draft-ietf-lamps-samples-08.txt   rfc9216.txt 
lamps D.K. Gillmor, Ed. Internet Engineering Task Force (IETF) D. K. Gillmor, Ed.
Internet-Draft ACLU Request for Comments: 9216 ACLU
Intended status: Informational 2 February 2022 Category: Informational April 2022
Expires: 6 August 2022 ISSN: 2070-1721
S/MIME Example Keys and Certificates S/MIME Example Keys and Certificates
draft-ietf-lamps-samples-08
Abstract Abstract
The S/MIME development community benefits from sharing samples of The S/MIME development community benefits from sharing samples of
signed or encrypted data. This document facilitates such signed or encrypted data. This document facilitates such
collaboration by defining a small set of X.509v3 certificates and collaboration by defining a small set of X.509v3 certificates and
keys for use when generating such samples. keys for use when generating such samples.
Status of This Memo Status of This Memo
This Internet-Draft is submitted in full conformance with the This document is not an Internet Standards Track specification; it is
provisions of BCP 78 and BCP 79. published for informational purposes.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet-
Drafts is at https://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months This document is a product of the Internet Engineering Task Force
and may be updated, replaced, or obsoleted by other documents at any (IETF). It represents the consensus of the IETF community. It has
time. It is inappropriate to use Internet-Drafts as reference received public review and has been approved for publication by the
material or to cite them other than as "work in progress." Internet Engineering Steering Group (IESG). Not all documents
approved by the IESG are candidates for any level of Internet
Standard; see Section 2 of RFC 7841.
This Internet-Draft will expire on 6 August 2022. Information about the current status of this document, any errata,
and how to provide feedback on it may be obtained at
https://www.rfc-editor.org/info/rfc9216.
Copyright Notice Copyright Notice
Copyright (c) 2022 IETF Trust and the persons identified as the Copyright (c) 2022 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents (https://trustee.ietf.org/ Provisions Relating to IETF Documents
license-info) in effect on the date of publication of this document. (https://trustee.ietf.org/license-info) in effect on the date of
Please review these documents carefully, as they describe your rights publication of this document. Please review these documents
and restrictions with respect to this document. Code Components carefully, as they describe your rights and restrictions with respect
extracted from this document must include Revised BSD License text as to this document. Code Components extracted from this document must
described in Section 4.e of the Trust Legal Provisions and are include Revised BSD License text as described in Section 4.e of the
provided without warranty as described in the Revised BSD License. Trust Legal Provisions and are provided without warranty as described
in the Revised BSD License.
Table of Contents Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3 1. Introduction
1.1. Requirements Language . . . . . . . . . . . . . . . . . . 4 1.1. Terminology
1.2. Terminology . . . . . . . . . . . . . . . . . . . . . . . 4 1.2. Prior Work
1.3. Prior Work . . . . . . . . . . . . . . . . . . . . . . . 4 2. Background
2. Background . . . . . . . . . . . . . . . . . . . . . . . . . 5 2.1. Certificate Usage
2.1. Certificate Usage . . . . . . . . . . . . . . . . . . . . 5 2.2. Certificate Expiration
2.2. Certificate Expiration . . . . . . . . . . . . . . . . . 5 2.3. Certificate Revocation
2.3. Certificate Revocation . . . . . . . . . . . . . . . . . 5 2.4. Using the CA in Test Suites
2.4. Using the CA in Test Suites . . . . . . . . . . . . . . . 6 2.5. Certificate Chains
2.5. Certificate Chains . . . . . . . . . . . . . . . . . . . 6 2.6. Passwords
2.6. Passwords . . . . . . . . . . . . . . . . . . . . . . . . 7 2.7. Secret Key Origins
2.7. Secret key origins . . . . . . . . . . . . . . . . . . . 7 3. Example RSA Certification Authority
3. Example RSA Certification Authority . . . . . . . . . . . . . 7 3.1. RSA Certification Authority Root Certificate
3.1. RSA Certification Authority Root Certificate . . . . . . 7 3.2. RSA Certification Authority Secret Key
3.2. RSA Certification Authority Secret Key . . . . . . . . . 8 3.3. RSA Certification Authority Cross-Signed Certificate
3.3. RSA Certification Authority Cross-signed Certificate . . 9 4. Alice's Sample Certificates
4. Alice's Sample Certificates . . . . . . . . . . . . . . . . . 10 4.1. Alice's Signature Verification End-Entity Certificate
4.1. Alice's Signature Verification End-Entity Certificate . . 10 4.2. Alice's Signing Private Key Material
4.2. Alice's Signing Private Key Material . . . . . . . . . . 11 4.3. Alice's Encryption End-Entity Certificate
4.3. Alice's Encryption End-Entity Certificate . . . . . . . . 12 4.4. Alice's Decryption Private Key Material
4.4. Alice's Decryption Private Key Material . . . . . . . . . 13 4.5. PKCS #12 Object for Alice
4.5. PKCS12 Object for Alice . . . . . . . . . . . . . . . . . 14 5. Bob's Sample
5. Bob's Sample . . . . . . . . . . . . . . . . . . . . . . . . 17 5.1. Bob's Signature Verification End-Entity Certificate
5.1. Bob's Signature Verification End-Entity Certificate . . . 17 5.2. Bob's Signing Private Key Material
5.2. Bob's Signing Private Key Material . . . . . . . . . . . 18 5.3. Bob's Encryption End-Entity Certificate
5.3. Bob's Encryption End-Entity Certificate . . . . . . . . . 19 5.4. Bob's Decryption Private Key Material
5.4. Bob's Decryption Private Key Material . . . . . . . . . . 20 5.5. PKCS #12 Object for Bob
5.5. PKCS12 Object for Bob . . . . . . . . . . . . . . . . . . 21 6. Example Ed25519 Certification Authority
6. Example Ed25519 Certification Authority . . . . . . . . . . . 24 6.1. Ed25519 Certification Authority Root Certificate
6.1. Ed25519 Certification Authority Root Certificate . . . . 24 6.2. Ed25519 Certification Authority Secret Key
6.2. Ed25519 Certification Authority Secret Key . . . . . . . 25 6.3. Ed25519 Certification Authority Cross-Signed Certificate
6.3. Ed25519 Certification Authority Cross-signed 7. Carlos's Sample Certificates
Certificate . . . . . . . . . . . . . . . . . . . . . . . 25 7.1. Carlos's Signature Verification End-Entity Certificate
7. Carlos's Sample Certificates . . . . . . . . . . . . . . . . 26 7.2. Carlos's Signing Private Key Material
7.1. Carlos's Signature Verification End-Entity Certificate . 26 7.3. Carlos's Encryption End-Entity Certificate
7.2. Carlos's Signing Private Key Material . . . . . . . . . . 27 7.4. Carlos's Decryption Private Key Material
7.3. Carlos's Encryption End-Entity Certificate . . . . . . . 27 7.5. PKCS #12 Object for Carlos
7.4. Carlos's Decryption Private Key Material . . . . . . . . 27 8. Dana's Sample Certificates
7.5. PKCS12 Object for Carlos . . . . . . . . . . . . . . . . 28 8.1. Dana's Signature Verification End-Entity Certificate
8. Dana's Sample Certificates . . . . . . . . . . . . . . . . . 29 8.2. Dana's Signing Private Key Material
8.1. Dana's Signature Verification End-Entity Certificate . . 29 8.3. Dana's Encryption End-Entity Certificate
8.2. Dana's Signing Private Key Material . . . . . . . . . . . 30 8.4. Dana's Decryption Private Key Material
8.3. Dana's Encryption End-Entity Certificate . . . . . . . . 30 8.5. PKCS #12 Object for Dana
8.4. Dana's Decryption Private Key Material . . . . . . . . . 30 9. Security Considerations
8.5. PKCS12 Object for Dana . . . . . . . . . . . . . . . . . 31 10. IANA Considerations
9. Security Considerations . . . . . . . . . . . . . . . . . . . 32 11. References
10. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 32 11.1. Normative References
11. Document Considerations . . . . . . . . . . . . . . . . . . . 32 11.2. Informative References
11.1. Document History . . . . . . . . . . . . . . . . . . . . 32 Acknowledgements
11.1.1. Substantive Changes from draft-ietf-*-07 to Author's Address
draft-ietf-*-08 . . . . . . . . . . . . . . . . . . . 32
11.1.2. Substantive Changes from draft-ietf-*-06 to
draft-ietf-*-07 . . . . . . . . . . . . . . . . . . . 33
11.1.3. Substantive Changes from draft-ietf-*-05 to
draft-ietf-*-06 . . . . . . . . . . . . . . . . . . . 33
11.1.4. Substantive Changes from draft-ietf-*-04 to
draft-ietf-*-05 . . . . . . . . . . . . . . . . . . . 33
11.1.5. Substantive Changes from draft-ietf-*-03 to
draft-ietf-*-04 . . . . . . . . . . . . . . . . . . . 33
11.1.6. Substantive Changes from draft-ietf-*-02 to
draft-ietf-*-03 . . . . . . . . . . . . . . . . . . . 33
11.1.7. Substantive Changes from draft-ietf-*-01 to
draft-ietf-*-02 . . . . . . . . . . . . . . . . . . . 33
11.1.8. Substantive Changes from draft-ietf-*-00 to
draft-ietf-*-01 . . . . . . . . . . . . . . . . . . . 34
11.1.9. Substantive Changes from draft-dkg-*-05 to
draft-ietf-*-00 . . . . . . . . . . . . . . . . . . . 34
11.1.10. Substantive Changes from draft-dkg-*-04 to
draft-dkg-*-05 . . . . . . . . . . . . . . . . . . . 34
11.1.11. Substantive Changes from draft-dkg-*-03 to
draft-dkg-*-04 . . . . . . . . . . . . . . . . . . . 34
11.1.12. Substantive Changes from draft-dkg-*-02 to
draft-dkg-*-03 . . . . . . . . . . . . . . . . . . . 34
11.1.13. Substantive Changes from draft-dkg-*-01 to
draft-dkg-*-02 . . . . . . . . . . . . . . . . . . . 34
11.1.14. Substantive Changes from draft-dkg-*-00 to
draft-dkg-*-01 . . . . . . . . . . . . . . . . . . . 34
12. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 34
13. References . . . . . . . . . . . . . . . . . . . . . . . . . 35
13.1. Normative References . . . . . . . . . . . . . . . . . . 35
13.2. Informative References . . . . . . . . . . . . . . . . . 36
Author's Address . . . . . . . . . . . . . . . . . . . . . . . . 37
1. Introduction 1. Introduction
The S/MIME ([RFC8551]) development community, in particular the The S/MIME ([RFC8551]) development community, in particular the email
e-mail development community, benefits from sharing samples of signed development community, benefits from sharing samples of signed and/or
and/or encrypted data. Often the exact key material used does not encrypted data. Often, the exact key material used does not matter
matter because the properties being tested pertain to implementation because the properties being tested pertain to implementation
correctness, completeness or interoperability of the overall system. correctness, completeness, or interoperability of the overall system.
However, without access to the relevant secret key material, a sample However, without access to the relevant secret key material, a sample
is useless. is useless.
This document defines a small set of X.509v3 certificates ([RFC5280]) This document defines a small set of X.509v3 certificates ([RFC5280])
and secret keys for use when generating or operating on such samples. and secret keys for use when generating or operating on such samples.
An example RSA certification authority is supplied, and sample RSA An example RSA Certification Authority is supplied, and sample RSA
certificates are provided for two "personas", Alice and Bob. certificates are provided for two "personas", Alice and Bob.
Additionally, an Ed25519 ([RFC8032]) certification authority is Additionally, an Ed25519 ([RFC8032]) Certification Authority is
supplied, along with sample Ed25519 certificates for two more supplied, along with sample Ed25519 certificates for two more
"personas", Carlos and Dana. "personas", Carlos and Dana.
This document focuses narrowly on functional, well-formed identity This document focuses narrowly on functional, well-formed identity
and key material. It is a starting point that other documents can and key material. It is a starting point that other documents can
use to develop sample signed or encrypted messages, test vectors, or use to develop sample signed or encrypted messages, test vectors, or
other artifacts for improved interoperability. other artifacts for improved interoperability.
1.1. Requirements Language 1.1. Terminology
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and
"OPTIONAL" in this document are to be interpreted as described in BCP
14 [RFC2119] [RFC8174] when, and only when, they appear in all
capitals, as shown here.
1.2. Terminology
* "Certification Authority" (or "CA") is a party capable of issuing "Certification Authority" (or "CA"): a party capable of issuing
X.509 certificates X.509 certificates
* "End-Entity" is a party that is capable of using X.509 "End Entity" (or "EE"): a party that is capable of using X.509
certificates (and their corresponding secret key material) certificates (and their corresponding secret key material)
* "Mail User Agent" (or "MUA") is a program that generates or "Mail User Agent" (or "MUA"): a program that generates or handles
handles [RFC5322] e-mail messages. email messages ([RFC5322])
1.3. Prior Work 1.2. Prior Work
[RFC4134] contains some sample certificates, as well as messages of [RFC4134] contains some sample certificates as well as messages of
various S/MIME formats. That older work has unacceptably old various S/MIME formats. That older work has unacceptably old
algorithm choices that may introduce failures when testing modern algorithm choices that may introduce failures when testing modern
systems: in 2019, some tools explicitly mark 1024-bit RSA and systems: in 2019, some tools explicitly marked 1024-bit RSA and
1024-bit DSS as weak. 1024-bit DSS as weak.
This earlier document also does not use the now widely-accepted PEM This earlier document also does not use the now widely accepted
encoding (see [RFC7468]) for the objects, and instead embeds runnable Privacy-Enhanced Mail (PEM) encoding (see [RFC7468]) for the objects
Perl code to extract them from the document. and instead embeds runnable Perl code to extract them from the
document.
It also includes examples of messages and other structures which are It also includes examples of messages and other structures that are
greater in ambition than this document intends to be. greater in ambition than this document intends to be.
[RFC8410] includes an example X25519 certificate that is certified [RFC8410] includes an example X25519 certificate that is certified
with Ed25519, but it appears to be self-issued, and it is not with Ed25519, but it appears to be self issued, and it is not
directly useful in testing an S/MIME-capable MUA. directly useful in testing an S/MIME-capable MUA.
2. Background 2. Background
2.1. Certificate Usage 2.1. Certificate Usage
These X.509 certificates ([RFC5280]) are designed for use with S/MIME These X.509 certificates ([RFC5280]) are designed for use with S/MIME
protections ([RFC8551]) for e-mail ([RFC5322]). protections ([RFC8551]) for email ([RFC5322]).
In particular, they should be usable with signed and encrypted In particular, they should be usable with signed and encrypted
messages, as part of test suites and interoperability frameworks. messages as part of test suites and interoperability frameworks.
All end-entity and intermediate CA certificates are marked with All end-entity and intermediate CA certificates are marked with
Certificate Policies from [TEST-POLICY] indicating that they are Certificate Policies from [TEST-POLICY] indicating that they are
intended only for use in testing environments. End-entity intended only for use in testing environments. End-entity
certificates are marked with policy 2.16.840.1.101.3.2.1.48.1 and certificates are marked with policy 2.16.840.1.101.3.2.1.48.1 and
intermediate CAs are marked with policy 2.16.840.1.101.3.2.1.48.2. intermediate CAs are marked with policy 2.16.840.1.101.3.2.1.48.2.
2.2. Certificate Expiration 2.2. Certificate Expiration
The certificates included in this draft expire in 2052. This should The certificates included in this document expire in 2052. This
be sufficiently far in the future that they will be useful for a few should be sufficiently far in the future that they will be useful for
decades. However, when testing tools in the far future (or when a few decades. However, when testing tools in the far future (or
playing with clock skew scenarios), care should be taken to consider when playing with clock-skew scenarios), care should be taken to
the certificate validity window. consider the certificate validity window.
Due to this lengthy expiration window, these certificates will not be Due to this lengthy expiration window, these certificates will not be
particularly useful to test or evaluate the interaction between particularly useful to test or evaluate the interaction between
certificate expiration and protected messages. certificate expiration and protected messages.
2.3. Certificate Revocation 2.3. Certificate Revocation
Because these are expected to be used in test suites or examples, and Because these are expected to be used in test suites or examples, and
we do not expect there to be online network services in these use we do not expect there to be online network services in these use
cases, we do not expect these certificates to produce any revocation cases, we do not expect these certificates to produce any revocation
artifacts. artifacts.
As a result, none of the certificates include either an OCSP As a result, none of the certificates include either an Online
indicator (see id-ad-ocsp as defined in the Authority Information Certificate Status Protocol (OCSP) indicator (see id-ad-ocsp as
Access X.509 extension in S.4.2.2.1 of [RFC5280]) or a CRL indicator defined in the Authority Information Access X.509 extension in
(see the CRL Distribution Points X.509 extension as defined in Section 4.2.2.1 of [RFC5280]) or a Certificate Revocation List (CRL)
S.4.2.1.13 of [RFC5280]). indicator (see the CRL Distribution Points X.509 extension as defined
in Section 4.2.1.13 of [RFC5280]).
2.4. Using the CA in Test Suites 2.4. Using the CA in Test Suites
To use these end-entity certificates in a piece of software (for To use these end-entity certificates in a piece of software (for
example, in a test suite or an interoperability matrix), most tools example, in a test suite or an interoperability matrix), most tools
will need to accept either the Example RSA CA (Section 3) or the will need to accept either the example RSA CA (Section 3) or the
Example Ed25519 CA (Section 6) as a legitimate root authority. example Ed25519 CA (Section 6) as a legitimate root authority.
Note that some tooling behaves differently for certificates validated Note that some tooling behaves differently for certificates validated
by "locally-installed root CAs" than for pre-installed "system-level" by "locally installed root CAs" than for pre-installed "system-level"
root CAs). For example, many common implementations of HPKP root CAs). For example, many common implementations of HTTP Public
([RFC7469]) only applied the designed protections when dealing with a Key Pinning (HPKP) ([RFC7469]) only applied the designed protections
certificate issued by a pre-installed "system-level" root CA, and when dealing with a certificate issued by a pre-installed "system-
were disabled when dealing with a certificate issued by a "locally- level" root CA and were disabled when dealing with a certificate
installed root CA". issued by a "locally installed root CA".
To test some tooling specifically, it may be necessary to install the To test some tooling specifically, it may be necessary to install the
root CA as a "system-level" root CA. root CA as a "system-level" root CA.
2.5. Certificate Chains 2.5. Certificate Chains
In most real-world examples, X.509 certificates are deployed with a In most real-world examples, X.509 certificates are deployed with a
chain of more than one X.509 certificate. In particular, there is chain of more than one X.509 certificate. In particular, there is
typically a long-lived root CA that users' software knows about upon typically a long-lived root CA that users' software knows about upon
installation, and the end-entity certificate is issued by an installation, and the end-entity certificate is issued by an
intermediate CA, which is in turn issued by the root CA. intermediate CA, which is in turn issued by the root CA.
The example end-entity certificates in this document can be used with The example end-entity certificates in this document can be used
either a simple two-link certificate chain (they are directly either with a simple two-link certificate chain (they are directly
certified by their corresponding root CA), or in a three-link chain. certified by their corresponding root CA) or in a three-link chain.
For example, Alice's encryption certificate (Section 4.3, For example, Alice's encryption certificate (alice.encrypt.crt; see
alice.encrypt.crt) can be validated by a peer that directly trusts Section 4.3) can be validated by a peer that directly trusts the
the Example RSA CA's root cert (Section 3.1, ca.rsa.crt): example RSA CA's root cert (ca.rsa.crt; see Section 3.1):
╔════════════╗ ┌───────────────────┐ +==============+ +-------------------+
ca.rsa.crt ╟─→│ alice.encrypt.crt || ca.rsa.crt ||-->| alice.encrypt.crt |
╚════════════╝ └───────────────────┘ +==============+ +-------------------+
Figure 1: Validating Alice's encryption certificate directly when
the issuing CA is a trust anchor
And it can also be validated by a peer that only directly trusts the And it can also be validated by a peer that only directly trusts the
Example Ed25519 CA's root cert (Section 6.1, ca.25519.crt), via an example Ed25519 CA's root cert (ca.25519.crt; see Section 6.1) via an
intermediate cross-signed CA cert (Section 3.3, ca.rsa.cross.crt): intermediate cross-signed CA cert (ca.rsa.cross.crt; see
Section 3.3):
+================+ +------------------+ +-------------------+
|| ca.25519.crt ||-->| ca.rsa.cross.crt |-->| alice.encrypt.crt |
+================+ +------------------+ +-------------------+
Figure 2: Validating Alice's cert from a different trust anchor
via an intermediate cross-signed CA certificate
╔══════════════╗ ┌──────────────────┐ ┌───────────────────┐
║ ca.25519.crt ╟─→│ ca.rsa.cross.crt ├─→│ alice.encrypt.crt │
╚══════════════╝ └──────────────────┘ └───────────────────┘
By omitting the cross-signed CA certs, it should be possible to test By omitting the cross-signed CA certs, it should be possible to test
a "transvalid" certificate (an end-entity certificate that is a "transvalid" certificate (an end-entity certificate that is
supplied without its intermediate certificate) in some supplied without its intermediate certificate) in some
configurations. configurations.
2.6. Passwords 2.6. Passwords
Each secret key presented in this draft is represented as a PEM- Each secret key presented in this document is represented as a PEM-
encoded PKCS#8 [RFC5958] object in cleartext form (it has no encoded PKCS #8 ([RFC5958]) object in cleartext form (it has no
password). password).
As such, the secret key objects are not suitable for verifying As such, the secret key objects are not suitable for verifying
interoperable password protection schemes. interoperable password protection schemes.
However, the PKCS#12 [RFC7292] objects do have simple textual However, the PKCS #12 ([RFC7292]) objects do have simple textual
passwords, because tooling for dealing with passwordless PKCS#12 passwords, because tooling for dealing with passwordless PKCS #12
objects is underdeveloped at the time of this draft. objects is underdeveloped at the time of this document.
2.7. Secret key origins 2.7. Secret Key Origins
The secret RSA keys in this document are all deterministically The secret RSA keys in this document are all deterministically
derived using provable prime generation as found in [FIPS186-4], derived using provable prime generation as found in [FIPS186-4] based
based on known seeds derived via [SHA256] from simple strings. The on known seeds derived via SHA-256 ([SHA]) from simple strings. The
validation parameters for these derivations are stored in the objects validation parameters for these derivations are stored in the objects
themselves as specified in [RFC8479]. themselves as specified in [RFC8479].
The secret Ed25519 and X25519 keys in this document are all derived The secret Ed25519 and X25519 keys in this document are all derived
by hashing a simple string. The seeds and their derivation are by hashing a simple string. The seeds and their derivation are
included in the document for informational purposes, and to allow re- included in the document for informational purposes and to allow
creation of the objects from appropriate tooling. recreation of the objects from appropriate tooling.
All RSA seeds used are 224 bits long (the first 224 bits of the All RSA seeds used are 224 bits long (the first 224 bits of the
SHA-256 digest of the origin string), and are represented in SHA-256 digest of the origin string) and are represented in
hexadecimal. hexadecimal.
3. Example RSA Certification Authority 3. Example RSA Certification Authority
The example RSA Certification Authority has the following The example RSA Certification Authority has the following
information: information:
* Name: Sample LAMPS RSA Certification Authority Name: Sample LAMPS RSA Certification Authority
3.1. RSA Certification Authority Root Certificate 3.1. RSA Certification Authority Root Certificate
This certificate is used to verify certificates issued by the example This certificate is used to verify certificates issued by the example
RSA Certification Authority. RSA Certification Authority.
-----BEGIN CERTIFICATE----- -----BEGIN CERTIFICATE-----
MIIDezCCAmOgAwIBAgITcBn0xb/zdaeCQlqp6yZUAGZUCDANBgkqhkiG9w0BAQ0F MIIDezCCAmOgAwIBAgITcBn0xb/zdaeCQlqp6yZUAGZUCDANBgkqhkiG9w0BAQ0F
ADBVMQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQLEwhMQU1QUyBXRzExMC8GA1UEAxMo ADBVMQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQLEwhMQU1QUyBXRzExMC8GA1UEAxMo
U2FtcGxlIExBTVBTIFJTQSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAgFw0xOTEx U2FtcGxlIExBTVBTIFJTQSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAgFw0xOTEx
skipping to change at page 9, line 38 skipping to change at line 358
PTk8cGYVO1BCHGlX8p3XYfw0xQaHxtuVCV8eYgCvAoGBAIZeiVhc0YTJOjUadz+0 PTk8cGYVO1BCHGlX8p3XYfw0xQaHxtuVCV8eYgCvAoGBAIZeiVhc0YTJOjUadz+0
vSOzA1arg5k2YCPCGf7z+ijM5rbMk7jrYixD6WMjTOkVLHDsVxMBpbA7GhL7TKy5 vSOzA1arg5k2YCPCGf7z+ijM5rbMk7jrYixD6WMjTOkVLHDsVxMBpbA7GhL7TKy5
cepBH1PVwxEIl8dqN+UoeJeBpnHo/cjJ0iCR9/aMJzI+qiUo3OMDR+UH99NIddKN cepBH1PVwxEIl8dqN+UoeJeBpnHo/cjJ0iCR9/aMJzI+qiUo3OMDR+UH99NIddKN
i75GRVLAeW0Izgt09EMEiD9joDswOQYKKwYBBAGSCBIIATErMCkGCWCGSAFlAwQC i75GRVLAeW0Izgt09EMEiD9joDswOQYKKwYBBAGSCBIIATErMCkGCWCGSAFlAwQC
AgQcpcG3hHYU7WYaawUiNRQotLfwnYzMotmTAt1i6Q== AgQcpcG3hHYU7WYaawUiNRQotLfwnYzMotmTAt1i6Q==
-----END PRIVATE KEY----- -----END PRIVATE KEY-----
This secret key was generated using provable prime generation found This secret key was generated using provable prime generation found
in [FIPS186-4] using the seed in [FIPS186-4] using the seed
a5c1b7847614ed661a6b0522351428b4b7f09d8ccca2d99302dd62e9. This seed a5c1b7847614ed661a6b0522351428b4b7f09d8ccca2d99302dd62e9. This seed
is the first 224 bits of the [SHA256] digest of the string draft- is the first 224 bits of the SHA-256 ([SHA]) digest of the string
lamps-sample-certs-keygen.ca.rsa.seed. draft-lamps-sample-certs-keygen.ca.rsa.seed.
3.3. RSA Certification Authority Cross-signed Certificate 3.3. RSA Certification Authority Cross-Signed Certificate
If an e-mail client only trusts the Ed25519 Certification Authority If an email client only trusts the Ed25519 Certification Authority
Root Certificate found in Section 6.1, they can use this intermediate Root Certificate found in Section 6.1, they can use this intermediate
CA certificate to verify any end entity certificate issued by the CA certificate to verify any end-entity certificate issued by the
example RSA Certification Authority. example RSA Certification Authority.
-----BEGIN CERTIFICATE----- -----BEGIN CERTIFICATE-----
MIIC5zCCApmgAwIBAgITcTQnnf8DUsvAdvkX7mUemYos7DAFBgMrZXAwWTENMAsG MIIC5zCCApmgAwIBAgITcTQnnf8DUsvAdvkX7mUemYos7DAFBgMrZXAwWTENMAsG
A1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxNTAzBgNVBAMTLFNhbXBsZSBM A1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxNTAzBgNVBAMTLFNhbXBsZSBM
QU1QUyBFZDI1NTE5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MCAXDTIwMTIxNTIx QU1QUyBFZDI1NTE5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MCAXDTIwMTIxNTIx
MzU0NFoYDzIwNTIwOTI3MDY1NDE4WjBVMQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQL MzU0NFoYDzIwNTIwOTI3MDY1NDE4WjBVMQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQL
EwhMQU1QUyBXRzExMC8GA1UEAxMoU2FtcGxlIExBTVBTIFJTQSBDZXJ0aWZpY2F0 EwhMQU1QUyBXRzExMC8GA1UEAxMoU2FtcGxlIExBTVBTIFJTQSBDZXJ0aWZpY2F0
aW9uIEF1dGhvcml0eTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALYY aW9uIEF1dGhvcml0eTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALYY
Y9MQVU12LQuyJDv0DQzPYb4tEmVtfa82jxJOJsCfJD1XMWsYkeNSFFf86as4/esM Y9MQVU12LQuyJDv0DQzPYb4tEmVtfa82jxJOJsCfJD1XMWsYkeNSFFf86as4/esM
skipping to change at page 10, line 28 skipping to change at line 391
EDAOMAwGCmCGSAFlAwIBMAIwDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBSRMI58 EDAOMAwGCmCGSAFlAwIBMAIwDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBSRMI58
BxcMp/EJKGU2GmccaHb0WTAfBgNVHSMEGDAWgBRropV9uhSb5C0E0Qek0YLkLmuM BxcMp/EJKGU2GmccaHb0WTAfBgNVHSMEGDAWgBRropV9uhSb5C0E0Qek0YLkLmuM
tTAFBgMrZXADQQBnQ+0eFP/BBKz8bVELVEPw9WFXwIGnyH7rrmLQJSE5GJmm7cYX tTAFBgMrZXADQQBnQ+0eFP/BBKz8bVELVEPw9WFXwIGnyH7rrmLQJSE5GJmm7cYX
FFJBGyc3NWzlxxyfJLsh0yYh04dxdM8R5hcD FFJBGyc3NWzlxxyfJLsh0yYh04dxdM8R5hcD
-----END CERTIFICATE----- -----END CERTIFICATE-----
4. Alice's Sample Certificates 4. Alice's Sample Certificates
Alice has the following information: Alice has the following information:
* Name: Alice Lovelace Name: Alice Lovelace
* E-mail Address: alice@smime.example Email Address: alice@smime.example
4.1. Alice's Signature Verification End-Entity Certificate 4.1. Alice's Signature Verification End-Entity Certificate
This certificate is used for verification of signatures made by This certificate is used for verification of signatures made by
Alice. Alice.
-----BEGIN CERTIFICATE----- -----BEGIN CERTIFICATE-----
MIIDzzCCAregAwIBAgITN0EFee11f0Kpolw69Phqzpqp1zANBgkqhkiG9w0BAQ0F MIIDzzCCAregAwIBAgITN0EFee11f0Kpolw69Phqzpqp1zANBgkqhkiG9w0BAQ0F
ADBVMQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQLEwhMQU1QUyBXRzExMC8GA1UEAxMo ADBVMQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQLEwhMQU1QUyBXRzExMC8GA1UEAxMo
U2FtcGxlIExBTVBTIFJTQSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAgFw0xOTEx U2FtcGxlIExBTVBTIFJTQSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAgFw0xOTEx
skipping to change at page 12, line 38 skipping to change at line 461
YSiayNhAK4yrf+WN66C8VPknbA7us0L1TEbAOAECgYEAtwRiiQwk3BlqENFypyc8 YSiayNhAK4yrf+WN66C8VPknbA7us0L1TEbAOAECgYEAtwRiiQwk3BlqENFypyc8
0Q1pxp3U7ciHi8mni0kNcTqe57Y/2o8nY9ISnt1GffMs79YQfRXTRdEm2St6oChI 0Q1pxp3U7ciHi8mni0kNcTqe57Y/2o8nY9ISnt1GffMs79YQfRXTRdEm2St6oChI
9Cv5j74LHZXkgEVFfO2Nq/uwSzTZkePk+HoPJo4WtAdokZgRAyyHl0gEae8Rl89e 9Cv5j74LHZXkgEVFfO2Nq/uwSzTZkePk+HoPJo4WtAdokZgRAyyHl0gEae8Rl89e
yBX7dutONALjRZFTrg18CuegOzA5BgorBgEEAZIIEggBMSswKQYJYIZIAWUDBAIC yBX7dutONALjRZFTrg18CuegOzA5BgorBgEEAZIIEggBMSswKQYJYIZIAWUDBAIC
BBySyJ1DMNPY4x1P3pudD+bp/BQhQd1lpF5bQ28F BBySyJ1DMNPY4x1P3pudD+bp/BQhQd1lpF5bQ28F
-----END PRIVATE KEY----- -----END PRIVATE KEY-----
This secret key was generated using provable prime generation found This secret key was generated using provable prime generation found
in [FIPS186-4] using the seed in [FIPS186-4] using the seed
92c89d4330d3d8e31d4fde9b9d0fe6e9fc142141dd65a45e5b436f05. This seed 92c89d4330d3d8e31d4fde9b9d0fe6e9fc142141dd65a45e5b436f05. This seed
is the first 224 bits of the [SHA256] digest of the string draft- is the first 224 bits of the SHA-256 ([SHA]) digest of the string
lamps-sample-certs-keygen.alice.sign.seed. draft-lamps-sample-certs-keygen.alice.sign.seed.
4.3. Alice's Encryption End-Entity Certificate 4.3. Alice's Encryption End-Entity Certificate
This certificate is used to encrypt messages to Alice. This certificate is used to encrypt messages to Alice.
-----BEGIN CERTIFICATE----- -----BEGIN CERTIFICATE-----
MIIDzzCCAregAwIBAgITDy0lvRE5l0rOQlSHoe49NAaKtDANBgkqhkiG9w0BAQ0F MIIDzzCCAregAwIBAgITDy0lvRE5l0rOQlSHoe49NAaKtDANBgkqhkiG9w0BAQ0F
ADBVMQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQLEwhMQU1QUyBXRzExMC8GA1UEAxMo ADBVMQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQLEwhMQU1QUyBXRzExMC8GA1UEAxMo
U2FtcGxlIExBTVBTIFJTQSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAgFw0xOTEx U2FtcGxlIExBTVBTIFJTQSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAgFw0xOTEx
MjAwNjU0MThaGA8yMDUyMDkyNzA2NTQxOFowOzENMAsGA1UEChMESUVURjERMA8G MjAwNjU0MThaGA8yMDUyMDkyNzA2NTQxOFowOzENMAsGA1UEChMESUVURjERMA8G
skipping to change at page 14, line 38 skipping to change at line 529
Ya+ecV26BzR1Vfuzs4jBnCuS4DaHgxcuWW2N6pZRAoGAWTovk3xdtE0TZvDerxUY Ya+ecV26BzR1Vfuzs4jBnCuS4DaHgxcuWW2N6pZRAoGAWTovk3xdtE0TZvDerxUY
l8hX+vwJGy7uZjegi4cFecSkOR4iekVxrEvEGhpNdEB2GqdLgp6Q6GPdalCG2wc4 l8hX+vwJGy7uZjegi4cFecSkOR4iekVxrEvEGhpNdEB2GqdLgp6Q6GPdalCG2wc4
7pojp/0inc4RtRRf3nZHaTy00bnSe/0y+t0OUbkRMtXhnViVhCcOt6BUcsHupbu2 7pojp/0inc4RtRRf3nZHaTy00bnSe/0y+t0OUbkRMtXhnViVhCcOt6BUcsHupbu2
Adub72KLk+gvASDduuatGjqgOzA5BgorBgEEAZIIEggBMSswKQYJYIZIAWUDBAIC Adub72KLk+gvASDduuatGjqgOzA5BgorBgEEAZIIEggBMSswKQYJYIZIAWUDBAIC
BBwc90hJ90RfRmxCciUfX5a3f6Bpiz6Ys/Hugge/ BBwc90hJ90RfRmxCciUfX5a3f6Bpiz6Ys/Hugge/
-----END PRIVATE KEY----- -----END PRIVATE KEY-----
This secret key was generated using provable prime generation found This secret key was generated using provable prime generation found
in [FIPS186-4] using the seed in [FIPS186-4] using the seed
1cf74849f7445f466c4272251f5f96b77fa0698b3e98b3f1ee8207bf. This seed 1cf74849f7445f466c4272251f5f96b77fa0698b3e98b3f1ee8207bf. This seed
is the first 224 bits of the [SHA256] digest of the string draft- is the first 224 bits of the SHA-256 ([SHA]) digest of the string
lamps-sample-certs-keygen.alice.encrypt.seed. draft-lamps-sample-certs-keygen.alice.encrypt.seed.
4.5. PKCS12 Object for Alice 4.5. PKCS #12 Object for Alice
This PKCS12 ([RFC7292]) object contains the same information as This PKCS #12 ([RFC7292]) object contains the same information as
presented in Section 4.1, Section 4.2, Section 4.3, Section 4.4, and presented in Sections 3.3, 4.1, 4.2, 4.3, and 4.4.
Section 3.3.
It is locked with the simple five-letter password alice. It is locked with the simple five-letter password alice.
-----BEGIN PKCS12----- -----BEGIN PKCS12-----
MIIX+AIBAzCCF8AGCSqGSIb3DQEHAaCCF7EEghetMIIXqTCCBI8GCSqGSIb3DQEH MIIX+AIBAzCCF8AGCSqGSIb3DQEHAaCCF7EEghetMIIXqTCCBI8GCSqGSIb3DQEH
BqCCBIAwggR8AgEAMIIEdQYJKoZIhvcNAQcBMBwGCiqGSIb3DQEMAQMwDgQIWQKs BqCCBIAwggR8AgEAMIIEdQYJKoZIhvcNAQcBMBwGCiqGSIb3DQEMAQMwDgQIWQKs
PyUaB9YCAhTCgIIESCsrTOUTY394FyrjkeCBSV1dw7I3o9oZN7N6Ux2KyIamsWiJ PyUaB9YCAhTCgIIESCsrTOUTY394FyrjkeCBSV1dw7I3o9oZN7N6Ux2KyIamsWiJ
77t7RL1/VSxSBLjVV8Sn5+/o3mFjr5NkyQbWuky33ySVy3HZUdZc2RTooyFEdRi8 77t7RL1/VSxSBLjVV8Sn5+/o3mFjr5NkyQbWuky33ySVy3HZUdZc2RTooyFEdRi8
x82dzEaVmab7pW4zpoG/IVR6OTizcWJOooGoE0ORim6y2G+iRZ3ePBUq0+8eSNYW x82dzEaVmab7pW4zpoG/IVR6OTizcWJOooGoE0ORim6y2G+iRZ3ePBUq0+8eSNYW
+jIWov9abdFqj9j1bQKj/Hrdje2TCdl6a9sSlTFYvIxBWUdPlZDwvCQqwiCWmXeI +jIWov9abdFqj9j1bQKj/Hrdje2TCdl6a9sSlTFYvIxBWUdPlZDwvCQqwiCWmXeI
skipping to change at page 17, line 43 skipping to change at line 674
coTqPkm/XGNMmOZ81KX/ReVdP+dC93sov2DuDZbYGPmHlD47bOOiA68GD64DEuNt coTqPkm/XGNMmOZ81KX/ReVdP+dC93sov2DuDZbYGPmHlD47bOOiA68GD64DEuNt
Q8MhWk8VRR1FqcuwB0T0bc+SIKEINkvYmDFAMBkGCSqGSIb3DQEJFDEMHgoAYQBs Q8MhWk8VRR1FqcuwB0T0bc+SIKEINkvYmDFAMBkGCSqGSIb3DQEJFDEMHgoAYQBs
AGkAYwBlMCMGCSqGSIb3DQEJFTEWBBS79syyLR0GEhyXrilqkBDTIGZmczAvMB8w AGkAYwBlMCMGCSqGSIb3DQEJFTEWBBS79syyLR0GEhyXrilqkBDTIGZmczAvMB8w
BwYFKw4DAhoEFO/nnMx9hi1oZ0S+JkJAu+H3/jPzBAj1OQCGvaJQwQICKAA= BwYFKw4DAhoEFO/nnMx9hi1oZ0S+JkJAu+H3/jPzBAj1OQCGvaJQwQICKAA=
-----END PKCS12----- -----END PKCS12-----
5. Bob's Sample 5. Bob's Sample
Bob has the following information: Bob has the following information:
* Name: Bob Babbage Name: Bob Babbage
* E-mail Address: bob@smime.example Email Address: bob@smime.example
5.1. Bob's Signature Verification End-Entity Certificate 5.1. Bob's Signature Verification End-Entity Certificate
This certificate is used for verification of signatures made by Bob. This certificate is used for verification of signatures made by Bob.
-----BEGIN CERTIFICATE----- -----BEGIN CERTIFICATE-----
MIIDyjCCArKgAwIBAgITaqOkD33fBy/kGaVsmPv8LghbwzANBgkqhkiG9w0BAQ0F MIIDyjCCArKgAwIBAgITaqOkD33fBy/kGaVsmPv8LghbwzANBgkqhkiG9w0BAQ0F
ADBVMQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQLEwhMQU1QUyBXRzExMC8GA1UEAxMo ADBVMQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQLEwhMQU1QUyBXRzExMC8GA1UEAxMo
U2FtcGxlIExBTVBTIFJTQSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAgFw0xOTEx U2FtcGxlIExBTVBTIFJTQSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAgFw0xOTEx
MjAwNjU0MThaGA8yMDUyMDkyNzA2NTQxOFowODENMAsGA1UEChMESUVURjERMA8G MjAwNjU0MThaGA8yMDUyMDkyNzA2NTQxOFowODENMAsGA1UEChMESUVURjERMA8G
skipping to change at page 19, line 38 skipping to change at line 743
iQKfXiZaquZ23T2tKvsoZz8nqg9x7U8hG3uYLV26HQKBgCOJ/C21yW25NwZ5FUdh iQKfXiZaquZ23T2tKvsoZz8nqg9x7U8hG3uYLV26HQKBgCOJ/C21yW25NwZ5FUdh
PsQmVH7+YydJaLzHS/c7PrOgQFRMdejvAku/eYJbKbUv7qsJFIG4i/IG0CfVmu/B PsQmVH7+YydJaLzHS/c7PrOgQFRMdejvAku/eYJbKbUv7qsJFIG4i/IG0CfVmu/B
ax5fbfYZtoB/0zxWaLkIEStVWaKrSKRdTrNzTAOreeJKsY4RNp6rvmpgojbmIGA1 ax5fbfYZtoB/0zxWaLkIEStVWaKrSKRdTrNzTAOreeJKsY4RNp6rvmpgojbmIGA1
Tg8Mup0xQ8F4d28rtUeynHxzoDswOQYKKwYBBAGSCBIIATErMCkGCWCGSAFlAwQC Tg8Mup0xQ8F4d28rtUeynHxzoDswOQYKKwYBBAGSCBIIATErMCkGCWCGSAFlAwQC
AgQc9K+qy7VHPzYOBqwy4AGI/kFzrhXJm88EOouPbg== AgQc9K+qy7VHPzYOBqwy4AGI/kFzrhXJm88EOouPbg==
-----END PRIVATE KEY----- -----END PRIVATE KEY-----
This secret key was generated using provable prime generation found This secret key was generated using provable prime generation found
in [FIPS186-4] using the seed in [FIPS186-4] using the seed
f4afaacbb5473f360e06ac32e00188fe4173ae15c99bcf043a8b8f6e. This seed f4afaacbb5473f360e06ac32e00188fe4173ae15c99bcf043a8b8f6e. This seed
is the first 224 bits of the [SHA256] digest of the string draft- is the first 224 bits of the SHA-256 ([SHA]) digest of the string
lamps-sample-certs-keygen.bob.sign.seed. draft-lamps-sample-certs-keygen.bob.sign.seed.
5.3. Bob's Encryption End-Entity Certificate 5.3. Bob's Encryption End-Entity Certificate
This certificate is used to encrypt messages to Bob. This certificate is used to encrypt messages to Bob.
-----BEGIN CERTIFICATE----- -----BEGIN CERTIFICATE-----
MIIDyjCCArKgAwIBAgITMHxHQA+GJjocYtLrgy+WwNeGlDANBgkqhkiG9w0BAQ0F MIIDyjCCArKgAwIBAgITMHxHQA+GJjocYtLrgy+WwNeGlDANBgkqhkiG9w0BAQ0F
ADBVMQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQLEwhMQU1QUyBXRzExMC8GA1UEAxMo ADBVMQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQLEwhMQU1QUyBXRzExMC8GA1UEAxMo
U2FtcGxlIExBTVBTIFJTQSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAgFw0xOTEx U2FtcGxlIExBTVBTIFJTQSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAgFw0xOTEx
MjAwNjU0MThaGA8yMDUyMDkyNzA2NTQxOFowODENMAsGA1UEChMESUVURjERMA8G MjAwNjU0MThaGA8yMDUyMDkyNzA2NTQxOFowODENMAsGA1UEChMESUVURjERMA8G
skipping to change at page 21, line 38 skipping to change at line 811
PtFK67WQ6yMFdWzC1gEy5YjzRjbTe/rukbP5weH1uQKBgQC+WfachEmQ3NcxSjbR PtFK67WQ6yMFdWzC1gEy5YjzRjbTe/rukbP5weH1uQKBgQC+WfachEmQ3NcxSjbR
kUxCcida8REewWh4AldU8U0gFcFxF6YwQI8I7ujtnCK2RKTECG9HCyaDXgMwfArV kUxCcida8REewWh4AldU8U0gFcFxF6YwQI8I7ujtnCK2RKTECG9HCyaDXgMwfArV
zf17a9xDJL2LQKrJ9ATeSo34o9zIkpbJL0NCHHocOqYdHU+VO2ZE4Gu8DKk3siVH zf17a9xDJL2LQKrJ9ATeSo34o9zIkpbJL0NCHHocOqYdHU+VO2ZE4Gu8DKk3siVH
XAaJ/RJSEqAIMOgwfGuHOhhto6A7MDkGCisGAQQBkggSCAExKzApBglghkgBZQME XAaJ/RJSEqAIMOgwfGuHOhhto6A7MDkGCisGAQQBkggSCAExKzApBglghkgBZQME
AgIEHJjImYZSlYkp6InjQZ87/Q7f4KyhXaMGDe34oeg= AgIEHJjImYZSlYkp6InjQZ87/Q7f4KyhXaMGDe34oeg=
-----END PRIVATE KEY----- -----END PRIVATE KEY-----
This secret key was generated using provable prime generation found This secret key was generated using provable prime generation found
in [FIPS186-4] using the seed in [FIPS186-4] using the seed
98c8998652958929e889e3419f3bfd0edfe0aca15da3060dedf8a1e8. This seed 98c8998652958929e889e3419f3bfd0edfe0aca15da3060dedf8a1e8. This seed
is the first 224 bits of the [SHA256] digest of the string draft- is the first 224 bits of the SHA-256 ([SHA]) digest of the string
lamps-sample-certs-keygen.bob.encrypt.seed. draft-lamps-sample-certs-keygen.bob.encrypt.seed.
5.5. PKCS12 Object for Bob 5.5. PKCS #12 Object for Bob
This PKCS12 ([RFC7292]) object contains the same information as This PKCS #12 ([RFC7292]) object contains the same information as
presented in Section 5.1, Section 5.2, Section 5.3, Section 5.4, and presented in Sections 3.3, 5.1, 5.2, 5.3, and 5.4.
Section 3.3.
It is locked with the simple three-letter password bob. It is locked with the simple three-letter password bob.
-----BEGIN PKCS12----- -----BEGIN PKCS12-----
MIIX6AIBAzCCF7AGCSqGSIb3DQEHAaCCF6EEghedMIIXmTCCBIcGCSqGSIb3DQEH MIIX6AIBAzCCF7AGCSqGSIb3DQEHAaCCF6EEghedMIIXmTCCBIcGCSqGSIb3DQEH
BqCCBHgwggR0AgEAMIIEbQYJKoZIhvcNAQcBMBwGCiqGSIb3DQEMAQMwDgQIe/d6 BqCCBHgwggR0AgEAMIIEbQYJKoZIhvcNAQcBMBwGCiqGSIb3DQEMAQMwDgQIe/d6
qDQ/28QCAhQGgIIEQJKA5kzRVm9d6rEwC/0RyBSgpPuSROUQTjspt6EhBZlgHc3u qDQ/28QCAhQGgIIEQJKA5kzRVm9d6rEwC/0RyBSgpPuSROUQTjspt6EhBZlgHc3u
FTCPaO5P/vpeWaCnBRarGFn3DmqA3JT+59bmRpGdiP3Zrlk2EbHi0yrd2P3UFDnX FTCPaO5P/vpeWaCnBRarGFn3DmqA3JT+59bmRpGdiP3Zrlk2EbHi0yrd2P3UFDnX
qRkkI+7pf6eOHWJRntJA+KJS8v3tZ/hpiEKAEav/Mq0IFNFyEiZpCkbKCX5auDb1 qRkkI+7pf6eOHWJRntJA+KJS8v3tZ/hpiEKAEav/Mq0IFNFyEiZpCkbKCX5auDb1
p5c3J2MNg/WNBfpGJUHKVIzuIF3H+8LfFgayRsDsppoUMffR+GmdL8nxLiqhraHD p5c3J2MNg/WNBfpGJUHKVIzuIF3H+8LfFgayRsDsppoUMffR+GmdL8nxLiqhraHD
skipping to change at page 24, line 44 skipping to change at line 957
gogzwwSaGwx9n/o6czE8MBUGCSqGSIb3DQEJFDEIHgYAYgBvAGIwIwYJKoZIhvcN gogzwwSaGwx9n/o6czE8MBUGCSqGSIb3DQEJFDEIHgYAYgBvAGIwIwYJKoZIhvcN
AQkVMRYEFBfFhHvQp+92kDi4s28IvJK1niuUMC8wHzAHBgUrDgMCGgQUgwafFeGU AQkVMRYEFBfFhHvQp+92kDi4s28IvJK1niuUMC8wHzAHBgUrDgMCGgQUgwafFeGU
n9Q1rAOUCgw+KWxk+8EECJ1vqXe6ro0FAgIoAA== n9Q1rAOUCgw+KWxk+8EECJ1vqXe6ro0FAgIoAA==
-----END PKCS12----- -----END PKCS12-----
6. Example Ed25519 Certification Authority 6. Example Ed25519 Certification Authority
The example Ed25519 Certification Authority has the following The example Ed25519 Certification Authority has the following
information: information:
* Name: Sample LAMPS Ed25519 Certification Authority Name: Sample LAMPS Ed25519 Certification Authority
6.1. Ed25519 Certification Authority Root Certificate 6.1. Ed25519 Certification Authority Root Certificate
This certificate is used to verify certificates issued by the example This certificate is used to verify certificates issued by the example
Ed25519 Certification Authority. Ed25519 Certification Authority.
-----BEGIN CERTIFICATE----- -----BEGIN CERTIFICATE-----
MIIBtzCCAWmgAwIBAgITH59R65FuWGNFHoyc0N3iWesrXzAFBgMrZXAwWTENMAsG MIIBtzCCAWmgAwIBAgITH59R65FuWGNFHoyc0N3iWesrXzAFBgMrZXAwWTENMAsG
A1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxNTAzBgNVBAMTLFNhbXBsZSBM A1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxNTAzBgNVBAMTLFNhbXBsZSBM
QU1QUyBFZDI1NTE5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MCAXDTIwMTIxNTIx QU1QUyBFZDI1NTE5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MCAXDTIwMTIxNTIx
skipping to change at page 25, line 27 skipping to change at line 986
6.2. Ed25519 Certification Authority Secret Key 6.2. Ed25519 Certification Authority Secret Key
This secret key material is used by the example Ed25519 Certification This secret key material is used by the example Ed25519 Certification
Authority to issue new certificates. Authority to issue new certificates.
-----BEGIN PRIVATE KEY----- -----BEGIN PRIVATE KEY-----
MC4CAQAwBQYDK2VwBCIEIAt889xRDvxNT8ak53T7tzKuSn6CQDe8fIdjrCiSFRcp MC4CAQAwBQYDK2VwBCIEIAt889xRDvxNT8ak53T7tzKuSn6CQDe8fIdjrCiSFRcp
-----END PRIVATE KEY----- -----END PRIVATE KEY-----
This secret key is the [SHA256] digest of the ASCII string draft- This secret key is the SHA-256 ([SHA]) digest of the ASCII string
lamps-sample-certs-keygen.ca.25519.seed. draft-lamps-sample-certs-keygen.ca.25519.seed.
6.3. Ed25519 Certification Authority Cross-signed Certificate 6.3. Ed25519 Certification Authority Cross-Signed Certificate
If an e-mail client only trusts the RSA Certification Authority Root If an email client only trusts the RSA Certification Authority Root
Certificate found in Section 3.1, they can use this intermediate CA Certificate found in Section 3.1, they can use this intermediate CA
certificate to verify any end entity certificate issued by the certificate to verify any end-entity certificate issued by the
example Ed25519 Certification Authority. example Ed25519 Certification Authority.
-----BEGIN CERTIFICATE----- -----BEGIN CERTIFICATE-----
MIICvzCCAaegAwIBAgITR49T5oAgYhF5+eBYQ3ZBZIMuujANBgkqhkiG9w0BAQsF MIICvzCCAaegAwIBAgITR49T5oAgYhF5+eBYQ3ZBZIMuujANBgkqhkiG9w0BAQsF
ADBVMQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQLEwhMQU1QUyBXRzExMC8GA1UEAxMo ADBVMQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQLEwhMQU1QUyBXRzExMC8GA1UEAxMo
U2FtcGxlIExBTVBTIFJTQSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAgFw0yMDEy U2FtcGxlIExBTVBTIFJTQSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAgFw0yMDEy
MTUyMTM1NDRaGA8yMDUyMDkyNzA2NTQxOFowWTENMAsGA1UEChMESUVURjERMA8G MTUyMTM1NDRaGA8yMDUyMDkyNzA2NTQxOFowWTENMAsGA1UEChMESUVURjERMA8G
A1UECxMITEFNUFMgV0cxNTAzBgNVBAMTLFNhbXBsZSBMQU1QUyBFZDI1NTE5IENl A1UECxMITEFNUFMgV0cxNTAzBgNVBAMTLFNhbXBsZSBMQU1QUyBFZDI1NTE5IENl
cnRpZmljYXRpb24gQXV0aG9yaXR5MCowBQYDK2VwAyEAhIFGfciP65F//Ng4oas1 cnRpZmljYXRpb24gQXV0aG9yaXR5MCowBQYDK2VwAyEAhIFGfciP65F//Ng4oas1
SGUGfkShN1Ecqfnjdk8SQwSjfDB6MA8GA1UdEwEB/wQFMAMBAf8wFwYDVR0gBBAw SGUGfkShN1Ecqfnjdk8SQwSjfDB6MA8GA1UdEwEB/wQFMAMBAf8wFwYDVR0gBBAw
skipping to change at page 26, line 27 skipping to change at line 1018
f/v99LEcsZTcuIbnJqz35danQkp4/upG4hPkfx+nbc1bsVylrITwIGOpnGhz7z3m f/v99LEcsZTcuIbnJqz35danQkp4/upG4hPkfx+nbc1bsVylrITwIGOpnGhz7z3m
VCk03DFE3Qt4w9mlv9yuMse33nmsBGXog/XZvM2JRY0iKt0xksQqQD9uYm7MoMeH VCk03DFE3Qt4w9mlv9yuMse33nmsBGXog/XZvM2JRY0iKt0xksQqQD9uYm7MoMeH
qQs3Ot7EaoPj54xyWvy42run6TLUye64D94SNjB/q/wjL96bsVIKGrRn10T1ybCh qQs3Ot7EaoPj54xyWvy42run6TLUye64D94SNjB/q/wjL96bsVIKGrRn10T1ybCh
4F5HD00hQZgP15Dlb1rg+vskN8MSk5nuD+6z1VsugioW0+k= 4F5HD00hQZgP15Dlb1rg+vskN8MSk5nuD+6z1VsugioW0+k=
-----END CERTIFICATE----- -----END CERTIFICATE-----
7. Carlos's Sample Certificates 7. Carlos's Sample Certificates
Carlos has the following information: Carlos has the following information:
* Name: Carlos Turing Name: Carlos Turing
* E-mail Address: carlos@smime.example Email Address: carlos@smime.example
7.1. Carlos's Signature Verification End-Entity Certificate 7.1. Carlos's Signature Verification End-Entity Certificate
This certificate is used for verification of signatures made by This certificate is used for verification of signatures made by
Carlos. Carlos.
-----BEGIN CERTIFICATE----- -----BEGIN CERTIFICATE-----
MIICBzCCAbmgAwIBAgITP14fVCTRtAFDeA9zwYoXhR52ljAFBgMrZXAwWTENMAsG MIICBzCCAbmgAwIBAgITP14fVCTRtAFDeA9zwYoXhR52ljAFBgMrZXAwWTENMAsG
A1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxNTAzBgNVBAMTLFNhbXBsZSBM A1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxNTAzBgNVBAMTLFNhbXBsZSBM
QU1QUyBFZDI1NTE5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MCAXDTIwMTIxNTIx QU1QUyBFZDI1NTE5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MCAXDTIwMTIxNTIx
skipping to change at page 27, line 13 skipping to change at line 1049
-----END CERTIFICATE----- -----END CERTIFICATE-----
7.2. Carlos's Signing Private Key Material 7.2. Carlos's Signing Private Key Material
This private key material is used by Carlos to create signatures. This private key material is used by Carlos to create signatures.
-----BEGIN PRIVATE KEY----- -----BEGIN PRIVATE KEY-----
MC4CAQAwBQYDK2VwBCIEILvvxL741LfX+Ep3Iyye3Cjr4JmONIVYhZPM4M9N1IHY MC4CAQAwBQYDK2VwBCIEILvvxL741LfX+Ep3Iyye3Cjr4JmONIVYhZPM4M9N1IHY
-----END PRIVATE KEY----- -----END PRIVATE KEY-----
This secret key is the [SHA256] digest of the ASCII string draft- This secret key is the SHA-256 ([SHA]) digest of the ASCII string
lamps-sample-certs-keygen.carlos.sign.25519.seed. draft-lamps-sample-certs-keygen.carlos.sign.25519.seed.
7.3. Carlos's Encryption End-Entity Certificate 7.3. Carlos's Encryption End-Entity Certificate
This certificate is used to encrypt messages to Carlos. It contains This certificate is used to encrypt messages to Carlos. It contains
an SMIMECapabilities extension to indicate that Carlos's MUA expects an SMIMECapabilities extension to indicate that Carlos's MUA expects
ECDH with HKDF using SHA-256; uses AES-128 key wrap, as indicated in Elliptic Curve Diffie-Hellman (ECDH) with the HMAC-based Key
[RFC8418]. Derivation Function (HKDF) using SHA-256, and that it uses the
AES-128 key wrap algorithm, as indicated in [RFC8418].
-----BEGIN CERTIFICATE----- -----BEGIN CERTIFICATE-----
MIICNDCCAeagAwIBAgITfz0Bv+b1OMAT79aCh3arViNvhDAFBgMrZXAwWTENMAsG MIICNDCCAeagAwIBAgITfz0Bv+b1OMAT79aCh3arViNvhDAFBgMrZXAwWTENMAsG
A1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxNTAzBgNVBAMTLFNhbXBsZSBM A1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxNTAzBgNVBAMTLFNhbXBsZSBM
QU1QUyBFZDI1NTE5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MCAXDTIwMTIxNTIx QU1QUyBFZDI1NTE5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MCAXDTIwMTIxNTIx
MzU0NFoYDzIwNTIxMjE1MjEzNTQ0WjA6MQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQL MzU0NFoYDzIwNTIxMjE1MjEzNTQ0WjA6MQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQL
EwhMQU1QUyBXRzEWMBQGA1UEAxMNQ2FybG9zIFR1cmluZzAqMAUGAytlbgMhAC5o EwhMQU1QUyBXRzEWMBQGA1UEAxMNQ2FybG9zIFR1cmluZzAqMAUGAytlbgMhAC5o
MczTIMiddTUYTc/WymEqXw8hZm1QbIz2xX2gFDx0o4HdMIHaMCsGCSqGSIb3DQEJ MczTIMiddTUYTc/WymEqXw8hZm1QbIz2xX2gFDx0o4HdMIHaMCsGCSqGSIb3DQEJ
DwQeMBwwGgYLKoZIhvcNAQkQAxMwCwYJYIZIAWUDBAEFMAwGA1UdEwEB/wQCMAAw DwQeMBwwGgYLKoZIhvcNAQkQAxMwCwYJYIZIAWUDBAEFMAwGA1UdEwEB/wQCMAAw
FwYDVR0gBBAwDjAMBgpghkgBZQMCATABMB8GA1UdEQQYMBaBFGNhcmxvc0BzbWlt FwYDVR0gBBAwDjAMBgpghkgBZQMCATABMB8GA1UdEQQYMBaBFGNhcmxvc0BzbWlt
skipping to change at page 27, line 46 skipping to change at line 1083
-----END CERTIFICATE----- -----END CERTIFICATE-----
7.4. Carlos's Decryption Private Key Material 7.4. Carlos's Decryption Private Key Material
This private key material is used by Carlos to decrypt messages. This private key material is used by Carlos to decrypt messages.
-----BEGIN PRIVATE KEY----- -----BEGIN PRIVATE KEY-----
MC4CAQAwBQYDK2VuBCIEIIH5782H/otrhLy9Dtvzt79ffsvpcVXgdUczTdUvSQsK MC4CAQAwBQYDK2VuBCIEIIH5782H/otrhLy9Dtvzt79ffsvpcVXgdUczTdUvSQsK
-----END PRIVATE KEY----- -----END PRIVATE KEY-----
This secret key is the [SHA256] digest of the ASCII string draft- This secret key is the SHA-256 ([SHA]) digest of the ASCII string
lamps-sample-certs-keygen.carlos.encrypt.25519.seed. draft-lamps-sample-certs-keygen.carlos.encrypt.25519.seed.
7.5. PKCS12 Object for Carlos 7.5. PKCS #12 Object for Carlos
This PKCS12 ([RFC7292]) object contains the same information as This PKCS #12 ([RFC7292]) object contains the same information as
presented in Section 7.1, Section 7.2, Section 7.3, Section 7.4, and presented in Sections 6.3, 7.1, 7.2, 7.3, and 7.4.
Section 6.3.
It is locked with the simple five-letter password carlos. It is locked with the simple five-letter password carlos.
-----BEGIN PKCS12----- -----BEGIN PKCS12-----
MIIKzgIBAzCCCpYGCSqGSIb3DQEHAaCCCocEggqDMIIKfzCCAvcGCSqGSIb3DQEH MIIKzgIBAzCCCpYGCSqGSIb3DQEHAaCCCocEggqDMIIKfzCCAvcGCSqGSIb3DQEH
BqCCAugwggLkAgEAMIIC3QYJKoZIhvcNAQcBMBwGCiqGSIb3DQEMAQMwDgQIwS3R BqCCAugwggLkAgEAMIIC3QYJKoZIhvcNAQcBMBwGCiqGSIb3DQEMAQMwDgQIwS3R
pT1mkyMCAhS7gIICsGKkBm0nci9VHfqxOTWy/lkKyQeF5bwsF/9gZrqUym1KtHZF pT1mkyMCAhS7gIICsGKkBm0nci9VHfqxOTWy/lkKyQeF5bwsF/9gZrqUym1KtHZF
a4rSJIPUctmzqVnhGmfW9m+LEi7Em9rRmUIQbDZt4kQDG5eDk7AdhyDnB3uZDG1W a4rSJIPUctmzqVnhGmfW9m+LEi7Em9rRmUIQbDZt4kQDG5eDk7AdhyDnB3uZDG1W
4cAeUVXJMzGfnwtzy5TzBZzEo5nnVX74Al+PDW9wdpbv2TIriL0m29fBT+7HVS9F 4cAeUVXJMzGfnwtzy5TzBZzEo5nnVX74Al+PDW9wdpbv2TIriL0m29fBT+7HVS9F
Z/95XokSwbb6mmCYeGiPpNEaoeUeuU4zrh/k+JJqDuqNsU66I30wH0CFmk3aarBV Z/95XokSwbb6mmCYeGiPpNEaoeUeuU4zrh/k+JJqDuqNsU66I30wH0CFmk3aarBV
skipping to change at page 29, line 29 skipping to change at line 1158
AhS1BDgZruEsSaBY+Cm9WKR8HhH3JXh+AoMSrwkDCKytWt+MNIXB0jY2QZHDbN3u AhS1BDgZruEsSaBY+Cm9WKR8HhH3JXh+AoMSrwkDCKytWt+MNIXB0jY2QZHDbN3u
Fn7qHw06MDthnKniazFCMBsGCSqGSIb3DQEJFDEOHgwAYwBhAHIAbABvAHMwIwYJ Fn7qHw06MDthnKniazFCMBsGCSqGSIb3DQEJFDEOHgwAYwBhAHIAbABvAHMwIwYJ
KoZIhvcNAQkVMRYEFGSF4zucHVrN5gu6Gn8IvsSczIQ/MC8wHzAHBgUrDgMCGgQU KoZIhvcNAQkVMRYEFGSF4zucHVrN5gu6Gn8IvsSczIQ/MC8wHzAHBgUrDgMCGgQU
8nOYIWrnJVXEur957K5cCV3jx5cECJDjaZkfy4FnAgIoAA== 8nOYIWrnJVXEur957K5cCV3jx5cECJDjaZkfy4FnAgIoAA==
-----END PKCS12----- -----END PKCS12-----
8. Dana's Sample Certificates 8. Dana's Sample Certificates
Dana has the following information: Dana has the following information:
* Name: Dana Hopper Name: Dana Hopper
* E-mail Address: dna@smime.example Email Address: dna@smime.example
8.1. Dana's Signature Verification End-Entity Certificate 8.1. Dana's Signature Verification End-Entity Certificate
This certificate is used for verification of signatures made by Dana. This certificate is used for verification of signatures made by Dana.
-----BEGIN CERTIFICATE----- -----BEGIN CERTIFICATE-----
MIICAzCCAbWgAwIBAgITaWZI+hVtn8pQZviAmPmBXzWfnjAFBgMrZXAwWTENMAsG MIICAzCCAbWgAwIBAgITaWZI+hVtn8pQZviAmPmBXzWfnjAFBgMrZXAwWTENMAsG
A1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxNTAzBgNVBAMTLFNhbXBsZSBM A1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxNTAzBgNVBAMTLFNhbXBsZSBM
QU1QUyBFZDI1NTE5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MCAXDTIwMTIxNTIx QU1QUyBFZDI1NTE5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MCAXDTIwMTIxNTIx
MzU0NFoYDzIwNTIxMjE1MjEzNTQ0WjA4MQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQL MzU0NFoYDzIwNTIxMjE1MjEzNTQ0WjA4MQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQL
skipping to change at page 30, line 13 skipping to change at line 1188
-----END CERTIFICATE----- -----END CERTIFICATE-----
8.2. Dana's Signing Private Key Material 8.2. Dana's Signing Private Key Material
This private key material is used by Dana to create signatures. This private key material is used by Dana to create signatures.
-----BEGIN PRIVATE KEY----- -----BEGIN PRIVATE KEY-----
MC4CAQAwBQYDK2VwBCIEINZ8GPfmQh2AMp+uNIsZMbzvyTOltwvEt13usjnUaW4N MC4CAQAwBQYDK2VwBCIEINZ8GPfmQh2AMp+uNIsZMbzvyTOltwvEt13usjnUaW4N
-----END PRIVATE KEY----- -----END PRIVATE KEY-----
This secret key is the [SHA256] digest of the ASCII string draft- This secret key is the SHA-256 ([SHA]) digest of the ASCII string
lamps-sample-certs-keygen.dana.sign.25519.seed. draft-lamps-sample-certs-keygen.dana.sign.25519.seed.
8.3. Dana's Encryption End-Entity Certificate 8.3. Dana's Encryption End-Entity Certificate
This certificate is used to encrypt messages to Dana. It contains an This certificate is used to encrypt messages to Dana. It contains an
SMIMECapabilities extension to indicate that Dana's MUA expects ECDH SMIMECapabilities extension to indicate that Dana's MUA expects ECDH
with HKDF using SHA-256; uses AES-128 key wrap, as indicated in with HKDF using SHA-256, and that it uses the AES-128 key wrap
[RFC8418]. algorithm, as indicated in [RFC8418].
-----BEGIN CERTIFICATE----- -----BEGIN CERTIFICATE-----
MIICMDCCAeKgAwIBAgITDksKNqnvupyaO2gkjlIdwN7zpzAFBgMrZXAwWTENMAsG MIICMDCCAeKgAwIBAgITDksKNqnvupyaO2gkjlIdwN7zpzAFBgMrZXAwWTENMAsG
A1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxNTAzBgNVBAMTLFNhbXBsZSBM A1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxNTAzBgNVBAMTLFNhbXBsZSBM
QU1QUyBFZDI1NTE5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MCAXDTIwMTIxNTIx QU1QUyBFZDI1NTE5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MCAXDTIwMTIxNTIx
MzU0NFoYDzIwNTIxMjE1MjEzNTQ0WjA4MQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQL MzU0NFoYDzIwNTIxMjE1MjEzNTQ0WjA4MQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQL
EwhMQU1QUyBXRzEUMBIGA1UEAxMLRGFuYSBIb3BwZXIwKjAFBgMrZW4DIQDgMaI2 EwhMQU1QUyBXRzEUMBIGA1UEAxMLRGFuYSBIb3BwZXIwKjAFBgMrZW4DIQDgMaI2
AWkU9LG8CvaRHgDSEY9d72Y8ENZeMwibPugkVKOB2zCB2DArBgkqhkiG9w0BCQ8E AWkU9LG8CvaRHgDSEY9d72Y8ENZeMwibPugkVKOB2zCB2DArBgkqhkiG9w0BCQ8E
HjAcMBoGCyqGSIb3DQEJEAMTMAsGCWCGSAFlAwQBBTAMBgNVHRMBAf8EAjAAMBcG HjAcMBoGCyqGSIb3DQEJEAMTMAsGCWCGSAFlAwQBBTAMBgNVHRMBAf8EAjAAMBcG
A1UdIAQQMA4wDAYKYIZIAWUDAgEwATAdBgNVHREEFjAUgRJkYW5hQHNtaW1lLmV4 A1UdIAQQMA4wDAYKYIZIAWUDAgEwATAdBgNVHREEFjAUgRJkYW5hQHNtaW1lLmV4
skipping to change at page 30, line 46 skipping to change at line 1221
-----END CERTIFICATE----- -----END CERTIFICATE-----
8.4. Dana's Decryption Private Key Material 8.4. Dana's Decryption Private Key Material
This private key material is used by Dana to decrypt messages. This private key material is used by Dana to decrypt messages.
-----BEGIN PRIVATE KEY----- -----BEGIN PRIVATE KEY-----
MC4CAQAwBQYDK2VuBCIEIGxZt8L7lY48OEq4gs/smQ4weDhRNMlYHG21StivPfz3 MC4CAQAwBQYDK2VuBCIEIGxZt8L7lY48OEq4gs/smQ4weDhRNMlYHG21StivPfz3
-----END PRIVATE KEY----- -----END PRIVATE KEY-----
This seed is the [SHA256] digest of the ASCII string draft-lamps- This seed is the SHA-256 ([SHA]) digest of the ASCII string draft-
sample-certs-keygen.dana.encrypt.25519.seed. lamps-sample-certs-keygen.dana.encrypt.25519.seed.
8.5. PKCS12 Object for Dana 8.5. PKCS #12 Object for Dana
This PKCS12 ([RFC7292]) object contains the same information as This PKCS #12 ([RFC7292]) object contains the same information as
presented in Section 8.1, Section 8.2, Section 8.3, Section 8.4, and presented in Sections 6.3, 8.1, 8.2, 8.3, and 8.4.
Section 6.3.
It is locked with the simple four-letter password dana. It is locked with the simple four-letter password dana.
-----BEGIN PKCS12----- -----BEGIN PKCS12-----
MIIKtgIBAzCCCn4GCSqGSIb3DQEHAaCCCm8EggprMIIKZzCCAu8GCSqGSIb3DQEH MIIKtgIBAzCCCn4GCSqGSIb3DQEHAaCCCm8EggprMIIKZzCCAu8GCSqGSIb3DQEH
BqCCAuAwggLcAgEAMIIC1QYJKoZIhvcNAQcBMBwGCiqGSIb3DQEMAQMwDgQIZNqH BqCCAuAwggLcAgEAMIIC1QYJKoZIhvcNAQcBMBwGCiqGSIb3DQEMAQMwDgQIZNqH
TA2APx0CAhQXgIICqK+HFHF6dF5qwlWM6MRCXw11VKrcYBff65iLABPyGvWENnVM TA2APx0CAhQXgIICqK+HFHF6dF5qwlWM6MRCXw11VKrcYBff65iLABPyGvWENnVM
TTPpDLqbGm6Yd2eLntPZvJoVe5Sf2+DW4q3BZ9aKuEdneBBk8mDJ6/Lq1+wFxY5k TTPpDLqbGm6Yd2eLntPZvJoVe5Sf2+DW4q3BZ9aKuEdneBBk8mDJ6/Lq1+wFxY5k
WaBHTA6LNml/NkM3za/fr4abKFQnu6DZgZDGbZh2BsgCMmO9TeHgZyepsh3WP4ZO WaBHTA6LNml/NkM3za/fr4abKFQnu6DZgZDGbZh2BsgCMmO9TeHgZyepsh3WP4ZO
aYDvSD0LiEzerDPlOBgjYahcNLjv/Dn/dFxtOO3or010TTUoQCqeHJOoq3hJtSI+ aYDvSD0LiEzerDPlOBgjYahcNLjv/Dn/dFxtOO3or010TTUoQCqeHJOoq3hJtSI+
skipping to change at page 32, line 31 skipping to change at line 1298
zAawM6xXMt2WMC8wHzAHBgUrDgMCGgQUzSoHpcIerV21CvCOjAe5ZVhs2M8ECC5D zAawM6xXMt2WMC8wHzAHBgUrDgMCGgQUzSoHpcIerV21CvCOjAe5ZVhs2M8ECC5D
kkzl2MltAgIoAA== kkzl2MltAgIoAA==
-----END PKCS12----- -----END PKCS12-----
9. Security Considerations 9. Security Considerations
The keys presented in this document should be considered compromised The keys presented in this document should be considered compromised
and insecure, because the secret key material is published and and insecure, because the secret key material is published and
therefore not secret. therefore not secret.
Any application which maintains a denylist of invalid key material Any application that maintains a deny list of invalid key material
should include these keys in its list. should include these keys in its list.
10. IANA Considerations 10. IANA Considerations
IANA has nothing to do for this document. This document has no IANA actions.
11. Document Considerations
[ RFC Editor: please remove this section before publication ]
This document is currently edited as markdown. Minor editorial
changes can be suggested via merge requests at
https://gitlab.com/dkg/lamps-samples or by e-mail to the author.
Please direct all significant commentary to the public IETF LAMPS
mailing list: spasm@ietf.org
11.1. Document History
11.1.1. Substantive Changes from draft-ietf-*-07 to draft-ietf-*-08
* Apply editorial cleanup suggested during review
11.1.2. Substantive Changes from draft-ietf-*-06 to draft-ietf-*-07
* Correct document history
* Restore PKCS12 for dana and bob from -05
11.1.3. Substantive Changes from draft-ietf-*-05 to draft-ietf-*-06
* Added outbound references for acronyms PEM, CRL, and OCSP, thanks
Stewart Brant.
* Accidentally modified PKCS12 for dana and bob
11.1.4. Substantive Changes from draft-ietf-*-04 to draft-ietf-*-05
* Switch from SHA512 to SHA1 as MAC checksum in PKCS#12 objects, for
interop with Keychain Access on macOS.
11.1.5. Substantive Changes from draft-ietf-*-03 to draft-ietf-*-04
* Order subject/issuer DN components by scope.
* Put cross-signed intermediate CA certificates into PKCS#12 instead
of self-signed root CA certificates.
11.1.6. Substantive Changes from draft-ietf-*-02 to draft-ietf-*-03
* Correct encoding of S/MIME Capabilities extension.
* Change "Certificate Authority" to "Certification Authority".
* Add CertificatePolicies to all intermediate and end-entity
certificates.
* Add organization and organizational unit to all certificates.
11.1.7. Substantive Changes from draft-ietf-*-01 to draft-ietf-*-02
* Added cross-signed certificates for both CAs
* Added S/MIME Capabilities extension for Carlos and Dana's
encryption keys, indicating preferred ECDH parameters.
* Ensure no serial numbers are negative.
* Encode keyUsage extensions in minimum-length BIT STRINGs.
11.1.8. Substantive Changes from draft-ietf-*-00 to draft-ietf-*-01
* Added Curve25519 sample certificates (new CA, Carlos, and Dana)
11.1.9. Substantive Changes from draft-dkg-*-05 to draft-ietf-*-00
* WG adoption (dkg moves from Author to Editor)
11.1.10. Substantive Changes from draft-dkg-*-04 to draft-dkg-*-05
* PEM blobs are now sourcecode, not artwork
11.1.11. Substantive Changes from draft-dkg-*-03 to draft-dkg-*-04
* Describe deterministic key generation
* label PEM blobs with filenames in XML
11.1.12. Substantive Changes from draft-dkg-*-02 to draft-dkg-*-03
* Alice and Bob now each have two distinct certificates: one for
signing, one for encryption, and public keys to match.
11.1.13. Substantive Changes from draft-dkg-*-01 to draft-dkg-*-02
* PKCS#12 objects are deliberately locked with simple passphrases
11.1.14. Substantive Changes from draft-dkg-*-00 to draft-dkg-*-01
* changed all three keys to use RSA instead of RSA-PSS
* set keyEncipherment keyUsage flag instead of dataEncipherment in
EE certs
12. Acknowledgements
This draft was inspired by similar work in the OpenPGP space by
Bjarni Runar and juga at [I-D.bre-openpgp-samples].
Eric Rescorla helped spot issues with certificate formats.
Sean Turner pointed to [RFC4134] as prior work.
Deb Cooley suggested that Alice and Bob should have separate
certificates for signing and encryption.
Wolfgang Hommel helped to build reproducible encrypted PKCS#12
objects.
Carsten Bormann got the XML sourcecode markup working for this draft.
David A. Cooper identified problems with the certificates and
suggested corrections.
Lijun Liao helped get the terminology right.
Stewart Brant and Roman Danyliw provided editorial suggestions.
13. References
13.1. Normative References 11. References
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 11.1. Normative References
Requirement Levels", BCP 14, RFC 2119,
DOI 10.17487/RFC2119, March 1997,
<https://www.rfc-editor.org/info/rfc2119>.
[RFC5280] Cooper, D., Santesson, S., Farrell, S., Boeyen, S., [RFC5280] Cooper, D., Santesson, S., Farrell, S., Boeyen, S.,
Housley, R., and W. Polk, "Internet X.509 Public Key Housley, R., and W. Polk, "Internet X.509 Public Key
Infrastructure Certificate and Certificate Revocation List Infrastructure Certificate and Certificate Revocation List
(CRL) Profile", RFC 5280, DOI 10.17487/RFC5280, May 2008, (CRL) Profile", RFC 5280, DOI 10.17487/RFC5280, May 2008,
<https://www.rfc-editor.org/info/rfc5280>. <https://www.rfc-editor.org/info/rfc5280>.
[RFC5958] Turner, S., "Asymmetric Key Packages", RFC 5958, [RFC5958] Turner, S., "Asymmetric Key Packages", RFC 5958,
DOI 10.17487/RFC5958, August 2010, DOI 10.17487/RFC5958, August 2010,
<https://www.rfc-editor.org/info/rfc5958>. <https://www.rfc-editor.org/info/rfc5958>.
skipping to change at page 35, line 47 skipping to change at line 1333
[RFC7468] Josefsson, S. and S. Leonard, "Textual Encodings of PKIX, [RFC7468] Josefsson, S. and S. Leonard, "Textual Encodings of PKIX,
PKCS, and CMS Structures", RFC 7468, DOI 10.17487/RFC7468, PKCS, and CMS Structures", RFC 7468, DOI 10.17487/RFC7468,
April 2015, <https://www.rfc-editor.org/info/rfc7468>. April 2015, <https://www.rfc-editor.org/info/rfc7468>.
[RFC8032] Josefsson, S. and I. Liusvaara, "Edwards-Curve Digital [RFC8032] Josefsson, S. and I. Liusvaara, "Edwards-Curve Digital
Signature Algorithm (EdDSA)", RFC 8032, Signature Algorithm (EdDSA)", RFC 8032,
DOI 10.17487/RFC8032, January 2017, DOI 10.17487/RFC8032, January 2017,
<https://www.rfc-editor.org/info/rfc8032>. <https://www.rfc-editor.org/info/rfc8032>.
[RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC
2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174,
May 2017, <https://www.rfc-editor.org/info/rfc8174>.
[RFC8479] Mavrogiannopoulos, N., "Storing Validation Parameters in [RFC8479] Mavrogiannopoulos, N., "Storing Validation Parameters in
PKCS#8", RFC 8479, DOI 10.17487/RFC8479, September 2018, PKCS#8", RFC 8479, DOI 10.17487/RFC8479, September 2018,
<https://www.rfc-editor.org/info/rfc8479>. <https://www.rfc-editor.org/info/rfc8479>.
[RFC8551] Schaad, J., Ramsdell, B., and S. Turner, "Secure/ [RFC8551] Schaad, J., Ramsdell, B., and S. Turner, "Secure/
Multipurpose Internet Mail Extensions (S/MIME) Version 4.0 Multipurpose Internet Mail Extensions (S/MIME) Version 4.0
Message Specification", RFC 8551, DOI 10.17487/RFC8551, Message Specification", RFC 8551, DOI 10.17487/RFC8551,
April 2019, <https://www.rfc-editor.org/info/rfc8551>. April 2019, <https://www.rfc-editor.org/info/rfc8551>.
13.2. Informative References 11.2. Informative References
[FIPS186-4] [FIPS186-4]
"Digital Signature Standard (DSS)", National Institute of National Institute of Standards and Technology (NIST),
Standards and Technology report, "Digital Signature Standard (DSS)", FIPS PUB 186-4,
DOI 10.6028/nist.fips.186-4, July 2013, DOI 10.6028/NIST.FIPS.186-4, July 2013,
<https://doi.org/10.6028/nist.fips.186-4>. <https://doi.org/10.6028/NIST.FIPS.186-4>.
[I-D.bre-openpgp-samples] [OPENPGP-SAMPLES]
Einarsson, B. R., juga, and D. K. Gillmor, "OpenPGP Einarsson, B. R., juga, and D. K. Gillmor, "OpenPGP
Example Keys and Certificates", Work in Progress, Example Keys and Certificates", Work in Progress,
Internet-Draft, draft-bre-openpgp-samples-01, 20 December Internet-Draft, draft-bre-openpgp-samples-01, 20 December
2019, <https://www.ietf.org/archive/id/draft-bre-openpgp- 2019, <https://datatracker.ietf.org/doc/html/draft-bre-
samples-01.txt>. openpgp-samples-01>.
[RFC4134] Hoffman, P., Ed., "Examples of S/MIME Messages", RFC 4134, [RFC4134] Hoffman, P., Ed., "Examples of S/MIME Messages", RFC 4134,
DOI 10.17487/RFC4134, July 2005, DOI 10.17487/RFC4134, July 2005,
<https://www.rfc-editor.org/info/rfc4134>. <https://www.rfc-editor.org/info/rfc4134>.
[RFC5322] Resnick, P., Ed., "Internet Message Format", RFC 5322, [RFC5322] Resnick, P., Ed., "Internet Message Format", RFC 5322,
DOI 10.17487/RFC5322, October 2008, DOI 10.17487/RFC5322, October 2008,
<https://www.rfc-editor.org/info/rfc5322>. <https://www.rfc-editor.org/info/rfc5322>.
[RFC7469] Evans, C., Palmer, C., and R. Sleevi, "Public Key Pinning [RFC7469] Evans, C., Palmer, C., and R. Sleevi, "Public Key Pinning
skipping to change at page 37, line 5 skipping to change at line 1381
X.509 Public Key Infrastructure", RFC 8410, X.509 Public Key Infrastructure", RFC 8410,
DOI 10.17487/RFC8410, August 2018, DOI 10.17487/RFC8410, August 2018,
<https://www.rfc-editor.org/info/rfc8410>. <https://www.rfc-editor.org/info/rfc8410>.
[RFC8418] Housley, R., "Use of the Elliptic Curve Diffie-Hellman Key [RFC8418] Housley, R., "Use of the Elliptic Curve Diffie-Hellman Key
Agreement Algorithm with X25519 and X448 in the Agreement Algorithm with X25519 and X448 in the
Cryptographic Message Syntax (CMS)", RFC 8418, Cryptographic Message Syntax (CMS)", RFC 8418,
DOI 10.17487/RFC8418, August 2018, DOI 10.17487/RFC8418, August 2018,
<https://www.rfc-editor.org/info/rfc8418>. <https://www.rfc-editor.org/info/rfc8418>.
[SHA256] Dang, Q., "Secure Hash Standard", National Institute of [SHA] National Institute of Standards and Technology (NIST),
Standards and Technology report, "Secure Hash Standard (SHS)", FIPS PUB 180-4,
DOI 10.6028/nist.fips.180-4, July 2015, DOI 10.6028/NIST.FIPS.180-4, August 2015,
<https://doi.org/10.6028/nist.fips.180-4>. <https://doi.org/10.6028/NIST.FIPS.180-4>.
[TEST-POLICY] [TEST-POLICY]
NIST - Computer Security Divisiion (CSD), "Test National Institute of Standards and Technology (NIST),
Certificate Policy to Support PKI Pilots and Testing", May "Test Certificate Policy to Support PKI Pilots and
2012, <https://csrc.nist.gov/CSRC/media/Projects/Computer- Testing", Computer Security Resource Center, May 2012,
<https://csrc.nist.gov/CSRC/media/Projects/Computer-
Security-Objects-Register/documents/test_policy.pdf>. Security-Objects-Register/documents/test_policy.pdf>.
Acknowledgements
This document was inspired by similar work in the OpenPGP space by
Bjarni Rúnar Einarsson and juga; see [OPENPGP-SAMPLES].
Eric Rescorla helped spot issues with certificate formats.
Sean Turner pointed to [RFC4134] as prior work.
Deb Cooley suggested that Alice and Bob should have separate
certificates for signing and encryption.
Wolfgang Hommel helped to build reproducible encrypted PKCS #12
objects.
Carsten Bormann got the XML sourcecode markup working for this
document.
David A. Cooper identified problems with the certificates and
suggested corrections.
Lijun Liao helped get the terminology right.
Stewart Bryant and Roman Danyliw provided editorial suggestions.
Author's Address Author's Address
Daniel Kahn Gillmor (editor) Daniel Kahn Gillmor (editor)
American Civil Liberties Union American Civil Liberties Union
125 Broad St. 125 Broad St.
New York, NY, 10004 New York, NY 10004
United States of America United States of America
Email: dkg@fifthhorseman.net Email: dkg@fifthhorseman.net
 End of changes. 87 change blocks. 
385 lines changed or deleted 247 lines changed or added

This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/