# Test Data To Verify Your CertificateInstallationRes Signature

This file provides test data needed to reproduce the same digest and signature values for a CertificateInstallationRes. This test data is provided for your convenience to verify that your implementation of creating and verifying digital XML-based signatures is correct.

Further explanation is given in the ISO 15118 Manual in section 3.11.3 "Test Data To Verify Your CertificateInstallationRes".
For further explanation why the different usage of XML namespace matters with regards to the resulting digest and signature values, have a look at section 3.11.4 "Pitfalls with Signatures And XML Namespaces" in the [ISO 15118 Manual](http://v2g-clarity.com/en/iso15118-masterclass/ebook/).



## TEST DATA SETUP


### Private key for signature creation

The private key used to create the signature for the CertificateInstallationRes is the one belonging to the Sub-CA 2 of the Mobility Operator. See file moSubCA2.key.
The 32 bytes represent the raw x data.

5075C1E2B9911F0CCE98354F949F834CD11165F8940C7FA48B8A244436C1CE43


### Public key for signature verification

The public key used to verify the signature of the CertificateInstallationRes is part of the certificate associated with the Sub-CA 2 of the Mobility Operator. The 64 bytes represent a point on the elliptic curve, thus the raw x-coordinate and y-coordinate. The public key has an additional byte 0x04 in the beginning to represent the uncompressed form as demanded by the ISO 15118-2, resulting in 65 bytes in total.

041D0B66B06A63F9E1BFC728A028704D24B0336C580CFEFF092F4B875E0677FCBC3A7B39E53582672FBB5D7BD1174E25EAC542334EC443CBA81DB59D7830B7949B


### Parameter ContractSignatureCertChain

The certificate chain provided by the Mobility Operator comprises the contract certificate and the intermediate Sub-CA certificates. 
All Mobility Operator certificates are packaged in the PKCS#12 container file moCertChain.p12. But you can also access every single certificate by its own, if you want: the contractCert, moSubCA2, and moSubCA1 (each provided in .pem and .der format). Be aware that the order in which the certificates are placed in the SubCertificates element is important. The first element is the Sub-CA 2 certificate, followed by the Sub-CA 1 certificate.
Also, the certificates' validity period might already have expired by the time you use this test data. But that is not a problem for this issue. 


### Parameter ContractSignatureEncryptedPrivateKey

This parameter holds the encrypted private key that belongs to the contract certificate as well as a so-called initialization vector (IV) of 16 bytes length that is needed for the AES cipher. The IV is represented by the first (also known as most significant) 16 bytes of this parameter. 

1520AFFF79C2729744C3C0B90038A52063461BC0E29C8BBE029DF437C69AB7780399921A23D96FA77871E720B9D49430


### Parameter DHpublickey

The DHpublickey is the public key of a generated ECDH key pair. The private key of this key pair is used to create the session key with which the private key that belongs to the contract certificate is encrypted. Again, with an additional byte 0x04 prepended as demanded by ISO 15118-2 to represent the uncompressed form of a public key.

04EC801A167AA60762B8F648902BAFFC60EF13329A860F5D0B7D84A22CC8F00C05B998DA328C719DAF1139ABF6F21B8B27CC201E9A4E3DDA6905B27C3B2831CF18


### Parameter eMAID

Let's use the following eMAID for this test case: DEABCC123ABC56


### Parameter SAProvisioningCertificateChain

The signature is built over the four parameters mentioned above. The Certificate Provisioning Service's (CPS) certificate chain is not part of the signature. However, the CPS's Sub-CA 2 certificate holds the public key (printed further above in hexadecimal notation for your convenience) with which you need to verify the signature . If you also want to validate the CPS's chain of certificates all the way up to the V2G root certificate, then use the PKCS#12 container file cpsCertChain.p12 and the v2gRootCA.pem or v2gRootCA.der file. All certificates in cpsCertChain.p12 are also provided as single certificates in this folder.



## XML REFERENCE ELEMENT GENERATION WITH CORRECT XML NAMESPACE "urn:iso:15118:2:2013:MsgBody"

The following values are created using the XML namespace "urn:iso:15118:2:2013:MsgBody". 


### ContractSignatureCertChain

EXI:
8021015A590C4D803308201D43082017AA00302010202010C300A06082A8648CE3D040302304F3111300F06035504030C084D4F53756243413231193017060355040A0C1052495345205632472050726F6A656374310B300906035504061302444531123010060A0992268993F22C64011916024D4F301E170D3137303832343135343733335A170D3139303832343135343733335A30573119301706035504030C1044452D4142432D43313233414243353631193017060355040A0C1052495345205632472050726F6A656374310B300906035504061302444531123010060A0992268993F22C64011916024D4F3059301306072A8648CE3D020106082A8648CE3D03010703420004D62CD181B6F03EF7E07519C2FB05D564C71D39E61A35E2E5428E78319CEFE97B8A1A17FCE1C67F8182317CFB3C7887395A6D24851EBA4A79D71F125AD631A029A33F303D300C0603551D130101FF04023000300E0603551D0F0101FF0404030203E8301D0603551D0E04160414D8A12B386B13276BDCD9D2B6FF243A797F28113F300A06082A8648CE3D0403020348003045022011BC1BA0E6C2C43AACE28233DDDEA4BDB36B00F0282EC888D49597DD76D753B3022100CD3870E39A3D4467CF85FB16356A739B2DA3097C93ADDB2BDC8A7E8EC7FBF17A06B81984100E9984100BC500181008101008598050304154324671E8201811827988898078301AA8201860426A7A9BAB121A098988C980B8301AA820506082924A9A2902B192390283937B532B1BA188598048301AA82030981222298891808030504C91344C9F91632008C8B0126A7980F0B86989B981C191A189A9A1B9999AD0B869918981C1919989A9A1B9999AD1827988898078301AA8201860426A7A9BAB121A099188C980B8301AA820506082924A9A2902B192390283937B532B1BA188598048301AA82030981222298891808030504C91344C9F91632008C8B0126A7982C98098303954324671E81008304154324671E81808381A100020E85B3583531FCF0DFE39450143826925819B62C067F7F8497A5C3AF033BFE5E1D3D9CF29AC13397DDAEBDE88BA712F562A119A76221E5D40EDACEBC185BCA4DD1A2982198090301AA8E898080FF820418030080FF81008018070301AA8E878080FF8202018100E3180E8301AA8E87020B020A0EEAFC27CB55E3659AE36178118E9A3AF36B5F0818050304154324671E82018101A48018230110806519652E19754D151E61BCA4552FD635BFA22941B2E16E205998359E0CACC56101108052FFEE2EECBF2CBF30566DD00DABE533E95C163079C58A416DA4631EF6F2C03F86A81984100E8984100BC500181008101008518050304154324671E8201811827988898078301AA8201860426A7A937B7BA21A0988C980B8301AA820506082924A9A2902B192390283937B532B1BA188598048301AA82030981222298891808030504C91344C9F91632008C8B0126A7980F0B86989B981C191A189A9A1B9999AD0B869918981C1919989A9A1B9999AD1827988898078301AA8201860426A7A9BAB121A098988C980B8301AA820506082924A9A2902B192390283937B532B1BA188598048301AA82030981222298891808030504C91344C9F91632008C8B0126A7982C98098303954324671E81008304154324671E81808381A10002606D49CDDEDB507490D545576D3EF47652741494DF8BC7162AC62C8C26CF6BD497D1722204195C5548B6D43A58100FDBC4F088C72285C62A3CAC9166D7014895D1A2982198090301AA8E898080FF820418030080FF81008098070301AA8E878080FF820201810083180E8301AA8E87020B020A20DE09BA068BB96CE9508AF6F4169B66874E8FFA18050304154324671E82018101A38018220110016F5355C84F1580680D99BC59BAB5F047ED6D346AA7ED84D4A668EBB4672E200110290994F9505A490DA7B74774FDD122E696D19169911CE583A59D5563C6D7296897A00

SHA-256:
A993EA30EB05C7FC0FB96AF2D8FF0859D012380993D63DD833395D4A9D331A84

Base64 encoded SHA-256:
qZPqMOsFx/wPuWry2P8IWdASOAmT1j3YMzldSp0zGoQ=



### ContractSignatureEncryptedPrivateKey

EXI:
802202B4B2190C05482BFFDE709CA5D130F02E400E294818D186F038A722EF80A77D0DF1A6ADDE00E6648688F65BE9DE1C79C82E75250C1E80


SHA-256:
DC16ECAF420130C531A5B0C2BDCF31503ED7D84AEEB047AF1870EC48991B3A00

Base64 encoded SHA-256:
3Bbsr0IBMMUxpbDCvc8xUD7X2ErusEevGHDsSJkbOgA=


### DHpublickey

EXI:
802D02B4B21990413B2006859EA981D8AE3D92240AEBFF183BC4CCA6A183D742DF61288B323C03016E66368CA31C676BC44E6AFDBC86E2C9F30807A6938F769A416C9F0ECA0C73C61E80

SHA-256:
C81FCBD160FE4A6162DD55ADED51A291DFCEEEA0D1CA52FC4C10EECAF1E5F536

Base64 encoded SHA-256:
yB/L0WD+SmFi3VWt7VGikd/O7qDRylL8TBDuyvHl9TY=



### eMAID

EXI:
80EC0202B4B21A40041111505090D0CC4C8CD05090CD4DBD3D00

SHA-256:
939AF54F14396EC0D827F753C896AC0762AE1E00ACAB57E19AF100243CDD5A6B

Base64 encoded SHA-256:
k5r1TxQ5bsDYJ/dTyJasB2KuHgCsq1fhmvEAJDzdWms=



## SIGNATURE GENERATION WITH CORRECT XML NAMESPACE "urn:iso:15118:2:2013:MsgBody"

EXI:
808112B43A3A381D1797BBBBBB973B999737B93397AA2917B1B0B737B734B1B0B616B2BC3497A1AB43A3A381D1797BBBBBB973B999737B933979918181897981A17BC36B63239B4B396B6B7B93291B2B1B239B096B9B430991A9B220623696432025687474703A2F2F7777772E77332E6F72672F54522F63616E6F6E6963616C2D6578692F4852D0E8E8E0745E5EEEEEEE5CEE665CDEE4CE5E646060625E60685EF0DAD8CADCC646E6D0C2646A6C841B82DD95E8402618A634B61857B9E62A07DAFB095DD608F5E30E1D8913236740008188DA590C4095A1D1D1C0E8BCBDDDDDDCB9DCCCB9BDC99CBD5148BD8D85B9BDB9A58D85B0B595E1A4BD214B43A3A381D1797BBBBBB973B999737B933979918181897981A17BC36B632B73191B9B430991A9B21054C9F5187582E3FE07DCB5796C7F842CE8091C04C9EB1EEC199CAEA54E998D42020623696434025687474703A2F2F7777772E77332E6F72672F54522F63616E6F6E6963616C2D6578692F4852D0E8E8E0745E5EEEEEEE5CEE665CDEE4CE5E646060625E60685EF0DAD8CADCC646E6D0C2646A6C8412735EA9E2872DD81B04FEEA7912D580EC55C3C015956AFC335E2004879BAB4D608188DA590CC095A1D1D1C0E8BCBDDDDDDCB9DCCCB9BDC99CBD5148BD8D85B9BDB9A58D85B0B595E1A4BD214B43A3A381D1797BBBBBB973B999737B933979918181897981A17BC36B632B73191B9B430991A9B210640FE5E8B07F2530B16EAAD6F6A8D148EFE7775068E5297E2608776578F2FA9B0DC

The signature value will never be the same because ECDSA always uses a random seed to generate the signature. Therefore, it does not make sense to provide a signature value here for comparison.
HINT: Do not make the mistake to hash the EXI binary stream before you run ECDSA on it. ECDSA already performs a SHA-256 hashing operation!



## XML REFERENCE ELEMENT GENERATION WITH INCORRECT XML NAMESPACE ""

There was a discussion going on whether the XML elements for a CertificateInstallationRes/CertificateUpdateRes need to be created using the namespace "urn:iso:15118:2:2013:MsgBody" or if using no namespace (the same as using the empty namespace "") is also a possible solution. The [ISO 15118 User Group issue #72](http://extmgmt.kn.e-technik.tu-dortmund.de/issues/172) further elaborates on that and makes clear that the namespace "urn:iso:15118:2:2013:MsgBody" shall be used. Using the empty namespace would NOT conform to the standard's requirements.
However, just to show the difference in the EXI encoding result as well as the difference in message size, the following values are created using the empty XML namespace "". As you can see, those EXI encoding results are bigger in size. This is due to a so-called schema deviation encoding for those message elements.


### ContractSignatureCertChain

EXI: 80F311B436F6E74726163745369676E617475726543657274436861696E4C028006070052056964312E00109805000C7F4089A9292846288868682B0E2CE82EE928482CE92848888829684CECEE2D0D6D49EA0A2A28882D484A09AA48AEE88EEB288ACA2A2888882D09CA8629C62B2D69C849AD48AB49A84C68E8262AA8A86CEEEA2AAD6D8A8A4A684AE9AD6C6CEAA9094ECC2DAACD4C8888A989A82D68E8262AA8A84D09A86A48AAAF08AD482A284CEDE94D6D2C294D65E92E6B4828AB48CCE949CA8F482CA8CEE60F09CF482689AD4A2F09CA8A2669AF49CC28CEE60F09EA882689AD4A2F09CA8A2669AF49CC29A8CC6F08EA882B084CE9CAC84829A9A8A8AA48C98AA8C86A2F262889AA892F4A2AA94889CA8B2F08EA882B084CE9CAC8482DE9A8A8C9494AA60AACEACD49490928C84F2C464E0D8B266A2F086F4829484CE9CAC8482B2A882D6A48C9AA492EE8A82B29686B492DAD2B4A0F2988EA2848EA4B286A8AA70EEAEA882A884CEC6E2D0D6D49EA0A2928484CECEE2D0D6D49EA0A29A8484EE9C868282A8AE989C8E84E8EC8256725684628EC6986E84C8ACD6F0F0606A6AD0DE6268EAAC86D4DCCEF0DC9E5EE0CA68DEC28C5EF4D0F0DC5684CED48C7056F4F068D0F4D8C2C4A6A68C90E4E096CAC8C6CC8AD8E4AE9AC282E0DEF470EEA0A8829A84CE9CAC90A49A8482CC708A82D482829A82688E8262AAC888EE8A845EEEA28A82EE92886C8882C884CE9CAC90A2688A8CCEA2AA64968AE49E8EE6A89464ECC664C896645EF2A26CCAB070DE8AA870EE86CEB29296DEB492F4D4608A82EE9288A68282EEA4A292CE8AC4EEC4DE9EC486F088E2E668DE92F466C86CD6ECC49CE482A082DE98E6D2926294AEB066B0C4B0AA6E9A8692A2889C9E9088D4DAD4628AB470568C56F0B262C2DC9EC498C29A94CC949EE864F2ECC6D2DC6C9EF05EECF0CACE7A7A8E01169805000C2E00114C0280063F6044D494942307A4343415869674177494241674942437A414B42676771686B6A4F50515144416A42504D52457744775944565151444441684E54314E31596B4E424D54455A4D4263474131554543677751556B6C54525342574D6B636755484A76616D566A6444454C4D416B474131554542684D4352455578456A415142676F4A6B69614A6B2F49735A41455A46674A4E547A4165467730784E7A41344D6A51784E5451334D7A4E61467730794D5441344D6A4D784E5451334D7A4E614D4538784554415042674E5642414D4D4345315055335669513045794D526B77467759445651514B4442425353564E464946597952794251636D39715A574E304D517377435159445651514745774A45525445534D42414743676D534A6F6D543869786B41526B57416B31504D466B77457759484B6F5A497A6A3043415159494B6F5A497A6A304441516344516741454851746D7347706A2B65472F787969674B48424E4A4C417A6246674D2F76384A4C30754858675A332F4C7736657A6E6C4E594A6E4C37746465394558546958717855497A5473524479366764745A31344D4C65556D364E464D454D7745675944565230544151482F42416777426745422F7749424144414F42674E56485138424166384542414D4341635977485159445652304F42425945464233562B452B577138624C4E63624338434D644E48586D317234514D416F4743437147534D343942414D4341306B414D4559434951444B4D7370634D7571614B6A7A44655569715836787266305253673258433345437A4D47733847566D4B77674968414B582F3346335A666C6C2B594B7A626F427458796D6653754378673834735567747449786A33743559422F470008A60140031FB0226A4A4A1182A21A1A0AC34B3A0BBA4A120B3A4A121B520A5A133B3B8B435B527A828A8A220B5212826A922BBA23BACA22B28A8A22220B4272A18A53B3119A92228AA22AD26A131A3A098AAA2A1B3BBA8AAB5B62A2929A12BA6B5B1B3AAA4253B30B6AB35322222A626A0B5A3A098AAA2A13426A1A922AABC22B520A8A133B7A535B4B0A53597A4B9AD20A2AD2333A5272A3D20B2A33B983C273D209A26B528BC272A2899A6BD2730A33B983CA6AA209A26B526BC272A2899A6BD2730A6A29C3C22AA20A82133A72B2120A6A6A1A298A82A99AB34A89822BC26A935BBA33BACA22B28A8A5A2212129A9AB272324A32CBCA93CA128B1B69CB8AD2BA71826A8B9BBA1A8ACA22B28A8A3A2BBA522A92A22A9A6A120A3A1B3B6A9A537B6AA1C34BC35A0A935ABA0B598A826A335BBA2BBACA425B7AD24BD351821A0A8ACA4A5B7AD24BD35182220A8B1A228B3A0A2BBA738AA369B991937A7B5B438B7B8BA993719B79BA5AA37A5A9B697A31A1A39AB2CBC2D23A29932989B35BB37BAA922A1A2259A38B8233A38A429BBA4A11599B4B2A2A93535AAA63523291AABA9A6273933A5A9259B272326A2A6BBA2B3ACA22B29182A20A8A417A120B3BBA133A2A117BBA4A120AA20A7A133A72B24289C2120B31C22A120A6A1A0A8ACBBA428ACA22B291827A1212CA2A322A39C2299A8A72319A62D1838A2AB1BB2B3BA27399827B729179826A0B7A3A1A1B8A3A9A69A1CA120A6A1A09831A0A6A2A8A1A4A0A632B838BAA8B734B9A0982139BD32A62718B095A1A8193A383798AA97B121B0B62698323237BD363C20A0B4A129A2BCB73CB7A629A9A3981CBAB53AB71BB7B5AC272630A6B4983CA49ABCBBB22627B8B92435309AA998289E9EABE8


SHA-256:
149E8C972A5108ECA39E0B6BA92F9B3FEC8F266BC1337FD5E2B469A723D5FE06

Base64 encoded SHA-256:
FJ6MlypRCOyjngtrqS+bP+yPJmvBM3/V4rRppyPV/gY=


### ContractSignatureEncryptedPrivateKey

EXI:
80F3125436F6E74726163745369676E6174757265456E63727970746564507269766174654B65794C028006070052056964326848CA686EC5E66DC86C6E0C88AEE70866A8288D2D8928E9C8E8E7088D2DC92EA5682E066609C70C2C2E866CE88DAB492C29272D8ECE066D0F06AF2866A6294A2EEFA00

SHA-256:
7F1D245F01367284C9412D1EBC714F64F25707693C28CC4AFAE584E5E0355D5E

Base64 encoded SHA-256:
fx0kXwE2coTJQS0evHFPZPJXB2k8KMxK+uWE5eA1XV4=


### DHpublickey

EXI:
80F310C44487075626C69636B65794C028006070052056964336B4849EF2828ED0B46CE0CEC8D2EAA0B492D686EAEC5E8E88EC8AF496C2D0CE72C88666648ADED2F4927082EE8CEAB4D4C29ADEF0F0DCC270A49EC2EC6470D0EA989470EECE90E0E09EA0C8E0E084C494709EF2CEF0F4F0CE7AFA00

SHA-256:
105A7E05E5DE4FB03F050E213B01457D634C3F186CC4A28DA6403349286A5F59

Base64 encoded SHA-256:
EFp+BeXeT7A/BQ4hOwFFfWNMPxhsxKKNpkAzSShqX1k=


### eMAID

EXI:
80F3106654D4149444C02800607005205696434620888A828486866264668284866A6CFA00

SHA-256:
45CD81DFFD1A56BB5F4A796B804CA71721AF434587E0ED803A09EAEBADBB8479

Base64 encoded SHA-256:
Rc2B3/0aVrtfSnlrgEynFyGvQ0WH4O2AOgnq6627hHk=



## SIGNATURE GENERATION WITH INCORRECT XML NAMESPACE ""

EXI:
808112B43A3A381D1797BBBBBB973B999737B93397AA2917B1B0B737B734B1B0B616B2BC3497A1AB43A3A381D1797BBBBBB973B999737B933979918181897981A17BC36B63239B4B396B6B7B93291B2B1B239B096B9B430991A9B220623696432025687474703A2F2F7777772E77332E6F72672F54522F63616E6F6E6963616C2D6578692F4852D0E8E8E0745E5EEEEEEE5CEE665CDEE4CE5E646060625E60685EF0DAD8CADCC646E6D0C2646A6C840FE3A48BE026CE50992825A3D78E29EC9E4AE0ED278519895F5CB09CBC06ABABC08188DA590C4095A1D1D1C0E8BCBDDDDDDCB9DCCCB9BDC99CBD5148BD8D85B9BDB9A58D85B0B595E1A4BD214B43A3A381D1797BBBBBB973B999737B933979918181897981A17BC36B632B73191B9B430991A9B2100A4F464B9528847651CF05B5D497CD9FF6479335E099BFEAF15A34D391EAFF03020623696434025687474703A2F2F7777772E77332E6F72672F54522F63616E6F6E6963616C2D6578692F4852D0E8E8E0745E5EEEEEEE5CEE665CDEE4CE5E646060625E60685EF0DAD8CADCC646E6D0C2646A6C8408B9B03BFFA34AD76BE94F2D700994E2E435E868B0FC1DB007413D5D75B7708F208188DA590CC095A1D1D1C0E8BCBDDDDDDCB9DCCCB9BDC99CBD5148BD8D85B9BDB9A58D85B0B595E1A4BD214B43A3A381D1797BBBBBB973B999737B933979918181897981A17BC36B632B73191B9B430991A9B210082D3F02F2EF27D81F8287109D80A2BEB1A61F8C36625146D32019A494352FAC8DC

The signature value will never be the same because ECDSA always uses a random seed to generate the signature. Therefore, it does not make sense to provide a signature value here for comparison.
HINT: Do not make the mistake to hash the EXI binary stream before you run ECDSA on it. ECDSA already performs a SHA-256 hashing operation!