Professional Documents
Culture Documents
4 CAPE
5 Card Payments
6 Terminal Management
7 Message Usage Guide
8
11
12
13
14 Version 7.0
15 1st June 2019
16
This information is protected by international intellectual property laws and its use is governed by the applicable End-User license
Annex B : Key Downloading Version 7.0 - 1st June 2019
17
18 TABLE OF CONTENTS
19
20 1 Presentation of the Document ................................................................................... 5
21 1.1 References ......................................................................................................................................... 5
22 1.2 Conventions....................................................................................................................................... 5
23 1.2.1 Notations ...................................................................................................................................... 5
24 1.2.2 Nexo interoperability. ................................................................................................................... 7
25 1.3 Context ............................................................................................................................................... 7
26 1.3.1 POI Information ............................................................................................................................ 8
27 1.3.2 Initial and final context for TR-34 exchange ................................................................................ 9
28 1.3.3 Initial and final context for key agreement exchange ................................................................ 10
29 1.4 Cryptographic elements. ................................................................................................................ 11
30 1.4.1 Certification Authorities .............................................................................................................. 11
31 1.4.1.1 The RootCA. .......................................................................................................................................... 12
32 1.4.1.2 The Sub CA. .......................................................................................................................................... 15
33 1.4.2 POI Keys .................................................................................................................................... 18
34 1.4.2.1 KKRD-Sig................................................................................................................................................... 18
35 1.4.2.2 CredKRD-Sig ............................................................................................................................................. 19
36 1.4.2.3 KKRD-Enc .................................................................................................................................................. 20
37 1.4.2.4 CredKRD-Enc............................................................................................................................................. 21
38 1.4.3 TM Keys ..................................................................................................................................... 23
39 1.4.3.1 KKDH-Sig................................................................................................................................................... 23
40 1.4.3.2 CredKDH-Sig ............................................................................................................................................. 24
41 1.4.4 Ephemeral Key : Ke ................................................................................................................... 25
42 1.4.4.1 Clear value ............................................................................................................................................ 25
43 1.4.4.2 RSA-ES-OAEP encoding of Ke ............................................................................................................. 25
44 1.4.5 Transport Key : Kn ..................................................................................................................... 26
45 1.4.5.1 Clear value ............................................................................................................................................ 26
46 1.4.5.2 TR-31 KBH of Kn ................................................................................................................................... 26
47 1.4.5.3 ASN1 structure of Kn with its TR-31 KBH.............................................................................................. 27
48 1.4.5.4 Enciphered ASN1 structure ................................................................................................................... 28
49 1.4.5.5 TR-31 Key Derivation from Kn ............................................................................................................... 28
50 1.4.6 Key Block Protection Key. .......................................................................................................... 29
51 1.4.7 Initial DUKPT Key. ..................................................................................................................... 33
52 1.4.7.1 Authentication of the TR-31 Block. ........................................................................................................ 33
53 1.4.7.2 Encipherment of the TR-31 Block. ......................................................................................................... 35
54 1.4.7.3 Value of TR-31 Block............................................................................................................................. 36
55 1.4.8 MAC Computation Key for Request. .......................................................................................... 36
56 1.4.8.1 Authentication of the TR-31 Block. ........................................................................................................ 36
57 1.4.8.2 Encipherment of the TR-31 Block. ......................................................................................................... 38
58 1.4.8.3 Value of TR-31 Block............................................................................................................................. 39
59 1.4.9 MAC Computation Key for Response. ....................................................................................... 39
Page ii
Annex B : Key Downloading Version 7.0 - 1st June 2019
88
89
Page iii
Annex B : Key Downloading Version 7.0 - 1st June 2019
90 Figures
91
92 Figure 1: Notations ............................................................................................................................................ 6
93 Figure 2: Encryption and Digital Signature Notations ........................................................................................ 6
94 Figure 3: Key Check Value Notation ................................................................................................................. 7
95 Figure 4: Initial context of TR-34 exchange. ...................................................................................................... 9
96 Figure 4: Final context of TR-34 exchange. ...................................................................................................... 9
97 Figure 4: Initial context of key agreement........................................................................................................ 10
98 Figure 4: Final context of key agreement. ....................................................................................................... 10
99 Figure 4: POI and TM Certificates ................................................................................................................... 11
100 Figure 5: ANSI-X9 TR-34 key injection ............................................................................................................ 53
101 Figure 6: Translation of ANSI-X9 TR-34 key injection in nexo messages ...................................................... 54
102 Figure 11: dhHybrid1 method ........................................................................................................................ 153
103 Figure 12: Translation of dhHybrid1 in nexo messages ................................................................................ 154
104
Page iv
Annex B : Key Downloading Version 7.0 - 1st June 2019
1 The POI should be a POI Terminal, a POI Server, or any Intermediary Agent.
147 Owner indicates who owns the private key associated to this credential. It's either the KRD or the
148 KDH,
149 Usage indicates the usage of the public key contained in the credential. It's either encryption,
150 denoted Enc, or signature denoted Sig,
151
152 A CTOwner-Usage is a SignedData CMS Structure including a CredOwner- Usage and its Certification
153 Revocation List
154
155 Random values are denoted ROwner, where:
156 Owner indicates who generated the random value. It's either the KRD or the KDH,
157
158
159
160 Figure 1: Notations
161
162 Authentications are denoted Auth[Key](Data), where
163 Key is the symmetric key used to authenticate the Data.
164 Data is the data which is authenticated,
165
166 Encryptions are denoted Enc[Key](Data), and decryptions Dec[Key](Data), where
167 Key is the asymmetric key or the symmetric key which has encrypted the Data.
168 Data is the data which is encrypted,
169
170 Digital signatures are denoted Sig[Key](Data), where
171 Key is the asymmetric key which has signed the Data.
172 Data is the data which is signed,
173
174
175
176 Figure 2: Encryption and Digital Signature Notations
177
178
179 A Key Check Value (KCV) of a symmetric key is denoted KCV(Key) and equal to:
180 Enc[Key](00…00) for any 3DES Key,
181 Auth[Key](00…00) for any AES Key,
182
3DES
symmetric key
KCV(Key) = Enc[Key](00..00)
AES symmetric
key null string
KCV(Key) = Auth[Key](00..00)
183
184 Figure 3: Key Check Value Notation
185
186 The following symbols || denotes concatenation.
187
188
205
206 The resulting XML encoded structure is:
207
208 <POIId>
209 <Id>66000001</Id>
210 <Tp>OPOI</Tp>
211 <Issr>MTMG</Issr>
212 </POIId>
213 <TermnlMgrId>
214 <Id>nexo-KeyInjectionServer-TM1</Id>
215 <Tp>TMGT</Tp>
216 </TermnlMgrId>
217
229
230
231 The resulting XML encoded structure is:
232 <POICmpnt>
233 <Tp>TERM</Tp>
234 <Id>
235 <ItmNb>1</ItmNb>
236 <PrvdrId>Nexo</PrvdrId>
237 <Id>Nimbus2001</Id>
238 <SrlNb>00000851</SrlNb>
239 </Id>
240 </POICmpnt>
241
242
243
244
POI TMS
251
252 Figure 4: Initial context of TR-34 exchange.
253
254 At the end of the process of the TR-34 exchange, the POI and the TM own the credential(s) from the
255 counterpart and the same KeySet as illustrated by the following figure.
POI TMS
CredKRD-Sig CredKRD-Enc
CredKDH-Sig KeySet
256
257 Figure 5: Final context of TR-34 exchange.
258
259
260
261 1.3.3 Initial and final context for key agreement exchange
262
263 Before any key agreement exchange as explained in this document, the POI and the TM only own their
264 credentials as highlighted in the following figure. The POI also own a set of parameters P and g.
265 The way these credentials have been inserted inside the POI and the TM are outside the scope of this
266 document.
POI TMS
KKRD-Sig KKDH-Sig
P, g
CredKRD-Sig CredKDH-Sig
267
268 Figure 6: Initial context of key agreement.
269
270 At the end of the process of the key agreement exchange, the POI and the TM own the credential(s) from
271 the counterpart, the same key Z and possibly parameters P, g as illustrated by the following figure.
POI TMS
KKRD-Sig KKDH-Sig
P, g P, g
CredKRD-Sig CredKDH-Sig
CredKDH-Sig Z CredKRD-Sig Z
272
273 Figure 7: Final context of key agreement.
274
275
276
277
Certificate
Authority CRootCA-Sig
Root CA
Certificate
Authority CCA-Sig
CA
POI TMS
Key
Signature Signature
Encryption
297
298 Figure 8: POI and TM Certificates
299
300 In this example, the sufficient chain is only the SubCA certificate which has been securely exchanged
301 between POI and TM, so the chain of certificates in messages should be empty.
302
303
304
309
310 The dump of the certificate is:
311
312 -----BEGIN CERTIFICATE-----
313 MIIFMTCCAxmgAwIBAgIJAMTp2RuqqldzMA0GCSqGSIb3DQEBCwUAMDYxJTAjBgNV
314 BAMMHE5leG8gVGVzdCBQS0kgU2VydmVyIFJvb3QgQ0ExDTALBgNVBAoMBE5leG8w
315 HhcNMTgxMjA1MTM1ODEwWhcNMjgxMjA0MTM1ODEwWjA2MSUwIwYDVQQDDBxOZXhv
316 IFRlc3QgUEtJIFNlcnZlciBSb290IENBMQ0wCwYDVQQKDAROZXhvMIICIjANBgkq
317 hkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAzhFJoP1JppD/W/KmKU3lElVjbW7r317J
318 yK/dJ5Q5Cuq4IybNQSNZTqlOI8xKp8qZUFUl+eLrwPd229+ury6JKfR11Ku183ID
319 eNy9NXon5CAF68HPqXxJkeHRyfzD2fOLHxd5PYovnaZz10U0K9PjBKFTDukD75ra
320 bEnCM3GIn4EcFGsAS56v/jkOMyg8Ci1QcxKOCFttePcUn8BUhNzOkmXF2dW4zKyY
321 3IJuLWPZE6ulH3R0KF668pGIEma1urdVBrht4Cm13Jqgkg7GnbRqjgcOMc30AQY1
322 7n5Lj6ciaXBPusAd/L8RG5bTrf3Rx9r8gtqLQHe6BIMBD9wrMNoSlvH4qU3xYDEQ
323 VFNtmzM3P01xVXM4cjzrFLRsVFIykd+dG6IyH3QYUqQpsrSb3hhxrfqmfBLi+IA7
324 CLTck8NfyCZvxGiljYN7mQ1KLaNSPcNQfi2xi+41OJ7hFcCbcBvIGyPf/eLHlKEK
325 9yWK/33p7LYR5x/NSrkSfQQkdqWZF4hj1blJ1Ek36MS3MTvz4u/eoy2bJrSm7qym
326 yLpmdp8c6TAV5UENlW0WR0vH3opJnuA0GGHnKmfL8Nao6ybJHNbNcyRUVgHHiWJK
327 r311AqxgW2vxOfBqMT90WiRifhfeiDBfYcq00ex8PUZ6YKyRoNRlkNkGxrAqjozZ
328 wseJHWMgDUECAwEAAaNCMEAwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMB
329 Af8wHQYDVR0OBBYEFElc1gNh8uX0Yj+jGTFc8mzWkrpBMA0GCSqGSIb3DQEBCwUA
330 A4ICAQCOPklhCHhecXlNO+bOnWQz7w9tPojuuC2CDLcI8hmE1PZfKBuBDSZ0OSjs
331 Sbg6N7Ns1ummanMrq1oQdZXXzACoJ0Ekabz5Lt29Flc96MQoLGt/9+wk4f/LpKJW
332 zbiq34WEo4Gz+dZ2bLgPkAUQnu712UNvcAb3fCHs6SlUyjg3G2ubhHa3PtgssDa1
333 z+NcgRtNsq4xLJmDX3DzxqGxDgRIWw27gfA4Zbhm6Zuz53CaZLpp+YtjIUTtWaD0
334 oASBv/2iY6xCM6b6efHxNM1hE8SrDaFvIF0VxpgQRq3OBWNvWQTSd0+0jGeEy7E2
335 QUZSvt34GcvRUi0BF+XH8R9EzrQIK+Mdvq43bHXF95/CwLTAMS6ww8iKCGBIMeE8
336 mlZDXLo1bpkQc9CkUhZ79XKarmuPEbb+gqW7sR00aZtjoFTCSu0ZTAR57+/N8b+x
337 mCB7GKxSH3r4SPCdPrC69qEYOTpD6ZwBuRIUBQ5nzPjiiSdPBZWxYUFzreW0kMaL
338 JidEjGP8hVRltGInB5yAGkGrcj9ook3DL+7QlrwX/i8vCPdJJf2oeBsddQgPSCa1
339 DSrYsENTC31/IEdsd+EFhNg3a10Dk3DDRKe1K+RjU6eG4gLXkog3OvhX0ckRKGS0
340 Vc891mQK2/AIUremrU1EgP0Nqs93+9j/CGKbtOrQaBkv6+Vcog==
341 -----END CERTIFICATE-----
342
343
344 The RSA key of the RootCA has a key length of 4096 bits with the components dumped below:
345
RSA Key Component Value
Modulus CE1149A0FD49A690FF5BF2A6294DE51255636D6EEBDF5EC9C8AFDD279439
0AEAB82326CD4123594EA94E23CC4AA7CA99505525F9E2EBC0F776DBDFAE
AF2E8929F475D4ABB5F3720378DCBD357A27E42005EBC1CFA97C4991E1D1
C9FCC3D9F38B1F17793D8A2F9DA673D745342BD3E304A1530EE903EF9ADA
6C49C23371889F811C146B004B9EAFFE390E33283C0A2D5073128E085B6D
78F7149FC05484DCCE9265C5D9D5B8CCAC98DC826E2D63D913ABA51F7474
285EBAF291881266B5BAB75506B86DE029B5DC9AA0920EC69DB46A8E070E
31CDF4010635EE7E4B8FA72269704FBAC01DFCBF111B96D3ADFDD1C7DAFC
82DA8B4077BA0483010FDC2B30DA1296F1F8A94DF160311054536D9B3337
3F4D71557338723CEB14B46C54523291DF9D1BA2321F741852A429B2B49B
DE1871ADFAA67C12E2F8803B08B4DC93C35FC8266FC468A58D837B990D4A
2DA3523DC3507E2DB18BEE35389EE115C09B701BC81B23DFFDE2C794A10A
F7258AFF7DE9ECB611E71FCD4AB9127D042476A599178863D5B949D44937
E8C4B7313BF3E2EFDEA32D9B26B4A6EEACA6C8BA66769F1CE93015E5410D
956D16474BC7DE8A499EE0341861E72A67CBF0D6A8EB26C91CD6CD732454
5601C789624AAF7D7502AC605B6BF139F06A313F745A24627E17DE88305F
61CAB4D1EC7C3D467A60AC91A0D46590D906C6B02A8E8CD9C2C7891D6320
0D41
Public Exponent 010001
Private Exponent 1269B90A89976B2AC9A68DA80B48CA8F38D209953FBE55D9F1F4C4EE2470
746944CADF4CB7E550B596AB44C79C6421D651374A8D69996744B57A3022
8BC4BCBCE2FB2465B37C6D53A219174F0FFB40871C0054F11953E1BF074E
979DDE623B40D32665CEF9EA074C384DA4016569297FE06A6B8AA6AF6246
E226351423B0F18FB7D29B3D0B84C27514E40FEE286F405D4FEAF88606A5
6189B26E13E1797DC17793607A767E6CCB7F5D34CA6383E881B974A7BAE0
263B50B91C07EC9D00E00E41AAB8101957A0C87588A3846E7AE9041C6CC4
F7EE4F3F482EC980BF7FB68F7C9C6C8363674A8E48190F011B2AF2F3C8BD
8773BFBDA2F51C321886324629B752B1C1186D891525305BDB6572AA98C0
35EF4DEF02F664E5CC42D77EDBA14B02AD9E311FDB4CFFC0B6E77272723C
5E8EE931E9B4E0A298872BB0CB6AD6F9BD215A47C0BBB3B4F54B1DEA0C7A
6BE44F862697A87B7F266267FD1B4FDBC3A108861A84A79FD2F659B0A0FD
407BBC7B3C849857253BE1162633CB472A2CEDF723EB305B3AB967621716
97623D4500DDCFA736F21EB9E4F9F5C999B434188EA705F5227014E8F4A2
136C14961E0E82C2560680CD23E1649A5289036F14EA88AE994BA3D9BBC7
A9E735E556AAB1BB4BA2AECEF08263B310386A8E891CFF17FA2CBB320246
7C7BF8635BE06F4E0705D4CAD0AEB675D7A832B969A7378E7FF772EF56F0
0381
Prime 1 00EF64AD125460D8F074EE04AB2A877BC446A61D9F857176C73D8BC7877B
5F7002369B2A436A7A46FA70E20F7F819F5A1710C468A3DB34190D2BAFF2
766D4C10C4A1E01461110D3C90C58361A309F21D3980A1333EF48A5D5A08
1F048BFCB5D258905428864B47F3153392158DBDB1038FF8545B066B8EC2
FB12413D79EFC6AF1E39680ACA45A6B68B72A0681346D3C556E03524F661
5F25BAF2D9F6A739E008D1DD6DB7A811448351E1420E9ABE4CEFC3B6C92F
60446EA0895DB692897F3120727A7C3013B3C5428DF56125D57284257AE1
2033AEE71F1999D6C49C01EB1B01C511B3D9F465A142C2EA1F6C25E1FBCA
5960F7E826157769BDC7A67AD4796FDBA7
Prime 2 00DC5CC9CE619E943B563F06500F356AB9F5999CB48F3C04032876CBBC6F
ADDCAE88C8EF841F667F6A5CC10D6192898A438D4225FE048ADD09E16821
DEE7C726E584FF69EBF629DD951D9D29C886C9FB84D85700511A9CE384A1
65CB969D0DB22467FBFB8FB1272442A3B52A4C495294006F794FE121E0CD
A12E8FA1E921851EEFCAFA6C0049D51C2793FC9FFEA9E10E65EF257EC6E4
E162A5496D9B31D11F21E37EB778209E1E6E7DB1AA25EE75F336ECADE6AF
955DF907E7820AB7857987064C3878C62770F1BD1CE26AC35FD45E56C203
F8B109DB4F0EB4C0CF23A0E84A51E74E953E3791E17BFAE4B857797EC781
D653C5AC1BBA22468811406784A25F4CD7
Exponent 1 00D9E674969B912FC5E759038CDD8046CAC857C9DCFAB4E59DC34AA90A8B
E4B9EA79D3D0AB5E8F006E5333A151B925D7F5E8C02E52FF62B36EC69637
874E430F7C3BAFE03CDE2D83346F64000A4C324221A61094B9B812FD97C6
8E9D2FE28D89722DA53CE1C8422C63DEF6188254E87BCA9F0A01749D906B
AFE6D4D56559382B0BC2CB0E0F4148D71DA4EF96EBFCEB23D3C8EEF6BF00
B07F82642CBB93495DC0096E98C0B3CD4BE490320E5386CCB2F106DF28CE
E3BC4649FFDEFA20F5E07D520081B6EA77F48917E46936CD1E35474D6A44
E26FC8C2FD0EEB758EAE461CBF0F645691B350FEF4C2F4F1F03A1B5D5037
C6153A71E7C0605A327138FAD2CDDA603F
Exponent 2 56BD7B7E6E74A27A9CDF6017C174D056F4B30BB9132C9793BAA8D057934A
47B4B8090826E4C94EDC4A387F90E9C29417351255AC20939CA05806CA56
58BBCEB6C7DC561058AC70195337DB0BA0EAFEC372F90419E8B4DAE60935
EDA69299A286AC1BC710EFB5AD9341A77D47DC10D24B3D95EDF87B8266CE
CC6A235C86224564346CD0786897A76678DD1709824B2184C456E909576C
D48CA553ACA43661DFD011C01C5C12817E12A20D8CB2C9E0FBBCBC5332C8
43DE53DB301811D74B57F805A6B0FBA6E8D16F1460978FE237D10EAB7E2E
B55960E744ADA7BBA195A3FA25353C7C88AA0D1549DD1F8CE479E18A9CB4
05F3A8649DA702466B2C03D374AAB8AF
Coefficient 00B4D27523376CEE09073D1848B440DF99F2AD139DCFDDF4AAB4B210F5DE
0506246A32F5F9AACF611E2F4FF7B9DE44635CBE6C6A05A8D665057986FA
BA1C586C4DE10422F31FE909ABCCD06F0ECFADF6F194B0D0EC1FD717006B
1D869025C73E21F3BA25712E2E01A8D62FB1E431207F65F26CB09865096E
427E063C7836C4D798F79783DDF26D4B80B71AEA05D8526A641CAA8DDB6F
D6DDAD660EF5778AB3E4B2A4BA9B0A64AF914FD7C90F1D52E2484E063970
FBDD913EAE7D1809C47814BC4034B2FCD184BFE11A1F844382481B8DE9FD
E96ED96042DC14401E80247AABFE65C0A426F67A5AF61D2728857AFE600F
E2323BE8831E49EC0529904C11738FE942
346
347
348
353
354 The dump of the certificate is:
355
356 -----BEGIN CERTIFICATE-----
357 MIIFSTCCAzGgAwIBAgIBADANBgkqhkiG9w0BAQsFADA2MSUwIwYDVQQDDBxOZXhv
358 IFRlc3QgUEtJIFNlcnZlciBSb290IENBMQ0wCwYDVQQKDAROZXhvMB4XDTE4MTIw
359 NTEzNTgyMVoXDTIzMTIwNTEzNTgyMVowNTEkMCIGA1UEAwwbTmV4byBUZXN0IFBL
360 SSBTZXJ2ZXIgU3ViIENBMQ0wCwYDVQQKDAROZXhvMIICIjANBgkqhkiG9w0BAQEF
361 AAOCAg8AMIICCgKCAgEAqiMmdL9xK/5jAsvE+Ma0jiB1cGe9jcVfxUxWcIBA4PFU
362 /KA5dnVFJdZHffmsWXY6VnmWb0aNXH3DfuPBkQzMQOQnx4gvHdbgEFbWXCSTjpUt
363 BfyZ8LcgVsOPyX9N7aesjZr5rfV/a1kDn/4N9Q2ZIxVR34nypbUKF/UJbjFA/VZB
364 cx1r671d+RAUhEXhiZMmCE8mIIuvvntpDQnXU4qwmsy5xy1+szZYFsFqa85TytbR
365 sz3qS5W3hxqIrQoJR2r0PPxuFK62hgCxsdmD2Ej6lGinpMa8BW5QWf9nIxy/cHzQ
366 5YpfBgb+6B3aTKDHDNZUf6Ke6CsAsI09WAMzugQFiluL4fjNAPc8R9DY2vhEf8MF
367 jmfQXAHE1Y/7PQ4NkdaAQoLZ6OmZ55XlIj7wbFrlhcIvEix7FTIjq/qSh6qbrDzD
368 8QJ01Gs/4LNOn66ePGCshO9eCj3Fx7VHEudrdHd08yTBCDGzmaPosu1BMILgApAV
369 tlIzbwKYzYFWtmpA+BuXJ3MyZ5baN1iHSBQHZnSkIuo8oOzX8Dn1UBv2p1mdrhv3
370 hOmDY6HZOE69aBgEjdekTOdHbSxzBZ8UrHxOv1Myo5rFcgidPRjF5EZcYtPXOwSB
371 CxZM2HShTgMilX+4Wf3+84vMeC9XzxFv/NxGth2IlnhuZkWpNdP7rf0KLQgh0xcC
372 AwEAAaNjMGEwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0O
373 BBYEFNQAsV8LV+O13W5sKwBB7uBY08BOMB8GA1UdIwQYMBaAFElc1gNh8uX0Yj+j
374 GTFc8mzWkrpBMA0GCSqGSIb3DQEBCwUAA4ICAQBJbouNZ5t4dwfOQdAc4UQKtK0H
375 f6CRb+3+bSTNCJuF7PJ18FeoFIqoMMmATZ9FAnw+aEcl2AViF4IGjAyxllBRCtQ0
376 GSr7GwTLSJo6Y7pb3qwfA56LH2pk/Puy1QAfHtn2AErm/pQS9fTe/r1paz9K/Vez
377 Xtk+Fl4DbA9gjyu4zx088YhgCeH8vUvYWxtoGHdsI2hVKHLrt/bMcpgVvJYKzwjW
378 s27PwjQGVbclU/jbglQoiFOEWSoK93ggSwNteQ3ua8BI9AFzNtxkM30DLD+6brr5
379 9t2nsGgJvtsEqHiRyfBt1zYmOxasgB/iCG75B2MSqx5Q0hItyDdjU4J3ugAYoU7S
380 y2ot9EEHBksLhl8zLHLJTB5mKJPsezzRQ2Nxa5gzNpYVvz922X0/yqknUmdDbQw1
381 MS01nRvBlH5rUuY4VGghH3zxZnQlQt7flRzSpCSpYKbkhAlukB3nI5D7L9Jq9Oin
382 n9Tbh2S/LIivKzhIPbdpZl6OtoMMACerxF6WCj6J8PN+RKzbJ0eXb88bPfEo46oa
383 Erg3mDgs9Pb6qUtnDPSUfSSQ/gU45lGf6brQfNDo3QWTSqgzwy5GJbJtCH9kTbKN
384 VoPswaHeMtpmaE9vswJ8NRnYe935Bu0SNwFoSWoL4HoJaG+vJduptiEgw5IloY5W
385 9MZYe0kjKHYjC17isg==
386 -----END CERTIFICATE-----
387
388
389 The RSA key of the CA has a key length of 4096 bits with the components dumped below:
390
RSA Key Component Value
Modulus AA232674BF712BFE6302CBC4F8C6B48E20757067BD8DC55FC54C56708040
E0F154FCA03976754525D6477DF9AC59763A5679966F468D5C7DC37EE3C1
910CCC40E427C7882F1DD6E01056D65C24938E952D05FC99F0B72056C38F
C97F4DEDA7AC8D9AF9ADF57F6B59039FFE0DF50D99231551DF89F2A5B50A
17F5096E3140FD5641731D6BEBBD5DF910148445E1899326084F26208BAF
BE7B690D09D7538AB09ACCB9C72D7EB3365816C16A6BCE53CAD6D1B33DEA
4B95B7871A88AD0A09476AF43CFC6E14AEB68600B1B1D983D848FA9468A7
A4C6BC056E5059FF67231CBF707CD0E58A5F0606FEE81DDA4CA0C70CD654
7FA29EE82B00B08D3D580333BA04058A5B8BE1F8CD00F73C47D0D8DAF844
7FC3058E67D05C01C4D58FFB3D0E0D91D6804282D9E8E999E795E5223EF0
6C5AE585C22F122C7B153223ABFA9287AA9BAC3CC3F10274D46B3FE0B34E
9FAE9E3C60AC84EF5E0A3DC5C7B54712E76B747774F324C10831B399A3E8
B2ED413082E0029015B652336F0298CD8156B66A40F81B972773326796DA
3758874814076674A422EA3CA0ECD7F039F5501BF6A7599DAE1BF784E983
63A1D9384EBD6818048DD7A44CE7476D2C73059F14AC7C4EBF5332A39AC5
72089D3D18C5E4465C62D3D73B04810B164CD874A14E0322957FB859FDFE
F38BCC782F57CF116FFCDC46B61D8896786E6645A935D3FBADFD0A2D0821
D317
Public Exponent 010001
Private Exponent 4B153C1165B312112FACBA3470FD700D10F202EB2551FD7AA85D6A0037F9
69CBD70FADBDEE330E93061F82CEBE6AB4AC46215E6C391C8566D2F19A9D
7FDFBFFC1B341AF054AABC7B217AD11AD4E171990FC786948110AFEADA5F
08337036A33A993B7D5871F10B74BB0ECE556681DBC509D199EF0CF06816
CE3FCB2B9FFCE8503A8E0CBBE5CB2A3F92031BE4A305CDB4891234E743FE
08F7F98251877F4CC3676D55C73AA2A180281BD2BB9E5BEDCAA446E2ED3E
0AA145DF0FACA580BA5B942DB90445A846FA31E4F8865E51BB0F69D638E1
52EC896974276DB032D9E203F2268321E990C9DE287C53405574D6A329AB
1CB0ADA413E63803FCC06C99554C150D2395AEA21DDA286BB14FCAC1D17A
52FA512A1D0C82915B945423F7719912A8838F843735FDF5A1669B68B4DE
E3F2050A487B75D5207F8E0649F8D5E2A5B4B460AC42AD01258D705CC3C4
5C43E836CCDEDEE29243B0BCB8E05B5B4080FCF453E8867CBB9B8A475B7A
7AC554634CE4BE1D20ECCC8DADEDA139CF2C7EB771CCF62674473681ABD1
B8A4564ACAB2F565A637A35852B7FF87F79248614646A8F5AF076C090410
4074ABF8880BED49458B0E663BCF71A148816A8BB092C7824B2B5D2A8B1E
F12AA5E6B2A0793F04B307AB15148ECC143257DC42CDBB1528F0E6440907
87AE406DE52778F593EC524C5E476DB7A4628D4AFC892C2CBF1A37F10D88
8881
Prime 1 00DD81670FE54DDB3391ECEC8DB08C1A66BB63B47380497B89BAC172CB0F
FDF815E6BA8B688E38FE396694924C4515E3B4F30843C6B15FF02E1049D0
DDE59C89BCA7E086EF5CBB454FFEB66D32C386BF4B87571AF9CEADDA2863
E4C036326840C80C04C098151D8A2363CC928100E975EBF5D6498996CE03
5C223C00BE9D62FB5823F0C016C78DDA8719C01FEFA14A751CACE9A60FBB
0DCC53C7366CE4F977E49684B5FCBB0165A3D18D8027FA35E2912F72A50F
55058D7EF7820E6185894022EC68412097D2837F12CF2080F9551C09367B
FB59AFD306EC5CF082BB1986DFE4467741732102497E60D22D1EDFD2661F
608D6AF302481A48E09BF9DD71DAC74BE1
Prime 2 00C4A1E3DF13633FF44D335AD76E3D8451274552E0846DB88B1663182865
791691178A498F7B833098602E77608A0B0590E37E8E610EF006BA2E1099
C40237F5C0D7D36E9E1AD94C3E7E186B0F3E55A2E2F2ECC8589DF77FF5E5
F68CC8D55135B7F8CE63885C20749AED29817C1AEA2F1540FAE039DEC2F5
01E9459ABEBC585A4C7B5330DC5291E098DBF378B05E0A691D0FF3C616C0
3A78DEBBD4DB35DB8CFA11FB41EBDE623A1DAB43B469F000BAC88AF624B6
A9AF731F0C4F3383F2E0A95AE6718B1883164DD236D3EF706F0863194EAA
C100F14024B1D37985D8F6F94328422BE76CC25A3420998F42BC35B03888
FECEEF6555CF37AF3CE39AD7CCB5233DF7
Exponent 1 29F1A90C6F8570AEB1414602069E611976FE885B1EBDCB70E7365E806944
D447816B6D9E9CDFD9F410A2AD9957B3AF6CC2609C44F1AD931385EE1469
1063B6094D58CCF46280EBBD1C247B4513955E7FF4DEDFB2D21A45A74453
3ABA888D0947584F4611065E939BE3F806FDFAA83AB635D52013B7C4C70A
19497772A0E6EF655F58E566EADEC7B4B1819A0A8C66470AE90B4D70C920
F1C2238500D5D30F8AEF9DADC06FC0F1F83564301261E4F6443BD1DFC3A9
7BE5B15738FF74240F3B5FE198544CD1B301477CCE4FFF5C376B99AB018B
350E804D5D50B4126D4F8624BB5B4495D63137F7A6C0BACBE47EC99EA0EE
6D9904EF37AC1284C5C468D4787328C1
Exponent 2 0088319D94B86809371C75D298DEC98B296EAAEC9188083B47533545D94D
1786D2EE5C2141598A6F914B25441840E50B70E4B196CA913F1D59BD6850
28DC64883A8F02EA5E6638563FFEB4C90AA0E14DD625EE6D823BBFDF08A1
C49894CE73D6625BDA1044B592E15121AD9AFB2BE542C154E5AF8345D101
44D69F1864BE2DF035834206D8C3F4387D87F36687BA4B39AD208C778AF0
904F81EED5AB13EDC302BE8BAA8845DB0167E5651AC439B137AE89D99D6A
4BB3B36830ED76C010ED1D4051D71941DC2209BAEDB0F3EA8B6D62BE77A7
7BD13C4872621D18D1E58A82F1CA23B32733449697FE707E32FA0BB1C826
D35EDF9FEFC47C4C4B3F56D3DBFD26B0D7
Coefficient 009D94496A810FD6F994A790E821D0E951DDB2CA0B53A266B500C7B9042F
E7BBFAD6015747024AD594DB5464FE89EC7ED6702E7D8AF4A9BA4FBD5877
E10CF158004F0D07A53160E3A65835FD8DC0673BAAD79AA514CF361442DD
055FFFED100762E6D41B23EAEE289DD55D80E145353F9CBAE5AE335DA6C1
36AC3D7DE6D5B08717C1001C38000390651FE58A0D1D1325A423289DD23B
0428EC0453F583E983F03592E5931D559EC32A8F9B538778E5DB031174BD
3AC1E85416B86F8ECE5C2F6E49AED61F510DA0F8ABA4D57723AC1FBCED43
050DCD3FEC1C38B9C6ACEDD4F5BA3D7A886D8EE7BCAAB082117D369D4744
396AD7B10574A7D3AFF6A33C7FF5ED047B
391
392
393
394
Coefficient 78E3AC8215218F22092E551AC9B4096A3D6BF73351E604A77B57F35B05A0
B018569301AC0879E519F540D941A16A0A0F740AEED450BC293F345BD6E2
E20E16D051F9C9306C50E60BD115DDD7D2E029485AC987F0108FF25BB7EF
76BDD27830A59A8E67720FA2B2E00981A0B7FF3E8E099AE06A7BB5C17750
121B4B5106F5DBE5
407
412
413 The dump of the certificate is:
414
415 -----BEGIN CERTIFICATE-----
416 MIIESTCCAjGgAwIBAgIBAzANBgkqhkiG9w0BAQsFADA1MSQwIgYDVQQDDBtOZXhv
417 IFRlc3QgUEtJIFNlcnZlciBTdWIgQ0ExDTALBgNVBAoMBE5leG8wHhcNMTgxMjA2
418 MTQ0MTA0WhcNMTkxMjA2MTQ0MTA0WjA8MR4wHAYDVQQDDBVOaW1idXMyMDAxLVNO
419 MDAwMDA4NTExDTALBgNVBAoMBE5leG8xCzAJBgNVBAYTAkJFMIIBIjANBgkqhkiG
420 9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqXcAqnabwBOETIs+dHhXRIsOH0j6j6TkyBlR
421 u6QxyqpDgMk6i5wPShgg7R66Io762I5jXZu6UKwC42U/1gnmnx8ts0rQ8MOzjfCO
422 i7h+ToLsMKqAQP3x4SvT+XaXeX61aDBhLB4WTomeOAGTuf3fK182OVUbJ3DVpzHS
423 FhWtYWU2WYewP2/7VLRG2d5sPLwM3wqIZ3aQydcNOdpznCfCNHiEdC2BhTGHaoQj
424 gp5KfGdS//godVIff2H4z2Fz6k1+Xd8TEr6Hc0u2PDgK3UBTYpVvar1iR39wY5zg
425 xfY69QlKPp0ZLMhW0kScTcO6of64qSJqxjpFD1midLVN/6jQ+QIDAQABo10wWzAM
426 BgNVHRMBAf8EAjAAMB0GA1UdDgQWBBR9dNFZbt9PE4j+Ya/1YrvWpj+vyjAfBgNV
427 HSMEGDAWgBTUALFfC1fjtd1ubCsAQe7gWNPATjALBgNVHQ8EBAMCBsAwDQYJKoZI
428 hvcNAQELBQADggIBADpqXwzELOUPdhPJkFRY+K/DjBOHbIAbha5Umh+KjVf+vAY1
429 +HY3ovqoC2cNxHq8gt6q/KSvfy143WgYCS2d46uZ+iKJxsYKHB+4wvZ5sF14MH+b
430 ZU8T5SXMaTps0P8uJi+x2L4S9/kBGzw1DGt9C+Vb3DCX5Vtsdvpt6K6Z96NvGQ8Z
431 1tikK/m8iDva3L7N04gaKjMtoXXD3hsf42KE9asWa2SvbYZv/3d+a+8bfLVhvUHH
432 9NASHIEJwcBhAKMKVL+3ZJadNLDhlA1WehYj0Zau42oKB43/yV1GUo5/Z84dE66s
433 A2/8kuvgq7TyN3VYbRvAQI3P8RIKPRZyGM8loqwU0Ab6bKPrFNYUdz087bu2DCT4
434 OjQFkwFB9Q8fz4s7l/uovxIPzVdjgYmK29kcfH63/5c8GtIKJxXbxsLueSfrRZPN
435 TXY5IoW6XrpSt2H1GOnZ0y3yUZhKYcbDilhl29tn7yVqd/JvxcyRalTZT0aAjQ2X
436 YLA2EdKEIrnvcImyrE8rq5ppMd6+ZqL5TCNZ3wYuYBG8JfVcekNnEi7pJO0DsH+L
437 WJNfVOJmGkjw4r9j3fueza1YEfrTmYOofiOBev7dNiSGLM9aE9lfNPFVGcgjERQk
438 ifH+2FwqBJWvS5j+sIXbj4yiTssWnlrq7Dy+Kvc0qRYPqYK/YADBXReTuTMO
439 -----END CERTIFICATE-----
440
441
Exponent 2 08C47DB4C08CA176662A741AF8F03B0EB17C7366114DDF6A8AFAFFF6745A
20D5370896A0F6EA0D0FACB66976C600CADC2B2AC5377159D5D75CE0FF12
0D55B325B6620E64CFBA4A5A07D46CA7735B532C103C418E9BF7CBFC897D
A4133D6A0456F3A24DBE3C6BD120F89DC02B123C53EACE6C7DE6838CF975
E5D4B4C9FE1F1EA1
Coefficient 00D52DA41FA804EDEDDC873369D982DC0E3272D1E21E7155D0DE7DE2FCFE
13FF80A00062011EE801632378737F8FCB55A7D05C7FA8C5068327FFE480
560DD7B1E6E76683A75708A5611FA27EDCE5AFEE190D619F0F33EFADBF9A
DD0CCE9BC7BAEAB3E905F5D67CEE1D399A955469151A2666F72156A4680C
89C9053659EE67EDE2
446
451
452 The dump of the certificate is:
453
454 -----BEGIN CERTIFICATE-----
455 MIIESTCCAjGgAwIBAgIBAjANBgkqhkiG9w0BAQsFADA1MSQwIgYDVQQDDBtOZXhv
456 IFRlc3QgUEtJIFNlcnZlciBTdWIgQ0ExDTALBgNVBAoMBE5leG8wHhcNMTgxMjA2
457 MTQ0MDEyWhcNMTkxMjA2MTQ0MDEyWjA8MR4wHAYDVQQDDBVOaW1idXMyMDAxLVNO
458 MDAwMDA4NTExDTALBgNVBAoMBE5leG8xCzAJBgNVBAYTAkJFMIIBIjANBgkqhkiG
459 9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4KJYupmrZaiRs6ZDoCLac8Kn50Lt82dvblIi
460 odFxJxSrY+S4ZKiX3APy9txHnOBZzgNVhzX06QB7f2DUYEDV+GFUXqo+eOinS1JX
461 Xvb6TC3CxhEEQJ5XLZhW3xVHHaXCe93GjDLJjxCs5jr97SQrhyelXK2cK+28xQq8
462 uUOUP+jiCswVElPBYccbCpcrRRc/cmQtmhQg7yCN9k/t4FdsQPwYK+quTaHQ/Ch3
463 hm+4etY2F4GxmCGh3hNilJhDiEtrfhH35jN+MUlncTR6EJ6zG7GBuqQzMM0gGMqv
464 kOWnToR5bRnzbfAZaC5qDvotgtGpmo0DSg9B1lP9dhJKAY/WwQIDAQABo10wWzAM
465 BgNVHRMBAf8EAjAAMB0GA1UdDgQWBBQKmu4+t8wvqHNuvrSbnVuDsqngEjAfBgNV
466 HSMEGDAWgBTUALFfC1fjtd1ubCsAQe7gWNPATjALBgNVHQ8EBAMCBSAwDQYJKoZI
467 hvcNAQELBQADggIBAF3cdInRZZBIcQPpkAY63ieyd79h8kzrvxE8UC01i+lhPAlq
468 MAEyLe+1ItsBshFVY0TJgMG/clnXP/ryhda1E2oN+HsQY2IkGK67ECXz2/u6WYuF
469 26nBM8m9Rh4/6sKziYHeL55egU2gqTrDH8B/Wv0/2p3/IFbfPKZnETkIq6G+GdXA
470 zAlt5/L65GZ5W30ED9EbEOSuqOhoeBjDZXAY+ufu7NDHFyf8HtnfTns1/2AdF79k
471 Pya6fpkmkpy6au0/I28eS/n3iuPUtG3uRz6dxGk4E9pOLvUi37TRyphb5dxP+hbN
472 nyjDNFlskTl8byZCORZ/YN1J23vGlK3igaiCnJCEYmnOnTl8Dhn0XGRN5GUq7wYo
473 yYSA8plezxO6H08JM2Gs1yBnM3kutwwzJZ7DqzosovUrHKAqu5D5BAwGu2C9GliI
474 RpPzLLcujzQ5VFUTPj29i0lV5YQ+Ouku/G1XsQnYErymWzyl65k6HLlUSU10FfgB
475 4FCQvCEZuzS9Ojk3PI62NNMA4r4x3LqjpuEwjtsRmMCjlX/8iQ2dqE5BzwJBkJpb
476 HkNbw02mWM5qos5efqu+SjiRq8ywSRU5jGuY4VuRaP7cH2EqxcYZNMOZGymzeWY7
477 LntZIGHB/UBAd1l84aC8dcFS3PbxhYwMG2wWJgzpTSFyAVwFUg63SPYDgMsP
478 -----END CERTIFICATE-----
479
480
481
Coefficient 51CB53F57A1457C1EAEA7B7E92EA6FC2563B58560CBC6C723F0701502BC3
8CB6EFCABC8E3D484923B808AA86A16DE3606A2193B67E7056117102E1F4
28FF5FE9799D91C8A6EFA6B478C75F0CDDBF1DE925BC58154879E984C13C
FDA286BCD5995E4E6F55443FD2203F07D0D359D5CDEEB28B1D5BC7A29BB5
AC5D32526C19A812
492
497
498 The dump of the certificate is:
499
500 -----BEGIN CERTIFICATE-----
501 MIIETzCCAjegAwIBAgIBATANBgkqhkiG9w0BAQsFADA1MSQwIgYDVQQDDBtOZXhv
502 IFRlc3QgUEtJIFNlcnZlciBTdWIgQ0ExDTALBgNVBAoMBE5leG8wHhcNMTgxMjA2
503 MTQzNzQ2WhcNMTkxMjA2MTQzNzQ2WjBCMSQwIgYDVQQDDBtuZXhvLUtleUluamVj
504 dGlvblNlcnZlci1UTTExDTALBgNVBAoMBE5leG8xCzAJBgNVBAYTAkJFMIIBIjAN
505 BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA54VnUeyAdRF2BCE9xKPN1dWcpPEY
506 i9I26HdBynavlMiM64oqX+nVjzjK9GSub5we4kgEuq1viII7KP6j2RXv2g781x5I
507 e2QHDftxrIvzO+jtaj7oMits4wt0rQ59M/zh+Atwoz7f2b321tiuqc88zHxAhtQg
508 xJNFweuFQnWEnlFleBGx2hvSVePvG07wTt0becmABTieQuOTjPi3qATcdebvuHI5
509 Y13wekEiB5KFg2InIEOqZpRt2/MZDsJAa4fXIkGc8ND3C//MAPJOPS/fZaXmokoT
510 veH/JjdABhrougwYSNknPdymFp2h9klU8Yh5ZLG38HfAkjr0MABDbMBjHQIDAQAB
511 o10wWzAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBQJXRGjP5ROADR6OVlmA9MaPqtu
512 qTAfBgNVHSMEGDAWgBTUALFfC1fjtd1ubCsAQe7gWNPATjALBgNVHQ8EBAMCBsAw
513 DQYJKoZIhvcNAQELBQADggIBAGPBX2VxMk9R3me19VBc+XYQy/O7vOr4KZ6KzA4J
514 r9hB7M6WG5S0IO1XtHrgzczDwfutYdX1tad945nORRsafajbMchkbQtSDnTjbdyu
515 yCdCcR8nlhAUOpIcYYufYZOFbuGWrWASXLDKnnmEslrnA0Wfh5IMBnMRVM6CKaCJ
516 Cnf835bCO21JFfj/XDCI2dk5wpmWUqy6RWJIFXu8W8HzRLS+QSr1DOCnDKXHMJPq
517 8razQRFGfQEZ1ZRpPRzv5uCeAv1SDOX/AvEQGZ9xWQ5nkPDdcD8eudbNVGZUvY8I
518 esen91svak2gLmQRHgT5J6fFqBnlqu1mu7ZjryMGJ3qqLpOFg7RhKMwZ5kG7U7wj
519 mg33c1GqbQwogv5ny+PHyKAYaNXVAo7j6L/qCU42AtMC64aL+t+pC0Y1jZQvGhJx
520 Sg49F14d0rzaWYPFzzpU4k48hWfCLE6xKAQhni5W3RAjUFnV5HZRmChY9dYqeSm6
521 qZywGhm84QylhVHuMH3Q94ArryuxBz7/Ui/Af2lD7RctILqI/B5TRsgxyDgs+rnw
522 IEWRLON91aW0c7B9SiQn13mDdBsa8NV91bD+a6pKF8sV/aEAPl547MoqT4WjsY6Y
523 V8249CZPMTXOE67mQhP+26jtyWv4jfHljMUl6KKIlm063kEkTI58kekYUTQ2rZvG
524 JWd4
525 -----END CERTIFICATE-----
526
527
542
543 The SHA-256 of the empty string is:
544 0000 E3 B0 C4 42 98 FC 1C 14 9A FB F4 C8 99 6F B9 24 |...B.........o.$|
545 0010 27 AE 41 E4 64 9B 93 4C A4 95 99 1B 78 52 B8 55 |'.A.d..L....xR.U|
546
547 So the DB block is:
548 0000 E3 B0 C4 42 98 FC 1C 14 9A FB F4 C8 99 6F B9 24 |...B.........o.$|
549 0010 27 AE 41 E4 64 9B 93 4C A4 95 99 1B 78 52 B8 55 |'.A.d..L....xR.U|
550 0020 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
551 0030 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
552 0040 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
553 0050 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
554 0060 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
555 0070 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
556 0080 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
557 0090 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
558 00A0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
559 00B0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
560 00C0 00 00 00 00 00 00 01 F5 DB FB 9D 22 9B EF 77 75 |..........."..wu|
561 00D0 8F 04 48 87 D1 52 45 A3 85 DC 3B 24 9C E5 2F |..H..RE...;$../ |
562
563 We arbitrary consider the following seed SD for this example as:
564 0000 69 7E 49 B5 E8 FA 67 5B 95 EB 04 25 E9 82 36 09 |i~I...g[...%..6.|
565 0010 97 31 B7 DB F1 78 71 12 7A 94 C5 B1 4A 83 48 CD |.1...xq.z...J.H.|
566
567 Then the result of the encryption is:
568 0000 20 13 9F 59 CC 2A 34 00 CA 21 28 7C 1F 63 D3 FE | ..Y.*4..!(|.c..|
569 0010 7C D8 AA AF 7E E1 7B EA E8 25 60 CA BA F3 E5 4C ||...~.{..%`....L|
570 0020 03 65 13 B4 D1 F2 E9 A0 AD C7 56 C5 2F 6C 8C 52 |.e........V./l.R|
571 0030 84 3F 9B D6 7B 08 79 C0 2B 59 8A 0F 7E DE E8 FB |.?..{.y.+Y..~...|
572 0040 68 C3 31 46 43 29 46 33 3A E8 43 50 9E 6F A3 3B |h.1FC)F3:.CP.o.;|
573 0050 A3 C8 2A 5D 9F 5F DB 23 E6 18 2D 0E 5F D7 AD AA |..*]._.#..-._...|
574 0060 D2 C1 5F 65 10 F7 C4 8D 49 83 29 C7 62 C0 00 0D |.._e....I.).b...|
575 0070 90 6C 1A F0 D8 17 15 C4 77 7C 0C 4C 03 74 24 A2 |.l......w|.L.t$.|
576 0080 54 9E 2A 2F 02 8B A4 0C AE BD EC D3 88 82 1E FC |T.*/............|
577 0090 04 C5 2D 7E FC C7 1A FD BD BC FC 43 8A D6 CB 4A |..-~.......C...J|
578 00A0 A3 FE 73 E4 20 CF 5F A3 A2 90 74 9D 55 F0 EB 85 |..s. ._...t.U...|
579 00B0 1E B1 AE 06 0F 35 48 D9 DB D7 ED DD CC CB 63 95 |.....5H.......c.|
580 00C0 2E 9D 94 DA 74 24 C3 40 EC AE 78 DF 27 AD 4B DC |....t$.@..x.'.K.|
581 00D0 49 78 A5 67 66 D0 F5 A5 9E 63 BD D7 14 8A CB 08 |Ix.gf....c......|
582 00E0 E3 69 4A C1 D0 A0 E0 FF 0F 87 FE 35 57 83 29 A0 |.iJ........5W.).|
583 00F0 BA B7 AD 47 0A 0C 05 6F CB FC 1D 40 F3 E3 D2 C3 |...G...o...@....|
584
599
600 So the hexadecimal encoding of the TR-31 Key block header is 42303031364B31544430304E30303030
601 or B0016K1TD00N0000 encoded in ASCII.
602
603
608
609 Leading to the following hexadecimal buffer :
610
611 0000 30 81 83 02 01 01 30 4B 30 42 31 0B 30 09 06 03 |0.....0K0B1.0...|
612 0010 55 04 06 13 02 42 45 31 0D 30 0B 06 03 55 04 0A |U....BE1.0...U..|
613 0020 13 04 4E 45 58 4F 31 24 30 22 06 03 55 04 03 13 |..NEXO1$0"..U...|
614 0030 1B 4E 45 58 4F 2D 4B 45 59 49 4E 4A 45 43 54 49 |.NEXO-KEYINJECTI|
615 0040 4F 4E 53 45 52 56 45 52 2D 54 4D 31 02 05 24 00 |ONSERVER-TM1..$.|
616 0050 00 00 00 04 10 37 23 3E 89 0B 01 04 E9 BC 94 3D |.....7#>.......=|
617 0060 0E 45 EA E5 A7 30 1F 06 09 2A 86 48 86 F7 0D 01 |.E...0...*.H....|
618 0070 07 01 31 12 04 10 42 30 30 31 36 4B 31 54 44 30 |..1...B0016K1TD0|
619 0080 30 4E 30 30 30 30 |0N0000 |
620
621
622
638
639 Leading to the following enciphered buffer:
640
641 0000 35 E5 85 83 35 E2 3F 94 CE C2 DE FC 0F 6F F6 36 |5...5.?......o.6|
642 0010 B6 DD 8E 23 9D CD F6 20 FE F7 6A F9 8C 4F 7A 31 |...#... ..j..Oz1|
643 0020 0D 6A 0A B3 21 23 DC A1 EB 7D 2E 75 BE EE 73 B0 |.j..!#...}.u..s.|
644 0030 2B DD E5 7F CC E9 84 A4 26 32 12 17 1C C1 61 9C |+.......&2....a.|
645 0040 9C 9B C4 4F 0E EC FF 71 63 C0 03 A9 9B 08 DE A4 |...O...qc.......|
646 0050 32 E6 04 6B CF 8B D5 03 42 41 99 3E AC AB 01 25 |2..k....BA.>...%|
647 0060 0C 0D 92 84 E9 23 85 E2 AF B6 76 86 84 9B E5 BE |.....#....v.....|
648 0070 4E 42 F1 44 A0 48 CF 63 3D FC 12 B4 F8 4F 14 B8 |NB.D.H.c=....O..|
649 0080 49 58 C0 B7 38 CD BE 32 |IX..8..2 |
650
659
660 The most significant bit of S is 0, K1 is then the value S << 1:
661
662 0010 A9 EC 41 EE 20 6B 16 58 |..A. k.X |
663
664 The most significant bit of K1 is 1, K2 is then the value K1 << 1 xor 0x87:
665
666 0010 53 D8 83 DC 40 D6 2C AB |S...@.,. |
667
668
669
670 The Derived Protection Key is made by concatenation of K1, K2 :
671
672 0000 A9 EC 41 EE 20 6B 16 58 53 D8 83 DC 40 D6 2C AB |..A. k.XS...@.,.|
673
674
675 For Encryption computation, the key is
676
677 0000 C3 D9 D4 4B BC F1 5A F5 25 DA 3A F7 C0 E6 EB E7 |...K..Z.%.:.....|
678
679 Then Key Block Encryption Key is : C3D9D44BBCF15AF525DA3AF7C0E6EBE7.
680
681 For Authentication computation, the key is:
682
683 0000 51 9F 03 2A F2 EF 83 4A A0 10 62 FE 54 F7 11 A3 |Q..*...J..b.T...|
684
685 Then Key Block Authentication Key is : 519F032AF2EF834AA01062FE54F711A3.
686
886F70D03070408A27BB46D1C306E0980818835E5858335E23F94CEC2DEFC0
F6FF636B6DD8E239DCDF620FEF76AF98C4F7A310D6A0AB32123DCA1EB7D2
E75BEEE73B02BDDE57FCCE984A4263212171CC1619C9C9BC44F0EECFF716
3C003A99B08DEA432E6046BCF8BD5034241993EACAB01250C0D9284E92385E
2AFB67686849BE5BE4E42F144A048CF633DFC12B4F84F14B84958C0B738CDB
E32
655 513 SET
659 509 SEQUENCE
663 1 INTEGER 01
666 71 SEQUENCE
668 66 SEQUENCE
670 11 SET
672 9 SEQUENCE
674 3 OBJECT IDENTIFIER countryName
679 2 PRINTABLESTRING BE
683 13 SET
685 11 SEQUENCE
687 3 OBJECT IDENTIFIER organizationName
692 4 PRINTABLESTRING Nexo
698 36 SET
700 34 SEQUENCE
702 3 OBJECT IDENTIFIER commonName
707 27 PRINTABLESTRING nexo-KeyInjectionServer-
TM1
736 1 INTEGER 01
739 11 SEQUENCE
741 9 OBJECT IDENTIFIER sha256
752 142 CONTEXT SPECIFIC
755 24 SEQUENCE
757 9 OBJECT IDENTIFIER contentType
768 11 SET
770 9 OBJECT IDENTIFIER pkcs7-envelopedData
781 31 SEQUENCE
783 9 OBJECT IDENTIFIER pkcs7-data
794 18 SET
796 16 OCTET STRING
B0016K1TD00N0000 Identification of Kn
814 32 SEQUENCE
816 10 OBJECT IDENTIFIER randomNonce
828 18 SET
828 18 OCTET STRING
53675620D312085067D69431FAD6AC21
848 47 SEQUENCE
850 9 OBJECT IDENTIFIER messageDigest
861 34 SET
863 32 OCTET STRING
A705F8B5AEECA0C925CBC71ADB03ED9EFFCB661B5EED89E474BA1D077A41 Sha256 of the
688A envelopedData
897 13 SEQUENCE
899 9 OBJECT IDENTIFIER rsaEncryption
910 0 NULL
912 256 OCTET STRING
3BD37394D2D089C408801F24A1E4369612E4A3EDBE50FFF96941626B4054169 rsaSha256 encryption of
A88398D2B6DCA6C4A3181DD70940419B22212CD79455E985FC60D83C7AF1F the envelopedData
9A7A983F29C788D6AFB6A3CC6305557652106A59549821B07E8EC5E7CE03AE
92DB848335411817AD1930BC66CB2FEB91F5F4C705472DB5CE6A8F075488F9
B5AD2B1A21C17EB658CB115D36B33C0C08B55F263B42BCAB08484C22062E7
ACD6B09AB59020C86267444937F8A9CEEC94A9312651E5A1EAE2C5254278FA
08A21B202FFC9129B2ECCAA6AD7A34B4521319E5C7B1F6D0033258A7183CB
22AB2A0DE0AA848DD8EF829F620967B5CC22D63FDC82D9426FF621364E4FE
14F9F60E91E11F11DDB
693
694 With the envelopedData composed with the following ASN1 structure.
695
Offset Length Content Comments
0 587 SEQUENCE :
4 1 INTEGER 00
7 405 SET
11 401 SEQUENCE
15 1 INTEGER 00
18 65 SEQUENCE
20 60 SEQUENCE
22 11 SET
24 9 SEQUENCE
26 3 OBJECT IDENTIFIER countryName
31 2 PRINTABLESTRING BE
35 13 SET
37 11 SEQUENCE
39 3 OBJECT IDENTIFIER organizationName
44 4 PRINTABLESTRING Nexo
50 30 SET
52 28 SEQUENCE
54 3 OBJECT IDENTIFIER commonName
59 21 PRINTABLESTRING Nimbus2001-
SN00000851
82 1 INTEGER 02
85 69 SEQUENCE
87 9 OBJECT IDENTIFIER rsaesOaep
98 56 SEQUENCE
100 13 SEQUENCE
102 9 OBJECT IDENTIFIER sha256
113 0 NULL
115 24 SEQUENCE
117 9 OBJECT IDENTIFIER mgf1
128 11 SEQUENCE
130 9 OBJECT IDENTIFIER sha256
141 13 SEQUENCE
143 9 OBJECT IDENTIFIER pSpecified
154 0 OCTET STRING
156 256 OCTET STRING
20139F59CC2A3400CA21287C1F63D3FE7CD8AAAF7EE17BEAE82560CABAF3 rsaesOaep encipherment
E54C036513B4D1F2E9A0ADC756C52F6C8C52843F9BD67B0879C02B598A0F7 of KE
EDEE8FB68C33146432946333AE843509E6FA33BA3C82A5D9F5FDB23E6182D0
E5FD7ADAAD2C15F6510F7C48D498329C762C0000D906C1AF0D81715C4777C
0C4C037424A2549E2A2F028BA40CAEBDECD388821EFC04C52D7EFCC71AFD
BDBCFC438AD6CB4AA3FE73E420CF5FA3A290749D55F0EB851EB1AE060F354
8D9DBD7EDDDCCCB63952E9D94DA7424C340ECAE78DF27AD4BDC4978A567
66D0F5A59E63BDD7148ACB08E3694AC1D0A0E0FF0F87FE35578329A0BAB7A
D470A0C056FCBFC1D40F3E3D2C3
416 172 SEQUENCE
696
697 The corresponding base64 bytes are:
698
699 -----BEGIN KTKDH_2Pass PEM File-----
700 MIIEkAYJKoZIhvcNAQcCoIIEgTCCBH0CAQExDTALBglghkgBZQMEAgEwggJiBgkq
701 hkiG9w0BBwOgggJTBIICTzCCAksCAQAxggGVMIIBkQIBADBBMDwxCzAJBgNVBAYT
702 AkJFMQ0wCwYDVQQKEwROZXhvMR4wHAYDVQQDExVOaW1idXMyMDAxLVNOMDAwMDA4
703 NTECAQIwRQYJKoZIhvcNAQEHMDgwDQYJYIZIAWUDBAIBBQAwGAYJKoZIhvcNAQEI
704 MAsGCWCGSAFlAwQCATANBgkqhkiG9w0BAQkEAASCAQAgE59ZzCo0AMohKHwfY9P+
705 fNiqr37he+roJWDKuvPlTANlE7TR8umgrcdWxS9sjFKEP5vWewh5wCtZig9+3uj7
706 aMMxRkMpRjM66ENQnm+jO6PIKl2fX9sj5hgtDl/XrarSwV9lEPfEjUmDKcdiwAAN
707 kGwa8NgXFcR3fAxMA3QkolSeKi8Ci6QMrr3s04iCHvwExS1+/Mca/b28/EOK1stK
708 o/5z5CDPX6OikHSdVfDrhR6xrgYPNUjZ29ft3czLY5UunZTadCTDQOyueN8nrUvc
709 SXilZ2bQ9aWeY73XFIrLCONpSsHQoOD/D4f+NVeDKaC6t61HCgwFb8v8HUDz49LD
710 MIGsBgkqhkiG9w0BBwEwFAYIKoZIhvcNAwcECKJ7tG0cMG4JgIGINeWFgzXiP5TO
711 wt78D2/2NrbdjiOdzfYg/vdq+YxPejENagqzISPcoet9LnW+7nOwK93lf8zphKQm
712 MhIXHMFhnJybxE8O7P9xY8ADqZsI3qQy5gRrz4vVA0JBmT6sqwElDA2ShOkjheKv
713 tnaGhJvlvk5C8USgSM9jPfwStPhPFLhJWMC3OM2+MjGCAgEwggH9AgEBMEcwQjEL
714 MAkGA1UEBhMCQkUxDTALBgNVBAoTBE5leG8xJDAiBgNVBAMTG25leG8tS2V5SW5q
715 ZWN0aW9uU2VydmVyLVRNMQIBATALBglghkgBZQMEAgGggY4wGAYJKoZIhvcNAQkD
716 MQsGCSqGSIb3DQEHAzAfBgkqhkiG9w0BBwExEgQQQjAwMTZLMVREMDBOMDAwMDAg
717 BgoqhkiG9w0BCRkDMRIEEFNnViDTEghQZ9aUMfrWrCEwLwYJKoZIhvcNAQkEMSIE
718 IKcF+LWu7KDJJcvHGtsD7Z7/y2YbXu2J5HS6HQd6QWiKMA0GCSqGSIb3DQEBAQUA
719 BIIBADvTc5TS0InECIAfJKHkNpYS5KPtvlD/+WlBYmtAVBaaiDmNK23KbEoxgd1w
720 lAQZsiISzXlFXphfxg2Dx68fmnqYPynHiNavtqPMYwVVdlIQallUmCGwfo7F584D
721 rpLbhIM1QRgXrRkwvGbLL+uR9fTHBUcttc5qjwdUiPm1rSsaIcF+tljLEV02szwM
722 CLVfJjtCvKsISEwiBi56zWsJq1kCDIYmdESTf4qc7slKkxJlHloerixSVCePoIoh
723 sgL/yRKbLsyqatejS0UhMZ5cex9tADMlinGDyyKrKg3gqoSN2O+Cn2IJZ7XMItY/
724 3ILZQm/2ITZOT+FPn2DpHhHxHds=
725 -----END KTKDH_2Pass PEM File-----
726
727
728
729
738
739 The length of data to authenticate is 26 bytes and shall be padded by 6 bytes to be multiple of 8 bytes.
740
741 The random value that will use arbitrary for the protection of the TR-31 Key Block will be A89AD040C8BD.
742
750
751 The key that will be used for the authentication is :
752 519F032AF2EF834AA01062FE54F711A.
753
754 The computation of the CMAC TDEA is explained in the following lines
755 First we generate the subkeys K1, K2
756
757 The TDES encryption of the null block with the key K is the block S with the following value
758
759 0010 F2 AD 75 21 B9 C1 4F EF |..u!..O. |
760
761
762 The most significant bit of S is 1, K1 is then the value S << 1 xor 0x1B:
763
764 0010 E5 5A EA 43 73 82 9F C5 |.Z.Cs... |
765
766 The most significant bit of K1 is 1, K2 is then the value K1 << 1 xor 0x87:
767
768 0010 CA B5 D4 86 E7 05 3F 91 |......?. |
769
770 Then we compute the MAC
771 At the beginning we will xor with:
772 0010 00 00 00 00 00 00 00 00 |........ |
773
774 The xor value is equal to:
775 0010 42 30 30 38 30 42 31 54 |B0080B1T |
776
777 The result of Tdes ciphering is equal to :
778 0010 3E B8 12 18 5A 31 25 56 |>...Z1%V |
779
780 The xor value is equal to:
781 0010 66 88 22 56 6A 01 15 66 |f."Vj..f |
782
783 The result of Tdes ciphering is equal to :
784 0010 49 8F 1E B1 45 49 3D F0 |I...EI=. |
785
786 The xor value is equal to:
787 0010 49 0F F0 8B A3 0D 21 DE |I.....!. |
788
789 The result of Tdes ciphering is equal to :
790 0010 02 B2 87 C0 F3 7C D9 BC |.....|.. |
791
792 The xor value is equal to:
793 0010 EC AA B8 FB B2 05 F4 00 |........ |
794
795 The result of Tdes ciphering is equal to :
796 0010 8C 6C AF FD 06 3E 25 A1 |.l...>%. |
797
798
799 The last Cn is xored with k1:
800 0010 BA 2E ED 24 A5 FC 72 D9 |...$..r. |
801
802 The MAC of the message is : 91C213FA9A27229C
803
804
805
806
821
822 After TDes:
823 0010 B6 BE 15 60 95 2C E7 27 |...`.,.' |
824
825 After Xor:
826 0010 58 A6 2A 5B D4 55 CA 9B |X.*[.U.. |
827
828 After TDes:
829 0010 67 12 46 5D 63 2F F7 27 |g.F]c/.' |
830
831 After Xor:
832 0010 B4 0A EE C7 B3 6F 3F 9A |.....o?. |
833
834 After TDes:
835 0010 34 46 DA 0C 66 B7 9B 5E |4F..f..^ |
836
837 The encryption of the data provides the values below:
838
839 0000 B6 BE 15 60 95 2C E7 27 67 12 46 5D 63 2F F7 27 |...`.,.'g.F]c/.'|
840 0010 34 46 DA 0C 66 B7 9B 5E |4F..f..^ |
841
842
843
866
867 The length of data to authenticate is 26 bytes and shall be padded by 6 bytes to be multiple of 8 bytes.
868
869 The random value that will use arbitrary for the protection of the TR-31 Key Block will be 13076ACCDA04.
870
878
879 The key that will be used for the authentication is :
880 519F032AF2EF834AA01062FE54F711A.
881
882 The computation of the CMAC TDEA is explained in the following lines
883 First we generate the subkeys K1, K2
884
885 The TDES encryption of the null block with the key K is the block S with the following value
886
887 0010 F2 AD 75 21 B9 C1 4F EF |..u!..O. |
888
889 The most significant bit of S is 1, K1 is then the value S << 1 xor 0x1B:
890
891 0010 E5 5A EA 43 73 82 9F C5 |.Z.Cs... |
892
893 The most significant bit of K1 is 1, K2 is then the value K1 << 1 xor 0x87:
894
895 0010 CA B5 D4 86 E7 05 3F 91 |......?. |
899
900 The xor value is equal to:
901 0010 42 30 30 38 30 4D 31 54 |B0080M1T |
902
903 The result of Tdes ciphering is equal to :
904 0010 80 35 B3 6C 9C 0D B8 3A |.5.l...: |
905
906 The xor value is equal to:
907 0010 C7 05 83 22 AC 3D 88 0A |...".=.. |
908
909 The result of Tdes ciphering is equal to :
910 0010 45 14 58 65 88 02 A0 76 |E.Xe...v |
911
912 The xor value is equal to:
913 0010 45 94 06 01 79 A9 52 2B |E...y.R+ |
914
915 The result of Tdes ciphering is equal to :
916 0010 26 F1 D4 74 12 D7 72 4B |&..t..rK |
917
918 The xor value is equal to:
919 0010 1D 50 AB 16 8C 15 C1 49 |.P.....I |
920
923
924
925 The last Cn is xored with k1:
926 0010 45 D2 4F 4D 3A D8 9E 34 |E.OM:..4 |
927
928 The MAC of the message is : CD9F3F756A87C84A
929
944
945 After TDes:
946 0010 04 D6 3A C8 20 94 C8 C8 |..:. ... |
947
948 After Xor:
949 0010 3F 77 45 AA BE 56 7B CA |?wE..V{. |
950
951 After TDes:
952 0010 A7 63 5F A2 5E 83 B3 54 |.c_.^..T |
953
954 After Xor:
955 0010 5F 89 4C A5 34 4F 69 50 |_.L.4OiP |
956
957 After TDes:
958 0010 D0 9A FF A7 8A EE 14 1D |........ |
959
960 The encryption of the data provides the values below:
961
962 0000 04 D6 3A C8 20 94 C8 C8 A7 63 5F A2 5E 83 B3 54 |..:. ....c_.^..T|
963 0010 D0 9A FF A7 8A EE 14 1D |........ |
964
987
988 The length of data to authenticate is 26 bytes and shall be padded by 6 bytes to be multiple of 8 bytes.
989
990 The random value that will use arbitrary for the protection of the TR-31 Key Block will be E61E807CC4BD.
991
999
1000
1001
1002 The key that will be used for the authentication is :
1003 519F032AF2EF834AA01062FE54F711A.
1004
1005 The computation of the CMAC TDEA is explained in the following lines
1006 First we generate the subkeys K1, K2
1007
1008 The TDES encryption of the null block with the key K is the block S with the following value
1009
1010 0010 F2 AD 75 21 B9 C1 4F EF |..u!..O. |
1011
1012 The most significant bit of S is 1, K1 is then the value S << 1 xor 0x1B:
1013
1014 0010 E5 5A EA 43 73 82 9F C5 |.Z.Cs... |
1015
1016 The most significant bit of K1 is 1, K2 is then the value K1 << 1 xor 0x87:
1017
1018 0010 CA B5 D4 86 E7 05 3F 91 |......?. |
1022
1023 The xor value is equal to:
1024 0010 42 30 30 38 30 4D 31 54 |B0080M1T |
1025
1026 The result of Tdes ciphering is equal to :
1027 0010 80 35 B3 6C 9C 0D B8 3A |.5.l...: |
1028
1029 The xor value is equal to:
1030 0010 D6 05 83 22 AC 3D 88 0A |...".=.. |
1031
1032 The result of Tdes ciphering is equal to :
1033 0010 0D E2 91 93 87 E7 8C 30 |.......0 |
1034
1035 The xor value is equal to:
1036 0010 0D 62 CF F7 76 4C 81 6D |.b..vL.m |
1037
1038 The result of Tdes ciphering is equal to :
1039 0010 92 C1 95 3F 44 37 E6 F7 |...?D7.. |
1040
1041 The xor value is equal to:
1042 0010 56 60 EA 5D DA F5 AA F5 |V`.].... |
1043
1046
1047
1048 The last Cn is xored with k1:
1049 0010 D8 CA 7D D1 BB 93 19 67 |..}....g |
1050
1051 The MAC of the message is : FF463A309B00F69F
1052
1067
1068 After TDes:
1069 0010 52 94 3D B3 15 AD 09 62 |R.=....b |
1070
1071 After Xor:
1072 0010 96 35 42 D1 8B 6F 45 60 |.5B..oE` |
1073
1074 After TDes:
1075 0010 E9 8B 1A CA 97 5D F5 2E |.....].. |
1076
1077 After Xor:
1078 0010 EE 61 FC D4 17 21 31 93 |.a...!1. |
1079
1080 After TDes:
1081 0010 8B 1C 25 F2 C5 72 1D E2 |..%..r.. |
1082
1083 The encryption of the data provides the values below:
1084
1085 0000 52 94 3D B3 15 AD 09 62 E9 8B 1A CA 97 5D F5 2E |R.=....b.....]..|
1086 0010 8B 1C 25 F2 C5 72 1D E2 |..%..r.. |
1087
1110
1111 The length of data to authenticate is 26 bytes and shall be padded by 6 bytes to be multiple of 8 bytes.
1112
1113 The random value that will use arbitrary for the protection of the TR-31 Key Block will be CD3B73A1590C.
1114
1122
1123
1124
1125 The key that will be used for the authentication is :
1126 519F032AF2EF834AA01062FE54F711A.
1127
1128 The computation of the CMAC TDEA is explained in the following lines
1129 First we generate the subkeys K1, K2
1130
1131 The TDES encryption of the null block with the key K is the block S with the following value
1132
1133 0010 F2 AD 75 21 B9 C1 4F EF |..u!..O. |
1134
1135 The most significant bit of S is 1, K1 is then the value S << 1 xor 0x1B:
1136
1137 0010 E5 5A EA 43 73 82 9F C5 |.Z.Cs... |
1138
1139 The most significant bit of K1 is 1, K2 is then the value K1 << 1 xor 0x87:
1140
1141 0010 CA B5 D4 86 E7 05 3F 91 |......?. |
1145
1146 The xor value is equal to:
1147 0010 42 30 30 38 30 44 30 54 |B0080D0T |
1148
1149 The result of Tdes ciphering is equal to :
1150 0010 A5 FC 2C 4D 4C B4 97 E9 |..,ML... |
1151
1152 The xor value is equal to:
1153 0010 E0 CC 1C 03 7C 84 A7 D9 |....|... |
1154
1155 The result of Tdes ciphering is equal to :
1156 0010 82 C2 88 DB CF C3 9F 3D |.......= |
1157
1158 The xor value is equal to:
1159 0010 82 42 2F 86 EF 34 9B 6C |.B/..4.l |
1160
1161 The result of Tdes ciphering is equal to :
1162 0010 B0 4F 92 94 0C 8E D1 55 |.O.....U |
1163
1164 The xor value is equal to:
1165 0010 C5 0A AC BD 29 13 EA 5D |....)..] |
1166
1169
1170
1171 The last Cn is xored with k1:
1172 0010 1C 41 D2 A1 98 F8 B5 10 |.A...... |
1173
1174 The MAC of the message is : 0104F976B3D7925E
1175
1190
1191 After TDes:
1192 0010 A9 49 25 D9 97 93 03 49 |.I%....I |
1193
1194 After Xor:
1195 0010 DC 0C 1B F0 B2 0E 38 41 |......8A |
1196
1197 After TDes:
1198 0010 D2 0A C8 7A EA 9D 5A 28 |...z..Z( |
1199
1200 After Xor:
1201 0010 75 20 05 41 99 3C 03 24 |u .A.<.$ |
1202
1203 After TDes:
1204 0010 2E B7 32 BA 1F 93 78 E1 |..2...x. |
1205
1206 The encryption of the data provides the values below:
1207
1208 0000 A9 49 25 D9 97 93 03 49 D2 0A C8 7A EA 9D 5A 28 |.I%....I...z..Z(|
1209 0010 2E B7 32 BA 1F 93 78 E1 |..2...x. |
1210
1233
1234 The length of data to authenticate is 26 bytes and shall be padded by 6 bytes to be multiple of 8 bytes.
1235
1236 The random value that will use arbitrary for the protection of the TR-31 Key Block will be B1FA3922F268.
1237
1245
1246
1247
1248 The key that will be used for the authentication is :
1249 519F032AF2EF834AA01062FE54F711A.
1250
1251 The computation of the CMAC TDEA is explained in the following lines
1252 First we generate the subkeys K1, K2
1253
1254 The TDES encryption of the null block with the key K is the block S with the following value
1255
1256 0010 F2 AD 75 21 B9 C1 4F EF |..u!..O. |
1257
1258 The most significant bit of S is 1, K1 is then the value S << 1 xor 0x1B:
1259
1260 0010 E5 5A EA 43 73 82 9F C5 |.Z.Cs... |
1261
1262 The most significant bit of K1 is 1, K2 is then the value K1 << 1 xor 0x87:
1263
1264 0010 CA B5 D4 86 E7 05 3F 91 |......?. |
1268
1269 The xor value is equal to:
1270 0010 42 30 30 38 30 44 30 54 |B0080D0T |
1271
1272 The result of Tdes ciphering is equal to :
1273 0010 A5 FC 2C 4D 4C B4 97 E9 |..,ML... |
1274
1275 The xor value is equal to:
1276 0010 E1 CC 1C 03 7C 84 A7 D9 |....|... |
1277
1278 The result of Tdes ciphering is equal to :
1279 0010 43 3D CC B0 B5 FB 52 8C |C=....R. |
1280
1281 The xor value is equal to:
1282 0010 43 BD 20 CF 3F C6 24 88 |C. .?.$. |
1283
1284 The result of Tdes ciphering is equal to :
1285 0010 EA 61 97 02 6A 6D 9E 13 |.a..jm.. |
1286
1287 The xor value is equal to:
1288 0010 C0 8B 71 9C 8C E4 FF 72 |..q....r |
1289
1292
1293
1294 The last Cn is xored with k1:
1295 0010 95 64 19 8D 45 88 63 DA |.d..E.c. |
1296
1297 The MAC of the message is : 53CE1F83AF339129
1298
1313
1314 After TDes:
1315 0010 D0 14 D4 F3 6C 70 69 75 |....lpiu |
1316
1317 After Xor:
1318 0010 FA FE 32 6D 8A F9 08 14 |..2m.... |
1319
1320 After TDes:
1321 0010 64 F8 C5 4F A0 A9 BE 20 |d..O... |
1322
1323 After Xor:
1324 0010 5F 1B 74 B5 99 8B 4C 48 |_.t...LH |
1325
1326 After TDes:
1327 0010 B4 DD EF B7 3C 9F 85 39 |....<..9 |
1328
1329 The encryption of the data provides the values below:
1330
1331 0000 D0 14 D4 F3 6C 70 69 75 64 F8 C5 4F A0 A9 BE 20 |....lpiud..O... |
1332 0010 B4 DD EF B7 3C 9F 85 39 |....<..9 |
1333
1356
1357 The length of data to authenticate is 26 bytes and shall be padded by 6 bytes to be multiple of 8 bytes.
1358
1359 The random value that will use arbitrary for the protection of the TR-31 Key Block will be D56FD7DF2106.
1360
1368
1369
1370
1371 The key that will be used for the authentication is :
1372 519F032AF2EF834AA01062FE54F711A.
1373
1374 The computation of the CMAC TDEA is explained in the following lines
1375 First we generate the subkeys K1, K2
1376
1377 The TDES encryption of the null block with the key K is the block S with the following value
1378
1379 0010 F2 AD 75 21 B9 C1 4F EF |..u!..O. |
1380
1381 The most significant bit of S is 1, K1 is then the value S << 1 xor 0x1B:
1382
1383 0010 E5 5A EA 43 73 82 9F C5 |.Z.Cs... |
1384
1385 The most significant bit of K1 is 1, K2 is then the value K1 << 1 xor 0x87:
1386
1387 0010 CA B5 D4 86 E7 05 3F 91 |......?. |
1391
1392 The xor value is equal to:
1393 0010 42 30 30 38 30 50 30 54 |B0080P0T |
1394
1395 The result of Tdes ciphering is equal to :
1396 0010 1C 92 02 B2 62 7A 31 96 |....bz1. |
1397
1398 The xor value is equal to:
1399 0010 59 A2 32 FC 52 4A 01 A6 |Y.2.RJ.. |
1400
1401 The result of Tdes ciphering is equal to :
1402 0010 37 01 FC AC 7F FB B8 F3 |7....... |
1403
1404 The xor value is equal to:
1405 0010 37 81 A2 C8 8E 50 4A AE |7....PJ. |
1406
1407 The result of Tdes ciphering is equal to :
1408 0010 42 8D 56 4C 00 C5 EB B7 |B.VL.... |
1409
1410 The xor value is equal to:
1411 0010 86 D3 29 2E 9E 07 58 B5 |..)...X. |
1412
1415
1416
1417 The last Cn is xored with k1:
1418 0010 6A F4 D4 61 CC C6 2E 03 |j..a.... |
1419
1420 The MAC of the message is : 72E7E5A73412DD65
1421
1436
1437 After TDes:
1438 0010 A0 36 9A 7C F9 C3 9C 78 |.6.|...x |
1439
1440 After Xor:
1441 0010 64 68 E5 1E 67 01 2F 7A |dh..g./z |
1442
1443 After TDes:
1444 0010 C5 04 0E ED 87 D6 63 05 |......c. |
1445
1446 After Xor:
1447 0010 C2 11 DB 82 50 09 42 03 |....P.B. |
1448
1449 After TDes:
1450 0010 85 EC AD 05 E9 F6 34 90 |......4. |
1451
1452 The encryption of the data provides the values below:
1453
1454 0000 A0 36 9A 7C F9 C3 9C 78 C5 04 0E ED 87 D6 63 05 |.6.|...x......c.|
1455 0010 85 EC AD 05 E9 F6 34 90 |......4. |
1456
1511
1512 Figure 9: ANSI-X9 TR-34 key injection
1513
1514 @startuml
1515
1516 scale 800x600
1517 participant "POI (KRD)" as POI
1518 participant "TM (KDH)" as TM
1519
1520 group nexo BIND
1521 POI --> TM : StatusReport with **CT_KRD_Enc** and **__CT_KRD_Sig__** as
1522 SignedData\n + DataSetRequired **CT_KDH_Sig** + **__R_KDH__**
1523 TM --> POI : AcceptorConfigurationUpdate with **CT_KDH_Sig** + **__R_KDH__** \n
1524 signed by the private **K_KDH_Sig**
1525 end
1526
1527 group nexo Transport
1528 POI --> TM : StatusReport with **__R_KDH__** + **R_KRD** (as POIChallenge of the
1529 DataSetRequired) + DataSetRequired = **KEY_SET** \n Signed by the private
1530 **K_KRD_Sig**
1531 TM --> POI : AcceptorConfigurationUpdate with **KT_KDH** + **Keys** \n Signed
1532 with the private **K_KDH_Sig**
1533 POI --> TM : StatusReport with **__KCV of keys__** \n Signed with the private
1534 **K_KRD_Sig or authenticated with dedicated key received in Keys**
1535 TM --> POI : ManagementPlanReplacement Signed with the private **K_KDH_Sig or
1536 authenticated with a dedicated key received in Keys**
1537 end
1538
1539 @enduml
1540
1541
1542
1543 Figure 10: Translation of ANSI-X9 TR-34 key injection in nexo messages
1544
1545
1563
1636
1637 <Id>0A:9A:EE:3E:B7:CC:2F:A8:73:6E:BE:B4:9B:9D:5B:83:B2:A9:E0:12</Id>
1638 <AddtlId>Q1RfS1JEX0VuYw==</AddtlId>
1639 <Vrsn>20181206144012+0000</Vrsn>
1640 <KeyVal>
1641 <CnttTp>SIGN</CnttTp>
1642 <SgndData>
1643
1644 <Cert>MIIESTCCAjGgAwIBAgIBAjANBgkqhkiG9w0BAQsFADA1MSQwIgYDVQQDDBtOZXhvIFR
1645 lc3QgUEtJIFNlcnZlciBTdWIgQ0ExDTALBgNVBAoMBE5leG8wHhcNMTgxMjA2MTQ0MDEyWhcN
1646 MTkxMjA2MTQ0MDEyWjA8MR4wHAYDVQQDDBVOaW1idXMyMDAxLVNOMDAwMDA4NTExDTALBgNVB
1647 AoMBE5leG8xCzAJBgNVBAYTAkJFMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4K
1648 JYupmrZaiRs6ZDoCLac8Kn50Lt82dvblIiodFxJxSrY+S4ZKiX3APy9txHnOBZzgNVhzX06QB
1649 7f2DUYEDV+GFUXqo+eOinS1JXXvb6TC3CxhEEQJ5XLZhW3xVHHaXCe93GjDLJjxCs5jr97SQr
1650 hyelXK2cK+28xQq8uUOUP+jiCswVElPBYccbCpcrRRc/cmQtmhQg7yCN9k/t4FdsQPwYK+quT
1651 aHQ/Ch3hm+4etY2F4GxmCGh3hNilJhDiEtrfhH35jN+MUlncTR6EJ6zG7GBuqQzMM0gGMqvkO
1652 WnToR5bRnzbfAZaC5qDvotgtGpmo0DSg9B1lP9dhJKAY/WwQIDAQABo10wWzAMBgNVHRMBAf8
1653 EAjAAMB0GA1UdDgQWBBQKmu4+t8wvqHNuvrSbnVuDsqngEjAfBgNVHSMEGDAWgBTUALFfC1fj
1654 td1ubCsAQe7gWNPATjALBgNVHQ8EBAMCBSAwDQYJKoZIhvcNAQELBQADggIBAF3cdInRZZBIc
1655 QPpkAY63ieyd79h8kzrvxE8UC01i+lhPAlqMAEyLe+1ItsBshFVY0TJgMG/clnXP/ryhda1E2
1656 oN+HsQY2IkGK67ECXz2/u6WYuF26nBM8m9Rh4/6sKziYHeL55egU2gqTrDH8B/Wv0/2p3/IFb
1657 fPKZnETkIq6G+GdXAzAlt5/L65GZ5W30ED9EbEOSuqOhoeBjDZXAY+ufu7NDHFyf8HtnfTns1
1658 /2AdF79kPya6fpkmkpy6au0/I28eS/n3iuPUtG3uRz6dxGk4E9pOLvUi37TRyphb5dxP+hbNn
1659 yjDNFlskTl8byZCORZ/YN1J23vGlK3igaiCnJCEYmnOnTl8Dhn0XGRN5GUq7wYoyYSA8plezx
1660 O6H08JM2Gs1yBnM3kutwwzJZ7DqzosovUrHKAqu5D5BAwGu2C9GliIRpPzLLcujzQ5VFUTPj2
1661 9i0lV5YQ+Ouku/G1XsQnYErymWzyl65k6HLlUSU10FfgB4FCQvCEZuzS9Ojk3PI62NNMA4r4x
1662 3LqjpuEwjtsRmMCjlX/8iQ2dqE5BzwJBkJpbHkNbw02mWM5qos5efqu+SjiRq8ywSRU5jGuY4
1663 VuRaP7cH2EqxcYZNMOZGymzeWY7LntZIGHB/UBAd1l84aC8dcFS3PbxhYwMG2wWJgzpTSFyAV
1664 wFUg63SPYDgMsP</Cert>
1665 </SgndData>
1666 </KeyVal>
1667 </SctyElmt>
1668 <SctyElmt>
1669
1670 <Id>7D:74:D1:59:6E:DF:4F:13:88:FE:61:AF:F5:62:BB:D6:A6:3F:AF:CA</Id>
1671 <AddtlId>Q1RfS1JEX1NpZw==</AddtlId>
1672 <Vrsn>20181206144104+0000</Vrsn>
1673 <KeyVal>
1674 <CnttTp>SIGN</CnttTp>
1675 <SgndData>
1676
1677 <Cert>MIIESTCCAjGgAwIBAgIBAzANBgkqhkiG9w0BAQsFADA1MSQwIgYDVQQDDBtOZXhvIFR
1678 lc3QgUEtJIFNlcnZlciBTdWIgQ0ExDTALBgNVBAoMBE5leG8wHhcNMTgxMjA2MTQ0MTA0WhcN
1679 MTkxMjA2MTQ0MTA0WjA8MR4wHAYDVQQDDBVOaW1idXMyMDAxLVNOMDAwMDA4NTExDTALBgNVB
1680 AoMBE5leG8xCzAJBgNVBAYTAkJFMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqX
1681 cAqnabwBOETIs+dHhXRIsOH0j6j6TkyBlRu6QxyqpDgMk6i5wPShgg7R66Io762I5jXZu6UKw
1682 C42U/1gnmnx8ts0rQ8MOzjfCOi7h+ToLsMKqAQP3x4SvT+XaXeX61aDBhLB4WTomeOAGTuf3f
1683 K182OVUbJ3DVpzHSFhWtYWU2WYewP2/7VLRG2d5sPLwM3wqIZ3aQydcNOdpznCfCNHiEdC2Bh
1684 TGHaoQjgp5KfGdS//godVIff2H4z2Fz6k1+Xd8TEr6Hc0u2PDgK3UBTYpVvar1iR39wY5zgxf
1685 Y69QlKPp0ZLMhW0kScTcO6of64qSJqxjpFD1midLVN/6jQ+QIDAQABo10wWzAMBgNVHRMBAf8
1686 EAjAAMB0GA1UdDgQWBBR9dNFZbt9PE4j+Ya/1YrvWpj+vyjAfBgNVHSMEGDAWgBTUALFfC1fj
1687 td1ubCsAQe7gWNPATjALBgNVHQ8EBAMCBsAwDQYJKoZIhvcNAQELBQADggIBADpqXwzELOUPd
1688 hPJkFRY+K/DjBOHbIAbha5Umh+KjVf+vAY1+HY3ovqoC2cNxHq8gt6q/KSvfy143WgYCS2d46
1689 uZ+iKJxsYKHB+4wvZ5sF14MH+bZU8T5SXMaTps0P8uJi+x2L4S9/kBGzw1DGt9C+Vb3DCX5Vt
1690 sdvpt6K6Z96NvGQ8Z1tikK/m8iDva3L7N04gaKjMtoXXD3hsf42KE9asWa2SvbYZv/3d+a+8b
1691 fLVhvUHH9NASHIEJwcBhAKMKVL+3ZJadNLDhlA1WehYj0Zau42oKB43/yV1GUo5/Z84dE66sA
1692 2/8kuvgq7TyN3VYbRvAQI3P8RIKPRZyGM8loqwU0Ab6bKPrFNYUdz087bu2DCT4OjQFkwFB9Q
1693 8fz4s7l/uovxIPzVdjgYmK29kcfH63/5c8GtIKJxXbxsLueSfrRZPNTXY5IoW6XrpSt2H1GOn
1694 Z0y3yUZhKYcbDilhl29tn7yVqd/JvxcyRalTZT0aAjQ2XYLA2EdKEIrnvcImyrE8rq5ppMd6+
1695 ZqL5TCNZ3wYuYBG8JfVcekNnEi7pJO0DsH+LWJNfVOJmGkjw4r9j3fueza1YEfrTmYOofiOBe
1696 v7dNiSGLM9aE9lfNPFVGcgjERQkifH+2FwqBJWvS5j+sIXbj4yiTssWnlrq7Dy+Kvc0qRYPqY
1697 K/YADBXReTuTMO</Cert>
1698 </SgndData>
1699 </KeyVal>
1700 </SctyElmt>
1701 </Chrtcs>
1702 </POICmpnt>
1703 <POICmpnt>
1704 <Tp>SCPR</Tp>
1705 <Id>
1706 <Id>SECURITY_PROFILE_4</Id>
1707 </Id>
1708 <Sts>
1709 <VrsnNb>any value here</VrsnNb>
1710 <Sts>OUTD</Sts>
1711 </Sts>
1712 </POICmpnt>
1713 <POICmpnt>
1714 <Tp>SCPR</Tp>
1715 <Id>
1716 <Id>CERTIFICATE</Id>
1717 </Id>
1718 <Sts>
1719 <VrsnNb>any value here</VrsnNb>
1720 <Sts>OPER</Sts>
1721 </Sts>
1722 <Chrtcs>
1723 <SctyElmt>
1724
1725 <Id>D4:00:B1:5F:0B:57:E3:B5:DD:6E:6C:2B:00:41:EE:E0:58:D3:C0:4E</Id>
1726 <AddtlId>Q1RfQ0FfU2ln</AddtlId>
1727 <Vrsn>20181205135821+0000</Vrsn>
1728 <KeyVal>
1729 <CnttTp>SIGN</CnttTp>
1730 <SgndData>
1731
1732 <Cert>MIIFSTCCAzGgAwIBAgIBADANBgkqhkiG9w0BAQsFADA2MSUwIwYDVQQDDBxOZXhvIFR
1733 lc3QgUEtJIFNlcnZlciBSb290IENBMQ0wCwYDVQQKDAROZXhvMB4XDTE4MTIwNTEzNTgyMVoX
1734 DTIzMTIwNTEzNTgyMVowNTEkMCIGA1UEAwwbTmV4byBUZXN0IFBLSSBTZXJ2ZXIgU3ViIENBM
1735 Q0wCwYDVQQKDAROZXhvMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAqiMmdL9xK/
1736 5jAsvE+Ma0jiB1cGe9jcVfxUxWcIBA4PFU/KA5dnVFJdZHffmsWXY6VnmWb0aNXH3DfuPBkQz
1737 MQOQnx4gvHdbgEFbWXCSTjpUtBfyZ8LcgVsOPyX9N7aesjZr5rfV/a1kDn/4N9Q2ZIxVR34ny
1738 pbUKF/UJbjFA/VZBcx1r671d+RAUhEXhiZMmCE8mIIuvvntpDQnXU4qwmsy5xy1+szZYFsFqa
1739 85TytbRsz3qS5W3hxqIrQoJR2r0PPxuFK62hgCxsdmD2Ej6lGinpMa8BW5QWf9nIxy/cHzQ5Y
1740 pfBgb+6B3aTKDHDNZUf6Ke6CsAsI09WAMzugQFiluL4fjNAPc8R9DY2vhEf8MFjmfQXAHE1Y/
1741 7PQ4NkdaAQoLZ6OmZ55XlIj7wbFrlhcIvEix7FTIjq/qSh6qbrDzD8QJ01Gs/4LNOn66ePGCs
1742 hO9eCj3Fx7VHEudrdHd08yTBCDGzmaPosu1BMILgApAVtlIzbwKYzYFWtmpA+BuXJ3MyZ5baN
1743 1iHSBQHZnSkIuo8oOzX8Dn1UBv2p1mdrhv3hOmDY6HZOE69aBgEjdekTOdHbSxzBZ8UrHxOv1
1744 Myo5rFcgidPRjF5EZcYtPXOwSBCxZM2HShTgMilX+4Wf3+84vMeC9XzxFv/NxGth2IlnhuZkW
1745 pNdP7rf0KLQgh0xcCAwEAAaNjMGEwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYw
1746 HQYDVR0OBBYEFNQAsV8LV+O13W5sKwBB7uBY08BOMB8GA1UdIwQYMBaAFElc1gNh8uX0Yj+jG
1747 TFc8mzWkrpBMA0GCSqGSIb3DQEBCwUAA4ICAQBJbouNZ5t4dwfOQdAc4UQKtK0Hf6CRb+3+bS
1748 TNCJuF7PJ18FeoFIqoMMmATZ9FAnw+aEcl2AViF4IGjAyxllBRCtQ0GSr7GwTLSJo6Y7pb3qw
1749 fA56LH2pk/Puy1QAfHtn2AErm/pQS9fTe/r1paz9K/VezXtk+Fl4DbA9gjyu4zx088YhgCeH8
1750 vUvYWxtoGHdsI2hVKHLrt/bMcpgVvJYKzwjWs27PwjQGVbclU/jbglQoiFOEWSoK93ggSwNte
1751 Q3ua8BI9AFzNtxkM30DLD+6brr59t2nsGgJvtsEqHiRyfBt1zYmOxasgB/iCG75B2MSqx5Q0h
1752 ItyDdjU4J3ugAYoU7Sy2ot9EEHBksLhl8zLHLJTB5mKJPsezzRQ2Nxa5gzNpYVvz922X0/yqk
1753 nUmdDbQw1MS01nRvBlH5rUuY4VGghH3zxZnQlQt7flRzSpCSpYKbkhAlukB3nI5D7L9Jq9Oin
1754 n9Tbh2S/LIivKzhIPbdpZl6OtoMMACerxF6WCj6J8PN+RKzbJ0eXb88bPfEo46oaErg3mDgs9
1755 Pb6qUtnDPSUfSSQ/gU45lGf6brQfNDo3QWTSqgzwy5GJbJtCH9kTbKNVoPswaHeMtpmaE9vsw
1756 J8NRnYe935Bu0SNwFoSWoL4HoJaG+vJduptiEgw5IloY5W9MZYe0kjKHYjC17isg==</Cert>
1757 </SgndData>
1758 </KeyVal>
1759 </SctyElmt>
1760 </Chrtcs>
1761 </POICmpnt>
1762 <AttndncCntxt>ATTD</AttndncCntxt>
1763 <POIDtTm>2019-05-06T14:25:33.755800+01:00</POIDtTm>
1764 <DataSetReqrd>
1765 <Id>
1766 <Nm>CT_KDH_Sig</Nm>
1767 <Tp>SCPR</Tp>
1768 <Vrsn>ANSI X9 TR-34:2012</Vrsn>
1769 <CreDtTm>2019-05-
1770 06T14:25:33.934800+01:00</CreDtTm>
1771 </Id>
1772 </DataSetReqrd>
1773 <DataSetReqrd>
1774 <Id>
1775 <Nm>R_KDH</Nm>
1776 <Tp>SCPR</Tp>
1777 <Vrsn>ANSI X9 TR-34:2012</Vrsn>
1778 <CreDtTm>2019-05-
1779 06T14:25:33.934800+01:00</CreDtTm>
1780 </Id>
1781 </DataSetReqrd>
1782 </Cntt>
1783 </DataSet>
1784 </StsRpt>
1785 </StsRpt>
1786 </Document>
1787
1788 Once unnecessary spaces and carriage returns are removed, the message sent by the transport protocol
1789 is:
1790
1791 0000 00 00 1C 6F 3C 3F 78 6D 6C 20 76 65 72 73 69 6F |...o<?xml versio|
1792 0010 6E 3D 22 31 2E 30 22 20 65 6E 63 6F 64 69 6E 67 |n="1.0" encoding|
1793 0020 3D 22 55 54 46 2D 38 22 3F 3E 3C 44 6F 63 75 6D |="UTF-8"?><Docum|
1794 0030 65 6E 74 20 78 6D 6C 6E 73 3A 78 73 69 3D 22 68 |ent xmlns:xsi="h|
1795 0040 74 74 70 3A 2F 2F 77 77 77 2E 77 33 2E 6F 72 67 |ttp://www.w3.org|
1796 0050 2F 32 30 30 31 2F 58 4D 4C 53 63 68 65 6D 61 2D |/2001/XMLSchema-|
1797 0060 69 6E 73 74 61 6E 63 65 22 20 78 6D 6C 6E 73 3D |instance" xmlns=|
1798 0070 22 75 72 6E 3A 69 73 6F 3A 73 74 64 3A 69 73 6F |"urn:iso:std:iso|
1799 0080 3A 32 30 30 32 32 3A 74 65 63 68 3A 78 73 64 3A |:20022:tech:xsd:|
1800 0090 63 61 74 6D 2E 30 30 31 2E 30 30 31 2E 30 37 22 |catm.001.001.07"|
1801 00A0 3E 3C 53 74 73 52 70 74 3E 3C 48 64 72 3E 3C 44 |><StsRpt><Hdr><D|
1802 00B0 77 6E 6C 64 54 72 66 3E 66 61 6C 73 65 3C 2F 44 |wnldTrf>false</D|
1803 00C0 77 6E 6C 64 54 72 66 3E 3C 46 72 6D 74 56 72 73 |wnldTrf><FrmtVrs|
1804 00D0 6E 3E 37 2E 30 3C 2F 46 72 6D 74 56 72 73 6E 3E |n>7.0</FrmtVrsn>|
1805 00E0 3C 58 63 68 67 49 64 3E 38 34 36 39 32 36 30 37 |<XchgId>84692607|
1806 00F0 34 38 31 33 30 32 34 36 34 2E 3C 2F 58 63 68 67 |481302464.</Xchg|
1807 0100 49 64 3E 3C 43 72 65 44 74 54 6D 3E 32 30 31 39 |Id><CreDtTm>2019|
1808 0110 2D 30 35 2D 30 36 54 31 34 3A 32 35 3A 33 33 2E |-05-06T14:25:33.|
1809 0120 37 30 36 38 30 30 2B 30 31 3A 30 30 3C 2F 43 72 |706800+01:00</Cr|
1810 0130 65 44 74 54 6D 3E 3C 49 6E 69 74 67 50 74 79 3E |eDtTm><InitgPty>|
1811 0140 3C 49 64 3E 36 36 30 30 30 30 30 31 3C 2F 49 64 |<Id>66000001</Id|
1812 0150 3E 3C 54 70 3E 4F 50 4F 49 3C 2F 54 70 3E 3C 49 |><Tp>OPOI</Tp><I|
1813 0160 73 73 72 3E 4D 54 4D 47 3C 2F 49 73 73 72 3E 3C |ssr>MTMG</Issr><|
1814 0170 2F 49 6E 69 74 67 50 74 79 3E 3C 52 63 70 74 50 |/InitgPty><RcptP|
1815 0180 74 79 3E 3C 49 64 3E 6E 65 78 6F 2D 4B 65 79 49 |ty><Id>nexo-KeyI|
1816 0190 6E 6A 65 63 74 69 6F 6E 53 65 72 76 65 72 2D 54 |njectionServer-T|
1817 01A0 4D 31 3C 2F 49 64 3E 3C 54 70 3E 54 4D 47 54 3C |M1</Id><Tp>TMGT<|
1818 01B0 2F 54 70 3E 3C 2F 52 63 70 74 50 74 79 3E 3C 2F |/Tp></RcptPty></|
1819 01C0 48 64 72 3E 3C 53 74 73 52 70 74 3E 3C 50 4F 49 |Hdr><StsRpt><POI|
1820 01D0 49 64 3E 3C 49 64 3E 36 36 30 30 30 30 30 31 3C |Id><Id>66000001<|
1821 01E0 2F 49 64 3E 3C 54 70 3E 4F 50 4F 49 3C 2F 54 70 |/Id><Tp>OPOI</Tp|
1822 01F0 3E 3C 49 73 73 72 3E 4D 54 4D 47 3C 2F 49 73 73 |><Issr>MTMG</Iss|
1823 0200 72 3E 3C 2F 50 4F 49 49 64 3E 3C 49 6E 69 74 67 |r></POIId><Initg|
1824 0210 54 72 67 67 72 3E 3C 54 72 67 67 72 53 72 63 3E |Trggr><TrggrSrc>|
1825 0220 4D 54 4D 47 3C 2F 54 72 67 67 72 53 72 63 3E 3C |MTMG</TrggrSrc><|
1826 0230 53 72 63 49 64 3E 4D 61 73 74 65 72 20 54 4D 53 |SrcId>Master TMS|
1827 0240 3C 2F 53 72 63 49 64 3E 3C 54 72 67 67 72 54 70 |</SrcId><TrggrTp|
1828 0250 3E 49 4D 4D 44 3C 2F 54 72 67 67 72 54 70 3E 3C |>IMMD</TrggrTp><|
1829 0260 41 64 64 74 6C 49 6E 66 3E 42 49 4E 44 3C 2F 41 |AddtlInf>BIND</A|
1830 0270 64 64 74 6C 49 6E 66 3E 3C 2F 49 6E 69 74 67 54 |ddtlInf></InitgT|
1831 0280 72 67 67 72 3E 3C 54 65 72 6D 6E 6C 4D 67 72 49 |rggr><TermnlMgrI|
1832 0290 64 3E 3C 49 64 3E 6E 65 78 6F 2D 4B 65 79 49 6E |d><Id>nexo-KeyIn|
1833 02A0 6A 65 63 74 69 6F 6E 53 65 72 76 65 72 2D 54 4D |jectionServer-TM|
1834 02B0 31 3C 2F 49 64 3E 3C 54 70 3E 54 4D 47 54 3C 2F |1</Id><Tp>TMGT</|
1835 02C0 54 70 3E 3C 2F 54 65 72 6D 6E 6C 4D 67 72 49 64 |Tp></TermnlMgrId|
1836 02D0 3E 3C 44 61 74 61 53 65 74 3E 3C 49 64 3E 3C 54 |><DataSet><Id><T|
1837 02E0 70 3E 53 54 52 50 3C 2F 54 70 3E 3C 43 72 65 44 |p>STRP</Tp><CreD|
1838 02F0 74 54 6D 3E 32 30 31 39 2D 30 35 2D 30 36 54 31 |tTm>2019-05-06T1|
1839 0300 34 3A 32 35 3A 33 33 2E 37 35 35 38 30 30 2B 30 |4:25:33.755800+0|
1840 0310 31 3A 30 30 3C 2F 43 72 65 44 74 54 6D 3E 3C 2F |1:00</CreDtTm></|
1841 0320 49 64 3E 3C 43 6E 74 74 3E 3C 50 4F 49 43 6D 70 |Id><Cntt><POICmp|
1842 0330 6E 74 3E 3C 54 70 3E 54 45 52 4D 3C 2F 54 70 3E |nt><Tp>TERM</Tp>|
1843 0340 3C 49 64 3E 3C 49 74 6D 4E 62 3E 31 3C 2F 49 74 |<Id><ItmNb>1</It|
1844 0350 6D 4E 62 3E 3C 50 72 76 64 72 49 64 3E 4E 65 78 |mNb><PrvdrId>Nex|
1845 0360 6F 3C 2F 50 72 76 64 72 49 64 3E 3C 49 64 3E 4E |o</PrvdrId><Id>N|
1846 0370 69 6D 62 75 73 32 30 30 31 3C 2F 49 64 3E 3C 53 |imbus2001</Id><S|
1847 0380 72 6C 4E 62 3E 30 30 30 30 30 38 35 31 3C 2F 53 |rlNb>00000851</S|
1848 0390 72 6C 4E 62 3E 3C 2F 49 64 3E 3C 2F 50 4F 49 43 |rlNb></Id></POIC|
1849 03A0 6D 70 6E 74 3E 3C 50 4F 49 43 6D 70 6E 74 3E 3C |mpnt><POICmpnt><|
1850 03B0 54 70 3E 53 43 50 52 3C 2F 54 70 3E 3C 49 64 3E |Tp>SCPR</Tp><Id>|
1851 03C0 3C 50 72 76 64 72 49 64 3E 41 4E 53 49 20 58 39 |<PrvdrId>ANSI X9|
1852 03D0 3C 2F 50 72 76 64 72 49 64 3E 3C 49 64 3E 54 52 |</PrvdrId><Id>TR|
1853 03E0 2D 33 34 20 6B 65 79 20 65 6C 65 6D 65 6E 74 3C |-34 key element<|
1854 03F0 2F 49 64 3E 3C 2F 49 64 3E 3C 53 74 73 3E 3C 56 |/Id></Id><Sts><V|
1855 0400 72 73 6E 4E 62 3E 41 4E 53 49 20 58 39 20 54 52 |rsnNb>ANSI X9 TR|
7gWNPATjALBgNVHQ8EBAMCBsAwDQYJKoZIhvcNAQELBQADggIBAG
PBX2VxMk9R3me19VBc+XYQy/O7vOr4KZ6KzA4Jr9hB7M6WG5S0IO1XtH
rgzczDwfutYdX1tad945nORRsafajbMchkbQtSDnTjbdyuyCdCcR8nlhAUO
pIcYYufYZOFbuGWrWASXLDKnnmEslrnA0Wfh5IMBnMRVM6CKaCJCnf8
35bCO21JFfj/XDCI2dk5wpmWUqy6RWJIFXu8W8HzRLS+QSr1DOCnDKX
HMJPq8razQRFGfQEZ1ZRpPRzv5uCeAv1SDOX/AvEQGZ9xWQ5nkPDdcD
8eudbNVGZUvY8Iesen91svak2gLmQRHgT5J6fFqBnlqu1mu7ZjryMGJ3qq
LpOFg7RhKMwZ5kG7U7wjmg33c1GqbQwogv5ny+PHyKAYaNXVAo7j6L/
qCU42AtMC64aL+t+pC0Y1jZQvGhJxSg49F14d0rzaWYPFzzpU4k48hWfCL
E6xKAQhni5W3RAjUFnV5HZRmChY9dYqeSm6qZywGhm84QylhVHuMH3
Q94ArryuxBz7/Ui/Af2lD7RctILqI/B5TRsgxyDgs+rnwIEWRLON91aW0c7B9
SiQn13mDdBsa8NV91bD+a6pKF8sV/aEAPl547MoqT4WjsY6YV8249CZPM
TXOE67mQhP+26jtyWv4jfHljMUl6KKIlm063kEkTI58kekYUTQ2rZvGJWd4
DataSet
Identification
Name R_KDH
Type SecurityParameters
Version ANSI X9 TR-34:2012
CreationDateTime 2019-05-06T14:25:34.079800+01:00
POIIdentification
Identification 66000001
Type OriginatingPOI
Issuer MasterTerminalManager
Content
SecurityParameters
ActionType Create
Version 1.0.0
TMChallenge 4A7E07C0F5C4BA95E7CCBB33CE7AAC93
SecurityTrailer
ContentType SignedData
SignedData
DigestAlgorithm
Algorithm SHA256
EncapsulatedContent
ContentType Data
Content E684633E9A916833C1AD470EA8F9CA88028E3B6490DEE271DDC
468C48A4B91DA
Signer
SignerIdentification
IssuerAndSerialNumber
Issuer
RelativeDistinguishedName
AttributeType CountryName
AttributeValue BE
RelativeDistinguishedName
AttributeType OrganisationName
AttributeValue Nexo
RelativeDistinguishedName
AttributeType CommonName
AttributeValue nexo-KeyInjectionServer-TM1
2
SerialNumber 095D11A33F944E00347A39596603D31A3EAB6EA9
DigestAlgorithm
2 Due to the Max35Text type of the SerialNumber, the value is hexa encoded and all colons are removed.
Algorithm SHA256
SignatureAlgorithm
Algorithm SHA256WithRSA
Signature 8155F734B0455132EBE8A1249324AD70617BD1384C0298C218F
090EDCD37FF1C7F1E6231428A9755AFCAA155D9D88F0962C28A
47D0130220BD04DD38ADD6AC3F9FCEE0E9CF1C1427D0B353C67
A18EF446C98BEECD488FB8153D5A204DDA13EAB22C21D4CCD8E
FB53B0D389CA4F637A8306391DCF94E3C1587E4DA341FBFB441
9E4A31EC426808A6883957178A6EEA79D29B2E97A30FCC44CE9
A7CF4ACF0B241A945C6C92B27EBF4C0FC988A5660211031BFC8
4E30D304A35BA067C6E3AA436B1F8BA00D7477705687747A632
2894F5CAD0A4CDEDA774324578E33F9C3140D12AC6B15AB8E00
C3BE3ECF9CAB417685B94B8331A2991F615F1007957C9F8F9CE
4A
2254
2255
2325 6pKF8sV/aEAPl547MoqT4WjsY6YV8249CZPMTXOE67mQhP+26jtyWv4jfHljMUl6KKIlm063k
2326 EkTI58kekYUTQ2rZvGJWd4</Cert>
2327 </SgndData>
2328 </KeyVal>
2329 </SctyElmt>
2330 </SctyParams>
2331 </Cntt>
2332 </DataSet>
2333 <DataSet>
2334 <Id>
2335 <Nm>R_KDH</Nm>
2336 <Tp>SCPR</Tp>
2337 <Vrsn>ANSI X9 TR-34:2012</Vrsn>
2338 <CreDtTm>2019-05-06T14:25:34.079800+01:00</CreDtTm>
2339 </Id>
2340 <POIId>
2341 <Id>66000001</Id>
2342 <Tp>OPOI</Tp>
2343 <Issr>MTMG</Issr>
2344 </POIId>
2345 <Cntt>
2346 <SctyParams>
2347 <ActnTp>CREA</ActnTp>
2348 <Vrsn>1.0.0</Vrsn>
2349 <TMChllng>Sn4HwPXEupXnzLszznqskw==</TMChllng>
2350 </SctyParams>
2351 </Cntt>
2352 </DataSet>
2353 </AccptrCfgtn>
2354 <SctyTrlr>
2355 <CnttTp>SIGN</CnttTp>
2356 <SgndData>
2357 <DgstAlgo>
2358 <Algo>HS25</Algo>
2359 </DgstAlgo>
2360 <NcpsltdCntt>
2361 <CnttTp>DATA</CnttTp>
2362
2363 <Cntt>5oRjPpqRaDPBrUcOqPnKiAKOO2SQ3uJx3cRoxIpLkdo=</Cntt>
2364 </NcpsltdCntt>
2365 <Sgnr>
2366 <SgnrId>
2367 <IssrAndSrlNb>
2368 <Issr>
2369 <RltvDstngshdNm>
2370 <AttrTp>CATT</AttrTp>
2371 <AttrVal>BE</AttrVal>
2372 </RltvDstngshdNm>
2373 <RltvDstngshdNm>
2374 <AttrTp>OATT</AttrTp>
2375 <AttrVal>Nexo</AttrVal>
2376 </RltvDstngshdNm>
2377 <RltvDstngshdNm>
2378 <AttrTp>CNAT</AttrTp>
2379 <AttrVal>nexo-KeyInjectionServer-
2380 TM1</AttrVal>
2381 </RltvDstngshdNm>
2382 </Issr>
2383 <SrlNb>CV0Roz+UTgA0ejlZZgPTGj6rbqk=</SrlNb>
2384 </IssrAndSrlNb>
2385 </SgnrId>
2386 <DgstAlgo>
2387 <Algo>HS25</Algo>
2388 </DgstAlgo>
2389 <SgntrAlgo>
2390 <Algo>ERS2</Algo>
2391 </SgntrAlgo>
2392
2393 <Sgntr>gVX3NLBFUTLr6KEkkyStcGF70ThMApjCGPCQ7c03/xx/HmIxQoqXVa/KoVXZ2I8JYs
2394 KKR9ATAiC9BN04rdasP5/O4OnPHBQn0LNTxnoY70RsmL7s1Ij7gVPVogTdoT6rIsIdTM2O+1O
2395 w04nKT2N6gwY5Hc+U48FYfk2jQfv7RBnkox7EJoCKaIOVcXim7qedKbLpejD8xEzpp89Kzwsk
2396 GpRcbJKyfr9MD8mIpWYCEQMb/ITjDTBKNboGfG46pDax+LoA10d3BWh3R6YyKJT1ytCkze2nd
2397 DJFeOM/nDFA0SrGsVq44Aw74+z5yrQXaFuUuDMaKZH2FfEAeVfJ+PnOSg==</Sgntr>
2398 </Sgnr>
2399 </SgndData>
2400 </SctyTrlr>
2401 </AccptrCfgtnUpd>
2402 </Document>
2403
2404 Once unnecessary spaces and carriage returns are removed, the message body AccptrCfgtn (without
2405 spaces or line breaks) is dumped below:
2406
2407 0000 3C 41 63 63 70 74 72 43 66 67 74 6E 3E 3C 54 65 |<AccptrCfgtn><Te|
2408 0010 72 6D 6E 6C 4D 67 72 49 64 3E 3C 49 64 3E 6E 65 |rmnlMgrId><Id>ne|
2409 0020 78 6F 2D 4B 65 79 49 6E 6A 65 63 74 69 6F 6E 53 |xo-KeyInjectionS|
2410 0030 65 72 76 65 72 2D 54 4D 31 3C 2F 49 64 3E 3C 54 |erver-TM1</Id><T|
2411 0040 70 3E 54 4D 47 54 3C 2F 54 70 3E 3C 2F 54 65 72 |p>TMGT</Tp></Ter|
2412 0050 6D 6E 6C 4D 67 72 49 64 3E 3C 44 61 74 61 53 65 |mnlMgrId><DataSe|
2413 0060 74 3E 3C 49 64 3E 3C 4E 6D 3E 43 54 5F 4B 44 48 |t><Id><Nm>CT_KDH|
2414 0070 5F 53 69 67 3C 2F 4E 6D 3E 3C 54 70 3E 53 43 50 |_Sig</Nm><Tp>SCP|
2415 0080 52 3C 2F 54 70 3E 3C 56 72 73 6E 3E 41 4E 53 49 |R</Tp><Vrsn>ANSI|
2416 0090 20 58 39 20 54 52 2D 33 34 3A 32 30 31 32 3C 2F | X9 TR-34:2012</|
2417 00A0 56 72 73 6E 3E 3C 43 72 65 44 74 54 6D 3E 32 30 |Vrsn><CreDtTm>20|
2418 00B0 31 39 2D 30 35 2D 30 36 54 31 34 3A 32 35 3A 33 |19-05-06T14:25:3|
2419 00C0 33 2E 39 37 35 38 30 30 2B 30 31 3A 30 30 3C 2F |3.975800+01:00</|
2420 00D0 43 72 65 44 74 54 6D 3E 3C 2F 49 64 3E 3C 50 4F |CreDtTm></Id><PO|
2421 00E0 49 49 64 3E 3C 49 64 3E 36 36 30 30 30 30 30 31 |IId><Id>66000001|
2422 00F0 3C 2F 49 64 3E 3C 54 70 3E 4F 50 4F 49 3C 2F 54 |</Id><Tp>OPOI</T|
2423 0100 70 3E 3C 49 73 73 72 3E 4D 54 4D 47 3C 2F 49 73 |p><Issr>MTMG</Is|
2424 0110 73 72 3E 3C 2F 50 4F 49 49 64 3E 3C 43 6E 74 74 |sr></POIId><Cntt|
2425 0120 3E 3C 53 63 74 79 50 61 72 61 6D 73 3E 3C 41 63 |><SctyParams><Ac|
2426 0130 74 6E 54 70 3E 43 52 45 41 3C 2F 41 63 74 6E 54 |tnTp>CREA</ActnT|
2427 0140 70 3E 3C 56 72 73 6E 3E 31 2E 30 2E 30 3C 2F 56 |p><Vrsn>1.0.0</V|
2428 0150 72 73 6E 3E 3C 53 63 74 79 45 6C 6D 74 3E 3C 49 |rsn><SctyElmt><I|
2429 0160 64 3E 30 39 3A 35 44 3A 31 31 3A 41 33 3A 33 46 |d>09:5D:11:A3:3F|
2430 0170 3A 39 34 3A 34 45 3A 30 30 3A 33 34 3A 37 41 3A |:94:4E:00:34:7A:|
2431 0180 33 39 3A 35 39 3A 36 36 3A 30 33 3A 44 33 3A 31 |39:59:66:03:D3:1|
2432 0190 41 3A 33 45 3A 41 42 3A 36 45 3A 41 39 3C 2F 49 |A:3E:AB:6E:A9</I|
2433 01A0 64 3E 3C 56 72 73 6E 3E 32 30 31 38 31 32 30 36 |d><Vrsn>20181206|
2434 01B0 31 34 33 37 34 36 2B 30 30 30 30 3C 2F 56 72 73 |143746+0000</Vrs|
2435 01C0 6E 3E 3C 4B 65 79 56 61 6C 3E 3C 43 6E 74 74 54 |n><KeyVal><CnttT|
2436 01D0 70 3E 53 49 47 4E 3C 2F 43 6E 74 74 54 70 3E 3C |p>SIGN</CnttTp><|
2437 01E0 53 67 6E 64 44 61 74 61 3E 3C 43 65 72 74 3E 4D |SgndData><Cert>M|
2438 01F0 49 49 45 54 7A 43 43 41 6A 65 67 41 77 49 42 41 |IIETzCCAjegAwIBA|
2439 0200 67 49 42 41 54 41 4E 42 67 6B 71 68 6B 69 47 39 |gIBATANBgkqhkiG9|
2440 0210 77 30 42 41 51 73 46 41 44 41 31 4D 53 51 77 49 |w0BAQsFADA1MSQwI|
2441 0220 67 59 44 56 51 51 44 44 42 74 4F 5A 58 68 76 49 |gYDVQQDDBtOZXhvI|
2442 0230 46 52 6C 63 33 51 67 55 45 74 4A 49 46 4E 6C 63 |FRlc3QgUEtJIFNlc|
2443 0240 6E 5A 6C 63 69 42 54 64 57 49 67 51 30 45 78 44 |nZlciBTdWIgQ0ExD|
2444 0250 54 41 4C 42 67 4E 56 42 41 6F 4D 42 45 35 6C 65 |TALBgNVBAoMBE5le|
2445 0260 47 38 77 48 68 63 4E 4D 54 67 78 4D 6A 41 32 4D |G8wHhcNMTgxMjA2M|
2446 0270 54 51 7A 4E 7A 51 32 57 68 63 4E 4D 54 6B 78 4D |TQzNzQ2WhcNMTkxM|
2447 0280 6A 41 32 4D 54 51 7A 4E 7A 51 32 57 6A 42 43 4D |jA2MTQzNzQ2WjBCM|
2448 0290 53 51 77 49 67 59 44 56 51 51 44 44 42 74 75 5A |SQwIgYDVQQDDBtuZ|
RelativeDistinguishedName
AttributeType CountryName
AttributeValue BE
RelativeDistinguishedName
AttributeType OrganisationName
AttributeValue Nexo
RelativeDistinguishedName
3 Due to the Max35Text type of the SerialNumber, the value is hexa encoded and all colons are removed.
2889 </Id>
2890 <Cntt>
2891 <POICmpnt>
2892 <Tp>TERM</Tp>
2893 <Id>
2894 <ItmNb>1</ItmNb>
2895 <PrvdrId>Nexo</PrvdrId>
2896 <Id>Nimbus2001</Id>
2897 <SrlNb>00000851</SrlNb>
2898 </Id>
2899 </POICmpnt>
2900 <POICmpnt>
2901 <Tp>MDWR</Tp>
2902 <Id>
2903 <Id>KeyInjection</Id>
2904 </Id>
2905 <StdCmplc>
2906 <Id>TR-34</Id>
2907 <Vrsn>2012</Vrsn>
2908 <Issr>ANSI X9</Issr>
2909 </StdCmplc>
2910 </POICmpnt>
2911 <POICmpnt>
2912 <Tp>SCPR</Tp>
2913 <Id>
2914 <Id>R_KDH</Id>
2915 </Id>
2916 <Sts>
2917 <VrsnNb>ANSI X9</VrsnNb>
2918 <Sts>OPER</Sts>
2919 </Sts>
2920 </POICmpnt>
2921 <POICmpnt>
2922 <Tp>SCPR</Tp>
2923 <Id>
2924 <Id>SECURITY_PROFILE_4</Id>
2925 </Id>
2926 <Sts>
2927 <VrsnNb>any value here</VrsnNb>
2928 <Sts>OUTD</Sts>
2929 </Sts>
2930 </POICmpnt>
2931 <POICmpnt>
2932 <Tp>SCPR</Tp>
2933 <Id>
2934 <Id>CERTIFICATE</Id>
2935 </Id>
2936 <Sts>
2937 <VrsnNb>any value here</VrsnNb>
2938 <Sts>OPER</Sts>
2939 </Sts>
2940 <Chrtcs>
2941 <SctyElmt>
2942
2943 <Id>D4:00:B1:5F:0B:57:E3:B5:DD:6E:6C:2B:00:41:EE:E0:58:D3:C0:4E</Id>
2944 <AddtlId>Q1RfQ0FfU2ln</AddtlId>
2945 <Vrsn>20181205135821+0000</Vrsn>
2946 <KeyVal>
2947 <CnttTp>SIGN</CnttTp>
2948 <SgndData>
2949
2950 <Cert>MIIFSTCCAzGgAwIBAgIBADANBgkqhkiG9w0BAQsFADA2MSUwIwYDVQQDDBxOZXhvIFR
2951 lc3QgUEtJIFNlcnZlciBSb290IENBMQ0wCwYDVQQKDAROZXhvMB4XDTE4MTIwNTEzNTgyMVoX
2952 DTIzMTIwNTEzNTgyMVowNTEkMCIGA1UEAwwbTmV4byBUZXN0IFBLSSBTZXJ2ZXIgU3ViIENBM
2953 Q0wCwYDVQQKDAROZXhvMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAqiMmdL9xK/
2954 5jAsvE+Ma0jiB1cGe9jcVfxUxWcIBA4PFU/KA5dnVFJdZHffmsWXY6VnmWb0aNXH3DfuPBkQz
2955 MQOQnx4gvHdbgEFbWXCSTjpUtBfyZ8LcgVsOPyX9N7aesjZr5rfV/a1kDn/4N9Q2ZIxVR34ny
2956 pbUKF/UJbjFA/VZBcx1r671d+RAUhEXhiZMmCE8mIIuvvntpDQnXU4qwmsy5xy1+szZYFsFqa
2957 85TytbRsz3qS5W3hxqIrQoJR2r0PPxuFK62hgCxsdmD2Ej6lGinpMa8BW5QWf9nIxy/cHzQ5Y
2958 pfBgb+6B3aTKDHDNZUf6Ke6CsAsI09WAMzugQFiluL4fjNAPc8R9DY2vhEf8MFjmfQXAHE1Y/
2959 7PQ4NkdaAQoLZ6OmZ55XlIj7wbFrlhcIvEix7FTIjq/qSh6qbrDzD8QJ01Gs/4LNOn66ePGCs
2960 hO9eCj3Fx7VHEudrdHd08yTBCDGzmaPosu1BMILgApAVtlIzbwKYzYFWtmpA+BuXJ3MyZ5baN
2961 1iHSBQHZnSkIuo8oOzX8Dn1UBv2p1mdrhv3hOmDY6HZOE69aBgEjdekTOdHbSxzBZ8UrHxOv1
2962 Myo5rFcgidPRjF5EZcYtPXOwSBCxZM2HShTgMilX+4Wf3+84vMeC9XzxFv/NxGth2IlnhuZkW
2963 pNdP7rf0KLQgh0xcCAwEAAaNjMGEwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYw
2964 HQYDVR0OBBYEFNQAsV8LV+O13W5sKwBB7uBY08BOMB8GA1UdIwQYMBaAFElc1gNh8uX0Yj+jG
2965 TFc8mzWkrpBMA0GCSqGSIb3DQEBCwUAA4ICAQBJbouNZ5t4dwfOQdAc4UQKtK0Hf6CRb+3+bS
2966 TNCJuF7PJ18FeoFIqoMMmATZ9FAnw+aEcl2AViF4IGjAyxllBRCtQ0GSr7GwTLSJo6Y7pb3qw
2967 fA56LH2pk/Puy1QAfHtn2AErm/pQS9fTe/r1paz9K/VezXtk+Fl4DbA9gjyu4zx088YhgCeH8
2968 vUvYWxtoGHdsI2hVKHLrt/bMcpgVvJYKzwjWs27PwjQGVbclU/jbglQoiFOEWSoK93ggSwNte
2969 Q3ua8BI9AFzNtxkM30DLD+6brr59t2nsGgJvtsEqHiRyfBt1zYmOxasgB/iCG75B2MSqx5Q0h
2970 ItyDdjU4J3ugAYoU7Sy2ot9EEHBksLhl8zLHLJTB5mKJPsezzRQ2Nxa5gzNpYVvz922X0/yqk
2971 nUmdDbQw1MS01nRvBlH5rUuY4VGghH3zxZnQlQt7flRzSpCSpYKbkhAlukB3nI5D7L9Jq9Oin
2972 n9Tbh2S/LIivKzhIPbdpZl6OtoMMACerxF6WCj6J8PN+RKzbJ0eXb88bPfEo46oaErg3mDgs9
2973 Pb6qUtnDPSUfSSQ/gU45lGf6brQfNDo3QWTSqgzwy5GJbJtCH9kTbKNVoPswaHeMtpmaE9vsw
2974 J8NRnYe935Bu0SNwFoSWoL4HoJaG+vJduptiEgw5IloY5W9MZYe0kjKHYjC17isg==</Cert>
2975 </SgndData>
2976 </KeyVal>
2977 </SctyElmt>
2978 </Chrtcs>
2979 </POICmpnt>
2980 <AttndncCntxt>ATTD</AttndncCntxt>
2981 <POIDtTm>2019-05-06T14:25:34.249800+01:00</POIDtTm>
2982 <DataSetReqrd>
2983 <Id>
2984 <Nm>KEY_SET</Nm>
2985 <Tp>SCPR</Tp>
2986 <Vrsn>ANSI X9 TR-34:2012</Vrsn>
2987 <CreDtTm>2019-05-
2988 06T14:25:34.249800+01:00</CreDtTm>
2989 </Id>
2990 <POIChllng>U2dWINMSCFBn1pQx+tasIQ==</POIChllng>
2991 <TMChllng>Sn4HwPXEupXnzLszznqskw==</TMChllng>
2992 </DataSetReqrd>
2993 </Cntt>
2994 </DataSet>
2995 </StsRpt>
2996 <SctyTrlr>
2997 <CnttTp>SIGN</CnttTp>
2998 <SgndData>
2999 <DgstAlgo>
3000 <Algo>HS25</Algo>
3001 </DgstAlgo>
3002 <NcpsltdCntt>
3003 <CnttTp>DATA</CnttTp>
3004
3005 <Cntt>KY143xVCuVfH5dCh1tPuk0z+65e+QOOU7ENVGgN/rGw=</Cntt>
3006 </NcpsltdCntt>
3007 <Sgnr>
3008 <SgnrId>
3009 <IssrAndSrlNb>
3010 <Issr>
3011 <RltvDstngshdNm>
3012 <AttrTp>CATT</AttrTp>
3013 <AttrVal>BE</AttrVal>
3014 </RltvDstngshdNm>
3015 <RltvDstngshdNm>
3016 <AttrTp>OATT</AttrTp>
3017 <AttrVal>Nexo</AttrVal>
3018 </RltvDstngshdNm>
3019 <RltvDstngshdNm>
3020 <AttrTp>CNAT</AttrTp>
3021 <AttrVal>Nimbus2001-
3022 SN00000851</AttrVal>
3023 </RltvDstngshdNm>
3024 </Issr>
3025 <SrlNb>fXTRWW7fTxOI/mGv9WK71qY/r8o=</SrlNb>
3026 </IssrAndSrlNb>
3027 </SgnrId>
3028 <DgstAlgo>
3029 <Algo>HS25</Algo>
3030 </DgstAlgo>
3031 <SgntrAlgo>
3032 <Algo>ERS2</Algo>
3033 </SgntrAlgo>
3034
3035 <Sgntr>W1XUNAKzwlRhT/aRCyabT4vS5ThUXStONN7WWA/twtx39L+4CkrlAO0cm7LWGY+bd2
3036 4ZlmMsa0C4Fk08tkL0PEHJn/OQAfhyaHkyL4evccbHeGX1iUR8cqxaZS9i0C06yrEefqrZkzf
3037 j41MOH1eN67Rlx86kORAIyGcSd2Uykxi3y5syECMb/09JLFcFwdfag6G88mHopyzTzjSjbpK+
3038 0+T9UAF6PtSZAphrTgMAS+rM9dIkPtCx5Q3xlV5El8uOdWpe3BcT2YmQq2qk/pyZ9eNzLJk3m
3039 fwDxfJxM3thrNW2aAU50tZbj9epWjXo9rPsT5g5vwWIwM/HpswTKSmX/g==</Sgntr>
3040 </Sgnr>
3041 </SgndData>
3042 </SctyTrlr>
3043 </StsRpt>
3044 </Document>
3045
3046 Once unnecessary spaces and carriage returns are removed, the message body StsRpt (without spaces
3047 or line breaks) is dumped below:
3048
3049 0000 3C 53 74 73 52 70 74 3E 3C 50 4F 49 49 64 3E 3C |<StsRpt><POIId><|
3050 0010 49 64 3E 36 36 30 30 30 30 30 31 3C 2F 49 64 3E |Id>66000001</Id>|
3051 0020 3C 54 70 3E 4F 50 4F 49 3C 2F 54 70 3E 3C 49 73 |<Tp>OPOI</Tp><Is|
3052 0030 73 72 3E 4D 54 4D 47 3C 2F 49 73 73 72 3E 3C 2F |sr>MTMG</Issr></|
3053 0040 50 4F 49 49 64 3E 3C 49 6E 69 74 67 54 72 67 67 |POIId><InitgTrgg|
3054 0050 72 3E 3C 54 72 67 67 72 53 72 63 3E 4F 50 4F 49 |r><TrggrSrc>OPOI|
3055 0060 3C 2F 54 72 67 67 72 53 72 63 3E 3C 53 72 63 49 |</TrggrSrc><SrcI|
3056 0070 64 3E 36 36 30 30 30 30 30 31 3C 2F 53 72 63 49 |d>66000001</SrcI|
3057 0080 64 3E 3C 54 72 67 67 72 54 70 3E 49 4D 4D 44 3C |d><TrggrTp>IMMD<|
3058 0090 2F 54 72 67 67 72 54 70 3E 3C 41 64 64 74 6C 49 |/TrggrTp><AddtlI|
3059 00A0 6E 66 3E 4B 65 79 20 52 65 71 75 65 73 74 3C 2F |nf>Key Request</|
3060 00B0 41 64 64 74 6C 49 6E 66 3E 3C 2F 49 6E 69 74 67 |AddtlInf></Initg|
3061 00C0 54 72 67 67 72 3E 3C 54 65 72 6D 6E 6C 4D 67 72 |Trggr><TermnlMgr|
3062 00D0 49 64 3E 3C 49 64 3E 6E 65 78 6F 2D 4B 65 79 49 |Id><Id>nexo-KeyI|
3063 00E0 6E 6A 65 63 74 69 6F 6E 53 65 72 76 65 72 2D 54 |njectionServer-T|
3064 00F0 4D 31 3C 2F 49 64 3E 3C 54 70 3E 54 4D 47 54 3C |M1</Id><Tp>TMGT<|
3065 0100 2F 54 70 3E 3C 2F 54 65 72 6D 6E 6C 4D 67 72 49 |/Tp></TermnlMgrI|
3066 0110 64 3E 3C 44 61 74 61 53 65 74 3E 3C 49 64 3E 3C |d><DataSet><Id><|
3067 0120 54 70 3E 53 54 52 50 3C 2F 54 70 3E 3C 43 72 65 |Tp>STRP</Tp><Cre|
3068 0130 44 74 54 6D 3E 32 30 31 39 2D 30 35 2D 30 36 54 |DtTm>2019-05-06T|
3069 0140 31 34 3A 32 35 3A 33 34 2E 32 34 39 38 30 30 2B |14:25:34.249800+|
3070 0150 30 31 3A 30 30 3C 2F 43 72 65 44 74 54 6D 3E 3C |01:00</CreDtTm><|
3071 0160 2F 49 64 3E 3C 43 6E 74 74 3E 3C 50 4F 49 43 6D |/Id><Cntt><POICm|
3072 0170 70 6E 74 3E 3C 54 70 3E 54 45 52 4D 3C 2F 54 70 |pnt><Tp>TERM</Tp|
3073 0180 3E 3C 49 64 3E 3C 49 74 6D 4E 62 3E 31 3C 2F 49 |><Id><ItmNb>1</I|
3074 0190 74 6D 4E 62 3E 3C 50 72 76 64 72 49 64 3E 4E 65 |tmNb><PrvdrId>Ne|
3075 01A0 78 6F 3C 2F 50 72 76 64 72 49 64 3E 3C 49 64 3E |xo</PrvdrId><Id>|
3076 01B0 4E 69 6D 62 75 73 32 30 30 31 3C 2F 49 64 3E 3C |Nimbus2001</Id><|
3077 01C0 53 72 6C 4E 62 3E 30 30 30 30 30 38 35 31 3C 2F |SrlNb>00000851</|
3078 01D0 53 72 6C 4E 62 3E 3C 2F 49 64 3E 3C 2F 50 4F 49 |SrlNb></Id></POI|
3079 01E0 43 6D 70 6E 74 3E 3C 50 4F 49 43 6D 70 6E 74 3E |Cmpnt><POICmpnt>|
3080 01F0 3C 54 70 3E 4D 44 57 52 3C 2F 54 70 3E 3C 49 64 |<Tp>MDWR</Tp><Id|
3081 0200 3E 3C 49 64 3E 4B 65 79 49 6E 6A 65 63 74 69 6F |><Id>KeyInjectio|
3082 0210 6E 3C 2F 49 64 3E 3C 2F 49 64 3E 3C 53 74 64 43 |n</Id></Id><StdC|
3083 0220 6D 70 6C 63 3E 3C 49 64 3E 54 52 2D 33 34 3C 2F |mplc><Id>TR-34</|
3611
3612
3613
DigestAlgorithm
SHA256
Algorithm
EncapsulatedContent
Data
ContentType
MIIEkAYJKoZIhvcNAQcCoIIEgTCCBH0CAQExDTALBglghkgBZQMEAgE
Content wggJiBgkqsstvvtD5G4444vtudDGw7tdJAkJFMQ0wCwYDVQQKEwROZX
hvMR4wHAYDVQQDExVOaW1idXMyMDAxLVNOMDAwMDA4DT4uf4TFwt
EuTDttf4TMAsGCWCGSAFlAwQCATANBgkqhkiG9w0BAQkEAASCAQAg
E59ZzCo0AMohKHwfY9P+d3vRtDWeDSuEVw6Ew36dUWevWvWt7Es7Vz
aMMxRkMpRjM66ENQnm+jO6PIKl2fX9sj5hgtDl/XrarSwV9lEPfEjUmDKcdi
wAANwvuf56d56T6e73F4gtW36T7Do/5z5CDPX6OikHSdVfDrhR6xrgYPNU
jZ29ft3czLY5UunZTadCTDQOyueN8nrUvc5vUs5d474BCFbfTD3gCc6wtfc
TGCJMIGsBgkqhkiG9w0BBwEwFAYIKoZIhvcNAwcECKJ7tG0cMG4JgIGI
NeWFgzXiP5TOwCsCFGerfGVTw56WCrvt6cMhIXHMFhnJybxE8O7P9xY8
ADqZsI3qQy5gRrz4vVA0JBmT6sqwElDA2ShOkjheKvFvffT3U6u4gu7Edt3
4t4tWvvttTV7uTMAkGA1UEBhMCQkUxDTALBgNVBAoTBE5leG8xJDAiBg
NVBAMTG25leG8tS2V5SW5qtsUSgFgeDvvtTtvvuGttf4JMQsGCSqGSIb3D
QEHAzAfBgkqhkiG9w0BBwExEgQQQjAwMTZLMVREMDBOMDAwMDAg
vss5DTTdfEDVvTgw4Wtuf4T4ZIKcF+LWu7KDJJcvHGtsD7Z7/y2YbXu2J5
HS6HQd6QWiKMA0GCSqGSIb3DQEBAQUAGeF3UE3T4d3TGfBvDdF4Vv
CzlAQZsiISzXlFXphfxg2Dx68fmnqYPynHiNavtqPMYwVVdlIQallUmCGwfo
7F584DuwdvUeDV7GF3WvEV764bFUc7tCLVfJjtCvKsISEwiBi56zWsJq1k
CDIYmdESTf4qc7slKkxJlHloerixSVCePoIoh6t7FV3VV6WDDtGs6w46uE3I
LZQm/2ITZOT+FPn2DpHhHxHds
0ECF8881FE2CC67EF8DE83F57F52D9D34F117A5C18650B1D338206E2A
Digest E6A5879
AdditionalManagementInformation
Name SECURITY_PROFILE 4
Value 4
AdditionalManagementInformation
Name EXPIRY_DATE
Value 20190508000000
AdditionalManagementInformation
Name KEY_RESILIANCE
Value YES
SecurityElement
Identification PIN Encryption Key
Version 1.0.0
Function PINEncryption
KeyValue
ContentType EnvelopedData
Recipient
KeyIdentifier
KEY_SET
KeyIdentification
ANSI X9 TR-34:2012
KeyVersion
EncryptedContent
DATA
ContentType
ContentEncryptionAlgorithm
DES112CBC
Algorithm
Parameter
TR31
EncryptionFormat
B0080P0TE00N0000A0369A7CF9C39C78C5040EED87D6630585ECAD05E9
EncryptedData F6349072E7E5A73412DD65
AdditionalManagementInformation
Name SECURITY_PROFILE
Value 4
AdditionalManagementInformation
Name KEY RESILIANCE
Value YES
AdditionalManagementInformation
Name EXPIRY DATE
Value 20211026000000
AdditionalManagementInformation
Name HIERARCHY
Value .1
AdditionalManagementInformation
Name KEY STORAGE UID
Value 2FE457F2
SecurityElement
Identification Data Encipherment Key
Version 1.0.0
Function DataEncryption
KeyValue
ContentType EnvelopedData
Recipient
KeyIdentifier
KEY_SET
KeyIdentification
ANSI X9 TR-34:2012
KeyVersion
EncryptedContent
DATA
ContentType
ContentEncryptionAlgorithm
DES112CBC
Algorithm
Parameter
TR31
EncryptionFormat
B0080D0TE00N0000A94925D997930349D20AC87AEA9D5A282EB732BA1F
EncryptedData 9378E10104F976B3D7925E
AdditionalManagementInformation
Name SECURITY_PROFILE
Value 4
AdditionalManagementInformation
Name KEY RESILIANCE
Value YES
AdditionalManagementInformation
AdditionalManagementInformation
Name HIERARCHY
Value .1
AdditionalManagementInformation
Name KEY STORAGE UID
Value 2FE457F3
SecurityElement
Identification Data Decipherment Key
Version 1.0.0
Function DataDecryption
KeyValue
ContentType EnvelopedData
Recipient
KeyIdentifier
KEY_SET
KeyIdentification
ANSI X9 TR-34:2012
KeyVersion
EncryptedContent
DATA
ContentType
ContentEncryptionAlgorithm
DES112CBC
Algorithm
Parameter
TR31
EncryptionFormat
B0080D0TD00N0000D014D4F36C70697564F8C54FA0A9BE20B4DDEFB73
EncryptedData C9F853953CE1F83AF339129
AdditionalManagementInformation
Name SECURITY_PROFILE
Value 4
AdditionalManagementInformation
Name KEY RESILIANCE
Value YES
AdditionalManagementInformation
Name EXPIRY DATE
Value 20211026000000
AdditionalManagementInformation
Name HIERARCHY
Value .1
AdditionalManagementInformation
Name KEY STORAGE UID
Value 2FE457F3
SecurityElement
EncryptedContent
DATA
ContentType
ContentEncryptionAlgorithm
DES112CBC
Algorithm
Parameter
TR31
EncryptionFormat
B0080M1TG00N000004D63AC82094C8C8A7635FA25E83B354D09AFFA78A
EncryptedData EE141DCD9F3F756A87C84A
AdditionalManagementInformation
Name SECURITY_PROFILE
Value 4
AdditionalManagementInformation
Name KEY RESILIANCE
Value YES
AdditionalManagementInformation
Name EXPIRY DATE
Value 20211026000000
AdditionalManagementInformation
Name HIERARCHY
Value .1
AdditionalManagementInformation
Name KEY STORAGE UID
Value 2FE457F3
SecurityElement
Identification MAC Verification Key
Version 1.0.0
Function MessageAuthenticationCodeVerification
KeyValue
ContentType EnvelopedData
Recipient
KeyIdentifier
KEY_SET
KeyIdentification
ANSI X9 TR-34:2012
KeyVersion
EncryptedContent
DATA
ContentType
ContentEncryptionAlgorithm
DES112CBC
Algorithm
Parameter
TR31
EncryptionFormat
B0080M1TV00N000052943DB315AD0962E98B1ACA975DF52E8B1C25F2C5
EncryptedData 721DE2FF463A309B00F69F
AdditionalManagementInformation
Name SECURITY_PROFILE
Value 4
AdditionalManagementInformation
Name KEY RESILIANCE
Value YES
AdditionalManagementInformation
Name EXPIRY DATE
Value 20211026000000
AdditionalManagementInformation
Name HIERARCHY
Value .1
AdditionalManagementInformation
Name KEY STORAGE UID
Value 2FE457F3
SecurityTrailer
ContentType SignedData
SignedData
DigestAlgorithm
Algorithm SHA256
EncapsulatedContent
ContentType Data
Content 4922EB391A3DC8D0C7B33BFED0C82A1B9E002BA5017C8CF8DBAB1B398
6B3A859
Signer
SignerIdentification
IssuerAndSerialNumber
Issuer
RelativeDistinguishedName
AttributeType CountryName
AttributeValue BE
RelativeDistinguishedName
AttributeType OrganisationName
AttributeValue Nexo
RelativeDistinguishedName
AttributeType CommonName
AttributeValue nexo-KeyInjectionServer-TM1
5
SerialNumber 095D11A33F944E00347A39596603D31A3EAB6EA9
DigestAlgorithm
Algorithm SHA256
SignatureAlgorithm
Algorithm SHA256WithRSA
Signature BF33D1AEF9AC13869DC355EF6EFA40E28511C697AD4FCA7FDC6D122B7
6E3D26C91E68948A6F48B54AE1EAE7972DA22FC91FACC3415D40A1D57
E6DA224677839BE24997618BB6AECC4A69593F4FC15FC3B8442179122D
D9761F0A1E4F345C83755331503158885D0A23D98EB62EFF3AD897D82D2
0EF39BEE4E0010433409CB3028B83A0C09C392CB8E3E67DC8F22B1FA4
D58A688C442EC75B694C3659BA15D07A8446DECE4DD86BF350055F7DE
2EBDB262B7806DF19CD817CFE3C7A9C98160CE466A7AB474CFE411EDB
2B0BB0BD5A20442A6822B48BEF97148C0C8C8F77145CB980C5E2D7E6D
58211986B730A9409B70B8E9324824EC11ACAE8B63BA3CC244E12
3619
3620
5 Due to the Max35Text type of the SerialNumber, the value is hexa encoded and all colons are removed.
3621
3622 <?xml version="1.0" encoding="UTF-8"?>
3623 <Document xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
3624 xmlns="urn:iso:std:iso:20022:tech:xsd:catm.003.001.07">
3625 <AccptrCfgtnUpd>
3626 <Hdr>
3627 <DwnldTrf>true</DwnldTrf>
3628 <FrmtVrsn>7.0</FrmtVrsn>
3629 <XchgId>58635036890148264.</XchgId>
3630 <CreDtTm>2019-05-06T14:25:34.304800+01:00</CreDtTm>
3631 <InitgPty>
3632 <Id>66000001</Id>
3633 <Tp>OPOI</Tp>
3634 <Issr>MTMG</Issr>
3635 </InitgPty>
3636 <RcptPty>
3637 <Id>nexo-KeyInjectionServer-TM1</Id>
3638 <Tp>TMGT</Tp>
3639 </RcptPty>
3640 </Hdr>
3641 <AccptrCfgtn>
3642 <TermnlMgrId>
3643 <Id>nexo-KeyInjectionServer-TM1</Id>
3644 <Tp>TMGT</Tp>
3645 </TermnlMgrId>
3646 <DataSet>
3647 <Id>
3648 <Nm>KEY_SET</Nm>
3649 <Tp>SCPR</Tp>
3650 <Vrsn>ANSI X9 TR-34:2012</Vrsn>
3651 <CreDtTm>2019-05-06T14:25:34.325800+01:00</CreDtTm>
3652 </Id>
3653 <POIId>
3654 <Id>66000001</Id>
3655 <Tp>OPOI</Tp>
3656 <Issr>MTMG</Issr>
3657 </POIId>
3658 <Cntt>
3659 <SctyParams>
3660 <ActnTp>CREA</ActnTp>
3661 <Vrsn>1.0.0</Vrsn>
3662 <SctyElmt>
3663 <Id>KBPK</Id>
3664 <Vrsn>1.0.0</Vrsn>
3665 <Fctn>KEYI</Fctn>
3666 <KeyVal>
3667 <CnttTp>DGST</CnttTp>
3668 <DgstdData>
3669 <DgstAlgo>
3670 <Algo>HS25</Algo>
3671 </DgstAlgo>
3672 <NcpsltdCntt>
3673 <CnttTp>DATA</CnttTp>
3674
3675 <Cntt>MIIEkAYJKoZIhvcNAQcCoIIEgTCCBH0CAQExDTALBglghkgBZQMEAgEwggJiBgkqsst
3676 vvtD5G4444vtudDGw7tdJAkJFMQ0wCwYDVQQKEwROZXhvMR4wHAYDVQQDExVOaW1idXMyMDAx
3677 LVNOMDAwMDA4DT4uf4TFwtEuTDttf4TMAsGCWCGSAFlAwQCATANBgkqhkiG9w0BAQkEAASCAQ
3678 AgE59ZzCo0AMohKHwfY9P+d3vRtDWeDSuEVw6Ew36dUWevWvWt7Es7VzaMMxRkMpRjM66ENQn
3679 m+jO6PIKl2fX9sj5hgtDl/XrarSwV9lEPfEjUmDKcdiwAANwvuf56d56T6e73F4gtW36T7Do/
3680 5z5CDPX6OikHSdVfDrhR6xrgYPNUjZ29ft3czLY5UunZTadCTDQOyueN8nrUvc5vUs5d474BC
3681 FbfTD3gCc6wtfcTGCJMIGsBgkqhkiG9w0BBwEwFAYIKoZIhvcNAwcECKJ7tG0cMG4JgIGINeW
3682 FgzXiP5TOwCsCFGerfGVTw56WCrvt6cMhIXHMFhnJybxE8O7P9xY8ADqZsI3qQy5gRrz4vVA0
3683 JBmT6sqwElDA2ShOkjheKvFvffT3U6u4gu7Edt34t4tWvvttTV7uTMAkGA1UEBhMCQkUxDTAL
3684 BgNVBAoTBE5leG8xJDAiBgNVBAMTG25leG8tS2V5SW5qtsUSgFgeDvvtTtvvuGttf4JMQsGCS
3685 qGSIb3DQEHAzAfBgkqhkiG9w0BBwExEgQQQjAwMTZLMVREMDBOMDAwMDAgvss5DTTdfEDVvTg
3686 w4Wtuf4T4ZIKcF+LWu7KDJJcvHGtsD7Z7/y2YbXu2J5HS6HQd6QWiKMA0GCSqGSIb3DQEBAQU
3687 AGeF3UE3T4d3TGfBvDdF4VvCzlAQZsiISzXlFXphfxg2Dx68fmnqYPynHiNavtqPMYwVVdlIQ
3688 allUmCGwfo7F584DuwdvUeDV7GF3WvEV764bFUc7tCLVfJjtCvKsISEwiBi56zWsJq1kCDIYm
3689 dESTf4qc7slKkxJlHloerixSVCePoIoh6t7FV3VV6WDDtGs6w46uE3ILZQm/2ITZOT+FPn2Dp
3690 HhHxHds</Cntt>
3691 </NcpsltdCntt>
3692
3693 <Dgst>RUNBNzgwNjdBM0MzRDlENjdDQzJBNzRBRTMzREYyRUYyQUQ5RkE4MTkzRTQ3MkE5MkQ
3694 3MTA2NUVFRTY5NUMzQw==</Dgst>
3695 </DgstdData>
3696 </KeyVal>
3697 <AddtlMgmtInf>
3698 <Nm>SECURITY_PROFILE</Nm>
3699 <Val>4</Val>
3700 </AddtlMgmtInf>
3701 <AddtlMgmtInf>
3702 <Nm>EXPIRY DATA</Nm>
3703 <Val>20190508000000</Val>
3704 </AddtlMgmtInf>
3705 <AddtlMgmtInf>
3706 <Nm>KEY RESILIANCE</Nm>
3707 <Val>YES</Val>
3708 </AddtlMgmtInf>
3709 </SctyElmt>
3710 <SctyElmt>
3711 <Id>PIN Encryption Key</Id>
3712 <Vrsn>1.0.0</Vrsn>
3713 <Fctn>PINE</Fctn>
3714 <KeyVal>
3715 <CnttTp>EVLP</CnttTp>
3716 <EnvlpdData>
3717 <Rcpt>
3718 <KeyIdr>
3719 <KeyId>KEY_SET</KeyId>
3720 <KeyVrsn>ANSI X9 TR-
3721 34:2012</KeyVrsn>
3722 </KeyIdr>
3723 </Rcpt>
3724 <NcrptdCntt>
3725 <CnttTp>DATA</CnttTp>
3726 <CnttNcrptnAlgo>
3727 <Algo>E3DC</Algo>
3728 <Param>
3729
3730 <NcrptnFrmt>TR31</NcrptnFrmt>
3731 </Param>
3732 </CnttNcrptnAlgo>
3733
3734 <NcrptdData>NDIzMDMwMzgzMDUwMzA1NDQ1MzAzMDRlMzAzMDMwMzA0MTMwMzMzNjM5NDEzN
3735 zQzNDYzOTQzMzMzOTQzMzczODQzMzUzMDM0MzA0NTQ1NDQzODM3NDQzNjM2MzMzMDM1MzgzNT
3736 Q1NDM0MTQ0MzAzNTQ1Mzk0NjM2MzMzNDM5MzAzNzMyNDUzNzQ1MzU0MTM3MzMzNDMxMzI0NDQ
3737 0MzYzNQ==</NcrptdData>
3738 </NcrptdCntt>
3739 </EnvlpdData>
3740 </KeyVal>
3741 <AddtlMgmtInf>
3742 <Nm>SECURITY_PROFILE</Nm>
3743 <Val>4</Val>
3744 </AddtlMgmtInf>
3745 <AddtlMgmtInf>
3746 <Nm>KEY RESILIANCE</Nm>
3747 <Val>YES</Val>
3748 </AddtlMgmtInf>
3749 <AddtlMgmtInf>
3750 <Nm>EXPIRY DATA</Nm>
3751 <Val>20281026000000</Val>
3752 </AddtlMgmtInf>
3753 <AddtlMgmtInf>
3754 <Nm>ADDITINALINFO</Nm>
3755 <Val>.1</Val>
3756 </AddtlMgmtInf>
3757 <AddtlMgmtInf>
3758 <Nm>KEY STORAGE UID</Nm>
3759 <Val>2FE457F2</Val>
3760 </AddtlMgmtInf>
3761 </SctyElmt>
3762 <SctyElmt>
3763 <Id>Data Encipherment Key</Id>
3764 <Vrsn>1.0.0</Vrsn>
3765 <Fctn>DENC</Fctn>
3766 <AddtlMgmtInf>
3767 <Nm>SECURITY_PROFILE</Nm>
3768 <Val>4</Val>
3769 </AddtlMgmtInf>
3770 <AddtlMgmtInf>
3771 <Nm>KEY RESILIANCE</Nm>
3772 <Val>YES</Val>
3773 </AddtlMgmtInf>
3774 <AddtlMgmtInf>
3775 <Nm>EXPIRY DATA</Nm>
3776 <Val>20281026000000</Val>
3777 </AddtlMgmtInf>
3778 <AddtlMgmtInf>
3779 <Nm>ADDITINALINFO</Nm>
3780 <Val>.1</Val>
3781 </AddtlMgmtInf>
3782 <AddtlMgmtInf>
3783 <Nm>KEY STORAGE UID</Nm>
3784 <Val>2FE457F3</Val>
3785 </AddtlMgmtInf>
3786 </SctyElmt>
3787 <SctyElmt>
3788 <Id>Data Decipherment Key</Id>
3789 <Vrsn>1.0.0</Vrsn>
3790 <Fctn>DDEC</Fctn>
3791 <AddtlMgmtInf>
3792 <Nm>SECURITY_PROFILE</Nm>
3793 <Val>4</Val>
3794 </AddtlMgmtInf>
3795 <AddtlMgmtInf>
3796 <Nm>KEY RESILIANCE</Nm>
3797 <Val>YES</Val>
3798 </AddtlMgmtInf>
3799 <AddtlMgmtInf>
3800 <Nm>EXPIRY DATA</Nm>
3801 <Val>20281026000000</Val>
3802 </AddtlMgmtInf>
3803 <AddtlMgmtInf>
3804 <Nm>ADDITINALINFO</Nm>
3805 <Val>.1</Val>
3806 </AddtlMgmtInf>
3807 <AddtlMgmtInf>
3808 <Nm>KEY STORAGE UID</Nm>
3809 <Val>2FE457F3</Val>
3810 </AddtlMgmtInf>
3811 </SctyElmt>
3812 <SctyElmt>
3813 <Id>MAC Generation Key</Id>
3814 <Vrsn>1.0.0</Vrsn>
3815 <Fctn>MACG</Fctn>
3816 <AddtlMgmtInf>
3817 <Nm>SECURITY_PROFILE</Nm>
3818 <Val>4</Val>
3819 </AddtlMgmtInf>
3820 <AddtlMgmtInf>
3821 <Nm>KEY RESILIANCE</Nm>
3822 <Val>YES</Val>
3823 </AddtlMgmtInf>
3824 <AddtlMgmtInf>
3825 <Nm>EXPIRY DATA</Nm>
3826 <Val>20281026000000</Val>
3827 </AddtlMgmtInf>
3828 <AddtlMgmtInf>
3829 <Nm>ADDITINALINFO</Nm>
3830 <Val>.1</Val>
3831 </AddtlMgmtInf>
3832 <AddtlMgmtInf>
3833 <Nm>KEY STORAGE UID</Nm>
3834 <Val>2FE457F3</Val>
3835 </AddtlMgmtInf>
3836 </SctyElmt>
3837 <SctyElmt>
3838 <Id>MAC Verification Key</Id>
3839 <Vrsn>1.0.0</Vrsn>
3840 <Fctn>MACV</Fctn>
3841 <AddtlMgmtInf>
3842 <Nm>SECURITY_PROFILE</Nm>
3843 <Val>4</Val>
3844 </AddtlMgmtInf>
3845 <AddtlMgmtInf>
3846 <Nm>KEY RESILIANCE</Nm>
3847 <Val>YES</Val>
3848 </AddtlMgmtInf>
3849 <AddtlMgmtInf>
3850 <Nm>EXPIRY DATA</Nm>
3851 <Val>20281026000000</Val>
3852 </AddtlMgmtInf>
3853 <AddtlMgmtInf>
3854 <Nm>ADDITINALINFO</Nm>
3855 <Val>.1</Val>
3856 </AddtlMgmtInf>
3857 <AddtlMgmtInf>
3858 <Nm>KEY STORAGE UID</Nm>
3859 <Val>2FE457F3</Val>
3860 </AddtlMgmtInf>
3861 </SctyElmt>
3862 </SctyParams>
3863 </Cntt>
3864 </DataSet>
3865 </AccptrCfgtn>
3866 <SctyTrlr>
3867 <CnttTp>SIGN</CnttTp>
3868 <SgndData>
3869 <DgstAlgo>
3870 <Algo>HS25</Algo>
3871 </DgstAlgo>
3872 <NcpsltdCntt>
3873 <CnttTp>DATA</CnttTp>
3874
3875 <Cntt>SSLrORo9yNDHszv+0MgqG54AK6UBfIz426sbOYazqFk=</Cntt>
3876 </NcpsltdCntt>
3877 <Sgnr>
3878 <SgnrId>
3879 <IssrAndSrlNb>
3880 <Issr>
3881 <RltvDstngshdNm>
3882 <AttrTp>CATT</AttrTp>
3883 <AttrVal>BE</AttrVal>
3884 </RltvDstngshdNm>
3885 <RltvDstngshdNm>
3886 <AttrTp>OATT</AttrTp>
3887 <AttrVal>Nexo</AttrVal>
3888 </RltvDstngshdNm>
3889 <RltvDstngshdNm>
3890 <AttrTp>CNAT</AttrTp>
3891 <AttrVal>nexo-KeyInjectionServer-
3892 TM1</AttrVal>
3893 </RltvDstngshdNm>
3894 </Issr>
3895 <SrlNb>CV0Roz+UTgA0ejlZZgPTGj6rbqk=</SrlNb>
3896 </IssrAndSrlNb>
3897 </SgnrId>
3898 <DgstAlgo>
3899 <Algo>HS25</Algo>
3900 </DgstAlgo>
3901 <SgntrAlgo>
3902 <Algo>ERS2</Algo>
3903 </SgntrAlgo>
3904
3905 <Sgntr>vzPRrvmsE4adw1XvbvpA4oURxpetT8p/3G0SK3bj0myR5olIpvSLVK4ernly2iL8kf
3906 rMNBXUCh1X5toiRneDm+JJl2GLtq7MSmlZP0/BX8O4RCF5Ei3Zdh8KHk80XIN1UzFQMViIXQo
3907 j2Y62Lv862JfYLSDvOb7k4AEEM0CcswKLg6DAnDksuOPmfcjyKx+k1YpojEQux1tpTDZZuhXQ
3908 eoRG3s5N2GvzUAVffeLr2yYreAbfGc2BfP48epyYFgzkZqerR0z+QR7bKwuwvVogRCpoIrSL7
3909 5cUjAyMj3cUXLmAxeLX5tWCEZhrcwqUCbcLjpMkgk7BGsrotjujzCROEg==</Sgntr>
3910 </Sgnr>
3911 </SgndData>
3912 </SctyTrlr>
3913 </AccptrCfgtnUpd>
3914 </Document>
3915
3916 Once unnecessary spaces and carriage returns are removed, the message body AccptrCfgtn (without
3917 spaces or line breaks) is dumped below:
3918
3919 0000 3C 41 63 63 70 74 72 43 66 67 74 6E 3E 3C 54 65 |<AccptrCfgtn><Te|
3920 0010 72 6D 6E 6C 4D 67 72 49 64 3E 3C 49 64 3E 6E 65 |rmnlMgrId><Id>ne|
3921 0020 78 6F 2D 4B 65 79 49 6E 6A 65 63 74 69 6F 6E 53 |xo-KeyInjectionS|
3922 0030 65 72 76 65 72 2D 54 4D 31 3C 2F 49 64 3E 3C 54 |erver-TM1</Id><T|
3923 0040 70 3E 54 4D 47 54 3C 2F 54 70 3E 3C 2F 54 65 72 |p>TMGT</Tp></Ter|
3924 0050 6D 6E 6C 4D 67 72 49 64 3E 3C 44 61 74 61 53 65 |mnlMgrId><DataSe|
3925 0060 74 3E 3C 49 64 3E 3C 4E 6D 3E 4B 45 59 5F 53 45 |t><Id><Nm>KEY_SE|
3926 0070 54 3C 2F 4E 6D 3E 3C 54 70 3E 53 43 50 52 3C 2F |T</Nm><Tp>SCPR</|
3927 0080 54 70 3E 3C 56 72 73 6E 3E 41 4E 53 49 20 58 39 |Tp><Vrsn>ANSI X9|
3928 0090 20 54 52 2D 33 34 3A 32 30 31 32 3C 2F 56 72 73 | TR-34:2012</Vrs|
3929 00A0 6E 3E 3C 43 72 65 44 74 54 6D 3E 32 30 31 39 2D |n><CreDtTm>2019-|
3930 00B0 30 35 2D 30 36 54 31 34 3A 32 35 3A 33 34 2E 33 |05-06T14:25:34.3|
3931 00C0 32 35 38 30 30 2B 30 31 3A 30 30 3C 2F 43 72 65 |25800+01:00</Cre|
3932 00D0 44 74 54 6D 3E 3C 2F 49 64 3E 3C 50 4F 49 49 64 |DtTm></Id><POIId|
3933 00E0 3E 3C 49 64 3E 36 36 30 30 30 30 30 31 3C 2F 49 |><Id>66000001</I|
3934 00F0 64 3E 3C 54 70 3E 4F 50 4F 49 3C 2F 54 70 3E 3C |d><Tp>OPOI</Tp><|
3935 0100 49 73 73 72 3E 4D 54 4D 47 3C 2F 49 73 73 72 3E |Issr>MTMG</Issr>|
3936 0110 3C 2F 50 4F 49 49 64 3E 3C 43 6E 74 74 3E 3C 53 |</POIId><Cntt><S|
3937 0120 63 74 79 50 61 72 61 6D 73 3E 3C 41 63 74 6E 54 |ctyParams><ActnT|
3938 0130 70 3E 43 52 45 41 3C 2F 41 63 74 6E 54 70 3E 3C |p>CREA</ActnTp><|
3939 0140 56 72 73 6E 3E 31 2E 30 2E 30 3C 2F 56 72 73 6E |Vrsn>1.0.0</Vrsn|
3940 0150 3E 3C 53 63 74 79 45 6C 6D 74 3E 3C 49 64 3E 4B |><SctyElmt><Id>K|
3941 0160 42 50 4B 3C 2F 49 64 3E 3C 56 72 73 6E 3E 31 2E |BPK</Id><Vrsn>1.|
3942 0170 30 2E 30 3C 2F 56 72 73 6E 3E 3C 46 63 74 6E 3E |0.0</Vrsn><Fctn>|
3943 0180 4B 45 59 49 3C 2F 46 63 74 6E 3E 3C 4B 65 79 56 |KEYI</Fctn><KeyV|
3944 0190 61 6C 3E 3C 43 6E 74 74 54 70 3E 44 47 53 54 3C |al><CnttTp>DGST<|
3945 01A0 2F 43 6E 74 74 54 70 3E 3C 44 67 73 74 64 44 61 |/CnttTp><DgstdDa|
3946 01B0 74 61 3E 3C 44 67 73 74 41 6C 67 6F 3E 3C 41 6C |ta><DgstAlgo><Al|
3947 01C0 67 6F 3E 48 53 32 35 3C 2F 41 6C 67 6F 3E 3C 2F |go>HS25</Algo></|
3948 01D0 44 67 73 74 41 6C 67 6F 3E 3C 4E 63 70 73 6C 74 |DgstAlgo><Ncpslt|
3949 01E0 64 43 6E 74 74 3E 3C 43 6E 74 74 54 70 3E 44 41 |dCntt><CnttTp>DA|
3950 01F0 54 41 3C 2F 43 6E 74 74 54 70 3E 3C 43 6E 74 74 |TA</CnttTp><Cntt|
3951 0200 3E 4D 49 49 45 6B 41 59 4A 4B 6F 5A 49 68 76 63 |>MIIEkAYJKoZIhvc|
3952 0210 4E 41 51 63 43 6F 49 49 45 67 54 43 43 42 48 30 |NAQcCoIIEgTCCBH0|
3953 0220 43 41 51 45 78 44 54 41 4C 42 67 6C 67 68 6B 67 |CAQExDTALBglghkg|
4219
4220 Applying the padding process, the block result is dumped below:
4221
4222 0000 00 01 FF FF FF FF FF FF FF FF FF FF FF FF FF FF |................|
4223 0010 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF |................|
4224 0020 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF |................|
4225 0030 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF |................|
4226 0040 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF |................|
4227 0050 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF |................|
4228 0060 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF |................|
4229 0070 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF |................|
4230 0080 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF |................|
4231 0090 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF |................|
4232 00A0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF |................|
4233 00B0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF |................|
4234 00C0 FF FF FF FF FF FF FF FF FF FF FF FF 00 30 31 30 |.............010|
4235 00D0 0D 06 09 60 86 48 01 65 03 04 02 01 05 00 04 20 |...`.H.e....... |
4236 00E0 49 22 EB 39 1A 3D C8 D0 C7 B3 3B FE D0 C8 2A 1B |I".9.=....;...*.|
4237 00F0 9E 00 2B A5 01 7C 8C F8 DB AB 1B 39 86 B3 A8 59 |..+..|.....9...Y|
4238
4239 After encryption by the RSA signing private key, we have the digital signature of the message body:
4240
4241 0000 BF 33 D1 AE F9 AC 13 86 9D C3 55 EF 6E FA 40 E2 |.3........U.n.@.|
4242 0010 85 11 C6 97 AD 4F CA 7F DC 6D 12 2B 76 E3 D2 6C |.....O...m.+v..l|
4243 0020 91 E6 89 48 A6 F4 8B 54 AE 1E AE 79 72 DA 22 FC |...H...T...yr.".|
4244 0030 91 FA CC 34 15 D4 0A 1D 57 E6 DA 22 46 77 83 9B |...4....W.."Fw..|
4245 0040 E2 49 97 61 8B B6 AE CC 4A 69 59 3F 4F C1 5F C3 |.I.a....JiY?O._.|
4246 0050 B8 44 21 79 12 2D D9 76 1F 0A 1E 4F 34 5C 83 75 |.D!y.-.v...O4\.u|
4247 0060 53 31 50 31 58 88 5D 0A 23 D9 8E B6 2E FF 3A D8 |S1P1X.].#.....:.|
4248 0070 97 D8 2D 20 EF 39 BE E4 E0 01 04 33 40 9C B3 02 |..- .9.....3@...|
4249 0080 8B 83 A0 C0 9C 39 2C B8 E3 E6 7D C8 F2 2B 1F A4 |.....9,...}..+..|
4250 0090 D5 8A 68 8C 44 2E C7 5B 69 4C 36 59 BA 15 D0 7A |..h.D..[iL6Y...z|
4251 00A0 84 46 DE CE 4D D8 6B F3 50 05 5F 7D E2 EB DB 26 |.F..M.k.P._}...&|
4252 00B0 2B 78 06 DF 19 CD 81 7C FE 3C 7A 9C 98 16 0C E4 |+x.....|.<z.....|
4253 00C0 66 A7 AB 47 4C FE 41 1E DB 2B 0B B0 BD 5A 20 44 |f..GL.A..+...Z D|
4254 00D0 2A 68 22 B4 8B EF 97 14 8C 0C 8C 8F 77 14 5C B9 |*h".........w.\.|
4255 00E0 80 C5 E2 D7 E6 D5 82 11 98 6B 73 0A 94 09 B7 0B |.........ks.....|
4256 00F0 8E 93 24 82 4E C1 1A CA E8 B6 3B A3 CC 24 4E 12 |..$.N.....;..$N.|
4257
4258 The message sent by the transport protocol is:
4259
4260 0000 00 00 18 1C 3C 3F 78 6D 6C 20 76 65 72 73 69 6F |....<?xml versio|
4261 0010 6E 3D 22 31 2E 30 22 20 65 6E 63 6F 64 69 6E 67 |n="1.0" encoding|
4262 0020 3D 22 55 54 46 2D 38 22 3F 3E 3C 44 6F 63 75 6D |="UTF-8"?><Docum|
4263 0030 65 6E 74 20 78 6D 6C 6E 73 3A 78 73 69 3D 22 68 |ent xmlns:xsi="h|
4264 0040 74 74 70 3A 2F 2F 77 77 77 2E 77 33 2E 6F 72 67 |ttp://www.w3.org|
4265 0050 2F 32 30 30 31 2F 58 4D 4C 53 63 68 65 6D 61 2D |/2001/XMLSchema-|
4266 0060 69 6E 73 74 61 6E 63 65 22 20 78 6D 6C 6E 73 3D |instance" xmlns=|
4267 0070 22 75 72 6E 3A 69 73 6F 3A 73 74 64 3A 69 73 6F |"urn:iso:std:iso|
4268 0080 3A 32 30 30 32 32 3A 74 65 63 68 3A 78 73 64 3A |:20022:tech:xsd:|
4269 0090 63 61 74 6D 2E 30 30 33 2E 30 30 31 2E 30 37 22 |catm.003.001.07"|
4646
4647
4648
4654
4724
4725 <Cert>MIIESTCCAjGgAwIBAgIBAjANBgkqhkiG9w0BAQsFADA1MSQwIgYDVQQDDBtOZXhvIFR
4726 lc3QgUEtJIFNlcnZlciBTdWIgQ0ExDTALBgNVBAoMBE5leG8wHhcNMTgxMjA2MTQ0MDEyWhcN
4727 MTkxMjA2MTQ0MDEyWjA8MR4wHAYDVQQDDBVOaW1idXMyMDAxLVNOMDAwMDA4NTExDTALBgNVB
4728 AoMBE5leG8xCzAJBgNVBAYTAkJFMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4K
4729 JYupmrZaiRs6ZDoCLac8Kn50Lt82dvblIiodFxJxSrY+S4ZKiX3APy9txHnOBZzgNVhzX06QB
4730 7f2DUYEDV+GFUXqo+eOinS1JXXvb6TC3CxhEEQJ5XLZhW3xVHHaXCe93GjDLJjxCs5jr97SQr
4731 hyelXK2cK+28xQq8uUOUP+jiCswVElPBYccbCpcrRRc/cmQtmhQg7yCN9k/t4FdsQPwYK+quT
4732 aHQ/Ch3hm+4etY2F4GxmCGh3hNilJhDiEtrfhH35jN+MUlncTR6EJ6zG7GBuqQzMM0gGMqvkO
4733 WnToR5bRnzbfAZaC5qDvotgtGpmo0DSg9B1lP9dhJKAY/WwQIDAQABo10wWzAMBgNVHRMBAf8
4734 EAjAAMB0GA1UdDgQWBBQKmu4+t8wvqHNuvrSbnVuDsqngEjAfBgNVHSMEGDAWgBTUALFfC1fj
4735 td1ubCsAQe7gWNPATjALBgNVHQ8EBAMCBSAwDQYJKoZIhvcNAQELBQADggIBAF3cdInRZZBIc
4736 QPpkAY63ieyd79h8kzrvxE8UC01i+lhPAlqMAEyLe+1ItsBshFVY0TJgMG/clnXP/ryhda1E2
4737 oN+HsQY2IkGK67ECXz2/u6WYuF26nBM8m9Rh4/6sKziYHeL55egU2gqTrDH8B/Wv0/2p3/IFb
4738 fPKZnETkIq6G+GdXAzAlt5/L65GZ5W30ED9EbEOSuqOhoeBjDZXAY+ufu7NDHFyf8HtnfTns1
4739 /2AdF79kPya6fpkmkpy6au0/I28eS/n3iuPUtG3uRz6dxGk4E9pOLvUi37TRyphb5dxP+hbNn
4740 yjDNFlskTl8byZCORZ/YN1J23vGlK3igaiCnJCEYmnOnTl8Dhn0XGRN5GUq7wYoyYSA8plezx
4741 O6H08JM2Gs1yBnM3kutwwzJZ7DqzosovUrHKAqu5D5BAwGu2C9GliIRpPzLLcujzQ5VFUTPj2
4742 9i0lV5YQ+Ouku/G1XsQnYErymWzyl65k6HLlUSU10FfgB4FCQvCEZuzS9Ojk3PI62NNMA4r4x
4743 3LqjpuEwjtsRmMCjlX/8iQ2dqE5BzwJBkJpbHkNbw02mWM5qos5efqu+SjiRq8ywSRU5jGuY4
4744 VuRaP7cH2EqxcYZNMOZGymzeWY7LntZIGHB/UBAd1l84aC8dcFS3PbxhYwMG2wWJgzpTSFyAV
4745 wFUg63SPYDgMsP</Cert>
4746 </SgndData>
4747 </KeyVal>
4748 </SctyElmt>
4749 <SctyElmt>
4750
4751 <Id>7D:74:D1:59:6E:DF:4F:13:88:FE:61:AF:F5:62:BB:D6:A6:3F:AF:CA</Id>
4752 <AddtlId>Q1RfS1JEX1NpZw==</AddtlId>
4753 <Vrsn>20181206144104+0000</Vrsn>
4754 <KeyVal>
4755 <CnttTp>SIGN</CnttTp>
4756 <SgndData>
4757
4758 <Cert>MIIESTCCAjGgAwIBAgIBAzANBgkqhkiG9w0BAQsFADA1MSQwIgYDVQQDDBtOZXhvIFR
4759 lc3QgUEtJIFNlcnZlciBTdWIgQ0ExDTALBgNVBAoMBE5leG8wHhcNMTgxMjA2MTQ0MTA0WhcN
4760 MTkxMjA2MTQ0MTA0WjA8MR4wHAYDVQQDDBVOaW1idXMyMDAxLVNOMDAwMDA4NTExDTALBgNVB
4761 AoMBE5leG8xCzAJBgNVBAYTAkJFMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqX
4762 cAqnabwBOETIs+dHhXRIsOH0j6j6TkyBlRu6QxyqpDgMk6i5wPShgg7R66Io762I5jXZu6UKw
4763 C42U/1gnmnx8ts0rQ8MOzjfCOi7h+ToLsMKqAQP3x4SvT+XaXeX61aDBhLB4WTomeOAGTuf3f
4764 K182OVUbJ3DVpzHSFhWtYWU2WYewP2/7VLRG2d5sPLwM3wqIZ3aQydcNOdpznCfCNHiEdC2Bh
4765 TGHaoQjgp5KfGdS//godVIff2H4z2Fz6k1+Xd8TEr6Hc0u2PDgK3UBTYpVvar1iR39wY5zgxf
4766 Y69QlKPp0ZLMhW0kScTcO6of64qSJqxjpFD1midLVN/6jQ+QIDAQABo10wWzAMBgNVHRMBAf8
4767 EAjAAMB0GA1UdDgQWBBR9dNFZbt9PE4j+Ya/1YrvWpj+vyjAfBgNVHSMEGDAWgBTUALFfC1fj
4768 td1ubCsAQe7gWNPATjALBgNVHQ8EBAMCBsAwDQYJKoZIhvcNAQELBQADggIBADpqXwzELOUPd
4769 hPJkFRY+K/DjBOHbIAbha5Umh+KjVf+vAY1+HY3ovqoC2cNxHq8gt6q/KSvfy143WgYCS2d46
4770 uZ+iKJxsYKHB+4wvZ5sF14MH+bZU8T5SXMaTps0P8uJi+x2L4S9/kBGzw1DGt9C+Vb3DCX5Vt
4771 sdvpt6K6Z96NvGQ8Z1tikK/m8iDva3L7N04gaKjMtoXXD3hsf42KE9asWa2SvbYZv/3d+a+8b
4772 fLVhvUHH9NASHIEJwcBhAKMKVL+3ZJadNLDhlA1WehYj0Zau42oKB43/yV1GUo5/Z84dE66sA
4773 2/8kuvgq7TyN3VYbRvAQI3P8RIKPRZyGM8loqwU0Ab6bKPrFNYUdz087bu2DCT4OjQFkwFB9Q
4774 8fz4s7l/uovxIPzVdjgYmK29kcfH63/5c8GtIKJxXbxsLueSfrRZPNTXY5IoW6XrpSt2H1GOn
4775 Z0y3yUZhKYcbDilhl29tn7yVqd/JvxcyRalTZT0aAjQ2XYLA2EdKEIrnvcImyrE8rq5ppMd6+
4776 ZqL5TCNZ3wYuYBG8JfVcekNnEi7pJO0DsH+LWJNfVOJmGkjw4r9j3fueza1YEfrTmYOofiOBe
4777 v7dNiSGLM9aE9lfNPFVGcgjERQkifH+2FwqBJWvS5j+sIXbj4yiTssWnlrq7Dy+Kvc0qRYPqY
4778 K/YADBXReTuTMO</Cert>
4779 </SgndData>
4780 </KeyVal>
4781 </SctyElmt>
4782 </Chrtcs>
4783 </POICmpnt>
4784 <POICmpnt>
4785 <Tp>SCPR</Tp>
4786 <Id>
4787 <Id>SECURITY_PROFILE_4</Id>
4788 </Id>
4789 <Sts>
4790 <VrsnNb>any value here</VrsnNb>
4791 <Sts>OUTD</Sts>
4792 </Sts>
4793 <Chrtcs>
4794 <SctyElmt>
4795 <Id>B0016K1TD00N0000</Id>
4796 <AddtlId>LjE=</AddtlId>
4797 <Vrsn>1.0.0</Vrsn>
4798 </SctyElmt>
4799 <SctyElmt>
4800 <Id>PIN Encryption Key</Id>
4801 <AddtlId>LjEuMQ==</AddtlId>
4802 <Vrsn>1.0.0</Vrsn>
4803 <KeyChckVal>bssX</KeyChckVal>
4804 </SctyElmt>
4805 <SctyElmt>
4806 <Id>Data Encipherment Key</Id>
4807 <AddtlId>LjEuMg==</AddtlId>
4808 <Vrsn>1.0.0</Vrsn>
4809 <KeyChckVal>neIh</KeyChckVal>
4810 </SctyElmt>
4811 <SctyElmt>
4812 <Id>Data Decipherment Key</Id>
4813 <AddtlId>LjEuMg==</AddtlId>
4814 <Vrsn>1.0.0</Vrsn>
4815 <KeyChckVal>4nCD</KeyChckVal>
4816 </SctyElmt>
4817 <SctyElmt>
4818 <Id>MAC Generation Key</Id>
4819 <AddtlId>LjEuMg==</AddtlId>
4820 <Vrsn>1.0.0</Vrsn>
4821 <KeyChckVal>+NSV</KeyChckVal>
4822 </SctyElmt>
4823 <SctyElmt>
4824 <Id>MAC Verification Key</Id>
4825 <AddtlId>LjEuMg==</AddtlId>
4826 <Vrsn>1.0.0</Vrsn>
4827 <KeyChckVal>H4Uk</KeyChckVal>
4828 </SctyElmt>
4829 </Chrtcs>
4830 </POICmpnt>
4831 <AttndncCntxt>ATTD</AttndncCntxt>
4832 <POIDtTm>2019-05-06T14:25:34.526800+01:00</POIDtTm>
4833 <Evt>
4834 <TmStmp>2019-05-06T14:25:34.504800+01:00</TmStmp>
4835 <Rslt>SUCC</Rslt>
4836 <ActnId>
4837 <ActnTp>INST</ActnTp>
4838 <DataSetId>
4839 <Nm>PIN Encryption Key</Nm>
4840 <Tp>SCPR</Tp>
4841 <CreDtTm>2019-05-
4842 06T14:25:34.528800+01:00</CreDtTm>
4843 </DataSetId>
4844 </ActnId>
4845 </Evt>
4846 <Evt>
4847 <TmStmp>2019-05-06T14:25:34.504800+01:00</TmStmp>
4848 <Rslt>SUCC</Rslt>
4849 <ActnId>
4850 <ActnTp>INST</ActnTp>
4851 <DataSetId>
4852 <Nm>Data Encipherment Key</Nm>
4853 <Tp>SCPR</Tp>
4854 <CreDtTm>2019-05-
4855 06T14:25:34.529800+01:00</CreDtTm>
4856 </DataSetId>
4857 </ActnId>
4858 </Evt>
4859 <Evt>
4860 <TmStmp>2019-05-06T14:25:34.504800+01:00</TmStmp>
4861 <Rslt>SUCC</Rslt>
4862 <ActnId>
4863 <ActnTp>INST</ActnTp>
4864 <DataSetId>
4865 <Nm>Data Decipherment Key</Nm>
4866 <Tp>SCPR</Tp>
4867 <CreDtTm>2019-05-
4868 06T14:25:34.529800+01:00</CreDtTm>
4869 </DataSetId>
4870 </ActnId>
4871 </Evt>
4872 <Evt>
4873 <TmStmp>2019-05-06T14:25:34.504800+01:00</TmStmp>
4874 <Rslt>SUCC</Rslt>
4875 <ActnId>
4876 <ActnTp>INST</ActnTp>
4877 <DataSetId>
4878 <Nm>MAC Generation Key</Nm>
4879 <Tp>SCPR</Tp>
4880 <CreDtTm>2019-05-
4881 06T14:25:34.529800+01:00</CreDtTm>
4882 </DataSetId>
4883 </ActnId>
4884 </Evt>
4885 <Evt>
4886 <TmStmp>2019-05-06T14:25:34.504800+01:00</TmStmp>
4887 <Rslt>SUCC</Rslt>
4888 <ActnId>
4889 <ActnTp>INST</ActnTp>
4890 <DataSetId>
4891 <Nm>MAC Verification Key</Nm>
4892 <Tp>SCPR</Tp>
4893 <CreDtTm>2019-05-
4894 06T14:25:34.529800+01:00</CreDtTm>
4895 </DataSetId>
4896 </ActnId>
4897 </Evt>
4898 </Cntt>
4899 </DataSet>
4900 </StsRpt>
4901 <SctyTrlr>
4902 <CnttTp>AUTH</CnttTp>
4903 <AuthntcdData>
4904 <Rcpt>
4905 <KeyIdr>
4906 <KeyId>B0080M1TG00N0000</KeyId>
4907 <KeyVrsn>1.0.0</KeyVrsn>
4908 </KeyIdr>
4909 </Rcpt>
4910 <MACAlgo>
4911 <Algo>MCCS</Algo>
4912 </MACAlgo>
4913 <NcpsltdCntt>
4914 <CnttTp>DATA</CnttTp>
4915 </NcpsltdCntt>
4916 <MAC>nT5dRe/tQs0=</MAC>
4917 </AuthntcdData>
4918 </SctyTrlr>
4919 </StsRpt>
4920 </Document>
4921
4922 Once unnecessary spaces and carriage returns are removed, the message body StsRpt (without spaces
4923 or line breaks) is dumped below:
4924 0000 3C 53 74 73 52 70 74 3E 3C 50 4F 49 49 64 3E 3C |<StsRpt><POIId><|
4925 0010 49 64 3E 36 36 30 30 30 30 30 31 3C 2F 49 64 3E |Id>66000001</Id>|
4926 0020 3C 54 70 3E 4F 50 4F 49 3C 2F 54 70 3E 3C 49 73 |<Tp>OPOI</Tp><Is|
4927 0030 73 72 3E 4D 54 4D 47 3C 2F 49 73 73 72 3E 3C 2F |sr>MTMG</Issr></|
5755
5762
5763
5764
5765 <?xml version="1.0" encoding="UTF-8"?>
5766 <Document xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
5767 xmlns="urn:iso:std:iso:20022:tech:xsd:catm.002.001.07">
5768 <MgmtPlanRplcmnt>
5769 <Hdr>
5770 <DwnldTrf>true</DwnldTrf>
5771 <FrmtVrsn>7.0</FrmtVrsn>
5772 <XchgId>47646055293173856.</XchgId>
5773 <CreDtTm>2019-05-06T14:25:34.585800+01:00</CreDtTm>
5774 <InitgPty>
5775 <Id>66000001</Id>
5776 <Tp>OPOI</Tp>
5777 <Issr>MTMG</Issr>
5778 </InitgPty>
5779 <RcptPty>
5780 <Id>nexo-KeyInjectionServer-TM1</Id>
5781 <Tp>TMGT</Tp>
5782 </RcptPty>
5783 </Hdr>
5784 <MgmtPlan>
5785 <TermnlMgrId>
5786 <Id>nexo-KeyInjectionServer-TM1</Id>
5787 <Tp>TMGT</Tp>
5788 </TermnlMgrId>
5789 <DataSet>
5790 <Id>
5791 <Nm>Key Inject Management Plan</Nm>
5792 <Tp>MGTP</Tp>
5793 <CreDtTm>2019-05-06T14:25:34.634800+01:00</CreDtTm>
5794 </Id>
5795 </DataSet>
5796 </MgmtPlan>
5797 <SctyTrlr>
5798 <CnttTp>AUTH</CnttTp>
5799 <AuthntcdData>
5800 <Rcpt>
5801 <KeyIdr>
5802 <KeyId>B0080M1TV00N0000</KeyId>
5803 <KeyVrsn>1.0.0</KeyVrsn>
5804 </KeyIdr>
5805 </Rcpt>
5806 <MACAlgo>
5807 <Algo>MCCS</Algo>
5808 </MACAlgo>
5809 <NcpsltdCntt>
5810 <CnttTp>DATA</CnttTp>
5811 </NcpsltdCntt>
5812 <MAC>/lahDQ8YQEc=</MAC>
5813 </AuthntcdData>
5814 </SctyTrlr>
5815 </MgmtPlanRplcmnt>
5816 </Document>
5817
5818 Once unnecessary spaces and carriage returns are removed, the message body MgmtPlan (without
5819 spaces or line breaks) is dumped below:
5820 0000 3C 4D 67 6D 74 50 6C 61 6E 3E 3C 54 65 72 6D 6E |<MgmtPlan><Termn|
5821 0010 6C 4D 67 72 49 64 3E 3C 49 64 3E 6E 65 78 6F 2D |lMgrId><Id>nexo-|
5822 0020 4B 65 79 49 6E 6A 65 63 74 69 6F 6E 53 65 72 76 |KeyInjectionServ|
5823 0030 65 72 2D 54 4D 31 3C 2F 49 64 3E 3C 54 70 3E 54 |er-TM1</Id><Tp>T|
5824 0040 4D 47 54 3C 2F 54 70 3E 3C 2F 54 65 72 6D 6E 6C |MGT</Tp></Termnl|
5825 0050 4D 67 72 49 64 3E 3C 44 61 74 61 53 65 74 3E 3C |MgrId><DataSet><|
5826 0060 49 64 3E 3C 4E 6D 3E 4B 65 79 20 49 6E 6A 65 63 |Id><Nm>Key Injec|
5827 0070 74 20 4D 61 6E 61 67 65 6D 65 6E 74 20 50 6C 61 |t Management Pla|
5828 0080 6E 3C 2F 4E 6D 3E 3C 54 70 3E 4D 47 54 50 3C 2F |n</Nm><Tp>MGTP</|
5951
5952
5953 Figure 11: dhHybrid1 method
5954
5955
5956 @startuml
5957
5958 participant "POI (U)" as POI
5959 participant "TM (V)" as TM
5960
5961 POI --> TM : StatusReport with __**P**__, __**g**__, **tU** + DataSetRequired =
5962 **TM DH key element**\n Signed by the private **K_KRD_Sig**
5963 TM --> POI : AcceptorConfigurationUpdate with **tV**\n Signed by the private
5964 **K_KDH_Sig**
5965
5966 @enduml
5967
5968 Figure 12: Translation of dhHybrid1 in nexo messages
5969
6000 E31B548FB7FB2CF75ABF96E01CCD3E942EED91480D4C24C6B7F979FBBE5DA239B376167D68573524FFCB50
6001 9954CC80A0E1A71C40C4DA17B8D1572B21587A8D66CC621C7CD10F49ABD5EF863113E61921086FAC25312B
6002 741C11A8FBC1E33C34D9DA14A822477FCC36667025C4F130AE100E36F15DA00374CE8741679F61
6003
DigestAlgorithm
SHA256
Algorithm
EncapsulatedContent
Data
ContentType
AD107E1E9123A9D0D660FAA79559C51FA20D64E5683B9FD1B54B1597B
Content 61D0A75E6FA141DF95A56DBAF9A3C407BA1DF15EB3D688A309C180E1
DE6B85A1274A0A66D3F8152AD6AC2129037C9EDEFDA4DF8D91E8FEF5
5B7394B7AD5B7D0B6C12207C9F98D11ED34DBF6C6BA0B2C8BBC27BE
6A00E0A0B9C49708B3BF8A317091883681286130BC8985DB1602E714415
D9330278273C7DE31EFDC7310F7121FD5A07415987D9ADC0A486DCDF9
3ACC44328387315D75E198C641A480CD86A1B9E587E8BE60E69CC928B
2B9C52172E413042E9B23F10B0E16E79763C9B53DCF4BA80A29E3FB73
C16B8E75B97EF363E2FFA31F71CF9DE5384E71B81C0AC4DFFE0C10E64
F
BFE545862CA102AD1EEDDB5FBFA5BF855AC4995C56A8B408CE3FE099D
Digest CE93A9D
SecurityElement
Identification dhHybrid1 g
Version 1.0.0
KeyValue
ContentType DigestedData
DigestedData
DigestAlgorithm
SHA256
Algorithm
EncapsulatedContent
Data
ContentType
AD107E1E9123A9D0D660FAA79559C51FA20D64E5683B9FD1B54B1597B
Content 61D0A75E6FA141DF95A56DBAF9A3C407BA1DF15EB3D688A309C180E1
DE6B85A1274A0A66D3F8152AD6AC2129037C9EDEFDA4DF8D91E8FEF5
5B7394B7AD5B7D0B6C12207C9F98D11ED34DBF6C6BA0B2C8BBC27BE
6A00E0A0B9C49708B3BF8A317091883681286130BC8985DB1602E714415
D9330278273C7DE31EFDC7310F7121FD5A07415987D9ADC0A486DCDF9
3ACC44328387315D75E198C641A480CD86A1B9E587E8BE60E69CC928B
2B9C52172E413042E9B23F10B0E16E79763C9B53DCF4BA80A29E3FB73
C16B8E75B97EF363E2FFA31F71CF9DE5384E71B81C0AC4DFFE0C10E64
F
304FA9E9307277FAC76A886A98170924373A50A290D836F82B39E4949F70
Digest D6C2
SecurityElement
Identification dhHybrid1 tU
Version 1.0.0
KeyValue
ContentType DigestedData
DigestedData
DigestAlgorithm
SHA256
Algorithm
EncapsulatedContent
Data
ContentType
3DB2F114B59BF6D99458F3F6BE6072B0106ED03125BFF741FF8BDC96D
Content 0C541AFAB1DF7AB694F77CB962D0AB7435B1A3A8E93AE97F182606D3
CE9DCA3A6F00EBD6C47D81D6AD5800849490CAFC34A9C8DD6D7EDA8
03A9661425637D99840757112FBC01DF76D83F99E3E97EF99090596A128
7BB2E0B00911FE27FFBD287C5D0245AE8631CD9C8A10EE236BF8AF5E0
CE4ED27DE78D12206A15AEF1AAA6951247B1525F3E944743C5CD4B13D
244A1644C09A2697ED08714416E7FF1BD24D3151A7B797C368CA7D14D9
D1975CB3A065CAE9D89A26E39BD69808951786674BA9711E0DED299CA
06B9B90EA02B6A8BC0BAAE9FB6AA5A893436B9CD14CCD6FF365E6F6
8
0E93DF6D3DAFD503507CC8C35F990825E9A3C85C52516D3F8A985174DE
Digest 6F7983
SecurityElement
Identification 7D:74:D1:59:6E:DF:4F:13:88:FE:61:AF:F5:62:BB:D6:A6:3F:AF:CA
AdditionalIdentification CT_KRD_Sig
Version 20181206144104+0000
KeyValue
ContentType SignedData
SignedData
Certificate MIIESTCCAjGgAwIBAgIBAzANBgkqhkiG9w0BAQsFADA1MSQwIgYDVQQ
DDBtOZXhvIFRlc3QgUEtJIFNlcnZlciBTdWIgQ0ExDTALBgNVBAoMBE5le
G8wHhcNMTgxMjA2MTQ0MTA0WhcNMTkxMjA2MTQ0MTA0WjA8MR4wH
AYDVQQDDBVOaW1idXMyMDAxLVNOMDAwMDA4NTExDTALBgNVBAo
MBE5leG8xCzAJBgNVBAYTAkJFMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ
8AMIIBCgKCAQEAqXcAqnabwBOETIs+dHhXRIsOH0j6j6TkyBlRu6Qxyqp
DgMk6i5wPShgg7R66Io762I5jXZu6UKwC42U/1gnmnx8ts0rQ8MOzjfCOi7h
+ToLsMKqAQP3x4SvT+XaXeX61aDBhLB4WTomeOAGTuf3fK182OVUbJ3
DVpzHSFhWtYWU2WYewP2/7VLRG2d5sPLwM3wqIZ3aQydcNOdpznCfC
NHiEdC2BhTGHaoQjgp5KfGdS//godVIff2H4z2Fz6k1+Xd8TEr6Hc0u2PDgK
3UBTYpVvar1iR39wY5zgxfY69QlKPp0ZLMhW0kScTcO6of64qSJqxjpFD1
midLVN/6jQ+QIDAQABo10wWzAMBgNVHRMBAf8EAjAAMB0GA1UdDgQ
WBBR9dNFZbt9PE4j+Ya/1YrvWpj+vyjAfBgNVHSMEGDAWgBTUALFfC1fjt
d1ubCsAQe7gWNPATjALBgNVHQ8EBAMCBsAwDQYJKoZIhvcNAQELB
QADggIBADpqXwzELOUPdhPJkFRY+K/DjBOHbIAbha5Umh+KjVf+vAY1+
HY3ovqoC2cNxHq8gt6q/KSvfy143WgYCS2d46uZ+iKJxsYKHB+4wvZ5sF1
4MH+bZU8T5SXMaTps0P8uJi+x2L4S9/kBGzw1DGt9C+Vb3DCX5Vtsdvpt6
K6Z96NvGQ8Z1tikK/m8iDva3L7N04gaKjMtoXXD3hsf42KE9asWa2SvbYZv
/3d+a+8bfLVhvUHH9NASHIEJwcBhAKMKVL+3ZJadNLDhlA1WehYj0Zau4
2oKB43/yV1GUo5/Z84dE66sA2/8kuvgq7TyN3VYbRvAQI3P8RIKPRZyGM8l
oqwU0Ab6bKPrFNYUdz087bu2DCT4OjQFkwFB9Q8fz4s7l/uovxIPzVdjgY
mK29kcfH63/5c8GtIKJxXbxsLueSfrRZPNTXY5IoW6XrpSt2H1GOnZ0y3yU
ZhKYcbDilhl29tn7yVqd/JvxcyRalTZT0aAjQ2XYLA2EdKEIrnvcImyrE8rq5p
pMd6+ZqL5TCNZ3wYuYBG8JfVcekNnEi7pJO0DsH+LWJNfVOJmGkjw4r9j
3fueza1YEfrTmYOofiOBev7dNiSGLM9aE9lfNPFVGcgjERQkifH+2FwqBJW
vS5j+sIXbj4yiTssWnlrq7Dy+Kvc0qRYPqYK/YADBXReTuTMO
POIComponent
Type SecurityParameters
Identification
Identification SECURITY_PROFILE_4
Status
VersionNumber any value here
Status OutOfOrder
POIComponent
Type SecurityParameters
Identification
Identification CERTIFICATE
RelativeDistinguishedName
AttributeType CountryName
AttributeValue BE
RelativeDistinguishedName
AttributeType OrganisationName
AttributeValue Nexo
RelativeDistinguishedName
AttributeType CommonName
AttributeValue Nimbus2001-SN00000851
SerialNumber 7D74D1596EDF4F1388FE61AFF562BBD6A63FAFCA 6
DigestAlgorithm
Algorithm SHA256
SignatureAlgorithm
Algorithm SHA256WithRSA
Signature 2F09C5AEFBBA0FFAC389E990361CCFF105806B8301153F097CA67D7139
16DF7D55ACD76C814483201D98FE58620E030C62EEA670339E0EF3EE7A
1BF45A3604C831B19AE9C11A380A72204ADE421C5895550D3A47B9BDD6
307998405ED29FED482F16973AACD308B2A1525AE52315EFA0DCE515C4
116BE13A1F315A4F79380E140B6A4E7CEDA1057414FF33266C40191FB46
B78D2A08065D24C5D82CA09A4B7FD655247C29B221F5900CD8F877AA2D
B614AA286717A84954B0C05E21F01DF12E088318132E016D7412AA65EA4
C0F6D586CFBEA296653BD6FB8045EA2DE4C3A0FDF5D9B4410E74081B1
99312284BD04D61975200A20271E04DA018811D51D9215E
6007
6 Due to the Max35Text type of the SerialNumber, the value is hexa encoded and all colons are removed.
6077 <Algo>HS25</Algo>
6078 </DgstAlgo>
6079 <NcpsltdCntt>
6080 <CnttTp>DATA</CnttTp>
6081
6082 <Cntt>rRB+HpEjqdDWYPqnlVnFH6INZOVoO5/RtUsVl7YdCnXm+hQd+VpW26+aPEB7od8V6z1
6083 oijCcGA4d5rhaEnSgpm0/gVKtasISkDfJ7e/aTfjZHo/vVbc5S3rVt9C2wSIHyfmNEe002/bG
6084 ugssi7wnvmoA4KC5xJcIs7+KMXCRiDaBKGEwvImF2xYC5xRBXZMwJ4Jzx94x79xzEPcSH9Wgd
6085 BWYfZrcCkhtzfk6zEQyg4cxXXXhmMZBpIDNhqG55YfovmDmnMkosrnFIXLkEwQumyPxCw4W55
6086 djybU9z0uoCinj+3PBa451uX7zY+L/ox9xz53lOE5xuBwKxN/+DBDmTw==</Cntt>
6087 </NcpsltdCntt>
6088
6089 <Dgst>v+VFhiyhAq0e7dtfv6W/hVrEmVxWqLQIzj/gmdzpOp0=</Dgst>
6090 </DgstdData>
6091 </KeyVal>
6092 </SctyElmt>
6093 <SctyElmt>
6094 <Id>dhHybrid1 g</Id>
6095 <Vrsn>1.0.0</Vrsn>
6096 <KeyVal>
6097 <CnttTp>DGST</CnttTp>
6098 <DgstdData>
6099 <DgstAlgo>
6100 <Algo>HS25</Algo>
6101 </DgstAlgo>
6102 <NcpsltdCntt>
6103 <CnttTp>DATA</CnttTp>
6104
6105 <Cntt>rEAy708tmuOd8wtcj/2sUGzevnuJmYyvdIZqCM/k/+OmgkpOELmm8N2SHwGnDEr6q3O
6106 ddwDCn1LFfbF8YgqGUr5ekAGo1mrXwXZpEBmZAkr00CcnWsE0i7inYtBSG8mK4kcVBCLqHtQJ
6107 k51U2nRgzbX2xrJQcXy+8YDrNBGOmNEZUppF1vg0Vm4wJeMWozDvu3eobwwasVsFGuPUKMj4r
6108 LcKgTcVC47rEOGD7dGZY93Z4mPkdwWJ72qiHn9fL/OBtTnM40CdE81Wavu0jWwBkYHhvP6Usw
6109 Jp7f5y/ptqpL17Wg8ccc//TBnEGOH27AF5gbwIfypwZbOEuJDTGR8r+g==</Cntt>
6110 </NcpsltdCntt>
6111
6112 <Dgst>ME+p6TByd/rHaohqmBcJJDc6UKKQ2Db4KznklJ9w1sI=</Dgst>
6113 </DgstdData>
6114 </KeyVal>
6115 </SctyElmt>
6116 <SctyElmt>
6117 <Id>dhHybrid1 tU</Id>
6118 <Vrsn>1.0.0</Vrsn>
6119 <KeyVal>
6120 <CnttTp>DGST</CnttTp>
6121 <DgstdData>
6122 <DgstAlgo>
6123 <Algo>HS25</Algo>
6124 </DgstAlgo>
6125 <NcpsltdCntt>
6126 <CnttTp>DATA</CnttTp>
6127
6128 <Cntt>PbLxFLWb9tmUWPP2vmBysBBu0DElv/dB/4vcltDFQa+rHferaU93y5YtCrdDWxo6jpO
6129 ul/GCYG086dyjpvAOvWxH2B1q1YAISUkMr8NKnI3W1+2oA6lmFCVjfZmEB1cRL7wB33bYP5nj
6130 6X75kJBZahKHuy4LAJEf4n/70ofF0CRa6GMc2cihDuI2v4r14M5O0n3njRIgahWu8aqmlRJHs
6131 VJfPpRHQ8XNSxPSRKFkTAmiaX7QhxRBbn/xvSTTFRp7eXw2jKfRTZ0Zdcs6BlyunYmibjm9aY
6132 CJUXhmdLqXEeDe0pnKBrm5DqAraovAuq6ftqpaiTQ2uc0UzNb/Nl5vaA==</Cntt>
6133 </NcpsltdCntt>
6134
6135 <Dgst>DpPfbT2v1QNQfMjDX5kIJemjyFxSUW0/iphRdN5veYM=</Dgst>
6136 </DgstdData>
6137 </KeyVal>
6138 </SctyElmt>
6139 <SctyElmt>
6140
6141 <Id>7D:74:D1:59:6E:DF:4F:13:88:FE:61:AF:F5:62:BB:D6:A6:3F:AF:CA</Id>
6142 <AddtlId>Q1RfS1JEX1NpZw==</AddtlId>
6143 <Vrsn>20181206144104+0000</Vrsn>
6144 <KeyVal>
6145 <CnttTp>SIGN</CnttTp>
6146 <SgndData>
6147
6148 <Cert>MIIESTCCAjGgAwIBAgIBAzANBgkqhkiG9w0BAQsFADA1MSQwIgYDVQQDDBtOZXhvIFR
6149 lc3QgUEtJIFNlcnZlciBTdWIgQ0ExDTALBgNVBAoMBE5leG8wHhcNMTgxMjA2MTQ0MTA0WhcN
6150 MTkxMjA2MTQ0MTA0WjA8MR4wHAYDVQQDDBVOaW1idXMyMDAxLVNOMDAwMDA4NTExDTALBgNVB
6151 AoMBE5leG8xCzAJBgNVBAYTAkJFMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqX
6152 cAqnabwBOETIs+dHhXRIsOH0j6j6TkyBlRu6QxyqpDgMk6i5wPShgg7R66Io762I5jXZu6UKw
6153 C42U/1gnmnx8ts0rQ8MOzjfCOi7h+ToLsMKqAQP3x4SvT+XaXeX61aDBhLB4WTomeOAGTuf3f
6154 K182OVUbJ3DVpzHSFhWtYWU2WYewP2/7VLRG2d5sPLwM3wqIZ3aQydcNOdpznCfCNHiEdC2Bh
6155 TGHaoQjgp5KfGdS//godVIff2H4z2Fz6k1+Xd8TEr6Hc0u2PDgK3UBTYpVvar1iR39wY5zgxf
6156 Y69QlKPp0ZLMhW0kScTcO6of64qSJqxjpFD1midLVN/6jQ+QIDAQABo10wWzAMBgNVHRMBAf8
6157 EAjAAMB0GA1UdDgQWBBR9dNFZbt9PE4j+Ya/1YrvWpj+vyjAfBgNVHSMEGDAWgBTUALFfC1fj
6158 td1ubCsAQe7gWNPATjALBgNVHQ8EBAMCBsAwDQYJKoZIhvcNAQELBQADggIBADpqXwzELOUPd
6159 hPJkFRY+K/DjBOHbIAbha5Umh+KjVf+vAY1+HY3ovqoC2cNxHq8gt6q/KSvfy143WgYCS2d46
6160 uZ+iKJxsYKHB+4wvZ5sF14MH+bZU8T5SXMaTps0P8uJi+x2L4S9/kBGzw1DGt9C+Vb3DCX5Vt
6161 sdvpt6K6Z96NvGQ8Z1tikK/m8iDva3L7N04gaKjMtoXXD3hsf42KE9asWa2SvbYZv/3d+a+8b
6162 fLVhvUHH9NASHIEJwcBhAKMKVL+3ZJadNLDhlA1WehYj0Zau42oKB43/yV1GUo5/Z84dE66sA
6163 2/8kuvgq7TyN3VYbRvAQI3P8RIKPRZyGM8loqwU0Ab6bKPrFNYUdz087bu2DCT4OjQFkwFB9Q
6164 8fz4s7l/uovxIPzVdjgYmK29kcfH63/5c8GtIKJxXbxsLueSfrRZPNTXY5IoW6XrpSt2H1GOn
6165 Z0y3yUZhKYcbDilhl29tn7yVqd/JvxcyRalTZT0aAjQ2XYLA2EdKEIrnvcImyrE8rq5ppMd6+
6166 ZqL5TCNZ3wYuYBG8JfVcekNnEi7pJO0DsH+LWJNfVOJmGkjw4r9j3fueza1YEfrTmYOofiOBe
6167 v7dNiSGLM9aE9lfNPFVGcgjERQkifH+2FwqBJWvS5j+sIXbj4yiTssWnlrq7Dy+Kvc0qRYPqY
6168 K/YADBXReTuTMO</Cert>
6169 </SgndData>
6170 </KeyVal>
6171 </SctyElmt>
6172 </Chrtcs>
6173 </POICmpnt>
6174 <POICmpnt>
6175 <Tp>SCPR</Tp>
6176 <Id>
6177 <Id>SECURITY_PROFILE_4</Id>
6178 </Id>
6179 <Sts>
6180 <VrsnNb>any value here</VrsnNb>
6181 <Sts>OUTD</Sts>
6182 </Sts>
6183 </POICmpnt>
6184 <POICmpnt>
6185 <Tp>SCPR</Tp>
6186 <Id>
6187 <Id>CERTIFICATE</Id>
6188 </Id>
6189 <Sts>
6190 <VrsnNb>any value here</VrsnNb>
6191 <Sts>OPER</Sts>
6192 </Sts>
6193 <Chrtcs>
6194 <SctyElmt>
6195
6196 <Id>D4:00:B1:5F:0B:57:E3:B5:DD:6E:6C:2B:00:41:EE:E0:58:D3:C0:4E</Id>
6197 <AddtlId>Q1RfQ0FfU2ln</AddtlId>
6198 <Vrsn>20181205135821+0000</Vrsn>
6199 <KeyVal>
6200 <CnttTp>SIGN</CnttTp>
6201 <SgndData>
6202
6203 <Cert>MIIFSTCCAzGgAwIBAgIBADANBgkqhkiG9w0BAQsFADA2MSUwIwYDVQQDDBxOZXhvIFR
6204 lc3QgUEtJIFNlcnZlciBSb290IENBMQ0wCwYDVQQKDAROZXhvMB4XDTE4MTIwNTEzNTgyMVoX
6205 DTIzMTIwNTEzNTgyMVowNTEkMCIGA1UEAwwbTmV4byBUZXN0IFBLSSBTZXJ2ZXIgU3ViIENBM
6206 Q0wCwYDVQQKDAROZXhvMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAqiMmdL9xK/
6207 5jAsvE+Ma0jiB1cGe9jcVfxUxWcIBA4PFU/KA5dnVFJdZHffmsWXY6VnmWb0aNXH3DfuPBkQz
6208 MQOQnx4gvHdbgEFbWXCSTjpUtBfyZ8LcgVsOPyX9N7aesjZr5rfV/a1kDn/4N9Q2ZIxVR34ny
6209 pbUKF/UJbjFA/VZBcx1r671d+RAUhEXhiZMmCE8mIIuvvntpDQnXU4qwmsy5xy1+szZYFsFqa
6210 85TytbRsz3qS5W3hxqIrQoJR2r0PPxuFK62hgCxsdmD2Ej6lGinpMa8BW5QWf9nIxy/cHzQ5Y
6211 pfBgb+6B3aTKDHDNZUf6Ke6CsAsI09WAMzugQFiluL4fjNAPc8R9DY2vhEf8MFjmfQXAHE1Y/
6212 7PQ4NkdaAQoLZ6OmZ55XlIj7wbFrlhcIvEix7FTIjq/qSh6qbrDzD8QJ01Gs/4LNOn66ePGCs
6213 hO9eCj3Fx7VHEudrdHd08yTBCDGzmaPosu1BMILgApAVtlIzbwKYzYFWtmpA+BuXJ3MyZ5baN
6214 1iHSBQHZnSkIuo8oOzX8Dn1UBv2p1mdrhv3hOmDY6HZOE69aBgEjdekTOdHbSxzBZ8UrHxOv1
6215 Myo5rFcgidPRjF5EZcYtPXOwSBCxZM2HShTgMilX+4Wf3+84vMeC9XzxFv/NxGth2IlnhuZkW
6216 pNdP7rf0KLQgh0xcCAwEAAaNjMGEwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYw
6217 HQYDVR0OBBYEFNQAsV8LV+O13W5sKwBB7uBY08BOMB8GA1UdIwQYMBaAFElc1gNh8uX0Yj+jG
6218 TFc8mzWkrpBMA0GCSqGSIb3DQEBCwUAA4ICAQBJbouNZ5t4dwfOQdAc4UQKtK0Hf6CRb+3+bS
6219 TNCJuF7PJ18FeoFIqoMMmATZ9FAnw+aEcl2AViF4IGjAyxllBRCtQ0GSr7GwTLSJo6Y7pb3qw
6220 fA56LH2pk/Puy1QAfHtn2AErm/pQS9fTe/r1paz9K/VezXtk+Fl4DbA9gjyu4zx088YhgCeH8
6221 vUvYWxtoGHdsI2hVKHLrt/bMcpgVvJYKzwjWs27PwjQGVbclU/jbglQoiFOEWSoK93ggSwNte
6222 Q3ua8BI9AFzNtxkM30DLD+6brr59t2nsGgJvtsEqHiRyfBt1zYmOxasgB/iCG75B2MSqx5Q0h
6223 ItyDdjU4J3ugAYoU7Sy2ot9EEHBksLhl8zLHLJTB5mKJPsezzRQ2Nxa5gzNpYVvz922X0/yqk
6224 nUmdDbQw1MS01nRvBlH5rUuY4VGghH3zxZnQlQt7flRzSpCSpYKbkhAlukB3nI5D7L9Jq9Oin
6225 n9Tbh2S/LIivKzhIPbdpZl6OtoMMACerxF6WCj6J8PN+RKzbJ0eXb88bPfEo46oaErg3mDgs9
6226 Pb6qUtnDPSUfSSQ/gU45lGf6brQfNDo3QWTSqgzwy5GJbJtCH9kTbKNVoPswaHeMtpmaE9vsw
6227 J8NRnYe935Bu0SNwFoSWoL4HoJaG+vJduptiEgw5IloY5W9MZYe0kjKHYjC17isg==</Cert>
6228 </SgndData>
6229 </KeyVal>
6230 </SctyElmt>
6231 </Chrtcs>
6232 </POICmpnt>
6233 <AttndncCntxt>ATTD</AttndncCntxt>
6234 <POIDtTm>2019-05-06T15:32:48.003800+01:00</POIDtTm>
6235 <DataSetReqrd>
6236 <Id>
6237 <Nm>TM DH key element</Nm>
6238 <Tp>SCPR</Tp>
6239 <Vrsn>2018</Vrsn>
6240 <CreDtTm>2019-05-
6241 06T15:32:48.106800+01:00</CreDtTm>
6242 </Id>
6243 </DataSetReqrd>
6244 </Cntt>
6245 </DataSet>
6246 </StsRpt>
6247 <SctyTrlr>
6248 <CnttTp>SIGN</CnttTp>
6249 <SgndData>
6250 <DgstAlgo>
6251 <Algo>HS25</Algo>
6252 </DgstAlgo>
6253 <NcpsltdCntt>
6254 <CnttTp>DATA</CnttTp>
6255
6256 <Cntt>rkb2rhgx+my7xoo6gEAznzdUUBIErani5J892kU2+Lc=</Cntt>
6257 </NcpsltdCntt>
6258 <Sgnr>
6259 <SgnrId>
6260 <IssrAndSrlNb>
6261 <Issr>
6262 <RltvDstngshdNm>
6263 <AttrTp>CATT</AttrTp>
6264 <AttrVal>BE</AttrVal>
6265 </RltvDstngshdNm>
6266 <RltvDstngshdNm>
6267 <AttrTp>OATT</AttrTp>
6268 <AttrVal>Nexo</AttrVal>
6269 </RltvDstngshdNm>
6270 <RltvDstngshdNm>
6271 <AttrTp>CNAT</AttrTp>
6272 <AttrVal>Nimbus2001-
6273 SN00000851</AttrVal>
6274 </RltvDstngshdNm>
6275 </Issr>
6276 <SrlNb>fXTRWW7fTxOI/mGv9WK71qY/r8o=</SrlNb>
6277 </IssrAndSrlNb>
6278 </SgnrId>
6279 <DgstAlgo>
6280 <Algo>HS25</Algo>
6281 </DgstAlgo>
6282 <SgntrAlgo>
6283 <Algo>ERS2</Algo>
6284 </SgntrAlgo>
6285
6286 <Sgntr>LwnFrvu6D/rDiemQNhzP8QWAa4MBFT8JfKZ9cTkW331VrNdsgUSDIB2Y/lhiDgMMYu
6287 6mcDOeDvPuehv0WjYEyDGxmunBGjgKciBK3kIcWJVVDTpHub3WMHmYQF7Sn+1ILxaXOqzTCLK
6288 hUlrlIxXvoNzlFcQRa+E6HzFaT3k4DhQLak587aEFdBT/MyZsQBkftGt40qCAZdJMXYLKCaS3
6289 /WVSR8KbIh9ZAM2Ph3qi22FKooZxeoSVSwwF4h8B3xLgiDGBMuAW10Eqpl6kwPbVhs++opZlO
6290 9b7gEXqLeTDoP312bRBDnQIGxmTEihL0E1hl1IAogJx4E2gGIEdUdkhXg==</Sgntr>
6291 </Sgnr>
6292 </SgndData>
6293 </SctyTrlr>
6294 </StsRpt>
6295 </Document>
6296
6297 Once unnecessary spaces and carriage returns are removed, the message body StsRpt (without spaces
6298 or line breaks) is dumped below:
6299
6300 0000 3C 53 74 73 52 70 74 3E 3C 50 4F 49 49 64 3E 3C |<StsRpt><POIId><|
6301 0010 49 64 3E 36 36 30 30 30 30 30 31 3C 2F 49 64 3E |Id>66000001</Id>|
6302 0020 3C 54 70 3E 4F 50 4F 49 3C 2F 54 70 3E 3C 49 73 |<Tp>OPOI</Tp><Is|
6303 0030 73 72 3E 4D 54 4D 47 3C 2F 49 73 73 72 3E 3C 2F |sr>MTMG</Issr></|
6304 0040 50 4F 49 49 64 3E 3C 49 6E 69 74 67 54 72 67 67 |POIId><InitgTrgg|
6305 0050 72 3E 3C 54 72 67 67 72 53 72 63 3E 4D 54 4D 47 |r><TrggrSrc>MTMG|
6306 0060 3C 2F 54 72 67 67 72 53 72 63 3E 3C 53 72 63 49 |</TrggrSrc><SrcI|
6307 0070 64 3E 4D 61 73 74 65 72 20 54 4D 53 3C 2F 53 72 |d>Master TMS</Sr|
6308 0080 63 49 64 3E 3C 54 72 67 67 72 54 70 3E 49 4D 4D |cId><TrggrTp>IMM|
6309 0090 44 3C 2F 54 72 67 67 72 54 70 3E 3C 41 64 64 74 |D</TrggrTp><Addt|
6310 00A0 6C 49 6E 66 3E 44 48 20 50 72 6F 63 65 73 73 3C |lInf>DH Process<|
6311 00B0 2F 41 64 64 74 6C 49 6E 66 3E 3C 2F 49 6E 69 74 |/AddtlInf></Init|
6312 00C0 67 54 72 67 67 72 3E 3C 54 65 72 6D 6E 6C 4D 67 |gTrggr><TermnlMg|
6313 00D0 72 49 64 3E 3C 49 64 3E 6E 65 78 6F 2D 4B 65 79 |rId><Id>nexo-Key|
6314 00E0 49 6E 6A 65 63 74 69 6F 6E 53 65 72 76 65 72 2D |InjectionServer-|
6315 00F0 54 4D 31 3C 2F 49 64 3E 3C 54 70 3E 54 4D 47 54 |TM1</Id><Tp>TMGT|
6316 0100 3C 2F 54 70 3E 3C 2F 54 65 72 6D 6E 6C 4D 67 72 |</Tp></TermnlMgr|
6317 0110 49 64 3E 3C 44 61 74 61 53 65 74 3E 3C 49 64 3E |Id><DataSet><Id>|
6318 0120 3C 54 70 3E 53 54 52 50 3C 2F 54 70 3E 3C 43 72 |<Tp>STRP</Tp><Cr|
6319 0130 65 44 74 54 6D 3E 32 30 31 39 2D 30 35 2D 30 36 |eDtTm>2019-05-06|
6320 0140 54 31 35 3A 33 32 3A 34 38 2E 30 30 33 38 30 30 |T15:32:48.003800|
6321 0150 2B 30 31 3A 30 30 3C 2F 43 72 65 44 74 54 6D 3E |+01:00</CreDtTm>|
6322 0160 3C 2F 49 64 3E 3C 43 6E 74 74 3E 3C 50 4F 49 43 |</Id><Cntt><POIC|
6323 0170 6D 70 6E 74 3E 3C 54 70 3E 54 45 52 4D 3C 2F 54 |mpnt><Tp>TERM</T|
6324 0180 70 3E 3C 49 64 3E 3C 49 74 6D 4E 62 3E 31 3C 2F |p><Id><ItmNb>1</|
6325 0190 49 74 6D 4E 62 3E 3C 50 72 76 64 72 49 64 3E 4E |ItmNb><PrvdrId>N|
6326 01A0 65 78 6F 3C 2F 50 72 76 64 72 49 64 3E 3C 49 64 |exo</PrvdrId><Id|
6327 01B0 3E 4E 69 6D 62 75 73 32 30 30 31 3C 2F 49 64 3E |>Nimbus2001</Id>|
6328 01C0 3C 53 72 6C 4E 62 3E 30 30 30 30 30 38 35 31 3C |<SrlNb>00000851<|
6329 01D0 2F 53 72 6C 4E 62 3E 3C 2F 49 64 3E 3C 2F 50 4F |/SrlNb></Id></PO|
6330 01E0 49 43 6D 70 6E 74 3E 3C 50 4F 49 43 6D 70 6E 74 |ICmpnt><POICmpnt|
6331 01F0 3E 3C 54 70 3E 53 43 50 52 3C 2F 54 70 3E 3C 49 |><Tp>SCPR</Tp><I|
6332 0200 64 3E 3C 50 72 76 64 72 49 64 3E 64 68 48 79 62 |d><PrvdrId>dhHyb|
6333 0210 72 69 64 31 3C 2F 50 72 76 64 72 49 64 3E 3C 49 |rid1</PrvdrId><I|
6334 0220 64 3E 50 4F 49 20 44 48 20 6B 65 79 20 65 6C 65 |d>POI DH key ele|
6335 0230 6D 65 6E 74 3C 2F 49 64 3E 3C 2F 49 64 3E 3C 53 |ment</Id></Id><S|
6336 0240 74 73 3E 3C 56 72 73 6E 4E 62 3E 32 30 31 38 3C |ts><VrsnNb>2018<|
6337 0250 2F 56 72 73 6E 4E 62 3E 3C 2F 53 74 73 3E 3C 43 |/VrsnNb></Sts><C|
6338 0260 68 72 74 63 73 3E 3C 53 63 74 79 45 6C 6D 74 3E |hrtcs><SctyElmt>|
6339 0270 3C 49 64 3E 64 68 48 79 62 72 69 64 31 20 50 3C |<Id>dhHybrid1 P<|
6340 0280 2F 49 64 3E 3C 56 72 73 6E 3E 31 2E 30 2E 30 3C |/Id><Vrsn>1.0.0<|
6341 0290 2F 56 72 73 6E 3E 3C 4B 65 79 56 61 6C 3E 3C 43 |/Vrsn><KeyVal><C|
6342 02A0 6E 74 74 54 70 3E 44 47 53 54 3C 2F 43 6E 74 74 |nttTp>DGST</Cntt|
6343 02B0 54 70 3E 3C 44 67 73 74 64 44 61 74 61 3E 3C 44 |Tp><DgstdData><D|
6344 02C0 67 73 74 41 6C 67 6F 3E 3C 41 6C 67 6F 3E 48 53 |gstAlgo><Algo>HS|
6345 02D0 32 35 3C 2F 41 6C 67 6F 3E 3C 2F 44 67 73 74 41 |25</Algo></DgstA|
6346 02E0 6C 67 6F 3E 3C 4E 63 70 73 6C 74 64 43 6E 74 74 |lgo><NcpsltdCntt|
6347 02F0 3E 3C 43 6E 74 74 54 70 3E 44 41 54 41 3C 2F 43 |><CnttTp>DATA</C|
6348 0300 6E 74 74 54 70 3E 3C 43 6E 74 74 3E 72 52 42 2B |nttTp><Cntt>rRB+|
6349 0310 48 70 45 6A 71 64 44 57 59 50 71 6E 6C 56 6E 46 |HpEjqdDWYPqnlVnF|
6723
6724 The SHA-256 digest of the message body StsRpt is:
6725
6726 0000 AE 46 F6 AE 18 31 FA 6C BB C6 8A 3A 80 40 33 9F |.F...1.l...:.@3.|
6727 0010 37 54 50 12 04 AD A9 E2 E4 9F 3D DA 45 36 F8 B7 |7TP.......=.E6..|
6728
6729 Applying the padding process, the block result is dumped below:
6730
6731 0000 00 01 FF FF FF FF FF FF FF FF FF FF FF FF FF FF |................|
6732 0010 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF |................|
6733 0020 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF |................|
6734 0030 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF |................|
6735 0040 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF |................|
6736 0050 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF |................|
6737 0060 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF |................|
6738 0070 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF |................|
6739 0080 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF |................|
6740 0090 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF |................|
6741 00A0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF |................|
6742 00B0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF |................|
6743 00C0 FF FF FF FF FF FF FF FF FF FF FF FF 00 30 31 30 |.............010|
6744 00D0 0D 06 09 60 86 48 01 65 03 04 02 01 05 00 04 20 |...`.H.e....... |
6745 00E0 AE 46 F6 AE 18 31 FA 6C BB C6 8A 3A 80 40 33 9F |.F...1.l...:.@3.|
6746 00F0 37 54 50 12 04 AD A9 E2 E4 9F 3D DA 45 36 F8 B7 |7TP.......=.E6..|
6747
6748 After encryption by the RSA signing private key, we have the digital signature of the message body:
6749
6750 0000 2F 09 C5 AE FB BA 0F FA C3 89 E9 90 36 1C CF F1 |/...........6...|
6751 0010 05 80 6B 83 01 15 3F 09 7C A6 7D 71 39 16 DF 7D |..k...?.|.}q9..}|
6752 0020 55 AC D7 6C 81 44 83 20 1D 98 FE 58 62 0E 03 0C |U..l.D. ...Xb...|
6753 0030 62 EE A6 70 33 9E 0E F3 EE 7A 1B F4 5A 36 04 C8 |b..p3....z..Z6..|
6754 0040 31 B1 9A E9 C1 1A 38 0A 72 20 4A DE 42 1C 58 95 |1.....8.r J.B.X.|
6755 0050 55 0D 3A 47 B9 BD D6 30 79 98 40 5E D2 9F ED 48 |U.:G...0y.@^...H|
6756 0060 2F 16 97 3A AC D3 08 B2 A1 52 5A E5 23 15 EF A0 |/..:.....RZ.#...|
6757 0070 DC E5 15 C4 11 6B E1 3A 1F 31 5A 4F 79 38 0E 14 |.....k.:.1ZOy8..|
6758 0080 0B 6A 4E 7C ED A1 05 74 14 FF 33 26 6C 40 19 1F |.jN|...t..3&l@..|
6759 0090 B4 6B 78 D2 A0 80 65 D2 4C 5D 82 CA 09 A4 B7 FD |.kx...e.L]......|
6760 00A0 65 52 47 C2 9B 22 1F 59 00 CD 8F 87 7A A2 DB 61 |eRG..".Y....z..a|
6761 00B0 4A A2 86 71 7A 84 95 4B 0C 05 E2 1F 01 DF 12 E0 |J..qz..K........|
6762 00C0 88 31 81 32 E0 16 D7 41 2A A6 5E A4 C0 F6 D5 86 |.1.2...A*.^.....|
6763 00D0 CF BE A2 96 65 3B D6 FB 80 45 EA 2D E4 C3 A0 FD |....e;...E.-....|
6764 00E0 F5 D9 B4 41 0E 74 08 1B 19 93 12 28 4B D0 4D 61 |...A.t.....(K.Ma|
6765 00F0 97 52 00 A2 02 71 E0 4D A0 18 81 1D 51 D9 21 5E |.R...q.M....Q.!^|
6766
6767 The message sent by the transport protocol is:
6768
6769 0000 00 00 20 1A 3C 3F 78 6D 6C 20 76 65 72 73 69 6F |.. .<?xml versio|
6770 0010 6E 3D 22 31 2E 30 22 20 65 6E 63 6F 64 69 6E 67 |n="1.0" encoding|
6771 0020 3D 22 55 54 46 2D 38 22 3F 3E 3C 44 6F 63 75 6D |="UTF-8"?><Docum|
6772 0030 65 6E 74 20 78 6D 6C 6E 73 3A 78 73 69 3D 22 68 |ent xmlns:xsi="h|
7283
7284
DigestAlgorithm
SHA256
Algorithm
EncapsulatedContent
Data
ContentType
7F6CB1D0F8F22C63BA88812141F5D895BB92301DBF843F292A67B862A6
Content 0A568C7719D90C529CE89A78B3A8E1EB18DDCB30BBD6759251F33E46
A98B9784D392B6A3B73F4971F3D9390E27EAC8280060981FC3876F83C3
B99DCD71EB2DB4CC9AC324AD405CA0DC2692C05D9363D4B65F68C2C
9D8D8F674D09DEB19A9332D5A9FE0CB77E949271B8BD74A1AEC9D79D
F7493FB8606739B586A81C8FFED242A94C1A7669CCF4034AB385282610
EF4687E887EEB640CDC48C42BDFF192AB2EC3B4F93D0152307D00A12F
D36FF10FDDB7275FDE75C6814D963FB5E6E320402586FCB749260D7918
08D1258939D0690A9ECE0CD57A5C4C16B58B242CA724CD158AF16C49
4740846DC08E4A96798B556EC2638B8E8D6668DCD4951CBA483AC464EF
Digest 9A2F1C
SecurityElement
Identification 09:5D:11:A3:3F:94:4E:00:34:7A:39:59:66:03:D3:1A:3E:AB:6E:A9
Version 20181206143746+0000
KeyValue
ContentType SignedData
SignedData
Certificate MIIETzCCAjegAwIBAgIBATANBgkqhkiG9w0BAQsFADA1MSQwIgYDVQQ
DDBtOZXhvIFRlc3QgUEtJIFNlcnZlciBTdWIgQ0ExDTALBgNVBAoMBE5le
G8wHhcNMTgxMjA2MTQzNzQ2WhcNMTkxMjA2MTQzNzQ2WjBCMSQwIg
YDVQQDDBtuZXhvLUtleUluamVjdGlvblNlcnZlci1UTTExDTALBgNVBAoM
BE5leG8xCzAJBgNVBAYTAkJFMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8
AMIIBCgKCAQEA54VnUeyAdRF2BCE9xKPN1dWcpPEYi9I26HdBynavlMi
M64oqX+nVjzjK9GSub5we4kgEuq1viII7KP6j2RXv2g781x5Ie2QHDftxrIvzO
+jtaj7oMits4wt0rQ59M/zh+Atwoz7f2b321tiuqc88zHxAhtQgxJNFweuFQnW
EnlFleBGx2hvSVePvG07wTt0becmABTieQuOTjPi3qATcdebvuHI5Y13wek
EiB5KFg2InIEOqZpRt2/MZDsJAa4fXIkGc8ND3C//MAPJOPS/fZaXmokoTve
H/JjdABhrougwYSNknPdymFp2h9klU8Yh5ZLG38HfAkjr0MABDbMBjHQID
AQABo10wWzAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBQJXRGjP5R
OADR6OVlmA9MaPqtuqTAfBgNVHSMEGDAWgBTUALFfC1fjtd1ubCsAQe
7gWNPATjALBgNVHQ8EBAMCBsAwDQYJKoZIhvcNAQELBQADggIBAG
PBX2VxMk9R3me19VBc+XYQy/O7vOr4KZ6KzA4Jr9hB7M6WG5S0IO1XtH
rgzczDwfutYdX1tad945nORRsafajbMchkbQtSDnTjbdyuyCdCcR8nlhAUO
pIcYYufYZOFbuGWrWASXLDKnnmEslrnA0Wfh5IMBnMRVM6CKaCJCnf8
35bCO21JFfj/XDCI2dk5wpmWUqy6RWJIFXu8W8HzRLS+QSr1DOCnDKX
HMJPq8razQRFGfQEZ1ZRpPRzv5uCeAv1SDOX/AvEQGZ9xWQ5nkPDdcD
8eudbNVGZUvY8Iesen91svak2gLmQRHgT5J6fFqBnlqu1mu7ZjryMGJ3qq
LpOFg7RhKMwZ5kG7U7wjmg33c1GqbQwogv5ny+PHyKAYaNXVAo7j6L/
qCU42AtMC64aL+t+pC0Y1jZQvGhJxSg49F14d0rzaWYPFzzpU4k48hWfCL
E6xKAQhni5W3RAjUFnV5HZRmChY9dYqeSm6qZywGhm84QylhVHuMH3
Q94ArryuxBz7/Ui/Af2lD7RctILqI/B5TRsgxyDgs+rnwIEWRLON91aW0c7B9
SiQn13mDdBsa8NV91bD+a6pKF8sV/aEAPl547MoqT4WjsY6YV8249CZPM
TXOE67mQhP+26jtyWv4jfHljMUl6KKIlm063kEkTI58kekYUTQ2rZvGJWd4
SecurityTrailer
ContentType SignedData
SignedData
DigestAlgorithm
Algorithm SHA256
EncapsulatedContent
ContentType Data
Content 76B2A88F3D2070DF2B8C9769A781202C787704FF73A5417F101B8D4610C
B55CC
Signer
SignerIdentification
IssuerAndSerialNumber
Issuer
RelativeDistinguishedName
AttributeType CountryName
AttributeValue BE
RelativeDistinguishedName
AttributeType OrganisationName
AttributeValue Nexo
RelativeDistinguishedName
AttributeType CommonName
AttributeValue nexo-KeyInjectionServer-TM1
SerialNumber 095D11A33F944E00347A39596603D31A3EAB6EA9 7
DigestAlgorithm
Algorithm SHA256
SignatureAlgorithm
Algorithm SHA256WithRSA
Signature 5D7813B6C1F26EF9AE36A045FF72B412E40DA23A24B990211EE83687E89
84053E5D7B6F67D746F8F7A4B6103B2FBA5330FB035E9DBA1F940CB7AE
699558653A531A2CE0B1F8313DB96D105AB6AEE3D2B38D1749F5A0F96F
823CFAA388B3028C15539C5FBDE5EFA6D16E368BF1C1A6A710CBDC5B
D8B4AEDCECB64640D6264F0276A4982A0FBC8EFC1B66777049A26E44E
A0CD02C435E27FD2FBE172E5A4791994610389FD4AD6BB4C30B6809C2F
DC64E4276CEED71495A049CD03370B191635144814EEE869F3886203C3
B5E8822FE1884BCA7B2CCF4F797A64E940D77B24C76514438214C7BDB9
3C3FCACBF15F914CEC4E30792393BE32ABDD90AAD375A6F2F0
7289
7290
7 Due to the Max35Text type of the SerialNumber, the value is hexa encoded and all colons are removed.
7360 <KeyVal>
7361 <CnttTp>SIGN</CnttTp>
7362 <SgndData>
7363
7364 <Cert>MIIETzCCAjegAwIBAgIBATANBgkqhkiG9w0BAQsFADA1MSQwIgYDVQQDDBtOZXhvIFR
7365 lc3QgUEtJIFNlcnZlciBTdWIgQ0ExDTALBgNVBAoMBE5leG8wHhcNMTgxMjA2MTQzNzQ2WhcN
7366 MTkxMjA2MTQzNzQ2WjBCMSQwIgYDVQQDDBtuZXhvLUtleUluamVjdGlvblNlcnZlci1UTTExD
7367 TALBgNVBAoMBE5leG8xCzAJBgNVBAYTAkJFMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCg
7368 KCAQEA54VnUeyAdRF2BCE9xKPN1dWcpPEYi9I26HdBynavlMiM64oqX+nVjzjK9GSub5we4kg
7369 Euq1viII7KP6j2RXv2g781x5Ie2QHDftxrIvzO+jtaj7oMits4wt0rQ59M/zh+Atwoz7f2b32
7370 1tiuqc88zHxAhtQgxJNFweuFQnWEnlFleBGx2hvSVePvG07wTt0becmABTieQuOTjPi3qATcd
7371 ebvuHI5Y13wekEiB5KFg2InIEOqZpRt2/MZDsJAa4fXIkGc8ND3C//MAPJOPS/fZaXmokoTve
7372 H/JjdABhrougwYSNknPdymFp2h9klU8Yh5ZLG38HfAkjr0MABDbMBjHQIDAQABo10wWzAMBgN
7373 VHRMBAf8EAjAAMB0GA1UdDgQWBBQJXRGjP5ROADR6OVlmA9MaPqtuqTAfBgNVHSMEGDAWgBTU
7374 ALFfC1fjtd1ubCsAQe7gWNPATjALBgNVHQ8EBAMCBsAwDQYJKoZIhvcNAQELBQADggIBAGPBX
7375 2VxMk9R3me19VBc+XYQy/O7vOr4KZ6KzA4Jr9hB7M6WG5S0IO1XtHrgzczDwfutYdX1tad945
7376 nORRsafajbMchkbQtSDnTjbdyuyCdCcR8nlhAUOpIcYYufYZOFbuGWrWASXLDKnnmEslrnA0W
7377 fh5IMBnMRVM6CKaCJCnf835bCO21JFfj/XDCI2dk5wpmWUqy6RWJIFXu8W8HzRLS+QSr1DOCn
7378 DKXHMJPq8razQRFGfQEZ1ZRpPRzv5uCeAv1SDOX/AvEQGZ9xWQ5nkPDdcD8eudbNVGZUvY8Ie
7379 sen91svak2gLmQRHgT5J6fFqBnlqu1mu7ZjryMGJ3qqLpOFg7RhKMwZ5kG7U7wjmg33c1GqbQ
7380 wogv5ny+PHyKAYaNXVAo7j6L/qCU42AtMC64aL+t+pC0Y1jZQvGhJxSg49F14d0rzaWYPFzzp
7381 U4k48hWfCLE6xKAQhni5W3RAjUFnV5HZRmChY9dYqeSm6qZywGhm84QylhVHuMH3Q94Arryux
7382 Bz7/Ui/Af2lD7RctILqI/B5TRsgxyDgs+rnwIEWRLON91aW0c7B9SiQn13mDdBsa8NV91bD+a
7383 6pKF8sV/aEAPl547MoqT4WjsY6YV8249CZPMTXOE67mQhP+26jtyWv4jfHljMUl6KKIlm063k
7384 EkTI58kekYUTQ2rZvGJWd4</Cert>
7385 </SgndData>
7386 </KeyVal>
7387 </SctyElmt>
7388 </SctyParams>
7389 </Cntt>
7390 </DataSet>
7391 </AccptrCfgtn>
7392 <SctyTrlr>
7393 <CnttTp>SIGN</CnttTp>
7394 <SgndData>
7395 <DgstAlgo>
7396 <Algo>HS25</Algo>
7397 </DgstAlgo>
7398 <NcpsltdCntt>
7399 <CnttTp>DATA</CnttTp>
7400
7401 <Cntt>drKojz0gcN8rjJdpp4EgLHh3BP9zpUF/EBuNRhDLVcw=</Cntt>
7402 </NcpsltdCntt>
7403 <Sgnr>
7404 <SgnrId>
7405 <IssrAndSrlNb>
7406 <Issr>
7407 <RltvDstngshdNm>
7408 <AttrTp>CATT</AttrTp>
7409 <AttrVal>BE</AttrVal>
7410 </RltvDstngshdNm>
7411 <RltvDstngshdNm>
7412 <AttrTp>OATT</AttrTp>
7413 <AttrVal>Nexo</AttrVal>
7414 </RltvDstngshdNm>
7415 <RltvDstngshdNm>
7416 <AttrTp>CNAT</AttrTp>
7417 <AttrVal>nexo-KeyInjectionServer-
7418 TM1</AttrVal>
7419 </RltvDstngshdNm>
7420 </Issr>
7421 <SrlNb>CV0Roz+UTgA0ejlZZgPTGj6rbqk=</SrlNb>
7422 </IssrAndSrlNb>
7423 </SgnrId>
7424 <DgstAlgo>
7425 <Algo>HS25</Algo>
7426 </DgstAlgo>
7427 <SgntrAlgo>
7428 <Algo>ERS2</Algo>
7429 </SgntrAlgo>
7430
7431 <Sgntr>XXgTtsHybvmuNqBF/3K0EuQNojokuZAhHug2h+iYQFPl17b2fXRvj3pLYQOy+6UzD7
7432 A16duh+UDLeuaZVYZTpTGizgsfgxPbltEFq2ruPSs40XSfWg+W+CPPqjiLMCjBVTnF+95e+m0
7433 W42i/HBpqcQy9xb2LSu3Oy2RkDWJk8CdqSYKg+8jvwbZndwSaJuROoM0CxDXif9L74XLlpHkZ
7434 lGEDif1K1rtMMLaAnC/cZOQnbO7XFJWgSc0DNwsZFjUUSBTu6GnziGIDw7Xogi/hiEvKeyzPT
7435 3l6ZOlA13skx2UUQ4IUx725PD/Ky/FfkUzsTjB5I5O+MqvdkKrTdaby8A==</Sgntr>
7436 </Sgnr>
7437 </SgndData>
7438 </SctyTrlr>
7439 </AccptrCfgtnUpd>
7440 </Document>
7441
7442 Once unnecessary spaces and carriage returns are removed, the message body AccptrCfgtn (without
7443 spaces or line breaks) is dumped below:
7444
7445 0000 3C 41 63 63 70 74 72 43 66 67 74 6E 3E 3C 54 65 |<AccptrCfgtn><Te|
7446 0010 72 6D 6E 6C 4D 67 72 49 64 3E 3C 49 64 3E 6E 65 |rmnlMgrId><Id>ne|
7447 0020 78 6F 2D 4B 65 79 49 6E 6A 65 63 74 69 6F 6E 53 |xo-KeyInjectionS|
7448 0030 65 72 76 65 72 2D 54 4D 31 3C 2F 49 64 3E 3C 54 |erver-TM1</Id><T|
7449 0040 70 3E 54 4D 47 54 3C 2F 54 70 3E 3C 2F 54 65 72 |p>TMGT</Tp></Ter|
7450 0050 6D 6E 6C 4D 67 72 49 64 3E 3C 44 61 74 61 53 65 |mnlMgrId><DataSe|
7451 0060 74 3E 3C 49 64 3E 3C 4E 6D 3E 54 4D 20 44 48 20 |t><Id><Nm>TM DH |
7452 0070 6B 65 79 20 65 6C 65 6D 65 6E 74 3C 2F 4E 6D 3E |key element</Nm>|
7453 0080 3C 54 70 3E 53 43 50 52 3C 2F 54 70 3E 3C 56 72 |<Tp>SCPR</Tp><Vr|
7454 0090 73 6E 3E 32 30 31 38 3C 2F 56 72 73 6E 3E 3C 43 |sn>2018</Vrsn><C|
7455 00A0 72 65 44 74 54 6D 3E 32 30 31 39 2D 30 35 2D 30 |reDtTm>2019-05-0|
7456 00B0 36 54 31 35 3A 33 32 3A 34 38 2E 33 38 30 38 30 |6T15:32:48.38080|
7457 00C0 30 2B 30 31 3A 30 30 3C 2F 43 72 65 44 74 54 6D |0+01:00</CreDtTm|
7458 00D0 3E 3C 2F 49 64 3E 3C 50 4F 49 49 64 3E 3C 49 64 |></Id><POIId><Id|
7459 00E0 3E 36 36 30 30 30 30 30 31 3C 2F 49 64 3E 3C 54 |>66000001</Id><T|
7460 00F0 70 3E 4F 50 4F 49 3C 2F 54 70 3E 3C 49 73 73 72 |p>OPOI</Tp><Issr|
7461 0100 3E 4D 54 4D 47 3C 2F 49 73 73 72 3E 3C 2F 50 4F |>MTMG</Issr></PO|
7462 0110 49 49 64 3E 3C 43 6E 74 74 3E 3C 53 63 74 79 50 |IId><Cntt><SctyP|
7463 0120 61 72 61 6D 73 3E 3C 41 63 74 6E 54 70 3E 43 52 |arams><ActnTp>CR|
7464 0130 45 41 3C 2F 41 63 74 6E 54 70 3E 3C 56 72 73 6E |EA</ActnTp><Vrsn|
7465 0140 3E 31 2E 30 2E 30 3C 2F 56 72 73 6E 3E 3C 53 63 |>1.0.0</Vrsn><Sc|
7466 0150 74 79 45 6C 6D 74 3E 3C 49 64 3E 64 68 48 79 62 |tyElmt><Id>dhHyb|
7467 0160 72 69 64 31 20 74 56 3C 2F 49 64 3E 3C 56 72 73 |rid1 tV</Id><Vrs|
7468 0170 6E 3E 31 2E 30 2E 30 3C 2F 56 72 73 6E 3E 3C 4B |n>1.0.0</Vrsn><K|
7469 0180 65 79 56 61 6C 3E 3C 43 6E 74 74 54 70 3E 44 47 |eyVal><CnttTp>DG|
7470 0190 53 54 3C 2F 43 6E 74 74 54 70 3E 3C 44 67 73 74 |ST</CnttTp><Dgst|
7471 01A0 64 44 61 74 61 3E 3C 44 67 73 74 41 6C 67 6F 3E |dData><DgstAlgo>|
7472 01B0 3C 41 6C 67 6F 3E 48 53 32 35 3C 2F 41 6C 67 6F |<Algo>HS25</Algo|
7473 01C0 3E 3C 2F 44 67 73 74 41 6C 67 6F 3E 3C 4E 63 70 |></DgstAlgo><Ncp|
7474 01D0 73 6C 74 64 43 6E 74 74 3E 3C 43 6E 74 74 54 70 |sltdCntt><CnttTp|
7475 01E0 3E 44 41 54 41 3C 2F 43 6E 74 74 54 70 3E 3C 43 |>DATA</CnttTp><C|
7476 01F0 6E 74 74 3E 66 32 79 78 30 50 6A 79 4C 47 4F 36 |ntt>f2yx0PjyLGO6|
7477 0200 69 49 45 68 51 66 58 59 6C 62 75 53 4D 42 32 2F |iIEhQfXYlbuSMB2/|
7478 0210 68 44 38 70 4B 6D 65 34 59 71 59 4B 56 6F 78 33 |hD8pKme4YqYKVox3|
7479 0220 47 64 6B 4D 55 70 7A 6F 6D 6E 69 7A 71 4F 48 72 |GdkMUpzomnizqOHr|
7480 0230 47 4E 33 4C 4D 4C 76 57 64 5A 4A 52 38 7A 35 47 |GN3LMLvWdZJR8z5G|
7481 0240 71 59 75 58 68 4E 4F 53 74 71 4F 33 50 30 6C 78 |qYuXhNOStqO3P0lx|
7482 0250 38 39 6B 35 44 69 66 71 79 43 67 41 59 4A 67 66 |89k5DifqyCgAYJgf|
7483 0260 77 34 64 76 67 38 4F 35 6E 63 31 78 36 79 32 30 |w4dvg8O5nc1x6y20|