Copyright © 2008-9 D.I. Management Services Pty Limited ABN 78 083 210 584,
Sydney, Australia.
All rights reserved.
<www.di-mgt.com.au> <Cryptography Page> <www.cryptosys.net>
<www.di-mgt.com.au> <Cryptography Page> <www.cryptosys.net>
You can download the details as a text file (23 kB, PGP signature).
These test vectors can be verified using the
RSA_KemWrap()
and
RSA_KemUnwrap()
functions in CryptoSys PKI.
TEST VECTORS USING RSA-KEM
These examples are an extension of the examples in RFC 4134,
creating sample EnvelopedData objects to Bob of ExContent using
RSA-KEM for key management.
Bob's RSA key data is the same as in RFC 4134.
The data files are reproduced below in Appendix A.
ExContent is the following sentence:
This is some sample content.
That is, it is the string of characters starting with "T" up to and
including the ".".
The hex for ExContent is
5468 6973 2069 7320 736f 6d65 2073 616d 706c 6520 636f 6e74 656e 742e
Bob has an RSA key of modulus size 1024 bits.
Bob's RSA public key (n,e) is
n =
a9e16798 3f39d55f f2a09341 5ea67989 85c8355d 9a915bfb 1d01da19 7026170f
bda522d0 35856d7a 98661441 5ccfb7b7 083b09c9 91b81969 376df965 1e7bd9a9
3324a37f 3bbbaf46 01863634 32cb0703 5952fc85 8b3104b8 cc180814 48e64f1c
fb5d60c4 e05c1f53 d37f53d8 6901f105 f87a70d1 be83c65f 38cf1c2c aa6aa7eb
e = 00010001
Bob's private key is
BobPrivRSAEncrypt =
30 82 02 5c Level=0 length=0x25c/604
02 01 Level=1 length=0x1/1
00
02 81 81 Level=1 length=0x81/129
00 a9 e1 67 98 3f 39 d5 5f f2 a0 93 41 5e a6 79
89 85 c8 35 5d 9a 91 5b fb 1d 01 da 19 70 26 17
0f bd a5 22 d0 35 85 6d 7a 98 66 14 41 5c cf b7
b7 08 3b 09 c9 91 b8 19 69 37 6d f9 65 1e 7b d9
a9 33 24 a3 7f 3b bb af 46 01 86 36 34 32 cb 07
03 59 52 fc 85 8b 31 04 b8 cc 18 08 14 48 e6 4f
1c fb 5d 60 c4 e0 5c 1f 53 d3 7f 53 d8 69 01 f1
05 f8 7a 70 d1 be 83 c6 5f 38 cf 1c 2c aa 6a a7
eb
02 03 Level=1 length=0x3/3
01 00 01
02 81 80 Level=1 length=0x80/128
67 cd 48 4c 9a 0d 8f 98 c2 1b 65 ff 22 83 9c 6d
f0 a6 06 1d bc ed a7 03 88 94 f2 1c 6b 0f 8b 35
de 0e 82 78 30 cb e7 ba 6a 56 ad 77 c6 eb 51 79
70 79 0a a0 f4 fe 45 e0 a9 b2 f4 19 da 87 98 d6
30 84 74 e4 fc 59 6c c1 c6 77 dc a9 91 d0 7c 30
a0 a2 c5 08 5e 21 71 43 fc 0d 07 3d f0 fa 6d 14
9e 4e 63 f0 17 58 79 1c 4b 98 1c 3d 3d b0 1b df
fa 25 3b a3 c0 2c 98 05 f6 10 09 d8 87 db 03 19
02 41 Level=1 length=0x41/65
00 d0 c3 22 c6 de a2 99 18 76 8f 8d bc a6 75 d6
66 3f d4 8d 45 52 8c 76 f5 72 c4 eb f0 46 9a f1
3e 5c aa 55 0b 9b da dd 6b 6d f8 fc 3b 3c 08 43
93 b5 5b fe ce ea fd 68 84 23 62 af f3 31 c2 b9
e5
02 41 Level=1 length=0x41/65
00 d0 51 fc 1e 22 b7 5b ed b5 8e 01 c8 d7 ab f2
58 d4 f7 82 94 f3 53 a8 19 45 cb 66 ca 28 19 5f
e2 10 2b f3 8f ec 6a 30 74 f8 4d 11 f4 a7 c4 20
b5 47 21 dc 49 01 f9 0a 20 29 f0 24 08 84 60 7d
8f
02 40 Level=1 length=0x40/64
34 ba 64 c9 48 28 57 74 d7 55 50 de 6a 48 ef 1b
2a 5a 1c 48 7b 1e 21 59 c3 60 3b 9b 97 a9 c0 ef
18 66 a9 4e 62 52 38 84 ce e5 09 88 48 94 69 c5
20 14 99 5a 57 fe 23 6c e4 a7 23 7b d0 80 b7 85
02 41 Level=1 length=0x41/65
00 9e 2f b3 37 9a fb 0b 06 5d 57 e1 09 06 a4 5d
d9 90 96 06 05 5f 24 06 40 72 9c 3a 88 85 9c 87
0f 9d 62 12 88 16 68 a8 35 1a 1b 43 e8 38 c0 98
69 af 03 0a 48 32 04 4e e9 0f 8f 77 7d 34 30 25
07
02 40 Level=1 length=0x40/64
57 18 67 d6 0a d2 b5 ab c2 ba 7a e7 54 da 9c 05
4f 81 d4 ef 01 89 1e 32 3d 69 cb 31 c4 52 c8 54
55 25 00 3b 1c 2a 7c 26 50 d5 e9 a6 d7 77 cb cf
15 f5 ee 0b d5 8d ee b3 af 4c a1 7c 63 46 41 f6
Bob's X.509 certificate BobRSASignByCarl.cer was issued by the CA
with CommonName 'CarlRSA' and has serial number
46346bc7 800056bc 11d36e2e cd5d71d0
1. EXAMPLE WITH AES-128 and SHA-1
This example creates an EnvelopedData object to Bob of ExContent using AES-128
for content encryption and RSA-KEM (KDF2, SHA-1, aes128-Wrap) for key management.
1.1 INPUT DATA
The content encryption key, K, is a 16 octet value.
The hex for K is
00112233 44556677 8899aabb ccddeeff
nLen = 128 bytes
1.2 GENERATE THE ENCRYPTED KEYING DATA
1. Generate a random integer z between 0 and n-1 (see Note), and
convert z to a byte string Z of length nLen, most significant
byte first:
z = RandomInteger (0, n-1)
Z = IntegerToString (z, nLen)
Z=
00d1d634 77017c6b eeedabf0 05f1618a 6dde9b6e 5dda53d8 f60cbb0b a3272a64
7b7d5344 200c1f52 4e79196e e1a21434 a497e931 c2f3697f 0ea3802c 8f08307e
bd931484 bd810014 3ebc8289 07822b30 508ed502 af104b7f faaf3693 275e61b4
2797c85c 103d029b ee75e606 661afccd c18e4283 3bdb7fa1 f6b11b38 52579e96
2. Encrypt the random integer z using the recipient's public key
(n,e) and convert the resulting integer c to a ciphertext C, a
byte string of length nLen:
c = z^e mod n
C = IntegerToString (c, nLen)
C=
23b38471 851f289d f5d56e0d 85e9024f 6baed2bb 5eb233f6 8bef37a4 a98d667a
2c8642e2 d8ea4dcb afd85c4a 12ae6d1d bf302742 8bd26603 1cc67c3f d99993ea
718d1532 951e54dc f99a21a5 1f9372fa 9b67b2c9 e2ff2b55 4b397e48 ab40d5e0
63abd27e 871fb727 0191e665 f39a481d 14df1188 27bbe624 05f72945 61c60194
3. Derive a key-encrypting key KEK of length kekLen bytes from the
byte string Z using the underlying key derivation function:
KEK = KDF (Z, kekLen)
Using KDF2 with SHA-1:
KEK= c17a44e8 e28d7d64 81d1ddd5 0a3b8914
[NOTE TO IMPLEMENTORS:
it is more convenient operationally to do step 3 before step 2].
4. Wrap the keying data K with the key-encrypting key KEK using
the underlying key-wrapping scheme to obtain wrapped keying
data WK:
WK = Wrap (KEK, K)
Using aes128-Wrap as per RFC 3394:
K= 00112233 44556677 8899aabb ccddeeff
WK=
503d75c7 3630a7b0 2ecf51b9 b29b9077 49310b77 b0b2e054
5. Concatenate the ciphertext C and the wrapped keying data WK to
obtain the encrypted keying data EK:
EK = C || WK
6. Output the encrypted keying data EK.
EK=
23b38471 851f289d f5d56e0d 85e9024f 6baed2bb 5eb233f6 8bef37a4 a98d667a
2c8642e2 d8ea4dcb afd85c4a 12ae6d1d bf302742 8bd26603 1cc67c3f d99993ea
718d1532 951e54dc f99a21a5 1f9372fa 9b67b2c9 e2ff2b55 4b397e48 ab40d5e0
63abd27e 871fb727 0191e665 f39a481d 14df1188 27bbe624 05f72945 61c60194
503d75c7 3630a7b0 2ecf51b9 b29b9077 49310b77 b0b2e054
1.3 ENCRYPT THE CONTENT
CEK = 00112233 44556677 8899aabb ccddeeff
IV = 3b7d7382 21f94fda d2e8e48a d667a4fa
Content=
54686973 20697320 736f6d65 2073616d 706c6520 636f6e74 656e742e
EncryptedContent using aes128-CBC=
e19a624e 3acab6c2 382bc41a c622e657 add5eedb 995442a8 8a3ce94e 6d57f378
1.4 CONSTRUCT ENVELOPED-DATA
0 NDEF: SEQUENCE {
2 9: OBJECT IDENTIFIER envelopedData (1 2 840 113549 1 7 3)
13 NDEF: [0] {
15 NDEF: SEQUENCE {
17 1: INTEGER 0
20 264: SET {
24 260: SEQUENCE {
28 1: INTEGER 0
31 38: SEQUENCE {
33 18: SEQUENCE {
35 16: SET {
37 14: SEQUENCE {
39 3: OBJECT IDENTIFIER commonName (2 5 4 3)
44 7: PrintableString 'CarlRSA'
: }
: }
: }
53 16: INTEGER
: 46 34 6B C7 80 00 56 BC 11 D3 6E 2E CD 5D 71 D0
: }
71 60: SEQUENCE {
73 7: OBJECT IDENTIFIER ac-generic-hybrid (1.0.18033.2.1.2)
82 49: SEQUENCE {
84 34: SEQUENCE {
86 7: OBJECT IDENTIFIER kem-rsa (1.0.18033.2.2.4)
95 23: SEQUENCE {
97 18: SEQUENCE {
99 7: OBJECT IDENTIFIER kdf-kdf2 (1.0.18033.2.5.2)
108 7: SEQUENCE {
110 5: OBJECT IDENTIFIER sha1 (1 3 14 3 2 26)
: }
: }
117 1: INTEGER 16
: }
: }
120 11: SEQUENCE {
122 9: OBJECT IDENTIFIER
: aes128-Wrap (2 16 840 1 101 3 4 1 5)
: }
: }
: }
133 152: OCTET STRING
: 23 B3 84 71 85 1F 28 9D F5 D5 6E 0D 85 E9 02 4F
: 6B AE D2 BB 5E B2 33 F6 8B EF 37 A4 A9 8D 66 7A
: 2C 86 42 E2 D8 EA 4D CB AF D8 5C 4A 12 AE 6D 1D
: BF 30 27 42 8B D2 66 03 1C C6 7C 3F D9 99 93 EA
: 71 8D 15 32 95 1E 54 DC F9 9A 21 A5 1F 93 72 FA
: 9B 67 B2 C9 E2 FF 2B 55 4B 39 7E 48 AB 40 D5 E0
: 63 AB D2 7E 87 1F B7 27 01 91 E6 65 F3 9A 48 1D
: 14 DF 11 88 27 BB E6 24 05 F7 29 45 61 C6 01 94
: 50 3D 75 C7 36 30 A7 B0 2E CF 51 B9 B2 9B 90 77
: 49 31 0B 77 B0 B2 E0 54
: }
: }
288 NDEF: SEQUENCE {
290 9: OBJECT IDENTIFIER data (1 2 840 113549 1 7 1)
301 29: SEQUENCE {
303 9: OBJECT IDENTIFIER aes128-CBC (2 16 840 1 101 3 4 1 2)
314 16: OCTET STRING
: 3B 7D 73 82 21 F9 4F DA D2 E8 E4 8A D6 67 A4 FA
: }
332 NDEF: [0] {
334 32: OCTET STRING
: E1 9A 62 4E 3A CA B6 C2 38 2B C4 1A C6 22 E6 57
: AD D5 EE DB 99 54 42 A8 8A 3C E9 4E 6D 57 F3 78
: }
: }
: }
: }
: }
1.5 OUTPUT ENVELOPED-DATA
In base64 format, this EnvelopedData object is:
MIAGCSqGSIb3DQEHA6CAMIACAQAxggEIMIIBBAIBADAmMBIxEDAOBgNVBAMTB0Nh
cmxSU0ECEEY0a8eAAFa8EdNuLs1dcdAwPAYHKIGMcQIBAjAxMCIGByiBjHECAgQw
FzASBgcogYxxAgUCMAcGBSsOAwIaAgEQMAsGCWCGSAFlAwQBBQSBmCOzhHGFHyid
9dVuDYXpAk9rrtK7XrIz9ovvN6SpjWZ6LIZC4tjqTcuv2FxKEq5tHb8wJ0KL0mYD
HMZ8P9mZk+pxjRUylR5U3PmaIaUfk3L6m2eyyeL/K1VLOX5Iq0DV4GOr0n6HH7cn
AZHmZfOaSB0U3xGIJ7vmJAX3KUVhxgGUUD11xzYwp7Auz1G5spuQd0kxC3ewsuBU
MIAGCSqGSIb3DQEHATAdBglghkgBZQMEAQIEEDt9c4Ih+U/a0ujkitZnpPqggAQg
4ZpiTjrKtsI4K8QaxiLmV63V7tuZVEKoijzpTm1X83gAAAAAAAAAAAAA
2. EXAMPLE WITH AES-256 AND SHA-256
This example creates an EnvelopedData object to Bob of ExContent using AES-256
for content encryption and RSA-KEM (KDF2, SHA-256, aes256-Wrap) for key management.
2.1 INPUT
K= 8cbedec48d063e1ba46be8e369a9c398d8e30ee542bc347c4f30e928ddd7db49
nLen = 128 bytes
2.2 GENERATE THE ENCRYPTED KEYING DATA
Z=
0098af52 73495504 89070f1c c4c91099 781d239d 22ddd4f8 c804a358 aec88cf5
d4f601f4 0447ff58 73c10aef 8d054232 6f2337ff f9343b4d 474618c4 72ad07c8
abb9e41b d4af0301 ac139dde c3552ca1 7d15e867 81ca02f5 0a6f60ae 2d331ff4
09beb20b e20f3b41 b23166e9 d4ae487d eb95b230 80779175 fdfb35b9 a77d4743
C=
4eedee64 cc48ba02 e75c3a11 1d6d2845 1d41daf8 59b731de dd63a49b b8b6d1dc
5bb96378 7df367b4 5502821d 2a24ae8b b7f9ccf4 2048f5d9 49a4f73a 8ed98398
e24523b3 cd4824df 176f7d95 3ecdd90e 0aa02ffa 6e4c8cd3 5af9ef07 ae3359f8
cec14cff e3b06cc9 dfd64b19 c40944c9 fc712b03 7292a3df 7dd54856 7955980b
KEK=
9e84ee99 e6a84b50 c76cd414 a2d2ec05 8af41bfe 4bf3715b f894c8da 1cd445f6
K=
8cbedec4 8d063e1b a46be8e3 69a9c398 d8e30ee5 42bc347c 4f30e928 ddd7db49
WK=
eafb901f 82b98d37 f1749706 3de3e5ec 7246ab57 200ae73e ddddf24a a403dafa
0c5ae151 d1746fa4
EK=
4eedee64 cc48ba02 e75c3a11 1d6d2845 1d41daf8 59b731de dd63a49b b8b6d1dc
5bb96378 7df367b4 5502821d 2a24ae8b b7f9ccf4 2048f5d9 49a4f73a 8ed98398
e24523b3 cd4824df 176f7d95 3ecdd90e 0aa02ffa 6e4c8cd3 5af9ef07 ae3359f8
cec14cff e3b06cc9 dfd64b19 c40944c9 fc712b03 7292a3df 7dd54856 7955980b
eafb901f 82b98d37 f1749706 3de3e5ec 7246ab57 200ae73e ddddf24a a403dafa
0c5ae151 d1746fa4
2.3 SYMMETRIC ENCRYPTION OF CONTENT
CEK =
8cbedec4 8d063e1b a46be8e3 69a9c398 d8e30ee5 42bc347c 4f30e928 ddd7db49
IV = 0b164d2e 7354524b f35e8ce6 344c1f16
Content=
54686973 20697320 736f6d65 2073616d 706c6520 636f6e74 656e742e
EncryptedContent using aes256-CBC=
ca6a2974 34c71c1c be959c80 83a473a4 725c273f 9c6dbe38 a21efe00 3c40a1a9
2.4 CONSTRUCT ENVELOPED-DATA
0 NDEF: SEQUENCE {
2 9: OBJECT IDENTIFIER envelopedData (1 2 840 113549 1 7 3)
13 NDEF: [0] {
15 NDEF: SEQUENCE {
17 1: INTEGER 0
20 284: SET {
24 280: SEQUENCE {
28 1: INTEGER 0
31 38: SEQUENCE {
33 18: SEQUENCE {
35 16: SET {
37 14: SEQUENCE {
39 3: OBJECT IDENTIFIER commonName (2 5 4 3)
44 7: PrintableString 'CarlRSA'
: }
: }
: }
53 16: INTEGER
: 46 34 6B C7 80 00 56 BC 11 D3 6E 2E CD 5D 71 D0
: }
71 64: SEQUENCE {
73 7: OBJECT IDENTIFIER ac-generic-hybrid (1.0.18033.2.1.2)
82 53: SEQUENCE {
84 38: SEQUENCE {
86 7: OBJECT IDENTIFIER kem-rsa (1.0.18033.2.2.4)
95 27: SEQUENCE {
97 22: SEQUENCE {
99 7: OBJECT IDENTIFIER kdf-kdf2 (1.0.18033.2.5.2)
108 11: SEQUENCE {
110 9: OBJECT IDENTIFIER
: sha-256 (2 16 840 1 101 3 4 2 1)
: }
: }
121 1: INTEGER 32
: }
: }
124 11: SEQUENCE {
126 9: OBJECT IDENTIFIER
: aes256-Wrap (2 16 840 1 101 3 4 1 45)
: }
: }
: }
137 168: OCTET STRING
: 4E ED EE 64 CC 48 BA 02 E7 5C 3A 11 1D 6D 28 45
: 1D 41 DA F8 59 B7 31 DE DD 63 A4 9B B8 B6 D1 DC
: 5B B9 63 78 7D F3 67 B4 55 02 82 1D 2A 24 AE 8B
: B7 F9 CC F4 20 48 F5 D9 49 A4 F7 3A 8E D9 83 98
: E2 45 23 B3 CD 48 24 DF 17 6F 7D 95 3E CD D9 0E
: 0A A0 2F FA 6E 4C 8C D3 5A F9 EF 07 AE 33 59 F8
: CE C1 4C FF E3 B0 6C C9 DF D6 4B 19 C4 09 44 C9
: FC 71 2B 03 72 92 A3 DF 7D D5 48 56 79 55 98 0B
: EA FB 90 1F 82 B9 8D 37 F1 74 97 06 3D E3 E5 EC
: 72 46 AB 57 20 0A E7 3E DD DD F2 4A A4 03 DA FA
: 0C 5A E1 51 D1 74 6F A4
: }
: }
308 NDEF: SEQUENCE {
310 9: OBJECT IDENTIFIER data (1 2 840 113549 1 7 1)
321 29: SEQUENCE {
323 9: OBJECT IDENTIFIER aes256-CBC (2 16 840 1 101 3 4 1 42)
334 16: OCTET STRING
: 0B 16 4D 2E 73 54 52 4B F3 5E 8C E6 34 4C 1F 16
: }
352 NDEF: [0] {
354 32: OCTET STRING
: CA 6A 29 74 34 C7 1C 1C BE 95 9C 80 83 A4 73 A4
: 72 5C 27 3F 9C 6D BE 38 A2 1E FE 00 3C 40 A1 A9
: }
: }
: }
: }
: }
2.5 OUTPUT
Example 2 output in base64 format:
MIAGCSqGSIb3DQEHA6CAMIACAQAxggEcMIIBGAIBADAmMBIxEDAOBgNVBAMTB0NhcmxSU0ECEEY0
a8eAAFa8EdNuLs1dcdAwQAYHKIGMcQIBAjA1MCYGByiBjHECAgQwGzAWBgcogYxxAgUCMAsGCWCG
SAFlAwQCAQIBIDALBglghkgBZQMEAS0EgahO7e5kzEi6AudcOhEdbShFHUHa+Fm3Md7dY6SbuLbR
3Fu5Y3h982e0VQKCHSokrou3+cz0IEj12Umk9zqO2YOY4kUjs81IJN8Xb32VPs3ZDgqgL/puTIzT
WvnvB64zWfjOwUz/47Bsyd/WSxnECUTJ/HErA3KSo9991UhWeVWYC+r7kB+CuY038XSXBj3j5exy
RqtXIArnPt3d8kqkA9r6DFrhUdF0b6QwgAYJKoZIhvcNAQcBMB0GCWCGSAFlAwQBKgQQCxZNLnNU
UkvzXozmNEwfFqCABCDKail0NMccHL6VnICDpHOkclwnP5xtvjiiHv4APEChqQAAAAAAAAAAAAA=
3. EXAMPLE WITH TRIPLE-DES AND SHA-224
This example creates an EnvelopedData object to Bob of ExContent using Triple-DES
for content encryption and RSA-KEM (KDF2, SHA-224, cms3DESWrap) for key management.
3.1 INPUT
K= 84e7f2d878f89fcccd2d5ebafc56daf73300f27ef771cd68
nLen = 128 bytes
3.2 GENERATE THE ENCRYPTED KEYING DATA
nlen=128 bytes
Z=
00f4b288 ceb070f8 57731fd3 8b552adc 939b5c1a 7c4d551a 2e05f4d4 191153ee
8b38ee57 db2fe3ce 8bf43811 a43e1909 61e85bf6 5700f9f1 cbbed8e3 a9f81c46
6323c1ee 114a7f6d 0930b8d4 d2e0e5a1 f5b09ffa 3fe78f1c 631cb445 83e3dd4a
8e72bdd3 8ec53275 ec4dea68 50039a01 c141089c 8578587c 366c2f77 0e649fe5
KEK=
8ad8274e 56f46773 8edd83d4 394e5e29 af7c4089 e4f8d9f4
C=
455eb9bf 5b2e4e1f adac3558 cf03d9ce 041a5acc 9cf4b868 2f39cceb 5e0f4802
0be9683e 6c79d82b a7077e68 63903002 0bebfeb0 d53b442d df960a80 b9d01dae
794ad5eb be09e6b7 23abed75 a9b01252 cfd4ba80 0e9769b9 29b6b6a4 61d6add1
5b306529 f38697e6 9ec3ef04 a89ca61b 85ccdfcf 92d11a42 812e8a9d 0b6d3a61
K=
84e7f2d8 78f89fcc cd2d5eba fc56daf7 3300f27e f771cd68
WK=
53304be9 65a795eb 566dd1ca 53d57a5d ac7823a0 83c59ae3 f007c299 c6d907a7
87648c1b 06af64d3
3.3 SYMMETRIC ENCRYPTION OF CONTENT
CEK = 84e7f2d8 78f89fcc cd2d5eba fc56daf7 3300f27e f771cd68
IV = 1daeaace 266af23e
Content=
54686973 20697320 736f6d65 2073616d 706c6520 636f6e74 656e742e
EncryptedContent using des-ede3-CBC=
7d9cbf68 183bb93a 1dd5a9bb 43f6e553 1e4a84af e5601c80 a504b36a a2fbdd55
3.4 CONSTRUCT ENVELOPED-DATA
0 NDEF: SEQUENCE {
2 9: OBJECT IDENTIFIER envelopedData (1 2 840 113549 1 7 3)
13 NDEF: [0] {
15 NDEF: SEQUENCE {
17 1: INTEGER 0
20 288: SET {
24 284: SEQUENCE {
28 1: INTEGER 0
31 38: SEQUENCE {
33 18: SEQUENCE {
35 16: SET {
37 14: SEQUENCE {
39 3: OBJECT IDENTIFIER commonName (2 5 4 3)
44 7: PrintableString 'CarlRSA'
: }
: }
: }
53 16: INTEGER
: 46 34 6B C7 80 00 56 BC 11 D3 6E 2E CD 5D 71 D0
: }
71 68: SEQUENCE {
73 7: OBJECT IDENTIFIER ac-generic-hybrid (1.0.18033.2.1.2)
82 57: SEQUENCE {
84 38: SEQUENCE {
86 7: OBJECT IDENTIFIER kem-rsa (1.0.18033.2.2.4)
95 27: SEQUENCE {
97 22: SEQUENCE {
99 7: OBJECT IDENTIFIER kdf-kdf2 (1.0.18033.2.5.2)
108 11: SEQUENCE {
110 9: OBJECT IDENTIFIER
: sha-224 (2 16 840 1 101 3 4 2 4)
: }
: }
121 1: INTEGER 24
: }
: }
124 15: SEQUENCE {
126 11: OBJECT IDENTIFIER
: cms3DESwrap (1 2 840 113549 1 9 16 3 6)
139 0: NULL
: }
: }
: }
141 168: OCTET STRING
: 45 5E B9 BF 5B 2E 4E 1F AD AC 35 58 CF 03 D9 CE
: 04 1A 5A CC 9C F4 B8 68 2F 39 CC EB 5E 0F 48 02
: 0B E9 68 3E 6C 79 D8 2B A7 07 7E 68 63 90 30 02
: 0B EB FE B0 D5 3B 44 2D DF 96 0A 80 B9 D0 1D AE
: 79 4A D5 EB BE 09 E6 B7 23 AB ED 75 A9 B0 12 52
: CF D4 BA 80 0E 97 69 B9 29 B6 B6 A4 61 D6 AD D1
: 5B 30 65 29 F3 86 97 E6 9E C3 EF 04 A8 9C A6 1B
: 85 CC DF CF 92 D1 1A 42 81 2E 8A 9D 0B 6D 3A 61
: 53 30 4B E9 65 A7 95 EB 56 6D D1 CA 53 D5 7A 5D
: AC 78 23 A0 83 C5 9A E3 F0 07 C2 99 C6 D9 07 A7
: 87 64 8C 1B 06 AF 64 D3
: }
: }
312 NDEF: SEQUENCE {
314 9: OBJECT IDENTIFIER data (1 2 840 113549 1 7 1)
325 20: SEQUENCE {
327 8: OBJECT IDENTIFIER des-EDE3-CBC (1 2 840 113549 3 7)
337 8: OCTET STRING 1D AE AA CE 26 6A F2 3E
: }
347 NDEF: [0] {
349 32: OCTET STRING
: 7D 9C BF 68 18 3B B9 3A 1D D5 A9 BB 43 F6 E5 53
: 1E 4A 84 AF E5 60 1C 80 A5 04 B3 6A A2 FB DD 55
: }
: }
: }
: }
: }
3.5 OUTPUT
Example 3 in base64.
MIAGCSqGSIb3DQEHA6CAMIACAQAxggEgMIIBHAIBADAmMBIxEDAOBgNVBAMTB0NhcmxSU0ECEEY0
a8eAAFa8EdNuLs1dcdAwRAYHKIGMcQIBAjA5MCYGByiBjHECAgQwGzAWBgcogYxxAgUCMAsGCWCG
SAFlAwQCBAIBGDAPBgsqhkiG9w0BCRADBgUABIGoRV65v1suTh+trDVYzwPZzgQaWsyc9LhoLznM
614PSAIL6Wg+bHnYK6cHfmhjkDACC+v+sNU7RC3flgqAudAdrnlK1eu+Cea3I6vtdamwElLP1LqA
DpdpuSm2tqRh1q3RWzBlKfOGl+aew+8EqJymG4XM38+S0RpCgS6KnQttOmFTMEvpZaeV61Zt0cpT
1XpdrHgjoIPFmuPwB8KZxtkHp4dkjBsGr2TTMIAGCSqGSIb3DQEHATAUBggqhkiG9w0DBwQIHa6q
ziZq8j6ggAQgfZy/aBg7uTod1am7Q/blUx5KhK/lYByApQSzaqL73VUAAAAAAAAAAAAA
APPENDIX A
A.1 Bob's X.509 Certificate, BobRSASignByCarl.cer:
-----BEGIN CERTIFICATE-----
MIICJzCCAZCgAwIBAgIQRjRrx4AAVrwR024uzV1x0DANBgkqhkiG9w0BAQUFADAS
MRAwDgYDVQQDEwdDYXJsUlNBMB4XDTk5MDkxOTAxMDkwMloXDTM5MTIzMTIzNTk1
OVowETEPMA0GA1UEAxMGQm9iUlNBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB
gQCp4WeYPznVX/Kgk0FepnmJhcg1XZqRW/sdAdoZcCYXD72lItA1hW16mGYUQVzP
t7cIOwnJkbgZaTdt+WUee9mpMySjfzu7r0YBhjY0MssHA1lS/IWLMQS4zBgIFEjm
Txz7XWDE4FwfU9N/U9hpAfEF+Hpw0b6Dxl84zxwsqmqn6wIDAQABo38wfTAMBgNV
HRMBAf8EAjAAMA4GA1UdDwEB/wQEAwIFIDAfBgNVHSMEGDAWgBTp4JAnrHggeprT
TPJCN04irp44uzAdBgNVHQ4EFgQU6PS4Z9izlqQq8xGqKdOVWoYWtCQwHQYDVR0R
BBYwFIESQm9iUlNBQGV4YW1wbGUuY29tMA0GCSqGSIb3DQEBBQUAA4GBAHuOZsXx
ED8QIEyIcat7QGshM/pKld6dDltrlCEFwPLhfirNnJOIh/uLt359QWHh5NZt+eIE
VWFFvGQnRMChvVl52R1kPCHWRbBdaDOS6qzxV+WBfZjmNZGjOd539OgcOyncf1EH
l/M28FAK3Zvetl44ESv7V+qJba3JiNiPzyvT
-----END CERTIFICATE-----
A.2 Bob's Private Key, BobPrivRSAEncrypt.pri:
-----BEGIN RSA PRIVATE KEY-----
MIICXAIBAAKBgQCp4WeYPznVX/Kgk0FepnmJhcg1XZqRW/sdAdoZcCYXD72l
ItA1hW16mGYUQVzPt7cIOwnJkbgZaTdt+WUee9mpMySjfzu7r0YBhjY0MssH
A1lS/IWLMQS4zBgIFEjmTxz7XWDE4FwfU9N/U9hpAfEF+Hpw0b6Dxl84zxws
qmqn6wIDAQABAoGAZ81ITJoNj5jCG2X/IoOcbfCmBh287acDiJTyHGsPizXe
DoJ4MMvnumpWrXfG61F5cHkKoPT+ReCpsvQZ2oeY1jCEdOT8WWzBxnfcqZHQ
fDCgosUIXiFxQ/wNBz3w+m0Unk5j8BdYeRxLmBw9PbAb3/olO6PALJgF9hAJ
2IfbAxkCQQDQwyLG3qKZGHaPjbymddZmP9SNRVKMdvVyxOvwRprxPlyqVQub
2t1rbfj8OzwIQ5O1W/7O6v1ohCNir/MxwrnlAkEA0FH8HiK3W+21jgHI16vy
WNT3gpTzU6gZRctmyigZX+IQK/OP7GowdPhNEfSnxCC1RyHcSQH5CiAp8CQI
hGB9jwJANLpkyUgoV3TXVVDeakjvGypaHEh7HiFZw2A7m5epwO8YZqlOYlI4
hM7lCYhIlGnFIBSZWlf+I2zkpyN70IC3hQJBAJ4vszea+wsGXVfhCQakXdmQ
lgYFXyQGQHKcOoiFnIcPnWISiBZoqDUaG0PoOMCYaa8DCkgyBE7pD493fTQw
JQcCQFcYZ9YK0rWrwrp651TanAVPgdTvAYkeMj1pyzHEUshUVSUAOxwqfCZQ
1emm13fLzxX17gvVje6zr0yhfGNGQfY=
-----END RSA PRIVATE KEY-----
Author: David Ireland, GSSP-C
DI Management Services Pty Ltd
www.di-mgt.com.au
28 January 2008
Any comments, feedback, questions to our email or use our Contact Page.
This page last updated: 20 March 2009.