From dba5a5fc40ed2b65ebdd2aa43a46ead1cac0db05 Mon Sep 17 00:00:00 2001 From: ID Bot Date: Thu, 12 Dec 2024 03:22:46 +0000 Subject: [PATCH] Script updating gh-pages from 61892b2. [ci skip] --- index.html | 8 + ...aft-ietf-lamps-dilithium-certificates.html | 2668 +++++++++++++++++ ...raft-ietf-lamps-dilithium-certificates.txt | 1366 +++++++++ seanturner-ref-update/index.html | 45 + 4 files changed, 4087 insertions(+) create mode 100644 seanturner-ref-update/draft-ietf-lamps-dilithium-certificates.html create mode 100644 seanturner-ref-update/draft-ietf-lamps-dilithium-certificates.txt create mode 100644 seanturner-ref-update/index.html diff --git a/index.html b/index.html index 8c6c99c..4fb5e08 100644 --- a/index.html +++ b/index.html @@ -24,6 +24,14 @@

Editor's drafts for main branch of seanturner-ref-update

+ + + + + + +
ML-DSA in Certificatesplain textdiff with main

Preview for branch mikeo_externalmu

diff --git a/seanturner-ref-update/draft-ietf-lamps-dilithium-certificates.html b/seanturner-ref-update/draft-ietf-lamps-dilithium-certificates.html new file mode 100644 index 0000000..126bdd1 --- /dev/null +++ b/seanturner-ref-update/draft-ietf-lamps-dilithium-certificates.html @@ -0,0 +1,2668 @@ + + + + + + +Internet X.509 Public Key Infrastructure: Algorithm Identifiers for ML-DSA + + + + + + + + + + + + + + + +
+ + + + + + + + + + +
Internet-DraftML-DSA in CertificatesDecember 2024
Massimo, et al.Expires 15 June 2025[Page]
+
+
+
+
Workgroup:
+
LAMPS WG
+
Internet-Draft:
+
draft-ietf-lamps-dilithium-certificates-latest
+
Published:
+
+ +
+
Intended Status:
+
Standards Track
+
Expires:
+
+
Authors:
+
+
+
J. Massimo
+
AWS
+
+
+
P. Kampanakis
+
AWS
+
+
+
S. Turner
+
sn3rd
+
+
+
B. E. Westerbaan
+
Cloudflare
+
+
+
+
+

Internet X.509 Public Key Infrastructure: Algorithm Identifiers for ML-DSA

+
+

Abstract

+

Digital signatures are used within X.509 certificates, Certificate +Revocation Lists (CRLs), and to sign messages. This document describes +the conventions for using FIPS 204, the Module-Lattice-Based Digital +Signature Algorithm (ML-DSA) in Internet X.509 certificates and +certificate revocation lists. The conventions for the associated +signatures, subject public keys, and private key are also described.

+
+
+

+About This Document +

+

This note is to be removed before publishing as an RFC.

+

+ The latest revision of this draft can be found at https://lamps-wg.github.io/dilithium-certificates/#go.draft-ietf-lamps-dilithium-certificates.html. + Status information for this document may be found at https://datatracker.ietf.org/doc/draft-ietf-lamps-dilithium-certificates/.

+

+ Discussion of this document takes place on the + Limited Additional Mechanisms for PKIX and SMIME (lamps) Working Group mailing list (mailto:spasm@ietf.org), + which is archived at https://mailarchive.ietf.org/arch/browse/spasm/. + Subscribe at https://www.ietf.org/mailman/listinfo/spasm/.

+

Source for this draft and an issue tracker can be found at + https://github.com/lamps-wg/dilithium-certificates.

+
+
+
+

+Status of This Memo +

+

+ This Internet-Draft is submitted in full conformance with the + provisions of BCP 78 and BCP 79.

+

+ Internet-Drafts are working documents of the Internet Engineering Task + Force (IETF). Note that other groups may also distribute working + documents as Internet-Drafts. The list of current Internet-Drafts is + at https://datatracker.ietf.org/drafts/current/.

+

+ Internet-Drafts are draft documents valid for a maximum of six months + and may be updated, replaced, or obsoleted by other documents at any + time. It is inappropriate to use Internet-Drafts as reference + material or to cite them other than as "work in progress."

+

+ This Internet-Draft will expire on 15 June 2025.

+
+
+ +
+
+

+Table of Contents +

+ +
+
+
+
+

+1. Introduction +

+

The Module-Lattice-Based Digital Signature Algorithm (ML-DSA) is a +quantum-resistant digital signature scheme standardized by the US +National Institute of Standards and Technology (NIST) PQC project +[NIST-PQC] in [FIPS204]. This document +specifies the use of the ML-DSA in Public Key Infrastructure X.509 (PKIX) +certificates and Certificate Revocation Lists (CRLs) at three security +levels: ML-DSA-44, ML-DSA-65, and ML-DSA-87.

+

[FIPS204] defines two variants of ML-DSA: a pure and a prehash variant. +Only the former is specified in this document. +The pure variant of ML-DSA supports the typical prehash flow, +see Section 7. In short: one cryptographic module can compute the hash mu +on line 6 of algorithm 7 of [FIPS204] and pass it to a second module +to finish the signature. The first module only needs access to the full +message and the public key, whereas the second module only needs access +to hash mu and the private key.

+
+
+

+1.1. Requirements Language +

+

The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", +"MAY", and "OPTIONAL" in this document are to be interpreted as +described in BCP 14 [RFC2119] [RFC8174] when, and only when, they +appear in all capitals, as shown here.

+
+
+
+
+
+
+

+2. Identifiers +

+

The AlgorithmIdentifier type is defined in [RFC5912] as follows:

+
+
+    AlgorithmIdentifier{ALGORITHM-TYPE, ALGORITHM-TYPE:AlgorithmSet} ::=
+      SEQUENCE {
+        algorithm   ALGORITHM-TYPE.id({AlgorithmSet}),
+        parameters  ALGORITHM-TYPE.
+                      Params({AlgorithmSet}{@algorithm}) OPTIONAL
+     }
+
+
+ +

The fields in AlgorithmIdentifier have the following meanings:

+
    +
  • +

    algorithm identifies the cryptographic algorithm with an object +identifier.

    +
  • +
  • +

    parameters, which are optional, are the associated parameters for the +algorithm identifier in the algorithm field.

    +
  • +
+

The OIDs are:

+
+
+   id-ml-dsa-44 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2)
+            country(16) us(840) organization(1) gov(101) csor(3)
+            nistAlgorithm(4) sigAlgs(3) id-ml-dsa-44(17) }
+
+   id-ml-dsa-65 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2)
+            country(16) us(840) organization(1) gov(101) csor(3)
+            nistAlgorithm(4) sigAlgs(3) id-ml-dsa-65(18) }
+
+   id-ml-dsa-87 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2)
+            country(16) us(840) organization(1) gov(101) csor(3)
+            nistAlgorithm(4) sigAlgs(3) id-ml-dsa-87(19) }
+
+
+

The contents of the parameters component for each algorithm MUST be +absent.

+
+
+
+
+

+3. ML-DSA Signatures in PKIX +

+

ML-DSA is a digital signature scheme built upon the +Fiat-Shamir-with-aborts framework [Fiat-Shamir]. The security is based +upon the hardness of lattice problems over module lattices [Dilithium]. +ML-DSA provides three parameter sets for the NIST PQC security categories +2, 3 and 5.

+

Signatures are used in a number of different ASN.1 structures. As shown +in the ASN.1 representation from [RFC5280] below, in an X.509 +certificate, a signature is encoded with an algorithm identifier in the +signatureAlgorithm attribute and a signatureValue attribute that contains +the actual signature.

+
+
+  Certificate  ::=  SIGNED{ TBSCertificate }
+
+  SIGNED{ToBeSigned} ::= SEQUENCE {
+     toBeSigned           ToBeSigned,
+     algorithmIdentifier  SEQUENCE {
+         algorithm        SIGNATURE-ALGORITHM.
+                            &id({SignatureAlgorithms}),
+         parameters       SIGNATURE-ALGORITHM.
+                            &Params({SignatureAlgorithms}
+                              {@algorithmIdentifier.algorithm})
+                                OPTIONAL
+     },
+     signature BIT STRING (CONTAINING SIGNATURE-ALGORITHM.&Value(
+                              {SignatureAlgorithms}
+                              {@algorithmIdentifier.algorithm}))
+  }
+
+
+

Signatures are also used in the CRL list ASN.1 representation from +[RFC5280] below. In a X.509 CRL, a signature is encoded with an +algorithm identifier in the signatureAlgorithm attribute and a +signatureValue attribute that contains the actual signature.

+
+
+   CertificateList  ::=  SIGNED{ TBSCertList }
+
+
+

The identifiers defined in Section 2 can be used as the +AlgorithmIdentifier in the signatureAlgorithm field in the sequence +Certificate/CertificateList and the signature field in the sequence +TBSCertificate/TBSCertList in certificates and CRLs, respectively, +[RFC5280]. The parameters of these signature algorithms MUST be +absent, as explained in Section 2.

+

The signatureValue field contains the corresponding ML-DSA signature +computed upon the ASN.1 DER encoded tbsCertificate/tbsCertList +[RFC5280].

+

Conforming Certification Authority (CA) implementations MUST specify +the algorithms explicitly by using the OIDs specified in Section 2 when +encoding ML-DSA signatures in certificates and CRLs. Conforming client +implementations that process certificates and CRLs using ML-DSA MUST +recognize the corresponding OIDs. Encoding rules for ML-DSA signature +values are specified Section 2.

+

When the id-ml-dsa identifier appears in the algorithm field as an +AlgorithmIdentifier, the encoding MUST omit the parameters field. That +is, the AlgorithmIdentifier SHALL be a SEQUENCE of one component, the +OID id-ml-dsa.

+
+
+
+
+

+4. ML-DSA Public Keys in PKIX +

+

In the X.509 certificate, the subjectPublicKeyInfo field has the +SubjectPublicKeyInfo type, which has the following ASN.1 syntax:

+
+
+  SubjectPublicKeyInfo {PUBLIC-KEY: IOSet} ::= SEQUENCE {
+      algorithm        AlgorithmIdentifier {PUBLIC-KEY, {IOSet}},
+      subjectPublicKey BIT STRING
+  }
+
+
+ +

The fields in SubjectPublicKeyInfo have the following meaning:

+
    +
  • +

    algorithm is the algorithm identifier and parameters for the +public key (see above).

    +
  • +
  • +

    subjectPublicKey contains the byte stream of the public key.

    +
  • +
+

Appendix C contains example ML-DSA private keys encoded using the +textual encoding defined in [RFC7468].

+
+
+
+
+

+5. Key Usage Bits +

+

The intended application for the key is indicated in the keyUsage +certificate extension; see Section 4.2.1.3 of [RFC5280]. If the +keyUsage extension is present in a certificate that indicates id-ml-dsa +in the SubjectPublicKeyInfo, then the at least one of following MUST be +present:

+
+
+  digitalSignature; or
+  nonRepudiation; or
+  keyCertSign; or
+  cRLSign.
+
+
+

If the keyUsage extension is present in a certificate that indicates +id-ml-dsa in the SubjectPublicKeyInfo, then the following MUST NOT be +present:

+
+
+   keyEncipherment; or
+   dataEncipherment; or
+   keyAgreement; or
+   encipherOnly; or
+   decipherOnly.
+
+
+

Requirements about the keyUsage extension bits defined in [RFC5280] +still apply.

+
+
+
+
+

+6. Private Key Format +

+

An ML-DSA private key is encoded by storing its 32-octet seed in +the privateKey field as follows.

+

[FIPS204] specifies two formats for an ML-DSA private key: a 32-octet +seed (xi) and an (expanded) private key. The expanded private key (and public key) +is computed from the seed using ML-DSA.KeyGen_internal(xi) (algorithm 6).

+

"Asymmetric Key Packages" [RFC5958] describes how to encode a private +key in a structure that both identifies what algorithm the private key +is for and allows for the public key and additional attributes about the +key to be included as well. For illustration, the ASN.1 structure +OneAsymmetricKey is replicated below.

+
+
+  OneAsymmetricKey ::= SEQUENCE {
+    version                  Version,
+    privateKeyAlgorithm      SEQUENCE {
+    algorithm                PUBLIC-KEY.&id({PublicKeySet}),
+    parameters               PUBLIC-KEY.&Params({PublicKeySet}
+                               {@privateKeyAlgorithm.algorithm})
+                                  OPTIONAL}
+    privateKey               OCTET STRING (CONTAINING
+                               PUBLIC-KEY.&PrivateKey({PublicKeySet}
+                                 {@privateKeyAlgorithm.algorithm})),
+    attributes           [0] Attributes OPTIONAL,
+    ...,
+    [[2: publicKey       [1] BIT STRING (CONTAINING
+                               PUBLIC-KEY.&Params({PublicKeySet}
+                                 {@privateKeyAlgorithm.algorithm})
+                                 OPTIONAL,
+    ...
+  }
+
+
+ +

When used in a OneAsymmetricKey type, the privateKey OCTET STRING contains +the raw octet string encoding of the 32-octet seed. The publicKey field +SHOULD be omitted because the public key can be computed as noted earlier +in this section.

+

Appendix C contains example ML-DSA private keys encoded using the +textual encoding defined in [RFC7468].

+
+
+
+
+

+7. Pre-hashing (ExternalMu-ML-DSA) +

+

Some applications require prehashing, where the signature generation +process can be separated into a pre-hash step and a core signature +step in order to ease operational requirements around large or +inconsistently-sized payloads. This can be performed at the +protocol layer, but not all protocols support it. +Examples in [RFC5280] are certificate and certificate revocation list +(CRL) data structures, that do not include message digesting before signing. +This can make signing large CRLs or a high volume of certificates +with large public keys challenging.

+

As mentioned in the introduction, pure ML-DSA signing itself +supports a prehashing flow by splitting the operation over two +modules. In this section we make this "ExternalMu-ML-DSA" +more explicit.

+

There are two steps. First an ExternalMu-ML-DSA.Prehash() +followed by ExternalMu-ML-DSA.Sign(). Together these are functionally +equivalent to ML-DSA.Sign() from [FIPS204] in that they create +exactly the same signatures as regular pure ML-DSA, which can be +verified by the unmodified ML-DSA.Verify().

+

An ML-DSA key and certificate MAY be used with either ML-DSA +or ExternalMu-ML-DSA interchangeably. +Note that ExternalMu-ML-DSA describes a different signature API from ML-DSA +and therefore might require explicit support from hardware or +software cryptographic modules.

+

Note that the signing mode defined here is different from HashML-DSA +defined in [FIPS204] section 5.4. This specification uses exclusively +ExternalMu-ML-DSA for pre-hashed use cases, and thus public +keys identified by id-hash-ml-dsa-44-with-sha512, +id-hash-ml-dsa-65-with-sha512, and id-hash-ml-dsa-87-with-sha512 + MUST NOT be used in X.509 and related PKIX protocols.

+

All functions and notation used in Figure 1 +and Figure 2 are defined in [FIPS204].

+

External operations:

+
+
+
+
+ExternalMu-ML-DSA.Prehash(pk, M, ctx):
+
+  if |ctx| > 255 then
+    return error  # return an error indication if the context string is
+                  # too long
+  end if
+
+  M' = BytesToBits(IntegerToBytes(0, 1) ∥ IntegerToBytes(|ctx|, 1)
+                                                        || ctx) || M
+  mu = H(BytesToBits(H(pk, 64)) || M', 64)
+  return mu
+
+
+
Figure 1: +External steps of ExternalMu-ML-DSA +
+
+

Internal operations:

+
+
+
+
+ExternalMu-ML-DSA.Sign(sk, mu):
+
+  if |mu| != 512 then
+    return error  # return an error indication if the input mu is not
+                  # 64 bytes (512 bits).
+  end if
+
+  rnd = rand(32)  # for the optional deterministic variant,
+                  # set rnd to all zeroes
+  if rnd = NULL then
+    return error  # return an error indication if random bit
+                  # generation failed
+  end if
+
+  sigma = ExternalMu-ML-DSA.Sign_internal(sk, mu, rnd)
+  return sigma
+
+
+ExternalMu-ML-DSA.Sign_internal(sk, mu, rnd): # mu is passed as argument instead of M'
+   ... identical to FIPS 204 Algorithm 7, but with Line 6 removed.
+
+
+
Figure 2: +Internal steps of ExternalMu-ML-DSA +
+
+
+
+
+
+

+8. IANA Considerations +

+

For the ASN.1 module in {asn1}, IANA is requested to assign an object +identifier (OID) for the module identifier (TBD1) with a Description +of "id-mod-x509-ml-dsa-2024". The OID for the module should be +allocated in the "SMI Security for PKIX Module Identifier" registry +(1.3.6.1.5.5.7.0).

+
+
+
+
+

+9. Security Considerations +

+

The Security Considerations section of [RFC5280] applies to this +specification as well.

+

The digital signature scheme defined within this document are modeled +under strongly existentially unforgeable under chosen message attack +(SUF-CMA). For the purpose of estimating security strength, it has +been assumed that the attacker has access to signatures for no more +than 2^{64} chosen messages.

+ +

ML-DSA offers both deterministic and randomized signing. By default +ML-DSA signatures are non-deterministic. The private random seed (rho') +for the signature is pseudorandomly derived from the signer’s private +key, the message, and a 256-bit string, rnd - where rnd should be +generated by an approved RBG. In the deterministic version, rng is +instead a 256-bit constant string. The source of randomness in the +randomized mode has been "hedged" against sources of poor entropy, by +including the signers private key and message into the derivation. The +primary purpose of rnd is to facilitate countermeasures to side-channel +attacks and fault attacks on deterministic signatures.

+ +

In the design of ML-DSA, care has been taken to make side-channel +resilience easier to achieve. For instance, ML-DSA does not depend +on Gaussian sampling. Implementations must still take great care +not to leak information via various side channels. While deliberate +design decisions such as these can help to deliver a greater ease +of secure implementation - particularly against side-channel +attacks - it does not necessarily provide resistance to more +powerful attacks such as differential power analysis. Some amount +of side-channel leakage has been demonstrated in parts of the +signing algorithm (specifically the bit-unpacking function), from +which a demonstration of key recovery has been made over a large +sample of signatures. Masking countermeasures exist for +ML-DSA, but come with a performance overhead.

+

A fundamental security property also associated with digital +signatures is non-repudiation. Non-repudiation refers to the +assurance that the owner of a signature key pair that was +capable of generating an existing signature corresponding to +certain data cannot convincingly deny having signed the data. +The digital signature scheme ML-DSA possess three security +properties beyond unforgeability, that are associated with +non-repudiation. These are exclusive ownership, message-bound +signatures, and non-resignability. These properties are based +tightly on the assumed collision resistance of the hash +function used (in this case SHAKE-256).

+

Exclusive ownership is a property in which a signature sigma +uniquely determines the public key and message for which it +is valid. Message-bound signatures is the property that a +valid signature uniquely determines the message for which it +is valid, but not necessarily the public key. +Non-resignability is the property in which one cannot produce +a valid signature under another key given a signature sigma +for some unknown message m. These properties are not provided +by classical signature schemes such as DSA or ECDSA, and have +led to a variety of attacks such as Duplicate-Signature Key +Selection (DSKS) attacks , and attacks on +the protocols for secure routing. A full +discussion of these properties in ML-DSA can be found at +[CDFFJ21].

+

These properties are dependent, in part, on unambiguous public +key serialization. It for this reason the public key structure +defined in Section 4 is intentionally encoded as a +single OCTET STRING.

+
+
+
+
+

+10. References +

+
+
+

+10.1. Normative References +

+
+
[FIPS204]
+
+National Institute of Standards and Technology (NIST), "Module-Lattice-based Digital Signature Standard", FIPS PUB 204, , <https://csrc.nist.gov/projects/post-quantum-cryptography>.
+
+
[I-D.lamps-cms-ml-dsa]
+
+"*** BROKEN REFERENCE ***".
+
+
[RFC2119]
+
+Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, DOI 10.17487/RFC2119, , <https://www.rfc-editor.org/rfc/rfc2119>.
+
+
[RFC5280]
+
+Cooper, D., Santesson, S., Farrell, S., Boeyen, S., Housley, R., and W. Polk, "Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile", RFC 5280, DOI 10.17487/RFC5280, , <https://www.rfc-editor.org/rfc/rfc5280>.
+
+
[RFC5912]
+
+Hoffman, P. and J. Schaad, "New ASN.1 Modules for the Public Key Infrastructure Using X.509 (PKIX)", RFC 5912, DOI 10.17487/RFC5912, , <https://www.rfc-editor.org/rfc/rfc5912>.
+
+
[RFC5958]
+
+Turner, S., "Asymmetric Key Packages", RFC 5958, DOI 10.17487/RFC5958, , <https://www.rfc-editor.org/rfc/rfc5958>.
+
+
[RFC8174]
+
+Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, , <https://www.rfc-editor.org/rfc/rfc8174>.
+
+
[X680]
+
+ITU-T, "Information Technology -- Abstract Syntax Notation One (ASN.1): Specification of basic notation", ITU-T Recommendation X.680, ISO/IEC 8824-1:2021, , <https://www.itu.int/rec/T-REC-X.680>.
+
+
[X690]
+
+ITU-T, "Information Technology -- Abstract Syntax Notation One (ASN.1): ASN.1 encoding rules: Specification of Basic Encoding Rules (BER), Canonical Encoding Rules (CER) and Distinguished Encoding Rules (DER)", ITU-T Recommendation X.690, ISO/IEC 8825-1:2021, , <https://www.itu.int/rec/T-REC-X.690>.
+
+
+
+
+
+
+

+10.2. Informative References +

+
+
[CDFFJ21]
+
+Cremers, C., Düzlü, S., Fiedler, R., Fischlin, M., and C. Janson, "BUFFing signature schemes beyond unforgeability and the case of post-quantum signatures", In Proceedings of the 42nd IEEE Symposium on Security and Privacy , , <https://eprint.iacr.org/2020/1525.pdf>.
+
+
[Dilithium]
+
+Bai, S., Ducas, L., Lepoint, T., Lyubashevsky, V., Schwabe, P., Seiler, G., and D. Stehlé, "CRYSTALS-Dilithium Algorithm Specifications and Supporting Documentation", , <https://pq-crystals.org/dilithium/data/dilithium-specification-round3-20210208.pdf>.
+
+
[Fiat-Shamir]
+
+Lyubashevsky, V., "Fiat-Shamir with aborts: Applications to lattice and factoring-based signatures", International Conference on the Theory and Application of Cryptology and Information Security , , <https://www.iacr.org/archive/asiacrypt2009/59120596/59120596.pdf>.
+
+
[NIST-PQC]
+
+National Institute of Standards and Technology (NIST), "Post-Quantum Cryptography Project", , <https://csrc.nist.gov/Projects/post-quantum-cryptography>.
+
+
[RFC7468]
+
+Josefsson, S. and S. Leonard, "Textual Encodings of PKIX, PKCS, and CMS Structures", RFC 7468, DOI 10.17487/RFC7468, , <https://www.rfc-editor.org/rfc/rfc7468>.
+
+
+
+
+
+
+
+
+

+Appendix A. ASN.1 Module +

+

This appendix includes the ASN.1 module [X680] for the ML-DSA. Note that +as per [RFC5280], certificates use the Distinguished Encoding Rules; see +[X690]. This module imports objects from [RFC5912] and +[I-D.lamps-cms-ml-dsa].

+ +
+
<CODE BEGINS>
+X509-ML-DSA-2024
+{ iso(1) identified-organization(3) dod(6)
+  internet(1) security(5) mechanisms(5) pkix(7) id-mod(0)
+  id-mod-x509-ml-dsa-2024(TBD1) }
+
+DEFINITIONS IMPLICIT TAGS ::=
+
+BEGIN
+
+-- EXPORTS ALL;
+
+IMPORTS
+
+PUBLIC-KEY, SIGNATURE-ALGORITHM
+  FROM AlgorithmInformation-2009 -- From [RFC5912]
+    { iso(1) identified-organization(3) dod(6) internet(1)
+      security(5) mechanisms(5) pkix(7) id-mod(0)
+      id-mod-algorithmInformation-02(58) }
+
+sa-ml-dsa-44, sa-ml-dsa-65, sa-ml-dsa-87,
+pk-ml-dsa-44, pk-ml-dsa-65, pk-ml-dsa-87
+  FROM ML-DSA-Module-2024 -- From [I-D.salter-lamps-cms-ml-dsa]
+     { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs9(9)
+       id-smime(16) id-mod(0) id-mod-ml-dsa-2024(TBD2) } ;
+
+--
+-- Expand SignatureAlgorithms from RFC 5912
+--
+SignatureAlgorithms SIGNATURE-ALGORITHM ::= {
+  sa-ml-dsa-44 |
+  sa-ml-dsa-65 |
+  sa-ml-dsa-87,
+  ... }
+
+--
+-- Expand SignatureAlgorithms from RFC 5912
+--
+PublicKeys PUBLIC-KEY ::= {
+  pk-ml-dsa-44 |
+  pk-ml-dsa-65 |
+  pk-ml-dsa-87,
+  ...
+}
+
+END
+
+<CODE ENDS>
+
+
+
+
+
+

+Appendix B. Security Strengths +

+

Instead of defining the strength of a quantum algorithm +in a traditional manner using the imprecise notion of bits +of security, NIST has instead elected to define security +levels by picking a reference scheme, which NIST expects +to offer notable levels of resistance to both quantum and +classical attack. To wit, an algorithm that achieves NIST PQC +security level 1 must require computational resources to +break the relevant security property, which are greater than +those required for a brute-force key search on AES-128. +Levels 3 and 5 use AES-192 and AES-256 as reference respectively. +Levels 2 and 4 use collision search for SHA-256 and SHA-384 +as reference.

+

The parameter sets defined for NIST security levels 2, 3 and 5 +are listed in the Figure 1, along with the resulting signature +size, public key, and private key sizes in bytes.

+
+
+
+
+|=======+=======+=====+========+========+========|
+| Level | (k,l) | eta |  Sig.  | Public | Private|
+|       |       |     |  (B)   | Key(B) | Key(B) |
+|=======+=======+=====+========+========+========|
+|   2   | (4,4) |  2  |  2420  |  1312  |  32    |
+|   3   | (6,5) |  4  |  3309  |  1952  |  32    |
+|   5   | (8,7) |  2  |  4627  |  2592  |  32    |
+|=======+=======+=====+========+========+========|
+
+
+
Figure 3: +ML-DSA Parameters +
+
+
+
+
+
+

+Appendix C. Examples +

+

This appendix contains examples of ML-DSA public keys, private keys and certificates.

+
+
+

+C.1. Example Private Key +

+

The following is an example of a ML-DSA-44 private key with hex seed 000102…1e1f:

+
+
+-----BEGIN PRIVATE KEY-----
+MDICAQAwCwYJYIZIAWUDBAMRBCAAAQIDBAUGBwgJCgsMDQ4PEBESExQVFhcYGRob
+HB0eHw==
+-----END PRIVATE KEY-----
+
+
+
+
+SEQUENCE {
+  INTEGER { 0 }
+  SEQUENCE {
+    OBJECT_IDENTIFIER { 2.16.840.1.101.3.4.3.17 }
+  }
+  OCTET_STRING { `000102030405060708090a0b0c0d0e0f10111213141516
+1718191a1b1c1d1e1f` }
+}
+
+
+

The following is an example of a ML-DSA-65 private key with hex seed 000102…1e1f:

+
+
+-----BEGIN PRIVATE KEY-----
+MDICAQAwCwYJYIZIAWUDBAMSBCAAAQIDBAUGBwgJCgsMDQ4PEBESExQVFhcYGRob
+HB0eHw==
+-----END PRIVATE KEY-----
+
+
+
+
+SEQUENCE {
+  INTEGER { 0 }
+  SEQUENCE {
+    OBJECT_IDENTIFIER { 2.16.840.1.101.3.4.3.18 }
+  }
+  OCTET_STRING { `000102030405060708090a0b0c0d0e0f10111213141516
+1718191a1b1c1d1e1f` }
+}
+
+
+

The following is an example of a ML-DSA-87 private key with hex seed 000102…1e1f:

+
+
+-----BEGIN PRIVATE KEY-----
+MDICAQAwCwYJYIZIAWUDBAMTBCAAAQIDBAUGBwgJCgsMDQ4PEBESExQVFhcYGRob
+HB0eHw==
+-----END PRIVATE KEY-----
+
+
+
+
+SEQUENCE {
+  INTEGER { 0 }
+  SEQUENCE {
+    OBJECT_IDENTIFIER { 2.16.840.1.101.3.4.3.19 }
+  }
+  OCTET_STRING { `000102030405060708090a0b0c0d0e0f10111213141516
+1718191a1b1c1d1e1f` }
+}
+
+
+

NOTE: The private key is the seed and all three examples keys use the +same seed; therefore, the private above are the same except for the OID +used to represent the ML-DSA algorithm's security strength.

+
+
+
+
+

+C.2. Example Public Key +

+

The following is the ML-DSA-44 public key corresponding to the private +key in the previous section.

+
+
+-----BEGIN PUBLIC KEY-----
+MIIFMjALBglghkgBZQMEAxEDggUhANeytHJUquDbReeTDUqY0sl9jxOX0Xidr6Fw
+JLMW6b7JT8mUbULxm3mnQTu6oz5xSctC7VEVaTrAQfrLmIretf4OHYYxGEmVtZLD
+l9IpTi4U+QqkFLo4JomaxD9MzKy8JumoMrlRGNXLQzy++WYLABOOCBf2HnYsonTD
+atVU6yKqwRYuSrAay6HjjE79j4C2WzM9D3LlXf5xzpweu5iJ58VhBsD9c4A6Kuz+
+r97XqjyyztpU0SvYzTanjPl1lDtHq9JeiArEUuV0LtHo0agq+oblkMdYwVrk0oQN
+kryhpQkPQElll/yn2LlRPxob2m6VCqqY3kZ1B9Sk9aTwWZIWWCw1cvYu2okFqzWB
+ZwxKAnd6M+DKcpX9j0/20aCjp2g9ZfX19/xg2gI+gmxfkhRMAvfRuhB1mHVT6pNn
+/NdtmQt/qZzUWv24g21D5Fn1GH3wWEeXCaAepoNZNfpwRgmQzT3BukAbqUurHd5B
+rGerMxncrKBgSNTE7vJ+4TqcF9BTj0MPLWQtwkFWYN54h32NirxyUjl4wELkKF9D
+GYRsRBJiQpdoRMEOVWuiFbWnGeWdDGsqltOYWQcf3MLN51JKe+2uVOhbMY6FTo/i
+svPt+slxkSgnCq/R5QRMOk/a/Z/zH5B4S46ORZYUSg2vWGUR09mWK56pWvGXtOX8
+YPKx7RXeOlvvX4m9x52RBR2bKBbnT6VFMe/cHL501EiFf0drzVjyHAtlOzt2pOB2
+plWaMCcYVVzGP3SFmqurkl8COGHKjND3utsocfZ9VTJtdFETWtRfShumkRj7ssij
+DuyTku8/l3Bmya3VxxDMZHsVFNIX2VjHAXw+kP0gwE5nS5BIbpNwoxoAHTL0c5ee
+SQZ0nn5Hf6C3RQj4pfI3gxK4PCW9OIygsP/3R4uvQrcWZ+2qyXxGsSlkPlhuWwVa
+DCEZRtTzbmdb7Vhg+gQqMV2YJhZNapI3w1pfv0lUkKW9TfJIuVxKrneEtgVnMWas
+QkW1tLCCoJ6TI+YvIHjFt2eDRG3v1zatOjcC1JsImESQCmGDM5e8RBmzDXqXoLOH
+wZEUdMTUG1PjKpd6y28Op122W7OeWecB52lX3vby1EVZwxp3EitSBOO1whnxaIsU
+7QvAuAGz5ugtzUPpwOn0F0TNmBW9G8iCDYuxI/BPrNGxtoXdWisbjbvz7ZM2cPCV
+oYC08ZLQixC4+rvfzCskUY4y7qCl4MkEyoRHgAg/OwzS0Li2r2e8NVuUlAJdx7Cn
+j6gOOi2/61EyiFHWB4GY6Uk2Ua54fsAlH5Irow6fUd9iptcnhM890gU5MXbfoySl
+Er2Ulwo23TSlFKhnkfDrNvAUWwmrZGUbSgMTsplhGiocSIkWJ1mHaKMRQGC6RENI
+bfUVIqHOiLMJhcIW+ObtF43VZ7MEoNTK+6iCooNC8XqaomrljbYwCD0sNY/fVmw/
+XWKkKFZ7yeqM6VyqDzVHSwv6jzOaJQq0388gg76O77wQVeGP4VNw7ssmBWbYP/Br
+IRquxDyim1TM0A+IFaJGXvC0ZRXMfkHzEk8J7/9zkwmrWLKaFFmgC85QOOk4yWeP
+cusOTuX9quZtn4Vz/Jf8QrSVn0v4th14Qz6GsDNdbpGRxNi/SHs5BcEIz9asJLDO
+t9y3z1H4TQ7Wh7lerrHFM8BvDZcCPZKnCCWDe1m6bLfU5WsKh8IDhiro8xW6WSXo
+7e+meTaaIgJ2YVHxapZfn4Hs52zAcLVYaeTbl4TPBcgwsyQsgxI=
+-----END PUBLIC KEY-----
+
+
+
+
+SEQUENCE {
+  SEQUENCE {
+    OBJECT_IDENTIFIER { 2.16.840.1.101.3.4.3.17 }
+  }
+  BIT_STRING { `00` `d7b2b47254aae0db45e7930d4a98d2c97d8f1397d17
+89dafa17024b316e9bec94fc9946d42f19b79a7413bbaa33e7149cb42ed51156
+93ac041facb988adeb5fe0e1d8631184995b592c397d2294e2e14f90aa414ba3
+826899ac43f4cccacbc26e9a832b95118d5cb433cbef9660b00138e0817f61e7
+62ca274c36ad554eb22aac1162e4ab01acba1e38c4efd8f80b65b333d0f72e55
+dfe71ce9c1ebb9889e7c56106c0fd73803a2aecfeafded7aa3cb2ceda54d12bd
+8cd36a78cf975943b47abd25e880ac452e5742ed1e8d1a82afa86e590c758c15
+ae4d2840d92bca1a5090f40496597fca7d8b9513f1a1bda6e950aaa98de46750
+7d4a4f5a4f0599216582c3572f62eda8905ab3581670c4a02777a33e0ca7295f
+d8f4ff6d1a0a3a7683d65f5f5f7fc60da023e826c5f92144c02f7d1ba1075987
+553ea9367fcd76d990b7fa99cd45afdb8836d43e459f5187df058479709a01ea
+6835935fa70460990cd3dc1ba401ba94bab1dde41ac67ab3319dcaca06048d4c
+4eef27ee13a9c17d0538f430f2d642dc2415660de78877d8d8abc72523978c04
+2e4285f4319846c44126242976844c10e556ba215b5a719e59d0c6b2a96d3985
+9071fdcc2cde7524a7bedae54e85b318e854e8fe2b2f3edfac9719128270aafd
+1e5044c3a4fdafd9ff31f90784b8e8e4596144a0daf586511d3d9962b9ea95af
+197b4e5fc60f2b1ed15de3a5bef5f89bdc79d91051d9b2816e74fa54531efdc1
+cbe74d448857f476bcd58f21c0b653b3b76a4e076a6559a302718555cc63f748
+59aabab925f023861ca8cd0f7badb2871f67d55326d7451135ad45f4a1ba6911
+8fbb2c8a30eec9392ef3f977066c9add5c710cc647b1514d217d958c7017c3e9
+0fd20c04e674b90486e9370a31a001d32f473979e4906749e7e477fa0b74508f
+8a5f2378312b83c25bd388ca0b0fff7478baf42b71667edaac97c46b129643e5
+86e5b055a0c211946d4f36e675bed5860fa042a315d9826164d6a9237c35a5fb
+f495490a5bd4df248b95c4aae7784b605673166ac4245b5b4b082a09e9323e62
+f2078c5b76783446defd736ad3a3702d49b089844900a61833397bc4419b30d7
+a97a0b387c1911474c4d41b53e32a977acb6f0ea75db65bb39e59e701e76957d
+ef6f2d44559c31a77122b5204e3b5c219f1688b14ed0bc0b801b3e6e82dcd43e
+9c0e9f41744cd9815bd1bc8820d8bb123f04facd1b1b685dd5a2b1b8dbbf3ed9
+33670f095a180b4f192d08b10b8fabbdfcc2b24518e32eea0a5e0c904ca84478
+0083f3b0cd2d0b8b6af67bc355b9494025dc7b0a78fa80e3a2dbfeb51328851d
+6078198e9493651ae787ec0251f922ba30e9f51df62a6d72784cf3dd20539317
+6dfa324a512bd94970a36dd34a514a86791f0eb36f0145b09ab64651b4a0313b
+299611a2a1c48891627598768a3114060ba4443486df51522a1ce88b30985c21
+6f8e6ed178dd567b304a0d4cafba882a28342f17a9aa26ae58db630083d2c358
+fdf566c3f5d62a428567bc9ea8ce95caa0f35474b0bfa8f339a250ab4dfcf208
+3be8eefbc1055e18fe15370eecb260566d83ff06b211aaec43ca29b54ccd00f8
+815a2465ef0b46515cc7e41f3124f09efff739309ab58b29a1459a00bce5038e
+938c9678f72eb0e4ee5fdaae66d9f8573fc97fc42b4959f4bf8b61d78433e86b
+0335d6e9191c4d8bf487b3905c108cfd6ac24b0ceb7dcb7cf51f84d0ed687b95
+eaeb1c533c06f0d97023d92a70825837b59ba6cb7d4e56b0a87c203862ae8f31
+5ba5925e8edefa679369a2202766151f16a965f9f81ece76cc070b55869e4db9
+784cf05c830b3242c8312` }
+}
+
+
+

The following is the ML-DSA-65 public key corresponding to the private +key in the previous section.

+
+
+-----BEGIN PUBLIC KEY-----
+MIIHsjALBglghkgBZQMEAxIDggehAEhoPZGXjjHrPd24sEc0gtK4il9iWUn9j1il
+YeaWvUwn0Fs427Lt8B5mTv2Bvh6ok2iM5oqi1RxZWPi7xutOie5n0sAyCVTVchLK
+xyKf8dbq8DkovVFRH42I2EdzbH3icw1ZeOVBBxMWCXiGdxG/VTmgv8TDUMK+Vyuv
+DuLi+xbM/qCAKNmaxJrrt1k33c4RHNq2L/886ouiIz0eVvvFxaHnJt5j+t0q8Bax
+GRd/o9lxotkncXP85VtndFrwt8IdWX2+uT5qMvNBxJpai+noJQiNHyqkUVXWyK4V
+Nn5OsAO4/feFEHGUlzn5//CQI+r0UQTSqEpFkG7tRnGkTcKNJ5h7tV32np6FYfYa
+gKcmmVA4Zf7Zt+5yqOF6GcQIFE9LKa/vcDHDpthXFhC0LJ9CEkWojxl+FoErAxFZ
+tluWh+Wz6TTFIlrpinm6c9Kzmdc1EO/60Z5TuEUPC6j84QEv2Y0mCnSqqhP64kmg
+BrHDT1uguILyY3giL7NvIoPCQ/D/618btBSgpw1V49QKVrbLyIrh8Dt7KILZje6i
+jhRcne39jq8c7y7ZSosFD4lk9G0eoNDCpD4N2mGCrb9PbtF1tnQiV4Wb8i86QX7P
+H52JMXteU51YevFrnhMT4EUU/6ZLqLP/K4Mh+IEcs/sCLI9kTnCkuAovv+5gSrtz
+eQkeqObFx038AoNma0DAeThwAoIEoTa/XalWjreY00kDi9sMEeA0ReeEfLUGnHXP
+KKxgHHeZ2VghDdvLIm5Rr++fHeR7Bzhz1tP5dFa+3ghQgudKKYss1I9LMJMVXzZs
+j6YBxq+FjfoywISRsqKYh/kDNZSaXW7apnmIKjqV1r9tlwoiH0udPYy/OEr4GqyV
+4rMpTgR4msg3J6XcBFWflq9B2KBTUW/u7rxSdG62qygZ4JEIcQ2DXwEfpjBlhyrT
+NNXN/7KyMQUH6S/Jk64xfal/TzCc2vD2ftmdkCFVdgg4SflTskbX/ts/22dnmFCl
+rUBOZBR/t89Pau3dBa+0uDSWjR/ogBSWDc5dlCI2Um4SpHjWnl++aXAxCzCMBoRQ
+GM/HsqtDChOmsax7sCzMuz2RGsLxEGhhP74Cm/3OAs9c04lQ7XLIOUTt+8dWFa+H
++GTAUfPFVFbFQShjpAwG0dq1Yr3/BXG408ORe70wCIC7pemYI5uV+pG31kFtTzmL
+OtvNMJg+01krTZ731CNv0A9Q2YqlOiNaxBcnIPd9lhcmcpgM/o/3pacCeD7cK6Mb
+IlkBWhEvx/RoqcL5RkA5AC0w72eLTLeYvBFiFr96mnwYugO3tY/QdRXTEVBJ02FL
+56B+dEMAdQ3x0sWHUziQWer8PXhczdMcB2SL7cA6XDuK1G0GTVnBPVc3Ryn8TilT
+YuKlGRIEUwQovBUir6KP9f4WVeMEylvIwnrQ4MajndTfKJVsFLOMyTaCzv5AK71e
+gtKcRk5E6103tI/FaN/gzG6OFrrqBeUTVZDxkpTnPoNnsCFtu4FQMLneVZE/CAOc
+QjUcWeVRXdWvjgiaFeYl6Pbe5jk4bEZJfXomMoh3TeWBp96WKbQbRCQUH5ePuDMS
+CO/ew8bg3jm8VwY/Pc1sRwNzwIiR6inLx8xtZIO4iJCDrOhqp7UbHCz+birRjZfO
+NvvFbqQvrpfmp6wRSGRHjDZt8eux57EakJhQT9WXW98fSdxwACtjwXOanSY/utQH
+P2qfbCuK9LTDMqEDoM/6Xe6y0GLKPCFf02ACa+fFFk9KRCTvdJSIBNZvRkh3Msgg
+LHlUeGR7TqcdYnwIYCTMo1SkHwh3s48Zs3dK0glcjaU7Bp4hx2ri0gB+FnGe1ACA
+0zT32lLp9aWZBDnK8IOpW4M/Aq0QoIwabQ8mDAByhb1KL0dwOlrvRlKH0lOxisIl
+FDFiEP9WaBSxD4eik9bxmdPDlZmQ0MEmi09Q1fn877vyN70MKLgBgtZll0HxTxC/
+uyG7oSq2IKojlvVsBoa06pAXmQIkIWsv6K12xKkUju+ahqNjWmqne8Hc+2+6Wad9
+/am3Uw3AyoZIyNlzc44Burjwi0kF6EqkZBvWAkEM2XUgJl8vIx8rNeFesvoE0r2U
+1ad6uvHg4WEBCpkAh/W0bqmIsrwFEv2g+pI9rdbEXFMB0JSDZzJltasuEPS6Ug9r
+utVkpcPV4nvbCA99IOEylqMYGVTDnGSclD6+F99cH3quCo/hJsR3WFpdTWSKDQCL
+avXozTG+aakpbU8/0l7YbyIeS5P2X1kplnUzYkuSNXUMMHB1ULWFNtEJpxMcWlu+
+SlcVVnwSU0rsdmB2Huu5+uKJHHdFibgOVmrVV93vc2cZa3In6phw7wnd/seda5MZ
+poebUgXXa/erpazzOvtZ0X/FTmg4PWvloI6bZtpT3N4Ai7KUuFgr0TLNzEmVn9vC
+HlJyGIDIrQNSx58DpDu9hMTN/cbFKQBeHnzZo0mnFoo1Vpul3qgYlo1akUZr1uZO
+IL9iQXGYr8ToHCjdd+1AKCMjmLUvvehryE9HW5AWcQziqrwRoGtNuskB7BbPNlyj
+8tU4E5SKaToPk+ecRspdWm3KPSjKUK0YvRP8pVBZ3ZsYX3n5xHGWpOgbIQS8RgoF
+HgLy6ERP
+-----END PUBLIC KEY-----
+
+
+
+
+SEQUENCE {
+  SEQUENCE {
+    OBJECT_IDENTIFIER { 2.16.840.1.101.3.4.3.17 }
+  }
+  BIT_STRING { `00` `d7b2b47254aae0db45e7930d4a98d2c97d8f1397d17
+89dafa17024b316e9bec94fc9946d42f19b79a7413bbaa33e7149cb42ed51156
+93ac041facb988adeb5fe0e1d8631184995b592c397d2294e2e14f90aa414ba3
+826899ac43f4cccacbc26e9a832b95118d5cb433cbef9660b00138e0817f61e7
+62ca274c36ad554eb22aac1162e4ab01acba1e38c4efd8f80b65b333d0f72e55
+dfe71ce9c1ebb9889e7c56106c0fd73803a2aecfeafded7aa3cb2ceda54d12bd
+8cd36a78cf975943b47abd25e880ac452e5742ed1e8d1a82afa86e590c758c15
+ae4d2840d92bca1a5090f40496597fca7d8b9513f1a1bda6e950aaa98de46750
+7d4a4f5a4f0599216582c3572f62eda8905ab3581670c4a02777a33e0ca7295f
+d8f4ff6d1a0a3a7683d65f5f5f7fc60da023e826c5f92144c02f7d1ba1075987
+553ea9367fcd76d990b7fa99cd45afdb8836d43e459f5187df058479709a01ea
+6835935fa70460990cd3dc1ba401ba94bab1dde41ac67ab3319dcaca06048d4c
+4eef27ee13a9c17d0538f430f2d642dc2415660de78877d8d8abc72523978c04
+2e4285f4319846c44126242976844c10e556ba215b5a719e59d0c6b2a96d3985
+9071fdcc2cde7524a7bedae54e85b318e854e8fe2b2f3edfac9719128270aafd
+1e5044c3a4fdafd9ff31f90784b8e8e4596144a0daf586511d3d9962b9ea95af
+197b4e5fc60f2b1ed15de3a5bef5f89bdc79d91051d9b2816e74fa54531efdc1
+cbe74d448857f476bcd58f21c0b653b3b76a4e076a6559a302718555cc63f748
+59aabab925f023861ca8cd0f7badb2871f67d55326d7451135ad45f4a1ba6911
+8fbb2c8a30eec9392ef3f977066c9add5c710cc647b1514d217d958c7017c3e9
+0fd20c04e674b90486e9370a31a001d32f473979e4906749e7e477fa0b74508f
+8a5f2378312b83c25bd388ca0b0fff7478baf42b71667edaac97c46b129643e5
+86e5b055a0c211946d4f36e675bed5860fa042a315d9826164d6a9237c35a5fb
+f495490a5bd4df248b95c4aae7784b605673166ac4245b5b4b082a09e9323e62
+f2078c5b76783446defd736ad3a3702d49b089844900a61833397bc4419b30d7
+a97a0b387c1911474c4d41b53e32a977acb6f0ea75db65bb39e59e701e76957d
+ef6f2d44559c31a77122b5204e3b5c219f1688b14ed0bc0b801b3e6e82dcd43e
+9c0e9f41744cd9815bd1bc8820d8bb123f04facd1b1b685dd5a2b1b8dbbf3ed9
+33670f095a180b4f192d08b10b8fabbdfcc2b24518e32eea0a5e0c904ca84478
+0083f3b0cd2d0b8b6af67bc355b9494025dc7b0a78fa80e3a2dbfeb51328851d
+6078198e9493651ae787ec0251f922ba30e9f51df62a6d72784cf3dd20539317
+6dfa324a512bd94970a36dd34a514a86791f0eb36f0145b09ab64651b4a0313b
+299611a2a1c48891627598768a3114060ba4443486df51522a1ce88b30985c21
+6f8e6ed178dd567b304a0d4cafba882a28342f17a9aa26ae58db630083d2c358
+fdf566c3f5d62a428567bc9ea8ce95caa0f35474b0bfa8f339a250ab4dfcf208
+3be8eefbc1055e18fe15370eecb260566d83ff06b211aaec43ca29b54ccd00f8
+815a2465ef0b46515cc7e41f3124f09efff739309ab58b29a1459a00bce5038e
+938c9678f72eb0e4ee5fdaae66d9f8573fc97fc42b4959f4bf8b61d78433e86b
+0335d6e9191c4d8bf487b3905c108cfd6ac24b0ceb7dcb7cf51f84d0ed687b95
+eaeb1c533c06f0d97023d92a70825837b59ba6cb7d4e56b0a87c203862ae8f31
+5ba5925e8edefa679369a2202766151f16a965f9f81ece76cc070b55869e4db9
+784cf05c830b3242c8312` }
+}
+
+
+

The following is the ML-DSA-87 public key corresponding to the private +key in the previous section.

+
+
+-----BEGIN PUBLIC KEY-----
+MIIKMjALBglghkgBZQMEAxMDggohAJeSvOwvJDBoaoL8zzwvX/Zl53HXq0G5AljP
+p+kOyXEkpzsyO5uiGrZNdnxDP1pSHv/hj4bkahiJUsRGfgSLcp5/xNEV5+SNoYlt
+X+EZsQ3N3vYssweVQHS0IzblKDbeYdqUH4036misgQb6vhkHBnmvYAhTcSD3B5O4
+6pzA5ue3tMmlx0IcYPJEUboekz2xou4Wx5VZ8hs9G4MFhQqkKvuxPx9NW59INfnY
+ffzrFi0O9Kf9xMuhdDzRyHu0ln2hbMh2S2Vp347lvcv/6aTgV0jm/fIlr55O63dz
+ti6Phfm1a1SJRVUYRPvYmAakrDab7S0lYQD2iKatXgpwmCbcREnpHiPFUG5kI2Hv
+WjE3EvebxLMYaGHKhaS6sX5/lD0bijM6o6584WtEDWAY+eBNr1clx/GpP60aWie2
+eJW9JJqpFoXeIK8yyLfiaMf5aHfQyFABE1pPCo8bgmT6br5aNJ2K7K0aFimczy/Z
+x7hbrOLO06oSdrph7njtflyltnzdRYqTVAMOaru6v1agojFv7J26g7UdQv0xZ/Hg
++QhV1cZlCbIQJl3B5U7ES0O6fPmu8Ri0TYCRLOdRZqZlHhFs6+SSKacGLAmTH3Gr
+0ik/dvfvwyFbqXgAA35Y5HC9u7Q8GwQ56vecVNk7RKrJ7+n74VGHTPsqZMvuKMxM
+D+d3Xl2HDxwC5bLjxQBMmV8kybd5y3U6J30Ocf1CXra8LKVs4SnbUfcHQPMeY5dr
+UMcxLpeX14xbGsJKX6NHzJFuCoP1w7Z1zTC4Hj+hC5NETgc5dXHM6Yso2lHbkFa8
+coxbCxGB4vvTh7THmrGl/v7ONxZ693LdrRTrTDmC2lpZ0OnrFz7GMVCRFwAno6te
+9qoSnLhYVye5NYooUB1xOnLz8dsxcUKG+bZAgBOvBgRddVkvwLfdR8c+2cdbEenX
+xp98rfwygKkGLFJzxDvhw0+HRIhkzqe1yX1tMvWb1fJThGU7tcT6pFvqi4lAKEPm
+Rba5Jp4r2YjdrLAzMo/7BgRQ998IAFPmlpslHodezsMs/FkoQNaatpp14Gs3nFNd
+lSZrCC9PCckxYrM7DZ9zB6TqqlIQRDf+1m+O4+q71F1nslqBM/SWRotSuv/b+tk+
+7xqYGLXkLscieIo9jTUp/Hd9K6VwgB364B7IgwKDfB+54DVXJ2Re4QRsP5Ffaugt
+rU+2sDVqRlGP/INBVcO0/m2vpsyKXM9TxzoISdjUT33PcnVOcOG337RHu070nRpx
+j2Fxu84gCVDgzpJhBrFRo+hx1c5JcxvWZQqbDKly2hxfE21Egg6mODwI87OEzyM4
+54nFE/YYzFaUpvDO4QRRHh7XxfI6Hr/YoNuEJFUyQBVtv2IoMbDGQ9HFUbbz96mN
+KbhcLeBaZfphXu4WSVvZBzdnIRW1PpHF2QAozz8ak5U6FT3lO0QITpzP9rc2aTkm
+2u/rstd6pa1om5LzFoZmnfFtFxXMWPeiz7ct0aUekvglmTp0Aivn6etgVGVEVwlN
+FJKPICFeeyIqxWtRrb7I2L22mDl5p+OiG0S10VGMqX0LUZX1HtaiQ1DIl0fh7epR
+tEjj6RRwVM6SeHPJDbOU2GiI4H3/F3WT1veeFSMCIErrA74jhq8+JAeL0CixaJ9e
+FHyfRSyM6wLsWcydtjoDV2zur+mCOQI4l9oCNmMKU8Def0NaGYaXkvqzbnueY1dg
+8JBp5kMucAA1rCoCh5//Ch4b7FIgRxk9lOtd8e/VPuoRRMp4lAhS9eyXJ5BLNm7e
+T14tMx+tX8KC6ixH6SMUJ3HD3XWoc1dIfe+Z5fGOnZ7WI8F10CiIxR+CwHqA1UcW
+s8PCvb4unwqbuq6+tNUpNodkBvXADo5LvQpewFeX5iB8WrbIjxpohCG9BaEU9Nfe
+KsJB+g6L7f9H92Ldy+qpEAT40x6FCVyBBUmUrTgm40S6lgQIEPwLKtHeSM+t4ALG
+LlpJoHMas4NEvBY23xa/YH1WhV5W1oQAPHGOS62eWgmZefzd7rHEp3ds03o0F8sO
+GE4p75vA6HR1umY74J4Aq1Yut8D3Fl+WmptCQUGYzPG/8qLI1omkFOznZiknZlaJ
+6U25YeuuxWFcvBp4lcaFGslhQy/xEY1GB9Mu+dxzLVEzO+S00OMN3qeE7Ki+R+dB
+vpwZYx3EcKUu9NwTpPNjP9Q014fBcJd7QX31mOHQ3eUGu3HW8LwX7HDjsDzcGWXL
+Npk/YzsEcuUNCSOsbGb98dPmRZzBIfD1+U0J6dvPXWkOIyM4OKC6y3xjjRsmUKQw
+jNFxtoVRJtHaZypu2FqNeMKG+1b0qz0hSXUoBFxjJiyKQq8vmALFO3u4vijnj+C1
+zkX7t6GvGjsoqNlLeJDjyILjm8mOnwrXYCW/DdLwApjnFBoiaz187kFPYE0eC6VN
+EdX+WLzOpq13rS6MHKrPMkWQFLe5EAGx76itFypSP7jjZbV3Ehv5/Yiixgwh6CHX
+tqy0elqZXkDKztXCI7j+beXhjp0uWJOu/rt6rn/xoUYmDi8RDpOVKCE6ACWjjsea
+q8hhsl68UJpGdMEyqqy34BRvFO/RHPyvTKpPd1pxbOMl4KQ1pNNJ1yC88TdFCvxF
+BG/Bofg6nTKXd6cITkqtrnEizpcAWTBSjrPH9/ESmzcoh6NxFVo7ogGiXL8dy2Tn
+ze4JLDFB+1VQ/j0N2C6HDleLK0ZQCBgRO49laXc8Z3OFtppCt33Lp6z/2V/URS4j
+qqHTfh2iFR6mWNQKNZayesn4Ep3GzwZDdyYktZ9PRhIw30ccomCHw5QtXGaH32CC
+g1k1o/h8t2Kww7HQ3aSmUzllvvG3uCkuJUwBTQkP7YV8RMGDnGlMCmTj+tkKEfU0
+citu4VdPLhSdVddE3kiHAk4IURQxwGJ1DhbHSrnzJC8ts/+xKo1hB/qiKdb2NzsH
+8205MrO9sEwZ3WTq3X+Tw8Vkw1ihyB3PHJwx5bBlaPl1RMF9wVaYxcs4mDqa/EJ4
+P6p3OlLJ2CYGkL6eMVaqW8FQneo/aVh2lc1v8XK6g+am2KfWu+u7zaNnJzGYP4m8
+WDHcN8PzxcVvrMaX88sgvV2629cC5UhErC9iaQH+FZ25Pf1Hc9j+c1YrhGwfyFbR
+gCdihA68cteYi951y8pw0xnTLODMAlO7KtRVcj7gx/RzbObmZlxayjKkgcU4Obwl
+kWewE9BCM5Xuuaqu4yBhSafVUNZ/xf3+SopcNdJRC2ZDeauPcoVaKvR6vOKmMgSO
+r4nly0qI3rxTpZUQOszk8c/xis/wev4etXFqoeQLYxNMOjrpV5+of1Fb4JPC0p22
+1rZck2YeAGNrWScE0JPMZxbCNC6xhT1IyFxjrIooVEYse3fn470erFvKKP+qALXT
+SfilR62HW5aowrKRDJMBMJo/kTilaTER9Vs8AJypR8Od/ILZjrHKpKnL6IX3hvqG
+5VvgYiIvi6kKl0BzMmsxISrs4KNKYA==
+-----END PUBLIC KEY-----
+
+
+
+
+SEQUENCE {
+  SEQUENCE {
+    OBJECT_IDENTIFIER { 2.16.840.1.101.3.4.3.19 }
+  }
+  BIT_STRING { `00` `9792bcec2f2430686a82fccf3c2f5ff665e771d7ab4
+1b90258cfa7e90ec97124a73b323b9ba21ab64d767c433f5a521effe18f86e46
+a188952c4467e048b729e7fc4d115e7e48da1896d5fe119b10dcddef62cb3079
+54074b42336e52836de61da941f8d37ea68ac8106fabe19070679af600853712
+0f70793b8ea9cc0e6e7b7b4c9a5c7421c60f24451ba1e933db1a2ee16c79559f
+21b3d1b8305850aa42afbb13f1f4d5b9f4835f9d87dfceb162d0ef4a7fdc4cba
+1743cd1c87bb4967da16cc8764b6569df8ee5bdcbffe9a4e05748e6fdf225af9
+e4eeb7773b62e8f85f9b56b548945551844fbd89806a4ac369bed2d256100f68
+8a6ad5e0a709826dc4449e91e23c5506e642361ef5a313712f79bc4b3186861c
+a85a4bab17e7f943d1b8a333aa3ae7ce16b440d6018f9e04daf5725c7f1a93fa
+d1a5a27b67895bd249aa91685de20af32c8b7e268c7f96877d0c85001135a4f0
+a8f1b8264fa6ebe5a349d8aecad1a16299ccf2fd9c7b85bace2ced3aa1276ba6
+1ee78ed7e5ca5b67cdd458a9354030e6abbbabf56a0a2316fec9dba83b51d42f
+d3167f1e0f90855d5c66509b210265dc1e54ec44b43ba7cf9aef118b44d80912
+ce75166a6651e116cebe49229a7062c09931f71abd2293f76f7efc3215ba9780
+0037e58e470bdbbb43c1b0439eaf79c54d93b44aac9efe9fbe151874cfb2a64c
+bee28cc4c0fe7775e5d870f1c02e5b2e3c5004c995f24c9b779cb753a277d0e7
+1fd425eb6bc2ca56ce129db51f70740f31e63976b50c7312e9797d78c5b1ac24
+a5fa347cc916e0a83f5c3b675cd30b81e3fa10b93444e07397571cce98b28da5
+1db9056bc728c5b0b1181e2fbd387b4c79ab1a5fefece37167af772ddad14eb4
+c3982da5a59d0e9eb173ec6315091170027a3ab5ef6aa129cb8585727b9358a2
+8501d713a72f3f1db31714286f9b6408013af06045d75592fc0b7dd47c73ed9c
+75b11e9d7c69f7cadfc3280a9062c5273c43be1c34f87448864cea7b5c97d6d3
+2f59bd5f25384653bb5c4faa45bea8b89402843e645b6b9269e2bd988ddacb03
+3328ffb060450f7df080053e6969b251e875ecec32cfc592840d69ab69a75e06
+b379c535d95266b082f4f09c93162b33b0d9f7307a4eaaa52104437fed66f8ee
+3eabbd45d67b25a8133f496468b52baffdbfad93eef1a9818b5e42ec722788a3
+d8d3529fc777d2ba570801dfae01ec88302837c1fb9e0355727645ee1046c3f9
+15f6ae82dad4fb6b0356a46518ffc834155c3b4fe6dafa6cc8a5ccf53c73a084
+9d8d44f7dcf72754e70e1b7dfb447bb4ef49d1a718f6171bbce200950e0ce926
+106b151a3e871d5ce49731bd6650a9b0ca972da1c5f136d44820ea6383c08f3b
+384cf2338e789c513f618cc5694a6f0cee104511e1ed7c5f23a1ebfd8a0db842
+4553240156dbf622831b0c643d1c551b6f3f7a98d29b85c2de05a65fa615eee1
+6495bd90737672115b53e91c5d90028cf3f1a93953a153de53b44084e9ccff6b
+736693926daefebb2d77aa5ad689b92f31686669df16d1715cc58f7a2cfb72dd
+1a51e92f825993a74022be7e9eb6054654457094d14928f20215e7b222ac56b5
+1adbec8d8bdb6983979a7e3a21b44b5d1518ca97d0b5195f51ed6a24350c8974
+7e1edea51b448e3e9147054ce927873c90db394d86888e07dff177593d6f79e1
+52302204aeb03be2386af3e24078bd028b1689f5e147c9f452c8ceb02ec59cc9
+db63a03576ceeafe98239023897da0236630a53c0de7f435a19869792fab36e7
+b9e635760f09069e6432e700035ac2a02879fff0a1e1bec522047193d94eb5df
+1efd53eea1144ca78940852f5ec9727904b366ede4f5e2d331fad5fc282ea2c4
+7e923142771c3dd75a87357487def99e5f18e9d9ed623c175d02888c51f82c07
+a80d54716b3c3c2bdbe2e9f0a9bbaaebeb4d52936876406f5c00e8e4bbd0a5ec
+05797e6207c5ab6c88f1a688421bd05a114f4d7de2ac241fa0e8bedff47f762d
+dcbeaa91004f8d31e85095c81054994ad3826e344ba96040810fc0b2ad1de48c
+fade002c62e5a49a0731ab38344bc1636df16bf607d56855e56d684003c718e4
+bad9e5a099979fcddeeb1c4a7776cd37a3417cb0e184e29ef9bc0e87475ba663
+be09e00ab562eb7c0f7165f969a9b42414198ccf1bff2a2c8d689a414ece7662
+927665689e94db961ebaec5615cbc1a7895c6851ac961432ff1118d4607d32ef
+9dc732d51333be4b4d0e30ddea784eca8be47e741be9c19631dc470a52ef4dc1
+3a4f3633fd434d787c170977b417df598e1d0dde506bb71d6f0bc17ec70e3b03
+cdc1965cb36993f633b0472e50d0923ac6c66fdf1d3e6459cc121f0f5f94d09e
+9dbcf5d690e23233838a0bacb7c638d1b2650a4308cd171b6855126d1da672a6
+ed85a8d78c286fb56f4ab3d21497528045c63262c8a42af2f9802c53b7bb8be2
+8e78fe0b5ce45fbb7a1af1a3b28a8d94b7890e3c882e39bc98e9f0ad76025bf0
+dd2f00298e7141a226b3d7cee414f604d1e0ba54d11d5fe58bccea6ad77ad2e8
+c1caacf32459014b7b91001b1efa8ad172a523fb8e365b577121bf9fd88a2c60
+c21e821d7b6acb47a5a995e40caced5c223b8fe6de5e18e9d2e5893aefebb7aa
+e7ff1a146260e2f110e939528213a0025a38ec79aabc861b25ebc509a4674c13
+2aaacb7e0146f14efd11cfcaf4caa4f775a716ce325e0a435a4d349d720bcf13
+7450afc45046fc1a1f83a9d329777a7084e4aadae7122ce97005930528eb3c7f
+7f1129b372887a371155a3ba201a25cbf1dcb64e7cdee092c3141fb5550fe3d0
+dd82e870e578b2b46500818113b8f6569773c677385b69a42b77dcba7acffd95
+fd4452e23aaa1d37e1da2151ea658d40a3596b27ac9f8129dc6cf0643772624b
+59f4f461230df471ca26087c3942d5c6687df6082835935a3f87cb762b0c3b1d
+0dda4a6533965bef1b7b8292e254c014d090fed857c44c1839c694c0a64e3fad
+90a11f534722b6ee1574f2e149d55d744de4887024e08511431c062750e16c74
+ab9f3242f2db3ffb12a8d6107faa229d6f6373b07f36d3932b3bdb04c19dd64e
+add7f93c3c564c358a1c81dcf1c9c31e5b06568f97544c17dc15698c5cb38983
+a9afc42783faa773a52c9d8260690be9e3156aa5bc1509dea3f69587695cd6ff
+172ba83e6a6d8a7d6bbebbbcda3672731983f89bc5831dc37c3f3c5c56facc69
+7f3cb20bd5dbadbd702e54844ac2f626901fe159db93dfd4773d8fe73562b846
+c1fc856d1802762840ebc72d7988bde75cbca70d319d32ce0cc0253bb2ad4557
+23ee0c7f4736ce6e6665c5aca32a481c53839bc259167b013d0423395eeb9aaa
+ee3206149a7d550d67fc5fdfe4a8a5c35d2510b664379ab8f72855a2af47abce
+2a632048eaf89e5cb4a88debc53a595103acce4f1cff18acff07afe1eb5716aa
+1e40b63134c3a3ae9579fa87f515be093c2d29db6d6b65c93661e00636b59270
+4d093cc6716c2342eb1853d48c85c63ac8a2854462c7b77e7e3bd1eac5bca28f
+faa00b5d349f8a547ad875b96a8c2b2910c9301309a3f9138a5693111f55b3c0
+09ca947c39dfc82d98eb1caa4a9cbe885f786fa86e55be062222f8ba90a97407
+3326b31212aece0a34a60` }
+}
+
+
+
+
+
+
+

+C.3. Example Certificate +

+

The following is a self-signed certificate for the ML-DSA-44 public key in the +previous section.

+
+
+-----BEGIN CERTIFICATE-----
+MIIPlDCCBgqgAwIBAgIUFZ/+byL9XMQsUk32/V4o0N44804wCwYJYIZIAWUDBAMR
+MCIxDTALBgNVBAoTBElFVEYxETAPBgNVBAMTCExBTVBTIFdHMB4XDTIwMDIwMzA0
+MzIxMFoXDTQwMDEyOTA0MzIxMFowIjENMAsGA1UEChMESUVURjERMA8GA1UEAxMI
+TEFNUFMgV0cwggUyMAsGCWCGSAFlAwQDEQOCBSEA17K0clSq4NtF55MNSpjSyX2P
+E5fReJ2voXAksxbpvslPyZRtQvGbeadBO7qjPnFJy0LtURVpOsBB+suYit61/g4d
+hjEYSZW1ksOX0ilOLhT5CqQUujgmiZrEP0zMrLwm6agyuVEY1ctDPL75ZgsAE44I
+F/YediyidMNq1VTrIqrBFi5KsBrLoeOMTv2PgLZbMz0PcuVd/nHOnB67mInnxWEG
+wP1zgDoq7P6v3teqPLLO2lTRK9jNNqeM+XWUO0er0l6ICsRS5XQu0ejRqCr6huWQ
+x1jBWuTShA2SvKGlCQ9ASWWX/KfYuVE/GhvabpUKqpjeRnUH1KT1pPBZkhZYLDVy
+9i7aiQWrNYFnDEoCd3oz4Mpylf2PT/bRoKOnaD1l9fX3/GDaAj6CbF+SFEwC99G6
+EHWYdVPqk2f8122ZC3+pnNRa/biDbUPkWfUYffBYR5cJoB6mg1k1+nBGCZDNPcG6
+QBupS6sd3kGsZ6szGdysoGBI1MTu8n7hOpwX0FOPQw8tZC3CQVZg3niHfY2KvHJS
+OXjAQuQoX0MZhGxEEmJCl2hEwQ5Va6IVtacZ5Z0MayqW05hZBx/cws3nUkp77a5U
+6FsxjoVOj+Ky8+36yXGRKCcKr9HlBEw6T9r9n/MfkHhLjo5FlhRKDa9YZRHT2ZYr
+nqla8Ze05fxg8rHtFd46W+9fib3HnZEFHZsoFudPpUUx79wcvnTUSIV/R2vNWPIc
+C2U7O3ak4HamVZowJxhVXMY/dIWaq6uSXwI4YcqM0Pe62yhx9n1VMm10URNa1F9K
+G6aRGPuyyKMO7JOS7z+XcGbJrdXHEMxkexUU0hfZWMcBfD6Q/SDATmdLkEhuk3Cj
+GgAdMvRzl55JBnSefkd/oLdFCPil8jeDErg8Jb04jKCw//dHi69CtxZn7arJfEax
+KWQ+WG5bBVoMIRlG1PNuZ1vtWGD6BCoxXZgmFk1qkjfDWl+/SVSQpb1N8ki5XEqu
+d4S2BWcxZqxCRbW0sIKgnpMj5i8geMW3Z4NEbe/XNq06NwLUmwiYRJAKYYMzl7xE
+GbMNepegs4fBkRR0xNQbU+Mql3rLbw6nXbZbs55Z5wHnaVfe9vLURVnDGncSK1IE
+47XCGfFoixTtC8C4AbPm6C3NQ+nA6fQXRM2YFb0byIINi7Ej8E+s0bG2hd1aKxuN
+u/PtkzZw8JWhgLTxktCLELj6u9/MKyRRjjLuoKXgyQTKhEeACD87DNLQuLavZ7w1
+W5SUAl3HsKePqA46Lb/rUTKIUdYHgZjpSTZRrnh+wCUfkiujDp9R32Km1yeEzz3S
+BTkxdt+jJKUSvZSXCjbdNKUUqGeR8Os28BRbCatkZRtKAxOymWEaKhxIiRYnWYdo
+oxFAYLpEQ0ht9RUioc6IswmFwhb45u0XjdVnswSg1Mr7qIKig0LxepqiauWNtjAI
+PSw1j99WbD9dYqQoVnvJ6ozpXKoPNUdLC/qPM5olCrTfzyCDvo7vvBBV4Y/hU3Du
+yyYFZtg/8GshGq7EPKKbVMzQD4gVokZe8LRlFcx+QfMSTwnv/3OTCatYspoUWaAL
+zlA46TjJZ49y6w5O5f2q5m2fhXP8l/xCtJWfS/i2HXhDPoawM11ukZHE2L9IezkF
+wQjP1qwksM633LfPUfhNDtaHuV6uscUzwG8NlwI9kqcIJYN7Wbpst9TlawqHwgOG
+KujzFbpZJejt76Z5NpoiAnZhUfFqll+fgeznbMBwtVhp5NuXhM8FyDCzJCyDEqNC
+MEAwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFDKa
+B7H6u0j1KjCfEaGJj4SOIyL/MAsGCWCGSAFlAwQDEQOCCXUA/LEt78ExnP4sas0M
+wv/5uOJwUaNNpxfdLJ4BvQt2ocbrYG/4Z4K75x7KbP9w2lzUnkTeihk1hrPTK+ok
+QfG/KnOADj+SKVyGRvQecSunv+Ze77Um/UJRY+IrMsbwKhtG9hoX+sPEbQZwF4YP
+Kgb6HBontM0zMs7eGWWgca0WBRgZyK2LwfZhRO3lR5xxutrN/nF9wKta2mRg1J8j
+GuwZ7H6E3lol0NJD2TFc5CcO2EA7NV+hVb4/8W9ILm71WIwiLApn0YKI7RjG81Io
+zPr3TjgKTvRTkxdjrVjKmelj8R47u/UMe1Ga7uiSQoIudYQziXPpexmvBKSUywF7
+yU+0cMVTIuqN6iTIbeTx0rzWMwMo4BTF33iroteo+/fhE0x0vkIPynPqW0IXluD4
+awiwZkZNyML+8GuHCPzcSGkKG63YB/jmiPWQppUs4PKWbjX+Wsr2pbvsUT0h2b2x
+LB0K/7jLqEcWzDZvEYCshKNiQ6hhXhFyxDquGmLzrYtN5zdJqZSRU2hxfYutem6i
+WvPL/cisDHzIY3ATkdABLwLq2FUMw6OGbLx2NllYRRV1vkgvHIpOb6PiUtk1yh7P
+yAYDSE1UxjLFeYmjlCABYWElShY0kNzM2ktlkJszcJSY7e4RPlnldSeSGJ6VTTWy
+y6XEp1f/0xqYDnJ7HdBAkNE2t+V4+iNMPhap3+MDtSNt+NPNLrH27j+7SdcCtTKL
+KZdk8VcTB/IIj1eJnNwtLmf4w3Fs5tvOYxbwpEpSgOFhahYD17++K6d7u7mykFd5
+gZN7ydA4YRB/fFOJS8msLjm5ta8TYWDuU1t9RLFBd7S6qNSOg/GDNJ5CyyUAv/fD
+2+gtfiuVWtV7IoUNymNNK8Wrht2f5LlvWrGJQAhKm/JcUjwwAdENoZgFtUCVHW9W
+UuWt3li4Ta69qXKVn1EdzNuPAdq5AbZyQmEl5GHyT+uv5VV9edGK6G5dASwATca0
+NOWL/kNWb6T4xkpvBgj5yI2+SvmfHZyiUo+s8hj3Ikt+U+m6zLKp4xB1x37CFdPy
+J/7+yOcmelsZfNjr9Dps0Nxnijvu+fvhI0KkoVvzHG9yR6h7YXWn/VOezt8XL4vE
+BcQcuCCj+Bz55rclX1gCGJED6ZhiQO5xvHDgptMzbbYkmuK6PZJzCMzWtFcYrrOi
+jNHLBhtxnjgG71PygYGmoKRVG0fLS4MAcXLAl906fRDl9seI92Y3/JgCI5VgL/A3
+3hcFv/fbYo2wBycYPYmpvZqCI4594sas92nZwyKlqlcIeYVhlu1gbX9HKUZQkH8x
+8J6h7l208b3cA59RcB7BYHlOriftCzyvq1JPcORSEvsk3vHX7iZA8DmKU73rpGQ8
+iAS+4bbEmCAfKEkKss2ub5uFkfip+x3C34/btT/msKOr/t0sTTwtSI4hpmln5OJJ
+P0kwDwd93vJO9jUiztF8f6a8etCg/NqA9sdRz+7BGPviwAZwDOa+jZ0VvsoJkSax
+ir5Z81E6rR949ZzKery208QzJD8emoXHwkWngyrZzqPguYvPB1fNDNLjdkZl3AnR
+DL/0ahygOIRrEyrEdHLDPPSzoZYg7s7iW40E1Fs61/EMNeGDxWWmcXwSeRsJv1ut
+pKxkjnofHFkc9i9RJhhYx5JPBn9JNBUG9obrwLnFTF+DUdEJwRbyMwLEWHzZobU8
+pvYXusxLgcd+0gn0s+siQNJAAlRniKsi0YutSR27k8nQyL0s8Jgl7bybSh/KbNKG
+T/643zfGrBMfOtGo5z28CsXszpDlxhEipYS8iaoidwnjURrndCQgR7ukcYv105ul
+K1v8V3S5msyWb4UTndzK5yK6owqRfstmUA6S6HczJ+qkowDpb2t3nMGqQ5+BTzww
+pozM/bnTVSmLFMGNic+7NltWzRySbxGzc3dxSHHfly4kSocmr53vEewK2DpixrM3
+LJMYZYivUREMaHd4BCoUzjbK9aFs3EXcm6/Q8tbFzd4k9qDahopVccqiTmaJ4HGb
+szeTqpm5iGJK9okvLy5w4j83oNhHPd/J6vw8ZqtfYYbME4GYXVtFRb07GpnPQa6E
+aErkAgtVTKptOQyJaO09YaLEbHnAgYFhZ1wQeN0Negn1YqkBC4FBe1yBMdMOre7l
+xV0FhkpMaO2wU0gPl9IrCe9m8aLRT4zcihIdJLVARPsudeLv6Oim3ao259gcum0y
+P1KD1dxwUC/j6zAtz2Qjt2Q11dLfxqKPA67Go2Dng+/uaUvbZI0lsPrx2kX0ADsT
+Nf5KoipXLssLwyooz3Ga0dcwjpTv0NE43wT8wx/OKuAC3cHAS/s+7Pk+xkypbFXI
+ba8Z6Au7Dq4r03k0fPpgL3KHqpDBWNuxujH9+RN7oGGAjppcGfq4I5tf7i5mNjZQ
+W+SBG7pgsVWibDidCbf7CfWwY6oWi718wtShOYFALIzsYAqeXqdi7raMQGl1T43A
+WiyjbXxh0adG3sqmwVhjtvesFSwZ9v0fMG0CMDQBl3fP6FXmMMaV1O0GWb16zxVK
+4QtIFRQfQGkhXWNAvBPm4F2xb6F2uJUWHnOs9g8Wuhfk3pBtjtfFWJwkaOAOsvp2
+d/1UtsYop10zwW1EMyYxiUZ16TwvSb3Om4q0mGxHQEY1VkCMouBY680bWxMfw6C4
+rRv98itFqOAHP1Mc1tKCCtUOI/a1MDQrnI0oLjsxxTnOX2uUzrx2DnuWhPEx3/w1
++BxKXZFcDHamuWl6nbPWwrOxbNorC6arGMQSy6h40f6dfixlsCpEh+lBjucRG74S
+TJl8sM82z6akqE8JDOf3yU/sItuzOLfvNXICbkoMG0EBxMPa6TaxPNtco4UiKOuY
+nkzyIOnH5LGNOQNQCExkxHFRyoZr8TMBEoIcICnZruw1r8gYtB+kFgivIsqKptXC
+tAMhQF/vdss4YqwYcCV5bDVs90+IMlSalrfuecV0pdwUzvXn6QHVm+4SkKlMEwuY
+wyQiiwPav40S9rIO5tE5gR/BBndPfo02pGvxXR9/vZjhRVRkJr3ZaC+lVHSqtsjc
+bVfTh/nK6lkLYJ/AwcAK/3d4SKSIjHmTucj2KIDws4i3QSQ1qh1AABpugNV4zJgm
+J88qqA7oLmNFkyILQW0g0COb500DDBcjPkZkb3p7i5yjrbzEx/L4BQkKGhstdnmO
+nsLY8P4FBxAZKTJFRlSGipeipr3HGicsMTpNZ3eKqbK4wsTR3fAAAAAAAAAAAAAA
+AAAAABMhMUI=
+-----END CERTIFICATE-----
+
+
+
+
+SEQUENCE {
+  SEQUENCE {
+    [0] {
+      INTEGER { 2 }
+    }
+    INTEGER { `159ffe6f22fd5cc42c524df6fd5e28d0de38f34e` }
+    SEQUENCE {
+      OBJECT_IDENTIFIER { 2.16.840.1.101.3.4.3.17 }
+    }
+    SEQUENCE {
+      SET {
+        SEQUENCE {
+          # organizationName
+          OBJECT_IDENTIFIER { 2.5.4.10 }
+          PrintableString { "IETF" }
+        }
+      }
+      SET {
+        SEQUENCE {
+          # commonName
+          OBJECT_IDENTIFIER { 2.5.4.3 }
+          PrintableString { "LAMPS WG" }
+        }
+      }
+    }
+    SEQUENCE {
+      UTCTime { "200203043210Z" }
+      UTCTime { "400129043210Z" }
+    }
+    SEQUENCE {
+      SET {
+        SEQUENCE {
+          # organizationName
+          OBJECT_IDENTIFIER { 2.5.4.10 }
+          PrintableString { "IETF" }
+        }
+      }
+      SET {
+        SEQUENCE {
+          # commonName
+          OBJECT_IDENTIFIER { 2.5.4.3 }
+          PrintableString { "LAMPS WG" }
+        }
+      }
+    }
+    SEQUENCE {
+      SEQUENCE {
+        OBJECT_IDENTIFIER { 2.16.840.1.101.3.4.3.17 }
+      }
+      BIT_STRING { `00` `d7b2b47254aae0db45e7930d4a98d2c97d8f139
+7d1789dafa17024b316e9bec94fc9946d42f19b79a7413bbaa33e7149cb42ed5
+115693ac041facb988adeb5fe0e1d8631184995b592c397d2294e2e14f90aa41
+4ba3826899ac43f4cccacbc26e9a832b95118d5cb433cbef9660b00138e0817f
+61e762ca274c36ad554eb22aac1162e4ab01acba1e38c4efd8f80b65b333d0f7
+2e55dfe71ce9c1ebb9889e7c56106c0fd73803a2aecfeafded7aa3cb2ceda54d
+12bd8cd36a78cf975943b47abd25e880ac452e5742ed1e8d1a82afa86e590c75
+8c15ae4d2840d92bca1a5090f40496597fca7d8b9513f1a1bda6e950aaa98de4
+67507d4a4f5a4f0599216582c3572f62eda8905ab3581670c4a02777a33e0ca7
+295fd8f4ff6d1a0a3a7683d65f5f5f7fc60da023e826c5f92144c02f7d1ba107
+5987553ea9367fcd76d990b7fa99cd45afdb8836d43e459f5187df058479709a
+01ea6835935fa70460990cd3dc1ba401ba94bab1dde41ac67ab3319dcaca0604
+8d4c4eef27ee13a9c17d0538f430f2d642dc2415660de78877d8d8abc7252397
+8c042e4285f4319846c44126242976844c10e556ba215b5a719e59d0c6b2a96d
+39859071fdcc2cde7524a7bedae54e85b318e854e8fe2b2f3edfac9719128270
+aafd1e5044c3a4fdafd9ff31f90784b8e8e4596144a0daf586511d3d9962b9ea
+95af197b4e5fc60f2b1ed15de3a5bef5f89bdc79d91051d9b2816e74fa54531e
+fdc1cbe74d448857f476bcd58f21c0b653b3b76a4e076a6559a302718555cc63
+f74859aabab925f023861ca8cd0f7badb2871f67d55326d7451135ad45f4a1ba
+69118fbb2c8a30eec9392ef3f977066c9add5c710cc647b1514d217d958c7017
+c3e90fd20c04e674b90486e9370a31a001d32f473979e4906749e7e477fa0b74
+508f8a5f2378312b83c25bd388ca0b0fff7478baf42b71667edaac97c46b1296
+43e586e5b055a0c211946d4f36e675bed5860fa042a315d9826164d6a9237c35
+a5fbf495490a5bd4df248b95c4aae7784b605673166ac4245b5b4b082a09e932
+3e62f2078c5b76783446defd736ad3a3702d49b089844900a61833397bc4419b
+30d7a97a0b387c1911474c4d41b53e32a977acb6f0ea75db65bb39e59e701e76
+957def6f2d44559c31a77122b5204e3b5c219f1688b14ed0bc0b801b3e6e82dc
+d43e9c0e9f41744cd9815bd1bc8820d8bb123f04facd1b1b685dd5a2b1b8dbbf
+3ed933670f095a180b4f192d08b10b8fabbdfcc2b24518e32eea0a5e0c904ca8
+44780083f3b0cd2d0b8b6af67bc355b9494025dc7b0a78fa80e3a2dbfeb51328
+851d6078198e9493651ae787ec0251f922ba30e9f51df62a6d72784cf3dd2053
+93176dfa324a512bd94970a36dd34a514a86791f0eb36f0145b09ab64651b4a0
+313b299611a2a1c48891627598768a3114060ba4443486df51522a1ce88b3098
+5c216f8e6ed178dd567b304a0d4cafba882a28342f17a9aa26ae58db630083d2
+c358fdf566c3f5d62a428567bc9ea8ce95caa0f35474b0bfa8f339a250ab4dfc
+f2083be8eefbc1055e18fe15370eecb260566d83ff06b211aaec43ca29b54ccd
+00f8815a2465ef0b46515cc7e41f3124f09efff739309ab58b29a1459a00bce5
+038e938c9678f72eb0e4ee5fdaae66d9f8573fc97fc42b4959f4bf8b61d78433
+e86b0335d6e9191c4d8bf487b3905c108cfd6ac24b0ceb7dcb7cf51f84d0ed68
+7b95eaeb1c533c06f0d97023d92a70825837b59ba6cb7d4e56b0a87c203862ae
+8f315ba5925e8edefa679369a2202766151f16a965f9f81ece76cc070b55869e
+4db9784cf05c830b3242c8312` }
+    }
+    [3] {
+      SEQUENCE {
+        SEQUENCE {
+          # keyUsage
+          OBJECT_IDENTIFIER { 2.5.29.15 }
+          BOOLEAN { TRUE }
+          OCTET_STRING {
+            BIT_STRING { b`0000011` }
+          }
+        }
+        SEQUENCE {
+          # basicConstraints
+          OBJECT_IDENTIFIER { 2.5.29.19 }
+          BOOLEAN { TRUE }
+          OCTET_STRING {
+            SEQUENCE {
+              BOOLEAN { TRUE }
+            }
+          }
+        }
+        SEQUENCE {
+          # subjectKeyIdentifier
+          OBJECT_IDENTIFIER { 2.5.29.14 }
+          OCTET_STRING {
+            OCTET_STRING { `329a07b1fabb48f52a309f11a1898f848e23
+22ff` }
+          }
+        }
+      }
+    }
+  }
+  SEQUENCE {
+    OBJECT_IDENTIFIER { 2.16.840.1.101.3.4.3.17 }
+  }
+  BIT_STRING { `00` `fcb12defc1319cfe2c6acd0cc2fff9b8e27051a34da
+717dd2c9e01bd0b76a1c6eb606ff86782bbe71eca6cff70da5cd49e44de8a193
+586b3d32bea2441f1bf2a73800e3f92295c8646f41e712ba7bfe65eefb526fd4
+25163e22b32c6f02a1b46f61a17fac3c46d067017860f2a06fa1c1a27b4cd333
+2cede1965a071ad16051819c8ad8bc1f66144ede5479c71badacdfe717dc0ab5
+ada6460d49f231aec19ec7e84de5a25d0d243d9315ce4270ed8403b355fa155b
+e3ff16f482e6ef5588c222c0a67d18288ed18c6f35228ccfaf74e380a4ef4539
+31763ad58ca99e963f11e3bbbf50c7b519aeee89242822e7584338973e97b19a
+f04a494cb017bc94fb470c55322ea8dea24c86de4f1d2bcd6330328e014c5df7
+8aba2d7a8fbf7e1134c74be420fca73ea5b421796e0f86b08b066464dc8c2fef
+06b8708fcdc48690a1badd807f8e688f590a6952ce0f2966e35fe5acaf6a5bbe
+c513d21d9bdb12c1d0affb8cba84716cc366f1180ac84a36243a8615e1172c43
+aae1a62f3ad8b4de73749a994915368717d8bad7a6ea25af3cbfdc8ac0c7cc86
+3701391d0012f02ead8550cc3a3866cbc76365958451575be482f1c8a4e6fa3e
+252d935ca1ecfc80603484d54c632c57989a39420016161254a163490dcccda4
+b65909b33709498edee113e59e5752792189e954d35b2cba5c4a757ffd31a980
+e727b1dd04090d136b7e578fa234c3e16a9dfe303b5236df8d3cd2eb1f6ee3fb
+b49d702b5328b299764f1571307f2088f57899cdc2d2e67f8c3716ce6dbce631
+6f0a44a5280e1616a1603d7bfbe2ba77bbbb9b290577981937bc9d03861107f7
+c53894bc9ac2e39b9b5af136160ee535b7d44b14177b4baa8d48e83f183349e4
+2cb2500bff7c3dbe82d7e2b955ad57b22850dca634d2bc5ab86dd9fe4b96f5ab
+18940084a9bf25c523c3001d10da19805b540951d6f5652e5adde58b84daebda
+972959f511dccdb8f01dab901b672426125e461f24febafe5557d79d18ae86e5
+d012c004dc6b434e58bfe43566fa4f8c64a6f0608f9c88dbe4af99f1d9ca2528
+facf218f7224b7e53e9baccb2a9e31075c77ec215d3f227fefec8e7267a5b197
+cd8ebf43a6cd0dc678a3beef9fbe12342a4a15bf31c6f7247a87b6175a7fd539
+ecedf172f8bc405c41cb820a3f81cf9e6b7255f5802189103e9986240ee71bc7
+0e0a6d3336db6249ae2ba3d927308ccd6b45718aeb3a28cd1cb061b719e3806e
+f53f28181a6a0a4551b47cb4b83007172c097dd3a7d10e5f6c788f76637fc980
+22395602ff037de1705bff7db628db00727183d89a9bd9a82238e7de2c6acf76
+9d9c322a5aa570879856196ed606d7f47294650907f31f09ea1ee5db4f1bddc0
+39f51701ec160794eae27ed0b3cafab524f70e45212fb24def1d7ee2640f0398
+a53bdeba4643c8804bee1b6c498201f28490ab2cdae6f9b8591f8a9fb1dc2df8
+fdbb53fe6b0a3abfedd2c4d3c2d488e21a66967e4e2493f49300f077ddef24ef
+63522ced17c7fa6bc7ad0a0fcda80f6c751cfeec118fbe2c006700ce6be8d9d1
+5beca099126b18abe59f3513aad1f78f59cca7abcb6d3c433243f1e9a85c7c24
+5a7832ad9cea3e0b98bcf0757cd0cd2e3764665dc09d10cbff46a1ca038846b1
+32ac47472c33cf4b3a19620eecee25b8d04d45b3ad7f10c35e183c565a6717c1
+2791b09bf5bada4ac648e7a1f1c591cf62f51261858c7924f067f49341506f68
+6ebc0b9c54c5f8351d109c116f23302c4587cd9a1b53ca6f617bacc4b81c77ed
+209f4b3eb2240d24002546788ab22d18bad491dbb93c9d0c8bd2cf09825edbc9
+b4a1fca6cd2864ffeb8df37c6ac131f3ad1a8e73dbc0ac5ecce90e5c61122a58
+4bc89aa227709e3511ae774242047bba4718bf5d39ba52b5bfc5774b99acc966
+f85139ddccae722baa30a917ecb66500e92e8773327eaa4a300e96f6b779cc1a
+a439f814f3c30a68cccfdb9d355298b14c18d89cfbb365b56cd1c926f11b3737
+7714871df972e244a8726af9def11ec0ad83a62c6b3372c93186588af51110c6
+87778042a14ce36caf5a16cdc45dc9bafd0f2d6c5cdde24f6a0da868a5571caa
+24e6689e0719bb33793aa99b988624af6892f2f2e70e23f37a0d8473ddfc9eaf
+c3c66ab5f6186cc1381985d5b4545bd3b1a99cf41ae84684ae4020b554caa6d3
+90c8968ed3d61a2c46c79c0818161675c1078dd0d7a09f562a9010b81417b5c8
+131d30eadeee5c55d05864a4c68edb053480f97d22b09ef66f1a2d14f8cdc8a1
+21d24b54044fb2e75e2efe8e8a6ddaa36e7d81cba6d323f5283d5dc70502fe3e
+b302dcf6423b76435d5d2dfc6a28f03aec6a360e783efee694bdb648d25b0faf
+1da45f4003b1335fe4aa22a572ecb0bc32a28cf719ad1d7308e94efd0d138df0
+4fcc31fce2ae002ddc1c04bfb3eecf93ec64ca96c55c86daf19e80bbb0eae2bd
+379347cfa602f7287aa90c158dbb1ba31fdf9137ba061808e9a5c19fab8239b5
+fee2e663636505be4811bba60b155a26c389d09b7fb09f5b063aa168bbd7cc2d
+4a13981402c8cec600a9e5ea762eeb68c4069754f8dc05a2ca36d7c61d1a746d
+ecaa6c15863b6f7ac152c19f6fd1f306d023034019777cfe855e630c695d4ed0
+659bd7acf154ae10b4815141f4069215d6340bc13e6e05db16fa176b895161e7
+3acf60f16ba17e4de906d8ed7c5589c2468e00eb2fa7677fd54b6c628a75d33c
+16d44332631894675e93c2f49bdce9b8ab4986c4740463556408ca2e058ebcd1
+b5b131fc3a0b8ad1bfdf22b45a8e0073f531cd6d2820ad50e23f6b530342b9c8
+d282e3b31c539ce5f6b94cebc760e7b9684f131dffc35f81c4a5d915c0c76a6b
+9697a9db3d6c2b3b16cda2b0ba6ab18c412cba878d1fe9d7e2c65b02a4487e94
+18ee7111bbe124c997cb0cf36cfa6a4a84f090ce7f7c94fec22dbb338b7ef357
+2026e4a0c1b4101c4c3dae936b13cdb5ca3852228eb989e4cf220e9c7e4b18d3
+90350084c64c47151ca866bf1330112821c2029d9aeec35afc818b41fa41608a
+f22ca8aa6d5c2b40321405fef76cb3862ac187025796c356cf74f8832549a96b
+7ee79c574a5dc14cef5e7e901d59bee1290a94c130b98c324228b03dabf8d12f
+6b20ee6d139811fc106774f7e8d36a46bf15d1f7fbd98e145546426bdd9682fa
+55474aab6c8dc6d57d387f9caea590b609fc0c1c00aff777848a4888c7993b9c
+8f62880f0b388b7412435aa1d40001a6e80d578cc982627cf2aa80ee82e63459
+3220b416d20d0239be74d030c17233e46646f7a7b8b9ca3adbcc4c7f2f805090
+a1a1b2d76798e9ec2d8f0fe050710192932454654868a97a2a6bdc71a272c313
+a4d67778aa9b2b8c2c4d1ddf0000000000000000000000000000013213142` }
+}
+
+
+
+
+
+
+
+
+

+Acknowledgments +

+

We would like to thank ... for their +insightful comments.

+
+
+
+
+

+Authors' Addresses +

+
+
Jake Massimo
+
AWS
+
United States of America
+ +
+
+
Panos Kampanakis
+
AWS
+
United States of America
+ +
+
+
Sean Turner
+
sn3rd
+ +
+
+
Bas Westerbaan
+
Cloudflare
+ +
+
+
+ + + diff --git a/seanturner-ref-update/draft-ietf-lamps-dilithium-certificates.txt b/seanturner-ref-update/draft-ietf-lamps-dilithium-certificates.txt new file mode 100644 index 0000000..3ed5b73 --- /dev/null +++ b/seanturner-ref-update/draft-ietf-lamps-dilithium-certificates.txt @@ -0,0 +1,1366 @@ + + + + +LAMPS WG J. Massimo +Internet-Draft P. Kampanakis +Intended status: Standards Track AWS +Expires: 15 June 2025 S. Turner + sn3rd + B. E. Westerbaan + Cloudflare + 12 December 2024 + + +Internet X.509 Public Key Infrastructure: Algorithm Identifiers for ML- + DSA + draft-ietf-lamps-dilithium-certificates-latest + +Abstract + + Digital signatures are used within X.509 certificates, Certificate + Revocation Lists (CRLs), and to sign messages. This document + describes the conventions for using FIPS 204, the Module-Lattice- + Based Digital Signature Algorithm (ML-DSA) in Internet X.509 + certificates and certificate revocation lists. The conventions for + the associated signatures, subject public keys, and private key are + also described. + +About This Document + + This note is to be removed before publishing as an RFC. + + The latest revision of this draft can be found at https://lamps- + wg.github.io/dilithium-certificates/#go.draft-ietf-lamps-dilithium- + certificates.html. Status information for this document may be found + at https://datatracker.ietf.org/doc/draft-ietf-lamps-dilithium- + certificates/. + + Discussion of this document takes place on the Limited Additional + Mechanisms for PKIX and SMIME (lamps) Working Group mailing list + (mailto:spasm@ietf.org), which is archived at + https://mailarchive.ietf.org/arch/browse/spasm/. Subscribe at + https://www.ietf.org/mailman/listinfo/spasm/. + + Source for this draft and an issue tracker can be found at + https://github.com/lamps-wg/dilithium-certificates. + +Status of This Memo + + This Internet-Draft is submitted in full conformance with the + provisions of BCP 78 and BCP 79. + + Internet-Drafts are working documents of the Internet Engineering + Task Force (IETF). Note that other groups may also distribute + working documents as Internet-Drafts. The list of current Internet- + Drafts is at https://datatracker.ietf.org/drafts/current/. + + Internet-Drafts are draft documents valid for a maximum of six months + and may be updated, replaced, or obsoleted by other documents at any + time. It is inappropriate to use Internet-Drafts as reference + material or to cite them other than as "work in progress." + + This Internet-Draft will expire on 15 June 2025. + +Copyright Notice + + Copyright (c) 2024 IETF Trust and the persons identified as the + document authors. All rights reserved. + + This document is subject to BCP 78 and the IETF Trust's Legal + Provisions Relating to IETF Documents (https://trustee.ietf.org/ + license-info) in effect on the date of publication of this document. + Please review these documents carefully, as they describe your rights + and restrictions with respect to this document. Code Components + extracted from this document must include Revised BSD License text as + described in Section 4.e of the Trust Legal Provisions and are + provided without warranty as described in the Revised BSD License. + +Table of Contents + + 1. Introduction + 1.1. Requirements Language + 2. Identifiers + 3. ML-DSA Signatures in PKIX + 4. ML-DSA Public Keys in PKIX + 5. Key Usage Bits + 6. Private Key Format + 7. Pre-hashing (ExternalMu-ML-DSA) + 8. IANA Considerations + 9. Security Considerations + 10. References + 10.1. Normative References + 10.2. Informative References + Appendix A. ASN.1 Module + Appendix B. Security Strengths + Appendix C. Examples + C.1. Example Private Key + C.2. Example Public Key + C.3. Example Certificate + Acknowledgments + Authors' Addresses + +1. Introduction + + The Module-Lattice-Based Digital Signature Algorithm (ML-DSA) is a + quantum-resistant digital signature scheme standardized by the US + National Institute of Standards and Technology (NIST) PQC project + [NIST-PQC] in [FIPS204]. This document specifies the use of the ML- + DSA in Public Key Infrastructure X.509 (PKIX) certificates and + Certificate Revocation Lists (CRLs) at three security levels: ML-DSA- + 44, ML-DSA-65, and ML-DSA-87. + + [FIPS204] defines two variants of ML-DSA: a pure and a prehash + variant. Only the former is specified in this document. The pure + variant of ML-DSA supports the typical prehash flow, see Section 7. + In short: one cryptographic module can compute the hash _mu_ on line + 6 of algorithm 7 of [FIPS204] and pass it to a second module to + finish the signature. The first module only needs access to the full + message and the public key, whereas the second module only needs + access to hash _mu_ and the private key. + +1.1. Requirements Language + + The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", + "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and + "OPTIONAL" in this document are to be interpreted as described in + BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all + capitals, as shown here. + +2. Identifiers + + The AlgorithmIdentifier type is defined in [RFC5912] as follows: + + AlgorithmIdentifier{ALGORITHM-TYPE, ALGORITHM-TYPE:AlgorithmSet} ::= + SEQUENCE { + algorithm ALGORITHM-TYPE.id({AlgorithmSet}), + parameters ALGORITHM-TYPE. + Params({AlgorithmSet}{@algorithm}) OPTIONAL + } + + | NOTE: The above syntax is from [RFC5912] and is compatible with + | the 2021 ASN.1 syntax [X680]. See [RFC5280] for the 1988 ASN.1 + | syntax. + + The fields in AlgorithmIdentifier have the following meanings: + + * algorithm identifies the cryptographic algorithm with an object + identifier. + + * parameters, which are optional, are the associated parameters for + the algorithm identifier in the algorithm field. + + The OIDs are: + + id-ml-dsa-44 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) + country(16) us(840) organization(1) gov(101) csor(3) + nistAlgorithm(4) sigAlgs(3) id-ml-dsa-44(17) } + + id-ml-dsa-65 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) + country(16) us(840) organization(1) gov(101) csor(3) + nistAlgorithm(4) sigAlgs(3) id-ml-dsa-65(18) } + + id-ml-dsa-87 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) + country(16) us(840) organization(1) gov(101) csor(3) + nistAlgorithm(4) sigAlgs(3) id-ml-dsa-87(19) } + + The contents of the parameters component for each algorithm MUST be + absent. + +3. ML-DSA Signatures in PKIX + + ML-DSA is a digital signature scheme built upon the Fiat-Shamir-with- + aborts framework [Fiat-Shamir]. The security is based upon the + hardness of lattice problems over module lattices [Dilithium]. ML- + DSA provides three parameter sets for the NIST PQC security + categories 2, 3 and 5. + + Signatures are used in a number of different ASN.1 structures. As + shown in the ASN.1 representation from [RFC5280] below, in an X.509 + certificate, a signature is encoded with an algorithm identifier in + the signatureAlgorithm attribute and a signatureValue attribute that + contains the actual signature. + + Certificate ::= SIGNED{ TBSCertificate } + + SIGNED{ToBeSigned} ::= SEQUENCE { + toBeSigned ToBeSigned, + algorithmIdentifier SEQUENCE { + algorithm SIGNATURE-ALGORITHM. + &id({SignatureAlgorithms}), + parameters SIGNATURE-ALGORITHM. + &Params({SignatureAlgorithms} + {@algorithmIdentifier.algorithm}) + OPTIONAL + }, + signature BIT STRING (CONTAINING SIGNATURE-ALGORITHM.&Value( + {SignatureAlgorithms} + {@algorithmIdentifier.algorithm})) + } + + Signatures are also used in the CRL list ASN.1 representation from + [RFC5280] below. In a X.509 CRL, a signature is encoded with an + algorithm identifier in the signatureAlgorithm attribute and a + signatureValue attribute that contains the actual signature. + + CertificateList ::= SIGNED{ TBSCertList } + + The identifiers defined in Section 2 can be used as the + AlgorithmIdentifier in the signatureAlgorithm field in the sequence + Certificate/CertificateList and the signature field in the sequence + TBSCertificate/TBSCertList in certificates and CRLs, respectively, + [RFC5280]. The parameters of these signature algorithms MUST be + absent, as explained in Section 2. + + The signatureValue field contains the corresponding ML-DSA signature + computed upon the ASN.1 DER encoded tbsCertificate/tbsCertList + [RFC5280]. + + Conforming Certification Authority (CA) implementations MUST specify + the algorithms explicitly by using the OIDs specified in Section 2 + when encoding ML-DSA signatures in certificates and CRLs. Conforming + client implementations that process certificates and CRLs using ML- + DSA MUST recognize the corresponding OIDs. Encoding rules for ML-DSA + signature values are specified Section 2. + + When the id-ml-dsa identifier appears in the algorithm field as an + AlgorithmIdentifier, the encoding MUST omit the parameters field. + That is, the AlgorithmIdentifier SHALL be a SEQUENCE of one + component, the OID id-ml-dsa. + +4. ML-DSA Public Keys in PKIX + + In the X.509 certificate, the subjectPublicKeyInfo field has the + SubjectPublicKeyInfo type, which has the following ASN.1 syntax: + + SubjectPublicKeyInfo {PUBLIC-KEY: IOSet} ::= SEQUENCE { + algorithm AlgorithmIdentifier {PUBLIC-KEY, {IOSet}}, + subjectPublicKey BIT STRING + } + + | NOTE: The above syntax is from [RFC5912] and is compatible with + | the 2021 ASN.1 syntax [X680]. See [RFC5280] for the 1988 ASN.1 + | syntax. + + The fields in SubjectPublicKeyInfo have the following meaning: + + * algorithm is the algorithm identifier and parameters for the + public key (see above). + + * subjectPublicKey contains the byte stream of the public key. + + Appendix C contains example ML-DSA private keys encoded using the + textual encoding defined in [RFC7468]. + +5. Key Usage Bits + + The intended application for the key is indicated in the keyUsage + certificate extension; see Section 4.2.1.3 of [RFC5280]. If the + keyUsage extension is present in a certificate that indicates id-ml- + dsa in the SubjectPublicKeyInfo, then the at least one of following + MUST be present: + + digitalSignature; or + nonRepudiation; or + keyCertSign; or + cRLSign. + + If the keyUsage extension is present in a certificate that indicates + id-ml-dsa in the SubjectPublicKeyInfo, then the following MUST NOT be + present: + + keyEncipherment; or + dataEncipherment; or + keyAgreement; or + encipherOnly; or + decipherOnly. + + Requirements about the keyUsage extension bits defined in [RFC5280] + still apply. + +6. Private Key Format + + An ML-DSA private key is encoded by storing its 32-octet seed in the + privateKey field as follows. + + [FIPS204] specifies two formats for an ML-DSA private key: a 32-octet + seed (xi) and an (expanded) private key. The expanded private key + (and public key) is computed from the seed using ML- + DSA.KeyGen_internal(xi) (algorithm 6). + + "Asymmetric Key Packages" [RFC5958] describes how to encode a private + key in a structure that both identifies what algorithm the private + key is for and allows for the public key and additional attributes + about the key to be included as well. For illustration, the ASN.1 + structure OneAsymmetricKey is replicated below. + + OneAsymmetricKey ::= SEQUENCE { + version Version, + privateKeyAlgorithm SEQUENCE { + algorithm PUBLIC-KEY.&id({PublicKeySet}), + parameters PUBLIC-KEY.&Params({PublicKeySet} + {@privateKeyAlgorithm.algorithm}) + OPTIONAL} + privateKey OCTET STRING (CONTAINING + PUBLIC-KEY.&PrivateKey({PublicKeySet} + {@privateKeyAlgorithm.algorithm})), + attributes [0] Attributes OPTIONAL, + ..., + [[2: publicKey [1] BIT STRING (CONTAINING + PUBLIC-KEY.&Params({PublicKeySet} + {@privateKeyAlgorithm.algorithm}) + OPTIONAL, + ... + } + + | NOTE: The above syntax is from [RFC5958] and is compatible with + | the 2021 ASN.1 syntax [X680]. + + When used in a OneAsymmetricKey type, the privateKey OCTET STRING + contains the raw octet string encoding of the 32-octet seed. The + publicKey field SHOULD be omitted because the public key can be + computed as noted earlier in this section. + + Appendix C contains example ML-DSA private keys encoded using the + textual encoding defined in [RFC7468]. + +7. Pre-hashing (ExternalMu-ML-DSA) + + Some applications require prehashing, where the signature generation + process can be separated into a pre-hash step and a core signature + step in order to ease operational requirements around large or + inconsistently-sized payloads. This can be performed at the protocol + layer, but not all protocols support it. Examples in [RFC5280] are + certificate and certificate revocation list (CRL) data structures, + that do not include message digesting before signing. This can make + signing large CRLs or a high volume of certificates with large public + keys challenging. + + As mentioned in the introduction, pure ML-DSA signing itself supports + a prehashing flow by splitting the operation over two modules. In + this section we make this "ExternalMu-ML-DSA" more explicit. + + There are two steps. First an ExternalMu-ML-DSA.Prehash() followed + by ExternalMu-ML-DSA.Sign(). Together these are functionally + equivalent to ML-DSA.Sign() from [FIPS204] in that they create + exactly the same signatures as regular pure ML-DSA, which can be + verified by the unmodified ML-DSA.Verify(). + + An ML-DSA key and certificate MAY be used with either ML-DSA or + ExternalMu-ML-DSA interchangeably. Note that ExternalMu-ML-DSA + describes a different signature API from ML-DSA and therefore might + require explicit support from hardware or software cryptographic + modules. + + Note that the signing mode defined here is different from HashML-DSA + defined in [FIPS204] section 5.4. This specification uses + exclusively ExternalMu-ML-DSA for pre-hashed use cases, and thus + public keys identified by id-hash-ml-dsa-44-with-sha512, id-hash-ml- + dsa-65-with-sha512, and id-hash-ml-dsa-87-with-sha512 MUST NOT be + used in X.509 and related PKIX protocols. + + All functions and notation used in Figure 1 and Figure 2 are defined + in [FIPS204]. + + External operations: + + ExternalMu-ML-DSA.Prehash(pk, M, ctx): + + if |ctx| > 255 then + return error # return an error indication if the context string is + # too long + end if + + M' = BytesToBits(IntegerToBytes(0, 1) ∥ IntegerToBytes(|ctx|, 1) + || ctx) || M + mu = H(BytesToBits(H(pk, 64)) || M', 64) + return mu + + Figure 1: External steps of ExternalMu-ML-DSA + + Internal operations: + +ExternalMu-ML-DSA.Sign(sk, mu): + + if |mu| != 512 then + return error # return an error indication if the input mu is not + # 64 bytes (512 bits). + end if + + rnd = rand(32) # for the optional deterministic variant, + # set rnd to all zeroes + if rnd = NULL then + return error # return an error indication if random bit + # generation failed + end if + + sigma = ExternalMu-ML-DSA.Sign_internal(sk, mu, rnd) + return sigma + + +ExternalMu-ML-DSA.Sign_internal(sk, mu, rnd): # mu is passed as argument instead of M' + ... identical to FIPS 204 Algorithm 7, but with Line 6 removed. + + Figure 2: Internal steps of ExternalMu-ML-DSA + +8. IANA Considerations + + For the ASN.1 module in {asn1}, IANA is requested to assign an object + identifier (OID) for the module identifier (TBD1) with a Description + of "id-mod-x509-ml-dsa-2024". The OID for the module should be + allocated in the "SMI Security for PKIX Module Identifier" registry + (1.3.6.1.5.5.7.0). + +9. Security Considerations + + The Security Considerations section of [RFC5280] applies to this + specification as well. + + The digital signature scheme defined within this document are modeled + under strongly existentially unforgeable under chosen message attack + (SUF-CMA). For the purpose of estimating security strength, it has + been assumed that the attacker has access to signatures for no more + than 2^{64} chosen messages. + + | EDNOTE: Discuss deterministic vs randomized signing and the + | impact on security. + + ML-DSA offers both deterministic and randomized signing. By default + ML-DSA signatures are non-deterministic. The private random seed + (rho') for the signature is pseudorandomly derived from the signer’s + private key, the message, and a 256-bit string, rnd - where rnd + should be generated by an approved RBG. In the deterministic + version, rng is instead a 256-bit constant string. The source of + randomness in the randomized mode has been "hedged" against sources + of poor entropy, by including the signers private key and message + into the derivation. The primary purpose of rnd is to facilitate + countermeasures to side-channel attacks and fault attacks on + deterministic signatures. + + | EDNOTE: Discuss side-channels for ML-DSA. + + In the design of ML-DSA, care has been taken to make side-channel + resilience easier to achieve. For instance, ML-DSA does not depend + on Gaussian sampling. Implementations must still take great care not + to leak information via various side channels. While deliberate + design decisions such as these can help to deliver a greater ease of + secure implementation - particularly against side-channel attacks - + it does not necessarily provide resistance to more powerful attacks + such as differential power analysis. Some amount of side-channel + leakage has been demonstrated in parts of the signing algorithm + (specifically the bit-unpacking function), from which a demonstration + of key recovery has been made over a large sample of signatures. + Masking countermeasures exist for ML-DSA, but come with a performance + overhead. + + A fundamental security property also associated with digital + signatures is non-repudiation. Non-repudiation refers to the + assurance that the owner of a signature key pair that was capable of + generating an existing signature corresponding to certain data cannot + convincingly deny having signed the data. The digital signature + scheme ML-DSA possess three security properties beyond + unforgeability, that are associated with non-repudiation. These are + exclusive ownership, message-bound signatures, and non-resignability. + These properties are based tightly on the assumed collision + resistance of the hash function used (in this case SHAKE-256). + + Exclusive ownership is a property in which a signature sigma uniquely + determines the public key and message for which it is valid. + Message-bound signatures is the property that a valid signature + uniquely determines the message for which it is valid, but not + necessarily the public key. Non-resignability is the property in + which one cannot produce a valid signature under another key given a + signature sigma for some unknown message m. These properties are not + provided by classical signature schemes such as DSA or ECDSA, and + have led to a variety of attacks such as Duplicate-Signature Key + Selection (DSKS) attacks , and attacks on the protocols for secure + routing. A full discussion of these properties in ML-DSA can be + found at [CDFFJ21]. + + These properties are dependent, in part, on unambiguous public key + serialization. It for this reason the public key structure defined + in Section 4 is intentionally encoded as a single OCTET STRING. + +10. References + +10.1. Normative References + + [FIPS204] National Institute of Standards and Technology (NIST), + "Module-Lattice-based Digital Signature Standard", FIPS + PUB 204, August 2023, . + + [I-D.lamps-cms-ml-dsa] + "*** BROKEN REFERENCE ***". + + [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate + Requirement Levels", BCP 14, RFC 2119, + DOI 10.17487/RFC2119, March 1997, + . + + [RFC5280] Cooper, D., Santesson, S., Farrell, S., Boeyen, S., + Housley, R., and W. Polk, "Internet X.509 Public Key + Infrastructure Certificate and Certificate Revocation List + (CRL) Profile", RFC 5280, DOI 10.17487/RFC5280, May 2008, + . + + [RFC5912] Hoffman, P. and J. Schaad, "New ASN.1 Modules for the + Public Key Infrastructure Using X.509 (PKIX)", RFC 5912, + DOI 10.17487/RFC5912, June 2010, + . + + [RFC5958] Turner, S., "Asymmetric Key Packages", RFC 5958, + DOI 10.17487/RFC5958, August 2010, + . + + [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC + 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, + May 2017, . + + [X680] ITU-T, "Information Technology -- Abstract Syntax Notation + One (ASN.1): Specification of basic notation", ITU-T + Recommendation X.680, ISO/IEC 8824-1:2021, February 2021, + . + + [X690] ITU-T, "Information Technology -- Abstract Syntax Notation + One (ASN.1): ASN.1 encoding rules: Specification of Basic + Encoding Rules (BER), Canonical Encoding Rules (CER) and + Distinguished Encoding Rules (DER)", ITU-T + Recommendation X.690, ISO/IEC 8825-1:2021, February 2021, + . + +10.2. Informative References + + [CDFFJ21] Cremers, C., Düzlü, S., Fiedler, R., Fischlin, M., and C. + Janson, "BUFFing signature schemes beyond unforgeability + and the case of post-quantum signatures", In Proceedings + of the 42nd IEEE Symposium on Security and Privacy , 2021, + . + + [Dilithium] + Bai, S., Ducas, L., Lepoint, T., Lyubashevsky, V., + Schwabe, P., Seiler, G., and D. Stehlé, "CRYSTALS- + Dilithium Algorithm Specifications and Supporting + Documentation", 2021, . + + [Fiat-Shamir] + Lyubashevsky, V., "Fiat-Shamir with aborts: Applications + to lattice and factoring-based signatures", International + Conference on the Theory and Application of Cryptology and + Information Security , 2009, + . + + [NIST-PQC] National Institute of Standards and Technology (NIST), + "Post-Quantum Cryptography Project", 20 December 2016, + . + + [RFC7468] Josefsson, S. and S. Leonard, "Textual Encodings of PKIX, + PKCS, and CMS Structures", RFC 7468, DOI 10.17487/RFC7468, + April 2015, . + +Appendix A. ASN.1 Module + + This appendix includes the ASN.1 module [X680] for the ML-DSA. Note + that as per [RFC5280], certificates use the Distinguished Encoding + Rules; see [X690]. This module imports objects from [RFC5912] and + [I-D.lamps-cms-ml-dsa]. + + | RFC EDITOR: Please replace TBD2 with the value assigned by IANA + | during the publication of [I-D.lamps-cms-ml-dsa]. Also please + | replace [I-D.lamps-cms-ml-dsa] in the module with a reference + | to the published RFC. + + + X509-ML-DSA-2024 + { iso(1) identified-organization(3) dod(6) + internet(1) security(5) mechanisms(5) pkix(7) id-mod(0) + id-mod-x509-ml-dsa-2024(TBD1) } + + DEFINITIONS IMPLICIT TAGS ::= + + BEGIN + + -- EXPORTS ALL; + + IMPORTS + + PUBLIC-KEY, SIGNATURE-ALGORITHM + FROM AlgorithmInformation-2009 -- From [RFC5912] + { iso(1) identified-organization(3) dod(6) internet(1) + security(5) mechanisms(5) pkix(7) id-mod(0) + id-mod-algorithmInformation-02(58) } + + sa-ml-dsa-44, sa-ml-dsa-65, sa-ml-dsa-87, + pk-ml-dsa-44, pk-ml-dsa-65, pk-ml-dsa-87 + FROM ML-DSA-Module-2024 -- From [I-D.salter-lamps-cms-ml-dsa] + { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs9(9) + id-smime(16) id-mod(0) id-mod-ml-dsa-2024(TBD2) } ; + + -- + -- Expand SignatureAlgorithms from RFC 5912 + -- + SignatureAlgorithms SIGNATURE-ALGORITHM ::= { + sa-ml-dsa-44 | + sa-ml-dsa-65 | + sa-ml-dsa-87, + ... } + + -- + -- Expand SignatureAlgorithms from RFC 5912 + -- + PublicKeys PUBLIC-KEY ::= { + pk-ml-dsa-44 | + pk-ml-dsa-65 | + pk-ml-dsa-87, + ... + } + + END + + +Appendix B. Security Strengths + + Instead of defining the strength of a quantum algorithm in a + traditional manner using the imprecise notion of bits of security, + NIST has instead elected to define security levels by picking a + reference scheme, which NIST expects to offer notable levels of + resistance to both quantum and classical attack. To wit, an + algorithm that achieves NIST PQC security level 1 must require + computational resources to break the relevant security property, + which are greater than those required for a brute-force key search on + AES-128. Levels 3 and 5 use AES-192 and AES-256 as reference + respectively. Levels 2 and 4 use collision search for SHA-256 and + SHA-384 as reference. + + The parameter sets defined for NIST security levels 2, 3 and 5 are + listed in the Figure 1, along with the resulting signature size, + public key, and private key sizes in bytes. + + |=======+=======+=====+========+========+========| + | Level | (k,l) | eta | Sig. | Public | Private| + | | | | (B) | Key(B) | Key(B) | + |=======+=======+=====+========+========+========| + | 2 | (4,4) | 2 | 2420 | 1312 | 32 | + | 3 | (6,5) | 4 | 3309 | 1952 | 32 | + | 5 | (8,7) | 2 | 4627 | 2592 | 32 | + |=======+=======+=====+========+========+========| + + Figure 3: ML-DSA Parameters + +Appendix C. Examples + + This appendix contains examples of ML-DSA public keys, private keys + and certificates. + +C.1. Example Private Key + + The following is an example of a ML-DSA-44 private key with hex seed + 000102…1e1f: + + -----BEGIN PRIVATE KEY----- + MDICAQAwCwYJYIZIAWUDBAMRBCAAAQIDBAUGBwgJCgsMDQ4PEBESExQVFhcYGRob + HB0eHw== + -----END PRIVATE KEY----- + + SEQUENCE { + INTEGER { 0 } + SEQUENCE { + OBJECT_IDENTIFIER { 2.16.840.1.101.3.4.3.17 } + } + OCTET_STRING { `000102030405060708090a0b0c0d0e0f10111213141516 + 1718191a1b1c1d1e1f` } + } + + The following is an example of a ML-DSA-65 private key with hex seed + 000102…1e1f: + + -----BEGIN PRIVATE KEY----- + MDICAQAwCwYJYIZIAWUDBAMSBCAAAQIDBAUGBwgJCgsMDQ4PEBESExQVFhcYGRob + HB0eHw== + -----END PRIVATE KEY----- + + SEQUENCE { + INTEGER { 0 } + SEQUENCE { + OBJECT_IDENTIFIER { 2.16.840.1.101.3.4.3.18 } + } + OCTET_STRING { `000102030405060708090a0b0c0d0e0f10111213141516 + 1718191a1b1c1d1e1f` } + } + + The following is an example of a ML-DSA-87 private key with hex seed + 000102…1e1f: + + -----BEGIN PRIVATE KEY----- + MDICAQAwCwYJYIZIAWUDBAMTBCAAAQIDBAUGBwgJCgsMDQ4PEBESExQVFhcYGRob + HB0eHw== + -----END PRIVATE KEY----- + + SEQUENCE { + INTEGER { 0 } + SEQUENCE { + OBJECT_IDENTIFIER { 2.16.840.1.101.3.4.3.19 } + } + OCTET_STRING { `000102030405060708090a0b0c0d0e0f10111213141516 + 1718191a1b1c1d1e1f` } + } + + NOTE: The private key is the seed and all three examples keys use the + same seed; therefore, the private above are the same except for the + OID used to represent the ML-DSA algorithm's security strength. + +C.2. Example Public Key + + The following is the ML-DSA-44 public key corresponding to the + private key in the previous section. + + -----BEGIN PUBLIC KEY----- + MIIFMjALBglghkgBZQMEAxEDggUhANeytHJUquDbReeTDUqY0sl9jxOX0Xidr6Fw + JLMW6b7JT8mUbULxm3mnQTu6oz5xSctC7VEVaTrAQfrLmIretf4OHYYxGEmVtZLD + l9IpTi4U+QqkFLo4JomaxD9MzKy8JumoMrlRGNXLQzy++WYLABOOCBf2HnYsonTD + atVU6yKqwRYuSrAay6HjjE79j4C2WzM9D3LlXf5xzpweu5iJ58VhBsD9c4A6Kuz+ + r97XqjyyztpU0SvYzTanjPl1lDtHq9JeiArEUuV0LtHo0agq+oblkMdYwVrk0oQN + kryhpQkPQElll/yn2LlRPxob2m6VCqqY3kZ1B9Sk9aTwWZIWWCw1cvYu2okFqzWB + ZwxKAnd6M+DKcpX9j0/20aCjp2g9ZfX19/xg2gI+gmxfkhRMAvfRuhB1mHVT6pNn + /NdtmQt/qZzUWv24g21D5Fn1GH3wWEeXCaAepoNZNfpwRgmQzT3BukAbqUurHd5B + rGerMxncrKBgSNTE7vJ+4TqcF9BTj0MPLWQtwkFWYN54h32NirxyUjl4wELkKF9D + GYRsRBJiQpdoRMEOVWuiFbWnGeWdDGsqltOYWQcf3MLN51JKe+2uVOhbMY6FTo/i + svPt+slxkSgnCq/R5QRMOk/a/Z/zH5B4S46ORZYUSg2vWGUR09mWK56pWvGXtOX8 + YPKx7RXeOlvvX4m9x52RBR2bKBbnT6VFMe/cHL501EiFf0drzVjyHAtlOzt2pOB2 + plWaMCcYVVzGP3SFmqurkl8COGHKjND3utsocfZ9VTJtdFETWtRfShumkRj7ssij + DuyTku8/l3Bmya3VxxDMZHsVFNIX2VjHAXw+kP0gwE5nS5BIbpNwoxoAHTL0c5ee + SQZ0nn5Hf6C3RQj4pfI3gxK4PCW9OIygsP/3R4uvQrcWZ+2qyXxGsSlkPlhuWwVa + DCEZRtTzbmdb7Vhg+gQqMV2YJhZNapI3w1pfv0lUkKW9TfJIuVxKrneEtgVnMWas + QkW1tLCCoJ6TI+YvIHjFt2eDRG3v1zatOjcC1JsImESQCmGDM5e8RBmzDXqXoLOH + wZEUdMTUG1PjKpd6y28Op122W7OeWecB52lX3vby1EVZwxp3EitSBOO1whnxaIsU + 7QvAuAGz5ugtzUPpwOn0F0TNmBW9G8iCDYuxI/BPrNGxtoXdWisbjbvz7ZM2cPCV + oYC08ZLQixC4+rvfzCskUY4y7qCl4MkEyoRHgAg/OwzS0Li2r2e8NVuUlAJdx7Cn + j6gOOi2/61EyiFHWB4GY6Uk2Ua54fsAlH5Irow6fUd9iptcnhM890gU5MXbfoySl + Er2Ulwo23TSlFKhnkfDrNvAUWwmrZGUbSgMTsplhGiocSIkWJ1mHaKMRQGC6RENI + bfUVIqHOiLMJhcIW+ObtF43VZ7MEoNTK+6iCooNC8XqaomrljbYwCD0sNY/fVmw/ + XWKkKFZ7yeqM6VyqDzVHSwv6jzOaJQq0388gg76O77wQVeGP4VNw7ssmBWbYP/Br + IRquxDyim1TM0A+IFaJGXvC0ZRXMfkHzEk8J7/9zkwmrWLKaFFmgC85QOOk4yWeP + cusOTuX9quZtn4Vz/Jf8QrSVn0v4th14Qz6GsDNdbpGRxNi/SHs5BcEIz9asJLDO + t9y3z1H4TQ7Wh7lerrHFM8BvDZcCPZKnCCWDe1m6bLfU5WsKh8IDhiro8xW6WSXo + 7e+meTaaIgJ2YVHxapZfn4Hs52zAcLVYaeTbl4TPBcgwsyQsgxI= + -----END PUBLIC KEY----- + + SEQUENCE { + SEQUENCE { + OBJECT_IDENTIFIER { 2.16.840.1.101.3.4.3.17 } + } + BIT_STRING { `00` `d7b2b47254aae0db45e7930d4a98d2c97d8f1397d17 + 89dafa17024b316e9bec94fc9946d42f19b79a7413bbaa33e7149cb42ed51156 + 93ac041facb988adeb5fe0e1d8631184995b592c397d2294e2e14f90aa414ba3 + 826899ac43f4cccacbc26e9a832b95118d5cb433cbef9660b00138e0817f61e7 + 62ca274c36ad554eb22aac1162e4ab01acba1e38c4efd8f80b65b333d0f72e55 + dfe71ce9c1ebb9889e7c56106c0fd73803a2aecfeafded7aa3cb2ceda54d12bd + 8cd36a78cf975943b47abd25e880ac452e5742ed1e8d1a82afa86e590c758c15 + ae4d2840d92bca1a5090f40496597fca7d8b9513f1a1bda6e950aaa98de46750 + 7d4a4f5a4f0599216582c3572f62eda8905ab3581670c4a02777a33e0ca7295f + d8f4ff6d1a0a3a7683d65f5f5f7fc60da023e826c5f92144c02f7d1ba1075987 + 553ea9367fcd76d990b7fa99cd45afdb8836d43e459f5187df058479709a01ea + 6835935fa70460990cd3dc1ba401ba94bab1dde41ac67ab3319dcaca06048d4c + 4eef27ee13a9c17d0538f430f2d642dc2415660de78877d8d8abc72523978c04 + 2e4285f4319846c44126242976844c10e556ba215b5a719e59d0c6b2a96d3985 + 9071fdcc2cde7524a7bedae54e85b318e854e8fe2b2f3edfac9719128270aafd + 1e5044c3a4fdafd9ff31f90784b8e8e4596144a0daf586511d3d9962b9ea95af + 197b4e5fc60f2b1ed15de3a5bef5f89bdc79d91051d9b2816e74fa54531efdc1 + cbe74d448857f476bcd58f21c0b653b3b76a4e076a6559a302718555cc63f748 + 59aabab925f023861ca8cd0f7badb2871f67d55326d7451135ad45f4a1ba6911 + 8fbb2c8a30eec9392ef3f977066c9add5c710cc647b1514d217d958c7017c3e9 + 0fd20c04e674b90486e9370a31a001d32f473979e4906749e7e477fa0b74508f + 8a5f2378312b83c25bd388ca0b0fff7478baf42b71667edaac97c46b129643e5 + 86e5b055a0c211946d4f36e675bed5860fa042a315d9826164d6a9237c35a5fb + f495490a5bd4df248b95c4aae7784b605673166ac4245b5b4b082a09e9323e62 + f2078c5b76783446defd736ad3a3702d49b089844900a61833397bc4419b30d7 + a97a0b387c1911474c4d41b53e32a977acb6f0ea75db65bb39e59e701e76957d + ef6f2d44559c31a77122b5204e3b5c219f1688b14ed0bc0b801b3e6e82dcd43e + 9c0e9f41744cd9815bd1bc8820d8bb123f04facd1b1b685dd5a2b1b8dbbf3ed9 + 33670f095a180b4f192d08b10b8fabbdfcc2b24518e32eea0a5e0c904ca84478 + 0083f3b0cd2d0b8b6af67bc355b9494025dc7b0a78fa80e3a2dbfeb51328851d + 6078198e9493651ae787ec0251f922ba30e9f51df62a6d72784cf3dd20539317 + 6dfa324a512bd94970a36dd34a514a86791f0eb36f0145b09ab64651b4a0313b + 299611a2a1c48891627598768a3114060ba4443486df51522a1ce88b30985c21 + 6f8e6ed178dd567b304a0d4cafba882a28342f17a9aa26ae58db630083d2c358 + fdf566c3f5d62a428567bc9ea8ce95caa0f35474b0bfa8f339a250ab4dfcf208 + 3be8eefbc1055e18fe15370eecb260566d83ff06b211aaec43ca29b54ccd00f8 + 815a2465ef0b46515cc7e41f3124f09efff739309ab58b29a1459a00bce5038e + 938c9678f72eb0e4ee5fdaae66d9f8573fc97fc42b4959f4bf8b61d78433e86b + 0335d6e9191c4d8bf487b3905c108cfd6ac24b0ceb7dcb7cf51f84d0ed687b95 + eaeb1c533c06f0d97023d92a70825837b59ba6cb7d4e56b0a87c203862ae8f31 + 5ba5925e8edefa679369a2202766151f16a965f9f81ece76cc070b55869e4db9 + 784cf05c830b3242c8312` } + } + + The following is the ML-DSA-65 public key corresponding to the + private key in the previous section. + + -----BEGIN PUBLIC KEY----- + MIIHsjALBglghkgBZQMEAxIDggehAEhoPZGXjjHrPd24sEc0gtK4il9iWUn9j1il + YeaWvUwn0Fs427Lt8B5mTv2Bvh6ok2iM5oqi1RxZWPi7xutOie5n0sAyCVTVchLK + xyKf8dbq8DkovVFRH42I2EdzbH3icw1ZeOVBBxMWCXiGdxG/VTmgv8TDUMK+Vyuv + DuLi+xbM/qCAKNmaxJrrt1k33c4RHNq2L/886ouiIz0eVvvFxaHnJt5j+t0q8Bax + GRd/o9lxotkncXP85VtndFrwt8IdWX2+uT5qMvNBxJpai+noJQiNHyqkUVXWyK4V + Nn5OsAO4/feFEHGUlzn5//CQI+r0UQTSqEpFkG7tRnGkTcKNJ5h7tV32np6FYfYa + gKcmmVA4Zf7Zt+5yqOF6GcQIFE9LKa/vcDHDpthXFhC0LJ9CEkWojxl+FoErAxFZ + tluWh+Wz6TTFIlrpinm6c9Kzmdc1EO/60Z5TuEUPC6j84QEv2Y0mCnSqqhP64kmg + BrHDT1uguILyY3giL7NvIoPCQ/D/618btBSgpw1V49QKVrbLyIrh8Dt7KILZje6i + jhRcne39jq8c7y7ZSosFD4lk9G0eoNDCpD4N2mGCrb9PbtF1tnQiV4Wb8i86QX7P + H52JMXteU51YevFrnhMT4EUU/6ZLqLP/K4Mh+IEcs/sCLI9kTnCkuAovv+5gSrtz + eQkeqObFx038AoNma0DAeThwAoIEoTa/XalWjreY00kDi9sMEeA0ReeEfLUGnHXP + KKxgHHeZ2VghDdvLIm5Rr++fHeR7Bzhz1tP5dFa+3ghQgudKKYss1I9LMJMVXzZs + j6YBxq+FjfoywISRsqKYh/kDNZSaXW7apnmIKjqV1r9tlwoiH0udPYy/OEr4GqyV + 4rMpTgR4msg3J6XcBFWflq9B2KBTUW/u7rxSdG62qygZ4JEIcQ2DXwEfpjBlhyrT + NNXN/7KyMQUH6S/Jk64xfal/TzCc2vD2ftmdkCFVdgg4SflTskbX/ts/22dnmFCl + rUBOZBR/t89Pau3dBa+0uDSWjR/ogBSWDc5dlCI2Um4SpHjWnl++aXAxCzCMBoRQ + GM/HsqtDChOmsax7sCzMuz2RGsLxEGhhP74Cm/3OAs9c04lQ7XLIOUTt+8dWFa+H + +GTAUfPFVFbFQShjpAwG0dq1Yr3/BXG408ORe70wCIC7pemYI5uV+pG31kFtTzmL + OtvNMJg+01krTZ731CNv0A9Q2YqlOiNaxBcnIPd9lhcmcpgM/o/3pacCeD7cK6Mb + IlkBWhEvx/RoqcL5RkA5AC0w72eLTLeYvBFiFr96mnwYugO3tY/QdRXTEVBJ02FL + 56B+dEMAdQ3x0sWHUziQWer8PXhczdMcB2SL7cA6XDuK1G0GTVnBPVc3Ryn8TilT + YuKlGRIEUwQovBUir6KP9f4WVeMEylvIwnrQ4MajndTfKJVsFLOMyTaCzv5AK71e + gtKcRk5E6103tI/FaN/gzG6OFrrqBeUTVZDxkpTnPoNnsCFtu4FQMLneVZE/CAOc + QjUcWeVRXdWvjgiaFeYl6Pbe5jk4bEZJfXomMoh3TeWBp96WKbQbRCQUH5ePuDMS + CO/ew8bg3jm8VwY/Pc1sRwNzwIiR6inLx8xtZIO4iJCDrOhqp7UbHCz+birRjZfO + NvvFbqQvrpfmp6wRSGRHjDZt8eux57EakJhQT9WXW98fSdxwACtjwXOanSY/utQH + P2qfbCuK9LTDMqEDoM/6Xe6y0GLKPCFf02ACa+fFFk9KRCTvdJSIBNZvRkh3Msgg + LHlUeGR7TqcdYnwIYCTMo1SkHwh3s48Zs3dK0glcjaU7Bp4hx2ri0gB+FnGe1ACA + 0zT32lLp9aWZBDnK8IOpW4M/Aq0QoIwabQ8mDAByhb1KL0dwOlrvRlKH0lOxisIl + FDFiEP9WaBSxD4eik9bxmdPDlZmQ0MEmi09Q1fn877vyN70MKLgBgtZll0HxTxC/ + uyG7oSq2IKojlvVsBoa06pAXmQIkIWsv6K12xKkUju+ahqNjWmqne8Hc+2+6Wad9 + /am3Uw3AyoZIyNlzc44Burjwi0kF6EqkZBvWAkEM2XUgJl8vIx8rNeFesvoE0r2U + 1ad6uvHg4WEBCpkAh/W0bqmIsrwFEv2g+pI9rdbEXFMB0JSDZzJltasuEPS6Ug9r + utVkpcPV4nvbCA99IOEylqMYGVTDnGSclD6+F99cH3quCo/hJsR3WFpdTWSKDQCL + avXozTG+aakpbU8/0l7YbyIeS5P2X1kplnUzYkuSNXUMMHB1ULWFNtEJpxMcWlu+ + SlcVVnwSU0rsdmB2Huu5+uKJHHdFibgOVmrVV93vc2cZa3In6phw7wnd/seda5MZ + poebUgXXa/erpazzOvtZ0X/FTmg4PWvloI6bZtpT3N4Ai7KUuFgr0TLNzEmVn9vC + HlJyGIDIrQNSx58DpDu9hMTN/cbFKQBeHnzZo0mnFoo1Vpul3qgYlo1akUZr1uZO + IL9iQXGYr8ToHCjdd+1AKCMjmLUvvehryE9HW5AWcQziqrwRoGtNuskB7BbPNlyj + 8tU4E5SKaToPk+ecRspdWm3KPSjKUK0YvRP8pVBZ3ZsYX3n5xHGWpOgbIQS8RgoF + HgLy6ERP + -----END PUBLIC KEY----- + + SEQUENCE { + SEQUENCE { + OBJECT_IDENTIFIER { 2.16.840.1.101.3.4.3.17 } + } + BIT_STRING { `00` `d7b2b47254aae0db45e7930d4a98d2c97d8f1397d17 + 89dafa17024b316e9bec94fc9946d42f19b79a7413bbaa33e7149cb42ed51156 + 93ac041facb988adeb5fe0e1d8631184995b592c397d2294e2e14f90aa414ba3 + 826899ac43f4cccacbc26e9a832b95118d5cb433cbef9660b00138e0817f61e7 + 62ca274c36ad554eb22aac1162e4ab01acba1e38c4efd8f80b65b333d0f72e55 + dfe71ce9c1ebb9889e7c56106c0fd73803a2aecfeafded7aa3cb2ceda54d12bd + 8cd36a78cf975943b47abd25e880ac452e5742ed1e8d1a82afa86e590c758c15 + ae4d2840d92bca1a5090f40496597fca7d8b9513f1a1bda6e950aaa98de46750 + 7d4a4f5a4f0599216582c3572f62eda8905ab3581670c4a02777a33e0ca7295f + d8f4ff6d1a0a3a7683d65f5f5f7fc60da023e826c5f92144c02f7d1ba1075987 + 553ea9367fcd76d990b7fa99cd45afdb8836d43e459f5187df058479709a01ea + 6835935fa70460990cd3dc1ba401ba94bab1dde41ac67ab3319dcaca06048d4c + 4eef27ee13a9c17d0538f430f2d642dc2415660de78877d8d8abc72523978c04 + 2e4285f4319846c44126242976844c10e556ba215b5a719e59d0c6b2a96d3985 + 9071fdcc2cde7524a7bedae54e85b318e854e8fe2b2f3edfac9719128270aafd + 1e5044c3a4fdafd9ff31f90784b8e8e4596144a0daf586511d3d9962b9ea95af + 197b4e5fc60f2b1ed15de3a5bef5f89bdc79d91051d9b2816e74fa54531efdc1 + cbe74d448857f476bcd58f21c0b653b3b76a4e076a6559a302718555cc63f748 + 59aabab925f023861ca8cd0f7badb2871f67d55326d7451135ad45f4a1ba6911 + 8fbb2c8a30eec9392ef3f977066c9add5c710cc647b1514d217d958c7017c3e9 + 0fd20c04e674b90486e9370a31a001d32f473979e4906749e7e477fa0b74508f + 8a5f2378312b83c25bd388ca0b0fff7478baf42b71667edaac97c46b129643e5 + 86e5b055a0c211946d4f36e675bed5860fa042a315d9826164d6a9237c35a5fb + f495490a5bd4df248b95c4aae7784b605673166ac4245b5b4b082a09e9323e62 + f2078c5b76783446defd736ad3a3702d49b089844900a61833397bc4419b30d7 + a97a0b387c1911474c4d41b53e32a977acb6f0ea75db65bb39e59e701e76957d + ef6f2d44559c31a77122b5204e3b5c219f1688b14ed0bc0b801b3e6e82dcd43e + 9c0e9f41744cd9815bd1bc8820d8bb123f04facd1b1b685dd5a2b1b8dbbf3ed9 + 33670f095a180b4f192d08b10b8fabbdfcc2b24518e32eea0a5e0c904ca84478 + 0083f3b0cd2d0b8b6af67bc355b9494025dc7b0a78fa80e3a2dbfeb51328851d + 6078198e9493651ae787ec0251f922ba30e9f51df62a6d72784cf3dd20539317 + 6dfa324a512bd94970a36dd34a514a86791f0eb36f0145b09ab64651b4a0313b + 299611a2a1c48891627598768a3114060ba4443486df51522a1ce88b30985c21 + 6f8e6ed178dd567b304a0d4cafba882a28342f17a9aa26ae58db630083d2c358 + fdf566c3f5d62a428567bc9ea8ce95caa0f35474b0bfa8f339a250ab4dfcf208 + 3be8eefbc1055e18fe15370eecb260566d83ff06b211aaec43ca29b54ccd00f8 + 815a2465ef0b46515cc7e41f3124f09efff739309ab58b29a1459a00bce5038e + 938c9678f72eb0e4ee5fdaae66d9f8573fc97fc42b4959f4bf8b61d78433e86b + 0335d6e9191c4d8bf487b3905c108cfd6ac24b0ceb7dcb7cf51f84d0ed687b95 + eaeb1c533c06f0d97023d92a70825837b59ba6cb7d4e56b0a87c203862ae8f31 + 5ba5925e8edefa679369a2202766151f16a965f9f81ece76cc070b55869e4db9 + 784cf05c830b3242c8312` } + } + + The following is the ML-DSA-87 public key corresponding to the + private key in the previous section. + + -----BEGIN PUBLIC KEY----- + MIIKMjALBglghkgBZQMEAxMDggohAJeSvOwvJDBoaoL8zzwvX/Zl53HXq0G5AljP + p+kOyXEkpzsyO5uiGrZNdnxDP1pSHv/hj4bkahiJUsRGfgSLcp5/xNEV5+SNoYlt + X+EZsQ3N3vYssweVQHS0IzblKDbeYdqUH4036misgQb6vhkHBnmvYAhTcSD3B5O4 + 6pzA5ue3tMmlx0IcYPJEUboekz2xou4Wx5VZ8hs9G4MFhQqkKvuxPx9NW59INfnY + ffzrFi0O9Kf9xMuhdDzRyHu0ln2hbMh2S2Vp347lvcv/6aTgV0jm/fIlr55O63dz + ti6Phfm1a1SJRVUYRPvYmAakrDab7S0lYQD2iKatXgpwmCbcREnpHiPFUG5kI2Hv + WjE3EvebxLMYaGHKhaS6sX5/lD0bijM6o6584WtEDWAY+eBNr1clx/GpP60aWie2 + eJW9JJqpFoXeIK8yyLfiaMf5aHfQyFABE1pPCo8bgmT6br5aNJ2K7K0aFimczy/Z + x7hbrOLO06oSdrph7njtflyltnzdRYqTVAMOaru6v1agojFv7J26g7UdQv0xZ/Hg + +QhV1cZlCbIQJl3B5U7ES0O6fPmu8Ri0TYCRLOdRZqZlHhFs6+SSKacGLAmTH3Gr + 0ik/dvfvwyFbqXgAA35Y5HC9u7Q8GwQ56vecVNk7RKrJ7+n74VGHTPsqZMvuKMxM + D+d3Xl2HDxwC5bLjxQBMmV8kybd5y3U6J30Ocf1CXra8LKVs4SnbUfcHQPMeY5dr + UMcxLpeX14xbGsJKX6NHzJFuCoP1w7Z1zTC4Hj+hC5NETgc5dXHM6Yso2lHbkFa8 + coxbCxGB4vvTh7THmrGl/v7ONxZ693LdrRTrTDmC2lpZ0OnrFz7GMVCRFwAno6te + 9qoSnLhYVye5NYooUB1xOnLz8dsxcUKG+bZAgBOvBgRddVkvwLfdR8c+2cdbEenX + xp98rfwygKkGLFJzxDvhw0+HRIhkzqe1yX1tMvWb1fJThGU7tcT6pFvqi4lAKEPm + Rba5Jp4r2YjdrLAzMo/7BgRQ998IAFPmlpslHodezsMs/FkoQNaatpp14Gs3nFNd + lSZrCC9PCckxYrM7DZ9zB6TqqlIQRDf+1m+O4+q71F1nslqBM/SWRotSuv/b+tk+ + 7xqYGLXkLscieIo9jTUp/Hd9K6VwgB364B7IgwKDfB+54DVXJ2Re4QRsP5Ffaugt + rU+2sDVqRlGP/INBVcO0/m2vpsyKXM9TxzoISdjUT33PcnVOcOG337RHu070nRpx + j2Fxu84gCVDgzpJhBrFRo+hx1c5JcxvWZQqbDKly2hxfE21Egg6mODwI87OEzyM4 + 54nFE/YYzFaUpvDO4QRRHh7XxfI6Hr/YoNuEJFUyQBVtv2IoMbDGQ9HFUbbz96mN + KbhcLeBaZfphXu4WSVvZBzdnIRW1PpHF2QAozz8ak5U6FT3lO0QITpzP9rc2aTkm + 2u/rstd6pa1om5LzFoZmnfFtFxXMWPeiz7ct0aUekvglmTp0Aivn6etgVGVEVwlN + FJKPICFeeyIqxWtRrb7I2L22mDl5p+OiG0S10VGMqX0LUZX1HtaiQ1DIl0fh7epR + tEjj6RRwVM6SeHPJDbOU2GiI4H3/F3WT1veeFSMCIErrA74jhq8+JAeL0CixaJ9e + FHyfRSyM6wLsWcydtjoDV2zur+mCOQI4l9oCNmMKU8Def0NaGYaXkvqzbnueY1dg + 8JBp5kMucAA1rCoCh5//Ch4b7FIgRxk9lOtd8e/VPuoRRMp4lAhS9eyXJ5BLNm7e + T14tMx+tX8KC6ixH6SMUJ3HD3XWoc1dIfe+Z5fGOnZ7WI8F10CiIxR+CwHqA1UcW + s8PCvb4unwqbuq6+tNUpNodkBvXADo5LvQpewFeX5iB8WrbIjxpohCG9BaEU9Nfe + KsJB+g6L7f9H92Ldy+qpEAT40x6FCVyBBUmUrTgm40S6lgQIEPwLKtHeSM+t4ALG + LlpJoHMas4NEvBY23xa/YH1WhV5W1oQAPHGOS62eWgmZefzd7rHEp3ds03o0F8sO + GE4p75vA6HR1umY74J4Aq1Yut8D3Fl+WmptCQUGYzPG/8qLI1omkFOznZiknZlaJ + 6U25YeuuxWFcvBp4lcaFGslhQy/xEY1GB9Mu+dxzLVEzO+S00OMN3qeE7Ki+R+dB + vpwZYx3EcKUu9NwTpPNjP9Q014fBcJd7QX31mOHQ3eUGu3HW8LwX7HDjsDzcGWXL + Npk/YzsEcuUNCSOsbGb98dPmRZzBIfD1+U0J6dvPXWkOIyM4OKC6y3xjjRsmUKQw + jNFxtoVRJtHaZypu2FqNeMKG+1b0qz0hSXUoBFxjJiyKQq8vmALFO3u4vijnj+C1 + zkX7t6GvGjsoqNlLeJDjyILjm8mOnwrXYCW/DdLwApjnFBoiaz187kFPYE0eC6VN + EdX+WLzOpq13rS6MHKrPMkWQFLe5EAGx76itFypSP7jjZbV3Ehv5/Yiixgwh6CHX + tqy0elqZXkDKztXCI7j+beXhjp0uWJOu/rt6rn/xoUYmDi8RDpOVKCE6ACWjjsea + q8hhsl68UJpGdMEyqqy34BRvFO/RHPyvTKpPd1pxbOMl4KQ1pNNJ1yC88TdFCvxF + BG/Bofg6nTKXd6cITkqtrnEizpcAWTBSjrPH9/ESmzcoh6NxFVo7ogGiXL8dy2Tn + ze4JLDFB+1VQ/j0N2C6HDleLK0ZQCBgRO49laXc8Z3OFtppCt33Lp6z/2V/URS4j + qqHTfh2iFR6mWNQKNZayesn4Ep3GzwZDdyYktZ9PRhIw30ccomCHw5QtXGaH32CC + g1k1o/h8t2Kww7HQ3aSmUzllvvG3uCkuJUwBTQkP7YV8RMGDnGlMCmTj+tkKEfU0 + citu4VdPLhSdVddE3kiHAk4IURQxwGJ1DhbHSrnzJC8ts/+xKo1hB/qiKdb2NzsH + 8205MrO9sEwZ3WTq3X+Tw8Vkw1ihyB3PHJwx5bBlaPl1RMF9wVaYxcs4mDqa/EJ4 + P6p3OlLJ2CYGkL6eMVaqW8FQneo/aVh2lc1v8XK6g+am2KfWu+u7zaNnJzGYP4m8 + WDHcN8PzxcVvrMaX88sgvV2629cC5UhErC9iaQH+FZ25Pf1Hc9j+c1YrhGwfyFbR + gCdihA68cteYi951y8pw0xnTLODMAlO7KtRVcj7gx/RzbObmZlxayjKkgcU4Obwl + kWewE9BCM5Xuuaqu4yBhSafVUNZ/xf3+SopcNdJRC2ZDeauPcoVaKvR6vOKmMgSO + r4nly0qI3rxTpZUQOszk8c/xis/wev4etXFqoeQLYxNMOjrpV5+of1Fb4JPC0p22 + 1rZck2YeAGNrWScE0JPMZxbCNC6xhT1IyFxjrIooVEYse3fn470erFvKKP+qALXT + SfilR62HW5aowrKRDJMBMJo/kTilaTER9Vs8AJypR8Od/ILZjrHKpKnL6IX3hvqG + 5VvgYiIvi6kKl0BzMmsxISrs4KNKYA== + -----END PUBLIC KEY----- + + SEQUENCE { + SEQUENCE { + OBJECT_IDENTIFIER { 2.16.840.1.101.3.4.3.19 } + } + BIT_STRING { `00` `9792bcec2f2430686a82fccf3c2f5ff665e771d7ab4 + 1b90258cfa7e90ec97124a73b323b9ba21ab64d767c433f5a521effe18f86e46 + a188952c4467e048b729e7fc4d115e7e48da1896d5fe119b10dcddef62cb3079 + 54074b42336e52836de61da941f8d37ea68ac8106fabe19070679af600853712 + 0f70793b8ea9cc0e6e7b7b4c9a5c7421c60f24451ba1e933db1a2ee16c79559f + 21b3d1b8305850aa42afbb13f1f4d5b9f4835f9d87dfceb162d0ef4a7fdc4cba + 1743cd1c87bb4967da16cc8764b6569df8ee5bdcbffe9a4e05748e6fdf225af9 + e4eeb7773b62e8f85f9b56b548945551844fbd89806a4ac369bed2d256100f68 + 8a6ad5e0a709826dc4449e91e23c5506e642361ef5a313712f79bc4b3186861c + a85a4bab17e7f943d1b8a333aa3ae7ce16b440d6018f9e04daf5725c7f1a93fa + d1a5a27b67895bd249aa91685de20af32c8b7e268c7f96877d0c85001135a4f0 + a8f1b8264fa6ebe5a349d8aecad1a16299ccf2fd9c7b85bace2ced3aa1276ba6 + 1ee78ed7e5ca5b67cdd458a9354030e6abbbabf56a0a2316fec9dba83b51d42f + d3167f1e0f90855d5c66509b210265dc1e54ec44b43ba7cf9aef118b44d80912 + ce75166a6651e116cebe49229a7062c09931f71abd2293f76f7efc3215ba9780 + 0037e58e470bdbbb43c1b0439eaf79c54d93b44aac9efe9fbe151874cfb2a64c + bee28cc4c0fe7775e5d870f1c02e5b2e3c5004c995f24c9b779cb753a277d0e7 + 1fd425eb6bc2ca56ce129db51f70740f31e63976b50c7312e9797d78c5b1ac24 + a5fa347cc916e0a83f5c3b675cd30b81e3fa10b93444e07397571cce98b28da5 + 1db9056bc728c5b0b1181e2fbd387b4c79ab1a5fefece37167af772ddad14eb4 + c3982da5a59d0e9eb173ec6315091170027a3ab5ef6aa129cb8585727b9358a2 + 8501d713a72f3f1db31714286f9b6408013af06045d75592fc0b7dd47c73ed9c + 75b11e9d7c69f7cadfc3280a9062c5273c43be1c34f87448864cea7b5c97d6d3 + 2f59bd5f25384653bb5c4faa45bea8b89402843e645b6b9269e2bd988ddacb03 + 3328ffb060450f7df080053e6969b251e875ecec32cfc592840d69ab69a75e06 + b379c535d95266b082f4f09c93162b33b0d9f7307a4eaaa52104437fed66f8ee + 3eabbd45d67b25a8133f496468b52baffdbfad93eef1a9818b5e42ec722788a3 + d8d3529fc777d2ba570801dfae01ec88302837c1fb9e0355727645ee1046c3f9 + 15f6ae82dad4fb6b0356a46518ffc834155c3b4fe6dafa6cc8a5ccf53c73a084 + 9d8d44f7dcf72754e70e1b7dfb447bb4ef49d1a718f6171bbce200950e0ce926 + 106b151a3e871d5ce49731bd6650a9b0ca972da1c5f136d44820ea6383c08f3b + 384cf2338e789c513f618cc5694a6f0cee104511e1ed7c5f23a1ebfd8a0db842 + 4553240156dbf622831b0c643d1c551b6f3f7a98d29b85c2de05a65fa615eee1 + 6495bd90737672115b53e91c5d90028cf3f1a93953a153de53b44084e9ccff6b + 736693926daefebb2d77aa5ad689b92f31686669df16d1715cc58f7a2cfb72dd + 1a51e92f825993a74022be7e9eb6054654457094d14928f20215e7b222ac56b5 + 1adbec8d8bdb6983979a7e3a21b44b5d1518ca97d0b5195f51ed6a24350c8974 + 7e1edea51b448e3e9147054ce927873c90db394d86888e07dff177593d6f79e1 + 52302204aeb03be2386af3e24078bd028b1689f5e147c9f452c8ceb02ec59cc9 + db63a03576ceeafe98239023897da0236630a53c0de7f435a19869792fab36e7 + b9e635760f09069e6432e700035ac2a02879fff0a1e1bec522047193d94eb5df + 1efd53eea1144ca78940852f5ec9727904b366ede4f5e2d331fad5fc282ea2c4 + 7e923142771c3dd75a87357487def99e5f18e9d9ed623c175d02888c51f82c07 + a80d54716b3c3c2bdbe2e9f0a9bbaaebeb4d52936876406f5c00e8e4bbd0a5ec + 05797e6207c5ab6c88f1a688421bd05a114f4d7de2ac241fa0e8bedff47f762d + dcbeaa91004f8d31e85095c81054994ad3826e344ba96040810fc0b2ad1de48c + fade002c62e5a49a0731ab38344bc1636df16bf607d56855e56d684003c718e4 + bad9e5a099979fcddeeb1c4a7776cd37a3417cb0e184e29ef9bc0e87475ba663 + be09e00ab562eb7c0f7165f969a9b42414198ccf1bff2a2c8d689a414ece7662 + 927665689e94db961ebaec5615cbc1a7895c6851ac961432ff1118d4607d32ef + 9dc732d51333be4b4d0e30ddea784eca8be47e741be9c19631dc470a52ef4dc1 + 3a4f3633fd434d787c170977b417df598e1d0dde506bb71d6f0bc17ec70e3b03 + cdc1965cb36993f633b0472e50d0923ac6c66fdf1d3e6459cc121f0f5f94d09e + 9dbcf5d690e23233838a0bacb7c638d1b2650a4308cd171b6855126d1da672a6 + ed85a8d78c286fb56f4ab3d21497528045c63262c8a42af2f9802c53b7bb8be2 + 8e78fe0b5ce45fbb7a1af1a3b28a8d94b7890e3c882e39bc98e9f0ad76025bf0 + dd2f00298e7141a226b3d7cee414f604d1e0ba54d11d5fe58bccea6ad77ad2e8 + c1caacf32459014b7b91001b1efa8ad172a523fb8e365b577121bf9fd88a2c60 + c21e821d7b6acb47a5a995e40caced5c223b8fe6de5e18e9d2e5893aefebb7aa + e7ff1a146260e2f110e939528213a0025a38ec79aabc861b25ebc509a4674c13 + 2aaacb7e0146f14efd11cfcaf4caa4f775a716ce325e0a435a4d349d720bcf13 + 7450afc45046fc1a1f83a9d329777a7084e4aadae7122ce97005930528eb3c7f + 7f1129b372887a371155a3ba201a25cbf1dcb64e7cdee092c3141fb5550fe3d0 + dd82e870e578b2b46500818113b8f6569773c677385b69a42b77dcba7acffd95 + fd4452e23aaa1d37e1da2151ea658d40a3596b27ac9f8129dc6cf0643772624b + 59f4f461230df471ca26087c3942d5c6687df6082835935a3f87cb762b0c3b1d + 0dda4a6533965bef1b7b8292e254c014d090fed857c44c1839c694c0a64e3fad + 90a11f534722b6ee1574f2e149d55d744de4887024e08511431c062750e16c74 + ab9f3242f2db3ffb12a8d6107faa229d6f6373b07f36d3932b3bdb04c19dd64e + add7f93c3c564c358a1c81dcf1c9c31e5b06568f97544c17dc15698c5cb38983 + a9afc42783faa773a52c9d8260690be9e3156aa5bc1509dea3f69587695cd6ff + 172ba83e6a6d8a7d6bbebbbcda3672731983f89bc5831dc37c3f3c5c56facc69 + 7f3cb20bd5dbadbd702e54844ac2f626901fe159db93dfd4773d8fe73562b846 + c1fc856d1802762840ebc72d7988bde75cbca70d319d32ce0cc0253bb2ad4557 + 23ee0c7f4736ce6e6665c5aca32a481c53839bc259167b013d0423395eeb9aaa + ee3206149a7d550d67fc5fdfe4a8a5c35d2510b664379ab8f72855a2af47abce + 2a632048eaf89e5cb4a88debc53a595103acce4f1cff18acff07afe1eb5716aa + 1e40b63134c3a3ae9579fa87f515be093c2d29db6d6b65c93661e00636b59270 + 4d093cc6716c2342eb1853d48c85c63ac8a2854462c7b77e7e3bd1eac5bca28f + faa00b5d349f8a547ad875b96a8c2b2910c9301309a3f9138a5693111f55b3c0 + 09ca947c39dfc82d98eb1caa4a9cbe885f786fa86e55be062222f8ba90a97407 + 3326b31212aece0a34a60` } + } + +C.3. Example Certificate + + The following is a self-signed certificate for the ML-DSA-44 public + key in the previous section. + + -----BEGIN CERTIFICATE----- + MIIPlDCCBgqgAwIBAgIUFZ/+byL9XMQsUk32/V4o0N44804wCwYJYIZIAWUDBAMR + MCIxDTALBgNVBAoTBElFVEYxETAPBgNVBAMTCExBTVBTIFdHMB4XDTIwMDIwMzA0 + MzIxMFoXDTQwMDEyOTA0MzIxMFowIjENMAsGA1UEChMESUVURjERMA8GA1UEAxMI + TEFNUFMgV0cwggUyMAsGCWCGSAFlAwQDEQOCBSEA17K0clSq4NtF55MNSpjSyX2P + E5fReJ2voXAksxbpvslPyZRtQvGbeadBO7qjPnFJy0LtURVpOsBB+suYit61/g4d + hjEYSZW1ksOX0ilOLhT5CqQUujgmiZrEP0zMrLwm6agyuVEY1ctDPL75ZgsAE44I + F/YediyidMNq1VTrIqrBFi5KsBrLoeOMTv2PgLZbMz0PcuVd/nHOnB67mInnxWEG + wP1zgDoq7P6v3teqPLLO2lTRK9jNNqeM+XWUO0er0l6ICsRS5XQu0ejRqCr6huWQ + x1jBWuTShA2SvKGlCQ9ASWWX/KfYuVE/GhvabpUKqpjeRnUH1KT1pPBZkhZYLDVy + 9i7aiQWrNYFnDEoCd3oz4Mpylf2PT/bRoKOnaD1l9fX3/GDaAj6CbF+SFEwC99G6 + EHWYdVPqk2f8122ZC3+pnNRa/biDbUPkWfUYffBYR5cJoB6mg1k1+nBGCZDNPcG6 + QBupS6sd3kGsZ6szGdysoGBI1MTu8n7hOpwX0FOPQw8tZC3CQVZg3niHfY2KvHJS + OXjAQuQoX0MZhGxEEmJCl2hEwQ5Va6IVtacZ5Z0MayqW05hZBx/cws3nUkp77a5U + 6FsxjoVOj+Ky8+36yXGRKCcKr9HlBEw6T9r9n/MfkHhLjo5FlhRKDa9YZRHT2ZYr + nqla8Ze05fxg8rHtFd46W+9fib3HnZEFHZsoFudPpUUx79wcvnTUSIV/R2vNWPIc + C2U7O3ak4HamVZowJxhVXMY/dIWaq6uSXwI4YcqM0Pe62yhx9n1VMm10URNa1F9K + G6aRGPuyyKMO7JOS7z+XcGbJrdXHEMxkexUU0hfZWMcBfD6Q/SDATmdLkEhuk3Cj + GgAdMvRzl55JBnSefkd/oLdFCPil8jeDErg8Jb04jKCw//dHi69CtxZn7arJfEax + KWQ+WG5bBVoMIRlG1PNuZ1vtWGD6BCoxXZgmFk1qkjfDWl+/SVSQpb1N8ki5XEqu + d4S2BWcxZqxCRbW0sIKgnpMj5i8geMW3Z4NEbe/XNq06NwLUmwiYRJAKYYMzl7xE + GbMNepegs4fBkRR0xNQbU+Mql3rLbw6nXbZbs55Z5wHnaVfe9vLURVnDGncSK1IE + 47XCGfFoixTtC8C4AbPm6C3NQ+nA6fQXRM2YFb0byIINi7Ej8E+s0bG2hd1aKxuN + u/PtkzZw8JWhgLTxktCLELj6u9/MKyRRjjLuoKXgyQTKhEeACD87DNLQuLavZ7w1 + W5SUAl3HsKePqA46Lb/rUTKIUdYHgZjpSTZRrnh+wCUfkiujDp9R32Km1yeEzz3S + BTkxdt+jJKUSvZSXCjbdNKUUqGeR8Os28BRbCatkZRtKAxOymWEaKhxIiRYnWYdo + oxFAYLpEQ0ht9RUioc6IswmFwhb45u0XjdVnswSg1Mr7qIKig0LxepqiauWNtjAI + PSw1j99WbD9dYqQoVnvJ6ozpXKoPNUdLC/qPM5olCrTfzyCDvo7vvBBV4Y/hU3Du + yyYFZtg/8GshGq7EPKKbVMzQD4gVokZe8LRlFcx+QfMSTwnv/3OTCatYspoUWaAL + zlA46TjJZ49y6w5O5f2q5m2fhXP8l/xCtJWfS/i2HXhDPoawM11ukZHE2L9IezkF + wQjP1qwksM633LfPUfhNDtaHuV6uscUzwG8NlwI9kqcIJYN7Wbpst9TlawqHwgOG + KujzFbpZJejt76Z5NpoiAnZhUfFqll+fgeznbMBwtVhp5NuXhM8FyDCzJCyDEqNC + MEAwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFDKa + B7H6u0j1KjCfEaGJj4SOIyL/MAsGCWCGSAFlAwQDEQOCCXUA/LEt78ExnP4sas0M + wv/5uOJwUaNNpxfdLJ4BvQt2ocbrYG/4Z4K75x7KbP9w2lzUnkTeihk1hrPTK+ok + QfG/KnOADj+SKVyGRvQecSunv+Ze77Um/UJRY+IrMsbwKhtG9hoX+sPEbQZwF4YP + Kgb6HBontM0zMs7eGWWgca0WBRgZyK2LwfZhRO3lR5xxutrN/nF9wKta2mRg1J8j + GuwZ7H6E3lol0NJD2TFc5CcO2EA7NV+hVb4/8W9ILm71WIwiLApn0YKI7RjG81Io + zPr3TjgKTvRTkxdjrVjKmelj8R47u/UMe1Ga7uiSQoIudYQziXPpexmvBKSUywF7 + yU+0cMVTIuqN6iTIbeTx0rzWMwMo4BTF33iroteo+/fhE0x0vkIPynPqW0IXluD4 + awiwZkZNyML+8GuHCPzcSGkKG63YB/jmiPWQppUs4PKWbjX+Wsr2pbvsUT0h2b2x + LB0K/7jLqEcWzDZvEYCshKNiQ6hhXhFyxDquGmLzrYtN5zdJqZSRU2hxfYutem6i + WvPL/cisDHzIY3ATkdABLwLq2FUMw6OGbLx2NllYRRV1vkgvHIpOb6PiUtk1yh7P + yAYDSE1UxjLFeYmjlCABYWElShY0kNzM2ktlkJszcJSY7e4RPlnldSeSGJ6VTTWy + y6XEp1f/0xqYDnJ7HdBAkNE2t+V4+iNMPhap3+MDtSNt+NPNLrH27j+7SdcCtTKL + KZdk8VcTB/IIj1eJnNwtLmf4w3Fs5tvOYxbwpEpSgOFhahYD17++K6d7u7mykFd5 + gZN7ydA4YRB/fFOJS8msLjm5ta8TYWDuU1t9RLFBd7S6qNSOg/GDNJ5CyyUAv/fD + 2+gtfiuVWtV7IoUNymNNK8Wrht2f5LlvWrGJQAhKm/JcUjwwAdENoZgFtUCVHW9W + UuWt3li4Ta69qXKVn1EdzNuPAdq5AbZyQmEl5GHyT+uv5VV9edGK6G5dASwATca0 + NOWL/kNWb6T4xkpvBgj5yI2+SvmfHZyiUo+s8hj3Ikt+U+m6zLKp4xB1x37CFdPy + J/7+yOcmelsZfNjr9Dps0Nxnijvu+fvhI0KkoVvzHG9yR6h7YXWn/VOezt8XL4vE + BcQcuCCj+Bz55rclX1gCGJED6ZhiQO5xvHDgptMzbbYkmuK6PZJzCMzWtFcYrrOi + jNHLBhtxnjgG71PygYGmoKRVG0fLS4MAcXLAl906fRDl9seI92Y3/JgCI5VgL/A3 + 3hcFv/fbYo2wBycYPYmpvZqCI4594sas92nZwyKlqlcIeYVhlu1gbX9HKUZQkH8x + 8J6h7l208b3cA59RcB7BYHlOriftCzyvq1JPcORSEvsk3vHX7iZA8DmKU73rpGQ8 + iAS+4bbEmCAfKEkKss2ub5uFkfip+x3C34/btT/msKOr/t0sTTwtSI4hpmln5OJJ + P0kwDwd93vJO9jUiztF8f6a8etCg/NqA9sdRz+7BGPviwAZwDOa+jZ0VvsoJkSax + ir5Z81E6rR949ZzKery208QzJD8emoXHwkWngyrZzqPguYvPB1fNDNLjdkZl3AnR + DL/0ahygOIRrEyrEdHLDPPSzoZYg7s7iW40E1Fs61/EMNeGDxWWmcXwSeRsJv1ut + pKxkjnofHFkc9i9RJhhYx5JPBn9JNBUG9obrwLnFTF+DUdEJwRbyMwLEWHzZobU8 + pvYXusxLgcd+0gn0s+siQNJAAlRniKsi0YutSR27k8nQyL0s8Jgl7bybSh/KbNKG + T/643zfGrBMfOtGo5z28CsXszpDlxhEipYS8iaoidwnjURrndCQgR7ukcYv105ul + K1v8V3S5msyWb4UTndzK5yK6owqRfstmUA6S6HczJ+qkowDpb2t3nMGqQ5+BTzww + pozM/bnTVSmLFMGNic+7NltWzRySbxGzc3dxSHHfly4kSocmr53vEewK2DpixrM3 + LJMYZYivUREMaHd4BCoUzjbK9aFs3EXcm6/Q8tbFzd4k9qDahopVccqiTmaJ4HGb + szeTqpm5iGJK9okvLy5w4j83oNhHPd/J6vw8ZqtfYYbME4GYXVtFRb07GpnPQa6E + aErkAgtVTKptOQyJaO09YaLEbHnAgYFhZ1wQeN0Negn1YqkBC4FBe1yBMdMOre7l + xV0FhkpMaO2wU0gPl9IrCe9m8aLRT4zcihIdJLVARPsudeLv6Oim3ao259gcum0y + P1KD1dxwUC/j6zAtz2Qjt2Q11dLfxqKPA67Go2Dng+/uaUvbZI0lsPrx2kX0ADsT + Nf5KoipXLssLwyooz3Ga0dcwjpTv0NE43wT8wx/OKuAC3cHAS/s+7Pk+xkypbFXI + ba8Z6Au7Dq4r03k0fPpgL3KHqpDBWNuxujH9+RN7oGGAjppcGfq4I5tf7i5mNjZQ + W+SBG7pgsVWibDidCbf7CfWwY6oWi718wtShOYFALIzsYAqeXqdi7raMQGl1T43A + WiyjbXxh0adG3sqmwVhjtvesFSwZ9v0fMG0CMDQBl3fP6FXmMMaV1O0GWb16zxVK + 4QtIFRQfQGkhXWNAvBPm4F2xb6F2uJUWHnOs9g8Wuhfk3pBtjtfFWJwkaOAOsvp2 + d/1UtsYop10zwW1EMyYxiUZ16TwvSb3Om4q0mGxHQEY1VkCMouBY680bWxMfw6C4 + rRv98itFqOAHP1Mc1tKCCtUOI/a1MDQrnI0oLjsxxTnOX2uUzrx2DnuWhPEx3/w1 + +BxKXZFcDHamuWl6nbPWwrOxbNorC6arGMQSy6h40f6dfixlsCpEh+lBjucRG74S + TJl8sM82z6akqE8JDOf3yU/sItuzOLfvNXICbkoMG0EBxMPa6TaxPNtco4UiKOuY + nkzyIOnH5LGNOQNQCExkxHFRyoZr8TMBEoIcICnZruw1r8gYtB+kFgivIsqKptXC + tAMhQF/vdss4YqwYcCV5bDVs90+IMlSalrfuecV0pdwUzvXn6QHVm+4SkKlMEwuY + wyQiiwPav40S9rIO5tE5gR/BBndPfo02pGvxXR9/vZjhRVRkJr3ZaC+lVHSqtsjc + bVfTh/nK6lkLYJ/AwcAK/3d4SKSIjHmTucj2KIDws4i3QSQ1qh1AABpugNV4zJgm + J88qqA7oLmNFkyILQW0g0COb500DDBcjPkZkb3p7i5yjrbzEx/L4BQkKGhstdnmO + nsLY8P4FBxAZKTJFRlSGipeipr3HGicsMTpNZ3eKqbK4wsTR3fAAAAAAAAAAAAAA + AAAAABMhMUI= + -----END CERTIFICATE----- + + SEQUENCE { + SEQUENCE { + [0] { + INTEGER { 2 } + } + INTEGER { `159ffe6f22fd5cc42c524df6fd5e28d0de38f34e` } + SEQUENCE { + OBJECT_IDENTIFIER { 2.16.840.1.101.3.4.3.17 } + } + SEQUENCE { + SET { + SEQUENCE { + # organizationName + OBJECT_IDENTIFIER { 2.5.4.10 } + PrintableString { "IETF" } + } + } + SET { + SEQUENCE { + # commonName + OBJECT_IDENTIFIER { 2.5.4.3 } + PrintableString { "LAMPS WG" } + } + } + } + SEQUENCE { + UTCTime { "200203043210Z" } + UTCTime { "400129043210Z" } + } + SEQUENCE { + SET { + SEQUENCE { + # organizationName + OBJECT_IDENTIFIER { 2.5.4.10 } + PrintableString { "IETF" } + } + } + SET { + SEQUENCE { + # commonName + OBJECT_IDENTIFIER { 2.5.4.3 } + PrintableString { "LAMPS WG" } + } + } + } + SEQUENCE { + SEQUENCE { + OBJECT_IDENTIFIER { 2.16.840.1.101.3.4.3.17 } + } + BIT_STRING { `00` `d7b2b47254aae0db45e7930d4a98d2c97d8f139 + 7d1789dafa17024b316e9bec94fc9946d42f19b79a7413bbaa33e7149cb42ed5 + 115693ac041facb988adeb5fe0e1d8631184995b592c397d2294e2e14f90aa41 + 4ba3826899ac43f4cccacbc26e9a832b95118d5cb433cbef9660b00138e0817f + 61e762ca274c36ad554eb22aac1162e4ab01acba1e38c4efd8f80b65b333d0f7 + 2e55dfe71ce9c1ebb9889e7c56106c0fd73803a2aecfeafded7aa3cb2ceda54d + 12bd8cd36a78cf975943b47abd25e880ac452e5742ed1e8d1a82afa86e590c75 + 8c15ae4d2840d92bca1a5090f40496597fca7d8b9513f1a1bda6e950aaa98de4 + 67507d4a4f5a4f0599216582c3572f62eda8905ab3581670c4a02777a33e0ca7 + 295fd8f4ff6d1a0a3a7683d65f5f5f7fc60da023e826c5f92144c02f7d1ba107 + 5987553ea9367fcd76d990b7fa99cd45afdb8836d43e459f5187df058479709a + 01ea6835935fa70460990cd3dc1ba401ba94bab1dde41ac67ab3319dcaca0604 + 8d4c4eef27ee13a9c17d0538f430f2d642dc2415660de78877d8d8abc7252397 + 8c042e4285f4319846c44126242976844c10e556ba215b5a719e59d0c6b2a96d + 39859071fdcc2cde7524a7bedae54e85b318e854e8fe2b2f3edfac9719128270 + aafd1e5044c3a4fdafd9ff31f90784b8e8e4596144a0daf586511d3d9962b9ea + 95af197b4e5fc60f2b1ed15de3a5bef5f89bdc79d91051d9b2816e74fa54531e + fdc1cbe74d448857f476bcd58f21c0b653b3b76a4e076a6559a302718555cc63 + f74859aabab925f023861ca8cd0f7badb2871f67d55326d7451135ad45f4a1ba + 69118fbb2c8a30eec9392ef3f977066c9add5c710cc647b1514d217d958c7017 + c3e90fd20c04e674b90486e9370a31a001d32f473979e4906749e7e477fa0b74 + 508f8a5f2378312b83c25bd388ca0b0fff7478baf42b71667edaac97c46b1296 + 43e586e5b055a0c211946d4f36e675bed5860fa042a315d9826164d6a9237c35 + a5fbf495490a5bd4df248b95c4aae7784b605673166ac4245b5b4b082a09e932 + 3e62f2078c5b76783446defd736ad3a3702d49b089844900a61833397bc4419b + 30d7a97a0b387c1911474c4d41b53e32a977acb6f0ea75db65bb39e59e701e76 + 957def6f2d44559c31a77122b5204e3b5c219f1688b14ed0bc0b801b3e6e82dc + d43e9c0e9f41744cd9815bd1bc8820d8bb123f04facd1b1b685dd5a2b1b8dbbf + 3ed933670f095a180b4f192d08b10b8fabbdfcc2b24518e32eea0a5e0c904ca8 + 44780083f3b0cd2d0b8b6af67bc355b9494025dc7b0a78fa80e3a2dbfeb51328 + 851d6078198e9493651ae787ec0251f922ba30e9f51df62a6d72784cf3dd2053 + 93176dfa324a512bd94970a36dd34a514a86791f0eb36f0145b09ab64651b4a0 + 313b299611a2a1c48891627598768a3114060ba4443486df51522a1ce88b3098 + 5c216f8e6ed178dd567b304a0d4cafba882a28342f17a9aa26ae58db630083d2 + c358fdf566c3f5d62a428567bc9ea8ce95caa0f35474b0bfa8f339a250ab4dfc + f2083be8eefbc1055e18fe15370eecb260566d83ff06b211aaec43ca29b54ccd + 00f8815a2465ef0b46515cc7e41f3124f09efff739309ab58b29a1459a00bce5 + 038e938c9678f72eb0e4ee5fdaae66d9f8573fc97fc42b4959f4bf8b61d78433 + e86b0335d6e9191c4d8bf487b3905c108cfd6ac24b0ceb7dcb7cf51f84d0ed68 + 7b95eaeb1c533c06f0d97023d92a70825837b59ba6cb7d4e56b0a87c203862ae + 8f315ba5925e8edefa679369a2202766151f16a965f9f81ece76cc070b55869e + 4db9784cf05c830b3242c8312` } + } + [3] { + SEQUENCE { + SEQUENCE { + # keyUsage + OBJECT_IDENTIFIER { 2.5.29.15 } + BOOLEAN { TRUE } + OCTET_STRING { + BIT_STRING { b`0000011` } + } + } + SEQUENCE { + # basicConstraints + OBJECT_IDENTIFIER { 2.5.29.19 } + BOOLEAN { TRUE } + OCTET_STRING { + SEQUENCE { + BOOLEAN { TRUE } + } + } + } + SEQUENCE { + # subjectKeyIdentifier + OBJECT_IDENTIFIER { 2.5.29.14 } + OCTET_STRING { + OCTET_STRING { `329a07b1fabb48f52a309f11a1898f848e23 + 22ff` } + } + } + } + } + } + SEQUENCE { + OBJECT_IDENTIFIER { 2.16.840.1.101.3.4.3.17 } + } + BIT_STRING { `00` `fcb12defc1319cfe2c6acd0cc2fff9b8e27051a34da + 717dd2c9e01bd0b76a1c6eb606ff86782bbe71eca6cff70da5cd49e44de8a193 + 586b3d32bea2441f1bf2a73800e3f92295c8646f41e712ba7bfe65eefb526fd4 + 25163e22b32c6f02a1b46f61a17fac3c46d067017860f2a06fa1c1a27b4cd333 + 2cede1965a071ad16051819c8ad8bc1f66144ede5479c71badacdfe717dc0ab5 + ada6460d49f231aec19ec7e84de5a25d0d243d9315ce4270ed8403b355fa155b + e3ff16f482e6ef5588c222c0a67d18288ed18c6f35228ccfaf74e380a4ef4539 + 31763ad58ca99e963f11e3bbbf50c7b519aeee89242822e7584338973e97b19a + f04a494cb017bc94fb470c55322ea8dea24c86de4f1d2bcd6330328e014c5df7 + 8aba2d7a8fbf7e1134c74be420fca73ea5b421796e0f86b08b066464dc8c2fef + 06b8708fcdc48690a1badd807f8e688f590a6952ce0f2966e35fe5acaf6a5bbe + c513d21d9bdb12c1d0affb8cba84716cc366f1180ac84a36243a8615e1172c43 + aae1a62f3ad8b4de73749a994915368717d8bad7a6ea25af3cbfdc8ac0c7cc86 + 3701391d0012f02ead8550cc3a3866cbc76365958451575be482f1c8a4e6fa3e + 252d935ca1ecfc80603484d54c632c57989a39420016161254a163490dcccda4 + b65909b33709498edee113e59e5752792189e954d35b2cba5c4a757ffd31a980 + e727b1dd04090d136b7e578fa234c3e16a9dfe303b5236df8d3cd2eb1f6ee3fb + b49d702b5328b299764f1571307f2088f57899cdc2d2e67f8c3716ce6dbce631 + 6f0a44a5280e1616a1603d7bfbe2ba77bbbb9b290577981937bc9d03861107f7 + c53894bc9ac2e39b9b5af136160ee535b7d44b14177b4baa8d48e83f183349e4 + 2cb2500bff7c3dbe82d7e2b955ad57b22850dca634d2bc5ab86dd9fe4b96f5ab + 18940084a9bf25c523c3001d10da19805b540951d6f5652e5adde58b84daebda + 972959f511dccdb8f01dab901b672426125e461f24febafe5557d79d18ae86e5 + d012c004dc6b434e58bfe43566fa4f8c64a6f0608f9c88dbe4af99f1d9ca2528 + facf218f7224b7e53e9baccb2a9e31075c77ec215d3f227fefec8e7267a5b197 + cd8ebf43a6cd0dc678a3beef9fbe12342a4a15bf31c6f7247a87b6175a7fd539 + ecedf172f8bc405c41cb820a3f81cf9e6b7255f5802189103e9986240ee71bc7 + 0e0a6d3336db6249ae2ba3d927308ccd6b45718aeb3a28cd1cb061b719e3806e + f53f28181a6a0a4551b47cb4b83007172c097dd3a7d10e5f6c788f76637fc980 + 22395602ff037de1705bff7db628db00727183d89a9bd9a82238e7de2c6acf76 + 9d9c322a5aa570879856196ed606d7f47294650907f31f09ea1ee5db4f1bddc0 + 39f51701ec160794eae27ed0b3cafab524f70e45212fb24def1d7ee2640f0398 + a53bdeba4643c8804bee1b6c498201f28490ab2cdae6f9b8591f8a9fb1dc2df8 + fdbb53fe6b0a3abfedd2c4d3c2d488e21a66967e4e2493f49300f077ddef24ef + 63522ced17c7fa6bc7ad0a0fcda80f6c751cfeec118fbe2c006700ce6be8d9d1 + 5beca099126b18abe59f3513aad1f78f59cca7abcb6d3c433243f1e9a85c7c24 + 5a7832ad9cea3e0b98bcf0757cd0cd2e3764665dc09d10cbff46a1ca038846b1 + 32ac47472c33cf4b3a19620eecee25b8d04d45b3ad7f10c35e183c565a6717c1 + 2791b09bf5bada4ac648e7a1f1c591cf62f51261858c7924f067f49341506f68 + 6ebc0b9c54c5f8351d109c116f23302c4587cd9a1b53ca6f617bacc4b81c77ed + 209f4b3eb2240d24002546788ab22d18bad491dbb93c9d0c8bd2cf09825edbc9 + b4a1fca6cd2864ffeb8df37c6ac131f3ad1a8e73dbc0ac5ecce90e5c61122a58 + 4bc89aa227709e3511ae774242047bba4718bf5d39ba52b5bfc5774b99acc966 + f85139ddccae722baa30a917ecb66500e92e8773327eaa4a300e96f6b779cc1a + a439f814f3c30a68cccfdb9d355298b14c18d89cfbb365b56cd1c926f11b3737 + 7714871df972e244a8726af9def11ec0ad83a62c6b3372c93186588af51110c6 + 87778042a14ce36caf5a16cdc45dc9bafd0f2d6c5cdde24f6a0da868a5571caa + 24e6689e0719bb33793aa99b988624af6892f2f2e70e23f37a0d8473ddfc9eaf + c3c66ab5f6186cc1381985d5b4545bd3b1a99cf41ae84684ae4020b554caa6d3 + 90c8968ed3d61a2c46c79c0818161675c1078dd0d7a09f562a9010b81417b5c8 + 131d30eadeee5c55d05864a4c68edb053480f97d22b09ef66f1a2d14f8cdc8a1 + 21d24b54044fb2e75e2efe8e8a6ddaa36e7d81cba6d323f5283d5dc70502fe3e + b302dcf6423b76435d5d2dfc6a28f03aec6a360e783efee694bdb648d25b0faf + 1da45f4003b1335fe4aa22a572ecb0bc32a28cf719ad1d7308e94efd0d138df0 + 4fcc31fce2ae002ddc1c04bfb3eecf93ec64ca96c55c86daf19e80bbb0eae2bd + 379347cfa602f7287aa90c158dbb1ba31fdf9137ba061808e9a5c19fab8239b5 + fee2e663636505be4811bba60b155a26c389d09b7fb09f5b063aa168bbd7cc2d + 4a13981402c8cec600a9e5ea762eeb68c4069754f8dc05a2ca36d7c61d1a746d + ecaa6c15863b6f7ac152c19f6fd1f306d023034019777cfe855e630c695d4ed0 + 659bd7acf154ae10b4815141f4069215d6340bc13e6e05db16fa176b895161e7 + 3acf60f16ba17e4de906d8ed7c5589c2468e00eb2fa7677fd54b6c628a75d33c + 16d44332631894675e93c2f49bdce9b8ab4986c4740463556408ca2e058ebcd1 + b5b131fc3a0b8ad1bfdf22b45a8e0073f531cd6d2820ad50e23f6b530342b9c8 + d282e3b31c539ce5f6b94cebc760e7b9684f131dffc35f81c4a5d915c0c76a6b + 9697a9db3d6c2b3b16cda2b0ba6ab18c412cba878d1fe9d7e2c65b02a4487e94 + 18ee7111bbe124c997cb0cf36cfa6a4a84f090ce7f7c94fec22dbb338b7ef357 + 2026e4a0c1b4101c4c3dae936b13cdb5ca3852228eb989e4cf220e9c7e4b18d3 + 90350084c64c47151ca866bf1330112821c2029d9aeec35afc818b41fa41608a + f22ca8aa6d5c2b40321405fef76cb3862ac187025796c356cf74f8832549a96b + 7ee79c574a5dc14cef5e7e901d59bee1290a94c130b98c324228b03dabf8d12f + 6b20ee6d139811fc106774f7e8d36a46bf15d1f7fbd98e145546426bdd9682fa + 55474aab6c8dc6d57d387f9caea590b609fc0c1c00aff777848a4888c7993b9c + 8f62880f0b388b7412435aa1d40001a6e80d578cc982627cf2aa80ee82e63459 + 3220b416d20d0239be74d030c17233e46646f7a7b8b9ca3adbcc4c7f2f805090 + a1a1b2d76798e9ec2d8f0fe050710192932454654868a97a2a6bdc71a272c313 + a4d67778aa9b2b8c2c4d1ddf0000000000000000000000000000013213142` } + } + +Acknowledgments + + We would like to thank ... for their insightful comments. + +Authors' Addresses + + Jake Massimo + AWS + United States of America + Email: jakemas@amazon.com + + + Panos Kampanakis + AWS + United States of America + Email: kpanos@amazon.com + + + Sean Turner + sn3rd + Email: sean@sn3rd.com + + + Bas Westerbaan + Cloudflare + Email: bas@cloudflare.com diff --git a/seanturner-ref-update/index.html b/seanturner-ref-update/index.html new file mode 100644 index 0000000..04ead57 --- /dev/null +++ b/seanturner-ref-update/index.html @@ -0,0 +1,45 @@ + + + + lamps-wg/dilithium-certificates seanturner-ref-update preview + + + + +

Editor's drafts for seanturner-ref-update branch of lamps-wg/dilithium-certificates

+ + + + + + +
ML-DSA in Certificatesplain textsame as main
+ + +