RFC 4134 - Examples of S/MIME Messages
RFC 4134 - Examples of S/MIME Messages
Or Display the document by number
Network Working Group
P. Hoffman, Ed.
Request for Comments: 4134
Internet Mail Consortium
Category: Informational
Examples of S/MIME Messages
Status of This Memo
This memo provides information for the Internet community.
not specify an Internet standard of any kind.
Distribution of this
memo is unlimited.
Copyright Notice
Copyright (C) The Internet Society (2005).
This document gives examples of message bodies formatted using
Specifically, it has examples of Cryptographic Message
Syntax (CMS) objects and S/MIME messages (including the MIME
formatting).
It includes examples of many common CMS formats.
purpose of this document is to help increase interoperability for
S/MIME and other protocols that rely on CMS.
Table of Contents
Introduction ................................................
Constants Used in the Examples ..............................
Content of Documents ..................................
Private Keys ..........................................
Certificates ..........................................
CRLs ..................................................
Trivial Examples ............................................
ContentInfo with Data Type, BER .......................
ContentInfo with Data Type, DER .......................
Signed-data .................................................
Basic Signed Content, DSS .............................
Basic Signed Content, RSA .............................
Basic Signed Content, Detached Content ................
Fancier Signed Content ................................
All RSA Signed Message ................................
Multiple Signers ......................................
Signing Using SKI .....................................
S/MIME multipart/signed Message .......................
S/MIME application/pkcs7-mime Signed Message ..........
4.10. SignedData with Attributes ............................
4.11. SignedData with Certificates Only ..................... 101
Enveloped-data .............................................. 109
Basic Encrypted Content, TripleDES and RSA ............ 109
Basic Encrypted Content, RC2/128 and RSA .............. 110
S/MIME application/pkcs7-mime Encrypted Message ....... 112
Digested-data ............................................... 112
Encrypted-data .............................................. 113
Simple EncryptedData .................................. 113
EncryptedData with Unprotected Attributes ............. 114
Security Considerations ..................................... 115
References .................................................. 115
Normative References .................................. 115
Informative References ................................ 115
Binaries of the Examples .................................... 116
How the Binaries and Extractor Works .................. 116
Example Extraction Program ............................ 116
Examples in Order of Appearance ............................. 118
Acknowledgements ............................................ 135
Introduction
The examples in this document show the structure and format of CMS
message bodies, as described in [CMS].
They are useful to
implementors who use protocols that rely on CMS, such as the S/MIME
message format protocol.
There are also examples of simple S/MIME
messages [SMIME-MSG] (including the MIME headers).
Every example in this document has been checked by two different
implementors.
This strongly indicates (but does not assure) that the
examples are correct.
All CMS implementors must read the CMS
document carefully before implementing from it.
No one should use
the examples in this document as stand-alone explanations of how to
create CMS message bodies.
This document explicitly does not attempt to cover many PKIX [PKIX]
Documents with examples of that format may be forthcoming.
Also, note that [DVCS], which covers PKIX Data Validation and
Certification Server Protocols, has examples of formats for its
The examples shown here were created and validated by many different
people over a long period of time.
Because of this, some of the
dates used in the examples are many years in the past.
This, plus
the fact that some of the certificates in the examples have very long
lifespans, may cause problems in some test situations.
Constants Used in the Examples
This section defines the data used in the rest of the document.
names of the constants indicate their use.
For example,
AlicePrivDSSSign is the private part of Alice's DSS signing key.
- Alice is the creator of the message bodies in this document.
- Bob is the recipient of the messages.
- Carl is a CA.
- Diane sometimes gets involved with these folks.
- Erica also sometimes gets involved.
Content of Documents
ExContent is the following sentence:
This is some sample content.
That is, it is the string of characters starting with "T" up to and
including the ".".
The hex for ExContent is
69 d65 6c e74 656e 742e
The MD5 hash of ExContent is
9898 cac8 fab7 691f f89d c207 24e7 4a04
The SHA-1 hash of ExContent is
406a ec08 5279 ba6e e 87 dd48
Private Keys
The following private keys are needed to create the samples.
the public keys, see the certificates in the next section.
AlicePrivDSSSign =
331: SEQUENCE {
SEQUENCE {
OBJECT IDENTIFIER dsa (1 2 840 )
(ANSI X9.57 algorithm)
SEQUENCE {
00 81 8D CD ED 83 EA 0A 9E 39 3E C2
48 28 A3 E4 47 93 DD 0E D7 A8 0E EC
53 C5 AB 84 08 4F FF 94 E1 73 48 7E
0C D6 F3 44 48 D1 FE 9F AF A4 A1 89
2F E1 D9 30 C8 36 DE 3F 9B BF B7 4C
DC 5F 69 8A E4 75 D0 37 0C 91 08 95
9B DE A7 5E F9 FC F4 9F 2F DD 43 A8
8B 54 F1 3F B0 07 08 47 4D 5D 88 C3
C3 B5 B3 E3 55 08 75 D5 39 76 10 C4
78 BD FF 9D B0 84 97 37 F2 E4 51 1B
B5 E4 09 96 5C F3 7E 5B DB
00 E2 47 A6 1A 45 66 B8 13 C6 DA 8F
B8 37 21 2B 62 8B F7 93 CD
26 38 D0 14 89 32 AA 39 FB 3E 6D D9
4B 59 6A 4C 76 23 39 04 02 35 5C F2
CB 1A 30 C3 1E 50 5D DD 9B 59 E2 CD
AA 05 3D 58 C0 7B A2 36 B8 6E 07 AF
7D 8A 42 25 A7 F4 75 CF 4A 08 5E 4B
3E 90 F8 6D EA 9C C9 21 8A 3B 76 14
E9 CE 2E 5D A3 07 CD 23 85 B8 2F 30
01 7C 6D 49 89 11 89 36 44 BD F8 C8
95 4A 53 56 B5 E2 F9 73 EC 1A 61 36
1F 11 7F C2 BD ED D1 50 FF 98 74 C2
D1 81 4A 60 39 BA 36 39
OCTET STRING, encapsulates {
00 BB 44 46 D1 A5 C9 46 07 2E D0 FE
7A D6 92 07 F0 9A 85 89 3F
AlicePrivRSASign =
630: SEQUENCE {
SEQUENCE {
OBJECT IDENTIFIER
rsaEncryption (1 2 840
OCTET STRING, encapsulates {
SEQUENCE {
00 E0 89 73 39 8D D8 F5 F5 E8 87 76
39 7F 4E B0 05 BB 53 83 DE 0F B7 AB
DC 7D C7 75 29 0D 05 2E 6D 12 DF A6
86 26 D4 D2 6F AA 58 29 FC 97 EC FA
82 51 0F 30 80 BE B1 50 9E 46 44 F1
2C BB D8 32 CF C6 68 6F 07 D9 B0 60
AC BE EE 34 09 6A 13 F5 F7 05 05 93
DF 5E BA 35 56 D9 61 FF 19 7F C9 81
E6 F8 6C EA 87 40 70 EF AC 6D 2C 74
9F 2D FA 55 3A B9 99 77 02 A6 48 52
8C 4E F3 57 38 57 74 57 5F
INTEGER 65537
00 A4 03 C3 27 47 76 34 34 6C A6 86
B5 79 49 01 4B 2E 8A D2 C8 62 B2 C7
D7 48 09 6A 8B 91 F7 36 F2 75 D6 E8
CD 15 90 60 27 31 47 35 64 4D 95 CD
67 63 CE B4 9F 56 AC 2F 37 6E 1C EE
0E BF 28 2D F4 39 90 6F 34 D8 6E 08
5B D5 65 6A D8 41 F3 13 D7 2D 39 5E
FE 33 CB FF 29 E4 03 0B 3D 05 A2 8F
B7 F1 8E A2 76 37 B0 79 57 D3 2F 2B
DE 87 06 22 7D 04 66 5E C9 1B AF 8B
1A C3 EC 91 44 AB 7F 21
00 F6 D6 E0 22 21 4C 5F 0A 70 FF 27
FC E5 B3 50 6A 9D E5 0F B5 85 96 C6
40 FA A8 0A B4 9B 9B 0C 55 C2 01 1D
F9 37 82 8A 14 C8 F2 93 0E 92 CD A5
66 21 B9 3C D2 06 BF B4 55 31 C9 DC
AD CA 98 2D D1
00 E8 DE B0 11 25 09 D2 02 51 01 DE
8A E8 98 50 F5 77 77 61 A4 45 93 6B
08 55 96 73 5D F4 C8 5B 12 93 22 73
8B 7F D3 70 7F F5 A4 AA BB 74 FD 3C
22 6A DA 38 91 2A 86 5B 6C 14 E8 AE
4C 9E FA 8E 2F
00 97 4C F0 87 9B 17 7F EE 1B 83 1B
14 B6 0B 6A 90 5F 86 27 51 E1 B7 A0
7F F5 E4 88 E3 59 B9 F9 1E 9B D3 29
77 38 22 48 D7 22 B1 25 98 BA 3D 59
53 B7 FA 1E 20 B2 C8 51 16 23 75 93
51 E7 AB CD F1
2C F0 24 5B FA A0 CD 85 22 EA D0 6E
4F FA 6C CD 21 D3 C8 E4 F1 84 44 48
64 73 D7 29 8F 7E 46 8C EC 15 DE E4
51 B3 94 E7 2C 99 2D 55 65 7B 24 EA
A3 62 1F 3E 6C 4D 67 41 11 3B E1 BE
E9 83 02 83
58 88 D9 A1 50 38 84 6A AB 03 BC BB
DF 4B F4 9C 6F B8 B4 2A 25 FB F6 E4
05 2F 6E E2 88 89 21 6F 4B 25 9E D0
AB 50 93 CA BF 40 71 EC 21 25 C5 7F
FB 02 E9 21 96 B8 33 CD E2 C6 95 EE
6F 8D 5F 28
BobPrivRSAEncrypt =
645: SEQUENCE {
SEQUENCE {
OBJECT IDENTIFIER
rsaEncryption (1 2 840
OCTET STRING, encapsulates {
SEQUENCE {
00 A9 E1 67 98 3F 39 D5 5F F2 A0 93
41 5E A6 79 89 85 C8 35 5D 9A 91 5B
FB 1D 01 DA 19 70 26 17 0F BD A5 22
D0 35 85 6D 7A 98 66 14 41 5C CF B7
B7 08 3B 09 C9 91 B8 19 69 37 6D F9
65 1E 7B D9 A9 33 24 A3 7F 3B BB AF
46 01 86 36 34 32 CB 07 03 59 52 FC
85 8B 31 04 B8 CC 18 08 14 48 E6 4F
1C FB 5D 60 C4 E0 5C 1F 53 D3 7F 53
D8 69 01 F1 05 F8 7A 70 D1 BE 83 C6
5F 38 CF 1C 2C AA 6A A7 EB
INTEGER 65537
67 CD 48 4C 9A 0D 8F 98 C2 1B 65 FF
22 83 9C 6D F0 A6 06 1D BC ED A7 03
88 94 F2 1C 6B 0F 8B 35 DE 0E 82 78
30 CB E7 BA 6A 56 AD 77 C6 EB 51 79
70 79 0A A0 F4 FE 45 E0 A9 B2 F4 19
DA 87 98 D6 30 84 74 E4 FC 59 6C C1
C6 77 DC A9 91 D0 7C 30 A0 A2 C5 08
5E 21 71 43 FC 0D 07 3D F0 FA 6D 14
9E 4E 63 F0 17 58 79 1C 4B 98 1C 3D
3D B0 1B DF FA 25 3B A3 C0 2C 98 05
F6 10 09 D8 87 DB 03 19
00 D0 C3 22 C6 DE A2 99 18 76 8F 8D
BC A6 75 D6 66 3F D4 8D 45 52 8C 76
F5 72 C4 EB F0 46 9A F1 3E 5C AA 55
0B 9B DA DD 6B 6D F8 FC 3B 3C 08 43
93 B5 5B FE CE EA FD 68 84 23 62 AF
F3 31 C2 B9 E5
00 D0 51 FC 1E 22 B7 5B ED B5 8E 01
C8 D7 AB F2 58 D4 F7 82 94 F3 53 A8
19 45 CB 66 CA 28 19 5F E2 10 2B F3
8F EC 6A 30 74 F8 4D 11 F4 A7 C4 20
B5 47 21 DC 49 01 F9 0A 20 29 F0 24
08 84 60 7D 8F
34 BA 64 C9 48 28 57 74 D7 55 50 DE
6A 48 EF 1B 2A 5A 1C 48 7B 1E 21 59
C3 60 3B 9B 97 A9 C0 EF 18 66 A9 4E
62 52 38 84 CE E5 09 88 48 94 69 C5
20 14 99 5A 57 FE 23 6C E4 A7 23 7B
D0 80 B7 85
00 9E 2F B3 37 9A FB 0B 06 5D 57 E1
09 06 A4 5D D9 90 96 06 05 5F 24 06
40 72 9C 3A 88 85 9C 87 0F 9D 62 12
88 16 68 A8 35 1A 1B 43 E8 38 C0 98
69 AF 03 0A 48 32 04 4E E9 0F 8F 77
7D 34 30 25 07
57 18 67 D6 0A D2 B5 AB C2 BA 7A E7
54 DA 9C 05 4F 81 D4 EF 01 89 1E 32
3D 69 CB 31 C4 52 C8 54 55 25 00 3B
1C 2A 7C 26 50 D5 E9 A6 D7 77 CB CF
15 F5 EE 0B D5 8D EE B3 AF 4C A1 7C
63 46 41 F6
SEQUENCE {
OBJECT IDENTIFIER keyUsage (2 5 29 15)
(X.509 id-ce (2 5 29))
BIT STRING 0 unused bits
''B (bit 3)
Error: Spurious zero bits in bitstring.
CarlPrivDSSSign =
330: SEQUENCE {
SEQUENCE {
OBJECT IDENTIFIER dsa (1 2 840 )
(ANSI X9.57 algorithm)
SEQUENCE {
00 B6 49 18 3E 8A 44 C1 29 71 94 4C
01 C4 12 C1 7A 79 CB 54 4D AB 1E 81
FB C6 4C B3 0E 94 09 06 EB 01 D4 B1
C8 71 4B C7 45 C0 50 25 5D 9C FC DA
E4 6D D3 E2 86 48 84 82 7D BA 15 95
4A 16 F6 46 ED DD F6 98 D2 BB 7E 8A
0A 8A BA 16 7B B9 50 01 48 93 8B EB
25 15 51 97 55 DC 8F 53 0E 10 A9 50
FC 70 B7 CD 30 54 FD DA DE A8 AA 22
B5 A1 AF 8B CC 02 88 E7 8B 70 5F B9
AD E1 08 D4 6D 29 2D D6 E9
00 DD C1 2F DF 53 CE 0B 34 60 77 3E
02 A4 BF 8A 5D 98 B9 10 D5
0C EE 57 9B 4B BD DA B6 07 6A 74 37
4F 55 7F 9D ED BC 61 0D EB 46 59 3C
56 0B 2B 5B 0C 91 CE A5 62 52 69 CA
E1 6D 3E BD BF FE E1 B7 B9 2B 61 3C
AD CB AE 45 E3 06 AC 8C 22 9D 9C 44
87 0B C7 CD F0 1C D9 B5 4E 5D 73 DE
AF 0E C9 1D 5A 51 F5 4F 44 79 35 5A
73 AA 7F 46 51 1F A9 42 16 9C 48 EB
8A 79 61 B4 D5 2F 53 22 44 63 1F 86
B8 A3 58 06 25 F8 29 C0 EF BA E0 75
F0 42 C4 63 65 52 9B 0A
OCTET STRING, encapsulates {
19 B3 38 A5 21 62 31 50 E5 7F B9 3E
08 46 78 D1 3E B5 E5 72
CarlPrivRSASign =
630: SEQUENCE {
SEQUENCE {
OBJECT IDENTIFIER
rsaEncryption (1 2 840
OCTET STRING, encapsulates {
SEQUENCE {
00 E4 4B FF 18 B8 24 57 F4 77 FF 6E
73 7B 93 71 5C BC 33 1A 92 92 72 23
D8 41 46 D0 CD 11 3A 04 B3 8E AF 82
9D BD 51 1E 17 7A F2 76 2C 2B 86 39
A7 BD D7 8D 1A 53 EC E4 00 D5 E8 EC
A2 36 B1 ED E2 50 E2 32 09 8A 3F 9F
99 25 8F B8 4E AB B9 7D D5 96 65 DA
16 A0 C5 BE 0E AE 44 5B EF 5E F4 A7
29 CB 82 DD AC 44 E9 AA 93 94 29 0E
F8 18 D6 C8 57 5E F2 76 C4 F2 11 60
38 B9 1B 3C 1D 97 C9 6A F1
INTEGER 65537
00 AE 73 E4 5B 5F 5B 66 5A C9 D7 C6
EF 38 5F 53 21 2A 2F 62 FE DE 29 9A
7A 86 67 36 E7 7D 62 78 75 3D 73 A0
BC 29 0E F3 8F BD C3 C9 C9 B6 F8 BA
D6 13 9B C3 97 7A CA 6A F0 B8 85 65
4E 0F BD A7 A8 F7 54 06 41 BD EB DC
20 77 90 DF 61 9B 9A 6F 74 DE EA 3B
D4 9C 87 60 ED 76 84 F1 6A 30 37 D5
E0 90 16 F8 80 47 C3 19 6B ED 75 77
BA 4A ED 39 B6 5D 02 47 3B 5F 1B C8
1C AB CB E8 F5 26 3F A4 81
00 FF DF 09 A0 56 0B 42 52 9E C4 4D
93 B3 B0 49 BB DE E7 81 7D 28 99 D0
B1 48 BA 0B 39 E1 1C 7B 22 18 33 B6
40 F6 BF DC AE 1D D0 A1 AD 04 71 5A
61 0A 6E 3B CE 30 DA 36 9F 65 25 29
BB A7 0E 7F 0B
00 E4 69 68 18 5F F9 57 D0 7C 66 89
0F BA 63 1D 72 CB 20 A4 81 76 64 89
CD 7D D1 C2 27 A9 2E AC 7A 56 9A 85
07 D9 30 03 A3 03 AB 7F 88 92 50 24
01 AA 1B 07 1F 20 4C B7 C9 7B 56 F7
B6 C2 7E AB 73
57 36 6C 8F 8C 04 76 6C B6 D4 EE 24
44 00 F8 80 E2 AF 42 01 A9 0F 14 84
F8 E7 00 E0 8F 8C 27 A4 2D 5F A2 E5
6D B5 63 C0 AD 44 E9 76 91 A7 19 49
2E 46 F8 77 85 4B 3B 87 04 F0 AF D2
D8 54 26 95
64 A1 0F AC 55 74 1B BD 0D 61 7B 17
03 CD B0 E6 A7 19 1D 80 AF F1 41 48
D8 1A B6 88 14 A0 2C 7A C5 76 D4 0F
0E 1F 7A 2A B2 6E 37 04 AB 39 45 73
BA 46 A8 0F 8D 82 5F 22 14 05 CF A2
A3 F3 7C 83
26 1E 1D 1C A1 98 2B E4 DB 38 E8 57
6E 6B 73 19 88 61 3A FA 74 4A 36 8B
47 68 5D 50 EB 26 E3 EA 7D 9B 4E 65
A9 AF 7B AB 4B 2E 76 51 3D A8 D0 11
AB A3 D6 A8 C0 27 36 1D 54 0B AA A7
D1 6D 8D FA
DianePrivDSSSign =
331: SEQUENCE {
SEQUENCE {
OBJECT IDENTIFIER dsa (1 2 840 )
(ANSI X9.57 algorithm)
SEQUENCE {
00 B6 49 18 3E 8A 44 C1 29 71 94 4C
01 C4 12 C1 7A 79 CB 54 4D AB 1E 81
FB C6 4C B3 0E 94 09 06 EB 01 D4 B1
C8 71 4B C7 45 C0 50 25 5D 9C FC DA
E4 6D D3 E2 86 48 84 82 7D BA 15 95
4A 16 F6 46 ED DD F6 98 D2 BB 7E 8A
0A 8A BA 16 7B B9 50 01 48 93 8B EB
25 15 51 97 55 DC 8F 53 0E 10 A9 50
FC 70 B7 CD 30 54 FD DA DE A8 AA 22
B5 A1 AF 8B CC 02 88 E7 8B 70 5F B9
AD E1 08 D4 6D 29 2D D6 E9
00 DD C1 2F DF 53 CE 0B 34 60 77 3E
02 A4 BF 8A 5D 98 B9 10 D5
0C EE 57 9B 4B BD DA B6 07 6A 74 37
4F 55 7F 9D ED BC 61 0D EB 46 59 3C
56 0B 2B 5B 0C 91 CE A5 62 52 69 CA
E1 6D 3E BD BF FE E1 B7 B9 2B 61 3C
AD CB AE 45 E3 06 AC 8C 22 9D 9C 44
87 0B C7 CD F0 1C D9 B5 4E 5D 73 DE
AF 0E C9 1D 5A 51 F5 4F 44 79 35 5A
73 AA 7F 46 51 1F A9 42 16 9C 48 EB
8A 79 61 B4 D5 2F 53 22 44 63 1F 86
B8 A3 58 06 25 F8 29 C0 EF BA E0 75
F0 42 C4 63 65 52 9B 0A
OCTET STRING, encapsulates {
00 96 95 F9 E0 C1 E0 41 2D 32 0F 8B
42 52 93 2A E6 1E 0E 21 29
DianePrivRSASignEncrypt =
631: SEQUENCE {
SEQUENCE {
OBJECT IDENTIFIER
rsaEncryption (1 2 840
OCTET STRING, encapsulates {
SEQUENCE {
00 D6 FD B8 C0 70 C6 4C 25 EC EA CF
EA 7C BB A2 62 FA F0 E6 32 3A 53 FF
B1 92 5A 17 F4 20 E1 99 24 82 0A D0
F6 7C FB 44 CA 8B 27 06 F1 7E 26 03
A9 76 9D CF EC A0 2C 70 96 F2 83 42
F6 D4 B7 28 0A BB F8 BF 4A 4C 19 3F
07 DB A0 C1 60 1E B7 7E 67 F7 DE B1
C3 60 49 AC 45 D7 F8 C6 EF 08 37 21
93 47 EE F0 73 35 72 B0 02 C4 F3 11
C3 5E 47 E5 0A B7 83 F1 DB 74 69 64
8B 44 1D 95 5D CD 28 C0 85
INTEGER 65537
3D BD CD C2 0E 61 14 5B 4B E7 BF 60
23 04 2B C5 6B 35 A5 96 45 23 FC 69
7D 93 3C 0F D3 25 96 BA 62 52 42 E2
96 CF FE 58 80 8F EB B1 8C BD D4 0D
65 D0 3A 77 45 24 9E 0C EB 86 80 C3
AC 21 11 71 44 E3 B2 A8 A9 2E AC 17
D2 A3 84 25 63 B5 BC 2F 1E DD F6 21
FF 15 20 24 5B F1 80 2F D5 41 0E 32
24 F7 D4 4A 32 9E B9 49 D8 19 8E 3F
39 8D 62 BD 80 FC 0C 24 92 93 E4 C3
D7 05 91 53 BB 96 B6 41
00 F3 B8 3F 4A D1 94 B0 91 60 13 41
92 0D 8D 44 3F 77 1D FF 96 23 44 08
D4 0B 70 C9 1A AF E9 90 94 F2 B0 D5
5F 4F 19 85 50 A1 90 91 AE BD 05 76
52 B3 22 D8 A8 7C 8E 54 7F 00 72 4F
36 75 68 73 B5
00 E1 D2 E7 11 57 06 AE 72 95 22 16
AA 02 B4 5A ED 4E 9D 82 11 4F 96 3C
86 C9 10 8D 56 7B 31 75 79 69 E7 75
68 38 00 4B 2E D2 26 32 DD B1 E2 E0
2C 54 80 0A 75 BA D1 66 96 1B B0 0E
A0 7E D2 BB 91
00 AF B6 BC DB 22 73 43 41 EC B4 B5
67 A9 A1 99 FC EF D2 8E FD 1D FB E5
29 8B FE 0A DF D4 C8 5E 57 25 0A 5D
2B D4 09 A0 56 5B C5 B1 62 FC 20 BE
08 2D E3 07 B5 A1 E7 B3 FF C4 C0 A5
5F AC 12 5C A9
00 B9 98 41 FC 08 50 1F 73 60 8A 01
A2 7C 52 8A 20 5A EA 2C 89 D9 A5 19
DD 94 C6 1B C3 25 C0 82 51 E4 EE 2B
9A 19 DC 73 ED E9 1D 27 D4 F8 6C 03
DD AB 1D 08 7B B5 AC 7F E9 82 9B F1
89 8A 71 DB 61
01 07 21 97 5F 7A 60 A8 FD 5A 5C 07
DF A8 DE F7 E2 B1 34 7D FC EB 91 BD
B0 73 74 C8 C4 BE 3F 58 45 30 06 90
B3 AC 69 CC B3 F7 3F 7C AC C7 B8 1B
65 A1 16 39 39 B0 E3 74 7D CF CD C5
AC 6C BF E5
Certificates
AliceDSSSignByCarlNoInherit =
732: SEQUENCE {
SEQUENCE {
INTEGER 200
SEQUENCE {
OBJECT IDENTIFIER dsaWithSha1 (1 2 840 )
(ANSI X9.57 algorithm)
SEQUENCE {
SEQUENCE {
OBJECT IDENTIFIER commonName (2 5 4 3)
(X.520 id-at (2 5 4))
PrintableString 'CarlDSS'
SEQUENCE {
UTCTime 'Z'
UTCTime 'Z'
SEQUENCE {
SEQUENCE {
OBJECT IDENTIFIER commonName (2 5 4 3)
(X.520 id-at (2 5 4))
PrintableString 'AliceDSS'
SEQUENCE {
SEQUENCE {
OBJECT IDENTIFIER dsa (1 2 840 )
(ANSI X9.57 algorithm)
SEQUENCE {
00 81 8D CD ED 83 EA 0A 9E 39 3E C2
48 28 A3 E4 47 93 DD 0E D7 A8 0E EC
53 C5 AB 84 08 4F FF 94 E1 73 48 7E
0C D6 F3 44 48 D1 FE 9F AF A4 A1 89
2F E1 D9 30 C8 36 DE 3F 9B BF B7 4C
DC 5F 69 8A E4 75 D0 37 0C 91 08 95
9B DE A7 5E F9 FC F4 9F 2F DD 43 A8
8B 54 F1 3F B0 07 08 47 4D 5D 88 C3
C3 B5 B3 E3 55 08 75 D5 39 76 10 C4
78 BD FF 9D B0 84 97 37 F2 E4 51 1B
B5 E4 09 96 5C F3 7E 5B DB
00 E2 47 A6 1A 45 66 B8 13 C6 DA 8F
B8 37 21 2B 62 8B F7 93 CD
26 38 D0 14 89 32 AA 39 FB 3E 6D D9
4B 59 6A 4C 76 23 39 04 02 35 5C F2
CB 1A 30 C3 1E 50 5D DD 9B 59 E2 CD
AA 05 3D 58 C0 7B A2 36 B8 6E 07 AF
7D 8A 42 25 A7 F4 75 CF 4A 08 5E 4B
3E 90 F8 6D EA 9C C9 21 8A 3B 76 14
E9 CE 2E 5D A3 07 CD 23 85 B8 2F 30
01 7C 6D 49 89 11 89 36 44 BD F8 C8
95 4A 53 56 B5 E2 F9 73 EC 1A 61 36
1F 11 7F C2 BD ED D1 50 FF 98 74 C2
D1 81 4A 60 39 BA 36 39
BIT STRING 0 unused bits, encapsulates {
5C E3 B9 5A 75 14 96 0B A9 7A DD E3
3F A9 EC AC 5E DC BD B7 13 11 34 A6
16 89 28 11 23 D9 34 86 67 75 75 13
12 3D 43 5B 6F E5 51 BF FA 89 F2 A2
1B 3E 24 7D 3D 07 8D 5B 63 C8 BB 45
A5 A0 4A E3 85 D6 CE 06 80 3F E8 23
7E 1A F2 24 AB 53 1A B8 27 0D 1E EF
08 BF 66 14 80 5C 62 AC 65 FA 15 8B
F1 BB 34 D4 D2 96 37 F6 61 47 B2 C4
32 84 F0 7E 41 40 FD 46 A7 63 4E 33
F2 A5 E2 F4 F2 83 E5 B8
SEQUENCE {
SEQUENCE {
OBJECT IDENTIFIER
basicConstraints (2 5 29 19)
(X.509 id-ce (2 5 29))
BOOLEAN TRUE
OCTET STRING, encapsulates {
SEQUENCE {}
SEQUENCE {
OBJECT IDENTIFIER keyUsage (2 5 29 15)
(X.509 id-ce (2 5 29))
BOOLEAN TRUE
OCTET STRING, encapsulates {
BIT STRING 6 unused bits
SEQUENCE {
OBJECT IDENTIFIER
authorityKeyIdentifier (2 5 29 35)
(X.509 id-ce (2 5 29))
OCTET STRING, encapsulates {
SEQUENCE {
70 44 3E 82 2E 6F 87 DE 4A D3 75 E3
3D 20 BC 43 2B 93 F1 1F
SEQUENCE {
OBJECT IDENTIFIER
subjectKeyIdentifier (2 5 29 14)
(X.509 id-ce (2 5 29))
OCTET STRING, encapsulates {
OCTET STRING
BE 6C A1 B3 E3 C1 F7 ED 43 70 A4 CE
13 01 E2 FD E3 97 FE CD
SEQUENCE {
OBJECT IDENTIFIER subjectAltName (2 5 29 17)
(X.509 id-ce (2 5 29))
OCTET STRING, encapsulates {
SEQUENCE {
SEQUENCE {
OBJECT IDENTIFIER dsaWithSha1 (1 2 840 )
(ANSI X9.57 algorithm)
BIT STRING 0 unused bits, encapsulates {
SEQUENCE {
55 0C A4 19 1F 42 2B 89 71 22 33 8D
83 6A B5 3D 67 6B BF 45
00 9F 61 53 52 54 0B 5C B2 DD DA E7
76 1D E2 10 52 5B 43 5E BD
AliceRSASignByCarl =
556: SEQUENCE {
SEQUENCE {
46 34 6B C7 80 00 56 BC 11 D3 6E 2E
C4 10 B3 B0
SEQUENCE {
OBJECT IDENTIFIER
sha1withRSAEncryption (1 2 840
SEQUENCE {
SEQUENCE {
OBJECT IDENTIFIER commonName (2 5 4 3)
(X.520 id-at (2 5 4))
PrintableString 'CarlRSA'
SEQUENCE {
UTCTime 'Z'
UTCTime 'Z'
SEQUENCE {
SEQUENCE {
OBJECT IDENTIFIER commonName (2 5 4 3)
(X.520 id-at (2 5 4))
PrintableString 'AliceRSA'
SEQUENCE {
SEQUENCE {
OBJECT IDENTIFIER
rsaEncryption (1 2 840
BIT STRING 0 unused bits, encapsulates {
SEQUENCE {
00 E0 89 73 39 8D D8 F5 F5 E8 87 76
39 7F 4E B0 05 BB 53 83 DE 0F B7 AB
DC 7D C7 75 29 0D 05 2E 6D 12 DF A6
86 26 D4 D2 6F AA 58 29 FC 97 EC FA
82 51 0F 30 80 BE B1 50 9E 46 44 F1
2C BB D8 32 CF C6 68 6F 07 D9 B0 60
AC BE EE 34 09 6A 13 F5 F7 05 05 93
DF 5E BA 35 56 D9 61 FF 19 7F C9 81
E6 F8 6C EA 87 40 70 EF AC 6D 2C 74
9F 2D FA 55 3A B9 99 77 02 A6 48 52
8C 4E F3 57 38 57 74 57 5F
INTEGER 65537
SEQUENCE {
SEQUENCE {
OBJECT IDENTIFIER
basicConstraints (2 5 29 19)
(X.509 id-ce (2 5 29))
BOOLEAN TRUE
OCTET STRING, encapsulates {
SEQUENCE {}
SEQUENCE {
OBJECT IDENTIFIER keyUsage (2 5 29 15)
(X.509 id-ce (2 5 29))
BOOLEAN TRUE
OCTET STRING, encapsulates {
BIT STRING 6 unused bits
SEQUENCE {
OBJECT IDENTIFIER
authorityKeyIdentifier (2 5 29 35)
(X.509 id-ce (2 5 29))
OCTET STRING, encapsulates {
SEQUENCE {
E9 E0 90 27 AC 78 20 7A 9A D3 4C F2
42 37 4E 22 AE 9E 38 BB
SEQUENCE {
OBJECT IDENTIFIER
subjectKeyIdentifier (2 5 29 14)
(X.509 id-ce (2 5 29))
OCTET STRING, encapsulates {
OCTET STRING
77 D2 B4 D1 B7 4C 8A 8A A3 CE 45 9D
CE EC 3C A0 3A E3 FF 50
SEQUENCE {
OBJECT IDENTIFIER subjectAltName (2 5 29 17)
(X.509 id-ce (2 5 29))
OCTET STRING, encapsulates {
SEQUENCE {
SEQUENCE {
OBJECT IDENTIFIER
sha1withRSAEncryption (1 2 840
BIT STRING 0 unused bits
3E 70 47 A8 48 CC 13 58 8F CA 51 71
6B 4E 36 18 5D 04 7E 80 B1 8D 4D CC
CA A3 8F CC 7D 56 C8 BC CF 6E B3 1C
59 A9 20 AA 05 81 A8 4E 25 AD A7 70
14 75 2F F5 C7 9B D1 0E E9 63 D2 64
B7 C6 66 6E 73 21 54 DF F4 BA 25 5D
7D 49 D3 94 6B 22 36 74 73 B8 4A EC
2F 64 ED D3 3D D2 A7 42 C5 E8 37 8A
B4 DB 9F 67 E4 BD 9F F9 FE 74 EF EA
F9 EE 63 6A D8 3F 4B 25 09 B5 D8 1A
76 AE EB 9B DB 49 B0 22
BobRSASignByCarl =
551: SEQUENCE {
SEQUENCE {
46 34 6B C7 80 00 56 BC 11 D3 6E 2E
CD 5D 71 D0
SEQUENCE {
OBJECT IDENTIFIER
sha1withRSAEncryption (1 2 840
SEQUENCE {
SEQUENCE {
OBJECT IDENTIFIER commonName (2 5 4 3)
(X.520 id-at (2 5 4))
PrintableString 'CarlRSA'
SEQUENCE {
UTCTime 'Z'
UTCTime 'Z'
SEQUENCE {
SEQUENCE {
OBJECT IDENTIFIER commonName (2 5 4 3)
(X.520 id-at (2 5 4))
PrintableString 'BobRSA'
SEQUENCE {
SEQUENCE {
OBJECT IDENTIFIER
rsaEncryption (1 2 840
BIT STRING 0 unused bits, encapsulates {
SEQUENCE {
00 A9 E1 67 98 3F 39 D5 5F F2 A0 93
41 5E A6 79 89 85 C8 35 5D 9A 91 5B
FB 1D 01 DA 19 70 26 17 0F BD A5 22
D0 35 85 6D 7A 98 66 14 41 5C CF B7
B7 08 3B 09 C9 91 B8 19 69 37 6D F9
65 1E 7B D9 A9 33 24 A3 7F 3B BB AF
46 01 86 36 34 32 CB 07 03 59 52 FC
85 8B 31 04 B8 CC 18 08 14 48 E6 4F
1C FB 5D 60 C4 E0 5C 1F 53 D3 7F 53
D8 69 01 F1 05 F8 7A 70 D1 BE 83 C6
5F 38 CF 1C 2C AA 6A A7 EB
INTEGER 65537
SEQUENCE {
SEQUENCE {
OBJECT IDENTIFIER
basicConstraints (2 5 29 19)
(X.509 id-ce (2 5 29))
BOOLEAN TRUE
OCTET STRING, encapsulates {
SEQUENCE {}
SEQUENCE {
OBJECT IDENTIFIER keyUsage (2 5 29 15)
(X.509 id-ce (2 5 29))
BOOLEAN TRUE
OCTET STRING, encapsulates {
BIT STRING 5 unused bits
'100'B (bit 2)
SEQUENCE {
OBJECT IDENTIFIER
authorityKeyIdentifier (2 5 29 35)
(X.509 id-ce (2 5 29))
OCTET STRING, encapsulates {
SEQUENCE {
E9 E0 90 27 AC 78 20 7A 9A D3 4C F2
42 37 4E 22 AE 9E 38 BB
SEQUENCE {
OBJECT IDENTIFIER
subjectKeyIdentifier (2 5 29 14)
(X.509 id-ce (2 5 29))
OCTET STRING, encapsulates {
OCTET STRING
E8 F4 B8 67 D8 B3 96 A4 2A F3 11 AA
29 D3 95 5A 86 16 B4 24
SEQUENCE {
OBJECT IDENTIFIER subjectAltName (2 5 29 17)
(X.509 id-ce (2 5 29))
OCTET STRING, encapsulates {
SEQUENCE {
SEQUENCE {
OBJECT IDENTIFIER
sha1withRSAEncryption (1 2 840
BIT STRING 0 unused bits
7B 8E 66 C5 F1 10 3F 10 20 4C 88 71
AB 7B 40 6B 21 33 FA 4A 95 DE 9D 0E
5B 6B 94 21 05 C0 F2 E1 7E 2A CD 9C
93 88 87 FB 8B B7 7E 7D 41 61 E1 E4
D6 6D F9 E2 04 55 61 45 BC 64 27 44
C0 A1 BD 59 79 D9 1D 64 3C 21 D6 45
B0 5D 68 33 92 EA AC F1 57 E5 81 7D
98 E6 35 91 A3 39 DE 77 F4 E8 1C 3B
29 DC 7F 51 07 97 F3 36 F0 50 0A DD
9B DE B6 5E 38 11 2B FB 57 EA 89 6D
AD C9 88 D8 8F CF 2B D3
CarlDSSSelf =
667: SEQUENCE {
SEQUENCE {
SEQUENCE {
OBJECT IDENTIFIER dsaWithSha1 (1 2 840 )
(ANSI X9.57 algorithm)
SEQUENCE {
SEQUENCE {
OBJECT IDENTIFIER commonName (2 5 4 3)
(X.520 id-at (2 5 4))
PrintableString 'CarlDSS'
SEQUENCE {
UTCTime 'Z'
UTCTime 'Z'
SEQUENCE {
SEQUENCE {
OBJECT IDENTIFIER commonName (2 5 4 3)
(X.520 id-at (2 5 4))
PrintableString 'CarlDSS'
SEQUENCE {
SEQUENCE {
OBJECT IDENTIFIER dsa (1 2 840 )
(ANSI X9.57 algorithm)
SEQUENCE {
00 B6 49 18 3E 8A 44 C1 29 71 94 4C
01 C4 12 C1 7A 79 CB 54 4D AB 1E 81
FB C6 4C B3 0E 94 09 06 EB 01 D4 B1
C8 71 4B C7 45 C0 50 25 5D 9C FC DA
E4 6D D3 E2 86 48 84 82 7D BA 15 95
4A 16 F6 46 ED DD F6 98 D2 BB 7E 8A
0A 8A BA 16 7B B9 50 01 48 93 8B EB
25 15 51 97 55 DC 8F 53 0E 10 A9 50
FC 70 B7 CD 30 54 FD DA DE A8 AA 22
B5 A1 AF 8B CC 02 88 E7 8B 70 5F B9
AD E1 08 D4 6D 29 2D D6 E9
00 DD C1 2F DF 53 CE 0B 34 60 77 3E
02 A4 BF 8A 5D 98 B9 10 D5
0C EE 57 9B 4B BD DA B6 07 6A 74 37
4F 55 7F 9D ED BC 61 0D EB 46 59 3C
56 0B 2B 5B 0C 91 CE A5 62 52 69 CA
E1 6D 3E BD BF FE E1 B7 B9 2B 61 3C
AD CB AE 45 E3 06 AC 8C 22 9D 9C 44
87 0B C7 CD F0 1C D9 B5 4E 5D 73 DE
AF 0E C9 1D 5A 51 F5 4F 44 79 35 5A
73 AA 7F 46 51 1F A9 42 16 9C 48 EB
8A 79 61 B4 D5 2F 53 22 44 63 1F 86
B8 A3 58 06 25 F8 29 C0 EF BA E0 75
F0 42 C4 63 65 52 9B 0A
BIT STRING 0 unused bits, encapsulates {
00 99 87 74 27 03 66 A0 B1 C0 AD DC
2C 75 BB E1 6C 44 9C DA 21 6D 4D 47
6D B1 62 09 E9 D8 AE 1E F2 3A B4 94
B1 A3 8E 7A 9B 71 4E 00 94 C9 B4 25
4E B9 60 96 19 24 01 F3 62 0C FE 75
C0 FB CE D8 68 00 E3 FD D5 70 4F DF
23 96 19 06 94 F4 B1 61 8F 3A 57 B1
08 11 A4 0B 26 25 F0 52 76 81 EA 0B
62 0D 95 2A E6 86 BA 72 B2 A7 50 83
0B AA 27 CD 1B A9 4D 89 9A D7 8D 18
39 84 3F 8B C5 56 4D 80 7A
SEQUENCE {
SEQUENCE {
OBJECT IDENTIFIER
basicConstraints (2 5 29 19)
(X.509 id-ce (2 5 29))
BOOLEAN TRUE
OCTET STRING, encapsulates {
SEQUENCE {
BOOLEAN TRUE
SEQUENCE {
OBJECT IDENTIFIER keyUsage (2 5 29 15)
(X.509 id-ce (2 5 29))
BOOLEAN TRUE
OCTET STRING, encapsulates {
BIT STRING 1 unused bits
'1100001'B
SEQUENCE {
OBJECT IDENTIFIER
subjectKeyIdentifier (2 5 29 14)
(X.509 id-ce (2 5 29))
OCTET STRING, encapsulates {
OCTET STRING
70 44 3E 82 2E 6F 87 DE 4A D3 75 E3
3D 20 BC 43 2B 93 F1 1F
SEQUENCE {
OBJECT IDENTIFIER dsaWithSha1 (1 2 840 )
(ANSI X9.57 algorithm)
BIT STRING 0 unused bits, encapsulates {
SEQUENCE {
6B A9 F0 4E 7A 5A 79 E3 F9 BE 3D 2B
C9 06 37 E9 11 17 A1 13
00 8F 34 69 2A 8B B1 3C 03 79 94 32
4D 12 1F CE 89 FB 46 B2 3B
CarlRSASelf =
491: SEQUENCE {
SEQUENCE {
46 34 6B C7 80 00 56 BC 11 D3 6E 2E
9F F2 50 20
SEQUENCE {
OBJECT IDENTIFIER
sha1withRSAEncryption (1 2 840
SEQUENCE {
SEQUENCE {
OBJECT IDENTIFIER commonName (2 5 4 3)
(X.520 id-at (2 5 4))
PrintableString 'CarlRSA'
SEQUENCE {
UTCTime 'Z'
UTCTime 'Z'
SEQUENCE {
SEQUENCE {
OBJECT IDENTIFIER commonName (2 5 4 3)
(X.520 id-at (2 5 4))
PrintableString 'CarlRSA'
SEQUENCE {
SEQUENCE {
OBJECT IDENTIFIER
rsaEncryption (1 2 840
BIT STRING 0 unused bits, encapsulates {
SEQUENCE {
00 E4 4B FF 18 B8 24 57 F4 77 FF 6E
73 7B 93 71 5C BC 33 1A 92 92 72 23
D8 41 46 D0 CD 11 3A 04 B3 8E AF 82
9D BD 51 1E 17 7A F2 76 2C 2B 86 39
A7 BD D7 8D 1A 53 EC E4 00 D5 E8 EC
A2 36 B1 ED E2 50 E2 32 09 8A 3F 9F
99 25 8F B8 4E AB B9 7D D5 96 65 DA
16 A0 C5 BE 0E AE 44 5B EF 5E F4 A7
29 CB 82 DD AC 44 E9 AA 93 94 29 0E
F8 18 D6 C8 57 5E F2 76 C4 F2 11 60
38 B9 1B 3C 1D 97 C9 6A F1
INTEGER 65537
SEQUENCE {
SEQUENCE {
OBJECT IDENTIFIER
basicConstraints (2 5 29 19)
(X.509 id-ce (2 5 29))
BOOLEAN TRUE
OCTET STRING, encapsulates {
SEQUENCE {
BOOLEAN TRUE
SEQUENCE {
OBJECT IDENTIFIER keyUsage (2 5 29 15)
(X.509 id-ce (2 5 29))
BOOLEAN TRUE
OCTET STRING, encapsulates {
BIT STRING 1 unused bits
'1100001'B
SEQUENCE {
OBJECT IDENTIFIER
subjectKeyIdentifier (2 5 29 14)
(X.509 id-ce (2 5 29))
OCTET STRING, encapsulates {
OCTET STRING
E9 E0 90 27 AC 78 20 7A 9A D3 4C F2
42 37 4E 22 AE 9E 38 BB
SEQUENCE {
OBJECT IDENTIFIER
sha1withRSAEncryption (1 2 840
BIT STRING 0 unused bits
B7 9E D4 04 D3 ED 29 E4 FF 89 89 15
2E 4C DB 0C F0 48 0F 32 61 EE C4 04
EC 12 5D 2D FF 0F 64 59 7E 0A C3 ED
18 FD E3 56 40 37 A7 07 B5 F0 38 12
61 50 ED EF DD 3F E3 0B B8 61 A5 A4
9B 3C E6 9E 9C 54 9A B6 95 D6 DA 6C
3B B5 2D 45 35 9D 49 01 76 FA B9 B9
31 F9 F9 6B 12 53 A0 F5 14 60 9B 7D
CA 3E F2 53 6B B0 37 6F AD E6 74 D7
DB FA 5A EA 14 41 63 5D CD BE C8 0E
C1 DA 6A 8D 53 34 18 02
DianeDSSSignByCarlInherit =
440: SEQUENCE {
SEQUENCE {
INTEGER 210
SEQUENCE {
OBJECT IDENTIFIER dsaWithSha1 (1 2 840 )
(ANSI X9.57 algorithm)
SEQUENCE {
SEQUENCE {
OBJECT IDENTIFIER commonName (2 5 4 3)
(X.520 id-at (2 5 4))
PrintableString 'CarlDSS'
SEQUENCE {
UTCTime 'Z'
UTCTime 'Z'
SEQUENCE {
SEQUENCE {
OBJECT IDENTIFIER commonName (2 5 4 3)
(X.520 id-at (2 5 4))
PrintableString 'DianeDSS'
SEQUENCE {
SEQUENCE {
OBJECT IDENTIFIER dsa (1 2 840 )
(ANSI X9.57 algorithm)
BIT STRING 0 unused bits, encapsulates {
00 A0 00 17 78 2C EE 7E 81 53 2E 2E
61 08 0F A1 9B 51 52 1A DA 59 A8 73
2F 12 25 B6 08 CB CA EF 2A 44 76 8A
52 09 EA BD 05 22 D5 0F F6 FD 46 D7
AF 99 38 09 0E 13 CB 4F 2C DD 1C 34
F7 1C BF 25 FF 23 D3 3B 59 E7 82 97
37 BE 31 24 D8 18 C8 F3 49 39 5B B7
E2 E5 27 7E FC 8C 45 72 5B 7E 3E 8F
68 4D DD 46 7A 22 BE 8E FF CC DA 39
29 A3 39 E5 9F 43 E9 55 C9 D7 5B A6
81 67 CC C0 AA CD 2E C5 23
SEQUENCE {
SEQUENCE {
OBJECT IDENTIFIER
basicConstraints (2 5 29 19)
(X.509 id-ce (2 5 29))
BOOLEAN TRUE
OCTET STRING, encapsulates {
SEQUENCE {}
SEQUENCE {
OBJECT IDENTIFIER keyUsage (2 5 29 15)
(X.509 id-ce (2 5 29))
BOOLEAN TRUE
OCTET STRING, encapsulates {
BIT STRING 6 unused bits
SEQUENCE {
OBJECT IDENTIFIER
authorityKeyIdentifier (2 5 29 35)
(X.509 id-ce (2 5 29))
OCTET STRING, encapsulates {
SEQUENCE {
70 44 3E 82 2E 6F 87 DE 4A D3 75 E3
3D 20 BC 43 2B 93 F1 1F
SEQUENCE {
OBJECT IDENTIFIER
subjectKeyIdentifier (2 5 29 14)
(X.509 id-ce (2 5 29))
OCTET STRING, encapsulates {
OCTET STRING
64 30 99 7D 5C DC 45 0B 99 3A 52 2F
16 BF 58 50 DD CE 2B 18
SEQUENCE {
OBJECT IDENTIFIER subjectAltName (2 5 29 17)
(X.509 id-ce (2 5 29))
OCTET STRING, encapsulates {
SEQUENCE {
SEQUENCE {
OBJECT IDENTIFIER dsaWithSha1 (1 2 840 )
(ANSI X9.57 algorithm)
BIT STRING 0 unused bits, encapsulates {
SEQUENCE {
00 A1 1A F8 17 0E 3E 5D A8 8C F4 B6
55 33 1E 4B E3 2C AC B9 5F
28 4B 10 45 58 D2 1C 9D 55 35 14 18
91 B2 3F 39 DF B5 6E D3
DianeRSASignByCarl =
556: SEQUENCE {
SEQUENCE {
46 34 6B C7 80 00 56 BC 11 D3 6E 2E
D5 9A 30 90
SEQUENCE {
OBJECT IDENTIFIER
sha1withRSAEncryption (1 2 840
SEQUENCE {
SEQUENCE {
OBJECT IDENTIFIER commonName (2 5 4 3)
(X.520 id-at (2 5 4))
PrintableString 'CarlRSA'
SEQUENCE {
UTCTime 'Z'
UTCTime 'Z'
SEQUENCE {
SEQUENCE {
OBJECT IDENTIFIER commonName (2 5 4 3)
(X.520 id-at (2 5 4))
PrintableString 'DianeRSA'
SEQUENCE {
SEQUENCE {
OBJECT IDENTIFIER
rsaEncryption (1 2 840
BIT STRING 0 unused bits, encapsulates {
SEQUENCE {
00 D6 FD B8 C0 70 C6 4C 25 EC EA CF
EA 7C BB A2 62 FA F0 E6 32 3A 53 FF
B1 92 5A 17 F4 20 E1 99 24 82 0A D0
F6 7C FB 44 CA 8B 27 06 F1 7E 26 03
A9 76 9D CF EC A0 2C 70 96 F2 83 42
F6 D4 B7 28 0A BB F8 BF 4A 4C 19 3F
07 DB A0 C1 60 1E B7 7E 67 F7 DE B1
C3 60 49 AC 45 D7 F8 C6 EF 08 37 21
93 47 EE F0 73 35 72 B0 02 C4 F3 11
C3 5E 47 E5 0A B7 83 F1 DB 74 69 64
8B 44 1D 95 5D CD 28 C0 85
INTEGER 65537
SEQUENCE {
SEQUENCE {
OBJECT IDENTIFIER
basicConstraints (2 5 29 19)
(X.509 id-ce (2 5 29))
BOOLEAN TRUE
OCTET STRING, encapsulates {
SEQUENCE {}
SEQUENCE {
OBJECT IDENTIFIER keyUsage (2 5 29 15)
(X.509 id-ce (2 5 29))
BOOLEAN TRUE
OCTET STRING, encapsulates {
BIT STRING 5 unused bits
SEQUENCE {
OBJECT IDENTIFIER
authorityKeyIdentifier (2 5 29 35)
(X.509 id-ce (2 5 29))
OCTET STRING, encapsulates {
SEQUENCE {
E9 E0 90 27 AC 78 20 7A 9A D3 4C F2
42 37 4E 22 AE 9E 38 BB
SEQUENCE {
OBJECT IDENTIFIER
subjectKeyIdentifier (2 5 29 14)
(X.509 id-ce (2 5 29))
OCTET STRING, encapsulates {
OCTET STRING
8C F3 CB 75 0E 8D 31 F6 D4 29 DA 44
92 75 B8 FE ED 4F 39 0C
SEQUENCE {
OBJECT IDENTIFIER subjectAltName (2 5 29 17)
(X.509 id-ce (2 5 29))
OCTET STRING, encapsulates {
SEQUENCE {
SEQUENCE {
OBJECT IDENTIFIER
sha1withRSAEncryption (1 2 840
BIT STRING 0 unused bits
7D A6 2C B5 78 42 D6 79 F3 31 FE F6
42 CA 0F 13 07 92 09 1B E0 6F B0 91
18 F6 BF 4A FB CC 63 79 FB 81 BF DD
97 C7 90 6B CB 0A 37 2B 41 6A 03 98
C5 1B 3E 32 C8 45 2B 86 01 9C 1C E2
36 EF 16 C1 1A 92 B8 BE 62 FB 53 3E
49 47 0B C4 B9 E4 2B 58 A6 06 83 F0
B2 A7 BB 85 7E D5 C6 DA CE 9C 7B 31
72 D7 A2 EA 41 AB 6A C0 DD 1F B9 14
44 18 CF 84 57 66 E8 C5 E6 B8 DC 2D
B3 1F 1B 28 43 36 75 7A
CarlDSSCRLForAll =
216: SEQUENCE {
SEQUENCE {
SEQUENCE {
OBJECT IDENTIFIER dsaWithSha1 (1 2 840 )
(ANSI X9.57 algorithm)
SEQUENCE {
SEQUENCE {
OBJECT IDENTIFIER commonName (2 5 4 3)
(X.520 id-at (2 5 4))
PrintableString 'CarlDSS'
UTCTime 'Z'
SEQUENCE {
SEQUENCE {
INTEGER 200
UTCTime 'Z'
SEQUENCE {
INTEGER 201
UTCTime 'Z'
SEQUENCE {
INTEGER 211
UTCTime 'Z'
SEQUENCE {
INTEGER 210
UTCTime 'Z'
SEQUENCE {
INTEGER 212
UTCTime 'Z'
SEQUENCE {
OBJECT IDENTIFIER dsaWithSha1 (1 2 840 )
(ANSI X9.57 algorithm)
BIT STRING 0 unused bits, encapsulates {
SEQUENCE {
7E 65 52 76 33 FE 34 73 17 D1 F7 96
F9 A0 D4 D8 6D 5C 7D 3D
02 7A 5B B7 D5 5B 18 C1 CF 87 EF 7E
DA 24 F3 2A 83 9C 35 A1
CarlDSSCRLForCarl =
131: SEQUENCE {
SEQUENCE {
SEQUENCE {
OBJECT IDENTIFIER dsaWithSha1 (1 2 840 )
(ANSI X9.57 algorithm)
SEQUENCE {
SEQUENCE {
OBJECT IDENTIFIER commonName (2 5 4 3)
(X.520 id-at (2 5 4))
PrintableString 'CarlDSS'
UTCTime 'Z'
SEQUENCE {
SEQUENCE {
UTCTime 'Z'
SEQUENCE {
OBJECT IDENTIFIER dsaWithSha1 (1 2 840 )
(ANSI X9.57 algorithm)
BIT STRING 0 unused bits, encapsulates {
SEQUENCE {
00 B3 1F C5 4F 7A 3D EC 76 D5 60 F9
DE 79 22 EC 4F B0 90 FE 97
5A 8B C3 84 BC 66 87 1B BF 79 82 5B
0A 5D 07 F6 BA A9 05 29
CarlDSSCRLEmpty =
109: SEQUENCE {
SEQUENCE {
SEQUENCE {
OBJECT IDENTIFIER dsaWithSha1 (1 2 840 )
(ANSI X9.57 algorithm)
SEQUENCE {
SEQUENCE {
OBJECT IDENTIFIER commonName (2 5 4 3)
(X.520 id-at (2 5 4))
PrintableString 'CarlDSS'
UTCTime 'Z'
SEQUENCE {
OBJECT IDENTIFIER dsaWithSha1 (1 2 840 )
(ANSI X9.57 algorithm)
BIT STRING 0 unused bits, encapsulates {
SEQUENCE {
62 3F 36 17 31 58 2E 67 50 79 F5 09
4B 8C AD D4 6B F4 64 9F
00 B5 3B 4E A1 4C 7B FD 0F C3 8D 9B
B6 FE C3 5D 6F DE 65 28 7D
CarlRSACRLForAll =
307: SEQUENCE {
SEQUENCE {
SEQUENCE {
OBJECT IDENTIFIER
md5withRSAEncryption (1 2 840
SEQUENCE {
SEQUENCE {
OBJECT IDENTIFIER commonName (2 5 4 3)
(X.520 id-at (2 5 4))
PrintableString 'CarlRSA'
UTCTime 'Z'
SEQUENCE {
SEQUENCE {
46 34 6B C7 80 00 56 BC 11 D3 6E 2E
C4 10 B3 B0
UTCTime 'Z'
SEQUENCE {
46 34 6B C7 80 00 56 BC 11 D3 6E 2E
D5 9A 30 90
UTCTime 'Z'
SEQUENCE {
46 34 6B C7 80 00 56 BC 11 D3 6E 2E
CD 5D 71 D0
UTCTime 'Z'
SEQUENCE {
OBJECT IDENTIFIER
md5withRSAEncryption (1 2 840
BIT STRING 0 unused bits
BF B3 97 AA 53 F0 32 21 16 2B 77 92
7A 6B BB 97 C8 DC EA F1 FA 66 16 30
0E B5 9E 5C F0 81 D4 5E B3 6E C1 88
6B 8C D4 5E C5 4D FB 47 5E 66 F3 5D
AB E5 B4 18 36 60 A8 4D 9C 3C 89 EC
6F 27 BF 35 50 71 81 C2 B9 44 5B 62
89 19 12 31 A9 7B 9A D3 CC 66 CB 11
D9 0B 10 47 77 AD 4F 22 D9 E5 7F 30
F2 5B FC 94 51 A5 58 76 3B 1F A8 46
A6 1F F6 A1 DE 55 A1 ED 31 88 69 97
0F 08 D3 D4 0C 60 5B 1E
CarlRSACRLForCarl =
236: SEQUENCE {
SEQUENCE {
SEQUENCE {
OBJECT IDENTIFIER
md5withRSAEncryption (1 2 840
SEQUENCE {
SEQUENCE {
OBJECT IDENTIFIER commonName (2 5 4 3)
(X.520 id-at (2 5 4))
PrintableString 'CarlRSA'
UTCTime 'Z'
SEQUENCE {
SEQUENCE {
46 34 6B C7 80 00 56 BC 11 D3 6E 2E
9F F2 50 20
UTCTime 'Z'
SEQUENCE {
OBJECT IDENTIFIER
md5withRSAEncryption (1 2 840
BIT STRING 0 unused bits
21 EF 21 D4 C1 1A 85 95 49 6B CA 45
62 DC D7 09 FF A9 51 2E 8E D9 47 18
FA F8 E5 72 DD 4F ED 74 74 E3 F3 65
32 65 28 2C 9A 1D 57 E5 D5 26 06 EA
D5 E6 23 95 84 8D 0E 89 9E EE 9B 0C
2F CE 07 F7 A3 D1 6B 85 4C 0F FF E6
DD FC DC CD 73 2C 1E 7D DC B0 71 C5
4C FC 01 6E 52 57 69 1E 39 63 DF 12
22 30 C7 13 55 94 05 6E 2A 00 A9 5B
C4 2A 66 94 62 CE 36 33 C2 2B 63 47
25 9D F3 DE 70 EE 00 56
CarlRSACRLEmpty =
199: SEQUENCE {
SEQUENCE {
SEQUENCE {
OBJECT IDENTIFIER
md5withRSAEncryption (1 2 840
SEQUENCE {
SEQUENCE {
OBJECT IDENTIFIER commonName (2 5 4 3)
(X.520 id-at (2 5 4))
PrintableString 'CarlRSA'
UTCTime 'Z'
SEQUENCE {
OBJECT IDENTIFIER
md5withRSAEncryption (1 2 840
BIT STRING 0 unused bits
A9 C5 21 B8 13 7C 74 F3 B5 11 EC 04
F3 20 45 86 1E 0B 6E 7F 83 6D 5F F4
34 76 06 59 25 0E 04 3D 88 09 88 81
37 C4 DC 20 98 FA 17 81 0B 37 94 AC
B4 8F 7B 51 89 14 A4 CB 72 73 14 07
BC 22 9C 40 A1 07 FC 44 7C 85 0F 0B
88 D1 EE E1 0E AF F6 16 74 AD A1 AF
C1 00 75 00 64 EA A5 9A F6 0B 08 A2
DB 95 19 5F A6 A7 B9 39 45 25 0A 0E
F6 5E 84 E7 F8 B9 5A C9 18 C2 0E B8
A0 96 BE 81 3A 80 6D C9
Trivial Examples
This section covers examples of small CMS types.
ContentInfo with Data Type, BER
The object is a ContentInfo containing a Data object in BER format
that is ExContent.
0 30 NDEF: SEQUENCE {
OBJECT IDENTIFIER data (1 2 840
13 A0 NDEF:
15 24 NDEF:
OCTET STRING {
OCTET STRING 'This'
OCTET STRING ' is some sample content.'
ContentInfo with Data Type, DER
The object is a ContentInfo containing a Data object in DER format
that is ExContent.
43: SEQUENCE {
OBJECT IDENTIFIER data (1 2 840
OCTET STRING 'This is some sample content.'
Signed-data
Basic Signed Content, DSS
A SignedData with no attribute certificates, signed by Alice using
DSS, just her certificate (not Carl's root cert), no CRL.
message is ExContent, and is included in the eContent.
There are no
signed or unsigned attributes.
919: SEQUENCE {
OBJECT IDENTIFIER signedData (1 2 840
SEQUENCE {
SEQUENCE {
OBJECT IDENTIFIER sha1 (1 3 14 3 2 26)
SEQUENCE {
OBJECT IDENTIFIER data (1 2 840
OCTET STRING 'This is some sample content.'
SEQUENCE {
SEQUENCE {
INTEGER 200
SEQUENCE {
OBJECT IDENTIFIER
dsaWithSha1 (1 2 840 )
(ANSI X9.57 algorithm)
SEQUENCE {
SEQUENCE {
OBJECT IDENTIFIER
commonName (2 5 4 3)
(X.520 id-at (2 5 4))
PrintableString 'CarlDSS'
SEQUENCE {
UTCTime 'Z'
UTCTime 'Z'
SEQUENCE {
SEQUENCE {
OBJECT IDENTIFIER
commonName (2 5 4 3)
(X.520 id-at (2 5 4))
PrintableString 'AliceDSS'
SEQUENCE {
SEQUENCE {
OBJECT IDENTIFIER
dsa (1 2 840 )
(ANSI X9.57 algorithm)
SEQUENCE {
00 81 8D CD ED 83 EA 0A 9E 39 3E C2
48 28 A3 E4 47 93 DD 0E D7 A8 0E EC
53 C5 AB 84 08 4F FF 94 E1 73 48 7E
0C D6 F3 44 48 D1 FE 9F AF A4 A1 89
2F E1 D9 30 C8 36 DE 3F 9B BF B7 4C
DC 5F 69 8A E4 75 D0 37 0C 91 08 95
9B DE A7 5E F9 FC F4 9F 2F DD 43 A8
8B 54 F1 3F B0 07 08 47 4D 5D 88 C3
C3 B5 B3 E3 55 08 75 D5 39 76 10 C4
78 BD FF 9D B0 84 97 37 F2 E4 51 1B
B5 E4 09 96 5C F3 7E 5B DB
00 E2 47 A6 1A 45 66 B8 13 C6 DA 8F
B8 37 21 2B 62 8B F7 93 CD
26 38 D0 14 89 32 AA 39 FB 3E 6D D9
4B 59 6A 4C 76 23 39 04 02 35 5C F2
CB 1A 30 C3 1E 50 5D DD 9B 59 E2 CD
AA 05 3D 58 C0 7B A2 36 B8 6E 07 AF
7D 8A 42 25 A7 F4 75 CF 4A 08 5E 4B
3E 90 F8 6D EA 9C C9 21 8A 3B 76 14
E9 CE 2E 5D A3 07 CD 23 85 B8 2F 30
01 7C 6D 49 89 11 89 36 44 BD F8 C8
95 4A 53 56 B5 E2 F9 73 EC 1A 61 36
1F 11 7F C2 BD ED D1 50 FF 98 74 C2
D1 81 4A 60 39 BA 36 39
BIT STRING 0 unused bits, encapsulates {
5C E3 B9 5A 75 14 96 0B A9 7A DD E3
3F A9 EC AC 5E DC BD B7 13 11 34 A6
16 89 28 11 23 D9 34 86 67 75 75 13
12 3D 43 5B 6F E5 51 BF FA 89 F2 A2
1B 3E 24 7D 3D 07 8D 5B 63 C8 BB 45
A5 A0 4A E3 85 D6 CE 06 80 3F E8 23
7E 1A F2 24 AB 53 1A B8 27 0D 1E EF
08 BF 66 14 80 5C 62 AC 65 FA 15 8B
F1 BB 34 D4 D2 96 37 F6 61 47 B2 C4
32 84 F0 7E 41 40 FD 46 A7 63 4E 33
F2 A5 E2 F4 F2 83 E5 B8
SEQUENCE {
SEQUENCE {
OBJECT IDENTIFIER
basicConstraints (2 5 29 19)
(X.509 id-ce (2 5 29))
BOOLEAN TRUE
OCTET STRING, encapsulates {
SEQUENCE {}
SEQUENCE {
OBJECT IDENTIFIER
keyUsage (2 5 29 15)
(X.509 id-ce (2 5 29))
BOOLEAN TRUE
OCTET STRING, encapsulates {
BIT STRING 6 unused bits
SEQUENCE {
OBJECT IDENTIFIER
authorityKeyIdentifier (2 5 29 35)
(X.509 id-ce (2 5 29))
OCTET STRING, encapsulates {
SEQUENCE {
70 44 3E 82 2E 6F 87 DE 4A D3 75 E3
3D 20 BC 43 2B 93 F1 1F
SEQUENCE {
OBJECT IDENTIFIER
subjectKeyIdentifier (2 5 29 14)
(X.509 id-ce (2 5 29))
OCTET STRING, encapsulates {
OCTET STRING
BE 6C A1 B3 E3 C1 F7 ED 43 70 A4 CE
13 01 E2 FD E3 97 FE CD
SEQUENCE {
OBJECT IDENTIFIER
subjectAltName (2 5 29 17)
(X.509 id-ce (2 5 29))
OCTET STRING, encapsulates {
SEQUENCE {
SEQUENCE {
OBJECT IDENTIFIER
dsaWithSha1 (1 2 840 )
(ANSI X9.57 algorithm)
BIT STRING 0 unused bits, encapsulates {
SEQUENCE {
55 0C A4 19 1F 42 2B 89 71 22 33 8D
83 6A B5 3D 67 6B BF 45
00 9F 61 53 52 54 0B 5C B2 DD DA E7
76 1D E2 10 52 5B 43 5E BD
SEQUENCE {
SEQUENCE {
SEQUENCE {
SEQUENCE {
OBJECT IDENTIFIER
commonName (2 5 4 3)
(X.520 id-at (2 5 4))
PrintableString 'CarlDSS'
INTEGER 200
SEQUENCE {
OBJECT IDENTIFIER sha1 (1 3 14 3 2 26)
SEQUENCE {
OBJECT IDENTIFIER
dsaWithSha1 (1 2 840 )
(ANSI X9.57 algorithm)
OCTET STRING, encapsulates {
SEQUENCE {
09 91 FE EB D2 69 F5 18 B7 D7 CD 55
F4 81 EA 2A 42 6A AD 03
3A 07 CC C3 21 BE E1 1A 4B 7F 3E B5
0D DB BA 1C EA BC CD 89
Basic Signed Content, RSA
Same as 4.1, except using RSA signatures.
A SignedData with no
attribute certificates, signed by Alice using RSA, just her
certificate (not Carl's root cert), no CRL.
The message is
ExContent, and is included in the eContent.
There are no signed or
unsigned attributes.
850: SEQUENCE {
OBJECT IDENTIFIER signedData (1 2 840
SEQUENCE {
SEQUENCE {
OBJECT IDENTIFIER sha1 (1 3 14 3 2 26)
SEQUENCE {
OBJECT IDENTIFIER data (1 2 840
OCTET STRING 'This is some sample content.'
SEQUENCE {
SEQUENCE {
46 34 6B C7 80 00 56 BC 11 D3 6E 2E
C4 10 B3 B0
SEQUENCE {
OBJECT IDENTIFIER
sha1withRSAEncryption
SEQUENCE {
SEQUENCE {
OBJECT IDENTIFIER
commonName (2 5 4 3)
(X.520 id-at (2 5 4))
PrintableString 'CarlRSA'
SEQUENCE {
UTCTime 'Z'
UTCTime 'Z'
SEQUENCE {
SEQUENCE {
OBJECT IDENTIFIER
commonName (2 5 4 3)
(X.520 id-at (2 5 4))
PrintableString 'AliceRSA'
SEQUENCE {
SEQUENCE {
OBJECT IDENTIFIER
rsaEncryption (1 2 840
BIT STRING 0 unused bits, encapsulates {
SEQUENCE {
00 E0 89 73 39 8D D8 F5 F5 E8 87 76
39 7F 4E B0 05 BB 53 83 DE 0F B7 AB
DC 7D C7 75 29 0D 05 2E 6D 12 DF A6
86 26 D4 D2 6F AA 58 29 FC 97 EC FA
82 51 0F 30 80 BE B1 50 9E 46 44 F1
2C BB D8 32 CF C6 68 6F 07 D9 B0 60
AC BE EE 34 09 6A 13 F5 F7 05 05 93
DF 5E BA 35 56 D9 61 FF 19 7F C9 81
E6 F8 6C EA 87 40 70 EF AC 6D 2C 74
9F 2D FA 55 3A B9 99 77 02 A6 48 52
8C 4E F3 57 38 57 74 57 5F
INTEGER 65537
SEQUENCE {
SEQUENCE {
OBJECT IDENTIFIER
basicConstraints (2 5 29 19)
(X.509 id-ce (2 5 29))
BOOLEAN TRUE
OCTET STRING, encapsulates {
SEQUENCE {}
SEQUENCE {
OBJECT IDENTIFIER
keyUsage (2 5 29 15)
(X.509 id-ce (2 5 29))
BOOLEAN TRUE
OCTET STRING, encapsulates {
BIT STRING 6 unused bits
SEQUENCE {
OBJECT IDENTIFIER
authorityKeyIdentifier (2 5 29 35)
(X.509 id-ce (2 5 29))
OCTET STRING, encapsulates {
SEQUENCE {
E9 E0 90 27 AC 78 20 7A 9A D3 4C F2
42 37 4E 22 AE 9E 38 BB
SEQUENCE {
OBJECT IDENTIFIER
subjectKeyIdentifier (2 5 29 14)
(X.509 id-ce (2 5 29))
OCTET STRING, encapsulates {
OCTET STRING
77 D2 B4 D1 B7 4C 8A 8A A3 CE 45 9D
CE EC 3C A0 3A E3 FF 50
SEQUENCE {
OBJECT IDENTIFIER
subjectAltName (2 5 29 17)
(X.509 id-ce (2 5 29))
OCTET STRING, encapsulates {
SEQUENCE {
SEQUENCE {
OBJECT IDENTIFIER
sha1withRSAEncryption
BIT STRING 0 unused bits
3E 70 47 A8 48 CC 13 58 8F CA 51 71
6B 4E 36 18 5D 04 7E 80 B1 8D 4D CC
CA A3 8F CC 7D 56 C8 BC CF 6E B3 1C
59 A9 20 AA 05 81 A8 4E 25 AD A7 70
14 75 2F F5 C7 9B D1 0E E9 63 D2 64
B7 C6 66 6E 73 21 54 DF F4 BA 25 5D
7D 49 D3 94 6B 22 36 74 73 B8 4A EC
2F 64 ED D3 3D D2 A7 42 C5 E8 37 8A
B4 DB 9F 67 E4 BD 9F F9 FE 74 EF EA
F9 EE 63 6A D8 3F 4B 25 09 B5 D8 1A
76 AE EB 9B DB 49 B0 22
SEQUENCE {
SEQUENCE {
SEQUENCE {
SEQUENCE {
OBJECT IDENTIFIER
commonName (2 5 4 3)
(X.520 id-at (2 5 4))
PrintableString 'CarlRSA'
46 34 6B C7 80 00 56 BC 11 D3 6E 2E
C4 10 B3 B0
SEQUENCE {
OBJECT IDENTIFIER sha1 (1 3 14 3 2 26)
SEQUENCE {
OBJECT IDENTIFIER
rsaEncryption (1 2 840
OCTET STRING
2F 23 82 D2 F3 09 5F B8 0C 58 EB 4E
9D BF 89 9A 81 E5 75 C4 91 3D D3 D0
D5 7B B6 D5 FE 94 A1 8A AC E3 C4 84
F5 CD 60 4E 27 95 F6 CF 00 86 76 75
3F 2B F0 E7 D4 02 67 A7 F5 C7 8D 16
04 A5 B3 B5 E7 D9 32 F0 24 EF E7 20
44 D5 9F 07 C5 53 24 FA CE 01 1D 0F
17 13 A7 2A 95 9D 2B E4 03 95 14 0B
E9 39 0D BA CE 6E 9C 9E 0C E8 98 E6
55 13 D4 68 6F D0 07 D7 A2 B1 62 4C
E3 8F AF FD E0 D5 5D C7
Basic Signed Content, Detached Content
Same as 4.1, except with no eContent.
A SignedData with no attribute
certificates, signed by Alice using DSS, just her certificate (not
Carl's root cert), no CRL.
The message is ExContent, but the
eContent is not included.
There are no signed or unsigned
attributes.
887: SEQUENCE {
OBJECT IDENTIFIER signedData (1 2 840
SEQUENCE {
SEQUENCE {
OBJECT IDENTIFIER sha1 (1 3 14 3 2 26)
SEQUENCE {
OBJECT IDENTIFIER data (1 2 840
SEQUENCE {
SEQUENCE {
INTEGER 200
SEQUENCE {
OBJECT IDENTIFIER
dsaWithSha1 (1 2 840 )
(ANSI X9.57 algorithm)
SEQUENCE {
SEQUENCE {
OBJECT IDENTIFIER
commonName (2 5 4 3)
(X.520 id-at (2 5 4))
PrintableString 'CarlDSS'
SEQUENCE {
UTCTime 'Z'
UTCTime 'Z'
SEQUENCE {
SEQUENCE {
OBJECT IDENTIFIER
commonName (2 5 4 3)
(X.520 id-at (2 5 4))
PrintableString 'AliceDSS'
SEQUENCE {
SEQUENCE {
OBJECT IDENTIFIER
dsa (1 2 840 )
(ANSI X9.57 algorithm)
SEQUENCE {
00 81 8D CD ED 83 EA 0A 9E 39 3E C2
48 28 A3 E4 47 93 DD 0E D7 A8 0E EC
53 C5 AB 84 08 4F FF 94 E1 73 48 7E
0C D6 F3 44 48 D1 FE 9F AF A4 A1 89
2F E1 D9 30 C8 36 DE 3F 9B BF B7 4C
DC 5F 69 8A E4 75 D0 37 0C 91 08 95
9B DE A7 5E F9 FC F4 9F 2F DD 43 A8
8B 54 F1 3F B0 07 08 47 4D 5D 88 C3
C3 B5 B3 E3 55 08 75 D5 39 76 10 C4
78 BD FF 9D B0 84 97 37 F2 E4 51 1B
B5 E4 09 96 5C F3 7E 5B DB
00 E2 47 A6 1A 45 66 B8 13 C6 DA 8F
B8 37 21 2B 62 8B F7 93 CD
26 38 D0 14 89 32 AA 39 FB 3E 6D D9
4B 59 6A 4C 76 23 39 04 02 35 5C F2
CB 1A 30 C3 1E 50 5D DD 9B 59 E2 CD
AA 05 3D 58 C0 7B A2 36 B8 6E 07 AF
7D 8A 42 25 A7 F4 75 CF 4A 08 5E 4B
3E 90 F8 6D EA 9C C9 21 8A 3B 76 14
E9 CE 2E 5D A3 07 CD 23 85 B8 2F 30
01 7C 6D 49 89 11 89 36 44 BD F8 C8
95 4A 53 56 B5 E2 F9 73 EC 1A 61 36
1F 11 7F C2 BD ED D1 50 FF 98 74 C2
D1 81 4A 60 39 BA 36 39
BIT STRING 0 unused bits, encapsulates {
5C E3 B9 5A 75 14 96 0B A9 7A DD E3
3F A9 EC AC 5E DC BD B7 13 11 34 A6
16 89 28 11 23 D9 34 86 67 75 75 13
12 3D 43 5B 6F E5 51 BF FA 89 F2 A2
1B 3E 24 7D 3D 07 8D 5B 63 C8 BB 45
A5 A0 4A E3 85 D6 CE 06 80 3F E8 23
7E 1A F2 24 AB 53 1A B8 27 0D 1E EF
08 BF 66 14 80 5C 62 AC 65 FA 15 8B
F1 BB 34 D4 D2 96 37 F6 61 47 B2 C4
32 84 F0 7E 41 40 FD 46 A7 63 4E 33
F2 A5 E2 F4 F2 83 E5 B8
SEQUENCE {
SEQUENCE {
OBJECT IDENTIFIER
basicConstraints (2 5 29 19)
(X.509 id-ce (2 5 29))
BOOLEAN TRUE
OCTET STRING, encapsulates {
SEQUENCE {}
SEQUENCE {
OBJECT IDENTIFIER
keyUsage (2 5 29 15)
(X.509 id-ce (2 5 29))
BOOLEAN TRUE
OCTET STRING, encapsulates {
BIT STRING 6 unused bits
SEQUENCE {
OBJECT IDENTIFIER
authorityKeyIdentifier (2 5 29 35)
(X.509 id-ce (2 5 29))
OCTET STRING, encapsulates {
SEQUENCE {
70 44 3E 82 2E 6F 87 DE 4A D3 75 E3
3D 20 BC 43 2B 93 F1 1F
SEQUENCE {
OBJECT IDENTIFIER
subjectKeyIdentifier (2 5 29 14)
(X.509 id-ce (2 5 29))
OCTET STRING, encapsulates {
OCTET STRING
BE 6C A1 B3 E3 C1 F7 ED 43 70 A4 CE
13 01 E2 FD E3 97 FE CD
SEQUENCE {
OBJECT IDENTIFIER
subjectAltName (2 5 29 17)
(X.509 id-ce (2 5 29))
OCTET STRING, encapsulates {
SEQUENCE {
SEQUENCE {
OBJECT IDENTIFIER
dsaWithSha1 (1 2 840 )
(ANSI X9.57 algorithm)
BIT STRING 0 unused bits, encapsulates {
SEQUENCE {
55 0C A4 19 1F 42 2B 89 71 22 33 8D
83 6A B5 3D 67 6B BF 45
00 9F 61 53 52 54 0B 5C B2 DD DA E7
76 1D E2 10 52 5B 43 5E BD
SEQUENCE {
SEQUENCE {
SEQUENCE {
SEQUENCE {
OBJECT IDENTIFIER
commonName (2 5 4 3)
(X.520 id-at (2 5 4))
PrintableString 'CarlDSS'
INTEGER 200
SEQUENCE {
OBJECT IDENTIFIER sha1 (1 3 14 3 2 26)
SEQUENCE {
OBJECT IDENTIFIER
dsaWithSha1 (1 2 840 )
(ANSI X9.57 algorithm)
OCTET STRING, encapsulates {
SEQUENCE {
06 FB C7 2A 24 D5 34 89 F7 8B B5 FD
73 24 A5 86 C8 0F 5A 6C
66 69 19 BC 68 58 D1 8D B1 9D 52 3F
DA 14 88 0D FD C9 A1 B8
Fancier Signed Content
Same as 4.1, but includes Carl's root cert, Carl's CRL, some signed
and unsigned attributes (Countersignature by Diane).
A SignedData
with no attribute certificates, signed by Alice using DSS, her
certificate and Carl's root cert, Carl's DSS CRL.
The message is
ExContent, and is included in the eContent.
The signed attributes
are Content Type, Message Digest and Signing T the unsigned
attributes are content hint and counter signature.
The message
includes also Alice's RSA certificate.
0 30 2829: SEQUENCE {
OBJECT IDENTIFIER signedData (1 2 840
15 A0 2814:
19 30 2810:
SEQUENCE {
SEQUENCE {
OBJECT IDENTIFIER sha1 (1 3 14 3 2 26)
SEQUENCE {
OBJECT IDENTIFIER data (1 2 840
OCTET STRING 'This is some sample content.'
82 A0 1967:
SEQUENCE {
SEQUENCE {
46 34 6B C7 80 00 56 BC 11 D3 6E 2E
C4 10 B3 B0
SEQUENCE {
OBJECT IDENTIFIER
sha1withRSAEncryption
SEQUENCE {
SEQUENCE {
OBJECT IDENTIFIER
commonName (2 5 4 3)
(X.520 id-at (2 5 4))
PrintableString 'CarlRSA'
SEQUENCE {
UTCTime 'Z'
UTCTime 'Z'
SEQUENCE {
SEQUENCE {
OBJECT IDENTIFIER
commonName (2 5 4 3)
(X.520 id-at (2 5 4))
PrintableString 'AliceRSA'
SEQUENCE {
SEQUENCE {
OBJECT IDENTIFIER
rsaEncryption (1 2 840
BIT STRING 0 unused bits, encapsulates {
SEQUENCE {
00 E0 89 73 39 8D D8 F5 F5 E8 87 76
39 7F 4E B0 05 BB 53 83 DE 0F B7 AB
DC 7D C7 75 29 0D 05 2E 6D 12 DF A6
86 26 D4 D2 6F AA 58 29 FC 97 EC FA
82 51 0F 30 80 BE B1 50 9E 46 44 F1
2C BB D8 32 CF C6 68 6F 07 D9 B0 60
AC BE EE 34 09 6A 13 F5 F7 05 05 93
DF 5E BA 35 56 D9 61 FF 19 7F C9 81
E6 F8 6C EA 87 40 70 EF AC 6D 2C 74
9F 2D FA 55 3A B9 99 77 02 A6 48 52
8C 4E F3 57 38 57 74 57 5F
INTEGER 65537
SEQUENCE {
SEQUENCE {
OBJECT IDENTIFIER
basicConstraints (2 5 29 19)
(X.509 id-ce (2 5 29))
BOOLEAN TRUE
OCTET STRING, encapsulates {
SEQUENCE {}
SEQUENCE {
OBJECT IDENTIFIER
keyUsage (2 5 29 15)
(X.509 id-ce (2 5 29))
BOOLEAN TRUE
OCTET STRING, encapsulates {
BIT STRING 6 unused bits
SEQUENCE {
OBJECT IDENTIFIER
authorityKeyIdentifier (2 5 29 35)
(X.509 id-ce (2 5 29))
OCTET STRING, encapsulates {
SEQUENCE {
E9 E0 90 27 AC 78 20 7A 9A D3 4C F2
42 37 4E 22 AE 9E 38 BB
SEQUENCE {
OBJECT IDENTIFIER
subjectKeyIdentifier (2 5 29 14)
(X.509 id-ce (2 5 29))
OCTET STRING, encapsulates {
OCTET STRING
77 D2 B4 D1 B7 4C 8A 8A A3 CE 45 9D
CE EC 3C A0 3A E3 FF 50
SEQUENCE {
OBJECT IDENTIFIER
subjectAltName (2 5 29 17)
(X.509 id-ce (2 5 29))
OCTET STRING, encapsulates {
SEQUENCE {
SEQUENCE {
OBJECT IDENTIFIER
sha1withRSAEncryption
BIT STRING 0 unused bits
3E 70 47 A8 48 CC 13 58 8F CA 51 71
6B 4E 36 18 5D 04 7E 80 B1 8D 4D CC
CA A3 8F CC 7D 56 C8 BC CF 6E B3 1C
59 A9 20 AA 05 81 A8 4E 25 AD A7 70
14 75 2F F5 C7 9B D1 0E E9 63 D2 64
B7 C6 66 6E 73 21 54 DF F4 BA 25 5D
7D 49 D3 94 6B 22 36 74 73 B8 4A EC
2F 64 ED D3 3D D2 A7 42 C5 E8 37 8A
B4 DB 9F 67 E4 BD 9F F9 FE 74 EF EA
F9 EE 63 6A D8 3F 4B 25 09 B5 D8 1A
76 AE EB 9B DB 49 B0 22
SEQUENCE {
SEQUENCE {
SEQUENCE {
OBJECT IDENTIFIER
dsaWithSha1 (1 2 840 )
(ANSI X9.57 algorithm)
SEQUENCE {
SEQUENCE {
OBJECT IDENTIFIER
commonName (2 5 4 3)
(X.520 id-at (2 5 4))
PrintableString 'CarlDSS'
SEQUENCE {
UTCTime 'Z'
UTCTime 'Z'
SEQUENCE {
SEQUENCE {
OBJECT IDENTIFIER
commonName (2 5 4 3)
(X.520 id-at (2 5 4))
PrintableString 'CarlDSS'
SEQUENCE {
SEQUENCE {
OBJECT IDENTIFIER
dsa (1 2 840 )
(ANSI X9.57 algorithm)
SEQUENCE {
00 B6 49 18 3E 8A 44 C1 29 71 94 4C
01 C4 12 C1 7A 79 CB 54 4D AB 1E 81
FB C6 4C B3 0E 94 09 06 EB 01 D4 B1
C8 71 4B C7 45 C0 50 25 5D 9C FC DA
E4 6D D3 E2 86 48 84 82 7D BA 15 95
4A 16 F6 46 ED DD F6 98 D2 BB 7E 8A
0A 8A BA 16 7B B9 50 01 48 93 8B EB
25 15 51 97 55 DC 8F 53 0E 10 A9 50
FC 70 B7 CD 30 54 FD DA DE A8 AA 22
B5 A1 AF 8B CC 02 88 E7 8B 70 5F B9
AD E1 08 D4 6D 29 2D D6 E9
00 DD C1 2F DF 53 CE 0B 34 60 77 3E
02 A4 BF 8A 5D 98 B9 10 D5
0C EE 57 9B 4B BD DA B6 07 6A 74 37
4F 55 7F 9D ED BC 61 0D EB 46 59 3C
56 0B 2B 5B 0C 91 CE A5 62 52 69 CA
E1 6D 3E BD BF FE E1 B7 B9 2B 61 3C
AD CB AE 45 E3 06 AC 8C 22 9D 9C 44
87 0B C7 CD F0 1C D9 B5 4E 5D 73 DE
AF 0E C9 1D 5A 51 F5 4F 44 79 35 5A
73 AA 7F 46 51 1F A9 42 16 9C 48 EB
8A 79 61 B4 D5 2F 53 22 44 63 1F 86
B8 A3 58 06 25 F8 29 C0 EF BA E0 75
F0 42 C4 63 65 52 9B 0A
BIT STRING 0 unused bits, encapsulates {
00 99 87 74 27 03 66 A0 B1 C0 AD DC
2C 75 BB E1 6C 44 9C DA 21 6D 4D 47
6D B1 62 09 E9 D8 AE 1E F2 3A B4 94
B1 A3 8E 7A 9B 71 4E 00 94 C9 B4 25
4E B9 60 96 19 24 01 F3 62 0C FE 75
C0 FB CE D8 68 00 E3 FD D5 70 4F DF
23 96 19 06 94 F4 B1 61 8F 3A 57 B1
08 11 A4 0B 26 25 F0 52 76 81 EA 0B
62 0D 95 2A E6 86 BA 72 B2 A7 50 83
0B AA 27 CD 1B A9 4D 89 9A D7 8D 18
39 84 3F 8B C5 56 4D 80 7A
SEQUENCE {
SEQUENCE {
OBJECT IDENTIFIER
basicConstraints (2 5 29 19)
(X.509 id-ce (2 5 29))
BOOLEAN TRUE
OCTET STRING, encapsulates {
SEQUENCE {
BOOLEAN TRUE
SEQUENCE {
OBJECT IDENTIFIER
keyUsage (2 5 29 15)
(X.509 id-ce (2 5 29))
BOOLEAN TRUE
OCTET STRING, encapsulates {
BIT STRING 1 unused bits
'1100001'B
SEQUENCE {
OBJECT IDENTIFIER
subjectKeyIdentifier (2 5 29 14)
(X.509 id-ce (2 5 29))
OCTET STRING, encapsulates {
OCTET STRING
70 44 3E 82 2E 6F 87 DE 4A D3 75 E3
3D 20 BC 43 2B 93 F1 1F
SEQUENCE {
OBJECT IDENTIFIER
dsaWithSha1 (1 2 840 )
(ANSI X9.57 algorithm)
BIT STRING 0 unused bits, encapsulates {
SEQUENCE {
6B A9 F0 4E 7A 5A 79 E3 F9 BE 3D 2B
C9 06 37 E9 11 17 A1 13
00 8F 34 69 2A 8B B1 3C 03 79 94 32
4D 12 1F CE 89 FB 46 B2 3B
SEQUENCE {
SEQUENCE {
INTEGER 200
SEQUENCE {
OBJECT IDENTIFIER
dsaWithSha1 (1 2 840 )
(ANSI X9.57 algorithm)
SEQUENCE {
SEQUENCE {
OBJECT IDENTIFIER
commonName (2 5 4 3)
(X.520 id-at (2 5 4))
PrintableString 'CarlDSS'
SEQUENCE {
UTCTime 'Z'
UTCTime 'Z'
SEQUENCE {
SEQUENCE {
OBJECT IDENTIFIER
commonName (2 5 4 3)
(X.520 id-at (2 5 4))
PrintableString 'AliceDSS'
SEQUENCE {
SEQUENCE {
OBJECT IDENTIFIER
dsa (1 2 840 )
(ANSI X9.57 algorithm)
SEQUENCE {
00 81 8D CD ED 83 EA 0A 9E 39 3E C2
48 28 A3 E4 47 93 DD 0E D7 A8 0E EC
53 C5 AB 84 08 4F FF 94 E1 73 48 7E
0C D6 F3 44 48 D1 FE 9F AF A4 A1 89
2F E1 D9 30 C8 36 DE 3F 9B BF B7 4C
DC 5F 69 8A E4 75 D0 37 0C 91 08 95
9B DE A7 5E F9 FC F4 9F 2F DD 43 A8
8B 54 F1 3F B0 07 08 47 4D 5D 88 C3
C3 B5 B3 E3 55 08 75 D5 39 76 10 C4
78 BD FF 9D B0 84 97 37 F2 E4 51 1B
B5 E4 09 96 5C F3 7E 5B DB
00 E2 47 A6 1A 45 66 B8 13 C6 DA 8F
B8 37 21 2B 62 8B F7 93 CD
26 38 D0 14 89 32 AA 39 FB 3E 6D D9
4B 59 6A 4C 76 23 39 04 02 35 5C F2
CB 1A 30 C3 1E 50 5D DD 9B 59 E2 CD
AA 05 3D 58 C0 7B A2 36 B8 6E 07 AF
7D 8A 42 25 A7 F4 75 CF 4A 08 5E 4B
3E 90 F8 6D EA 9C C9 21 8A 3B 76 14
E9 CE 2E 5D A3 07 CD 23 85 B8 2F 30
01 7C 6D 49 89 11 89 36 44 BD F8 C8
95 4A 53 56 B5 E2 F9 73 EC 1A 61 36
1F 11 7F C2 BD ED D1 50 FF 98 74 C2
D1 81 4A 60 39 BA 36 39
BIT STRING 0 unused bits, encapsulates {
5C E3 B9 5A 75 14 96 0B A9 7A DD E3
3F A9 EC AC 5E DC BD B7 13 11 34 A6
16 89 28 11 23 D9 34 86 67 75 75 13
12 3D 43 5B 6F E5 51 BF FA 89 F2 A2
1B 3E 24 7D 3D 07 8D 5B 63 C8 BB 45
A5 A0 4A E3 85 D6 CE 06 80 3F E8 23
7E 1A F2 24 AB 53 1A B8 27 0D 1E EF
08 BF 66 14 80 5C 62 AC 65 FA 15 8B
F1 BB 34 D4 D2 96 37 F6 61 47 B2 C4
32 84 F0 7E 41 40 FD 46 A7 63 4E 33
F2 A5 E2 F4 F2 83 E5 B8
SEQUENCE {
SEQUENCE {
OBJECT IDENTIFIER
basicConstraints (2 5 29 19)
(X.509 id-ce (2 5 29))
BOOLEAN TRUE
OCTET STRING, encapsulates {
SEQUENCE {}
SEQUENCE {
OBJECT IDENTIFIER
keyUsage (2 5 29 15)
(X.509 id-ce (2 5 29))
BOOLEAN TRUE
OCTET STRING, encapsulates {
BIT STRING 6 unused bits
SEQUENCE {
OBJECT IDENTIFIER
authorityKeyIdentifier (2 5 29 35)
(X.509 id-ce (2 5 29))
OCTET STRING, encapsulates {
SEQUENCE {
70 44 3E 82 2E 6F 87 DE 4A D3 75 E3
3D 20 BC 43 2B 93 F1 1F
SEQUENCE {
OBJECT IDENTIFIER
subjectKeyIdentifier (2 5 29 14)
(X.509 id-ce (2 5 29))
OCTET STRING, encapsulates {
OCTET STRING
BE 6C A1 B3 E3 C1 F7 ED 43 70 A4 CE
13 01 E2 FD E3 97 FE CD
SEQUENCE {
OBJECT IDENTIFIER
subjectAltName (2 5 29 17)
(X.509 id-ce (2 5 29))
OCTET STRING, encapsulates {
SEQUENCE {
SEQUENCE {
OBJECT IDENTIFIER
dsaWithSha1 (1 2 840 )
(ANSI X9.57 algorithm)
BIT STRING 0 unused bits, encapsulates {
SEQUENCE {
55 0C A4 19 1F 42 2B 89 71 22 33 8D
83 6A B5 3D 67 6B BF 45
00 9F 61 53 52 54 0B 5C B2 DD DA E7
76 1D E2 10 52 5B 43 5E BD
SEQUENCE {
SEQUENCE {
SEQUENCE {
OBJECT IDENTIFIER
dsaWithSha1 (1 2 840 )
(ANSI X9.57 algorithm)
SEQUENCE {
SEQUENCE {
OBJECT IDENTIFIER
commonName (2 5 4 3)
(X.520 id-at (2 5 4))
PrintableString 'CarlDSS'
UTCTime 'Z'
SEQUENCE {
SEQUENCE {
INTEGER 200
UTCTime 'Z'
SEQUENCE {
INTEGER 201
UTCTime 'Z'
SEQUENCE {
INTEGER 211
UTCTime 'Z'
SEQUENCE {
INTEGER 210
UTCTime 'Z'
SEQUENCE {
INTEGER 212
UTCTime 'Z'
SEQUENCE {
OBJECT IDENTIFIER
dsaWithSha1 (1 2 840 )
(ANSI X9.57 algorithm)
BIT STRING 0 unused bits, encapsulates {
SEQUENCE {
7E 65 52 76 33 FE 34 73 17 D1 F7 96
F9 A0 D4 D8 6D 5C 7D 3D
02 7A 5B B7 D5 5B 18 C1 CF 87 EF 7E
DA 24 F3 2A 83 9C 35 A1
SEQUENCE {
SEQUENCE {
SEQUENCE {
SEQUENCE {
OBJECT IDENTIFIER
commonName (2 5 4 3)
(X.520 id-at (2 5 4))
PrintableString 'CarlDSS'
INTEGER 200
SEQUENCE {
OBJECT IDENTIFIER sha1 (1 3 14 3 2 26)
SEQUENCE {
OBJECT IDENTIFIER
contentType (1 2 840
(PKCS #9 (1 2 840
OBJECT IDENTIFIER
data (1 2 840
SEQUENCE {
OBJECT IDENTIFIER
signingTime (1 2 840
(PKCS #9 (1 2 840
UTCTime 'Z'
SEQUENCE {
OBJECT IDENTIFIER
messageDigest (1 2 840
(PKCS #9 (1 2 840
OCTET STRING
40 6A EC 08 52 79 BA 6E 16 02 2D 9E
06 29 C0 22 96 87 DD 48
SEQUENCE {
OBJECT IDENTIFIER
dsaWithSha1 (1 2 840 )
(ANSI X9.57 algorithm)
OCTET STRING, encapsulates {
SEQUENCE {
3B A5 E0 4A DB 6D 58 E0 19 D1 00 1C
4F 44 9A 57 7A 71 66 68
1A 11 98 D6 1F 1F AF 34 81 01 DE BE
8B DC B6 A8 6A 91 69 13
SEQUENCE {
OBJECT IDENTIFIER
id-aa-contentHint
(S/MIME Authenticated Attributes
SEQUENCE {
UTF8String
'Content Hints Description Buffer'
OBJECT IDENTIFIER
data (1 2 840
SEQUENCE {
OBJECT IDENTIFIER
countersignature (1 2 840
(PKCS #9 (1 2 840
SEQUENCE {
SEQUENCE {
SEQUENCE {
SEQUENCE {
OBJECT IDENTIFIER
commonName (2 5 4 3)
(X.520 id-at (2 5 4))
PrintableString 'CarlRSA'
46 34 6B C7 80 00 56 BC 11 D3 6E 2E
C4 10 B3 B0
SEQUENCE {
OBJECT IDENTIFIER
sha1 (1 3 14 3 2 26)
SEQUENCE {
OBJECT IDENTIFIER
signingTime
(PKCS #9 (1 2 840
UTCTime 'Z'
SEQUENCE {
OBJECT IDENTIFIER
messageDigest
(PKCS #9 (1 2 840
OCTET STRING
02 5F 49 4E 39 98 50 85 B3 66 D3 8A
1F 7B 9E 69 AA FB D8 33
SEQUENCE {
OBJECT IDENTIFIER
rsaEncryption
OCTET STRING
6D AA 20 24 ED 7A EE A5 5E 87 DD 75
1F 2B 54 10 65 F4 CE 9B B1 2C 78 74
BC 8B 1C 60 B5 DB 8B 03 9E 49 F2 2B
7F 93 6E 3D 89 14 C9 E3 6B F4 F6 7D
76 AE 3E 58 1F 9B BB BC 7C 30 19 4E
10 F7 02 F1 8B 5B B4 DB 9A BB 93 B4
18 D0 CC 2B C9 91 A9 AD D9 46 F8 65
A9 E2 71 95 D0 D4 4E 1F CD 74 6F 82
E8 37 6F 5A 3D CB C7 D4 5F C2 80 1B
DA D3 84 40 68 5F 56 9A 62 F5 3B 0D
6C 33 C3 ED 67 3F 43 BF
All RSA Signed Message
Same as 4.2, but includes Carl's RSA root cert (but no CRL).
SignedData with no attribute certificates, signed by Alice using RSA,
her certificate and Carl's root cert, no CRL.
The message is
ExContent, and is included in the eContent.
There are no signed or
unsigned attributes.
0 30 NDEF: SEQUENCE {
OBJECT IDENTIFIER signedData (1 2 840
13 A0 NDEF:
15 30 NDEF:
SEQUENCE {
SEQUENCE {
OBJECT IDENTIFIER sha1 (1 3 14 3 2 26)
33 30 NDEF:
SEQUENCE {
OBJECT IDENTIFIER data (1 2 840
46 A0 NDEF:
48 24 NDEF:
OCTET STRING {
OCTET STRING 'This'
OCTET STRING ' is some sample content.'
88 A0 NDEF:
SEQUENCE {
SEQUENCE {
46 34 6B C7 80 00 56 BC 11 D3 6E 2E
9F F2 50 20
SEQUENCE {
OBJECT IDENTIFIER
sha1withRSAEncryption
SEQUENCE {
SEQUENCE {
OBJECT IDENTIFIER
commonName (2 5 4 3)
(X.520 id-at (2 5 4))
PrintableString 'CarlRSA'
SEQUENCE {
UTCTime 'Z'
UTCTime 'Z'
SEQUENCE {
SEQUENCE {
OBJECT IDENTIFIER
commonName (2 5 4 3)
(X.520 id-at (2 5 4))
PrintableString 'CarlRSA'
SEQUENCE {
SEQUENCE {
OBJECT IDENTIFIER
rsaEncryption (1 2 840
BIT STRING 0 unused bits, encapsulates {
SEQUENCE {
00 E4 4B FF 18 B8 24 57 F4 77 FF 6E
73 7B 93 71 5C BC 33 1A 92 92 72 23
D8 41 46 D0 CD 11 3A 04 B3 8E AF 82
9D BD 51 1E 17 7A F2 76 2C 2B 86 39
A7 BD D7 8D 1A 53 EC E4 00 D5 E8 EC
A2 36 B1 ED E2 50 E2 32 09 8A 3F 9F
99 25 8F B8 4E AB B9 7D D5 96 65 DA
16 A0 C5 BE 0E AE 44 5B EF 5E F4 A7
29 CB 82 DD AC 44 E9 AA 93 94 29 0E
F8 18 D6 C8 57 5E F2 76 C4 F2 11 60
38 B9 1B 3C 1D 97 C9 6A F1
INTEGER 65537
SEQUENCE {
SEQUENCE {
OBJECT IDENTIFIER
basicConstraints (2 5 29 19)
(X.509 id-ce (2 5 29))
BOOLEAN TRUE
OCTET STRING, encapsulates {
SEQUENCE {
BOOLEAN TRUE
SEQUENCE {
OBJECT IDENTIFIER
keyUsage (2 5 29 15)
(X.509 id-ce (2 5 29))
BOOLEAN TRUE
OCTET STRING, encapsulates {
BIT STRING 1 unused bits
'1100001'B
SEQUENCE {
OBJECT IDENTIFIER
subjectKeyIdentifier (2 5 29 14)
(X.509 id-ce (2 5 29))
OCTET STRING, encapsulates {
OCTET STRING
E9 E0 90 27 AC 78 20 7A 9A D3 4C F2
42 37 4E 22 AE 9E 38 BB
SEQUENCE {
OBJECT IDENTIFIER
sha1withRSAEncryption
BIT STRING 0 unused bits
B7 9E D4 04 D3 ED 29 E4 FF 89 89 15
2E 4C DB 0C F0 48 0F 32 61 EE C4 04
EC 12 5D 2D FF 0F 64 59 7E 0A C3 ED
18 FD E3 56 40 37 A7 07 B5 F0 38 12
61 50 ED EF DD 3F E3 0B B8 61 A5 A4
9B 3C E6 9E 9C 54 9A B6 95 D6 DA 6C
3B B5 2D 45 35 9D 49 01 76 FA B9 B9
31 F9 F9 6B 12 53 A0 F5 14 60 9B 7D
CA 3E F2 53 6B B0 37 6F AD E6 74 D7
DB FA 5A EA 14 41 63 5D CD BE C8 0E
C1 DA 6A 8D 53 34 18 02
SEQUENCE {
SEQUENCE {
46 34 6B C7 80 00 56 BC 11 D3 6E 2E
C4 10 B3 B0
SEQUENCE {
OBJECT IDENTIFIER
sha1withRSAEncryption
SEQUENCE {
SEQUENCE {
OBJECT IDENTIFIER
commonName (2 5 4 3)
(X.520 id-at (2 5 4))
PrintableString 'CarlRSA'
SEQUENCE {
UTCTime 'Z'
UTCTime 'Z'
SEQUENCE {
SEQUENCE {
OBJECT IDENTIFIER
commonName (2 5 4 3)
(X.520 id-at (2 5 4))
PrintableString 'AliceRSA'
SEQUENCE {
SEQUENCE {
OBJECT IDENTIFIER
rsaEncryption (1 2 840
BIT STRING 0 unused bits, encapsulates {
SEQUENCE {
00 E0 89 73 39 8D D8 F5 F5 E8 87 76
39 7F 4E B0 05 BB 53 83 DE 0F B7 AB
DC 7D C7 75 29 0D 05 2E 6D 12 DF A6
86 26 D4 D2 6F AA 58 29 FC 97 EC FA
82 51 0F 30 80 BE B1 50 9E 46 44 F1
2C BB D8 32 CF C6 68 6F 07 D9 B0 60
AC BE EE 34 09 6A 13 F5 F7 05 05 93
DF 5E BA 35 56 D9 61 FF 19 7F C9 81
E6 F8 6C EA 87 40 70 EF AC 6D 2C 74
9F 2D FA 55 3A B9 99 77 02 A6 48 52
8C 4E F3 57 38 57 74 57 5F
INTEGER 65537
SEQUENCE {
SEQUENCE {
OBJECT IDENTIFIER
basicConstraints (2 5 29 19)
(X.509 id-ce (2 5 29))
BOOLEAN TRUE
OCTET STRING, encapsulates {
SEQUENCE {}
SEQUENCE {
OBJECT IDENTIFIER
keyUsage (2 5 29 15)
(X.509 id-ce (2 5 29))
BOOLEAN TRUE
OCTET STRING, encapsulates {
BIT STRING 6 unused bits
SEQUENCE {
OBJECT IDENTIFIER
authorityKeyIdentifier (2 5 29 35)
(X.509 id-ce (2 5 29))
OCTET STRING, encapsulates {
SEQUENCE {
E9 E0 90 27 AC 78 20 7A 9A D3 4C F2
42 37 4E 22 AE 9E 38 BB
SEQUENCE {
OBJECT IDENTIFIER
subjectKeyIdentifier (2 5 29 14)
(X.509 id-ce (2 5 29))
OCTET STRING, encapsulates {
OCTET STRING
77 D2 B4 D1 B7 4C 8A 8A A3 CE 45 9D
CE EC 3C A0 3A E3 FF 50
SEQUENCE {
OBJECT IDENTIFIER
subjectAltName (2 5 29 17)
(X.509 id-ce (2 5 29))
OCTET STRING, encapsulates {
SEQUENCE {
SEQUENCE {
OBJECT IDENTIFIER
sha1withRSAEncryption
BIT STRING 0 unused bits
3E 70 47 A8 48 CC 13 58 8F CA 51 71
6B 4E 36 18 5D 04 7E 80 B1 8D 4D CC
CA A3 8F CC 7D 56 C8 BC CF 6E B3 1C
59 A9 20 AA 05 81 A8 4E 25 AD A7 70
14 75 2F F5 C7 9B D1 0E E9 63 D2 64
B7 C6 66 6E 73 21 54 DF F4 BA 25 5D
7D 49 D3 94 6B 22 36 74 73 B8 4A EC
2F 64 ED D3 3D D2 A7 42 C5 E8 37 8A
B4 DB 9F 67 E4 BD 9F F9 FE 74 EF EA
F9 EE 63 6A D8 3F 4B 25 09 B5 D8 1A
76 AE EB 9B DB 49 B0 22
SEQUENCE {
SEQUENCE {
SEQUENCE {
SEQUENCE {
OBJECT IDENTIFIER
commonName (2 5 4 3)
(X.520 id-at (2 5 4))
PrintableString 'CarlRSA'
46 34 6B C7 80 00 56 BC 11 D3 6E 2E
C4 10 B3 B0
SEQUENCE {
OBJECT IDENTIFIER sha1 (1 3 14 3 2 26)
SEQUENCE {
OBJECT IDENTIFIER
rsaEncryption (1 2 840
OCTET STRING
2F 23 82 D2 F3 09 5F B8 0C 58 EB 4E
9D BF 89 9A 81 E5 75 C4 91 3D D3 D0
D5 7B B6 D5 FE 94 A1 8A AC E3 C4 84
F5 CD 60 4E 27 95 F6 CF 00 86 76 75
3F 2B F0 E7 D4 02 67 A7 F5 C7 8D 16
04 A5 B3 B5 E7 D9 32 F0 24 EF E7 20
44 D5 9F 07 C5 53 24 FA CE 01 1D 0F
17 13 A7 2A 95 9D 2B E4 03 95 14 0B
E9 39 0D BA CE 6E 9C 9E 0C E8 98 E6
55 13 D4 68 6F D0 07 D7 A2 B1 62 4C
E3 8F AF FD E0 D5 5D C7
Multiple Signers
Similar to 4.1, but the message is also signed by Diane.
signerInfos (one for Alice, one for Diane) with no attribute
certificates, each signed using DSS, Alice's and Diane's certificate
(not Carl's root cert), no CRL.
The message is ExContent, and is
included in the eContent.
There are no signed or unsigned
attributes.
0 30 1463: SEQUENCE {
OBJECT IDENTIFIER signedData (1 2 840
15 A0 1448:
19 30 1444:
SEQUENCE {
SEQUENCE {
OBJECT IDENTIFIER sha1 (1 3 14 3 2 26)
SEQUENCE {
OBJECT IDENTIFIER data (1 2 840
OCTET STRING 'This is some sample content.'
82 A0 1180:
SEQUENCE {
SEQUENCE {
INTEGER 210
SEQUENCE {
OBJECT IDENTIFIER
dsaWithSha1 (1 2 840 )
(ANSI X9.57 algorithm)
SEQUENCE {
SEQUENCE {
OBJECT IDENTIFIER
commonName (2 5 4 3)
(X.520 id-at (2 5 4))
PrintableString 'CarlDSS'
SEQUENCE {
UTCTime 'Z'
UTCTime 'Z'
SEQUENCE {
SEQUENCE {
OBJECT IDENTIFIER
commonName (2 5 4 3)
(X.520 id-at (2 5 4))
PrintableString 'DianeDSS'
SEQUENCE {
SEQUENCE {
OBJECT IDENTIFIER
dsa (1 2 840 )
(ANSI X9.57 algorithm)
BIT STRING 0 unused bits, encapsulates {
00 A0 00 17 78 2C EE 7E 81 53 2E 2E
61 08 0F A1 9B 51 52 1A DA 59 A8 73
2F 12 25 B6 08 CB CA EF 2A 44 76 8A
52 09 EA BD 05 22 D5 0F F6 FD 46 D7
AF 99 38 09 0E 13 CB 4F 2C DD 1C 34
F7 1C BF 25 FF 23 D3 3B 59 E7 82 97
37 BE 31 24 D8 18 C8 F3 49 39 5B B7
E2 E5 27 7E FC 8C 45 72 5B 7E 3E 8F
68 4D DD 46 7A 22 BE 8E FF CC DA 39
29 A3 39 E5 9F 43 E9 55 C9 D7 5B A6
81 67 CC C0 AA CD 2E C5 23
SEQUENCE {
SEQUENCE {
OBJECT IDENTIFIER
basicConstraints (2 5 29 19)
(X.509 id-ce (2 5 29))
BOOLEAN TRUE
OCTET STRING, encapsulates {
SEQUENCE {}
SEQUENCE {
OBJECT IDENTIFIER
keyUsage (2 5 29 15)
(X.509 id-ce (2 5 29))
BOOLEAN TRUE
OCTET STRING, encapsulates {
BIT STRING 6 unused bits
SEQUENCE {
OBJECT IDENTIFIER
authorityKeyIdentifier (2 5 29 35)
(X.509 id-ce (2 5 29))
OCTET STRING, encapsulates {
SEQUENCE {
70 44 3E 82 2E 6F 87 DE 4A D3 75 E3
3D 20 BC 43 2B 93 F1 1F
SEQUENCE {
OBJECT IDENTIFIER
subjectKeyIdentifier (2 5 29 14)
(X.509 id-ce (2 5 29))
OCTET STRING, encapsulates {
OCTET STRING
64 30 99 7D 5C DC 45 0B 99 3A 52 2F
16 BF 58 50 DD CE 2B 18
SEQUENCE {
OBJECT IDENTIFIER
subjectAltName (2 5 29 17)
(X.509 id-ce (2 5 29))
OCTET STRING, encapsulates {
SEQUENCE {
SEQUENCE {
OBJECT IDENTIFIER
dsaWithSha1 (1 2 840 )
(ANSI X9.57 algorithm)
BIT STRING 0 unused bits, encapsulates {
SEQUENCE {
00 A1 1A F8 17 0E 3E 5D A8 8C F4 B6
55 33 1E 4B E3 2C AC B9 5F
28 4B 10 45 58 D2 1C 9D 55 35 14 18
91 B2 3F 39 DF B5 6E D3
SEQUENCE {
SEQUENCE {
INTEGER 200
SEQUENCE {
OBJECT IDENTIFIER
dsaWithSha1 (1 2 840 )
(ANSI X9.57 algorithm)
SEQUENCE {
SEQUENCE {
OBJECT IDENTIFIER
commonName (2 5 4 3)
(X.520 id-at (2 5 4))
PrintableString 'CarlDSS'
SEQUENCE {
UTCTime 'Z'
UTCTime 'Z'
SEQUENCE {
SEQUENCE {
OBJECT IDENTIFIER
commonNa}