standalone Self-Signed S/MIME Certificate


EDWARDS dual-key certificate [C + S + E]


0. primary key, Certify [C]

X.509: ROOT/Issuer

Field/ExtensionContentOptional/Critical
VersionVersion: 3 (0x2)
Serial Numbercontaining at least 64 bits of output from a CSPRNG, e.g.0x402ad043d9884e67
Signature AlgorithmED448
ValidityNot Before...
Not After...
Issuer DN = Subject DNcommonName...
givenName
surname
pseudonym
serialNumber
emailAddress
title
streetAddress
localityName
stateOrProvinceName
postalCode
countryName
organizationName
organizationalUnitName
organizationIdentifier
Subject Public Key InfoPublic Key Algorithm and EdDSA Public-KeyED448 and ED448
X509v3 extensionsBasic ConstraintsCA:TRUEcritical
Key UsagekeyCertSign, cRLSigncritical
Extended Key UsageclientAuth, emailProtection
Subject Key Identifier256-bit SHAKE-256 hash of the DER encoding of the subjectPublicKey (pin-shake256-hex)

1. subkey, Sign [S]

X.509: Subscriber/Subject

Field/ExtensionContentOptional/Critical
VersionVersion: 3 (0x2)
Serial Numbercontaining at least 64 bits of output from a CSPRNG, e.g.0x734ca918d07e03c8
Signature AlgorithmED448
Issuerbased on the Distinguished Name (Subject) in the issuer's certificate...
ValidityNot Before...
Not After...
Subject DNNULL SEQUENCE (NULL-DN)SEQUENCE {}
Subject Public Key InfoPublic Key Algorithm and EdDSA Public-KeyED25519 and ED25519
X509v3 extensionsBasic ConstraintsCA:FALSEcritical
Key UsagedigitalSignaturecritical
Extended Key UsageclientAuth, emailProtection
Authority Key IdentifierkeyID: based on the subject key identifier in the issuer's certificate
Subject Key Identifier256-bit SHAKE-256 hash of the DER encoding of the subjectPublicKey (pin-shake256-hex)
Subject Alternative NameIA5String (rfc822Name) or/and UTF-8 (otherName)
test@example.com
critical

2. subkey, Encrypt [E]

X.509: Subscriber/Subject

Field/ExtensionContentOptional/Critical
VersionVersion: 3 (0x2)
Serial Numbercontaining at least 64 bits of output from a CSPRNG, e.g.0x1b3e0eb4b68f79ff
Signature AlgorithmED448
Issuerbased on the Distinguished Name (Subject) in the issuer's certificate...
ValidityNot Before...
Not After...
Subject DNNULL SEQUENCE (NULL-DN)SEQUENCE {}
Subject Public Key InfoPublic Key Algorithm and EdDH Public-KeyX25519 and X25519
X509v3 extensionsBasic ConstraintsCA:FALSEcritical
Key UsagekeyAgreementcritical
Extended Key UsageemailProtection
Authority Key IdentifierkeyID: based on the subject key identifier in the issuer's certificate
Subject Key Identifier256-bit SHAKE-256 hash of the DER encoding of the subjectPublicKey (pin-shake256-hex)
Subject Alternative NameIA5String (rfc822Name) or/and UTF-8 (otherName)
test@example.com
critical