48WTJNl0wGVPO2bQrZ w+tivJ2v4KbgeKoc6beQb5fZHs7VsWHikIcpwqB5ngwt34wHgFG0nTS4lZmvzSJ7
UlTeNRXM+UzRZjZ/IYOgDz2iX78yI2yCJoSCEbJtcFiKk57H6nuPUYhE38Iqalay FMRVGmsDYkDTpZzgNOaxiUBQMcEvxNIe3nAmA+dvB7w6XRQVSUsL+vBFhHiWGZ7h
qNmcHvyTJeZnoATW8Lqd4P/vMA0icOTNeK6fqJzvYugFfckaIJK4zqEg8nQBwPCX k5sCeHElewXK0SyJADgfFlYq3EfEgZ13h4wtoSfbBVtzbbyg2LNegUCLfIJkc7fm
NMO7QfasJA3D62K8na/gpuB4qhzpt5Bvl9keztWxYeKQhynCoHmeDC3fjAeAUbSd T7X7JSxbjOgndMHEeMdVb+NFxbgsXYrYD8rC2A8l5cQzZrsxb1bvgybEJz+NU/52
NLiVma/NInsUxFUaawNiQNOlnOA05rGJQFAxwS/E0h7ecCYD528HvDpdFBVJSwv6 UgGrPmdjJKuGBK/V2zor6qPvKyId1Gb4QQuIoyClwhZ+qk9nE4Eft84y7ISgMywH
8EWEeJYZnuGTmwJ4cSV7BcrRLIkAOB8WVircR8SBnXeHjC2hJ9sFW3NtvKDYs16B +lw87HrSHKfpqzQhCxlrLu53IYK/4PhE7BYC9Q4tvIsZXSGZ+nju4tyzERSlaNe5
QIt8gmRzt+ZPtfslLFuM6Cd0wcR4x1Vv40XFuCxditgPysLYDyXlxDNmuzFvVu+D njUeIENr4B/+kXULwVDcvMFHqUFJMkFai8FUga7gyipZ+654clGgJjnNBO1va8Jc
JsQnP41T/nZSAas+Z2Mkq4YEr9XbOivqo+8rIh3UZvhBC4ijIKXCFn6qT2cTgR+3 dtdPRRW4gwdrVn8u8J78KBzt6ChkrpKRV8VeWKBk9lhcT0ZNpJnNqhDrkfzHBqP0
zjLshKAzLAf6XDzsetIcp+mrNCELGWsu7nchgr/g+ETsFgL1Di28ixldIZn6eO7i Uo133I7P7C+h9sNDI153W6IOIodyQE0Av1WxHo4y/1d1VeGDaB7hOSDq9ZMpm9n1
3LMRFKVo17meNR4gQ2vgH/6RdQvBUNy8wUepQUkyQVqLwVSBruDKKln7rnhyUaAm En7F6/1/s4IUZHja/qRrK9hD4M0Xq0LhFXuUzuipo49OMUAwGQYJKoZIhvcNAQkU
Oc0E7W9rwlx2109FFbiDB2tWfy7wnvwoHO3oKGSukpFXxV5YoGT2WFxPRk2kmc2q MQweCgBhAGwAaQBjAGUwIwYJKoZIhvcNAQkVMRYEFKJTQdVEPIApFXwBI/Dnjq/N
EOuR/McGo/RSjXfcjs/sL6H2w0MjXndbog4ih3JATQC/VbEejjL/V3VV4YNoHuE5 83cPMIIFlAYJKoZIhvcNAQcBoIIFhQSCBYEwggV9MIIFeQYLKoZIhvcNAQwKAQKg
IOr1kymb2fUSfsXr/X+zghRkeNr+pGsr2EPgzRerQuEVe5TO6Kmjj04xQDAZBgkq ggUmMIIFIjAcBgoqhkiG9w0BDAEDMA4ECKq4DtyiayOyAgIUpQSCBQAKQtkPOS4s
hkiG9w0BCRQxDB4KAGEAbABpAGMAZTAjBgkqhkiG9w0BCRUxFgQUolNB1UQ8gCkV LE6Os7nP4RaJWBuyXl27V/o6TusBRBgQoPzP+aC+O99wgisEKedyB47bAzcO4sba
fAEj8OeOr83zdw8wggWUBgkqhkiG9w0BBwGgggWFBIIFgTCCBX0wggV5BgsqhkiG 4q8UkERAsYHcEhdD2hGRCL7ou9jTtrr4RgZpa5V9CJcBO0t4bqy2lUefOpm6no+R
9w0BDAoBAqCCBSYwggUiMBwGCiqGSIb3DQEMAQMwDgQIqrgO3KJrI7ICAhSlBIIF X840uyM4q5Q+cfH1rTQ1a/a+gLglbptoEkH/4dfR3ELYiXcM5UrBYTJOHcyME8c+
AApC2Q85LiwsTo6zuc/hFolYG7JeXbtX+jpO6wFEGBCg/M/5oL4733CCKwQp53IH TXbpf7kiplTtlsrlZyU5zrWcxngrBxwFA+O85W/uVR3QZSW+EGx/VCYwGruZlNyt
jtsDNw7ixtrirxSQRECxgdwSF0PaEZEIvui72NO2uvhGBmlrlX0IlwE7S3hurLaV BvBYjsYsnC+yKYXbqL81DgOePy+eh6VX64SwBLXcWcY+NK2EZrhzrUFjl+PXFKY3
R586mbqej5FfzjS7IzirlD5x8fWtNDVr9r6AuCVum2gSQf/h19HcQtiJdwzlSsFh IVVPJhTE9o7gJA0hzvAanOluWXozD3/WPQaXhyIJDwM2MjznjL2MBydpy9K8Cio7
Mk4dzIwTxz5Ndul/uSKmVO2WyuVnJTnOtZzGeCsHHAUD47zlb+5VHdBlJb4QbH9U XaV6PX8DszIZkfI4DAz5f7G7WbwUq3IjPPPWiUv+JsR+dnqzWDJ22SXc+AdQP2sK
JjAau5mU3K0G8FiOxiycL7IphduovzUOA54/L56HpVfrhLAEtdxZxj40rYRmuHOt qMvP8gOpHOsVlXXE76c5rUcZCZD+gGv1avO7YttWqbDqLj6oQEIJ8LX0Qvwd0YEh
QWOX49cUpjchVU8mFMT2juAkDSHO8Bqc6W5ZejMPf9Y9BpeHIgkPAzYyPOeMvYwH etE0bJ5uv2njhQDhLkH/JIbmFSgJZeM8dtKHb8f5wZc2B+nXGB+TFboGzSuP7gaW
J2nL0rwKKjtdpXo9fwOzMhmR8jgMDPl/sbtZvBSrciM889aJS/4mxH52erNYMnbZ u1vKsJNqT/J/FYEqcamI2F+td7z1sGfbR9ckAcxXeb2uPVbCJ1a50gRlz9qVm5Hb
Jdz4B1A/awqoy8/yA6kc6xWVdcTvpzmtRxkJkP6Aa/Vq87ti21apsOouPqhAQgnw 5f53X7aoQQp3F3LDGQmJ+GFQ/oXXwabqn4TvNO9KDhxpGcMMU9RnugUfNU9GBec0
tfRC/B3RgSF60TRsnm6/aeOFAOEuQf8khuYVKAll4zx20odvx/nBlzYH6dcYH5MV vfrzmVKZdmJ36HOmMnLvgRakRhCV3kGABXY83hwUv17E1qASLKcAWIachkCCGpBG
ugbNK4/uBpa7W8qwk2pP8n8VgSpxqYjYX613vPWwZ9tH1yQBzFd5va49VsInVrnS yGtP2IOZTn7PsLJR1BzKnePa7MgFcgoCToIpdQnCTtAsalmBm1s480LN3GB5ojeG
BGXP2pWbkdvl/ndftqhBCncXcsMZCYn4YVD+hdfBpuqfhO8070oOHGkZwwxT1Ge6 bQvNf9TAviA0tg5VuT4/O48V6uYSJsIZsawm3tGA/LjxyfV1aLddQT5Zf5ZX9BX+
BR81T0YF5zS9+vOZUpl2Ynfoc6Yycu+BFqRGEJXeQYAFdjzeHBS/XsTWoBIspwBY K/PB4oYAFxtUpMK/aL5G1MvppUJ9CjqAtnoKE+EkdQmyZ1VoDO9ih44zuRx6XV4A
hpyGQIIakEbIa0/Yg5lOfs+wslHUHMqd49rsyAVyCgJOgil1CcJO0CxqWYGbWzjz EYafNB8ygjRHGsvPW0/M0Es0w16wzJHTuf/15fD/nH7Xh5MzhCF0CtvLn8v+S1Po
Qs3cYHmiN4ZtC81/1MC+IDS2DlW5Pj87jxXq5hImwhmxrCbe0YD8uPHJ9XVot11B i2/40O6pS2byjUFRbeCpzEpRxdv90LCb9ALdy0yG9u41W3yInKNFnaWBulfOPFCe
Pll/llf0Ff4r88HihgAXG1Skwr9ovkbUy+mlQn0KOoC2egoT4SR1CbJnVWgM72KH ZT92M1BgwJA8ZcydtiiunRNAH5iWLSPloUpOD1v6En+rat+PoyRXIy2fLHBL25aw
jjO5HHpdXgARhp80HzKCNEcay89bT8zQSzTDXrDMkdO5//Xl8P+cfteHkzOEIXQK LhABoZPgRsCiLsiNiohfyngksrQKeRgOlaBMT92J8r1E4sUKirQlcOdiWBE6vmBS
28ufy/5LU+iLb/jQ7qlLZvKNQVFt4KnMSlHF2/3QsJv0At3LTIb27jVbfIico0Wd XzyN/twvfgPNIXgR0rw6c7VhhS+hNTrsttg/xcfvJ/bftDbKm+RZL+yQoOkkAf9R
pYG6V848UJ5lP3YzUGDAkDxlzJ22KK6dE0AfmJYtI+WhSk4PW/oSf6tq34+jJFcj 5tizyMdMBlaMrpfrBxvNtMiykbZ88SYoA70Trwab2aHQluVhs8OjXGBEOqmSudcS
LZ8scEvblrAuEAGhk+BGwKIuyI2KiF/KeCSytAp5GA6VoExP3YnyvUTixQqKtCVw dV1EhBpo9HBsDZZi0IwOp5/B9fCHdnThCTiUm80eQ6mX2/DB9LlNh7gHOyLL3azT
52JYETq+YFJfPI3+3C9+A80heBHSvDpztWGFL6E1Ouy22D/Fx+8n9t+0Nsqb5Fkv m12D0ZpZNaXyxLzdiRiAdwpWZmmegOOG70yi0D5eIxh6cbnbuU6Ygdp+pFFVYHfA
7JCg6SQB/1Hm2LPIx0wGVoyul+sHG820yLKRtnzxJigDvROvBpvZodCW5WGzw6Nc vc5Czpne2OPhXX2k0Okbwawr9AfrFjIfAEmBFx5GBGr/lSiUQSkbUC/s209YgaOg
YEQ6qZK51xJ1XUSEGmj0cGwNlmLQjA6nn8H18Id2dOEJOJSbzR5DqZfb8MH0uU2H WTYt3KXPzrThJJGZnnXZRTGfIi6vp8RsnPX35+Dxe/Lp3gXDdIJeWG6XVA8t3fsp
uAc7IsvdrNObXYPRmlk1pfLEvN2JGIB3ClZmaZ6A44bvTKLQPl4jGHpxudu5TpiB coTqPkm/XGNMmOZ81KX/ReVdP+dC93sov2DuDZbYGPmHlD47bOOiA68GD64DEuNt
2n6kUVVgd8C9zkLOmd7Y4+FdfaTQ6RvBrCv0B+sWMh8ASYEXHkYEav+VKJRBKRtQ Q8MhWk8VRR1FqcuwB0T0bc+SIKEINkvYmDFAMBkGCSqGSIb3DQEJFDEMHgoAYQBs
L+zbT1iBo6BZNi3cpc/OtOEkkZmeddlFMZ8iLq+nxGyc9ffn4PF78uneBcN0gl5Y AGkAYwBlMCMGCSqGSIb3DQEJFTEWBBS79syyLR0GEhyXrilqkBDTIGZmczBfME8w
bpdUDy3d+ylyhOo+Sb9cY0yY5nzUpf9F5V0/50L3eyi/YO4NltgY+YeUPjts46ID CwYJYIZIAWUDBAIDBEC6rujtKFi2F7NJGihlmT4ptDGckray1zjr1/Hql/5Qw7iL
rwYPrgMS421DwyFaTxVFHUWpy7AHRPRtz5IgoQg2S9iYMUAwGQYJKoZIhvcNAQkU BSuc4wEGnDSBEZuE9oFnyTbrzzEtebTsXluPRoV5BAj1OQCGvaJQwQICKAA=
MQweCgBhAGwAaQBjAGUwIwYJKoZIhvcNAQkVMRYEFLv2zLItHQYSHJeuKWqQENMg
ZmZzMF8wTzALBglghkgBZQMEAgMEQDlL+RWzXUXKOK3W0+XKpnhzbSgygDPAhmlC
fzBpa2Ou3onz/fc+TPyyoXdaGpz+wocWA3g5jBWg3x8Q5ON23EMECPU5AIa9olDB
AgIoAA==
-----END PKCS12----- -----END PKCS12-----
5. Bob's Sample 5. Bob's Sample
Bob has the following information: Bob has the following information:
* Name: "Bob Babbage" * Name: "Bob Babbage"
* E-mail Address: "bob@smime.example" * E-mail Address: "bob@smime.example"
5.1. Bob's Signature Verification End-Entity Certificate 5.1. Bob's Signature Verification End-Entity Certificate
This certificate is used for verification of signatures made by Bob. This certificate is used for verification of signatures made by Bob.
-----BEGIN CERTIFICATE----- -----BEGIN CERTIFICATE-----
MIIDyjCCArKgAwIBAgITaqOkD33fBy/kGaVsmPv8LghbwzANBgkqhkiG9w0BAQ0F MIIDyjCCArKgAwIBAgITaqOkD33fBy/kGaVsmPv8LghbwzANBgkqhkiG9w0BAQ0F
ADBVMTEwLwYDVQQDEyhTYW1wbGUgTEFNUFMgUlNBIENlcnRpZmljYXRpb24gQXV0 ADBVMQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQLEwhMQU1QUyBXRzExMC8GA1UEAxMo
aG9yaXR5MREwDwYDVQQLEwhMQU1QUyBXRzENMAsGA1UEChMESUVURjAgFw0xOTEx U2FtcGxlIExBTVBTIFJTQSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAgFw0xOTEx
MjAwNjU0MThaGA8yMDUyMDkyNzA2NTQxOFowODEUMBIGA1UEAxMLQm9iIEJhYmJh MjAwNjU0MThaGA8yMDUyMDkyNzA2NTQxOFowODENMAsGA1UEChMESUVURjERMA8G
Z2UxETAPBgNVBAsTCExBTVBTIFdHMQ0wCwYDVQQKEwRJRVRGMIIBIjANBgkqhkiG A1UECxMITEFNUFMgV0cxFDASBgNVBAMTC0JvYiBCYWJiYWdlMIIBIjANBgkqhkiG
9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5nAF0glRof9NjBKke6g+7RLrOgRfwQjcH+2z 9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5nAF0glRof9NjBKke6g+7RLrOgRfwQjcH+2z
m0Af67FJRNrEwTuOutlWamUA3p9+wb7XqizVHOQhVesjwgp8PJpo8Adm8ar84d2t m0Af67FJRNrEwTuOutlWamUA3p9+wb7XqizVHOQhVesjwgp8PJpo8Adm8ar84d2t
tey1OVdxaCJuNe7SJjfrwShB6NvAm7S8CDG3+EapkO9fzn2pWwaREQ6twWtHi1QT tey1OVdxaCJuNe7SJjfrwShB6NvAm7S8CDG3+EapkO9fzn2pWwaREQ6twWtHi1QT
51PduRtiQ1oqsuJk8LBDgUMZlKUsaXfF8GKzJlGuaLRl5/3Kfr9+b6VkCDuxTZYL 51PduRtiQ1oqsuJk8LBDgUMZlKUsaXfF8GKzJlGuaLRl5/3Kfr9+b6VkCDuxTZYL
Zxt6+a3/QkaC3I9m2ygPubtHFJB5P5+s8boROSKm1OB1gsLow8eF9S7OtcGGeooZ Zxt6+a3/QkaC3I9m2ygPubtHFJB5P5+s8boROSKm1OB1gsLow8eF9S7OtcGGeooZ
JiJUQCR14NaU5bIyfKEZV2YStXwdztoEJJ2fRURIK+8YnwlB3QIDAQABo4GtMIGq JiJUQCR14NaU5bIyfKEZV2YStXwdztoEJJ2fRURIK+8YnwlB3QIDAQABo4GtMIGq
MAwGA1UdEwEB/wQCMAAwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMBwGA1UdEQQV MAwGA1UdEwEB/wQCMAAwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMBwGA1UdEQQV
MBOBEWJvYkBzbWltZS5leGFtcGxlMBMGA1UdJQQMMAoGCCsGAQUFBwMEMA4GA1Ud MBOBEWJvYkBzbWltZS5leGFtcGxlMBMGA1UdJQQMMAoGCCsGAQUFBwMEMA4GA1Ud
DwEB/wQEAwIGwDAdBgNVHQ4EFgQUF8WEe9Cn73aQOLizbwi8krWeK5QwHwYDVR0j DwEB/wQEAwIGwDAdBgNVHQ4EFgQUF8WEe9Cn73aQOLizbwi8krWeK5QwHwYDVR0j
BBgwFoAUkTCOfAcXDKfxCShlNhpnHGh29FkwDQYJKoZIhvcNAQENBQADggEBAAuI BBgwFoAUkTCOfAcXDKfxCShlNhpnHGh29FkwDQYJKoZIhvcNAQENBQADggEBAG7e
HBlSzjFLhh85KHCq/fBLkaaR8Qbc9gnpj2WqMgwWQfIBqWAFBet3qduR6i0fV5At QY6Px7WZC5vCbF5hjOitxoz3oyM+LRcSTGWoYXdmlwsNUzy31pE3dtADvevRtsP8
Ekc7GS67T7k3WOt2WxkvB+9sy5kmk7TZ+BtBfO93Bm1zrgRiiVxuU5Fc9EJp5BJh uN7xyfK6XZBzhShA/BtkkqYGiFvXDpluOxWmqC0WPmc1PNK2mHil+pGMfvnUwnxd
Cgu3et97Zt8cbuHeUfoE1pp/0ERUlP+e1M4f2W9NpmPZG1bXSViMIIhcZ8DwM7CP 6gKcHED5p+bUhDyIH2fy9hGyeOUs8nvi+7/HwBipN+nA/PfsPn+aU4l1K6qDoG/i
s47VHveVD6y6T9tA4gSnzGMZ3O0PpuBclNjqcllmUeYup5vWtCXQZDLMGI/2aTPr kwyuiWcFFlc5yE5rkAe2J0/a4+HtzNmTK4jB/4GbyI6xlUszPlEqKE+Es10Xut/y
5kwic53yJvma7phSLb0tXCYLkP2PZUKGTKSOTBi2fv2S68TFtcV+/E9oqdYYFkSF UWL5nKKaqpRRd07Pq371MpFQs2+zXt4fGheKzZU3XXrIPcAPyJjWiyU1DzpqgSJM
sQuJdp+NGywuXUbKXBY= OIp/HtXdFscHb9+Qic8=
-----END CERTIFICATE----- -----END CERTIFICATE-----
5.2. Bob's Signing Private Key Material 5.2. Bob's Signing Private Key Material
This private key material is used by Bob to create signatures. This private key material is used by Bob to create signatures.
-----BEGIN PRIVATE KEY----- -----BEGIN PRIVATE KEY-----
MIIE+wIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDmcAXSCVGh/02M MIIE+wIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDmcAXSCVGh/02M
EqR7qD7tEus6BF/BCNwf7bObQB/rsUlE2sTBO4662VZqZQDen37BvteqLNUc5CFV EqR7qD7tEus6BF/BCNwf7bObQB/rsUlE2sTBO4662VZqZQDen37BvteqLNUc5CFV
6yPCCnw8mmjwB2bxqvzh3a217LU5V3FoIm417tImN+vBKEHo28CbtLwIMbf4RqmQ 6yPCCnw8mmjwB2bxqvzh3a217LU5V3FoIm417tImN+vBKEHo28CbtLwIMbf4RqmQ
skipping to change at page 20, line 7 skipping to change at page 20, line 7
"f4afaacbb5473f360e06ac32e00188fe4173ae15c99bcf043a8b8f6e". This "f4afaacbb5473f360e06ac32e00188fe4173ae15c99bcf043a8b8f6e". This
seed is the first 224 bits of the [SHA256] digest of the string seed is the first 224 bits of the [SHA256] digest of the string
"draft-lamps-sample-certs-keygen.bob.sign.seed". "draft-lamps-sample-certs-keygen.bob.sign.seed".
5.3. Bob's Encryption End-Entity Certificate 5.3. Bob's Encryption End-Entity Certificate
This certificate is used to encrypt messages to Bob. This certificate is used to encrypt messages to Bob.
-----BEGIN CERTIFICATE----- -----BEGIN CERTIFICATE-----
MIIDyjCCArKgAwIBAgITMHxHQA+GJjocYtLrgy+WwNeGlDANBgkqhkiG9w0BAQ0F MIIDyjCCArKgAwIBAgITMHxHQA+GJjocYtLrgy+WwNeGlDANBgkqhkiG9w0BAQ0F
ADBVMTEwLwYDVQQDEyhTYW1wbGUgTEFNUFMgUlNBIENlcnRpZmljYXRpb24gQXV0 ADBVMQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQLEwhMQU1QUyBXRzExMC8GA1UEAxMo
aG9yaXR5MREwDwYDVQQLEwhMQU1QUyBXRzENMAsGA1UEChMESUVURjAgFw0xOTEx U2FtcGxlIExBTVBTIFJTQSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAgFw0xOTEx
MjAwNjU0MThaGA8yMDUyMDkyNzA2NTQxOFowODEUMBIGA1UEAxMLQm9iIEJhYmJh MjAwNjU0MThaGA8yMDUyMDkyNzA2NTQxOFowODENMAsGA1UEChMESUVURjERMA8G
Z2UxETAPBgNVBAsTCExBTVBTIFdHMQ0wCwYDVQQKEwRJRVRGMIIBIjANBgkqhkiG A1UECxMITEFNUFMgV0cxFDASBgNVBAMTC0JvYiBCYWJiYWdlMIIBIjANBgkqhkiG
9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqtHAlBNMiBIk8iJqwHk/yDoFWwj8P9Z1uYdq 9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqtHAlBNMiBIk8iJqwHk/yDoFWwj8P9Z1uYdq
1aqIuofvjoAyjdA8TbsBRGdmvaIOSQOepsNjW1ko7lE8HlDs9JHn1E+tzH3mKfn+ 1aqIuofvjoAyjdA8TbsBRGdmvaIOSQOepsNjW1ko7lE8HlDs9JHn1E+tzH3mKfn+
G2erY+alkMJTXPvMAUdCA8+e1OJ7k91gYXDpzIWrP3Kc0xTlsJ8tGJ6mhydJX3wP G2erY+alkMJTXPvMAUdCA8+e1OJ7k91gYXDpzIWrP3Kc0xTlsJ8tGJ6mhydJX3wP
0/HuyHpfKQQfDusPH8S5yidPciWuB7Wj0X4xY1pUAz2rSSAlnGvhEzKFbW43BPjY 0/HuyHpfKQQfDusPH8S5yidPciWuB7Wj0X4xY1pUAz2rSSAlnGvhEzKFbW43BPjY
XPUnRWMtXFya1djq6Eb9M/klbhdZheDLLsjLUSXYU70r9VXGM/qcjd/NhWYphCeB XPUnRWMtXFya1djq6Eb9M/klbhdZheDLLsjLUSXYU70r9VXGM/qcjd/NhWYphCeB
cqswaM5mXLYdm0mFmqoecF62mUE0DiNdhwKTtnefd0cll+D3FQIDAQABo4GtMIGq cqswaM5mXLYdm0mFmqoecF62mUE0DiNdhwKTtnefd0cll+D3FQIDAQABo4GtMIGq
MAwGA1UdEwEB/wQCMAAwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMBwGA1UdEQQV MAwGA1UdEwEB/wQCMAAwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMBwGA1UdEQQV
MBOBEWJvYkBzbWltZS5leGFtcGxlMBMGA1UdJQQMMAoGCCsGAQUFBwMEMA4GA1Ud MBOBEWJvYkBzbWltZS5leGFtcGxlMBMGA1UdJQQMMAoGCCsGAQUFBwMEMA4GA1Ud
DwEB/wQEAwIFIDAdBgNVHQ4EFgQUSrOsMVMCSZxN42554CVhlT6IYiUwHwYDVR0j DwEB/wQEAwIFIDAdBgNVHQ4EFgQUSrOsMVMCSZxN42554CVhlT6IYiUwHwYDVR0j
BBgwFoAUkTCOfAcXDKfxCShlNhpnHGh29FkwDQYJKoZIhvcNAQENBQADggEBAGZa BBgwFoAUkTCOfAcXDKfxCShlNhpnHGh29FkwDQYJKoZIhvcNAQENBQADggEBAC2c
Xm87evc/aRDWHNaO0pw12MtMnLJKmlaRna4O9oVEl2vWHYBLzHq/JBmP9mg20XK6 Y8FgaxgB+Dx9gAFj35ae1vgzYiWI3Ax3FSxogo/GzpK//LB4215oeBuKXbm0ixBn
VPdx/DXNJUXaT/ipPPZxcaK45G6SfLv3O+LicylqVEFwr974kCEUHSRimAOHf36K 4nojxD7PMlM0i+ilAvVNJNaHY9TtgIgq8V/C0C7vL8SdBN01e5ZRI764ohu9ivYv
0YY0aBMPuxqrIONVBejYvP+JrCJ5jvv8y/HFkKXJKNT3QFK/kdNiojFMgE2K7JFb Ixvvt7gzvSTpe+NUT1i09xNgsC8v19WB/BwkqMAgDqMxqCxT4fyrvVwpxNBke75j
/GATsodsBlks+ZreTXldn9kurQT5w6SvPBYyV12+/uW57wHuAIMGmaPxo7YgLTAL E6Q3xCjfdOWYcfMLK7EsTSgimYuonZjN7v/yqTdjn/iVH+agL/2MlSfiU36w/Yf1
kgBaLuyXlJ6t4h68syk0gBoynd7j6XWX5N7M8rvn0bcBOByLc9t83vlz4vhhM+Zs 7EM09uKGH/Javh+2Vjd0j8rE/q2Iaac5VI91M6xz5oDZUknycBKKinR+nJWMt5AK
rC90rHyWKmwwzOYKXww= UAaL2Mjl3YtrUGBpxxY=
-----END CERTIFICATE----- -----END CERTIFICATE-----
5.4. Bob's Decryption Private Key Material 5.4. Bob's Decryption Private Key Material
This private key material is used by Bob to decrypt messages. This private key material is used by Bob to decrypt messages.
-----BEGIN PRIVATE KEY----- -----BEGIN PRIVATE KEY-----
MIIE/AIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQCq0cCUE0yIEiTy MIIE/AIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQCq0cCUE0yIEiTy
ImrAeT/IOgVbCPw/1nW5h2rVqoi6h++OgDKN0DxNuwFEZ2a9og5JA56mw2NbWSju ImrAeT/IOgVbCPw/1nW5h2rVqoi6h++OgDKN0DxNuwFEZ2a9og5JA56mw2NbWSju
UTweUOz0kefUT63MfeYp+f4bZ6tj5qWQwlNc+8wBR0IDz57U4nuT3WBhcOnMhas/ UTweUOz0kefUT63MfeYp+f4bZ6tj5qWQwlNc+8wBR0IDz57U4nuT3WBhcOnMhas/
skipping to change at page 21, line 45 skipping to change at page 21, line 45
This secret key was generated using provable prime generation found This secret key was generated using provable prime generation found
in [FIPS186-4] using the seed in [FIPS186-4] using the seed
"98c8998652958929e889e3419f3bfd0edfe0aca15da3060dedf8a1e8". This "98c8998652958929e889e3419f3bfd0edfe0aca15da3060dedf8a1e8". This
seed is the first 224 bits of the [SHA256] digest of the string seed is the first 224 bits of the [SHA256] digest of the string
"draft-lamps-sample-certs-keygen.bob.encrypt.seed". "draft-lamps-sample-certs-keygen.bob.encrypt.seed".
5.5. PKCS12 Object for Bob 5.5. PKCS12 Object for Bob
This PKCS12 ([RFC7292]) object contains the same information as This PKCS12 ([RFC7292]) object contains the same information as
presented in Section 5.1, Section 5.2, Section 5.3, Section 5.4, and presented in Section 5.1, Section 5.2, Section 5.3, Section 5.4, and
Section 3.1. Section 3.3.
It is locked with the simple three-letter password "bob". It is locked with the simple three-letter password "bob".
-----BEGIN PKCS12----- -----BEGIN PKCS12-----
MIIYsAIBAzCCGEgGCSqGSIb3DQEHAaCCGDkEghg1MIIYMTCCBIcGCSqGSIb3DQEH MIIYGAIBAzCCF7AGCSqGSIb3DQEHAaCCF6EEghedMIIXmTCCBIcGCSqGSIb3DQEH
BqCCBHgwggR0AgEAMIIEbQYJKoZIhvcNAQcBMBwGCiqGSIb3DQEMAQMwDgQIe/d6 BqCCBHgwggR0AgEAMIIEbQYJKoZIhvcNAQcBMBwGCiqGSIb3DQEMAQMwDgQIe/d6
qDQ/28QCAhQGgIIEQJKA5kzRVm9d6rEwC/0RyBSgpPuSROUQTjspt6EhBZlgHc3u qDQ/28QCAhQGgIIEQJKA5kzRVm9d6rEwC/0RyBSgpPuSROUQTjspt6EhBZlgHc3u
FTCPaO5P/vpeWaCnBRarGFn3DmqA3JT+59bmRpGdiP3Zrlk2EbHi0yrd2P3UFDnX FTCPaO5P/vpeWaCnBRarGFn3DmqA3JT+59bmRpGdiP3Zrlk2EbHi0yrd2P3UFDnX
qRkkI+7pf6eOHWJRniS1APVXnfNqNyqgdbaTq+jPJF8C2oQVWhddDKphCLtw2WFD qRkkI+7pf6eOHWJRntJA+KJS8v3tZ/hpiEKAEav/Mq0IFNFyEiZpCkbKCX5auDb1
87Exe6LcdcON0T3jIR+GA4hESmgBJrYRqcYmUH1ycbiJLaN2mzB5XYZay7yzB7id p5c3J2MNg/WNBfpGJUHKVIzuIF3H+8LfFgayRsDsppoUMffR+GmdL8nxLiqhraHD
sFUvVg1rsxHtadFsKVsu3socdJzkE1sq4dFbuwtOe7VwWeWN8Q0O5vJY9cnao94j +Iqr3LpEroNi/iZQWUTFTUlaePf/2KMqaHOuy41IVvcH1jIcLXHGNa66S8AP/Hj2
X5ylNcl1DkrD9vuyXxDlvXciqVwLj54SO+MplCak0motOeMDv+W/h8fWRFm9HFVy TJPPg/lve76DVaGdEnx4QJd4pBFQac90zmhxU1HZrvzubK9t4e5lr80wpd2djvZK
dXiIS3iIzUMjjQR238260aRZph+KM+KDIRtBtDJ6sMqYqoyulviw1uk1lMlUOEzf wSLzUgtQZXq8pSs1r85vrb3KItdYGF6SZpX029FS7rY3uYth5SYVUQWdUYYY3S0/
NZosWGrOsSEd0KQnIDMIz0P3j0E4WzLDih43LVedYIQCtZ3qiDX/qzBZenHr43Pj nsaLg4MCWUO4Sh7nYJZl5Ijkk9LS7JhmwKvizHRRTXbLyRDH06e+jCRgLcU2WSUq
f1DzUqrB9ODH+FhA7i1yfLfckMPn8i0Q/DnCJvgNDhOEqDdGeccuF+HbTHENKv/Q 1bEr9Jy0ucK8zNPTf8HWBTS0ubvy4JfO3mVp4REX/8ozXlLztWGblFGbyaJ9Y4ga
5XmulWIb8IwLXFMgvLFej31M5Evtgq4tct7Kz/W4ABCMbyUs2KUhjILGwNm0eqUW LM3JpKxMtb1UTxoAyj3iFwGlGZFGKBlWplr+OdkKkC4dloFE22IINfLdRNLV9mPO
xJXhlWVtAevnNHCMHUHeCTdPgdLWmlKCIezyvsx5u+pM4D74hZXMu6mtRT2WoijH aGZhsDheB8iVOtN01u91BlU68Q7AL1ryXWUSjouKGRSU6uMDLZ7rw0wlZC1m4oLG
enxuadehCL2McCYkLeapyhPJw8oxNQcbqZi29nBVyW6cOdokaLkg/CH/aCdLkV6L BF8CmO4ELmbOci78fBs/qDXlf3BJazcNtciamEsQPYRGkHASBRYtoDfVy6mTT40o
zMRHuKtbgXYZiAdM9A+GYJ/bOC3NARnG8GWLeccGhUJsYdAouqNfQgXp9yd9VOsE obdrZigcvCwttDBu7RtynAQVZ8DvKzxFGhe2p2Yc9H5A5ML7IwqNtYzheduBAQTE
muiJDcunL0qS8a+np0roTdo16aDwCFcHvy9N+bmlgOF6qtA2xAips2tzXFi+cS3W jAU2jMqwnZN5wULEnH2TF6KAQNrKdtBYMbqkToKgxf5Zf+cJZbyQq7WM6nVfOM7g
T/pKtwjcB0s/MeMtvFBXzdArN6GWGx/IPHIrOYTJH/H6qAX12s1otCsEqi0mua44 kcFdeHDn/CWoSNHI1+JA3wSDM06zkU5HMd2MpT1RLTSaemImUKCAGYieJmwNQxR9
JmnlJXUzMuO7X7yS/CF15VkkUMPJbCRfor7pjXfQuOIYPSo9pMhHndBPnBLq9AzB aYHBBw5BNBw1XRB7WRka2Uah0Xq/wAgaI/o9L+mShDRFJjFi+t8AV3KR0WWHg02O
X3l2TNM4SIklZOzaSDzqj5bvDACn/O6Yhr+w2NATB0TV4p1vGI3aHHNuZPV3BPsU 9qchX7P5H3Sy/tq8yUQIol+hRiRjkfi9qy6AxIRttrK4WbW4scUtBZSkg9uFkTVU
SmDHe+8fuFX2ipzo5tjoh86lNdIi0q/ouWup/k/1ySOUrcJVHP+i9nPtNOwgPIiv ybnV6WvBpn2SrnwF/E1ueKARVmouWJ/7fiLJXk6wVvVtuBZw2gE5QGfuCwq0PQsC
z41RohJx5dnGnYIvcjEdsTfVOfe+SOS8cGZqGvO3nRWnUVwcIC9RTt3/6S5UXPbJ xPx8MhNl1KZYDVCGsyUr/LMHeKNc31S2HLGQK7kh/o+QQazafiJocQ+kRbS1VX1D
ATLk8SR6ALFI+J/SlNBbVxiYNm+xEoRIqkGormxFjay3h3+G7KGpQ7uN1L4k/AT5 nQlIhz4zvKsBgzHpoe3wQcfAY5sp2ubepsZ5T/YHkmroBmvA4g1vi7nlCetgxXrh
0J7AkYoU4rziF8Ze00UGuzMB47y0ZaIM7U/xfUNAALH8ucmLYQI9TcJUCXPOSD63 2V6OXvaZ+BnfsYxJeUZGnNMNEDFlzS7xB18ojtT5JN0o+9tLsdikdikl69IsVv+2
q41tXO/LyGeJgy8QC3vWOqbCBRLHscGvAJz/NDBh4+z2r9XMT+1UXmWcJ02LQg9O eCv9Go+wh19cSAL24rkzdKVuiIAXS7tzel3eWGjdKoq3Ke+tfJtobSGrB39xgLVr
qZYBAxKOOsNpdwxSul5V2JRDRVtj0ps6Ac2SsXznnJFMRRMaXtnNH7JXqXB7MIIE 3ho63hd+qTUyjcAhVL3hAJinv+/KT0jR8fq+CDsXMnCEWugHhwB+66NOr876MIIE
bwYJKoZIhvcNAQcGoIIEYDCCBFwCAQAwggRVBgkqhkiG9w0BBwEwHAYKKoZIhvcN bwYJKoZIhvcNAQcGoIIEYDCCBFwCAQAwggRVBgkqhkiG9w0BBwEwHAYKKoZIhvcN
AQwBAzAOBAjiGuDSkfG4UwICFLWAggQogyL08hPtUl52dkO+BVimcGXW3FmDrT0D AQwBAzAOBAjiGuDSkfG4UwICFLWAggQogyL08hPtUl52dkO+BVimcGXW3FmDrT0D
gU3Drd0P76KzYzd2lLuGb9dx84wx0XnFIXeBM4F3QSDbCK4tOuJ6JRaEeUoCAyZd gU3Drd0P76KzYzd2lLuGb9dx84wx0XnFIXeBM4F3QSDbCK4tOuJ6JRaEeUoCAyZd
XyHtLjVeuozt2xHBDUgQVEO1dZHtk1VUbRX0LGmGnaBj/d9AQs55CH+IveZc10hC XyHtLjVeuozt2xHBDUgQVEO1dZHtk1VUgzLSCha1rXjcwpa4+8xqqoVM3Cl5uBh6
gDVi767NiMeje4PvFQy2l4GBgkM18d3zS55SmhM7EkTpbkxWD33pZZKzM56RoRXD QLUNey8Z3YlKlk018Tdge6OOUrg72BPKppNfJlN4TnOFwMVMA/qHAJl4pL1YDpmc
LB9oL44NzghfRwz4m4dqS3M2+u6gr21yC7vztnLZChU6F8+huVa1FZy7vs5BPIKV 5BZm4tMg0HvPiz96uwjEhw1GZFGOgZIogeVJuqCNiZPDjCFEDgnCw6sciS5Bi+dX
7jzoo8GKXicKiu0IFolgBbVJ3qDrT5HQ996EPdVFex86GTOpXo0FtK3D3I1yA3gi Km0VUdamSr93e2eEPLbzxZR0E0A3IcOj66iHuZpU9YhKzsAIhLMxT8kF81I0ZZzj
ihrW8QOzf9ASjDsnjzSJgg2WyvQcBYPXsWb8uI9ryL2xJpdwMuuYR7Fnq9e8HyHd 8N+P1hnkjdVWuJLg77pkXxQJyvuT0e2oc9r/DCHjckneen3+E66IKsYbib7sX4g6
Gyp0CkXW52oPPjuUIOwuJH2Amucwba9Y25OgVdT3ScVMCMkVAcwNA2fA7cRR5z1O 2oFBJs+7xQopy69pC8jCn3fx61t7AFx2RIvuVHY/eU4sXoWkJNqQ3Vxj2SPWKjzJ
V4fq/Kgy/dxfE/6s2XMhK4Ff2lLZv8W+3yVqczJEI2VNrLpbS/nTJzNQ0LNIuA87 4IIvWVxIFiQjjOtDFdGYPGukJXn62Lbb8CFgam9s4jDKnr0LHIngVeUIgi4wkvva
zyTRTRp3NixJVEOrMm5A1TI0MHOg8SHO061iLOMxSN3AoniUFWOCkSbujLRf82ju QzZTzXfUApezQgQqy4x+ogdiYF1UOa0OaqvrGRiiJlMdRi0/MDy+jzkX5cULhxkF
iXENwYgIHx2nz6MHiSgR0DDytDN+vhy0NZ9cJuvWnr9S6hqBEH6AsDJ/5mBs40ek vdBNCirv+3zBaiJ5Eu6q0zP5Cxi2qXhSbehZqvTPB4dD/vu9yxHpZmUCvzm7H213
4lZYErGQtscjhHypRB7y9BJfKnKBHDkkpqja273rv+2lZEnXOWApTKXNJ8ixWuBT Tdrb9WxHOc92ZpBzsfiCA1smVwTDFVGa/kqN6noPw0qWZANIk27/+apsTkBYaVpa
19dKx+ui5DsA5a5Dqi5uXtxpBHZhdRUsivKfvJN3/f8GxhTINgsq6fUgQXrs/aL7 jpfn9eydi5eV2+pEQV08fh4OJfiKbHS0l2E3Gp/rPm9lVgmCmjBWh+Di1k4qgF/f
ZznlKBMOFA0eaY5LYlkdOdOVsHskKcn+yevBvm3XPjPXyzvwSPjBIhMM2Sf1UQOr lsxWgzXNOxPntpohnM6AZDxW9Sk+BElDLYS4WFwUg679BsJG6hQqAZKvG/8agSH2
HnOey0IMNK4yz3faol8juOtPEEMdDCMRpgw4xqFTY+HOU5FUyOUb9hJaBUCU2O5K k+TKKYUbXbFVCB0+iuNZIwgf4qxGzvI5+Iok+OcxuGCqwOu30QbfECEG01QbKETn
8jcOcPm7PRWGmCKxvNFFI9O+SvTQ2P0TN4845C/pFbefambcODf2q5WG730QMXC3 ic3kMiZ5Cxt7NQSuyEYAQ/AmvM4qo0x7Tw1r7tR8BcAEF6fGxd2VXIV8Tr/pXGO2
ArXHk3NrBs43djkHk8A+21uTlVfoNLBbuASzxdek/m8YQU4li4+5/nsQFB2tBy/y HL+0iIHs+Ob67zlTHr7wUB4tCp9LC3IIWdsr7KcSRNEMXpUIFI0etCjNgCU3iT+R
b1q3yiaxxCQ8zPWCdcQJir56qpIj5jYzD4IZDITPlF1G9Vt/2ykmEUerRhxD/uar 915215OfWNGxQfaXTEyMVNaT1HpwihIisSb9QHbagaRLbYmqJ+ILSECADYQPEWf+
MHnxQRySYCK5/EBeil4MWl5T/PlZ9EWjgRGdwwk/XY0DPSuaAwgixbApuillyxHq LTO1tcOhkIb6BiwVWUuOOqNj6ILJM2XvmknATyUj9MYcd77xOJzMrJE5VtaM5BVT
dPWViQbhs4Z1dNbhhiW30brcQeJ8UJy0h16yaBXHGoLaeZW2C+6BJMu1Lwgvgfjs oRpcOLfhYOmihceGSEqXX5golkqfLUze7zlslNWMYTTLw6tC6I+c/IUIWJnZT4m2
zjd68X4hWvxwEhtLPRw9YYVqBf90wmI2N/bOc77YWuRGmyWSYtB6kHBBEWD7jzIy RbTQ0krfPn94zbTjrG42HS5+Ke3ySV6Fv8MZ+s93yY1v9iB6cVPEUteLRc+C7e7t
DUyF6xTYl+LGT/Hii/wYypsYyF/weCSnYVGFipKDrEl8wwHldK5yfgsiwqrQcyAG lw0bQ2+MyAkjenS5Td+3tC7lR42O2CSfY2SaOsRv+EaYjTGzf9F3TM706o5+VZrM
R3Gsm/fJbIBFgqCkBSz2OKZofvkT52ZJo+o2LdvA3wkwggP/BgkqhkiG9w0BBwag gtIKtw2okRcjRhaKDfhui6jo46YYzWbrgOS3vzc60VcwggNnBgkqhkiG9w0BBwag
ggPwMIID7AIBADCCA+UGCSqGSIb3DQEHATAcBgoqhkiG9w0BDAEDMA4ECEyHXPVs ggNYMIIDVAIBADCCA00GCSqGSIb3DQEHATAcBgoqhkiG9w0BDAEDMA4ECEyHXPVs
ncxTAgIUQ4CCA7j7eVyD9inewNbLNe/S00qi9VdBtXZrqiNNg3yxJ7Vuitpy7G/T ncxTAgIUQ4CCAyDSBlYeFnsa4vtKApbLnd9FENDYeYqkKmj0lkDagMqHC22/nQ9v
uCBfqZ2D9A1YHVvL+8ECumxTKMnC21vxPlMVGRhHAi0O/XYIW/bzBT76Cf5AFXFx gz2lOo5FQJoaJx/WSorQt0Jny1QP9vZd2t+bkfoaXOR0MtmFY5SOtYEudJplrCz+
sjXgd5n0QQLf3uyMbCUNYB9GLN1sqZ4os+VeG5/icL4CDEpeVdKggR2UywvpQV4q ZEw8JlePJRP0Q3lnwEiSk5NnXLRWNzurIeuyZEd1VbTvi/rF22sRWlmU335L67zj
CcTnABwekbTvBWbwpwme7miK2o+fNKIaxmMnVimqQLw8fB66WBqIJSaTcZhnnPuQ P1sPeXkBpIYCPLHw8E4rkaC8G1ko5wyrnhuqL4ItzhvOORvgRaDflpP9WTj9LVUv
9S4BMq0dSPrk4XRHuBkgYoo5sOvImGzgPQkIkjOpxsOliKpbn/3K4TQwPGh1dSgC FD5D59zgb0ptaW0jIw4JplIGXIEZIynW4KfkWy2YJvsXiuLHvN3Z8qL6VtxNGk1s
OizzfMGj9Xf5dG2GxCH3/qdmVw0hszIo+KOG/ULmHwAjI4jY6/najq26bzblYRki g340uKkUUlzmtDJqGT9RVkoYBXxN7KYesbSttONhPwdv/MxHrEo8TGHZAvbmwgft
k+cPy29AWHfYVFEuu5Q+sVwE1gwAyC4N3sK2k8ImesVldAAxu6q3RJ8m++CGlTW6 hOUrc/WVtUopPEs4QgrsA8d0MrSd5lVtPW0XPsBPEnLuh7dqAlmgztYlP4Yztk2/
Df337ADOj6u01Ox5zEKlZ5vDudajdcktuqgRkIgB2vabF4M4B++nnHfQs0bJ5T9y JJ+E4MosmhRjbKzM2N5WuGlDC5m9KF/5JjNVwQ7e8gMeUv/3gizgCG/4Mgng0VGG
uZwtWabXSMdaparAutRYPrhHz9EiyKmwDAMV++OL1NqMyloDeXb+1h2Z/DqdpDTJ IxGzzBoQXPWCKdT3sLQVyt4/pqPBpZYnP09bmkkY/UIa1unNB+WWpLOkKSzD5wRv
8zB2OIMoA6tEbhosiF8FKxzB0uBDWWGPbABKlilM+7ZRHGkw7fp14hKIluywaehh /2xmNO2D37DnHwTFYC51ZblKz7FGjOgCwG95VPc8NQ8aG5rqpQ+muq/Jil5mXgNw
hmmC7uznApUqT1ZvQuH5eGKnLZxn/BpVh+NnV5q9tGrFJ4KAgbu1AP6om2CsloDg IDeM4bawa01UKEzqTGQUb3gsJMGiVOhgtOrBiO9Kx/2PJolUuwZGcbo4oGSVR7KH
pc7DJ4cyyx3AckJvVaOVx4KGl+iN7DxzgRG8MzgR+w2bRzHTd7QuopWRRn3oWqzX lLgIuC8aIQDyFURVYRCNwOw5U7JN5arkvZ4ty0/qk5UbjxQuDkF8o6ZdViO3l0Do
I/6YrPNjW+bvVchMfeddo5hLD58JvNaK//QtfHQb1DrXCXA7Fs/wG6Ta9gOrbklj C+6zvncDx4HvUd6uQ+u/kZfr8qfwM5o6D2qXhS/ZHSkq2xwIzb47uUUqaeg3yOZJ
GbB8ClspBraxYp3MiUPIDkzw3YYmTf/P9zGhw/nwucR6sguC165NWkMYcOASjcyd ++na7gC+ibtHXXnNsHUvPbpCn9qViFhzilcQZYq0tZxDKa0E/pzEP/IA4IG24wEL
+7A/Ni+O7DZ4T0wF1SPH9Arbls4SNCKGPKAQhBWhZDN1nldrWboJEy/sMHAg7pyM GnyuUIHXBS9T0MchTxl7BglycOPRDnFKzMQfUXY1rAErK76cs3y4VQDbfYDiOzsa
rhI7BF2c4DicIVcYUZ+dK36vRJ7a0V0zlAnKFAAyClw9k7mRml61z5RthyK55Nkv 1qqMApIX4i/qKFdRvDuLxtZQbVA/rNumm40LPUQ5OvEngIESA74G+//YQbVjbMjP
uXH5UCJZMgv7SAU3+ExQ75pmV8mM9XKrkHorkrXmGcDYvt7oRry9UcWHc8h8srVM y+hm7/15q5LRo9YxCS49KGlz4NG1QMWjnfkpOCNVZVpaQ7TPGOIYzBL6kTCCBZgG
CZQKoCSv8C2L/E8/7pjXl1sn6YL+kQ2ACkV8Jw7UXHWyEf0XWf/R7CV4+jeJVizQ CSqGSIb3DQEHAaCCBYkEggWFMIIFgTCCBX0GCyqGSIb3DQEMCgECoIIFLjCCBSow
cGLsX29O0lGeJjDyHMJA1JUFyc0Uc0F9lRsTPGgrrTTo74zMoLzstSDIGw5k2d1n HAYKKoZIhvcNAQwBAzAOBAiO/0ICbTbZLQICFOwEggUIFwT/JI8UjJQPfYTFonJE
Mka0MWXO4B8JDDVDdAckUwz29cuzLg7m2AbU3dPqnVdO4ALEgjokzVETnTH2/odf o8zEbpYWXKboqw6/zZsMGmAnUPgQNQDxyuLVprs5jUc437kVB2M3F0x8DjmEppeb
s/ymMIIFmAYJKoZIhvcNAQcBoIIFiQSCBYUwggWBMIIFfQYLKoZIhvcNAQwKAQKg tHfIoyjoXF7jdnA4EF38tsso0K1nMPmSgl02iYZtOqsOvBpfeO5Hj4Ovhi26J9Pz
ggUuMIIFKjAcBgoqhkiG9w0BDAEDMA4ECI7/QgJtNtktAgIU7ASCBQgXBP8kjxSM TwPcgl3QQPqfWv7CwgGVn4/hntBAriPSE4gAlfAcqkxtJBm01QwDoAdsOKOMsYnt
lA99hMWickSjzMRulhZcpuirDr/NmwwaYCdQ+BA1APHK4tWmuzmNRzjfuRUHYzcX gWajpr1J3Hm+34NPL04Usf1OpcesPUJ4CBxNyLXxjjsOzD78WVvKY+N+j89xTsyt
THwOOYSml5u0d8ijKOhcXuN2cDgQXfy2yyjQrWcw+ZKCXTaJhm06qw68Gl947keP z5Y0fEkFqrcl8pgBQxH72jBwSCm5YwHz3BhWQgr2bpWJ1f2LWcVsnrN9tx6RhQtA
g6+GLbon0/NPA9yCXdBA+p9a/sLCAZWfj+Ge0ECuI9ITiACV8ByqTG0kGbTVDAOg AkcyNgX/ksp5EW4JTo+o6oXLRhXIYauRrUrisMY++b8ZJTp6C1t0RW2QdqgMZghS
B2w4o4yxie2BZqOmvUnceb7fg08vThSx/U6lx6w9QngIHE3ItfGOOw7MPvxZW8pj ZgaW6FSC6Dy2Dd/ezdkYUCgiEtq8eSxF/8WDw6Va2iGVSNt4/p/OJ97yN5yOJ0K1
436Pz3FOzK3PljR8SQWqtyXymAFDEfvaMHBIKbljAfPcGFZCCvZulYnV/YtZxWye g0hATebU+I3E74PQ9RK84FfJvyHDBC6fvYZW/ouMcgp3YmAF+dTm74Hq88X4daV+
s323HpGFC0ACRzI2Bf+SynkRbglOj6jqhctGFchhq5GtSuKwxj75vxklOnoLW3RF /UPYf/cVpyiwcBTg6H3jrkrs0yKoWLIfrIvMNBeeKZ+fl2Enw1MFzkLI4VGD/UeR
bZB2qAxmCFJmBpboVILoPLYN397N2RhQKCIS2rx5LEX/xYPDpVraIZVI23j+n84n wrbhN0SHkh5lIGtu0yRTfq6msYQpkw+jr7QwJIdQyrAoaaVaRotVyvgTOLlHw8r6
3vI3nI4nQrWDSEBN5tT4jcTvg9D1ErzgV8m/IcMELp+9hlb+i4xyCndiYAX51Obv o7v36yoNov3kDPW7DfbSVTWX5lIyQn8NqMwa4N1clWT8ukfZXSaYykFSqF3w5zal
gerzxfh1pX79Q9h/9xWnKLBwFODofeOuSuzTIqhYsh+si8w0F54pn5+XYSfDUwXO a4iIhu03GjDcfiWLMUlYVAUcvSmcIULE1oW7FKiJc8OadeIu0JBySRSEvf7B3w8l
QsjhUYP9R5HCtuE3RIeSHmUga27TJFN+rqaxhCmTD6OvtDAkh1DKsChppVpGi1XK eYUs+u/h1ptrZZKhe1JdAtlszvHJ0DD0kMqA6Ig4yomscGSol/sRUqpecIQwVZTC
+BM4uUfDyvqju/frKg2i/eQM9bsN9tJVNZfmUjJCfw2ozBrg3VyVZPy6R9ldJpjK RRq9dJOFJkKhKD5Eo9E0Z2snp01fpUF5qlMeBjpYgkX7jhyFyvq+qDqBAY8izvkc
QVKoXfDnNqVriIiG7TcaMNx+JYsxSVhUBRy9KZwhQsTWhbsUqIlzw5p14i7QkHJJ ruE69WooBVyorqKHURjWtY+rhzcB4+HL72wZKzLnY3iUjJ1UANxM8mC9fpD1NJt/
FIS9/sHfDyV5hSz67+HWm2tlkqF7Ul0C2WzO8cnQMPSQyoDoiDjKiaxwZKiX+xFS 7epqzPyZ2Kd4GJVYi8sQpFKf4tRHDr0tI5iUB78qj1EBp1w4qvRn/jC4ii7+Bas8
ql5whDBVlMJFGr10k4UmQqEoPkSj0TRnayenTV+lQXmqUx4GOliCRfuOHIXK+r6o mz/AJ25QeviC44Vj+eT2YYXafDivrmoeBuVMIBbD066YnuBC2CeKydNWdiARzc3I
OoEBjyLO+Ryu4Tr1aigFXKiuoodRGNa1j6uHNwHj4cvvbBkrMudjeJSMnVQA3Ezy fhcuhVwq7riotYfyDqd4e0Jy7Y57pbwv4Qwz1yCxRjSwiFQ7/fRa2Cx8xtxKcC/A
YL1+kPU0m3/t6mrM/JnYp3gYlViLyxCkUp/i1EcOvS0jmJQHvyqPUQGnXDiq9Gf+ 4LGnXAKISy+uNbDWA7AYaP6RmGgMCaNiXy3F1zvxnE3bv68tXRF9vjuEChUq56N6
MLiKLv4FqzybP8AnblB6+ILjhWP55PZhhdp8OK+uah4G5UwgFsPTrpie4ELYJ4rJ 992qhoBuHP0J/mRItw+JoI4m/OFnEUGT3bNyxpEFyA7aXBE91aQdSXl4a97nC0/R
01Z2IBHNzch+Fy6FXCruuKi1h/IOp3h7QnLtjnulvC/hDDPXILFGNLCIVDv99FrY SFH/fRwPFYgxr3XdCIf3Cw5PDs25YNsXWCsDCVejWMFrwOzmDwa8sBkY270+rGv7
LHzG3EpwL8DgsadcAohLL641sNYDsBho/pGYaAwJo2JfLcXXO/GcTdu/ry1dEX2+ 6qXvb/uGD3M2C+DySVy55Zd42wjghSezgY6taT0tqKfLOS6Vl4ELU78Q6va2o8Ml
O4QKFSrno3r33aqGgG4c/Qn+ZEi3D4mgjib84WcRQZPds3LGkQXIDtpcET3VpB1J cUdi343tOi60MZgCDUwPP8TjKZINh8u1KNhzgpwNLz1gE0dd200l3bbzdZ6uio3R
eXhr3ucLT9FIUf99HA8ViDGvdd0Ih/cLDk8Ozblg2xdYKwMJV6NYwWvA7OYPBryw 52WQWRCk17Z9lUesCJavytcAi0mMefMxBPMOdnUi6O8TPDRA0mcohbE5rybwDXAo
GRjbvT6sa/vqpe9v+4YPczYL4PJJXLnll3jbCOCFJ7OBjq1pPS2op8s5LpWXgQtT B/VUbwgM0/qCpZ7VcSKN1lUuoe9+Kho0NK/gyMEvntMxGNNI8arV8UkeFollPhrt
vxDq9rajwyVxR2Lfje06LrQxmAINTA8/xOMpkg2Hy7Uo2HOCnA0vPWATR13bTSXd umvdwqbVCeN8TBj5vXo6Hu+eKB7AVwjBk/rRHpZxnnVGXbm8HzM+kjib2cY1dius
tvN1nq6KjdHnZZBZEKTXtn2VR6wIlq/K1wCLSYx58zEE8w52dSLo7xM8NEDSZyiF VRJ/1+Q9GXuo135tQbobgcMzAmqAqZp9kDE8MBUGCSqGSIb3DQEJFDEIHgYAYgBv
sTmvJvANcCgH9VRvCAzT+oKlntVxIo3WVS6h734qGjQ0r+DIwS+e0zEY00jxqtXx AGIwIwYJKoZIhvcNAQkVMRYEFEqzrDFTAkmcTeNueeAlYZU+iGIlMIIFkAYJKoZI
SR4WiWU+Gu26a93CptUJ43xMGPm9ejoe754oHsBXCMGT+tEelnGedUZdubwfMz6S hvcNAQcBoIIFgQSCBX0wggV5MIIFdQYLKoZIhvcNAQwKAQKgggUmMIIFIjAcBgoq
OJvZxjV2K6xVEn/X5D0Ze6jXfm1BuhuBwzMCaoCpmn2QMTwwFQYJKoZIhvcNAQkU hkiG9w0BDAEDMA4ECCNi2K1bMEiBAgIUdgSCBQDLIXo4ExcyE8+4aiZIj/Wnh/SV
MQgeBgBiAG8AYjAjBgkqhkiG9w0BCRUxFgQUSrOsMVMCSZxN42554CVhlT6IYiUw VVR0n7s4PGCbXt+VrOHd9YzTuUicAqIcHH62dv7NSy+fgqZG7SmVR1IodadFe+5u
ggWQBgkqhkiG9w0BBwGgggWBBIIFfTCCBXkwggV1BgsqhkiG9w0BDAoBAqCCBSYw sAzXoyyhhEe2c+ToeVbr5rs+vBvQUyh6X5XTV5QVOAkwSyKGjyfdy86x1Q8cL2D2
ggUiMBwGCiqGSIb3DQEMAQMwDgQII2LYrVswSIECAhR2BIIFAMshejgTFzITz7hq BM+Rpkm1cFtjgWcB46U6S6w50sG7XOKSCMI4a6rnHPVgPPdXMrj3VSPJY8bhBqED
JkiP9aeH9JVVVHSfuzg8YJte35Ws4d31jNO5SJwCohwcfrZ2/s1LL5+CpkbtKZVH PVTnfSHf/wKZrIi54O3F33B5jt6Cm9+9m9Fed8n+81w59rRom72CY9Xii/ULER9T
Uih1p0V77m6wDNejLKGER7Zz5Oh5Vuvmuz68G9BTKHpfldNXlBU4CTBLIoaPJ93L HwjxOZOQ+dIml23KauwexuOGjii0UR8MeM/A0n7UNys+bZTulgdpWW/mDhJ+eLAT
zrHVDxwvYPYEz5GmSbVwW2OBZwHjpTpLrDnSwbtc4pIIwjhrqucc9WA891cyuPdV nhJw5ro/AWa6YVXG+t5k9LjdJ1ZmqS4bJxvBwilpEGoh0MM6Yp0dr1XM4mT/E0JM
I8ljxuEGoQM9VOd9Id//ApmsiLng7cXfcHmO3oKb372b0V53yf7zXDn2tGibvYJj WD458Ngs05CuCpwAUXGdQmgrVsFrrV0HTyHeVLDhe43J3GI6HCWJVOeDQzzmaO3A
1eKL9QsRH1MfCPE5k5D50iaXbcpq7B7G44aOKLRRHwx4z8DSftQ3Kz5tlO6WB2lZ M+IooRDkTHnJMaxUXphKTag5+f/smNYEhzVjZeIc8GFZ36eSI4BNGHSXFACwLu2T
b+YOEn54sBOeEnDmuj8BZrphVcb63mT0uN0nVmapLhsnG8HCKWkQaiHQwzpinR2v hkzpXMmg50JAUhBYxqE/fVevLUH4JPLgz869wk8gRlUBo6ihQGrnsx7ZO5IsYahE
VcziZP8TQkxYPjnw2CzTkK4KnABRcZ1CaCtWwWutXQdPId5UsOF7jcncYjocJYlU Yjz0N05PVPJYMLSyMovG9i+LpzQ49gIBzPu2fdLR41u5n5O5mG1Y4aJ7OCJxMORY
54NDPOZo7cAz4iihEORMeckxrFRemEpNqDn5/+yY1gSHNWNl4hzwYVnfp5IjgE0Y hWHuctHdGdpJsgiq8+1iiUwmfyCfb0ZL3ePMU+W0zkAsyn22aK8jDBLLVZlvOZIV
dJcUALAu7ZOGTOlcyaDnQkBSEFjGoT99V68tQfgk8uDPzr3CTyBGVQGjqKFAauez qR3Gx4QFPSk6qCMQ0E58VkMUMxYvClzTwSeEMu66eND/AKTE+XXV/d9bmSmWGk7Y
Htk7kixhqERiPPQ3Tk9U8lgwtLIyi8b2L4unNDj2AgHM+7Z90tHjW7mfk7mYbVjh 8XrDKLKfmRdrlIeondVJv5mk12YKxBPQGeUqK5XJUa2dzH9zvfEX8iYzdt4281QC
ons4InEw5FiFYe5y0d0Z2kmyCKrz7WKJTCZ/IJ9vRkvd48xT5bTOQCzKfbZoryMM iXJ3qwmbT+8RoOLBt4KyOs2e2ZSZnjrL9OO4oUsHIOyEfjwnWoLhKbkmun8GJxoB
EstVmW85khWpHcbHhAU9KTqoIxDQTnxWQxQzFi8KXNPBJ4Qy7rp40P8ApMT5ddX9 2yCzTawVQf9/qIUXaSzcp23AV6Lf1k9Of79HYPW3cQJAtjf6XBVE1xVZPkfTuC3y
31uZKZYaTtjxesMosp+ZF2uUh6id1Um/maTXZgrEE9AZ5SorlclRrZ3Mf3O98Rfy VLufljs2ed/ctpHg9nuId/xHFH7t4HbmU3/ZufE1GHnsRQ3kbnqA5WXerd9UzeoD
JjN23jbzVAKJcnerCZtP7xGg4sG3grI6zZ7ZlJmeOsv047ihSwcg7IR+PCdaguEp aVDjFXGrITp8env08GXYvwWGXLL150l0DuJSv1E+1yww86SNjBYUTx0r0CJjjTk2
uSa6fwYnGgHbILNNrBVB/3+ohRdpLNynbcBXot/WT05/v0dg9bdxAkC2N/pcFUTX 7vIUhAYUEA+J71IeifqqPDKYXnrCdUEajbfEdek30WiLR+ChEvEp48Mla6UVTLm/
FVk+R9O4LfJUu5+WOzZ539y2keD2e4h3/EcUfu3gduZTf9m58TUYeexFDeRueoDl mjziwbsxm5QlGccmz13e32RiyrfseB+RyllmzeJtydP2IHkWK7pww9yOlPK0QtZs
Zd6t31TN6gNpUOMVcashOnx6e/TwZdi/BYZcsvXnSXQO4lK/UT7XLDDzpI2MFhRP 66IGZKqeXrWBk9QFYDX42gAy/xTfglco4KO7akhp3UzTIQyTXnt+OsOScc+ArVm/
HSvQImONOTbu8hSEBhQQD4nvUh6J+qo8MpheesJ1QRqNt8R16TfRaItH4KES8Snj dwClm+ZxybtOcVyadjpKWydyfAr3aTkGxX6RmHrEWr1R9BnMGPYesDs+yeVNs1Qd
wyVrpRVMub+aPOLBuzGblCUZxybPXd7fZGLKt+x4H5HKWWbN4m3J0/YgeRYrunDD Dhff/bQLwCLXdGLWwLe6kitUiyi8F3bdfPjR7R61lEUvJrBm7YLmgdxRCJ02LFLG
3I6U8rRC1mzrogZkqp5etYGT1AVgNfjaADL/FN+CVyjgo7tqSGndTNMhDJNee346 n09iSMNe5vmiNaKiuzfb4Dp9dqEMhmJfdsTURagfJIyqULoe08EIIozahivbzoWV
w5Jxz4CtWb93AKWb5nHJu05xXJp2OkpbJ3J8CvdpOQbFfpGYesRavVH0GcwY9h6w A6oPAkk2D8DnTiMegX4IZ/Zb3LPxJKAeXO3Ys1YQrNSNZ3B2ZISBapzGzhFZfRVz
Oz7J5U2zVB0OF9/9tAvAItd0YtbAt7qSK1SLKLwXdt18+NHtHrWURS8msGbtguaB POmXhN53pDhlxkw0btkKblYA9CvP+kzgwekzCy/Mlq/HbO38CV1NKzay3yg4nteh
3FEInTYsUsafT2JIw17m+aI1oqK7N9vgOn12oQyGYl92xNRFqB8kjKpQuh7TwQgi J+v9/k7gaqKmo3ZWMGk0WGBv/GFxYhmeNd14Y65D9TlypM/zrXSyGoOqZgSA6HlA
jNqGK9vOhZUDqg8CSTYPwOdOIx6Bfghn9lvcs/EkoB5c7dizVhCs1I1ncHZkhIFq gogzwwSaGwx9n/o6czE8MBUGCSqGSIb3DQEJFDEIHgYAYgBvAGIwIwYJKoZIhvcN
nMbOEVl9FXM86ZeE3nekOGXGTDRu2QpuVgD0K8/6TODB6TMLL8yWr8ds7fwJXU0r AQkVMRYEFBfFhHvQp+92kDi4s28IvJK1niuUMF8wTzALBglghkgBZQMEAgMEQEA7
NrLfKDie16En6/3+TuBqoqajdlYwaTRYYG/8YXFiGZ413XhjrkP1OXKkz/OtdLIa SD/WvuMDyvP1ipdXA2WUre12gbn4LB27Hc9hSCYJoGBNjjnqCgLnkrOGYn3c0JQa
g6pmBIDoeUCCiDPDBJobDH2f+jpzMTwwFQYJKoZIhvcNAQkUMQgeBgBiAG8AYjAj BlUu13AJnVU2Ep4R+DwECJ1vqXe6ro0FAgIoAA==
BgkqhkiG9w0BCRUxFgQUF8WEe9Cn73aQOLizbwi8krWeK5QwXzBPMAsGCWCGSAFl
AwQCAwRAfOXgg9B0m7kIxySptHcG/y4B6QwUH80E7GdroberTesDhYKYf0BCxSwN
wr0+uHwOtaa3iuPcHpIygAtHAOvdDgQInW+pd7qujQUCAigA
-----END PKCS12----- -----END PKCS12-----
6. Example Ed25519 Certification Authority 6. Example Ed25519 Certification Authority
The example Ed25519 Certification Authority has the following The example Ed25519 Certification Authority has the following
information: information:
* Name: "Sample LAMPS Ed25519 Certification Authority" * Name: "Sample LAMPS Ed25519 Certification Authority"
6.1. Ed25519 Certification Authority Root Certificate 6.1. Ed25519 Certification Authority Root Certificate
This certificate is used to verify certificates issued by the example This certificate is used to verify certificates issued by the example
Ed25519 Certification Authority. Ed25519 Certification Authority.
-----BEGIN CERTIFICATE----- -----BEGIN CERTIFICATE-----
MIIBtzCCAWmgAwIBAgITH59R65FuWGNFHoyc0N3iWesrXzAFBgMrZXAwWTE1MDMG MIIBtzCCAWmgAwIBAgITH59R65FuWGNFHoyc0N3iWesrXzAFBgMrZXAwWTENMAsG
A1UEAxMsU2FtcGxlIExBTVBTIEVkMjU1MTkgQ2VydGlmaWNhdGlvbiBBdXRob3Jp A1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxNTAzBgNVBAMTLFNhbXBsZSBM
dHkxETAPBgNVBAsTCExBTVBTIFdHMQ0wCwYDVQQKEwRJRVRGMCAXDTIwMTIxNTIx QU1QUyBFZDI1NTE5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MCAXDTIwMTIxNTIx
MzU0NFoYDzIwNTIxMjE1MjEzNTQ0WjBZMTUwMwYDVQQDEyxTYW1wbGUgTEFNUFMg MzU0NFoYDzIwNTIxMjE1MjEzNTQ0WjBZMQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQL
RWQyNTUxOSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTERMA8GA1UECxMITEFNUFMg EwhMQU1QUyBXRzE1MDMGA1UEAxMsU2FtcGxlIExBTVBTIEVkMjU1MTkgQ2VydGlm
V0cxDTALBgNVBAoTBElFVEYwKjAFBgMrZXADIQCEgUZ9yI/rkX/82DihqzVIZQZ+ aWNhdGlvbiBBdXRob3JpdHkwKjAFBgMrZXADIQCEgUZ9yI/rkX/82DihqzVIZQZ+
RKE3URyp+eN2TxJDBKNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMC RKE3URyp+eN2TxJDBKNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMC
AQYwHQYDVR0OBBYEFGuilX26FJvkLQTRB6TRguQua4y1MAUGAytlcANBAAT3T+Jj AQYwHQYDVR0OBBYEFGuilX26FJvkLQTRB6TRguQua4y1MAUGAytlcANBAFAJrlWo
w5uooVELMI2DzCYtjU9rnxFE9NaMp5elOelf/Wxc3Wd89UJTvqN3JZmXrv4Fg0jB QjzwT0ph7rXe023x3GaLPMXMwQI2Of+apkdG2mH9ID6PE1bu3gRRqIH5w2tyS+xF
SHqS/mTcQIFaHgI= Jw0ouxcJyAyXEQ4=
-----END CERTIFICATE----- -----END CERTIFICATE-----
6.2. Ed25519 Certification Authority Secret Key 6.2. Ed25519 Certification Authority Secret Key
This secret key material is used by the example Ed25519 Certification This secret key material is used by the example Ed25519 Certification
Authority to issue new certificates. Authority to issue new certificates.
-----BEGIN PRIVATE KEY----- -----BEGIN PRIVATE KEY-----
MC4CAQAwBQYDK2VwBCIEIAt889xRDvxNT8ak53T7tzKuSn6CQDe8fIdjrCiSFRcp MC4CAQAwBQYDK2VwBCIEIAt889xRDvxNT8ak53T7tzKuSn6CQDe8fIdjrCiSFRcp
-----END PRIVATE KEY----- -----END PRIVATE KEY-----
skipping to change at page 26, line 7 skipping to change at page 26, line 7
6.3. Ed25519 Certification Authority Cross-signed Certificate 6.3. Ed25519 Certification Authority Cross-signed Certificate
If an e-mail client only trusts the RSA Certification Authority Root If an e-mail client only trusts the RSA Certification Authority Root
Certificate found in Section 3.1, they can use this intermediate CA Certificate found in Section 3.1, they can use this intermediate CA
certificate to verify any end entity certificate issued by the certificate to verify any end entity certificate issued by the
example Ed25519 Certification Authority. example Ed25519 Certification Authority.
-----BEGIN CERTIFICATE----- -----BEGIN CERTIFICATE-----
MIICvzCCAaegAwIBAgITR49T5oAgYhF5+eBYQ3ZBZIMuujANBgkqhkiG9w0BAQsF MIICvzCCAaegAwIBAgITR49T5oAgYhF5+eBYQ3ZBZIMuujANBgkqhkiG9w0BAQsF
ADBVMTEwLwYDVQQDEyhTYW1wbGUgTEFNUFMgUlNBIENlcnRpZmljYXRpb24gQXV0 ADBVMQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQLEwhMQU1QUyBXRzExMC8GA1UEAxMo
aG9yaXR5MREwDwYDVQQLEwhMQU1QUyBXRzENMAsGA1UEChMESUVURjAgFw0yMDEy U2FtcGxlIExBTVBTIFJTQSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAgFw0yMDEy
MTUyMTM1NDRaGA8yMDUyMDkyNzA2NTQxOFowWTE1MDMGA1UEAxMsU2FtcGxlIExB MTUyMTM1NDRaGA8yMDUyMDkyNzA2NTQxOFowWTENMAsGA1UEChMESUVURjERMA8G
TVBTIEVkMjU1MTkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxETAPBgNVBAsTCExB A1UECxMITEFNUFMgV0cxNTAzBgNVBAMTLFNhbXBsZSBMQU1QUyBFZDI1NTE5IENl
TVBTIFdHMQ0wCwYDVQQKEwRJRVRGMCowBQYDK2VwAyEAhIFGfciP65F//Ng4oas1 cnRpZmljYXRpb24gQXV0aG9yaXR5MCowBQYDK2VwAyEAhIFGfciP65F//Ng4oas1
SGUGfkShN1Ecqfnjdk8SQwSjfDB6MA8GA1UdEwEB/wQFMAMBAf8wFwYDVR0gBBAw SGUGfkShN1Ecqfnjdk8SQwSjfDB6MA8GA1UdEwEB/wQFMAMBAf8wFwYDVR0gBBAw
DjAMBgpghkgBZQMCATACMA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQUa6KVfboU DjAMBgpghkgBZQMCATACMA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQUa6KVfboU
m+QtBNEHpNGC5C5rjLUwHwYDVR0jBBgwFoAUkTCOfAcXDKfxCShlNhpnHGh29Fkw m+QtBNEHpNGC5C5rjLUwHwYDVR0jBBgwFoAUkTCOfAcXDKfxCShlNhpnHGh29Fkw
DQYJKoZIhvcNAQELBQADggEBAHdUlo6cO0/YS6gMtuj7iNJjI5PaZ3F6muSjl+Ai DQYJKoZIhvcNAQELBQADggEBAGV0x0OEzgYlRKixMcztiikxxJDbmRat1pcipD15
MCPHGJaeVTzhcEnSNlvjXnM77Npxk2Z20342+sveBxfd80ZbTmVTek2IzaVdhxUi 1n8kiBoGhsT4fNZJVoL0OQBa/WTMntL+qcAk2itqZCNIeZeGklUljXBAz5tkDRAF
kEX4pCh28u+b+87BLQjb5Jmhph7105zqC0vxOtJS2y8zSdK2l8SwI/U6jlgEZJGv f/v99LEcsZTcuIbnJqz35danQkp4/upG4hPkfx+nbc1bsVylrITwIGOpnGhz7z3m
pcH5x9eLtrgmDGGqbHDv5BaAGGkM6pIwuw5xdukxKTMt6rXLLLqAX3xenDaY0rxo VCk03DFE3Qt4w9mlv9yuMse33nmsBGXog/XZvM2JRY0iKt0xksQqQD9uYm7MoMeH
SkbeHUYO19MQ7LZmoKYe4Y/J7v4P+62cdjJi1Ob9qpGbvbQwh43GgkYZdTFY2qlY qQs3Ot7EaoPj54xyWvy42run6TLUye64D94SNjB/q/wjL96bsVIKGrRn10T1ybCh
Uj0cLXSzdaBIXllPGCscqC058bGO+gdYJ241EclbB5nm88Q= 4F5HD00hQZgP15Dlb1rg+vskN8MSk5nuD+6z1VsugioW0+k=
-----END CERTIFICATE----- -----END CERTIFICATE-----
7. Carlos's Sample Certificates 7. Carlos's Sample Certificates
Carlos has the following information: Carlos has the following information:
* Name: "Carlos Turing" * Name: "Carlos Turing"
* E-mail Address: "carlos@smime.example" * E-mail Address: "carlos@smime.example"
7.1. Carlos's Signature Verification End-Entity Certificate 7.1. Carlos's Signature Verification End-Entity Certificate
This certificate is used for verification of signatures made by This certificate is used for verification of signatures made by
Carlos. Carlos.
-----BEGIN CERTIFICATE----- -----BEGIN CERTIFICATE-----
MIICBzCCAbmgAwIBAgITP14fVCTRtAFDeA9zwYoXhR52ljAFBgMrZXAwWTE1MDMG MIICBzCCAbmgAwIBAgITP14fVCTRtAFDeA9zwYoXhR52ljAFBgMrZXAwWTENMAsG
A1UEAxMsU2FtcGxlIExBTVBTIEVkMjU1MTkgQ2VydGlmaWNhdGlvbiBBdXRob3Jp A1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxNTAzBgNVBAMTLFNhbXBsZSBM
dHkxETAPBgNVBAsTCExBTVBTIFdHMQ0wCwYDVQQKEwRJRVRGMCAXDTIwMTIxNTIx QU1QUyBFZDI1NTE5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MCAXDTIwMTIxNTIx
MzU0NFoYDzIwNTIxMjE1MjEzNTQ0WjA6MRYwFAYDVQQDEw1DYXJsb3MgVHVyaW5n MzU0NFoYDzIwNTIxMjE1MjEzNTQ0WjA6MQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQL
MREwDwYDVQQLEwhMQU1QUyBXRzENMAsGA1UEChMESUVURjAqMAUGAytlcAMhAMLO EwhMQU1QUyBXRzEWMBQGA1UEAxMNQ2FybG9zIFR1cmluZzAqMAUGAytlcAMhAMLO
gDIs3mHITYRNYO+RnOedrq5/HuQHXSPyAKaS98ito4GwMIGtMAwGA1UdEwEB/wQC gDIs3mHITYRNYO+RnOedrq5/HuQHXSPyAKaS98ito4GwMIGtMAwGA1UdEwEB/wQC
MAAwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMB8GA1UdEQQYMBaBFGNhcmxvc0Bz MAAwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMB8GA1UdEQQYMBaBFGNhcmxvc0Bz
bWltZS5leGFtcGxlMBMGA1UdJQQMMAoGCCsGAQUFBwMEMA4GA1UdDwEB/wQEAwIG bWltZS5leGFtcGxlMBMGA1UdJQQMMAoGCCsGAQUFBwMEMA4GA1UdDwEB/wQEAwIG
wDAdBgNVHQ4EFgQUZIXjO5wdWs3mC7oafwi+xJzMhD8wHwYDVR0jBBgwFoAUa6KV wDAdBgNVHQ4EFgQUZIXjO5wdWs3mC7oafwi+xJzMhD8wHwYDVR0jBBgwFoAUa6KV
fboUm+QtBNEHpNGC5C5rjLUwBQYDK2VwA0EASWxvdJhtfO7zjO9wypAto3Fga8ik fboUm+QtBNEHpNGC5C5rjLUwBQYDK2VwA0EAwVGQWbdy6FQIpTFsaWvG2/US2fnS
9EsAvl8MCUCBw91Rmrj01P8jiAmCwxsb9VR4PPcq6GIjXCnjB5UrV/4XBw== 6B+BzgCrkGQKWX1WgkTj4MEOqL+0cFXLr7ZQ2DQUo2iXyTAu58BR6btcCQ==
-----END CERTIFICATE----- -----END CERTIFICATE-----
7.2. Carlos's Signing Private Key Material 7.2. Carlos's Signing Private Key Material
This private key material is used by Carlos to create signatures. This private key material is used by Carlos to create signatures.
-----BEGIN PRIVATE KEY----- -----BEGIN PRIVATE KEY-----
MC4CAQAwBQYDK2VwBCIEILvvxL741LfX+Ep3Iyye3Cjr4JmONIVYhZPM4M9N1IHY MC4CAQAwBQYDK2VwBCIEILvvxL741LfX+Ep3Iyye3Cjr4JmONIVYhZPM4M9N1IHY
-----END PRIVATE KEY----- -----END PRIVATE KEY-----
skipping to change at page 27, line 24 skipping to change at page 27, line 24
lamps-sample-certs-keygen.carlos.sign.25519.seed". lamps-sample-certs-keygen.carlos.sign.25519.seed".
7.3. Carlos's Encryption End-Entity Certificate 7.3. Carlos's Encryption End-Entity Certificate
This certificate is used to encrypt messages to Carlos. It contains This certificate is used to encrypt messages to Carlos. It contains
an SMIMECapabilities extension to indicate that Carlos's MUA expects an SMIMECapabilities extension to indicate that Carlos's MUA expects
ECDH with HKDF using SHA-256; uses AES-128 key wrap, as indicated in ECDH with HKDF using SHA-256; uses AES-128 key wrap, as indicated in
[RFC8418]. [RFC8418].
-----BEGIN CERTIFICATE----- -----BEGIN CERTIFICATE-----
MIICNDCCAeagAwIBAgITfz0Bv+b1OMAT79aCh3arViNvhDAFBgMrZXAwWTE1MDMG MIICNDCCAeagAwIBAgITfz0Bv+b1OMAT79aCh3arViNvhDAFBgMrZXAwWTENMAsG
A1UEAxMsU2FtcGxlIExBTVBTIEVkMjU1MTkgQ2VydGlmaWNhdGlvbiBBdXRob3Jp A1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxNTAzBgNVBAMTLFNhbXBsZSBM
dHkxETAPBgNVBAsTCExBTVBTIFdHMQ0wCwYDVQQKEwRJRVRGMCAXDTIwMTIxNTIx QU1QUyBFZDI1NTE5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MCAXDTIwMTIxNTIx
MzU0NFoYDzIwNTIxMjE1MjEzNTQ0WjA6MRYwFAYDVQQDEw1DYXJsb3MgVHVyaW5n MzU0NFoYDzIwNTIxMjE1MjEzNTQ0WjA6MQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQL
MREwDwYDVQQLEwhMQU1QUyBXRzENMAsGA1UEChMESUVURjAqMAUGAytlbgMhAC5o EwhMQU1QUyBXRzEWMBQGA1UEAxMNQ2FybG9zIFR1cmluZzAqMAUGAytlbgMhAC5o
MczTIMiddTUYTc/WymEqXw8hZm1QbIz2xX2gFDx0o4HdMIHaMCsGCSqGSIb3DQEJ MczTIMiddTUYTc/WymEqXw8hZm1QbIz2xX2gFDx0o4HdMIHaMCsGCSqGSIb3DQEJ
DwQeMBwwGgYLKoZIhvcNAQkQAxMwCwYJYIZIAWUDBAEFMAwGA1UdEwEB/wQCMAAw DwQeMBwwGgYLKoZIhvcNAQkQAxMwCwYJYIZIAWUDBAEFMAwGA1UdEwEB/wQCMAAw
FwYDVR0gBBAwDjAMBgpghkgBZQMCATABMB8GA1UdEQQYMBaBFGNhcmxvc0BzbWlt FwYDVR0gBBAwDjAMBgpghkgBZQMCATABMB8GA1UdEQQYMBaBFGNhcmxvc0BzbWlt
ZS5leGFtcGxlMBMGA1UdJQQMMAoGCCsGAQUFBwMEMA4GA1UdDwEB/wQEAwIDCDAd ZS5leGFtcGxlMBMGA1UdJQQMMAoGCCsGAQUFBwMEMA4GA1UdDwEB/wQEAwIDCDAd
BgNVHQ4EFgQUgSmg+iOgSyCMDXgA3u3aFss0JbkwHwYDVR0jBBgwFoAUa6KVfboU BgNVHQ4EFgQUgSmg+iOgSyCMDXgA3u3aFss0JbkwHwYDVR0jBBgwFoAUa6KVfboU
m+QtBNEHpNGC5C5rjLUwBQYDK2VwA0EA3jEXyWtu/jK7ZZrnc89k3gzfai2As+ZV m+QtBNEHpNGC5C5rjLUwBQYDK2VwA0EAzss75UzFuADPfd4hQdo5jyAQ3GvkyyvI
NRfRCcYIQbvSRShV3x4WXtZd07hLSOtWL7sg6oBdTMUEFgDAJRRGBg== BdBGnWtJ1eT1WuMaIMhi1rH4vPGPd9scwW+sqd9fG+pv3MShl+zKAQ==
-----END CERTIFICATE----- -----END CERTIFICATE-----
7.4. Carlos's Decryption Private Key Material 7.4. Carlos's Decryption Private Key Material
This private key material is used by Carlos to decrypt messages. This private key material is used by Carlos to decrypt messages.
-----BEGIN PRIVATE KEY----- -----BEGIN PRIVATE KEY-----
MC4CAQAwBQYDK2VuBCIEIIH5782H/otrhLy9Dtvzt79ffsvpcVXgdUczTdUvSQsK MC4CAQAwBQYDK2VuBCIEIIH5782H/otrhLy9Dtvzt79ffsvpcVXgdUczTdUvSQsK
-----END PRIVATE KEY----- -----END PRIVATE KEY-----
This secret key is the [SHA256] digest of the ASCII string "draft- This secret key is the [SHA256] digest of the ASCII string "draft-
lamps-sample-certs-keygen.carlos.encrypt.25519.seed". lamps-sample-certs-keygen.carlos.encrypt.25519.seed".
7.5. PKCS12 Object for Carlos 7.5. PKCS12 Object for Carlos
This PKCS12 ([RFC7292]) object contains the same information as This PKCS12 ([RFC7292]) object contains the same information as
presented in Section 7.1, Section 7.2, Section 7.3, Section 7.4, and presented in Section 7.1, Section 7.2, Section 7.3, Section 7.4, and
Section 6.1. Section 6.3.
It is locked with the simple five-letter password "carlos". It is locked with the simple five-letter password "carlos".
-----BEGIN PKCS12----- -----BEGIN PKCS12-----
MIIJ9gIBAzCCCY4GCSqGSIb3DQEHAaCCCX8Eggl7MIIJdzCCAvcGCSqGSIb3DQEH MIIK/gIBAzCCCpYGCSqGSIb3DQEHAaCCCocEggqDMIIKfzCCAvcGCSqGSIb3DQEH
BqCCAugwggLkAgEAMIIC3QYJKoZIhvcNAQcBMBwGCiqGSIb3DQEMAQMwDgQIwS3R BqCCAugwggLkAgEAMIIC3QYJKoZIhvcNAQcBMBwGCiqGSIb3DQEMAQMwDgQIwS3R
pT1mkyMCAhS7gIICsGKkBm0nci9VHfqxOTWy/lkKyQeF5bwsF/9gZrqUym1KtHZF pT1mkyMCAhS7gIICsGKkBm0nci9VHfqxOTWy/lkKyQeF5bwsF/9gZrqUym1KtHZF
a4rSJIPUctmzqVnhGmfW9m+LEi7Em9rRmUIQbDZt4kQDG5eDk7AdhyDnB3uZDG1W a4rSJIPUctmzqVnhGmfW9m+LEi7Em9rRmUIQbDZt4kQDG5eDk7AdhyDnB3uZDG1W
4cAeUVUiojGLgHFGe2/iIhW+JQTCbGDsAXqowalvoZZ5mJx98Rzb77JXyiKgY/a6 4cAeUVXJMzGfnwtzy5TzBZzEo5nnVX74Al+PDW9wdpbv2TIriL0m29fBT+7HVS9F
uiolRqr27yj0e9CGkA385Hp9n4gcqyGuZ5OYUa0zKRtZB+Zdqcu/365uTP3MUgud Z/95XokSwbb6mmCYeGiPpNEaoeUeuU4zrh/k+JJqDuqNsU66I30wH0CFmk3aarBV
3kK/ESRMRjdRGERlaD84fuhKvI9Elf6yoUkpwW7yHuDTVsLPWeuoPcpOIe/oT7cm 3LkEeCjKFkngzMOZqiKZu8D2hEUjsGQ9ALsRn7P+hIWNFIgjvqgcCMTF8fLK1C/8
HIoQNb2dTY0+HmSCNe3vbHiELsOzUSUat6JhE/uTHiJUVtL01NMcACdvXKqT1eXG vYGD+HOpnn23nLele4b/qpFYx5kJ0bOK1Zo1SpgUQ7Bu6gectUceyOgi7CjRScuV
DdD+Em9N0Di93m2qmXrP1N/AoKGTheB28XwsRicnoBvn4TKULQHaMx/UreYrX3AK ew7918ZY0ugyYoIWAT0kecPM0TFtxAn19JPXo4jBYAlwUtx7GYAlDkgZCb/0dbkv
yJJ4/8ENKQ+UipGt5xBKs/aLnWI9L75Cy3JP5v5myc4T1mvqjlVlay42o5nQYycF 4L+PAeJK4kVDREDQ6ch/6/hlqU8xHeNzdagEWYL6FxWDiHebASxIvZzqkLd7RV9m
tOVjtI/TaBDi5lMBS+r4RPqAp2LfApjrBy6Z0hNLahEO7jsCfyDuxu/UBmncjueG dL1FXst9R9G74jOs0WMMFmd9toyOhD0q6Gl9catOrolCVS/CKaC0CucsJfiKrlJ/
T9OTzN0HwxhwpqfVWVbZzqo2k/7Tu1HVR4LoGQR/+Z6+v3DnLugRVahleObk7ZjX duQkt/JwcELveuOg60u2uaGKUqHmFhd3+6omk+wNBoY+0D5MmBZ/xnrVELGmzp94
HPaO/EunXeokrJouz94jKgo1nTpRKfQ40AnXtKpbrY/457hI+fiODYh6JVdkUgXP q0f/HfZPT6sxkYBGuP2eUA/qr/zimNG3TuGVch/MdnduuVhvAYLyh1gbA8yRm+I/
4f5vuwqiPPY0b/MCr9b+TPNLM1kVpkE1nFsrItNtD9XvktnKBHmSzRXxqeNowQKW zGCVuAqhsHITTx7Fqc3tyVp/mLYUO0QuwmgAw6NhzwKZf5N+tR0DZGcgw8rZpeJA
nKyUnvV5iUjxdbiE4xX8/fl4TLSL4+Z4SlJZn376LWpAN82PtgfI6uYJkacvBkxz yTxVFcjzXvoShxog7RroR9Nc4FwJhWI4BO241OHFEiQZeRk8vzI8WIFXnn6t42/q
Eulxbw96hRbEraIwRkwijOfUV7UjoCPjMYA8Zh1x5JTiE4UWWLs8aq9tM0Z16sVz j1mV7Ba42zxPEGoY3mObKwjR6rDp6KwmmfkghpwMPU3qP2/ASV8WT1+9GIYHc5Am
C1GhT9snSmeWuTtIqOSqJ+lnAbEZzfj4DSRcdUYwggKvBgkqhkiG9w0BBwagggKg 9CmSOTiQMluW70Ra2k5ZMlwnbKNyMRbjUB/yHwwwggKvBgkqhkiG9w0BBwagggKg
MIICnAIBADCCApUGCSqGSIb3DQEHATAcBgoqhkiG9w0BDAEDMA4ECOMzXMste/8a MIICnAIBADCCApUGCSqGSIb3DQEHATAcBgoqhkiG9w0BDAEDMA4ECOMzXMste/8a
AgIUlICCAmgXa+q2JhTLvWsj5SKLdMninTk5uB6HhOsDKYR9GDg/cABqUFxycROG AgIUlICCAmgXa+q2JhTLvWsj5SKLdMninTk5uB6HhOsDKYR9GDg/cABqUFxycROG
JeJuewIRkJhsfdXJi+TSRtnQOqpyVM9oRUdxcbGuCI98fEbLmVyr7KF8GudTgC+b JeJuewIRkJhsfdXJi+TSRtnQOqpyVM9oRUdxcbGuCI98fEbLmVyr7KF8GudTgC+b
y+76DSmhfyPgFn02rHwnMb88Zu1SpvrEAY/sifQy957dbRA8oAUvfGhR5sVL7Mrz eaLjn6HYkWpv7lWdvsFG8BEy6Jqi3/tP9PgNvpCYgVVM7yx6SX8QArcLSQkxbTsv
6GtTtYgPNkKvjnNS3Tv1tOxHLwWWsxzW5/6AKY9hc4XuPJSY0jdEUW2PSIggoZQW Ae0iN18H89W9xOHEz4Z2qHYyb7f0pPHrmpTGC6qmtvo1gNRsKTF0wYeQ5Sy/9U3f
jwlfb97H4Vvn/p8S/qKTUcsGXzFEn1WGXX+yp6acRABooK9Kg+qtNmPJl/nXgVib oM6bIcrOvHDksaco4+5n0zeySDETY8W4mO1K0uC/t0oTOScYGBeRhVr0DQapZGT/
GuCffGVC4IGxxqJaCaGHIUEfBmNRSW/p6JbIASKUshw7iFeZVAfRcwN8mbMsJShk Ej5LpgjXOuosAoT3IKnMwK3C0OZ8oBzcvgSpeAa/V/OTKDpZb22yq6sEaHAPoUqb
qgNy/KQGBSnbrzTZhoNPrUlMArU/Egccf6LpuMZP8PdeSueG3tM/xOt8D4tZmEyK cKRJmB6HC5mdLs3n0uP1vlZuYsHu7Evt0Uhns9pbklJDiCgM+4SFgKTRbd6Xt8bf
pmcuQqXenFZIXdbleUB96OKXqrn4Nf77rMd5VL/R263jDCh9hw5IZIWzyN3HsxrR GHkWnmpv4pQL7jjzA3epP2DHyC8MJaDvleWY7Z3t/IEtkzVxflLo8kT21edz12cm
Qa0PjHFbQudoOEcfYwEmU9t5Av4o1flRLLV4m75ZZjKEtBZ0P4P8+7sYiaBf+9lk uFVK9ilMW3eJuyiRyFXFPgVsuNi/HFnijXFgxzAncP7fFP5MCsOo6daiEjJjemKf
SL38WglKJ7EfGm7T0+L1fciDEyYH/L7B9OcIGlUsSBBYeOjsmY8gnw9sgt3UcK3g J3D+HdD60gFih/eX9V+tGl4y7/jtxCRA/54mit4sCy3LC0++lEp9AtFwGYrDw825
ZX+xiXIHV18yBY10EDaWy/ipv2lmYdw2EoPVwrS3jZ0gGLu8hNDkn1W6l2mJvZMa uGj27a7mE26qgGdGXdzT9UJ8FfUsIoRPrG38Q4mhS10pTarNucWOGjkftZiKJLay
cKN/cuOL3m/EDpdXEDe9NEmufm5C3QwATW8NjoV4vUkZ9V+jQOCghq4rwot4+dHY rfMRf3HYxOI/7iupfxYLK/4/FODijaHzAfSdQf2Bo7csPaz2HQkK/0nyO+tt68S9
1GAAUfhchjfJgwR1ISzy8ZpO6KTGDuer5Vu1acpB3Mq/GZPqM8SucAl8P1fK6pwL pUCjEfV6Liy22tang/jXxPFbBDK/P68MnmgR8C3PcYhPJCo/K0JR2/8F8pVVEqd5
MIICNwYJKoZIhvcNAQcGoIICKDCCAiQCAQAwggIdBgkqhkiG9w0BBwEwHAYKKoZI MIIDPwYJKoZIhvcNAQcGoIIDMDCCAywCAQAwggMlBgkqhkiG9w0BBwEwHAYKKoZI
hvcNAQwBAzAOBAho9g0tQyYTvwICFIGAggHwqGucSvjuG1dKf42hcgjkAUEv5NW5 hvcNAQwBAzAOBAho9g0tQyYTvwICFIGAggL43SpNCoshZX3ikmK1mOIJpS2Ah8Xv
pX3C+Qfe6Nb4gxPw8yIu8vCdymupa3bBI7Qxd/ickCQAo7E2JGr5qjc6ftx6Us/H 94S/5NA8kwHtaNXpLrjYr3CyRL93USm55uvGAtECR/EblON9zeo2p0gK2JPSbDr6
5ySspVi9cz5qOVRTVwSQn+jttPCmtBq17PPyBlqT4U0dNeSDT87+ea3W/u/QQdwa /1oovo7UoZNRoRBZ8pUegVWJswNWjqvzVu5JIRmpD05XjVDKHbFqiXAqtj9/w3q0
Q3jdV9U5Li7Ni5F4ZDFIkmtUPEfrr0p4cgSAUDv6ZZBjpesM5WOIrEcNNHtkWjS4 Qq/p/M9UrLWD93hyLNdIppWr2KR2it9mASTKEHX9dqXcTOG0Kp2GmrfGNteGL02j
jVvNMS64s1/rg1CA3FKjyQ/R8mNi7+FlPV2CKT1FD1iXgU6MLM1SS7JFR05maI/t qVKZaZyYI8gkSxhVLS9zzgf1OynAkzYQsoo+GKhdAW1fJECemAyPc3L+eeARw/SY
HQtxFBFZkbYcKCGokz47e53MYvbtYR8nobZLJ5EJh9jHPZUjrNIl7hXxh7iOsZ36 q1d5QVwxKfYpIJ2wiiavdeRVNbWiwV7Ti+P9PtPx/hV22NNLwMhvnJcHaSS1PaOi
N+3hn/2OM2uuB0fviJFwOoHu+c7HCaBUzSekpVGnEfxTEUXq9FT9utqhzuixEE+L SjoxFJ1EJWGEs0QwcdwM8iN3oVuqT5HU/edMgx9TLNTiE1g2GEq59I/RwBtCL8Dh
KQ3+19d5TXgYKpWsS3B54+uZee11QZ3ejDh1NvdkWj0EuQ7C1hf2zEi7q35OdllW OzKnUb4PU1Z81+HimV3KPI8g3cduhYaBR4HfqAhMnc+w5HXI6J3C1NtAE/izZ1Y2
tCNzIuf1Ls5mO+ezjXBtkAYByaykiUjubfFPNKowGhKOiZpq9IG2mWaXCJe1BWha Od7l+GTJfjPgzIy0hjqfbMt8uU9D9aPr2XjNOWoKRSojae16v8bLx+dFn6RMxFUS
iFpTET+HehLSK9OYvHj39jvx/Cpmtq3j1OFsy7l3n7n7OhmFaNrPmra/vgKFRUbV g3nLEZ6EDpyrJfpGPm6mPgZKSXtvnHuFcbS+utkRuVAtqu07r2XpkGBIJLNVIRHU
brijCLOemLbbg7JfKQpe4VXBpT9OAj6t38LCtV2IAoxKr9Ctxueq/AdINDCBxAYJ 5gLACbTj9TPcAce6RLoaYSDgOuFK0YZMdwzhsAI0YMpyHsUEZpQ5tjWSBY6ENbvF
KoZIhvcNAQcBoIG2BIGzMIGwMIGtBgsqhkiG9w0BDAoBAqBaMFgwHAYKKoZIhvcN 7+QhmDnf6N3Bj+vxUtGS40pVsYCGbmOD7UM5QpUxIgVkpPrfRokOZs/fi9sW+Xy6
AQwBAzAOBAgNhfODEdzSrQICFF0EOCEqFie1peicS9OSXNQjLwbN3kO8lYM2HqeS eQ2Brbn3t9C2TAsORYzFbuBwuTCqFW/rXHS6iffJpx2eAg3DCqaUAJjptSV/yzj4
ZoEKJ4JSFlV1kWW3xwfu5aZKrGEYBfGMd8renRijMUIwGwYJKoZIhvcNAQkUMQ4e vxiXlDB3fMRcpNd5Je7DoHS4axuj7SLHdpNoUHs+qQsG6yDM5BEuXWGxo/L9sGhe
DABjAGEAcgBsAG8AczAjBgkqhkiG9w0BCRUxFgQUgSmg+iOgSyCMDXgA3u3aFss0 XQrUnkZ4m4g01sfgTOfDNurXx/oP0ym+B50q6nLUWv0tYZpmCVil358dIEGPPSMY
JbkwgcQGCSqGSIb3DQEHAaCBtgSBszCBsDCBrQYLKoZIhvcNAQwKAQKgWjBYMBwG AMXh05tIPFdYSJ3WLs0cxy5X4sXZl5w16Pzeb9SF5topqRUb5PDTfVr2bQUMwTbp
CiqGSIb3DQEMAQMwDgQINFcqIEMfd9UCAhS1BDgZruEsSaBY+Cm9WKR8HhH3JXh+ 99FcOQf6cg8HXyT+8b4qKp9WyjCBxAYJKoZIhvcNAQcBoIG2BIGzMIGwMIGtBgsq
AoMSrwkDCKytWt+MNIXB0jY2QZHDbN3uFn7qHw06MDthnKniazFCMBsGCSqGSIb3 hkiG9w0BDAoBAqBaMFgwHAYKKoZIhvcNAQwBAzAOBAgNhfODEdzSrQICFF0EOCEq
DQEJFDEOHgwAYwBhAHIAbABvAHMwIwYJKoZIhvcNAQkVMRYEFGSF4zucHVrN5gu6 Fie1peicS9OSXNQjLwbN3kO8lYM2HqeSZoEKJ4JSFlV1kWW3xwfu5aZKrGEYBfGM
Gn8IvsSczIQ/MF8wTzALBglghkgBZQMEAgMEQEy0qwQQs3QR/VwU7MgIK6ZCWGF9 d8renRijMUIwGwYJKoZIhvcNAQkUMQ4eDABjAGEAcgBsAG8AczAjBgkqhkiG9w0B
0SgeIWjctI024YVnsTg1i8dbFW8rPanAovq3K+gwPqtRoYsjE6KPCycGzX0ECJDj CRUxFgQUgSmg+iOgSyCMDXgA3u3aFss0JbkwgcQGCSqGSIb3DQEHAaCBtgSBszCB
aZkfy4FnAgIoAA== sDCBrQYLKoZIhvcNAQwKAQKgWjBYMBwGCiqGSIb3DQEMAQMwDgQINFcqIEMfd9UC
AhS1BDgZruEsSaBY+Cm9WKR8HhH3JXh+AoMSrwkDCKytWt+MNIXB0jY2QZHDbN3u
Fn7qHw06MDthnKniazFCMBsGCSqGSIb3DQEJFDEOHgwAYwBhAHIAbABvAHMwIwYJ
KoZIhvcNAQkVMRYEFGSF4zucHVrN5gu6Gn8IvsSczIQ/MF8wTzALBglghkgBZQME
AgMEQBHyJX3OKcho7aA/NqwHVbHwPGEYx1yP5T+GbVI3dnmpHWBqcN68OFozv+H9
j3+ocgkzQE1+n7B9euUKdG8Xw/YECJDjaZkfy4FnAgIoAA==
-----END PKCS12----- -----END PKCS12-----
8. Dana's Sample Certificates 8. Dana's Sample Certificates
Dana has the following information: Dana has the following information:
* Name: "Dana Hopper" * Name: "Dana Hopper"
* E-mail Address: "dna@smime.example" * E-mail Address: "dna@smime.example"
8.1. Dana's Signature Verification End-Entity Certificate 8.1. Dana's Signature Verification End-Entity Certificate
This certificate is used for verification of signatures made by Dana. This certificate is used for verification of signatures made by Dana.
-----BEGIN CERTIFICATE----- -----BEGIN CERTIFICATE-----
MIICAzCCAbWgAwIBAgITaWZI+hVtn8pQZviAmPmBXzWfnjAFBgMrZXAwWTE1MDMG MIICAzCCAbWgAwIBAgITaWZI+hVtn8pQZviAmPmBXzWfnjAFBgMrZXAwWTENMAsG
A1UEAxMsU2FtcGxlIExBTVBTIEVkMjU1MTkgQ2VydGlmaWNhdGlvbiBBdXRob3Jp A1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxNTAzBgNVBAMTLFNhbXBsZSBM
dHkxETAPBgNVBAsTCExBTVBTIFdHMQ0wCwYDVQQKEwRJRVRGMCAXDTIwMTIxNTIx QU1QUyBFZDI1NTE5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MCAXDTIwMTIxNTIx
MzU0NFoYDzIwNTIxMjE1MjEzNTQ0WjA4MRQwEgYDVQQDEwtEYW5hIEhvcHBlcjER MzU0NFoYDzIwNTIxMjE1MjEzNTQ0WjA4MQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQL
MA8GA1UECxMITEFNUFMgV0cxDTALBgNVBAoTBElFVEYwKjAFBgMrZXADIQCy2h3h EwhMQU1QUyBXRzEUMBIGA1UEAxMLRGFuYSBIb3BwZXIwKjAFBgMrZXADIQCy2h3h
hkaKDY67PuCuNLnnrQiHdSWYpPlgFsOif85vrqOBrjCBqzAMBgNVHRMBAf8EAjAA hkaKDY67PuCuNLnnrQiHdSWYpPlgFsOif85vrqOBrjCBqzAMBgNVHRMBAf8EAjAA
MBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAdBgNVHREEFjAUgRJkYW5hQHNtaW1l MBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAdBgNVHREEFjAUgRJkYW5hQHNtaW1l
LmV4YW1wbGUwEwYDVR0lBAwwCgYIKwYBBQUHAwQwDgYDVR0PAQH/BAQDAgbAMB0G LmV4YW1wbGUwEwYDVR0lBAwwCgYIKwYBBQUHAwQwDgYDVR0PAQH/BAQDAgbAMB0G
A1UdDgQWBBRIA4bBabh4ba7e88wGsDOsVzLdljAfBgNVHSMEGDAWgBRropV9uhSb A1UdDgQWBBRIA4bBabh4ba7e88wGsDOsVzLdljAfBgNVHSMEGDAWgBRropV9uhSb
5C0E0Qek0YLkLmuMtTAFBgMrZXADQQAqTjekfJCBctK5gm1kAnOvxPCe/xGTU9bm 5C0E0Qek0YLkLmuMtTAFBgMrZXADQQDpORBZitzXGYUjxnoKVLIcWL5xner97it5
E42ScgS/GIPMyPgdeIn67Y9WkY715VgkZdw/PPlnSakKL+zj3zAO VKxEf8E7AeAp96POPEu//2jXnh4qAT40ymW0wrqxU1NT8WW/dSgC
-----END CERTIFICATE----- -----END CERTIFICATE-----
8.2. Dana's Signing Private Key Material 8.2. Dana's Signing Private Key Material
This private key material is used by Dana to create signatures. This private key material is used by Dana to create signatures.
-----BEGIN PRIVATE KEY----- -----BEGIN PRIVATE KEY-----
MC4CAQAwBQYDK2VwBCIEINZ8GPfmQh2AMp+uNIsZMbzvyTOltwvEt13usjnUaW4N MC4CAQAwBQYDK2VwBCIEINZ8GPfmQh2AMp+uNIsZMbzvyTOltwvEt13usjnUaW4N
-----END PRIVATE KEY----- -----END PRIVATE KEY-----
skipping to change at page 30, line 20 skipping to change at page 30, line 24
lamps-sample-certs-keygen.dana.sign.25519.seed". lamps-sample-certs-keygen.dana.sign.25519.seed".
8.3. Dana's Encryption End-Entity Certificate 8.3. Dana's Encryption End-Entity Certificate
This certificate is used to encrypt messages to Dana. It contains an This certificate is used to encrypt messages to Dana. It contains an
SMIMECapabilities extension to indicate that Dana's MUA expects ECDH SMIMECapabilities extension to indicate that Dana's MUA expects ECDH
with HKDF using SHA-256; uses AES-128 key wrap, as indicated in with HKDF using SHA-256; uses AES-128 key wrap, as indicated in
[RFC8418]. [RFC8418].
-----BEGIN CERTIFICATE----- -----BEGIN CERTIFICATE-----
MIICMDCCAeKgAwIBAgITDksKNqnvupyaO2gkjlIdwN7zpzAFBgMrZXAwWTE1MDMG MIICMDCCAeKgAwIBAgITDksKNqnvupyaO2gkjlIdwN7zpzAFBgMrZXAwWTENMAsG
A1UEAxMsU2FtcGxlIExBTVBTIEVkMjU1MTkgQ2VydGlmaWNhdGlvbiBBdXRob3Jp A1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxNTAzBgNVBAMTLFNhbXBsZSBM
dHkxETAPBgNVBAsTCExBTVBTIFdHMQ0wCwYDVQQKEwRJRVRGMCAXDTIwMTIxNTIx QU1QUyBFZDI1NTE5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MCAXDTIwMTIxNTIx
MzU0NFoYDzIwNTIxMjE1MjEzNTQ0WjA4MRQwEgYDVQQDEwtEYW5hIEhvcHBlcjER MzU0NFoYDzIwNTIxMjE1MjEzNTQ0WjA4MQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQL
MA8GA1UECxMITEFNUFMgV0cxDTALBgNVBAoTBElFVEYwKjAFBgMrZW4DIQDgMaI2 EwhMQU1QUyBXRzEUMBIGA1UEAxMLRGFuYSBIb3BwZXIwKjAFBgMrZW4DIQDgMaI2
AWkU9LG8CvaRHgDSEY9d72Y8ENZeMwibPugkVKOB2zCB2DArBgkqhkiG9w0BCQ8E AWkU9LG8CvaRHgDSEY9d72Y8ENZeMwibPugkVKOB2zCB2DArBgkqhkiG9w0BCQ8E
HjAcMBoGCyqGSIb3DQEJEAMTMAsGCWCGSAFlAwQBBTAMBgNVHRMBAf8EAjAAMBcG HjAcMBoGCyqGSIb3DQEJEAMTMAsGCWCGSAFlAwQBBTAMBgNVHRMBAf8EAjAAMBcG
A1UdIAQQMA4wDAYKYIZIAWUDAgEwATAdBgNVHREEFjAUgRJkYW5hQHNtaW1lLmV4 A1UdIAQQMA4wDAYKYIZIAWUDAgEwATAdBgNVHREEFjAUgRJkYW5hQHNtaW1lLmV4
YW1wbGUwEwYDVR0lBAwwCgYIKwYBBQUHAwQwDgYDVR0PAQH/BAQDAgMIMB0GA1Ud YW1wbGUwEwYDVR0lBAwwCgYIKwYBBQUHAwQwDgYDVR0PAQH/BAQDAgMIMB0GA1Ud
DgQWBBSd303UBe+a7GCGvCdtBOnOWtyPpDAfBgNVHSMEGDAWgBRropV9uhSb5C0E DgQWBBSd303UBe+a7GCGvCdtBOnOWtyPpDAfBgNVHSMEGDAWgBRropV9uhSb5C0E
0Qek0YLkLmuMtTAFBgMrZXADQQC9eaCofJkXN6GbED+J2ZLcQvah8kBwLIcDzxpP 0Qek0YLkLmuMtTAFBgMrZXADQQD6f7DCCxXzpnY3BwmrIuf/SNQSf//Otri7USkd
ZYQkN5IIWwXW7D9PEMTGdWlhe9h8IvluIuzIqTpyXKaWiY4K 9GF+VthGS+9KJ4HTBCh0ZGuHIU9EgnfgdSL1UR3WUkL7tv8A
-----END CERTIFICATE----- -----END CERTIFICATE-----
8.4. Dana's Decryption Private Key Material 8.4. Dana's Decryption Private Key Material
This private key material is used by Dana to decrypt messages. This private key material is used by Dana to decrypt messages.
-----BEGIN PRIVATE KEY----- -----BEGIN PRIVATE KEY-----
MC4CAQAwBQYDK2VuBCIEIGxZt8L7lY48OEq4gs/smQ4weDhRNMlYHG21StivPfz3 MC4CAQAwBQYDK2VuBCIEIGxZt8L7lY48OEq4gs/smQ4weDhRNMlYHG21StivPfz3
-----END PRIVATE KEY----- -----END PRIVATE KEY-----
This seed is the [SHA256] digest of the ASCII string "draft-lamps- This seed is the [SHA256] digest of the ASCII string "draft-lamps-
sample-certs-keygen.dana.encrypt.25519.seed". sample-certs-keygen.dana.encrypt.25519.seed".
8.5. PKCS12 Object for Dana 8.5. PKCS12 Object for Dana
This PKCS12 ([RFC7292]) object contains the same information as This PKCS12 ([RFC7292]) object contains the same information as
presented in Section 8.1, Section 8.2, Section 8.3, Section 8.4, and presented in Section 8.1, Section 8.2, Section 8.3, Section 8.4, and
Section 6.1. Section 6.3.
It is locked with the simple four-letter password "dana". It is locked with the simple four-letter password "dana".
-----BEGIN PKCS12----- -----BEGIN PKCS12-----
MIIJ3gIBAzCCCXYGCSqGSIb3DQEHAaCCCWcEggljMIIJXzCCAu8GCSqGSIb3DQEH MIIK5gIBAzCCCn4GCSqGSIb3DQEHAaCCCm8EggprMIIKZzCCAu8GCSqGSIb3DQEH
BqCCAuAwggLcAgEAMIIC1QYJKoZIhvcNAQcBMBwGCiqGSIb3DQEMAQMwDgQIZNqH BqCCAuAwggLcAgEAMIIC1QYJKoZIhvcNAQcBMBwGCiqGSIb3DQEMAQMwDgQIZNqH
TA2APx0CAhQXgIICqK+HFHF6dF5qwlWM6MRCXw11VKrcYBff65iLABPyGvWENnVM TA2APx0CAhQXgIICqK+HFHF6dF5qwlWM6MRCXw11VKrcYBff65iLABPyGvWENnVM
TTPpDLqbGm6Yd2eLntPZvJoVe5Sf2+DW4q3BZ9aKuEdneBBk8mDJ6/Lq1+wFxY5k TTPpDLqbGm6Yd2eLntPZvJoVe5Sf2+DW4q3BZ9aKuEdneBBk8mDJ6/Lq1+wFxY5k
WaBHTA68eH9ovHvrGaK8MkxBSoK7x05uD95di3m5y9XQFU1YsBB6miqD3mUsaPVE WaBHTA6LNml/NkM3za/fr4abKFQnu6DZgZDGbZh2BsgCMmO9TeHgZyepsh3WP4ZO
FeSrFr9aaylqcG9vP9uohbSe19szDmY41/cuKx7C1Qq6hd06TK8rw8aRg0pfrYCu aYDvSD0LiEzerDPlOBgjYahcNLjv/Dn/dFxtOO3or010TTUoQCqeHJOoq3hJtSI+
WuXHQ9pTNf0gNWaLI0vJgo5DrkZzSX+2imCTTjgjbarBCKbRHesA1oXNpFHT8wl6 8n0iXk6gtf1/ROj6JRt/3Aqz/mLMIhuxIg/5K1wxY9AwFT4oyflapNJozGg9qwGi
npErKI6tknS9TYimz/Laidjs431+HWlBll4pDxfSb+gasoGgH8kANnxrlNpm36i7 PWVtEy3QDNvAs3bDfiNQqAfJOEHv2z3Ran7sYuz3vE0FnPfA81oWbazlydjB0P/B
EmfFcRfloucJFovOjLijAPb8zUfmT0XSLYKQLIHgwShY2A+b+tmZgx/JU/6/eIxw OQ+s6VLbsAosnZq9jv2ZVrCDaDAl/g7oD7fY8qmaC6O2q5/Z3KusfMt+r9En2v81
z76wCYQ3n1HTFu+DpmIDF7hlkJAc7OFEoo3hhXSe41vJtTz2dw1Dq5kiR7i6MAXe H2vjgrpxnDIXjYuLZdrnNE/slRtqadOGR/WQ358RG+yUmRUbHYHGnkjn9fOGLasI
GiI5ZpUpuTf5ICO9ZHmbQPOnf/fTN17KhvoJnc0dCGj3L9KPzeeKo/xOBY6DUVkx ZUV0aowivcWyF/kR7QV3VVexgqJMX6k1vzSXRoJ/tnA+1/WPWy1mCJeljGOgYqSV
nc/KdEDuajISt1MSZWO/j2lEhlYalOU6x9xvPOG61hue1lesEcAnnMFYArcn6gH+ txtVB61Qmc2XP48F7wyaQZvdAU9zfe11/tHAaKKJWBpE1lIuAEkGtIP6ozYJBFjH
MDp6zrXbhemPTwITwiwgUWWYAQEuXIEvoYv1qC0izF8yqfB7EEaO1GRwNdUl3HS6 I11tBA8fijTnug+S4OvSgjtsRV/+kSEiW4F+pwE8RuTYfUu7q+Ew0LYdLgkH5OyE
FjR2/hGXaZnqFyEkDPv8U0MYY0tXknuA/XNpqW0NaXwUf4DEZzG3Negjqa9irXSr sn0b62UFpR/E1D9exWzohrFbIdUCbjtssXucruAqPNhW/abT0zicWu5nvf+Pniow
bze5aTl7CshrxTy77ff4XgsZzbHbJANY+1Z82k9L9d2kYd7PJtn4F/q6YUvHNTB8 2VxvhwoGt5jZ+lkaR5Z+1/GpbMgq47EUyGCgKv+5GAcJxUxINZqLbACJ/MhLfYPB
JoHvlLU+gP+QYYCHl3v/lsNYtkFe7CzCjJchr9X8Ru+2A6wdDDCskQmUHLXEWOtD eJrXz8f5Cigm1wZLisYCqnuc8cGCXjNqNkUlqtzodM8xv4gcgT/zILxmJTZP2q4n
pjLHGfOI9lqKGUcZbQd8pTsMuiL6MIICpwYJKoZIhvcNAQcGoIICmDCCApQCAQAw YA4yBQx5/n2G2dZC+pf3kAfbXcp0MIICpwYJKoZIhvcNAQcGoIICmDCCApQCAQAw
ggKNBgkqhkiG9w0BBwEwHAYKKoZIhvcNAQwBAzAOBAjxuoiaSZDbnwICFH+AggJg ggKNBgkqhkiG9w0BBwEwHAYKKoZIhvcNAQwBAzAOBAjxuoiaSZDbnwICFH+AggJg
k2hcNYtO0+15uLqXdiNhr5Q0JkYcrHdo0wR6G5AgLmwI+TYi+P8EZUjDIJ4TJ3b4 k2hcNYtO0+15uLqXdiNhr5Q0JkYcrHdo0wR6G5AgLmwI+TYi+P8EZUjDIJ4TJ3b4
6xv7+3pT8cbEFf6PXcfS8/sCfM7FaV3SpLACLZbBJV52OKE0CAgALX++E7UyqHju 6xv7+3pT8cbEFf6PXcfS8/sCfM7FaV3SpLACLZbBJV52OKE0CAgALZOLuIz5mGVU
Ty6WnTIE3k+m9dH0dBMAhV/xGcXT91WBVDr9XkAa6dqhrbHS2VMUMfSdl6nJLwGc tWI2h1x587KeIv5GRPIxumDebT3Gmkkp9Qoi55hjTgn68olSgDaJF8o5wnfODhkS
y5zVBZzzkV3LhejJRCqY3l+5quwabzumcDwtsVMz8/3j4TwGZzkvRP1+EbYLuAKp o110a3x9OwkJSN1AXfmBfj33KnT8Dc4bTfAZy1S5o1zCtaEqnct2Urb4PeO3LfHB
94rfXAgzGt6f1WwRx7OsGKzcQpSjISw6x51tOaWZK/QnrhdOMt415a9t79HrJ3h7 ErBsvY8HE4D7qh6P5ftXHQHAx/b3hbU8jQP1tR0N9Oh0SiLi//ebCeGXWQRdVjL5
8hqC+HfMTnCNtHEkEntGrlVqKF+isCoHBP/s1k+ZZ6WuASfgJcJMvFgyQ2LMyBVs +VQrhlQF5d4Kz9Zx79oC36g7C2BxCQomur/F9TT12NPzPpaEGGo6ljB6myAHnYw9
AEelovX94Pz1c9PNzgNPSth0CQA1CJJcbLjueZNU4fNmgYuv/OOvTYZZklDQjjAk rCxbSxBvbtEtlgJnxxb1Y5Q4ukgyjzK6431Bwq2+iNL0vGc9o2c5ELUPU9zGeLBZ
wZXlkNM70wsR0QFHZm5CpOQKEPxJUoIuSN77Q5wxP+VJYMYKfPhUYIQd3TQsqGXl tXWvdX27aOHjusPfDZl70C5zHiYs1FU6Tkn9Aotc424Q3d2IRTTcYnnjs1VSi1Sr
wXbGLvtrz/anmPJFEy0qIPPjwsR9vtN/xYU09t6QHX2bTGN/eWmoqaUrXHCzlW8j 4bRyB8zBAQmdQrniBW++7eJm3m/EOU0Yy0noUT169m8KNJrmSspMvKS6pyiYHR4I
lobS4CgeofaObNYse8dzsfd1BxjhDQ+cvewdDtVBmmm4Z9GG9Mn/Cxm5GI+twH/R BvAIkRIjvdtQvJdQJ+Uyr+HH5daE6golW1917b2bXj/41mvXYkJY6W8x0km1RYhH
W/tTMCny9EiQV0e+PtAj2rpnsuQbOZka06jEykg6/Ydv9kTjFT8SBSQxtAse2nbY QJZphWlvNcrHKo46Unk48Qc/5J5tI+6UDTXFr//V34vcpQ2ktp0MAKl1rBH549ef
shdZE/BhkCHyd+Mlj6AFiChsB0htP2dZLFLB8EkKCdB2DdEG/EcJcA5jVx54LG6w CsGQTGoq8XHPhksehEEMRmOJDeKTVkKx8xNhbwb395yFCIxfF2NHeDLXP+JyW+nH
ZVGRr452XJTcn3zTUXFj63D13pHBTuwBvJvO5pVRFh8wggI3BgkqhkiG9w0BBwag Iy2fnBDlyTiPF7YXyGiPjPAgK8LS8GUE+Zq2rWqrGNkwggM/BgkqhkiG9w0BBwag
ggIoMIICJAIBADCCAh0GCSqGSIb3DQEHATAcBgoqhkiG9w0BDAEDMA4ECOfJ/s3Y ggMwMIIDLAIBADCCAyUGCSqGSIb3DQEHATAcBgoqhkiG9w0BDAEDMA4ECOfJ/s3Y
f5bgAgIUnYCCAfDRW6wHeNExBEJGRcj9eGUoBcXpSJCKCckJSh2ZLMepS0YBgtPk f5bgAgIUnYCCAvi4NaYP4lpAtuXtE02Zqgl9aLFwsj9B/rikBo6O1ZR/lsryJ4PJ
VDmQheb/A+1CgATSdG2qkNr3f4ACTZYJtyjBlOn6Z2oV/In0nyFXyPTKW+SeTM6N VGYy6NyBPjG67glJVMYiI3Hge+j66FXKXD/AaiMVD21ZmfrH935Sl4ZUKS9tpTJL
1jfcKq2GIgL1687t+PNbYgH/+9QgDvcKiHEFqaQjpzYpyk2CuRdVEbq4r7c/K9h/ QDw3ejpDEDqJUFJZJ/ybgpRAKoNjhcE3B7F7+WMI8Pr70M1Fbw7ytUCAjOf18sIW
2NO44aUq/Covon04rk/RG+HnJauQVC+iwuWcVpcoePF1XyP2onx6y8D7dxflKRhP prUA8f8O9dLiGgiWyjE5HMzSXEib5IMRpq5x4Q28pBrT8rVYgoQSSyVkfHtU7LDi
u6HmD9f68ZwacQzaIodR9q8BJ5bOnabHfYZZuA4KIp7C2zUqEwCMbFkQRJmNfm1D Bm68RfBgEl7jIqLdrt2kKxHC3/lC4xXQgFNXeQO56aRp8Yu4VpoRwraVLUO3tJk+
G/huDK9Bdox436RGm3kP/XuJ8qNCYNS+8GblnX4gV3bO2MpBr+M+Q7Jk5v1xE2Su pf1zFfmUei/JtiFlC6uf0PvC2B5h6kAZocE1lLxGIDFH7fTd6dzP7qTDbUQ+uEk3
/9YHKaI6ok5cI3obozU6PuQzPSN7Yfi/MGC342ZXV5zjnCzGCK/VKRsvdk0f18w5 qsgktT2pcoVnxTanvQmTCEZM9ZKCX5/z7Gkm+z83lGLDDU9oNyRSrxHrRBIvgH4w
oKgibwGPMUXwvY/nVuWMNwkqQUXPsXSU80eTzkvx/oInldp5sHf0lxzaG+quxFwr 3aGH1v6kfYOWwwwaghQOQIZFyzGVRKXsP7AslL+n4ti831TxqSUZX2qy9LpI4Tjp
GZ8v8i61YJis33pievIe9wwptrscGxQ7CahFtgIEUxzTc1usZOEGF/eQp9hciIZD 5A/NLMKo3uqmHFlTLnnYUqoppe88FNY8T/LXnHp0KTkuXFmdKJtp1/ydqh18jBk7
MXUCs38nEe7N01QcKRgmuqIYHNt+6OUcljXuoJdLGcMEdXTqi2yVW7peopBTRvPz nfLcQFdf1R/5okysblRtaMujlhelymT7MoM8u5C8ceIO7uWX8NI5B/IB+Yn2BvzZ
z0tJpPZlxtAmw/Hl2zTBiZ0h6zsuRcRcx6ieMIHABgkqhkiG9w0BBwGggbIEga8w 9LXoSia/wHjTu7UK610o7WOq9qTYe1i1x+HsmJaOC6hpaQh6b33VWDrHJbl7c/4Z
gawwgakGCyqGSIb3DQEMCgECoFowWDAcBgoqhkiG9w0BDAEDMA4ECL2Bz1vW+YZk tvQ9qAzqkqIhFWMRXNK+32jFVAgXrD8U1QHW2ip5s7W/Xtm1AegrhG1nSQgJezYl
AgIUugQ4YOyEjke53NDvCFR0ciUHZ7ref9/wPx5TgV3qzGhfR4bP2rdpiOt9hAHV OnE/t2PDWuPeW94kR0uv1fNsh6plLyZYf/BaqhoGCHsa/ipD86viVSZDgJ8ASVLF
K5cmUAR7+wjAJiYdLUQxPjAXBgkqhkiG9w0BCRQxCh4IAGQAYQBuAGEwIwYJKoZI eLUK3HYFMhJ+MLEzZJffYZAOnbYoyNPNc0vc7dpbk+ZMnlb5bDFcMCpm7+fWOjsC
hvcNAQkVMRYEFJ3fTdQF75rsYIa8J20E6c5a3I+kMIHABgkqhkiG9w0BBwGggbIE nsNNL9nqQlNHHCJRKGuxO5rujftbPM7R3GLT9d/u5e9YY5cX0RiDLxomFfflj2Yh
ga8wgawwgakGCyqGSIb3DQEMCgECoFowWDAcBgoqhkiG9w0BDAEDMA4ECFw78Uk8 uRoyX+8WzESt98I/KmAraWKXnxOP1FEWajtNCrnGCezDKO3xEHTQhECpg+z7O4mj
K64uAgIU+gQ4id0jRb3JyEM5fdpaeQR+YEeMn+Y5KavplVD5HtgQQY9hhppbQqG4 MjN6MIHABgkqhkiG9w0BBwGggbIEga8wgawwgakGCyqGSIb3DQEMCgECoFowWDAc
af7KY+MT6xus6oNEQeJAE5wxPjAXBgkqhkiG9w0BCRQxCh4IAGQAYQBuAGEwIwYJ BgoqhkiG9w0BDAEDMA4ECL2Bz1vW+YZkAgIUugQ4YOyEjke53NDvCFR0ciUHZ7re
KoZIhvcNAQkVMRYEFEgDhsFpuHhtrt7zzAawM6xXMt2WMF8wTzALBglghkgBZQME f9/wPx5TgV3qzGhfR4bP2rdpiOt9hAHVK5cmUAR7+wjAJiYdLUQxPjAXBgkqhkiG
AgMEQNHejohTj3Ewlp/2L19mtFcwBM/tTp7REjcOo+n9jtpzeFVve9dkr76JVAHh 9w0BCRQxCh4IAGQAYQBuAGEwIwYJKoZIhvcNAQkVMRYEFJ3fTdQF75rsYIa8J20E
naFM+2tfOF7j5tW5Pn13nEEr0skECC5Dkkzl2MltAgIoAA== 6c5a3I+kMIHABgkqhkiG9w0BBwGggbIEga8wgawwgakGCyqGSIb3DQEMCgECoFow
WDAcBgoqhkiG9w0BDAEDMA4ECFw78Uk8K64uAgIU+gQ4id0jRb3JyEM5fdpaeQR+
YEeMn+Y5KavplVD5HtgQQY9hhppbQqG4af7KY+MT6xus6oNEQeJAE5wxPjAXBgkq
hkiG9w0BCRQxCh4IAGQAYQBuAGEwIwYJKoZIhvcNAQkVMRYEFEgDhsFpuHhtrt7z
zAawM6xXMt2WMF8wTzALBglghkgBZQMEAgMEQEyKU+C+RuVmgTZpGN9FEY/LofSz
3TZAOx0TJ3EN12kuTzjcGNxJ+7e4w4xI6CZxP9RqrBM/N6N2fThoArRC6uIECC5D
kkzl2MltAgIoAA==
-----END PKCS12----- -----END PKCS12-----
9. Security Considerations 9. Security Considerations
The keys presented in this document should be considered compromised The keys presented in this document should be considered compromised
and insecure, because the secret key material is published and and insecure, because the secret key material is published and
therefore not secret. therefore not secret.
Applications which maintain blacklists of invalid key material SHOULD Applications which maintain blacklists of invalid key material SHOULD
include these keys in their lists. include these keys in their lists.
skipping to change at page 32, line 37 skipping to change at page 33, line 7
[ RFC Editor: please remove this section before publication ] [ RFC Editor: please remove this section before publication ]
This document is currently edited as markdown. Minor editorial This document is currently edited as markdown. Minor editorial
changes can be suggested via merge requests at changes can be suggested via merge requests at
https://gitlab.com/dkg/lamps-samples or by e-mail to the author. https://gitlab.com/dkg/lamps-samples or by e-mail to the author.
Please direct all significant commentary to the public IETF LAMPS Please direct all significant commentary to the public IETF LAMPS
mailing list: "spasm@ietf.org" mailing list: "spasm@ietf.org"
11.1. Document History 11.1. Document History
11.1.1. Substantive Changes from draft-ietf-*-02 to draft-ietf-*-03 11.1.1. Substantive Changes from draft-ietf-*-03 to draft-ietf-*-04
* Order subject/issuer DN components by scope.
* Put cross-signed intermediate CA certificates into PKCS#12 instead
of self-signed root CA certificates.
11.1.2. Substantive Changes from draft-ietf-*-02 to draft-ietf-*-03
* Correct encoding of S/MIME Capabilities extension. * Correct encoding of S/MIME Capabilities extension.
* Change "Certificate Authority" to "Certification Authority". * Change "Certificate Authority" to "Certification Authority".
* Add CertificatePolicies to all intermediate and end-entity * Add CertificatePolicies to all intermediate and end-entity
certificates. certificates.
* Add organization and organizational unit to all certificates. * Add organization and organizational unit to all certificates.
11.1.2. Substantive Changes from draft-ietf-*-01 to draft-ietf-*-02 11.1.3. Substantive Changes from draft-ietf-*-01 to draft-ietf-*-02
* Added cross-signed certificates for both CAs * Added cross-signed certificates for both CAs
* Added S/MIME Capabilities extension for Carlos and Dana's * Added S/MIME Capabilities extension for Carlos and Dana's
encryption keys, indicating preferred ECDH parameters. encryption keys, indicating preferred ECDH parameters.
* Ensure no serial numbers are negative. * Ensure no serial numbers are negative.
* Encode keyUsage extensions in minimum-length BIT STRINGs. * Encode keyUsage extensions in minimum-length BIT STRINGs.
11.1.3. Substantive Changes from draft-ietf-*-00 to draft-ietf-*-01 11.1.4. Substantive Changes from draft-ietf-*-00 to draft-ietf-*-01
* Added Curve25519 sample certificates (new CA, Carlos, and Dana) * Added Curve25519 sample certificates (new CA, Carlos, and Dana)
11.1.4. Substantive Changes from draft-dkg-*-05 to draft-ietf-*-00 11.1.5. Substantive Changes from draft-dkg-*-05 to draft-ietf-*-00
* WG adoption (dkg moves from Author to Editor) * WG adoption (dkg moves from Author to Editor)
11.1.5. Substantive Changes from draft-dkg-*-04 to draft-dkg-*-05 11.1.6. Substantive Changes from draft-dkg-*-04 to draft-dkg-*-05
* PEM blobs are now "sourcecode", not "artwork" * PEM blobs are now "sourcecode", not "artwork"
11.1.6. Substantive Changes from draft-dkg-*-03 to draft-dkg-*-04 11.1.7. Substantive Changes from draft-dkg-*-03 to draft-dkg-*-04
* Describe deterministic key generation * Describe deterministic key generation
* label PEM blobs with filenames in XML * label PEM blobs with filenames in XML
11.1.7. Substantive Changes from draft-dkg-*-02 to draft-dkg-*-03 11.1.8. Substantive Changes from draft-dkg-*-02 to draft-dkg-*-03
* Alice and Bob now each have two distinct certificates: one for * Alice and Bob now each have two distinct certificates: one for
signing, one for encryption, and public keys to match. signing, one for encryption, and public keys to match.
11.1.8. Substantive Changes from draft-dkg-*-01 to draft-dkg-*-02 11.1.9. Substantive Changes from draft-dkg-*-01 to draft-dkg-*-02
* PKCS#12 objects are deliberately locked with simple passphrases * PKCS#12 objects are deliberately locked with simple passphrases
11.1.9. Substantive Changes from draft-dkg-*-00 to draft-dkg-*-01 11.1.10. Substantive Changes from draft-dkg-*-00 to draft-dkg-*-01
* changed all three keys to use RSA instead of RSA-PSS * changed all three keys to use RSA instead of RSA-PSS
* set keyEncipherment keyUsage flag instead of dataEncipherment in * set keyEncipherment keyUsage flag instead of dataEncipherment in
EE certs EE certs
12. Acknowledgements 12. Acknowledgements
This draft was inspired by similar work in the OpenPGP space by This draft was inspired by similar work in the OpenPGP space by
Bjarni Runar and juga at [I-D.bre-openpgp-samples]. Bjarni Runar and juga at [I-D.bre-openpgp-samples].
 End of changes. 62 change blocks. 
496 lines changed or deleted 510 lines changed or added

This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/