LAMPS WG J. Massimo Internet-Draft P. Kampanakis Intended status: Standards Track AWS Expires: 15 June 2025 S. Turner sn3rd B. E. Westerbaan Cloudflare 12 December 2024 Internet X.509 Public Key Infrastructure: Algorithm Identifiers for ML- DSA draft-ietf-lamps-dilithium-certificates-latest Abstract Digital signatures are used within X.509 certificates, Certificate Revocation Lists (CRLs), and to sign messages. This document describes the conventions for using FIPS 204, the Module-Lattice- Based Digital Signature Algorithm (ML-DSA) in Internet X.509 certificates and certificate revocation lists. The conventions for the associated signatures, subject public keys, and private key are also described. About This Document This note is to be removed before publishing as an RFC. The latest revision of this draft can be found at https://lamps- wg.github.io/dilithium-certificates/#go.draft-ietf-lamps-dilithium- certificates.html. Status information for this document may be found at https://datatracker.ietf.org/doc/draft-ietf-lamps-dilithium- certificates/. Discussion of this document takes place on the Limited Additional Mechanisms for PKIX and SMIME (lamps) Working Group mailing list (mailto:spasm@ietf.org), which is archived at https://mailarchive.ietf.org/arch/browse/spasm/. Subscribe at https://www.ietf.org/mailman/listinfo/spasm/. Source for this draft and an issue tracker can be found at https://github.com/lamps-wg/dilithium-certificates. Status of This Memo This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet- Drafts is at https://datatracker.ietf.org/drafts/current/. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." This Internet-Draft will expire on 15 June 2025. Copyright Notice Copyright (c) 2024 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/ license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Revised BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Revised BSD License. Table of Contents 1. Introduction 1.1. Requirements Language 2. Identifiers 3. ML-DSA Signatures in PKIX 4. ML-DSA Public Keys in PKIX 5. Key Usage Bits 6. Private Key Format 7. Pre-hashing (ExternalMu-ML-DSA) 8. IANA Considerations 9. Security Considerations 10. References 10.1. Normative References 10.2. Informative References Appendix A. ASN.1 Module Appendix B. Security Strengths Appendix C. Examples C.1. Example Private Key C.2. Example Public Key C.3. Example Certificate Acknowledgments Authors' Addresses 1. Introduction The Module-Lattice-Based Digital Signature Algorithm (ML-DSA) is a quantum-resistant digital signature scheme standardized by the US National Institute of Standards and Technology (NIST) PQC project [NIST-PQC] in [FIPS204]. This document specifies the use of the ML- DSA in Public Key Infrastructure X.509 (PKIX) certificates and Certificate Revocation Lists (CRLs) at three security levels: ML-DSA- 44, ML-DSA-65, and ML-DSA-87. [FIPS204] defines two variants of ML-DSA: a pure and a prehash variant. Only the former is specified in this document. The pure variant of ML-DSA supports the typical prehash flow, see Section 7. In short: one cryptographic module can compute the hash _mu_ on line 6 of algorithm 7 of [FIPS204] and pass it to a second module to finish the signature. The first module only needs access to the full message and the public key, whereas the second module only needs access to hash _mu_ and the private key. 1.1. Requirements Language The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all capitals, as shown here. 2. Identifiers The AlgorithmIdentifier type is defined in [RFC5912] as follows: AlgorithmIdentifier{ALGORITHM-TYPE, ALGORITHM-TYPE:AlgorithmSet} ::= SEQUENCE { algorithm ALGORITHM-TYPE.id({AlgorithmSet}), parameters ALGORITHM-TYPE. Params({AlgorithmSet}{@algorithm}) OPTIONAL } | NOTE: The above syntax is from [RFC5912] and is compatible with | the 2021 ASN.1 syntax [X680]. See [RFC5280] for the 1988 ASN.1 | syntax. The fields in AlgorithmIdentifier have the following meanings: * algorithm identifies the cryptographic algorithm with an object identifier. * parameters, which are optional, are the associated parameters for the algorithm identifier in the algorithm field. The OIDs are: id-ml-dsa-44 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistAlgorithm(4) sigAlgs(3) id-ml-dsa-44(17) } id-ml-dsa-65 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistAlgorithm(4) sigAlgs(3) id-ml-dsa-65(18) } id-ml-dsa-87 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistAlgorithm(4) sigAlgs(3) id-ml-dsa-87(19) } The contents of the parameters component for each algorithm MUST be absent. 3. ML-DSA Signatures in PKIX ML-DSA is a digital signature scheme built upon the Fiat-Shamir-with- aborts framework [Fiat-Shamir]. The security is based upon the hardness of lattice problems over module lattices [Dilithium]. ML- DSA provides three parameter sets for the NIST PQC security categories 2, 3 and 5. Signatures are used in a number of different ASN.1 structures. As shown in the ASN.1 representation from [RFC5280] below, in an X.509 certificate, a signature is encoded with an algorithm identifier in the signatureAlgorithm attribute and a signatureValue attribute that contains the actual signature. Certificate ::= SIGNED{ TBSCertificate } SIGNED{ToBeSigned} ::= SEQUENCE { toBeSigned ToBeSigned, algorithmIdentifier SEQUENCE { algorithm SIGNATURE-ALGORITHM. &id({SignatureAlgorithms}), parameters SIGNATURE-ALGORITHM. &Params({SignatureAlgorithms} {@algorithmIdentifier.algorithm}) OPTIONAL }, signature BIT STRING (CONTAINING SIGNATURE-ALGORITHM.&Value( {SignatureAlgorithms} {@algorithmIdentifier.algorithm})) } Signatures are also used in the CRL list ASN.1 representation from [RFC5280] below. In a X.509 CRL, a signature is encoded with an algorithm identifier in the signatureAlgorithm attribute and a signatureValue attribute that contains the actual signature. CertificateList ::= SIGNED{ TBSCertList } The identifiers defined in Section 2 can be used as the AlgorithmIdentifier in the signatureAlgorithm field in the sequence Certificate/CertificateList and the signature field in the sequence TBSCertificate/TBSCertList in certificates and CRLs, respectively, [RFC5280]. The parameters of these signature algorithms MUST be absent, as explained in Section 2. The signatureValue field contains the corresponding ML-DSA signature computed upon the ASN.1 DER encoded tbsCertificate/tbsCertList [RFC5280]. Conforming Certification Authority (CA) implementations MUST specify the algorithms explicitly by using the OIDs specified in Section 2 when encoding ML-DSA signatures in certificates and CRLs. Conforming client implementations that process certificates and CRLs using ML- DSA MUST recognize the corresponding OIDs. Encoding rules for ML-DSA signature values are specified Section 2. When the id-ml-dsa identifier appears in the algorithm field as an AlgorithmIdentifier, the encoding MUST omit the parameters field. That is, the AlgorithmIdentifier SHALL be a SEQUENCE of one component, the OID id-ml-dsa. 4. ML-DSA Public Keys in PKIX In the X.509 certificate, the subjectPublicKeyInfo field has the SubjectPublicKeyInfo type, which has the following ASN.1 syntax: SubjectPublicKeyInfo {PUBLIC-KEY: IOSet} ::= SEQUENCE { algorithm AlgorithmIdentifier {PUBLIC-KEY, {IOSet}}, subjectPublicKey BIT STRING } | NOTE: The above syntax is from [RFC5912] and is compatible with | the 2021 ASN.1 syntax [X680]. See [RFC5280] for the 1988 ASN.1 | syntax. The fields in SubjectPublicKeyInfo have the following meaning: * algorithm is the algorithm identifier and parameters for the public key (see above). * subjectPublicKey contains the byte stream of the public key. Appendix C contains example ML-DSA private keys encoded using the textual encoding defined in [RFC7468]. 5. Key Usage Bits The intended application for the key is indicated in the keyUsage certificate extension; see Section 4.2.1.3 of [RFC5280]. If the keyUsage extension is present in a certificate that indicates id-ml- dsa in the SubjectPublicKeyInfo, then the at least one of following MUST be present: digitalSignature; or nonRepudiation; or keyCertSign; or cRLSign. If the keyUsage extension is present in a certificate that indicates id-ml-dsa in the SubjectPublicKeyInfo, then the following MUST NOT be present: keyEncipherment; or dataEncipherment; or keyAgreement; or encipherOnly; or decipherOnly. Requirements about the keyUsage extension bits defined in [RFC5280] still apply. 6. Private Key Format An ML-DSA private key is encoded by storing its 32-octet seed in the privateKey field as follows. [FIPS204] specifies two formats for an ML-DSA private key: a 32-octet seed (xi) and an (expanded) private key. The expanded private key (and public key) is computed from the seed using ML- DSA.KeyGen_internal(xi) (algorithm 6). "Asymmetric Key Packages" [RFC5958] describes how to encode a private key in a structure that both identifies what algorithm the private key is for and allows for the public key and additional attributes about the key to be included as well. For illustration, the ASN.1 structure OneAsymmetricKey is replicated below. OneAsymmetricKey ::= SEQUENCE { version Version, privateKeyAlgorithm SEQUENCE { algorithm PUBLIC-KEY.&id({PublicKeySet}), parameters PUBLIC-KEY.&Params({PublicKeySet} {@privateKeyAlgorithm.algorithm}) OPTIONAL} privateKey OCTET STRING (CONTAINING PUBLIC-KEY.&PrivateKey({PublicKeySet} {@privateKeyAlgorithm.algorithm})), attributes [0] Attributes OPTIONAL, ..., [[2: publicKey [1] BIT STRING (CONTAINING PUBLIC-KEY.&Params({PublicKeySet} {@privateKeyAlgorithm.algorithm}) OPTIONAL, ... } | NOTE: The above syntax is from [RFC5958] and is compatible with | the 2021 ASN.1 syntax [X680]. When used in a OneAsymmetricKey type, the privateKey OCTET STRING contains the raw octet string encoding of the 32-octet seed. The publicKey field SHOULD be omitted because the public key can be computed as noted earlier in this section. Appendix C contains example ML-DSA private keys encoded using the textual encoding defined in [RFC7468]. 7. Pre-hashing (ExternalMu-ML-DSA) Some applications require prehashing, where the signature generation process can be separated into a pre-hash step and a core signature step in order to ease operational requirements around large or inconsistently-sized payloads. This can be performed at the protocol layer, but not all protocols support it. Examples in [RFC5280] are certificate and certificate revocation list (CRL) data structures, that do not include message digesting before signing. This can make signing large CRLs or a high volume of certificates with large public keys challenging. As mentioned in the introduction, pure ML-DSA signing itself supports a prehashing flow by splitting the operation over two modules. In this section we make this "ExternalMu-ML-DSA" more explicit. There are two steps. First an ExternalMu-ML-DSA.Prehash() followed by ExternalMu-ML-DSA.Sign(). Together these are functionally equivalent to ML-DSA.Sign() from [FIPS204] in that they create exactly the same signatures as regular pure ML-DSA, which can be verified by the unmodified ML-DSA.Verify(). An ML-DSA key and certificate MAY be used with either ML-DSA or ExternalMu-ML-DSA interchangeably. Note that ExternalMu-ML-DSA describes a different signature API from ML-DSA and therefore might require explicit support from hardware or software cryptographic modules. Note that the signing mode defined here is different from HashML-DSA defined in [FIPS204] section 5.4. This specification uses exclusively ExternalMu-ML-DSA for pre-hashed use cases, and thus public keys identified by id-hash-ml-dsa-44-with-sha512, id-hash-ml- dsa-65-with-sha512, and id-hash-ml-dsa-87-with-sha512 MUST NOT be used in X.509 and related PKIX protocols. All functions and notation used in Figure 1 and Figure 2 are defined in [FIPS204]. External operations: ExternalMu-ML-DSA.Prehash(pk, M, ctx): if |ctx| > 255 then return error # return an error indication if the context string is # too long end if M' = BytesToBits(IntegerToBytes(0, 1) ∥ IntegerToBytes(|ctx|, 1) || ctx) || M mu = H(BytesToBits(H(pk, 64)) || M', 64) return mu Figure 1: External steps of ExternalMu-ML-DSA Internal operations: ExternalMu-ML-DSA.Sign(sk, mu): if |mu| != 512 then return error # return an error indication if the input mu is not # 64 bytes (512 bits). end if rnd = rand(32) # for the optional deterministic variant, # set rnd to all zeroes if rnd = NULL then return error # return an error indication if random bit # generation failed end if sigma = ExternalMu-ML-DSA.Sign_internal(sk, mu, rnd) return sigma ExternalMu-ML-DSA.Sign_internal(sk, mu, rnd): # mu is passed as argument instead of M' ... identical to FIPS 204 Algorithm 7, but with Line 6 removed. Figure 2: Internal steps of ExternalMu-ML-DSA 8. IANA Considerations For the ASN.1 module in {asn1}, IANA is requested to assign an object identifier (OID) for the module identifier (TBD1) with a Description of "id-mod-x509-ml-dsa-2024". The OID for the module should be allocated in the "SMI Security for PKIX Module Identifier" registry (1.3.6.1.5.5.7.0). 9. Security Considerations The Security Considerations section of [RFC5280] applies to this specification as well. The digital signature scheme defined within this document are modeled under strongly existentially unforgeable under chosen message attack (SUF-CMA). For the purpose of estimating security strength, it has been assumed that the attacker has access to signatures for no more than 2^{64} chosen messages. ML-DSA offers both deterministic and randomized signing. By default ML-DSA signatures are non-deterministic. The private random seed (rho') for the signature is pseudorandomly derived from the signer’s private key, the message, and a 256-bit string, rnd - where rnd should be generated by an approved RBG. In the deterministic version, rng is instead a 256-bit constant string. The source of randomness in the randomized mode has been "hedged" against sources of poor entropy, by including the signers private key and message into the derivation. The primary purpose of rnd is to facilitate countermeasures to side-channel attacks and fault attacks on deterministic signatures. In the design of ML-DSA, care has been taken to make side-channel resilience easier to achieve. For instance, ML-DSA does not depend on Gaussian sampling. Implementations must still take great care not to leak information via various side channels. While deliberate design decisions such as these can help to deliver a greater ease of secure implementation - particularly against side-channel attacks - it does not necessarily provide resistance to more powerful attacks such as differential power analysis. Some amount of side-channel leakage has been demonstrated in parts of the signing algorithm (specifically the bit-unpacking function), from which a demonstration of key recovery has been made over a large sample of signatures. Masking countermeasures exist for ML-DSA, but come with a performance overhead. A fundamental security property also associated with digital signatures is non-repudiation. Non-repudiation refers to the assurance that the owner of a signature key pair that was capable of generating an existing signature corresponding to certain data cannot convincingly deny having signed the data. The digital signature scheme ML-DSA possess three security properties beyond unforgeability, that are associated with non-repudiation. These are exclusive ownership, message-bound signatures, and non-resignability. These properties are based tightly on the assumed collision resistance of the hash function used (in this case SHAKE-256). Exclusive ownership is a property in which a signature sigma uniquely determines the public key and message for which it is valid. Message-bound signatures is the property that a valid signature uniquely determines the message for which it is valid, but not necessarily the public key. Non-resignability is the property in which one cannot produce a valid signature under another key given a signature sigma for some unknown message m. These properties are not provided by classical signature schemes such as DSA or ECDSA, and have led to a variety of attacks such as Duplicate-Signature Key Selection (DSKS) attacks , and attacks on the protocols for secure routing. A full discussion of these properties in ML-DSA can be found at [CDFFJ21]. These properties are dependent, in part, on unambiguous public key serialization. It for this reason the public key structure defined in Section 4 is intentionally encoded as a single OCTET STRING. 10. References 10.1. Normative References [FIPS204] National Institute of Standards and Technology (NIST), "Module-Lattice-based Digital Signature Standard", FIPS PUB 204, August 2023, . [I-D.salter-lamps-cms-ml-dsa] S, B., R, A., and D. Van Geest, "Use of the ML-DSA Signature Algorithm in the Cryptographic Message Syntax (CMS)", Work in Progress, Internet-Draft, draft-salter- lamps-cms-ml-dsa-00, 14 October 2024, . [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, DOI 10.17487/RFC2119, March 1997, . [RFC5280] Cooper, D., Santesson, S., Farrell, S., Boeyen, S., Housley, R., and W. Polk, "Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile", RFC 5280, DOI 10.17487/RFC5280, May 2008, . [RFC5912] Hoffman, P. and J. Schaad, "New ASN.1 Modules for the Public Key Infrastructure Using X.509 (PKIX)", RFC 5912, DOI 10.17487/RFC5912, June 2010, . [RFC5958] Turner, S., "Asymmetric Key Packages", RFC 5958, DOI 10.17487/RFC5958, August 2010, . [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, May 2017, . [X680] ITU-T, "Information Technology -- Abstract Syntax Notation One (ASN.1): Specification of basic notation", ITU-T Recommendation X.680, ISO/IEC 8824-1:2021, February 2021, . [X690] ITU-T, "Information Technology -- Abstract Syntax Notation One (ASN.1): ASN.1 encoding rules: Specification of Basic Encoding Rules (BER), Canonical Encoding Rules (CER) and Distinguished Encoding Rules (DER)", ITU-T Recommendation X.690, ISO/IEC 8825-1:2021, February 2021, . 10.2. Informative References [CDFFJ21] Cremers, C., Düzlü, S., Fiedler, R., Fischlin, M., and C. Janson, "BUFFing signature schemes beyond unforgeability and the case of post-quantum signatures", In Proceedings of the 42nd IEEE Symposium on Security and Privacy , 2021, . [Dilithium] Bai, S., Ducas, L., Lepoint, T., Lyubashevsky, V., Schwabe, P., Seiler, G., and D. Stehlé, "CRYSTALS- Dilithium Algorithm Specifications and Supporting Documentation", 2021, . [Fiat-Shamir] Lyubashevsky, V., "Fiat-Shamir with aborts: Applications to lattice and factoring-based signatures", International Conference on the Theory and Application of Cryptology and Information Security , 2009, . [NIST-PQC] National Institute of Standards and Technology (NIST), "Post-Quantum Cryptography Project", 20 December 2016, . [RFC7468] Josefsson, S. and S. Leonard, "Textual Encodings of PKIX, PKCS, and CMS Structures", RFC 7468, DOI 10.17487/RFC7468, April 2015, . Appendix A. ASN.1 Module This appendix includes the ASN.1 module [X680] for the ML-DSA. Note that as per [RFC5280], certificates use the Distinguished Encoding Rules; see [X690]. This module imports objects from [RFC5912] and [I-D.salter-lamps-cms-ml-dsa]. | RFC EDITOR: Please replace TBD2 with the value assigned by IANA | during the publication of [I-D.salter-lamps-cms-ml-dsa]. Also | please replace [I-D.salter-lamps-cms-ml-dsa] in the module with | a reference to the published RFC. X509-ML-DSA-2024 { iso(1) identified-organization(3) dod(6) internet(1) security(5) mechanisms(5) pkix(7) id-mod(0) id-mod-x509-ml-dsa-2024(TBD1) } DEFINITIONS IMPLICIT TAGS ::= BEGIN -- EXPORTS ALL; IMPORTS PUBLIC-KEY, SIGNATURE-ALGORITHM FROM AlgorithmInformation-2009 -- From [RFC5912] { iso(1) identified-organization(3) dod(6) internet(1) security(5) mechanisms(5) pkix(7) id-mod(0) id-mod-algorithmInformation-02(58) } sa-ml-dsa-44, sa-ml-dsa-65, sa-ml-dsa-87, pk-ml-dsa-44, pk-ml-dsa-65, pk-ml-dsa-87 FROM ML-DSA-Module-2024 -- From [I-D.salter-lamps-cms-ml-dsa] { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs9(9) id-smime(16) id-mod(0) id-mod-ml-dsa-2024(TBD2) } ; -- -- Expand SignatureAlgorithms from RFC 5912 -- SignatureAlgorithms SIGNATURE-ALGORITHM ::= { sa-ml-dsa-44 | sa-ml-dsa-65 | sa-ml-dsa-87, ... } -- -- Expand SignatureAlgorithms from RFC 5912 -- PublicKeys PUBLIC-KEY ::= { pk-ml-dsa-44 | pk-ml-dsa-65 | pk-ml-dsa-87, ... } END Appendix B. Security Strengths Instead of defining the strength of a quantum algorithm in a traditional manner using the imprecise notion of bits of security, NIST has instead elected to define security levels by picking a reference scheme, which NIST expects to offer notable levels of resistance to both quantum and classical attack. To wit, an algorithm that achieves NIST PQC security level 1 must require computational resources to break the relevant security property, which are greater than those required for a brute-force key search on AES-128. Levels 3 and 5 use AES-192 and AES-256 as reference respectively. Levels 2 and 4 use collision search for SHA-256 and SHA-384 as reference. The parameter sets defined for NIST security levels 2, 3 and 5 are listed in the Figure 1, along with the resulting signature size, public key, and private key sizes in bytes. |=======+=======+=====+========+========+========| | Level | (k,l) | eta | Sig. | Public | Private| | | | | (B) | Key(B) | Key(B) | |=======+=======+=====+========+========+========| | 2 | (4,4) | 2 | 2420 | 1312 | 32 | | 3 | (6,5) | 4 | 3309 | 1952 | 32 | | 5 | (8,7) | 2 | 4627 | 2592 | 32 | |=======+=======+=====+========+========+========| Figure 3: ML-DSA Parameters Appendix C. Examples This appendix contains examples of ML-DSA public keys, private keys and certificates. C.1. Example Private Key The following is an example of a ML-DSA-44 private key with hex seed 000102…1e1f: -----BEGIN PRIVATE KEY----- MDICAQAwCwYJYIZIAWUDBAMRBCAAAQIDBAUGBwgJCgsMDQ4PEBESExQVFhcYGRob HB0eHw== -----END PRIVATE KEY----- SEQUENCE { INTEGER { 0 } SEQUENCE { OBJECT_IDENTIFIER { 2.16.840.1.101.3.4.3.17 } } OCTET_STRING { `000102030405060708090a0b0c0d0e0f10111213141516 1718191a1b1c1d1e1f` } } The following is an example of a ML-DSA-65 private key with hex seed 000102…1e1f: -----BEGIN PRIVATE KEY----- MDICAQAwCwYJYIZIAWUDBAMSBCAAAQIDBAUGBwgJCgsMDQ4PEBESExQVFhcYGRob HB0eHw== -----END PRIVATE KEY----- SEQUENCE { INTEGER { 0 } SEQUENCE { OBJECT_IDENTIFIER { 2.16.840.1.101.3.4.3.18 } } OCTET_STRING { `000102030405060708090a0b0c0d0e0f10111213141516 1718191a1b1c1d1e1f` } } The following is an example of a ML-DSA-87 private key with hex seed 000102…1e1f: -----BEGIN PRIVATE KEY----- MDICAQAwCwYJYIZIAWUDBAMTBCAAAQIDBAUGBwgJCgsMDQ4PEBESExQVFhcYGRob HB0eHw== -----END PRIVATE KEY----- SEQUENCE { INTEGER { 0 } SEQUENCE { OBJECT_IDENTIFIER { 2.16.840.1.101.3.4.3.19 } } OCTET_STRING { `000102030405060708090a0b0c0d0e0f10111213141516 1718191a1b1c1d1e1f` } } NOTE: The private key is the seed and all three examples keys use the same seed; therefore, the private above are the same except for the OID used to represent the ML-DSA algorithm's security strength. C.2. Example Public Key The following is the ML-DSA-44 public key corresponding to the private key in the previous section. -----BEGIN PUBLIC KEY----- MIIFMjALBglghkgBZQMEAxEDggUhANeytHJUquDbReeTDUqY0sl9jxOX0Xidr6Fw JLMW6b7JT8mUbULxm3mnQTu6oz5xSctC7VEVaTrAQfrLmIretf4OHYYxGEmVtZLD l9IpTi4U+QqkFLo4JomaxD9MzKy8JumoMrlRGNXLQzy++WYLABOOCBf2HnYsonTD atVU6yKqwRYuSrAay6HjjE79j4C2WzM9D3LlXf5xzpweu5iJ58VhBsD9c4A6Kuz+ r97XqjyyztpU0SvYzTanjPl1lDtHq9JeiArEUuV0LtHo0agq+oblkMdYwVrk0oQN kryhpQkPQElll/yn2LlRPxob2m6VCqqY3kZ1B9Sk9aTwWZIWWCw1cvYu2okFqzWB ZwxKAnd6M+DKcpX9j0/20aCjp2g9ZfX19/xg2gI+gmxfkhRMAvfRuhB1mHVT6pNn /NdtmQt/qZzUWv24g21D5Fn1GH3wWEeXCaAepoNZNfpwRgmQzT3BukAbqUurHd5B rGerMxncrKBgSNTE7vJ+4TqcF9BTj0MPLWQtwkFWYN54h32NirxyUjl4wELkKF9D GYRsRBJiQpdoRMEOVWuiFbWnGeWdDGsqltOYWQcf3MLN51JKe+2uVOhbMY6FTo/i svPt+slxkSgnCq/R5QRMOk/a/Z/zH5B4S46ORZYUSg2vWGUR09mWK56pWvGXtOX8 YPKx7RXeOlvvX4m9x52RBR2bKBbnT6VFMe/cHL501EiFf0drzVjyHAtlOzt2pOB2 plWaMCcYVVzGP3SFmqurkl8COGHKjND3utsocfZ9VTJtdFETWtRfShumkRj7ssij DuyTku8/l3Bmya3VxxDMZHsVFNIX2VjHAXw+kP0gwE5nS5BIbpNwoxoAHTL0c5ee SQZ0nn5Hf6C3RQj4pfI3gxK4PCW9OIygsP/3R4uvQrcWZ+2qyXxGsSlkPlhuWwVa DCEZRtTzbmdb7Vhg+gQqMV2YJhZNapI3w1pfv0lUkKW9TfJIuVxKrneEtgVnMWas QkW1tLCCoJ6TI+YvIHjFt2eDRG3v1zatOjcC1JsImESQCmGDM5e8RBmzDXqXoLOH wZEUdMTUG1PjKpd6y28Op122W7OeWecB52lX3vby1EVZwxp3EitSBOO1whnxaIsU 7QvAuAGz5ugtzUPpwOn0F0TNmBW9G8iCDYuxI/BPrNGxtoXdWisbjbvz7ZM2cPCV oYC08ZLQixC4+rvfzCskUY4y7qCl4MkEyoRHgAg/OwzS0Li2r2e8NVuUlAJdx7Cn j6gOOi2/61EyiFHWB4GY6Uk2Ua54fsAlH5Irow6fUd9iptcnhM890gU5MXbfoySl Er2Ulwo23TSlFKhnkfDrNvAUWwmrZGUbSgMTsplhGiocSIkWJ1mHaKMRQGC6RENI bfUVIqHOiLMJhcIW+ObtF43VZ7MEoNTK+6iCooNC8XqaomrljbYwCD0sNY/fVmw/ XWKkKFZ7yeqM6VyqDzVHSwv6jzOaJQq0388gg76O77wQVeGP4VNw7ssmBWbYP/Br IRquxDyim1TM0A+IFaJGXvC0ZRXMfkHzEk8J7/9zkwmrWLKaFFmgC85QOOk4yWeP cusOTuX9quZtn4Vz/Jf8QrSVn0v4th14Qz6GsDNdbpGRxNi/SHs5BcEIz9asJLDO t9y3z1H4TQ7Wh7lerrHFM8BvDZcCPZKnCCWDe1m6bLfU5WsKh8IDhiro8xW6WSXo 7e+meTaaIgJ2YVHxapZfn4Hs52zAcLVYaeTbl4TPBcgwsyQsgxI= -----END PUBLIC KEY----- SEQUENCE { SEQUENCE { OBJECT_IDENTIFIER { 2.16.840.1.101.3.4.3.17 } } BIT_STRING { `00` `d7b2b47254aae0db45e7930d4a98d2c97d8f1397d17 89dafa17024b316e9bec94fc9946d42f19b79a7413bbaa33e7149cb42ed51156 93ac041facb988adeb5fe0e1d8631184995b592c397d2294e2e14f90aa414ba3 826899ac43f4cccacbc26e9a832b95118d5cb433cbef9660b00138e0817f61e7 62ca274c36ad554eb22aac1162e4ab01acba1e38c4efd8f80b65b333d0f72e55 dfe71ce9c1ebb9889e7c56106c0fd73803a2aecfeafded7aa3cb2ceda54d12bd 8cd36a78cf975943b47abd25e880ac452e5742ed1e8d1a82afa86e590c758c15 ae4d2840d92bca1a5090f40496597fca7d8b9513f1a1bda6e950aaa98de46750 7d4a4f5a4f0599216582c3572f62eda8905ab3581670c4a02777a33e0ca7295f d8f4ff6d1a0a3a7683d65f5f5f7fc60da023e826c5f92144c02f7d1ba1075987 553ea9367fcd76d990b7fa99cd45afdb8836d43e459f5187df058479709a01ea 6835935fa70460990cd3dc1ba401ba94bab1dde41ac67ab3319dcaca06048d4c 4eef27ee13a9c17d0538f430f2d642dc2415660de78877d8d8abc72523978c04 2e4285f4319846c44126242976844c10e556ba215b5a719e59d0c6b2a96d3985 9071fdcc2cde7524a7bedae54e85b318e854e8fe2b2f3edfac9719128270aafd 1e5044c3a4fdafd9ff31f90784b8e8e4596144a0daf586511d3d9962b9ea95af 197b4e5fc60f2b1ed15de3a5bef5f89bdc79d91051d9b2816e74fa54531efdc1 cbe74d448857f476bcd58f21c0b653b3b76a4e076a6559a302718555cc63f748 59aabab925f023861ca8cd0f7badb2871f67d55326d7451135ad45f4a1ba6911 8fbb2c8a30eec9392ef3f977066c9add5c710cc647b1514d217d958c7017c3e9 0fd20c04e674b90486e9370a31a001d32f473979e4906749e7e477fa0b74508f 8a5f2378312b83c25bd388ca0b0fff7478baf42b71667edaac97c46b129643e5 86e5b055a0c211946d4f36e675bed5860fa042a315d9826164d6a9237c35a5fb f495490a5bd4df248b95c4aae7784b605673166ac4245b5b4b082a09e9323e62 f2078c5b76783446defd736ad3a3702d49b089844900a61833397bc4419b30d7 a97a0b387c1911474c4d41b53e32a977acb6f0ea75db65bb39e59e701e76957d ef6f2d44559c31a77122b5204e3b5c219f1688b14ed0bc0b801b3e6e82dcd43e 9c0e9f41744cd9815bd1bc8820d8bb123f04facd1b1b685dd5a2b1b8dbbf3ed9 33670f095a180b4f192d08b10b8fabbdfcc2b24518e32eea0a5e0c904ca84478 0083f3b0cd2d0b8b6af67bc355b9494025dc7b0a78fa80e3a2dbfeb51328851d 6078198e9493651ae787ec0251f922ba30e9f51df62a6d72784cf3dd20539317 6dfa324a512bd94970a36dd34a514a86791f0eb36f0145b09ab64651b4a0313b 299611a2a1c48891627598768a3114060ba4443486df51522a1ce88b30985c21 6f8e6ed178dd567b304a0d4cafba882a28342f17a9aa26ae58db630083d2c358 fdf566c3f5d62a428567bc9ea8ce95caa0f35474b0bfa8f339a250ab4dfcf208 3be8eefbc1055e18fe15370eecb260566d83ff06b211aaec43ca29b54ccd00f8 815a2465ef0b46515cc7e41f3124f09efff739309ab58b29a1459a00bce5038e 938c9678f72eb0e4ee5fdaae66d9f8573fc97fc42b4959f4bf8b61d78433e86b 0335d6e9191c4d8bf487b3905c108cfd6ac24b0ceb7dcb7cf51f84d0ed687b95 eaeb1c533c06f0d97023d92a70825837b59ba6cb7d4e56b0a87c203862ae8f31 5ba5925e8edefa679369a2202766151f16a965f9f81ece76cc070b55869e4db9 784cf05c830b3242c8312` } } The following is the ML-DSA-65 public key corresponding to the private key in the previous section. -----BEGIN PUBLIC KEY----- MIIHsjALBglghkgBZQMEAxIDggehAEhoPZGXjjHrPd24sEc0gtK4il9iWUn9j1il YeaWvUwn0Fs427Lt8B5mTv2Bvh6ok2iM5oqi1RxZWPi7xutOie5n0sAyCVTVchLK xyKf8dbq8DkovVFRH42I2EdzbH3icw1ZeOVBBxMWCXiGdxG/VTmgv8TDUMK+Vyuv DuLi+xbM/qCAKNmaxJrrt1k33c4RHNq2L/886ouiIz0eVvvFxaHnJt5j+t0q8Bax GRd/o9lxotkncXP85VtndFrwt8IdWX2+uT5qMvNBxJpai+noJQiNHyqkUVXWyK4V Nn5OsAO4/feFEHGUlzn5//CQI+r0UQTSqEpFkG7tRnGkTcKNJ5h7tV32np6FYfYa gKcmmVA4Zf7Zt+5yqOF6GcQIFE9LKa/vcDHDpthXFhC0LJ9CEkWojxl+FoErAxFZ tluWh+Wz6TTFIlrpinm6c9Kzmdc1EO/60Z5TuEUPC6j84QEv2Y0mCnSqqhP64kmg BrHDT1uguILyY3giL7NvIoPCQ/D/618btBSgpw1V49QKVrbLyIrh8Dt7KILZje6i jhRcne39jq8c7y7ZSosFD4lk9G0eoNDCpD4N2mGCrb9PbtF1tnQiV4Wb8i86QX7P H52JMXteU51YevFrnhMT4EUU/6ZLqLP/K4Mh+IEcs/sCLI9kTnCkuAovv+5gSrtz eQkeqObFx038AoNma0DAeThwAoIEoTa/XalWjreY00kDi9sMEeA0ReeEfLUGnHXP KKxgHHeZ2VghDdvLIm5Rr++fHeR7Bzhz1tP5dFa+3ghQgudKKYss1I9LMJMVXzZs j6YBxq+FjfoywISRsqKYh/kDNZSaXW7apnmIKjqV1r9tlwoiH0udPYy/OEr4GqyV 4rMpTgR4msg3J6XcBFWflq9B2KBTUW/u7rxSdG62qygZ4JEIcQ2DXwEfpjBlhyrT NNXN/7KyMQUH6S/Jk64xfal/TzCc2vD2ftmdkCFVdgg4SflTskbX/ts/22dnmFCl rUBOZBR/t89Pau3dBa+0uDSWjR/ogBSWDc5dlCI2Um4SpHjWnl++aXAxCzCMBoRQ GM/HsqtDChOmsax7sCzMuz2RGsLxEGhhP74Cm/3OAs9c04lQ7XLIOUTt+8dWFa+H +GTAUfPFVFbFQShjpAwG0dq1Yr3/BXG408ORe70wCIC7pemYI5uV+pG31kFtTzmL OtvNMJg+01krTZ731CNv0A9Q2YqlOiNaxBcnIPd9lhcmcpgM/o/3pacCeD7cK6Mb IlkBWhEvx/RoqcL5RkA5AC0w72eLTLeYvBFiFr96mnwYugO3tY/QdRXTEVBJ02FL 56B+dEMAdQ3x0sWHUziQWer8PXhczdMcB2SL7cA6XDuK1G0GTVnBPVc3Ryn8TilT YuKlGRIEUwQovBUir6KP9f4WVeMEylvIwnrQ4MajndTfKJVsFLOMyTaCzv5AK71e gtKcRk5E6103tI/FaN/gzG6OFrrqBeUTVZDxkpTnPoNnsCFtu4FQMLneVZE/CAOc QjUcWeVRXdWvjgiaFeYl6Pbe5jk4bEZJfXomMoh3TeWBp96WKbQbRCQUH5ePuDMS CO/ew8bg3jm8VwY/Pc1sRwNzwIiR6inLx8xtZIO4iJCDrOhqp7UbHCz+birRjZfO NvvFbqQvrpfmp6wRSGRHjDZt8eux57EakJhQT9WXW98fSdxwACtjwXOanSY/utQH P2qfbCuK9LTDMqEDoM/6Xe6y0GLKPCFf02ACa+fFFk9KRCTvdJSIBNZvRkh3Msgg LHlUeGR7TqcdYnwIYCTMo1SkHwh3s48Zs3dK0glcjaU7Bp4hx2ri0gB+FnGe1ACA 0zT32lLp9aWZBDnK8IOpW4M/Aq0QoIwabQ8mDAByhb1KL0dwOlrvRlKH0lOxisIl FDFiEP9WaBSxD4eik9bxmdPDlZmQ0MEmi09Q1fn877vyN70MKLgBgtZll0HxTxC/ uyG7oSq2IKojlvVsBoa06pAXmQIkIWsv6K12xKkUju+ahqNjWmqne8Hc+2+6Wad9 /am3Uw3AyoZIyNlzc44Burjwi0kF6EqkZBvWAkEM2XUgJl8vIx8rNeFesvoE0r2U 1ad6uvHg4WEBCpkAh/W0bqmIsrwFEv2g+pI9rdbEXFMB0JSDZzJltasuEPS6Ug9r utVkpcPV4nvbCA99IOEylqMYGVTDnGSclD6+F99cH3quCo/hJsR3WFpdTWSKDQCL avXozTG+aakpbU8/0l7YbyIeS5P2X1kplnUzYkuSNXUMMHB1ULWFNtEJpxMcWlu+ SlcVVnwSU0rsdmB2Huu5+uKJHHdFibgOVmrVV93vc2cZa3In6phw7wnd/seda5MZ poebUgXXa/erpazzOvtZ0X/FTmg4PWvloI6bZtpT3N4Ai7KUuFgr0TLNzEmVn9vC HlJyGIDIrQNSx58DpDu9hMTN/cbFKQBeHnzZo0mnFoo1Vpul3qgYlo1akUZr1uZO IL9iQXGYr8ToHCjdd+1AKCMjmLUvvehryE9HW5AWcQziqrwRoGtNuskB7BbPNlyj 8tU4E5SKaToPk+ecRspdWm3KPSjKUK0YvRP8pVBZ3ZsYX3n5xHGWpOgbIQS8RgoF HgLy6ERP -----END PUBLIC KEY----- SEQUENCE { SEQUENCE { OBJECT_IDENTIFIER { 2.16.840.1.101.3.4.3.17 } } BIT_STRING { `00` `d7b2b47254aae0db45e7930d4a98d2c97d8f1397d17 89dafa17024b316e9bec94fc9946d42f19b79a7413bbaa33e7149cb42ed51156 93ac041facb988adeb5fe0e1d8631184995b592c397d2294e2e14f90aa414ba3 826899ac43f4cccacbc26e9a832b95118d5cb433cbef9660b00138e0817f61e7 62ca274c36ad554eb22aac1162e4ab01acba1e38c4efd8f80b65b333d0f72e55 dfe71ce9c1ebb9889e7c56106c0fd73803a2aecfeafded7aa3cb2ceda54d12bd 8cd36a78cf975943b47abd25e880ac452e5742ed1e8d1a82afa86e590c758c15 ae4d2840d92bca1a5090f40496597fca7d8b9513f1a1bda6e950aaa98de46750 7d4a4f5a4f0599216582c3572f62eda8905ab3581670c4a02777a33e0ca7295f d8f4ff6d1a0a3a7683d65f5f5f7fc60da023e826c5f92144c02f7d1ba1075987 553ea9367fcd76d990b7fa99cd45afdb8836d43e459f5187df058479709a01ea 6835935fa70460990cd3dc1ba401ba94bab1dde41ac67ab3319dcaca06048d4c 4eef27ee13a9c17d0538f430f2d642dc2415660de78877d8d8abc72523978c04 2e4285f4319846c44126242976844c10e556ba215b5a719e59d0c6b2a96d3985 9071fdcc2cde7524a7bedae54e85b318e854e8fe2b2f3edfac9719128270aafd 1e5044c3a4fdafd9ff31f90784b8e8e4596144a0daf586511d3d9962b9ea95af 197b4e5fc60f2b1ed15de3a5bef5f89bdc79d91051d9b2816e74fa54531efdc1 cbe74d448857f476bcd58f21c0b653b3b76a4e076a6559a302718555cc63f748 59aabab925f023861ca8cd0f7badb2871f67d55326d7451135ad45f4a1ba6911 8fbb2c8a30eec9392ef3f977066c9add5c710cc647b1514d217d958c7017c3e9 0fd20c04e674b90486e9370a31a001d32f473979e4906749e7e477fa0b74508f 8a5f2378312b83c25bd388ca0b0fff7478baf42b71667edaac97c46b129643e5 86e5b055a0c211946d4f36e675bed5860fa042a315d9826164d6a9237c35a5fb f495490a5bd4df248b95c4aae7784b605673166ac4245b5b4b082a09e9323e62 f2078c5b76783446defd736ad3a3702d49b089844900a61833397bc4419b30d7 a97a0b387c1911474c4d41b53e32a977acb6f0ea75db65bb39e59e701e76957d ef6f2d44559c31a77122b5204e3b5c219f1688b14ed0bc0b801b3e6e82dcd43e 9c0e9f41744cd9815bd1bc8820d8bb123f04facd1b1b685dd5a2b1b8dbbf3ed9 33670f095a180b4f192d08b10b8fabbdfcc2b24518e32eea0a5e0c904ca84478 0083f3b0cd2d0b8b6af67bc355b9494025dc7b0a78fa80e3a2dbfeb51328851d 6078198e9493651ae787ec0251f922ba30e9f51df62a6d72784cf3dd20539317 6dfa324a512bd94970a36dd34a514a86791f0eb36f0145b09ab64651b4a0313b 299611a2a1c48891627598768a3114060ba4443486df51522a1ce88b30985c21 6f8e6ed178dd567b304a0d4cafba882a28342f17a9aa26ae58db630083d2c358 fdf566c3f5d62a428567bc9ea8ce95caa0f35474b0bfa8f339a250ab4dfcf208 3be8eefbc1055e18fe15370eecb260566d83ff06b211aaec43ca29b54ccd00f8 815a2465ef0b46515cc7e41f3124f09efff739309ab58b29a1459a00bce5038e 938c9678f72eb0e4ee5fdaae66d9f8573fc97fc42b4959f4bf8b61d78433e86b 0335d6e9191c4d8bf487b3905c108cfd6ac24b0ceb7dcb7cf51f84d0ed687b95 eaeb1c533c06f0d97023d92a70825837b59ba6cb7d4e56b0a87c203862ae8f31 5ba5925e8edefa679369a2202766151f16a965f9f81ece76cc070b55869e4db9 784cf05c830b3242c8312` } } The following is the ML-DSA-87 public key corresponding to the private key in the previous section. -----BEGIN PUBLIC KEY----- MIIKMjALBglghkgBZQMEAxMDggohAJeSvOwvJDBoaoL8zzwvX/Zl53HXq0G5AljP p+kOyXEkpzsyO5uiGrZNdnxDP1pSHv/hj4bkahiJUsRGfgSLcp5/xNEV5+SNoYlt X+EZsQ3N3vYssweVQHS0IzblKDbeYdqUH4036misgQb6vhkHBnmvYAhTcSD3B5O4 6pzA5ue3tMmlx0IcYPJEUboekz2xou4Wx5VZ8hs9G4MFhQqkKvuxPx9NW59INfnY ffzrFi0O9Kf9xMuhdDzRyHu0ln2hbMh2S2Vp347lvcv/6aTgV0jm/fIlr55O63dz ti6Phfm1a1SJRVUYRPvYmAakrDab7S0lYQD2iKatXgpwmCbcREnpHiPFUG5kI2Hv WjE3EvebxLMYaGHKhaS6sX5/lD0bijM6o6584WtEDWAY+eBNr1clx/GpP60aWie2 eJW9JJqpFoXeIK8yyLfiaMf5aHfQyFABE1pPCo8bgmT6br5aNJ2K7K0aFimczy/Z x7hbrOLO06oSdrph7njtflyltnzdRYqTVAMOaru6v1agojFv7J26g7UdQv0xZ/Hg +QhV1cZlCbIQJl3B5U7ES0O6fPmu8Ri0TYCRLOdRZqZlHhFs6+SSKacGLAmTH3Gr 0ik/dvfvwyFbqXgAA35Y5HC9u7Q8GwQ56vecVNk7RKrJ7+n74VGHTPsqZMvuKMxM D+d3Xl2HDxwC5bLjxQBMmV8kybd5y3U6J30Ocf1CXra8LKVs4SnbUfcHQPMeY5dr UMcxLpeX14xbGsJKX6NHzJFuCoP1w7Z1zTC4Hj+hC5NETgc5dXHM6Yso2lHbkFa8 coxbCxGB4vvTh7THmrGl/v7ONxZ693LdrRTrTDmC2lpZ0OnrFz7GMVCRFwAno6te 9qoSnLhYVye5NYooUB1xOnLz8dsxcUKG+bZAgBOvBgRddVkvwLfdR8c+2cdbEenX xp98rfwygKkGLFJzxDvhw0+HRIhkzqe1yX1tMvWb1fJThGU7tcT6pFvqi4lAKEPm Rba5Jp4r2YjdrLAzMo/7BgRQ998IAFPmlpslHodezsMs/FkoQNaatpp14Gs3nFNd lSZrCC9PCckxYrM7DZ9zB6TqqlIQRDf+1m+O4+q71F1nslqBM/SWRotSuv/b+tk+ 7xqYGLXkLscieIo9jTUp/Hd9K6VwgB364B7IgwKDfB+54DVXJ2Re4QRsP5Ffaugt rU+2sDVqRlGP/INBVcO0/m2vpsyKXM9TxzoISdjUT33PcnVOcOG337RHu070nRpx j2Fxu84gCVDgzpJhBrFRo+hx1c5JcxvWZQqbDKly2hxfE21Egg6mODwI87OEzyM4 54nFE/YYzFaUpvDO4QRRHh7XxfI6Hr/YoNuEJFUyQBVtv2IoMbDGQ9HFUbbz96mN KbhcLeBaZfphXu4WSVvZBzdnIRW1PpHF2QAozz8ak5U6FT3lO0QITpzP9rc2aTkm 2u/rstd6pa1om5LzFoZmnfFtFxXMWPeiz7ct0aUekvglmTp0Aivn6etgVGVEVwlN FJKPICFeeyIqxWtRrb7I2L22mDl5p+OiG0S10VGMqX0LUZX1HtaiQ1DIl0fh7epR tEjj6RRwVM6SeHPJDbOU2GiI4H3/F3WT1veeFSMCIErrA74jhq8+JAeL0CixaJ9e FHyfRSyM6wLsWcydtjoDV2zur+mCOQI4l9oCNmMKU8Def0NaGYaXkvqzbnueY1dg 8JBp5kMucAA1rCoCh5//Ch4b7FIgRxk9lOtd8e/VPuoRRMp4lAhS9eyXJ5BLNm7e T14tMx+tX8KC6ixH6SMUJ3HD3XWoc1dIfe+Z5fGOnZ7WI8F10CiIxR+CwHqA1UcW s8PCvb4unwqbuq6+tNUpNodkBvXADo5LvQpewFeX5iB8WrbIjxpohCG9BaEU9Nfe KsJB+g6L7f9H92Ldy+qpEAT40x6FCVyBBUmUrTgm40S6lgQIEPwLKtHeSM+t4ALG LlpJoHMas4NEvBY23xa/YH1WhV5W1oQAPHGOS62eWgmZefzd7rHEp3ds03o0F8sO GE4p75vA6HR1umY74J4Aq1Yut8D3Fl+WmptCQUGYzPG/8qLI1omkFOznZiknZlaJ 6U25YeuuxWFcvBp4lcaFGslhQy/xEY1GB9Mu+dxzLVEzO+S00OMN3qeE7Ki+R+dB vpwZYx3EcKUu9NwTpPNjP9Q014fBcJd7QX31mOHQ3eUGu3HW8LwX7HDjsDzcGWXL Npk/YzsEcuUNCSOsbGb98dPmRZzBIfD1+U0J6dvPXWkOIyM4OKC6y3xjjRsmUKQw jNFxtoVRJtHaZypu2FqNeMKG+1b0qz0hSXUoBFxjJiyKQq8vmALFO3u4vijnj+C1 zkX7t6GvGjsoqNlLeJDjyILjm8mOnwrXYCW/DdLwApjnFBoiaz187kFPYE0eC6VN EdX+WLzOpq13rS6MHKrPMkWQFLe5EAGx76itFypSP7jjZbV3Ehv5/Yiixgwh6CHX tqy0elqZXkDKztXCI7j+beXhjp0uWJOu/rt6rn/xoUYmDi8RDpOVKCE6ACWjjsea q8hhsl68UJpGdMEyqqy34BRvFO/RHPyvTKpPd1pxbOMl4KQ1pNNJ1yC88TdFCvxF BG/Bofg6nTKXd6cITkqtrnEizpcAWTBSjrPH9/ESmzcoh6NxFVo7ogGiXL8dy2Tn ze4JLDFB+1VQ/j0N2C6HDleLK0ZQCBgRO49laXc8Z3OFtppCt33Lp6z/2V/URS4j qqHTfh2iFR6mWNQKNZayesn4Ep3GzwZDdyYktZ9PRhIw30ccomCHw5QtXGaH32CC g1k1o/h8t2Kww7HQ3aSmUzllvvG3uCkuJUwBTQkP7YV8RMGDnGlMCmTj+tkKEfU0 citu4VdPLhSdVddE3kiHAk4IURQxwGJ1DhbHSrnzJC8ts/+xKo1hB/qiKdb2NzsH 8205MrO9sEwZ3WTq3X+Tw8Vkw1ihyB3PHJwx5bBlaPl1RMF9wVaYxcs4mDqa/EJ4 P6p3OlLJ2CYGkL6eMVaqW8FQneo/aVh2lc1v8XK6g+am2KfWu+u7zaNnJzGYP4m8 WDHcN8PzxcVvrMaX88sgvV2629cC5UhErC9iaQH+FZ25Pf1Hc9j+c1YrhGwfyFbR gCdihA68cteYi951y8pw0xnTLODMAlO7KtRVcj7gx/RzbObmZlxayjKkgcU4Obwl kWewE9BCM5Xuuaqu4yBhSafVUNZ/xf3+SopcNdJRC2ZDeauPcoVaKvR6vOKmMgSO r4nly0qI3rxTpZUQOszk8c/xis/wev4etXFqoeQLYxNMOjrpV5+of1Fb4JPC0p22 1rZck2YeAGNrWScE0JPMZxbCNC6xhT1IyFxjrIooVEYse3fn470erFvKKP+qALXT SfilR62HW5aowrKRDJMBMJo/kTilaTER9Vs8AJypR8Od/ILZjrHKpKnL6IX3hvqG 5VvgYiIvi6kKl0BzMmsxISrs4KNKYA== -----END PUBLIC KEY----- SEQUENCE { SEQUENCE { OBJECT_IDENTIFIER { 2.16.840.1.101.3.4.3.19 } } BIT_STRING { `00` `9792bcec2f2430686a82fccf3c2f5ff665e771d7ab4 1b90258cfa7e90ec97124a73b323b9ba21ab64d767c433f5a521effe18f86e46 a188952c4467e048b729e7fc4d115e7e48da1896d5fe119b10dcddef62cb3079 54074b42336e52836de61da941f8d37ea68ac8106fabe19070679af600853712 0f70793b8ea9cc0e6e7b7b4c9a5c7421c60f24451ba1e933db1a2ee16c79559f 21b3d1b8305850aa42afbb13f1f4d5b9f4835f9d87dfceb162d0ef4a7fdc4cba 1743cd1c87bb4967da16cc8764b6569df8ee5bdcbffe9a4e05748e6fdf225af9 e4eeb7773b62e8f85f9b56b548945551844fbd89806a4ac369bed2d256100f68 8a6ad5e0a709826dc4449e91e23c5506e642361ef5a313712f79bc4b3186861c a85a4bab17e7f943d1b8a333aa3ae7ce16b440d6018f9e04daf5725c7f1a93fa d1a5a27b67895bd249aa91685de20af32c8b7e268c7f96877d0c85001135a4f0 a8f1b8264fa6ebe5a349d8aecad1a16299ccf2fd9c7b85bace2ced3aa1276ba6 1ee78ed7e5ca5b67cdd458a9354030e6abbbabf56a0a2316fec9dba83b51d42f d3167f1e0f90855d5c66509b210265dc1e54ec44b43ba7cf9aef118b44d80912 ce75166a6651e116cebe49229a7062c09931f71abd2293f76f7efc3215ba9780 0037e58e470bdbbb43c1b0439eaf79c54d93b44aac9efe9fbe151874cfb2a64c bee28cc4c0fe7775e5d870f1c02e5b2e3c5004c995f24c9b779cb753a277d0e7 1fd425eb6bc2ca56ce129db51f70740f31e63976b50c7312e9797d78c5b1ac24 a5fa347cc916e0a83f5c3b675cd30b81e3fa10b93444e07397571cce98b28da5 1db9056bc728c5b0b1181e2fbd387b4c79ab1a5fefece37167af772ddad14eb4 c3982da5a59d0e9eb173ec6315091170027a3ab5ef6aa129cb8585727b9358a2 8501d713a72f3f1db31714286f9b6408013af06045d75592fc0b7dd47c73ed9c 75b11e9d7c69f7cadfc3280a9062c5273c43be1c34f87448864cea7b5c97d6d3 2f59bd5f25384653bb5c4faa45bea8b89402843e645b6b9269e2bd988ddacb03 3328ffb060450f7df080053e6969b251e875ecec32cfc592840d69ab69a75e06 b379c535d95266b082f4f09c93162b33b0d9f7307a4eaaa52104437fed66f8ee 3eabbd45d67b25a8133f496468b52baffdbfad93eef1a9818b5e42ec722788a3 d8d3529fc777d2ba570801dfae01ec88302837c1fb9e0355727645ee1046c3f9 15f6ae82dad4fb6b0356a46518ffc834155c3b4fe6dafa6cc8a5ccf53c73a084 9d8d44f7dcf72754e70e1b7dfb447bb4ef49d1a718f6171bbce200950e0ce926 106b151a3e871d5ce49731bd6650a9b0ca972da1c5f136d44820ea6383c08f3b 384cf2338e789c513f618cc5694a6f0cee104511e1ed7c5f23a1ebfd8a0db842 4553240156dbf622831b0c643d1c551b6f3f7a98d29b85c2de05a65fa615eee1 6495bd90737672115b53e91c5d90028cf3f1a93953a153de53b44084e9ccff6b 736693926daefebb2d77aa5ad689b92f31686669df16d1715cc58f7a2cfb72dd 1a51e92f825993a74022be7e9eb6054654457094d14928f20215e7b222ac56b5 1adbec8d8bdb6983979a7e3a21b44b5d1518ca97d0b5195f51ed6a24350c8974 7e1edea51b448e3e9147054ce927873c90db394d86888e07dff177593d6f79e1 52302204aeb03be2386af3e24078bd028b1689f5e147c9f452c8ceb02ec59cc9 db63a03576ceeafe98239023897da0236630a53c0de7f435a19869792fab36e7 b9e635760f09069e6432e700035ac2a02879fff0a1e1bec522047193d94eb5df 1efd53eea1144ca78940852f5ec9727904b366ede4f5e2d331fad5fc282ea2c4 7e923142771c3dd75a87357487def99e5f18e9d9ed623c175d02888c51f82c07 a80d54716b3c3c2bdbe2e9f0a9bbaaebeb4d52936876406f5c00e8e4bbd0a5ec 05797e6207c5ab6c88f1a688421bd05a114f4d7de2ac241fa0e8bedff47f762d dcbeaa91004f8d31e85095c81054994ad3826e344ba96040810fc0b2ad1de48c fade002c62e5a49a0731ab38344bc1636df16bf607d56855e56d684003c718e4 bad9e5a099979fcddeeb1c4a7776cd37a3417cb0e184e29ef9bc0e87475ba663 be09e00ab562eb7c0f7165f969a9b42414198ccf1bff2a2c8d689a414ece7662 927665689e94db961ebaec5615cbc1a7895c6851ac961432ff1118d4607d32ef 9dc732d51333be4b4d0e30ddea784eca8be47e741be9c19631dc470a52ef4dc1 3a4f3633fd434d787c170977b417df598e1d0dde506bb71d6f0bc17ec70e3b03 cdc1965cb36993f633b0472e50d0923ac6c66fdf1d3e6459cc121f0f5f94d09e 9dbcf5d690e23233838a0bacb7c638d1b2650a4308cd171b6855126d1da672a6 ed85a8d78c286fb56f4ab3d21497528045c63262c8a42af2f9802c53b7bb8be2 8e78fe0b5ce45fbb7a1af1a3b28a8d94b7890e3c882e39bc98e9f0ad76025bf0 dd2f00298e7141a226b3d7cee414f604d1e0ba54d11d5fe58bccea6ad77ad2e8 c1caacf32459014b7b91001b1efa8ad172a523fb8e365b577121bf9fd88a2c60 c21e821d7b6acb47a5a995e40caced5c223b8fe6de5e18e9d2e5893aefebb7aa e7ff1a146260e2f110e939528213a0025a38ec79aabc861b25ebc509a4674c13 2aaacb7e0146f14efd11cfcaf4caa4f775a716ce325e0a435a4d349d720bcf13 7450afc45046fc1a1f83a9d329777a7084e4aadae7122ce97005930528eb3c7f 7f1129b372887a371155a3ba201a25cbf1dcb64e7cdee092c3141fb5550fe3d0 dd82e870e578b2b46500818113b8f6569773c677385b69a42b77dcba7acffd95 fd4452e23aaa1d37e1da2151ea658d40a3596b27ac9f8129dc6cf0643772624b 59f4f461230df471ca26087c3942d5c6687df6082835935a3f87cb762b0c3b1d 0dda4a6533965bef1b7b8292e254c014d090fed857c44c1839c694c0a64e3fad 90a11f534722b6ee1574f2e149d55d744de4887024e08511431c062750e16c74 ab9f3242f2db3ffb12a8d6107faa229d6f6373b07f36d3932b3bdb04c19dd64e add7f93c3c564c358a1c81dcf1c9c31e5b06568f97544c17dc15698c5cb38983 a9afc42783faa773a52c9d8260690be9e3156aa5bc1509dea3f69587695cd6ff 172ba83e6a6d8a7d6bbebbbcda3672731983f89bc5831dc37c3f3c5c56facc69 7f3cb20bd5dbadbd702e54844ac2f626901fe159db93dfd4773d8fe73562b846 c1fc856d1802762840ebc72d7988bde75cbca70d319d32ce0cc0253bb2ad4557 23ee0c7f4736ce6e6665c5aca32a481c53839bc259167b013d0423395eeb9aaa ee3206149a7d550d67fc5fdfe4a8a5c35d2510b664379ab8f72855a2af47abce 2a632048eaf89e5cb4a88debc53a595103acce4f1cff18acff07afe1eb5716aa 1e40b63134c3a3ae9579fa87f515be093c2d29db6d6b65c93661e00636b59270 4d093cc6716c2342eb1853d48c85c63ac8a2854462c7b77e7e3bd1eac5bca28f faa00b5d349f8a547ad875b96a8c2b2910c9301309a3f9138a5693111f55b3c0 09ca947c39dfc82d98eb1caa4a9cbe885f786fa86e55be062222f8ba90a97407 3326b31212aece0a34a60` } } C.3. Example Certificate The following is a self-signed certificate for the ML-DSA-44 public key in the previous section. -----BEGIN CERTIFICATE----- MIIPlDCCBgqgAwIBAgIUFZ/+byL9XMQsUk32/V4o0N44804wCwYJYIZIAWUDBAMR MCIxDTALBgNVBAoTBElFVEYxETAPBgNVBAMTCExBTVBTIFdHMB4XDTIwMDIwMzA0 MzIxMFoXDTQwMDEyOTA0MzIxMFowIjENMAsGA1UEChMESUVURjERMA8GA1UEAxMI TEFNUFMgV0cwggUyMAsGCWCGSAFlAwQDEQOCBSEA17K0clSq4NtF55MNSpjSyX2P E5fReJ2voXAksxbpvslPyZRtQvGbeadBO7qjPnFJy0LtURVpOsBB+suYit61/g4d hjEYSZW1ksOX0ilOLhT5CqQUujgmiZrEP0zMrLwm6agyuVEY1ctDPL75ZgsAE44I F/YediyidMNq1VTrIqrBFi5KsBrLoeOMTv2PgLZbMz0PcuVd/nHOnB67mInnxWEG wP1zgDoq7P6v3teqPLLO2lTRK9jNNqeM+XWUO0er0l6ICsRS5XQu0ejRqCr6huWQ x1jBWuTShA2SvKGlCQ9ASWWX/KfYuVE/GhvabpUKqpjeRnUH1KT1pPBZkhZYLDVy 9i7aiQWrNYFnDEoCd3oz4Mpylf2PT/bRoKOnaD1l9fX3/GDaAj6CbF+SFEwC99G6 EHWYdVPqk2f8122ZC3+pnNRa/biDbUPkWfUYffBYR5cJoB6mg1k1+nBGCZDNPcG6 QBupS6sd3kGsZ6szGdysoGBI1MTu8n7hOpwX0FOPQw8tZC3CQVZg3niHfY2KvHJS OXjAQuQoX0MZhGxEEmJCl2hEwQ5Va6IVtacZ5Z0MayqW05hZBx/cws3nUkp77a5U 6FsxjoVOj+Ky8+36yXGRKCcKr9HlBEw6T9r9n/MfkHhLjo5FlhRKDa9YZRHT2ZYr nqla8Ze05fxg8rHtFd46W+9fib3HnZEFHZsoFudPpUUx79wcvnTUSIV/R2vNWPIc C2U7O3ak4HamVZowJxhVXMY/dIWaq6uSXwI4YcqM0Pe62yhx9n1VMm10URNa1F9K G6aRGPuyyKMO7JOS7z+XcGbJrdXHEMxkexUU0hfZWMcBfD6Q/SDATmdLkEhuk3Cj GgAdMvRzl55JBnSefkd/oLdFCPil8jeDErg8Jb04jKCw//dHi69CtxZn7arJfEax KWQ+WG5bBVoMIRlG1PNuZ1vtWGD6BCoxXZgmFk1qkjfDWl+/SVSQpb1N8ki5XEqu d4S2BWcxZqxCRbW0sIKgnpMj5i8geMW3Z4NEbe/XNq06NwLUmwiYRJAKYYMzl7xE GbMNepegs4fBkRR0xNQbU+Mql3rLbw6nXbZbs55Z5wHnaVfe9vLURVnDGncSK1IE 47XCGfFoixTtC8C4AbPm6C3NQ+nA6fQXRM2YFb0byIINi7Ej8E+s0bG2hd1aKxuN u/PtkzZw8JWhgLTxktCLELj6u9/MKyRRjjLuoKXgyQTKhEeACD87DNLQuLavZ7w1 W5SUAl3HsKePqA46Lb/rUTKIUdYHgZjpSTZRrnh+wCUfkiujDp9R32Km1yeEzz3S BTkxdt+jJKUSvZSXCjbdNKUUqGeR8Os28BRbCatkZRtKAxOymWEaKhxIiRYnWYdo oxFAYLpEQ0ht9RUioc6IswmFwhb45u0XjdVnswSg1Mr7qIKig0LxepqiauWNtjAI PSw1j99WbD9dYqQoVnvJ6ozpXKoPNUdLC/qPM5olCrTfzyCDvo7vvBBV4Y/hU3Du yyYFZtg/8GshGq7EPKKbVMzQD4gVokZe8LRlFcx+QfMSTwnv/3OTCatYspoUWaAL zlA46TjJZ49y6w5O5f2q5m2fhXP8l/xCtJWfS/i2HXhDPoawM11ukZHE2L9IezkF wQjP1qwksM633LfPUfhNDtaHuV6uscUzwG8NlwI9kqcIJYN7Wbpst9TlawqHwgOG KujzFbpZJejt76Z5NpoiAnZhUfFqll+fgeznbMBwtVhp5NuXhM8FyDCzJCyDEqNC MEAwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFDKa B7H6u0j1KjCfEaGJj4SOIyL/MAsGCWCGSAFlAwQDEQOCCXUA/LEt78ExnP4sas0M wv/5uOJwUaNNpxfdLJ4BvQt2ocbrYG/4Z4K75x7KbP9w2lzUnkTeihk1hrPTK+ok QfG/KnOADj+SKVyGRvQecSunv+Ze77Um/UJRY+IrMsbwKhtG9hoX+sPEbQZwF4YP Kgb6HBontM0zMs7eGWWgca0WBRgZyK2LwfZhRO3lR5xxutrN/nF9wKta2mRg1J8j GuwZ7H6E3lol0NJD2TFc5CcO2EA7NV+hVb4/8W9ILm71WIwiLApn0YKI7RjG81Io zPr3TjgKTvRTkxdjrVjKmelj8R47u/UMe1Ga7uiSQoIudYQziXPpexmvBKSUywF7 yU+0cMVTIuqN6iTIbeTx0rzWMwMo4BTF33iroteo+/fhE0x0vkIPynPqW0IXluD4 awiwZkZNyML+8GuHCPzcSGkKG63YB/jmiPWQppUs4PKWbjX+Wsr2pbvsUT0h2b2x LB0K/7jLqEcWzDZvEYCshKNiQ6hhXhFyxDquGmLzrYtN5zdJqZSRU2hxfYutem6i WvPL/cisDHzIY3ATkdABLwLq2FUMw6OGbLx2NllYRRV1vkgvHIpOb6PiUtk1yh7P yAYDSE1UxjLFeYmjlCABYWElShY0kNzM2ktlkJszcJSY7e4RPlnldSeSGJ6VTTWy y6XEp1f/0xqYDnJ7HdBAkNE2t+V4+iNMPhap3+MDtSNt+NPNLrH27j+7SdcCtTKL KZdk8VcTB/IIj1eJnNwtLmf4w3Fs5tvOYxbwpEpSgOFhahYD17++K6d7u7mykFd5 gZN7ydA4YRB/fFOJS8msLjm5ta8TYWDuU1t9RLFBd7S6qNSOg/GDNJ5CyyUAv/fD 2+gtfiuVWtV7IoUNymNNK8Wrht2f5LlvWrGJQAhKm/JcUjwwAdENoZgFtUCVHW9W UuWt3li4Ta69qXKVn1EdzNuPAdq5AbZyQmEl5GHyT+uv5VV9edGK6G5dASwATca0 NOWL/kNWb6T4xkpvBgj5yI2+SvmfHZyiUo+s8hj3Ikt+U+m6zLKp4xB1x37CFdPy J/7+yOcmelsZfNjr9Dps0Nxnijvu+fvhI0KkoVvzHG9yR6h7YXWn/VOezt8XL4vE BcQcuCCj+Bz55rclX1gCGJED6ZhiQO5xvHDgptMzbbYkmuK6PZJzCMzWtFcYrrOi jNHLBhtxnjgG71PygYGmoKRVG0fLS4MAcXLAl906fRDl9seI92Y3/JgCI5VgL/A3 3hcFv/fbYo2wBycYPYmpvZqCI4594sas92nZwyKlqlcIeYVhlu1gbX9HKUZQkH8x 8J6h7l208b3cA59RcB7BYHlOriftCzyvq1JPcORSEvsk3vHX7iZA8DmKU73rpGQ8 iAS+4bbEmCAfKEkKss2ub5uFkfip+x3C34/btT/msKOr/t0sTTwtSI4hpmln5OJJ P0kwDwd93vJO9jUiztF8f6a8etCg/NqA9sdRz+7BGPviwAZwDOa+jZ0VvsoJkSax ir5Z81E6rR949ZzKery208QzJD8emoXHwkWngyrZzqPguYvPB1fNDNLjdkZl3AnR DL/0ahygOIRrEyrEdHLDPPSzoZYg7s7iW40E1Fs61/EMNeGDxWWmcXwSeRsJv1ut pKxkjnofHFkc9i9RJhhYx5JPBn9JNBUG9obrwLnFTF+DUdEJwRbyMwLEWHzZobU8 pvYXusxLgcd+0gn0s+siQNJAAlRniKsi0YutSR27k8nQyL0s8Jgl7bybSh/KbNKG T/643zfGrBMfOtGo5z28CsXszpDlxhEipYS8iaoidwnjURrndCQgR7ukcYv105ul K1v8V3S5msyWb4UTndzK5yK6owqRfstmUA6S6HczJ+qkowDpb2t3nMGqQ5+BTzww pozM/bnTVSmLFMGNic+7NltWzRySbxGzc3dxSHHfly4kSocmr53vEewK2DpixrM3 LJMYZYivUREMaHd4BCoUzjbK9aFs3EXcm6/Q8tbFzd4k9qDahopVccqiTmaJ4HGb szeTqpm5iGJK9okvLy5w4j83oNhHPd/J6vw8ZqtfYYbME4GYXVtFRb07GpnPQa6E aErkAgtVTKptOQyJaO09YaLEbHnAgYFhZ1wQeN0Negn1YqkBC4FBe1yBMdMOre7l xV0FhkpMaO2wU0gPl9IrCe9m8aLRT4zcihIdJLVARPsudeLv6Oim3ao259gcum0y P1KD1dxwUC/j6zAtz2Qjt2Q11dLfxqKPA67Go2Dng+/uaUvbZI0lsPrx2kX0ADsT Nf5KoipXLssLwyooz3Ga0dcwjpTv0NE43wT8wx/OKuAC3cHAS/s+7Pk+xkypbFXI ba8Z6Au7Dq4r03k0fPpgL3KHqpDBWNuxujH9+RN7oGGAjppcGfq4I5tf7i5mNjZQ W+SBG7pgsVWibDidCbf7CfWwY6oWi718wtShOYFALIzsYAqeXqdi7raMQGl1T43A WiyjbXxh0adG3sqmwVhjtvesFSwZ9v0fMG0CMDQBl3fP6FXmMMaV1O0GWb16zxVK 4QtIFRQfQGkhXWNAvBPm4F2xb6F2uJUWHnOs9g8Wuhfk3pBtjtfFWJwkaOAOsvp2 d/1UtsYop10zwW1EMyYxiUZ16TwvSb3Om4q0mGxHQEY1VkCMouBY680bWxMfw6C4 rRv98itFqOAHP1Mc1tKCCtUOI/a1MDQrnI0oLjsxxTnOX2uUzrx2DnuWhPEx3/w1 +BxKXZFcDHamuWl6nbPWwrOxbNorC6arGMQSy6h40f6dfixlsCpEh+lBjucRG74S TJl8sM82z6akqE8JDOf3yU/sItuzOLfvNXICbkoMG0EBxMPa6TaxPNtco4UiKOuY nkzyIOnH5LGNOQNQCExkxHFRyoZr8TMBEoIcICnZruw1r8gYtB+kFgivIsqKptXC tAMhQF/vdss4YqwYcCV5bDVs90+IMlSalrfuecV0pdwUzvXn6QHVm+4SkKlMEwuY wyQiiwPav40S9rIO5tE5gR/BBndPfo02pGvxXR9/vZjhRVRkJr3ZaC+lVHSqtsjc bVfTh/nK6lkLYJ/AwcAK/3d4SKSIjHmTucj2KIDws4i3QSQ1qh1AABpugNV4zJgm J88qqA7oLmNFkyILQW0g0COb500DDBcjPkZkb3p7i5yjrbzEx/L4BQkKGhstdnmO nsLY8P4FBxAZKTJFRlSGipeipr3HGicsMTpNZ3eKqbK4wsTR3fAAAAAAAAAAAAAA AAAAABMhMUI= -----END CERTIFICATE----- SEQUENCE { SEQUENCE { [0] { INTEGER { 2 } } INTEGER { `159ffe6f22fd5cc42c524df6fd5e28d0de38f34e` } SEQUENCE { OBJECT_IDENTIFIER { 2.16.840.1.101.3.4.3.17 } } SEQUENCE { SET { SEQUENCE { # organizationName OBJECT_IDENTIFIER { 2.5.4.10 } PrintableString { "IETF" } } } SET { SEQUENCE { # commonName OBJECT_IDENTIFIER { 2.5.4.3 } PrintableString { "LAMPS WG" } } } } SEQUENCE { UTCTime { "200203043210Z" } UTCTime { "400129043210Z" } } SEQUENCE { SET { SEQUENCE { # organizationName OBJECT_IDENTIFIER { 2.5.4.10 } PrintableString { "IETF" } } } SET { SEQUENCE { # commonName OBJECT_IDENTIFIER { 2.5.4.3 } PrintableString { "LAMPS WG" } } } } SEQUENCE { SEQUENCE { OBJECT_IDENTIFIER { 2.16.840.1.101.3.4.3.17 } } BIT_STRING { `00` `d7b2b47254aae0db45e7930d4a98d2c97d8f139 7d1789dafa17024b316e9bec94fc9946d42f19b79a7413bbaa33e7149cb42ed5 115693ac041facb988adeb5fe0e1d8631184995b592c397d2294e2e14f90aa41 4ba3826899ac43f4cccacbc26e9a832b95118d5cb433cbef9660b00138e0817f 61e762ca274c36ad554eb22aac1162e4ab01acba1e38c4efd8f80b65b333d0f7 2e55dfe71ce9c1ebb9889e7c56106c0fd73803a2aecfeafded7aa3cb2ceda54d 12bd8cd36a78cf975943b47abd25e880ac452e5742ed1e8d1a82afa86e590c75 8c15ae4d2840d92bca1a5090f40496597fca7d8b9513f1a1bda6e950aaa98de4 67507d4a4f5a4f0599216582c3572f62eda8905ab3581670c4a02777a33e0ca7 295fd8f4ff6d1a0a3a7683d65f5f5f7fc60da023e826c5f92144c02f7d1ba107 5987553ea9367fcd76d990b7fa99cd45afdb8836d43e459f5187df058479709a 01ea6835935fa70460990cd3dc1ba401ba94bab1dde41ac67ab3319dcaca0604 8d4c4eef27ee13a9c17d0538f430f2d642dc2415660de78877d8d8abc7252397 8c042e4285f4319846c44126242976844c10e556ba215b5a719e59d0c6b2a96d 39859071fdcc2cde7524a7bedae54e85b318e854e8fe2b2f3edfac9719128270 aafd1e5044c3a4fdafd9ff31f90784b8e8e4596144a0daf586511d3d9962b9ea 95af197b4e5fc60f2b1ed15de3a5bef5f89bdc79d91051d9b2816e74fa54531e fdc1cbe74d448857f476bcd58f21c0b653b3b76a4e076a6559a302718555cc63 f74859aabab925f023861ca8cd0f7badb2871f67d55326d7451135ad45f4a1ba 69118fbb2c8a30eec9392ef3f977066c9add5c710cc647b1514d217d958c7017 c3e90fd20c04e674b90486e9370a31a001d32f473979e4906749e7e477fa0b74 508f8a5f2378312b83c25bd388ca0b0fff7478baf42b71667edaac97c46b1296 43e586e5b055a0c211946d4f36e675bed5860fa042a315d9826164d6a9237c35 a5fbf495490a5bd4df248b95c4aae7784b605673166ac4245b5b4b082a09e932 3e62f2078c5b76783446defd736ad3a3702d49b089844900a61833397bc4419b 30d7a97a0b387c1911474c4d41b53e32a977acb6f0ea75db65bb39e59e701e76 957def6f2d44559c31a77122b5204e3b5c219f1688b14ed0bc0b801b3e6e82dc d43e9c0e9f41744cd9815bd1bc8820d8bb123f04facd1b1b685dd5a2b1b8dbbf 3ed933670f095a180b4f192d08b10b8fabbdfcc2b24518e32eea0a5e0c904ca8 44780083f3b0cd2d0b8b6af67bc355b9494025dc7b0a78fa80e3a2dbfeb51328 851d6078198e9493651ae787ec0251f922ba30e9f51df62a6d72784cf3dd2053 93176dfa324a512bd94970a36dd34a514a86791f0eb36f0145b09ab64651b4a0 313b299611a2a1c48891627598768a3114060ba4443486df51522a1ce88b3098 5c216f8e6ed178dd567b304a0d4cafba882a28342f17a9aa26ae58db630083d2 c358fdf566c3f5d62a428567bc9ea8ce95caa0f35474b0bfa8f339a250ab4dfc f2083be8eefbc1055e18fe15370eecb260566d83ff06b211aaec43ca29b54ccd 00f8815a2465ef0b46515cc7e41f3124f09efff739309ab58b29a1459a00bce5 038e938c9678f72eb0e4ee5fdaae66d9f8573fc97fc42b4959f4bf8b61d78433 e86b0335d6e9191c4d8bf487b3905c108cfd6ac24b0ceb7dcb7cf51f84d0ed68 7b95eaeb1c533c06f0d97023d92a70825837b59ba6cb7d4e56b0a87c203862ae 8f315ba5925e8edefa679369a2202766151f16a965f9f81ece76cc070b55869e 4db9784cf05c830b3242c8312` } } [3] { SEQUENCE { SEQUENCE { # keyUsage OBJECT_IDENTIFIER { 2.5.29.15 } BOOLEAN { TRUE } OCTET_STRING { BIT_STRING { b`0000011` } } } SEQUENCE { # basicConstraints OBJECT_IDENTIFIER { 2.5.29.19 } BOOLEAN { TRUE } OCTET_STRING { SEQUENCE { BOOLEAN { TRUE } } } } SEQUENCE { # subjectKeyIdentifier OBJECT_IDENTIFIER { 2.5.29.14 } OCTET_STRING { OCTET_STRING { `329a07b1fabb48f52a309f11a1898f848e23 22ff` } } } } } } SEQUENCE { OBJECT_IDENTIFIER { 2.16.840.1.101.3.4.3.17 } } BIT_STRING { `00` `fcb12defc1319cfe2c6acd0cc2fff9b8e27051a34da 717dd2c9e01bd0b76a1c6eb606ff86782bbe71eca6cff70da5cd49e44de8a193 586b3d32bea2441f1bf2a73800e3f92295c8646f41e712ba7bfe65eefb526fd4 25163e22b32c6f02a1b46f61a17fac3c46d067017860f2a06fa1c1a27b4cd333 2cede1965a071ad16051819c8ad8bc1f66144ede5479c71badacdfe717dc0ab5 ada6460d49f231aec19ec7e84de5a25d0d243d9315ce4270ed8403b355fa155b e3ff16f482e6ef5588c222c0a67d18288ed18c6f35228ccfaf74e380a4ef4539 31763ad58ca99e963f11e3bbbf50c7b519aeee89242822e7584338973e97b19a f04a494cb017bc94fb470c55322ea8dea24c86de4f1d2bcd6330328e014c5df7 8aba2d7a8fbf7e1134c74be420fca73ea5b421796e0f86b08b066464dc8c2fef 06b8708fcdc48690a1badd807f8e688f590a6952ce0f2966e35fe5acaf6a5bbe c513d21d9bdb12c1d0affb8cba84716cc366f1180ac84a36243a8615e1172c43 aae1a62f3ad8b4de73749a994915368717d8bad7a6ea25af3cbfdc8ac0c7cc86 3701391d0012f02ead8550cc3a3866cbc76365958451575be482f1c8a4e6fa3e 252d935ca1ecfc80603484d54c632c57989a39420016161254a163490dcccda4 b65909b33709498edee113e59e5752792189e954d35b2cba5c4a757ffd31a980 e727b1dd04090d136b7e578fa234c3e16a9dfe303b5236df8d3cd2eb1f6ee3fb b49d702b5328b299764f1571307f2088f57899cdc2d2e67f8c3716ce6dbce631 6f0a44a5280e1616a1603d7bfbe2ba77bbbb9b290577981937bc9d03861107f7 c53894bc9ac2e39b9b5af136160ee535b7d44b14177b4baa8d48e83f183349e4 2cb2500bff7c3dbe82d7e2b955ad57b22850dca634d2bc5ab86dd9fe4b96f5ab 18940084a9bf25c523c3001d10da19805b540951d6f5652e5adde58b84daebda 972959f511dccdb8f01dab901b672426125e461f24febafe5557d79d18ae86e5 d012c004dc6b434e58bfe43566fa4f8c64a6f0608f9c88dbe4af99f1d9ca2528 facf218f7224b7e53e9baccb2a9e31075c77ec215d3f227fefec8e7267a5b197 cd8ebf43a6cd0dc678a3beef9fbe12342a4a15bf31c6f7247a87b6175a7fd539 ecedf172f8bc405c41cb820a3f81cf9e6b7255f5802189103e9986240ee71bc7 0e0a6d3336db6249ae2ba3d927308ccd6b45718aeb3a28cd1cb061b719e3806e f53f28181a6a0a4551b47cb4b83007172c097dd3a7d10e5f6c788f76637fc980 22395602ff037de1705bff7db628db00727183d89a9bd9a82238e7de2c6acf76 9d9c322a5aa570879856196ed606d7f47294650907f31f09ea1ee5db4f1bddc0 39f51701ec160794eae27ed0b3cafab524f70e45212fb24def1d7ee2640f0398 a53bdeba4643c8804bee1b6c498201f28490ab2cdae6f9b8591f8a9fb1dc2df8 fdbb53fe6b0a3abfedd2c4d3c2d488e21a66967e4e2493f49300f077ddef24ef 63522ced17c7fa6bc7ad0a0fcda80f6c751cfeec118fbe2c006700ce6be8d9d1 5beca099126b18abe59f3513aad1f78f59cca7abcb6d3c433243f1e9a85c7c24 5a7832ad9cea3e0b98bcf0757cd0cd2e3764665dc09d10cbff46a1ca038846b1 32ac47472c33cf4b3a19620eecee25b8d04d45b3ad7f10c35e183c565a6717c1 2791b09bf5bada4ac648e7a1f1c591cf62f51261858c7924f067f49341506f68 6ebc0b9c54c5f8351d109c116f23302c4587cd9a1b53ca6f617bacc4b81c77ed 209f4b3eb2240d24002546788ab22d18bad491dbb93c9d0c8bd2cf09825edbc9 b4a1fca6cd2864ffeb8df37c6ac131f3ad1a8e73dbc0ac5ecce90e5c61122a58 4bc89aa227709e3511ae774242047bba4718bf5d39ba52b5bfc5774b99acc966 f85139ddccae722baa30a917ecb66500e92e8773327eaa4a300e96f6b779cc1a a439f814f3c30a68cccfdb9d355298b14c18d89cfbb365b56cd1c926f11b3737 7714871df972e244a8726af9def11ec0ad83a62c6b3372c93186588af51110c6 87778042a14ce36caf5a16cdc45dc9bafd0f2d6c5cdde24f6a0da868a5571caa 24e6689e0719bb33793aa99b988624af6892f2f2e70e23f37a0d8473ddfc9eaf c3c66ab5f6186cc1381985d5b4545bd3b1a99cf41ae84684ae4020b554caa6d3 90c8968ed3d61a2c46c79c0818161675c1078dd0d7a09f562a9010b81417b5c8 131d30eadeee5c55d05864a4c68edb053480f97d22b09ef66f1a2d14f8cdc8a1 21d24b54044fb2e75e2efe8e8a6ddaa36e7d81cba6d323f5283d5dc70502fe3e b302dcf6423b76435d5d2dfc6a28f03aec6a360e783efee694bdb648d25b0faf 1da45f4003b1335fe4aa22a572ecb0bc32a28cf719ad1d7308e94efd0d138df0 4fcc31fce2ae002ddc1c04bfb3eecf93ec64ca96c55c86daf19e80bbb0eae2bd 379347cfa602f7287aa90c158dbb1ba31fdf9137ba061808e9a5c19fab8239b5 fee2e663636505be4811bba60b155a26c389d09b7fb09f5b063aa168bbd7cc2d 4a13981402c8cec600a9e5ea762eeb68c4069754f8dc05a2ca36d7c61d1a746d ecaa6c15863b6f7ac152c19f6fd1f306d023034019777cfe855e630c695d4ed0 659bd7acf154ae10b4815141f4069215d6340bc13e6e05db16fa176b895161e7 3acf60f16ba17e4de906d8ed7c5589c2468e00eb2fa7677fd54b6c628a75d33c 16d44332631894675e93c2f49bdce9b8ab4986c4740463556408ca2e058ebcd1 b5b131fc3a0b8ad1bfdf22b45a8e0073f531cd6d2820ad50e23f6b530342b9c8 d282e3b31c539ce5f6b94cebc760e7b9684f131dffc35f81c4a5d915c0c76a6b 9697a9db3d6c2b3b16cda2b0ba6ab18c412cba878d1fe9d7e2c65b02a4487e94 18ee7111bbe124c997cb0cf36cfa6a4a84f090ce7f7c94fec22dbb338b7ef357 2026e4a0c1b4101c4c3dae936b13cdb5ca3852228eb989e4cf220e9c7e4b18d3 90350084c64c47151ca866bf1330112821c2029d9aeec35afc818b41fa41608a f22ca8aa6d5c2b40321405fef76cb3862ac187025796c356cf74f8832549a96b 7ee79c574a5dc14cef5e7e901d59bee1290a94c130b98c324228b03dabf8d12f 6b20ee6d139811fc106774f7e8d36a46bf15d1f7fbd98e145546426bdd9682fa 55474aab6c8dc6d57d387f9caea590b609fc0c1c00aff777848a4888c7993b9c 8f62880f0b388b7412435aa1d40001a6e80d578cc982627cf2aa80ee82e63459 3220b416d20d0239be74d030c17233e46646f7a7b8b9ca3adbcc4c7f2f805090 a1a1b2d76798e9ec2d8f0fe050710192932454654868a97a2a6bdc71a272c313 a4d67778aa9b2b8c2c4d1ddf0000000000000000000000000000013213142` } } Acknowledgments We would like to thank ... for their insightful comments. Authors' Addresses Jake Massimo AWS United States of America Email: jakemas@amazon.com Panos Kampanakis AWS United States of America Email: kpanos@amazon.com Sean Turner sn3rd Email: sean@sn3rd.com Bas Westerbaan Cloudflare Email: bas@cloudflare.com