diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000000000000000000000000000000000000..6d85c242d838afc67ea62f3c6459a18760bc8d50
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1,9 @@
+__pycache__/ui.cpython-37.pyc
+./tokens/*.der
+./credentials/*.der
+__pycache__/ui.cpython-39.pyc
+
+.vscode/launch.json
+.vscode/settings.json
+
+
diff --git a/ATK_DUMP.png b/ATK_DUMP.png
new file mode 100644
index 0000000000000000000000000000000000000000..75e106d48a7a6ad858a1c9ee304d12460ecb2fd8
Binary files /dev/null and b/ATK_DUMP.png differ
diff --git a/CreateAuthCommand.py b/CreateAuthCommand.py
new file mode 100644
index 0000000000000000000000000000000000000000..bc2898f24e084649415b17a31decfc0b30040f2e
--- /dev/null
+++ b/CreateAuthCommand.py
@@ -0,0 +1,418 @@
+import uuid
+import asn1tools
+import yaml
+from cryptography import x509
+from cryptography.hazmat.backends import default_backend
+from cryptography.hazmat.primitives import hashes, serialization
+from cryptography.hazmat.primitives.asymmetric import ec
+from cryptography.hazmat.primitives.ciphers import Cipher, algorithms, modes
+from cryptography.hazmat.primitives.kdf.x963kdf import X963KDF
+from cryptography.x509.oid import NameOID
+
+import constante as cts
+from CreateCertificate import PrivateKey
+from ui import UI
+
+AAS_MODEL = ['RFC5280.asn', 'RFC3279.asn', 'SSP_ASN.asn']
+
+
+class SSPAuthenticationCommand:
+    """Base class for a handling a SSP token."""
+
+    def __init__(self):
+        """Instantiate the object."""
+        self.setModel(AAS_MODEL)
+
+    def setModel(self, modeles):
+        """Set the ASN.1 model."""
+        self.model = asn1tools.compile_files(modeles, 'der')
+        # for type in self.model.types:
+        #     print(type)
+
+    def generateChallengeCommand(self, parameters=None):
+        """ Generate the AAS-OP-GET-CHALLENGE-Service-Command."""
+        m_aas_command = self.model.encode(
+            'AAS-CONTROL-SERVICE-GATE-Commands',
+            ('aAAS-OP-GET-CHALLENGE-Service-Command', {})
+            )
+        with open(cts.PATH_CREDENTIALS +
+                  "aAAS-OP-GET-CHALLENGE-Service-Command" +
+                  ".der", "wb") as f:
+            f.write(m_aas_command)
+
+    def generateChallengeResponse(self, parameters=None):
+        """ Generate the AAS-OP-GET-CHALLENGE-Service-Response."""
+        with open(cts.PATH_CREDENTIALS + parameters[cts.KW_PATH] +
+                  ".der", "rb") as f:
+            aCertificates = f.read()
+        m_aCertificates = self.model.decode('Certificates', aCertificates)
+        with open(cts.PATH_CREDENTIALS + parameters[cts.KW_CHALLENGE] +
+                  ".bin", "rb") as f:
+            aChallenge = f.read()
+
+        m_aas_response = self.model.encode(
+            'AAS-CONTROL-SERVICE-GATE-Responses',
+            ('aAAS-OP-GET-CHALLENGE-Service-Response',
+                {'aParameter': {'aChallenge': aChallenge,
+                                'aCertificates': m_aCertificates
+                                }
+                 }))
+        with open(cts.PATH_CREDENTIALS + parameters[cts.KW_NAME] +
+                  ".der", "wb") as f:
+            f.write(m_aas_response)
+
+    def readChallengeResponse(self, parameters=None):
+        """ Read the AAS-OP-GET-CHALLENGE-Service-Response."""
+        with open(cts.PATH_CREDENTIALS + parameters[cts.KW_NAME] +
+                  ".der", "rb") as f:
+            aResponse = f.read()
+        m_aResponse = self.model.decode('AAS-CONTROL-SERVICE-GATE-Responses',
+                                        aResponse)
+        mCert509dict = {}
+        for certificate in m_aResponse[1]['aParameter']['aCertificates']:
+            der_data = self.model.encode('Certificate', certificate)
+            cert = x509.load_der_x509_certificate(der_data, default_backend())
+            CN = cert.subject.get_attributes_for_oid(NameOID.COMMON_NAME)
+            mCert509dict[CN[0].value] = cert
+
+        for k in mCert509dict:
+            v = mCert509dict[k]
+            CN = v.issuer.get_attributes_for_oid(NameOID.COMMON_NAME)
+            cert_issuer = mCert509dict[CN[0].value]
+            public_key_issuer = cert_issuer.public_key()
+            print(k, " verified by:", CN[0].value)
+            public_key_issuer.verify(
+                v.signature,
+                v.tbs_certificate_bytes,
+                ec.ECDSA(hashes.SHA256())
+                )
+
+    def generateAuthenticateCommand(self, parameters=None):
+        """ Generate the AAS-OP-AUTHENTICATE-Service-Command."""
+        with open(cts.PATH_CREDENTIALS + parameters[cts.KW_PATH] +
+                  ".der", "rb") as f:
+            aCertificates_der = f.read()
+        m_aCertificates = self.model.decode('Certificates', aCertificates_der)
+        with open(cts.PATH_TOKENS + parameters[cts.KW_AUTHENTICATIONTOKEN] +
+                  ".der", "rb") as f:
+            aToken_der = f.read()
+            m_aaa_token = self.model.decode('AuthenticationToken', aToken_der)
+
+            m_aaa_token_param = {'aCredential': (
+                    'aAccessorTokenCredential', {
+                        'aToken': m_aaa_token,
+                        'aTokenCertificationPath': m_aCertificates
+                        }
+                    )
+            }
+
+            m_aas_command = self.model.encode(
+                'AAS-CONTROL-SERVICE-GATE-Commands',
+                ('aAAS-OP-AUTHENTICATE-ACCESSOR-Service-Command',
+                 m_aaa_token_param)
+                )
+
+            with open(cts.PATH_CREDENTIALS +
+                      "aAAS-OP-AUTHENTICATE-Service-Command.der",
+                      "wb") as f:
+                f.write(m_aas_command)
+
+    def generateAuthenticateResponse(self, parameters=None):
+        """ Generate the AAS-OP-AUTHENTICATE-Service-Response."""
+        with open(cts.PATH_TOKENS + parameters[cts.KW_AUTHENTICATIONTOKEN] +
+                  ".der", "rb") as f:
+            aToken_der = f.read()
+            m_aaa_token = self.model.decode('AuthenticationToken', aToken_der)
+            m_aas_command = self.model.encode(
+                'AAS-CONTROL-SERVICE-GATE-Responses',
+                ('aAAS-OP-AUTHENTICATE-ACCESSOR-Service-Response', {
+                 'aParameter': ('aServiceToken', m_aaa_token)
+                 }
+                 )
+            )
+            with open(cts.PATH_CREDENTIALS + parameters[cts.KW_NAME] +
+                      ".der",
+                      "wb") as f:
+                f.write(m_aas_command)
+
+    def generateSharedSecret(self, parameters=None):
+        """Generate the shared secret."""
+
+        m_private_key = PrivateKey(parameters[cts.KW_PRIVATE]).get()
+        # Read the authentication token
+        with open(cts.PATH_TOKENS + parameters[cts.KW_PUBLIC] +
+                  ".der", "rb") as f:
+            aToken_der = f.read()
+            # Extract the authentication token with its model
+            m_token = self.model.decode('AuthenticationToken', aToken_der)
+        # Convert the public key info from a model to a DER
+        m_pk_der = self.model.encode('SubjectPublicKeyInfo',
+                                     m_token['tbsToken']['subjectPublicKeyInfo'])
+        # Retrieve the public key from the DER file
+        m_public_key = serialization.load_der_public_key(
+                m_pk_der, backend=default_backend()
+            )
+        # Extract the key size for the streamcipher
+        m_key_size_idx = m_token['tbsToken']['aATK-Content']['aKey-Size']
+        # Compute the shared key
+        shared_key = m_private_key.exchange(
+            ec.ECDH(), m_public_key)
+        # Compute the diversifier from aChallenge and the gate identifier.
+        m_diversifier = bytes(a ^ b for (a, b) in zip(
+            m_token['tbsToken']['aATK-Content']['aChallenge'],
+            self.m_aGateIdentifier))
+        # Compute the shared info.
+        m_SI = cts.SI_KEYS[m_key_size_idx] + m_diversifier
+        # Derive the key for the shared info
+        derived_key = X963KDF(
+            algorithm=hashes.SHA256(),
+            length=cts.MD_LENGTH[m_key_size_idx],
+            sharedinfo=m_SI,
+            backend=default_backend()
+        ).derive(shared_key)
+        # Storage of the GCM key and IV
+        if m_key_size_idx == cts.KEY_SIZE_E128:
+            m_gcm_key = derived_key[0:16]
+            m_gcm_iv = derived_key[16:32]
+        else:
+            m_gcm_key = derived_key[0:32]
+            m_gcm_iv = derived_key[32:48]
+        m_model = asn1tools.compile_files(['SSPToken.asn'], 'der')
+        m_save_der = m_model.encode('GCM-Parameters', {
+            'aKey': m_gcm_key,
+            'aIV': m_gcm_iv
+        })
+        with open(cts.PATH_CREDENTIALS + parameters[cts.KW_NAME] +
+                  ".der",
+                  "wb") as f:
+            f.write(m_save_der)
+
+    def generateOAScommand(self, parameters=None):
+        """Generate the AAS-OP-ACCESS-SERVICE-Service-Command command."""
+        m_aas_command = self.model.encode(
+            'AAS-CONTROL-SERVICE-GATE-Commands',
+            ('aAAS-OP-ACCESS-SERVICE-Service-Command', {
+                'aServiceIdentifier':  bytes.fromhex(parameters[cts.KW_SI]),
+                'aUseSecurePipe': True
+                }
+             )
+        )
+        with open(cts.PATH_CREDENTIALS + parameters[cts.KW_NAME] +
+                  ".der",
+                  "wb") as f:
+            f.write(m_aas_command)
+
+    def generateOASresponse(self, parameters=None):
+        """ Generate the AAS-OP-ACCESS-SERVICE-Service-Response."""
+        aRand = uuid.uuid4()
+        m_aGateIdentifier = uuid.uuid5(namespace=uuid.NAMESPACE_DNS,
+                                       name=aRand.urn
+                                       )
+        m_aas_command = self.model.encode(
+            'AAS-CONTROL-SERVICE-GATE-Responses',
+            ('aAAS-OP-ACCESS-SERVICE-Service-Response', {
+                'aParameter': {'aGateIdentifier': m_aGateIdentifier.bytes}
+                }
+             )
+        )
+        with open(cts.PATH_CREDENTIALS + parameters[cts.KW_NAME] +
+                  ".der",
+                  "wb") as f:
+            f.write(m_aas_command)
+
+    def readOASResponse(self, parameters=None):
+        """ Read the AAS-OP-ACCESS-SERVICE-Service-Response."""
+        with open(cts.PATH_CREDENTIALS + parameters[cts.KW_NAME] +
+                  ".der", "rb") as f:
+            aResponse = f.read()
+        m_aResponse = self.model.decode('AAS-CONTROL-SERVICE-GATE-Responses',
+                                        aResponse)
+        self.m_aGateIdentifier =\
+            m_aResponse[1]['aParameter']['aGateIdentifier']
+
+    def encryptLargeMessage(self, parameters=None):
+        """Encrypt large message from an input file."""
+        self.m_counter = parameters[cts.KW_SEQUENCE]
+        with open(cts.PATH_CREDENTIALS + parameters[cts.KW_NAME] +
+                  ".der",
+                  "rb") as f:
+            m_data = f.read()
+        m_model = asn1tools.compile_files(['SSPToken.asn'], 'der')    
+        m_gcm = m_model.decode('GCM-Parameters', m_data)
+        # Read IV and key
+        self.m_gcm_key = m_gcm['aKey']
+        self.m_gcm_iv = m_gcm['aIV']
+        # Read the input file
+        with open(cts.PATH_CREDENTIALS + parameters[cts.KW_IN] +
+                  ".bin",
+                  "rb") as f:
+            m_large_message = f.read()
+        m_mtu = parameters[cts.KW_MTU]
+        m_nb_bloc = int((len(m_large_message)+(m_mtu-1)) / (m_mtu-1))
+        m_start = 0
+        m_end = 0
+        # Write the encrypted output file
+        with open(cts.PATH_CREDENTIALS + parameters[cts.KW_OUT] +
+                  ".bin",
+                  "wb") as f:
+            for i in range(m_nb_bloc):
+                m_end = m_start + min(len(m_large_message)-m_end, m_mtu-1)
+                m = self.messageFragment(m_large_message[m_start:m_end],
+                                         (i == m_nb_bloc))
+                m_start = m_end
+                m = self.encrypt(m)
+                f.write(m)
+
+    def decryptLargeMessage(self, parameters=None):
+        """ Decrypt a large file from an input file."""
+        with open(cts.PATH_CREDENTIALS + parameters[cts.KW_NAME] +
+                  ".der",
+                  "rb") as f:
+            m_data = f.read()
+        m_model = asn1tools.compile_files(['SSPToken.asn'], 'der')    
+        m_gcm = m_model.decode('GCM-Parameters', m_data)
+        # Read IV and key
+        self.m_gcm_key = m_gcm['aKey']
+        self.m_gcm_iv = m_gcm['aIV']
+        # Read the encrypted input file
+        with open(cts.PATH_CREDENTIALS + parameters[cts.KW_IN] +
+                  ".bin",
+                  "rb") as f:
+            m_large_message = f.read()
+        m_mtu = parameters[cts.KW_MTU]
+        m_nb_bloc = int((len(m_large_message) / (m_mtu + 16 + cts.SCL_SIZE_SEQ))+1)
+        m_start = 0
+        m_end = 0
+        # Write the plaintext output file
+        with open(cts.PATH_CREDENTIALS + parameters[cts.KW_OUT] +
+                  ".bin",
+                  "wb") as f:
+            for i in range(m_nb_bloc):
+                m_end = m_start + min(len(m_large_message)-m_end, m_mtu+16 + cts.SCL_SIZE_SEQ)
+                seq = m_large_message[m_start:m_start + cts.SCL_SIZE_SEQ]
+                m = m_large_message[m_start + cts.SCL_SIZE_SEQ:m_end]
+                m_start = m_end
+                m = self.decrypt(m, seq)
+                m, c = self.messageAssembly(m)
+                f.write(m)
+
+    def generateIVC(self, m_seq):
+        """Generate IVC (96 bit) from IV and SEQ."""
+        cipher = Cipher(
+            algorithms.AES(self.m_gcm_key),
+            modes.ECB(),
+            backend=default_backend())
+        encryptor = cipher.encryptor()
+        ivc = encryptor.update(
+            self.m_gcm_iv[0:16-cts.SCL_SIZE_SEQ] + m_seq
+            ) + encryptor.finalize()
+        return ivc[0:12]
+
+    def messageFragment(self, message_fragment, cb):
+        """ Create a message fragment."""
+        PL = (len(message_fragment)+1) % 16
+        if PL > 0:
+            PL = 16 - PL
+        if cb == 1:
+            H = PL | 128
+        else:
+            H = PL
+        m_message = message_fragment+bytes(PL)+H.to_bytes(1, byteorder='big')
+        # Return the message fragment ready for encryption
+        return m_message
+
+    def messageAssembly(self, message_fragment):
+        """Allow the fragment message assembly."""
+        m_len_M = len(message_fragment)
+        H = int.from_bytes(message_fragment[m_len_M-1:m_len_M], 'big')
+        if H > 127:
+            CB = True
+            PL = H-128
+        else:
+            CB = False
+            PL = H
+        # return the plaintext message fragment and the chaining bit
+        return message_fragment[0:m_len_M-PL-1], CB
+
+    def encrypt(self, plaintext):
+        m_seq = self.m_counter.to_bytes(cts.SCL_SIZE_SEQ, 'big')
+        ivc = self.generateIVC(m_seq)
+        self.encryptor = Cipher(
+            algorithms.AES(self.m_gcm_key),
+            modes.GCM(ivc),
+            backend=default_backend()
+            ).encryptor()
+        # associated_data will be authenticated but not encrypted,
+        # it must also be passed in on decryption.
+        self.encryptor.authenticate_additional_data(b'')
+        # Encrypt the plaintext and get the associated ciphertext.
+        # GCM does not require padding.
+        ciphertext = self.encryptor.update(plaintext) +\
+            self.encryptor.finalize()
+        self.m_counter = self.m_counter + 1
+        return (m_seq+ciphertext + self.encryptor.tag)
+
+    def decrypt(self, ciphertext, m_seq):
+        # Construct a Cipher object, with the key, iv, and additionally the
+        # GCM tag used for authenticating the message.
+        len_cipher = len(ciphertext)
+        tag = ciphertext[len_cipher-16:len_cipher]
+        ctext = ciphertext[0:len_cipher-16]
+        self.decryptor = Cipher(
+            algorithms.AES(self.m_gcm_key),
+            modes.GCM(self.generateIVC(m_seq), tag),
+            backend=default_backend()
+        ).decryptor()
+
+        # We put associated_data back in or the tag will fail to verify
+        # when we finalize the decryptor.
+        self.decryptor.authenticate_additional_data(b'')
+
+        # Decryption gets us the authenticated plaintext.
+        # If the tag does not match an InvalidTag exception will be raised.
+        return self.decryptor.update(ctext) + self.decryptor.finalize()
+
+
+# Open the YAML parameter file
+AUTHCONFIGURATION = {
+    'options': 'c:h:i:o',
+    'description': ["ifile=", "ofile=", "ccommand="],
+    'usage': 'CreateAuthCommand.py -c <command> [-i <inputfile>] [-o <outputfile>]'
+}
+
+if __name__ == "__main__":
+    try:
+        my_ui = UI(AUTHCONFIGURATION)
+        m_auth = SSPAuthenticationCommand()
+        if my_ui.isInputFile():
+            f = open(my_ui.getInputFile(), 'r', encoding='utf-8')
+            # Load the YAML file containing the parameters.
+            paths = list(yaml.load_all(f, Loader=yaml.FullLoader))
+            f.close()
+            for path in paths:
+                for m_token in path:
+                    parameters = path[m_token]
+                    if m_token == cts.KW_CHALLENGE_COMMAND:
+                        m_auth.generateChallengeCommand(parameters)
+                    if m_token == cts.KW_CHALLENGE_RESPONSE:
+                        m_auth.generateChallengeResponse(parameters)
+                    if m_token == cts.KW_READ_CHALLENGE_RESPONSE:
+                        m_auth.readChallengeResponse(parameters)
+                    if m_token == cts.KW_AUTHENTICATION_COMMAND:
+                        m_auth.generateAuthenticateCommand(parameters)
+                    if m_token == cts.KW_AUTHENTICATION_RESPONSE:
+                        m_auth.generateAuthenticateResponse(parameters)
+                    if m_token == cts.KW_GENERATE_SHARED_KEY:
+                        m_auth.generateSharedSecret(parameters)
+                    if m_token == cts.KW_ENCRYPT:
+                        m_auth.encryptLargeMessage(parameters)
+                    if m_token == cts.KW_DECRYPT:
+                        m_auth.decryptLargeMessage(parameters)
+                    if m_token == cts.KW_OAS_COMMAND:
+                        m_auth.generateOAScommand(parameters)
+                    if m_token == cts.KW_OAS_RESPONSE:
+                        m_auth.generateOASresponse(parameters)
+                    if m_token == cts.KW_READ_OAS_RESPONSE:
+                        m_auth.readOASResponse(parameters)
+    except ValueError as e:
+        print("Oops!..", e)
diff --git a/CreateCertificate.py b/CreateCertificate.py
new file mode 100644
index 0000000000000000000000000000000000000000..7acddddcd6116dfeddcb9daafa4e8c410ece7fc9
--- /dev/null
+++ b/CreateCertificate.py
@@ -0,0 +1,238 @@
+import yaml
+import datetime
+from cryptography import x509
+from cryptography.hazmat.backends import default_backend
+from cryptography.hazmat.primitives import hashes, serialization
+from cryptography.x509.oid import NameOID
+import io
+from ui import UI
+import constante as cts
+
+
+class PublicKey:
+    """Base class for a handling a public key."""
+
+    def __init__(self, name):
+        """Instantiate the object."""
+        pu_name = cts.PATH_PUBLIC + name + "-public-key.der"
+        with io.open(pu_name, 'rb') as f:
+            buf = f.read()
+            f.close()
+            self.public_key = serialization.load_der_public_key(
+                buf, backend=default_backend()
+            )
+
+    def get(self):
+        """Get the native public key."""
+        return self.public_key
+
+
+class PrivateKey:
+    """Base class for a handling a public key."""
+
+    def __init__(self, name):
+        """Instantiate the object."""
+        f = open(cts.PATH_PRIVATE + name + "-private-key.der", "rb")
+        buf = f.read()
+        f.close()
+        self.private_key = serialization.load_der_private_key(
+            buf, password=None,
+            backend=default_backend()
+        )
+
+    def get(self):
+        """Get the native private key."""
+        return self.private_key
+
+
+class SSPcertificate:
+    """Base class for a handling a SSP certificate."""
+
+    def __init__(self):
+        """Instantiate the object."""
+        pass
+
+    def generate(self, certificate_parameter):
+        """ Generate a certificate according to a set of parameters."""
+        try:
+            # Creation of the certificate builder
+            cert = x509.CertificateBuilder()
+
+            # Collection of the subjet attributes
+            attribute_subject = []
+            attribute_issuer = []
+            for k, m_field in certificate_parameter.items():
+
+                if k == cts.KW_ISSUER:
+                    # Collect of the issuer attributes
+                    for k, v in m_field.items():
+                        if k == cts.KW_C:
+                            attribute_issuer.append(x509.NameAttribute(
+                                NameOID.COUNTRY_NAME, v)
+                            )
+                        if k == cts.KW_ST:
+                            attribute_issuer.append(x509.NameAttribute(
+                                NameOID.STATE_OR_PROVINCE_NAME, v))
+                        if k == cts.KW_O:
+                            attribute_issuer.append(x509.NameAttribute(
+                                NameOID.ORGANIZATION_NAME, v)
+                            )
+                        if k == cts.KW_OU:
+                            attribute_issuer.append(x509.NameAttribute(
+                                NameOID.ORGANIZATIONAL_UNIT_NAME, v)
+                            )
+                        if k == cts.KW_CN:
+                            attribute_issuer.append(x509.NameAttribute(
+                                NameOID.COMMON_NAME, v)
+                            )
+                            # Get the issuer private key.
+                            self.issuer_private_key = PrivateKey(v)
+                            # Get the issur public key.
+                            self.issuer_public_key = PublicKey(v)
+                        if k == cts.KW_LN:
+                            attribute_issuer.append(x509.NameAttribute(
+                                NameOID.LOCALITY_NAME, v)
+                            )
+
+                    # Add the Authority Key Identifier (back chaining)
+                    cert = cert.add_extension(
+                        x509.AuthorityKeyIdentifier.from_issuer_public_key(
+                            self.issuer_public_key.get()), critical=True)
+
+                if k == cts.KW_SUBJECT:
+                    # Collect of the subject attribute
+                    for k, v in m_field.items():
+                        if k == cts.KW_C:
+                            attribute_subject.append(x509.NameAttribute(
+                                NameOID.COUNTRY_NAME, v)
+                            )
+                        if k == cts.KW_ST:
+                            attribute_subject.append(x509.NameAttribute(
+                                NameOID.STATE_OR_PROVINCE_NAME, v))
+                        if k == cts.KW_O:
+                            attribute_subject.append(x509.NameAttribute(
+                                NameOID.ORGANIZATION_NAME, v)
+                            )
+                        if k == cts.KW_OU:
+                            attribute_subject.append(x509.NameAttribute(
+                                NameOID.ORGANIZATIONAL_UNIT_NAME, v)
+                            )
+                        if k == cts.KW_CN:
+                            attribute_subject.append(x509.NameAttribute(
+                                NameOID.COMMON_NAME, v)
+                            )
+                            print("Certificate generation: ", v)
+                            # Getting of the certificate public key.
+                            self.public_key = PublicKey(v)
+                            self.cert_name = v
+
+                        if k == cts.KW_LN:
+                            attribute_subject.append(x509.NameAttribute(
+                                NameOID.LOCALITY_NAME, v)
+                            )
+
+                    # Add the Subject Key Identifier extension.
+                    cert = cert.add_extension(
+                        x509.SubjectKeyIdentifier.from_public_key
+                        (self.public_key.get()),
+                        critical=False)
+
+                if k == cts.KW_SERIAL_NUMBER:
+                    # Add the serial number.
+                    cert = cert.serial_number(m_field)
+                if k == cts.KW_NOT_BEFORE:
+                    # Add the low limit validity date.
+                    cert = cert.not_valid_before(
+                        datetime.datetime.fromisoformat(m_field)
+                    )
+                if k == cts.KW_NOT_AFTER:
+                    # Add the high limit validity date
+                    cert = cert.not_valid_after(
+                        datetime.datetime.fromisoformat(m_field)
+                    )
+                if k == cts.KW_EXTENSIONS:
+                    # Collect the extensions.
+                    for k, v in m_field.items():
+                        if k == cts.KW_BASICCONSTRAINTS:
+                            # Add the basic constraints extension.
+                            if v[cts.KW_VALUE][cts.KW_CA]:
+                                cert = cert.add_extension(
+                                    x509.BasicConstraints(
+                                        ca=True,
+                                        path_length=v[cts.KW_VALUE][cts.KW_PATHLEN]
+                                    ),
+                                    critical=v[cts.KW_CRITICAL]
+                                )
+                            else:
+                                cert = cert.add_extension(
+                                    x509.BasicConstraints(
+                                        path_length=None,
+                                        ca=False),
+                                    critical=v[cts.KW_CRITICAL]
+                                )
+                        if k == cts.KW_CERTIFICATEPOLICIES:
+                            # Add the certificate policies extension.
+                            cert = cert.add_extension(
+                                x509.CertificatePolicies([
+                                    x509.PolicyInformation(
+                                        x509.ObjectIdentifier(
+                                            v[cts.KW_VALUE]
+                                            [cts.KW_IDENTIFIER]),
+                                        [x509.UserNotice(
+                                            explicit_text=v[cts.KW_VALUE]
+                                            [cts.KW_EXPLICIT_TEXT],
+                                            notice_reference=None
+                                            )])
+                                ]),
+                                critical=v[cts.KW_CRITICAL])
+            # Init the issuer name.
+            cert = cert.issuer_name(x509.Name(attribute_issuer))
+            # Init the subject name.
+            cert = cert.subject_name(x509.Name(attribute_subject))
+            # Init of the subject public key
+            cert = cert.public_key(self.public_key.get())
+            # Add the key usage extension
+            cert = cert.add_extension(x509.KeyUsage(
+                True, False, False, False, False, False, False, False, False
+                ),
+                critical=True
+            )
+            # Sign the certificate with the issuer private key.
+            cert = cert.sign(
+                self.issuer_private_key.get(),
+                hashes.SHA256(),
+                default_backend()
+             )
+            # Write our certificate out to disk.
+            with open(cts.PATH_CERTIFICATES +
+                      self.cert_name+".der", "wb") as f:
+                f.write(cert.public_bytes(encoding=serialization.Encoding.DER))
+            with open(cts.PATH_CERTIFICATES +
+                      self.cert_name+".pem", "wb") as f:
+                f.write(cert.public_bytes(encoding=serialization.Encoding.PEM))
+
+        except ValueError as e:
+            print("Oops!..", e)
+
+# Open the YAML parameter file
+
+
+CERTCONFIGURATION = {
+    'options': 'c:h:i:o',
+    'description': ["ifile=", "ofile=", "ccommand="],
+    'usage': 'CreateCertificate.py -c <command> [-i <inputfile>] [-o <outputfile>]'
+}
+if __name__ == "__main__":
+    my_ui = UI(CERTCONFIGURATION)
+    if my_ui.isInputFile():
+        f = open(my_ui.getInputFile(), 'r', encoding='utf-8')
+        # Load the YAML file containing the parameters.
+        paths = list(yaml.load_all(f, Loader=yaml.FullLoader))
+        f.close()
+        # print(paths)
+        # Scan all certificate parameters.
+        for certificate in paths[0]:
+            # Instantiate a certificate.
+            m_cert = SSPcertificate()
+            # # Generate the certificate according to the parameters.
+            m_cert.generate(certificate)
diff --git a/CreateToken.py b/CreateToken.py
new file mode 100644
index 0000000000000000000000000000000000000000..6c51c1127026382d51c1210848b43991a5955b3e
--- /dev/null
+++ b/CreateToken.py
@@ -0,0 +1,284 @@
+
+import uuid
+import asn1tools
+import yaml
+from cryptography import x509
+from cryptography.hazmat.primitives import serialization
+from cryptography.hazmat.primitives import hashes
+from cryptography.hazmat.primitives.asymmetric import ec
+
+from pyasn1.codec.der import decoder, encoder
+from pyasn1.type import univ, namedtype
+
+import constante as cts
+from CreateCertificate import PrivateKey, PublicKey
+from ui import UI
+
+
+class Certificate(univ.Sequence):
+    pass
+
+
+class CertificationPath(univ.SetOf):
+    """Base class for a certificate lists."""
+    pass
+
+
+class AuthenticationToken(univ.Sequence):
+    """Base class for an authentication token."""
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('tbsToken', univ.Sequence()),
+        namedtype.NamedType('signatureAlgorithm', univ.Sequence()),
+        namedtype.NamedType('signature', univ.Sequence())
+    )
+
+
+class AuthenticationTokenCredential(univ.Sequence):
+    """Base class for an authentication token."""
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('token', univ.Sequence()),
+        namedtype.NamedType(cts.KW_PATH, univ.SetOf())
+        )
+
+
+class SSPtoken:
+    """Base class for a handling a SSP token."""
+
+    def __init__(self, path):
+        """Instantiate the object."""
+        self.path = path
+
+    def setModel(self, modeles):
+        """Set the ASN.1 model."""
+        self.model = asn1tools.compile_files(modeles, 'der')
+
+    def generateChallenge(self, parameters):
+        file_name = cts.PATH_CREDENTIALS + parameters[cts.KW_NAME] + ".bin"
+        if parameters[cts.KW_GENERATE]:
+            # Generate a challenge as a random
+            aRand = uuid.uuid4()
+            self.m_challenge = aRand.bytes
+            # Save the private key for additional operations.
+            with open(file_name, "wb") as f:
+                f.write(self.m_challenge)
+        else:
+            with open(file_name, "rb") as f:
+                self.m_challenge = f.read()
+
+    def generatePath(self, parameters):
+        """ Generate the certification path."""
+        # Load the models
+        self.setModel(parameters[cts.KW_MODELES])
+        # Instantiate the CertificationPath
+        self.path = CertificationPath()
+        # Load the certificates according to the configuration file
+        position = 0
+        for certificate in parameters[cts.KW_PATH]:
+            # Load the certificate from the disk.
+            filename = cts.PATH_CERTIFICATES + certificate+".der"
+            with open(filename, "rb") as f:
+                certificate_der = f.read()
+                value = decoder.decode(certificate_der,
+                                       asn1Spec=Certificate())
+                self.path.setComponentByPosition(position, value[0])
+                position = position + 1
+        # If Name of the certification path is present then the data are 
+        # serialized and saved on a file
+        if cts.KW_NAME in parameters:
+            certificationPath_der = encoder.encode(self.path)
+            with open(cts.PATH_CREDENTIALS + parameters[cts.KW_NAME] +
+                      ".der", "wb") as f:
+                f.write(certificationPath_der)
+
+    def generateToken(self, parameters):
+        """ Generate a token according to a set of parameters."""
+        try:
+            # Creation of the token builder
+            print(parameters[cts.KW_MODELES])
+            self.setModel(parameters[cts.KW_MODELES])
+            self.token_name = parameters[cts.KW_NAME]
+            # Generate a pair of private/public keys for EDCDH operations.
+            if parameters[cts.KW_ECKA_CURVE] not in cts.CURVES:
+                raise Exception("wrong ECC curve")
+            private_ekey = ec.generate_private_key(
+                cts.CURVES[parameters[cts.KW_ECKA_CURVE]])
+            # Serialize the private key to a DER format
+            private_ekey_der = private_ekey.private_bytes(
+                encoding=serialization.Encoding.DER,
+                format=serialization.PrivateFormat.TraditionalOpenSSL,
+                encryption_algorithm=serialization.NoEncryption()
+                )
+            # Save the private key for additional operations.
+            with open(cts.PATH_PRIVATE + self.token_name +
+                      "-private-key.der", "wb") as f:
+                f.write(private_ekey_der)
+            # Compute the public key from the private key.
+            public_ekey = private_ekey.public_key()
+            # Encode the public key according to the DER format.
+            public_key_der = public_ekey.public_bytes(
+                encoding=serialization.Encoding.DER,
+                format=serialization.PublicFormat.SubjectPublicKeyInfo
+            )
+            # Create a public key info.
+            public_key_data = self.model.decode(
+                'SubjectPublicKeyInfo', public_key_der)
+
+            # Collection of the subjet attributes
+            for k, m_field in parameters.items():
+
+                if k == cts.KW_ISSUER:
+                    # Get the issuer private key.
+                    self.issuer_private_key = PrivateKey(m_field).get()
+                    self.issuer_public_key = PublicKey(m_field).get()
+
+            # Create the structure for generating the authentication token body
+            atbsToken = {'version': cts.V1}
+            # Fill the signature parameters
+            atbsToken['signature'] = {}
+            atbsToken['signature']['algorithm'] = cts.OID_ECDSASHA256
+            atbsToken['subjectPublicKeyInfo'] = public_key_data
+
+            # Fill the ATK-Content
+            atbsToken['aATK-Content'] = {
+                'aChallenge': self.m_challenge}
+            if parameters[cts.KW_KEYSIZE] not in cts.KEY_SIZES:
+                raise Exception("wrong Key size")
+            # fill the challenge field
+            atbsToken['signatureAlgorithm'] = {}
+            atbsToken['signatureAlgorithm']['algorithm'] = cts.OID_ECDSASHA256
+            atbsToken['aATK-Content']['aKey-Size'] = cts.KEY_SIZES[parameters[cts.KW_KEYSIZE]]  # 'Key-Size 128 or 256'
+            atbsToken['aATK-Content']['aStreamCipherIdentifier'] = cts.AES_CGM  # 'aAES-CGM-StreamCipherIdentifier'
+            # Create the AKI structure
+            m_AKI = x509.AuthorityKeyIdentifier.from_issuer_public_key(
+                self.issuer_public_key)
+            # Fill the AKI extension
+            atbsToken['extensions'] = [{}]
+            atbsToken['extensions'][0]['extnID'] = cts.OID_AKI
+            atbsToken['extensions'][0]['critical'] = True
+            atbsToken['extensions'][0]['extnValue'] = m_AKI.key_identifier
+            # Encode the TBSToken
+            tbsToken = self.model.encode('TBSToken', atbsToken)
+
+            # Generate the signature
+            signature_der = self.issuer_private_key.sign(
+                tbsToken, ec.ECDSA(hashes.SHA256()))
+            # Convert the DER format to a dictionary
+            signature_data = self.model.decode(
+                'ECDSA-Sig-Value', signature_der)
+
+            # Create the authentication token structure
+            auth_token = {}
+            # Fill the authentication token body
+            auth_token['tbsToken'] = atbsToken
+            # Fill the authentication token signature
+            auth_token['signature'] = signature_data
+            auth_token['signatureAlgorithm'] = {}
+            auth_token['signatureAlgorithm']['algorithm'] = cts.OID_ECDSASHA256
+            # Encode the authentication token using the DER formaty
+            auth_token_der = self.model.encode(
+                cts.KW_AUTHENTICATIONTOKEN, auth_token)
+            # Save the authentication token on to disk.
+            with open(cts.PATH_TOKENS +
+                      self.token_name+".der", "wb") as f:
+                f.write(auth_token_der)
+            # Verify the authentication token
+            # self.verifyToken(parameters)
+
+        except ValueError as e:
+            # Catch an execption if it is occured
+            print("Oops!..", e)
+
+    def verifyToken(self, parameters):
+        """ Generate a token according to a set of parameters."""
+        try:
+            # Creation of the token builder
+            self.setModel(parameters[cts.KW_MODELES])
+            self.token_name = parameters[cts.KW_NAME]
+            for k, m_field in parameters.items():
+
+                if k == "issuer":
+                    # Get the issuer public key.
+                    self.issuer_public_key = PublicKey(m_field).get()         
+            # Create a subject key identifier from the issuer public key
+            authorityKeyIdentifier = x509.SubjectKeyIdentifier.from_public_key(self.issuer_public_key)
+            auth_token_der = 0
+            # Load the authentication token from the disk.
+            with open(cts.PATH_TOKENS +
+                      self.token_name+".der", "rb") as f:
+                auth_token_der = f.read()
+
+            # Decode the authentication token DER data
+            token_verif = self.model.decode(cts.KW_AUTHENTICATIONTOKEN,
+                                            auth_token_der
+                                            )
+            # Check if the version is right
+            if token_verif['tbsToken']['version'] != cts.V1:
+                raise Exception("wrong Version")
+            # Check if the signature algorithm identifier is right before
+            # verifying the signature
+            if token_verif['tbsToken']['signatureAlgorithm']['algorithm'] != cts.OID_ECDSASHA256:
+                raise Exception("wrong Signature algorithm")
+            # Check if the signature streamcipher algorithm identifier is right
+            if token_verif['tbsToken']['aATK-Content']['aStreamCipherIdentifier'] not in [cts.AES_CGM]:
+                raise Exception("wrong stream cipher identifier")
+            # Check if the key sizz is known
+            if token_verif['tbsToken']['aATK-Content']['aKey-Size'] not in [cts.KEY_SIZE_E128, cts.KEY_SIZE_E256]:
+                raise Exception("wrong Key size")
+            # Scan the extensions
+            m_AKI = b'x00'
+            for extension in token_verif['tbsToken']['extensions']:
+                # Check if the extension is AKI
+                if extension['extnID'] == cts.OID_AKI:
+                    # Intermediate saving of the AKI
+                    m_AKI = extension['extnValue']
+            # Check if Authority Key Identifier (AKI) is right
+            if authorityKeyIdentifier.digest != m_AKI:
+                raise Exception("wrong AKI")
+            # Check if the authentication is well-formed
+            self.authenticationToken = decoder.decode(
+                auth_token_der, asn1Spec=AuthenticationToken()
+            )
+            # Verify the signature
+            self.issuer_public_key.verify(
+                encoder.encode(self.authenticationToken[0].getComponentByPosition(2)),
+                encoder.encode(self.authenticationToken[0].getComponentByPosition(0)),
+                ec.ECDSA(hashes.SHA256()))
+        except ValueError as e:
+            print("Oops!..", e)
+
+# Open the YAML parameter file
+
+
+tokenConfiguration = {
+    'options': ':c:hi:o',
+    'description': ["ifile=", "ofile=", "ccommand="],
+    'usage': 'CreateToken.py [-c <command>] [-i <inputfile>] [-o <outputfile>]'
+}
+if __name__ == "__main__":
+    try:
+        my_ui = UI(tokenConfiguration)
+        if my_ui.isInputFile():
+            f = open(my_ui.getInputFile(), 'r', encoding='utf-8')
+            # Load the YAML file containing the parameters.
+            paths = list(yaml.load_all(f, Loader=yaml.FullLoader))
+            f.close()
+            # print(paths)
+            # Scan all token parameters.
+            m_cert = SSPtoken("")
+            for path in paths:
+                for m_token in path:
+                    parameters = path[m_token]
+                    if m_token == cts.KW_CHALLENGE:
+                        m_cert.generateChallenge(parameters)
+
+                    if m_token == cts.KW_CERTIFICATIONPATH:
+                        m_cert.generatePath(parameters)
+
+                    if m_token == cts.KW_AUTHENTICATIONTOKEN:
+                        print("token generation: ", parameters[cts.KW_NAME])
+                        # Instantiate a token.
+                        # # Generate the token according to the parameters.
+                        m_cert.generateToken(parameters)
+
+    except ValueError as e:
+        print("Oops!..", e)
diff --git a/ETSI-SSP-AAA-FAKE-param.yaml b/ETSI-SSP-AAA-FAKE-param.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..7e1598287aa1e97ec41a5f755e75cb847c997f4a
--- /dev/null
+++ b/ETSI-SSP-AAA-FAKE-param.yaml
@@ -0,0 +1,70 @@
+---
+AAA_FAKE: # certification path name
+  - certificate:
+      extensions:
+        CertificatePolicies:
+          critical: true
+          value:
+            identifier: 0.4.0.3666.1
+            explicit_text: id-role      
+        basicConstraints:
+          critical: true
+          value:
+            CA: true
+            pathlen: 1
+      Name: ETSI-SSP-CI # Base name of the certificate
+      serial_number: 1
+      not_after: '2021-12-01T12:00:00'
+      issuer: ETSI-SSP-CI # Base name of the issuer's keys
+      not_before: '2021-01-01T12:00:00'
+      subject:
+        C: FR
+        ST: PACA
+        CN: ETSI.ORG
+        O: ETSI-SSP-TTF
+        OU: ETSI
+  - certificate:
+      extensions:
+        CertificatePolicies:
+          critical: true
+          value:
+            identifier: 0.4.0.3666.1.1
+            explicit_text: id-role-aaa
+        basicConstraints:
+          critical: true
+          value:
+            CA: true
+            pathlen: 0
+      Name: ETSI-SSP-AAA-CA
+      serial_number: 3
+      not_after: '2021-12-01T12:00:00'
+      issuer: ETSI-SSP-CI
+      not_before: '2021-01-01T12:00:00'
+      subject:
+        C: FR
+        ST: PACA
+        CN: ETSI.ORG
+        O: ETSI-SSP-TTF
+        OU: ETSI
+  - certificate:
+      extensions:
+        CertificatePolicies:
+          critical: true
+          value:
+            identifier: 0.4.0.3666.1.1.1
+            explicit_text: id-role-aaa-application
+        basicConstraints:
+          critical: true
+          value:
+            CA: false
+      Name: ETSI-SSP-AAA-EE
+      serial_number: 5
+      not_after: '2021-12-01T12:00:00'
+      issuer: ETSI-SSP-AAS-CA
+      not_before: '2021-01-01T12:00:00'
+      subject:
+        C: FR
+        ST: PACA
+        CN: ETSI.ORG
+        O: ETSI-SSP-TTF
+        OU: ETSI
diff --git a/ETSI-SSP-AAA-TOKEN-param.yaml b/ETSI-SSP-AAA-TOKEN-param.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..f4464dfe8546bb093c8061ba1996d9cbff7b38ce
--- /dev/null
+++ b/ETSI-SSP-AAA-TOKEN-param.yaml
@@ -0,0 +1,23 @@
+Challenge:
+  Generate: false # Do not generate a challenge
+  Name: AAS01     # File name of the file containing the challenge
+CertificationPath: 
+  Name: CP_AAA    # File name of the DER file containing the certification path
+  Path:
+    - ETSI-SSP-AAA-CI # AAA CI
+    - ETSI-SSP-AAA-CA # AAA CA
+    - ETSI-SSP-AAA-EE # AAA EE
+  Modeles:
+    - RFC5280.asn     # x509v3 certificate model
+    - RFC3279.asn     # ECC signature parameters
+AuthenticationToken:  
+  Name: ATK-AAA-ECKA    # File name of the authentication token DER file
+  Issuer: ETSI-SSP-AAA-EE # Certificatte verifying the authentication token
+  ECKA-Curve: BrainpoolP256R1 # ECC curve for key agreement
+  KeySize: 256  # key size of the streamcipher
+  Modeles: 
+    - RFC5280.asn     # x509v3 certificate model
+    - RFC3279.asn     # ECC signature parameters
+    - SSP_ASN.asn
+
+     
\ No newline at end of file
diff --git a/ETSI-SSP-AAA-param.yaml b/ETSI-SSP-AAA-param.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..839f39fc13cfdfd40b19fbc23824f611b8e61bac
--- /dev/null
+++ b/ETSI-SSP-AAA-param.yaml
@@ -0,0 +1,77 @@
+- Extensions:
+    CertificatePolicies:
+      Critical: true
+      Value:
+        Identifier: 0.4.0.3666.1
+        Explicit_text: id-role      
+    BasicConstraints:
+      Critical: true
+      Value:
+        CA: true
+        Pathlen: 1
+  Serial_number: 1
+  Not_after: '2021-12-01T12:00:00'
+  Not_before: '2021-01-01T12:00:00'
+  Issuer:
+    C: FR
+    ST: PACA
+    CN: ETSI-SSP-AAA-CI
+    O: ETSI.ORG
+    OU: SSP-TTF
+  Subject:
+    C: FR
+    ST: PACA
+    CN: ETSI-SSP-AAA-CI
+    O: ETSI.ORG
+    OU: SSP-TTF
+- Extensions:
+    CertificatePolicies:
+      Critical: true
+      Value:
+        Identifier: 0.4.0.3666.1.2
+        Explicit_text: id-role-AAA
+    BasicConstraints:
+      Critical: true
+      Value:
+        CA: true
+        Pathlen: 0
+  Serial_number: 3
+  Not_after: '2021-12-01T12:00:00'
+  Not_before: '2021-01-01T12:00:00'
+  Issuer:
+    C: FR
+    ST: PACA
+    CN: ETSI-SSP-AAA-CI
+    O: ETSI.ORG
+    OU: SSP-TTF
+  Subject:
+    C: FR
+    ST: PACA
+    CN: ETSI-SSP-AAA-CA
+    O: ETSI.ORG
+    OU: SSP-TTF
+- Extensions:
+    CertificatePolicies:
+      Critical: true
+      Value:
+        Identifier: 0.4.0.3666.1.2.1
+        Explicit_text: id-role-aaa-application
+    BasicConstraints:
+      Critical: true
+      Value:
+        CA: false
+  Serial_number: 5
+  Not_after: '2021-12-01T12:00:00'
+  Not_before: '2021-01-01T12:00:00'
+  Issuer:
+    C: FR
+    ST: PACA
+    CN: ETSI-SSP-AAA-CA
+    O: ETSI.ORG
+    OU: SSP-TTF
+  Subject:
+    C: FR
+    ST: PACA
+    CN: ETSI-SSP-AAA-EE
+    O: ETSI.ORG
+    OU: SSP-TTF
\ No newline at end of file
diff --git a/ETSI-SSP-AAS-TOKEN-param.yaml b/ETSI-SSP-AAS-TOKEN-param.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..f310ca39174b6f9efa650b0ea2e5a2598b7a3f69
--- /dev/null
+++ b/ETSI-SSP-AAS-TOKEN-param.yaml
@@ -0,0 +1,24 @@
+Challenge:
+  Generate: true
+  Name: AAS01
+CertificationPath:
+  Name: CP_AAS
+  Path:
+    - ETSI-SSP-AAS-CI
+    - ETSI-SSP-AAS-CA
+    - ETSI-SSP-AAS-EE
+  Modeles:
+    - RFC5280.asn
+    - RFC3279.asn
+AuthenticationToken:  
+  Name: ATK-AAS-ECKA
+  Issuer: ETSI-SSP-AAS-EE
+  ECKA-Curve: BrainpoolP256R1
+  KeySize: 256
+  Modeles: 
+    - RFC5280.asn     # x509v3 certificate model
+    - RFC3279.asn     # ECC signature parameters
+    - SSP_ASN.asn
+
+
+     
\ No newline at end of file
diff --git a/ETSI-SSP-AAS-param.yaml b/ETSI-SSP-AAS-param.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..4ac857e764984c9617b3f4b63451ca3adf711d7a
--- /dev/null
+++ b/ETSI-SSP-AAS-param.yaml
@@ -0,0 +1,77 @@
+- Extensions:
+    CertificatePolicies:
+      Critical: true
+      Value:
+        Identifier: 0.4.0.3666.1
+        Explicit_text: id-role      
+    BasicConstraints:
+      Critical: true
+      Value:
+        CA: true
+        Pathlen: 1
+  Serial_number: 1
+  Not_after: '2021-12-01T12:00:00'
+  Not_before: '2021-01-01T12:00:00'
+  Issuer:
+    C: FR
+    ST: PACA
+    CN: ETSI-SSP-AAS-CI
+    O: ETSI.ORG
+    OU: SSP-TTF
+  Subject:
+    C: FR
+    ST: PACA
+    CN: ETSI-SSP-AAS-CI
+    O: ETSI.ORG
+    OU: SSP-TTF
+- Extensions:
+    CertificatePolicies:
+      Critical: true
+      Value:
+        Identifier: 0.4.0.3666.1.1
+        Explicit_text: id-role-aas
+    BasicConstraints:
+      Critical: true
+      Value:
+        CA: true
+        Pathlen: 0
+  Serial_number: 3
+  Not_after: '2021-12-01T12:00:00'
+  Not_before: '2021-01-01T12:00:00'
+  Issuer:
+    C: FR
+    ST: PACA
+    CN: ETSI-SSP-AAS-CI
+    O: ETSI.ORG
+    OU: SSP-TTF
+  Subject:
+    C: FR
+    ST: PACA
+    CN: ETSI-SSP-AAS-CA
+    O: ETSI.ORG
+    OU: SSP-TTF
+- Extensions:
+    CertificatePolicies:
+      Critical: true
+      Value:
+        Identifier: 0.4.0.3666.1.1.1
+        Explicit_text: id-role-aas-service
+    BasicConstraints:
+      Critical: true
+      Value:
+        CA: false
+  Serial_number: 5
+  Not_after: '2021-12-01T12:00:00'
+  Not_before: '2021-01-01T12:00:00'
+  Issuer:
+    C: FR
+    ST: PACA
+    CN: ETSI-SSP-AAS-CA
+    O: ETSI.ORG
+    OU: SSP-TTF
+  Subject:
+    C: FR
+    ST: PACA
+    CN: ETSI-SSP-AAS-EE
+    O: ETSI.ORG
+    OU: SSP-TTF
diff --git a/ETSI-SSP-AUTHENTICATE-param.yaml b/ETSI-SSP-AUTHENTICATE-param.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..d7b75679f4bd725e6379a149520c06842840d868
--- /dev/null
+++ b/ETSI-SSP-AUTHENTICATE-param.yaml
@@ -0,0 +1,37 @@
+Challenge command: # Generate a challenge
+  Name: AAS01      # Write a binary file containing a 128 bit challenge
+Challenge response:
+  Path: CP_AAS     # AAS certification path
+  Challenge: AAS01 # Write a binary file containing a 128 bit challenge
+  Name: aAAS-OP-GET-CHALLENGE-Service-Response
+Read Challenge response:
+  Name: aAAS-OP-GET-CHALLENGE-Service-Response
+Authenticate command:
+  Path: CP_AAA
+  AuthenticationToken: ATK-AAA-ECKA
+  Name: aAAS-OP-AUTHENTICATE-Service-Command
+Authenticate response:
+  AuthenticationToken: ATK-AAS-ECKA
+  Name: aAAS-OP-AUTHENTICATE-Service-Response 
+OAS command:
+  Name: OAS_COMMAND
+  Service Identifier: 'DD61116FF0DD57F48A4F52EE70276F24' # Root accessor identifier
+OAS response:
+  Name: OAS_RESPONSE
+Read OAS response:
+  Name: OAS_RESPONSE  
+Generate shared key:
+  Private: ATK-AAA-ECKA
+  Public: ATK-AAS-ECKA
+  Name: GCM_AAA_AAS
+Encrypt:
+  Name: GCM_AAA_AAS # Container for the derived keys/IV
+  MTU: 240
+  Sequence: 1
+  In: Text_In
+  Out: Text_Out
+Decrypt:
+  Name: GCM_AAA_AAS
+  MTU: 240
+  In: Text_Out
+  Out: Text_Out_bis
\ No newline at end of file
diff --git a/ETSI-SSP-CI-param.yaml b/ETSI-SSP-CI-param.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..66998b94b3b758452fded7a0a31aaff2cc596754
--- /dev/null
+++ b/ETSI-SSP-CI-param.yaml
@@ -0,0 +1,93 @@
+- Name: "ETSI-SSP-CI"
+  subject:
+    C: "FR"
+    ST: "PARIS"
+    O: "ETSI-SSP-TTF"
+    OU: "ETSI"
+    CN: "ETSI.ORG"
+  serial_number: 1
+  not_before: '2021-01-01T12:00:00' # YYYYMMDDhhmmssZ
+  not_after: '2021-12-01T12:00:00' # YYYYMMDDhhmmssZ
+  issuer: "ETSI-SSP-CI"
+  extensions:
+    basicConstraints:
+      critical: True
+      value: 
+        CA: True
+        pathlen: 1
+
+- Name:  "ETSI-SSP-AAA-CA"
+  subject:
+    C: "FR"
+    ST: "PARIS"
+    O: "ETSI-SSP-TTF"
+    OU: "ETSI"
+    CN: "ETSI.ORG"
+  issuer: "ETSI-SSP-CI"
+  serial_number: 2
+  not_before: '2021-01-01T12:00:00' # YYYYMMDDhhmmssZ
+  not_after: '2021-12-01T12:00:00' # YYYYMMDDhhmmssZ
+  extensions:
+    basicConstraints:
+      critical: True
+      value: 
+        CA: True
+        pathlen: 0
+
+- Name:  "ETSI-SSP-AAS-CA"
+  subject:
+    C: "FR"
+    ST: "PARIS"
+    O: "ETSI-SSP-TTF"
+    OU: "ETSI"
+    CN: "ETSI.ORG"  
+  serial_number: 3 
+  not_before: '2021-01-01T12:00:00' # YYYYMMDDhhmmssZ
+  not_after: '2021-12-01T12:00:00' # YYYYMMDDhhmmssZ
+  issuer: "ETSI-SSP-CI"
+  extensions:
+    basicConstraints:
+      critical: True
+      value: 
+        CA: True
+        pathlen: 0
+    id-ce-CertificatePolicies:
+      type_name: 'certificatePolicies'
+      critical: TRUE
+      value: '0 4 0 3666 1 1'
+      subject:
+      issuer:        
+
+- Name: "ETSI-SSP-AAA-EE"
+  subject:
+    C: "FR"
+    ST: "PARIS"
+    O: "ETSI-SSP-TTF"
+    OU: "ETSI"
+    CN: "ETSI.ORG"
+  serial_number: 4 
+  issuer: "ETSI-SSP-CA-AAA"
+  not_before: '2021-01-01T12:00:00' # YYYYMMDDhhmmssZ
+  not_after: '2021-12-01T12:00:00' # YYYYMMDDhhmmssZ
+  extensions:
+    basicConstraints:
+      critical: True
+      value: 
+        CA: False
+- Name: "ETSI-SSP-AAS-EE"
+  subject:
+    C: "FR"
+    ST: "PARIS"
+    O: "ETSI-SSP-TTF"
+    OU: "ETSI"
+    CN: "ETSI.ORG"
+  serial_number: 5 
+  not_before: '2021-01-01T12:00:00' # YYYYMMDDhhmmssZ
+  not_after: '2021-12-01T12:00:00' # YYYYMMDDhhmmssZ
+  issuer: "ETSI-SSP-CA-AAS"
+  extensions:
+    basicConstraints:
+      critical: True
+      value: 
+        CA: False
+     
\ No newline at end of file
diff --git a/GENKEY.bat b/GENKEY.bat
new file mode 100644
index 0000000000000000000000000000000000000000..bcac71f6ddd870a0dd9411795644b76d708d4341
--- /dev/null
+++ b/GENKEY.bat
@@ -0,0 +1,44 @@
+clear
+echo del private_keys/*.*
+del public_keys/*.*
+echo openssl ecparam -name brainpoolP384r1 -genkey -noout -outform der -out private_keys/ETSI-SSP-CI-private-key.der  
+echo openssl ecparam -name brainpoolP384r1 -genkey -noout -outform der -out private_keys/ETSI-SSP-AAA-CA-private-key.der  
+echo openssl ecparam -name brainpoolP384r1 -genkey -noout -outform der -out private_keys/ETSI-SSP-AAA-EE-private-key.der  
+echo openssl ecparam -name brainpoolP384r1 -genkey -noout -outform der -out private_keys/ETSI-SSP-AAS-CA-private-key.der  
+echo openssl ecparam -name brainpoolP384r1 -genkey -noout -outform der -out private_keys/ETSI-SSP-AAS-EE-private-key.der 
+openssl ecparam -name brainpoolP384r1 -genkey -noout -outform der -out private_keys/ETSI-SSP-AAA-CA-FAKE-private-key.der  
+
+openssl ec -inform DER -in private_keys/ETSI-SSP-AAA-CA-private-key.der -outform PEM -out private_keys/ETSI-SSP-AAA-CA-FAKE-private-key.pem
+openssl ec -inform der -in private_keys/ETSI-SSP-AAA-CA-private-key.der  -pubout -outform der -out public_keys/ETSI-SSP-AAA-CA-FAKE-public-key.der 
+
+openssl ec -inform DER -in private_keys/ETSI-SSP-CI-private-key.der -outform PEM -out private_keys/ETSI-SSP-AAA-CI-private-key.pem
+openssl ec -inform DER -in private_keys/ETSI-SSP-CI-private-key.der -outform PEM -out private_keys/ETSI-SSP-AAS-CI-private-key.pem
+openssl ec -inform DER -in private_keys/ETSI-SSP-AAA-CA-private-key.der -outform PEM -out private_keys/ETSI-SSP-AAA-CA-private-key.pem
+openssl ec -inform DER -in private_keys/ETSI-SSP-AAA-EE-private-key.der -outform PEM -out private_keys/ETSI-SSP-AAA-EE-private-key.pem
+openssl ec -inform DER -in private_keys/ETSI-SSP-AAS-CA-private-key.der -outform PEM -out private_keys/ETSI-SSP-AAS-CA-private-key.pem
+openssl ec -inform DER -in private_keys/ETSI-SSP-AAS-EE-private-key.der -outform PEM -out private_keys/ETSI-SSP-AAS-EE-private-key.pem
+openssl ec -inform DER -in private_keys/ETSI-SSP-AAA-CA-private-key.der -outform PEM -out private_keys/ETSI-SSP-AAA-CA-private-key.pem
+
+openssl ec -inform der -in private_keys/ETSI-SSP-AAA-CI-private-key.der      -pubout -outform der -out public_keys/ETSI-SSP-AAA-CI-public-key.der 
+openssl ec -inform der -in private_keys/ETSI-SSP-AAS-CI-private-key.der      -pubout -outform der -out public_keys/ETSI-SSP-AAS-CI-public-key.der 
+openssl ec -inform der -in private_keys/ETSI-SSP-AAA-CA-private-key.der  -pubout -outform der -out public_keys/ETSI-SSP-AAA-CA-public-key.der 
+openssl ec -inform der -in private_keys/ETSI-SSP-AAA-CA-FAKE-private-key.der  -pubout -outform der -out public_keys/ETSI-SSP-AAA-CA-FAKE-public-key.der 
+openssl ec -inform der -in private_keys/ETSI-SSP-AAA-EE-private-key.der  -pubout -outform der -out public_keys/ETSI-SSP-AAA-EE-public-key.der 
+openssl ec -inform der -in private_keys/ETSI-SSP-AAA-EE-private-key.der  -pubout -outform der -out public_keys/ETSI-SSP-AAA-EE-FAKE-public-key.der 
+openssl ec -inform der -in private_keys/ETSI-SSP-AAS-CA-private-key.der  -pubout -outform der -out public_keys/ETSI-SSP-AAS-CA-public-key.der 
+openssl ec -inform der -in private_keys/ETSI-SSP-AAS-EE-private-key.der  -pubout -outform der -out public_keys/ETSI-SSP-AAS-EE-public-key.der 
+
+openssl ec -inform der -in private_keys/ETSI-SSP-AAA-CI-private-key.der      -pubout -outform pem -out public_keys/ETSI-SSP-AAA-CI-public-key.pem 
+openssl ec -inform der -in private_keys/ETSI-SSP-AAS-CI-private-key.der      -pubout -outform pem -out public_keys/ETSI-SSP-AAS-CI-public-key.pem 
+openssl ec -inform der -in private_keys/ETSI-SSP-AAA-CA-private-key.der  -pubout -outform pem -out public_keys/ETSI-SSP-AAA-CA-public-key.pem 
+openssl ec -inform der -in private_keys/ETSI-SSP-AAA-EE-private-key.der  -pubout -outform pem -out public_keys/ETSI-SSP-AAA-EE-public-key.pem 
+openssl ec -inform der -in private_keys/ETSI-SSP-AAS-CA-private-key.der  -pubout -outform pem -out public_keys/ETSI-SSP-AAS-CA-public-key.pem 
+openssl ec -inform der -in private_keys/ETSI-SSP-AAS-EE-private-key.der  -pubout -outform pem -out public_keys/ETSI-SSP-AAS-EE-public-key.pem 
+
+ 
+
+dir private_keys
+dir public_keys
+
+echo openssl x509 -in ETSI-SSP-AAS-EE.asn -inform der -text
+echo openssl x509 -text -in certificates/ETSI-SSP-AAA-CA.crt -noout
\ No newline at end of file
diff --git a/RFC3279.asn b/RFC3279.asn
new file mode 100644
index 0000000000000000000000000000000000000000..2056a20e5f23fc718c240666e91b3fd3aa9ac255
--- /dev/null
+++ b/RFC3279.asn
@@ -0,0 +1,275 @@
+   PKIX1Algorithms88 { iso(1) identified-organization(3) dod(6)
+   internet(1) security(5) mechanisms(5) pkix(7) id-mod(0)
+   id-mod-pkix1-algorithms(17) }
+
+   DEFINITIONS EXPLICIT TAGS ::= BEGIN
+
+   -- EXPORTS All;
+
+   -- IMPORTS NONE;
+
+   --
+   --   One-way Hash Functions
+   --
+
+   md2  OBJECT IDENTIFIER ::= {
+     iso(1) member-body(2) us(840) rsadsi(113549)
+     digestAlgorithm(2) 2 }
+
+   md5  OBJECT IDENTIFIER ::= {
+     iso(1) member-body(2) us(840) rsadsi(113549)
+     digestAlgorithm(2) 5 }
+
+   id-sha1  OBJECT IDENTIFIER ::= {
+     iso(1) identified-organization(3) oiw(14) secsig(3)
+     algorithms(2) 26 }
+
+   --
+   --   DSA Keys and Signatures
+   --
+
+   -- OID for DSA public key
+
+   id-dsa OBJECT IDENTIFIER ::= {
+        iso(1) member-body(2) us(840) x9-57(10040) x9algorithm(4) 1 }
+
+   -- encoding for DSA public key
+
+   DSAPublicKey ::= INTEGER  -- public key, y
+
+   Dss-Parms  ::=  SEQUENCE  {
+      p             INTEGER,
+      q             INTEGER,
+      g             INTEGER  }
+
+   -- OID for DSA signature generated with SHA-1 hash
+
+   id-dsa-with-sha1 OBJECT IDENTIFIER ::=  {
+        iso(1) member-body(2) us(840) x9-57 (10040) x9algorithm(4) 3 }
+
+   -- encoding for DSA signature generated with SHA-1 hash
+
+   Dss-Sig-Value  ::=  SEQUENCE  {
+      r       INTEGER,
+      s       INTEGER  }
+
+   --
+   --   RSA Keys and Signatures
+   --
+
+   -- arc for RSA public key and RSA signature OIDs
+
+   pkcs-1 OBJECT IDENTIFIER ::= {
+         iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) 1 }
+
+   -- OID for RSA public keys
+
+   rsaEncryption OBJECT IDENTIFIER ::=  { pkcs-1 1 }
+
+   -- OID for RSA signature generated with MD2 hash
+
+   md2WithRSAEncryption OBJECT IDENTIFIER  ::=  { pkcs-1 2 }
+
+   -- OID for RSA signature generated with MD5 hash
+
+   md5WithRSAEncryption OBJECT IDENTIFIER  ::=  { pkcs-1 4 }
+
+   -- OID for RSA signature generated with SHA-1 hash
+
+   sha1WithRSAEncryption OBJECT IDENTIFIER  ::=  { pkcs-1 5 }
+
+   -- encoding for RSA public key
+
+   RSAPublicKey ::= SEQUENCE {
+      modulus            INTEGER,    -- n
+      publicExponent     INTEGER  }  -- e
+
+   --
+   --   Diffie-Hellman Keys
+   --
+
+   dhpublicnumber OBJECT IDENTIFIER ::= {
+        iso(1) member-body(2) us(840) ansi-x942(10046)
+        number-type(2) 1 }
+
+   -- encoding for DSA public key
+
+   DHPublicKey ::= INTEGER  -- public key, y = g^x mod p
+
+   DomainParameters ::= SEQUENCE {
+      p       INTEGER,           -- odd prime, p=jq +1
+      g       INTEGER,           -- generator, g
+      q       INTEGER,           -- factor of p-1
+      j       INTEGER OPTIONAL,  -- subgroup factor, j>= 2
+      validationParms  ValidationParms OPTIONAL }
+
+   ValidationParms ::= SEQUENCE {
+      seed             BIT STRING,
+      pgenCounter      INTEGER }
+
+   --
+   --   KEA Keys
+   --
+
+   id-keyExchangeAlgorithm  OBJECT IDENTIFIER  ::=
+        { 2 16 840 1 101 2 1 1 22 }
+
+   KEA-Parms-Id ::= OCTET STRING
+
+   --
+   --   Elliptic Curve Keys, Signatures, and Curves
+   --
+
+   ansi-X9-62 OBJECT IDENTIFIER ::= {
+        iso(1) member-body(2) us(840) 10045 }
+
+   FieldID ::= SEQUENCE {                    -- Finite field
+      fieldType   OBJECT IDENTIFIER,
+      parameters  ANY DEFINED BY fieldType }
+
+   -- Arc for ECDSA signature OIDS
+
+   id-ecSigType OBJECT IDENTIFIER ::= { ansi-X9-62 signatures(4) }
+
+   -- OID for ECDSA signatures with SHA-1
+
+   ecdsa-with-SHA1 OBJECT IDENTIFIER ::= { id-ecSigType 1 }
+
+   -- OID for an elliptic curve signature
+   -- format for the value of an ECDSA signature value
+
+   ECDSA-Sig-Value ::= SEQUENCE {
+      r     INTEGER,
+      s     INTEGER }
+
+   -- recognized field type OIDs are defined in the following arc
+
+   id-fieldType OBJECT IDENTIFIER ::= { ansi-X9-62 fieldType(1) }
+
+   -- where fieldType is prime-field, the parameters are of type Prime-p
+
+   prime-field OBJECT IDENTIFIER ::= { id-fieldType 1 }
+
+   Prime-p ::= INTEGER -- Finite field F(p), where p is an odd prime
+
+   -- where fieldType is characteristic-two-field, the parameters are
+   -- of type Characteristic-two
+
+   characteristic-two-field OBJECT IDENTIFIER ::= { id-fieldType 2 }
+
+   Characteristic-two ::= SEQUENCE {
+      m           INTEGER,                   -- Field size 2^m
+      basis       OBJECT IDENTIFIER,
+      parameters  ANY DEFINED BY basis }
+
+   -- recognized basis type OIDs are defined in the following arc
+
+   id-characteristic-two-basis OBJECT IDENTIFIER ::= {
+        characteristic-two-field basisType(3) }
+
+   -- gnbasis is identified by OID gnBasis and indicates
+   -- parameters are NULL
+
+   gnBasis OBJECT IDENTIFIER ::= { id-characteristic-two-basis 1 }
+
+   -- parameters for this basis are NULL
+
+   -- trinomial basis is identified by OID tpBasis and indicates
+   -- parameters of type Pentanomial
+
+   tpBasis OBJECT IDENTIFIER ::= { id-characteristic-two-basis 2 }
+
+   -- Trinomial basis representation of F2^m
+   -- Integer k for reduction polynomial xm + xk + 1
+
+   Trinomial ::= INTEGER
+
+   -- for pentanomial basis is identified by OID ppBasis and indicates
+   -- parameters of type Pentanomial
+
+   ppBasis OBJECT IDENTIFIER ::= { id-characteristic-two-basis 3 }
+
+   -- Pentanomial basis representation of F2^m
+   -- reduction polynomial integers k1, k2, k3
+   -- f(x) = x**m + x**k3 + x**k2 + x**k1 + 1
+
+   Pentanomial ::= SEQUENCE {
+      k1  INTEGER,
+      k2  INTEGER,
+      k3  INTEGER }
+
+   -- The object identifiers gnBasis, tpBasis and ppBasis name
+   -- three kinds of basis for characteristic-two finite fields
+
+   FieldElement ::= OCTET STRING             -- Finite field element
+
+   ECPoint  ::= OCTET STRING                 -- Elliptic curve point
+
+   -- Elliptic Curve parameters may be specified explicitly,
+   -- specified implicitly through a "named curve", or
+   -- inherited from the CA
+
+   EcpkParameters ::= CHOICE {
+      ecParameters  ECParameters,
+      namedCurve    OBJECT IDENTIFIER,
+      implicitlyCA  NULL }
+
+   ECParameters  ::= SEQUENCE {         -- Elliptic curve parameters
+      version   ECPVer,
+      fieldID   FieldID,
+      curve     Curve,
+      base      ECPoint,                -- Base point G
+      order     INTEGER,                -- Order n of the base point
+      cofactor  INTEGER  OPTIONAL }     -- The integer h = #E(Fq)/n
+
+   ECPVer ::= INTEGER {ecpVer1(1)}
+
+
+   Curve  ::= SEQUENCE {
+      a     FieldElement,            -- Elliptic curve coefficient a
+      b     FieldElement,            -- Elliptic curve coefficient b
+      seed  BIT STRING  OPTIONAL }
+
+   id-publicKeyType OBJECT IDENTIFIER  ::= { ansi-X9-62 keyType(2) }
+
+   id-ecPublicKey OBJECT IDENTIFIER ::= { id-publicKeyType 1 }
+
+   -- Named Elliptic Curves in ANSI X9.62.
+
+   ellipticCurve OBJECT IDENTIFIER ::= { ansi-X9-62 curves(3) }
+
+   c-TwoCurve OBJECT IDENTIFIER ::= {
+        ellipticCurve characteristicTwo(0) }
+
+   c2pnb163v1  OBJECT IDENTIFIER  ::=  { c-TwoCurve  1 }
+   c2pnb163v2  OBJECT IDENTIFIER  ::=  { c-TwoCurve  2 }
+   c2pnb163v3  OBJECT IDENTIFIER  ::=  { c-TwoCurve  3 }
+   c2pnb176w1  OBJECT IDENTIFIER  ::=  { c-TwoCurve  4 }
+   c2tnb191v1  OBJECT IDENTIFIER  ::=  { c-TwoCurve  5 }
+   c2tnb191v2  OBJECT IDENTIFIER  ::=  { c-TwoCurve  6 }
+   c2tnb191v3  OBJECT IDENTIFIER  ::=  { c-TwoCurve  7 }
+   c2onb191v4  OBJECT IDENTIFIER  ::=  { c-TwoCurve  8 }
+   c2onb191v5  OBJECT IDENTIFIER  ::=  { c-TwoCurve  9 }
+   c2pnb208w1  OBJECT IDENTIFIER  ::=  { c-TwoCurve 10 }
+   c2tnb239v1  OBJECT IDENTIFIER  ::=  { c-TwoCurve 11 }
+   c2tnb239v2  OBJECT IDENTIFIER  ::=  { c-TwoCurve 12 }
+   c2tnb239v3  OBJECT IDENTIFIER  ::=  { c-TwoCurve 13 }
+   c2onb239v4  OBJECT IDENTIFIER  ::=  { c-TwoCurve 14 }
+   c2onb239v5  OBJECT IDENTIFIER  ::=  { c-TwoCurve 15 }
+   c2pnb272w1  OBJECT IDENTIFIER  ::=  { c-TwoCurve 16 }
+   c2pnb304w1  OBJECT IDENTIFIER  ::=  { c-TwoCurve 17 }
+   c2tnb359v1  OBJECT IDENTIFIER  ::=  { c-TwoCurve 18 }
+   c2pnb368w1  OBJECT IDENTIFIER  ::=  { c-TwoCurve 19 }
+   c2tnb431r1  OBJECT IDENTIFIER  ::=  { c-TwoCurve 20 }
+
+   primeCurve OBJECT IDENTIFIER ::= { ellipticCurve prime(1) }
+
+   prime192v1  OBJECT IDENTIFIER  ::=  { primeCurve  1 }
+   prime192v2  OBJECT IDENTIFIER  ::=  { primeCurve  2 }
+   prime192v3  OBJECT IDENTIFIER  ::=  { primeCurve  3 }
+   prime239v1  OBJECT IDENTIFIER  ::=  { primeCurve  4 }
+   prime239v2  OBJECT IDENTIFIER  ::=  { primeCurve  5 }
+   prime239v3  OBJECT IDENTIFIER  ::=  { primeCurve  6 }
+   prime256v1  OBJECT IDENTIFIER  ::=  { primeCurve  7 }
+
+   END
\ No newline at end of file
diff --git a/RFC5280.asn b/RFC5280.asn
new file mode 100644
index 0000000000000000000000000000000000000000..f4ba763f704a2cf7c245a2dbcaeddc1cce68f300
--- /dev/null
+++ b/RFC5280.asn
@@ -0,0 +1,1030 @@
+PKIX1Explicit88 { iso(1) identified-organization(3) dod(6) internet(1)
+  security(5) mechanisms(5) pkix(7) id-mod(0) id-pkix1-explicit(18) }
+
+DEFINITIONS EXPLICIT TAGS ::=
+
+BEGIN
+
+-- EXPORTS ALL --
+
+-- IMPORTS NONE --
+
+-- UNIVERSAL Types defined in 1993 and 1998 ASN.1
+-- and required by this specification
+
+UniversalString ::= [UNIVERSAL 28] IMPLICIT OCTET STRING
+        -- UniversalString is defined in ASN.1:1993
+
+BMPString ::= [UNIVERSAL 30] IMPLICIT OCTET STRING
+      -- BMPString is the subtype of UniversalString and models
+      -- the Basic Multilingual Plane of ISO/IEC 10646
+
+UTF8String ::= [UNIVERSAL 12] IMPLICIT OCTET STRING
+      -- The content of this type conforms to RFC 3629.
+
+-- PKIX specific OIDs
+
+id-pkix  OBJECT IDENTIFIER  ::=
+         { iso(1) identified-organization(3) dod(6) internet(1)
+                    security(5) mechanisms(5) pkix(7) }
+
+
+-- PKIX arcs
+
+id-pe OBJECT IDENTIFIER ::= { id-pkix 1 }
+        -- arc for private certificate extensions
+id-qt OBJECT IDENTIFIER ::= { id-pkix 2 }
+        -- arc for policy qualifier types
+id-kp OBJECT IDENTIFIER ::= { id-pkix 3 }
+        -- arc for extended key purpose OIDS
+id-ad OBJECT IDENTIFIER ::= { id-pkix 48 }
+        -- arc for access descriptors
+
+-- policyQualifierIds for Internet policy qualifiers
+
+id-qt-cps      OBJECT IDENTIFIER ::=  { id-qt 1 }
+      -- OID for CPS qualifier
+id-qt-unotice  OBJECT IDENTIFIER ::=  { id-qt 2 }
+      -- OID for user notice qualifier
+
+-- access descriptor definitions
+
+id-ad-ocsp         OBJECT IDENTIFIER ::= { id-ad 1 }
+id-ad-caIssuers    OBJECT IDENTIFIER ::= { id-ad 2 }
+id-ad-timeStamping OBJECT IDENTIFIER ::= { id-ad 3 }
+id-ad-caRepository OBJECT IDENTIFIER ::= { id-ad 5 }
+
+-- attribute data types
+
+Attribute               ::= SEQUENCE {
+      type             AttributeType,
+      values    SET OF AttributeValue }
+            -- at least one value is required
+
+AttributeType           ::= OBJECT IDENTIFIER
+
+AttributeValue          ::= ANY -- DEFINED BY AttributeType
+
+AttributeTypeAndValue   ::= SEQUENCE {
+        type    AttributeType,
+        value   AttributeValue }
+
+-- suggested naming attributes: Definition of the following
+--   information object set may be augmented to meet local
+--   requirements.  Note that deleting members of the set may
+--   prevent interoperability with conforming implementations.
+-- presented in pairs: the AttributeType followed by the
+--   type definition for the corresponding AttributeValue
+
+
+
+
+-- Arc for standard naming attributes
+
+id-at OBJECT IDENTIFIER ::= { joint-iso-ccitt(2) ds(5) 4 }
+
+-- Naming attributes of type X520name
+
+id-at-name                AttributeType ::= { id-at 41 }
+id-at-surname             AttributeType ::= { id-at  4 }
+id-at-givenName           AttributeType ::= { id-at 42 }
+id-at-initials            AttributeType ::= { id-at 43 }
+id-at-generationQualifier AttributeType ::= { id-at 44 }
+
+-- Naming attributes of type X520Name:
+--   X520name ::= DirectoryString (SIZE (1..ub-name))
+--
+-- Expanded to avoid parameterized type:
+X520name ::= CHOICE {
+      teletexString     TeletexString   (SIZE (1..ub-name)),
+      printableString   PrintableString (SIZE (1..ub-name)),
+      universalString   UniversalString (SIZE (1..ub-name)),
+      utf8String        UTF8String      (SIZE (1..ub-name)),
+      bmpString         BMPString       (SIZE (1..ub-name)) }
+
+-- Naming attributes of type X520CommonName
+
+id-at-commonName        AttributeType ::= { id-at 3 }
+
+-- Naming attributes of type X520CommonName:
+--   X520CommonName ::= DirectoryName (SIZE (1..ub-common-name))
+--
+-- Expanded to avoid parameterized type:
+X520CommonName ::= CHOICE {
+      teletexString     TeletexString   (SIZE (1..ub-common-name)),
+      printableString   PrintableString (SIZE (1..ub-common-name)),
+      universalString   UniversalString (SIZE (1..ub-common-name)),
+      utf8String        UTF8String      (SIZE (1..ub-common-name)),
+      bmpString         BMPString       (SIZE (1..ub-common-name)) }
+
+
+
+
+
+
+
+
+
+-- Naming attributes of type X520LocalityName
+
+id-at-localityName      AttributeType ::= { id-at 7 }
+
+-- Naming attributes of type X520LocalityName:
+--   X520LocalityName ::= DirectoryName (SIZE (1..ub-locality-name))
+--
+-- Expanded to avoid parameterized type:
+X520LocalityName ::= CHOICE {
+      teletexString     TeletexString   (SIZE (1..ub-locality-name)),
+      printableString   PrintableString (SIZE (1..ub-locality-name)),
+      universalString   UniversalString (SIZE (1..ub-locality-name)),
+      utf8String        UTF8String      (SIZE (1..ub-locality-name)),
+      bmpString         BMPString       (SIZE (1..ub-locality-name)) }
+
+-- Naming attributes of type X520StateOrProvinceName
+
+id-at-stateOrProvinceName AttributeType ::= { id-at 8 }
+
+-- Naming attributes of type X520StateOrProvinceName:
+--   X520StateOrProvinceName ::= DirectoryName (SIZE (1..ub-state-name))
+--
+-- Expanded to avoid parameterized type:
+X520StateOrProvinceName ::= CHOICE {
+      teletexString     TeletexString   (SIZE (1..ub-state-name)),
+      printableString   PrintableString (SIZE (1..ub-state-name)),
+      universalString   UniversalString (SIZE (1..ub-state-name)),
+      utf8String        UTF8String      (SIZE (1..ub-state-name)),
+      bmpString         BMPString       (SIZE (1..ub-state-name)) }
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+-- Naming attributes of type X520OrganizationName
+
+id-at-organizationName  AttributeType ::= { id-at 10 }
+
+-- Naming attributes of type X520OrganizationName:
+--   X520OrganizationName ::=
+--          DirectoryName (SIZE (1..ub-organization-name))
+--
+-- Expanded to avoid parameterized type:
+X520OrganizationName ::= CHOICE {
+      teletexString     TeletexString
+                          (SIZE (1..ub-organization-name)),
+      printableString   PrintableString
+                          (SIZE (1..ub-organization-name)),
+      universalString   UniversalString
+                          (SIZE (1..ub-organization-name)),
+      utf8String        UTF8String
+                          (SIZE (1..ub-organization-name)),
+      bmpString         BMPString
+                          (SIZE (1..ub-organization-name))  }
+
+-- Naming attributes of type X520OrganizationalUnitName
+
+id-at-organizationalUnitName AttributeType ::= { id-at 11 }
+
+-- Naming attributes of type X520OrganizationalUnitName:
+--   X520OrganizationalUnitName ::=
+--          DirectoryName (SIZE (1..ub-organizational-unit-name))
+--
+-- Expanded to avoid parameterized type:
+X520OrganizationalUnitName ::= CHOICE {
+      teletexString     TeletexString
+                          (SIZE (1..ub-organizational-unit-name)),
+      printableString   PrintableString
+                          (SIZE (1..ub-organizational-unit-name)),
+      universalString   UniversalString
+                          (SIZE (1..ub-organizational-unit-name)),
+      utf8String        UTF8String
+                          (SIZE (1..ub-organizational-unit-name)),
+      bmpString         BMPString
+                          (SIZE (1..ub-organizational-unit-name)) }
+-- Naming attributes of type X520Title
+
+id-at-title             AttributeType ::= { id-at 12 }
+
+-- Naming attributes of type X520Title:
+--   X520Title ::= DirectoryName (SIZE (1..ub-title))
+--
+-- Expanded to avoid parameterized type:
+X520Title ::= CHOICE {
+      teletexString     TeletexString   (SIZE (1..ub-title)),
+      printableString   PrintableString (SIZE (1..ub-title)),
+      universalString   UniversalString (SIZE (1..ub-title)),
+      utf8String        UTF8String      (SIZE (1..ub-title)),
+      bmpString         BMPString       (SIZE (1..ub-title)) }
+
+-- Naming attributes of type X520dnQualifier
+
+id-at-dnQualifier       AttributeType ::= { id-at 46 }
+
+X520dnQualifier ::=     PrintableString
+
+-- Naming attributes of type X520countryName (digraph from IS 3166)
+
+id-at-countryName       AttributeType ::= { id-at 6 }
+
+X520countryName ::=     PrintableString (SIZE (2))
+
+-- Naming attributes of type X520SerialNumber
+
+id-at-serialNumber      AttributeType ::= { id-at 5 }
+
+X520SerialNumber ::=    PrintableString (SIZE (1..ub-serial-number))
+
+-- Naming attributes of type X520Pseudonym
+
+id-at-pseudonym         AttributeType ::= { id-at 65 }
+
+-- Naming attributes of type X520Pseudonym:
+--   X520Pseudonym ::= DirectoryName (SIZE (1..ub-pseudonym))
+--
+-- Expanded to avoid parameterized type:
+X520Pseudonym ::= CHOICE {
+   teletexString     TeletexString   (SIZE (1..ub-pseudonym)),
+   printableString   PrintableString (SIZE (1..ub-pseudonym)),
+   universalString   UniversalString (SIZE (1..ub-pseudonym)),
+   utf8String        UTF8String      (SIZE (1..ub-pseudonym)),
+   bmpString         BMPString       (SIZE (1..ub-pseudonym)) }
+
+
+-- Naming attributes of type DomainComponent (from RFC 4519)
+
+id-domainComponent   AttributeType ::= { 0 9 2342 19200300 100 1 25 }
+
+DomainComponent ::=  IA5String
+
+-- Legacy attributes
+
+pkcs-9 OBJECT IDENTIFIER ::=
+       { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) 9 }
+
+id-emailAddress      AttributeType ::= { pkcs-9 1 }
+
+EmailAddress ::=     IA5String (SIZE (1..ub-emailaddress-length))
+
+-- naming data types --
+
+Name ::= CHOICE { -- only one possibility for now --
+      rdnSequence  RDNSequence }
+
+RDNSequence ::= SEQUENCE OF RelativeDistinguishedName
+
+DistinguishedName ::=   RDNSequence
+
+RelativeDistinguishedName ::= SET SIZE (1..MAX) OF AttributeTypeAndValue
+
+-- Directory string type --
+
+DirectoryString ::= CHOICE {
+      teletexString       TeletexString   (SIZE (1..MAX)),
+      printableString     PrintableString (SIZE (1..MAX)),
+      universalString     UniversalString (SIZE (1..MAX)),
+      utf8String          UTF8String      (SIZE (1..MAX)),
+      bmpString           BMPString       (SIZE (1..MAX)) }
+
+-- certificate and CRL specific structures begin here
+
+Certificate  ::=  SEQUENCE  {
+     tbsCertificate       TBSCertificate,
+     signatureAlgorithm   AlgorithmIdentifier,
+     signature            BIT STRING  }
+
+TBSCertificate  ::=  SEQUENCE  {
+     version         [0]  Version DEFAULT v1,
+     serialNumber         CertificateSerialNumber,
+     signature            AlgorithmIdentifier,
+     issuer               Name,
+     validity             Validity,
+     subject              Name,
+     subjectPublicKeyInfo SubjectPublicKeyInfo,
+     issuerUniqueID  [1]  IMPLICIT UniqueIdentifier OPTIONAL,
+                          -- If present, version MUST be v2 or v3
+     subjectUniqueID [2]  IMPLICIT UniqueIdentifier OPTIONAL,
+                          -- If present, version MUST be v2 or v3
+     extensions      [3]  Extensions OPTIONAL
+                          -- If present, version MUST be v3 --  }
+
+Version  ::=  INTEGER  {  v1(0), v2(1), v3(2)  }
+
+CertificateSerialNumber  ::=  INTEGER
+
+Validity ::= SEQUENCE {
+     notBefore      Time,
+     notAfter       Time  }
+
+Time ::= CHOICE {
+     utcTime        UTCTime,
+     generalTime    GeneralizedTime }
+
+UniqueIdentifier  ::=  BIT STRING
+
+SubjectPublicKeyInfo  ::=  SEQUENCE  {
+     algorithm            AlgorithmIdentifier,
+     subjectPublicKey     BIT STRING  }
+
+Extensions  ::=  SEQUENCE SIZE (1..MAX) OF Extension
+
+Extension  ::=  SEQUENCE  {
+     extnID      OBJECT IDENTIFIER,
+     critical    BOOLEAN DEFAULT FALSE,
+     extnValue   OCTET STRING
+                 -- contains the DER encoding of an ASN.1 value
+                 -- corresponding to the extension type identified
+                 -- by extnID
+     }
+
+-- CRL structures
+
+CertificateList  ::=  SEQUENCE  {
+     tbsCertList          TBSCertList,
+     signatureAlgorithm   AlgorithmIdentifier,
+     signature            BIT STRING  }
+
+TBSCertList  ::=  SEQUENCE  {
+     version                 Version OPTIONAL,
+                                   -- if present, MUST be v2
+     signature               AlgorithmIdentifier,
+     issuer                  Name,
+     thisUpdate              Time,
+     nextUpdate              Time OPTIONAL,
+     revokedCertificates     SEQUENCE OF SEQUENCE  {
+          userCertificate         CertificateSerialNumber,
+          revocationDate          Time,
+          crlEntryExtensions      Extensions OPTIONAL
+                                   -- if present, version MUST be v2
+                               }  OPTIONAL,
+     crlExtensions           [0] Extensions OPTIONAL }
+                                   -- if present, version MUST be v2
+
+-- Version, Time, CertificateSerialNumber, and Extensions were
+-- defined earlier for use in the certificate structure
+
+AlgorithmIdentifier  ::=  SEQUENCE  {
+     algorithm               OBJECT IDENTIFIER,
+     parameters              ANY DEFINED BY algorithm OPTIONAL  }
+                                -- contains a value of the type
+                                -- registered for use with the
+                                -- algorithm object identifier value
+
+-- X.400 address syntax starts here
+
+ORAddress ::= SEQUENCE {
+   built-in-standard-attributes BuiltInStandardAttributes,
+   built-in-domain-defined-attributes
+                   BuiltInDomainDefinedAttributes OPTIONAL,
+   -- see also teletex-domain-defined-attributes
+   extension-attributes ExtensionAttributes OPTIONAL }
+
+-- Built-in Standard Attributes
+
+BuiltInStandardAttributes ::= SEQUENCE {
+   country-name                  CountryName OPTIONAL,
+   administration-domain-name    AdministrationDomainName OPTIONAL,
+   network-address           [0] IMPLICIT NetworkAddress OPTIONAL,
+     -- see also extended-network-address
+   terminal-identifier       [1] IMPLICIT TerminalIdentifier OPTIONAL,
+   private-domain-name       [2] PrivateDomainName OPTIONAL,
+   organization-name         [3] IMPLICIT OrganizationName OPTIONAL,
+     -- see also teletex-organization-name
+   numeric-user-identifier   [4] IMPLICIT NumericUserIdentifier
+                                 OPTIONAL,
+   personal-name             [5] IMPLICIT PersonalName OPTIONAL,
+     -- see also teletex-personal-name
+   organizational-unit-names [6] IMPLICIT OrganizationalUnitNames
+                                 OPTIONAL }
+     -- see also teletex-organizational-unit-names
+
+CountryName ::= [APPLICATION 1] CHOICE {
+   x121-dcc-code         NumericString
+                           (SIZE (ub-country-name-numeric-length)),
+   iso-3166-alpha2-code  PrintableString
+                           (SIZE (ub-country-name-alpha-length)) }
+
+AdministrationDomainName ::= [APPLICATION 2] CHOICE {
+   numeric   NumericString   (SIZE (0..ub-domain-name-length)),
+   printable PrintableString (SIZE (0..ub-domain-name-length)) }
+
+NetworkAddress ::= X121Address  -- see also extended-network-address
+
+X121Address ::= NumericString (SIZE (1..ub-x121-address-length))
+
+TerminalIdentifier ::= PrintableString (SIZE (1..ub-terminal-id-length))
+
+PrivateDomainName ::= CHOICE {
+   numeric   NumericString   (SIZE (1..ub-domain-name-length)),
+   printable PrintableString (SIZE (1..ub-domain-name-length)) }
+
+OrganizationName ::= PrintableString
+                            (SIZE (1..ub-organization-name-length))
+  -- see also teletex-organization-name
+
+NumericUserIdentifier ::= NumericString
+                            (SIZE (1..ub-numeric-user-id-length))
+
+PersonalName ::= SET {
+   surname     [0] IMPLICIT PrintableString
+                    (SIZE (1..ub-surname-length)),
+   given-name  [1] IMPLICIT PrintableString
+                    (SIZE (1..ub-given-name-length)) OPTIONAL,
+   initials    [2] IMPLICIT PrintableString
+                    (SIZE (1..ub-initials-length)) OPTIONAL,
+   generation-qualifier [3] IMPLICIT PrintableString
+                    (SIZE (1..ub-generation-qualifier-length))
+                    OPTIONAL }
+  -- see also teletex-personal-name
+
+OrganizationalUnitNames ::= SEQUENCE SIZE (1..ub-organizational-units)
+                             OF OrganizationalUnitName
+  -- see also teletex-organizational-unit-names
+
+OrganizationalUnitName ::= PrintableString (SIZE
+                    (1..ub-organizational-unit-name-length))
+
+-- Built-in Domain-defined Attributes
+
+BuiltInDomainDefinedAttributes ::= SEQUENCE SIZE
+                    (1..ub-domain-defined-attributes) OF
+                    BuiltInDomainDefinedAttribute
+
+BuiltInDomainDefinedAttribute ::= SEQUENCE {
+   type PrintableString (SIZE
+                   (1..ub-domain-defined-attribute-type-length)),
+   value PrintableString (SIZE
+                   (1..ub-domain-defined-attribute-value-length)) }
+
+-- Extension Attributes
+
+ExtensionAttributes ::= SET SIZE (1..ub-extension-attributes) OF
+               ExtensionAttribute
+
+ExtensionAttribute ::=  SEQUENCE {
+   extension-attribute-type [0] IMPLICIT INTEGER
+                   (0..ub-extension-attributes),
+   extension-attribute-value [1]
+                   ANY DEFINED BY extension-attribute-type }
+
+-- Extension types and attribute values
+
+common-name INTEGER ::= 1
+
+CommonName ::= PrintableString (SIZE (1..ub-common-name-length))
+
+teletex-common-name INTEGER ::= 2
+
+TeletexCommonName ::= TeletexString (SIZE (1..ub-common-name-length))
+
+teletex-organization-name INTEGER ::= 3
+
+TeletexOrganizationName ::=
+                TeletexString (SIZE (1..ub-organization-name-length))
+
+teletex-personal-name INTEGER ::= 4
+
+TeletexPersonalName ::= SET {
+   surname     [0] IMPLICIT TeletexString
+                    (SIZE (1..ub-surname-length)),
+   given-name  [1] IMPLICIT TeletexString
+                    (SIZE (1..ub-given-name-length)) OPTIONAL,
+   initials    [2] IMPLICIT TeletexString
+                    (SIZE (1..ub-initials-length)) OPTIONAL,
+   generation-qualifier [3] IMPLICIT TeletexString
+                    (SIZE (1..ub-generation-qualifier-length))
+                    OPTIONAL }
+
+teletex-organizational-unit-names INTEGER ::= 5
+
+TeletexOrganizationalUnitNames ::= SEQUENCE SIZE
+      (1..ub-organizational-units) OF TeletexOrganizationalUnitName
+
+TeletexOrganizationalUnitName ::= TeletexString
+                  (SIZE (1..ub-organizational-unit-name-length))
+
+pds-name INTEGER ::= 7
+
+PDSName ::= PrintableString (SIZE (1..ub-pds-name-length))
+
+physical-delivery-country-name INTEGER ::= 8
+
+PhysicalDeliveryCountryName ::= CHOICE {
+   x121-dcc-code NumericString (SIZE (ub-country-name-numeric-length)),
+   iso-3166-alpha2-code PrintableString
+                               (SIZE (ub-country-name-alpha-length)) }
+
+postal-code INTEGER ::= 9
+
+PostalCode ::= CHOICE {
+   numeric-code   NumericString (SIZE (1..ub-postal-code-length)),
+   printable-code PrintableString (SIZE (1..ub-postal-code-length)) }
+
+physical-delivery-office-name INTEGER ::= 10
+
+PhysicalDeliveryOfficeName ::= PDSParameter
+
+physical-delivery-office-number INTEGER ::= 11
+
+PhysicalDeliveryOfficeNumber ::= PDSParameter
+
+extension-OR-address-components INTEGER ::= 12
+
+ExtensionORAddressComponents ::= PDSParameter
+
+physical-delivery-personal-name INTEGER ::= 13
+
+PhysicalDeliveryPersonalName ::= PDSParameter
+
+physical-delivery-organization-name INTEGER ::= 14
+
+PhysicalDeliveryOrganizationName ::= PDSParameter
+
+extension-physical-delivery-address-components INTEGER ::= 15
+
+ExtensionPhysicalDeliveryAddressComponents ::= PDSParameter
+
+unformatted-postal-address INTEGER ::= 16
+
+UnformattedPostalAddress ::= SET {
+   printable-address SEQUENCE SIZE (1..ub-pds-physical-address-lines)
+        OF PrintableString (SIZE (1..ub-pds-parameter-length)) OPTIONAL,
+   teletex-string TeletexString
+        (SIZE (1..ub-unformatted-address-length)) OPTIONAL }
+
+street-address INTEGER ::= 17
+
+StreetAddress ::= PDSParameter
+
+post-office-box-address INTEGER ::= 18
+
+PostOfficeBoxAddress ::= PDSParameter
+
+poste-restante-address INTEGER ::= 19
+
+PosteRestanteAddress ::= PDSParameter
+
+unique-postal-name INTEGER ::= 20
+
+UniquePostalName ::= PDSParameter
+
+local-postal-attributes INTEGER ::= 21
+
+LocalPostalAttributes ::= PDSParameter
+
+PDSParameter ::= SET {
+   printable-string PrintableString
+                (SIZE(1..ub-pds-parameter-length)) OPTIONAL,
+   teletex-string TeletexString
+                (SIZE(1..ub-pds-parameter-length)) OPTIONAL }
+
+extended-network-address INTEGER ::= 22
+
+ExtendedNetworkAddress ::= CHOICE {
+   e163-4-address SEQUENCE {
+      number      [0] IMPLICIT NumericString
+                       (SIZE (1..ub-e163-4-number-length)),
+      sub-address [1] IMPLICIT NumericString
+                       (SIZE (1..ub-e163-4-sub-address-length))
+                       OPTIONAL },
+   psap-address   [0] IMPLICIT PresentationAddress }
+
+PresentationAddress ::= SEQUENCE {
+    pSelector     [0] EXPLICIT OCTET STRING OPTIONAL,
+    sSelector     [1] EXPLICIT OCTET STRING OPTIONAL,
+    tSelector     [2] EXPLICIT OCTET STRING OPTIONAL,
+    nAddresses    [3] EXPLICIT SET SIZE (1..MAX) OF OCTET STRING }
+
+terminal-type  INTEGER ::= 23
+
+TerminalType ::= INTEGER {
+   telex        (3),
+   teletex      (4),
+   g3-facsimile (5),
+   g4-facsimile (6),
+   ia5-terminal (7),
+   videotex     (8) } (0..ub-integer-options)
+
+-- Extension Domain-defined Attributes
+
+teletex-domain-defined-attributes INTEGER ::= 6
+
+TeletexDomainDefinedAttributes ::= SEQUENCE SIZE
+   (1..ub-domain-defined-attributes) OF TeletexDomainDefinedAttribute
+
+TeletexDomainDefinedAttribute ::= SEQUENCE {
+        type TeletexString
+               (SIZE (1..ub-domain-defined-attribute-type-length)),
+        value TeletexString
+               (SIZE (1..ub-domain-defined-attribute-value-length)) }
+
+
+
+--  specifications of Upper Bounds MUST be regarded as mandatory
+--  from Annex B of ITU-T X.411 Reference Definition of MTS Parameter
+--  Upper Bounds
+
+-- Upper Bounds
+ub-name INTEGER ::= 32768
+ub-common-name INTEGER ::= 64
+ub-locality-name INTEGER ::= 128
+ub-state-name INTEGER ::= 128
+ub-organization-name INTEGER ::= 64
+ub-organizational-unit-name INTEGER ::= 64
+ub-title INTEGER ::= 64
+ub-serial-number INTEGER ::= 64
+ub-match INTEGER ::= 128
+ub-emailaddress-length INTEGER ::= 255
+ub-common-name-length INTEGER ::= 64
+ub-country-name-alpha-length INTEGER ::= 2
+ub-country-name-numeric-length INTEGER ::= 3
+ub-domain-defined-attributes INTEGER ::= 4
+ub-domain-defined-attribute-type-length INTEGER ::= 8
+ub-domain-defined-attribute-value-length INTEGER ::= 128
+ub-domain-name-length INTEGER ::= 16
+ub-extension-attributes INTEGER ::= 256
+ub-e163-4-number-length INTEGER ::= 15
+ub-e163-4-sub-address-length INTEGER ::= 40
+ub-generation-qualifier-length INTEGER ::= 3
+ub-given-name-length INTEGER ::= 16
+ub-initials-length INTEGER ::= 5
+ub-integer-options INTEGER ::= 256
+ub-numeric-user-id-length INTEGER ::= 32
+ub-organization-name-length INTEGER ::= 64
+ub-organizational-unit-name-length INTEGER ::= 32
+ub-organizational-units INTEGER ::= 4
+ub-pds-name-length INTEGER ::= 16
+ub-pds-parameter-length INTEGER ::= 30
+ub-pds-physical-address-lines INTEGER ::= 6
+ub-postal-code-length INTEGER ::= 16
+ub-pseudonym INTEGER ::= 128
+ub-surname-length INTEGER ::= 40
+ub-terminal-id-length INTEGER ::= 24
+ub-unformatted-address-length INTEGER ::= 180
+ub-x121-address-length INTEGER ::= 16
+
+-- Note - upper bounds on string types, such as TeletexString, are
+-- measured in characters.  Excepting PrintableString or IA5String, a
+-- significantly greater number of octets will be required to hold
+-- such a value.  As a minimum, 16 octets, or twice the specified
+-- upper bound, whichever is the larger, should be allowed for
+
+
+-- TeletexString.  For UTF8String or UniversalString at least four
+-- times the upper bound should be allowed.
+
+END
+
+PKIX1Implicit88 { iso(1) identified-organization(3) dod(6) internet(1)
+  security(5) mechanisms(5) pkix(7) id-mod(0) id-pkix1-implicit(19) }
+
+DEFINITIONS IMPLICIT TAGS ::=
+
+BEGIN
+
+-- EXPORTS ALL --
+
+IMPORTS
+      id-pe, id-kp, id-qt-unotice, id-qt-cps,
+      -- delete following line if "new" types are supported --
+      BMPString, UTF8String,  -- end "new" types --
+      ORAddress, Name, RelativeDistinguishedName,
+      CertificateSerialNumber, Attribute, DirectoryString
+      FROM PKIX1Explicit88 { iso(1) identified-organization(3)
+            dod(6) internet(1) security(5) mechanisms(5) pkix(7)
+            id-mod(0) id-pkix1-explicit(18) };
+
+-- ISO arc for standard certificate and CRL extensions
+
+id-ce OBJECT IDENTIFIER  ::=  {joint-iso-ccitt(2) ds(5) 29}
+
+-- authority key identifier OID and syntax
+
+id-ce-authorityKeyIdentifier OBJECT IDENTIFIER ::=  { id-ce 35 }
+
+AuthorityKeyIdentifier ::= SEQUENCE {
+    keyIdentifier             [0] KeyIdentifier            OPTIONAL,
+    authorityCertIssuer       [1] GeneralNames             OPTIONAL,
+    authorityCertSerialNumber [2] CertificateSerialNumber  OPTIONAL }
+    -- authorityCertIssuer and authorityCertSerialNumber MUST both
+    -- be present or both be absent
+
+KeyIdentifier ::= OCTET STRING
+
+
+
+
+-- subject key identifier OID and syntax
+
+id-ce-subjectKeyIdentifier OBJECT IDENTIFIER ::=  { id-ce 14 }
+
+SubjectKeyIdentifier ::= KeyIdentifier
+
+-- key usage extension OID and syntax
+
+id-ce-keyUsage OBJECT IDENTIFIER ::=  { id-ce 15 }
+
+KeyUsage ::= BIT STRING {
+     digitalSignature        (0),
+     nonRepudiation          (1),  -- recent editions of X.509 have
+                                -- renamed this bit to contentCommitment
+     keyEncipherment         (2),
+     dataEncipherment        (3),
+     keyAgreement            (4),
+     keyCertSign             (5),
+     cRLSign                 (6),
+     encipherOnly            (7),
+     decipherOnly            (8) }
+
+-- private key usage period extension OID and syntax
+
+id-ce-privateKeyUsagePeriod OBJECT IDENTIFIER ::=  { id-ce 16 }
+
+PrivateKeyUsagePeriod ::= SEQUENCE {
+     notBefore       [0]     GeneralizedTime OPTIONAL,
+     notAfter        [1]     GeneralizedTime OPTIONAL }
+     -- either notBefore or notAfter MUST be present
+
+-- certificate policies extension OID and syntax
+
+id-ce-certificatePolicies OBJECT IDENTIFIER ::=  { id-ce 32 }
+
+anyPolicy OBJECT IDENTIFIER ::= { id-ce-certificatePolicies 0 }
+
+CertificatePolicies ::= SEQUENCE SIZE (1..MAX) OF PolicyInformation
+
+PolicyInformation ::= SEQUENCE {
+     policyIdentifier   CertPolicyId,
+     policyQualifiers   SEQUENCE SIZE (1..MAX) OF
+             PolicyQualifierInfo OPTIONAL }
+
+CertPolicyId ::= OBJECT IDENTIFIER
+
+PolicyQualifierInfo ::= SEQUENCE {
+     policyQualifierId  PolicyQualifierId,
+     qualifier          ANY DEFINED BY policyQualifierId }
+
+-- Implementations that recognize additional policy qualifiers MUST
+-- augment the following definition for PolicyQualifierId
+
+PolicyQualifierId ::= OBJECT IDENTIFIER ( id-qt-cps | id-qt-unotice )
+
+-- CPS pointer qualifier
+
+CPSuri ::= IA5String
+
+-- user notice qualifier
+
+UserNotice ::= SEQUENCE {
+     noticeRef        NoticeReference OPTIONAL,
+     explicitText     DisplayText OPTIONAL }
+
+NoticeReference ::= SEQUENCE {
+     organization     DisplayText,
+     noticeNumbers    SEQUENCE OF INTEGER }
+
+DisplayText ::= CHOICE {
+     ia5String        IA5String      (SIZE (1..200)),
+     visibleString    VisibleString  (SIZE (1..200)),
+     bmpString        BMPString      (SIZE (1..200)),
+     utf8String       UTF8String     (SIZE (1..200)) }
+
+-- policy mapping extension OID and syntax
+
+id-ce-policyMappings OBJECT IDENTIFIER ::=  { id-ce 33 }
+
+PolicyMappings ::= SEQUENCE SIZE (1..MAX) OF SEQUENCE {
+     issuerDomainPolicy      CertPolicyId,
+     subjectDomainPolicy     CertPolicyId }
+
+-- subject alternative name extension OID and syntax
+
+id-ce-subjectAltName OBJECT IDENTIFIER ::=  { id-ce 17 }
+
+SubjectAltName ::= GeneralNames
+
+GeneralNames ::= SEQUENCE SIZE (1..MAX) OF GeneralName
+
+GeneralName ::= CHOICE {
+     otherName                 [0]  AnotherName,
+     rfc822Name                [1]  IA5String,
+     dNSName                   [2]  IA5String,
+     x400Address               [3]  ORAddress,
+     directoryName             [4]  Name,
+     ediPartyName              [5]  EDIPartyName,
+     uniformResourceIdentifier [6]  IA5String,
+     iPAddress                 [7]  OCTET STRING,
+     registeredID              [8]  OBJECT IDENTIFIER }
+
+-- AnotherName replaces OTHER-NAME ::= TYPE-IDENTIFIER, as
+-- TYPE-IDENTIFIER is not supported in the '88 ASN.1 syntax
+
+AnotherName ::= SEQUENCE {
+     type-id    OBJECT IDENTIFIER,
+     value      [0] EXPLICIT ANY DEFINED BY type-id }
+
+EDIPartyName ::= SEQUENCE {
+     nameAssigner              [0]  DirectoryString OPTIONAL,
+     partyName                 [1]  DirectoryString }
+
+-- issuer alternative name extension OID and syntax
+
+id-ce-issuerAltName OBJECT IDENTIFIER ::=  { id-ce 18 }
+
+IssuerAltName ::= GeneralNames
+
+id-ce-subjectDirectoryAttributes OBJECT IDENTIFIER ::=  { id-ce 9 }
+
+SubjectDirectoryAttributes ::= SEQUENCE SIZE (1..MAX) OF Attribute
+
+-- basic constraints extension OID and syntax
+
+id-ce-basicConstraints OBJECT IDENTIFIER ::=  { id-ce 19 }
+
+BasicConstraints ::= SEQUENCE {
+     cA                      BOOLEAN DEFAULT FALSE,
+     pathLenConstraint       INTEGER (0..MAX) OPTIONAL }
+
+
+-- name constraints extension OID and syntax
+
+id-ce-nameConstraints OBJECT IDENTIFIER ::=  { id-ce 30 }
+
+NameConstraints ::= SEQUENCE {
+     permittedSubtrees       [0]     GeneralSubtrees OPTIONAL,
+     excludedSubtrees        [1]     GeneralSubtrees OPTIONAL }
+
+GeneralSubtrees ::= SEQUENCE SIZE (1..MAX) OF GeneralSubtree
+
+GeneralSubtree ::= SEQUENCE {
+     base                    GeneralName,
+     minimum         [0]     BaseDistance DEFAULT 0,
+     maximum         [1]     BaseDistance OPTIONAL }
+
+BaseDistance ::= INTEGER (0..MAX)
+
+-- policy constraints extension OID and syntax
+
+id-ce-policyConstraints OBJECT IDENTIFIER ::=  { id-ce 36 }
+
+PolicyConstraints ::= SEQUENCE {
+     requireExplicitPolicy   [0]     SkipCerts OPTIONAL,
+     inhibitPolicyMapping    [1]     SkipCerts OPTIONAL }
+
+SkipCerts ::= INTEGER (0..MAX)
+
+-- CRL distribution points extension OID and syntax
+
+id-ce-cRLDistributionPoints     OBJECT IDENTIFIER  ::=  {id-ce 31}
+
+CRLDistributionPoints ::= SEQUENCE SIZE (1..MAX) OF DistributionPoint
+
+DistributionPoint ::= SEQUENCE {
+     distributionPoint       [0]     DistributionPointName OPTIONAL,
+     reasons                 [1]     ReasonFlags OPTIONAL,
+     cRLIssuer               [2]     GeneralNames OPTIONAL }
+
+DistributionPointName ::= CHOICE {
+     fullName                [0]     GeneralNames,
+     nameRelativeToCRLIssuer [1]     RelativeDistinguishedName }
+
+
+ReasonFlags ::= BIT STRING {
+     unused                  (0),
+     keyCompromise           (1),
+     cACompromise            (2),
+     affiliationChanged      (3),
+     superseded              (4),
+     cessationOfOperation    (5),
+     certificateHold         (6),
+     privilegeWithdrawn      (7),
+     aACompromise            (8) }
+
+-- extended key usage extension OID and syntax
+
+id-ce-extKeyUsage OBJECT IDENTIFIER ::= {id-ce 37}
+
+ExtKeyUsageSyntax ::= SEQUENCE SIZE (1..MAX) OF KeyPurposeId
+
+KeyPurposeId ::= OBJECT IDENTIFIER
+
+-- permit unspecified key uses
+
+anyExtendedKeyUsage OBJECT IDENTIFIER ::= { id-ce-extKeyUsage 0 }
+
+-- extended key purpose OIDs
+
+id-kp-serverAuth             OBJECT IDENTIFIER ::= { id-kp 1 }
+id-kp-clientAuth             OBJECT IDENTIFIER ::= { id-kp 2 }
+id-kp-codeSigning            OBJECT IDENTIFIER ::= { id-kp 3 }
+id-kp-emailProtection        OBJECT IDENTIFIER ::= { id-kp 4 }
+id-kp-timeStamping           OBJECT IDENTIFIER ::= { id-kp 8 }
+id-kp-OCSPSigning            OBJECT IDENTIFIER ::= { id-kp 9 }
+
+-- inhibit any policy OID and syntax
+
+id-ce-inhibitAnyPolicy OBJECT IDENTIFIER ::=  { id-ce 54 }
+
+InhibitAnyPolicy ::= SkipCerts
+
+-- freshest (delta)CRL extension OID and syntax
+
+id-ce-freshestCRL OBJECT IDENTIFIER ::=  { id-ce 46 }
+
+FreshestCRL ::= CRLDistributionPoints
+-- authority info access
+
+id-pe-authorityInfoAccess OBJECT IDENTIFIER ::= { id-pe 1 }
+
+AuthorityInfoAccessSyntax  ::=
+        SEQUENCE SIZE (1..MAX) OF AccessDescription
+
+AccessDescription  ::=  SEQUENCE {
+        accessMethod          OBJECT IDENTIFIER,
+        accessLocation        GeneralName  }
+
+-- subject info access
+
+id-pe-subjectInfoAccess OBJECT IDENTIFIER ::= { id-pe 11 }
+
+SubjectInfoAccessSyntax  ::=
+        SEQUENCE SIZE (1..MAX) OF AccessDescription
+
+-- CRL number extension OID and syntax
+
+id-ce-cRLNumber OBJECT IDENTIFIER ::= { id-ce 20 }
+
+CRLNumber ::= INTEGER (0..MAX)
+
+-- issuing distribution point extension OID and syntax
+
+id-ce-issuingDistributionPoint OBJECT IDENTIFIER ::= { id-ce 28 }
+
+IssuingDistributionPoint ::= SEQUENCE {
+     distributionPoint          [0] DistributionPointName OPTIONAL,
+     onlyContainsUserCerts      [1] BOOLEAN DEFAULT FALSE,
+     onlyContainsCACerts        [2] BOOLEAN DEFAULT FALSE,
+     onlySomeReasons            [3] ReasonFlags OPTIONAL,
+     indirectCRL                [4] BOOLEAN DEFAULT FALSE,
+     onlyContainsAttributeCerts [5] BOOLEAN DEFAULT FALSE }
+     -- at most one of onlyContainsUserCerts, onlyContainsCACerts,
+     -- and onlyContainsAttributeCerts may be set to TRUE.
+
+id-ce-deltaCRLIndicator OBJECT IDENTIFIER ::= { id-ce 27 }
+
+BaseCRLNumber ::= CRLNumber
+-- reason code extension OID and syntax
+
+id-ce-cRLReasons OBJECT IDENTIFIER ::= { id-ce 21 }
+
+CRLReason ::= ENUMERATED {
+     unspecified             (0),
+     keyCompromise           (1),
+     cACompromise            (2),
+     affiliationChanged      (3),
+     superseded              (4),
+     cessationOfOperation    (5),
+     certificateHold         (6),
+     removeFromCRL           (8),
+     privilegeWithdrawn      (9),
+     aACompromise           (10) }
+
+-- certificate issuer CRL entry extension OID and syntax
+
+id-ce-certificateIssuer OBJECT IDENTIFIER ::= { id-ce 29 }
+
+CertificateIssuer ::= GeneralNames
+
+-- hold instruction extension OID and syntax
+
+id-ce-holdInstructionCode OBJECT IDENTIFIER ::= { id-ce 23 }
+
+HoldInstructionCode ::= OBJECT IDENTIFIER
+
+-- ANSI x9 arc holdinstruction arc
+
+holdInstruction OBJECT IDENTIFIER ::=
+          {joint-iso-itu-t(2) member-body(2) us(840) x9cm(10040) 2}
+
+-- ANSI X9 holdinstructions
+
+id-holdinstruction-none OBJECT IDENTIFIER  ::=
+                                      {holdInstruction 1} -- deprecated
+
+id-holdinstruction-callissuer OBJECT IDENTIFIER ::= {holdInstruction 2}
+
+id-holdinstruction-reject OBJECT IDENTIFIER ::= {holdInstruction 3}
+END
\ No newline at end of file
diff --git a/Readme.md b/Readme.md
new file mode 100644
index 0000000000000000000000000000000000000000..5e73c890752eaa411007fbc3c66c04c01d6b14e5
--- /dev/null
+++ b/Readme.md
@@ -0,0 +1,123 @@
+# ETSI SSP TTF x509 certificates generation
+## Overview
+This set of programs and files aims at generating the x509v3 certificates used for the Accessor Authentication Service as described in annex C of the [TS 103.666 part 1 V15.2.0  (2020-04)](https://www.etsi.org/deliver/etsi_ts/103600_103699/10366601/15.00.00_60/ts_10366601v150000p.pdf) .
+## Installation
+OpenSSL 3.0.0 shall be installed. The guidelines for performing the installation are available in [OpenSSL](https://www.openssl.org)
+Python Cryptography package shall be installed. The guidelines for performing the installation are available in [Cryptography.io](https://cryptography.io/en/latest/installation.html) .
+## Generation of the private and public keys
+The batch file GENKEY.bat contains the OpenSSL instruction for generating the private and public keys acccording to annex C of ETSI TS 103.666 part 1.
+The following shell command shall be executed.
+
+`./GENKEY.bat`
+
+## Generation of the certificates
+The following command shall be executed.
+
+`python3 CreateCertificate.py -i <parameters_file.yaml`
+
+The **parameters_file.yaml** contains the certificate parameters.
+The certificates are generated and stored in the **./certificates** directory with the DER and PEM format.
+The human readable visualization is possible on the following web site [Certlogic](https://certlogik.com/decoder)
+## Certificate parameters
+Each certificate has its parameters in a YAML structure in a YAML file.
+As example, the YAML structure of the AAS certification path from the CI to the End Entity certificate is the following:
+
+    - Extensions:
+        CertificatePolicies:
+            Critical: true
+            Value:
+                Identifier: 0.4.0.3666.1.2
+                Explicit_text: id-role-AAA
+        BasicConstraints:
+            Critical: true
+            Value:
+                CA: true
+                Pathlen: 0
+    Serial_number: 3
+    Not_after: '2021-12-01T12:00:00'
+    Not_before: '2021-01-01T12:00:00'
+    Issuer:
+            C: FR
+            ST: PACA
+            CN: ETSI-SSP-AAA-CI
+            O: ETSI.ORG
+            OU: SSP-TTF
+    Subject:
+            C: FR
+            ST: PACA
+            CN: ETSI-SSP-AAA-CA
+            O: ETSI.ORG
+            OU: SSP-TTF
+## Generation of the authentication token
+The following command allows to generate an authentication token:
+`python3 CreateToken.py -i <parameters_file.yaml`
+
+The **parameters_file.yaml** contains the authentication token parameters.
+
+    Challenge:
+    Generate: false # Do not generate a challenge
+    Name: AAS01     # File name of the file containing the challenge
+    CertificationPath: 
+    Name: CP_AAA    # File name of the DER file containing the certification path
+    Path:
+        - ETSI-SSP-AAA-CI # AAA CI
+        - ETSI-SSP-AAA-CA # AAA CA
+        - ETSI-SSP-AAA-EE # AAA EE
+    Modeles:
+        - RFC5280.asn     # x509v3 certificate model
+        - RFC3279.asn     # ECC signature parameters
+    AuthenticationToken:  
+    Name: ATK-AAA-ECKA    # File name of the authentication token DER file
+    Issuer: ETSI-SSP-AAA-EE # Certificatte verifying the authentication token
+    ECKA-Curve: BrainpoolP256R1 # ECC curve for key agreement
+    KeySize: 256  # key size of the streamcipher
+    Modeles: 
+        - RFC5280.asn     # x509v3 certificate model
+        - RFC3279.asn     # ECC signature parameters
+        - SSP_ASN.asn     # SSP model
+
+The autentication token can be dumped by using the online tool [here](https://lapo.it/asn1js/#).
+
+![ATK.AAA.ECKA dump](./ATK_DUMP.png)
+
+## Generation of the accessor authentication commands and responses.
+The following command allows to generate the commands for the accessor authentication service:
+`python3 CreateAuthCommand.py -i <parameters_file.yaml`
+
+    Challenge command: # Generate a challenge
+        Name: AAS01      # Write a binary file containing a 128 bit challenge
+    Challenge response:
+        Path: CP_AAS     # AAS certification path
+        Challenge: AAS01 # Write a binary file containing a 128 bit challenge
+        Name: aAAS-OP-GET-CHALLENGE-Service-Response
+    Read Challenge response:
+        Name: aAAS-OP-GET-CHALLENGE-Service-Response
+    Authenticate command:
+        Path: CP_AAA # File name of the DER file containing the certification path
+        AuthenticationToken: ATK-AAA-ECKA # File name of the DER file containing the authentication token
+        Name: aAAS-OP-AUTHENTICATE-Service-Command
+    Authenticate response:
+        AuthenticationToken: ATK-AAS-ECKA
+        Name: aAAS-OP-AUTHENTICATE-Service-Response 
+    OAS command: # Generate aAAS-OP-ACCESS-SERVICE-Service-Command for secure pipe
+        Name: OAS_COMMAND # Name file containing the DER command
+        Service Identifier: 'DD61116FF0DD57F48A4F52EE70276F24' # Root accessor identifier
+    OAS response: # Generate aAAS-OP-ACCESS-SERVICE-Service-Response with a random gate identifier
+        Name: OAS_RESPONSE # Name file containing the DER response
+    Read OAS response: # Read aAAS-OP-ACCESS-SERVICE-Service-Response and extract the gate identifier
+        Name: OAS_RESPONSE  # Name file containing the DER response 
+    Generate shared key:
+        Private: ATK-AAA-ECKA # File name of the DER file containing the private key
+        Public: ATK-AAS-ECKA # File name of the DER file containing the authentication token
+        Name: GCM_AAA_AAS # File name of the DER file containing K and IV
+    Encrypt:
+        Name: GCM_AAA_AAS # Container for the derived keys/IV
+        MTU: 240 # MTU of the secure SCL message
+        Sequence: 1
+        In: Text_In # File name in
+        Out: Text_Out #File Name out
+    Decrypt:
+        Name: GCM_AAA_AAS
+        MTU: 240
+        In: Text_Out # File name in
+        Out: Text_Out_bis #File Name out
\ No newline at end of file
diff --git a/SSPToken.asn b/SSPToken.asn
new file mode 100644
index 0000000000000000000000000000000000000000..acf131b9431e4c425448267d5cc3402c8befc8ec
--- /dev/null
+++ b/SSPToken.asn
@@ -0,0 +1,77 @@
+SSPToken 
+DEFINITIONS
+EXPLICIT TAGS
+EXTENSIBILITY IMPLIED ::=
+BEGIN
+ECDSA-Sig-Value ::= SEQUENCE {
+	r     INTEGER,
+	s     INTEGER }
+Version  ::=  INTEGER  {  v1(0), v2(1), v3(2)  }	
+OID ::= OBJECT IDENTIFIER	
+AlgorithmIdentifier  ::=  SEQUENCE  {
+	algorithm               OBJECT IDENTIFIER,
+	parameters              ANY DEFINED BY algorithm OPTIONAL  }
+								-- contains a value of the type
+								-- registered for use with the
+								-- algorithm object identifier value		
+SubjectPublicKeyInfo  ::=  SEQUENCE  {
+	algorithm            AlgorithmIdentifier,
+	subjectPublicKey     BIT STRING  }
+AuthenticationToken ::= SEQUENCE
+{
+	tbsToken TBSToken,
+	signatureAlgorithm AlgorithmIdentifier,
+	signature ECDSA-Sig-Value 
+}
+
+TBSToken ::= SEQUENCE
+{
+	version [0] Version DEFAULT v1,
+	subjectPublicKeyInfo SubjectPublicKeyInfo,
+	signature            AlgorithmIdentifier,
+	aATK-Content ATK-Content OPTIONAL,
+	extensions [8] Extensions OPTIONAL
+}
+
+Key-Size ::= INTEGER
+{
+	e128 (0),  -- 128 Bit Key size
+	e256 (1)  -- 256 Bit Key size
+}
+
+StreamCipherIdentifier ::= INTEGER
+{
+	aAES-CGM-StreamCipherIdentifier (0)  -- AES GCM algorithm
+}
+ 
+ATK-Content ::= SEQUENCE 
+{
+	aChallenge OCTET STRING (SIZE (16)) OPTIONAL,  -- Challenge	
+	aKey-Size Key-Size OPTIONAL,
+	aStreamCipherIdentifier StreamCipherIdentifier OPTIONAL
+}
+
+
+id-ssp OBJECT IDENTIFIER ::= { itu-t (0) identified-organization (4) etsi (0) smart-secure-platform (3666) part1 (1) }
+id-role OBJECT IDENTIFIER ::= { id-ssp role (1) }
+id-role-aaa OBJECT IDENTIFIER ::= { id-role aaa (1) }
+id-role-aas OBJECT IDENTIFIER ::= { id-role aas (2) }
+Extensions  ::=  SET SIZE (1..MAX) OF Extension
+
+Extension  ::=  SEQUENCE  {
+     extnID      OBJECT IDENTIFIER,
+     critical    BOOLEAN DEFAULT FALSE,
+     extnValue   OCTET STRING
+                 -- contains the DER encoding of an ASN.1 value
+                 -- corresponding to the extension type identified
+                 -- by extnID
+     }
+
+KeyIdentifier ::= OCTET STRING	 
+AuthorityKeyIdentifier ::= SEQUENCE {
+keyIdentifier             [0] KeyIdentifier           OPTIONAL}
+GCM-Parameters ::=SEQUENCE {
+	aKey	OCTET STRING,
+	aIV	OCTET STRING
+}
+END
\ No newline at end of file
diff --git a/SSP_ASN.asn b/SSP_ASN.asn
new file mode 100644
index 0000000000000000000000000000000000000000..a6d6d7c56f1d142cf5664c39970c60154135c2e1
--- /dev/null
+++ b/SSP_ASN.asn
@@ -0,0 +1,490 @@
+SSPDefinitions { itu-t (0) identified-organization (4) etsi (0) smart-secure-platform (3666) part1 (1) }
+DEFINITIONS
+AUTOMATIC TAGS
+EXTENSIBILITY IMPLIED ::=
+BEGIN
+
+EXPORTS ALL;
+
+/* Imports */
+IMPORTS
+	Certificate,  -- RFC5280 Certificate X.509v3
+	id-pkix,
+	Extensions,  -- RFC5280 X.509v3 extension
+	Extension,
+	AlgorithmIdentifier,
+	Attribute,
+	AttributeType,
+	AttributeValue,
+	AttributeTypeAndValue,
+	SubjectPublicKeyInfo,
+	UniqueIdentifier,
+	Validity,
+	Version
+	FROM PKIX1Explicit88
+ECDSA-Sig-Value
+	FROM PKIX1Algorithms88;
+
+
+/* Basic types */
+maxUInt32 INTEGER ::= 4294967295
+UInt32 ::= INTEGER (0..maxUInt32)
+
+/* Common types */
+UUID ::= OCTET STRING (SIZE(16))
+URI ::= OCTET STRING
+Certificates ::= SET OF Certificate
+VersionType ::= OCTET STRING(SIZE(2)) -- major/minor version, coded as binary value on byte 1 and 2, e.g. '0F 00' for v15.0.
+
+
+AccessControl ::= SEQUENCE
+{
+	aAccessorIdentity AccessorIdentity,  -- Identity of the accessor accessing the resource
+	aAccessorRights AccessorRights,  -- Accessor rights (e.g. delete, update).
+	aGrantorIdentity AccessorIdentity OPTIONAL  -- Identity of the grantor
+}
+
+
+AccessorRights ::= BIT STRING
+{
+	eRight-Bit1 (0),
+	eRight-Bit2 (1),
+	eRight-Bit3 (2),
+	eRight-Bit4 (3),
+	eRight-Bit5 (4),
+	eRight-Bit6 (5),
+	eRight-Bit7 (6),
+	eRight-Bit8 (7),
+	eRight-Bit9 (8),
+	eRight-Bit10 (9),
+	eRight-Bit11 (10),
+	eRight-Bit12 (11),
+	eRight-Bit13 (12),
+	eRight-Bit14 (13),
+	eRight-Bit15 (14),
+	eRight-Bit16 (15),
+	eRight-Bit17 (16),
+	eRight-Bit18 (17),
+	eRight-Bit19 (18),
+	eRight-Bit20 (19),
+	eRight-Bit21 (20),
+	eRight-Bit22 (21),
+	eRight-Bit23 (22),
+	eRight-Bit24 (23),
+	eRight-Bit25 (24),
+	eRight-Bit26 (25),
+	eRight-Bit27 (26),
+	eRight-Bit28 (27),
+	eRight-Bit29 (28),
+	eRight-Bit30 (29),
+	eRight-Bit31 (30),
+	eRight-Bit32 (31)
+} (SIZE(32))
+
+
+AccessControlList ::= SET OF AccessControl  -- Access control list
+
+
+Accessor ::= [PRIVATE 8] CHOICE
+{
+	aAccessorGroup AccessorGroup,
+	aAccessorUser AccessorUser
+}
+
+AccessorGroup ::= SEQUENCE
+{
+	aAccessorIdentity AccessorIdentity,  -- Identity of the accessor
+	aMembersOfGroup SET OF AccessorIdentity,  -- Members of the group
+	aACL AccessControlList  -- Access control list
+}
+
+AccessorUser ::= SEQUENCE
+{
+	aAccessorIdentity AccessorIdentity,  -- Identity of the accessor
+	aAccessorConditions AccessorConditions OPTIONAL,  -- Accessor conditions
+	aACL AccessControlList  -- Access control list
+}
+
+
+AccessorIdentity ::= UUID  -- accessor identity
+
+
+AccessorConditions ::= SEQUENCE
+{
+	aAccessConditionsBiometry AccessorConditionsBiometry OPTIONAL,
+	aAccessConditionsPIN AccessorConditionsPIN OPTIONAL,
+	aAccessConditionsTokens AccessorConditionsToken OPTIONAL,
+	aAccessConditionHostDomain AccessConditionHostDomain OPTIONAL
+}
+
+
+AccessorConditionsBiometry ::= [PRIVATE 9] BIT STRING
+{
+	eReservedForFuture (0)  -- Reserved for future usage
+} (SIZE(32))
+
+
+AccessorConditionsPIN ::= [PRIVATE 10] BIT STRING
+{
+	ePinNumeric (0),  -- The user shall present a numeric PIN
+	ePinPassword (1),  -- The user shall present a password
+	ePinPattern (2)  -- The user shall present a graphical pattern
+} (SIZE(32))
+
+
+AccessorConditionsToken ::= [PRIVATE 11] BIT STRING
+{
+	eTokenCertificate (0)  -- A token verification by using the certificate shall be performed
+} (SIZE(32))
+
+
+AccessConditionHostDomain ::= [PRIVATE 12] BOOLEAN
+
+
+eAASAccessRight-RequiresSecurePipe AccessorRights ::= {eRight-Bit1 }
+eAASAccessRight-Create AccessorRights ::= { eRight-Bit2 }
+eAASAccessRight-Delete AccessorRights ::= { eRight-Bit3 }
+eAASAccessRight-Update AccessorRights ::= { eRight-Bit4 }
+eAASAccessRight-UpdateACL AccessorRights ::= { eRight-Bit5 }
+eAASAccessRight-UpdateGroup AccessorRights ::= { eRight-Bit6 }
+eAASAccessRight-UpdateCredentialPolicy AccessorRights ::= { eRight-Bit7 }
+eAASAccessRight-UpdateCredentialStatus AccessorRights ::= { eRight-Bit8 }
+
+
+/* Maximum size of each side of the entry panel for pattern */
+maxEntryPanelDimension INTEGER ::= 10
+
+/* Coordinate of point in pattern from the top-left corner, starting with index 1 */
+PatternPoint ::= SEQUENCE
+{
+	x INTEGER (1.. maxEntryPanelDimension),  -- X coordinate
+	y INTEGER (1.. maxEntryPanelDimension)  -- Y coordinate
+}
+maxLenthPath INTEGER ::= 4 --Maximal length of a AAS certification path 
+maxCI		 INTEGER ::= 4 --Maximal of CI certificate for verifying the AAA certification path
+TokenCredential ::=SEQUENCE
+{
+	aCertificatesAAS [0] Certificates (SIZE(1..maxLenthPath)),  -- Set of X.509 certificates of the accessor authentication service
+	aCertificateCIAAA[1] Certificates (SIZE(1..maxCI)) OPTIONAL --Certificates of the CI of the accessor authentication application
+}
+AccessorCredentials ::= [PRIVATE 13] SEQUENCE
+{
+	-- Credentials of type PIN
+	aPinNumericCredential [0] NumericString (SIZE(4..255)) OPTIONAL,  -- Numeric PIN
+	aPinPasswordCredential [1] PrintableString (SIZE(4..255)) OPTIONAL,  -- Password
+	aPinPatternCredential [2] SEQUENCE (SIZE(4..255)) OF PatternPoint  OPTIONAL,  -- Graphical pattern
+
+	-- Credentials for the token based verification
+	aTokenCredential  [10] TokenCredential OPTIONAL,  -- Set of X.509 certificates of the AAS certification path and set of AAA CIs
+	-- Credentials of type host domain
+	aHostDomainCredential [20] SET OF UUID OPTIONAL  -- Set of SCL host domains
+
+	-- Credentials of type biometric: for future usage
+}
+
+
+PinNumericPolicy ::= SEQUENCE
+{
+	aIsDisableForbidden BOOLEAN DEFAULT FALSE,  -- Disabling forbidden
+	aMinSize INTEGER (4..255) DEFAULT 4,  -- Minimum size of PIN
+	aMaxSize INTEGER (4..255) DEFAULT 255,  -- Maximum size of PIN
+	aMaxAttempts INTEGER (0..255) DEFAULT 0  -- Maximum number of attempts
+}
+
+PinPasswordPolicy ::= SEQUENCE
+{
+	aMinSize INTEGER (4..255) DEFAULT 4,  -- Minimum length of password
+	aMaxSize INTEGER (4..255) DEFAULT 255,  -- Maximum length of password
+	aRequiresLowerCaseLetter BOOLEAN DEFAULT FALSE,  -- At least one lower case letter is required
+	aRequiresUpperCaseLetter BOOLEAN DEFAULT FALSE,  -- At least one upper case letter is required
+	aRequiresNumber BOOLEAN DEFAULT FALSE,  -- At least on numeric digit is required
+	aRequiresSymbol BOOLEAN DEFAULT FALSE,  -- At least one special character is required
+	aMaxAttempts INTEGER (0..255) DEFAULT 0  -- Maximum number of attempts
+}
+
+PinPatternPolicy ::= SEQUENCE
+{
+	aMinSize INTEGER (4..255) DEFAULT 4,  -- Minimum number of points in pattern
+	aMaxSize INTEGER (4..255) DEFAULT 255,  -- Maximum number of points in pattern
+	aEntryPanelMinSize INTEGER (3.. maxEntryPanelDimension) DEFAULT 3,
+	aSamePointMultipleTimes BOOLEAN DEFAULT FALSE,  -- If a point can occur multiple times
+	aMaxAttempts INTEGER (0..255) DEFAULT 0  -- Maximum number of attempts
+}
+
+AccessorCredentialsPolicy ::= SEQUENCE
+{
+	aPinNumericPolicy PinNumericPolicy OPTIONAL,  -- Numeric PIN policy
+	aPinPasswordPolicy PinPasswordPolicy OPTIONAL,  -- Password policy
+	aPinPatternPolicy PinPatternPolicy OPTIONAL  -- Graphical pattern policy
+}
+
+
+AccessorCommonCredentialStatus ::= SEQUENCE
+{
+	aIsDisabled BOOLEAN DEFAULT TRUE,  -- indicates if credential is disabled
+	aRemainingAttempts INTEGER (0..255) OPTIONAL  -- remaining number of attempts
+}
+
+PinNumericCredentialStatus ::= SEQUENCE
+{
+	aCommonStatus AccessorCommonCredentialStatus
+}
+
+PinPasswordCredentialStatus ::= SEQUENCE
+{
+	aCommonStatus AccessorCommonCredentialStatus
+}
+
+PinPatternCredentialStatus ::= SEQUENCE
+{
+	aCommonStatus AccessorCommonCredentialStatus
+}
+
+AccessorCredentialsStatus ::= SEQUENCE
+{
+	aPinNumericStatus PinNumericCredentialStatus OPTIONAL,
+	aPinPasswordStatus PinPasswordCredentialStatus OPTIONAL,
+	aPinPatternStatus PinPatternCredentialStatus OPTIONAL
+}
+
+
+AAS-GET-CAPABILITIES-Type ::= ENUMERATED
+{
+	eGlobalAuthenticationService (0),  -- retrieve user accessors available in the SSP host
+	eAccessorStatus (1)  -- retrieve status related to the accessor authentication service gate
+}
+
+AAS-OP-GET-CAPABILITIES-Service-Command ::= [PRIVATE 16] SEQUENCE
+{
+aRequestType AAS-GET-CAPABILITIES-Type
+}
+
+
+AAS-OP-GET-CAPABILITIES-Service-Response-Parameter ::= CHOICE
+{
+	aGlobalAuthenticationService SEQUENCE  -- for aRequestType set to eGlobalAuthenticationService
+	{
+		aAASVersion VersionType,  -- release of the AAS service
+		aAccessorList SET OF Accessor  -- List of accessors
+
+	},
+	aAccessorStatus SEQUENCE  -- for aRequestType set to eAccessorStatus
+	{
+		aIsAuthenticated BOOLEAN,  -- indicates if the accessor is authenticated
+		aAccessorConditions AccessorConditions,  -- accessor conditions
+		aAccessorCredentialsStatus AccessorCredentialsStatus OPTIONAL,  -- status of credentials of the accessor
+		aAccessorCredentialsPolicy AccessorCredentialsPolicy OPTIONAL -- policies for the credentials of the accessor
+	}
+}
+
+AAS-OP-GET-CAPABILITIES-Service-Response ::= [PRIVATE 16] SEQUENCE
+{
+	aAAS-Service-Response AAS-Service-Response DEFAULT eAAS-OK,
+	aParameter AAS-OP-GET-CAPABILITIES-Service-Response-Parameter OPTIONAL
+}
+
+
+AAS-ADMIN-CREATE-ACCESSOR-Service-Command ::= [PRIVATE 17] SEQUENCE
+{
+	aAccessor Accessor,  -- Accessor to be created
+	aAccessorConditions AccessorConditions OPTIONAL, -- Accessor credential conditions
+	aCredential AccessorCredentials OPTIONAL,  -- Credentials for the accesAAS-ADMIN-CREATE-ACCESSOR-Service-Commandsor
+	aCredentialsPolicy AccessorCredentialsPolicy OPTIONAL,  -- Policy for the provided accessors
+	aCredentialsStatus AccessorCredentialsStatus OPTIONAL  -- Status of credentials
+}
+
+
+AAS-ADMIN-CREATE-ACCESSOR-Service-Response ::= [PRIVATE 17] SEQUENCE
+{
+	aAAS-Service-Response AAS-Service-Response DEFAULT eAAS-OK
+}
+
+
+AAS-ADMIN-UPDATE-ACCESSOR-Service-Command ::= [PRIVATE 18] SEQUENCE
+{
+	aAccessorIdentity AccessorIdentity,  -- Identity of the accessor
+	aMembersOfGroup SET OF AccessorIdentity OPTIONAL,  -- Members of the group
+	aACL AccessControlList OPTIONAL,  -- Access control list
+	aSetAccessorConditions AccessorConditions OPTIONAL,  -- Conditions to be set
+	aRemoveAccessorConditions AccessorConditions OPTIONAL,  -- Conditions to be removed
+	aSetCredential AccessorCredentials OPTIONAL,  -- Credentials to be set
+	aRemoveCredential AccessorConditions OPTIONAL,  -- List of credentials to be removed
+	aCredentialsPolicy AccessorCredentialsPolicy OPTIONAL,  -- Credential policy
+	aCredentialsStatus AccessorCredentialsStatus OPTIONAL  -- Status of credentials
+}
+
+
+AAS-ADMIN-UPDATE-ACCESSOR-Service-Response ::= [PRIVATE 18] SEQUENCE
+{
+	aAAS-Service-Response AAS-Service-Response DEFAULT eAAS-OK
+}
+
+
+AAS-ADMIN-DELETE-ACCESSOR-Service-Command ::= [PRIVATE 19] SEQUENCE
+{
+	aAccessorIdentity AccessorIdentity  -- Identity of the accessor to delete
+}
+
+
+AAS-ADMIN-DELETE-ACCESSOR-Service-Response ::= [PRIVATE 19] SEQUENCE
+{
+	aAAS-Service-Response AAS-Service-Response DEFAULT eAAS-OK
+}
+
+AccessorTokenCredential ::= SEQUENCE
+{
+		aToken AuthenticationToken, --The authentication token
+		aTokenCertificationPath [20] Certificates (SIZE(1..maxLenthPath)) -- the certification path for verifying the authentication token
+}
+
+AAS-OP-AUTHENTICATE-ACCESSOR-Service-Command ::= [PRIVATE 22] SEQUENCE
+{
+	aCredential CHOICE
+	{
+		aPinNumericCredential [10] NumericString,  -- Numeric PIN
+		aPinPasswordCredential [11] PrintableString,  -- Password
+		aPinPatternCredential [12] SEQUENCE (SIZE(4..255)) OF PatternPoint,  -- Graphical pattern
+		aAccessorTokenCredential[13] AccessorTokenCredential , --authentication credential
+		aHostDomainCredential [30] NULL
+	} OPTIONAL
+}
+
+
+AAS-OP-AUTHENTICATE-ACCESSOR-Service-Response-Parameter ::= CHOICE
+{
+	aCredentialsStatus AccessorCredentialsStatus ,  -- Status of credentials after the command
+	aServiceToken AuthenticationToken  -- the token generated by the accessor authentication service
+}
+
+AAS-OP-AUTHENTICATE-ACCESSOR-Service-Response ::= [PRIVATE 22] SEQUENCE
+{
+	aAAS-Service-Response AAS-Service-Response DEFAULT eAAS-OK,
+	aParameter AAS-OP-AUTHENTICATE-ACCESSOR-Service-Response-Parameter OPTIONAL
+}
+
+
+AAS-OP-ACCESS-SERVICE-Service-Command ::= [PRIVATE 20] SEQUENCE
+{
+	aServiceIdentifier UUID,  -- Identifier of the service gate
+	aUseSecurePipe BOOLEAN DEFAULT FALSE  -- Indication of secure pipe is requested
+}
+
+
+AAS-OP-ACCESS-SERVICE-Service-Response-Parameter ::= SEQUENCE
+{
+	aGateIdentifier UUID  -- Identifier of the service gate
+}
+
+AAS-OP-ACCESS-SERVICE-Service-Response ::= [PRIVATE 20] SEQUENCE
+{
+	aAAS-Service-Response AAS-Service-Response DEFAULT eAAS-OK,
+	aParameter AAS-OP-ACCESS-SERVICE-Service-Response-Parameter OPTIONAL
+}
+
+
+AAS-OP-GET-CHALLENGE-Service-Command ::= [PRIVATE 21] SEQUENCE
+{
+}
+
+
+AAS-OP-GET-CHALLENGE-Service-Response-Parameter ::= SEQUENCE
+{
+	aChallenge OCTET STRING (SIZE (16)),
+	aCertificates Certificates  -- Certificates of the accessor authentication service
+}
+
+AAS-OP-GET-CHALLENGE-Service-Response ::= [PRIVATE 21] SEQUENCE
+{
+ 	aAAS-Service-Response AAS-Service-Response DEFAULT eAAS-OK,
+	aParameter AAS-OP-GET-CHALLENGE-Service-Response-Parameter OPTIONAL
+}
+
+AAS-Service-Response ::= ENUMERATED
+{
+	eAAS-OK (0),  -- Operation successful
+	eAAS-E-CMD-PAR-UNKNOWN (2),  -- Unknown parameters used for an operation
+	eAAS-E-NOK (3),  -- Operation failed
+	eAAS-ACL-RULES-VIOLATIONS (14),  -- The operation violates the ACL conditions
+	eAAS-NOT-AUTHENTICATED (15),  -- The accessor is not authenticated
+	eAAS-POLICY-RULES-VIOLATIONS (16)  -- The operation violates the credentials policy
+}
+
+
+AAS-CONTROL-SERVICE-GATE-Commands ::= [APPLICATION 2] CHOICE
+{
+	aAAS-OP-GET-CAPABILITIES-Service-Command AAS-OP-GET-CAPABILITIES-Service-Command,
+	aAAS-ADMIN-CREATE-ACCESSOR-Service-Command AAS-ADMIN-CREATE-ACCESSOR-Service-Command,
+	aAAS-ADMIN-UPDATE-ACCESSOR-Service-Command AAS-ADMIN-UPDATE-ACCESSOR-Service-Command,
+	aAAS-ADMIN-DELETE-ACCESSOR-Service-Command AAS-ADMIN-DELETE-ACCESSOR-Service-Command,
+	aAAS-OP-ACCESS-SERVICE-Service-Command AAS-OP-ACCESS-SERVICE-Service-Command,
+	aAAS-OP-AUTHENTICATE-ACCESSOR-Service-Command AAS-OP-AUTHENTICATE-ACCESSOR-Service-Command,
+	aAAS-OP-GET-CHALLENGE-Service-Command AAS-OP-GET-CHALLENGE-Service-Command
+}
+
+
+AAS-CONTROL-SERVICE-GATE-Responses ::= [APPLICATION 1] CHOICE
+{
+	aAAS-OP-GET-CAPABILITIES-Service-Response AAS-OP-GET-CAPABILITIES-Service-Response,
+	aAAS-ADMIN-CREATE-ACCESSOR-Service-Response AAS-ADMIN-CREATE-ACCESSOR-Service-Response,
+	aAAS-ADMIN-UPDATE-ACCESSOR-Service-Response AAS-ADMIN-UPDATE-ACCESSOR-Service-Response,
+	aAAS-ADMIN-DELETE-ACCESSOR-Service-Response AAS-ADMIN-DELETE-ACCESSOR-Service-Response,
+	aAAS-OP-ACCESS-SERVICE-Service-Response AAS-OP-ACCESS-SERVICE-Service-Response,
+	aAAS-OP-AUTHENTICATE-ACCESSOR-Service-Response AAS-OP-AUTHENTICATE-ACCESSOR-Service-Response,
+	aAAS-OP-GET-CHALLENGE-Service-Response AAS-OP-GET-CHALLENGE-Service-Response
+}
+
+
+AuthenticationToken ::= SEQUENCE
+{
+	tbsToken TBSToken,
+	signatureAlgorithm AlgorithmIdentifier,
+	signature ECDSA-Sig-Value 
+}
+
+TBSToken ::= SEQUENCE
+{
+	version [0] Version DEFAULT v1,
+	subjectPublicKeyInfo SubjectPublicKeyInfo,
+	aATK-Content ATK-Content,
+	signatureAlgorithm[9] AlgorithmIdentifier,
+	extensions [8] Extensions OPTIONAL
+}
+
+Key-Size ::= INTEGER
+{
+	e128 (0),  -- 128 Bit Key size
+	e256 (1)  -- 256 Bit Key size
+}
+
+StreamCipherIdentifier ::= INTEGER
+{
+	aAES-CGM-StreamCipherIdentifier (0)  -- AES GCM algorithm
+}
+ 
+ATK-Content ::= SEQUENCE 
+{
+	aChallenge OCTET STRING (SIZE (16)),  -- Challenge	
+	aKey-Size Key-Size,
+	aStreamCipherIdentifier StreamCipherIdentifier
+}
+
+
+id-ssp OBJECT IDENTIFIER ::= { itu-t (0) identified-organization (4) etsi (0) smart-secure-platform (3666) part1 (1) }
+id-role OBJECT IDENTIFIER ::= { id-ssp role (1) }
+id-role-aaa OBJECT IDENTIFIER ::= { id-role aaa (1) }
+id-role-aas OBJECT IDENTIFIER ::= { id-role aas (2) }
+
+aResponse19 FS-CONTROL-SERVICE-GATE-Responses ::= 
+aFS-ADMIN-GET-CAPABILITIES-Service-Response : {
+  aFS-Service-Response eFS-OK,
+  aParameter {
+    aVersion '0000'H /*<COMPARE(FSSVERSION,GT,EQ)>*/,
+    aSimultaneousFileSessions 1/* <COMPARE (MAXFILESESSIONS,GT,EQ)> */,
+    aSimultaneousFileSessionsPerFile 1/*<COMPARE (MAXFILESESSIONS_PER_FILE,GT,EQ)> */,
+    aTotalCapacity 0/*<COMPARE(CAPACITY,GT,EQ)>*/,
+    aFreeCapacity 0/*<COMPARE(FREE_CAPACITY,GT,EQ)>*/,
+    aMaxMetaDataSizePerNode 0 /*<COMPARE(MAXMETADATA_PER_NODE,GT,EQ)>*/
+  }
+}
+
+END
\ No newline at end of file
diff --git a/certificates/ETSI-SSP-AAA-CA.der b/certificates/ETSI-SSP-AAA-CA.der
new file mode 100644
index 0000000000000000000000000000000000000000..c33a81664caee6e89d254f1f201dfbfd8447089d
Binary files /dev/null and b/certificates/ETSI-SSP-AAA-CA.der differ
diff --git a/certificates/ETSI-SSP-AAA-CA.pem b/certificates/ETSI-SSP-AAA-CA.pem
new file mode 100644
index 0000000000000000000000000000000000000000..ce0bbb0aa54ffaff692e6a49617ffd8ea22cab32
--- /dev/null
+++ b/certificates/ETSI-SSP-AAA-CA.pem
@@ -0,0 +1,16 @@
+-----BEGIN CERTIFICATE-----
+MIIChTCCAgygAwIBAgIBAzAKBggqhkjOPQQDAjBbMQswCQYDVQQGEwJGUjENMAsG
+A1UECAwEUEFDQTEYMBYGA1UEAwwPRVRTSS1TU1AtQUFBLUNJMREwDwYDVQQKDAhF
+VFNJLk9SRzEQMA4GA1UECwwHU1NQLVRURjAeFw0yMTAxMDExMjAwMDBaFw0yMTEy
+MDExMjAwMDBaMFsxCzAJBgNVBAYTAkZSMQ0wCwYDVQQIDARQQUNBMRgwFgYDVQQD
+DA9FVFNJLVNTUC1BQUEtQ0ExETAPBgNVBAoMCEVUU0kuT1JHMRAwDgYDVQQLDAdT
+U1AtVFRGMHowFAYHKoZIzj0CAQYJKyQDAwIIAQELA2IABBmrd8h4LvSfmK88I0KI
+cwBRzLY6SdrikCvonESDSbtnlkhNYQSGV8bAUsM4v8PUHl+ogFKnYCXNY015N6a9
+bB3K3LszDYVvPBiMJyojGuvgEvMU/6zXIpZBfp287ftqCqOBnzCBnDAzBgNVHSAB
+Af8EKTAnMCUGBgQAnFIBAjAbMBkGCCsGAQUFBwICMA0MC2lkLXJvbGUtQUFBMBIG
+A1UdEwEB/wQIMAYBAf8CAQAwIgYDVR0jAQH/BBgwFoAUzedt9sI1v6cCjBYTG8Xm
+A+yMrUcwHQYDVR0OBBYEFA0ykuEFcBc3fpFxWHghf6NfCm41MA4GA1UdDwEB/wQE
+AwIHgDAKBggqhkjOPQQDAgNnADBkAjBkE2/0NcSZ+V2a/d3F0Ee1ZaQm8Z7scVTa
+Q2UO/UVHOyo1JzHY+baxZQ3ONJzLdEgCMCo2z4b1m9YNiK7DoRo+zY/jh3bGxgTZ
+Pjo6d5LnKEzEtZg//VJI5w4sLqOy9FIzaQ==
+-----END CERTIFICATE-----
diff --git a/certificates/ETSI-SSP-AAA-CI.der b/certificates/ETSI-SSP-AAA-CI.der
new file mode 100644
index 0000000000000000000000000000000000000000..6db91a02dee4e526c765c594396b4fce7de04b07
Binary files /dev/null and b/certificates/ETSI-SSP-AAA-CI.der differ
diff --git a/certificates/ETSI-SSP-AAA-CI.pem b/certificates/ETSI-SSP-AAA-CI.pem
new file mode 100644
index 0000000000000000000000000000000000000000..953162e9f8e9d3bb6438c919fb835c5cb98dac93
--- /dev/null
+++ b/certificates/ETSI-SSP-AAA-CI.pem
@@ -0,0 +1,16 @@
+-----BEGIN CERTIFICATE-----
+MIICgDCCAgegAwIBAgIBATAKBggqhkjOPQQDAjBbMQswCQYDVQQGEwJGUjENMAsG
+A1UECAwEUEFDQTEYMBYGA1UEAwwPRVRTSS1TU1AtQUFBLUNJMREwDwYDVQQKDAhF
+VFNJLk9SRzEQMA4GA1UECwwHU1NQLVRURjAeFw0yMTAxMDExMjAwMDBaFw0yMTEy
+MDExMjAwMDBaMFsxCzAJBgNVBAYTAkZSMQ0wCwYDVQQIDARQQUNBMRgwFgYDVQQD
+DA9FVFNJLVNTUC1BQUEtQ0kxETAPBgNVBAoMCEVUU0kuT1JHMRAwDgYDVQQLDAdT
+U1AtVFRGMHowFAYHKoZIzj0CAQYJKyQDAwIIAQELA2IABEXfoLJouwwLaLkQ2Rj4
++lU6a+bR0vTNAqkvPkPpfa4mt6vv6WA2xU2tfwrkcBOHvQeEZYw8DcvlqrbPIcqi
+PXIP7E26u5txTeTwfJDshFHhUChqxtWBrR7hiwRRLym5dKOBmjCBlzAuBgNVHSAB
+Af8EJDAiMCAGBQQAnFIBMBcwFQYIKwYBBQUHAgIwCQwHaWQtcm9sZTASBgNVHRMB
+Af8ECDAGAQH/AgEBMCIGA1UdIwEB/wQYMBaAFM3nbfbCNb+nAowWExvF5gPsjK1H
+MB0GA1UdDgQWBBTN5232wjW/pwKMFhMbxeYD7IytRzAOBgNVHQ8BAf8EBAMCB4Aw
+CgYIKoZIzj0EAwIDZwAwZAIwXblY+4jp6wtTtRBDHGtFogRZUE97hk0o7yKWkfgv
+aXIq3B4rU95hFf9xcnEYa5krAjB2arGy6K1RbVhg35ox6Tk5PIsgGbQ2nSSaRYKA
++TpovhHsQvy9zdn1P3sJy5NgaWE=
+-----END CERTIFICATE-----
diff --git a/certificates/ETSI-SSP-AAA-EE.der b/certificates/ETSI-SSP-AAA-EE.der
new file mode 100644
index 0000000000000000000000000000000000000000..a6c8bca923957a56b38d02cbdee2193b6b789460
Binary files /dev/null and b/certificates/ETSI-SSP-AAA-EE.der differ
diff --git a/certificates/ETSI-SSP-AAA-EE.pem b/certificates/ETSI-SSP-AAA-EE.pem
new file mode 100644
index 0000000000000000000000000000000000000000..71fb9715e2dd4b8c0588e6d78ea8cb1f03686b57
--- /dev/null
+++ b/certificates/ETSI-SSP-AAA-EE.pem
@@ -0,0 +1,16 @@
+-----BEGIN CERTIFICATE-----
+MIICjDCCAhOgAwIBAgIBBTAKBggqhkjOPQQDAjBbMQswCQYDVQQGEwJGUjENMAsG
+A1UECAwEUEFDQTEYMBYGA1UEAwwPRVRTSS1TU1AtQUFBLUNBMREwDwYDVQQKDAhF
+VFNJLk9SRzEQMA4GA1UECwwHU1NQLVRURjAeFw0yMTAxMDExMjAwMDBaFw0yMTEy
+MDExMjAwMDBaMFsxCzAJBgNVBAYTAkZSMQ0wCwYDVQQIDARQQUNBMRgwFgYDVQQD
+DA9FVFNJLVNTUC1BQUEtRUUxETAPBgNVBAoMCEVUU0kuT1JHMRAwDgYDVQQLDAdT
+U1AtVFRGMHowFAYHKoZIzj0CAQYJKyQDAwIIAQELA2IABFkioLYXBNIajFonWCMA
+u3cm60mtK92FX8s0khiM3ycpqjTtrljbbZOMbSeDfcvXh4TyCi1Hmxdt3O1oo9t2
+R/KcWq4glyQn/AAsuKem8lKCYPj7PaJ1XAMije4F/WZviqOBpjCBozBABgNVHSAB
+Af8ENjA0MDIGBwQAnFIBAgEwJzAlBggrBgEFBQcCAjAZDBdpZC1yb2xlLWFhYS1h
+cHBsaWNhdGlvbjAMBgNVHRMBAf8EAjAAMCIGA1UdIwEB/wQYMBaAFA0ykuEFcBc3
+fpFxWHghf6NfCm41MB0GA1UdDgQWBBTcNg23ofa8FZoZ/W4rQKUQmK6BhjAOBgNV
+HQ8BAf8EBAMCB4AwCgYIKoZIzj0EAwIDZwAwZAIwdD7M2KiiRTzYrGGBJ2khF0T2
+FIB+M+ub+BeclwC3VUFggtin2Jkjl7ujoFfCcoTHAjB/HSO5kkBqagLvuLirk1jq
+LtEIl9F6cIqVFtyKvSm+8K2Nw6XuGQ/iQWi/iewB3O0=
+-----END CERTIFICATE-----
diff --git a/certificates/ETSI-SSP-AAS-CA.der b/certificates/ETSI-SSP-AAS-CA.der
new file mode 100644
index 0000000000000000000000000000000000000000..251a842db13b6623b22b409fa20bbd8ce55834a1
Binary files /dev/null and b/certificates/ETSI-SSP-AAS-CA.der differ
diff --git a/certificates/ETSI-SSP-AAS-CA.pem b/certificates/ETSI-SSP-AAS-CA.pem
new file mode 100644
index 0000000000000000000000000000000000000000..887ddbcdb86b47f767d8c4ad7e3555cd93b0fbb3
--- /dev/null
+++ b/certificates/ETSI-SSP-AAS-CA.pem
@@ -0,0 +1,16 @@
+-----BEGIN CERTIFICATE-----
+MIIChTCCAgygAwIBAgIBAzAKBggqhkjOPQQDAjBbMQswCQYDVQQGEwJGUjENMAsG
+A1UECAwEUEFDQTEYMBYGA1UEAwwPRVRTSS1TU1AtQUFTLUNJMREwDwYDVQQKDAhF
+VFNJLk9SRzEQMA4GA1UECwwHU1NQLVRURjAeFw0yMTAxMDExMjAwMDBaFw0yMTEy
+MDExMjAwMDBaMFsxCzAJBgNVBAYTAkZSMQ0wCwYDVQQIDARQQUNBMRgwFgYDVQQD
+DA9FVFNJLVNTUC1BQVMtQ0ExETAPBgNVBAoMCEVUU0kuT1JHMRAwDgYDVQQLDAdT
+U1AtVFRGMHowFAYHKoZIzj0CAQYJKyQDAwIIAQELA2IABIv3eQL0X6Can3mnXC/v
+2+fpDPADAdCf2FuzBr47lmI4lJVxWJUcJ3TAkhyekWJWeFILX1A0ZTYkHwO5J3a4
+UiL8yZfilvnlWlgF9HkMM0i3cYDbKThMckJEpRQJhrMET6OBnzCBnDAzBgNVHSAB
+Af8EKTAnMCUGBgQAnFIBATAbMBkGCCsGAQUFBwICMA0MC2lkLXJvbGUtYWFzMBIG
+A1UdEwEB/wQIMAYBAf8CAQAwIgYDVR0jAQH/BBgwFoAUzedt9sI1v6cCjBYTG8Xm
+A+yMrUcwHQYDVR0OBBYEFNU19vSvqLYRA5oA7TphgqAAqZA2MA4GA1UdDwEB/wQE
+AwIHgDAKBggqhkjOPQQDAgNnADBkAjAksbkFzESADOVy9VhEIcibDNCHqeTq+ouF
+SS6S3Gm+6XOui4ROa5oOZiMXgptZn88CMGJsQkWMYEbSG96UH00zQOI7pOWKxT9Z
+FYO0nJ+iaPXGE2bhjFbGdS+fp+HsJYXrRQ==
+-----END CERTIFICATE-----
diff --git a/certificates/ETSI-SSP-AAS-CI.der b/certificates/ETSI-SSP-AAS-CI.der
new file mode 100644
index 0000000000000000000000000000000000000000..8283a27991fe3c716beb14cd1627fdcd25b4e2c8
Binary files /dev/null and b/certificates/ETSI-SSP-AAS-CI.der differ
diff --git a/certificates/ETSI-SSP-AAS-CI.pem b/certificates/ETSI-SSP-AAS-CI.pem
new file mode 100644
index 0000000000000000000000000000000000000000..9258ebea01110b0f883587bca980745d0dd9b8ae
--- /dev/null
+++ b/certificates/ETSI-SSP-AAS-CI.pem
@@ -0,0 +1,16 @@
+-----BEGIN CERTIFICATE-----
+MIICfzCCAgegAwIBAgIBATAKBggqhkjOPQQDAjBbMQswCQYDVQQGEwJGUjENMAsG
+A1UECAwEUEFDQTEYMBYGA1UEAwwPRVRTSS1TU1AtQUFTLUNJMREwDwYDVQQKDAhF
+VFNJLk9SRzEQMA4GA1UECwwHU1NQLVRURjAeFw0yMTAxMDExMjAwMDBaFw0yMTEy
+MDExMjAwMDBaMFsxCzAJBgNVBAYTAkZSMQ0wCwYDVQQIDARQQUNBMRgwFgYDVQQD
+DA9FVFNJLVNTUC1BQVMtQ0kxETAPBgNVBAoMCEVUU0kuT1JHMRAwDgYDVQQLDAdT
+U1AtVFRGMHowFAYHKoZIzj0CAQYJKyQDAwIIAQELA2IABEXfoLJouwwLaLkQ2Rj4
++lU6a+bR0vTNAqkvPkPpfa4mt6vv6WA2xU2tfwrkcBOHvQeEZYw8DcvlqrbPIcqi
+PXIP7E26u5txTeTwfJDshFHhUChqxtWBrR7hiwRRLym5dKOBmjCBlzAuBgNVHSAB
+Af8EJDAiMCAGBQQAnFIBMBcwFQYIKwYBBQUHAgIwCQwHaWQtcm9sZTASBgNVHRMB
+Af8ECDAGAQH/AgEBMCIGA1UdIwEB/wQYMBaAFM3nbfbCNb+nAowWExvF5gPsjK1H
+MB0GA1UdDgQWBBTN5232wjW/pwKMFhMbxeYD7IytRzAOBgNVHQ8BAf8EBAMCB4Aw
+CgYIKoZIzj0EAwIDZgAwYwIvNut9Mbtrj9qE3il1bVLZUI9ogkMR6HzqNlgSwnzY
+sQ4m6NIVRGxCc+qza83/h9wCMDsqWeBQECwjVGQPPTRTrcbdVl1LUv/iKTMFQxdV
+1sbO7yH8vUnGaL5D5DN7Ry7cVg==
+-----END CERTIFICATE-----
diff --git a/certificates/ETSI-SSP-AAS-EE.der b/certificates/ETSI-SSP-AAS-EE.der
new file mode 100644
index 0000000000000000000000000000000000000000..f8e4e65c6eb80af8b821f66b422ec2d343664781
Binary files /dev/null and b/certificates/ETSI-SSP-AAS-EE.der differ
diff --git a/certificates/ETSI-SSP-AAS-EE.pem b/certificates/ETSI-SSP-AAS-EE.pem
new file mode 100644
index 0000000000000000000000000000000000000000..30e9d92a7c73de512a925c3e557bb4036bb82f6e
--- /dev/null
+++ b/certificates/ETSI-SSP-AAS-EE.pem
@@ -0,0 +1,16 @@
+-----BEGIN CERTIFICATE-----
+MIICiDCCAg+gAwIBAgIBBTAKBggqhkjOPQQDAjBbMQswCQYDVQQGEwJGUjENMAsG
+A1UECAwEUEFDQTEYMBYGA1UEAwwPRVRTSS1TU1AtQUFTLUNBMREwDwYDVQQKDAhF
+VFNJLk9SRzEQMA4GA1UECwwHU1NQLVRURjAeFw0yMTAxMDExMjAwMDBaFw0yMTEy
+MDExMjAwMDBaMFsxCzAJBgNVBAYTAkZSMQ0wCwYDVQQIDARQQUNBMRgwFgYDVQQD
+DA9FVFNJLVNTUC1BQVMtRUUxETAPBgNVBAoMCEVUU0kuT1JHMRAwDgYDVQQLDAdT
+U1AtVFRGMHowFAYHKoZIzj0CAQYJKyQDAwIIAQELA2IABGCQZHHKCQ+nPexg+o/Y
+nWvGcvmTM6XkAtnlGdPuAk7FtNqkl8BmAjEBVBN1jBQ+EhzBkueP+MVRcW0wnMlS
+DSafAsC7EodHQGy0VDN7pyc7h0GRZ81gvTe2rEGXSopLVKOBojCBnzA8BgNVHSAB
+Af8EMjAwMC4GBwQAnFIBAQEwIzAhBggrBgEFBQcCAjAVDBNpZC1yb2xlLWFhcy1z
+ZXJ2aWNlMAwGA1UdEwEB/wQCMAAwIgYDVR0jAQH/BBgwFoAU1TX29K+othEDmgDt
+OmGCoACpkDYwHQYDVR0OBBYEFDZBrZaDHDIkfVfpotFaZlKmjNnnMA4GA1UdDwEB
+/wQEAwIHgDAKBggqhkjOPQQDAgNnADBkAjBB0o6vhS3qt8IY2Du7hvjm2Wa93XjJ
+XJw0iOruN60fpx/TFKJmqMUjYLau/nIBa+kCMCBecaXYzw4wgIAAt8MPw6fAxwBd
+taB6jIC8BqmSiXidrixGdjKNP18W5netoQzBZQ==
+-----END CERTIFICATE-----
diff --git a/constante.py b/constante.py
new file mode 100644
index 0000000000000000000000000000000000000000..a82808d7ef3f03d9db143972546495f7c00e6fed
--- /dev/null
+++ b/constante.py
@@ -0,0 +1,85 @@
+from cryptography.hazmat.primitives.asymmetric import ec
+OID_PUBLICKEY = '1.2.840.10045.2.1'
+OID_BRAINPOOLP384R1 = '1.3.36.3.3.2.8.1.1.11'
+KEY_SIZE_E128 = 0   # Key_Size e128
+KEY_SIZE_E256 = 1  # Key_Size e256
+AES_CGM = 0  # aAES-CGM-StreamCipherIdentifier
+OID_ECDSASHA256 = '1.2.840.10045.4.3.2'  # ecdsa-with-SHA256(2)
+OID_AKI = '2.5.29.35'  # Authority Key Identifier
+V1 = 0  # Version 1
+CURVES = {'BrainpoolP256R1': ec.BrainpoolP256R1,
+          'BrainpoolP384R1': ec.BrainpoolP384R1,
+          'NIST P-256': ec.SECP256R1,
+          'NIST P-384': ec.SECP384R1
+          }
+KEY_SIZES = {
+            128: KEY_SIZE_E128,
+            256: KEY_SIZE_E256
+            }
+# Keywords in the Yaml configuration file
+
+KW_ATK_CREDENTIALS = 'Authentication Credentials'
+KW_AUTHENTICATION_COMMAND = 'Authenticate command'
+KW_AUTHENTICATION_RESPONSE = 'Authenticate response'
+KW_AUTHENTICATIONTOKEN = 'AuthenticationToken'
+KW_AUTHENTICATIONTOKENCREDENTIALS = 'AuthenticationTokenCredentials'
+KW_BASICCONSTRAINTS = 'BasicConstraints'
+KW_C = 'C'
+KW_CA = 'CA'
+KW_CERTIFICATE = 'Certificate'
+KW_CERTIFICATEPOLICIES = 'CertificatePolicies'
+KW_CERTIFICATIONPATH = 'CertificationPath'
+KW_CHALLENGE = 'Challenge'
+KW_CHALLENGE_COMMAND = 'Challenge command'
+KW_CHALLENGE_RESPONSE = 'Challenge response'
+KW_CN = 'CN'
+KW_CRITICAL = 'Critical'
+KW_DECRYPT = 'Decrypt'
+KW_ECKA_CURVE = 'ECKA-Curve'
+KW_ENCRYPT = 'Encrypt'
+KW_EXPLICIT_TEXT = 'Explicit_text'
+KW_EXTENSIONS = 'Extensions'
+KW_GENERATE = 'Generate'
+KW_GENERATE_SHARED_KEY = 'Generate shared key'
+KW_IDENTIFIER = 'Identifier'
+KW_IN = 'In'
+KW_ISSUER = 'Issuer'
+KW_KEYSIZE = 'KeySize'
+KW_LN = 'LN'
+KW_MODELES = 'Modeles'
+KW_MTU = 'MTU'
+KW_NAME = 'Name'
+KW_NOT_AFTER = 'Not_after'
+KW_NOT_BEFORE = 'Not_before'
+KW_O = 'O'
+KW_OAS_COMMAND = 'OAS command'
+KW_OAS_RESPONSE = 'OAS response'
+KW_OU = 'OU'
+KW_OUT = 'Out'
+KW_PATH = 'Path'
+KW_PATHLEN = 'Pathlen'
+KW_PRIVATE = 'Private'
+KW_PUBLIC = 'Public'
+KW_READ_CHALLENGE_RESPONSE = 'Read Challenge response'
+KW_READ_OAS_RESPONSE = 'Read OAS response'
+KW_SEQUENCE = 'Sequence'
+KW_SERIAL_NUMBER = 'Serial_number'
+KW_SI = "Service Identifier"
+KW_ST = 'ST'
+KW_SUBJECT = 'Subject'
+KW_VALUE = 'Value'
+# Paths of the folders
+
+PATH_PRIVATE = 'private_keys/'
+PATH_PUBLIC = 'public_keys/'
+PATH_CERTIFICATES = 'certificates/'
+PATH_TOKENS = 'tokens/'
+PATH_CREDENTIALS = 'credentials/'
+
+# SI information for derivation keys
+SI128 = b'\x10\x90\x10'
+SI256 = b'\x20\x90\x20'
+SI_KEYS = {KEY_SIZE_E128: SI128, KEY_SIZE_E256: SI256}
+MD_LENGTH = {KEY_SIZE_E128: 32, KEY_SIZE_E256: 48}
+# secure SCL
+SCL_SIZE_SEQ = 4  # Size of SEQ field (32 bit) in the secure SCL message
diff --git a/credentials/AAS01.bin b/credentials/AAS01.bin
new file mode 100644
index 0000000000000000000000000000000000000000..95b49e129782a40e513dc96ea06b91a93f505c8c
--- /dev/null
+++ b/credentials/AAS01.bin
@@ -0,0 +1 @@
+<ù£ÓqÂG7’‡K)‡>>…
\ No newline at end of file
diff --git a/credentials/CP_AAA.der b/credentials/CP_AAA.der
new file mode 100644
index 0000000000000000000000000000000000000000..28dbba187ff4dbf38ec6d40fbe570fdadd8d9f7f
Binary files /dev/null and b/credentials/CP_AAA.der differ
diff --git a/credentials/CP_AAS.der b/credentials/CP_AAS.der
new file mode 100644
index 0000000000000000000000000000000000000000..6baa89614427fd3eb0020057d7173d90a4e120d0
Binary files /dev/null and b/credentials/CP_AAS.der differ
diff --git a/credentials/GCM_AAA_AAS.der b/credentials/GCM_AAA_AAS.der
new file mode 100644
index 0000000000000000000000000000000000000000..8305c3925d34cb33aa24500a46e1ff23638e5b51
--- /dev/null
+++ b/credentials/GCM_AAA_AAS.der
@@ -0,0 +1 @@
+04 i’2³µüþ¶E}¦
h¬b¯Ùs²AßÙpœlÜd†!ŠR¿J•gDê+)÷
\ No newline at end of file
diff --git a/credentials/Text_in.bin b/credentials/Text_in.bin
new file mode 100644
index 0000000000000000000000000000000000000000..47dc990d167875365d4fd8e74b72e7f81dfdb22d
--- /dev/null
+++ b/credentials/Text_in.bin
@@ -0,0 +1,8 @@
+We are responsible for the development and maintenance of specifications for Secure Elements (SEs) in a multi-application capable environment, 
+the integration into such an environment, as well as the secure provisioning of services making use of SEs.
+
+Our work includes the development and maintenance of specifications for the SE and its interface to the outside world for use in telecommunication systems,
+for general telecommunication purposes as well as for Machine-to-Machine (M2M)/Internet of Things (IoT) communications.
+The committee’s work comprises the interface,
+procedures and protocol specifications between the SE and entities (remote or local) used in its management. It also includes interfaces, 
+procedures and protocol specifications used between such entities for the secure provisioning and operation of services making use of the SE.
\ No newline at end of file
diff --git a/credentials/aAAS-OP-AUTHENTICATE-Service-Command.der b/credentials/aAAS-OP-AUTHENTICATE-Service-Command.der
new file mode 100644
index 0000000000000000000000000000000000000000..be224d7e5c72e3758c2093f8b20528c5fbc75c38
Binary files /dev/null and b/credentials/aAAS-OP-AUTHENTICATE-Service-Command.der differ
diff --git a/credentials/aAAS-OP-AUTHENTICATE-Service-Response.der b/credentials/aAAS-OP-AUTHENTICATE-Service-Response.der
new file mode 100644
index 0000000000000000000000000000000000000000..6b5775f92b85ec7455a7f990baa9969be053b522
Binary files /dev/null and b/credentials/aAAS-OP-AUTHENTICATE-Service-Response.der differ
diff --git a/credentials/aAAS-OP-GET-CHALLENGE-Service-Command.der b/credentials/aAAS-OP-GET-CHALLENGE-Service-Command.der
new file mode 100644
index 0000000000000000000000000000000000000000..b2b9e0cd0648b4863aa3426c6a5cb67c65e938c4
Binary files /dev/null and b/credentials/aAAS-OP-GET-CHALLENGE-Service-Command.der differ
diff --git a/credentials/aAAS-OP-GET-CHALLENGE-Service-Response.der b/credentials/aAAS-OP-GET-CHALLENGE-Service-Response.der
new file mode 100644
index 0000000000000000000000000000000000000000..2b8d4c506799dd1835609a36318c8aee55f30d5c
Binary files /dev/null and b/credentials/aAAS-OP-GET-CHALLENGE-Service-Response.der differ
diff --git a/private_keys/ATK-AAA-ECKA-private-key.der b/private_keys/ATK-AAA-ECKA-private-key.der
new file mode 100644
index 0000000000000000000000000000000000000000..26bcf0ac29bc3323410846c2fd58c0653f60af28
Binary files /dev/null and b/private_keys/ATK-AAA-ECKA-private-key.der differ
diff --git a/private_keys/ATK-AAS-ECKA-private-key.der b/private_keys/ATK-AAS-ECKA-private-key.der
new file mode 100644
index 0000000000000000000000000000000000000000..7b5f90aab5c133326d296532ce643b6209fb8139
Binary files /dev/null and b/private_keys/ATK-AAS-ECKA-private-key.der differ
diff --git a/private_keys/ETSI-SSP-AAA-CA-FAKE-private-key.der b/private_keys/ETSI-SSP-AAA-CA-FAKE-private-key.der
new file mode 100644
index 0000000000000000000000000000000000000000..a4d330ed45087fce759e118497bd98e70cfe1f34
Binary files /dev/null and b/private_keys/ETSI-SSP-AAA-CA-FAKE-private-key.der differ
diff --git a/private_keys/ETSI-SSP-AAA-CA-FAKE-private-key.pem b/private_keys/ETSI-SSP-AAA-CA-FAKE-private-key.pem
new file mode 100644
index 0000000000000000000000000000000000000000..6523c2fd7e8c0a160e0b35ca1e72c87af632187e
--- /dev/null
+++ b/private_keys/ETSI-SSP-AAA-CA-FAKE-private-key.pem
@@ -0,0 +1,6 @@
+-----BEGIN EC PRIVATE KEY-----
+MIGoAgEBBDA8wK4BXTmZTCypQrC3T2Qp1e8fhznxxZj0gLCl7Fib3Os2Dcin9t7i
+j9B5nUc1bXmgCwYJKyQDAwIIAQELoWQDYgAEGat3yHgu9J+YrzwjQohzAFHMtjpJ
+2uKQK+icRINJu2eWSE1hBIZXxsBSwzi/w9QeX6iAUqdgJc1jTXk3pr1sHcrcuzMN
+hW88GIwnKiMa6+AS8xT/rNcilkF+nbzt+2oK
+-----END EC PRIVATE KEY-----
diff --git a/private_keys/ETSI-SSP-AAA-CA-private-key.der b/private_keys/ETSI-SSP-AAA-CA-private-key.der
new file mode 100644
index 0000000000000000000000000000000000000000..bb24e2993985a33d4929ff02fd3bed85357bce27
Binary files /dev/null and b/private_keys/ETSI-SSP-AAA-CA-private-key.der differ
diff --git a/private_keys/ETSI-SSP-AAA-CA-private-key.pem b/private_keys/ETSI-SSP-AAA-CA-private-key.pem
new file mode 100644
index 0000000000000000000000000000000000000000..6523c2fd7e8c0a160e0b35ca1e72c87af632187e
--- /dev/null
+++ b/private_keys/ETSI-SSP-AAA-CA-private-key.pem
@@ -0,0 +1,6 @@
+-----BEGIN EC PRIVATE KEY-----
+MIGoAgEBBDA8wK4BXTmZTCypQrC3T2Qp1e8fhznxxZj0gLCl7Fib3Os2Dcin9t7i
+j9B5nUc1bXmgCwYJKyQDAwIIAQELoWQDYgAEGat3yHgu9J+YrzwjQohzAFHMtjpJ
+2uKQK+icRINJu2eWSE1hBIZXxsBSwzi/w9QeX6iAUqdgJc1jTXk3pr1sHcrcuzMN
+hW88GIwnKiMa6+AS8xT/rNcilkF+nbzt+2oK
+-----END EC PRIVATE KEY-----
diff --git a/private_keys/ETSI-SSP-AAA-CI-private-key.der b/private_keys/ETSI-SSP-AAA-CI-private-key.der
new file mode 100644
index 0000000000000000000000000000000000000000..7e86bf44f94fbba6a0560367a0a89883e3475afa
Binary files /dev/null and b/private_keys/ETSI-SSP-AAA-CI-private-key.der differ
diff --git a/private_keys/ETSI-SSP-AAA-EE-private-key.der b/private_keys/ETSI-SSP-AAA-EE-private-key.der
new file mode 100644
index 0000000000000000000000000000000000000000..0057a0e0dd40d35d0462c78d8518ef14196b5f48
Binary files /dev/null and b/private_keys/ETSI-SSP-AAA-EE-private-key.der differ
diff --git a/private_keys/ETSI-SSP-AAA-EE-private-key.pem b/private_keys/ETSI-SSP-AAA-EE-private-key.pem
new file mode 100644
index 0000000000000000000000000000000000000000..0f0723cf004b2266990dc8bad8d2b74ea378e838
--- /dev/null
+++ b/private_keys/ETSI-SSP-AAA-EE-private-key.pem
@@ -0,0 +1,6 @@
+-----BEGIN EC PRIVATE KEY-----
+MIGoAgEBBDBmIUfWSm51jVzkA1d/aszqEpsMyDP91t9or5WXR5by1O/J8d/MGvmH
+LcObgBSJhpegCwYJKyQDAwIIAQELoWQDYgAEWSKgthcE0hqMWidYIwC7dybrSa0r
+3YVfyzSSGIzfJymqNO2uWNttk4xtJ4N9y9eHhPIKLUebF23c7Wij23ZH8pxariCX
+JCf8ACy4p6byUoJg+Ps9onVcAyKN7gX9Zm+K
+-----END EC PRIVATE KEY-----
diff --git a/private_keys/ETSI-SSP-AAA-Token-private-key.der b/private_keys/ETSI-SSP-AAA-Token-private-key.der
new file mode 100644
index 0000000000000000000000000000000000000000..597a1c3d818cfff4c8179b6eddc8e017b67a628a
Binary files /dev/null and b/private_keys/ETSI-SSP-AAA-Token-private-key.der differ
diff --git a/private_keys/ETSI-SSP-AAS-CA-private-key.der b/private_keys/ETSI-SSP-AAS-CA-private-key.der
new file mode 100644
index 0000000000000000000000000000000000000000..d25929b62d8b038b39bd7ce83782c86257a71ad4
Binary files /dev/null and b/private_keys/ETSI-SSP-AAS-CA-private-key.der differ
diff --git a/private_keys/ETSI-SSP-AAS-CA-private-key.pem b/private_keys/ETSI-SSP-AAS-CA-private-key.pem
new file mode 100644
index 0000000000000000000000000000000000000000..a1f672785709aca9d19c36a4d229f7cf5cb367c3
--- /dev/null
+++ b/private_keys/ETSI-SSP-AAS-CA-private-key.pem
@@ -0,0 +1,6 @@
+-----BEGIN EC PRIVATE KEY-----
+MIGoAgEBBDAxG+K3D9D+gbwfjMleCv94/IgmtAeuydGUUd8yLSQWZtWorSpKSSmV
+SC/y5dd2q9ugCwYJKyQDAwIIAQELoWQDYgAEi/d5AvRfoJqfeadcL+/b5+kM8AMB
+0J/YW7MGvjuWYjiUlXFYlRwndMCSHJ6RYlZ4UgtfUDRlNiQfA7kndrhSIvzJl+KW
++eVaWAX0eQwzSLdxgNspOExyQkSlFAmGswRP
+-----END EC PRIVATE KEY-----
diff --git a/private_keys/ETSI-SSP-AAS-CI-private-key.der b/private_keys/ETSI-SSP-AAS-CI-private-key.der
new file mode 100644
index 0000000000000000000000000000000000000000..7e86bf44f94fbba6a0560367a0a89883e3475afa
Binary files /dev/null and b/private_keys/ETSI-SSP-AAS-CI-private-key.der differ
diff --git a/private_keys/ETSI-SSP-AAS-EE-private-key.der b/private_keys/ETSI-SSP-AAS-EE-private-key.der
new file mode 100644
index 0000000000000000000000000000000000000000..c9ab68b1b1c9d1ccf3e9601c12f39699d57dee8e
Binary files /dev/null and b/private_keys/ETSI-SSP-AAS-EE-private-key.der differ
diff --git a/private_keys/ETSI-SSP-AAS-EE-private-key.pem b/private_keys/ETSI-SSP-AAS-EE-private-key.pem
new file mode 100644
index 0000000000000000000000000000000000000000..51ce8d436e8d7880480163e89d380adefe92fe8d
--- /dev/null
+++ b/private_keys/ETSI-SSP-AAS-EE-private-key.pem
@@ -0,0 +1,6 @@
+-----BEGIN EC PRIVATE KEY-----
+MIGoAgEBBDA5BhKos6R4rCkV0z4wa0ba/sML/+G9dXI5w2wqb90Bh3Z9wzdUe4MT
++ROwQ30/zMugCwYJKyQDAwIIAQELoWQDYgAEYJBkccoJD6c97GD6j9ida8Zy+ZMz
+peQC2eUZ0+4CTsW02qSXwGYCMQFUE3WMFD4SHMGS54/4xVFxbTCcyVINJp8CwLsS
+h0dAbLRUM3unJzuHQZFnzWC9N7asQZdKiktU
+-----END EC PRIVATE KEY-----
diff --git a/private_keys/ETSI-SSP-AAS-Token-private-key.der b/private_keys/ETSI-SSP-AAS-Token-private-key.der
new file mode 100644
index 0000000000000000000000000000000000000000..bd6724013ae880a479dc614f7f13b89b3200106d
Binary files /dev/null and b/private_keys/ETSI-SSP-AAS-Token-private-key.der differ
diff --git a/private_keys/ETSI-SSP-CI-private-key.pem b/private_keys/ETSI-SSP-CI-private-key.pem
new file mode 100644
index 0000000000000000000000000000000000000000..f555c8ad8edf6e6da53ffc1875a8f9db974c5f5f
--- /dev/null
+++ b/private_keys/ETSI-SSP-CI-private-key.pem
@@ -0,0 +1,6 @@
+-----BEGIN EC PRIVATE KEY-----
+MIGoAgEBBDCKmNUVzADHCoVQKWyGjVLaiPyOuFtWNhcrsGUcyt75sIiSdXP/gWJe
+9xwrEvlIWZegCwYJKyQDAwIIAQELoWQDYgAERd+gsmi7DAtouRDZGPj6VTpr5tHS
+9M0CqS8+Q+l9ria3q+/pYDbFTa1/CuRwE4e9B4RljDwNy+Wqts8hyqI9cg/sTbq7
+m3FN5PB8kOyEUeFQKGrG1YGtHuGLBFEvKbl0
+-----END EC PRIVATE KEY-----
diff --git a/public_keys/ETSI-SSP-AAA-CA-FAKE-public-key.der b/public_keys/ETSI-SSP-AAA-CA-FAKE-public-key.der
new file mode 100644
index 0000000000000000000000000000000000000000..a0ae667ec94a3e9f6645fe00f7f259f55ac23aa9
Binary files /dev/null and b/public_keys/ETSI-SSP-AAA-CA-FAKE-public-key.der differ
diff --git a/public_keys/ETSI-SSP-AAA-CA-public-key.der b/public_keys/ETSI-SSP-AAA-CA-public-key.der
new file mode 100644
index 0000000000000000000000000000000000000000..65eaecba67ca057b0c5ae48d3028514a66076e40
Binary files /dev/null and b/public_keys/ETSI-SSP-AAA-CA-public-key.der differ
diff --git a/public_keys/ETSI-SSP-AAA-CA-public-key.pem b/public_keys/ETSI-SSP-AAA-CA-public-key.pem
new file mode 100644
index 0000000000000000000000000000000000000000..a0253af2c602ba6334590c201790f254767998c1
--- /dev/null
+++ b/public_keys/ETSI-SSP-AAA-CA-public-key.pem
@@ -0,0 +1,5 @@
+-----BEGIN PUBLIC KEY-----
+MHowFAYHKoZIzj0CAQYJKyQDAwIIAQELA2IABBmrd8h4LvSfmK88I0KIcwBRzLY6
+SdrikCvonESDSbtnlkhNYQSGV8bAUsM4v8PUHl+ogFKnYCXNY015N6a9bB3K3Lsz
+DYVvPBiMJyojGuvgEvMU/6zXIpZBfp287ftqCg==
+-----END PUBLIC KEY-----
diff --git a/public_keys/ETSI-SSP-AAA-CI-public-key.der b/public_keys/ETSI-SSP-AAA-CI-public-key.der
new file mode 100644
index 0000000000000000000000000000000000000000..8eced246003e4479f04f0d22a61cd47673910e44
Binary files /dev/null and b/public_keys/ETSI-SSP-AAA-CI-public-key.der differ
diff --git a/public_keys/ETSI-SSP-AAA-CI-public-key.pem b/public_keys/ETSI-SSP-AAA-CI-public-key.pem
new file mode 100644
index 0000000000000000000000000000000000000000..d1fa2b9cc7b86c91fd3fe0b75dfc1c562fab0d87
--- /dev/null
+++ b/public_keys/ETSI-SSP-AAA-CI-public-key.pem
@@ -0,0 +1,5 @@
+-----BEGIN PUBLIC KEY-----
+MHowFAYHKoZIzj0CAQYJKyQDAwIIAQELA2IABEXfoLJouwwLaLkQ2Rj4+lU6a+bR
+0vTNAqkvPkPpfa4mt6vv6WA2xU2tfwrkcBOHvQeEZYw8DcvlqrbPIcqiPXIP7E26
+u5txTeTwfJDshFHhUChqxtWBrR7hiwRRLym5dA==
+-----END PUBLIC KEY-----
diff --git a/public_keys/ETSI-SSP-AAA-EE-FAKE-public-key.der b/public_keys/ETSI-SSP-AAA-EE-FAKE-public-key.der
new file mode 100644
index 0000000000000000000000000000000000000000..2b1e1a4ea9596b859dff1ff1b4036c38500463d1
Binary files /dev/null and b/public_keys/ETSI-SSP-AAA-EE-FAKE-public-key.der differ
diff --git a/public_keys/ETSI-SSP-AAA-EE-public-key.der b/public_keys/ETSI-SSP-AAA-EE-public-key.der
new file mode 100644
index 0000000000000000000000000000000000000000..2b1e1a4ea9596b859dff1ff1b4036c38500463d1
Binary files /dev/null and b/public_keys/ETSI-SSP-AAA-EE-public-key.der differ
diff --git a/public_keys/ETSI-SSP-AAA-EE-public-key.pem b/public_keys/ETSI-SSP-AAA-EE-public-key.pem
new file mode 100644
index 0000000000000000000000000000000000000000..fcf93a352c10f960c6f0d90aa4d54913cf96d198
--- /dev/null
+++ b/public_keys/ETSI-SSP-AAA-EE-public-key.pem
@@ -0,0 +1,5 @@
+-----BEGIN PUBLIC KEY-----
+MHowFAYHKoZIzj0CAQYJKyQDAwIIAQELA2IABFkioLYXBNIajFonWCMAu3cm60mt
+K92FX8s0khiM3ycpqjTtrljbbZOMbSeDfcvXh4TyCi1Hmxdt3O1oo9t2R/KcWq4g
+lyQn/AAsuKem8lKCYPj7PaJ1XAMije4F/WZvig==
+-----END PUBLIC KEY-----
diff --git a/public_keys/ETSI-SSP-AAS-CA-public-key.der b/public_keys/ETSI-SSP-AAS-CA-public-key.der
new file mode 100644
index 0000000000000000000000000000000000000000..4d8cd257ec8e6472b52d15cf920bf0cc76621050
Binary files /dev/null and b/public_keys/ETSI-SSP-AAS-CA-public-key.der differ
diff --git a/public_keys/ETSI-SSP-AAS-CA-public-key.pem b/public_keys/ETSI-SSP-AAS-CA-public-key.pem
new file mode 100644
index 0000000000000000000000000000000000000000..d28db8868d16364e2a698265ffc843eddf5c4ea7
--- /dev/null
+++ b/public_keys/ETSI-SSP-AAS-CA-public-key.pem
@@ -0,0 +1,5 @@
+-----BEGIN PUBLIC KEY-----
+MHowFAYHKoZIzj0CAQYJKyQDAwIIAQELA2IABIv3eQL0X6Can3mnXC/v2+fpDPAD
+AdCf2FuzBr47lmI4lJVxWJUcJ3TAkhyekWJWeFILX1A0ZTYkHwO5J3a4UiL8yZfi
+lvnlWlgF9HkMM0i3cYDbKThMckJEpRQJhrMETw==
+-----END PUBLIC KEY-----
diff --git a/public_keys/ETSI-SSP-AAS-CI-public-key.der b/public_keys/ETSI-SSP-AAS-CI-public-key.der
new file mode 100644
index 0000000000000000000000000000000000000000..8eced246003e4479f04f0d22a61cd47673910e44
Binary files /dev/null and b/public_keys/ETSI-SSP-AAS-CI-public-key.der differ
diff --git a/public_keys/ETSI-SSP-AAS-CI-public-key.pem b/public_keys/ETSI-SSP-AAS-CI-public-key.pem
new file mode 100644
index 0000000000000000000000000000000000000000..d1fa2b9cc7b86c91fd3fe0b75dfc1c562fab0d87
--- /dev/null
+++ b/public_keys/ETSI-SSP-AAS-CI-public-key.pem
@@ -0,0 +1,5 @@
+-----BEGIN PUBLIC KEY-----
+MHowFAYHKoZIzj0CAQYJKyQDAwIIAQELA2IABEXfoLJouwwLaLkQ2Rj4+lU6a+bR
+0vTNAqkvPkPpfa4mt6vv6WA2xU2tfwrkcBOHvQeEZYw8DcvlqrbPIcqiPXIP7E26
+u5txTeTwfJDshFHhUChqxtWBrR7hiwRRLym5dA==
+-----END PUBLIC KEY-----
diff --git a/public_keys/ETSI-SSP-AAS-EE-public-key.der b/public_keys/ETSI-SSP-AAS-EE-public-key.der
new file mode 100644
index 0000000000000000000000000000000000000000..c75e564e899f09fd9dc36a513f91857faa96d841
Binary files /dev/null and b/public_keys/ETSI-SSP-AAS-EE-public-key.der differ
diff --git a/public_keys/ETSI-SSP-AAS-EE-public-key.pem b/public_keys/ETSI-SSP-AAS-EE-public-key.pem
new file mode 100644
index 0000000000000000000000000000000000000000..e4b6299ce32a6760d53fa4ebd82078784595bf45
--- /dev/null
+++ b/public_keys/ETSI-SSP-AAS-EE-public-key.pem
@@ -0,0 +1,5 @@
+-----BEGIN PUBLIC KEY-----
+MHowFAYHKoZIzj0CAQYJKyQDAwIIAQELA2IABGCQZHHKCQ+nPexg+o/YnWvGcvmT
+M6XkAtnlGdPuAk7FtNqkl8BmAjEBVBN1jBQ+EhzBkueP+MVRcW0wnMlSDSafAsC7
+EodHQGy0VDN7pyc7h0GRZ81gvTe2rEGXSopLVA==
+-----END PUBLIC KEY-----
diff --git a/public_keys/ETSI-SSP-CI-public-key.pem b/public_keys/ETSI-SSP-CI-public-key.pem
new file mode 100644
index 0000000000000000000000000000000000000000..d1fa2b9cc7b86c91fd3fe0b75dfc1c562fab0d87
--- /dev/null
+++ b/public_keys/ETSI-SSP-CI-public-key.pem
@@ -0,0 +1,5 @@
+-----BEGIN PUBLIC KEY-----
+MHowFAYHKoZIzj0CAQYJKyQDAwIIAQELA2IABEXfoLJouwwLaLkQ2Rj4+lU6a+bR
+0vTNAqkvPkPpfa4mt6vv6WA2xU2tfwrkcBOHvQeEZYw8DcvlqrbPIcqiPXIP7E26
+u5txTeTwfJDshFHhUChqxtWBrR7hiwRRLym5dA==
+-----END PUBLIC KEY-----
diff --git a/tokens/ATK-AAA-ECKA.der b/tokens/ATK-AAA-ECKA.der
new file mode 100644
index 0000000000000000000000000000000000000000..9fad0d023fc6a8b292cdc6c4c13ffafc7e80ccf5
Binary files /dev/null and b/tokens/ATK-AAA-ECKA.der differ
diff --git a/tokens/ATK-AAS-ECKA.der b/tokens/ATK-AAS-ECKA.der
new file mode 100644
index 0000000000000000000000000000000000000000..d43ce3f5072be4b007b2328efe47350d8aaf1208
Binary files /dev/null and b/tokens/ATK-AAS-ECKA.der differ
diff --git a/ui.py b/ui.py
new file mode 100644
index 0000000000000000000000000000000000000000..8dfae1b8c542ba1c9a4a371e5909148c2ae3956a
--- /dev/null
+++ b/ui.py
@@ -0,0 +1,60 @@
+import sys
+import getopt
+
+defaultConfiguration = {
+    'options': 'chi:o',
+    'description': ["ifile=", "ofile=", "ccommand="],
+    'usage': 'Program.py -c <challenge|authentication> [-i <inputfile>] [-o <outputfile>]'
+}
+
+
+class UI:
+    """Base class for a handling a public key."""
+
+    def __init__(self, configuration=defaultConfiguration):
+        """ Instiate the UI object."""
+        argv = sys.argv[1:]
+        self.inputfile = ''
+        self.outputfile = ''
+        self.command = ''
+        try:
+            opts, args = getopt.getopt(argv, configuration['options'],
+                                       configuration['description'])
+        except getopt.GetoptError:
+            print(configuration['usage'])
+            sys.exit(2)
+        for opt, arg in opts:
+            if opt == '-h':
+                # define the usage
+                print(configuration['usage'])
+                sys.exit()
+            elif opt in ("-i", "--ifile"):
+                self.inputfile = arg
+            elif opt in ("-o", "--ofile"):
+                self.outputfile = arg
+            elif opt in ("-c", "--ccommand"):
+                self.command = arg
+
+    def getInputFile(self):
+        """Get the inpufile."""
+        return self.inputfile
+
+    def getOutputFile(self):
+        """Get the inpufile."""
+        return self.outputfile
+
+    def getCommand(self):
+        """Get the inpufile."""
+        return self.command
+
+    def isInputFile(self):
+        """Return true if the input file exists."""
+        return self.inputfile != ''
+
+    def isCommand(self):
+        """Return true if the input file exists."""
+        return self.command != ''
+
+    def isOutputFile(self):
+        """Return true if the input file exists."""
+        return self.outputfile != ''
\ No newline at end of file
diff --git a/viewcert.bat b/viewcert.bat
new file mode 100644
index 0000000000000000000000000000000000000000..3924cdfd851cf3be0fbb905180a14d5f3e858ebb
--- /dev/null
+++ b/viewcert.bat
@@ -0,0 +1,39 @@
+echo ETSI-SSP-CI-private-key >summary.txt
+openssl ec -inform DER -in private_keys/ETSI-SSP-CI-private-key.der -text >>summary.txt
+echo ETSI-SSP-AAA-CA-private-key >>summary.txt
+openssl ec -inform DER -in private_keys/ETSI-SSP-AAA-CA-private-key.der -text >>summary.txt
+echo ETSI-SSP-AAA-EE-private-key >>summary.txt
+openssl ec -inform DER -in private_keys/ETSI-SSP-AAA-EE-private-key.der -text >>summary.txt
+echo ETSI-SSP-AAS-CA-private-key >>summary.txt
+openssl ec -inform DER -in private_keys/ETSI-SSP-AAS-CA-private-key.der -text >>summary.txt
+echo ETSI-SSP-AAS-EE-private-key >>summary.txt
+openssl ec -inform DER -in private_keys/ETSI-SSP-AAS-EE-private-key.der -text >>summary.txt
+echo ETSI-SSP-AAA-CA-FAKE-private-key >>summary.txt
+openssl ec -inform DER -in private_keys/ETSI-SSP-AAA-CA-FAKE-private-key.der -text >>summary.txt
+
+echo ETSI-SSP-CI-public-key >>summary.txt
+openssl ec -inform der -in private_keys/ETSI-SSP-CI-private-key.der      -pubout -text >>summary.txt
+echo ETSI-SSP-AAA-CA-public-key >>summary.txt
+openssl ec -inform der -in private_keys/ETSI-SSP-AAA-CA-private-key.der  -pubout -text >>summary.txt
+echo ETSI-SSP-AAA-EE-public-key >>summary.txt
+openssl ec -inform der -in private_keys/ETSI-SSP-AAA-EE-private-key.der  -pubout -text >>summary.txt
+echo ETSI-SSP-AAS-CA-public-key >>summary.txt
+openssl ec -inform der -in private_keys/ETSI-SSP-AAS-CA-private-key.der  -pubout -text >>summary.txt
+echo ETSI-SSP-AAS-EE-public-key >>summary.txt
+openssl ec -inform der -in private_keys/ETSI-SSP-AAS-EE-private-key.der  -pubout -text >>summary.txt
+echo ETSI-SSP-AAA-CA-FAKE-public-key >>summary.txt
+openssl ec -inform der -in private_keys/ETSI-SSP-AAA-CA-FAKE-private-key.der  -pubout -text >>summary.txt
+
+echo certificates/ETSI-SSP-CI.pem >>summary.txt
+openssl x509 -in certificates/ETSI-SSP-CI.pem -text >>summary.txt
+echo certificates/ETSI-SSP-AAA-CA.pem >>summary.txt
+openssl x509 -in certificates/ETSI-SSP-AAA-CA.pem -text >>summary.txt
+echo certificates/ETSI-SSP-AAS-CA.pem >>summary.txt
+openssl x509 -in certificates/ETSI-SSP-AAS-CA.pem -text >>summary.txt
+echo certificates/ETSI-SSP-AAA-EE.pem >>summary.txt
+openssl x509 -in certificates/ETSI-SSP-AAA-EE.pem -text >>summary.txt
+echo certificates/ETSI-SSP-AAS-EE.pem >>summary.txt
+openssl x509 -in certificates/ETSI-SSP-AAS-EE.pem -text >>summary.txt
+
+echo certificates/ETSI-SSP-AAA-EE-FAKE.pem >>summary.txt
+openssl x509 -in certificates/ETSI-SSP-AAA-EE-FAKE.pem -text >>summary.txt
\ No newline at end of file