idnits 2.17.00 (12 Aug 2021) /tmp/idnits33511/draft-dkg-lamps-samples-01.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document date (21 November 2019) is 912 days in the past. Is this intentional? Checking references for intended status: Informational ---------------------------------------------------------------------------- == Outdated reference: A later version (-01) exists of draft-bre-openpgp-samples-00 Summary: 0 errors (**), 0 flaws (~~), 2 warnings (==), 1 comment (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 lamps D.K. Gillmor 3 Internet-Draft ACLU 4 Intended status: Informational 21 November 2019 5 Expires: 24 May 2020 7 S/MIME Example Keys and Certificates 8 draft-dkg-lamps-samples-01 10 Abstract 12 The S/MIME development community benefits from sharing samples of 13 signed or encrypted data. This document facilitates such 14 collaboration by defining a small set of X.509v3 certificates and 15 keys for use when generating such samples. 17 Status of This Memo 19 This Internet-Draft is submitted in full conformance with the 20 provisions of BCP 78 and BCP 79. 22 Internet-Drafts are working documents of the Internet Engineering 23 Task Force (IETF). Note that other groups may also distribute 24 working documents as Internet-Drafts. The list of current Internet- 25 Drafts is at https://datatracker.ietf.org/drafts/current/. 27 Internet-Drafts are draft documents valid for a maximum of six months 28 and may be updated, replaced, or obsoleted by other documents at any 29 time. It is inappropriate to use Internet-Drafts as reference 30 material or to cite them other than as "work in progress." 32 This Internet-Draft will expire on 24 May 2020. 34 Copyright Notice 36 Copyright (c) 2019 IETF Trust and the persons identified as the 37 document authors. All rights reserved. 39 This document is subject to BCP 78 and the IETF Trust's Legal 40 Provisions Relating to IETF Documents (https://trustee.ietf.org/ 41 license-info) in effect on the date of publication of this document. 42 Please review these documents carefully, as they describe your rights 43 and restrictions with respect to this document. Code Components 44 extracted from this document must include Simplified BSD License text 45 as described in Section 4.e of the Trust Legal Provisions and are 46 provided without warranty as described in the Simplified BSD License. 48 Table of Contents 50 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 51 1.1. Requirements Language . . . . . . . . . . . . . . . . . . 3 52 1.2. Terminology . . . . . . . . . . . . . . . . . . . . . . . 3 53 2. Background . . . . . . . . . . . . . . . . . . . . . . . . . 3 54 2.1. Certificate Usage . . . . . . . . . . . . . . . . . . . . 3 55 2.2. Certificate Expiration . . . . . . . . . . . . . . . . . 3 56 2.3. Certificate Revocation . . . . . . . . . . . . . . . . . 4 57 2.4. Using the CA in Test Suites . . . . . . . . . . . . . . . 4 58 2.5. Certificate Chains . . . . . . . . . . . . . . . . . . . 4 59 2.6. Passwords . . . . . . . . . . . . . . . . . . . . . . . . 4 60 3. Example Certificate Authority . . . . . . . . . . . . . . . . 5 61 3.1. Certificate Authority Certificate . . . . . . . . . . . . 5 62 3.2. Certificate Authority Secret Key . . . . . . . . . . . . 5 63 4. Alice's Sample . . . . . . . . . . . . . . . . . . . . . . . 6 64 4.1. Alice's End-Entity Certificate . . . . . . . . . . . . . 6 65 4.2. Alice's Private Key Material . . . . . . . . . . . . . . 7 66 4.3. PKCS12 Object for Alice . . . . . . . . . . . . . . . . . 8 67 5. Bob's Sample . . . . . . . . . . . . . . . . . . . . . . . . 10 68 5.1. Bob's End-Entity Certificate . . . . . . . . . . . . . . 10 69 5.2. Bob's Private Key Material . . . . . . . . . . . . . . . 10 70 5.3. PKCS12 Object for Bob . . . . . . . . . . . . . . . . . . 11 71 6. Security Considerations . . . . . . . . . . . . . . . . . . . 13 72 7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 13 73 8. Document Considerations . . . . . . . . . . . . . . . . . . . 13 74 8.1. Document History . . . . . . . . . . . . . . . . . . . . 13 75 8.1.1. Substantive Changes from -00 to -01 . . . . . . . . . 13 76 9. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 14 77 10. References . . . . . . . . . . . . . . . . . . . . . . . . . 14 78 10.1. Normative References . . . . . . . . . . . . . . . . . . 14 79 10.2. Informative References . . . . . . . . . . . . . . . . . 14 80 Author's Address . . . . . . . . . . . . . . . . . . . . . . . . 15 82 1. Introduction 84 The S/MIME ([RFC8551]) development community, in particular the 85 e-mail development community, benefits from sharing samples of signed 86 and/or encrypted data. Often the exact key material used does not 87 matter because the properties being tested pertain to implementation 88 correctness, completeness or interoperability of the overall system. 89 However, without access to the relevant secret key material, a sample 90 is useless. 92 This document defines a small set of X.509v3 certificates ([RFC5280]) 93 and secret keys for use when generating or operating on such samples. 95 An example certificate authority is supplied, and samples are 96 provided for two "personas", Alice and Bob. 98 1.1. Requirements Language 100 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 101 "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and 102 "OPTIONAL" in this document are to be interpreted as described in BCP 103 14 [RFC2119] [RFC8174] when, and only when, they appear in all 104 capitals, as shown here. 106 1.2. Terminology 108 * "Certificate Authority" (or "CA") is a party capable of issuing 109 X.509 certificates 111 * "End-Entity" is a party that is capable of using X.509 112 certificates (and their corresponding secret key material) 114 * "Mail User Agent" (or "MUA") is a program that generates or 115 handles [RFC5322] e-mail messages. 117 2. Background 119 2.1. Certificate Usage 121 These X.509 certificates ([RFC5280]) are designed for use with S/MIME 122 protections ([RFC8551]) for e-mail ([RFC5322]). 124 In particular, they should be usable with signed and encrypted 125 messages. 127 2.2. Certificate Expiration 129 The certificates included in this draft expire in 2052. This should 130 be sufficiently far in the future that they will be useful for a few 131 decades. However, when testing tools in the far future (or when 132 playing with clock skew scenarios), care should be taken to consider 133 the certificate validity window. 135 Due to this lengthy expiration window, these certificates will not be 136 particularly useful to test or evaluate the interaction between 137 certificate expiration and protected messages. 139 2.3. Certificate Revocation 141 Because these are expected to be used in test suites or examples, and 142 we do not expect there to be online network services in these use 143 cases, we do not expect these certificates to produce any revocation 144 artifacts. 146 As a result, there are no OCSP or CRL indicators in any of the 147 certificates. 149 2.4. Using the CA in Test Suites 151 To use these end-entity certificates in a piece of software (for 152 example, in a test suite or an interoperability matrix), most tools 153 will need to accept the example CA (Section 3) as a legitimate root 154 authority. 156 Note that some tooling behaves differently for certificates validated 157 by "locally-installed root CAs" than for pre-installed "system-level" 158 root CAs). For example, many common implementations of HPKP 159 ([RFC7469]) only applied the designed protections when dealing with a 160 certificate issued by a pre-installed "system-level" root CA, and 161 were disabled when dealing with a certificate issued by a "locally- 162 installed root CA". 164 To test some tooling specifically, it may be necessary to install the 165 root CA as a "system-level" root CA. 167 2.5. Certificate Chains 169 In most real-world examples, X.509 certificates are deployed with a 170 chain of more than one X.509 certificate. In particular, there is 171 typically a long-lived root CA that users' software knows about upon 172 installation, and the end-entity certificate is issued by an 173 intermediate CA, which is in turn issued by the root CA. 175 The examples presented in this document use a simple two-link 176 certificate chain, and therefore may be unsuitable for simulating 177 some real-world deployments. 179 In particular, testing the use of a "transvalid" certificate (an end- 180 entity certificate that is supplied without its intermediate 181 certificate) is not possible with the configuration here. 183 2.6. Passwords 185 Each secret key presented in this draft is unprotected (it has no 186 password). 188 As such, the secret keys are not suitable for verifying interoperable 189 password protection schemes, or for MUAs that require passwords on 190 their PKCS#12 [RFC7292] cryptographic objects. 192 3. Example Certificate Authority 194 The example Certificate Authority has the following information: 196 * Name: "Sample LAMPS Certificate Authority" 198 3.1. Certificate Authority Certificate 200 -----BEGIN CERTIFICATE----- 201 MIIDLTCCAhWgAwIBAgIULXcNXGI2bZp38sV7cF6VcQfnKDwwDQYJKoZIhvcNAQEN 202 BQAwLTErMCkGA1UEAxMiU2FtcGxlIExBTVBTIENlcnRpZmljYXRlIEF1dGhvcml0 203 eTAgFw0xOTExMjAwNjU0MThaGA8yMDUyMDkyNzA2NTQxOFowLTErMCkGA1UEAxMi 204 U2FtcGxlIExBTVBTIENlcnRpZmljYXRlIEF1dGhvcml0eTCCASIwDQYJKoZIhvcN 205 AQEBBQADggEPADCCAQoCggEBAMUfZ8+NYSh6h36zQcXBo5B6ficAcBJ1f3aLxyN8 206 QXB83XuP8aDRWQ9uJvJpQkWVH4zx96/E/zI0t0lDMYtZNqra16h+gxbHJgoq2pRw 207 RCOiyYu/p2vzvvZ1dtFTMc/mIigjA/73kokui62j1EFy//fNVIihkVS3rAweq+fI 208 8qJHSMhdc2aYa9wOP0eGe/HTiDYgT4L4f2HTGMGGwQgj1vub0gpR4YHmNqr0GyEA 209 63mHUQUZpnmN1FEl+nVFA5Ntu4uF++qf/tkTji89/eXYBdKX2yUdTeTIKoCI65IL 210 EXxezjTc8aFjf/8E0aWGVZR/DtCsjWOh/s/mV7n/YPyb4+ECAwEAAaNDMEEwDwYD 211 VR0TAQH/BAUwAwEB/zAPBgNVHQ8BAf8EBQMDBwYAMB0GA1UdDgQWBBS3Uk1zwIg9 212 ssN6WgzzlPf3gKJ32zANBgkqhkiG9w0BAQ0FAAOCAQEALsU91Bmhc6EgCNr7inY2 213 2gYPnosJ+kZ1eC0hvHIK9e0Tx74RmhTOe8M2C9YXQKehHpRaX+DLcjup6scoH/bT 214 u0THbmzeOy29TTiFcyV9BK+SEKQWW4s98Fwdk9fPWcflHtYvqxjooAV3vHbt6Xmp 215 KrKDz/jdg7t0ptI4zSqAf3wNppiJoswlOHBUnH2W1MIYkWQ4jYj5socblVlklHOr 216 ykKUiEZAbjU+C1+0FhT4HgLjBB9R4H1H0JRKsggWiZBBJ6UpN0dTN4iD0mDVa0jy 217 sJqqWnIViy/xaSDcNaWJmU3o2KmkMkdpinoJ5uLkAHQqXjFaujdU1PkufeA7v3uG 218 Rw== 219 -----END CERTIFICATE----- 221 3.2. Certificate Authority Secret Key 222 -----BEGIN RSA PRIVATE KEY----- 223 MIIEpQIBAAKCAQEAxR9nz41hKHqHfrNBxcGjkHp+JwBwEnV/dovHI3xBcHzde4/x 224 oNFZD24m8mlCRZUfjPH3r8T/MjS3SUMxi1k2qtrXqH6DFscmCiralHBEI6LJi7+n 225 a/O+9nV20VMxz+YiKCMD/veSiS6LraPUQXL/981UiKGRVLesDB6r58jyokdIyF1z 226 Zphr3A4/R4Z78dOINiBPgvh/YdMYwYbBCCPW+5vSClHhgeY2qvQbIQDreYdRBRmm 227 eY3UUSX6dUUDk227i4X76p/+2ROOLz395dgF0pfbJR1N5MgqgIjrkgsRfF7ONNzx 228 oWN//wTRpYZVlH8O0KyNY6H+z+ZXuf9g/Jvj4QIDAQABAoIBAQC6LWFU7IkZPDEA 229 /7ldV/huGuNPXuB67rLGelpJL7B219gwPdHPPCrLohPy3GuVYLT94AM55evJtXRv 230 I6GFpWs2j58kKukQ+GL7M2Ji1G3m4ndNIGS2Vu7DxEnGhrcDTq5wDjJV++pQ2r9d 231 7uAoOL99glcW/NJQm3FJuSZPssFHdjfzFrirRUwLPq9RoYsvst/EECxoq5WOZbeM 232 OsyGJ0ARsJpvBhIMFq/6eo/dFfTR4qba3BP0RksbETRNUk7ld2iQJ9huZkThNz1l 233 lxMpvpYRCHkmM8CIVzvb0IsCBmio/5YpShP3PVB39Zw5XDs/A9Yn5b46hjEX45mn 234 HTqaAz/JAoGBAN7ayderxL4C0jm8aif3wWMazXetuU8dU0jeYAmYCNl+R6dxtBSI 235 KAv770caDfDD7wxmjBDqEIBqIHYUPo3ouXiGt6r3WWNEzvRp3VbOS9TfR0MQys1K 236 WAgroB7mSJUG14I/JTpuFqwqN+VBXNTND2zb7ULj9UYOedIgxBqNCkbbAoGBAOJw 237 3r2tQNGBaT2VKlp5Jflvy09OOFaypdqMujSkbLi/gfU2WulYw8hti9yjsJdeAhv7 238 jk8LBIfiXyByXk/qc+IcEov79Uq5x44lV/KiP4FcZ3kGVMYmr2ldTa+JJ0gtIkDh 239 ZKVzw6SaXnqxbygCtNY+DRxCTBGcCpZQCkZhjIbzAoGBAJPjd1zjRU2fC6l66quZ 240 U8GT0NRh+f6RhGpwACV9uimzDpQE9a9GZ+UEDFcP6D5lmCaPitXSrp65Ts9tQdHk 241 pehg5lPTj4M772btNhBcGKCsh1rvMtYnRuItKTY4NeSHxM5PX0I2Ol+IKM2/oX4q 242 ktj33aytIGCcTKVwTxMbk71PAoGACVtImOXTy9RhGN5VBbAD1a684+YDhfGT0NgH 243 ya0RoQCoyg0Y7JNyY5HDOba50UddJvLaCoIWCddcvuZ65yp0517plUcv94p9qG36 244 mFgD78B1thaA4j8u+FeWoi40pVLYG340vnFuIBsQ1FkIksqp1kByIjzLD982wMdF 245 5Wqad+kCgYEAjqXkzyFiD71D6g205kwwPzoIV8unmNMsvNn3UFF50/MS/f/ubTTy 246 FoHYUt5E/YiHbPRyr8zTzSGWUGhV286jRPq4iCwhd2ZQDRw1DuqNooQAqQeY93nS 247 YDg6U+BjPWQx0lN4LucF+BKwXWQ8ZNdwxjs8SSf6XQMVco4LiUZBOyo= 248 -----END RSA PRIVATE KEY----- 250 4. Alice's Sample 252 Alice has the following information: 254 * Name: "Alice Lovelace" 256 * E-mail Address: "alice@smime.example" 258 4.1. Alice's End-Entity Certificate 259 -----BEGIN CERTIFICATE----- 260 MIIDbjCCAlagAwIBAgIUZ4K0WXNSS8H0cUcZavD9EYqqTAswDQYJKoZIhvcNAQEN 261 BQAwLTErMCkGA1UEAxMiU2FtcGxlIExBTVBTIENlcnRpZmljYXRlIEF1dGhvcml0 262 eTAgFw0xOTExMjAwNjU0MThaGA8yMDUyMDkyNzA2NTQxOFowGTEXMBUGA1UEAxMO 263 QWxpY2UgTG92ZWxhY2UwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDD 264 7q35ZdG2JAzzJGNZDZ9sV7AKh0hlRfoFjTZN5m4RegQAYSyag43ouWi1xRN0avf0 265 UTYrwjK04qRdV7GzCACoEKq/xiNUOsjfJXzbCublN3fZMOXDshKKBqThlK75SjA9 266 Czxg7ejGoiY/iidk0e91neK30SCCaBTJlfR2ZDrPk73IPMeksxoTatfF9hw9dDA+ 267 /Hi1yptN/aG0Q/s9icFrxr6y2zQXsjuQPmjMZgj10aD9cazWVgRYCgflhmA0V1uQ 268 l1wobYU8DAVxVn+GgabqyjGQMoythIK0Gn5+ofwxXXUM/zbU+g6+1ISdoXxRRFtq 269 2GzbIqkAHZZQm+BbnFrhAgMBAAGjgZcwgZQwDAYDVR0TAQH/BAIwADAeBgNVHREE 270 FzAVgRNhbGljZUBzbWltZS5leGFtcGxlMBMGA1UdJQQMMAoGCCsGAQUFBwMEMA8G 271 A1UdDwEB/wQFAwMHoAAwHQYDVR0OBBYEFKwuVFqk/VUYry7oZkQ40SXR1wB5MB8G 272 A1UdIwQYMBaAFLdSTXPAiD2yw3paDPOU9/eAonfbMA0GCSqGSIb3DQEBDQUAA4IB 273 AQB76o4Yz7yrVSFcpXqLrcGtdI4q93aKCXECCCzNQLp4yesh6brqaZHNJtwYcJ5T 274 qbUym9hJ70iJE4jGNN+yAZR1ltte0HFKYIBKM4EJumG++2hqbUaLz4tl06BHaQPC 275 v/9NiNY7q9R9c/B6s1YzHhwqkWht2a+AtgJ4BkpG+g+MmZMQV/Ao7RwLFKJ9OlMW 276 LBmEXFcpIJN0HpPasT0nEl/MmotSu+8RnClAi3yFfyTKb+8rD7VxuyXetqDZ6dU/ 277 9/iqD/SZS7OQIjywtd343mACz3B1RlFxMHSA6dQAf2btGumqR0KiAp3KkYRAePoa 278 JqYkB7Zad06ngFl0G0FHON+7 279 -----END CERTIFICATE----- 281 4.2. Alice's Private Key Material 282 -----BEGIN RSA PRIVATE KEY----- 283 MIIEogIBAAKCAQEAw+6t+WXRtiQM8yRjWQ2fbFewCodIZUX6BY02TeZuEXoEAGEs 284 moON6LlotcUTdGr39FE2K8IytOKkXVexswgAqBCqv8YjVDrI3yV82wrm5Td32TDl 285 w7ISigak4ZSu+UowPQs8YO3oxqImP4onZNHvdZ3it9EggmgUyZX0dmQ6z5O9yDzH 286 pLMaE2rXxfYcPXQwPvx4tcqbTf2htEP7PYnBa8a+sts0F7I7kD5ozGYI9dGg/XGs 287 1lYEWAoH5YZgNFdbkJdcKG2FPAwFcVZ/hoGm6soxkDKMrYSCtBp+fqH8MV11DP82 288 1PoOvtSEnaF8UURbaths2yKpAB2WUJvgW5xa4QIDAQABAoIBAA7vrwuIG4iLDwGq 289 EHjFdRXJSX5D+dzejMTHkxA1NMbYSl3NCp1s0fCf0b+pmmYRkX1qg3qqfzsS2/zR 290 ppZDUel9+8ZK0H6nTJDWRsJb/mYS6GwCMkHM3WTwRLl9oCkY4ryEksHA4THjQo8t 291 dPtWla6drp7crmHClXMYn143HdSdCIB9StRPkSgyHjyFLOThReOog2Nsm7eShmov 292 7WkMuESFku5OHFPLUw5FyLEzHJar8ZI7qYbT7X6IamXOf9aTMPDA1rqAcix+4KQa 293 zF3cNY1xgq/yIvtsv6oyknTStw1i3i46PWzMWf845Eayunrg8e6F3hWt7zndjXWQ 294 Jg/gAAECgYEA3SLlO2tGdb5gWHwzzZAnTzBMo1Z3toEN25LetuSmY7mxkjMTRDAi 295 5VOdpSXrVFaT5r8qwU9yFEm+OuB6k52CVbTE1Fp96JlbzYjZnKaLn5OG8+HSLdtn 296 1vj1XyCGRDJKJ8GaZpZp+WvBfp6449WpSgupXMdIOM8jfekgTEh6rgECgYEA4tKM 297 Da3tFEEyVy9ZSxZV9ep9dhE7kmVQnr2pvt2YfJTiKnSo2kkj/qKoMi2PhS8ZO0JQ 298 J90bDngqI5sIo/OGi+hwYRmcKCrvfnfJUEq3v+3BFQYPDfwktgiBu5TGDNimFA2t 299 l+23SwwCPfjPh5frk8GTq0IslRhXY3djNPhhbOECgYAojSegN9HZ8alVUKFnRtIO 300 kXrcURTu4MebxlkVDOT+UKUhfEBCNtmPWEAGcueutZm1rMS4Yks3MTazMUsJGs81 301 zEpz7ow8RTMyg6/0LA5amwEaZATY5+0o3MqSQTKd+uLiW3xm55pTZNE82PpqvVmn 302 /G94VgsGb+XARynnEzt8AQKBgDER356t+9Yf7KYT5jtqT5pt6kp6m+ql5HUTDv/t 303 rKl3BB6vMkBXBmR2B/EjDiN/9vNs+y5ElS/iKyucxJfDfV4TIQzAn5nJABraC0FF 304 iM8KvnSv5N3fqImA+Z/9JYNt8y/vbZiqoranmGyTwUHSSfKjNDEelcqDg5RPJbU1 305 7s3BAoGAdqDEx0K1sW/e0pOtb97fBNIRgUemSUctUiaV1imwIku1wuxVvD8z92xh 306 g0DszHZfhSIvZwrhxF0VqPEgh1mDWVfuSHG1g74gDyPy5p3OnEnrk4bloBhXit2Z 307 pUSPj7ME4rNqAEXlfdVUPq4T1Yq95lDMafQlCmUZU0DnuAy19dc= 308 -----END RSA PRIVATE KEY----- 310 4.3. PKCS12 Object for Alice 312 This PKCS12 ([RFC7292]) object contains the same information as 313 presented in Section 4.1, Section 4.2 , and Section 3.1. 315 -----BEGIN PKCS12----- 316 MIINxQIBAzCCDV0GCSqGSIb3DQEHAaCCDU4Egg1KMIINRjCCBC8GCSqGSIb3DQEH 317 BqCCBCAwggQcAgEAMIIEFQYJKoZIhvcNAQcBMBwGCiqGSIb3DQEMAQMwDgQI/9dn 318 i+BuhWsCAhSEgIID6A5pqJodSl0Y9+WLYXssoT9lDAQHO6NzQ/XBjRhx2qHtVtW7 319 OhG239eSt9vzMCnc35YGCfnoKgQg22qRrrBbWDr/zmNYi5fZKvxETNvscpPQKnKn 320 BHGQov3r+HiivO0I4eXJVSRhG30szy+zneATyc+pKgZWk+1q2X/Q32pGa9T6SPgZ 321 l+HH4bDf+Y9Vs3LkYw7vIM5NLefgCgiNGeiNTKHzRd9VZmAWyBO5KB4nsYdDi6JF 322 LGB3Udw8ETaAGYMQer50FsZwReSNgSJVnLk21zEJgKvXSsKa9A3xT5h+Zgbd5Dsx 323 bdaQKnvtmXZh1SQJxDregQ+QNT7GJnDbPNXABswzaHnaGOKQFl48M76An29nq8m9 324 E3ZYlrU41c7ud0Ik4tPShUjUHIejXIadrJTa4Xnl3jH940kmojwh/PhjxrHY/1GT 325 KVE/1sFLfRyEmf9vOhDVLVj+Hq+4PWO8KIzaPCYtaAcMOXAT4XC4l9gL9qomzu+/ 326 FOHwaNMNqd2XG0J6cIIIW6xbPjKuGr3vYSEEYPYenycpv8P/6uNyj2rBWmNWgMkd 327 ntR/cg3NZSodo65vgW0kbiQrUMZxL0HZlBMeQjghG5ziLAKI7mZdPiA6Nt3HgpIE 328 EWgvdhitYa21Lb8wv53SavOQWWaxwsnyoQzqDA0R1+ChtulEBopR0bD57ypuFT00 329 sz8tuJy566UQ8+dF+65JqqjFAbJ+gSVTZKJPpwV23wzDkmxrQCH/+UoYq8N9dZ5A 330 fvvfHwiJYLojI5nEJt8ssud5M3oYJ7hR00YjNK1Ucf3lPKP3tviOpNj/pBy04zp3 331 0UZGRgE5dzaX7lwIIwuPbdNbdUkrAP3wpmtjbT/lu2hYzORQP5X6fGH2qpMo+mxF 332 JeV9570v91Pp1J5jY5atY+bImPW3P8e23oNXYQgLqpPLSxLDISRBjGVt/j0staCR 333 t0GSCEYtHyOnBkwR+CBKHreIppGw3fsEGxpfK3/xLPFdAoDjceG8zLz4EkbWiX9Q 334 LR+xkWYypEVH8SRd1A4urA21mnaUBgOU/+sFSMzGehPtlRkZ51hrvkrvreETHkP5 335 NQFyBHvZUlVZGxy/VN7Hsil0t1G3iGhxW8v3giVFeocVhVRdICuNMOZBOXR/X9LC 336 PYDT/AbGE9Vr0gciO4fT5kDO3QqyJwe/VLYym5V1fEaEp4u+pTY1AXAnLMbpQCl4 337 +uobNB7QaFG1BP5UlrxlK3oeJwzVzmJTNZKjEdmT8rM+8pdZcfCP78zYdHw/t9LG 338 W1MXVmD6bxkZEaN744w39vaUZScmch2yJdUHFDhiqcuZE7y2V1HP9U7dIImawzoY 339 xBHbhucwggOvBgkqhkiG9w0BBwagggOgMIIDnAIBADCCA5UGCSqGSIb3DQEHATAc 340 BgoqhkiG9w0BDAEDMA4ECEWK7aRxpzOiAgIUSYCCA2g8qec1HwJsCAm8eGqgMudQ 341 bHT072jC9aQL+LGMyM9pSoyz40KGlYfyG8oWhFngdE1Hjwp6ydHrK1hG4u2RSXty 342 q1ABeZhEsiUeZbIpf32i1ljiMXzEdFlzxLoaAp8pwT/RX05SWYiTOKhHfrkWqs7j 343 QYdNCPCECgUEYpEE9mM6bhJMG2Gw0DebVPIJcCPrtES1sQr9J1aRwK/CgDe9sYUV 344 ft3GS7LDmjgssPWOVan2fDXMDt1vA2tNarl8c5iFVBmxKsSY0n9Rt58LVSOCUHVD 345 3p+Nspa2i2JVij8NbgJwIMhGlvsdrjqCFo0SRqFqpB0CplUcq6RQuWBLudYX4+Ek 346 5wEW/7seIxq4R8w0fewnDth6HGexUhOqwNvAsbK5ZY3ok+b2BJlKwXs5rRmLai9e 347 eoun3VSsyGBR697S9zvUODmpKz6wKRoip9O74dtPWtA05xrsOjx4GzvFUagMWmM8 348 RI2Z6Mz0qDj/2+ReGw9Z+ePHxY7mTNQncrbrMAN1qlO+VP2OtYE1d/8HJsDcemZg 349 9vnCPvf36r4r+45iVno6moC+rz87NYLTXlTsOCpv2RSuLrUyCm3qBNpM/geavYeZ 350 SCaggVkSm81vymUQseogR6DPKqBOejFTggxBA/b9mzfCLp2NRfe3gjngvkqY6aqP 351 QzCoumYg9pEM7tVSZGryQbVMm85e3w2R1FxOT1JmNE2YtF7W3Lo4DN33gywoFRJN 352 JPAMnn42gIC8N1BCC9EcGzF2cgn8XxK7LWCLxmL/1193eIqouokcichJjuMpYYQB 353 l056TvlVL2NuyawAXnc+L0ttWp/sN9xSI72Ti+FOSW1g/cDQ0iKvG3O0DqQd4rOU 354 1NM3FsZFCGOU3RELnct+4gNGnZXFLj36sIe3bDguJZAXpPeE72mHiV115XWR/+KM 355 nzN+kM4vyGShPOVWSuxFODfWhu8B1H2HcSlBhmqG4f553bM+z7sqp8fGvjFI8T3O 356 Ys+qrNalhFiHOZNRT2Vp1gSY0L2RG3TbnQSFcYSKrd1lIXR9jHMoaZnumdLCPBj5 357 NwkqEAUmCTlDpvySGWMCFmrnWzoAWhSvcx0x8wqxMRNuO3vJrzOIiW5cjovM6FEE 358 dD2ohb27WIR2ST/aSAje+EMG0q7V5c5hPlq3Gp3f9/IaMwQh9ETipDCCBVwGCSqG 359 SIb3DQEHAaCCBU0EggVJMIIFRTCCBUEGCyqGSIb3DQEMCgECoIIE7jCCBOowHAYK 360 KoZIhvcNAQwBAzAOBAjRhW3i7sf6OAICFDEEggTIAHeeSYh8F9rPFPYnChBUV2Vy 361 b48I3jYwIBDYCE35dvpP/5tlTTTbHSmYrRwfzAx5VY1ATaXl+xPhm/3LX9w+TdoK 362 VggYCVWi1J3gYyff50ZbHsbUZ5L0nQvW+RP62DxWWKdjSZXSgJGDRqqvT+xS14ae 363 Zt1u0z2095modzg7BCsPP9nzUxovs5wTKd5gCcPzuR+8xxkqJXQmJQXqQ7Vz/XSD 364 JXlBQE3UwBTege3eAS2SBsYGTkCgLw7aFfAlWE7KKZTL0iTiD6k5eSYSG3hO2BwU 365 LXyc4uztag1A30+vcy7oTeop7NkNvDUcaxK5NO+/+rjf8/h9aLAa+CLSITHuUWhH 366 PeDCbPzpUWnMVIQ8eRO5qC055/fmSrJNXyOXy6Bmf4Dgq9wE36BSNafSdaA64Dr8 367 5S/amMG31SgvT6+gB2TfTYwzUH3+lVZWsqRgSHcDKreAeKZSciZeViVQpGxjy4aT 368 RkvWJtyxqZD5PF5q2P3YPYmDbf1jy3Zsj9tOyViqbuws0AzilwIgM8MWkwkGtXdo 369 8UKmp4vMJMnJ1RD0tzeayumConDM/ACnsada9jBLIN8oN5tUYZfYbifTLm9OmIzK 370 ci4/zaUHxoG7X9v9b+6nrF5PxTtMLikU6yr38rXKZqr9KEwdIlZENuajkZQ+kpHP 371 AoUrnK7qjxGXC6gssHamLQB/PFjmiU/OVwDzWi9sbJTPdeQ0Jzzkdr5HjBkSeY17 372 nxjNz4PWAOLznqG8SmSSPGgQYQg8OB/kNcSey7hX/vNCmlYIdJEZSMkDZ5hL/PvZ 373 SwWq6U09JN2bAgH4Sum03CNAYPrysMrJLm3OvsFq9zme0znSnBTe4jLzEJwaR56O 374 e0ythLIRaSQL+gxHy/Oi97z2IubuDOVy+aSZsTtVKr5ByZU3oJHJ5qsWTIHFBZmn 375 FvZNKM+3XuEa4Y3fZt2fdyYtV+FkEoWfkx2/lPVcSrQ/oOH0iXQxB1qsiuGYwydp 376 mUPo9qIqihPNKmbQzcym8EX3i71/HElirUHSukyF/qO0PsnQZCRj/veLm7Y4cDAW 377 EDH7lVB+DG45aAXZHZI5OkkTwytptbEvx2bJQFCbB9wyb0c+7B9SO/dCY95pAIAt 378 MHsWTroG3fRwZ/i5638VRu/wiK4GNE9zxYyIPNuOHPGDtfH4/V0vBWturB+iOp/1 379 awZLqSbeW+ySo4g9au5eyqsdVVlBFYPW8hVxmyiZbSd67gHNNrk7HaM/vBMUjKz4 380 WmzF6e5PLGT2PR1PlHbMUx9saNGGGtWHTyAYR8sWynazVa5gFFCxEy3gWwcatFgB 381 OJQ2gZfVN/SSoOixwUs4O981r80W+ZHeOH8WXWpdSzS4+CIWOMwrsfFBprUeguRQ 382 hIj+uUSsuuj7FMOQt3K+enuWORhPu8b6f89qh5dkJl5S4+tKLZ6Qo43mAmbhUakx 383 w1JR+DNmOFtLjCBgi9G6aCBnV+gJ1wWYFkVs+0cjLw56TevSf7j2I3Q4o5+w4FBE 384 TrcSKUlRE0cVIqSv4RloWaBzWul5LnId2jYZWk+4F97SMt1oX5ZwTyU90zGL7f6M 385 FAaEFHRu+JjxWZfUWMntIdjGeUsYVw8BRRx8dcKBryhfmXwT7iP+EKsOUf6FszNN 386 uha4gBKcMUAwGQYJKoZIhvcNAQkUMQweCgBhAGwAaQBjAGUwIwYJKoZIhvcNAQkV 387 MRYEFKwuVFqk/VUYry7oZkQ40SXR1wB5MF8wTzALBglghkgBZQMEAgMEQN2V6eSI 388 57sRTBc+I8Ah5tbc+6Rs5i9MI5n8I4wFjBU5QCJM/cEGnmEXlJv20wBqoCekW9N9 389 j8JjCFJI20FoI0IECEHWKi/gHZBmAgIoAA== 390 -----END PKCS12----- 392 5. Bob's Sample 394 Bob has the following information: 396 * Name: "Bob Babbage" 398 * E-mail Address: "bob@smime.example" 400 5.1. Bob's End-Entity Certificate 402 -----BEGIN CERTIFICATE----- 403 MIIDaTCCAlGgAwIBAgIUIlPuMG0CCx8CzfXJwT4633mmG8IwDQYJKoZIhvcNAQEN 404 BQAwLTErMCkGA1UEAxMiU2FtcGxlIExBTVBTIENlcnRpZmljYXRlIEF1dGhvcml0 405 eTAgFw0xOTExMjAwNjU0MThaGA8yMDUyMDkyNzA2NTQxOFowFjEUMBIGA1UEAxML 406 Qm9iIEJhYmJhZ2UwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDCZjlu 407 Li00rpoCsq2s8SHqb91QPP5bdfzfaJg/G61lHUhfavEX9zZluyMwPPE50wqwV2RJ 408 X5dg0kStyH9s9Ja5D59pPnX8oJJ7XEqNKwxqSfJt7lRmM8BrDvSP55iP7Ofx+O+2 409 MzVA4tA6WUaUy2j9984CMmXH/CHjBK/+w21vSTmzFVGmeTqxxHONbd2zOqQ6Yqr/ 410 LBaHjAWl+tj9Q+2nIjEQFKlWs6vZll3Xwid6+dAxrtpEO5rIpKZcbn40qT1pyDpr 411 ylNk8h3P90nwrOISpdlAJ2p71ZDdLfLd8c6qZGBPjmHwTUnjmH0oy33uBukT73RU 412 W6raD8MwM4AhQ4ETAgMBAAGjgZUwgZIwDAYDVR0TAQH/BAIwADAcBgNVHREEFTAT 413 gRFib2JAc21pbWUuZXhhbXBsZTATBgNVHSUEDDAKBggrBgEFBQcDBDAPBgNVHQ8B 414 Af8EBQMDB6AAMB0GA1UdDgQWBBQBrAKQ6Dj0kN4Z7pXzMnThZgAopzAfBgNVHSME 415 GDAWgBS3Uk1zwIg9ssN6WgzzlPf3gKJ32zANBgkqhkiG9w0BAQ0FAAOCAQEAa/tJ 416 ZPgdlmc7Zbn5bccc1TXNn8qBhECGHma4iSTWczDUmsNjezmDNniM3hs8QOqUZvx4 417 ey6diTlEngrKZ8bnwsX03k9Bn8UDPT5Y5sbxwEHpwKew41LRiLPOZFSh3DzCKYS7 418 HDSXJsJEGop1AwzKxtRss06C35g4ELK0Q2MwLw1u95f0+rC4q+vYndS9NzFyS3Bj 419 MIt37gN+Yy8h/r2wvtPVJ40mYNGmtQhdNuYnr56LOuFMmGiMIYXE8owo6L/kzCcy 420 YxxCy71lbnBOWLGcJz4HmRMdWJMRDV+mgLmTNnN8mPltgQU9gE3KNrYcST9v2kk+ 421 N+cfxLhC0caHFL5G8g== 422 -----END CERTIFICATE----- 424 5.2. Bob's Private Key Material 425 -----BEGIN RSA PRIVATE KEY----- 426 MIIEpAIBAAKCAQEAwmY5bi4tNK6aArKtrPEh6m/dUDz+W3X832iYPxutZR1IX2rx 427 F/c2ZbsjMDzxOdMKsFdkSV+XYNJErch/bPSWuQ+faT51/KCSe1xKjSsMaknybe5U 428 ZjPAaw70j+eYj+zn8fjvtjM1QOLQOllGlMto/ffOAjJlx/wh4wSv/sNtb0k5sxVR 429 pnk6scRzjW3dszqkOmKq/ywWh4wFpfrY/UPtpyIxEBSpVrOr2ZZd18InevnQMa7a 430 RDuayKSmXG5+NKk9acg6a8pTZPIdz/dJ8KziEqXZQCdqe9WQ3S3y3fHOqmRgT45h 431 8E1J45h9KMt97gbpE+90VFuq2g/DMDOAIUOBEwIDAQABAoIBAAvQiKcAmXC9N9D4 432 KQP8t7H20H2C53aJii/NvIsBVJ1zlSVva22ocZ7nK7FP0t1PzTOAbDDlZV7WCKSD 433 LfNiPhLLN0X/LM6It75VkpZXym5fRiOWO3zmokgfZY+lZKlCnaogFfl9zTu/TSZu 434 rJJ4dk4RFG0fwP3RfgG9FDEokWsU7fNS52VCndOWdGIt0EmsZIfX9H8rnnSrSTro 435 Dsk9cQjyjMcCH7X340KDUaVJlRtx+1YlbPTyuKF2nbNjSWfsYhuIOGT4xGm6Trda 436 z6bWjuxH7nNrGKrtO14aE8Xv56sC+J5ulwaIjf/V+eDZVfpVgiXyq6oa6JioPv7u 437 rx7cIQECgYEA9ovqOi/OYdDNQTJXB4LNMtS1WLxgrpzE/SNPEV5XknQ5yf6rrKZ3 438 +lr/r6w2Opr4PY+3/igMoBZcN7YgIM9Drkg6bDLzrS354A9dZLDBNAgCnDR0yY87 439 U3f2ljjpCA2zZrahYhhKsfyMxt2w3cUso299OYgjNwLaLI7LrXvPa4ECgYEAydpv 440 fw+zdEc0xbGGILb4xiiFpJY2s604auZ3/s/y9W3v8LSKrytHHopQOg3GALvQi+Ay 441 LWRBIaJTzEueE6lIYInZI2+WvK2zP2GB21/JX5MI3x7AcRp//1muyhnW3GfyPGpg 442 6zRE45dZPm9nklywl4+yl47ubdOvNyxifBmDxpMCgYAQHb1F6HIZOsjwBhZiS06W 443 kAj6r/Wx9FV8Jp64h+45iJdueNNICem119T26s7wrcikXYytdHi+zjdg/OrEuke2 444 UMpg4EPFgkffOaHlPxiiChQBmfw4YMCECEd6MmYpPJwJjs6l1uirEdMx/LPfC1CL 445 rnIFHL0Qj4MrfnoZ8QnyAQKBgQC6WT2ryPv8MiynAi/4jdL3ZbuTadYQZK98CU7o 446 YGRFbnwf9R0/gC3FJR3RqpuMW9e4+n54Z2C1w12ncnv6XMLj1P8wdrlrcNTVg5hV 447 xYVsBZsgGQzCnhtiyxHRpK82hYQdgHv/SB79GeGbAVBVz9p74X6X6q11mQLeZcx6 448 EzgTnwKBgQDjWmtDk85A0GQuJBR7QOB+CXb39j0a78Qwywpx+XYibmg+N3aD1yJB 449 8VVtHWYbq3wM51EdjxYVagyKd3IKIjnPbBIWIjFWqEgDXmBROwwR8DBpfvff3jh4 450 JjK+LtvnHhhw09KtfCvZGplZYfSfC1tLuodBMNjxUX9u04bqTyqx/g== 451 -----END RSA PRIVATE KEY----- 453 5.3. PKCS12 Object for Bob 455 This PKCS12 ([RFC7292]) object contains the same information as 456 presented in Section 5.1, Section 5.2 , and Section 3.1. 458 -----BEGIN PKCS12----- 459 MIINuQIBAzCCDVEGCSqGSIb3DQEHAaCCDUIEgg0+MIINOjCCBCcGCSqGSIb3DQEH 460 BqCCBBgwggQUAgEAMIIEDQYJKoZIhvcNAQcBMBwGCiqGSIb3DQEMAQMwDgQIvszW 461 w8h7VVcCAhT/gIID4El/66Kqq6rDw4JuvnOKupl5Tueo6piyJPJ0fYLaflZAqRIY 462 FYno6VETexj6Jr8QoakjJLP/75t9hbZpDmd8DPQj6fWmwSlC1RCu0TTpy40/j3Nz 463 TmIW9vZr6jgG9MkOLEWxNwLvwRpSh1WFXGhiMkcmwPmb870n2HZo7RWXjm8TPAvJ 464 mlPUyveC0B26iFPvurobAeSAXhIFVEmXGWcVhlKhpQ1GYhmUVnLBa03Q4qbqEISS 465 p6Kdt/nvLwW44s4Oxq95EzFya4AtklUCfIJ2jR9Cb6+N5IcQj4/g+o8b9I2xv9lo 466 k5t39X/ngGhGCl/PnXnEmwlDq2Lq5bu2wYwYX4GR1klAabm7+h8PI5gFTdG18vBT 467 wo2QFpVnnMNiPf85XVk8PaOf1rxSqDiZttVlziVRVdvjgLAO4pvbVYOtgjIhPPmB 468 uXzwXJXB22VdNAiG4DWdapj5RlsokBqKzW8JauLlI4oFl3oyzGcaGolbWMoCWmGR 469 ixz9pyb5+Icv/oEL5ljWwPY0pdFfQ+T9PH91nDMa3X1hnwrCskJex1hLqRMnWDKE 470 UK5AWUl6Diiiqy2nlQmiZKULlyDX1ICzaUPNjSi5VoxW/QGLdeb6TOykWaDJIame 471 hq1jrmq/o6yoH1GFtUn1VUEI9mjR2k6Pod89IW35FZQz7hFMX1iBv3nwcgIoQapO 472 eiy/vhvr0bAFj1ZRZ/G5oULCcRq/iC9jE2qu3lYXVQ7MCo+4xPkYMUQk98rsF1cL 473 dRNQbAdVpQfS0nclZOTvwGsK7z76dWM865yGRE6YzrVICck+QeAzVN555kk8d8US 474 SMS7S/y47EaiCPaiQLCzRoHp0NFELrsjgryFSSG6PJQl+EbcNQfdjJQB3j3PLRed 475 YI0ixGVGikdHF1R7geyFgUwwdzBBcEJkrNhuQPiF7PhcsNLvzUhddCTk8GKPg8T9 476 NJIgMxjBBYic6QFlGEhBb1Hyyud8vwrLB1Jan/aZ72g+FyfVvgzKzEYg+B0qCK0m 477 0gs2+g6HgcyfP+Pz5ZqUxNBtcujZ8sIOL3oy5OuGg72FqdcDgqdJBUC84txVMQPm 478 2pwBlEYBbZBGjWQ+vX7y8DCjHgkSsBG2XIKx1c9Nw3DPJplQtCirJJYRa2/6FOC+ 479 8i3nanDaIYZUcO74dyTQUVLlJymoO5UcPKK6ZqW3O/qiA23zCZIQ2G/S/c4qyefv 480 Z+Jl529zpqNBjZKWDaK7Hlcqf51sWMho5c4s4WwDqMrbKsaIN5lQt3xGc6q2umYC 481 yGuc/A5MVrFSIdFyt+L8tAvVBMHGpYRz9XRvry8XtdugTtD5qpQVfT0aHjqKMIID 482 rwYJKoZIhvcNAQcGoIIDoDCCA5wCAQAwggOVBgkqhkiG9w0BBwEwHAYKKoZIhvcN 483 AQwBAzAOBAiB/XCQbXHtjgICFFCAggNomvRtKzKEFruatccbzp3KakWSte4bq96y 484 zHb+56gj/XPySdMJlW9+AF2Wn0BfYdFpcR5H0PYHfyhnYWJ04XiPrB9EsDCKnpQP 485 BkAgWyOTRfsnafF6iyc1Iuz56nWSsBIirDWMGZkQZrvBZlDKVHn/TSU9juRDAgLP 486 9T0B3og4Y+CahyI3sVz7j86803TdCLZ5WR18jBF5zaU/A8Em8YK965We/a0xUdCI 487 8ZGgI+qPT+AZuICuqAtPnhMU89AY/bYwnDQ83Os9XTdCtHBtnH9/etrCey1qDNRF 488 NNmDSWgmWSB9KdabdKePHzYZYppMzajs/jbesAWWT/jVbdtNXpKYZDyUq0iF1uYw 489 OIxOw/MJ3TVVCklqzpx6aLAIMlbCKwybf+mUjfDlMIYo63mU6p7Wzgje3HZfUHgX 490 Z4mgNnSCQi6vURVsA1K8IcCYDlR4e1Ei9qBAJpqsXyUAXqgirVcJ4yeUbleFLlmy 491 oocZcX41hkaZOwi7q7Z7ycCF8ng2dxP8msnR+iStHtanXoWlqkK055mLiZgeBbsz 492 8fbUTmk5ZFgH/hIkSElc2dq+kFvq6zgbtyc37qz6o6qx9gEfYvpiBt8bZOlkM9av 493 iWPlblbzr0PsD6mBYgVa7kld/TEBxX7DoyluxHBcRRYCsN7u19jZgIRemUQkdzno 494 zCjJ/KavJLGb+JJNDoD/kParRsYWrdzJuQ2Oj2T4ec56hWIbb+8ngC2Cjiq9EJZk 495 515+ELC1/4nIAbX1qjK+3Azw8OUd+OPnYrzrxD2ggktoOHcdhsPtYpmTM0WrdtJW 496 kfQdMueddSJTDj+ZMew3qyKNo1FJaIVRQE64dw+m4t4nK3hgAkvEuQ2HXO6/abo3 497 WqBsMZ8nv+mn39iaXGEbYPbWyp3WA69oEpiQ+2Su78TaJ2x0eBmauoNaqJVhkEVJ 498 NDhYbgOiVV1MPDi1/TaZ2yc1TKSm0CQB8MYWkB8Pl+eDTftxI7wUP7WHvPA1Wzie 499 chMMtyQeA7fWL/6M0g97UmGDYm1y8atM8OT+8uHFDHS9ZXLYdVOX1dMPa8R51LIt 500 LKTCSM2kFbMkPy1q8h//nKYktLnNgD5Mg7Z+n0OYcQEZZ+Znkq3a8KqaVCh8fsMx 501 6CeYk1hDd4O2udJpdAiq5MuSaFsdHTklI4+S0e4LCCswggVYBgkqhkiG9w0BBwGg 502 ggVJBIIFRTCCBUEwggU9BgsqhkiG9w0BDAoBAqCCBO4wggTqMBwGCiqGSIb3DQEM 503 AQMwDgQIyPYWEdcyAm0CAhRwBIIEyDKlQn0Ac8GkTFU6QLlMaVStle2bQDTtfF9M 504 1/1FFNKqNsssNbPwOpvAUrowEugT0/I9DoZzFJnpQEMS2Y3IE/gdy4IGAYDSYUkx 505 ygTqX7iRgnI/YgibzQeq6yhp/y01jEDzsEaqEm7tRRidJdgk/J51v45LAB/PmAtC 506 7VURjhPq7NakNgJ5vB2n4FEJJke38+dlb+Xq008+rjzPPQ0XgMLRYELeHAaeWhvd 507 3c1EYqyi/J/i+Lc3COOc0s3ArPIXKAazzKAIShOkF7rIZyLUJMdQOaEd3JvJlgs9 508 nvAj5io8XyvpWOEdxjpsWIAybltB2gZmb4JjF1jNSrBogSyt2a2QhGBy+mUeRL5n 509 Utml6D2pMqKdwI9aGrYRBn9waaNw3OD0Yh3J46++2w6Mn058YbCQvFBsNbSNvlVP 510 1QiaLULuso+rrT97d3GvPK/HQIS5Zp4FsPbD9xcoIR9TRxueqwpDA54IpSdRYjpZ 511 kBznw7fJ/3BJbImuY1SBTgQnxkzM3i2ZW65YBsh2M3M1Gt9/eg2J7SVZ30E0kehR 512 WvNPBsxvjAe2dSMlTsEcBxava4gmB+OXx6bQObFTWCzSislLr9qw8WAVhX/bQi5M 513 Wc2l6ubbJTQ0WsMq5oKmnxbJNUKirDYMUKDfkQc7k+Tf81oeYTAr9ZFQzRAsfnD1 514 uRtdi1K3oyapSntaIzjC9v+9fekLSaegTfTfTdnvWNOA1AKw95stN/SMp1j9xXv6 515 /tPXP6e2cF/cHb1OOobhm+BckOQ9Y9RSbmpYuJLMPJz/kMiwi3aeR8h0U9Q0qSHv 516 6Hep5q9mjWRyjEg8bHMF+450zYgurHp4vW5hiZ4WW4MYxkO8v7XE05qJ1OWJMHl9 517 IE2uJxgP2YAYF0xn3xviqEChGT7LxgM4K2F5JMDqwUyISMqPkSFcrz83WlyZnft+ 518 q7NuISpgsfliHJwnVbODjn4quMeUmvSWeCx6k4gvP+tK6REsSRWcrGzp7LG1a7Pj 519 U7C2BvVn/n1CAD+v9qrlCAj7XKAVNQ1h0S2yS7dCf2lcQjPRh7XS79OjEcdHlJzP 520 9+xcVsex4EpCyvCyBNjz00phOsoXy1kdiPJ+xghNHQEwE7ghFAfBmqeId3kpGs3j 521 dl3Jxk23B6qfLxxMwpJ8caXvc5I7XeHDWW9wG5c0hD8rFIpHbKipXlsLkVtbOrcj 522 MhD3cuSNvryF6ZwBuKkdvGhTpU5Ltpi4sr7Q0ArVXzC8J/OVxTPoOlO+R89IhB39 523 2+I5KOSQHsawLOWeK9fDO+elIh+5MXkH2UdwGwazjOdAnJVQUZFN756CrDIQI6ia 524 G+PZb4xtFfMV+gl09uRExVm0o31CfzrTz8TQ9KOhv6loRJMUftSFFxhQdbGnDtrE 525 Osn2wgwmpf0u3le1HZ7lxL+7w2XaK3z98lRma2eMazlu/YqoXbNZAGlzaMaBnhpp 526 z1S1qPRPp06WWXE60YlrqxdQMU6zVWqxSIWbWNR4o6ksL+VSZFF8EaB/IsteaeIJ 527 dyVPEUQRJZg7Ym7DMunSRYI2z7M/q42RVDz0OZyhu6vSKXHm67G+hL7NOkI1+id9 528 qEx7hxPXKtm7xA5tlPYXEzoEJ8AweV6FqGPsDp1FQbOUXuSZ88ksp0rEXO5ZfzE8 529 MBUGCSqGSIb3DQEJFDEIHgYAYgBvAGIwIwYJKoZIhvcNAQkVMRYEFAGsApDoOPSQ 530 3hnulfMydOFmACinMF8wTzALBglghkgBZQMEAgMEQNtkJG/r+MMQQ6SBx2QWOarf 531 yXDT4tFGtCrec547Oj5mN13aL2fKBuz8pzNCec6NM6SDbXb50IR2B7k8VWi/O8UE 532 CMK3E7w6ejgaAgIoAA== 533 -----END PKCS12----- 535 6. Security Considerations 537 The keys presented in this document should be considered compromised 538 and insecure, because the secret key material is published and 539 therefore not secret. 541 Applications which maintain blacklists of invalid key material SHOULD 542 include these keys in their lists. 544 7. IANA Considerations 546 IANA has nothing to do for this document. 548 8. Document Considerations 550 [ RFC Editor: please remove this section before publication ] 552 This document is currently edited as markdown. Minor editorial 553 changes can be suggested via merge requests at 554 https://gitlab.com/dkg/lamps-samples or by e-mail to the author. 555 Please direct all significant commentary to the public IETF LAMPS 556 mailing list: "spasm@ietf.org" 558 8.1. Document History 560 8.1.1. Substantive Changes from -00 to -01 562 * changed all three keys to use RSA instead of RSA-PSS 564 * set keyEncipherment keyUsage flag instead of dataEncipherment in 565 EE certs 567 9. Acknowledgements 569 This draft was inspired by similar work in the OpenPGP space by 570 Bjarni Runar and juga at [I-D.bre-openpgp-samples]. 572 Eric Rescorla helped spot issues with certificate formats. 574 10. References 576 10.1. Normative References 578 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 579 Requirement Levels", BCP 14, RFC 2119, 580 DOI 10.17487/RFC2119, March 1997, 581 . 583 [RFC5280] Cooper, D., Santesson, S., Farrell, S., Boeyen, S., 584 Housley, R., and W. Polk, "Internet X.509 Public Key 585 Infrastructure Certificate and Certificate Revocation List 586 (CRL) Profile", RFC 5280, DOI 10.17487/RFC5280, May 2008, 587 . 589 [RFC5322] Resnick, P., Ed., "Internet Message Format", RFC 5322, 590 DOI 10.17487/RFC5322, October 2008, 591 . 593 [RFC7292] Moriarty, K., Ed., Nystrom, M., Parkinson, S., Rusch, A., 594 and M. Scott, "PKCS #12: Personal Information Exchange 595 Syntax v1.1", RFC 7292, DOI 10.17487/RFC7292, July 2014, 596 . 598 [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC 599 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, 600 May 2017, . 602 [RFC8551] Schaad, J., Ramsdell, B., and S. Turner, "Secure/ 603 Multipurpose Internet Mail Extensions (S/MIME) Version 4.0 604 Message Specification", RFC 8551, DOI 10.17487/RFC8551, 605 April 2019, . 607 10.2. Informative References 609 [I-D.bre-openpgp-samples] 610 Einarsson, B., juga, j., and D. Gillmor, "OpenPGP Example 611 Keys and Certificates", Work in Progress, Internet-Draft, 612 draft-bre-openpgp-samples-00, 15 October 2019, 613 . 616 [RFC7469] Evans, C., Palmer, C., and R. Sleevi, "Public Key Pinning 617 Extension for HTTP", RFC 7469, DOI 10.17487/RFC7469, April 618 2015, . 620 Author's Address 622 Daniel Kahn Gillmor 623 American Civil Liberties Union 624 125 Broad St. 625 New York, NY, 10004 626 United States of America 628 Email: dkg@fifthhorseman.net