standalone Self-Signed S/MIME Certificate
NIST single-key certificate [C + SE]
0. primary key, Certify [C]
X.509: ROOT/Issuer
Field/Extension | Content | Optional/Critical | |
---|---|---|---|
Version | Version: 3 (0x2) | ||
Serial Number | containing at least 64 bits of output from a CSPRNG, e.g. | 0x2fae6e1da49c885a | |
Signature Algorithm | ecdsaWithSHA512 | ||
Validity | Not Before | ... | |
Not After | ... | ||
Issuer DN = Subject DN | commonName | ... | |
givenName | |||
surname | |||
pseudonym | |||
serialNumber | |||
title | |||
streetAddress | |||
localityName | |||
stateOrProvinceName | |||
postalCode | |||
countryName | |||
organizationName | |||
organizationalUnitName | |||
organizationIdentifier | |||
Subject Public Key Info | Public Key Algorithm and ECDSA Public-Key | ecPublicKey and secp521r1 | |
X509v3 extensions | Basic Constraints | CA:TRUE | critical |
Key Usage | keyCertSign, cRLSign | critical | |
Extended Key Usage | clientAuth, emailProtection | ||
Subject Key Identifier | 256-bit SHAKE-256 hash of the DER encoding of the subjectPublicKey (pin-shake256-hex) |
1. subkey, Sign+Encrypt [SE]
X.509: Subscriber/Subject
Field/Extension | Content | Optional/Critical | |
---|---|---|---|
Version | Version: 3 (0x2) | ||
Serial Number | containing at least 64 bits of output from a CSPRNG, e.g. | 0x2dbd240cdadb536e | |
Signature Algorithm | ecdsaWithSHA384 | ||
Issuer | based on the Distinguished Name (Subject) in the issuer's certificate | ... | |
Validity | Not Before | ... | |
Not After | ... | ||
Subject DN | NULL SEQUENCE (NULL-DN) | SEQUENCE {} | |
Subject Public Key Info | Public Key Algorithm and ECDSA/ECDH Public-Key | ecPublicKey and secp384r1 | |
X509v3 extensions | Basic Constraints | CA:FALSE | critical |
Key Usage | digitalSignature, keyAgreement | critical | |
Extended Key Usage | clientAuth, emailProtection | ||
Authority Key Identifier | keyID: based on the subject key identifier in the issuer's certificate | ||
Subject Key Identifier | 256-bit SHAKE-256 hash of the DER encoding of the subjectPublicKey (pin-shake256-hex) | ||
Subject Alternative Name | IA5String (rfc822Name) or/and UTF-8 (otherName) test@example.com | critical |