TEST VECTORS USING RSA-KEM These examples are an extension of the examples in RFC 4134, creating sample EnvelopedData objects to Bob of ExContent using RSA-KEM for key management. Bob's RSA key data is the same as in RFC 4134. The data files are reproduced below in Appendix A. ExContent is the following sentence: This is some sample content. That is, it is the string of characters starting with "T" up to and including the ".". The hex for ExContent is 5468 6973 2069 7320 736f 6d65 2073 616d 706c 6520 636f 6e74 656e 742e Bob has an RSA key of modulus size 1024 bits. Bob's RSA public key (n,e) is n = a9e16798 3f39d55f f2a09341 5ea67989 85c8355d 9a915bfb 1d01da19 7026170f bda522d0 35856d7a 98661441 5ccfb7b7 083b09c9 91b81969 376df965 1e7bd9a9 3324a37f 3bbbaf46 01863634 32cb0703 5952fc85 8b3104b8 cc180814 48e64f1c fb5d60c4 e05c1f53 d37f53d8 6901f105 f87a70d1 be83c65f 38cf1c2c aa6aa7eb e = 00010001 Bob's private key is BobPrivRSAEncrypt = 30 82 02 5c Level=0 length=0x25c/604 02 01 Level=1 length=0x1/1 00 02 81 81 Level=1 length=0x81/129 00 a9 e1 67 98 3f 39 d5 5f f2 a0 93 41 5e a6 79 89 85 c8 35 5d 9a 91 5b fb 1d 01 da 19 70 26 17 0f bd a5 22 d0 35 85 6d 7a 98 66 14 41 5c cf b7 b7 08 3b 09 c9 91 b8 19 69 37 6d f9 65 1e 7b d9 a9 33 24 a3 7f 3b bb af 46 01 86 36 34 32 cb 07 03 59 52 fc 85 8b 31 04 b8 cc 18 08 14 48 e6 4f 1c fb 5d 60 c4 e0 5c 1f 53 d3 7f 53 d8 69 01 f1 05 f8 7a 70 d1 be 83 c6 5f 38 cf 1c 2c aa 6a a7 eb 02 03 Level=1 length=0x3/3 01 00 01 02 81 80 Level=1 length=0x80/128 67 cd 48 4c 9a 0d 8f 98 c2 1b 65 ff 22 83 9c 6d f0 a6 06 1d bc ed a7 03 88 94 f2 1c 6b 0f 8b 35 de 0e 82 78 30 cb e7 ba 6a 56 ad 77 c6 eb 51 79 70 79 0a a0 f4 fe 45 e0 a9 b2 f4 19 da 87 98 d6 30 84 74 e4 fc 59 6c c1 c6 77 dc a9 91 d0 7c 30 a0 a2 c5 08 5e 21 71 43 fc 0d 07 3d f0 fa 6d 14 9e 4e 63 f0 17 58 79 1c 4b 98 1c 3d 3d b0 1b df fa 25 3b a3 c0 2c 98 05 f6 10 09 d8 87 db 03 19 02 41 Level=1 length=0x41/65 00 d0 c3 22 c6 de a2 99 18 76 8f 8d bc a6 75 d6 66 3f d4 8d 45 52 8c 76 f5 72 c4 eb f0 46 9a f1 3e 5c aa 55 0b 9b da dd 6b 6d f8 fc 3b 3c 08 43 93 b5 5b fe ce ea fd 68 84 23 62 af f3 31 c2 b9 e5 02 41 Level=1 length=0x41/65 00 d0 51 fc 1e 22 b7 5b ed b5 8e 01 c8 d7 ab f2 58 d4 f7 82 94 f3 53 a8 19 45 cb 66 ca 28 19 5f e2 10 2b f3 8f ec 6a 30 74 f8 4d 11 f4 a7 c4 20 b5 47 21 dc 49 01 f9 0a 20 29 f0 24 08 84 60 7d 8f 02 40 Level=1 length=0x40/64 34 ba 64 c9 48 28 57 74 d7 55 50 de 6a 48 ef 1b 2a 5a 1c 48 7b 1e 21 59 c3 60 3b 9b 97 a9 c0 ef 18 66 a9 4e 62 52 38 84 ce e5 09 88 48 94 69 c5 20 14 99 5a 57 fe 23 6c e4 a7 23 7b d0 80 b7 85 02 41 Level=1 length=0x41/65 00 9e 2f b3 37 9a fb 0b 06 5d 57 e1 09 06 a4 5d d9 90 96 06 05 5f 24 06 40 72 9c 3a 88 85 9c 87 0f 9d 62 12 88 16 68 a8 35 1a 1b 43 e8 38 c0 98 69 af 03 0a 48 32 04 4e e9 0f 8f 77 7d 34 30 25 07 02 40 Level=1 length=0x40/64 57 18 67 d6 0a d2 b5 ab c2 ba 7a e7 54 da 9c 05 4f 81 d4 ef 01 89 1e 32 3d 69 cb 31 c4 52 c8 54 55 25 00 3b 1c 2a 7c 26 50 d5 e9 a6 d7 77 cb cf 15 f5 ee 0b d5 8d ee b3 af 4c a1 7c 63 46 41 f6 Bob's X.509 certificate BobRSASignByCarl.cer was issued by the CA with CommonName 'CarlRSA' and has serial number 46346bc7 800056bc 11d36e2e cd5d71d0 1. EXAMPLE WITH AES-128 and SHA-1 This example creates an EnvelopedData object to Bob of ExContent using AES-128 for content encryption and RSA-KEM (KDF2, SHA-1, aes128-Wrap) for key management. 1.1 INPUT DATA The content encryption key, K, is a 16 octet value. The hex for K is 00112233 44556677 8899aabb ccddeeff nLen = 128 bytes 1.2 GENERATE THE ENCRYPTED KEYING DATA 1. Generate a random integer z between 0 and n-1 (see Note), and convert z to a byte string Z of length nLen, most significant byte first: z = RandomInteger (0, n-1) Z = IntegerToString (z, nLen) Z= 00d1d634 77017c6b eeedabf0 05f1618a 6dde9b6e 5dda53d8 f60cbb0b a3272a64 7b7d5344 200c1f52 4e79196e e1a21434 a497e931 c2f3697f 0ea3802c 8f08307e bd931484 bd810014 3ebc8289 07822b30 508ed502 af104b7f faaf3693 275e61b4 2797c85c 103d029b ee75e606 661afccd c18e4283 3bdb7fa1 f6b11b38 52579e96 2. Encrypt the random integer z using the recipient's public key (n,e) and convert the resulting integer c to a ciphertext C, a byte string of length nLen: c = z^e mod n C = IntegerToString (c, nLen) C= 23b38471 851f289d f5d56e0d 85e9024f 6baed2bb 5eb233f6 8bef37a4 a98d667a 2c8642e2 d8ea4dcb afd85c4a 12ae6d1d bf302742 8bd26603 1cc67c3f d99993ea 718d1532 951e54dc f99a21a5 1f9372fa 9b67b2c9 e2ff2b55 4b397e48 ab40d5e0 63abd27e 871fb727 0191e665 f39a481d 14df1188 27bbe624 05f72945 61c60194 3. Derive a key-encrypting key KEK of length kekLen bytes from the byte string Z using the underlying key derivation function: KEK = KDF (Z, kekLen) Using KDF2 with SHA-1: KEK= c17a44e8 e28d7d64 81d1ddd5 0a3b8914 [NOTE TO IMPLEMENTORS: it is more convenient operationally to do step 3 before step 2]. 4. Wrap the keying data K with the key-encrypting key KEK using the underlying key-wrapping scheme to obtain wrapped keying data WK: WK = Wrap (KEK, K) Using aes128-Wrap as per RFC 3394: K= 00112233 44556677 8899aabb ccddeeff WK= 503d75c7 3630a7b0 2ecf51b9 b29b9077 49310b77 b0b2e054 5. Concatenate the ciphertext C and the wrapped keying data WK to obtain the encrypted keying data EK: EK = C || WK 6. Output the encrypted keying data EK. EK= 23b38471 851f289d f5d56e0d 85e9024f 6baed2bb 5eb233f6 8bef37a4 a98d667a 2c8642e2 d8ea4dcb afd85c4a 12ae6d1d bf302742 8bd26603 1cc67c3f d99993ea 718d1532 951e54dc f99a21a5 1f9372fa 9b67b2c9 e2ff2b55 4b397e48 ab40d5e0 63abd27e 871fb727 0191e665 f39a481d 14df1188 27bbe624 05f72945 61c60194 503d75c7 3630a7b0 2ecf51b9 b29b9077 49310b77 b0b2e054 1.3 ENCRYPT THE CONTENT CEK = 00112233 44556677 8899aabb ccddeeff IV = 3b7d7382 21f94fda d2e8e48a d667a4fa Content= 54686973 20697320 736f6d65 2073616d 706c6520 636f6e74 656e742e EncryptedContent using aes128-CBC= e19a624e 3acab6c2 382bc41a c622e657 add5eedb 995442a8 8a3ce94e 6d57f378 1.4 CONSTRUCT ENVELOPED-DATA 0 NDEF: SEQUENCE { 2 9: OBJECT IDENTIFIER envelopedData (1 2 840 113549 1 7 3) 13 NDEF: [0] { 15 NDEF: SEQUENCE { 17 1: INTEGER 0 20 264: SET { 24 260: SEQUENCE { 28 1: INTEGER 0 31 38: SEQUENCE { 33 18: SEQUENCE { 35 16: SET { 37 14: SEQUENCE { 39 3: OBJECT IDENTIFIER commonName (2 5 4 3) 44 7: PrintableString 'CarlRSA' : } : } : } 53 16: INTEGER : 46 34 6B C7 80 00 56 BC 11 D3 6E 2E CD 5D 71 D0 : } 71 60: SEQUENCE { 73 7: OBJECT IDENTIFIER ac-generic-hybrid (1.0.18033.2.1.2) 82 49: SEQUENCE { 84 34: SEQUENCE { 86 7: OBJECT IDENTIFIER kem-rsa (1.0.18033.2.2.4) 95 23: SEQUENCE { 97 18: SEQUENCE { 99 7: OBJECT IDENTIFIER kdf-kdf2 (1.0.18033.2.5.2) 108 7: SEQUENCE { 110 5: OBJECT IDENTIFIER sha1 (1 3 14 3 2 26) : } : } 117 1: INTEGER 16 : } : } 120 11: SEQUENCE { 122 9: OBJECT IDENTIFIER : aes128-Wrap (2 16 840 1 101 3 4 1 5) : } : } : } 133 152: OCTET STRING : 23 B3 84 71 85 1F 28 9D F5 D5 6E 0D 85 E9 02 4F : 6B AE D2 BB 5E B2 33 F6 8B EF 37 A4 A9 8D 66 7A : 2C 86 42 E2 D8 EA 4D CB AF D8 5C 4A 12 AE 6D 1D : BF 30 27 42 8B D2 66 03 1C C6 7C 3F D9 99 93 EA : 71 8D 15 32 95 1E 54 DC F9 9A 21 A5 1F 93 72 FA : 9B 67 B2 C9 E2 FF 2B 55 4B 39 7E 48 AB 40 D5 E0 : 63 AB D2 7E 87 1F B7 27 01 91 E6 65 F3 9A 48 1D : 14 DF 11 88 27 BB E6 24 05 F7 29 45 61 C6 01 94 : 50 3D 75 C7 36 30 A7 B0 2E CF 51 B9 B2 9B 90 77 : 49 31 0B 77 B0 B2 E0 54 : } : } 288 NDEF: SEQUENCE { 290 9: OBJECT IDENTIFIER data (1 2 840 113549 1 7 1) 301 29: SEQUENCE { 303 9: OBJECT IDENTIFIER aes128-CBC (2 16 840 1 101 3 4 1 2) 314 16: OCTET STRING : 3B 7D 73 82 21 F9 4F DA D2 E8 E4 8A D6 67 A4 FA : } 332 NDEF: [0] { 334 32: OCTET STRING : E1 9A 62 4E 3A CA B6 C2 38 2B C4 1A C6 22 E6 57 : AD D5 EE DB 99 54 42 A8 8A 3C E9 4E 6D 57 F3 78 : } : } : } : } : } 1.5 OUTPUT ENVELOPED-DATA In base64 format, this EnvelopedData object is: MIAGCSqGSIb3DQEHA6CAMIACAQAxggEIMIIBBAIBADAmMBIxEDAOBgNVBAMTB0Nh cmxSU0ECEEY0a8eAAFa8EdNuLs1dcdAwPAYHKIGMcQIBAjAxMCIGByiBjHECAgQw FzASBgcogYxxAgUCMAcGBSsOAwIaAgEQMAsGCWCGSAFlAwQBBQSBmCOzhHGFHyid 9dVuDYXpAk9rrtK7XrIz9ovvN6SpjWZ6LIZC4tjqTcuv2FxKEq5tHb8wJ0KL0mYD HMZ8P9mZk+pxjRUylR5U3PmaIaUfk3L6m2eyyeL/K1VLOX5Iq0DV4GOr0n6HH7cn AZHmZfOaSB0U3xGIJ7vmJAX3KUVhxgGUUD11xzYwp7Auz1G5spuQd0kxC3ewsuBU MIAGCSqGSIb3DQEHATAdBglghkgBZQMEAQIEEDt9c4Ih+U/a0ujkitZnpPqggAQg 4ZpiTjrKtsI4K8QaxiLmV63V7tuZVEKoijzpTm1X83gAAAAAAAAAAAAA 2. EXAMPLE WITH AES-256 AND SHA-256 This example creates an EnvelopedData object to Bob of ExContent using AES-256 for content encryption and RSA-KEM (KDF2, SHA-256, aes256-Wrap) for key management. 2.1 INPUT K= 8cbedec48d063e1ba46be8e369a9c398d8e30ee542bc347c4f30e928ddd7db49 nLen = 128 bytes 2.2 GENERATE THE ENCRYPTED KEYING DATA Z= 0098af52 73495504 89070f1c c4c91099 781d239d 22ddd4f8 c804a358 aec88cf5 d4f601f4 0447ff58 73c10aef 8d054232 6f2337ff f9343b4d 474618c4 72ad07c8 abb9e41b d4af0301 ac139dde c3552ca1 7d15e867 81ca02f5 0a6f60ae 2d331ff4 09beb20b e20f3b41 b23166e9 d4ae487d eb95b230 80779175 fdfb35b9 a77d4743 C= 4eedee64 cc48ba02 e75c3a11 1d6d2845 1d41daf8 59b731de dd63a49b b8b6d1dc 5bb96378 7df367b4 5502821d 2a24ae8b b7f9ccf4 2048f5d9 49a4f73a 8ed98398 e24523b3 cd4824df 176f7d95 3ecdd90e 0aa02ffa 6e4c8cd3 5af9ef07 ae3359f8 cec14cff e3b06cc9 dfd64b19 c40944c9 fc712b03 7292a3df 7dd54856 7955980b KEK= 9e84ee99 e6a84b50 c76cd414 a2d2ec05 8af41bfe 4bf3715b f894c8da 1cd445f6 K= 8cbedec4 8d063e1b a46be8e3 69a9c398 d8e30ee5 42bc347c 4f30e928 ddd7db49 WK= eafb901f 82b98d37 f1749706 3de3e5ec 7246ab57 200ae73e ddddf24a a403dafa 0c5ae151 d1746fa4 EK= 4eedee64 cc48ba02 e75c3a11 1d6d2845 1d41daf8 59b731de dd63a49b b8b6d1dc 5bb96378 7df367b4 5502821d 2a24ae8b b7f9ccf4 2048f5d9 49a4f73a 8ed98398 e24523b3 cd4824df 176f7d95 3ecdd90e 0aa02ffa 6e4c8cd3 5af9ef07 ae3359f8 cec14cff e3b06cc9 dfd64b19 c40944c9 fc712b03 7292a3df 7dd54856 7955980b eafb901f 82b98d37 f1749706 3de3e5ec 7246ab57 200ae73e ddddf24a a403dafa 0c5ae151 d1746fa4 2.3 SYMMETRIC ENCRYPTION OF CONTENT CEK = 8cbedec4 8d063e1b a46be8e3 69a9c398 d8e30ee5 42bc347c 4f30e928 ddd7db49 IV = 0b164d2e 7354524b f35e8ce6 344c1f16 Content= 54686973 20697320 736f6d65 2073616d 706c6520 636f6e74 656e742e EncryptedContent using aes256-CBC= ca6a2974 34c71c1c be959c80 83a473a4 725c273f 9c6dbe38 a21efe00 3c40a1a9 2.4 CONSTRUCT ENVELOPED-DATA 0 NDEF: SEQUENCE { 2 9: OBJECT IDENTIFIER envelopedData (1 2 840 113549 1 7 3) 13 NDEF: [0] { 15 NDEF: SEQUENCE { 17 1: INTEGER 0 20 284: SET { 24 280: SEQUENCE { 28 1: INTEGER 0 31 38: SEQUENCE { 33 18: SEQUENCE { 35 16: SET { 37 14: SEQUENCE { 39 3: OBJECT IDENTIFIER commonName (2 5 4 3) 44 7: PrintableString 'CarlRSA' : } : } : } 53 16: INTEGER : 46 34 6B C7 80 00 56 BC 11 D3 6E 2E CD 5D 71 D0 : } 71 64: SEQUENCE { 73 7: OBJECT IDENTIFIER ac-generic-hybrid (1.0.18033.2.1.2) 82 53: SEQUENCE { 84 38: SEQUENCE { 86 7: OBJECT IDENTIFIER kem-rsa (1.0.18033.2.2.4) 95 27: SEQUENCE { 97 22: SEQUENCE { 99 7: OBJECT IDENTIFIER kdf-kdf2 (1.0.18033.2.5.2) 108 11: SEQUENCE { 110 9: OBJECT IDENTIFIER : sha-256 (2 16 840 1 101 3 4 2 1) : } : } 121 1: INTEGER 32 : } : } 124 11: SEQUENCE { 126 9: OBJECT IDENTIFIER : aes256-Wrap (2 16 840 1 101 3 4 1 45) : } : } : } 137 168: OCTET STRING : 4E ED EE 64 CC 48 BA 02 E7 5C 3A 11 1D 6D 28 45 : 1D 41 DA F8 59 B7 31 DE DD 63 A4 9B B8 B6 D1 DC : 5B B9 63 78 7D F3 67 B4 55 02 82 1D 2A 24 AE 8B : B7 F9 CC F4 20 48 F5 D9 49 A4 F7 3A 8E D9 83 98 : E2 45 23 B3 CD 48 24 DF 17 6F 7D 95 3E CD D9 0E : 0A A0 2F FA 6E 4C 8C D3 5A F9 EF 07 AE 33 59 F8 : CE C1 4C FF E3 B0 6C C9 DF D6 4B 19 C4 09 44 C9 : FC 71 2B 03 72 92 A3 DF 7D D5 48 56 79 55 98 0B : EA FB 90 1F 82 B9 8D 37 F1 74 97 06 3D E3 E5 EC : 72 46 AB 57 20 0A E7 3E DD DD F2 4A A4 03 DA FA : 0C 5A E1 51 D1 74 6F A4 : } : } 308 NDEF: SEQUENCE { 310 9: OBJECT IDENTIFIER data (1 2 840 113549 1 7 1) 321 29: SEQUENCE { 323 9: OBJECT IDENTIFIER aes256-CBC (2 16 840 1 101 3 4 1 42) 334 16: OCTET STRING : 0B 16 4D 2E 73 54 52 4B F3 5E 8C E6 34 4C 1F 16 : } 352 NDEF: [0] { 354 32: OCTET STRING : CA 6A 29 74 34 C7 1C 1C BE 95 9C 80 83 A4 73 A4 : 72 5C 27 3F 9C 6D BE 38 A2 1E FE 00 3C 40 A1 A9 : } : } : } : } : } 2.5 OUTPUT Example 2 output in base64 format: MIAGCSqGSIb3DQEHA6CAMIACAQAxggEcMIIBGAIBADAmMBIxEDAOBgNVBAMTB0NhcmxSU0ECEEY0 a8eAAFa8EdNuLs1dcdAwQAYHKIGMcQIBAjA1MCYGByiBjHECAgQwGzAWBgcogYxxAgUCMAsGCWCG SAFlAwQCAQIBIDALBglghkgBZQMEAS0EgahO7e5kzEi6AudcOhEdbShFHUHa+Fm3Md7dY6SbuLbR 3Fu5Y3h982e0VQKCHSokrou3+cz0IEj12Umk9zqO2YOY4kUjs81IJN8Xb32VPs3ZDgqgL/puTIzT WvnvB64zWfjOwUz/47Bsyd/WSxnECUTJ/HErA3KSo9991UhWeVWYC+r7kB+CuY038XSXBj3j5exy RqtXIArnPt3d8kqkA9r6DFrhUdF0b6QwgAYJKoZIhvcNAQcBMB0GCWCGSAFlAwQBKgQQCxZNLnNU UkvzXozmNEwfFqCABCDKail0NMccHL6VnICDpHOkclwnP5xtvjiiHv4APEChqQAAAAAAAAAAAAA= 3. EXAMPLE WITH TRIPLE-DES AND SHA-224 This example creates an EnvelopedData object to Bob of ExContent using Triple-DES for content encryption and RSA-KEM (KDF2, SHA-224, cms3DESWrap) for key management. 3.1 INPUT K= 84e7f2d878f89fcccd2d5ebafc56daf73300f27ef771cd68 nLen = 128 bytes 3.2 GENERATE THE ENCRYPTED KEYING DATA nlen=128 bytes Z= 00f4b288 ceb070f8 57731fd3 8b552adc 939b5c1a 7c4d551a 2e05f4d4 191153ee 8b38ee57 db2fe3ce 8bf43811 a43e1909 61e85bf6 5700f9f1 cbbed8e3 a9f81c46 6323c1ee 114a7f6d 0930b8d4 d2e0e5a1 f5b09ffa 3fe78f1c 631cb445 83e3dd4a 8e72bdd3 8ec53275 ec4dea68 50039a01 c141089c 8578587c 366c2f77 0e649fe5 KEK= 8ad8274e 56f46773 8edd83d4 394e5e29 af7c4089 e4f8d9f4 C= 455eb9bf 5b2e4e1f adac3558 cf03d9ce 041a5acc 9cf4b868 2f39cceb 5e0f4802 0be9683e 6c79d82b a7077e68 63903002 0bebfeb0 d53b442d df960a80 b9d01dae 794ad5eb be09e6b7 23abed75 a9b01252 cfd4ba80 0e9769b9 29b6b6a4 61d6add1 5b306529 f38697e6 9ec3ef04 a89ca61b 85ccdfcf 92d11a42 812e8a9d 0b6d3a61 K= 84e7f2d8 78f89fcc cd2d5eba fc56daf7 3300f27e f771cd68 WK= 53304be9 65a795eb 566dd1ca 53d57a5d ac7823a0 83c59ae3 f007c299 c6d907a7 87648c1b 06af64d3 3.3 SYMMETRIC ENCRYPTION OF CONTENT CEK = 84e7f2d8 78f89fcc cd2d5eba fc56daf7 3300f27e f771cd68 IV = 1daeaace 266af23e Content= 54686973 20697320 736f6d65 2073616d 706c6520 636f6e74 656e742e EncryptedContent using des-ede3-CBC= 7d9cbf68 183bb93a 1dd5a9bb 43f6e553 1e4a84af e5601c80 a504b36a a2fbdd55 3.4 CONSTRUCT ENVELOPED-DATA 0 NDEF: SEQUENCE { 2 9: OBJECT IDENTIFIER envelopedData (1 2 840 113549 1 7 3) 13 NDEF: [0] { 15 NDEF: SEQUENCE { 17 1: INTEGER 0 20 288: SET { 24 284: SEQUENCE { 28 1: INTEGER 0 31 38: SEQUENCE { 33 18: SEQUENCE { 35 16: SET { 37 14: SEQUENCE { 39 3: OBJECT IDENTIFIER commonName (2 5 4 3) 44 7: PrintableString 'CarlRSA' : } : } : } 53 16: INTEGER : 46 34 6B C7 80 00 56 BC 11 D3 6E 2E CD 5D 71 D0 : } 71 68: SEQUENCE { 73 7: OBJECT IDENTIFIER ac-generic-hybrid (1.0.18033.2.1.2) 82 57: SEQUENCE { 84 38: SEQUENCE { 86 7: OBJECT IDENTIFIER kem-rsa (1.0.18033.2.2.4) 95 27: SEQUENCE { 97 22: SEQUENCE { 99 7: OBJECT IDENTIFIER kdf-kdf2 (1.0.18033.2.5.2) 108 11: SEQUENCE { 110 9: OBJECT IDENTIFIER : sha-224 (2 16 840 1 101 3 4 2 4) : } : } 121 1: INTEGER 24 : } : } 124 15: SEQUENCE { 126 11: OBJECT IDENTIFIER : cms3DESwrap (1 2 840 113549 1 9 16 3 6) 139 0: NULL : } : } : } 141 168: OCTET STRING : 45 5E B9 BF 5B 2E 4E 1F AD AC 35 58 CF 03 D9 CE : 04 1A 5A CC 9C F4 B8 68 2F 39 CC EB 5E 0F 48 02 : 0B E9 68 3E 6C 79 D8 2B A7 07 7E 68 63 90 30 02 : 0B EB FE B0 D5 3B 44 2D DF 96 0A 80 B9 D0 1D AE : 79 4A D5 EB BE 09 E6 B7 23 AB ED 75 A9 B0 12 52 : CF D4 BA 80 0E 97 69 B9 29 B6 B6 A4 61 D6 AD D1 : 5B 30 65 29 F3 86 97 E6 9E C3 EF 04 A8 9C A6 1B : 85 CC DF CF 92 D1 1A 42 81 2E 8A 9D 0B 6D 3A 61 : 53 30 4B E9 65 A7 95 EB 56 6D D1 CA 53 D5 7A 5D : AC 78 23 A0 83 C5 9A E3 F0 07 C2 99 C6 D9 07 A7 : 87 64 8C 1B 06 AF 64 D3 : } : } 312 NDEF: SEQUENCE { 314 9: OBJECT IDENTIFIER data (1 2 840 113549 1 7 1) 325 20: SEQUENCE { 327 8: OBJECT IDENTIFIER des-EDE3-CBC (1 2 840 113549 3 7) 337 8: OCTET STRING 1D AE AA CE 26 6A F2 3E : } 347 NDEF: [0] { 349 32: OCTET STRING : 7D 9C BF 68 18 3B B9 3A 1D D5 A9 BB 43 F6 E5 53 : 1E 4A 84 AF E5 60 1C 80 A5 04 B3 6A A2 FB DD 55 : } : } : } : } : } 3.5 OUTPUT Example 3 in base64. MIAGCSqGSIb3DQEHA6CAMIACAQAxggEgMIIBHAIBADAmMBIxEDAOBgNVBAMTB0NhcmxSU0ECEEY0 a8eAAFa8EdNuLs1dcdAwRAYHKIGMcQIBAjA5MCYGByiBjHECAgQwGzAWBgcogYxxAgUCMAsGCWCG SAFlAwQCBAIBGDAPBgsqhkiG9w0BCRADBgUABIGoRV65v1suTh+trDVYzwPZzgQaWsyc9LhoLznM 614PSAIL6Wg+bHnYK6cHfmhjkDACC+v+sNU7RC3flgqAudAdrnlK1eu+Cea3I6vtdamwElLP1LqA DpdpuSm2tqRh1q3RWzBlKfOGl+aew+8EqJymG4XM38+S0RpCgS6KnQttOmFTMEvpZaeV61Zt0cpT 1XpdrHgjoIPFmuPwB8KZxtkHp4dkjBsGr2TTMIAGCSqGSIb3DQEHATAUBggqhkiG9w0DBwQIHa6q ziZq8j6ggAQgfZy/aBg7uTod1am7Q/blUx5KhK/lYByApQSzaqL73VUAAAAAAAAAAAAA APPENDIX A A.1 Bob's X.509 Certificate, BobRSASignByCarl.cer: -----BEGIN CERTIFICATE----- MIICJzCCAZCgAwIBAgIQRjRrx4AAVrwR024uzV1x0DANBgkqhkiG9w0BAQUFADAS MRAwDgYDVQQDEwdDYXJsUlNBMB4XDTk5MDkxOTAxMDkwMloXDTM5MTIzMTIzNTk1 OVowETEPMA0GA1UEAxMGQm9iUlNBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB gQCp4WeYPznVX/Kgk0FepnmJhcg1XZqRW/sdAdoZcCYXD72lItA1hW16mGYUQVzP t7cIOwnJkbgZaTdt+WUee9mpMySjfzu7r0YBhjY0MssHA1lS/IWLMQS4zBgIFEjm Txz7XWDE4FwfU9N/U9hpAfEF+Hpw0b6Dxl84zxwsqmqn6wIDAQABo38wfTAMBgNV HRMBAf8EAjAAMA4GA1UdDwEB/wQEAwIFIDAfBgNVHSMEGDAWgBTp4JAnrHggeprT TPJCN04irp44uzAdBgNVHQ4EFgQU6PS4Z9izlqQq8xGqKdOVWoYWtCQwHQYDVR0R BBYwFIESQm9iUlNBQGV4YW1wbGUuY29tMA0GCSqGSIb3DQEBBQUAA4GBAHuOZsXx ED8QIEyIcat7QGshM/pKld6dDltrlCEFwPLhfirNnJOIh/uLt359QWHh5NZt+eIE VWFFvGQnRMChvVl52R1kPCHWRbBdaDOS6qzxV+WBfZjmNZGjOd539OgcOyncf1EH l/M28FAK3Zvetl44ESv7V+qJba3JiNiPzyvT -----END CERTIFICATE----- A.2 Bob's Private Key, BobPrivRSAEncrypt.pri: -----BEGIN RSA PRIVATE KEY----- MIICXAIBAAKBgQCp4WeYPznVX/Kgk0FepnmJhcg1XZqRW/sdAdoZcCYXD72l ItA1hW16mGYUQVzPt7cIOwnJkbgZaTdt+WUee9mpMySjfzu7r0YBhjY0MssH A1lS/IWLMQS4zBgIFEjmTxz7XWDE4FwfU9N/U9hpAfEF+Hpw0b6Dxl84zxws qmqn6wIDAQABAoGAZ81ITJoNj5jCG2X/IoOcbfCmBh287acDiJTyHGsPizXe DoJ4MMvnumpWrXfG61F5cHkKoPT+ReCpsvQZ2oeY1jCEdOT8WWzBxnfcqZHQ fDCgosUIXiFxQ/wNBz3w+m0Unk5j8BdYeRxLmBw9PbAb3/olO6PALJgF9hAJ 2IfbAxkCQQDQwyLG3qKZGHaPjbymddZmP9SNRVKMdvVyxOvwRprxPlyqVQub 2t1rbfj8OzwIQ5O1W/7O6v1ohCNir/MxwrnlAkEA0FH8HiK3W+21jgHI16vy WNT3gpTzU6gZRctmyigZX+IQK/OP7GowdPhNEfSnxCC1RyHcSQH5CiAp8CQI hGB9jwJANLpkyUgoV3TXVVDeakjvGypaHEh7HiFZw2A7m5epwO8YZqlOYlI4 hM7lCYhIlGnFIBSZWlf+I2zkpyN70IC3hQJBAJ4vszea+wsGXVfhCQakXdmQ lgYFXyQGQHKcOoiFnIcPnWISiBZoqDUaG0PoOMCYaa8DCkgyBE7pD493fTQw JQcCQFcYZ9YK0rWrwrp651TanAVPgdTvAYkeMj1pyzHEUshUVSUAOxwqfCZQ 1emm13fLzxX17gvVje6zr0yhfGNGQfY= -----END RSA PRIVATE KEY----- Author: David Ireland, GSSP-C DI Management Services Pty Ltd www.di-mgt.com.au 28 January 2008