Initial proof-of-concept SM-DP+ for GSMA consumer eSIM RSP
This commit introduces
* the osmo-smdpp.py program implementing the main procedures and the
HTTP/REST based ES9+
* python modules for ES8+ and non-volatile RSP Session State storage
* the ASN.1 source files required to parse/encode RSP
* 3GPP test certificates from SGP.26
* an unsigned profile package (UPP) of a SAIP v2.3 TS48 test profile
As I couldn't get the 'Klein' tls support to work, the SM-DP+ code
currently does not support HTTPS/TLS but plan HTTP, so you either have
to modify your LPA to use HTTP instead of HTTPS, or put a TLS proxy in
front.
I have successfully installed an eSIM profile on a test eUICC that
contains certificate/key data within the test CI defined in GSMA SGP.26
Change-Id: I6232847432dc6920cd2bd08c84d7099c29ca1c11
diff --git a/smdpp-data/certs/DPtls/CERT_S_SM_DP2_TLS.csr.cnf b/smdpp-data/certs/DPtls/CERT_S_SM_DP2_TLS.csr.cnf
new file mode 100644
index 0000000..8ed5b2b
--- /dev/null
+++ b/smdpp-data/certs/DPtls/CERT_S_SM_DP2_TLS.csr.cnf
@@ -0,0 +1,10 @@
+[ req ]
+prompt = no
+distinguished_name = req_distinguished_name
+
+[ req_distinguished_name ]
+O = ACME
+
+# shall be aligned with SGP.23 value #TEST_DP_ADDRESS2
+CN = testsmdpplus2.example.com
+
diff --git a/smdpp-data/certs/DPtls/CERT_S_SM_DP2_TLS.der b/smdpp-data/certs/DPtls/CERT_S_SM_DP2_TLS.der
new file mode 100644
index 0000000..be20b34
--- /dev/null
+++ b/smdpp-data/certs/DPtls/CERT_S_SM_DP2_TLS.der
Binary files differ
diff --git a/smdpp-data/certs/DPtls/CERT_S_SM_DP2_TLS.ext.cnf b/smdpp-data/certs/DPtls/CERT_S_SM_DP2_TLS.ext.cnf
new file mode 100644
index 0000000..d224daf
--- /dev/null
+++ b/smdpp-data/certs/DPtls/CERT_S_SM_DP2_TLS.ext.cnf
@@ -0,0 +1,14 @@
+######################################################################################################################################################################
+# Extensions for a DPTLS
+keyUsage = critical, digitalSignature
+extendedKeyUsage = critical, serverAuth, clientAuth
+certificatePolicies = 2.23.146.1.2.1.3
+subjectKeyIdentifier = hash
+authorityKeyIdentifier = keyid:always,issuer
+
+# RID shall be aligend with SGP.23 value SM-DP+OID2
+# DNS name shall be aligned with SGP.23 value #TEST_DP_ADDRESS2
+subjectAltName = DNS:testsmdpplus2.example.com, RID:2.999.12
+
+crlDistributionPoints=URI:http://ci.test.example.com/CRL-A.crl, URI:http://ci.test.example.com/CRL-B.crl
+
diff --git a/smdpp-data/certs/DPtls/CERT_S_SM_DP4_TLS.csr.cnf b/smdpp-data/certs/DPtls/CERT_S_SM_DP4_TLS.csr.cnf
new file mode 100644
index 0000000..abaa1da
--- /dev/null
+++ b/smdpp-data/certs/DPtls/CERT_S_SM_DP4_TLS.csr.cnf
@@ -0,0 +1,10 @@
+[ req ]
+prompt = no
+distinguished_name = req_distinguished_name
+
+[ req_distinguished_name ]
+O = ACME
+
+# shall be aligned with SGP.23 value #TEST_DP_ADDRESS4
+CN = testsmdpplus4.example.com
+
diff --git a/smdpp-data/certs/DPtls/CERT_S_SM_DP4_TLS.der b/smdpp-data/certs/DPtls/CERT_S_SM_DP4_TLS.der
new file mode 100644
index 0000000..07b4c85
--- /dev/null
+++ b/smdpp-data/certs/DPtls/CERT_S_SM_DP4_TLS.der
Binary files differ
diff --git a/smdpp-data/certs/DPtls/CERT_S_SM_DP4_TLS.ext.cnf b/smdpp-data/certs/DPtls/CERT_S_SM_DP4_TLS.ext.cnf
new file mode 100644
index 0000000..31f6463
--- /dev/null
+++ b/smdpp-data/certs/DPtls/CERT_S_SM_DP4_TLS.ext.cnf
@@ -0,0 +1,14 @@
+######################################################################################################################################################################
+# Extensions for a DPTLS
+keyUsage = critical, digitalSignature
+extendedKeyUsage = critical, serverAuth, clientAuth
+certificatePolicies = 2.23.146.1.2.1.3
+subjectKeyIdentifier = hash
+authorityKeyIdentifier = keyid:always,issuer
+
+# RID shall be aligend with SGP.23 value SM-DP+OID4
+# DNS name shall be aligned with SGP.23 value #TEST_DP_ADDRESS4
+subjectAltName = DNS:testsmdpplus4.example.com, RID:2.999.14
+
+crlDistributionPoints=URI:http://ci.test.example.com/CRL-A.crl, URI:http://ci.test.example.com/CRL-B.crl
+
diff --git a/smdpp-data/certs/DPtls/CERT_S_SM_DP8_TLS.csr.cnf b/smdpp-data/certs/DPtls/CERT_S_SM_DP8_TLS.csr.cnf
new file mode 100644
index 0000000..39ebdfb
--- /dev/null
+++ b/smdpp-data/certs/DPtls/CERT_S_SM_DP8_TLS.csr.cnf
@@ -0,0 +1,10 @@
+[ req ]
+prompt = no
+distinguished_name = req_distinguished_name
+
+[ req_distinguished_name ]
+O = ACME
+
+# shall be aligned with SGP.23 value #TEST_DP_ADDRESS8
+CN = testsmdpplus8.example.com
+
diff --git a/smdpp-data/certs/DPtls/CERT_S_SM_DP8_TLS.der b/smdpp-data/certs/DPtls/CERT_S_SM_DP8_TLS.der
new file mode 100644
index 0000000..3b45b14
--- /dev/null
+++ b/smdpp-data/certs/DPtls/CERT_S_SM_DP8_TLS.der
Binary files differ
diff --git a/smdpp-data/certs/DPtls/CERT_S_SM_DP8_TLS.ext.cnf b/smdpp-data/certs/DPtls/CERT_S_SM_DP8_TLS.ext.cnf
new file mode 100644
index 0000000..cc88f83
--- /dev/null
+++ b/smdpp-data/certs/DPtls/CERT_S_SM_DP8_TLS.ext.cnf
@@ -0,0 +1,14 @@
+######################################################################################################################################################################
+# Extensions for a DPTLS
+keyUsage = critical, digitalSignature
+extendedKeyUsage = critical, serverAuth, clientAuth
+certificatePolicies = 2.23.146.1.2.1.3
+subjectKeyIdentifier = hash
+authorityKeyIdentifier = keyid:always,issuer
+
+# RID shall be aligend with SGP.23 value SM-DP+OID8
+# DNS name shall be aligned with SGP.23 value #TEST_DP_ADDRESS8
+subjectAltName = DNS:testsmdpplus8.example.com, RID:2.999.18
+
+crlDistributionPoints=URI:http://ci.test.example.com/CRL-A.crl, URI:http://ci.test.example.com/CRL-B.crl
+
diff --git a/smdpp-data/certs/DPtls/CERT_S_SM_DP_TLS.csr.cnf b/smdpp-data/certs/DPtls/CERT_S_SM_DP_TLS.csr.cnf
new file mode 100644
index 0000000..d9b785c
--- /dev/null
+++ b/smdpp-data/certs/DPtls/CERT_S_SM_DP_TLS.csr.cnf
@@ -0,0 +1,10 @@
+[ req ]
+prompt = no
+distinguished_name = req_distinguished_name
+
+[ req_distinguished_name ]
+O = ACME
+
+# shall be aligned with SGP.23 value #TEST_DP_ADDRESS1
+CN = testsmdpplus1.example.com
+
diff --git a/smdpp-data/certs/DPtls/CERT_S_SM_DP_TLS.ext.cnf b/smdpp-data/certs/DPtls/CERT_S_SM_DP_TLS.ext.cnf
new file mode 100644
index 0000000..f80caf6
--- /dev/null
+++ b/smdpp-data/certs/DPtls/CERT_S_SM_DP_TLS.ext.cnf
@@ -0,0 +1,14 @@
+######################################################################################################################################################################
+# Extensions for a DPTLS
+keyUsage = critical, digitalSignature
+extendedKeyUsage = critical, serverAuth, clientAuth
+certificatePolicies = 2.23.146.1.2.1.3
+subjectKeyIdentifier = hash
+authorityKeyIdentifier = keyid:always,issuer
+
+# RID shall be aligend with SGP.23 value SM-DP+OID
+# DNS name shall be aligned with SGP.23 value #TEST_DP_ADDRESS1
+subjectAltName = DNS:testsmdpplus1.example.com, RID:2.999.10
+
+crlDistributionPoints=URI:http://ci.test.example.com/CRL-A.crl, URI:http://ci.test.example.com/CRL-B.crl
+
diff --git a/smdpp-data/certs/DPtls/CERT_S_SM_DP_TLS_BRP.der b/smdpp-data/certs/DPtls/CERT_S_SM_DP_TLS_BRP.der
new file mode 100644
index 0000000..dc730f0
--- /dev/null
+++ b/smdpp-data/certs/DPtls/CERT_S_SM_DP_TLS_BRP.der
Binary files differ
diff --git a/smdpp-data/certs/DPtls/CERT_S_SM_DP_TLS_NIST.der b/smdpp-data/certs/DPtls/CERT_S_SM_DP_TLS_NIST.der
new file mode 100644
index 0000000..0cb9ba7
--- /dev/null
+++ b/smdpp-data/certs/DPtls/CERT_S_SM_DP_TLS_NIST.der
Binary files differ
diff --git a/smdpp-data/certs/DPtls/Old_TLS_Validity/Expired 2021/CERT_S_SM_DP2_TLS.der b/smdpp-data/certs/DPtls/Old_TLS_Validity/Expired 2021/CERT_S_SM_DP2_TLS.der
new file mode 100644
index 0000000..4f91532
--- /dev/null
+++ b/smdpp-data/certs/DPtls/Old_TLS_Validity/Expired 2021/CERT_S_SM_DP2_TLS.der
Binary files differ
diff --git a/smdpp-data/certs/DPtls/Old_TLS_Validity/Expired 2021/CERT_S_SM_DP4_TLS.der b/smdpp-data/certs/DPtls/Old_TLS_Validity/Expired 2021/CERT_S_SM_DP4_TLS.der
new file mode 100644
index 0000000..70820fa
--- /dev/null
+++ b/smdpp-data/certs/DPtls/Old_TLS_Validity/Expired 2021/CERT_S_SM_DP4_TLS.der
Binary files differ
diff --git a/smdpp-data/certs/DPtls/Old_TLS_Validity/Expired 2021/CERT_S_SM_DP8_TLS.der b/smdpp-data/certs/DPtls/Old_TLS_Validity/Expired 2021/CERT_S_SM_DP8_TLS.der
new file mode 100644
index 0000000..33cc6fb
--- /dev/null
+++ b/smdpp-data/certs/DPtls/Old_TLS_Validity/Expired 2021/CERT_S_SM_DP8_TLS.der
Binary files differ
diff --git a/smdpp-data/certs/DPtls/Old_TLS_Validity/Expired 2021/CERT_S_SM_DP_TLS_BRP.der b/smdpp-data/certs/DPtls/Old_TLS_Validity/Expired 2021/CERT_S_SM_DP_TLS_BRP.der
new file mode 100644
index 0000000..5d0ae30
--- /dev/null
+++ b/smdpp-data/certs/DPtls/Old_TLS_Validity/Expired 2021/CERT_S_SM_DP_TLS_BRP.der
Binary files differ
diff --git a/smdpp-data/certs/DPtls/Old_TLS_Validity/Expired 2021/CERT_S_SM_DP_TLS_NIST.der b/smdpp-data/certs/DPtls/Old_TLS_Validity/Expired 2021/CERT_S_SM_DP_TLS_NIST.der
new file mode 100644
index 0000000..38927b1
--- /dev/null
+++ b/smdpp-data/certs/DPtls/Old_TLS_Validity/Expired 2021/CERT_S_SM_DP_TLS_NIST.der
Binary files differ
diff --git a/smdpp-data/certs/DPtls/Old_TLS_Validity/Expired 2022/CERT_S_SM_DP2_TLS.der b/smdpp-data/certs/DPtls/Old_TLS_Validity/Expired 2022/CERT_S_SM_DP2_TLS.der
new file mode 100644
index 0000000..32909ce
--- /dev/null
+++ b/smdpp-data/certs/DPtls/Old_TLS_Validity/Expired 2022/CERT_S_SM_DP2_TLS.der
Binary files differ
diff --git a/smdpp-data/certs/DPtls/Old_TLS_Validity/Expired 2022/CERT_S_SM_DP4_TLS.der b/smdpp-data/certs/DPtls/Old_TLS_Validity/Expired 2022/CERT_S_SM_DP4_TLS.der
new file mode 100644
index 0000000..ea11075
--- /dev/null
+++ b/smdpp-data/certs/DPtls/Old_TLS_Validity/Expired 2022/CERT_S_SM_DP4_TLS.der
Binary files differ
diff --git a/smdpp-data/certs/DPtls/Old_TLS_Validity/Expired 2022/CERT_S_SM_DP8_TLS.der b/smdpp-data/certs/DPtls/Old_TLS_Validity/Expired 2022/CERT_S_SM_DP8_TLS.der
new file mode 100644
index 0000000..93a0cc0
--- /dev/null
+++ b/smdpp-data/certs/DPtls/Old_TLS_Validity/Expired 2022/CERT_S_SM_DP8_TLS.der
Binary files differ
diff --git a/smdpp-data/certs/DPtls/Old_TLS_Validity/Expired 2022/CERT_S_SM_DP_TLS_BRP.der b/smdpp-data/certs/DPtls/Old_TLS_Validity/Expired 2022/CERT_S_SM_DP_TLS_BRP.der
new file mode 100644
index 0000000..3d00317
--- /dev/null
+++ b/smdpp-data/certs/DPtls/Old_TLS_Validity/Expired 2022/CERT_S_SM_DP_TLS_BRP.der
Binary files differ
diff --git a/smdpp-data/certs/DPtls/Old_TLS_Validity/Expired 2022/CERT_S_SM_DP_TLS_NIST.der b/smdpp-data/certs/DPtls/Old_TLS_Validity/Expired 2022/CERT_S_SM_DP_TLS_NIST.der
new file mode 100644
index 0000000..179c37b
--- /dev/null
+++ b/smdpp-data/certs/DPtls/Old_TLS_Validity/Expired 2022/CERT_S_SM_DP_TLS_NIST.der
Binary files differ
diff --git a/smdpp-data/certs/DPtls/Old_TLS_Validity/Expired 2023/CERT_S_SM_DP2_TLS.der b/smdpp-data/certs/DPtls/Old_TLS_Validity/Expired 2023/CERT_S_SM_DP2_TLS.der
new file mode 100644
index 0000000..da5516c
--- /dev/null
+++ b/smdpp-data/certs/DPtls/Old_TLS_Validity/Expired 2023/CERT_S_SM_DP2_TLS.der
Binary files differ
diff --git a/smdpp-data/certs/DPtls/Old_TLS_Validity/Expired 2023/CERT_S_SM_DP4_TLS.der b/smdpp-data/certs/DPtls/Old_TLS_Validity/Expired 2023/CERT_S_SM_DP4_TLS.der
new file mode 100644
index 0000000..b1c222c
--- /dev/null
+++ b/smdpp-data/certs/DPtls/Old_TLS_Validity/Expired 2023/CERT_S_SM_DP4_TLS.der
Binary files differ
diff --git a/smdpp-data/certs/DPtls/Old_TLS_Validity/Expired 2023/CERT_S_SM_DP8_TLS.der b/smdpp-data/certs/DPtls/Old_TLS_Validity/Expired 2023/CERT_S_SM_DP8_TLS.der
new file mode 100644
index 0000000..638e4a1
--- /dev/null
+++ b/smdpp-data/certs/DPtls/Old_TLS_Validity/Expired 2023/CERT_S_SM_DP8_TLS.der
Binary files differ
diff --git a/smdpp-data/certs/DPtls/Old_TLS_Validity/Expired 2023/CERT_S_SM_DP_TLS_BRP.der b/smdpp-data/certs/DPtls/Old_TLS_Validity/Expired 2023/CERT_S_SM_DP_TLS_BRP.der
new file mode 100644
index 0000000..6746cbb
--- /dev/null
+++ b/smdpp-data/certs/DPtls/Old_TLS_Validity/Expired 2023/CERT_S_SM_DP_TLS_BRP.der
Binary files differ
diff --git a/smdpp-data/certs/DPtls/Old_TLS_Validity/Expired 2023/CERT_S_SM_DP_TLS_NIST.der b/smdpp-data/certs/DPtls/Old_TLS_Validity/Expired 2023/CERT_S_SM_DP_TLS_NIST.der
new file mode 100644
index 0000000..6977bd3
--- /dev/null
+++ b/smdpp-data/certs/DPtls/Old_TLS_Validity/Expired 2023/CERT_S_SM_DP_TLS_NIST.der
Binary files differ
diff --git a/smdpp-data/certs/DPtls/PK_S_SM_DP2_TLS_NIST.pem b/smdpp-data/certs/DPtls/PK_S_SM_DP2_TLS_NIST.pem
new file mode 100644
index 0000000..702bcf7
--- /dev/null
+++ b/smdpp-data/certs/DPtls/PK_S_SM_DP2_TLS_NIST.pem
@@ -0,0 +1,4 @@
+-----BEGIN PUBLIC KEY-----
+MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEGtkADHVON2E+dQ+3v3NC/tULwHJS
+7YRla0XW9wh4lQip/+CWFyOvEe/I3aaaafK1GIuzEhOCCrLdHvWALo/Utg==
+-----END PUBLIC KEY-----
diff --git a/smdpp-data/certs/DPtls/PK_S_SM_DP4_TLS.pem b/smdpp-data/certs/DPtls/PK_S_SM_DP4_TLS.pem
new file mode 100644
index 0000000..9c165c7
--- /dev/null
+++ b/smdpp-data/certs/DPtls/PK_S_SM_DP4_TLS.pem
@@ -0,0 +1,4 @@
+-----BEGIN PUBLIC KEY-----
+MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEOtvoTSOoGvY7otiZg2y7aKdiVrMN
+cCYwPcNrwV32ETbE++cCAbTFpm49rGsrO5V6mbtOdBAD6L90LwgTAqp9pg==
+-----END PUBLIC KEY-----
diff --git a/smdpp-data/certs/DPtls/PK_S_SM_DP8_TLS.pem b/smdpp-data/certs/DPtls/PK_S_SM_DP8_TLS.pem
new file mode 100644
index 0000000..0ff4586
--- /dev/null
+++ b/smdpp-data/certs/DPtls/PK_S_SM_DP8_TLS.pem
@@ -0,0 +1,4 @@
+-----BEGIN PUBLIC KEY-----
+MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEzkExGPpkmW7Yspv8rIUzg+ZdPyKh
+meeWa/QGmmlYOSvlOdAA6lGlSIsQh9brR8ABhG0eaH7EkOgagJZJQgxSaw==
+-----END PUBLIC KEY-----
diff --git a/smdpp-data/certs/DPtls/PK_S_SM_DP_TLS_BRP.pem b/smdpp-data/certs/DPtls/PK_S_SM_DP_TLS_BRP.pem
new file mode 100644
index 0000000..8fd826f
--- /dev/null
+++ b/smdpp-data/certs/DPtls/PK_S_SM_DP_TLS_BRP.pem
@@ -0,0 +1,4 @@
+-----BEGIN PUBLIC KEY-----
+MFowFAYHKoZIzj0CAQYJKyQDAwIIAQEHA0IABEwizNgsjQIh+dhUO3LhB7zJ/ZBU
+1mx1wOt0p73nMOdhjvZbJwteguQ6eW+N7guvivvrilNiU3oC/WXHnkEZa7U=
+-----END PUBLIC KEY-----
diff --git a/smdpp-data/certs/DPtls/PK_S_SM_DP_TLS_NIST.pem b/smdpp-data/certs/DPtls/PK_S_SM_DP_TLS_NIST.pem
new file mode 100644
index 0000000..15ea8ea
--- /dev/null
+++ b/smdpp-data/certs/DPtls/PK_S_SM_DP_TLS_NIST.pem
@@ -0,0 +1,4 @@
+-----BEGIN PUBLIC KEY-----
+MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEKCQwdc6O/R+uZ2g5QH2ybkzLQ3CU
+YhybOWEz8bJLtQG4/k6yTT4NOS8lP28blGJws8opLjTbb3qHs6X2rJRfCA==
+-----END PUBLIC KEY-----
diff --git a/smdpp-data/certs/DPtls/SK_S_SM_DP2_TLS_NIST.pem b/smdpp-data/certs/DPtls/SK_S_SM_DP2_TLS_NIST.pem
new file mode 100644
index 0000000..b25606d
--- /dev/null
+++ b/smdpp-data/certs/DPtls/SK_S_SM_DP2_TLS_NIST.pem
@@ -0,0 +1,8 @@
+-----BEGIN EC PARAMETERS-----
+BggqhkjOPQMBBw==
+-----END EC PARAMETERS-----
+-----BEGIN EC PRIVATE KEY-----
+MHcCAQEEIE5lYcZAiPZpkHrb45SxGoQkLgM6gqiEAjFjbckbTuP1oAoGCCqGSM49
+AwEHoUQDQgAEGtkADHVON2E+dQ+3v3NC/tULwHJS7YRla0XW9wh4lQip/+CWFyOv
+Ee/I3aaaafK1GIuzEhOCCrLdHvWALo/Utg==
+-----END EC PRIVATE KEY-----
diff --git a/smdpp-data/certs/DPtls/SK_S_SM_DP4_TLS.pem b/smdpp-data/certs/DPtls/SK_S_SM_DP4_TLS.pem
new file mode 100644
index 0000000..32bdfde
--- /dev/null
+++ b/smdpp-data/certs/DPtls/SK_S_SM_DP4_TLS.pem
@@ -0,0 +1,8 @@
+-----BEGIN EC PARAMETERS-----
+BggqhkjOPQMBBw==
+-----END EC PARAMETERS-----
+-----BEGIN EC PRIVATE KEY-----
+MHcCAQEEIPJlnS9Sj0sRN0DVig0q8+srSOEiwrYKavb8lq2Gvm+koAoGCCqGSM49
+AwEHoUQDQgAEOtvoTSOoGvY7otiZg2y7aKdiVrMNcCYwPcNrwV32ETbE++cCAbTF
+pm49rGsrO5V6mbtOdBAD6L90LwgTAqp9pg==
+-----END EC PRIVATE KEY-----
diff --git a/smdpp-data/certs/DPtls/SK_S_SM_DP8_TLS.pem b/smdpp-data/certs/DPtls/SK_S_SM_DP8_TLS.pem
new file mode 100644
index 0000000..51ca168
--- /dev/null
+++ b/smdpp-data/certs/DPtls/SK_S_SM_DP8_TLS.pem
@@ -0,0 +1,8 @@
+-----BEGIN EC PARAMETERS-----
+BggqhkjOPQMBBw==
+-----END EC PARAMETERS-----
+-----BEGIN EC PRIVATE KEY-----
+MHcCAQEEIP9uSlCbrds4EIgxwjzMLUQwevKB6SWWf4zfHZVUoCiNoAoGCCqGSM49
+AwEHoUQDQgAEzkExGPpkmW7Yspv8rIUzg+ZdPyKhmeeWa/QGmmlYOSvlOdAA6lGl
+SIsQh9brR8ABhG0eaH7EkOgagJZJQgxSaw==
+-----END EC PRIVATE KEY-----
diff --git a/smdpp-data/certs/DPtls/SK_S_SM_DP_TLS_BRP.pem b/smdpp-data/certs/DPtls/SK_S_SM_DP_TLS_BRP.pem
new file mode 100644
index 0000000..6ad37b0
--- /dev/null
+++ b/smdpp-data/certs/DPtls/SK_S_SM_DP_TLS_BRP.pem
@@ -0,0 +1,8 @@
+-----BEGIN EC PARAMETERS-----
+BgkrJAMDAggBAQc=
+-----END EC PARAMETERS-----
+-----BEGIN EC PRIVATE KEY-----
+MHgCAQEEID9nFSgCs/TH+uZ5WFX2glQeReNe//TooFVloPGRKnguoAsGCSskAwMC
+CAEBB6FEA0IABEwizNgsjQIh+dhUO3LhB7zJ/ZBU1mx1wOt0p73nMOdhjvZbJwte
+guQ6eW+N7guvivvrilNiU3oC/WXHnkEZa7U=
+-----END EC PRIVATE KEY-----
diff --git a/smdpp-data/certs/DPtls/SK_S_SM_DP_TLS_NIST.pem b/smdpp-data/certs/DPtls/SK_S_SM_DP_TLS_NIST.pem
new file mode 100644
index 0000000..c1329f9
--- /dev/null
+++ b/smdpp-data/certs/DPtls/SK_S_SM_DP_TLS_NIST.pem
@@ -0,0 +1,8 @@
+-----BEGIN EC PARAMETERS-----
+BggqhkjOPQMBBw==
+-----END EC PARAMETERS-----
+-----BEGIN EC PRIVATE KEY-----
+MHcCAQEEIKA+fORVBHS+pLeoc5nOWoyfZhtoD5QBOf/4Tp3sak2MoAoGCCqGSM49
+AwEHoUQDQgAEKCQwdc6O/R+uZ2g5QH2ybkzLQ3CUYhybOWEz8bJLtQG4/k6yTT4N
+OS8lP28blGJws8opLjTbb3qHs6X2rJRfCA==
+-----END EC PRIVATE KEY-----