Re: [openssl-users] How to make OpenSSL engine usage application specific?

[Linsell, StevenX]

> On Mon, 19 Feb 2018 Jayalakshmi Bhat wrote:
> 
> Engine usage is application specific.There are couple of applications
> dependent on RSA TPM? engine. And are few applications dependent on
> RSA smart card engine.?
> 
> We wanted to know if there are any APIs provided by OpenSSL to make the
> engine usage application specific? Is there any way we can make OpenSSL
> chose specific engine for
> 
> specific application.
> 

I think but don't quote me that if your applications are using the openssl.cnf 
file to configure the
engine you are going to use, then the OPENSSL_CONF environment variable will 
allow you to
control the configuration file loaded by OpenSSL. This allows you to have 
application specific 
configuration files that load the engine you require and make it the default 
engine. 
This is dependent on your application having been built with OPENSSL_LOAD_CONF 
defined.
You can also control the config file loaded programmatically via OPENSSL_config.

The alternative is loading your engine programmatically such as nginx does:
https://github.com/nginx/nginx/blob/master/src/event/ngx_event_openssl.c#L4193-L4237
and use ENGINE_set_default to make the engine you require the default for that 
application.
Of course that is only useful if you are in control of your applications source 
code.

There are more details here:
https://wiki.openssl.org/index.php/Library_Initialization
https://www.openssl.org/docs/manmaster/man5/config.html

Steve Linsell   Intel Shannon DCG/CID Software Development Team
stevenx.lins...@intel.com


--
Intel Research and Development Ireland Limited
Registered in Ireland
Registered Office: Collinstown Industrial Park, Leixlip, County Kildare
Registered Number: 308263


This e-mail and any attachments may contain confidential material for the sole
use of the intended recipient(s). Any review or distribution by others is
strictly prohibited. If you are not the intended recipient, please contact the
sender and delete all copies.

-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] SSL_shutdown return error when close in init

[Linsell, StevenX]

On 20/04/2017, Bohn, Jakob  wrote:
>Let me clarify: The idea was not to change the synchronization structure,
>but to set a flag or otherwise (asynchronously or in a small critical
>section) change the state such that when the communication async
>operations resume, they will proceed directly to a failure state
>skipping as much of the processing and transmission as possible.

>For example if it was waiting for a "hello" from the other end,
>when that "hello" arrives, it would not process the bytes in that
>hello, but respond as if it received a bad hello (with
>"aborted/closed" rather than "invalid hello" as the error/alert
>code).  It would not proceed to e.g. validate incoming public keys,
>send public keys, generate nonces, derive keys etc.

So am I correct in thinking you are asking for an 'abort' mechanism for
the async job? Effectively you would set a flag on the async job,
then call the SSL_do_handshake again, and when it switched back into
the async job (fibre) it would detect it was being aborted and return
up the stack with a failure. You do still need to call the SSL_do_handshake
that one time so that the fibre can run to completion and everything
gets tidied up correctly though.

I discussed doing this last year with Matt. At the time I couldn't justify
the change as I couldn't come up with a scenario where it didn't just
make sense to keep calling the function until the asynchronous operation
completed. The only scenario I did come up with was if the hardware
crypto device underneath stopped responding (so will never come back).
In that case having an abort mechanism allows the application to 
eventually time out, set the abort flag, make the function call and then 
cause the async job to fail and come back up the stack. 
We decided that if I wanted to pursue that abort functionality
I should implement it as an ENGINE message that would pass the 
ASYNC_WAIT_CTX of the connection. The engine would then need to
ensure the ASYNC_WAIT_CTX's custom field had a structure that 
included an abort flag. The engine could then keep self contained
the mechanism for setting the abort flag and dealing with checking
the flag when switching back into the async job (assuming we
are only pausing the job from within the engine).
I was going to implement a prototype that did that but it's something
that is still on my list of things to try out.

>This serves two purposes: To make the "SSL_shutdown" call "just work"
>from an application perspective, and to minimize security exposure
>after the call has been made (e.g. in case some application level
>code decides the other end is probably malicious).

Actually I'd worry about the abort solution from a security stand point.
The trouble is if you are going to abort the connection down in the 
crypto layer then effectively you are creating a new failure path and
potentially changing behaviour seen at the client.
You'd need to be very careful down there to ensure you are not 
creating any kind of oracle that can be exploited.

The current behaviour of keep calling SSL_do_handshake and then fail
after the asynchronous operation completes will look exactly the same 
as the synchronous operation to the client on the other end. The only
difference being that the asynchronous connection will look like a 
particularly slow connection due to the latency introduced by the
asynchronous behavior (depending on server load). They both execute
 to the same point in the handshake before the failure can be dealt with.

I do agree it would be much nicer to minimize the logic changes
at the application level but I'm not convinced yet that an abort 
mechanism is the way to go.

Steve Linsell   Intel Shannon DCG/CID Software Development Team
stevenx.lins...@intel.com

--
Intel Research and Development Ireland Limited
Registered in Ireland
Registered Office: Collinstown Industrial Park, Leixlip, County Kildare
Registered Number: 308263


This e-mail and any attachments may contain confidential material for the sole
use of the intended recipient(s). Any review or distribution by others is
strictly prohibited. If you are not the intended recipient, please contact the
sender and delete all copies.

-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] SSL_shutdown return error when close in init

[Linsell, StevenX]

On 19/04/2017, Bohn, Jakob via openssl-users wrote:

> On 19/04/2017 14:35, Salz, Rich via openssl-users wrote:
> >> The OpenSSL documentation makes it clear that you must keep calling
> >> the same asynchronous function with the same parameters until the
> >> async job has completed.
> > Is there a way we can (relatively cheaply) check for that type of
>>  programming error and return an "in progress on another op" error?

Yes, I raised a pull request for something similar here:
https://github.com/openssl/openssl/pull/1736
Unfortunately it is over 6 months old now and needs to be rebased and brought 
up to date with the latest master (my bad as I've not had time).
If I get a moment I'll try and get it back up to date.

> Also, for the shutdown case, it would be nice (in general) if attempting
> shutdown during a handshake will make the handshake abort as soon as the
> protocol allows, rather than going through all the remaining steps and their
> transmissions.
> 
> In other words, returning appropriate errors/alerts to the other end
> according to the handshake step.

The problem here is that you have a suspended fibre midway through the
handshake operation. It may have allocated memory not just on the stack
local to the fibre but dynamically on the heap. The fibre must be resumed
to allow it to return up the stack and exit the fibre. When you are 
running asynchronously you are also by definition going to be running
with non-blocking sockets. This means when you recall the
SSL_do_handshake to resume the fibre you are only going to keep 
recalling it until the point it first comes back up the stack and exits the 
fibre. This will happen at the first point you try and do some non blocking 
I/O, i.e. send or receive during the handshake. At that point you will be
in the same situation you are in if you were running synchronously with
non blocking sockets (you may have detected the error earlier when 
running asynchronously but both asynchronous and synchronous
only act on it at the same stage of the handshake).
The pain point for the user is in having to remember the error has 
occurred and keep recalling the SSL_do_handshake until the
async job (fibre) has completed.

 
Steve Linsell Intel Shannon DCG/CID Software 
Development Team
stevenx.lins...@intel.com

--
Intel Research and Development Ireland Limited
Registered in Ireland
Registered Office: Collinstown Industrial Park, Leixlip, County Kildare
Registered Number: 308263


This e-mail and any attachments may contain confidential material for the sole
use of the intended recipient(s). Any review or distribution by others is
strictly prohibited. If you are not the intended recipient, please contact the
sender and delete all copies.

-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] SSL_shutdown return error when close in init

[Linsell, StevenX]

On Tue, 18 Apr 2017, mid...@163.com wrote:
>Hello
> I'm using open1.1.0e in async mode with intel QuickAssist Engine to handle 
> https connections? but there's some problem.
>
>client(ab)-- server(my program)
>
><-TCP handshake> -ssl client 
>hello---> <-server hello,certicate...- 
>---client key exchange> >//here, server's SSL_do_handshake 
>reutrns SSL_ERROR_WANT_ASYNC repeatly,
>
>---FIN+ACK-->
>
>//client want to close the connection, then, server should close ssl 
>connection ,In program, I intend to close SSL connections in quiet mode?
>SSL_set_quiet_shutdown(ssl,1);
>SSL_shutdown(ssl);
>
>but SSL_shutdown returns SSL_ERROR_SSL, because SSL_in_init(s) return true.
>
>I'm confused, what should I do here ???
>(1) just call SSL_free(ssl) to free SSL connection, then the async engine may 
>callback and using SSL's waitctx, which cause crash.  Also I noticed that 
>SSL's job >doesn't free neither, which may cause memory leak;
>
>(2)continue call SSL_shutdown(ssl),  and it will always return SSL_ERROR_SSL
>
>Is anybody know? thanks  

The root cause of the issue is that it is not valid to move state from init to 
shutdown when there is still an asynchronous operation in progress.
The fact that the client wants to close the connection should be saved, the 
asynchronous operation should be completed (keep calling SSL_do_handshake until 
SSL_get_error does not return SSL_ERROR_WANT_ASYNC) then based on what you 
saved do the same behaviour you would have done in the case of the client 
wanting to close the connection if you are running synchronously.
As long as you have completed the asynchronous operation then there will be no 
problem calling SSL_free on the connection as there will be no callback that 
will run later.
By continuing to call SSL_do_handshake until the sync job completes all you are 
doing is running the SSL_do_handshake to the same point it would have returned 
and detected the error if you were running synchronously.
Note that it is never valid to call SSL_do_handshake(), start an asynchronous 
operation (SSL_get_error returning SSL_ERROR_WANT_ASYNC), then transition 
straight to calling a different asynchronous enabled function like 
SSL_shutdown(). If you do that you will find that when you call SSL_shutdown it 
will detect there is already an async job in progress and will context switch 
into that job rather than starting an async job for the SSL_shutdown behaviour. 
In other words you will end up running SSL_do_handshake code when you think you 
are running SSL_shutdown code. Even worse they may have completely different 
return behaviour so you get an unexpected result. The OpenSSL documentation 
makes it clear that you must keep calling the same asynchronous function with 
the same parameters until the async job has completed.

Hope that helps,

Steve Linsell Intel Shannon DCG/CID 
Software Development Team
stevenx.lins...@intel.com

--
Intel Research and Development Ireland Limited
Registered in Ireland
Registered Office: Collinstown Industrial Park, Leixlip, County Kildare
Registered Number: 308263


This e-mail and any attachments may contain confidential material for the sole
use of the intended recipient(s). Any review or distribution by others is
strictly prohibited. If you are not the intended recipient, please contact the
sender and delete all copies.

-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] Failure using ECDH-RSA-AES256-SHA with ssl3 on Master Branch

[Linsell, StevenX]

On 20/0315 15:51, Matt Caswell wrote:
On 20/03/15 12:44, Linsell, StevenX wrote:
 On Thu, Mar 19, 2015, Steve Linsell wrote:
  
 Following further testing I see identical failures in the master branch 
 using the \
 following cipher/protocol combinations: 
 ECDH-ECDSA-AES128-SHA  ssl3 
 ECDH-ECDSA-AES256-SHA  ssl3
 ECDH-ECDSA-DES-CBC3-SHAssl3  
 ECDH-ECDSA-RC4-SHA ssl3   
 ECDH-RSA-AES128-SHAssl3
 ECDH-RSA-AES256-SHAssl3 
 ECDH-RSA-DES-CBC3-SHA  ssl3  
 ECDH-RSA-RC4-SHA   ssl3
 ECDHE-ECDSA-AES128-SHA ssl3 
 ECDHE-ECDSA-AES256-SHA ssl3  
 ECDHE-ECDSA-DES-CBC3-SHA   ssl3
 ECDHE-ECDSA-RC4-SHAssl3 
 

Hi Steve

Looks like a bug. Try the attached patch. Let me know how you get on.

Thanks

Matt

Thanks Matt that worked great.
I've retested all the above cipher/protocol combinations and all now pass with 
the fix in place.

Just to close out my understanding.
Within the tls1_check_ec_key function:
The first iteration round the loop is checking that the curve within the 
certificate matches one of the curves in the list of curves that this build of 
OpenSSL supports.
The second iteration round the loop is checking the curve within the 
certificate matches one of the curves in the list of curves sent from the peer 
via TLS extensions.
In the case of the cipher/protocol combinations above we are using ssl3 which 
does not support TLS extensions so the second list will always be empty.
As Viktor states RFC 4492 says if the client sends no TLS extension containing 
the curves supported then the server can choose any supported curve. So your 
fix is to continue when we reach the second iteration if there are no curves in 
the second list rather than flag an error.

Thanks again,

Steve Linsell Intel Shannon DCG/CID 
Software Development Team
stevenx.lins...@intel.com




--
Intel Shannon Limited
Registered in Ireland
Registered Office: Collinstown Industrial Park, Leixlip, County Kildare
Registered Number: 308263
Business address: Dromore House, East Park, Shannon, Co. Clare

This e-mail and any attachments may contain confidential material for the sole 
use of the intended recipient(s). Any review or distribution by others is 
strictly prohibited. If you are not the intended recipient, please contact the 
sender and delete all copies.


___
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] Failure using ECDH-RSA-AES256-SHA with ssl3 on Master Branch

[Linsell, StevenX]

On Thu, Mar 19, 2015, Steve Linsell wrote:
 
 I am trying to use ECDH-RSA-AES256-SHA with ssl3 with s_client and s_server on
 the master branch. (cloned at commit
 f7683aaf36341dc65672ac2ccdbfd4a232e3626d) and then retested  with a more
 recent clone: (commit da27006df06853a33b132133699a7aa9d4277920).

Following further testing I see identical failures in the master branch using 
the following cipher/protocol combinations:

ECDH-ECDSA-AES128-SHA  ssl3 
ECDH-ECDSA-AES256-SHA  ssl3
ECDH-ECDSA-DES-CBC3-SHAssl3  
ECDH-ECDSA-RC4-SHA ssl3   
ECDH-RSA-AES128-SHAssl3
ECDH-RSA-AES256-SHAssl3 
ECDH-RSA-DES-CBC3-SHA  ssl3  
ECDH-RSA-RC4-SHA   ssl3
ECDHE-ECDSA-AES128-SHA ssl3 
ECDHE-ECDSA-AES256-SHA ssl3  
ECDHE-ECDSA-DES-CBC3-SHA   ssl3
ECDHE-ECDSA-RC4-SHAssl3 

The issue appears to be anywhere an elliptical curve certificate (whether 
signed with rsa or ecdsa) is used with ssl3.
The error produced looks very similar to that produced when you generate a 
certificate without the OPENSSL_EC_NAMED_CURVE flag as described on the OpenSSL 
wiki, but as you can see from the dump of the certificate below in this case 
the ASN1 OID: prime256v1 line is present. The certificates also function fine 
with tls1, tls1.1 and tls1.2.

Is there anyone that can confirm that they see the same behaviour, to rule out 
my setup and certificate generation?

 Here is a dump of the certificate:
 ./openssl x509 -in prime256v1-rsaTestServer.cert.pem -text -noout
 Certificate:
 Data:
 Version: 1 (0x0)
 Serial Number: 16838786626002069798 (0xe9af63387b73a926)
 Signature Algorithm: sha256WithRSAEncryption
 Issuer: C=US, ST=CA, L=Mountain View, O=Sun Microsystems, Inc., OU=Sun
 Microsystems Laboratories, CN=Test CA (2048 bit RSA)
 Validity
 Not Before: Mar 13 11:38:21 2015 GMT
 Not After : Apr 21 11:38:21 2019 GMT
 Subject: C=US, ST=CA, L=Mountain View, O=Sun Microsystems, Inc.,
 OU=Sun Microsystems Laboratories, CN=Test Server (prime256v1 key signed
 with RSA)
 Subject Public Key Info:
 Public Key Algorithm: id-ecPublicKey
 Public-Key: (256 bit)
 pub:
 04:0d:a6:16:d8:43:25:dc:83:6d:18:fb:f0:b7:41:
 bc:05:88:a2:f2:56:8a:76:7a:d0:2b:7f:de:0a:44:
 33:4b:de:5b:30:44:ff:34:0e:17:c6:38:77:d7:53:
 b2:c2:fa:9f:7f:d5:e3:a4:b5:de:ce:29:9d:74:e6:
 59:76:9f:e6:eb
 ASN1 OID: prime256v1
 NIST CURVE: P-256
 Signature Algorithm: sha256WithRSAEncryption
  d0:1c:97:60:b9:14:cf:5a:c8:ea:8d:65:63:75:50:f2:63:68:
  82:06:0c:47:f5:52:13:a5:61:4b:cd:99:ab:d0:56:81:a7:92:
  21:c7:07:e3:12:25:4a:a8:c7:83:7a:bd:57:11:c7:55:88:28:
  74:f1:37:bb:cd:0b:5b:7b:6f:45:e6:8d:1a:be:1a:fd:e0:d2:
  5b:e5:ee:39:2e:73:c8:d6:03:5c:f6:f9:37:4a:81:e4:41:5a:
  87:d5:0d:da:48:67:14:bb:75:3b:ae:68:b9:c4:25:2d:19:a7:
  05:90:a2:fb:b4:d3:00:4f:40:19:e9:2d:83:75:db:3c:53:fe:
  08:ae:ca:ba:3d:a5:4d:6e:f6:14:af:ee:7e:6d:dc:45:96:91:
  92:6d:37:52:b6:b7:ad:70:02:d0:11:0d:84:1b:f1:3b:82:be:
  66:af:a6:3c:17:33:d0:98:c3:cb:d3:22:39:d1:66:6e:94:ce:
  7e:70:3c:02:29:6a:b6:87:e9:c4:e9:44:b4:9b:f1:8e:47:82:
  2d:20:79:0e:f6:91:b1:e9:cf:83:66:8f:ff:e1:4f:2f:a1:ab:
  ca:2d:81:53:7d:7f:69:b5:11:59:7e:9a:47:1c:6a:c8:83:54:
  83:0a:7d:46:ec:2e:e9:82:f3:b4:d4:f6:04:57:bc:a5:b2:c5:
  0c:ed:a6:fa
 
 Single stepping through the code I can see the failure is occurring in
 tls1_check_ec_key when it is called from tls1_check_cert_param.
 It appears to go around a for loop (j) twice. The first time through it 
 correctly
 matches the curve it is looking for. The second time round the list is empty 
 and 0
 is returned. This failure causes the Elliptical curve cert not to be declared 
 as valid
 and consequently the handshake fails with the no shared cipher message.
 I don't have a good understanding of how the certificate code works so I
 haven't managed to debug any further than that in order to determine why the
 second time round the loop the list is empty.
 
 --
 Steve Linsell Intel Shannon DCG/CID 
 Software Development
 Team
 stevenx.lins...@intel.com
 
Steve Linsell Intel Shannon DCG/CID 
Software Development Team
stevenx.lins...@intel.com

--
Intel Shannon Limited
Registered in Ireland
Registered Office: Collinstown Industrial Park, Leixlip, County Kildare
Registered Number: 308263
Business address: Dromore House, East Park, Shannon, Co. Clare

This e-mail and any attachments may contain confidential material for the 

[openssl-users] Failure using ECDH-RSA-AES256-SHA with ssl3 on Master Branch

[Linsell, StevenX]

I am trying to use ECDH-RSA-AES256-SHA with ssl3 with s_client and s_server on 
the master branch. (cloned at commit f7683aaf36341dc65672ac2ccdbfd4a232e3626d) 
and then retested  with a more recent clone: (commit 
da27006df06853a33b132133699a7aa9d4277920).
We are running a test suite that tests all supported cipher and protocol 
combinations and this test is part of that suite.
Our test suite is failing with an unmodified build of OpenSSL with the 
following commands:-

s_server:
./openssl s_server -cert prime256v1-rsaTestServer.cert.pem -key 
prime256v1-rsaTestServer.key.pem -WWW -accept 4411 -cipher ECDH-RSA-AES256-SHA 
-nbio -ssl3 -debug -state

s_client:
echo GET /file_1byte.html HTTP/1.0 | ./openssl s_client  -host localhost 
-port 4411 -cipher ECDH-RSA-AES256-SHA -ssl3 -ign_eof -debug -state

The output from s_client is:-

SSL_connect:before/connect initialization
SSL_connect:SSLv3 write client hello A
SSL3 alert read:fatal:handshake failure
SSL_connect:failed in SSLv3 read server hello A
139749978326688:error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert 
handshake failure:s3_pkt.c:1482:SSL alert number 40
139749978326688:error:1409E0E5:SSL routines:ssl3_write_bytes:ssl handshake 
failure:s3_pkt.c:664:
CONNECTED(0003)
write to 0x1284120 [0x128e913] (52 bytes = 52 (0x34))
 - 16 03 00 00 2f 01 00 00-2b 03 00 af 73 f8 85 b4   /...+...s...
0010 - 01 5f d4 79 66 4e 94 fa-bf e7 5e 5b 19 75 c8 5f   ._.yfN^[.u._
0020 - 44 73 bb bd 47 8c 23 57-01 c0 1a 00 00 04 c0 0f   Ds..G.#W
0030 - 00 ff 01  ...
0034 - SPACES/NULS
read from 0x1284120 [0x128a3c3] (5 bytes = 5 (0x5))
 - 15 03 00 00 02    .
read from 0x1284120 [0x128a3c8] (2 bytes = 2 (0x2))
 - 02 28 .(
---
no peer certificate available

The output from s_server is:-

Using default temp DH parameters
ACCEPT
turning on non blocking io
SSL_accept:before/accept initialization
read from 0x21b32b0 [0x21b7993] (5 bytes = 5 (0x5))
 - 16 03 00 00 2f    /
read from 0x21b32b0 [0x21b7998] (47 bytes = 47 (0x2F))
 - 01 00 00 2b 03 00 aa 75-39 f4 b5 78 46 3e 8c cb   ...+...u9..xF..
0010 - a9 18 92 01 cd 24 cf fd-7b a7 de 29 7c b8 d9 bc   .$..{..)|...
0020 - c4 62 1c c5 33 7f 00 00-04 c0 0f 00 ff 01 .b..3.
002f - SPACES/NULS
0:[0020:0010:0188:0084]0x6055a0:ECDH-RSA-AES256-SHA
write to 0x21b32b0 [0x21c6910] (7 bytes = 7 (0x7))
 - 15 03 00 00 02 02 28  ..(
SSL3 alert write:fatal:handshake failure
SSL_accept:error in SSLv3 read client hello C
139792107542176:error:1408A0C1:SSL routines:ssl3_get_client_hello:no shared 
cipher:s3_srvr.c:1366:
ACCEPT

I am using an ECC test certificate that uses curve prime256v1 and is signed 
with an rsa2k key.
The cert/key were generated using RSAcertgen.sh followed by ECC-RSAcertgen.sh 
modified only for the curve and RSA key size I am using.
Here is a dump of the certificate:
./openssl x509 -in prime256v1-rsaTestServer.cert.pem -text -noout
Certificate:
Data:
Version: 1 (0x0)
Serial Number: 16838786626002069798 (0xe9af63387b73a926)
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, ST=CA, L=Mountain View, O=Sun Microsystems, Inc., OU=Sun 
Microsystems Laboratories, CN=Test CA (2048 bit RSA)
Validity
Not Before: Mar 13 11:38:21 2015 GMT
Not After : Apr 21 11:38:21 2019 GMT
Subject: C=US, ST=CA, L=Mountain View, O=Sun Microsystems, Inc., OU=Sun 
Microsystems Laboratories, CN=Test Server (prime256v1 key signed with RSA)
Subject Public Key Info:
Public Key Algorithm: id-ecPublicKey
Public-Key: (256 bit)
pub: 
04:0d:a6:16:d8:43:25:dc:83:6d:18:fb:f0:b7:41:
bc:05:88:a2:f2:56:8a:76:7a:d0:2b:7f:de:0a:44:
33:4b:de:5b:30:44:ff:34:0e:17:c6:38:77:d7:53:
b2:c2:fa:9f:7f:d5:e3:a4:b5:de:ce:29:9d:74:e6:
59:76:9f:e6:eb
ASN1 OID: prime256v1
NIST CURVE: P-256
Signature Algorithm: sha256WithRSAEncryption
 d0:1c:97:60:b9:14:cf:5a:c8:ea:8d:65:63:75:50:f2:63:68:
 82:06:0c:47:f5:52:13:a5:61:4b:cd:99:ab:d0:56:81:a7:92:
 21:c7:07:e3:12:25:4a:a8:c7:83:7a:bd:57:11:c7:55:88:28:
 74:f1:37:bb:cd:0b:5b:7b:6f:45:e6:8d:1a:be:1a:fd:e0:d2:
 5b:e5:ee:39:2e:73:c8:d6:03:5c:f6:f9:37:4a:81:e4:41:5a:
 87:d5:0d:da:48:67:14:bb:75:3b:ae:68:b9:c4:25:2d:19:a7:
 05:90:a2:fb:b4:d3:00:4f:40:19:e9:2d:83:75:db:3c:53:fe:
 08:ae:ca:ba:3d:a5:4d:6e:f6:14:af:ee:7e:6d:dc:45:96:91:
 92:6d:37:52:b6:b7:ad:70:02:d0:11:0d:84:1b:f1:3b:82:be:
 66:af:a6:3c:17:33:d0:98:c3:cb:d3:22:39:d1:66:6e:94:ce:
 7e:70:3c:02:29:6a:b6:87:e9:c4:e9:44:b4:9b:f1:8e:47:82: