Trošku se mi to protáhlo.
Takže. Můj QR kód je podepsaný klíčem s KID `7b8947e88e223083`, certifikát MZCR s tímto KID:
-----BEGIN PUBLIC KEY----- MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEUIzSq5MMYg2oez/kdjVH73ZPmI3l AQZTJsLOGqhJNcahsn+m5vFLeODWFM6/hXQGSL56sIjbKMrYa17lKNAKUw== -----END PUBLIC KEY-----
-----BEGIN CERTIFICATE----- MIIC+DCCAWCgAwIBAgIJAPCdQkQSJ0AzMA0GCSqGSIb3DQEBCwUAMDQxCzAJBgNV BAYTAkNaMQ0wCwYDVQQKDARNWkNSMRYwFAYDVQQDDA1DWiBEU0MgQ1NDQSAxMB4X DTIxMDUwNjE0MjQwMFoXDTIzMDUwNjE0MjQwMFowLzELMAkGA1UEBhMCQ1oxDTAL BgNVBAoMBE1aQ1IxETAPBgNVBAMMCENaIERTQyAxMFkwEwYHKoZIzj0CAQYIKoZI zj0DAQcDQgAEUIzSq5MMYg2oez/kdjVH73ZPmI3lAQZTJsLOGqhJNcahsn+m5vFL eODWFM6/hXQGSL56sIjbKMrYa17lKNAKU6NdMFswHQYDVR0OBBYEFDReRuL4VneL cO8YqdVWn2+gpPl9MB8GA1UdIwQYMBaAFC/bK8h2pE3CPr4rUiBzxjSdjqnHMAkG A1UdEwQCMAAwDgYDVR0PAQH/BAQDAgeAMA0GCSqGSIb3DQEBCwUAA4IBgQAZpv8/ b4k+QxliHeWKAiJ34OKMEYh8xn1Dc9+55f+h0NLY4ZSelGrf2SrJIt9yhomzjOQU ARqiumbuSzZMMPUNzKIRsPSa1NkfRq7y3QehG+cuhKKdLYpWErjRdp97gubCVGLX ld7+iuschYCwAztKnyPof94yPgAGkdCEnTNW1z6tc33E/Fnd59nF8/JBZdSTt2uR XxFY8plasmoRzdXYASwTUyXXheZcG+KNYJ5NxYSF3LJeF81ucJ6mWkAk+MwoJXVu 7VVZ6pn51JPL+YyArV2FaN8lWs9QYW2XgCuUTm4IC9T/BgVKTstr6eGQiHLOEbyE 8NmLond1Bzv27ClLXEBvL9lIqJ5hJFvVWbfpNPvJAjI4z3LA7DuYgQ3ws8mf0iMW +4aOkLCd7dv0HNcUPoHUOTelgcfAzEsZuajUcH3uGwgcs2wEBdW1KfqEP8L7bgwB GC+UGe1yeGM4k7OYOnGP2SMm3Gk+MrYaqW51Fun20bcXkagDxMJh06PpDm4= -----END CERTIFICATE-----
Certificate: Data: Version: 3 (0x2) Serial Number: f0:9d:42:44:12:27:40:33 Signature Algorithm: sha256WithRSAEncryption Issuer: C = CZ, O = MZCR, CN = CZ DSC CSCA 1 Validity Not Before: May 6 14:24:00 2021 GMT Not After : May 6 14:24:00 2023 GMT Subject: C = CZ, O = MZCR, CN = CZ DSC 1 Subject Public Key Info: Public Key Algorithm: id-ecPublicKey Public-Key: (256 bit) pub: 04:50:8c:d2:ab:93:0c:62:0d:a8:7b:3f:e4:76:35: 47:ef:76:4f:98:8d:e5:01:06:53:26:c2:ce:1a:a8: 49:35:c6:a1:b2:7f:a6:e6:f1:4b:78:e0:d6:14:ce: bf:85:74:06:48:be:7a:b0:88:db:28:ca:d8:6b:5e: e5:28:d0:0a:53 ASN1 OID: prime256v1 NIST CURVE: P-256 X509v3 extensions: X509v3 Subject Key Identifier: 34:5E:46:E2:F8:56:77:8B:70:EF:18:A9:D5:56:9F:6F:A0:A4:F9:7D X509v3 Authority Key Identifier: keyid:2F:DB:2B:C8:76:A4:4D:C2:3E:BE:2B:52:20:73:C6:34:9D:8E:A9:C7 X509v3 Basic Constraints: CA:FALSE X509v3 Key Usage: critical Digital Signature Signature Algorithm: sha256WithRSAEncryption 19:a6:ff:3f:6f:89:3e:43:19:62:1d:e5:8a:02:22:77:e0:e2: 8c:11:88:7c:c6:7d:43:73:df:b9:e5:ff:a1:d0:d2:d8:e1:94: 9e:94:6a:df:d9:2a:c9:22:df:72:86:89:b3:8c:e4:14:01:1a: a2:ba:66:ee:4b:36:4c:30:f5:0d:cc:a2:11:b0:f4:9a:d4:d9: 1f:46:ae:f2:dd:07:a1:1b:e7:2e:84:a2:9d:2d:8a:56:12:b8: d1:76:9f:7b:82:e6:c2:54:62:d7:95:de:fe:8a:eb:1c:85:80: b0:03:3b:4a:9f:23:e8:7f:de:32:3e:00:06:91:d0:84:9d:33: 56:d7:3e:ad:73:7d:c4:fc:59:dd:e7:d9:c5:f3:f2:41:65:d4: 93:b7:6b:91:5f:11:58:f2:99:5a:b2:6a:11:cd:d5:d8:01:2c: 13:53:25:d7:85:e6:5c:1b:e2:8d:60:9e:4d:c5:84:85:dc:b2: 5e:17:cd:6e:70:9e:a6:5a:40:24:f8:cc:28:25:75:6e:ed:55: 59:ea:99:f9:d4:93:cb:f9:8c:80:ad:5d:85:68:df:25:5a:cf: 50:61:6d:97:80:2b:94:4e:6e:08:0b:d4:ff:06:05:4a:4e:cb: 6b:e9:e1:90:88:72:ce:11:bc:84:f0:d9:8b:a2:77:75:07:3b: f6:ec:29:4b:5c:40:6f:2f:d9:48:a8:9e:61:24:5b:d5:59:b7: e9:34:fb:c9:02:32:38:cf:72:c0:ec:3b:98:81:0d:f0:b3:c9: 9f:d2:23:16:fb:86:8e:90:b0:9d:ed:db:f4:1c:d7:14:3e:81: d4:39:37:a5:81:c7:c0:cc:4b:19:b9:a8:d4:70:7d:ee:1b:08: 1c:b3:6c:04:05:d5:b5:29:fa:84:3f:c2:fb:6e:0c:01:18:2f: 94:19:ed:72:78:63:38:93:b3:98:3a:71:8f:d9:23:26:dc:69: 3e:32:b6:1a:a9:6e:75:16:e9:f6:d1:b7:17:91:a8:03:c4:c2: 61:d3:a3:e9:0e:6e
Jde o 'certificateType': 'DSC'
, MZCR má kromě toho ještě certifikáty typu CSCA
(kořenová certifikační autorita, issuer/subject = C = CZ, O = MZCR, CN = CZ DSC CSCA 1
), AUTHENTICATION
a UPLOAD
(tyto budou pravděpodobně sloužit pro komunikaci s evropskou gatewayí).