From ed7384cbf65c79c96f4b55728f202e5299a5dbf6 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?T=C3=B5nis=20Reimo?= <tonis.reimo@ria.ee>
Date: Mon, 24 Apr 2023 10:26:56 +0300
Subject: [PATCH 1/9] Initial commit

---
 LICENSE | 21 +++++++++++++++++++++
 1 file changed, 21 insertions(+)
 create mode 100644 LICENSE

diff --git a/LICENSE b/LICENSE
new file mode 100644
index 00000000..f2253383
--- /dev/null
+++ b/LICENSE
@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2023 Open Electronic Identity
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

From 41ea98fe408f295650d04f4af7b746d59359640a Mon Sep 17 00:00:00 2001
From: Rainer Metsvahi <rainer@cyber.ee>
Date: Tue, 9 May 2023 11:15:43 +0300
Subject: [PATCH 2/9] Add readme

---
 README.md | 201 ++++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 201 insertions(+)
 create mode 100644 README.md

diff --git a/README.md b/README.md
new file mode 100644
index 00000000..6cbc6894
--- /dev/null
+++ b/README.md
@@ -0,0 +1,201 @@
+# cdoc20_java
+
+[CDOC 2.0](https://installer.id.ee/media/cdoc/cdoc_2_0_spetsifikatsioon_d-19-12_v1.9.pdf) reference implementation (Java)
+
+CDOC 2.0 is a new version of [CDOC](https://www.id.ee/wp-content/uploads/2020/06/sk-cdoc-1.0-20120625_en.pdf) (CDOC lib [cdoc4j](https://github.com/open-eid/cdoc4j)), featuring additional security measures with optional server backend. CDoc version are not compatible. Additional background info can be found in [CDOC 2.0](https://www.ria.ee/sites/default/files/content-editors/EID/arne.ansperi_cdoc2_eidinfopaev_20_09_22.pdf).
+
+
+Current CDoc 2.0 supports five scenarios
+
+## CDoc 2.0 ECDH scenario
+
+**Warning**: This description is simplification to give general idea, details and **final truth is in 
+[CDOC 2.0 specification](https://installer.id.ee/media/cdoc/cdoc_2_0_spetsifikatsioon_d-19-12_v1.9.pdf)**.
+
+1. Sender downloads recipient's certificate from SK LDAP using recipient id (isikukood). Recipient certificate contains
+   EC public key.
+2. Sender generates EC (elliptic curve) key pair using the same EC curve as in recipient EC public key [^1]
+3. Sender derives key encryption key (KEK) using ECDH (from sender EC private key and recipient EC public key)  
+4. Sender generates file master key (FMK) using HKDF extract algorithm
+5. Sender derives content encryption key (CEK) and hmac key (HHK) from FMK using HKDF expand algorithm
+6. Sender encrypts FMK with KEK (xor)
+7. Sender adds encrypted FMK with senders and recipients public keys to CDoc header[^2]
+8. Sender calculates header hmac using hmac key (HHK) and adds calculated hmac to CDoc
+9. Sender encrypts content[^3] with CEK (ChaCha20-Poly1305 with AAD)
+10. Sender sends CDoc to Recipient 
+11. Recipient finds recipients public key from CDoc
+12. Recipient derives key encryption key (KEK) using ECDH (from recipient private key on id-kaart and sender public key)
+    and decrypts FMK
+13. Recipient derives CEK and HHK from FMK using HKDF algorithm
+14. Recipient calculates hmac and checks it against hmac in CDoc 
+15. Recipient decrypts content using CEK
+
+[^1]: Current specification defines only SecP384R1 Elliptic Curve for key agreement, but in future other EC curves or algorithms can be added, see flatbuffers schemas in cdoc20-schema
+
+[^2]: Header structure is defined in flatbuffers schema, see cdoc20-schema
+
+[^3]: Content is zlib compressed tar archive
+
+## CDoc 2.0 ECDH server scenario
+
+1. *Follow steps from previous scenario 1-6*
+2. Sender chooses key transaction server (preconfigured list)
+3. Sender sends sender public key and recipient public key to the key transfer server [^4]
+4. Server stores public keys in server and generates transaction id
+5. Sender adds key server id, recipient public key, transaction id and encrypted FMK to CDoc header
+6. *Follow steps from previous scenario 8-10*
+7. Recipient finds transaction id  and server using his id-kaart public key from CDoc
+8. Recipient authenticates himself against key transfer server using certificate on id-kaart (mutual TLS)
+9. Recipient queries the server with transaction id [^4]
+10. If recipient certificate public key and recipient public key in transaction record match, then server answers with sender public key
+11. *Follow steps from previous steps 12-15*
+
+
+Key transfer server benefits:
+* After the key has been deleted from the key transfer server, the document cannot be decrypted even when keys on recipient's id-kaart have been compromised.
+* Other scenarios can be implemented like expiring CDoc2.0 documents by deleting expired keys from key transfer server. 
+
+[^4]: key transfer server protocol is defined in cdoc20-openapi module
+
+## CDoc 2.0 RSA-OAEP
+
+RSA-OAEP is similar to ECDH scenario, with difference that KEK is generated from secure random (not ECDH) and
+KEK is encrypted with recipient RSA public key and included into CDOC header (instead of
+sender public key).
+
+1. Sender acquires recipient's certificate from SK LDAP using recipient id or by some other means.
+   Recipient certificate contains recipient RSA public key.
+2. Sender generates file master key (FMK) using HKDF extract algorithm.
+3. Sender generates encryption key (KEK) using secure random.
+4. Sender derives content encryption key (CEK) and hmac key (HHK) from FMK using HKDF expand algorithm.
+5. Sender encrypts FMK with KEK (xor).
+6. Sender encrypts KEK with recipient's RSA public key.
+7. Sender adds encrypted FMK and encrypted KEK with recipient's public key to CDoc header.
+8. Sender calculates header hmac using hmac key (HHK) and adds calculated hmac to CDoc.
+9. Sender encrypts content with CEK (ChaCha20-Poly1305 with AAD).
+10. Sender sends CDoc to recipient.
+11. Recipient searches CDoc header for recipient's record that contains his public key.
+12. Recipient decrypts key encryption key (KEK) using recipient's RSA private key.
+13. Recipient decrypts FMK using KEK.
+14. Recipient derives CEK and HHK from FMK using HKDF algorithm.
+15. Recipient calculates hmac and checks it against hmac in CDoc.
+16. Recipient decrypts content using CEK.
+
+## CDoc 2.0 RSA-OAEP with server scenario
+
+1. *Follow steps from RSA-OAEP scenario 1-6*
+2. Sender chooses key capsule server (by providing server configuration)
+3. Sender sends recipient public key and encrypted KEK inside capsule to the key capsule server
+4. Server stores capsule containing recipient public key and encrypted KEK and responds with generated transaction id
+5. Sender adds key server id, recipient public key, transaction id and encrypted FMK to CDoc header
+6. *Follow steps from RSA-OAEP scenario 8-10*
+7. Recipient finds transaction id and server using his public RSA key from CDoc
+8. Recipient authenticates against server using RSA certificate (mutual TLS)
+9. Recipient queries the server with transaction id [^4]
+10. If recipient certificate public key and recipient public key in capsule record match, then server answers with
+    capsule that contains encrypted KEK
+11. *Follow steps from RSA-OAEP scenario steps 12-15*
+
+## CDoc 2.0 with symmetric key
+
+Similar to ECDH scenario, but KEK is derived from symmetric key (secret) identified by key_label using HKDF algorithm.
+
+1. Sender and recipient have a pre shared secret identified by key_label 
+2. Sender derives key encryption key (KEK) from secret, key_label and salt (generated using secure random) using HKDF algorithm
+3. *Follow steps from ECDH scenario 4-6*
+4. Sender adds encrypted FMK with key_label to CDoc header
+5. *Follow steps from ECDH scenario 8-10*
+6. Recipient searches CDoc header for key_label and finds salt and encrypted FMK
+7. Recipient derives encryption key (KEK) from salt, key_label and pre-shared symmetric key (secret)
+8. Recipient decrypts FMK using KEK.
+9. *Follow steps from ECDH scenario 13-15*
+
+cdoc20_java does not provide solution for securely storing the secret, but most password managers
+ can do that.
+
+
+## Structure
+
+- cdoc20-schema  - flatbuffers schemas and code generation
+- cdoc20-lib     - CDOC 2.0 creation and processing library
+- cdoc20-cli     - Command line utility to create/process CDOC 2.0 files
+- cdoc20-openapi - OpenAPI definitions for server and client generation
+- cdoc20-server  - Optional server backend for securely exchanging key capsules
+- cdoc20-client  - Optional client for server backend
+- gatling-tests  - Functional and load tests for cdoc20-server
+- test           - Sample CDOC 2.0 containers (with script to create and decrypt them)
+
+## Preconditions for building
+* Java 17
+* Maven 3.8.x
+* Docker available and running (required for running tests)
+
+## Building
+CDOC 2.0 has been tested with JDK 17 and Maven 3.8.4
+
+```
+mvn clean install
+```
+
+## Testing
+By default tests that require smart-card are excluded from running. To execute all tests enable allTests maven profile
+```
+mvn -PallTests test
+```
+
+For more control set `tests` maven property directly. For more info see 
+[Junit5 Tag Expression](https://junit.org/junit5/docs/current/user-guide/#running-tests-tag-expressions)
+```
+mvn -Dtests='!(slow | pkcs11)'
+```
+
+### PKCS11 tests
+
+To run the tests using a physical PKCS11 device (smart card or usb token), execute:
+
+```
+mvn test -Dtests=pkcs11
+```
+
+The pkcs11 device configuration (PKCS11 library, slot, pin, etc) can be specified using `cdoc2.pkcs11.conf-file` system property, for example:
+
+```
+mvn test -Dtests=pkcs11 -Dcdoc2.pkcs11.conf-file=pkcs11-test-safenet.properties
+```
+
+By default, the pkcs11 configuration is read from the file `pkcs11-test-idcard.properties`.
+
+### Entropy
+In case the tests run slowly (probably due to waiting on entropy generation),
+using an entropy source (e.g `haveged`) may help on Linux:
+
+```
+apt-get install haveged
+update-rc.d haveged defaults
+service haveged start
+```
+
+## Running
+
+See `cdoc20-cli/README.md`
+
+## Releasing
+
+First update CHANGELOG.md - follow semantic versioning
+
+Will update version numbers in pom.xml files and create tag with version v{x.y.z} in git 
+```
+mvn clean
+mvn --batch-mode -Dtag=v{x.y.z} release:prepare -DreleaseVersion={x.y.z} -DdevelopmentVersion={x.y+1.z}-SNAPSHOT
+mvn release:perform -Darguments="-Dmaven.deploy.skip=true"
+```
+Verify that git repositories are synced (master points to same commit) and the tag is pushed (using `git push <remote> v{x.y.z}`).
+
+As maven repository doesn't exist yet, then maven deploy is not performed
+
+For more info, see
+[Maven Non-interactive Release](https://maven.apache.org/maven-release/maven-release-plugin/examples/non-interactive-release.html)
+
+
+
+

From a7eb1506b1d1c85835056934e2378f6b38552976 Mon Sep 17 00:00:00 2001
From: Rainer Metsvahi <rainer@cyber.ee>
Date: Tue, 9 May 2023 13:20:45 +0300
Subject: [PATCH 3/9] Merge

---
 .gitattributes                                |   1 +
 .gitignore                                    |  37 +
 CHANGELOG.md                                  | 144 +++
 README.md                                     |   2 +-
 cdoc20-cli/README.md                          | 295 ++++++
 .../config/localhost/localhost.properties     |  30 +
 .../localhost/localhost_pkcs12.properties     |  21 +
 .../localhost/localhost_pkcs12_rsa.properties |  22 +
 cdoc20-cli/keys/37101010021_cert.cer          | Bin 0 -> 1602 bytes
 cdoc20-cli/keys/37101010021_cert.pem          |  36 +
 cdoc20-cli/keys/README.md                     |  95 ++
 cdoc20-cli/keys/alice.pem                     |   6 +
 cdoc20-cli/keys/alice_pub.pem                 |   5 +
 cdoc20-cli/keys/bob.pem                       |   6 +
 cdoc20-cli/keys/bob_pub.pem                   |   5 +
 cdoc20-cli/keys/cdoc20client-certificate.pem  |  15 +
 cdoc20-cli/keys/cdoc20client.pem              |   4 +
 cdoc20-cli/keys/cdoc20client_pub.pem          |   5 +
 cdoc20-cli/keys/rsa_priv.pem                  |  27 +
 cdoc20-cli/keys/rsa_pub.pem                   |   9 +
 cdoc20-cli/pom.xml                            | 135 +++
 .../java/ee/cyber/cdoc20/cli/CDocCli.java     |  52 ++
 .../ee/cyber/cdoc20/cli/SymmetricKeyUtil.java | 103 +++
 .../cdoc20/cli/commands/CDocCreateCmd.java    | 135 +++
 .../cdoc20/cli/commands/CDocDecryptCmd.java   | 126 +++
 .../cdoc20/cli/commands/CDocInfoCmd.java      |  55 ++
 .../cdoc20/cli/commands/CDocListCmd.java      | 126 +++
 .../main/resources/simplelogger.properties    |   3 +
 cdoc20-cli/src/test/java/CDocCliTest.java     | 107 +++
 .../test/resources/simplelogger.properties    |   3 +
 cdoc20-client/pom.xml                         | 222 +++++
 .../client/Cdoc20KeyCapsuleApiClient.java     | 293 ++++++
 cdoc20-lib/README.md                          |   6 +
 cdoc20-lib/ldap.README                        |   9 +
 cdoc20-lib/pkcs11.README                      | 169 ++++
 cdoc20-lib/pom.xml                            |  88 ++
 .../java/ee/cyber/cdoc20/CDocBuilder.java     | 183 ++++
 .../ee/cyber/cdoc20/CDocConfiguration.java    |  46 +
 .../java/ee/cyber/cdoc20/CDocDecrypter.java   | 113 +++
 .../java/ee/cyber/cdoc20/CDocException.java   |  16 +
 .../ee/cyber/cdoc20/CDocUserException.java    |  31 +
 .../cyber/cdoc20/CDocValidationException.java |  12 +
 .../java/ee/cyber/cdoc20/UserErrorCode.java   |  38 +
 .../cyber/cdoc20/client/EcCapsuleClient.java  |  23 +
 .../cdoc20/client/EcCapsuleClientImpl.java    |  81 ++
 .../cyber/cdoc20/client/ExtApiException.java  |  24 +
 .../cyber/cdoc20/client/KeyCapsuleClient.java |  14 +
 .../client/KeyCapsuleClientFactory.java       |  14 +
 .../cdoc20/client/KeyCapsuleClientImpl.java   | 330 +++++++
 .../cyber/cdoc20/client/RsaCapsuleClient.java |  10 +
 .../cdoc20/client/RsaCapsuleClientImpl.java   |  47 +
 .../ee/cyber/cdoc20/client/ServerClient.java  |  10 +
 .../ee/cyber/cdoc20/client/package-info.java  |   4 +
 .../cdoc20/container/CDocParseException.java  |  14 +
 .../ee/cyber/cdoc20/container/Envelope.java   | 495 +++++++++++
 .../cdoc20/container/FileNameValidator.java   |  65 ++
 .../java/ee/cyber/cdoc20/container/Tar.java   | 189 ++++
 .../ee/cyber/cdoc20/container/TarDeflate.java | 305 +++++++
 .../UnknownFlatBufferTypeException.java       |  10 +
 .../recipients/EccPubKeyRecipient.java        |  64 ++
 .../container/recipients/EccRecipient.java    |  62 ++
 .../recipients/EccServerKeyRecipient.java     |  66 ++
 .../recipients/PublicKeyRecipient.java        |   7 +
 .../recipients/RSAPubKeyRecipient.java        |  58 ++
 .../container/recipients/RSARecipient.java    |  40 +
 .../recipients/RSAServerKeyRecipient.java     |  63 ++
 .../container/recipients/Recipient.java       |  59 ++
 .../recipients/RecipientDeserializer.java     | 195 ++++
 .../recipients/RecipientFactory.java          | 252 ++++++
 .../recipients/RecipientSerializer.java       | 179 ++++
 .../container/recipients/SerializableFBS.java |  12 +
 .../container/recipients/ServerRecipient.java |   9 +
 .../recipients/SymmetricKeyRecipient.java     |  52 ++
 .../ee/cyber/cdoc20/crypto/ChaChaCipher.java  | 173 ++++
 .../java/ee/cyber/cdoc20/crypto/Crypto.java   | 289 ++++++
 .../cdoc20/crypto/DecryptionKeyMaterial.java  |  86 ++
 .../java/ee/cyber/cdoc20/crypto/ECKeys.java   | 312 +++++++
 .../ee/cyber/cdoc20/crypto/EllipticCurve.java | 153 ++++
 .../cdoc20/crypto/EncryptionKeyMaterial.java  |  82 ++
 .../ee/cyber/cdoc20/crypto/KekDerivable.java  |  13 +
 .../java/ee/cyber/cdoc20/crypto/KekTools.java | 159 ++++
 .../java/ee/cyber/cdoc20/crypto/PemTools.java | 300 +++++++
 .../ee/cyber/cdoc20/crypto/Pkcs11Tools.java   | 405 +++++++++
 .../java/ee/cyber/cdoc20/crypto/RsaUtils.java | 142 +++
 .../ee/cyber/cdoc20/util/OperatingSystem.java |  39 +
 .../java/ee/cyber/cdoc20/util/Resources.java  |  49 +
 .../java/ee/cyber/cdoc20/util/SkLdapUtil.java | 210 +++++
 .../main/resources/simplelogger.properties    |   3 +
 .../test/java/ee/cyber/cdoc20/SkLdapTest.java |  40 +
 .../cyber/cdoc20/container/EnvelopeTest.java  | 839 ++++++++++++++++++
 .../cdoc20/container/EnvelopeTestUtils.java   | 325 +++++++
 .../cdoc20/container/TarDeflateTest.java      | 348 ++++++++
 .../cdoc20/crypto/ChaChaChipherTest.java      | 233 +++++
 .../ee/cyber/cdoc20/crypto/CryptoTest.java    | 152 ++++
 .../ee/cyber/cdoc20/crypto/ECKeysTest.java    | 389 ++++++++
 .../crypto/Pkcs11DeviceConfiguration.java     |  67 ++
 .../ee/cyber/cdoc20/crypto/Pkcs11Test.java    |  97 ++
 .../java/ee/cyber/cdoc20/crypto/RsaTest.java  | 155 ++++
 .../resources/pkcs11-test-idcard.properties   |  10 +
 .../resources/pkcs11-test-safenet.properties  |   8 +
 cdoc20-openapi/cdoc20-key-capsules.yaml       | 113 +++
 cdoc20-openapi/pom.xml                        | 203 +++++
 cdoc20-schema/README.md                       |  13 +
 cdoc20-schema/pom.xml                         | 173 ++++
 cdoc20-schema/src/main/fbs/header.fbs         |  44 +
 cdoc20-schema/src/main/fbs/recipients.fbs     |  54 ++
 .../cdoc20/fbs/header/FbsHeaderTest.java      | 157 ++++
 cdoc20-server/.gitignore                      |  38 +
 cdoc20-server/README.md                       | 111 +++
 cdoc20-server/admin-guide.md                  | 294 ++++++
 .../config/application-local.properties       |  70 ++
 cdoc20-server/get-server/docker/Dockerfile    |  12 +
 .../get-server/docker/application.properties  |  67 ++
 .../get-server/docker/docker-entrypoint.sh    |   9 +
 cdoc20-server/get-server/pom.xml              | 279 ++++++
 .../server/Cdoc20GetServerApplication.java    |  55 ++
 .../ClientAuthCertRevocationCustomizer.java   |  58 ++
 .../cdoc20/server/api/GetKeyCapsuleApi.java   | 131 +++
 .../cdoc20/server/GetKeyCapsuleApiTests.java  | 435 +++++++++
 .../src/test/resources/application.properties |  28 +
 .../get-server/src/test/resources/logback.xml |  46 +
 cdoc20-server/keys/README.md                  |  27 +
 .../ca_certs/TEST_of_ESTEID-SK_2015.pem.crt   |  37 +
 .../keys/ca_certs/client-certificate.pem      |  15 +
 .../keys/ca_certs/esteid2018.pem.crt          |  31 +
 cdoc20-server/keys/cdoc20client.p12           | Bin 0 -> 1330 bytes
 cdoc20-server/keys/cdoc20server.p12           | Bin 0 -> 1316 bytes
 cdoc20-server/keys/clienttruststore.jks       | Bin 0 -> 982 bytes
 .../keys/rsa/client-rsa-16384-cert.pem        | Bin 0 -> 4488 bytes
 cdoc20-server/keys/rsa/client-rsa-16384.p12   | Bin 0 -> 14424 bytes
 .../keys/rsa/client-rsa-2048-cert.pem         | Bin 0 -> 888 bytes
 cdoc20-server/keys/rsa/client-rsa-2048.p12    | Bin 0 -> 2760 bytes
 .../keys/rsa/client-rsa-4096-cert.pem         | Bin 0 -> 1408 bytes
 cdoc20-server/keys/rsa/client-rsa-4096.p12    | Bin 0 -> 4440 bytes
 .../keys/rsa/client-rsa-8192-cert.pem         | Bin 0 -> 2432 bytes
 cdoc20-server/keys/rsa/client-rsa-8192.p12    | Bin 0 -> 7768 bytes
 cdoc20-server/keys/server-certificate.pem     |  15 +
 cdoc20-server/keys/servertruststore.jks       | Bin 0 -> 5974 bytes
 .../cdoc2-rsa-test-sk-cert.pem                |  34 +
 .../cdoc2-rsa-test-sk.p12                     | Bin 0 -> 3117 bytes
 .../cdoc2-rsa-test-sk.pem                     |  30 +
 .../cdoc2-test-pulk-cert.pem                  |  34 +
 cdoc20-server/pom.xml                         |  22 +
 cdoc20-server/postgres.README.md              |   9 +
 .../config/application-local.properties       |  54 ++
 cdoc20-server/put-server/docker/Dockerfile    |  12 +
 .../put-server/docker/application.properties  |  53 ++
 .../put-server/docker/docker-entrypoint.sh    |   9 +
 cdoc20-server/put-server/pom.xml              | 279 ++++++
 .../server/Cdoc20PutServerApplication.java    |  46 +
 .../cdoc20/server/api/CapsuleValidator.java   |  70 ++
 .../server/api/CreateKeyCapsuleApi.java       | 105 +++
 .../cdoc20/server/CreateKeyCapsuleTests.java  | 386 ++++++++
 .../src/test/resources/application.properties |  19 +
 .../put-server/src/test/resources/logback.xml |  46 +
 cdoc20-server/server-common/pom.xml           | 114 +++
 .../cdoc20/server/GlobalExceptionHandler.java |  31 +
 .../cyber/cdoc20/server/MonitoringUtil.java   |  22 +
 .../server/RegisteredEndpointsLogger.java     |  34 +
 .../server/SystemTimeInfoContributor.java     |  23 +
 .../java/ee/cyber/cdoc20/server/Utils.java    |  26 +
 .../cdoc20/server/BaseIntegrationTest.java    | 144 +++
 .../java/ee/cyber/cdoc20/server/TestData.java |  46 +
 .../cdoc20/server/TestingConfiguration.java   |  69 ++
 .../ee/cyber/cdoc20/server/UtilsTest.java     |  22 +
 cdoc20-server/server-db/liquibase.properties  |   4 +
 cdoc20-server/server-db/pom.xml               |  71 ++
 .../cdoc20/server/model/db/KeyCapsuleDb.java  |  77 ++
 .../server/model/db/KeyCapsuleRepository.java |   6 +
 .../changelog/changes/001-initial-state.sql   |  11 +
 .../db/changelog/db.changelog-master.yaml     |   3 +
 .../resources/db/liquibase.properties.docker  |   2 +
 checkstyle-suppressions.xml                   |  16 +
 checkstyle.xml                                | 137 +++
 docker/README.md                              |  65 ++
 docker/docker-compose.yml                     |  56 ++
 gatling-tests/.gitignore                      |   2 +
 gatling-tests/README.md                       | 149 ++++
 gatling-tests/pom.xml                         | 130 +++
 .../server/KeyCapsuleFunctionalTests.java     |  72 ++
 .../cdoc20/server/KeyCapsuleLoadTests.java    |  99 +++
 .../cdoc20/server/TestDataGenerator.java      | 195 ++++
 .../cdoc20/server/conf/LoadTestConfig.java    |  19 +
 .../server/conf/LoadTestParameters.java       |  11 +
 .../cdoc20/server/conf/LoadedKeyStore.java    |  15 +
 .../cyber/cdoc20/server/conf/TestConfig.java  | 133 +++
 .../cyber/cdoc20/server/datagen/CertUtil.java | 131 +++
 .../server/datagen/KeyStoreGenerator.java     |  68 ++
 .../cdoc20/server/datagen/KeyStoreUtil.java   |  82 ++
 .../cdoc20/server/dto/GeneratedCapsule.java   |  15 +
 .../cdoc20/server/dto/KeyCapsuleRequest.java  |  29 +
 .../cdoc20/server/dto/KeyCapsuleType.java     |   9 +
 .../scenarios/EccKeyCapsuleScenarios.java     |  93 ++
 .../server/scenarios/KeyCapsuleScenarios.java | 179 ++++
 .../scenarios/RsaKeyCapsuleScenarios.java     | 112 +++
 .../server/scenarios/ScenarioIdentifiers.java |  27 +
 .../test/resources/application.conf.sample    |  43 +
 .../src/test/resources/cdoc20client.p12       | Bin 0 -> 1330 bytes
 .../src/test/resources/keys/gatling-ca.p12    | Bin 0 -> 1308 bytes
 .../src/test/resources/keys/gatling-ca.pem    |  15 +
 .../resources/keys/test-clients/.gitignore    |   1 +
 .../src/test/resources/logback-test.xml       |  19 +
 pom.xml                                       | 232 +++++
 test/generate_documents.sh                    | 238 +++++
 .../ec_server_ria_dev_id_card.cdoc            | Bin 0 -> 4029 bytes
 .../testvectors/ec_server_ria_dev_pkcs12.cdoc | Bin 0 -> 3721 bytes
 test/testvectors/ec_simple.cdoc               | Bin 0 -> 3749 bytes
 .../rsa_server_ria_dev_pkcs12.cdoc            | Bin 0 -> 3893 bytes
 test/testvectors/rsa_simple.cdoc              | Bin 0 -> 4057 bytes
 test/testvectors/symmetric.cdoc               | Bin 0 -> 3573 bytes
 test/testvectors/symmetric_longfilename.cdoc  | Bin 0 -> 444 bytes
 211 files changed, 17486 insertions(+), 1 deletion(-)
 create mode 100644 .gitattributes
 create mode 100644 .gitignore
 create mode 100644 CHANGELOG.md
 create mode 100644 cdoc20-cli/README.md
 create mode 100644 cdoc20-cli/config/localhost/localhost.properties
 create mode 100644 cdoc20-cli/config/localhost/localhost_pkcs12.properties
 create mode 100644 cdoc20-cli/config/localhost/localhost_pkcs12_rsa.properties
 create mode 100644 cdoc20-cli/keys/37101010021_cert.cer
 create mode 100644 cdoc20-cli/keys/37101010021_cert.pem
 create mode 100644 cdoc20-cli/keys/README.md
 create mode 100644 cdoc20-cli/keys/alice.pem
 create mode 100644 cdoc20-cli/keys/alice_pub.pem
 create mode 100644 cdoc20-cli/keys/bob.pem
 create mode 100644 cdoc20-cli/keys/bob_pub.pem
 create mode 100644 cdoc20-cli/keys/cdoc20client-certificate.pem
 create mode 100644 cdoc20-cli/keys/cdoc20client.pem
 create mode 100644 cdoc20-cli/keys/cdoc20client_pub.pem
 create mode 100644 cdoc20-cli/keys/rsa_priv.pem
 create mode 100644 cdoc20-cli/keys/rsa_pub.pem
 create mode 100644 cdoc20-cli/pom.xml
 create mode 100644 cdoc20-cli/src/main/java/ee/cyber/cdoc20/cli/CDocCli.java
 create mode 100644 cdoc20-cli/src/main/java/ee/cyber/cdoc20/cli/SymmetricKeyUtil.java
 create mode 100644 cdoc20-cli/src/main/java/ee/cyber/cdoc20/cli/commands/CDocCreateCmd.java
 create mode 100644 cdoc20-cli/src/main/java/ee/cyber/cdoc20/cli/commands/CDocDecryptCmd.java
 create mode 100644 cdoc20-cli/src/main/java/ee/cyber/cdoc20/cli/commands/CDocInfoCmd.java
 create mode 100644 cdoc20-cli/src/main/java/ee/cyber/cdoc20/cli/commands/CDocListCmd.java
 create mode 100644 cdoc20-cli/src/main/resources/simplelogger.properties
 create mode 100644 cdoc20-cli/src/test/java/CDocCliTest.java
 create mode 100644 cdoc20-cli/src/test/resources/simplelogger.properties
 create mode 100644 cdoc20-client/pom.xml
 create mode 100644 cdoc20-client/src/main/java/ee/cyber/cdoc20/client/Cdoc20KeyCapsuleApiClient.java
 create mode 100644 cdoc20-lib/README.md
 create mode 100644 cdoc20-lib/ldap.README
 create mode 100644 cdoc20-lib/pkcs11.README
 create mode 100644 cdoc20-lib/pom.xml
 create mode 100644 cdoc20-lib/src/main/java/ee/cyber/cdoc20/CDocBuilder.java
 create mode 100644 cdoc20-lib/src/main/java/ee/cyber/cdoc20/CDocConfiguration.java
 create mode 100644 cdoc20-lib/src/main/java/ee/cyber/cdoc20/CDocDecrypter.java
 create mode 100644 cdoc20-lib/src/main/java/ee/cyber/cdoc20/CDocException.java
 create mode 100644 cdoc20-lib/src/main/java/ee/cyber/cdoc20/CDocUserException.java
 create mode 100644 cdoc20-lib/src/main/java/ee/cyber/cdoc20/CDocValidationException.java
 create mode 100644 cdoc20-lib/src/main/java/ee/cyber/cdoc20/UserErrorCode.java
 create mode 100644 cdoc20-lib/src/main/java/ee/cyber/cdoc20/client/EcCapsuleClient.java
 create mode 100644 cdoc20-lib/src/main/java/ee/cyber/cdoc20/client/EcCapsuleClientImpl.java
 create mode 100644 cdoc20-lib/src/main/java/ee/cyber/cdoc20/client/ExtApiException.java
 create mode 100644 cdoc20-lib/src/main/java/ee/cyber/cdoc20/client/KeyCapsuleClient.java
 create mode 100644 cdoc20-lib/src/main/java/ee/cyber/cdoc20/client/KeyCapsuleClientFactory.java
 create mode 100644 cdoc20-lib/src/main/java/ee/cyber/cdoc20/client/KeyCapsuleClientImpl.java
 create mode 100644 cdoc20-lib/src/main/java/ee/cyber/cdoc20/client/RsaCapsuleClient.java
 create mode 100644 cdoc20-lib/src/main/java/ee/cyber/cdoc20/client/RsaCapsuleClientImpl.java
 create mode 100644 cdoc20-lib/src/main/java/ee/cyber/cdoc20/client/ServerClient.java
 create mode 100644 cdoc20-lib/src/main/java/ee/cyber/cdoc20/client/package-info.java
 create mode 100644 cdoc20-lib/src/main/java/ee/cyber/cdoc20/container/CDocParseException.java
 create mode 100644 cdoc20-lib/src/main/java/ee/cyber/cdoc20/container/Envelope.java
 create mode 100644 cdoc20-lib/src/main/java/ee/cyber/cdoc20/container/FileNameValidator.java
 create mode 100644 cdoc20-lib/src/main/java/ee/cyber/cdoc20/container/Tar.java
 create mode 100644 cdoc20-lib/src/main/java/ee/cyber/cdoc20/container/TarDeflate.java
 create mode 100644 cdoc20-lib/src/main/java/ee/cyber/cdoc20/container/UnknownFlatBufferTypeException.java
 create mode 100644 cdoc20-lib/src/main/java/ee/cyber/cdoc20/container/recipients/EccPubKeyRecipient.java
 create mode 100644 cdoc20-lib/src/main/java/ee/cyber/cdoc20/container/recipients/EccRecipient.java
 create mode 100644 cdoc20-lib/src/main/java/ee/cyber/cdoc20/container/recipients/EccServerKeyRecipient.java
 create mode 100644 cdoc20-lib/src/main/java/ee/cyber/cdoc20/container/recipients/PublicKeyRecipient.java
 create mode 100644 cdoc20-lib/src/main/java/ee/cyber/cdoc20/container/recipients/RSAPubKeyRecipient.java
 create mode 100644 cdoc20-lib/src/main/java/ee/cyber/cdoc20/container/recipients/RSARecipient.java
 create mode 100644 cdoc20-lib/src/main/java/ee/cyber/cdoc20/container/recipients/RSAServerKeyRecipient.java
 create mode 100644 cdoc20-lib/src/main/java/ee/cyber/cdoc20/container/recipients/Recipient.java
 create mode 100644 cdoc20-lib/src/main/java/ee/cyber/cdoc20/container/recipients/RecipientDeserializer.java
 create mode 100644 cdoc20-lib/src/main/java/ee/cyber/cdoc20/container/recipients/RecipientFactory.java
 create mode 100644 cdoc20-lib/src/main/java/ee/cyber/cdoc20/container/recipients/RecipientSerializer.java
 create mode 100644 cdoc20-lib/src/main/java/ee/cyber/cdoc20/container/recipients/SerializableFBS.java
 create mode 100644 cdoc20-lib/src/main/java/ee/cyber/cdoc20/container/recipients/ServerRecipient.java
 create mode 100644 cdoc20-lib/src/main/java/ee/cyber/cdoc20/container/recipients/SymmetricKeyRecipient.java
 create mode 100644 cdoc20-lib/src/main/java/ee/cyber/cdoc20/crypto/ChaChaCipher.java
 create mode 100644 cdoc20-lib/src/main/java/ee/cyber/cdoc20/crypto/Crypto.java
 create mode 100644 cdoc20-lib/src/main/java/ee/cyber/cdoc20/crypto/DecryptionKeyMaterial.java
 create mode 100644 cdoc20-lib/src/main/java/ee/cyber/cdoc20/crypto/ECKeys.java
 create mode 100644 cdoc20-lib/src/main/java/ee/cyber/cdoc20/crypto/EllipticCurve.java
 create mode 100644 cdoc20-lib/src/main/java/ee/cyber/cdoc20/crypto/EncryptionKeyMaterial.java
 create mode 100644 cdoc20-lib/src/main/java/ee/cyber/cdoc20/crypto/KekDerivable.java
 create mode 100644 cdoc20-lib/src/main/java/ee/cyber/cdoc20/crypto/KekTools.java
 create mode 100644 cdoc20-lib/src/main/java/ee/cyber/cdoc20/crypto/PemTools.java
 create mode 100644 cdoc20-lib/src/main/java/ee/cyber/cdoc20/crypto/Pkcs11Tools.java
 create mode 100644 cdoc20-lib/src/main/java/ee/cyber/cdoc20/crypto/RsaUtils.java
 create mode 100644 cdoc20-lib/src/main/java/ee/cyber/cdoc20/util/OperatingSystem.java
 create mode 100644 cdoc20-lib/src/main/java/ee/cyber/cdoc20/util/Resources.java
 create mode 100644 cdoc20-lib/src/main/java/ee/cyber/cdoc20/util/SkLdapUtil.java
 create mode 100644 cdoc20-lib/src/main/resources/simplelogger.properties
 create mode 100644 cdoc20-lib/src/test/java/ee/cyber/cdoc20/SkLdapTest.java
 create mode 100644 cdoc20-lib/src/test/java/ee/cyber/cdoc20/container/EnvelopeTest.java
 create mode 100644 cdoc20-lib/src/test/java/ee/cyber/cdoc20/container/EnvelopeTestUtils.java
 create mode 100644 cdoc20-lib/src/test/java/ee/cyber/cdoc20/container/TarDeflateTest.java
 create mode 100644 cdoc20-lib/src/test/java/ee/cyber/cdoc20/crypto/ChaChaChipherTest.java
 create mode 100644 cdoc20-lib/src/test/java/ee/cyber/cdoc20/crypto/CryptoTest.java
 create mode 100644 cdoc20-lib/src/test/java/ee/cyber/cdoc20/crypto/ECKeysTest.java
 create mode 100644 cdoc20-lib/src/test/java/ee/cyber/cdoc20/crypto/Pkcs11DeviceConfiguration.java
 create mode 100644 cdoc20-lib/src/test/java/ee/cyber/cdoc20/crypto/Pkcs11Test.java
 create mode 100644 cdoc20-lib/src/test/java/ee/cyber/cdoc20/crypto/RsaTest.java
 create mode 100644 cdoc20-lib/src/test/resources/pkcs11-test-idcard.properties
 create mode 100644 cdoc20-lib/src/test/resources/pkcs11-test-safenet.properties
 create mode 100644 cdoc20-openapi/cdoc20-key-capsules.yaml
 create mode 100644 cdoc20-openapi/pom.xml
 create mode 100644 cdoc20-schema/README.md
 create mode 100644 cdoc20-schema/pom.xml
 create mode 100644 cdoc20-schema/src/main/fbs/header.fbs
 create mode 100644 cdoc20-schema/src/main/fbs/recipients.fbs
 create mode 100644 cdoc20-schema/src/test/java/ee/cyber/cdoc20/fbs/header/FbsHeaderTest.java
 create mode 100644 cdoc20-server/.gitignore
 create mode 100644 cdoc20-server/README.md
 create mode 100644 cdoc20-server/admin-guide.md
 create mode 100644 cdoc20-server/get-server/config/application-local.properties
 create mode 100644 cdoc20-server/get-server/docker/Dockerfile
 create mode 100644 cdoc20-server/get-server/docker/application.properties
 create mode 100755 cdoc20-server/get-server/docker/docker-entrypoint.sh
 create mode 100644 cdoc20-server/get-server/pom.xml
 create mode 100644 cdoc20-server/get-server/src/main/java/ee/cyber/cdoc20/server/Cdoc20GetServerApplication.java
 create mode 100644 cdoc20-server/get-server/src/main/java/ee/cyber/cdoc20/server/ClientAuthCertRevocationCustomizer.java
 create mode 100644 cdoc20-server/get-server/src/main/java/ee/cyber/cdoc20/server/api/GetKeyCapsuleApi.java
 create mode 100644 cdoc20-server/get-server/src/test/java/ee/cyber/cdoc20/server/GetKeyCapsuleApiTests.java
 create mode 100644 cdoc20-server/get-server/src/test/resources/application.properties
 create mode 100644 cdoc20-server/get-server/src/test/resources/logback.xml
 create mode 100644 cdoc20-server/keys/README.md
 create mode 100644 cdoc20-server/keys/ca_certs/TEST_of_ESTEID-SK_2015.pem.crt
 create mode 100644 cdoc20-server/keys/ca_certs/client-certificate.pem
 create mode 100644 cdoc20-server/keys/ca_certs/esteid2018.pem.crt
 create mode 100644 cdoc20-server/keys/cdoc20client.p12
 create mode 100644 cdoc20-server/keys/cdoc20server.p12
 create mode 100644 cdoc20-server/keys/clienttruststore.jks
 create mode 100644 cdoc20-server/keys/rsa/client-rsa-16384-cert.pem
 create mode 100644 cdoc20-server/keys/rsa/client-rsa-16384.p12
 create mode 100644 cdoc20-server/keys/rsa/client-rsa-2048-cert.pem
 create mode 100644 cdoc20-server/keys/rsa/client-rsa-2048.p12
 create mode 100644 cdoc20-server/keys/rsa/client-rsa-4096-cert.pem
 create mode 100644 cdoc20-server/keys/rsa/client-rsa-4096.p12
 create mode 100644 cdoc20-server/keys/rsa/client-rsa-8192-cert.pem
 create mode 100644 cdoc20-server/keys/rsa/client-rsa-8192.p12
 create mode 100644 cdoc20-server/keys/server-certificate.pem
 create mode 100644 cdoc20-server/keys/servertruststore.jks
 create mode 100644 cdoc20-server/keys/sk-signed-test-certs/cdoc2-rsa-test-sk-cert.pem
 create mode 100644 cdoc20-server/keys/sk-signed-test-certs/cdoc2-rsa-test-sk.p12
 create mode 100644 cdoc20-server/keys/sk-signed-test-certs/cdoc2-rsa-test-sk.pem
 create mode 100644 cdoc20-server/keys/sk-signed-test-certs/cdoc2-test-pulk-cert.pem
 create mode 100644 cdoc20-server/pom.xml
 create mode 100644 cdoc20-server/postgres.README.md
 create mode 100644 cdoc20-server/put-server/config/application-local.properties
 create mode 100644 cdoc20-server/put-server/docker/Dockerfile
 create mode 100644 cdoc20-server/put-server/docker/application.properties
 create mode 100755 cdoc20-server/put-server/docker/docker-entrypoint.sh
 create mode 100644 cdoc20-server/put-server/pom.xml
 create mode 100644 cdoc20-server/put-server/src/main/java/ee/cyber/cdoc20/server/Cdoc20PutServerApplication.java
 create mode 100644 cdoc20-server/put-server/src/main/java/ee/cyber/cdoc20/server/api/CapsuleValidator.java
 create mode 100644 cdoc20-server/put-server/src/main/java/ee/cyber/cdoc20/server/api/CreateKeyCapsuleApi.java
 create mode 100644 cdoc20-server/put-server/src/test/java/ee/cyber/cdoc20/server/CreateKeyCapsuleTests.java
 create mode 100644 cdoc20-server/put-server/src/test/resources/application.properties
 create mode 100644 cdoc20-server/put-server/src/test/resources/logback.xml
 create mode 100644 cdoc20-server/server-common/pom.xml
 create mode 100644 cdoc20-server/server-common/src/main/java/ee/cyber/cdoc20/server/GlobalExceptionHandler.java
 create mode 100644 cdoc20-server/server-common/src/main/java/ee/cyber/cdoc20/server/MonitoringUtil.java
 create mode 100644 cdoc20-server/server-common/src/main/java/ee/cyber/cdoc20/server/RegisteredEndpointsLogger.java
 create mode 100644 cdoc20-server/server-common/src/main/java/ee/cyber/cdoc20/server/SystemTimeInfoContributor.java
 create mode 100644 cdoc20-server/server-common/src/main/java/ee/cyber/cdoc20/server/Utils.java
 create mode 100644 cdoc20-server/server-common/src/test/java/ee/cyber/cdoc20/server/BaseIntegrationTest.java
 create mode 100644 cdoc20-server/server-common/src/test/java/ee/cyber/cdoc20/server/TestData.java
 create mode 100644 cdoc20-server/server-common/src/test/java/ee/cyber/cdoc20/server/TestingConfiguration.java
 create mode 100644 cdoc20-server/server-common/src/test/java/ee/cyber/cdoc20/server/UtilsTest.java
 create mode 100644 cdoc20-server/server-db/liquibase.properties
 create mode 100644 cdoc20-server/server-db/pom.xml
 create mode 100644 cdoc20-server/server-db/src/main/java/ee/cyber/cdoc20/server/model/db/KeyCapsuleDb.java
 create mode 100644 cdoc20-server/server-db/src/main/java/ee/cyber/cdoc20/server/model/db/KeyCapsuleRepository.java
 create mode 100644 cdoc20-server/server-db/src/main/resources/db/changelog/changes/001-initial-state.sql
 create mode 100644 cdoc20-server/server-db/src/main/resources/db/changelog/db.changelog-master.yaml
 create mode 100644 cdoc20-server/server-db/src/main/resources/db/liquibase.properties.docker
 create mode 100644 checkstyle-suppressions.xml
 create mode 100644 checkstyle.xml
 create mode 100644 docker/README.md
 create mode 100644 docker/docker-compose.yml
 create mode 100644 gatling-tests/.gitignore
 create mode 100644 gatling-tests/README.md
 create mode 100644 gatling-tests/pom.xml
 create mode 100644 gatling-tests/src/main/java/ee/cyber/cdoc20/server/KeyCapsuleFunctionalTests.java
 create mode 100644 gatling-tests/src/main/java/ee/cyber/cdoc20/server/KeyCapsuleLoadTests.java
 create mode 100644 gatling-tests/src/main/java/ee/cyber/cdoc20/server/TestDataGenerator.java
 create mode 100644 gatling-tests/src/main/java/ee/cyber/cdoc20/server/conf/LoadTestConfig.java
 create mode 100644 gatling-tests/src/main/java/ee/cyber/cdoc20/server/conf/LoadTestParameters.java
 create mode 100644 gatling-tests/src/main/java/ee/cyber/cdoc20/server/conf/LoadedKeyStore.java
 create mode 100644 gatling-tests/src/main/java/ee/cyber/cdoc20/server/conf/TestConfig.java
 create mode 100644 gatling-tests/src/main/java/ee/cyber/cdoc20/server/datagen/CertUtil.java
 create mode 100644 gatling-tests/src/main/java/ee/cyber/cdoc20/server/datagen/KeyStoreGenerator.java
 create mode 100644 gatling-tests/src/main/java/ee/cyber/cdoc20/server/datagen/KeyStoreUtil.java
 create mode 100644 gatling-tests/src/main/java/ee/cyber/cdoc20/server/dto/GeneratedCapsule.java
 create mode 100644 gatling-tests/src/main/java/ee/cyber/cdoc20/server/dto/KeyCapsuleRequest.java
 create mode 100644 gatling-tests/src/main/java/ee/cyber/cdoc20/server/dto/KeyCapsuleType.java
 create mode 100644 gatling-tests/src/main/java/ee/cyber/cdoc20/server/scenarios/EccKeyCapsuleScenarios.java
 create mode 100644 gatling-tests/src/main/java/ee/cyber/cdoc20/server/scenarios/KeyCapsuleScenarios.java
 create mode 100644 gatling-tests/src/main/java/ee/cyber/cdoc20/server/scenarios/RsaKeyCapsuleScenarios.java
 create mode 100644 gatling-tests/src/main/java/ee/cyber/cdoc20/server/scenarios/ScenarioIdentifiers.java
 create mode 100644 gatling-tests/src/test/resources/application.conf.sample
 create mode 100644 gatling-tests/src/test/resources/cdoc20client.p12
 create mode 100644 gatling-tests/src/test/resources/keys/gatling-ca.p12
 create mode 100644 gatling-tests/src/test/resources/keys/gatling-ca.pem
 create mode 100644 gatling-tests/src/test/resources/keys/test-clients/.gitignore
 create mode 100644 gatling-tests/src/test/resources/logback-test.xml
 create mode 100644 pom.xml
 create mode 100755 test/generate_documents.sh
 create mode 100644 test/testvectors/ec_server_ria_dev_id_card.cdoc
 create mode 100644 test/testvectors/ec_server_ria_dev_pkcs12.cdoc
 create mode 100644 test/testvectors/ec_simple.cdoc
 create mode 100644 test/testvectors/rsa_server_ria_dev_pkcs12.cdoc
 create mode 100644 test/testvectors/rsa_simple.cdoc
 create mode 100644 test/testvectors/symmetric.cdoc
 create mode 100644 test/testvectors/symmetric_longfilename.cdoc

diff --git a/.gitattributes b/.gitattributes
new file mode 100644
index 00000000..2227abb0
--- /dev/null
+++ b/.gitattributes
@@ -0,0 +1 @@
+*.bin binary
\ No newline at end of file
diff --git a/.gitignore b/.gitignore
new file mode 100644
index 00000000..2f5eabec
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1,37 @@
+# ---> Maven
+target/
+pom.xml.tag
+pom.xml.releaseBackup
+pom.xml.versionsBackup
+pom.xml.next
+release.properties
+dependency-reduced-pom.xml
+buildNumber.properties
+.mvn/timing.properties
+
+# ---> Java
+*.class
+
+# Mobile Tools for Java (J2ME)
+.mtj.tmp/
+
+# Package Files #
+*.jar
+*.war
+*.ear
+
+# virtual machine crash logs, see http://www.java.com/en/download/help/error_hotspot.xml
+hs_err_pid*
+
+# IDE project files
+/.idea/
+*.iml
+
+
+/doc/
+/cdoc20-server/src/main/resources/keystore/cdoc20server.p12
+/cdoc20-server/src/main/resources/keystore/servertruststore.jks
+/cdoc20-client/src/test/resources/test.properties
+
+/cdoc20-server/src/test/resources/test.properties
+/test/testvectors/zipbomb.cdoc
diff --git a/CHANGELOG.md b/CHANGELOG.md
new file mode 100644
index 00000000..7b740a01
--- /dev/null
+++ b/CHANGELOG.md
@@ -0,0 +1,144 @@
+# Changelog
+
+
+## [0.5.0] Jenkins pipeline updates (2023-01-31)
+
+### Features
+
+* Added Jenkins pipeline for uploading cdoc2.0 jar artifacts to RIA Nexus repository
+* Update and run key server instances also on cdoc2-keyserver-02.dev.riaint.ee host
+
+
+## [0.4.0] ChaCha Poly1305 MAC is checked before other errors are reported (2023-01-30)
+
+### Features
+
+* Rewrite tar processing/ChaCha decryption so that Poly1305 MAC is always checked (even when zlib/tar processing errors happen)
+* Added sample CDOC 2.0 containers with keys and configuration files
+* Added Unicode Right-To-Left Override (U+202E) to forbidden characters
+
+### Bug Fixes
+
+* Incomplete CDOC container file is removed, when creation of CDOC container fails
+* Remove keyserver secrets logging from CLI debug log
+
+
+## [0.3.0] (2023-01-23)
+
+### Features
+
+* client authenticate certificate revocation checks (OCSP) for get-server
+* enable monitoring endpoints, see cdoc20-server/admin-guide.md
+* only tls v1.3 is supported by servers
+* remove deprecated ecc-details API
+* gatling-tests updates
+
+### Bug Fixes
+* constraint violation in OpenAPI spec are reported as http 400 (previously http 500)
+
+
+## [0.2.0] User error codes (2022-12-16)
+
+### Features
+* Add error codes for common user errors
+* Gatling test updates
+
+## [0.1.0] Enable Posix extensions for tar (2022-12-12)
+Switch to semantic versioning
+
+### Features
+* Enable POSIX (PAX) extension for tar:
+  * support long filenames (over 100 bytes)
+  * support big file sizes (over 8GB)
+  * always use utf-8 in filenames (even, when platform default is not utf-8)
+* Synchronize flatbuffers schema files with Specification v0.7 
+
+## [0.0.13] Symmetric Key support (long term crypto) (2022-12-07)
+
+### Features
+* Symmetric Key scenario implementation
+* Added `cdoc info` cli command that lists recipients in CDOC header
+
+## [0.0.12] RSA-OAEP server scenario (2022-11-25)
+
+### Features
+* RSA-OAEP server scenario implementation
+* Client uses cdoc2-key-capsules API to create/download key capsules
+* Server configuration changes for client (single configuration file for create and decrypt `--server` configuration)
+* E-Resident certificate support (find e-resident certificate from SK LDAP)
+* Basic filename validation in container (illegal symbols and filenames)
+* CLI supports certificate and private key loading from .p12 file (PKCS12)
+
+### Bug Fixes
+* `cdoc list` command supports `--server` option
+
+## [0.0.11] RsaPublicKey  (2022-11-21)
+
+### Bug Fixes
+* Use RsaPublicKey encoding (RFC8017 RSA Public Key Syntax (A.1.1)) instead of X.509 (Java default encoding)
+
+## [0.0.10] Key server RSA support (2022-11-14)
+
+### Features
+* Added support for RSA keys in key server
+* Added support for 2 key server instances when using cdoc20-cli
+* Added key server administration manual
+
+## [0.0.9] RSA-OAEP support (2022-11-02)
+
+### Features
+* Support for creating and decrypting CDOC2 documents with RSA keys
+* Improved Recipient.KeyLabel field support in cdoc20-lib (PublicKey used for encryption is paired with keyLabel)
+* Removed cdoc20-cli -ZZ hidden feature (disable compression for payload)
+* Added additional EC infinity point (X: null, Y: null) checks and tests
+
+
+## [0.0.8] Two key capsule server instances (2022-10-31)
+
+### Features
+* The key server is composed of 2 server instances, each with its own configuration.
+* The API for creating key capsules does not require client authentication (mTLS).
+
+## [0.0.7] Minimal support for Recipient.KeyLabel field (2022-10-14)
+
+### Features
+* Minimal support for Recipient.KeyLabel in FBS header (field is present in FB header, but lib is not filling its value
+  with info from recipient certificate)
+* Upgrade flatbuffers-java to version 2.0.8
+* Move gatling-tests to main branch
+
+## [0.0.6] server scenario implementation (2022-10-11)
+
+### Features
+
+* Key exchange server implementation
+* CLI and libary support for key scenario
+* Server OpenAPI changes (more strict string format for recipient_pub_key and server_pub_key fields)
+
+## [0.0.5] PKCS11, LDAP and generated sender keys (2022-05-13)
+
+### Features
+
+* Refactor EllipticCurve code so that EC curve is created from certificate or public key. Interface support other EC curves
+  besides secp384r1. No actual support for other curves implemented yet.
+* Generate sender key pair to for recipient public key. Remove option to use pre-generated sender key pair
+* Support for decrypting with private decryption key from PKCS11 (support for id-kaart)
+* Support for downloading recipient Esteid certificate from 
+  [SK LDAP](https://www.skidsolutions.eu/repositoorium/ldap/esteid-ldap-kataloogi-kasutamine/)
+* Documentation updates
+* First version server OpenAPI specification
+
+
+### Bug Fixes
+
+* Use zlib compression instead of gzip compression
+* Delete all files, when decryption fails (last file was not deleted)
+* EllipticCurve was incorrectly created from fmkEncryption method not Details.EccPublicKey curve 
+  (no actual error as both had same byte value).
+
+
+## [0.0.4] First release (2022-04-22)
+
+### Features
+
+* Create/decrypt Cdoc2.0 files with software generated EC keys
diff --git a/README.md b/README.md
index 6cbc6894..3f811c54 100644
--- a/README.md
+++ b/README.md
@@ -2,7 +2,7 @@
 
 [CDOC 2.0](https://installer.id.ee/media/cdoc/cdoc_2_0_spetsifikatsioon_d-19-12_v1.9.pdf) reference implementation (Java)
 
-CDOC 2.0 is a new version of [CDOC](https://www.id.ee/wp-content/uploads/2020/06/sk-cdoc-1.0-20120625_en.pdf) (CDOC lib [cdoc4j](https://github.com/open-eid/cdoc4j)), featuring additional security measures with optional server backend. CDoc version are not compatible. Additional background info can be found in [CDOC 2.0](https://www.ria.ee/sites/default/files/content-editors/EID/arne.ansperi_cdoc2_eidinfopaev_20_09_22.pdf).
+CDOC 2.0 is a new version of [CDOC](https://www.id.ee/wp-content/uploads/2020/06/sk-cdoc-1.0-20120625_en.pdf) (CDOC lib [cdoc4j](https://github.com/open-eid/cdoc4j)), featuring additional security measures with optional server backend. CDoc version are not compatible. Additional background info can be found in [CDOC 2.0](https://www.ria.ee/media/2340/download).
 
 
 Current CDoc 2.0 supports five scenarios
diff --git a/cdoc20-cli/README.md b/cdoc20-cli/README.md
new file mode 100644
index 00000000..89b7c852
--- /dev/null
+++ b/cdoc20-cli/README.md
@@ -0,0 +1,295 @@
+# Building & Running
+
+## Building
+Run from cdoc20_java parent directory
+```
+mvn clean package
+```
+
+Will create `cdoc20-cli/target/cdoc20-cli-<version>.jar`
+
+## Running
+Run from cdoc20-cli directory
+
+Latest help can be seen by running:
+```
+java -jar target/cdoc20-cli-<version>.jar
+```
+
+where `<version>` must be replaced with the latest version built. Example `0.0.12-SNAPSHOT`
+
+Sample generated CDOC2 documents are located at `cdoc20_java/test/testvectors`
+
+Commands for creating and decrypting sample files using cdoc-cli are in `cdoc20_java/test/generate_documents.sh`
+
+
+### Encryption
+To create:
+- Output file `/tmp/mydoc.cdoc`
+- with generated private key
+- to recipient `keys/bob_pub.pem`
+- to encrypt file 'README.md'
+
+```
+java -jar target/cdoc20-cli-*.jar create --file /tmp/mydoc.cdoc -p keys/bob_pub.pem README.md
+```
+
+### Encryption with server scenario
+Server must be running, see cdoc20-server/README.md for starting the server
+
+To store keys in key server, specify addition `--server` option:
+
+When encrypting for est-eid card, `-r` <id-code> can be used
+```
+java -jar target/cdoc20-cli-*.jar create --server=config/localhost/localhost.properties -f /tmp/localhost_id-card.cdoc -r 37903130370 README.md
+```
+
+Optionally cdoc20-cli also supports encrypting with "soft" key or certificate
+
+Public key (`-p`)
+```
+java -jar target/cdoc20-cli-*.jar create --server=config/localhost/localhost.properties -f /tmp/localhost.cdoc -p keys/cdoc20client_pub.pem README.md
+```
+
+Certificate (`-c` option):
+```
+java -jar target/cdoc20-cli-*.jar create --server=config/localhost/localhost.properties -f /tmp/localhost.cdoc -c keys/cdoc20client-certificate.pem README.md
+```
+
+### Encryption with symmetric key
+
+Generate key with openssl (minimum length 32 bytes):
+```
+openssl rand -base64 32
+`HHeUrHfo+bCZd//gGmEOU2nA5cgQolQ/m18UO/dN1tE=`
+```
+
+Base64 encoded keys must be prefixed with 'base64,', so that key becomes "base64,HHeUrHfo+bCZd//gGmEOU2nA5cgQolQ/m18UO/dN1tE="
+
+Encrypt with generated key and label 'mylabel':
+```
+java -jar target/cdoc20-cli-*.jar create --secret "mylabel:base64,HHeUrHfo+bCZd//gGmEOU2nA5cgQolQ/m18UO/dN1tE=" -f /tmp/symmetric.cdoc README.md
+```
+
+Or clear text:
+```
+java -jar target/cdoc20-cli-*.jar create --secret "mylongpasswd:longstringthatIcanremember,butothersdon'tknow" -f /tmp/symmetric.cdoc README.md
+```
+
+Or secret read from file (so that secret is not exposed through process list)
+```
+java -jar target/cdoc20-cli-0.0.13-SNAPSHOT.jar create @keys/b64secret.option -f /tmp/symmetric.cdoc README.md
+```
+
+```
+cat keys/b64secret.option
+--secret "label_b64secret:base64,aejUgxxSQXqiiyrxSGACfMiIRBZq5KjlCwr/xVNY/B0="
+```
+
+Decryption is done with the same label and key used for encryption
+```
+java -jar target/cdoc20-cli-*.jar decrypt @keys/b64secret.option -f /tmp/symmetric.cdoc -o /tmp
+```
+
+Key and label can be safely stored in a password manager.
+
+
+
+### Decryption
+To decrypt:
+- CDOC 2.0 file `/tmp/mydoc.cdoc`
+- with decryption private EC key `keys/bob.pem`
+- to output directory `/tmp`
+
+```
+java -jar target/cdoc20-cli-*.jar decrypt --file /tmp/mydoc.cdoc -k keys/bob.pem --output /tmp
+```
+
+### Decrypting with server scenario
+Server must be running, see cdoc20-server/README.md for starting the server
+
+To decrypt CDOC document that has its keys distributed through key server, cdoc-cli must have `--server` option:
+
+Configuration for id-card (certificate for mutual TLS and private key is read from smart-card)
+```
+java -jar target/cdoc20-cli*.jar decrypt --server=config/localhost/localhost.properties -f /tmp/localhost_id-card.cdoc -o /tmp/
+```
+
+It is also possible to decrypt documents created with "soft" keys, but configuration for mutual TLS (properties file) and
+key (read separately from a file) must match. Also, server must be configured to trust client certificate used for
+mutual TLS.
+```
+java -jar target/cdoc20-cli-*.jar decrypt --server=config/localhost/localhost_pkcs12.properties -f /tmp/localhost.cdoc -k keys/cdoc20client.pem -o /tmp/
+```
+
+
+### List
+
+```
+java -jar target/cdoc20-cli-*.jar list --file /tmp/mydoc.cdoc -k keys/bob.pem
+```
+
+or
+
+```
+java -jar target/cdoc20-cli-*.jar list --server=config/localhost/localhost_pkcs12.properties -f /tmp/localhost.cdoc -k keys/cdoc20client.pem
+```
+
+### List recipients
+
+List recipients. Prints recipient types and key labels from CDOC header.
+
+```
+java -jar target/cdoc20-cli-*.jar info -f /tmp/id.cdoc
+```
+
+
+## ID-kaart (Est-id secure card)
+
+
+### Encrypting for ID-card owner
+
+cdoc20-cli can download authentication certificate (Isikutuvastus PIN1) from SK LDAP directory 
+https://www.skidsolutions.eu/repositoorium/ldap/esteid-ldap-kataloogi-kasutamine/
+
+To create cdoc for recipient with id code 37101010021 use:
+```
+java -jar target/cdoc20-cli-*.jar create --file /tmp/mydoc.cdoc -r 37101010021 README.md
+```
+
+
+### Decrypting with ID-card
+
+To decrypt:
+- CDOC file mydoc.cdoc
+- use private key from ID-card slot 0 (Isikutuvastus PIN1)
+- Decrypt files from cdoc file into current directory
+```
+java -jar target/cdoc20-cli-*.jar decrypt -f mydoc.cdoc
+```
+
+### Certificate extraction
+
+* Run DigiDoc4 client
+* Crypto -> Add file (choose random file)
+* Recipients -> Certificate from card -> click on certificate -> Show Certificate -> Save
+
+Saved certificate will be .cer file (same as der)
+
+or
+
+* Run DigiDoc4 client
+* Crypto -> Add file (choose random file)
+* Recipients -> Enter personal code -> Search -> Show Certificate -> Save
+
+
+### Encrypting documents with certificate
+
+To create:
+- Output file `/tmp/mydoc.cdoc`
+- with generated private key
+- to recipient with certificate `keys/37101010021.cer` (DER or PEM formats are supported)
+- to encrypt file 'README.md'
+
+```
+java -jar target/cdoc20-cli-*.jar create --file /tmp/mydoc.cdoc -c keys/37101010021.cer README.md
+```
+
+
+### Troubleshooting ID-card
+
+Verify that DigiDoc4 client is running and can access ID-card
+
+cdoc20-cli will try to configure itself automatically. If OpenSC library is installed to non-standard location, then
+specify its location by setting 'pkcs11-library' property:
+
+```
+java -jar target/cdoc20-cli-*.jar decrypt -Dpkcs11-library=/usr/lib/x86_64-linux-gnu/opensc-pkcs11.so -f mydoc.cdoc
+```
+
+More tips for debugging ID-card related issues are provided in cdoc20-lib/pkcs11.README file
+
+
+## Other configuration options
+
+Set with -D option
+
+```
+java -jar target/cdoc20-cli-*.jar decrypt -Dee.cyber.cdoc20.overwrite=false -f mydoc.cdoc
+```
+
+#### pkcs11-library
+PKCS11 library location. Default is platform specific
+
+Common OpenSC library locations:
+
+* For Windows, it could be C:\Windows\SysWOW64\opensc-pkcs11.dll
+* For Linux, it could be /usr/lib/x86_64-linux-gnu/opensc-pkcs11.so
+* For OSX, it could be /usr/local/lib/opensc-pkcs11.so
+
+## SafeNet eToken support
+
+Requirements:
+* OpenSC is installed
+* SafeNet Authentication Client (provides the pkcs11 library) is installed.
+  See https://knowledge.digicert.com/generalinformation/INFO1982.html for details.
+* Create an OpenSC configuration file `opensc-safenet.cfg` for the USB device in the following format
+
+```
+name=SafeNet-eToken
+library=/usr/lib/libeToken.so
+slot=1
+```
+
+To find the slot for the SafeNet eToken, execute:
+
+```
+pkcs11-tool --module /usr/lib/libeToken.so -L
+```
+
+List entries on the eToken device:
+
+```
+keytool -providerclass sun.security.pkcs11.SunPKCS11 -providerarg opensc-safenet.cfg -storetype PKCS11 -storepass YOUR-SAFENET-PIN -list
+```
+
+Export Certificate from the SafeNet eToken device:
+
+```
+keytool -providerclass sun.security.pkcs11.SunPKCS11 -providerarg opensc-safenet.cfg -storetype PKCS11 -storepass YOUR-SAFENET-PIN -alias YOUR_ENTRY_ALIAS -exportcert -rfc -file etoken-cert.pem
+```
+
+Encrypt certificate as described in the "Encrypting documents with certificate" section.
+
+List files encrypted for the eToken device by specifying pkcs11 library, slot and key alias:
+
+```
+java -jar target/cdoc20-cli-*.jar list -f file-for-etoken.cdoc -Dpkcs11-library=/usr/lib/libeToken.so -s 2 -a cdoc2-test
+```
+
+Decrypt files encrypted for the eToken device by specifying pkcs11 library, slot and key alias:
+
+```
+java -jar target/cdoc20-cli-*.jar decrypt -f file-for-etoken.cdoc -Dpkcs11-library=/usr/lib/libeToken.so -s 2 -a cdoc2-test
+```
+
+#### ee.cyber.cdoc20.overwrite 
+When decrypting, is overwriting files allowed. Default is false
+
+#### ee.cyber.cdoc20.maxDiskUsagePercentage
+default 98.0
+
+Decrypting will be stopped if disk usage is over  maxDiskUsagePercentage
+
+
+#### ee.cyber.cdoc20.tarEntriesThreshold
+default 1000
+
+Decrypting will be stopped if container contains over tarEntriesThreshold entries (files)
+
+
+#### ee.cyber.cdoc20.compressionThreshold
+default 10.0
+
+Decrypting will be stopped if compressed file compression ratio is over compressionThreshold
+
diff --git a/cdoc20-cli/config/localhost/localhost.properties b/cdoc20-cli/config/localhost/localhost.properties
new file mode 100644
index 00000000..fcab3524
--- /dev/null
+++ b/cdoc20-cli/config/localhost/localhost.properties
@@ -0,0 +1,30 @@
+# Client configuration where keys and certificates are read from smart-card (PKCS11 configuration)
+# java -jar target/cdoc20-cli-0.0.12-SNAPSHOT.jar create --server=config/localhost/localhost.properties -f /tmp/localhost_id-card.cdoc -r 37903130370 README.md
+
+# java -jar target/cdoc20-cli-0.0.10-SNAPSHOT.jar decrypt --server=config/localhost/localhost.properties -f /tmp/localhost_id-card.cdoc -o /tmp/
+
+cdoc20.client.server.id=localhost
+# capsules created over TLS (no client auth required)
+cdoc20.client.server.base-url.post=https://localhost:8443
+# Querying capsules requires mTLS
+cdoc20.client.server.base-url.get=https://localhost:8444
+cdoc20.client.server.debug=true
+
+# trusted certificates by client
+cdoc20.client.ssl.trust-store.type=JKS
+#specify trust store jks as file in classpath
+#cdoc20.client.ssl.trust-store=classpath:keystore/clienttruststore.jks
+#or path (full or relative)
+cdoc20.client.ssl.trust-store=../cdoc20-server/keys/clienttruststore.jks
+cdoc20.client.ssl.trust-store-password=passwd
+
+# mutual TLS with cert from smart-card (EST-ID certificates are trusted by the server)
+# Only required for get server
+cdoc20.client.ssl.client-store.type=PKCS11
+# if ssl.client-store-password.prompt is set, then ask user interactively
+cdoc20.client.ssl.client-store-password.prompt=PIN1
+# otherwise use password value
+#cdoc20.client.ssl.client-store-password=3471
+
+#PKCS11 library location, if not found in default location
+#pkcs11-library=/usr/lib/x86_64-linux-gnu/opensc-pkcs11.so
diff --git a/cdoc20-cli/config/localhost/localhost_pkcs12.properties b/cdoc20-cli/config/localhost/localhost_pkcs12.properties
new file mode 100644
index 00000000..5a2b2c49
--- /dev/null
+++ b/cdoc20-cli/config/localhost/localhost_pkcs12.properties
@@ -0,0 +1,21 @@
+# key server listening on localhost, mutual TLS with private key/certificate  (P12) read from file
+# See cdoc20-server/README.md how to start the server
+
+# server.id is written to cdoc header. Must have configuration on recipient side
+cdoc20.client.server.id=localhost
+# capsules can be created over TLS (no client auth required)
+cdoc20.client.server.base-url.post=https://localhost:8443
+# Quering capsules requires mTLS
+cdoc20.client.server.base-url.get=https://localhost:8444
+cdoc20.client.server.debug=true
+
+# trusted certificates by client
+cdoc20.client.ssl.trust-store.type=JKS
+cdoc20.client.ssl.trust-store=../cdoc20-server/keys/clienttruststore.jks
+cdoc20.client.ssl.trust-store-password=passwd
+
+
+# client private key and certificate for mutual TLS (if required by server)
+cdoc20.client.ssl.client-store.type=PKCS12
+cdoc20.client.ssl.client-store=../cdoc20-server/keys/cdoc20client.p12
+cdoc20.client.ssl.client-store-password=passwd
diff --git a/cdoc20-cli/config/localhost/localhost_pkcs12_rsa.properties b/cdoc20-cli/config/localhost/localhost_pkcs12_rsa.properties
new file mode 100644
index 00000000..b2612dc9
--- /dev/null
+++ b/cdoc20-cli/config/localhost/localhost_pkcs12_rsa.properties
@@ -0,0 +1,22 @@
+# localhost client configuration for RSA keys
+# java -jar target/cdoc20-cli-0.0.12-SNAPSHOT.jar create --server=config/localhost/localhost_pkcs12_rsa.properties -f /tmp/localhost_rsa.cdoc -c ../cdoc20-server/keys/rsa/client-rsa-2048-cert.pem README.md
+# java -jar target/cdoc20-cli-0.0.12-SNAPSHOT.jar decrypt --server=config/localhost/localhost_pkcs12_rsa.properties -f /tmp/localhost_rsa.cdoc -p12 ../cdoc20-server/keys/rsa/client-rsa-2048.p12:passwd  -o /tmp/
+
+# server.id is written to cdoc header. Must have configuration on recipient side
+cdoc20.client.server.id=localhost
+# capsules can be created over TLS (no client auth required)
+cdoc20.client.server.base-url.post=https://localhost:8443
+# Quering capsules requires mTLS
+cdoc20.client.server.base-url.get=https://localhost:8444
+cdoc20.client.server.debug=true
+
+# trusted certificates by client
+cdoc20.client.ssl.trust-store.type=JKS
+cdoc20.client.ssl.trust-store=../cdoc20-server/keys/clienttruststore.jks
+cdoc20.client.ssl.trust-store-password=passwd
+
+
+# client private key and certificate for mutual TLS
+cdoc20.client.ssl.client-store.type=PKCS12
+cdoc20.client.ssl.client-store=../cdoc20-server/keys/rsa/client-rsa-2048.p12
+cdoc20.client.ssl.client-store-password=passwd
diff --git a/cdoc20-cli/keys/37101010021_cert.cer b/cdoc20-cli/keys/37101010021_cert.cer
new file mode 100644
index 0000000000000000000000000000000000000000..4754a1a7f4b8975a672de803452177b41feb6ab4
GIT binary patch
literal 1602
zcmZ8hc~BE)6whv!00NOCO$3C*a8x13w+RSnBO*kuF=7H(PzEDxa81Z+HsP{XgPNAo
zB93@aZMj;DfEB3>tu2D1pjM1WsT>`x&d4!S9O{8mZHHz-uy*#3-S_Q#@ArG}{oV(P
z87n|B5?D=#AsBW|_w^rjmt7#z>Gn)XDQgtCFdTy{ah4Y@5aeV>16tGxI5Oxd2*U%G
z%TYeyQN}!H&nOj7g&B;v1~-xzX25fCQj3vV6Nz%bJCu*wnW;!t%H={7goT6wRElze
z5A}oY%ubf8l6i!NXM4%xV}z<io&=zwz?b8KhM_13N2O8_8j{X&kw|Q2m;?=t2#rVw
z<|A*jnQvn|&4w|PXcpSZnW;7zw_tiBo~1V8gdX(={26HPuJ)+-#I>oa#CSn`>{_Kj
z8ioSu0X8HL;6`~N&hy@Qp)SCQIt+3~D1Vd%+$qz}!|6YfAP=}Q>}`Fs%3z3L7i>mo
zeEMb@GPHHw<F+dcgUbc&4Lg{%Nq%*`iUjE|k5iH3o?c@=kMI2RT185KWRqd^<<cwP
zxaoseE=($NY=Z(qxAeIw{L7wqp7y#`d!jFQWPbauwv0M!q435lr^GwAq3>JW$7?$3
zis1}U45v+x$j1YL0Sz#1^nB(+&=i8uVfx3wTtXf25VINV0wlvRm;oV>l}m?!28bCB
zHq*||9){R{Ta3nS<T9~1KR;hYYDE|(HelNb5;qcr0XOA}qmxuXIu`(gcbx;GaJ@-q
z<QXy2NC^Pbk|N$(y{?d_Aq+F8`Wz8(U@#Ec{vrsT9)gb>;tf2_96X0Gh>Fy>mdGQu
z_)3h*VFR7khz}ECBdk>JP`qW|=a_<BY+B<VMECDKuoI|f89;O-1*pI}DtXyz$PUB;
zIXiN;h?xQ~{ag)(LU9(M&&DY^kU|?jp^3zVghrS(qhgy-Fj8z2xnf%4J^@q**?=_*
zM~COW5WuBc>W3@<?A@&R&L=Su*ssS{FLw#wwCBtn;bO}PVBRz94M9jgFag1=4Im4T
zB57;18dr<5v0UPHw`~o;@a*YDkk5I;mWa1YGHufl>TIzF*V*V&dz49NGUxUvlM1&b
zHHfkdMi52O<RZ&JI9OU8QZ2E7*T`>1oMq6F;u&NyHO9<0ENm%s|GN(8#V|zEPjLN8
zg}zUei<b0V{^a~Xnb=p5KR9x}9z84g0dAOAKG|4bC13r1$e1qe0jJ!7e_b>(mKnN1
z;0H%a&Lz2TFBmVqh*mfERz&af*2N6c56Y|!KY6{{omaE!rNc?b9!V;`D!Odb`r}J?
zX8eO6%F=|kH&=YE9KL^vwRLBr7r&#cZR3PBXKJA9@Y&J2$jKvXPCBO18tbjkTqo+k
zN?{kCrX6gxkBjMgEc&ivLG^}PMA68@n}>J&F}jBpSrt@mIoB*Ms7>mYJxMk=l`9uj
zW&VAn=221e68#6kB`vypohQueP51KJwikR+7}XJX`{KPzg2Yx%;+e3Zo*hF+U5~=~
zPp?J~ms;vthr>4~vAb(3=y9EY#U`{rEBdIv`}g3URejgeHpczN_biyWEF%vzRh2ES
z^6_pg8QH7It=TXcpuG!w%472$T<k6=uRP0?wM?~iJgXcYeN`~YUx)K+*Dr5xlE${}
z{WM~tR>?)U1KBqYq@7P7I5}O+g@f6G!#DT8@EEz;lBSaB+I<37bk%&u-95gUdEpUM
zM>J>LZ|r^gyyCits=vuW%aTsDxs-hS<LPSCwJU*76;u6(DrKi?E0&v2DeW0Lj&^Yz
yDV022aa8c-do7U;cT2HAy=LtBpf&nf=|IDWbhV=L)E#S2P~cEPq0;p-+4?Uy_$O2V

literal 0
HcmV?d00001

diff --git a/cdoc20-cli/keys/37101010021_cert.pem b/cdoc20-cli/keys/37101010021_cert.pem
new file mode 100644
index 00000000..94b04a4a
--- /dev/null
+++ b/cdoc20-cli/keys/37101010021_cert.pem
@@ -0,0 +1,36 @@
+-----BEGIN CERTIFICATE-----
+MIIGPjCCBCagAwIBAgIQWh4k6BI9wW9aAwcOMosU6DANBgkqhkiG9w0BAQsFADBr
+MQswCQYDVQQGEwJFRTEiMCAGA1UECgwZQVMgU2VydGlmaXRzZWVyaW1pc2tlc2t1
+czEXMBUGA1UEYQwOTlRSRUUtMTA3NDcwMTMxHzAdBgNVBAMMFlRFU1Qgb2YgRVNU
+RUlELVNLIDIwMTUwHhcNMTcxMTA4MTMzMDU0WhcNMjIxMTA3MjE1OTU5WjCBlzEL
+MAkGA1UEBhMCRUUxDzANBgNVBAoMBkVTVEVJRDEXMBUGA1UECwwOYXV0aGVudGlj
+YXRpb24xJDAiBgNVBAMMG8W9QUlLT1ZTS0ksSUdPUiwzNzEwMTAxMDAyMTETMBEG
+A1UEBAwKxb1BSUtPVlNLSTENMAsGA1UEKgwESUdPUjEUMBIGA1UEBRMLMzcxMDEw
+MTAwMjEwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAATlalHxt8gcK5Asvap7DqJQI6PU
+Tkoz0/FWBJwZGuzK733wy5RV2D+scuj6NsinEW4rQBxQegm3ASU1aNcRTiSO9sCv
+GtGiptdt5w+9f7ddo855Lc/7C0vW0gG4tRLvob+jggJdMIICWTAJBgNVHRMEAjAA
+MA4GA1UdDwEB/wQEAwIDiDCBiQYDVR0gBIGBMH8wcwYJKwYBBAHOHwMBMGYwLwYI
+KwYBBQUHAgEWI2h0dHBzOi8vd3d3LnNrLmVlL3JlcG9zaXRvb3JpdW0vQ1BTMDMG
+CCsGAQUFBwICMCcMJUFpbnVsdCB0ZXN0aW1pc2Vrcy4gT25seSBmb3IgdGVzdGlu
+Zy4wCAYGBACPegECMCIGA1UdEQQbMBmBF2lnb3IuemFpa292c2tpQGVlc3RpLmVl
+MB0GA1UdDgQWBBRWH+VJhoWaZU4WgnVNJCoDJNSRfTBhBggrBgEFBQcBAwRVMFMw
+UQYGBACORgEFMEcwRRY/aHR0cHM6Ly9zay5lZS9lbi9yZXBvc2l0b3J5L2NvbmRp
+dGlvbnMtZm9yLXVzZS1vZi1jZXJ0aWZpY2F0ZXMvEwJFTjAgBgNVHSUBAf8EFjAU
+BggrBgEFBQcDAgYIKwYBBQUHAwQwHwYDVR0jBBgwFoAUScDyRDll1ZtGOw04YIOx
+1i0ohqYwgYMGCCsGAQUFBwEBBHcwdTAsBggrBgEFBQcwAYYgaHR0cDovL2FpYS5k
+ZW1vLnNrLmVlL2VzdGVpZDIwMTUwRQYIKwYBBQUHMAKGOWh0dHBzOi8vc2suZWUv
+dXBsb2FkL2ZpbGVzL1RFU1Rfb2ZfRVNURUlELVNLXzIwMTUuZGVyLmNydDBBBgNV
+HR8EOjA4MDagNKAyhjBodHRwOi8vd3d3LnNrLmVlL2NybHMvZXN0ZWlkL3Rlc3Rf
+ZXN0ZWlkMjAxNS5jcmwwDQYJKoZIhvcNAQELBQADggIBAG71HyOLLR7yUiEp18eK
+vtmOLx4sd9rnvqgxtCy5AqoKkPirqJ9FRlg07GxZ4ReQCCLNLufsXzVbLCMCPzK6
+UBJxeO+LwzGgsNSUQ4UbbETaA5M9zqq8GvuAdqFC+gipCcwyVmlCQ45gV5w2fV39
+aZVjZjW9sJSlUubgxBRqfUsaIr/Ft1z1zmf/2cWWtOijP/iXTakJWQCrqM70EPWo
+pFUWea8Ak7UHSETF8S6zvxigW9Fveufk0JZ76+iDFD+fKqCGurAveKJQxj3yVHIL
+kFIhn1/8l6HterApbnwribJs3sCmgVd13na3cXideUG/SNLD3sQsS7UXS7E3Ksx7
+5ZgQmAJ388lD5ouGo7XmOGJQFsahlANIwPlHSr30eofYxt8rzELXy1lcSNsiGXj1
+xz1zkayfjiifHRurieeETm2hW/gla90CGUVHduHDxniQmbQOPbL/sr/0mebo+3j4
+IlFpIqJXO72sM0e3hIw59aJSHwQf2WTPkVm+Sm8XZ8UOHNpkLJbQj/cT58myWVM9
+bL0dJj7FoY0fgO9iDsHtAaNvsF3gq9Tz9pTNE1PYrAhrFDP/tw2JrruvoHXLyCbz
+Tv/YlZk9raKUO4GtUgcGbBdrKEhzMzLkPpgsnjyyPwjdi2Umbmbs9trOQ5uL2ap+
+A2FOma3WzswqJuVKeVIQx3O1
+-----END CERTIFICATE-----
diff --git a/cdoc20-cli/keys/README.md b/cdoc20-cli/keys/README.md
new file mode 100644
index 00000000..5dce32ea
--- /dev/null
+++ b/cdoc20-cli/keys/README.md
@@ -0,0 +1,95 @@
+This directory contains pre-generate EC keys and downloaded id-card certificates.
+
+## Convert X509 Certificate DER to PEM
+.der and .cer are the same binary format. 
+```
+openssl x509 -inform der -in 37101010021.der -out 37101010021.pem
+```
+
+## Print X509 cert info
+```
+openssl x509 -in 37101010021.pem -text
+```
+
+## Generating EC keys
+
+Generate an EC private key, of size 384, and output it to a file named key.pem:
+```
+openssl ecparam -name secp384r1 -genkey -noout -out key.pem
+```
+
+```
+cat key.pem
+-----BEGIN EC PRIVATE KEY-----
+MIGkAgEBBDBh1UAT832Nh2ZXvdc5JbNv3BcEZSYk90esUkSPFmg2XEuoA7avS/kd
+4HtHGRbRRbagBwYFK4EEACKhZANiAASERl1rD+bm2aoiuGicY8obRkcs+jt8ks4j
+C1jD/f/EQ8KdFYrJ+KwnM6R8rIXqDnUnLJFiF3OzDpu8TUjVOvdXgzQL+n67QiLd
+yerTE6f5ujIXoXNkZB8O2kX/3vADuDA=
+-----END EC PRIVATE KEY-----
+```
+
+Extract the public key from the key pair, which can be used in a certificate:
+```
+openssl ec -in key.pem -pubout -out public.pem
+```
+
+```
+cat public.pem
+-----BEGIN PUBLIC KEY-----
+MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEhEZdaw/m5tmqIrhonGPKG0ZHLPo7fJLO
+IwtYw/3/xEPCnRWKyfisJzOkfKyF6g51JyyRYhdzsw6bvE1I1Tr3V4M0C/p+u0Ii
+3cnq0xOn+boyF6FzZGQfDtpF/97wA7gw
+-----END PUBLIC KEY-----
+```
+
+
+### Print key info
+```
+openssl ec -in key.pem -text -noout
+```
+```
+read EC key
+Private-Key: (384 bit)
+priv:
+    61:d5:40:13:f3:7d:8d:87:66:57:bd:d7:39:25:b3:
+    6f:dc:17:04:65:26:24:f7:47:ac:52:44:8f:16:68:
+    36:5c:4b:a8:03:b6:af:4b:f9:1d:e0:7b:47:19:16:
+    d1:45:b6
+pub:
+    04:84:46:5d:6b:0f:e6:e6:d9:aa:22:b8:68:9c:63:
+    ca:1b:46:47:2c:fa:3b:7c:92:ce:23:0b:58:c3:fd:
+    ff:c4:43:c2:9d:15:8a:c9:f8:ac:27:33:a4:7c:ac:
+    85:ea:0e:75:27:2c:91:62:17:73:b3:0e:9b:bc:4d:
+    48:d5:3a:f7:57:83:34:0b:fa:7e:bb:42:22:dd:c9:
+    ea:d3:13:a7:f9:ba:32:17:a1:73:64:64:1f:0e:da:
+    45:ff:de:f0:03:b8:30
+ASN1 OID: secp384r1
+NIST CURVE: P-384
+```
+
+
+PEM files can also be decoded with online ASN.1 Decoder - for example https://holtstrom.com/michael/tools/asn1decoder.php
+decodes `key.pem` as following:
+```
+SEQUENCE {
+   INTEGER 0x01 (1 decimal)
+   OCTETSTRING 61d54013f37d8d876657bdd73925b36fdc1704652624f747ac52448f1668365c4ba803b6af4bf91de07b471916d145b6
+   [0] {
+      OBJECTIDENTIFIER 1.3.132.0.34 (P-384)
+   }
+   [1] {
+      BITSTRING 0x0484465d6b0fe6e6d9aa22b8689c63ca1b46472cfa3b7c92ce230b58c3fdffc443c29d158ac9f8ac2733a47cac85ea0e75272c91621773b30e9bbc4d48d53af75783340bfa7ebb4222ddc9ead313a7f9ba3217a17364641f0eda45ffdef003b830 : 0 unused bit(s)
+   }
+}
+```
+and `public.pem`:
+```
+SEQUENCE {
+   SEQUENCE {
+      OBJECTIDENTIFIER 1.2.840.10045.2.1 (ecPublicKey)
+      OBJECTIDENTIFIER 1.3.132.0.34 (P-384)
+   }
+   BITSTRING 0x0484465d6b0fe6e6d9aa22b8689c63ca1b46472cfa3b7c92ce230b58c3fdffc443c29d158ac9f8ac2733a47cac85ea0e75272c91621773b30e9bbc4d48d53af75783340bfa7ebb4222ddc9ead313a7f9ba3217a17364641f0eda45ffdef003b830 : 0 unused bit(s)
+}
+```
+
diff --git a/cdoc20-cli/keys/alice.pem b/cdoc20-cli/keys/alice.pem
new file mode 100644
index 00000000..89031711
--- /dev/null
+++ b/cdoc20-cli/keys/alice.pem
@@ -0,0 +1,6 @@
+-----BEGIN EC PRIVATE KEY-----
+MIGkAgEBBDAlhCJUAcquXTQoZ73awJa7izsXqUhjcPxXP0ybTDFJYuGMeJ5qCGRw
+0RHaMUEJIPagBwYFK4EEACKhZANiAASV2VitdXFvs7OYIsnXMxe5I0boJlg4/shi
+FW6PgwFWgARITC7ABMOmYKC4I9KRMVNhwU42287/N+IOt2GtEHvL1OmfJvI9283o
+wiYVMt6Qq/6Fv4kO3IXqSVsV1ylA4jQ=
+-----END EC PRIVATE KEY-----
diff --git a/cdoc20-cli/keys/alice_pub.pem b/cdoc20-cli/keys/alice_pub.pem
new file mode 100644
index 00000000..2895eabe
--- /dev/null
+++ b/cdoc20-cli/keys/alice_pub.pem
@@ -0,0 +1,5 @@
+-----BEGIN PUBLIC KEY-----
+MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEldlYrXVxb7OzmCLJ1zMXuSNG6CZYOP7I
+YhVuj4MBVoAESEwuwATDpmCguCPSkTFTYcFONtvO/zfiDrdhrRB7y9TpnybyPdvN
+6MImFTLekKv+hb+JDtyF6klbFdcpQOI0
+-----END PUBLIC KEY-----
diff --git a/cdoc20-cli/keys/bob.pem b/cdoc20-cli/keys/bob.pem
new file mode 100644
index 00000000..e370ef18
--- /dev/null
+++ b/cdoc20-cli/keys/bob.pem
@@ -0,0 +1,6 @@
+-----BEGIN EC PRIVATE KEY-----
+MIGkAgEBBDAFxoHAdX8mU9cjiXOy46Gljmongxto0nHwRQs5cb93vIcysAaYLmhL
+mH4DPqnSXJWgBwYFK4EEACKhZANiAAR5Yacpp5H4aBAIxkDtdBXcw/BFyMNEQu4B
+LqnEv1cUVHROnhw3hAW63F3H2PI93ZzB/BT6+C+gOLt3XkCT/H3C9X1ZktCd5lS2
+BmC8zN4UciwrTb68gt4ylKUCd5g30KY=
+-----END EC PRIVATE KEY-----
diff --git a/cdoc20-cli/keys/bob_pub.pem b/cdoc20-cli/keys/bob_pub.pem
new file mode 100644
index 00000000..4c75832c
--- /dev/null
+++ b/cdoc20-cli/keys/bob_pub.pem
@@ -0,0 +1,5 @@
+-----BEGIN PUBLIC KEY-----
+MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEeWGnKaeR+GgQCMZA7XQV3MPwRcjDRELu
+AS6pxL9XFFR0Tp4cN4QFutxdx9jyPd2cwfwU+vgvoDi7d15Ak/x9wvV9WZLQneZU
+tgZgvMzeFHIsK02+vILeMpSlAneYN9Cm
+-----END PUBLIC KEY-----
diff --git a/cdoc20-cli/keys/cdoc20client-certificate.pem b/cdoc20-cli/keys/cdoc20client-certificate.pem
new file mode 100644
index 00000000..43c38b1f
--- /dev/null
+++ b/cdoc20-cli/keys/cdoc20client-certificate.pem
@@ -0,0 +1,15 @@
+-----BEGIN CERTIFICATE-----
+MIICWTCCAd+gAwIBAgIJAIGzuV1v0kYtMAoGCCqGSM49BAMEMHQxCzAJBgNVBAYT
+AkVFMRAwDgYDVQQIEwdVbmtub3duMRAwDgYDVQQHEwdVbmtub3duMRcwFQYDVQQK
+Ew5DeWJlcm5ldGljYSBBUzEQMA4GA1UECxMHVW5rbm93bjEWMBQGA1UEAxMNY2Rv
+YzIwLWNsaWVudDAeFw0yMjA1MDIxMTQ5MjZaFw0yMjA3MzExMTQ5MjZaMHQxCzAJ
+BgNVBAYTAkVFMRAwDgYDVQQIEwdVbmtub3duMRAwDgYDVQQHEwdVbmtub3duMRcw
+FQYDVQQKEw5DeWJlcm5ldGljYSBBUzEQMA4GA1UECxMHVW5rbm93bjEWMBQGA1UE
+AxMNY2RvYzIwLWNsaWVudDB2MBAGByqGSM49AgEGBSuBBAAiA2IABFR25IttEoB7
+fwzJi5KOaVMTNrfGgXlC/SilElVubX8hmGL4orYq/oP5jP6dERD7Fnw4XUk7SQgr
+j70moX9K+3CISafQVEvEjhhgljBLV9jSiZuB2twrkmBN7ihLGig7e6M9MDswHQYD
+VR0OBBYEFGZcVZHppMn0R9RJOpYYE3VbPnz6MBoGA1UdEQQTMBGHBH8AAAGCCWxv
+Y2FsaG9zdDAKBggqhkjOPQQDBANoADBlAjEA3d+oUUShWb2DHPpyIY4y6/Fk25ow
+Dy5oHThaRh5/6GY0APVFIp/kd6lm3fY/JmORAjAO7+sHJ2fsUzNq5o1cPK65roDJ
+glqz1a3PNEiYGQJhduVaJ5Qqu4GeyxmWr4oiw+U=
+-----END CERTIFICATE-----
diff --git a/cdoc20-cli/keys/cdoc20client.pem b/cdoc20-cli/keys/cdoc20client.pem
new file mode 100644
index 00000000..efa4dc00
--- /dev/null
+++ b/cdoc20-cli/keys/cdoc20client.pem
@@ -0,0 +1,4 @@
+-----BEGIN EC PRIVATE KEY-----
+MD4CAQEEMNLrqy74Rn1LO3dAuhBuqV6ucTqJXY/8/6DD1ESBkTy46XKKHVuZmy2K
+pSsqr4gWhaAHBgUrgQQAIg==
+-----END EC PRIVATE KEY-----
diff --git a/cdoc20-cli/keys/cdoc20client_pub.pem b/cdoc20-cli/keys/cdoc20client_pub.pem
new file mode 100644
index 00000000..55205da4
--- /dev/null
+++ b/cdoc20-cli/keys/cdoc20client_pub.pem
@@ -0,0 +1,5 @@
+-----BEGIN PUBLIC KEY-----
+MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEVHbki20SgHt/DMmLko5pUxM2t8aBeUL9
+KKUSVW5tfyGYYviitir+g/mM/p0REPsWfDhdSTtJCCuPvSahf0r7cIhJp9BUS8SO
+GGCWMEtX2NKJm4Ha3CuSYE3uKEsaKDt7
+-----END PUBLIC KEY-----
diff --git a/cdoc20-cli/keys/rsa_priv.pem b/cdoc20-cli/keys/rsa_priv.pem
new file mode 100644
index 00000000..dbaa7c72
--- /dev/null
+++ b/cdoc20-cli/keys/rsa_priv.pem
@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEogIBAAKCAQEAs18v09QVTnzSTRrFnVhkxDWM2rSHOua2rPz60CVazfOk5Vv9
+Jo4Nq6Uzo3yWS4DZ+3JgO5iRntFeI0NWZGsPGbMWGWKlb4OYlbK0gnBdwsi4LS6L
+nRx7CfYKxOicL5akXqDP2NCoytHFG8QePPE1XAHC7pHyC+hEa7Hggol6sdbEWOK7
+WLCmIjmJ+gJx2O3bg433ad0LX6swvclGNbe0z+YagmYsu4ChfwY9Be6oVRvQzFEH
+OKh+tEibyutdFJ9fioyMjjZtL6lEx5xKUJ18d4efC9apvJ810wRkMDqwR203HEJr
+kRnBg9RtkVPNzOMl8eH6eUdS/oDW5eysnKbtrwIDAQABAoIBAD8N0QRH442Jt2u/
+Y4RiVFnc8TzYhUkhXUoGTCzrVLZdVbQC2ES7Xvbdxf9MhpDYJMiNdmK8yUPpGYyP
+2UjHkbFZEQWvdbRzsCm/flD0KyGT6ZqIaC+8mUvxH+wEURMxg2p4YVg4UX2qq/2M
+vYxyxm0neVzgFRQ2fAbXqrJ4nZbx75KAU8Vepyn1zUHbyjwnaxly+rjiEkTujtrV
++/FjAwZQ/mnoS0GbMlX6DKfMm6+wJW0ZYZKoqkaCuMPMT+msn2x3DPVgbwm8OO/V
+Qari5g8XwB+b9R5dWnli9dGyW9jFzQ/rhkgni0Z3hVc4lP/6WWbfxwRmAXFjIVyf
+PeavBsECgYEA4N/aivOA3YLUVBlKojUf3deBM6FvPuvELfhSCNVfotIwSsT2krP4
+NKR56PvbScNopdnaXgw1SrmWLZjEQy16cv8DL3a7o70HjSiHn15GZSqt1pBkBKuc
+9fj7JhvWCyNIqcAguchSQS4gf1GrvgIQUvBahIo3vJbdkOpmnfO7QrECgYEAzDMB
+OtgO/0PX5VGr9u7K9Fm7ER/fQym7L+pTigMgFUP15dfO4srbHzYyPyws+jOazDbF
+huGeX8rQqdFJtRgkfVLFVK+taK6UFh4tspzFW1QTX+cIt2XVR9gb4Aq+8mbodb0c
+feT70sOXqeaxrqqgwpdI20B04xALyQTUMQqbjl8CgYAZyhJqNRrmTIbFTlE84RLS
+glCS90Sm1qsdCol98dqR9cEMEiKlGHaysto4WgoAH6T0wFNGzeeetkH+4LJBcgnE
+/nIDE37ZfGhNTAShxlIUcByXqt+NmZDatL8406BsjpNaxGn8ZHjqeLvJXjhwBhSR
+LndzE9bojfTDFd7G5pjnQQKBgFV2f2xGYzh5B5IFtaha1vyf1YhcQ5ATljF+rEoV
+9saPtAnnYcJPzpfoke0YqxZopMAVqGREZ4mGFAEPA/9URGljTA2enUAz2OzM4qlf
+rcYEkTtRMbe4WiSAkWIafUJsyZwFczhJrw/OJtrIH9OPvErVEHwbJRCndZdDex+v
+Zd2XAoGAcA2ntZzUHM7K3A02pCPHtW6X2pmvgcNdQk2trI893mEPdFKPH+FPdaEa
+hxr/6JxIBbP93XG7m0Na8g0SaSl+jJHQOe2Vii7SgCSI47mp2bECUEQXqw0gek+E
+FpMKKtuLmE733CZbg85d9dCMU808+XR+psNvUR6XhxRB+lzgVjc=
+-----END RSA PRIVATE KEY-----
diff --git a/cdoc20-cli/keys/rsa_pub.pem b/cdoc20-cli/keys/rsa_pub.pem
new file mode 100644
index 00000000..05af922a
--- /dev/null
+++ b/cdoc20-cli/keys/rsa_pub.pem
@@ -0,0 +1,9 @@
+-----BEGIN PUBLIC KEY-----
+MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs18v09QVTnzSTRrFnVhk
+xDWM2rSHOua2rPz60CVazfOk5Vv9Jo4Nq6Uzo3yWS4DZ+3JgO5iRntFeI0NWZGsP
+GbMWGWKlb4OYlbK0gnBdwsi4LS6LnRx7CfYKxOicL5akXqDP2NCoytHFG8QePPE1
+XAHC7pHyC+hEa7Hggol6sdbEWOK7WLCmIjmJ+gJx2O3bg433ad0LX6swvclGNbe0
+z+YagmYsu4ChfwY9Be6oVRvQzFEHOKh+tEibyutdFJ9fioyMjjZtL6lEx5xKUJ18
+d4efC9apvJ810wRkMDqwR203HEJrkRnBg9RtkVPNzOMl8eH6eUdS/oDW5eysnKbt
+rwIDAQAB
+-----END PUBLIC KEY-----
diff --git a/cdoc20-cli/pom.xml b/cdoc20-cli/pom.xml
new file mode 100644
index 00000000..9a7ebb56
--- /dev/null
+++ b/cdoc20-cli/pom.xml
@@ -0,0 +1,135 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+    <modelVersion>4.0.0</modelVersion>
+    <parent>
+        <artifactId>cdoc20</artifactId>
+        <groupId>ee.cyber.cdoc20</groupId>
+        <version>0.6.0-SNAPSHOT</version>
+    </parent>
+
+
+    <artifactId>cdoc20-cli</artifactId>
+
+    <properties>
+        <maven.compiler.source>17</maven.compiler.source>
+        <maven.compiler.target>17</maven.compiler.target>
+        <sonar.coverage.jacoco.xmlReportPaths>${project.basedir}/../cdoc20-cli/target/site/jacoco-aggregate/jacoco.xml</sonar.coverage.jacoco.xmlReportPaths>
+    </properties>
+
+    <pluginRepositories>
+        <!--pluginRepository>
+            <id>maven-snapshots</id>
+            <url>https://repository.apache.org/content/repositories/snapshots/</url>
+        </pluginRepository-->
+        <pluginRepository>
+            <id>maven-public</id>
+            <url>https://repository.apache.org/content/repositories/public</url>
+        </pluginRepository>
+    </pluginRepositories>
+
+
+    <dependencies>
+        <dependency>
+            <groupId>info.picocli</groupId>
+            <artifactId>picocli</artifactId>
+            <version>4.6.3</version>
+        </dependency>
+        <dependency>
+            <groupId>org.slf4j</groupId>
+            <artifactId>slf4j-simple</artifactId>
+            <version>1.7.32</version>
+        </dependency>
+        <dependency>
+            <groupId>ee.cyber.cdoc20</groupId>
+            <artifactId>cdoc20-lib</artifactId>
+            <version>0.6.0-SNAPSHOT</version>
+            <scope>compile</scope>
+        </dependency>
+    </dependencies>
+
+    <build>
+        <plugins>
+            <plugin>
+                <groupId>org.apache.maven.plugins</groupId>
+                <artifactId>maven-shade-plugin</artifactId>
+                <version>${maven-shade-plugin.version}</version>
+                <executions>
+                    <execution>
+                        <phase>package</phase>
+                        <goals>
+                            <goal>shade</goal>
+                        </goals>
+                        <configuration>
+                            <transformers>
+                                <transformer implementation="org.apache.maven.plugins.shade.resource.ManifestResourceTransformer">
+                                    <manifestEntries>
+                                        <Main-Class>ee.cyber.cdoc20.cli.CDocCli</Main-Class>
+                                    </manifestEntries>
+                                </transformer>
+                            </transformers>
+                            <artifactSet>
+                                <excludes>
+                                    <exclude>*junit*:*</exclude>
+                                </excludes>
+                            </artifactSet>
+                            <filters>
+                                <filter>
+                                    <artifact>*:*</artifact>
+                                    <excludes>
+                                        <exclude>META-INF/*.SF</exclude>
+                                        <exclude>META-INF/*.DSA</exclude>
+                                        <exclude>META-INF/*.RSA</exclude>
+                                    </excludes>
+                                </filter>
+                            </filters>
+                            <minimizeJar>false</minimizeJar>
+                        </configuration>
+                    </execution>
+                </executions>
+            </plugin>
+
+                    <!--plugin>
+                        <groupId>org.jacoco</groupId>
+                        <artifactId>jacoco-maven-plugin</artifactId>
+                        <executions>
+                            <execution>
+                                <id>report</id>
+                                <goals>
+                                    <goal>report-aggregate</goal>
+                                </goals>
+                                <phase>verify</phase>
+                            </execution>
+                        </executions>
+                    </plugin-->
+
+
+
+
+            <!--plugin>
+                <groupId>org.codehaus.mojo</groupId>
+                <artifactId>appassembler-maven-plugin</artifactId>
+                <version>1.10</version>
+                <configuration>
+                    <programs>
+                        <program>
+                            <mainClass>ee.cyber.cdoc20.cli.CDocCli</mainClass>
+                            <id>cdoc</id>
+                        </program>
+                    </programs>
+                </configuration>
+
+                <executions>
+                    <execution>
+                        <id>jar</id>
+                        <phase>package</phase>
+                        <goals>
+                            <goal>assemble</goal>
+                        </goals>
+                    </execution>
+                </executions>
+
+            </plugin-->
+        </plugins>
+    </build>
+
+</project>
diff --git a/cdoc20-cli/src/main/java/ee/cyber/cdoc20/cli/CDocCli.java b/cdoc20-cli/src/main/java/ee/cyber/cdoc20/cli/CDocCli.java
new file mode 100644
index 00000000..39c811d7
--- /dev/null
+++ b/cdoc20-cli/src/main/java/ee/cyber/cdoc20/cli/CDocCli.java
@@ -0,0 +1,52 @@
+package ee.cyber.cdoc20.cli;
+
+import ee.cyber.cdoc20.cli.commands.CDocCreateCmd;
+import ee.cyber.cdoc20.cli.commands.CDocDecryptCmd;
+import ee.cyber.cdoc20.cli.commands.CDocInfoCmd;
+import ee.cyber.cdoc20.cli.commands.CDocListCmd;
+import picocli.CommandLine;
+import picocli.CommandLine.Command;
+import picocli.CommandLine.Option;
+
+import java.util.concurrent.Callable;
+
+//S106 Standard outputs should not be used directly to log anything
+//CLI needs to interact with standard outputs
+@SuppressWarnings("java:S106")
+@Command(
+        version = {"cdoc20-cli version: 0.0.1", "cdoc20-lib version: 0.0.1"},
+        name = "cdoc20-cli",
+        header = "\r\ncdoc20-cli is a command line interface for cdoc20 library\r\n",
+        customSynopsis = { "cdoc [create] <arguments>",
+                "cdoc [decrypt] <arguments>",
+                "cdoc [list] <arguments>",
+                "cdoc [info] <arguments>"},
+        subcommands = {CDocCreateCmd.class,
+                CDocDecryptCmd.class,
+                CDocListCmd.class,
+                CDocInfoCmd.class}
+)
+public class CDocCli implements Callable<Void> {
+    @Option(names = {"--version"}, versionHelp = true, description = "display version info")
+    boolean versionInfoRequested;
+
+    @Option(names = { "-h", "--help" }, usageHelp = true, description = "display a help message")
+    boolean helpRequested = false;
+
+    public static void main(String... args) {
+        if (args.length == 0) {
+            CommandLine.usage(new CDocCli(), System.out);
+            CommandLine.usage(new CDocCreateCmd(), System.out);
+            CommandLine.usage(new CDocDecryptCmd(), System.out);
+            CommandLine.usage(new CDocListCmd(), System.out);
+            CommandLine.usage(new CDocInfoCmd(), System.out);
+        }
+        int exitCode = new CommandLine(new CDocCli()).execute(args);
+        System.exit(exitCode);
+    }
+
+    @Override
+    public Void call() {
+        return null;
+    }
+}
diff --git a/cdoc20-cli/src/main/java/ee/cyber/cdoc20/cli/SymmetricKeyUtil.java b/cdoc20-cli/src/main/java/ee/cyber/cdoc20/cli/SymmetricKeyUtil.java
new file mode 100644
index 00000000..73046d79
--- /dev/null
+++ b/cdoc20-cli/src/main/java/ee/cyber/cdoc20/cli/SymmetricKeyUtil.java
@@ -0,0 +1,103 @@
+package ee.cyber.cdoc20.cli;
+
+import java.nio.charset.StandardCharsets;
+import java.util.AbstractMap;
+import java.util.Base64;
+import java.util.LinkedList;
+import java.util.List;
+import javax.crypto.SecretKey;
+import javax.crypto.spec.SecretKeySpec;
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import ee.cyber.cdoc20.CDocValidationException;
+import ee.cyber.cdoc20.crypto.DecryptionKeyMaterial;
+import ee.cyber.cdoc20.crypto.EncryptionKeyMaterial;
+
+/**
+ * Symmetric key usage in CDOC is supported by CDOC format, but its use cases are not finalized.
+ * In the future, symmetric key may be derived using password-based key-derivation algorithm or from hardware token.
+ * For now, symmetric key can be provided directly from the command line (or from a file with @option)
+ */
+public final class SymmetricKeyUtil {
+
+    public static final String BASE_64_PREFIX = "base64,";
+
+    // --secret format description, used in cdoc <cmd> classes
+    public static final String SECRET_DESCRIPTION = "symmetric key with label. Must have format <label>:<secret>. "
+            + "<secret> can be plain text or base64 encoded binary, in case of base64, "
+            + "it must be prefixed with `base64,`";
+
+    private SymmetricKeyUtil() { }
+
+    private static final Logger log = LoggerFactory.getLogger(SymmetricKeyUtil.class);
+
+    public static List<EncryptionKeyMaterial> extractEncryptionKeyMaterial(String[] secrets)
+            throws CDocValidationException {
+        if (secrets == null || secrets.length == 0) {
+            return List.of();
+        }
+
+        List<EncryptionKeyMaterial> result = new LinkedList<>();
+
+        for (String secret: secrets) {
+            var entry = extractEncryptionKeyMaterial(secret);
+            EncryptionKeyMaterial km = EncryptionKeyMaterial.from(entry.getKey(), entry.getValue());
+            result.add(km);
+        }
+        return result;
+    }
+
+    /**
+     * Extract symmetric key material from formatted secret  "label:topsecret123!"
+     * or "label123:base64,aejUgxxSQXqiiyrxSGACfMiIRBZq5KjlCwr/xVNY/B0="
+     * @param formattedSecret formatted as label:secret where secret can be base64 encoded bytes or regular utf-8 string
+     *                        Base64 encoded string must be prefixed with 'base64,', followed by base64 string
+     * @return DecryptionKeyMaterial created from formattedSecret
+     * @throws CDocValidationException if formattedSecret is not in format specified
+     * @throws IllegalArgumentException if base64 secret cannot be decoded
+     */
+    public static DecryptionKeyMaterial extractDecryptionKeyMaterial(String formattedSecret)
+            throws CDocValidationException {
+
+        var entry = extractEncryptionKeyMaterial(formattedSecret);
+        return DecryptionKeyMaterial.fromSecretKey(entry.getValue(), entry.getKey());
+    }
+
+    /**
+     * Extract symmetric key material from formatted secret "label:topsecret123!"
+     * or "label123:base64,aejUgxxSQXqiiyrxSGACfMiIRBZq5KjlCwr/xVNY/B0="
+     * @param formattedSecret formatted as label:secret where secret can be base64 encoded bytes or regular utf-8 string
+     *                        Base64 encoded string must be prefixed with 'base64,', followed by base64 string
+     * @return AbstractMap.SimpleEntry<SecretKey, String> with extracted SecretKey and label
+     * @throws CDocValidationException if formattedSecret is not in format specified
+     * @throws IllegalArgumentException if base64 secret cannot be decoded
+     */
+    private static AbstractMap.SimpleEntry<SecretKey, String> extractEncryptionKeyMaterial(String formattedSecret)
+            throws CDocValidationException {
+
+        var parts = formattedSecret.split(":");
+
+        if (parts.length != 2) {
+            throw new CDocValidationException("Secret must have format label:secret");
+        }
+
+        String label = parts[0];
+        String secret = parts[1];
+
+        byte[] secretBytes;
+
+        if (secret.startsWith(BASE_64_PREFIX)) {
+            secretBytes = Base64.getDecoder().decode(secret.substring(BASE_64_PREFIX.length()));
+            log.debug("Decoded {} bytes from secret (base64)", secretBytes.length);
+        } else {
+            secretBytes = secret.getBytes(StandardCharsets.UTF_8);
+            log.debug("Decoded {} bytes from secret", secretBytes.length);
+        }
+
+        log.info("Label for symmetric key: {}", label);
+        SecretKey key = new SecretKeySpec(secretBytes, "");
+        return new AbstractMap.SimpleEntry<>(key, label);
+    }
+}
diff --git a/cdoc20-cli/src/main/java/ee/cyber/cdoc20/cli/commands/CDocCreateCmd.java b/cdoc20-cli/src/main/java/ee/cyber/cdoc20/cli/commands/CDocCreateCmd.java
new file mode 100644
index 00000000..f36ef3d7
--- /dev/null
+++ b/cdoc20-cli/src/main/java/ee/cyber/cdoc20/cli/commands/CDocCreateCmd.java
@@ -0,0 +1,135 @@
+package ee.cyber.cdoc20.cli.commands;
+
+
+import ee.cyber.cdoc20.CDocBuilder;
+import ee.cyber.cdoc20.cli.SymmetricKeyUtil;
+import ee.cyber.cdoc20.crypto.EncryptionKeyMaterial;
+import ee.cyber.cdoc20.crypto.EllipticCurve;
+import ee.cyber.cdoc20.crypto.PemTools;
+import ee.cyber.cdoc20.util.SkLdapUtil;
+import ee.cyber.cdoc20.util.Resources;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import picocli.CommandLine;
+import picocli.CommandLine.Parameters;
+import picocli.CommandLine.Option;
+import picocli.CommandLine.Command;
+
+import java.io.File;
+import java.security.PublicKey;
+import java.util.Arrays;
+import java.util.LinkedHashMap;
+import java.util.List;
+import java.util.Map;
+import java.util.Properties;
+import java.util.concurrent.Callable;
+import java.util.stream.Collectors;
+
+//S106 - Standard outputs should not be used directly to log anything
+//CLI needs to interact with standard outputs
+@SuppressWarnings("java:S106")
+@Command(name = "create", aliases = {"c", "encrypt"}, showAtFileInUsageHelp = true)
+public class CDocCreateCmd implements Callable<Void> {
+    private static final Logger log = LoggerFactory.getLogger(CDocCreateCmd.class);
+
+    // default server configuration disabled, until public key server is up and running
+    //private static final String DEFAULT_SERVER_PROPERTIES = "classpath:localhost.properties";
+
+    @Option(names = {"-f", "--file" }, required = true, paramLabel = "CDOC", description = "the CDOC2.0 file")
+    File cdocFile;
+
+    // one of cert or pubkey must be specified
+    @CommandLine.ArgGroup(exclusive = false, multiplicity = "1..*")
+    Dependent recipient;
+
+    static class Dependent {
+        @Option(names = {"-p", "--pubkey"},
+                paramLabel = "PEM", description = "recipient public key in PEM format")
+        File[] pubKeys;
+
+        @Option(names = {"-c", "--cert"},
+                paramLabel = "CER", description = "recipient x509 certificate in DER or PEM format")
+        File[] certs;
+
+        @Option(names = {"-r", "--recipient", "--receiver"},
+                paramLabel = "isikukood", description = "recipient id code (isikukood)")
+        String[] identificationCodes;
+
+        @Option(names = {"-s", "--secret"}, paramLabel = "<label>:<secret>",
+                description = SymmetricKeyUtil.SECRET_DESCRIPTION)
+        String[] secrets;
+    }
+
+    // allow -Dkey for setting System properties
+    @Option(names = "-D", mapFallbackValue = "", description = "Set Java System property")
+    void setProperty(Map<String, String> props) {
+        props.forEach(System::setProperty);
+    }
+
+    @Option(names = {"-S", "--server"},
+            paramLabel = "FILE.properties",
+            description = "Key server connection properties file"
+            // default server configuration disabled, until public key server is up and running
+            //, arity = "0..1"
+            //, fallbackValue = DEFAULT_SERVER_PROPERTIES
+    )
+    String keyServerPropertiesFile;
+
+
+    @Parameters(paramLabel = "FILE", description = "one or more files to encrypt", arity = "1..*")
+    File[] inputFiles;
+
+    @Option(names = { "-h", "--help" }, usageHelp = true, description = "display a help message")
+    private boolean helpRequested = false;
+
+    @Override
+    public Void call() throws Exception {
+
+        if (log.isDebugEnabled()) {
+            log.debug("create --file {} --pubkey {} --cert {} {}",
+                cdocFile,
+                Arrays.toString(recipient.pubKeys),
+                Arrays.toString(recipient.certs),
+                Arrays.toString(inputFiles));
+        }
+
+        //Map of PublicKey, keyLabel
+        Map<PublicKey, String> recipientsMap = new LinkedHashMap<>();
+
+        recipientsMap.putAll(PemTools.loadPubKeysWithKeyLabel(this.recipient.pubKeys));
+        recipientsMap.putAll(PemTools.loadCertKeysWithLabel(this.recipient.certs));
+
+        // fetch authentication certificates' public keys for natural person identity codes
+        Map<PublicKey, String> ldapKeysWithLabels =
+                SkLdapUtil.getPublicKeysWithLabels(this.recipient.identificationCodes).entrySet()
+                    .stream()
+                    .filter(entry -> EllipticCurve.isSupported(entry.getKey()))
+                    .collect(Collectors.toMap(Map.Entry::getKey, Map.Entry::getValue));
+        recipientsMap.putAll(ldapKeysWithLabels);
+
+        List<EncryptionKeyMaterial> recipients = recipientsMap.entrySet().stream()
+                .map(entry -> EncryptionKeyMaterial.from(entry.getKey(), entry.getValue()))
+                .collect(Collectors.toList());
+
+        // add symmetric keys with labels
+        recipients.addAll(SymmetricKeyUtil.extractEncryptionKeyMaterial(recipient.secrets));
+
+
+        CDocBuilder cDocBuilder = new CDocBuilder()
+            .withRecipients(recipients)
+            .withPayloadFiles(Arrays.asList(inputFiles));
+
+        if (keyServerPropertiesFile != null) {
+            Properties p = new Properties();
+            p.load(Resources.getResourceAsStream(keyServerPropertiesFile));
+            cDocBuilder.withServerProperties(p);
+        }
+
+        cDocBuilder.buildToFile(cdocFile);
+
+        log.info("Created {}", cdocFile.getAbsolutePath());
+
+        return null;
+    }
+
+}
diff --git a/cdoc20-cli/src/main/java/ee/cyber/cdoc20/cli/commands/CDocDecryptCmd.java b/cdoc20-cli/src/main/java/ee/cyber/cdoc20/cli/commands/CDocDecryptCmd.java
new file mode 100644
index 00000000..fa52c8da
--- /dev/null
+++ b/cdoc20-cli/src/main/java/ee/cyber/cdoc20/cli/commands/CDocDecryptCmd.java
@@ -0,0 +1,126 @@
+package ee.cyber.cdoc20.cli.commands;
+
+import ee.cyber.cdoc20.CDocConfiguration;
+import ee.cyber.cdoc20.CDocDecrypter;
+import ee.cyber.cdoc20.cli.SymmetricKeyUtil;
+import ee.cyber.cdoc20.client.KeyCapsuleClientFactory;
+import ee.cyber.cdoc20.client.KeyCapsuleClientImpl;
+import ee.cyber.cdoc20.crypto.DecryptionKeyMaterial;
+import ee.cyber.cdoc20.crypto.PemTools;
+import ee.cyber.cdoc20.crypto.Pkcs11Tools;
+import ee.cyber.cdoc20.util.Resources;
+import java.io.File;
+import java.nio.file.InvalidPathException;
+import java.security.KeyPair;
+import java.util.Arrays;
+import java.util.List;
+import java.util.Map;
+import java.util.Properties;
+import java.util.concurrent.Callable;
+import picocli.CommandLine;
+import picocli.CommandLine.Command;
+import picocli.CommandLine.Option;
+
+//S106 Standard outputs should not be used directly to log anything
+//CLI needs to interact with standard outputs
+@SuppressWarnings("java:S106")
+@Command(name = "decrypt", aliases = {"x", "extract"}, showAtFileInUsageHelp = true)
+public class CDocDecryptCmd implements Callable<Void> {
+    // commented out until public key server is in live
+    //private static final String DEFAULT_SERVER_PROPERTIES = "classpath:localhost_pkcs11.properties";
+
+    @Option(names = {"-f", "--file" }, required = true,
+            paramLabel = "CDOC", description = "the CDOC2.0 file")
+    File cdocFile;
+
+    @Option(names = {"-k", "--key"},
+            paramLabel = "PEM", description = "Private key PEM to use for decrypting")
+    File privKeyFile;
+
+    @Option(names = {"-p12"},
+            paramLabel = ".p12", description = "Load private key from .p12 file (FILE.p12:password)")
+    String p12;
+
+    @Option(names = {"-s", "--secret"}, paramLabel = "<label>:<secret>",
+            description = SymmetricKeyUtil.SECRET_DESCRIPTION)
+    String secret;
+
+    @Option (names = {"--slot"},
+            description = "Smart card key slot to use for decrypting. Default: 0")
+    Integer slot = 0;
+
+    @Option(names = {"-a", "--alias"},
+            description = "Alias of the keystore entry to use for decrypting")
+    String keyAlias;
+
+    @Option(names = {"-o", "--output"}, paramLabel = "DIR",
+            description = "output destination | Default: current-directory")
+    private File outputPath = new File(".");
+
+    @Option(names = {"--server"}, paramLabel = "FILE.properties"
+            // commented out until public key server is in live
+            //, arity = "0..1"
+            //,defaultValue = DEFAULT_SERVER_PROPERTIES
+    )
+    private String keyServerPropertiesFile;
+
+    @CommandLine.Parameters(description = "one or more files to decrypt", paramLabel = "fileToExtract")
+    String[] filesToExtract = new String[0];
+
+    @Option(names = { "-h", "--help" }, usageHelp = true, description = "display a help message")
+    private boolean helpRequested = false;
+
+    // allow -Dkey for setting System properties
+    @Option(names = "-D", mapFallbackValue = "", description = "Set Java System property")
+    void setProperty(Map<String, String> props) {
+        props.forEach(System::setProperty);
+    }
+
+    @Override
+    public Void call() throws Exception {
+        if (!this.cdocFile.exists()) {
+            throw new InvalidPathException(this.cdocFile.getAbsolutePath(), "Input CDOC file does not exist");
+        }
+
+        String pkcs11LibPath = System.getProperty(CDocConfiguration.PKCS11_LIBRARY_PROPERTY, null);
+        Properties p;
+
+        KeyCapsuleClientFactory keyCapsulesClientFactory = null;
+
+        if (keyServerPropertiesFile != null) {
+            p = new Properties();
+            p.load(Resources.getResourceAsStream(keyServerPropertiesFile));
+            keyCapsulesClientFactory = KeyCapsuleClientImpl.createFactory(p);
+        }
+
+        DecryptionKeyMaterial decryptionKm = null;
+        if (secret != null) {
+            decryptionKm = SymmetricKeyUtil.extractDecryptionKeyMaterial(secret);
+        }
+
+        if (decryptionKm == null)  {
+            KeyPair keyPair;
+            if (p12 != null) {
+                keyPair = PemTools.loadKeyPairFromP12File(p12);
+            } else {
+                keyPair = privKeyFile != null
+                        ? PemTools.loadKeyPair(privKeyFile)
+                        : Pkcs11Tools.loadFromPKCS11Interactively(pkcs11LibPath, slot, keyAlias);
+            }
+
+            decryptionKm = DecryptionKeyMaterial.fromKeyPair(keyPair);
+        }
+
+        CDocDecrypter cDocDecrypter = new CDocDecrypter()
+                .withCDoc(cdocFile)
+                .withRecipient(decryptionKm)
+                .withFilesToExtract(Arrays.asList(filesToExtract))
+                .withKeyServers(keyCapsulesClientFactory)
+                .withDestinationDirectory(outputPath);
+
+        System.out.println("Decrypting " + cdocFile + " to " + outputPath.getAbsolutePath());
+        List<String> extractedFileNames = cDocDecrypter.decrypt();
+        extractedFileNames.forEach(System.out::println);
+        return null;
+    }
+}
diff --git a/cdoc20-cli/src/main/java/ee/cyber/cdoc20/cli/commands/CDocInfoCmd.java b/cdoc20-cli/src/main/java/ee/cyber/cdoc20/cli/commands/CDocInfoCmd.java
new file mode 100644
index 00000000..3f115486
--- /dev/null
+++ b/cdoc20-cli/src/main/java/ee/cyber/cdoc20/cli/commands/CDocInfoCmd.java
@@ -0,0 +1,55 @@
+package ee.cyber.cdoc20.cli.commands;
+
+import ee.cyber.cdoc20.container.Envelope;
+import ee.cyber.cdoc20.container.recipients.PublicKeyRecipient;
+import ee.cyber.cdoc20.container.recipients.Recipient;
+import ee.cyber.cdoc20.container.recipients.ServerRecipient;
+import picocli.CommandLine;
+
+import java.io.File;
+import java.nio.file.Files;
+import java.util.List;
+import java.util.Map;
+import java.util.concurrent.Callable;
+
+//S106 Standard outputs should not be used directly to log anything
+//CLI needs to interact with standard outputs
+@SuppressWarnings("java:S106")
+@CommandLine.Command(name = "info",  showAtFileInUsageHelp = true)
+public class CDocInfoCmd implements Callable<Void> {
+    @CommandLine.Option(names = {"-f", "--file" }, required = true,
+            paramLabel = "CDOC", description = "the CDOC2.0 file")
+    File cdocFile;
+
+    // allow -Dkey for setting System properties
+    @CommandLine.Option(names = "-D", mapFallbackValue = "", description = "Set Java System property")
+    void setProperty(Map<String, String> props) {
+        props.forEach(System::setProperty);
+    }
+
+    @CommandLine.Option(names = { "-h", "--help" }, usageHelp = true, description = "display a help message")
+    private boolean helpRequested = false;
+
+    @Override
+    public Void call() throws Exception {
+
+
+        List<Recipient> recipients = Envelope.parseHeader(Files.newInputStream(cdocFile.toPath()));
+        for (Recipient recipient: recipients) {
+
+            String type = (recipient instanceof PublicKeyRecipient)
+                    ? ((PublicKeyRecipient) recipient).getRecipientPubKey().getAlgorithm() + " PublicKey"
+                    : "SymmetricKey";
+
+            String label = recipient.getRecipientKeyLabel();
+
+            String server = (recipient instanceof ServerRecipient)
+                    ? "(server: " + ((ServerRecipient) recipient).getKeyServerId() + ")"
+                    : "";
+
+            System.out.println(type + ": " + label + " " + server);
+        }
+
+        return null;
+    }
+}
diff --git a/cdoc20-cli/src/main/java/ee/cyber/cdoc20/cli/commands/CDocListCmd.java b/cdoc20-cli/src/main/java/ee/cyber/cdoc20/cli/commands/CDocListCmd.java
new file mode 100644
index 00000000..5c98eb68
--- /dev/null
+++ b/cdoc20-cli/src/main/java/ee/cyber/cdoc20/cli/commands/CDocListCmd.java
@@ -0,0 +1,126 @@
+package ee.cyber.cdoc20.cli.commands;
+
+import ee.cyber.cdoc20.CDocConfiguration;
+import ee.cyber.cdoc20.CDocDecrypter;
+import ee.cyber.cdoc20.cli.SymmetricKeyUtil;
+import ee.cyber.cdoc20.client.KeyCapsuleClientFactory;
+import ee.cyber.cdoc20.client.KeyCapsuleClientImpl;
+import ee.cyber.cdoc20.crypto.DecryptionKeyMaterial;
+import ee.cyber.cdoc20.crypto.PemTools;
+import ee.cyber.cdoc20.crypto.Pkcs11Tools;
+import ee.cyber.cdoc20.util.Resources;
+import java.io.File;
+import java.nio.file.InvalidPathException;
+import java.security.KeyPair;
+import java.time.LocalDateTime;
+import java.time.ZoneId;
+import java.time.format.DateTimeFormatter;
+import java.util.List;
+import java.util.Map;
+import java.util.Properties;
+import java.util.concurrent.Callable;
+import org.apache.commons.compress.archivers.ArchiveEntry;
+import picocli.CommandLine.Command;
+import picocli.CommandLine.Option;
+
+//S106 Standard outputs should not be used directly to log anything
+//CLI needs to interact with standard outputs
+@SuppressWarnings("java:S106")
+@Command(name = "list", aliases = {"l"}, showAtFileInUsageHelp = true)
+public class CDocListCmd implements Callable<Void> {
+    @Option(names = {"-f", "--file" }, required = true,
+            paramLabel = "CDOC", description = "the CDOC2.0 file")
+    File cdocFile;
+
+    @Option(names = {"-k", "--key"},
+            paramLabel = "PEM", description = "EC private key PEM used to decrypt")
+    File privKeyFile;
+
+    @Option(names = {"-p12"},
+            paramLabel = ".p12", description = "Load private key from .p12 file (FILE.p12:password)")
+    String p12;
+
+    @Option(names = {"-s", "--secret"}, paramLabel = "<label>:<secret>",
+            description = SymmetricKeyUtil.SECRET_DESCRIPTION)
+    String secret;
+
+    @Option (names = {"--slot"},
+            description = "Key from smartcard slot used for decrypting. Default 0")
+    Integer slot = 0;
+
+    @Option(names = {"-a", "--alias"},
+            description = "Alias of the keystore entry to use for decrypting")
+    String keyAlias;
+
+    @Option(names = {"--server"}, paramLabel = "FILE.properties")
+    private String keyServerPropertiesFile;
+
+    // allow -Dkey for setting System properties
+    @Option(names = "-D", mapFallbackValue = "", description = "Set Java System property")
+    void setProperty(Map<String, String> props) {
+        props.forEach(System::setProperty);
+    }
+
+    @Option(names = { "-v", "--verbose" }, description = "verbose")
+    private boolean verbose = false;
+
+    @Option(names = { "-h", "--help" }, usageHelp = true, description = "display a help message")
+    private boolean helpRequested = false;
+
+    @Override
+    public Void call() throws Exception {
+        if (!this.cdocFile.exists()) {
+            throw new InvalidPathException(this.cdocFile.getAbsolutePath(), "Input CDOC file does not exist");
+        }
+
+        String pkcs11LibPath = System.getProperty(CDocConfiguration.PKCS11_LIBRARY_PROPERTY, null);
+        Properties p;
+
+        KeyCapsuleClientFactory keyCapsulesClient = null;
+
+        if (keyServerPropertiesFile != null) {
+            p = new Properties();
+            p.load(Resources.getResourceAsStream(keyServerPropertiesFile));
+            keyCapsulesClient = KeyCapsuleClientImpl.createFactory(p);
+        }
+
+        DecryptionKeyMaterial decryptionKm = null;
+        if (secret != null) {
+            decryptionKm = SymmetricKeyUtil.extractDecryptionKeyMaterial(secret);
+        }
+
+        if (decryptionKm == null)  {
+            KeyPair keyPair;
+            if (p12 != null) {
+                keyPair = PemTools.loadKeyPairFromP12File(p12);
+            } else {
+                keyPair = privKeyFile != null
+                        ? PemTools.loadKeyPair(privKeyFile)
+                        : Pkcs11Tools.loadFromPKCS11Interactively(pkcs11LibPath, slot, keyAlias);
+            }
+
+            decryptionKm = DecryptionKeyMaterial.fromKeyPair(keyPair);
+        }
+
+        CDocDecrypter cDocDecrypter = new CDocDecrypter()
+                .withCDoc(cdocFile)
+                .withKeyServers(keyCapsulesClient)
+                .withRecipient(decryptionKm);
+
+        System.out.println("Listing contents of " + cdocFile);
+        List<ArchiveEntry> files = cDocDecrypter.list();
+        if (!verbose) {
+            files.forEach(e -> System.out.println(e.getName()));
+        } else {
+            long maxFileSize = files.stream().mapToLong(ArchiveEntry::getSize).max().orElse(0);
+            String format = " %" + Math.round(Math.log10(maxFileSize)) + "d %18s %s%n";
+            files.forEach(e -> {
+                String isoDateTime = LocalDateTime.ofInstant(e.getLastModifiedDate().toInstant(),
+                        ZoneId.systemDefault()).format(DateTimeFormatter.ISO_DATE_TIME);
+                System.out.format(format, e.getSize(), isoDateTime, e.getName());
+            });
+        }
+
+        return null;
+    }
+}
diff --git a/cdoc20-cli/src/main/resources/simplelogger.properties b/cdoc20-cli/src/main/resources/simplelogger.properties
new file mode 100644
index 00000000..c63c47da
--- /dev/null
+++ b/cdoc20-cli/src/main/resources/simplelogger.properties
@@ -0,0 +1,3 @@
+org.slf4j.simpleLogger.defaultLogLevel=trace
+org.slf4j.simpleLogger.showDateTime=true
+org.slf4j.simpleLogger.dateTimeFormat=yyyy-MM-dd HH:mm:ss.SSS
diff --git a/cdoc20-cli/src/test/java/CDocCliTest.java b/cdoc20-cli/src/test/java/CDocCliTest.java
new file mode 100644
index 00000000..1bbf2447
--- /dev/null
+++ b/cdoc20-cli/src/test/java/CDocCliTest.java
@@ -0,0 +1,107 @@
+import ee.cyber.cdoc20.cli.CDocCli;
+import java.io.ByteArrayOutputStream;
+import java.io.IOException;
+import java.io.PrintStream;
+import java.nio.file.Files;
+import java.nio.file.Path;
+import org.junit.jupiter.api.AfterEach;
+import org.junit.jupiter.api.BeforeEach;
+import org.junit.jupiter.api.Test;
+import org.junit.jupiter.api.io.TempDir;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import picocli.CommandLine;
+import static org.junit.jupiter.api.Assertions.assertEquals;
+import static org.junit.jupiter.api.Assertions.assertTrue;
+
+class CDocCliTest {
+    private static final Logger log = LoggerFactory.getLogger(CDocCliTest.class);
+
+    final PrintStream originalOut = System.out;
+    final PrintStream originalErr = System.err;
+    final ByteArrayOutputStream out = new ByteArrayOutputStream();
+    final ByteArrayOutputStream err = new ByteArrayOutputStream();
+
+    @BeforeEach // JUnit 5
+    public void setUpStreams() {
+        out.reset();
+        err.reset();
+        System.setOut(new PrintStream(out));
+        System.setErr(new PrintStream(err));
+    }
+
+    @AfterEach // JUnit 5
+    public void restoreStreams() {
+        System.setOut(originalOut);
+        System.setErr(originalErr);
+    }
+
+    @Test
+    void testCreateDecryptDocEC(@TempDir Path tempPath) throws IOException {
+        checkCreateDecryptDoc("keys/bob_pub.pem", "keys/bob.pem", tempPath);
+    }
+
+    @Test
+    void testCreateDecyptDocECShort(@TempDir Path tempPath) throws IOException {
+        checkCreateDecryptDoc("keys/cdoc20client_pub.pem", "keys/cdoc20client.pem", tempPath);
+    }
+
+    @Test
+    void testCreateDecryptDocRSA(@TempDir Path tempPath) throws IOException {
+        checkCreateDecryptDoc("keys/rsa_pub.pem", "keys/rsa_priv.pem", tempPath);
+    }
+
+    void checkCreateDecryptDoc(String pubKeyFile, String privateKeyFile, Path tempPath) throws IOException {
+
+        CDocCli app = new CDocCli();
+        CommandLine cmd = new CommandLine(app);
+
+        log.debug("Current dir {}", Path.of(".").toAbsolutePath());
+
+        Path cdocCliPath = Path.of(".").toAbsolutePath().normalize();
+
+        log.debug("Temp dir {}", tempPath.toAbsolutePath());
+        Path cdocFile = tempPath.resolve("cdoc_cli_test.cdoc");
+        int exitCode = cmd.execute("create",
+                "--pubkey=" + pubKeyFile,
+                "--file=" + cdocFile,
+                cdocCliPath.resolve("README.md").toString()
+        );
+
+        log.debug("Output was: {}", out);
+        log.debug("Err was: {}", err);
+
+        assertEquals(0, exitCode);
+
+        var resultFile = cdocFile.toFile();
+        assertTrue(resultFile.exists());
+        assertTrue(resultFile.length() > 0);
+
+        Path outPath = tempPath.resolve("out");
+        outPath.toFile().mkdir();
+
+        out.reset();
+        err.reset();
+
+        int decryptExitCode = cmd.execute("decrypt",
+                "--file=" + cdocFile,
+                "--key=" + privateKeyFile,
+                "--output=" + outPath
+        );
+
+        log.debug("Output was: {}", out);
+        log.debug("Err was: {}", err);
+
+        assertEquals(0, decryptExitCode);
+
+        log.debug("Expected: {}", "Decrypting " + cdocFile.toFile() + " " + outPath);
+
+        assertTrue(out.toString().startsWith("Decrypting " + cdocFile.toFile() + " to " + outPath));
+        assertTrue(out.toString().contains("README.md"));
+
+        String inReadme = Files.readString(cdocCliPath.resolve("README.md"));
+        String outReadme = Files.readString(outPath.resolve("README.md"));
+
+        assertEquals(inReadme, outReadme);
+    }
+}
diff --git a/cdoc20-cli/src/test/resources/simplelogger.properties b/cdoc20-cli/src/test/resources/simplelogger.properties
new file mode 100644
index 00000000..58457c9a
--- /dev/null
+++ b/cdoc20-cli/src/test/resources/simplelogger.properties
@@ -0,0 +1,3 @@
+org.slf4j.simpleLogger.defaultLogLevel=debug
+org.slf4j.simpleLogger.logFile=System.err
+org.slf4j.simpleLogger.cacheOutputStream=true
\ No newline at end of file
diff --git a/cdoc20-client/pom.xml b/cdoc20-client/pom.xml
new file mode 100644
index 00000000..83e1f3d0
--- /dev/null
+++ b/cdoc20-client/pom.xml
@@ -0,0 +1,222 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+    <parent>
+        <artifactId>cdoc20</artifactId>
+        <groupId>ee.cyber.cdoc20</groupId>
+        <version>0.6.0-SNAPSHOT</version>
+    </parent>
+    <modelVersion>4.0.0</modelVersion>
+
+    <artifactId>cdoc20-client</artifactId>
+
+    <properties>
+        <swagger-annotations-version>1.6.3</swagger-annotations-version>
+        <jersey-version>3.1.0</jersey-version>
+        <jackson-version>2.14.0</jackson-version>
+
+        <maven-plugin-version>1.0.0</maven-plugin-version>
+
+        <jackson-databind-nullable>0.2.2</jackson-databind-nullable>
+
+        <spotbugs-annotations.version>4.5.1</spotbugs-annotations.version>
+        <wiremock-version>2.32.0</wiremock-version>
+    </properties>
+
+    <dependencies>
+        <dependency>
+            <groupId>io.swagger</groupId>
+            <artifactId>swagger-annotations</artifactId>
+            <version>${swagger-annotations-version}</version>
+        </dependency>
+
+        <dependency>
+            <groupId>ch.qos.logback</groupId>
+            <artifactId>logback-classic</artifactId>
+            <version>${logback-classic.version}</version>
+        </dependency>
+
+
+        <dependency>
+            <!-- javax.annotation.Nonnull and friends used by jersey2 client-->
+            <groupId>com.github.spotbugs</groupId>
+            <artifactId>spotbugs-annotations</artifactId>
+            <version>${spotbugs-annotations.version}</version>
+            <scope>compile</scope>
+        </dependency>
+        <dependency>
+            <groupId>org.glassfish.jersey.core</groupId>
+            <artifactId>jersey-common</artifactId>
+            <version>${jersey-version}</version>
+        </dependency>
+
+        <dependency>
+            <groupId>org.glassfish.jersey.core</groupId>
+            <artifactId>jersey-client</artifactId>
+            <version>${jersey-version}</version>
+        </dependency>
+        <dependency>
+            <groupId>org.glassfish.jersey.media</groupId>
+            <artifactId>jersey-media-multipart</artifactId>
+            <version>${jersey-version}</version>
+        </dependency>
+        <dependency>
+            <groupId>org.glassfish.jersey.media</groupId>
+            <artifactId>jersey-media-json-jackson</artifactId>
+            <version>${jersey-version}</version>
+        </dependency>
+        <!-- required from 2.26 or jersey2 clients fail without it runtime-->
+        <dependency>
+            <groupId>org.glassfish.jersey.inject</groupId>
+            <artifactId>jersey-hk2</artifactId>
+            <version>${jersey-version}</version>
+        </dependency>
+        <!-- required by jersey-hk2 when running on jdk11+ -->
+        <dependency>
+            <groupId>javax.xml.bind</groupId>
+            <artifactId>jaxb-api</artifactId>
+            <version>2.3.0</version>
+        </dependency>
+        <dependency>
+            <groupId>com.fasterxml.jackson.jaxrs</groupId>
+            <artifactId>jackson-jaxrs-base</artifactId>
+            <version>${jackson-version}</version>
+        </dependency>
+        <dependency>
+            <groupId>com.fasterxml.jackson.core</groupId>
+            <artifactId>jackson-core</artifactId>
+            <version>${jackson-version}</version>
+        </dependency>
+        <dependency>
+            <groupId>com.fasterxml.jackson.core</groupId>
+            <artifactId>jackson-annotations</artifactId>
+            <version>${jackson-version}</version>
+        </dependency>
+        <dependency>
+            <groupId>com.fasterxml.jackson.core</groupId>
+            <artifactId>jackson-databind</artifactId>
+            <version>${jackson-version}</version>
+        </dependency>
+        <dependency>
+            <groupId>com.fasterxml.jackson.jaxrs</groupId>
+            <artifactId>jackson-jaxrs-json-provider</artifactId>
+            <version>${jackson-version}</version>
+        </dependency>
+        <dependency>
+            <groupId>com.fasterxml.jackson.datatype</groupId>
+            <artifactId>jackson-datatype-joda</artifactId>
+            <version>${jackson-version}</version>
+        </dependency>
+        <dependency>
+            <groupId>com.fasterxml.jackson.datatype</groupId>
+            <artifactId>jackson-datatype-jsr310</artifactId>
+            <version>${jackson-version}</version>
+        </dependency>
+
+        <dependency>
+            <groupId>org.openapitools</groupId>
+            <artifactId>jackson-databind-nullable</artifactId>
+            <version>${jackson-databind-nullable}</version>
+        </dependency>
+
+        <dependency>
+            <groupId>org.junit.jupiter</groupId>
+            <artifactId>junit-jupiter-engine</artifactId>
+            <scope>test</scope>
+        </dependency>
+        <dependency>
+            <groupId>org.junit.jupiter</groupId>
+            <artifactId>junit-jupiter-api</artifactId>
+            <scope>test</scope>
+        </dependency>
+
+        <dependency>
+            <groupId>com.github.tomakehurst</groupId>
+            <artifactId>wiremock-jre8</artifactId>
+            <version>${wiremock-version}</version>
+            <scope>test</scope>
+        </dependency>
+
+    </dependencies>
+
+    <build>
+        <plugins>
+            <plugin>
+                <groupId>org.openapitools</groupId>
+                <artifactId>openapi-generator-maven-plugin</artifactId>
+                <version>6.2.1</version>
+                <executions>
+                    <execution>
+                        <id>generate-key-capsules-api-client</id>
+                        <goals>
+                            <goal>generate</goal>
+                        </goals>
+                        <configuration>
+                            <inputSpec>${project.basedir}/../cdoc20-openapi/cdoc20-key-capsules.yaml</inputSpec>
+                        </configuration>
+                    </execution>
+                </executions>
+
+                <configuration>
+                    <generatorName>java</generatorName>
+                    <library>jersey3</library>
+                    <apiPackage>ee.cyber.cdoc20.client.api</apiPackage>
+                    <modelPackage>ee.cyber.cdoc20.client.model</modelPackage>
+                    <invokerPackage>ee.cyber.cdoc20.client.api</invokerPackage>
+                    <generateSupportingFiles>true</generateSupportingFiles>
+                    <generateApiTests>false</generateApiTests>
+                    <generateModelTests>false</generateModelTests>
+                    <configOptions>
+                        <delegatePattern>false</delegatePattern>
+                        <!--dateLibrary>java8-localdatetime</dateLibrary-->
+                        <dateLibrary>java8</dateLibrary>
+                        <enumUnknownDefaultCase>true</enumUnknownDefaultCase>
+                        <oas3>true</oas3>
+                        <useOptional>true</useOptional>
+                        <bigDecimalAsString>true</bigDecimalAsString>
+                        <legacyDiscriminatorBehavior>false</legacyDiscriminatorBehavior>
+                    </configOptions>
+
+                    <typeMappings>
+                        <typeMapping>duration=Duration</typeMapping>
+                    </typeMappings>
+                    <importMappings>Duration=java.time.Duration</importMappings>
+                </configuration>
+
+            </plugin>
+
+            <plugin>
+                <groupId>org.apache.maven.plugins</groupId>
+                <artifactId>maven-compiler-plugin</artifactId>
+                <version>3.8.1</version>
+                <configuration>
+                    <source>17</source>
+                    <target>17</target>
+                    <proc>none</proc>
+                </configuration>
+            </plugin>
+
+            <plugin>
+                <groupId>org.apache.maven.plugins</groupId>
+                <artifactId>maven-antrun-plugin</artifactId>
+                <version>1.8</version>
+                <executions>
+                    <execution>
+                        <phase>generate-test-resources</phase>
+                        <goals>
+                            <goal>run</goal>
+                        </goals>
+                        <configuration>
+                            <target>
+                                <!-- create properties file for tests -->
+                                <echo file="${basedir}/src/test/resources/test.properties" append="false">cdoc20.keys.dir=${basedir}/../cdoc20-server/keys
+                                </echo>
+                            </target>
+                        </configuration>
+                    </execution>
+                </executions>
+            </plugin>
+
+        </plugins>
+    </build>
+
+</project>
diff --git a/cdoc20-client/src/main/java/ee/cyber/cdoc20/client/Cdoc20KeyCapsuleApiClient.java b/cdoc20-client/src/main/java/ee/cyber/cdoc20/client/Cdoc20KeyCapsuleApiClient.java
new file mode 100644
index 00000000..46891a15
--- /dev/null
+++ b/cdoc20-client/src/main/java/ee/cyber/cdoc20/client/Cdoc20KeyCapsuleApiClient.java
@@ -0,0 +1,293 @@
+package ee.cyber.cdoc20.client;
+
+import ee.cyber.cdoc20.client.api.ApiClient;
+import ee.cyber.cdoc20.client.api.ApiException;
+import ee.cyber.cdoc20.client.api.ApiResponse;
+import ee.cyber.cdoc20.client.api.Cdoc20KeyCapsulesApi;
+import ee.cyber.cdoc20.client.model.Capsule;
+
+import java.security.GeneralSecurityException;
+import java.security.InvalidAlgorithmParameterException;
+import java.security.KeyManagementException;
+import java.security.KeyStore;
+import java.security.KeyStoreException;
+import java.security.NoSuchAlgorithmException;
+import java.security.SecureRandom;
+import java.util.List;
+import java.util.Objects;
+import java.util.Optional;
+import javax.annotation.Nullable;
+import javax.net.ssl.KeyManager;
+import javax.net.ssl.KeyManagerFactory;
+import javax.net.ssl.KeyStoreBuilderParameters;
+import javax.net.ssl.SSLContext;
+import javax.net.ssl.TrustManagerFactory;
+import jakarta.ws.rs.client.ClientBuilder;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+/**
+ * Client for creating and getting CDOC 2.0 key capsules from key server. Provides Builder to initialize mutual TLS
+ * from PKCS11 (smart-card) or PKCS12 (software) key stores.
+ */
+public final class Cdoc20KeyCapsuleApiClient {
+    private static final Logger log = LoggerFactory.getLogger(Cdoc20KeyCapsuleApiClient.class);
+
+    public static final int DEFAULT_CONNECT_TIMEOUT_MS = 1000;
+    public static final int DEFAULT_READ_TIMEOUT_MS = 500;
+
+    private final Cdoc20KeyCapsulesApi capsulesApi;
+
+
+    private Cdoc20KeyCapsuleApiClient(Cdoc20KeyCapsulesApi capsuleApi) {
+        this.capsulesApi = capsuleApi;
+    }
+
+    @Override
+    public boolean equals(Object o) {
+        if (this == o) return true;
+        if (o == null || getClass() != o.getClass()) return false;
+        Cdoc20KeyCapsuleApiClient that = (Cdoc20KeyCapsuleApiClient) o;
+        return capsulesApi.equals(that.capsulesApi);
+    }
+
+    @Override
+    public int hashCode() {
+        return Objects.hash(capsulesApi);
+    }
+
+    public static final class Builder {
+        private static final Logger log = LoggerFactory.getLogger(Builder.class);
+
+        private String baseUrl;
+        private KeyStore clientKeyStore;
+        private KeyStore.ProtectionParameter clientKeyStoreProtectionParameter;
+        private KeyStore trustKeyStore;
+
+        private int connectTimeoutMs = DEFAULT_CONNECT_TIMEOUT_MS;
+        private int readTimeoutMs = DEFAULT_READ_TIMEOUT_MS;
+        private boolean debug = false;
+        private String userAgent = "cdoc20-client";
+
+
+        private Builder() {
+        }
+
+        /**
+         * Init server base url
+         * @param url server base url, example https://host:8443
+         * @return
+         */
+        public Builder withBaseUrl(String url) {
+            this.baseUrl = url;
+            return this;
+        }
+
+        /**
+         * Client keystore used for mutual TLS
+         * @param clientKS client key store containing client keys for mutual TLS or null, if mTLS is not used
+         * @return
+         */
+        public Builder withClientKeyStore(@Nullable KeyStore clientKS) {
+            this.clientKeyStore = clientKS;
+            return this;
+        }
+
+        public Builder withClientKeyStorePassword(char[] pw) {
+            this.clientKeyStoreProtectionParameter = new KeyStore.PasswordProtection(pw);
+            return this;
+        }
+
+        public Builder withClientKeyStoreProtectionParameter(KeyStore.ProtectionParameter pm) {
+            this.clientKeyStoreProtectionParameter = pm;
+            return this;
+        }
+
+        /**
+         * Set trusted key store for client. KeyStore must be already initialized, example:
+         * <code>
+         * KeyStore trustKeyStore = KeyStore.getInstance("JKS");
+         * trustKeyStore.load(Files.newInputStream(Path.of("clienttruststore.jks")),
+         *                     "passwd".toCharArray());
+         *</code>
+         * @param trustKS initialized trusted key store to be used by TLS
+         * @return
+         */
+        public Builder withTrustKeyStore(KeyStore trustKS) {
+            this.trustKeyStore = trustKS;
+            return this;
+        }
+
+        public Builder withConnectTimeoutMs(int timeout) {
+            this.connectTimeoutMs = timeout;
+            return this;
+        }
+
+        public Builder withReadTimeoutMs(int timeout) {
+            this.readTimeoutMs = timeout;
+            return this;
+        }
+
+        public Builder withUserAgent(String ua) {
+            this.userAgent = ua;
+            return this;
+        }
+
+        public Builder withDebuggingEnabled(boolean enabled) {
+            this.debug = enabled;
+            return this;
+        }
+
+        //basic validation
+        private void validate() {
+            if ((baseUrl == null) || (!baseUrl.startsWith("https://"))) {
+                throw new IllegalStateException("baseUrl " + baseUrl + " cannot be null and must start with https://");
+            }
+
+            if (trustKeyStore == null) {
+                throw new IllegalStateException("TrustKeyStore cannot be null");
+            }
+
+            if (clientKeyStore != null && clientKeyStoreProtectionParameter == null) {
+                throw new IllegalStateException("ClientKeyStoreProtectionParameter cannot be null");
+            }
+        }
+
+        public Cdoc20KeyCapsuleApiClient build() throws GeneralSecurityException {
+            validate();
+
+            final SSLContext finalSslContext = createSslContext();
+            ApiClient apiClient = new ApiClient() {
+                @Override
+                protected void customizeClientBuilder(ClientBuilder clientBuilder) {
+                    if (finalSslContext != null) {
+                        clientBuilder.sslContext(finalSslContext);
+                    }
+                }
+            };
+
+            apiClient.setBasePath(this.baseUrl);
+            apiClient.setConnectTimeout(connectTimeoutMs);
+            apiClient.setReadTimeout(readTimeoutMs);
+
+            apiClient.setDebugging(debug);
+            apiClient.addDefaultHeader("Accept", "application/json");
+            apiClient.selectHeaderAccept(new String[]{"application/json"});
+
+            apiClient.setUserAgent(userAgent);
+
+            return new Cdoc20KeyCapsuleApiClient(new Cdoc20KeyCapsulesApi(apiClient));
+        }
+
+        private SSLContext createSslContext() throws NoSuchAlgorithmException, InvalidAlgorithmParameterException,
+                KeyStoreException, KeyManagementException {
+            SSLContext sslContext;
+            try {
+                TrustManagerFactory trustManagerFactory =
+                        TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
+                trustManagerFactory.init(trustKeyStore);
+
+                sslContext = SSLContext.getInstance("TLSv1.3");
+                sslContext.init(
+                    getClientKeyManager().orElse(null),
+                    trustManagerFactory.getTrustManagers(),
+                    SecureRandom.getInstanceStrong()
+                );
+            } catch (GeneralSecurityException gse) {
+                log.error("Error initializing SSLContext", gse);
+                throw gse;
+            }
+            return sslContext;
+        }
+
+        private Optional<KeyManager[]> getClientKeyManager() throws NoSuchAlgorithmException,
+                InvalidAlgorithmParameterException {
+            if (clientKeyStore == null) {
+                return Optional.empty();
+            }
+
+            KeyManagerFactory clientKeyManagerFactory =
+                KeyManagerFactory.getInstance("PKIX"); //only PKIX supports ManagerFactoryParameters
+            log.debug("client key store type: {}", this.clientKeyStore.getType());
+
+            KeyStore.Builder clientKeyStoreBuilder = ("PKCS11".equals(clientKeyStore.getType()))
+                ? KeyStore.Builder.newInstance("PKCS11",
+                    clientKeyStore.getProvider(), clientKeyStoreProtectionParameter)
+                : KeyStore.Builder.newInstance(clientKeyStore, clientKeyStoreProtectionParameter);
+
+            var params = new KeyStoreBuilderParameters(clientKeyStoreBuilder);
+            clientKeyManagerFactory.init(params);
+            return Optional.of(clientKeyManagerFactory.getKeyManagers());
+        }
+    }
+
+    public static Builder builder() {
+        return new Builder();
+    }
+
+    /**
+     * @param capsule
+     * @return transactionId
+     * @throws ApiException
+     */
+    public String createCapsule(Capsule capsule) throws ApiException {
+
+        Objects.requireNonNull(capsule);
+        Objects.requireNonNull(capsule.getCapsuleType());
+        if (capsule.getCapsuleType() == Capsule.CapsuleTypeEnum.UNKNOWN_DEFAULT_OPEN_API) {
+            throw new IllegalArgumentException("Illegal capsuleType " + capsule.getCapsuleType());
+        }
+        Objects.requireNonNull(capsule.getRecipientId());
+        Objects.requireNonNull(capsule.getEphemeralKeyMaterial());
+
+        ApiResponse<Void> response = capsulesApi.createCapsuleWithHttpInfo(capsule);
+        String locationHeaderValue = null;
+        if (response.getStatusCode() == 201
+                && response.getHeaders() != null
+                && response.getHeaders().containsKey("Location")) {
+
+            List<String> locationHeaders = response.getHeaders().get("Location");
+            // expect exactly 1 Location header
+            if (locationHeaders.size() == 1) {
+                locationHeaderValue = locationHeaders.get(0);
+            }
+        }
+
+        if (locationHeaderValue == null) {
+            log.error("Failed to create ServerEccDetails: {}", response.getStatusCode());
+            throw new ApiException(response.getStatusCode(), "Failed to create EccDetails");
+        }
+        log.debug("Created {}", locationHeaderValue);
+        String[] split = locationHeaderValue.split("/");
+
+        if (split.length == 0) {
+            throw new IllegalArgumentException("transactionId not present in location header");
+        }
+        return split[split.length - 1];
+    }
+
+    /**
+     *
+     * @param id
+     * @return Optional with value, if server returned 200 or empty Optional if 404
+     * @throws ApiException if http response code is something else that 200 or 404
+     */
+    public Optional<Capsule> getCapsule(String id) throws ApiException {
+        if (id == null) {
+            throw new IllegalArgumentException("transactionId cannot be null");
+        }
+
+        ApiResponse<Capsule> response = capsulesApi.getCapsuleByTransactionIdWithHttpInfo(id);
+
+        switch (response.getStatusCode()) {
+            case 200:
+                return Optional.of(response.getData());
+            case 404:
+                return Optional.empty();
+            default:
+                log.error("Unexpected status code {}", response.getStatusCode());
+                throw new ApiException("Unexpected status code " + response.getStatusCode());
+        }
+    }
+
+}
diff --git a/cdoc20-lib/README.md b/cdoc20-lib/README.md
new file mode 100644
index 00000000..150f4f17
--- /dev/null
+++ b/cdoc20-lib/README.md
@@ -0,0 +1,6 @@
+## CDOC 2.0 library
+
+
+##Usage
+
+For usage examples see `test/java/ee/cyber/cdoc20/EnvelopeTest.java` or `cdoc20-cli` module
\ No newline at end of file
diff --git a/cdoc20-lib/ldap.README b/cdoc20-lib/ldap.README
new file mode 100644
index 00000000..8b901a2f
--- /dev/null
+++ b/cdoc20-lib/ldap.README
@@ -0,0 +1,9 @@
+ldapsearch -H ldaps://esteid.ldap.sk.ee/ -x -b "c=EE" "(cn=KUSMAN,JANNO,37903130370)"
+
+ldapsearch -H ldaps://esteid.ldap.sk.ee/ -x -b "dc=ESTEID,c=EE" "(serialNumber=PNOEE-38207162766)"
+
+Certificate type (digi-id vs id-kaart)
+https://github.com/open-eid/DigiDoc4-Client/blob/f4298ad9d2fbb40cffc488bed6cf1d3116dff450/client/SslCertificate.cpp#L302
+https://github.com/open-eid/DigiDoc4-Client/blob/master/client/dialogs/AddRecipients.cpp#L474
+
+ldapsearch -H ldaps://esteid.ldap.sk.ee/ -x -b "dc=ESTEID,c=EE" "(serialNumber=PNOEE-38207162766)"
\ No newline at end of file
diff --git a/cdoc20-lib/pkcs11.README b/cdoc20-lib/pkcs11.README
new file mode 100644
index 00000000..48e76fe7
--- /dev/null
+++ b/cdoc20-lib/pkcs11.README
@@ -0,0 +1,169 @@
+https://docs.oracle.com/en/java/javase/17/security/pkcs11-reference-guide1.html#GUID-D3EF9023-7DDC-435D-9186-D2FD05674777
+Table 5-3 Supported algorithms
+
+
+https://docs.oracle.com/en/java/javase/17/security/pkcs11-reference-guide1.html#GUID-C4ABFACB-B2C9-4E71-A313-79F881488BB9
+Table 5-1
+
+
+cat /etc/opensc/opensc-java.cfg
+name=OpenSC
+library=/usr/lib/x86_64-linux-gnu/opensc-pkcs11.so
+slot=0
+attributes(*,CKO_SECRET_KEY,*) = {
+CKA_TOKEN = false
+}
+
+
+
+
+
+pkcs15-tool --dump
+
+
+
+keytool 
+-providerclass sun.security.pkcs11.SunPKCS11 
+-providerarg /etc/opensc/opensc-java.cfg 
+-keystore NONE
+-J-Djava.security.debug=sunpkcs11
+-storetype PKCS11 
+-list 
+
+jkusman@cn-3615:/etc/opensc$ keytool -providerclass sun.security.pkcs11.SunPKCS11 -providerarg /etc/opensc/opensc-java.cfg -keystore NONE -storetype PKCS11 -list -J-Djava.security.debug=sunpkcs11
+SunPKCS11 loading /etc/opensc/opensc-java.cfg
+sunpkcs11: Initializing PKCS#11 library /usr/lib/x86_64-linux-gnu/opensc-pkcs11.so
+Information for provider SunPKCS11-OpenSC
+Library info:
+cryptokiVersion: 2.20
+manufacturerID: OpenSC Project                  
+flags: 0
+libraryDescription: OpenSC smartcard framework      
+libraryVersion: 0.22
+All slots: 0, 1
+Slots with tokens: 0, 1
+Slot info for slot 0:
+slotDescription: Alcor Micro AU9560 00 00                                        
+manufacturerID: Generic                         
+flags: CKF_TOKEN_PRESENT | CKF_REMOVABLE_DEVICE | CKF_HW_SLOT
+hardwareVersion: 0.00
+firmwareVersion: 0.00
+Token info for token in slot 0:
+label: KUSMAN,JANNO,37903130370 (PIN1)
+manufacturerID: IDEMIA                          
+model: PKCS#15 emulated
+serialNumber: AB0584325       
+flags: CKF_WRITE_PROTECTED | CKF_LOGIN_REQUIRED | CKF_USER_PIN_INITIALIZED | CKF_TOKEN_INITIALIZED
+ulMaxSessionCount: CK_EFFECTIVELY_INFINITE
+ulSessionCount: 0
+ulMaxRwSessionCount: CK_EFFECTIVELY_INFINITE
+ulRwSessionCount: 0
+ulMaxPinLen: 12
+ulMinPinLen: 4
+ulTotalPublicMemory: CK_UNAVAILABLE_INFORMATION
+ulFreePublicMemory: CK_UNAVAILABLE_INFORMATION
+ulTotalPrivateMemory: CK_UNAVAILABLE_INFORMATION
+ulFreePrivateMemory: CK_UNAVAILABLE_INFORMATION
+hardwareVersion: 0.00
+firmwareVersion: 0.00
+utcTime:
+Mechanism CKM_SHA_1:
+ulMinKeySize: 0
+ulMaxKeySize: 0
+flags: 1024 = CKF_DIGEST
+Mechanism CKM_SHA224:
+ulMinKeySize: 0
+ulMaxKeySize: 0
+flags: 1024 = CKF_DIGEST
+Mechanism CKM_SHA256:
+ulMinKeySize: 0
+ulMaxKeySize: 0
+flags: 1024 = CKF_DIGEST
+Mechanism CKM_SHA384:
+ulMinKeySize: 0
+ulMaxKeySize: 0
+flags: 1024 = CKF_DIGEST
+Mechanism CKM_SHA512:
+ulMinKeySize: 0
+ulMaxKeySize: 0
+flags: 1024 = CKF_DIGEST
+Mechanism CKM_MD5:
+ulMinKeySize: 0
+ulMaxKeySize: 0
+flags: 1024 = CKF_DIGEST
+Mechanism CKM_RIPEMD160:
+ulMinKeySize: 0
+ulMaxKeySize: 0
+flags: 1024 = CKF_DIGEST
+Mechanism CKM_GOSTR3411:
+ulMinKeySize: 0
+ulMaxKeySize: 0
+flags: 1024 = CKF_DIGEST
+Mechanism CKM_ECDSA:
+ulMinKeySize: 384
+ulMaxKeySize: 384
+flags: 25176065 = CKF_HW | CKF_SIGN | CKF_VERIFY | CKF_EC_UNCOMPRESS
+Mechanism CKM_ECDSA_SHA1:
+ulMinKeySize: 384
+ulMaxKeySize: 384
+flags: 10240 = CKF_SIGN | CKF_VERIFY
+Mechanism CKM_ECDSA_SHA224:
+ulMinKeySize: 384
+ulMaxKeySize: 384
+flags: 10240 = CKF_SIGN | CKF_VERIFY
+Mechanism CKM_ECDSA_SHA256:
+ulMinKeySize: 384
+ulMaxKeySize: 384
+flags: 10240 = CKF_SIGN | CKF_VERIFY
+Mechanism CKM_ECDSA_SHA384:
+ulMinKeySize: 384
+ulMaxKeySize: 384
+flags: 10240 = CKF_SIGN | CKF_VERIFY
+Mechanism CKM_ECDSA_SHA512:
+ulMinKeySize: 384
+ulMaxKeySize: 384
+flags: 10240 = CKF_SIGN | CKF_VERIFY
+Mechanism CKM_ECDH1_COFACTOR_DERIVE:
+ulMinKeySize: 384
+ulMaxKeySize: 384
+flags: 25690113 = CKF_HW | CKF_DERIVE | CKF_EC_UNCOMPRESS
+Mechanism CKM_ECDH1_DERIVE:
+ulMinKeySize: 384
+ulMaxKeySize: 384
+flags: 25690113 = CKF_HW | CKF_DERIVE | CKF_EC_UNCOMPRESS
+Enter keystore password:  
+sunpkcs11: login succeeded
+Keystore type: PKCS11
+Keystore provider: SunPKCS11-OpenSC
+
+Your keystore contains 1 entry
+
+Isikutuvastus, PrivateKeyEntry,
+Certificate fingerprint (SHA-256): 7A:51:A1:51:1C:81:FC:9F:D3:91:44:50:A9:5D:1F:DF:5A:DD:18:6A:42:F8:76:7E:45:9A:03:2A:EC:6E:12:3C
+
+
+keytool -providerclass sun.security.pkcs11.SunPKCS11 -providerarg /etc/opensc/opensc-java.cfg -keystore NONE -storetype PKCS11 -list -J-Djava.security.debug=sunpkcs11 -J-Djava.security.debug=pkcs11keystore
+
+Enter keystore password:  
+Token Alias Map:
+Isikutuvastus	type=[private key]
+label=[Isikutuvastus]
+id=0x01
+trusted=[false]
+matched=[true]
+cert=[	subject: SERIALNUMBER=37101010021, GIVENNAME=IGOR, SURNAME=ŽAIKOVSKI, CN="ŽAIKOVSKI,IGOR,37101010021", OU=authentication, O=ESTEID, C=EE
+issuer: CN=TEST of ESTEID-SK 2015, OID.2.5.4.97=NTREE-10747013, O=AS Sertifitseerimiskeskus, C=EE
+serialNum: 119787037079723296282246659404242556136]
+pkcs11keystore: P11KeyStore load. Entry count: 1
+Keystore type: PKCS11
+Keystore provider: SunPKCS11-OpenSC
+
+Your keystore contains 1 entry
+
+Isikutuvastus, PrivateKeyEntry,
+Certificate fingerprint (SHA-256): F2:5F:A3:E8:D0:6C:ED:AE:5D:11:77:C1:35:A2:F3:07:42:9B:4D:3A:3C:E9:B6:EC:7F:3A:E3:F9:6A:76:35:01
+
+
+
+
+
diff --git a/cdoc20-lib/pom.xml b/cdoc20-lib/pom.xml
new file mode 100644
index 00000000..2c0cf745
--- /dev/null
+++ b/cdoc20-lib/pom.xml
@@ -0,0 +1,88 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+    <parent>
+        <artifactId>cdoc20</artifactId>
+        <groupId>ee.cyber.cdoc20</groupId>
+        <version>0.6.0-SNAPSHOT</version>
+    </parent>
+    <modelVersion>4.0.0</modelVersion>
+
+    <artifactId>cdoc20-lib</artifactId>
+
+    <properties>
+        <maven.compiler.source>17</maven.compiler.source>
+        <maven.compiler.target>17</maven.compiler.target>
+        <sonar.coverage.jacoco.xmlReportPaths>${project.basedir}/../cdoc20-lib/target/site/jacoco-aggregate/jacoco.xml</sonar.coverage.jacoco.xmlReportPaths>
+    </properties>
+
+    <dependencies>
+        <dependency>
+            <groupId>ee.cyber.cdoc20</groupId>
+            <artifactId>cdoc20-schema</artifactId>
+            <version>0.6.0-SNAPSHOT</version>
+        </dependency>
+
+        <dependency>
+            <groupId>ee.cyber.cdoc20</groupId>
+            <artifactId>cdoc20-client</artifactId>
+            <version>0.6.0-SNAPSHOT</version>
+        </dependency>
+
+
+        <dependency>
+            <groupId>org.junit.jupiter</groupId>
+            <artifactId>junit-jupiter</artifactId>
+            <scope>test</scope>
+        </dependency>
+
+        <dependency>
+            <groupId>at.favre.lib</groupId>
+            <artifactId>hkdf</artifactId>
+            <version>1.1.0</version>
+        </dependency>
+        <!-- bc.jar 5.6MB -->
+        <dependency>
+            <groupId>org.bouncycastle</groupId>
+            <artifactId>bcpkix-jdk15on</artifactId>
+            <version>${bouncycastle.version}</version>
+        </dependency>
+
+        <dependency>
+            <groupId>ch.qos.logback</groupId>
+            <artifactId>logback-classic</artifactId>
+            <version>${logback-classic.version}</version>
+        </dependency>
+
+        <!-- tar and zlib -->
+        <dependency>
+            <groupId>org.apache.commons</groupId>
+            <artifactId>commons-compress</artifactId>
+            <version>1.20</version>
+        </dependency>
+        <dependency>
+            <groupId>org.mockito</groupId>
+            <artifactId>mockito-junit-jupiter</artifactId>
+            <version>4.0.0</version>
+            <scope>test</scope>
+        </dependency>
+
+    </dependencies>
+
+    <build>
+        <plugins>
+            <plugin>
+                <!-- compile tests as a jar for use by sibling projects -->
+                <groupId>org.apache.maven.plugins</groupId>
+                <artifactId>maven-jar-plugin</artifactId>
+                <version>3.2.2</version>
+                <executions>
+                    <execution>
+                        <goals>
+                            <goal>test-jar</goal>
+                        </goals>
+                    </execution>
+                </executions>
+            </plugin>
+        </plugins>
+    </build>
+</project>
diff --git a/cdoc20-lib/src/main/java/ee/cyber/cdoc20/CDocBuilder.java b/cdoc20-lib/src/main/java/ee/cyber/cdoc20/CDocBuilder.java
new file mode 100644
index 00000000..2810a629
--- /dev/null
+++ b/cdoc20-lib/src/main/java/ee/cyber/cdoc20/CDocBuilder.java
@@ -0,0 +1,183 @@
+package ee.cyber.cdoc20;
+
+import ee.cyber.cdoc20.client.KeyCapsuleClientImpl;
+import ee.cyber.cdoc20.container.Envelope;
+import ee.cyber.cdoc20.crypto.Crypto;
+import ee.cyber.cdoc20.crypto.ECKeys;
+import ee.cyber.cdoc20.crypto.EllipticCurve;
+import java.io.File;
+import java.io.IOException;
+import java.io.OutputStream;
+
+import ee.cyber.cdoc20.crypto.EncryptionKeyMaterial;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import javax.crypto.SecretKey;
+import java.nio.file.FileAlreadyExistsException;
+import java.nio.file.Files;
+import java.nio.file.OpenOption;
+import java.nio.file.StandardOpenOption;
+import java.security.GeneralSecurityException;
+import java.security.NoSuchAlgorithmException;
+import java.security.PublicKey;
+import java.security.interfaces.ECPublicKey;
+import java.security.interfaces.RSAPublicKey;
+import java.util.Base64;
+import java.util.LinkedList;
+import java.util.List;
+import java.util.Properties;
+
+
+/**
+ * CDocBuilder for building CDOCs using EC (secp384r1) or RSA public keys.
+ */
+public class CDocBuilder {
+    private static final Logger log = LoggerFactory.getLogger(CDocBuilder.class);
+
+    private List<File> payloadFiles;
+    private List<EncryptionKeyMaterial> recipients = new LinkedList<>();
+    private Properties serverProperties;
+
+    public CDocBuilder withPayloadFiles(List<File> files) {
+        this.payloadFiles = files;
+        return this;
+    }
+
+    public CDocBuilder withRecipients(List<EncryptionKeyMaterial> recipientsEncKM) {
+        this.recipients.addAll(recipientsEncKM);
+        return this;
+    }
+
+
+    public CDocBuilder withServerProperties(Properties p) {
+        this.serverProperties = p;
+        return this;
+    }
+
+    public void buildToFile(File outputCDocFile) throws CDocException, IOException, CDocValidationException {
+        if (outputCDocFile == null) {
+            throw new CDocValidationException("Must provide CDOC output filename ");
+        }
+
+        OpenOption openOption = (CDocConfiguration.isOverWriteAllowed())
+                ? StandardOpenOption.CREATE
+                : StandardOpenOption.CREATE_NEW;
+        if (!CDocConfiguration.isOverWriteAllowed() && Files.exists(outputCDocFile.toPath())) {
+            log.info("File {} already exists.", outputCDocFile.toPath().toAbsolutePath());
+            throw new FileAlreadyExistsException(outputCDocFile.toPath().toAbsolutePath().toString());
+        }
+
+        try (OutputStream outputStream = Files.newOutputStream(outputCDocFile.toPath(), openOption)) {
+            buildToOutputStream(outputStream);
+        } catch (Exception ex) {
+            log.info("Failed to create {}. Exception: {}", outputCDocFile, ex.getMessage());
+            try {
+                boolean deleted = Files.deleteIfExists(outputCDocFile.toPath());
+                if (deleted) {
+                    log.info("Deleted {}", outputCDocFile);
+                }
+
+            } catch (IOException ioException) {
+                log.error("Error when deleting {} {}", outputCDocFile, ioException);
+            }
+            throw ex;
+        }
+    }
+
+    public void buildToOutputStream(OutputStream outputStream)
+            throws CDocException, CDocValidationException, IOException {
+        validate();
+
+        try {
+            Envelope envelope;
+            if (serverProperties == null) {
+                envelope = Envelope.prepare(recipients, null);
+            } else {
+                // for encryption, do not init mTLS client as this might require smart-card
+                envelope = Envelope.prepare(recipients, KeyCapsuleClientImpl.create(serverProperties, false));
+            }
+            envelope.encrypt(this.payloadFiles, outputStream);
+        } catch (GeneralSecurityException ex) {
+            throw new CDocException(ex);
+        }
+    }
+
+    public void validate() throws CDocValidationException {
+        validateRecipients();
+        validatePayloadFiles();
+    }
+
+    void validateRecipients() throws CDocValidationException {
+        if (this.recipients == null || this.recipients.isEmpty()) {
+            throw new CDocValidationException("Must provide at least one recipient");
+        }
+
+        for (EncryptionKeyMaterial keyMaterial: recipients) {
+
+            if (keyMaterial.getKey() instanceof PublicKey) {
+                PublicKey publicKey = (PublicKey) keyMaterial.getKey();
+
+                if ("EC".equals(publicKey.getAlgorithm())) {
+                    ECPublicKey recipientPubKey = (ECPublicKey) publicKey;
+                    String encoded = Base64.getEncoder().encodeToString(recipientPubKey.getEncoded());
+                    try {
+                        String oid = ECKeys.getCurveOid(recipientPubKey);
+                        EllipticCurve curve;
+                        try {
+                            curve = EllipticCurve.forOid(oid);
+                        } catch (NoSuchAlgorithmException noSuchAlgorithmException) {
+                            log.error("EC pub key curve ({}) is not supported. EC public key={}",
+                                    oid, encoded);
+                            throw new CDocValidationException("Invalid recipient key with key " + oid);
+                        }
+
+                        if (!curve.isValidKey(recipientPubKey)) {
+                            log.error("EC pub key is not valid for curve {}. EC public key={}",
+                                    curve.getName(), encoded);
+                            throw new CDocValidationException("Recipient key not valid");
+                        }
+                    } catch (GeneralSecurityException gse) {
+                        throw new CDocValidationException("Invalid recipient " + encoded, gse);
+                    }
+                } else if ("RSA".equals(publicKey.getAlgorithm())) {
+                    // all RSA keys are considered good. Shorter will fail during encryption as OAEP takes some space
+                    RSAPublicKey rsaPublicKey = (RSAPublicKey) publicKey;
+                    // no good way to check RSA key length as BigInteger can start with 00 and that changes bit-length
+                    if (rsaPublicKey.getModulus().bitLength() <= 512) {
+                        throw new CDocValidationException("RSA key does not meet length requirements");
+                    }
+                } else {
+                    log.error("Unsupported public key alg {} for key {}",
+                            publicKey.getAlgorithm(), keyMaterial.getLabel());
+                    throw new CDocValidationException("Unsupported public key alg " + publicKey.getAlgorithm()
+                            + "for key " + keyMaterial.getLabel());
+                }
+
+            } else if (keyMaterial.getKey() instanceof SecretKey) {
+                if ((keyMaterial.getKey().getEncoded() == null)
+                        || (keyMaterial.getKey().getEncoded().length < Crypto.SYMMETRIC_KEY_MIN_LEN_BYTES)) {
+                    throw new CDocValidationException("Too short key for label: " + keyMaterial.getLabel());
+                }
+            } else {
+                log.error("Unsupported key {} type: {}", keyMaterial.getLabel(), keyMaterial.getKey().getClass());
+                throw new CDocValidationException("Unsupported key " + keyMaterial.getLabel());
+            }
+
+        }
+    }
+
+    void validatePayloadFiles() throws CDocValidationException {
+        if (payloadFiles == null || payloadFiles.isEmpty()) {
+            log.error("Must contain at least one payload file");
+            throw new CDocValidationException("Must contain at least one payload file");
+        }
+
+        for (File file: payloadFiles) {
+            if (!(file.exists() && file.isFile() && file.canRead())) {
+                log.error("Invalid payload file {}", file);
+                throw new CDocValidationException("Invalid payload file " + file);
+            }
+        }
+    }
+}
diff --git a/cdoc20-lib/src/main/java/ee/cyber/cdoc20/CDocConfiguration.java b/cdoc20-lib/src/main/java/ee/cyber/cdoc20/CDocConfiguration.java
new file mode 100644
index 00000000..0dec9ae0
--- /dev/null
+++ b/cdoc20-lib/src/main/java/ee/cyber/cdoc20/CDocConfiguration.java
@@ -0,0 +1,46 @@
+package ee.cyber.cdoc20;
+
+public final class CDocConfiguration {
+
+    private CDocConfiguration() {
+    }
+    /** Overwrite PKCS11 library location e.g /usr/local/lib/opensc-pkcs11.so */
+    public static final String PKCS11_LIBRARY_PROPERTY = "pkcs11-library";
+
+    /** Provider name that provides KeyStore.PKCS11, usually SunPKCS11-...*/
+    public static final String PKCS11_PROVIDER_SYSTEM_PROPERTY = "ee.cyber.cdoc20.pkcs11.name";
+
+    /** If files overwrite is allowed */
+    public static final String OVERWRITE_PROPERTY = "ee.cyber.cdoc20.overwrite";
+
+    // by default files overwrite is not allowed
+    public static final boolean DEFAULT_OVERWRITE = false;
+
+
+
+    public static final String TAR_ENTRIES_THRESHOLD_PROPERTY = "ee.cyber.cdoc20.tarEntriesThreshold";
+
+
+    public static final String GZIP_COMPRESSION_THRESHOLD_PROPERTY = "ee.cyber.cdoc20.compressionThreshold";
+
+
+    public static final String DISK_USAGE_THRESHOLD_PROPERTY = "ee.cyber.cdoc20.maxDiskUsagePercentage";
+
+    public static boolean isOverWriteAllowed() {
+        boolean overwrite = DEFAULT_OVERWRITE;
+        if (System.getProperties().containsKey(OVERWRITE_PROPERTY)) {
+            String overwriteStr = System.getProperty(OVERWRITE_PROPERTY);
+
+            if (overwriteStr != null) {
+                //only "true" is considered as true
+                overwrite = Boolean.parseBoolean(overwriteStr);
+            }
+        }
+        return overwrite;
+
+    }
+
+
+    // for running on highDP display
+    //-Dsun.java2d.uiScale=2.0
+}
diff --git a/cdoc20-lib/src/main/java/ee/cyber/cdoc20/CDocDecrypter.java b/cdoc20-lib/src/main/java/ee/cyber/cdoc20/CDocDecrypter.java
new file mode 100644
index 00000000..29d02716
--- /dev/null
+++ b/cdoc20-lib/src/main/java/ee/cyber/cdoc20/CDocDecrypter.java
@@ -0,0 +1,113 @@
+package ee.cyber.cdoc20;
+
+import ee.cyber.cdoc20.container.CDocParseException;
+import ee.cyber.cdoc20.container.Envelope;
+import ee.cyber.cdoc20.client.KeyCapsuleClientFactory;
+import ee.cyber.cdoc20.crypto.DecryptionKeyMaterial;
+import org.apache.commons.compress.archivers.ArchiveEntry;
+
+import java.io.*;
+import java.security.GeneralSecurityException;
+import java.security.KeyPair;
+import java.util.List;
+
+public class CDocDecrypter {
+
+    private DecryptionKeyMaterial recipientKeyMaterial;
+    private InputStream cDocInputStream;
+    private File destinationDirectory;
+
+    private File cDocFile;
+
+    private List<String> filesToExtract;
+
+    private KeyCapsuleClientFactory keyServerClientFactory;
+
+    @SuppressWarnings("checkstyle:HiddenField")
+    public CDocDecrypter withRecipient(KeyPair recipientKeyPair) {
+        this.recipientKeyMaterial = DecryptionKeyMaterial.fromKeyPair(recipientKeyPair);
+        return this;
+    }
+
+    public CDocDecrypter withRecipient(DecryptionKeyMaterial decryptionKeyMaterial) {
+        this.recipientKeyMaterial = decryptionKeyMaterial;
+        return this;
+    }
+
+    @SuppressWarnings("checkstyle:HiddenField")
+    public CDocDecrypter withCDoc(File cDocFile) throws FileNotFoundException {
+        this.cDocFile = cDocFile;
+        this.cDocInputStream = new FileInputStream(cDocFile);
+        return this;
+    }
+
+    @SuppressWarnings("checkstyle:HiddenField")
+    public CDocDecrypter withDestinationDirectory(File destinationDirectory) {
+        this.destinationDirectory = destinationDirectory;
+        return this;
+    }
+
+    @SuppressWarnings("checkstyle:HiddenField")
+    public CDocDecrypter withFilesToExtract(List<String> filesToExtract) {
+        this.filesToExtract = filesToExtract;
+        return this;
+    }
+
+    public CDocDecrypter withKeyServers(KeyCapsuleClientFactory clientFactory) {
+        this.keyServerClientFactory = clientFactory;
+        return this;
+    }
+
+    public List<String> decrypt() throws IOException, CDocException, CDocValidationException {
+        validate(true);
+
+        try {
+            if ((filesToExtract == null) || (filesToExtract.isEmpty())) {
+                return Envelope.decrypt(cDocInputStream, recipientKeyMaterial, destinationDirectory.toPath(),
+                        keyServerClientFactory);
+            } else {
+                return Envelope.decrypt(cDocInputStream, recipientKeyMaterial, destinationDirectory.toPath(),
+                        filesToExtract, keyServerClientFactory);
+            }
+        } catch (GeneralSecurityException | CDocParseException ex) {
+            String fileName = (cDocFile != null) ? cDocFile.getAbsolutePath() : "";
+            throw new CDocException("Error decrypting " + fileName, ex);
+        }
+    }
+
+    /**
+     * List file names in CDoc.
+     * @return List of files in cDocFile
+     */
+    public List<ArchiveEntry> list() throws IOException, CDocException, CDocValidationException {
+        validate(false);
+        try {
+            return Envelope.list(cDocInputStream, recipientKeyMaterial, keyServerClientFactory);
+        } catch (GeneralSecurityException | CDocParseException ex) {
+            String fileName = (cDocFile != null) ? cDocFile.getAbsolutePath() : "";
+            throw new CDocException("Error decrypting " + fileName, ex);
+        }
+    }
+
+    public void validate(boolean extract) throws CDocValidationException {
+        if (cDocFile == null) {
+            throw new CDocValidationException("Must provide CDOC input file");
+        }
+
+        if (extract && (destinationDirectory == null)) {
+            throw new CDocValidationException("Must provide CDOC destination directory");
+        }
+
+        if (extract && (!destinationDirectory.exists()
+                || !destinationDirectory.isDirectory()
+                || !destinationDirectory.canWrite())) {
+            throw new CDocValidationException("Destination directory " + destinationDirectory + " is not writable");
+        }
+
+        if (recipientKeyMaterial == null) {
+            throw new CDocValidationException("Must provide decryption key material");
+        }
+    }
+
+
+}
diff --git a/cdoc20-lib/src/main/java/ee/cyber/cdoc20/CDocException.java b/cdoc20-lib/src/main/java/ee/cyber/cdoc20/CDocException.java
new file mode 100644
index 00000000..35fc8009
--- /dev/null
+++ b/cdoc20-lib/src/main/java/ee/cyber/cdoc20/CDocException.java
@@ -0,0 +1,16 @@
+package ee.cyber.cdoc20;
+
+
+public class CDocException extends Exception {
+    public CDocException(String msg) {
+        super(msg);
+    }
+
+    public CDocException(Throwable t) {
+        super(t);
+    }
+
+    public CDocException(String msg, Throwable cause) {
+        super(msg, cause);
+    }
+}
diff --git a/cdoc20-lib/src/main/java/ee/cyber/cdoc20/CDocUserException.java b/cdoc20-lib/src/main/java/ee/cyber/cdoc20/CDocUserException.java
new file mode 100644
index 00000000..320c6462
--- /dev/null
+++ b/cdoc20-lib/src/main/java/ee/cyber/cdoc20/CDocUserException.java
@@ -0,0 +1,31 @@
+package ee.cyber.cdoc20;
+
+/**
+ * CDOC 2.0 exception with error code.
+ */
+public class CDocUserException extends RuntimeException {
+    private final UserErrorCode errorCode;
+
+    /**
+     * Constructor
+     *
+     * @param code the error code
+     * @param message the error message
+     */
+    public CDocUserException(UserErrorCode code, String message) {
+        super(message);
+        this.errorCode = code;
+    }
+
+    /**
+     * @return the error code
+     */
+    public UserErrorCode getErrorCode() {
+        return this.errorCode;
+    }
+
+    @Override
+    public String toString() {
+        return String.format("errorCode: %s, errorMessage: %s", this.errorCode, this.getMessage());
+    }
+}
diff --git a/cdoc20-lib/src/main/java/ee/cyber/cdoc20/CDocValidationException.java b/cdoc20-lib/src/main/java/ee/cyber/cdoc20/CDocValidationException.java
new file mode 100644
index 00000000..507bf2b8
--- /dev/null
+++ b/cdoc20-lib/src/main/java/ee/cyber/cdoc20/CDocValidationException.java
@@ -0,0 +1,12 @@
+package ee.cyber.cdoc20;
+
+public class CDocValidationException extends Exception {
+
+    public CDocValidationException(String msg) {
+        super(msg);
+    }
+
+    public CDocValidationException(String msg, Throwable cause) {
+        super(msg, cause);
+    }
+}
diff --git a/cdoc20-lib/src/main/java/ee/cyber/cdoc20/UserErrorCode.java b/cdoc20-lib/src/main/java/ee/cyber/cdoc20/UserErrorCode.java
new file mode 100644
index 00000000..54b5ff7c
--- /dev/null
+++ b/cdoc20-lib/src/main/java/ee/cyber/cdoc20/UserErrorCode.java
@@ -0,0 +1,38 @@
+package ee.cyber.cdoc20;
+
+/**
+ * Error codes for displaying to the end-user.
+ *
+ */
+public enum UserErrorCode {
+
+    /**
+     * The key server specified in the CDOC 2.0 document was not found in the configured server list.
+     */
+    SERVER_NOT_FOUND,
+
+    /**
+     * A network error occurred.
+     */
+    NETWORK_ERROR,
+
+    /**
+     * Wrong pin entered.
+     */
+    WRONG_PIN,
+
+    /**
+     * The pin is locked.
+     */
+    PIN_LOCKED,
+
+    /**
+     * The smart card is not present.
+     */
+    SMART_CARD_NOT_PRESENT,
+
+    /**
+     * The user cancelled the operation.
+     */
+    USER_CANCEL;
+}
diff --git a/cdoc20-lib/src/main/java/ee/cyber/cdoc20/client/EcCapsuleClient.java b/cdoc20-lib/src/main/java/ee/cyber/cdoc20/client/EcCapsuleClient.java
new file mode 100644
index 00000000..9eefc8e2
--- /dev/null
+++ b/cdoc20-lib/src/main/java/ee/cyber/cdoc20/client/EcCapsuleClient.java
@@ -0,0 +1,23 @@
+package ee.cyber.cdoc20.client;
+
+import java.security.interfaces.ECPublicKey;
+import java.util.Optional;
+
+public interface EcCapsuleClient extends ServerClient {
+    /**
+     * Store senderKey in server
+     * @param receiverKey recipient key
+     * @param senderKey sender key
+     * @return transactionId to retrieve senderKey from the server
+     * @throws ExtApiException if error happens
+     */
+    String storeSenderKey(ECPublicKey receiverKey, ECPublicKey senderKey) throws ExtApiException;
+
+    /**
+     * Retrieve previously stored sender key using transaction id
+     * @param transactionId transaction id returned by #storeSenderKey method
+     * @return Sender key stored under transactionId or empty Optional if key was not found for transactionId
+     * @throws ExtApiException if error happens
+     */
+    Optional<ECPublicKey> getSenderKey(String transactionId) throws ExtApiException;
+}
diff --git a/cdoc20-lib/src/main/java/ee/cyber/cdoc20/client/EcCapsuleClientImpl.java b/cdoc20-lib/src/main/java/ee/cyber/cdoc20/client/EcCapsuleClientImpl.java
new file mode 100644
index 00000000..e1a89d40
--- /dev/null
+++ b/cdoc20-lib/src/main/java/ee/cyber/cdoc20/client/EcCapsuleClientImpl.java
@@ -0,0 +1,81 @@
+package ee.cyber.cdoc20.client;
+
+import ee.cyber.cdoc20.client.model.Capsule;
+import ee.cyber.cdoc20.crypto.ECKeys;
+import ee.cyber.cdoc20.crypto.EllipticCurve;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import java.nio.ByteBuffer;
+import java.security.GeneralSecurityException;
+import java.security.interfaces.ECPublicKey;
+import java.util.Optional;
+
+public class EcCapsuleClientImpl implements EcCapsuleClient {
+    private static final Logger log = LoggerFactory.getLogger(EcCapsuleClientImpl.class);
+
+    private final KeyCapsuleClient keyCapsulesClient;
+
+    public EcCapsuleClientImpl(KeyCapsuleClient keyCapsulesClient) {
+        this.keyCapsulesClient = keyCapsulesClient;
+    }
+
+    @Override
+    public String storeSenderKey(ECPublicKey receiverKey, ECPublicKey senderKey) throws ExtApiException {
+
+        EllipticCurve curve;
+        try {
+            curve = EllipticCurve.forPubKey(receiverKey);
+            EllipticCurve senderCurve = EllipticCurve.forPubKey(senderKey);
+
+            if (curve != senderCurve) {
+                throw new IllegalArgumentException("receiverKey and senderKey curves do not match");
+            }
+        } catch (GeneralSecurityException gse) {
+            log.error(gse.toString(), gse);
+            throw new ExtApiException(gse);
+        }
+
+        if (EllipticCurve.SECP384R1 != curve) {
+            // API doesn't support other curves beside secp384r1
+            throw new IllegalArgumentException("Unsupported EC curve " + curve);
+        }
+
+        Capsule capsule = new Capsule()
+                .capsuleType(Capsule.CapsuleTypeEnum.ECC_SECP384R1)
+                .recipientId(ECKeys.encodeEcPubKeyForTls(curve, receiverKey))
+                .ephemeralKeyMaterial(ECKeys.encodeEcPubKeyForTls(curve, senderKey));
+
+        return keyCapsulesClient.storeCapsule(capsule);
+    }
+
+    @Override
+    public Optional<ECPublicKey> getSenderKey(String transactionId) throws ExtApiException {
+
+        try {
+            Optional<Capsule> capsuleOptional = keyCapsulesClient.getCapsule(transactionId);
+            if (capsuleOptional.isPresent()) {
+                Capsule capsule = capsuleOptional.get();
+
+                if (Capsule.CapsuleTypeEnum.ECC_SECP384R1 != capsule.getCapsuleType()) {
+                    throw new ExtApiException("Unsupported capsule type " + capsule.getCapsuleType());
+                }
+
+                return Optional.of(
+                    EllipticCurve.SECP384R1.decodeFromTls(ByteBuffer.wrap(capsule.getEphemeralKeyMaterial()))
+                );
+            }
+
+            return Optional.empty();
+
+        } catch (GeneralSecurityException gse) {
+            log.error("Error decoding key server response", gse);
+            throw new ExtApiException(gse);
+        }
+    }
+
+    @Override
+    public String getServerIdentifier() {
+        return keyCapsulesClient.getServerIdentifier();
+    }
+}
diff --git a/cdoc20-lib/src/main/java/ee/cyber/cdoc20/client/ExtApiException.java b/cdoc20-lib/src/main/java/ee/cyber/cdoc20/client/ExtApiException.java
new file mode 100644
index 00000000..faea14a6
--- /dev/null
+++ b/cdoc20-lib/src/main/java/ee/cyber/cdoc20/client/ExtApiException.java
@@ -0,0 +1,24 @@
+package ee.cyber.cdoc20.client;
+
+import ee.cyber.cdoc20.CDocException;
+
+/**
+ * ExtApiException indicates that calling external API has failed. Similar to generated
+ * ee.cyber.cdoc20.client.api.ApiException, that can change when underlying implementing framework (jersey2 or others)
+ * is changed. The purpose of current class is keep the method signatures same even, when underlying implementation is
+ * swapped.
+ */
+public class ExtApiException extends CDocException {
+    public ExtApiException(String msg) {
+        super(msg);
+    }
+
+    public ExtApiException(Throwable t) {
+        super(t);
+    }
+
+    public ExtApiException(String msg, Throwable cause) {
+        super(msg, cause);
+    }
+
+}
diff --git a/cdoc20-lib/src/main/java/ee/cyber/cdoc20/client/KeyCapsuleClient.java b/cdoc20-lib/src/main/java/ee/cyber/cdoc20/client/KeyCapsuleClient.java
new file mode 100644
index 00000000..563d767c
--- /dev/null
+++ b/cdoc20-lib/src/main/java/ee/cyber/cdoc20/client/KeyCapsuleClient.java
@@ -0,0 +1,14 @@
+package ee.cyber.cdoc20.client;
+
+import ee.cyber.cdoc20.client.model.Capsule;
+import java.util.Optional;
+
+/**
+ * Generic capsule client
+ */
+public interface KeyCapsuleClient extends ServerClient {
+
+    String storeCapsule(Capsule capsule) throws ExtApiException;
+
+    Optional<Capsule> getCapsule(String id) throws ExtApiException;
+}
diff --git a/cdoc20-lib/src/main/java/ee/cyber/cdoc20/client/KeyCapsuleClientFactory.java b/cdoc20-lib/src/main/java/ee/cyber/cdoc20/client/KeyCapsuleClientFactory.java
new file mode 100644
index 00000000..10dfe1fe
--- /dev/null
+++ b/cdoc20-lib/src/main/java/ee/cyber/cdoc20/client/KeyCapsuleClientFactory.java
@@ -0,0 +1,14 @@
+package ee.cyber.cdoc20.client;
+
+import ee.cyber.cdoc20.CDocUserException;
+
+public interface KeyCapsuleClientFactory {
+    /**
+     * Get Key server client
+     * @param serverId unique server identifier
+     * @return key server client or null if serverId was unknown
+     * @throws CDocUserException when the requested server is not found
+     */
+    KeyCapsuleClient getForId(String serverId) throws CDocUserException;
+
+}
diff --git a/cdoc20-lib/src/main/java/ee/cyber/cdoc20/client/KeyCapsuleClientImpl.java b/cdoc20-lib/src/main/java/ee/cyber/cdoc20/client/KeyCapsuleClientImpl.java
new file mode 100644
index 00000000..84d466fe
--- /dev/null
+++ b/cdoc20-lib/src/main/java/ee/cyber/cdoc20/client/KeyCapsuleClientImpl.java
@@ -0,0 +1,330 @@
+package ee.cyber.cdoc20.client;
+
+import ee.cyber.cdoc20.CDocConfiguration;
+import ee.cyber.cdoc20.CDocUserException;
+import ee.cyber.cdoc20.UserErrorCode;
+import ee.cyber.cdoc20.client.model.Capsule;
+import ee.cyber.cdoc20.crypto.Pkcs11Tools;
+import ee.cyber.cdoc20.util.Resources;
+import java.io.IOException;
+import java.security.GeneralSecurityException;
+import java.security.KeyStore;
+import java.security.KeyStoreException;
+import java.security.NoSuchAlgorithmException;
+import java.security.cert.Certificate;
+import java.security.cert.CertificateException;
+import java.util.Objects;
+import java.util.Optional;
+import java.util.Properties;
+import javax.annotation.Nullable;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+/**
+ * KeyCapsuleClient initialization from properties file.
+ */
+public final class KeyCapsuleClientImpl implements KeyCapsuleClient, KeyCapsuleClientFactory {
+    private static final Logger log = LoggerFactory.getLogger(KeyCapsuleClientImpl.class);
+
+    private final String serverId;
+    private final Cdoc20KeyCapsuleApiClient postClient; // TLS client
+    private final Cdoc20KeyCapsuleApiClient getClient; // mTLS client
+    @Nullable
+    private KeyStore clientKeyStore; //initialised only from #create(Properties)
+
+    private KeyCapsuleClientImpl(String serverIdentifier, Cdoc20KeyCapsuleApiClient postClient,
+          Cdoc20KeyCapsuleApiClient getClient, @Nullable KeyStore clientKeyStore) {
+        this.serverId = serverIdentifier;
+        this.postClient = postClient;
+        this.getClient = getClient;
+        this.clientKeyStore = clientKeyStore;
+    }
+
+    public static KeyCapsuleClient create(String serverIdentifier,
+                                           Cdoc20KeyCapsuleApiClient postClient,
+                                           Cdoc20KeyCapsuleApiClient getClient) {
+        return new KeyCapsuleClientImpl(serverIdentifier, postClient, getClient, null);
+    }
+
+    public static KeyCapsuleClient create(Properties p) throws GeneralSecurityException, IOException {
+        return create(p, true);
+    }
+
+    /**
+     * Create KeyCapsulesClient from properties file
+     * @param p properties
+     * @param initMutualTlsClient if false then mutual TLS (get-server) client is not initialized.
+     *            Useful, when client is only used for creating KeyCapsules (encryption). Initializing mTLS client may
+     *            require special hardware (smart-card or crypto token) and/or interaction with the user.
+     * <p>
+     *            If false and {@link KeyCapsuleClient#getCapsule(String)} is called, then IllegalStateException is
+     *            thrown.
+     * @return KeyCapsulesClient
+     * @throws GeneralSecurityException
+     * @throws IOException
+     */
+    public static KeyCapsuleClient create(Properties p, boolean initMutualTlsClient)
+            throws GeneralSecurityException, IOException {
+
+        String serverId = p.getProperty("cdoc20.client.server.id");
+
+        Cdoc20KeyCapsuleApiClient.Builder builder = Cdoc20KeyCapsuleApiClient.builder()
+                .withTrustKeyStore(loadTrustKeyStore(p));
+
+        getInteger(p, "cdoc20.client.server.connect-timeout")
+                .ifPresent(builder::withConnectTimeoutMs);
+        getInteger(p, "cdoc20.client.server.read-timeout")
+                .ifPresent(builder::withReadTimeoutMs);
+        getBoolean(p, "cdoc20.client.server.debug")
+                .ifPresent(builder::withDebuggingEnabled);
+
+        String postBaseUrl = p.getProperty("cdoc20.client.server.base-url.post");
+        String getBaseUrl = p.getProperty("cdoc20.client.server.base-url.get");
+
+        // postClient can be configured with client key store,
+        Cdoc20KeyCapsuleApiClient postClient = builder
+                .withBaseUrl(postBaseUrl)
+                .build();
+
+        // client key store configuration required
+        Cdoc20KeyCapsuleApiClient getClient = null;
+        KeyStore clientKeyStore = null;
+        if (initMutualTlsClient) {
+            clientKeyStore = loadClientKeyStore(p);
+            getClient = builder
+                    .withClientKeyStore(clientKeyStore)
+                    .withClientKeyStoreProtectionParameter(loadClientKeyStoreProtectionParamater(p))
+                    .withBaseUrl(getBaseUrl)
+                    .build();
+        }
+
+        return new KeyCapsuleClientImpl(serverId, postClient, getClient, clientKeyStore);
+    }
+
+    public static KeyCapsuleClientFactory createFactory(Properties p) throws GeneralSecurityException, IOException {
+        return (KeyCapsuleClientFactory) create(p);
+    }
+
+    private static KeyStore.ProtectionParameter loadClientKeyStoreProtectionParamater(Properties  p) {
+        String prompt = p.getProperty("cdoc20.client.ssl.client-store-password.prompt");
+        if (prompt != null) {
+            log.debug("Using interactive client KS protection param");
+            return Pkcs11Tools.getKeyStoreProtectionHandler(prompt + ":");
+        }
+
+        String pw = p.getProperty("cdoc20.client.ssl.client-store-password");
+        if (pw != null) {
+            log.debug("Using password for client KS");
+            return new KeyStore.PasswordProtection(pw.toCharArray());
+        }
+
+        return null;
+    }
+
+    /**
+     *
+     * @param p properties to load the key store
+     * @throws KeyStoreException if no Provider supports a KeyStoreSpi implementation for the specified type in
+     *      properties file
+     * @throws IOException – if an I/O error occurs,
+     *      if there is an I/O or format problem with the keystore data,
+     *      if a password is required but not given,
+     *      or if the given password was incorrect. If the error is due to a wrong password,
+     *      the cause of the IOException should be an UnrecoverableKeyException
+     * @return client key store or null if not defined in properties
+     * @KeyStoreException
+     * @IOException
+     */
+    @Nullable
+    private static KeyStore loadClientKeyStore(Properties p) throws KeyStoreException, IOException,
+            CertificateException, NoSuchAlgorithmException {
+
+        KeyStore clientKeyStore;
+        String type = p.getProperty("cdoc20.client.ssl.client-store.type", null);
+
+        if (null == type) {
+            return null;
+        }
+
+        if ("PKCS12".equalsIgnoreCase(type)) {
+            clientKeyStore = KeyStore.getInstance(type);
+
+            String clientStoreFile = p.getProperty("cdoc20.client.ssl.client-store");
+            String passwd = p.getProperty("cdoc20.client.ssl.client-store-password");
+
+            clientKeyStore.load(Resources.getResourceAsStream(clientStoreFile),
+                    (passwd != null) ? passwd.toCharArray() : null);
+
+        } else if ("PKCS11".equalsIgnoreCase(type)) {
+            String openScLibPath = loadPkcs11LibPath(p);
+            KeyStore.ProtectionParameter protectionParameter = loadClientKeyStoreProtectionParamater(p);
+
+            // default slot 0 - Isikutuvastus
+            clientKeyStore = Pkcs11Tools.initPKCS11KeysStore(openScLibPath, null, protectionParameter);
+        } else {
+            throw new IllegalArgumentException("cdoc20.client.ssl.client-store.type " + type + " not supported");
+        }
+
+        return clientKeyStore;
+    }
+
+    /**
+     * If "pkcs11-library" property is set in properties or System properties, return value specified.
+     * If both specify a balue then use one from System properties.
+     * @param p properties provided
+     * @return "pkcs11-library" value specified in properties or null if not property not present
+     */
+    private static String loadPkcs11LibPath(Properties p) {
+        // try to load from System Properties (initialized using -D) and from properties file provided.
+        // Give priority to System property
+        return System.getProperty(CDocConfiguration.PKCS11_LIBRARY_PROPERTY,
+                p.getProperty(CDocConfiguration.PKCS11_LIBRARY_PROPERTY, null));
+    }
+
+    /**
+     *
+     * @param p properties to load the key store
+     * @return Keystore loaded based on properties
+     * @throws KeyStoreException if no Provider supports a KeyStoreSpi implementation for the specified type in
+     *      properties file
+     * @throws IOException – if an I/O error occurs,
+     *      if there is an I/O or format problem with the keystore data,
+     *      if a password is required but not given,
+     *      or if the given password was incorrect. If the error is due to a wrong password,
+     *      the cause of the IOException should be an UnrecoverableKeyException
+     * @IOException
+     * @KeyStoreException
+     * @CertificateException – if any of the certificates in the keystore could not be loaded
+     */
+    private static KeyStore loadTrustKeyStore(Properties p) throws KeyStoreException, IOException,
+            CertificateException, NoSuchAlgorithmException {
+        KeyStore trustKeyStore;
+
+        String type = p.getProperty("cdoc20.client.ssl.trust-store.type", "JKS");
+
+        String trustStoreFile = p.getProperty("cdoc20.client.ssl.trust-store");
+        String passwd = p.getProperty("cdoc20.client.ssl.trust-store-password");
+
+        trustKeyStore = KeyStore.getInstance(type);
+        trustKeyStore.load(Resources.getResourceAsStream(trustStoreFile),
+                (passwd != null) ? passwd.toCharArray() : null);
+
+        return trustKeyStore;
+    }
+
+    @Override
+    public String storeCapsule(Capsule capsule) throws ExtApiException {
+        Objects.requireNonNull(postClient);
+
+        String result = null;
+        try {
+            result = postClient.createCapsule(capsule);
+        } catch (Exception e) {
+            log.error("Failed to create capsule", e);
+            handleOpenApiException(e);
+        }
+        return result;
+    }
+
+    @Override
+    public Optional<Capsule> getCapsule(String id) throws ExtApiException {
+        if (getClient == null) {
+            throw new IllegalStateException("get-server client not initialized");
+        }
+
+        Optional<Capsule> result = Optional.empty();
+        try {
+            result = getClient.getCapsule(id);
+        } catch (Exception e) {
+            log.error("Failed to get capsule", e);
+            handleOpenApiException(e);
+        }
+        return result;
+    }
+
+    @Override
+    public String getServerIdentifier() {
+        return serverId;
+    }
+
+    /**
+     * Get first certificate from clientKeyStore if its initialized
+     * @return first certificate from clientKeyStore or null if not found
+     */
+    @Nullable
+    public Certificate getClientCertificate() {
+        return getClientCertificate(null);
+    }
+
+    @Nullable
+    public Certificate getClientCertificate(@Nullable String alias) {
+        if (clientKeyStore != null) {
+            try {
+                if (alias != null) {
+                    return clientKeyStore.getCertificate(alias);
+                } else {
+                    return clientKeyStore.getCertificate(clientKeyStore.aliases().nextElement());
+                }
+            } catch (KeyStoreException e) {
+                log.debug("Error listing certificate aliases", e);
+                return null;
+            }
+        }
+
+        log.debug("clientKeyStore == null: only initialized for #create(Properties)");
+        return null;
+    }
+
+    @Override
+    public KeyCapsuleClient getForId(String serverIdentifier) throws CDocUserException {
+        if (getServerIdentifier().equals(serverIdentifier)) {
+            return this;
+        }
+        log.error("Server configuration for {} requested, but {} provided", serverIdentifier, getServerIdentifier());
+        throw new CDocUserException(
+            UserErrorCode.SERVER_NOT_FOUND,
+            String.format("Server configuration for serverId '%s' not found", serverIdentifier)
+        );
+    }
+
+    private static void handleOpenApiException(Exception exception) throws ExtApiException {
+        // IOException is the base class for all network related exceptions
+        // and openapi client does not operate with files, so we can assume a network error occurred
+        if (exception.getCause() instanceof IOException) {
+            throw new CDocUserException(UserErrorCode.NETWORK_ERROR, exception.getMessage());
+        }
+        throw new ExtApiException(exception.getMessage(), exception);
+    }
+
+    private static Optional<Boolean> getBoolean(Properties p, String name) {
+        return Optional.ofNullable(p.getProperty(name)).map(Boolean::parseBoolean);
+    }
+
+    private static Optional<Integer> getInteger(Properties p, String name) {
+        try {
+            return Optional.ofNullable(p.getProperty(name)).map(Integer::parseInt);
+        } catch (NumberFormatException nfe) {
+            log.warn(
+                "Invalid int value {} for property {}. Ignoring.",
+                p.getProperty(name), name
+            );
+            return Optional.empty();
+        }
+    }
+
+    @Override
+    public boolean equals(Object o) {
+        if (this == o) return true;
+        if (o == null || getClass() != o.getClass()) return false;
+        KeyCapsuleClientImpl that = (KeyCapsuleClientImpl) o;
+        return Objects.equals(serverId, that.serverId)
+                && Objects.equals(postClient, that.postClient)
+                && Objects.equals(getClient, that.getClient)
+                && Objects.equals(clientKeyStore, that.clientKeyStore);
+    }
+
+    @Override
+    public int hashCode() {
+        return Objects.hash(serverId, postClient, getClient, clientKeyStore);
+    }
+}
diff --git a/cdoc20-lib/src/main/java/ee/cyber/cdoc20/client/RsaCapsuleClient.java b/cdoc20-lib/src/main/java/ee/cyber/cdoc20/client/RsaCapsuleClient.java
new file mode 100644
index 00000000..73ab8980
--- /dev/null
+++ b/cdoc20-lib/src/main/java/ee/cyber/cdoc20/client/RsaCapsuleClient.java
@@ -0,0 +1,10 @@
+package ee.cyber.cdoc20.client;
+
+import java.security.interfaces.RSAPublicKey;
+import java.util.Optional;
+
+public interface RsaCapsuleClient extends ServerClient {
+    String storeRsaCapsule(RSAPublicKey recipient, byte[] encryptedKek) throws ExtApiException;
+
+    Optional<byte[]> getEncryptedKek(String transactionId) throws ExtApiException;
+}
diff --git a/cdoc20-lib/src/main/java/ee/cyber/cdoc20/client/RsaCapsuleClientImpl.java b/cdoc20-lib/src/main/java/ee/cyber/cdoc20/client/RsaCapsuleClientImpl.java
new file mode 100644
index 00000000..f5477f4a
--- /dev/null
+++ b/cdoc20-lib/src/main/java/ee/cyber/cdoc20/client/RsaCapsuleClientImpl.java
@@ -0,0 +1,47 @@
+package ee.cyber.cdoc20.client;
+
+import ee.cyber.cdoc20.client.model.Capsule;
+import ee.cyber.cdoc20.crypto.RsaUtils;
+
+import java.security.interfaces.RSAPublicKey;
+import java.util.Optional;
+
+
+public class RsaCapsuleClientImpl implements RsaCapsuleClient {
+    final KeyCapsuleClient keyCapsulesClient;
+
+    public RsaCapsuleClientImpl(KeyCapsuleClient serverClient) {
+        keyCapsulesClient = serverClient;
+    }
+
+    @Override
+    public String storeRsaCapsule(RSAPublicKey recipient, byte[] encryptedKek) throws ExtApiException {
+        Capsule capsule = new Capsule()
+            .capsuleType(Capsule.CapsuleTypeEnum.RSA)
+            .recipientId(RsaUtils.encodeRsaPubKey(recipient))
+            .ephemeralKeyMaterial(encryptedKek);
+
+        return keyCapsulesClient.storeCapsule(capsule);
+    }
+
+    @Override
+    public Optional<byte[]> getEncryptedKek(String transactionId) throws ExtApiException {
+
+        Optional<Capsule> capsuleOpt = keyCapsulesClient.getCapsule(transactionId);
+        if (capsuleOpt.isPresent()) {
+            Capsule capsule = capsuleOpt.get();
+            if (capsule.getCapsuleType() != Capsule.CapsuleTypeEnum.RSA) {
+                throw new ExtApiException("Invalid capsule type " + capsule.getCapsuleType());
+            }
+
+            return Optional.of(capsule.getEphemeralKeyMaterial());
+        }
+
+        return Optional.empty();
+    }
+
+    @Override
+    public String getServerIdentifier() {
+        return keyCapsulesClient.getServerIdentifier();
+    }
+}
diff --git a/cdoc20-lib/src/main/java/ee/cyber/cdoc20/client/ServerClient.java b/cdoc20-lib/src/main/java/ee/cyber/cdoc20/client/ServerClient.java
new file mode 100644
index 00000000..969a2ce0
--- /dev/null
+++ b/cdoc20-lib/src/main/java/ee/cyber/cdoc20/client/ServerClient.java
@@ -0,0 +1,10 @@
+package ee.cyber.cdoc20.client;
+
+public interface ServerClient {
+
+    /**
+     * Get unique server identifier
+     * @return serverId that identifies server that this ServerClient is connected to
+     */
+    String getServerIdentifier();
+}
diff --git a/cdoc20-lib/src/main/java/ee/cyber/cdoc20/client/package-info.java b/cdoc20-lib/src/main/java/ee/cyber/cdoc20/client/package-info.java
new file mode 100644
index 00000000..d60ab9b3
--- /dev/null
+++ b/cdoc20-lib/src/main/java/ee/cyber/cdoc20/client/package-info.java
@@ -0,0 +1,4 @@
+/**
+ * Contains classes to communicate with the Cdoc20 key server
+ */
+package ee.cyber.cdoc20.client;
diff --git a/cdoc20-lib/src/main/java/ee/cyber/cdoc20/container/CDocParseException.java b/cdoc20-lib/src/main/java/ee/cyber/cdoc20/container/CDocParseException.java
new file mode 100644
index 00000000..a12384b7
--- /dev/null
+++ b/cdoc20-lib/src/main/java/ee/cyber/cdoc20/container/CDocParseException.java
@@ -0,0 +1,14 @@
+package ee.cyber.cdoc20.container;
+
+import ee.cyber.cdoc20.CDocException;
+
+public class CDocParseException extends CDocException {
+
+    public CDocParseException(String msg) {
+        super(msg);
+    }
+
+    public CDocParseException(String msg, Throwable cause) {
+        super(msg, cause);
+    }
+}
diff --git a/cdoc20-lib/src/main/java/ee/cyber/cdoc20/container/Envelope.java b/cdoc20-lib/src/main/java/ee/cyber/cdoc20/container/Envelope.java
new file mode 100644
index 00000000..2bfed752
--- /dev/null
+++ b/cdoc20-lib/src/main/java/ee/cyber/cdoc20/container/Envelope.java
@@ -0,0 +1,495 @@
+package ee.cyber.cdoc20.container;
+
+import com.google.flatbuffers.FlatBufferBuilder;
+import ee.cyber.cdoc20.CDocException;
+import ee.cyber.cdoc20.client.ExtApiException;
+import ee.cyber.cdoc20.client.KeyCapsuleClient;
+import ee.cyber.cdoc20.client.KeyCapsuleClientFactory;
+import ee.cyber.cdoc20.container.recipients.Recipient;
+import ee.cyber.cdoc20.container.recipients.RecipientDeserializer;
+import ee.cyber.cdoc20.container.recipients.RecipientFactory;
+import ee.cyber.cdoc20.crypto.ChaChaCipher;
+import ee.cyber.cdoc20.crypto.Crypto;
+import ee.cyber.cdoc20.crypto.DecryptionKeyMaterial;
+import ee.cyber.cdoc20.crypto.EncryptionKeyMaterial;
+import ee.cyber.cdoc20.fbs.header.FMKEncryptionMethod;
+import ee.cyber.cdoc20.fbs.header.Header;
+import ee.cyber.cdoc20.fbs.header.PayloadEncryptionMethod;
+import ee.cyber.cdoc20.fbs.header.RecipientRecord;
+import java.io.ByteArrayOutputStream;
+import java.io.File;
+import java.io.IOException;
+import java.io.InputStream;
+import java.io.OutputStream;
+import java.nio.ByteBuffer;
+import java.nio.ByteOrder;
+import java.nio.charset.StandardCharsets;
+import java.nio.file.Path;
+import java.security.GeneralSecurityException;
+import java.util.Arrays;
+import java.util.HexFormat;
+import java.util.LinkedList;
+import java.util.List;
+import java.util.Objects;
+import javax.annotation.Nullable;
+import javax.crypto.CipherInputStream;
+import javax.crypto.CipherOutputStream;
+import javax.crypto.SecretKey;
+
+import org.apache.commons.compress.utils.CountingInputStream;
+import org.apache.commons.compress.archivers.ArchiveEntry;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+
+public final class Envelope {
+    private static final Logger log = LoggerFactory.getLogger(Envelope.class);
+
+    protected static final byte[] PRELUDE = {'C', 'D', 'O', 'C'};
+    public static final byte VERSION = 0x02;
+    public static final int MIN_HEADER_LEN = 67; //SymmetricKeyCapsule without FBS overhead
+
+    // MIN_HEADER_LEN value:
+    // raw lengths in bytes (without FBS overhead) for  single SymmetricKey recipient:
+
+    // capsule_type: 1
+    // SymmetricKeyCapsule recipient:
+    //   salt: 32
+    // encrypted_fmk: 32 //FMK len
+    // fmk_encryption_method: 1
+    //
+    // per header:
+    // payload_encryption_method: 1
+
+    // see ChaChaCipherTest.findTarZChaChaCipherStreamMin() and TarGzTest.findZlibMinSize
+    public static final int MIN_PAYLOAD_LEN = 45; // cha cha nonce 12 + min zlib compressed tar 17 + Poly1305 MAC 16
+
+    public static final int MAX_HEADER_LEN = 1024 * 1024; //1MB
+
+    /**Minimal valid envelope size in bytes*/
+    public static final int MIN_ENVELOPE_SIZE = PRELUDE.length
+            + Byte.BYTES //version 0x02
+            + Integer.BYTES //header length field
+            + MIN_HEADER_LEN
+            + Crypto.HHK_LEN_BYTES
+            + MIN_PAYLOAD_LEN;
+
+    // payload encryption method
+    private static final byte PAYLOAD_ENC_BYTE = PayloadEncryptionMethod.CHACHA20POLY1305;
+
+    //FMK encryption method
+    public static final byte FMK_ENC_METHOD_BYTE = FMKEncryptionMethod.XOR;
+
+    private final Recipient[] recipients;
+    private final SecretKey hmacKey;
+    private final SecretKey cekKey;
+
+    private Envelope(Recipient[] recipients, byte[] fmk) {
+        this.recipients = recipients;
+        this.hmacKey = Crypto.deriveHeaderHmacKey(fmk);
+        this.cekKey = Crypto.deriveContentEncryptionKey(fmk);
+    }
+
+    /**
+     * Prepare Envelope for encryption. For CDOC single file master key (FMK) is generated. For each recipient FMK is
+     * encrypted with generated key that single recipient can decrypt with their private key.
+     * @param recipients encryption key material either with public key or symmetric key and key label. After
+     *          {@link #prepare(List, KeyCapsuleClient)} has returned, it is safe to call
+     *          {@link EncryptionKeyMaterial#destroy()} to clean up secret key material (it will not be referenced
+     *          anymore).
+     *
+     * @param capsuleClient if capsuleClient is provided then store generated ephemeral key material in the server
+     * @return Envelope that has key material prepared and can be used for
+     *          {@link #encrypt(List, OutputStream) encryption}
+     * @throws GeneralSecurityException
+     * @throws ExtApiException if communication with capsuleClient to store ephemeral key material fails
+     */
+    public static Envelope prepare(List<EncryptionKeyMaterial> recipients, @Nullable KeyCapsuleClient capsuleClient)
+             throws GeneralSecurityException, ExtApiException {
+
+        Objects.requireNonNull(recipients);
+
+        byte[] fmk = Crypto.generateFileMasterKey();
+        return new Envelope(RecipientFactory.buildRecipients(fmk, recipients, capsuleClient), fmk);
+    }
+
+    /**
+     * Read envelope header until HMAC start and return FlatBuffers header
+     * @param envelopeIs input stream that contain CDOC
+     * @return byte array containing FlatBuffers header
+     * @throws IOException if an I/O error has occurred
+     * @throws CDocParseException if a CDOC parsing error has occurred
+     */
+    static byte[] readFBSHeader(InputStream envelopeIs) throws IOException, CDocParseException {
+        if (envelopeIs.available() < MIN_ENVELOPE_SIZE) {
+            throw new CDocParseException("not enough bytes to read, expected min of " + MIN_ENVELOPE_SIZE);
+        }
+
+        if (!Arrays.equals(PRELUDE, envelopeIs.readNBytes(PRELUDE.length))) {
+            throw new CDocParseException("stream is not CDOC");
+        }
+
+        byte version = (byte) envelopeIs.read();
+        if (VERSION != version) {
+            throw new CDocParseException("Unsupported CDOC version " + version);
+        }
+
+        ByteBuffer headerLenBuf = ByteBuffer.wrap(envelopeIs.readNBytes(Integer.BYTES));
+        headerLenBuf.order(ByteOrder.BIG_ENDIAN);
+        int headerLen = headerLenBuf.getInt();
+
+        if ((envelopeIs.available() < headerLen + Crypto.HHK_LEN_BYTES)
+                || (headerLen < MIN_HEADER_LEN) || (headerLen > MAX_HEADER_LEN))  {
+            throw new CDocParseException("invalid CDOC header length: " + headerLen);
+        }
+
+        return envelopeIs.readNBytes(headerLen);
+    }
+
+    /**
+     * Parse header section from CDOC2.
+     * @param envelopeIs InputStream that contains CDOC2 file (envelope)
+     * @return list of recipients parsed from Header
+     * @throws IOException if an I/O error has occurred
+     * @throws CDocParseException if parsing CDOC Envelope has failed
+     * @throws GeneralSecurityException if decoding cryptographic keys from FlatBuffers RecipientRecord has failed
+     */
+    public static List<Recipient> parseHeader(InputStream envelopeIs)
+            throws IOException, CDocParseException, GeneralSecurityException {
+
+        byte[] fbsHeaderBytes = readFBSHeader(envelopeIs);
+        Header header = deserializeFBSHeader(fbsHeaderBytes);
+        return getRecipients(header);
+    }
+
+    private static List<Recipient> getRecipients(Header header) throws CDocParseException, GeneralSecurityException {
+
+        List<Recipient> recipientList = new LinkedList<>();
+        for (int i = 0; i < header.recipientsLength(); i++) {
+            RecipientRecord r = header.recipients(i);
+
+            try {
+                recipientList.add(RecipientDeserializer.deserialize(r));
+            } catch (UnknownFlatBufferTypeException e) { //ignore unknown recipients
+                log.warn("Unknown Capsule type {}. Ignoring.", r.capsuleType());
+            }
+        }
+        return recipientList;
+    }
+
+    /**
+     * Deserialize FlatBuffers header
+     * @param buf buffer containing FlatBuffers header
+     * @return parsed FlatBuffers {@link Header}
+     */
+    static Header deserializeFBSHeader(byte[] buf) {
+        Objects.requireNonNull(buf);
+        ByteBuffer byteBuffer = ByteBuffer.wrap(buf);
+        return Header.getRootAsHeader(byteBuffer);
+    }
+
+    /**Get additional data used to initialize ChaChaCipher AAD*/
+    public static byte[] getAdditionalData(byte[] header, byte[] headerHMAC) {
+        Objects.requireNonNull(header);
+        Objects.requireNonNull(headerHMAC);
+        final byte[] cDoc20Payload = "CDOC20payload".getBytes(StandardCharsets.UTF_8);
+        ByteBuffer bb = ByteBuffer.allocate(cDoc20Payload.length + header.length + headerHMAC.length);
+        bb.put(cDoc20Payload);
+        bb.put(header);
+        bb.put(headerHMAC);
+        return bb.array();
+    }
+
+    /**
+     * Encrypt payloadFiles. Create CDOC2 container and write it to OutputStream.
+     * @param payloadFiles files to be encrypted and added to the container
+     * @param os OutputStream to write CDOC2 container
+     * @throws IOException
+     * @throws GeneralSecurityException
+     */
+    public void encrypt(List<File> payloadFiles, OutputStream os) throws IOException, GeneralSecurityException {
+        log.trace("encrypt");
+        os.write(PRELUDE);
+        os.write(new byte[]{VERSION});
+
+        byte[] headerBytes = serializeHeader();
+
+        ByteBuffer bb = ByteBuffer.allocate(Integer.BYTES);
+        bb.order(ByteOrder.BIG_ENDIAN);
+        bb.putInt(headerBytes.length);
+        byte[] headerLenBytes = bb.array();
+
+        os.write(headerLenBytes);
+        os.write(headerBytes);
+
+        byte[] hmac = Crypto.calcHmacSha256(hmacKey, headerBytes);
+        os.write(hmac);
+        byte[] additionalData = getAdditionalData(headerBytes, hmac);
+        try (CipherOutputStream cipherOutputStream =
+                     ChaChaCipher.initChaChaOutputStream(os, cekKey, additionalData)) {
+
+            Tar.archiveFiles(cipherOutputStream, payloadFiles);
+        }
+    }
+
+    /**
+     * Decrypt CDOC2 container, read from cdocInputStream.
+     * @param cdocInputStream contains CDOC2 container
+     * @param keyMaterial decryption key material
+     * @param extract if true, extract files to outputDir. Otherwise, decrypt and list valid CDOC2 contents
+     *                that can be decrypted
+     * @param outputDir output directory where decrypted files are extracted when extract=true
+     * @param filesToExtract if not null, extract specified files otherwise all files.
+     *                       No effect for list (extract=false)
+     * @param capsulesClientFac configured key servers clients factory.
+     * @return list of files decrypted and written into outputDir, when extract = true
+     *          or list of extractable files found from CDOC2 container when extract = false
+     * @throws GeneralSecurityException if security/crypto error has occurred
+     * @throws IOException if an I/O error has occurred
+     * @throws CDocParseException if cdocInputStream is in invalid format and can not be parsed
+     * @throws ExtApiException if error happened when communicating with key server
+     */
+    private static List<ArchiveEntry> decrypt(InputStream cdocInputStream,
+                                              DecryptionKeyMaterial keyMaterial,
+                                              boolean extract,
+                                              @Nullable Path outputDir,
+                                              @Nullable List<String> filesToExtract,
+                                              @Nullable KeyCapsuleClientFactory capsulesClientFac)
+            throws GeneralSecurityException, IOException, CDocException {
+
+        CountingInputStream countingIs = new CountingInputStream(cdocInputStream);
+        byte[] fbsHeaderBytes = readFBSHeader(countingIs);
+        byte[] hmac = readHmac(countingIs);
+        Header header = deserializeFBSHeader(fbsHeaderBytes);
+        List<Recipient> recipients = getRecipients(header);
+
+        for (Recipient recipient : recipients) {
+            if (recipient.getRecipientId().equals(keyMaterial.getRecipientId())) {
+                byte[] kek = recipient.deriveKek(keyMaterial, capsulesClientFac);
+                byte[] fmk;
+                if (recipient.getFmkEncryptionMethod() == FMK_ENC_METHOD_BYTE) {
+                    fmk = Crypto.xor(kek, recipient.getEncryptedFileMasterKey());
+                } else {
+                    throw new CDocParseException("Unknown FMK encryption method: "
+                            + recipient.getFmkEncryptionMethod());
+                }
+
+                SecretKey hmacKey = Crypto.deriveHeaderHmacKey(fmk);
+                SecretKey cekKey = Crypto.deriveContentEncryptionKey(fmk);
+
+                checkHmac(hmac, fbsHeaderBytes, hmacKey);
+
+                log.debug("Processed {} header bytes", countingIs.getBytesRead());
+                log.debug("payload available (at least) {}", countingIs.available());
+
+                if (header.payloadEncryptionMethod() == PayloadEncryptionMethod.CHACHA20POLY1305) {
+                    byte[] additionalData = getAdditionalData(fbsHeaderBytes, hmac);
+
+                    long headerSize = countingIs.getBytesRead();
+                    List<ArchiveEntry> result = List.of();
+
+                    // lib must not report any exceptions before ChaCha Poly1305 mac is verified. Poly1305 MAC is
+                    // automatically verified, when all bytes were read from CipherInputStream
+                    try (CipherInputStream cis = ChaChaCipher.initChaChaInputStream(countingIs, cekKey, additionalData);
+                         TarDeflate tar = new TarDeflate(cis)) {
+
+                        try {
+                            result = tar.process(outputDir, filesToExtract, extract);
+                        } catch (Exception tarException) {
+                            // read remaining bytes to force Poly1305 MAC check
+                            // only report caught exception after ChaCha stream is drained and MAC checked
+
+                            long processedBytes = countingIs.getBytesRead();
+                            drainStream(cis, null); //may throw IOException, tarException won't be re-thrown
+                            // since exception was thrown from TarDeflate, then created files are deleted by
+                            // TarDeflate::close() when exiting try with resources block
+                            if (countingIs.getBytesRead() - processedBytes > 0) {
+                                log.debug("Decrypted {} unprocessed bytes after \"{}\"",
+                                        countingIs.getBytesRead() - processedBytes, tarException.toString());
+                            }
+                            throw tarException; //no exception from drainStream, re-throw original exception
+                        } finally {
+                            // deflate/tar stream processing is finished, drain any remaining bytes to force
+                            // ChaCha Poly1305 MAC check
+                            long processedBytes = countingIs.getBytesRead();
+                            drainStream(cis, tar::deleteCreatedFiles); //may throw IOException
+
+                            if (countingIs.getBytesRead() - processedBytes > 0) {
+                                log.debug("Decrypted {} unprocessed bytes ",
+                                        countingIs.getBytesRead() - processedBytes);
+                            }
+                        }
+
+                    } finally  {
+                        log.debug("Processed {} bytes from payload (total CDOC2 {}B )",
+                                countingIs.getBytesRead() - headerSize, countingIs.getBytesRead());
+                    }
+                    return result;
+                } else {
+                    throw new CDocParseException("Unknown payload encryption method "
+                            + header.payloadEncryptionMethod());
+                }
+            }
+        }
+
+        log.error("Recipient {} not present in CDOC. Cannot decrypt CDOC.", keyMaterial.getRecipientId());
+        throw new CDocParseException("Recipient " + keyMaterial.getRecipientId() + " not found, cannot decrypt");
+    }
+
+    /**
+     * Read all bytes from Cipher Input Stream
+     * @param cis Cipher Input Stream to drain
+     * @param cleanUpFunc clean up function to run, when IOException happened during draining
+     * @throws IOException if an I/O error has occurred during draining
+     */
+    @SuppressWarnings("checkstyle:EmptyBlock")
+    private static void drainStream(CipherInputStream cis, @Nullable Runnable cleanUpFunc)
+            throws IOException {
+
+        byte ignored[] = new byte[1024];
+        try {
+            while (cis.read(ignored) > 0) { }
+        } catch (IOException drainingException) { // MAC check error is thrown as IOException
+            if (cleanUpFunc != null) {
+                cleanUpFunc.run();
+            }
+            throw drainingException;
+        }
+    }
+
+    /**
+     * Check that hmac read from cdocInputStream and hmac calculated from headerBytes match
+     * @param hmac read from CDOC
+     * @param headerBytes header bytes
+     * @param hmacKey header HMAC key, derived from FMK
+     * @throws GeneralSecurityException  if security/crypto error has occurred
+     * @throws CDocParseException if calculated HMAC does not match with HMAC in header
+     */
+    private static void checkHmac(byte[] hmac, byte[] headerBytes, SecretKey hmacKey)
+            throws GeneralSecurityException, CDocParseException {
+
+        Objects.requireNonNull(hmac);
+        Objects.requireNonNull(headerBytes);
+
+        byte[] calculatedHmac = Crypto.calcHmacSha256(hmacKey, headerBytes);
+
+        if (!Arrays.equals(calculatedHmac, hmac)) {
+            if (log.isDebugEnabled()) {
+                log.debug("calc hmac: {}", HexFormat.of().formatHex(calculatedHmac));
+                log.debug("file hmac: {}", HexFormat.of().formatHex(hmac));
+            }
+            throw new CDocParseException("Invalid hmac");
+        }
+    }
+
+    private static byte[] readHmac(InputStream cdocInputStream) throws IOException, CDocParseException {
+        if (cdocInputStream.available() > Crypto.HHK_LEN_BYTES) {
+            return cdocInputStream.readNBytes(Crypto.HHK_LEN_BYTES);
+        } else {
+            throw new CDocParseException("No hmac");
+        }
+    }
+
+    /**
+     * Decrypt CDOC2 container, read from cdocInputStream.
+     * @param cdocInputStream contains CDOC2 container
+     * @param recipientKeyMaterial decryption key material
+     * @param outputDir output directory where decrypted files are decrypted
+     * @param keyServerClientFac configured key servers clients factory.
+     * @return list of files decrypted and written into outputDir
+     * @throws GeneralSecurityException if security/crypto error has occurred
+     * @throws IOException if an I/O error has occurred
+     * @throws CDocParseException if cdocInputStream is invalid format
+     * @throws ExtApiException if error happened when communicating with key server
+     */
+    public static List<String> decrypt(InputStream cdocInputStream, DecryptionKeyMaterial recipientKeyMaterial,
+                                       Path outputDir, @Nullable KeyCapsuleClientFactory keyServerClientFac)
+            throws GeneralSecurityException, IOException, CDocException {
+        return decrypt(cdocInputStream, recipientKeyMaterial, true, outputDir, null,
+                keyServerClientFac).stream()
+                    .map(ArchiveEntry::getName)
+                    .toList();
+    }
+
+    /**
+     * Decrypt CDOC2 container, read from cdocInputStream.
+     * @param cdocInputStream contains CDOC2 container
+     * @param recipientKeyMaterial decryption key material
+     * @param outputDir output directory where decrypted files are decrypted
+     * @param filesToExtract if not null, extract specified files otherwise all files.
+     * @param keyServerClientFac configured key servers clients factory.
+     * @return list of files decrypted and written into outputDir
+     * @throws GeneralSecurityException if security/crypto error has occurred
+     * @throws IOException if an I/O error has occurred
+     * @throws CDocParseException if cdocInputStream is invalid format
+     * @throws ExtApiException if error happened when communicating with key server
+     */
+    public static List<String> decrypt(InputStream cdocInputStream, DecryptionKeyMaterial recipientKeyMaterial,
+                                       Path outputDir, @Nullable List<String> filesToExtract,
+                                       @Nullable KeyCapsuleClientFactory keyServerClientFac)
+            throws GeneralSecurityException, IOException, CDocException {
+
+        return decrypt(cdocInputStream, recipientKeyMaterial, true, outputDir, filesToExtract, keyServerClientFac)
+                .stream()
+                .map(ArchiveEntry::getName)
+                .toList();
+    }
+
+    public static List<ArchiveEntry> list(InputStream cdocInputStream, DecryptionKeyMaterial recipientKeyMaterial,
+                                          @Nullable KeyCapsuleClientFactory keyServerClientFac)
+            throws GeneralSecurityException, IOException, CDocException {
+        return decrypt(cdocInputStream, recipientKeyMaterial, false, null, null, keyServerClientFac);
+    }
+
+    byte[] serializeHeader() {
+        return serializeHeader(this.recipients);
+    }
+
+    static byte[] serializeHeader(Recipient[] recipients) {
+        Objects.requireNonNull(recipients);
+        ByteArrayOutputStream os = new ByteArrayOutputStream();
+        FlatBufferBuilder builder = new FlatBufferBuilder(1024);
+        int[] recipientOffsets = new int[recipients.length];
+
+        for (int i = 0; i < recipients.length; i++) {
+            recipientOffsets[i] = recipients[i].serialize(builder);
+        }
+
+        int recipientsVector = Header.createRecipientsVector(builder, recipientOffsets);
+
+        Header.startHeader(builder);
+        Header.addRecipients(builder, recipientsVector);
+        Header.addPayloadEncryptionMethod(builder, PAYLOAD_ENC_BYTE);
+        int headerOffset = Header.endHeader(builder);
+        Header.finishHeaderBuffer(builder, headerOffset);
+
+        ByteBuffer buf = builder.dataBuffer();
+        int bufLen = buf.limit() - buf.position();
+        if (bufLen > MAX_HEADER_LEN) {
+            log.error("Header serialization failed. Header len {} exceeds MAX_HEADER_LEN {}", bufLen, MAX_HEADER_LEN);
+            throw new IllegalStateException("Header serialization failed. Header length " + bufLen
+                    + " exceeds max header length " + MAX_HEADER_LEN);
+        }
+        os.write(buf.array(), buf.position(), bufLen);
+        return os.toByteArray();
+    }
+
+    @Override
+    public boolean equals(Object o) {
+        if (this == o) return true;
+        if (o == null || getClass() != o.getClass()) return false;
+        Envelope envelope = (Envelope) o;
+        return Arrays.equals(recipients, envelope.recipients)
+                && Objects.equals(hmacKey, envelope.hmacKey)
+                && Objects.equals(cekKey, envelope.cekKey);
+    }
+
+    @Override
+    public int hashCode() {
+        int result = Objects.hash(hmacKey, cekKey);
+        result = 31 * result + Arrays.hashCode(recipients);
+        return result;
+    }
+
+
+}
diff --git a/cdoc20-lib/src/main/java/ee/cyber/cdoc20/container/FileNameValidator.java b/cdoc20-lib/src/main/java/ee/cyber/cdoc20/container/FileNameValidator.java
new file mode 100644
index 00000000..16de917e
--- /dev/null
+++ b/cdoc20-lib/src/main/java/ee/cyber/cdoc20/container/FileNameValidator.java
@@ -0,0 +1,65 @@
+package ee.cyber.cdoc20.container;
+
+import java.nio.file.InvalidPathException;
+import java.util.regex.Pattern;
+
+/**
+ * Validator for allowed file names in Tar archives
+ */
+public final class FileNameValidator {
+
+    private static final Pattern WIN_RESERVED_NAMES = Pattern.compile(
+        "^(CON|PRN|AUX|NUL|(COM|LPT)[1-9])$",
+        Pattern.CASE_INSENSITIVE
+    );
+    private static final Pattern WIN_RESERVED_SYMBOLS = Pattern.compile("[<>:\"/\\\\|?*]");
+
+    private static final Pattern MASQUERADING_CHARACTERS = Pattern.compile("[\u202E]");
+
+    private FileNameValidator() {
+        // utility class
+    }
+
+    /**
+     * Validates the filename for use in Tar file entries
+     *
+     * @param baseName the basename (filename without directory path)
+     * @return the provided filename
+     * @throws InvalidPathException if the filename is not valid
+     */
+    public static String validate(String baseName) {
+        if (baseName == null || baseName.isEmpty()) {
+            throw new InvalidPathException(baseName, "Filename cannot be empty.");
+        }
+
+        String errorMessage = null;
+
+        if (baseName.endsWith(" ") || baseName.endsWith(".")) {
+            errorMessage = "Filename cannot end with a space or period.";
+        } else if (baseName.startsWith(" ")) {
+            errorMessage = "Filename cannot start with a space.";
+        } else if (baseName.startsWith("-")) {
+            errorMessage = "Filename cannot start with a hyphen.";
+        } else if (WIN_RESERVED_SYMBOLS.matcher(baseName).find()) {
+            errorMessage = "Filename cannot contain reserved symbols.";
+        } else if (WIN_RESERVED_NAMES.matcher(baseName).find()) {
+            errorMessage = "Filename cannot be a reserved name.";
+        } else if (MASQUERADING_CHARACTERS.matcher(baseName).find()) {
+            errorMessage = "Filename cannot contain masquerading characters.";
+        }
+
+
+            // check for control characters
+        for (char c: baseName.toCharArray()) {
+            if (Character.getType(c) == Character.CONTROL) {
+                errorMessage = "Filename cannot contain control symbols.";
+                break;
+            }
+        }
+
+        if (errorMessage != null) {
+            throw new InvalidPathException(baseName, errorMessage);
+        }
+        return baseName;
+    }
+}
diff --git a/cdoc20-lib/src/main/java/ee/cyber/cdoc20/container/Tar.java b/cdoc20-lib/src/main/java/ee/cyber/cdoc20/container/Tar.java
new file mode 100644
index 00000000..ef2c16c7
--- /dev/null
+++ b/cdoc20-lib/src/main/java/ee/cyber/cdoc20/container/Tar.java
@@ -0,0 +1,189 @@
+package ee.cyber.cdoc20.container;
+
+import org.apache.commons.compress.archivers.tar.TarArchiveEntry;
+import org.apache.commons.compress.archivers.tar.TarArchiveInputStream;
+import org.apache.commons.compress.archivers.tar.TarArchiveOutputStream;
+import org.apache.commons.compress.compressors.deflate.DeflateCompressorOutputStream; //zlib
+import org.apache.commons.compress.compressors.deflate.DeflateCompressorInputStream;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import java.io.*;
+import java.nio.charset.StandardCharsets;
+import java.nio.file.Files;
+import java.nio.file.Path;
+import java.util.Collections;
+import java.util.LinkedList;
+import java.util.List;
+import java.util.function.Function;
+
+import static ee.cyber.cdoc20.CDocConfiguration.DISK_USAGE_THRESHOLD_PROPERTY;
+import static ee.cyber.cdoc20.CDocConfiguration.GZIP_COMPRESSION_THRESHOLD_PROPERTY;
+import static ee.cyber.cdoc20.CDocConfiguration.TAR_ENTRIES_THRESHOLD_PROPERTY;
+
+/**
+ * Utility class for dealing with tar zlib (deflate) stream/files. Only supports regular files
+ * (no directories/special files) inside the tar.
+ */
+public final class Tar {
+
+    private static final Logger log = LoggerFactory.getLogger(Tar.class);
+
+    public static final int DEFAULT_BUFFER_SIZE  = 8192;
+
+    // gzip compression ratio threshold, normally less than 3, consider over 10 as zip bomb
+    public static final double DEFAULT_COMPRESSION_RATIO_THRESHOLD = 10;
+
+    // disk space available percentage allowed
+    public static final double DEFAULT_DISK_USED_PERCENTAGE_THRESHOLD = 98;
+
+    public static final int DEFAULT_TAR_ENTRIES_THRESHOLD = 1000;
+
+    private Tar() {
+    }
+
+
+
+    static void addFileToTar(TarArchiveOutputStream outputStream, Path file, String entryName) throws IOException {
+
+        log.debug("Adding file {} as {}", file.toAbsolutePath(), entryName);
+        if (Files.isRegularFile(file)) {
+            TarArchiveEntry tarArchiveEntry = (TarArchiveEntry) outputStream.createArchiveEntry(file.toFile(),
+                    entryName);
+
+            outputStream.putArchiveEntry(tarArchiveEntry);
+            try (InputStream input = new BufferedInputStream(Files.newInputStream(file))) {
+                long written = input.transferTo(outputStream);
+                log.debug("Added {}B", written);
+            }
+        } else {
+            throw new IOException("Not a file: " + file);
+        }
+        outputStream.closeArchiveEntry();
+    }
+
+    /**
+     * Create tar archive of files and compress that with zlib.
+     * @param dest Compressed tar is written to dest
+     * @param files to archive
+     * @throws IOException
+     */
+    public static void archiveFiles(OutputStream dest, Iterable<File> files) throws IOException {
+
+        List<String> baseNameList = new LinkedList<>();
+        files.forEach(f -> baseNameList.add(FileNameValidator.validate(f.getName())));
+        List<String> distinctList = baseNameList.stream().distinct().toList();
+        if (baseNameList.size() != distinctList.size()) {
+            List<String> duplicates = baseNameList.stream()
+                .filter(str -> Collections.frequency(baseNameList, str) > 1)
+                .toList();
+
+            List<File> duplicateFiles = new LinkedList<>();
+            files.forEach(f -> {
+                if (duplicates.contains(f.getName())) {
+                    duplicateFiles.add(f);
+                }
+            });
+
+            throw new IllegalArgumentException("Files with same basename not supported: " + duplicateFiles);
+        }
+
+        try (TarArchiveOutputStream tos = createPosixTarZArchiveOutputStream(dest)) {
+            for (File file : files) {
+                addFileToTar(tos, file.toPath(), file.getName());
+            }
+        }
+    }
+
+    /**
+     * Create a compressed (zlib) archive with single entry.
+     * @param dest destination stream where created archive will be written
+     * @param inputStream data added to archive
+     * @param tarEntryName entry name (file name) for data
+     * @throws IOException if an I/O error has occurred
+     */
+    public static void archiveData(OutputStream dest, InputStream inputStream, String tarEntryName) throws IOException {
+        try (TarArchiveOutputStream tarOs = createPosixTarZArchiveOutputStream(dest)) {
+
+            TarArchiveEntry tarEntry = new TarArchiveEntry(tarEntryName);
+            //log.debug("adding {}B", inputStream.available());
+            tarEntry.setSize(inputStream.available());
+            tarOs.putArchiveEntry(tarEntry);
+
+            long written = inputStream.transferTo(tarOs);
+            //log.debug("Wrote {}B", written);
+            tarOs.closeArchiveEntry();
+        }
+    }
+
+    /**
+     * Create zlib/deflate compressed POSIX compliant TarArchiveOutputStream with UTF-8 filenames and POSIX long
+     * filename and POSIX big file sizes (over 8GB) extensions enabled.
+     */
+    static TarArchiveOutputStream createPosixTarZArchiveOutputStream(OutputStream dest) throws IOException {
+        TarArchiveOutputStream tarZOs = new TarArchiveOutputStream(new DeflateCompressorOutputStream(
+                new BufferedOutputStream(dest)), StandardCharsets.UTF_8.name());
+        tarZOs.setAddPaxHeadersForNonAsciiNames(true);
+        tarZOs.setLongFileMode(TarArchiveOutputStream.LONGFILE_POSIX);
+        tarZOs.setBigNumberMode(TarArchiveOutputStream.BIGNUMBER_POSIX);
+        return tarZOs;
+    }
+
+    /**
+     * Extract single file into outputStream
+     * @param tarGZipInputStream GZipped and tarred input stream that is scanned for tarEntryName
+     * @param outputStream OutputStream to write tarEntry contents
+     * @param tarEntryName file to extract
+     * @return bytes written to outputStream or -1 if tarEntryName was not found from tarGZip
+     * @throws IOException if an I/O error has occurred
+     */
+    public static long extractTarEntry(InputStream tarGZipInputStream, OutputStream outputStream, String tarEntryName)
+            throws IOException {
+
+        try (TarArchiveInputStream tarInputStream = new TarArchiveInputStream(new DeflateCompressorInputStream(
+                new BufferedInputStream(tarGZipInputStream)))) {
+            TarArchiveEntry tarArchiveEntry;
+            while ((tarArchiveEntry = tarInputStream.getNextTarEntry()) != null) {
+                if (tarArchiveEntry.isFile() && tarEntryName.equals(tarArchiveEntry.getName())) {
+                    log.debug("Found: {} {}B", tarArchiveEntry.getName(), tarArchiveEntry.getSize());
+                    long written = tarInputStream.transferTo(outputStream);
+                    log.debug("Copied {}B", written);
+                    return written;
+                }
+            }
+        }
+
+        log.info("not found {}", tarEntryName);
+        return -1L;
+    }
+
+    public static double getDiskUsedPercentageThreshold() {
+        return getNumberPropertyValue(DISK_USAGE_THRESHOLD_PROPERTY, DEFAULT_DISK_USED_PERCENTAGE_THRESHOLD,
+                Double::valueOf);
+    }
+
+    public static int getTarEntriesThresholdThreshold() {
+        return getNumberPropertyValue(TAR_ENTRIES_THRESHOLD_PROPERTY, DEFAULT_TAR_ENTRIES_THRESHOLD, Integer::valueOf);
+    }
+
+    public static double getCompressionRatioThreshold() {
+        return getNumberPropertyValue(GZIP_COMPRESSION_THRESHOLD_PROPERTY,
+                DEFAULT_COMPRESSION_RATIO_THRESHOLD, Double::valueOf);
+    }
+
+    private static <N extends Number> N getNumberPropertyValue(String propertyName, N defaultValue,
+                                                               Function<String, N> strToNumFunc) {
+        N value = defaultValue;
+        if (System.getProperties().containsKey(propertyName)) {
+            String propertyValueStr = System.getProperty(propertyName);
+            try {
+                value = strToNumFunc.apply(propertyValueStr);
+            } catch (NumberFormatException nfe) {
+                log.warn("Invalid value {} for {}. Using default {}",
+                        propertyValueStr, propertyName, defaultValue);
+            }
+        }
+        return value;
+    }
+
+}
diff --git a/cdoc20-lib/src/main/java/ee/cyber/cdoc20/container/TarDeflate.java b/cdoc20-lib/src/main/java/ee/cyber/cdoc20/container/TarDeflate.java
new file mode 100644
index 00000000..a21994c6
--- /dev/null
+++ b/cdoc20-lib/src/main/java/ee/cyber/cdoc20/container/TarDeflate.java
@@ -0,0 +1,305 @@
+package ee.cyber.cdoc20.container;
+
+import ee.cyber.cdoc20.CDocConfiguration;
+import org.apache.commons.compress.archivers.ArchiveEntry;
+import org.apache.commons.compress.archivers.tar.TarArchiveEntry;
+import org.apache.commons.compress.archivers.tar.TarArchiveInputStream;
+import org.apache.commons.compress.compressors.deflate.DeflateCompressorInputStream;
+import org.apache.commons.compress.utils.InputStreamStatistics;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import javax.annotation.Nullable;
+import java.io.BufferedInputStream;
+import java.io.File;
+import java.io.IOException;
+import java.io.InputStream;
+import java.io.OutputStream;
+import java.nio.file.FileAlreadyExistsException;
+import java.nio.file.Files;
+import java.nio.file.Path;
+import java.util.LinkedList;
+import java.util.List;
+
+/**
+ * AutoCloseable tarDeflate stream extractor. If any exception is thrown
+ * during processing {@link #process(Path, List, boolean)}, then close() deletes extracted files.
+ */
+public class TarDeflate implements AutoCloseable {
+    private static final Logger log = LoggerFactory.getLogger(TarDeflate.class);
+
+    private DeflateCompressorInputStream zLibIs;
+    private TarArchiveInputStream tarIs;
+
+    private List<File> createdFiles = new LinkedList<>();
+    private Exception exception;
+
+    /**
+     *
+     * @param tarDeflateIs tar compressed with deflate
+     */
+    public TarDeflate(InputStream tarDeflateIs) {
+        zLibIs = new DeflateCompressorInputStream(new BufferedInputStream(tarDeflateIs));
+        tarIs = new TarArchiveInputStream(zLibIs);
+    }
+
+    public List<ArchiveEntry> extractToDir(Path outputDir) throws IOException {
+        return process(outputDir, null, true);
+    }
+
+    /**
+     * Process deflate/zlib compressed tar stream.
+     * @param outputDir output directory where files are extracted when extract=true
+     * @param filesToExtract extract specified files otherwise (filesToExtract=null) all files.
+     *                       No effect for files not present in the container.
+     *                       No effect for list (extract=false)
+     * @param extract if true, copy extracted files to outputDir. Otherwise, list entries found from the stream
+     * @return List<ArchiveEntry> list of TarArchiveEntry processed from stream (ignored entries are not
+     *      returned)
+     */
+    public List<ArchiveEntry> process(@Nullable Path outputDir, @Nullable List<String> filesToExtract, boolean extract)
+            throws IOException {
+
+        try {
+            return doProcess(outputDir, filesToExtract, extract);
+        } catch (Exception ex) {
+            exception = ex;
+            throw ex;
+        }
+    }
+
+    /**
+     * Process tar/deflate stream. Close tarDeflateIs when stream is processed or exception is thrown. If process result
+     * an exception and files were extracted to output directory, then those files are deleted automatically.
+     * @param tarDeflateIs InputStream to process
+     * @param outputDir output directory where files are extracted when extract=true
+     * @param filesToExtract extract specified files otherwise (filesToExtract=null) all files.
+     *                       No effect for files not present in the container.
+     *                       No effect for list (extract=false)
+     * @param extract if true, copy extracted files to outputDir. Otherwise, list entries found from the stream
+     * @return List<ArchiveEntry> list of TarArchiveEntry processed from stream (ignored entries are not
+     *      returned)
+     * @throws IOException if an I/O error has occurred
+     */
+    public static List<ArchiveEntry> process(InputStream tarDeflateIs,
+                   @Nullable Path outputDir, @Nullable List<String> filesToExtract, boolean extract)
+            throws IOException {
+
+        try (TarDeflate tar = new TarDeflate(tarDeflateIs)) {
+            return tar.process(outputDir, filesToExtract, extract);
+        }
+    }
+
+    /**
+     * Process tar/deflate stream. Close tarDeflateIs when stream is processed or exception is thrown.
+     * @param tarDeflateStream InputStream to process
+     * @return list of file names found from the tarDeflateStream
+     * @throws IOException if an I/O error has occurred
+     */
+    public static List<String> listFiles(InputStream tarDeflateStream) throws IOException {
+        return process(tarDeflateStream, null, null, false).stream()
+                .map(ArchiveEntry::getName)
+                .toList();
+    }
+
+    /**
+     * Return Path from tarArchiveEntry under outputDir. Checks for different zip/tar file attacks.
+     * @param outputDir output directory where files are extracted
+     * @param tarArchiveEntry TarArchiveEntry read from TarArchiveInputStream and currently under processing
+     * @param createFile whether to create path returned
+     * @return Path, if outputDir and tarArchiveEntry are valid
+     * @throws IOException if path cannot be created from tarArchiveEntry under outputDir
+     */
+    private static Path pathFromTarEntry(Path outputDir, TarArchiveEntry tarArchiveEntry, boolean createFile)
+            throws IOException {
+
+        if (tarArchiveEntry.getName() == null) {
+            throw new IOException("Invalid tarEntry without name");
+        }
+
+        Path tarPath = Path.of(FileNameValidator.validate(tarArchiveEntry.getName()));
+        if (null != tarPath.getParent()) {
+            log.debug("Entries with directories are not supported {}", tarArchiveEntry.getName());
+            throw new IOException("Entries with directories are not supported ("
+                    + tarArchiveEntry.getName() + ")");
+        }
+
+        Path absOutDir = outputDir.normalize().toAbsolutePath();
+
+        Path newPath = Path.of(absOutDir.toString()).resolve(tarPath.getFileName()).normalize();
+        if (!newPath.startsWith(absOutDir)) {
+            throw new IOException(tarArchiveEntry.getName() + " creates file outside of " + absOutDir);
+        }
+
+        if (!CDocConfiguration.isOverWriteAllowed() && Files.exists(newPath)) {
+            log.info("File {} already exists.", newPath.toAbsolutePath());
+            throw new FileAlreadyExistsException(newPath.toAbsolutePath().toString());
+        }
+
+        if (createFile && !Files.exists(newPath)) {
+            boolean created = newPath.toFile().createNewFile();
+            if (!created) {
+                log.warn("Failed to create {}", newPath);
+            }
+        }
+
+        return newPath;
+    }
+
+    /**
+     * Copy contents of tar entry to file
+     * @param destPath Path where tar entry contents are saved
+     * @param tarInputStream tar InputStream to process
+     * @param tarArchiveEntry TarArchiveEntry read from TarArchiveInputStream and currently under processing
+     * @param gZipStatistics InputStreamStatistics from deflate stream
+     * @return File size created
+     * @throws IOException if an I/O error has occurred
+     */
+    private static long copyTarEntryToFile(Path destPath, TarArchiveInputStream tarInputStream,
+                                   TarArchiveEntry tarArchiveEntry, InputStreamStatistics gZipStatistics)
+            throws IOException {
+
+        double diskUsageThreshold = Tar.getDiskUsedPercentageThreshold();
+        long written = 0;
+        // truncate and overwrite an existing file, or create the file if
+        // it doesn't initially exist
+        try (OutputStream out = Files.newOutputStream(destPath)) {
+            byte[] buffer = new byte[Tar.DEFAULT_BUFFER_SIZE];
+            int read;
+            while ((read = tarInputStream.read(buffer, 0, Tar.DEFAULT_BUFFER_SIZE)) >= 0) {
+
+                double usedPercentage = (double)destPath.toFile().getUsableSpace()
+                        / (double)destPath.toFile().getTotalSpace() * 100;
+
+                if (usedPercentage >= diskUsageThreshold) {
+                    String err = String.format("More than  %.2f%% disk space used. Aborting", diskUsageThreshold);
+                    log.error(err);
+                    throw new IllegalStateException(err);
+                }
+
+                out.write(buffer, 0, read);
+                written += read;
+
+                double compressionRatioThreshold = Tar.getCompressionRatioThreshold();
+                double compressionRatio = (double)gZipStatistics.getUncompressedCount()
+                        / (double)gZipStatistics.getCompressedCount();
+                if (compressionRatio > compressionRatioThreshold) {
+                    log.debug("Compression ratio for {} is {}", tarArchiveEntry.getName(), compressionRatio);
+                    // ratio between compressed and uncompressed data is highly suspicious, looks like a Zip Bomb Attack
+                    throw new IllegalStateException("Gzip compression ratio " + compressionRatio + " is over "
+                            + compressionRatioThreshold);
+                }
+            }
+        }
+
+        log.debug("Created {} {}B", destPath, written);
+        return written;
+    }
+
+    /**
+     * Process tar deflate input stream and find entries in it. If extract is true, then files found from inputStream
+     * are copied to outputDir.
+     * @param outputDir output directory where files are extracted when extract=true
+     * @param filesToExtract extract specified files otherwise (filesToExtract=null) all files.
+     *                       No effect for files not present in the container.
+     *                       No effect for list (extract=false)
+     * @param extract if true, extract files to outputDir. Otherwise, list TarArchiveEntries
+     * @return List<ArchiveEntry> list of TarArchiveEntry processed in tarGZipInputStream (ignored entries are not
+     *      returned)
+     * @throws IOException if an I/O error has occurred
+     */
+    private List<ArchiveEntry> doProcess(@Nullable Path outputDir, @Nullable List<String> filesToExtract,
+                                         boolean extract) throws IOException {
+
+        if (extract && (!Files.isDirectory(outputDir) || !Files.isWritable(outputDir))) {
+            throw new IOException("Not directory or not writeable " + outputDir);
+        }
+
+        if (extract) {
+            log.info("Extracting to {}", outputDir.normalize());
+        }
+
+        List<ArchiveEntry> extractedArchiveEntries = new LinkedList<>();
+
+        int tarEntriesThreshold = Tar.getTarEntriesThresholdThreshold();
+        TarArchiveEntry tarArchiveEntry;
+        while ((tarArchiveEntry = tarIs.getNextTarEntry()) != null) {
+
+            if (tarArchiveEntry.isFile()) {
+                log.debug("Found: {} {}B", tarArchiveEntry.getName(), tarArchiveEntry.getSize());
+                //extract
+                if (extract && ((filesToExtract == null) || filesToExtract.contains(tarArchiveEntry.getName()))) {
+
+                    Path destPath = pathFromTarEntry(outputDir, tarArchiveEntry, true);
+                    createdFiles.add(destPath.toFile());
+                    copyTarEntryToFile(destPath, tarIs, tarArchiveEntry, zLibIs);
+
+                    extractedArchiveEntries.add(tarArchiveEntry);
+                    if (extractedArchiveEntries.size() > tarEntriesThreshold) {
+                        log.error("Tar entries threshold ({}) exceeded.", tarEntriesThreshold);
+                        throw new IllegalStateException("Tar entries threshold exceeded. Aborting.");
+                    }
+                } else { //list
+                    extractedArchiveEntries.add(tarArchiveEntry);
+                }
+            } else {
+                log.error("tar contained non-regular file {}", tarArchiveEntry.getName());
+                throw new IOException("Tar entry with illegal type found");
+            }
+        }
+
+        log.debug("Uncompressed {}B from {}B (compressed)",
+                zLibIs.getUncompressedCount(), zLibIs.getCompressedCount());
+
+        // TarArchive processing is finished after first zero block is encountered. Adding additional data after that
+        // block makes possible to "hide" additional data after tar archive. This may be attempt to disable
+        // MAC checking as not all data won't be processed. Suspicious.
+        if (zLibIs.available() > 0) {
+            log.warn("Unexpected data after tar {}B.", zLibIs.available());
+            throw new IOException("Unexpected data after tar");
+        }
+
+        return extractedArchiveEntries;
+    }
+
+    /**
+     * Delete files created during process()
+     * @param filesToDelete
+     */
+    private static void deleteFiles(List<File> filesToDelete) {
+        log.debug("Deleting {}", filesToDelete);
+        for (File f: filesToDelete) {
+            try {
+                Files.deleteIfExists(f.toPath());
+            } catch (IOException e) {
+                log.error("Error deleting file {}", f.getAbsolutePath());
+            }
+        }
+    }
+
+    /**
+     * Force deletion of extracted files created during process()
+     */
+    public void deleteCreatedFiles() {
+        log.debug("deleteCreatedFiles()");
+        deleteFiles(createdFiles);
+    }
+
+    /**
+     * If there was exception during processing and files were extracted from tar deflate stream, then deletes files
+     * extracted from tar deflate stream
+     * @throws IOException if an I/O error occurs.
+     */
+    @Override
+    public void close() throws IOException {
+        if (log.isDebugEnabled()) {
+            String exStr = (exception == null) ? "" : "exception \"" + exception + "\", ";
+            log.debug("TarDeflate::close() {} created files: {}", exStr, createdFiles.size());
+        }
+        if ((exception != null) && !createdFiles.isEmpty()) {
+            deleteFiles(createdFiles);
+        }
+        tarIs.close();
+        zLibIs.close();
+    }
+}
diff --git a/cdoc20-lib/src/main/java/ee/cyber/cdoc20/container/UnknownFlatBufferTypeException.java b/cdoc20-lib/src/main/java/ee/cyber/cdoc20/container/UnknownFlatBufferTypeException.java
new file mode 100644
index 00000000..03ba4763
--- /dev/null
+++ b/cdoc20-lib/src/main/java/ee/cyber/cdoc20/container/UnknownFlatBufferTypeException.java
@@ -0,0 +1,10 @@
+package ee.cyber.cdoc20.container;
+
+/**
+ * Thrown to indicate that FlatBuffer contains a record type that the current version of cdoc-lib cannot handle
+ */
+public class UnknownFlatBufferTypeException extends CDocParseException {
+    public UnknownFlatBufferTypeException(String msg) {
+        super(msg);
+    }
+}
diff --git a/cdoc20-lib/src/main/java/ee/cyber/cdoc20/container/recipients/EccPubKeyRecipient.java b/cdoc20-lib/src/main/java/ee/cyber/cdoc20/container/recipients/EccPubKeyRecipient.java
new file mode 100644
index 00000000..cad9ccfd
--- /dev/null
+++ b/cdoc20-lib/src/main/java/ee/cyber/cdoc20/container/recipients/EccPubKeyRecipient.java
@@ -0,0 +1,64 @@
+package ee.cyber.cdoc20.container.recipients;
+
+import com.google.flatbuffers.FlatBufferBuilder;
+import ee.cyber.cdoc20.client.KeyCapsuleClientFactory;
+import ee.cyber.cdoc20.crypto.DecryptionKeyMaterial;
+import ee.cyber.cdoc20.crypto.ECKeys;
+import ee.cyber.cdoc20.crypto.EllipticCurve;
+import ee.cyber.cdoc20.crypto.KekTools;
+import ee.cyber.cdoc20.fbs.recipients.ECCPublicKeyCapsule;
+import java.security.GeneralSecurityException;
+import java.security.interfaces.ECPublicKey;
+import java.util.Objects;
+
+/**
+ * ECC recipient using ECCPublicKey. POJO of
+ * {@link ECCPublicKeyCapsule recipients.ECCPublicKeyCapsule} in CDOC header.
+ */
+public class EccPubKeyRecipient extends EccRecipient {
+
+    private final ECPublicKey senderPubKey;
+
+    public EccPubKeyRecipient(EllipticCurve eccCurve, ECPublicKey recipient, ECPublicKey sender,
+                              byte[] encFmk, String recipientLabel) {
+        super(eccCurve, recipient, recipientLabel, encFmk);
+        this.senderPubKey = sender;
+    }
+
+    public ECPublicKey getSenderPubKey() {
+        return senderPubKey;
+    }
+
+    /**
+     * Recipient ECC public key in TLS 1.3 format (specified in RFC 8446) in bytes
+     */
+    public byte[] getSenderPubKeyTlsEncoded() {
+        return ECKeys.encodeEcPubKeyForTls(this.ellipticCurve, this.senderPubKey);
+    }
+
+    @Override
+    public boolean equals(Object o) {
+        if (this == o) return true;
+        if (o == null || getClass() != o.getClass()) return false;
+        if (!super.equals(o)) return false;
+        EccPubKeyRecipient that = (EccPubKeyRecipient) o;
+        return senderPubKey.equals(that.senderPubKey);
+    }
+
+    @Override
+    public int hashCode() {
+        return Objects.hash(super.hashCode(), senderPubKey);
+    }
+
+    @Override
+    public byte[] deriveKek(DecryptionKeyMaterial keyMaterial, KeyCapsuleClientFactory factory)
+            throws GeneralSecurityException {
+
+        return KekTools.deriveKekForEcc(this, keyMaterial);
+    }
+
+    @Override
+    public int serialize(FlatBufferBuilder builder) {
+        return RecipientSerializer.serialize(this, builder);
+    }
+}
diff --git a/cdoc20-lib/src/main/java/ee/cyber/cdoc20/container/recipients/EccRecipient.java b/cdoc20-lib/src/main/java/ee/cyber/cdoc20/container/recipients/EccRecipient.java
new file mode 100644
index 00000000..249c6c2c
--- /dev/null
+++ b/cdoc20-lib/src/main/java/ee/cyber/cdoc20/container/recipients/EccRecipient.java
@@ -0,0 +1,62 @@
+package ee.cyber.cdoc20.container.recipients;
+
+import ee.cyber.cdoc20.crypto.ECKeys;
+
+import ee.cyber.cdoc20.crypto.EllipticCurve;
+import java.security.interfaces.ECPublicKey;
+import java.util.Objects;
+
+/**
+ * Base class for ECC based recipients {@link EccPubKeyRecipient} and {@link EccServerKeyRecipient}.
+ */
+public abstract class EccRecipient extends Recipient implements PublicKeyRecipient {
+
+    // recipient.ECCPublicKeyCapsule fields
+    protected EllipticCurve ellipticCurve;
+    protected final ECPublicKey recipientPubKey;
+
+    protected EccRecipient(EllipticCurve eccCurve, ECPublicKey recipient, String recipientLabel, byte[] encFmk) {
+        super(encFmk, recipientLabel);
+        this.ellipticCurve = eccCurve;
+        this.recipientPubKey = recipient;
+    }
+
+    public EllipticCurve getEllipticCurve() {
+        return this.ellipticCurve;
+    }
+
+    public ECPublicKey getRecipientPubKey() {
+        return recipientPubKey;
+    }
+
+    /**
+     * Recipient ECC public key in TLS 1.3 format (specified in RFC 8446) in bytes
+     */
+    public byte[] getRecipientPubKeyTlsEncoded() {
+        return ECKeys.encodeEcPubKeyForTls(this.ellipticCurve, this.recipientPubKey);
+    }
+
+    /**
+     *
+     * @return recipient EC public key.
+     */
+    @Override
+    public Object getRecipientId() {
+        return getRecipientPubKey();
+    }
+
+    @Override
+    public boolean equals(Object o) {
+        if (this == o) return true;
+        if (o == null || getClass() != o.getClass()) return false;
+        if (!super.equals(o)) return false;
+        EccRecipient that = (EccRecipient) o;
+        return ellipticCurve == that.ellipticCurve && Objects.equals(recipientPubKey, that.recipientPubKey);
+    }
+
+    @Override
+    public int hashCode() {
+        return Objects.hash(super.hashCode(), ellipticCurve, recipientPubKey);
+    }
+
+}
diff --git a/cdoc20-lib/src/main/java/ee/cyber/cdoc20/container/recipients/EccServerKeyRecipient.java b/cdoc20-lib/src/main/java/ee/cyber/cdoc20/container/recipients/EccServerKeyRecipient.java
new file mode 100644
index 00000000..4d0796a4
--- /dev/null
+++ b/cdoc20-lib/src/main/java/ee/cyber/cdoc20/container/recipients/EccServerKeyRecipient.java
@@ -0,0 +1,66 @@
+package ee.cyber.cdoc20.container.recipients;
+
+import com.google.flatbuffers.FlatBufferBuilder;
+import ee.cyber.cdoc20.CDocException;
+import ee.cyber.cdoc20.client.KeyCapsuleClientFactory;
+import ee.cyber.cdoc20.crypto.DecryptionKeyMaterial;
+import ee.cyber.cdoc20.crypto.EllipticCurve;
+import ee.cyber.cdoc20.crypto.KekTools;
+import ee.cyber.cdoc20.fbs.recipients.EccKeyDetails;
+import java.security.GeneralSecurityException;
+import java.security.interfaces.ECPublicKey;
+import java.util.Objects;
+
+/**
+ * ECC recipient using EccKeyDetails. POJO of
+ * {@link EccKeyDetails recipients.EccKeyDetails} in CDOC header.
+ */
+public class EccServerKeyRecipient extends EccRecipient implements ServerRecipient {
+    private final String keyServerId;
+    private final String transactionId;
+
+    public EccServerKeyRecipient(EllipticCurve eccCurve, ECPublicKey recipientPubKey,
+                                 String keyServerId, String transactionId, byte[] encryptedFmk,
+                                 String recipientPubKeyLabel) {
+        super(eccCurve, recipientPubKey, recipientPubKeyLabel, encryptedFmk);
+        this.keyServerId = keyServerId;
+        this.transactionId = transactionId;
+    }
+
+    @Override
+    public String getKeyServerId() {
+        return keyServerId;
+    }
+
+    @Override
+    public String getTransactionId() {
+        return transactionId;
+    }
+
+    @Override
+    public boolean equals(Object o) {
+        if (this == o) return true;
+        if (o == null || getClass() != o.getClass()) return false;
+        if (!super.equals(o)) return false;
+        EccServerKeyRecipient that = (EccServerKeyRecipient) o;
+        return Objects.equals(keyServerId, that.keyServerId)
+                && Objects.equals(transactionId, that.transactionId);
+    }
+
+    @Override
+    public int hashCode() {
+        return Objects.hash(super.hashCode(), keyServerId, transactionId);
+    }
+
+    @Override
+    public byte[] deriveKek(DecryptionKeyMaterial keyMaterial, KeyCapsuleClientFactory factory)
+            throws GeneralSecurityException, CDocException {
+        return KekTools.deriveKekForEccServer(this, keyMaterial, factory);
+    }
+
+
+    @Override
+    public int serialize(FlatBufferBuilder builder) {
+        return RecipientSerializer.serialize(this, builder);
+    }
+}
diff --git a/cdoc20-lib/src/main/java/ee/cyber/cdoc20/container/recipients/PublicKeyRecipient.java b/cdoc20-lib/src/main/java/ee/cyber/cdoc20/container/recipients/PublicKeyRecipient.java
new file mode 100644
index 00000000..49955051
--- /dev/null
+++ b/cdoc20-lib/src/main/java/ee/cyber/cdoc20/container/recipients/PublicKeyRecipient.java
@@ -0,0 +1,7 @@
+package ee.cyber.cdoc20.container.recipients;
+
+import java.security.PublicKey;
+
+public interface PublicKeyRecipient {
+    PublicKey getRecipientPubKey();
+}
diff --git a/cdoc20-lib/src/main/java/ee/cyber/cdoc20/container/recipients/RSAPubKeyRecipient.java b/cdoc20-lib/src/main/java/ee/cyber/cdoc20/container/recipients/RSAPubKeyRecipient.java
new file mode 100644
index 00000000..e68fba00
--- /dev/null
+++ b/cdoc20-lib/src/main/java/ee/cyber/cdoc20/container/recipients/RSAPubKeyRecipient.java
@@ -0,0 +1,58 @@
+package ee.cyber.cdoc20.container.recipients;
+
+import com.google.flatbuffers.FlatBufferBuilder;
+import ee.cyber.cdoc20.client.KeyCapsuleClientFactory;
+import ee.cyber.cdoc20.crypto.DecryptionKeyMaterial;
+import ee.cyber.cdoc20.crypto.KekTools;
+import ee.cyber.cdoc20.fbs.recipients.RSAPublicKeyCapsule;
+import java.security.GeneralSecurityException;
+import java.security.interfaces.RSAPublicKey;
+import java.util.Arrays;
+
+/**
+ * RSA-OAEP recipient using RSAPublicKey. POJO of flatbuffers
+ * {@link RSAPublicKeyCapsule fbs.recipients.RSAPublicKeyCapsule} structure in CDOC header.
+ */
+public class RSAPubKeyRecipient extends RSARecipient {
+
+    private final byte[] encryptedKek;
+
+    public RSAPubKeyRecipient(RSAPublicKey recipient,
+                              byte[] encryptedKek,
+                              byte[] encryptedFmk, String recipientLabel) {
+        super(recipient, encryptedFmk, recipientLabel);
+        this.encryptedKek = encryptedKek;
+    }
+
+    public byte[] getEncryptedKek() {
+        return encryptedKek;
+    }
+
+    @Override
+    public boolean equals(Object o) {
+        if (this == o) return true;
+        if (o == null || getClass() != o.getClass()) return false;
+        if (!super.equals(o)) return false;
+        RSAPubKeyRecipient that = (RSAPubKeyRecipient) o;
+        return Arrays.equals(encryptedKek, that.encryptedKek);
+    }
+
+    @Override
+    public int hashCode() {
+        int result = super.hashCode();
+        result = 31 * result + Arrays.hashCode(encryptedKek);
+        return result;
+    }
+
+    @Override
+    public byte[] deriveKek(DecryptionKeyMaterial keyMaterial, KeyCapsuleClientFactory factory)
+            throws GeneralSecurityException {
+
+        return KekTools.deriveKekForRsa(this, keyMaterial);
+    }
+
+    @Override
+    public int serialize(FlatBufferBuilder builder) {
+        return RecipientSerializer.serialize(this, builder);
+    }
+}
diff --git a/cdoc20-lib/src/main/java/ee/cyber/cdoc20/container/recipients/RSARecipient.java b/cdoc20-lib/src/main/java/ee/cyber/cdoc20/container/recipients/RSARecipient.java
new file mode 100644
index 00000000..588fb53d
--- /dev/null
+++ b/cdoc20-lib/src/main/java/ee/cyber/cdoc20/container/recipients/RSARecipient.java
@@ -0,0 +1,40 @@
+package ee.cyber.cdoc20.container.recipients;
+
+import java.security.interfaces.RSAPublicKey;
+import java.util.Objects;
+
+/**
+ * Base class for RSAPubKeyRecipient and RSAServerKeyRecipient
+ */
+public abstract class RSARecipient extends Recipient implements PublicKeyRecipient {
+
+    protected final RSAPublicKey recipientPubKey;
+
+    protected RSARecipient(RSAPublicKey recipient, byte[] encFmk, String recipientLabel) {
+        super(encFmk, recipientLabel);
+        this.recipientPubKey = recipient;
+    }
+
+    public RSAPublicKey getRecipientPubKey() {
+        return recipientPubKey;
+    }
+
+    @Override
+    public Object getRecipientId() {
+        return recipientPubKey;
+    }
+
+    @Override
+    public boolean equals(Object o) {
+        if (this == o) return true;
+        if (o == null || getClass() != o.getClass()) return false;
+        if (!super.equals(o)) return false;
+        RSARecipient that = (RSARecipient) o;
+        return Objects.equals(recipientPubKey, that.recipientPubKey);
+    }
+
+    @Override
+    public int hashCode() {
+        return Objects.hash(super.hashCode(), recipientPubKey);
+    }
+}
diff --git a/cdoc20-lib/src/main/java/ee/cyber/cdoc20/container/recipients/RSAServerKeyRecipient.java b/cdoc20-lib/src/main/java/ee/cyber/cdoc20/container/recipients/RSAServerKeyRecipient.java
new file mode 100644
index 00000000..61022d73
--- /dev/null
+++ b/cdoc20-lib/src/main/java/ee/cyber/cdoc20/container/recipients/RSAServerKeyRecipient.java
@@ -0,0 +1,63 @@
+package ee.cyber.cdoc20.container.recipients;
+
+import com.google.flatbuffers.FlatBufferBuilder;
+import ee.cyber.cdoc20.CDocException;
+import ee.cyber.cdoc20.client.KeyCapsuleClientFactory;
+import ee.cyber.cdoc20.crypto.DecryptionKeyMaterial;
+import ee.cyber.cdoc20.crypto.KekTools;
+import ee.cyber.cdoc20.fbs.recipients.RsaKeyDetails;
+import java.security.GeneralSecurityException;
+import java.security.interfaces.RSAPublicKey;
+import java.util.Objects;
+
+/**
+ * RSA-OAEP recipient using RsaKeyDetails. POJO of flatbuffers
+ *  {@link RsaKeyDetails recipients.RsaKeyDetails} structure in CDOC header.
+ */
+public class RSAServerKeyRecipient extends RSARecipient implements ServerRecipient {
+
+    private final String keyServerId;
+    private final String transactionId;
+
+    public RSAServerKeyRecipient(RSAPublicKey recipient, String keyServerId, String transactionId,
+            byte[] encryptedFmk, String recipientLabel) {
+        super(recipient, encryptedFmk, recipientLabel);
+        this.keyServerId = keyServerId;
+        this.transactionId = transactionId;
+    }
+
+    @Override
+    public String getKeyServerId() {
+        return keyServerId;
+    }
+
+    @Override
+    public String getTransactionId() {
+        return transactionId;
+    }
+
+    @Override
+    public boolean equals(Object o) {
+        if (this == o) return true;
+        if (o == null || getClass() != o.getClass()) return false;
+        if (!super.equals(o)) return false;
+        RSAServerKeyRecipient that = (RSAServerKeyRecipient) o;
+        return Objects.equals(keyServerId, that.keyServerId) && Objects.equals(transactionId, that.transactionId);
+    }
+
+    @Override
+    public int hashCode() {
+        return Objects.hash(super.hashCode(), keyServerId, transactionId);
+    }
+
+    @Override
+    public byte[] deriveKek(DecryptionKeyMaterial keyMaterial, KeyCapsuleClientFactory factory)
+            throws GeneralSecurityException, CDocException {
+        return KekTools.deriveKekForRsaServer(this, keyMaterial, factory);
+    }
+
+    @Override
+    public int serialize(FlatBufferBuilder builder) {
+        return RecipientSerializer.serialize(this, builder);
+    }
+}
diff --git a/cdoc20-lib/src/main/java/ee/cyber/cdoc20/container/recipients/Recipient.java b/cdoc20-lib/src/main/java/ee/cyber/cdoc20/container/recipients/Recipient.java
new file mode 100644
index 00000000..d737a9f2
--- /dev/null
+++ b/cdoc20-lib/src/main/java/ee/cyber/cdoc20/container/recipients/Recipient.java
@@ -0,0 +1,59 @@
+package ee.cyber.cdoc20.container.recipients;
+
+import ee.cyber.cdoc20.crypto.KekDerivable;
+import ee.cyber.cdoc20.fbs.header.FMKEncryptionMethod;
+import java.util.Arrays;
+import java.util.Objects;
+
+/**
+ * Java POJO that represents flatbuffers {@link ee.cyber.cdoc20.fbs.header.RecipientRecord header.RecipientRecord}
+ * Capsule union field(s) will be implemented by subclasses.
+ */
+public abstract class Recipient implements KekDerivable, SerializableFBS {
+    // header.RecipientRecord specific fields
+    protected final byte[] encryptedFmk;
+    protected final String recipientKeyLabel;
+    protected final byte fmkEncryptionMethod = FMKEncryptionMethod.XOR;
+
+    protected Recipient(byte[] encFmk, String recipientLabel) {
+        this.recipientKeyLabel = recipientLabel;
+        this.encryptedFmk = encFmk.clone();
+    }
+
+    public String getRecipientKeyLabel() {
+        return recipientKeyLabel;
+    }
+
+    public byte[] getEncryptedFileMasterKey() {
+        return this.encryptedFmk;
+    }
+
+    public byte getFmkEncryptionMethod() {
+        return fmkEncryptionMethod;
+    }
+
+    /**
+     * Uniquely identifies the recipient. This data is used to find recipients key material from parsed CDOC header
+     * * For EC, this is EC pub key.
+     * * For RSA, this is RSA pub key
+     * @return Object that uniquely identifies Recipient
+     */
+    public abstract Object getRecipientId();
+
+    @Override
+    public boolean equals(Object o) {
+        if (this == o) return true;
+        if (o == null || getClass() != o.getClass()) return false;
+        Recipient recipient = (Recipient) o;
+        return fmkEncryptionMethod == recipient.fmkEncryptionMethod
+                && Objects.equals(recipientKeyLabel, recipient.recipientKeyLabel)
+                && Arrays.equals(encryptedFmk, recipient.encryptedFmk);
+    }
+
+    @Override
+    public int hashCode() {
+        int result = Objects.hash(recipientKeyLabel, fmkEncryptionMethod);
+        result = 31 * result + Arrays.hashCode(encryptedFmk);
+        return result;
+    }
+}
diff --git a/cdoc20-lib/src/main/java/ee/cyber/cdoc20/container/recipients/RecipientDeserializer.java b/cdoc20-lib/src/main/java/ee/cyber/cdoc20/container/recipients/RecipientDeserializer.java
new file mode 100644
index 00000000..aa7d04be
--- /dev/null
+++ b/cdoc20-lib/src/main/java/ee/cyber/cdoc20/container/recipients/RecipientDeserializer.java
@@ -0,0 +1,195 @@
+package ee.cyber.cdoc20.container.recipients;
+
+import ee.cyber.cdoc20.container.CDocParseException;
+import ee.cyber.cdoc20.container.Envelope;
+import ee.cyber.cdoc20.container.UnknownFlatBufferTypeException;
+import ee.cyber.cdoc20.crypto.Crypto;
+import ee.cyber.cdoc20.crypto.EllipticCurve;
+import ee.cyber.cdoc20.crypto.RsaUtils;
+import ee.cyber.cdoc20.fbs.header.RecipientRecord;
+import ee.cyber.cdoc20.fbs.recipients.ECCPublicKeyCapsule;
+import ee.cyber.cdoc20.fbs.recipients.EccKeyDetails;
+import ee.cyber.cdoc20.fbs.recipients.KeyDetailsUnion;
+import ee.cyber.cdoc20.fbs.recipients.KeyServerCapsule;
+import ee.cyber.cdoc20.fbs.recipients.RSAPublicKeyCapsule;
+import ee.cyber.cdoc20.fbs.recipients.RsaKeyDetails;
+import ee.cyber.cdoc20.fbs.recipients.SymmetricKeyCapsule;
+
+import java.io.IOException;
+import java.nio.ByteBuffer;
+import java.security.GeneralSecurityException;
+import java.security.interfaces.ECPublicKey;
+import java.security.interfaces.RSAPublicKey;
+import java.util.Arrays;
+
+import static ee.cyber.cdoc20.fbs.header.Capsule.recipients_ECCPublicKeyCapsule;
+import static ee.cyber.cdoc20.fbs.header.Capsule.recipients_KeyServerCapsule;
+import static ee.cyber.cdoc20.fbs.header.Capsule.recipients_RSAPublicKeyCapsule;
+import static ee.cyber.cdoc20.fbs.header.Capsule.recipients_SymmetricKeyCapsule;
+
+/**
+ * Deserialize Recipient from flatbuffers RecipientRecord
+ */
+public final class RecipientDeserializer {
+
+    private RecipientDeserializer() { }
+
+    public static Recipient deserialize(RecipientRecord r)
+            throws CDocParseException, GeneralSecurityException {
+
+        if (r.fmkEncryptionMethod() != Envelope.FMK_ENC_METHOD_BYTE) {
+            throw new CDocParseException("Unknown FMK encryption method: " + r.fmkEncryptionMethod());
+        }
+
+        if (r.encryptedFmkLength() != Crypto.FMK_LEN_BYTES) {
+            throw new CDocParseException("invalid FMK len: " + r.encryptedFmkLength());
+        }
+
+        ByteBuffer encryptedFmkBuf = r.encryptedFmkAsByteBuffer();
+        byte[] encryptedFmkBytes = Arrays.copyOfRange(encryptedFmkBuf.array(),
+                encryptedFmkBuf.position(), encryptedFmkBuf.limit());
+        String keyLabel = r.keyLabel();
+
+        if (r.capsuleType() == recipients_ECCPublicKeyCapsule) {
+            return deserializeEccPubKeyRecipient(r, encryptedFmkBytes, keyLabel);
+
+        } else if (r.capsuleType() == recipients_RSAPublicKeyCapsule) {
+
+            return deserializeRsaPubKeyRecipient(r, encryptedFmkBytes, keyLabel);
+
+        } else if (r.capsuleType() == recipients_KeyServerCapsule) {
+
+            return deserializeServerRecipient(r, encryptedFmkBytes, keyLabel);
+        } else if (r.capsuleType() == recipients_SymmetricKeyCapsule) {
+            return deserializeSymmetricKeyRecipient(r, encryptedFmkBytes, keyLabel);
+        } else {
+            throw new UnknownFlatBufferTypeException("Unknown recipient type " + r.capsuleType());
+        }
+
+    }
+
+    private static SymmetricKeyRecipient deserializeSymmetricKeyRecipient(
+            RecipientRecord r, byte[] encryptedFmkBytes, String keyLabel)
+            throws CDocParseException {
+
+        SymmetricKeyCapsule symmetricKeyCapsule = (SymmetricKeyCapsule) r.capsule(new SymmetricKeyCapsule());
+        if (symmetricKeyCapsule == null) {
+            throw new CDocParseException("error parsing SymmetricKeyCapsule");
+        }
+
+        ByteBuffer saltBuf = symmetricKeyCapsule.saltAsByteBuffer();
+        byte[] salt = Arrays.copyOfRange(saltBuf.array(), saltBuf.position(), saltBuf.limit());
+        return new SymmetricKeyRecipient(salt, encryptedFmkBytes, keyLabel);
+    }
+
+    private static Recipient deserializeServerRecipient(RecipientRecord r, byte[] encryptedFmkBytes, String keyLabel)
+            throws CDocParseException, GeneralSecurityException {
+
+        KeyServerCapsule serverCapsule = (KeyServerCapsule) r.capsule(new KeyServerCapsule());
+        if (serverCapsule == null) {
+            throw new CDocParseException("error parsing KeyServerCapsule");
+        }
+
+        if (serverCapsule.recipientKeyDetailsType() == KeyDetailsUnion.EccKeyDetails) {
+            EccKeyDetails serverEccDetails =
+                    (EccKeyDetails) serverCapsule.recipientKeyDetails(new EccKeyDetails());
+            if (serverEccDetails == null) {
+                throw new CDocParseException("error parsing EccKeyDetails");
+            }
+
+            ECPublicKey recipientPubKey;
+            EllipticCurve curve = EllipticCurve.forValue(serverEccDetails.curve());
+            try {
+                ByteBuffer recipientPubKeyBuf = serverEccDetails.recipientPublicKeyAsByteBuffer();
+                recipientPubKey = curve.decodeFromTls(recipientPubKeyBuf);
+            } catch (IllegalArgumentException iae) {
+                throw new CDocParseException("illegal EC pub key encoding", iae);
+            }
+            String keyServerId = serverCapsule.keyserverId();
+            String transactionId = serverCapsule.transactionId();
+
+            return new EccServerKeyRecipient(curve, recipientPubKey, keyServerId,
+                    transactionId, encryptedFmkBytes, keyLabel);
+        } else if (serverCapsule.recipientKeyDetailsType() == KeyDetailsUnion.RsaKeyDetails) {
+
+            RsaKeyDetails serverRsaDetails =
+                    (RsaKeyDetails) serverCapsule.recipientKeyDetails(new RsaKeyDetails());
+            if (serverRsaDetails == null) {
+                throw new CDocParseException("error parsing RsaKeyDetails");
+            }
+
+            RSAPublicKey recipientPubKey;
+            try {
+                recipientPubKey = RsaUtils.decodeRsaPubKey(serverRsaDetails.recipientPublicKeyAsByteBuffer());
+            } catch (IOException e) {
+                throw new CDocParseException("error parsing RsaKeyDetails.recipientPubKey");
+            }
+
+            String keyServerId = serverCapsule.keyserverId();
+            String transactionId = serverCapsule.transactionId();
+
+            return new RSAServerKeyRecipient(recipientPubKey, keyServerId, transactionId,
+                    encryptedFmkBytes, keyLabel);
+
+        } else {
+            throw new UnknownFlatBufferTypeException(
+                    "Unknown KeyServerCapsule.recipient_key_details type (KeyDetailsUnion) "
+                            + serverCapsule.recipientKeyDetailsType());
+        }
+    }
+
+    private static RSAPubKeyRecipient deserializeRsaPubKeyRecipient(
+            RecipientRecord r, byte[] encryptedFmkBytes, String keyLabel) throws CDocParseException {
+        RSAPublicKeyCapsule rsaPublicKeyCapsule = (RSAPublicKeyCapsule) r.capsule(new RSAPublicKeyCapsule());
+        if (rsaPublicKeyCapsule == null) {
+            throw new CDocParseException("error parsing RSAPublicKeyCapsule");
+        }
+
+        ByteBuffer rsaPubKeyBuf = rsaPublicKeyCapsule.recipientPublicKeyAsByteBuffer();
+        if (rsaPubKeyBuf == null) {
+            throw new CDocParseException("error parsing RSAPublicKeyCapsule.recipientPublicKey");
+        }
+
+        ByteBuffer encKekBuf = rsaPublicKeyCapsule.encryptedKekAsByteBuffer();
+        if (encKekBuf == null) {
+            throw new CDocParseException("error parsing RSAPublicKeyCapsule.encryptedKek");
+        }
+
+        byte[] rsaPubKeyBytes =
+                Arrays.copyOfRange(rsaPubKeyBuf.array(), rsaPubKeyBuf.position(), rsaPubKeyBuf.limit());
+        RSAPublicKey recipientRsaPublicKey;
+
+        try {
+            recipientRsaPublicKey = RsaUtils.decodeRsaPubKey(rsaPubKeyBytes);
+        } catch (GeneralSecurityException | IOException ex) {
+            throw new CDocParseException("error decoding RSAPublicKey", ex);
+        }
+
+        byte[] encKek = Arrays.copyOfRange(encKekBuf.array(), encKekBuf.position(), encKekBuf.limit());
+
+        return new RSAPubKeyRecipient(recipientRsaPublicKey, encKek, encryptedFmkBytes, keyLabel);
+    }
+
+    private static  EccPubKeyRecipient deserializeEccPubKeyRecipient(
+                RecipientRecord r, byte[] encryptedFmkBytes, String keyLabel)
+            throws CDocParseException, GeneralSecurityException {
+
+        ECCPublicKeyCapsule eccPublicKeyCapsule = (ECCPublicKeyCapsule) r.capsule(new ECCPublicKeyCapsule());
+        if (eccPublicKeyCapsule == null) {
+            throw new CDocParseException("error parsing ECCPublicKeyCapsule");
+        }
+
+        try {
+            EllipticCurve curve = EllipticCurve.forValue(eccPublicKeyCapsule.curve());
+            ECPublicKey recipientPubKey =
+                    curve.decodeFromTls(eccPublicKeyCapsule.recipientPublicKeyAsByteBuffer());
+            ECPublicKey senderPubKey =
+                    curve.decodeFromTls(eccPublicKeyCapsule.senderPublicKeyAsByteBuffer());
+
+            return new EccPubKeyRecipient(curve, recipientPubKey, senderPubKey,
+                    encryptedFmkBytes, keyLabel);
+        } catch (IllegalArgumentException illegalArgumentException) {
+            throw new CDocParseException("illegal EC pub key encoding", illegalArgumentException);
+        }
+    }
+}
diff --git a/cdoc20-lib/src/main/java/ee/cyber/cdoc20/container/recipients/RecipientFactory.java b/cdoc20-lib/src/main/java/ee/cyber/cdoc20/container/recipients/RecipientFactory.java
new file mode 100644
index 00000000..375e34e7
--- /dev/null
+++ b/cdoc20-lib/src/main/java/ee/cyber/cdoc20/container/recipients/RecipientFactory.java
@@ -0,0 +1,252 @@
+package ee.cyber.cdoc20.container.recipients;
+
+import ee.cyber.cdoc20.client.EcCapsuleClient;
+import ee.cyber.cdoc20.client.EcCapsuleClientImpl;
+import ee.cyber.cdoc20.client.ExtApiException;
+import ee.cyber.cdoc20.client.KeyCapsuleClient;
+import ee.cyber.cdoc20.client.RsaCapsuleClient;
+import ee.cyber.cdoc20.client.RsaCapsuleClientImpl;
+import ee.cyber.cdoc20.container.Envelope;
+import ee.cyber.cdoc20.crypto.Crypto;
+import ee.cyber.cdoc20.crypto.EllipticCurve;
+import ee.cyber.cdoc20.crypto.EncryptionKeyMaterial;
+import ee.cyber.cdoc20.crypto.RsaUtils;
+import ee.cyber.cdoc20.fbs.header.FMKEncryptionMethod;
+import ee.cyber.cdoc20.fbs.recipients.SymmetricKeyCapsule;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import javax.annotation.Nullable;
+import javax.crypto.SecretKey;
+import java.security.GeneralSecurityException;
+import java.security.InvalidKeyException;
+import java.security.Key;
+import java.security.KeyPair;
+import java.security.NoSuchAlgorithmException;
+import java.security.NoSuchProviderException;
+import java.security.interfaces.ECPublicKey;
+import java.security.interfaces.RSAPublicKey;
+import java.security.spec.InvalidParameterSpecException;
+import java.util.ArrayList;
+import java.util.List;
+import java.util.Objects;
+
+/**
+ * Factory to create Recipients from different cryptographic keys
+ */
+public final class RecipientFactory {
+
+    private static final Logger log = LoggerFactory.getLogger(RecipientFactory.class);
+    private static final String INVALID_FMK_LEN = "Invalid FMK len";
+
+    private RecipientFactory() { }
+
+    /**
+     * Build recipients. For each recipient KEK (key encryption key) key is derived from recipients key material and fmk
+     * is encrypted with KEK.
+     * @param fmk file master key generated per CDOC2 envelope
+     * @param recipientKeys recipients key material used to derive KEK
+     * @param serverClient if server client is provided, then key material for deriving KEK or encrypted KEK is stored
+     *                     in key server
+     * @return Recipients list created from provided key material
+     * @throws GeneralSecurityException
+     * @throws ExtApiException if communication with key server failed
+     */
+    public static Recipient[] buildRecipients(byte[] fmk, List<EncryptionKeyMaterial> recipientKeys,
+                                              @Nullable KeyCapsuleClient serverClient)
+            throws GeneralSecurityException, ExtApiException {
+
+        Objects.requireNonNull(fmk);
+        Objects.requireNonNull(recipientKeys);
+        if (fmk.length != Crypto.FMK_LEN_BYTES) {
+            throw new IllegalArgumentException(INVALID_FMK_LEN);
+        }
+
+        if (recipientKeys.isEmpty()) {
+            throw new IllegalArgumentException("At least one recipient required");
+        }
+
+        List<Recipient> result = new ArrayList<>(recipientKeys.size());
+        for (EncryptionKeyMaterial encKeyMaterial : recipientKeys) {
+            Key key = encKeyMaterial.getKey();
+            String keyLabel = encKeyMaterial.getLabel();
+
+            if (key instanceof RSAPublicKey rsaPublicKey) {
+                if (serverClient != null) {
+                    RsaCapsuleClient rsaCapsuleClient = new RsaCapsuleClientImpl(serverClient);
+                    result.add(buildRsaServerKeyRecipient(fmk, rsaPublicKey, keyLabel, rsaCapsuleClient));
+                } else {
+                    result.add(buildRsaRecipient(fmk, rsaPublicKey, keyLabel));
+                }
+
+            } else if (key instanceof ECPublicKey ecPublicKey) {
+                if (serverClient != null) {
+                    result.add(buildEccServerKeyRecipient(fmk, ecPublicKey, keyLabel,
+                            new EcCapsuleClientImpl(serverClient)));
+                } else {
+                    result.add(buildEccRecipient(fmk, ecPublicKey, keyLabel));
+                }
+            } else if (key instanceof SecretKey) {
+                if (serverClient != null) {
+                    log.info("For symmetric key scenario, key server will not be used.");
+                }
+                SecretKey preSharedKey = (SecretKey) key;
+                result.add(buildSymmetricKeyRecipient(fmk,  preSharedKey, keyLabel,
+                        FMKEncryptionMethod.name(Envelope.FMK_ENC_METHOD_BYTE)));
+            } else {
+                throw new InvalidKeyException("Unsupported key algorithm " + key.getAlgorithm());
+            }
+        }
+
+        return result.toArray(new Recipient[0]);
+    }
+
+
+    /**
+     * Fill RSAPubKeyRecipient with data, so that it is ready to be serialized into CDOC header.
+     * @param fmk file master key (plain)
+     * @param recipientPubRsaKey  recipients public RSA key
+     * @param keyLabel recipientPubRsaKey description
+     * @throws GeneralSecurityException if kek encryption with recipientPubRsaKey fails
+     */
+    static RSAPubKeyRecipient buildRsaRecipient(byte[] fmk, RSAPublicKey recipientPubRsaKey, String keyLabel)
+            throws GeneralSecurityException {
+
+        Objects.requireNonNull(recipientPubRsaKey);
+        Objects.requireNonNull(fmk);
+        if (fmk.length != Crypto.FMK_LEN_BYTES) {
+            throw new IllegalArgumentException("Illegal FMK length " + fmk.length);
+        }
+
+        byte[] kek = new byte[Crypto.FMK_LEN_BYTES];
+        Crypto.getSecureRandom().nextBytes(kek);
+
+        byte[] encryptedKek = RsaUtils.rsaEncrypt(kek, recipientPubRsaKey);
+        byte[] encryptedFmk = Crypto.xor(fmk, kek);
+        return new RSAPubKeyRecipient(recipientPubRsaKey, encryptedKek, encryptedFmk, keyLabel);
+    }
+
+    /**
+     * Generate sender key pair for the recipient. Encrypt fmk with KEK derived from generated sender private key
+     * and recipient public key
+     * @param fmk file master key (plain)
+     * @param recipientPubKey  recipient public keys
+     * @return EccRecipient with generated sender and recipient public key and
+     *          fmk encrypted with sender private and recipient public key
+     * @throws InvalidKeyException if recipient key is not suitable
+     * @throws GeneralSecurityException if other crypto related exceptions happen
+     */
+    static EccPubKeyRecipient buildEccRecipient(byte[] fmk, ECPublicKey recipientPubKey, String keyLabel)
+            throws InvalidKeyException, GeneralSecurityException {
+
+        Objects.requireNonNull(recipientPubKey);
+        Objects.requireNonNull(fmk);
+        if (fmk.length != Crypto.FMK_LEN_BYTES) {
+            throw new IllegalArgumentException("Illegal FMK length " + fmk.length);
+        }
+
+        EllipticCurve curve;
+        try {
+            curve = EllipticCurve.forPubKey(recipientPubKey);
+        } catch (NoSuchAlgorithmException | InvalidParameterSpecException
+                | NoSuchProviderException generalSecurityException) {
+            throw new InvalidKeyException(generalSecurityException);
+        }
+
+        try {
+            if (!curve.isValidKey(recipientPubKey)) {
+                throw new InvalidKeyException("ECKey not valid");
+            }
+        } catch (GeneralSecurityException e) {
+            throw new InvalidKeyException("ECKey not valid");
+        }
+
+        KeyPair senderEcKeyPair = curve.generateEcKeyPair();
+        byte[] kek = Crypto.deriveKeyEncryptionKey(senderEcKeyPair, recipientPubKey, Crypto.KEK_LEN_BYTES);
+        byte[] encryptedFmk = Crypto.xor(fmk, kek);
+        return new EccPubKeyRecipient(
+            curve, recipientPubKey, (ECPublicKey) senderEcKeyPair.getPublic(), encryptedFmk, keyLabel
+        );
+    }
+
+    /**
+     * Fill EccServerKeyRecipient POJO, so that they are ready to be serialized into CDOC header. Calls
+     * {@link #buildEccRecipient(byte[], ECPublicKey, String)} to generate sender key pair and encrypt FMK.
+     * Stores sender public key in key server and gets corresponding transactionId from server.
+     * @param fmk file master key (plain)
+     * @param recipientPubKey  list of recipients public keys
+     * @param serverClient used to store sender public key and get transactionId
+     * @return For each recipient create EccServerKeyRecipient with fields filled
+     */
+    static EccServerKeyRecipient buildEccServerKeyRecipient(byte[] fmk, ECPublicKey recipientPubKey,
+            String keyLabel, EcCapsuleClient serverClient) throws GeneralSecurityException, ExtApiException {
+
+        Objects.requireNonNull(fmk);
+        Objects.requireNonNull(recipientPubKey);
+        Objects.requireNonNull(serverClient);
+        if (fmk.length != Crypto.CEK_LEN_BYTES) {
+            throw new IllegalArgumentException(INVALID_FMK_LEN);
+        }
+
+        EccPubKeyRecipient eccPubKeyRecipient = buildEccRecipient(fmk, recipientPubKey, keyLabel);
+
+        String transactionId = serverClient.storeSenderKey(
+            eccPubKeyRecipient.getRecipientPubKey(), eccPubKeyRecipient.getSenderPubKey()
+        );
+        String serverId = serverClient.getServerIdentifier();
+
+        return new EccServerKeyRecipient(eccPubKeyRecipient.getEllipticCurve(),
+                eccPubKeyRecipient.getRecipientPubKey(), serverId, transactionId,
+                eccPubKeyRecipient.getEncryptedFileMasterKey(), keyLabel);
+    }
+
+    static RSAServerKeyRecipient buildRsaServerKeyRecipient(byte[] fmk, RSAPublicKey recipientPubKey,
+                                                            String keyLabel, RsaCapsuleClient serverClient)
+            throws GeneralSecurityException, ExtApiException {
+
+        Objects.requireNonNull(fmk);
+        Objects.requireNonNull(recipientPubKey);
+        Objects.requireNonNull(serverClient);
+
+        if (fmk.length != Crypto.CEK_LEN_BYTES) {
+            throw new IllegalArgumentException(INVALID_FMK_LEN);
+        }
+
+        RSAPubKeyRecipient rsaPubKeyRecipient = buildRsaRecipient(fmk, recipientPubKey, keyLabel);
+
+        String transactionId = serverClient.storeRsaCapsule(
+                recipientPubKey, rsaPubKeyRecipient.getEncryptedKek()
+        );
+
+        String serverId = serverClient.getServerIdentifier();
+
+        return new RSAServerKeyRecipient(recipientPubKey, serverId, transactionId,
+                rsaPubKeyRecipient.getEncryptedFileMasterKey(), keyLabel);
+    }
+
+    /**
+     * Derive KEK from preSharedKey, keyLabel and generated salt and encrypt fmk with derived KEK
+     * @param fmk fmk to be encrypted
+     * @param preSharedKey
+     * @param keyLabel
+     * @param fmkEncMethod
+     * @return SymmetricKeyRecipient that can be serialized into
+     *          FBS {@link SymmetricKeyCapsule}
+     * @throws GeneralSecurityException
+     */
+    static SymmetricKeyRecipient buildSymmetricKeyRecipient(byte[] fmk, SecretKey preSharedKey,
+                String keyLabel, String fmkEncMethod) throws GeneralSecurityException {
+
+        Objects.requireNonNull(fmk);
+        Objects.requireNonNull(preSharedKey);
+        Objects.requireNonNull(keyLabel);
+
+        byte[] salt = new byte[256 / 8]; //spec: salt length should be 256bits
+        Crypto.getSecureRandom().nextBytes(salt);
+
+        SecretKey kek = Crypto.deriveKeyEncryptionKey(keyLabel, preSharedKey, salt, fmkEncMethod);
+
+        byte[] encryptedFmk = Crypto.xor(fmk, kek.getEncoded());
+        return new SymmetricKeyRecipient(salt, encryptedFmk, keyLabel);
+    }
+}
diff --git a/cdoc20-lib/src/main/java/ee/cyber/cdoc20/container/recipients/RecipientSerializer.java b/cdoc20-lib/src/main/java/ee/cyber/cdoc20/container/recipients/RecipientSerializer.java
new file mode 100644
index 00000000..617c0572
--- /dev/null
+++ b/cdoc20-lib/src/main/java/ee/cyber/cdoc20/container/recipients/RecipientSerializer.java
@@ -0,0 +1,179 @@
+package ee.cyber.cdoc20.container.recipients;
+
+import com.google.flatbuffers.FlatBufferBuilder;
+import ee.cyber.cdoc20.crypto.RsaUtils;
+import ee.cyber.cdoc20.fbs.header.Capsule;
+import ee.cyber.cdoc20.fbs.header.RecipientRecord;
+import ee.cyber.cdoc20.fbs.recipients.ECCPublicKeyCapsule;
+import ee.cyber.cdoc20.fbs.recipients.EccKeyDetails;
+import ee.cyber.cdoc20.fbs.recipients.KeyDetailsUnion;
+import ee.cyber.cdoc20.fbs.recipients.KeyServerCapsule;
+import ee.cyber.cdoc20.fbs.recipients.RSAPublicKeyCapsule;
+import ee.cyber.cdoc20.fbs.recipients.RsaKeyDetails;
+import ee.cyber.cdoc20.fbs.recipients.SymmetricKeyCapsule;
+
+import static ee.cyber.cdoc20.fbs.header.Capsule.recipients_ECCPublicKeyCapsule;
+import static ee.cyber.cdoc20.fbs.header.Capsule.recipients_KeyServerCapsule;
+import static ee.cyber.cdoc20.fbs.header.Capsule.recipients_RSAPublicKeyCapsule;
+import static ee.cyber.cdoc20.fbs.header.Capsule.recipients_SymmetricKeyCapsule;
+
+/**
+ * Utility class to serialize Recipient into flatbuffers FlatBufferBuilder
+ */
+public final class RecipientSerializer {
+
+    private RecipientSerializer() { }
+
+    public static int serialize(EccServerKeyRecipient eccServerRecipient, FlatBufferBuilder builder) {
+
+        int recipientPubKeyOffset = builder.createByteVector(eccServerRecipient.getRecipientPubKeyTlsEncoded());
+
+        int serverEccDetailsOffset = EccKeyDetails.createEccKeyDetails(builder,
+                eccServerRecipient.getEllipticCurve().getValue(),
+                recipientPubKeyOffset
+        );
+
+        int keyServerOffset = builder.createString(eccServerRecipient.getKeyServerId());
+        int transactionIdOffset = builder.createString(eccServerRecipient.getTransactionId());
+
+        int capsuleOffset = KeyServerCapsule.createKeyServerCapsule(builder,
+                KeyDetailsUnion.EccKeyDetails,
+                serverEccDetailsOffset,
+                keyServerOffset,
+                transactionIdOffset
+        );
+
+        int encFmkOffset =
+                RecipientRecord.createEncryptedFmkVector(builder,
+                        eccServerRecipient.getEncryptedFileMasterKey());
+
+        int keyLabelOffset = builder.createString(getKeyLabelValue(eccServerRecipient)); //required field
+
+        int recipientOffset = fillRecipientRecord(builder, recipients_KeyServerCapsule,
+                capsuleOffset, keyLabelOffset, encFmkOffset, eccServerRecipient.getFmkEncryptionMethod());
+        return recipientOffset;
+    }
+
+    public static int serialize(EccPubKeyRecipient eccRecipient, FlatBufferBuilder builder) {
+
+        int recipientPubKeyOffset = builder.createByteVector(eccRecipient.getRecipientPubKeyTlsEncoded());
+        int senderPubKeyOffset = builder.createByteVector(eccRecipient.getSenderPubKeyTlsEncoded());
+        int eccPubKeyOffset = ECCPublicKeyCapsule.createECCPublicKeyCapsule(builder,
+                eccRecipient.getEllipticCurve().getValue(),
+                recipientPubKeyOffset,
+                senderPubKeyOffset
+        );
+
+        int encFmkOffset =
+                RecipientRecord.createEncryptedFmkVector(builder, eccRecipient.getEncryptedFileMasterKey());
+
+        int keyLabelOffset = builder.createString(getKeyLabelValue(eccRecipient)); //required field
+
+        int recipientOffset = fillRecipientRecord(builder, recipients_ECCPublicKeyCapsule,
+                eccPubKeyOffset, keyLabelOffset, encFmkOffset, eccRecipient.getFmkEncryptionMethod());
+        return recipientOffset;
+    }
+
+    public static int serialize(RSAServerKeyRecipient rsaServerRecipient, FlatBufferBuilder builder) {
+
+
+        byte[] rsaPubKeyDer = RsaUtils.encodeRsaPubKey(rsaServerRecipient.getRecipientPubKey());
+        int recipientPubKeyOffset = builder.createByteVector(rsaPubKeyDer);
+
+        int serverRsaDetailsOffset = RsaKeyDetails.createRsaKeyDetails(builder, recipientPubKeyOffset);
+
+        int keyServerOffset = builder.createString(rsaServerRecipient.getKeyServerId());
+        int transactionIdOffset = builder.createString(rsaServerRecipient.getTransactionId());
+
+        int capsuleOffset = KeyServerCapsule.createKeyServerCapsule(builder,
+                KeyDetailsUnion.RsaKeyDetails,
+                serverRsaDetailsOffset,
+                keyServerOffset,
+                transactionIdOffset
+        );
+
+        int encFmkOffset =
+                RecipientRecord.createEncryptedFmkVector(builder,
+                        rsaServerRecipient.getEncryptedFileMasterKey());
+
+        int keyLabelOffset = builder.createString(getKeyLabelValue(rsaServerRecipient));
+
+        int recipientOffset = fillRecipientRecord(builder, recipients_KeyServerCapsule,
+                capsuleOffset, keyLabelOffset, encFmkOffset, rsaServerRecipient.getFmkEncryptionMethod());
+        return recipientOffset;
+    }
+
+    public static int serialize(RSAPubKeyRecipient rsaRecipient, FlatBufferBuilder builder) {
+
+        int recipientPubKeyOffset = builder.createByteVector(
+                RsaUtils.encodeRsaPubKey(rsaRecipient.getRecipientPubKey()));
+        int encKekOffset = builder.createByteVector(rsaRecipient.getEncryptedKek());
+        int rsaPublicKeyCapsule = RSAPublicKeyCapsule.createRSAPublicKeyCapsule(builder,
+                recipientPubKeyOffset, encKekOffset);
+
+        int encFmkOffset =
+                RecipientRecord.createEncryptedFmkVector(builder, rsaRecipient.getEncryptedFileMasterKey());
+
+        int keyLabelOffset = builder.createString(getKeyLabelValue(rsaRecipient));
+
+        int recipientOffset = fillRecipientRecord(builder, recipients_RSAPublicKeyCapsule,
+                rsaPublicKeyCapsule, keyLabelOffset, encFmkOffset, rsaRecipient.getFmkEncryptionMethod());
+        return recipientOffset;
+    }
+
+    public static int serializeSymmetricKeyRecipient(SymmetricKeyRecipient symRecipient, FlatBufferBuilder builder) {
+
+        int saltOffset = builder.createByteVector(symRecipient.getSalt());
+        int symmetricKeyCapsuleOffset = SymmetricKeyCapsule.createSymmetricKeyCapsule(builder, saltOffset);
+        int encFmkOffset =
+                RecipientRecord.createEncryptedFmkVector(builder, symRecipient.getEncryptedFileMasterKey());
+        int keyLabelOffset = builder.createString(getKeyLabelValue(symRecipient));
+
+        int recipientOffset = fillRecipientRecord(builder, recipients_SymmetricKeyCapsule,
+                symmetricKeyCapsuleOffset, keyLabelOffset, encFmkOffset, symRecipient.getFmkEncryptionMethod());
+        return recipientOffset;
+    }
+
+    /**
+     * Add RecipientRecord to the end of {@link FlatBufferBuilder builder}
+     * @param builder builder to be updated
+     * @param capsuleType from {@link Capsule}
+     * @param capsuleOffset capsuleOffset in builder
+     * @param keyLabelOffset keyLabelOffset in builder
+     * @return recipientRecord offset in builder
+     */
+    private static int fillRecipientRecord(FlatBufferBuilder builder, byte capsuleType, int capsuleOffset,
+                                           int keyLabelOffset, int encFmkOffset, byte fmkEncryptionMethod) {
+
+        RecipientRecord.startRecipientRecord(builder);
+        RecipientRecord.addCapsuleType(builder, capsuleType);
+        RecipientRecord.addCapsule(builder, capsuleOffset);
+
+        RecipientRecord.addKeyLabel(builder, keyLabelOffset);
+
+        RecipientRecord.addEncryptedFmk(builder, encFmkOffset);
+        RecipientRecord.addFmkEncryptionMethod(builder, fmkEncryptionMethod);
+
+        return RecipientRecord.endRecipientRecord(builder);
+    }
+
+    /**
+     * Get value for FBS RecipientRecord.key_label
+     * @param recipient recipient to generate key label from
+     * @return key label that describes recipient
+     */
+    private static String getKeyLabelValue(Recipient recipient) {
+        // KeyLabel is UI specific field, so its value is not specified in the Spec.
+        // Required to be filled or deserialization will fail.
+        // DigiDoc4-Client uses this field to hint user what type of eID was used for encryption
+        // https://github.com
+        // /open-eid/DigiDoc4-Client/blob/f4298ad9d2fbb40cffc488bed6cf1d3116dff450/client/SslCertificate.cpp#L302
+        // https://github.com/open-eid/DigiDoc4-Client/blob/master/client/dialogs/AddRecipients.cpp#L474
+
+        if (recipient.getRecipientKeyLabel() != null) {
+            return recipient.getRecipientKeyLabel();
+        } else {
+            return "N/A"; //can't be empty
+        }
+    }
+}
diff --git a/cdoc20-lib/src/main/java/ee/cyber/cdoc20/container/recipients/SerializableFBS.java b/cdoc20-lib/src/main/java/ee/cyber/cdoc20/container/recipients/SerializableFBS.java
new file mode 100644
index 00000000..a6038bb5
--- /dev/null
+++ b/cdoc20-lib/src/main/java/ee/cyber/cdoc20/container/recipients/SerializableFBS.java
@@ -0,0 +1,12 @@
+package ee.cyber.cdoc20.container.recipients;
+
+import com.google.flatbuffers.FlatBufferBuilder;
+
+public interface SerializableFBS {
+    /**
+     *
+     * @param builder FlatBuffer builder instance
+     * @return offset
+     */
+    int serialize(FlatBufferBuilder builder);
+}
diff --git a/cdoc20-lib/src/main/java/ee/cyber/cdoc20/container/recipients/ServerRecipient.java b/cdoc20-lib/src/main/java/ee/cyber/cdoc20/container/recipients/ServerRecipient.java
new file mode 100644
index 00000000..fdc3be8d
--- /dev/null
+++ b/cdoc20-lib/src/main/java/ee/cyber/cdoc20/container/recipients/ServerRecipient.java
@@ -0,0 +1,9 @@
+package ee.cyber.cdoc20.container.recipients;
+
+/**
+ * Recipient type that gets ephemeral key material from server
+ */
+public interface ServerRecipient {
+    String getKeyServerId();
+    String getTransactionId();
+}
diff --git a/cdoc20-lib/src/main/java/ee/cyber/cdoc20/container/recipients/SymmetricKeyRecipient.java b/cdoc20-lib/src/main/java/ee/cyber/cdoc20/container/recipients/SymmetricKeyRecipient.java
new file mode 100644
index 00000000..815f7628
--- /dev/null
+++ b/cdoc20-lib/src/main/java/ee/cyber/cdoc20/container/recipients/SymmetricKeyRecipient.java
@@ -0,0 +1,52 @@
+package ee.cyber.cdoc20.container.recipients;
+
+import com.google.flatbuffers.FlatBufferBuilder;
+import ee.cyber.cdoc20.client.KeyCapsuleClientFactory;
+import ee.cyber.cdoc20.crypto.DecryptionKeyMaterial;
+import ee.cyber.cdoc20.crypto.KekTools;
+import java.util.Arrays;
+
+public class SymmetricKeyRecipient extends Recipient {
+
+    private final byte[] salt;
+
+    public SymmetricKeyRecipient(byte[] salt, byte[] encFmk, String recipientLabel) {
+        super(encFmk, recipientLabel);
+        this.salt = salt.clone();
+    }
+
+    @Override
+    public Object getRecipientId() {
+        return recipientKeyLabel;
+    }
+
+    public byte[] getSalt() {
+        return salt;
+    }
+
+    @Override
+    public byte[] deriveKek(DecryptionKeyMaterial keyMaterial, KeyCapsuleClientFactory factory) {
+        return KekTools.deriveKekForSymmetricKey(this, keyMaterial);
+    }
+
+    @Override
+    public boolean equals(Object o) {
+        if (this == o) return true;
+        if (o == null || getClass() != o.getClass()) return false;
+        if (!super.equals(o)) return false;
+        SymmetricKeyRecipient that = (SymmetricKeyRecipient) o;
+        return Arrays.equals(salt, that.salt);
+    }
+
+    @Override
+    public int hashCode() {
+        int result = super.hashCode();
+        result = 31 * result + Arrays.hashCode(salt);
+        return result;
+    }
+
+    @Override
+    public int serialize(FlatBufferBuilder builder) {
+        return RecipientSerializer.serializeSymmetricKeyRecipient(this, builder);
+    }
+}
diff --git a/cdoc20-lib/src/main/java/ee/cyber/cdoc20/crypto/ChaChaCipher.java b/cdoc20-lib/src/main/java/ee/cyber/cdoc20/crypto/ChaChaCipher.java
new file mode 100644
index 00000000..df3076c3
--- /dev/null
+++ b/cdoc20-lib/src/main/java/ee/cyber/cdoc20/crypto/ChaChaCipher.java
@@ -0,0 +1,173 @@
+package ee.cyber.cdoc20.crypto;
+
+import org.bouncycastle.jce.provider.BouncyCastleProvider;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import javax.crypto.*;
+import javax.crypto.spec.IvParameterSpec;
+import java.io.IOException;
+import java.io.InputStream;
+import java.io.OutputStream;
+import java.nio.ByteBuffer;
+import java.security.*;
+import java.util.Arrays;
+
+public final class ChaChaCipher {
+
+    private static final Logger log = LoggerFactory.getLogger(ChaChaCipher.class);
+    public static final int NONCE_LEN_BYTES = 96 / 8;
+
+    //Sun ChaChaCipher decryption fails with big files, use BouncyCastle implementation for ChaCha
+    static final Provider BC = new BouncyCastleProvider();
+
+    private static final String INVALID_ADDITIONAL_DATA = "Invalid Additional Authentication Data (AAD)";
+
+    private ChaChaCipher() {
+    }
+
+    /**
+     * Init ChaCha20-Poly1305 Cipher with contentEncryptionKey and nonce
+     * @param mode {@link Cipher#ENCRYPT_MODE} or {@link Cipher#DECRYPT_MODE}
+     * @param contentEncryptionKey CEK, {@link Crypto#deriveContentEncryptionKey(byte[])}
+     * @param nonce if ENCRYPT mode then {@link #NONCE_LEN_BYTES } bytes of secure random, otherwise nonce read from
+     *              InputStream
+     * @return an initialized Cipher
+     * @throws GeneralSecurityException
+     */
+    private static Cipher initCipher(int mode, Key contentEncryptionKey, byte[] nonce)
+            throws GeneralSecurityException {
+
+        if ((nonce == null) || (nonce.length != NONCE_LEN_BYTES)) {
+            throw new IllegalArgumentException("Invalid nonce");
+        }
+
+        // Triggers S5542 Security vulnerability, but S5542 check only knows about AES and RSA and all other algorithms
+        // without method and padding are incorrectly marked as insecure (ChaCha20 stream cipher does not have a
+        // block operation mode and do not use padding and therefor cannot be specified):
+        // https://github.com/SonarSource/sonar-java/blob/master/java-checks/src/
+        //                main/java/org/sonar/java/checks/security/EncryptionAlgorithmCheck.java
+        Cipher cipher = Cipher.getInstance("ChaCha20-Poly1305", BC); //NOSONAR - S5542
+
+
+        // IV, initialization value with nonce
+        // Triggers S3329 - Use a dynamically-generated, random IV.
+        // SQ fails to detect that nonce *is* generated from secure random
+        IvParameterSpec iv = new IvParameterSpec(nonce); //NOSONAR - S3329
+        cipher.init(mode, contentEncryptionKey, iv);
+        return cipher;
+    }
+
+    /**
+     *
+     * @param cek content encryption key CEK, {@link Crypto#deriveContentEncryptionKey(byte[])}
+     * @param src payload to encrypt
+     * @param aad Additional Authentication Data (AAD) provided to ChaChaCipher
+     *        {@link ee.cyber.cdoc20.container.Envelope#getAdditionalData(byte[], byte[])}
+     * @return src encrypted with cek. First 12 bytes are nonce, rest is encrypted payload
+     * @throws GeneralSecurityException
+     */
+    public static byte[] encryptPayload(SecretKey cek, byte[] src, byte[] aad)
+            throws GeneralSecurityException {
+
+        if ((aad == null) || (aad.length == 0)) {
+            throw new IllegalArgumentException(INVALID_ADDITIONAL_DATA);
+        }
+
+        byte[] nonce = generateNonce();
+        Cipher cipher = initCipher(Cipher.ENCRYPT_MODE, cek, nonce);
+        cipher.updateAAD(aad);
+        byte[] encrypted = cipher.doFinal(src);
+
+        ByteBuffer bb = ByteBuffer.allocate(NONCE_LEN_BYTES + encrypted.length);
+        bb.put(nonce);
+        bb.put(encrypted);
+        return bb.array();
+    }
+
+    /**
+     *
+     * @param cek content encryption key CEK, {@link Crypto#deriveContentEncryptionKey(byte[])}
+     * @param encrypted encrypted payload. First 12 bytes of encrypted is nonce.
+     * @param aad Additional Authentication Data (AAD) provided to ChaChaCipher
+     *        {@link ee.cyber.cdoc20.container.Envelope#getAdditionalData(byte[], byte[])}
+     * @return decrypted payload.
+     * @throws GeneralSecurityException if decryption has failed
+     */
+    public static byte[] decryptPayload(SecretKey cek, byte[] encrypted, byte[] aad)
+            throws GeneralSecurityException {
+
+        if ((encrypted == null) || (encrypted.length <= NONCE_LEN_BYTES)) {
+            throw new IllegalArgumentException("Invalid encrypted data");
+        }
+
+        if ((aad == null) || (aad.length == 0)) {
+            throw new IllegalArgumentException(INVALID_ADDITIONAL_DATA);
+        }
+
+        byte[] nonce = Arrays.copyOfRange(encrypted, 0, NONCE_LEN_BYTES);
+        Cipher cipher = initCipher(Cipher.DECRYPT_MODE, cek, nonce);
+        cipher.updateAAD(aad);
+        return cipher.doFinal(encrypted, NONCE_LEN_BYTES, encrypted.length - NONCE_LEN_BYTES);
+    }
+
+    private static byte[] generateNonce() throws NoSuchAlgorithmException {
+        byte[] nonce = new byte[NONCE_LEN_BYTES];
+        Crypto.getSecureRandom().nextBytes(nonce);
+        return nonce;
+    }
+
+    /**
+     * Constructs a CipherOutputStream from an OutputStream and ChaChaCipher
+     * @param os the OutputStream object
+     * @param contentEncryptionKey  cek content encryption key CEK, {@link Crypto#deriveContentEncryptionKey(byte[])}
+     * @param additionalData Additional Authentication Data (AAD) provided to ChaChaCipher
+     *        {@link ee.cyber.cdoc20.container.Envelope#getAdditionalData(byte[], byte[])}
+     * @return CipherOutputStream
+     * @throws GeneralSecurityException
+     * @throws IOException
+     */
+    public static CipherOutputStream initChaChaOutputStream(OutputStream os,
+                                                            SecretKey contentEncryptionKey,
+                                                            byte[] additionalData)
+            throws GeneralSecurityException, IOException {
+
+        if ((additionalData == null) || (additionalData.length == 0)) {
+            throw new IllegalArgumentException(INVALID_ADDITIONAL_DATA);
+        }
+
+        byte[] nonce = generateNonce();
+        Cipher cipher = initCipher(Cipher.ENCRYPT_MODE, contentEncryptionKey, nonce);
+        cipher.updateAAD(additionalData);
+        os.write(nonce); //prepend plaintext nonce
+        return new CipherOutputStream(os, cipher);
+    }
+
+    /**
+     * Constructs a CipherInputStream from an InputStream and a ChaChaCipher.
+     * @param is the to-be-processed input stream
+     * @param contentEncryptionKey contentEncryptionKey  cek content encryption key CEK,
+     *          {@link Crypto#deriveContentEncryptionKey(byte[])}
+     * @param additionalData Additional Authentication Data (AAD) provided to ChaChaCipher
+     *        {@link ee.cyber.cdoc20.container.Envelope#getAdditionalData(byte[], byte[])}
+     * @return CipherInputStream
+     * @throws IOException
+     * @throws GeneralSecurityException
+     */
+    public static CipherInputStream initChaChaInputStream(InputStream is,
+                                                          SecretKey contentEncryptionKey,
+                                                          byte[] additionalData)
+            throws IOException, GeneralSecurityException {
+
+        log.trace("initChaChaInputStream()");
+        if ((additionalData == null) || (additionalData.length == 0)) {
+            throw new IllegalArgumentException(INVALID_ADDITIONAL_DATA);
+        }
+
+        byte[] nonce = is.readNBytes(NONCE_LEN_BYTES);
+        Cipher cipher = initCipher(Cipher.DECRYPT_MODE, contentEncryptionKey, nonce);
+        cipher.updateAAD(additionalData);
+        return new CipherInputStream(is, cipher);
+    }
+
+}
diff --git a/cdoc20-lib/src/main/java/ee/cyber/cdoc20/crypto/Crypto.java b/cdoc20-lib/src/main/java/ee/cyber/cdoc20/crypto/Crypto.java
new file mode 100644
index 00000000..66a06e72
--- /dev/null
+++ b/cdoc20-lib/src/main/java/ee/cyber/cdoc20/crypto/Crypto.java
@@ -0,0 +1,289 @@
+package ee.cyber.cdoc20.crypto;
+
+import at.favre.lib.crypto.HKDF;
+import ee.cyber.cdoc20.fbs.header.FMKEncryptionMethod;
+import java.io.ByteArrayOutputStream;
+import java.nio.charset.StandardCharsets;
+import java.security.DrbgParameters;
+import java.security.GeneralSecurityException;
+import java.security.InvalidKeyException;
+import java.security.KeyPair;
+import java.security.NoSuchAlgorithmException;
+import java.security.PrivateKey;
+import java.security.SecureRandom;
+import java.security.interfaces.ECPublicKey;
+import java.util.Objects;
+import javax.crypto.KeyAgreement;
+import javax.crypto.Mac;
+import javax.crypto.SecretKey;
+import javax.crypto.spec.SecretKeySpec;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import static java.security.DrbgParameters.Capability.PR_AND_RESEED;
+
+public final class Crypto {
+    private static final Logger log = LoggerFactory.getLogger(Crypto.class);
+
+    /**
+     * SecureRandom instance not to "run out of entropy"
+     */
+    private static SecureRandom secureRandomInstance = null;
+
+    /**
+     * File Master Key length in octets
+     */
+    public static final int FMK_LEN_BYTES = 256 / 8;
+
+
+    /**
+     * Kek is used to encrypt FMK. For XOR length must match FMK
+     */
+    public static final int KEK_LEN_BYTES = FMK_LEN_BYTES;
+
+    /**
+     * Content Encryption Key length in octets
+     */
+    public static final int CEK_LEN_BYTES = 256 / 8;
+
+    /**
+     * Header HMAC Key length in octets
+     */
+    public static final int HHK_LEN_BYTES = 256 / 8; //SHA-256
+
+    public static final String HMAC_SHA_256 = "HmacSHA256";
+
+    public static final int SYMMETRIC_KEY_MIN_LEN_BYTES = 256 / 8;
+
+
+
+    private Crypto() {
+    }
+
+
+    /**
+     * Get SecureRandom instance
+     * @return SecureRandom
+     * @throws NoSuchAlgorithmException if SecureRandom initialization failed
+     */
+    public static synchronized SecureRandom getSecureRandom() throws NoSuchAlgorithmException {
+        if (secureRandomInstance == null) {
+            secureRandomInstance = createSecureRandom();
+        }
+        return secureRandomInstance;
+    }
+
+    /**
+     * Create SecureRandom
+     * @throws NoSuchAlgorithmException if SecureRandom initialization failed
+     */
+    private static SecureRandom createSecureRandom() throws NoSuchAlgorithmException {
+        log.debug("Initializing SecureRandom");
+
+        //https://www.veracode.com/blog/research/java-crypto-catchup
+        SecureRandom sRnd = SecureRandom.getInstance("DRBG", //NIST SP 800-90Ar1
+            DrbgParameters.instantiation(
+                256, // Required security strength
+                PR_AND_RESEED, // configure algorithm to provide prediction resistance and reseeding facilities
+                "CDOC20".getBytes() // personalization string, used to derive seed
+            )
+        );
+        log.info("Initialized SecureRandom.");
+        return sRnd;
+    }
+
+    public static byte[] generateFileMasterKey() throws NoSuchAlgorithmException {
+        byte[] inputKeyingMaterial = new byte[64]; //spec says: ikm should be more than 32bytes of secure random
+        getSecureRandom().nextBytes(inputKeyingMaterial);
+        return HKDF.fromHmacSha256().extract("CDOC20salt".getBytes(StandardCharsets.UTF_8), inputKeyingMaterial);
+    }
+
+    public static SecretKey deriveContentEncryptionKey(byte[] fmk) {
+        byte[] cekBytes = HKDF.fromHmacSha256()
+                .expand(fmk, "CDOC20cek".getBytes(StandardCharsets.UTF_8), CEK_LEN_BYTES);
+        return new SecretKeySpec(cekBytes, "ChaCha20");
+    }
+
+    public static SecretKey deriveHeaderHmacKey(byte[] fmk) {
+        byte[] hhk = HKDF.fromHmacSha256().expand(fmk, "CDOC20hmac".getBytes(StandardCharsets.UTF_8), HHK_LEN_BYTES);
+        return new SecretKeySpec(hhk, HMAC_SHA_256);
+    }
+
+    /**
+     * Derive KEK from salt and secret. Used in symmetric key scenario only.
+     * @param label Label identifying pre shared secret
+     * @param preSharedSecretKey pre shared secret between parties (sender and recipient) used to derive KEK.
+     *                           Min len of 32 bytes
+     * @param salt salt minimum length of 32 bytes
+     * @param fmkEncMethod fmk encryption method from {@link FMKEncryptionMethod#names}.
+     *                     Currently, only "XOR" is valid value
+     * @return
+     */
+    public static SecretKey deriveKeyEncryptionKey(String label, SecretKey preSharedSecretKey, byte[] salt,
+                                                   String fmkEncMethod) {
+
+        final int minSaltLen = 256 / 8;
+        Objects.requireNonNull(label);
+        Objects.requireNonNull(preSharedSecretKey);
+        Objects.requireNonNull(preSharedSecretKey.getEncoded());
+        Objects.requireNonNull(salt);
+        Objects.requireNonNull(fmkEncMethod);
+
+        if (preSharedSecretKey.getEncoded().length < SYMMETRIC_KEY_MIN_LEN_BYTES) {
+            throw new IllegalArgumentException("preSharedSecretKey must be at least "
+                    + SYMMETRIC_KEY_MIN_LEN_BYTES + " bytes");
+        }
+
+        if (salt.length < minSaltLen) {
+            throw new IllegalArgumentException("Salt must be at least " + minSaltLen + " bytes");
+        }
+
+        // Currently, only XOR is supported
+        if (!FMKEncryptionMethod.name(FMKEncryptionMethod.XOR).equalsIgnoreCase(fmkEncMethod)) {
+            throw new IllegalArgumentException("Unknown FMK encryption method " + fmkEncMethod);
+        }
+
+        final HKDF hkdf = HKDF.fromHmacSha256();
+        byte[] kekPm = hkdf.extract(salt, preSharedSecretKey.getEncoded());
+
+        String info = "CDOC20kek" + fmkEncMethod + label;
+        byte[] kek = hkdf.expand(kekPm, info.getBytes(StandardCharsets.UTF_8), FMK_LEN_BYTES);
+
+        return new SecretKeySpec(kek, FMKEncryptionMethod.name(FMKEncryptionMethod.XOR));
+    }
+
+
+    public static byte[] calcEcDhSharedSecret(PrivateKey ecPrivateKey, ECPublicKey otherPublicKey)
+            throws GeneralSecurityException {
+
+        KeyAgreement keyAgreement;
+
+        // KeyAgreement instances (software and pkcs11) don't work with other provider private keys
+        // As pkcs11 loaded key is not instance of ECPrivateKey, then it's possible to differentiate between keys
+        // ECPublicKey is always "soft" key
+        if (isECPKCS11Key(ecPrivateKey) && (Pkcs11Tools.getConfiguredPKCS11Provider() != null)) {
+            keyAgreement = KeyAgreement.getInstance("ECDH", Pkcs11Tools.getConfiguredPKCS11Provider());
+        } else {
+            keyAgreement = KeyAgreement.getInstance("ECDH");
+        }
+
+        return calcEcDhSharedSecret(keyAgreement, ecPrivateKey, otherPublicKey);
+    }
+
+    /**
+     * If key is EC PKCS11 key (unextractable hardware key), that should only be used by the provider associated with
+     * that token
+     * @param key checked
+     * @return true if key is EC key from PKCS11 or other hardware provider. Note that !isECPKCS11Key doesn't mean that
+     *      the key is EC software key as key might be for some other algorithm
+     */
+    @SuppressWarnings("checkstyle:LineLength")
+    public static boolean isECPKCS11Key(PrivateKey key) {
+        // might be manufacturer specif, this true for Manufacturer ID: AS Sertifitseerimiskeskus
+        // accessed through opensc-pkcs11
+        // .toString(): "SunPKCS11-OpenSC EC private key, 384 bitstoken object, sensitive, unextractable)"
+        // .getClass(): sun.security.pkcs11.P11Key$P11PrivateKey
+
+        // https://docs.oracle.com/en/java/javase/17/security/pkcs11-reference-guide1.html#GUID-508B5E3B-BF39-4E02-A1BD-523352D3AA12
+        // Software Key objects (or any Key object that has access to the actual key material) should implement
+        // the interfaces in the java.security.interfaces and javax.crypto.interfaces packages (such as DSAPrivateKey).
+        //
+        // Key objects representing unextractable token keys should only implement the relevant generic interfaces in
+        // the java.security and javax.crypto packages (PrivateKey, PublicKey, or SecretKey). Identification of
+        // the algorithm of a key should be performed using the Key.getAlgorithm() method.
+        // Note that a Key object for an unextractable token key can only be used by the provider associated with that
+        // token.
+
+        // algorithm is EC, but doesn't implement java.security.interfaces.ECKey
+        return ("EC".equals(key.getAlgorithm()) && !(key instanceof java.security.interfaces.ECKey));
+    }
+
+    public static byte[] calcEcDhSharedSecret(KeyAgreement ka, PrivateKey ecPrivateKey, ECPublicKey otherPublicKey)
+            throws GeneralSecurityException {
+
+        ka.init(ecPrivateKey);
+        ka.doPhase(otherPublicKey, true);
+
+        //shared secret
+        return ka.generateSecret();
+    }
+
+    public static byte[] deriveKeyEncryptionKey(KeyPair ecKeyPair, ECPublicKey otherPublicKey, int keyLen)
+            throws GeneralSecurityException {
+
+        return deriveKek(ecKeyPair, otherPublicKey, keyLen, true);
+    }
+
+    public static byte[] deriveKeyDecryptionKey(KeyPair ecKeyPair, ECPublicKey otherPublicKey, int keyLen)
+            throws GeneralSecurityException {
+        return deriveKek(ecKeyPair, otherPublicKey, keyLen, false);
+    }
+
+    /**
+     * Derive KEK for EC scenarios
+     * @param ecKeyPair
+     * @param otherPublicKey
+     * @param keyLen
+     * @param isEncryptionMode
+     * @return
+     * @throws GeneralSecurityException
+     */
+    private static byte[] deriveKek(KeyPair ecKeyPair, ECPublicKey otherPublicKey, int keyLen, boolean isEncryptionMode)
+            throws GeneralSecurityException {
+
+        byte[] ecdhSharedSecret = calcEcDhSharedSecret(ecKeyPair.getPrivate(), otherPublicKey);
+        byte[] kekPm = HKDF.fromHmacSha256()
+                .extract("CDOC20kekpremaster".getBytes(StandardCharsets.UTF_8), ecdhSharedSecret);
+
+        ByteArrayOutputStream baos = new ByteArrayOutputStream();
+        baos.writeBytes("CDOC20kek".getBytes(StandardCharsets.UTF_8));
+        baos.writeBytes(FMKEncryptionMethod.name(FMKEncryptionMethod.XOR).getBytes(StandardCharsets.UTF_8));
+
+        if (isEncryptionMode) {
+            baos.writeBytes(ECKeys.encodeEcPubKeyForTls(otherPublicKey));
+            baos.writeBytes(ECKeys.encodeEcPubKeyForTls((ECPublicKey) ecKeyPair.getPublic()));
+        } else {
+            baos.writeBytes(ECKeys.encodeEcPubKeyForTls((ECPublicKey) ecKeyPair.getPublic()));
+            baos.writeBytes(ECKeys.encodeEcPubKeyForTls(otherPublicKey));
+        }
+
+        return HKDF.fromHmacSha256().expand(kekPm, baos.toByteArray(), keyLen);
+    }
+
+    /**
+     * Calculate HMAC
+     * @param hhk HMAC header key. For CDOC2 {@link Crypto#deriveHeaderHmacKey(byte[])}
+     * @param data input – data in bytes. For CDOC2 this is header FlatBuffers bytes
+     * @return the MAC result.
+     * @throws NoSuchAlgorithmException
+     * @throws InvalidKeyException
+     */
+    public static byte[] calcHmacSha256(SecretKey hhk, byte[] data)
+            throws NoSuchAlgorithmException, InvalidKeyException {
+
+        Mac mac = Mac.getInstance(HMAC_SHA_256);
+        mac.init(hhk);
+        return mac.doFinal(data);
+    }
+
+    /**
+     * XOR two byte arrays
+     * @param x1 byte array
+     * @param x2 byte array
+     * @return xor result
+     */
+    public static byte[] xor(byte[] x1, byte[] x2) {
+
+        if ((x1 == null) || (x2 == null)) {
+            throw new IllegalArgumentException("Cannot xor null value");
+        }
+        if (x1.length != x2.length) {
+            throw new IllegalArgumentException("Array lengths must be equal " + x1.length + "!=" + x2.length);
+        }
+
+        byte[] out = new byte[x1.length];
+        for (int i = x1.length - 1; i >= 0; i--) {
+            out[i] = (byte)(x1[i] ^ x2[i]);
+        }
+        return out;
+    }
+}
diff --git a/cdoc20-lib/src/main/java/ee/cyber/cdoc20/crypto/DecryptionKeyMaterial.java b/cdoc20-lib/src/main/java/ee/cyber/cdoc20/crypto/DecryptionKeyMaterial.java
new file mode 100644
index 00000000..65245bdf
--- /dev/null
+++ b/cdoc20-lib/src/main/java/ee/cyber/cdoc20/crypto/DecryptionKeyMaterial.java
@@ -0,0 +1,86 @@
+package ee.cyber.cdoc20.crypto;
+
+import java.security.KeyPair;
+import java.util.Optional;
+import javax.crypto.SecretKey;
+import javax.security.auth.DestroyFailedException;
+import javax.security.auth.Destroyable;
+
+/**
+ * Represents key material required for decryption.
+ */
+public interface DecryptionKeyMaterial extends Destroyable {
+    /**
+     * Uniquely identifies the recipient. This data is used to find recipients key material from parsed CDOC header
+     * * For EC, this is EC pub key.
+     * * For RSA, this is RSA pub key
+     * * For SymmetricKey, this is keyLabel
+     * @return Object that uniquely identifies Recipient
+     */
+    Object getRecipientId();
+
+    /**
+     * KeyPair used by EC and RSA scenario
+     * @return
+     */
+    default Optional<KeyPair> getKeyPair() {
+        return Optional.empty();
+    }
+
+    /**
+     * Symmetric Key used by Symmetric Key scenario
+     * @return
+     */
+    default Optional<SecretKey> getSecretKey() {
+        return Optional.empty();
+    }
+
+    static DecryptionKeyMaterial fromSecretKey(String label, SecretKey secretKey) {
+        return new DecryptionKeyMaterial() {
+            @Override
+            public Object getRecipientId() {
+                return label;
+            }
+
+            @Override
+            public Optional<SecretKey> getSecretKey() {
+                return Optional.of(secretKey);
+            }
+
+            @Override
+            public void destroy() throws DestroyFailedException {
+                secretKey.destroy();
+            }
+
+            @Override
+            public boolean isDestroyed() {
+                return secretKey.isDestroyed();
+            }
+        };
+    }
+
+    static DecryptionKeyMaterial fromKeyPair(KeyPair recipientKeyPair) {
+        return new DecryptionKeyMaterial() {
+            @Override
+            public Object getRecipientId() {
+                return recipientKeyPair.getPublic();
+            }
+
+            @Override
+            public Optional<KeyPair> getKeyPair() {
+                return Optional.of(recipientKeyPair);
+            }
+
+            @Override
+            public void destroy() throws DestroyFailedException {
+                recipientKeyPair.getPrivate().destroy();
+            }
+
+            @Override
+            public boolean isDestroyed() {
+                return recipientKeyPair.getPrivate().isDestroyed();
+            }
+
+        };
+    }
+}
diff --git a/cdoc20-lib/src/main/java/ee/cyber/cdoc20/crypto/ECKeys.java b/cdoc20-lib/src/main/java/ee/cyber/cdoc20/crypto/ECKeys.java
new file mode 100644
index 00000000..f4067534
--- /dev/null
+++ b/cdoc20-lib/src/main/java/ee/cyber/cdoc20/crypto/ECKeys.java
@@ -0,0 +1,312 @@
+package ee.cyber.cdoc20.crypto;
+
+import java.io.File;
+import java.io.IOException;
+import java.io.InputStream;
+import java.math.BigInteger;
+import java.nio.ByteBuffer;
+import java.nio.file.Files;
+import java.security.AlgorithmParameters;
+import java.security.GeneralSecurityException;
+import java.security.InvalidAlgorithmParameterException;
+import java.security.InvalidKeyException;
+import java.security.KeyFactory;
+import java.security.KeyPair;
+import java.security.KeyPairGenerator;
+import java.security.NoSuchAlgorithmException;
+import java.security.NoSuchProviderException;
+import java.security.PublicKey;
+import java.security.cert.CertificateException;
+import java.security.cert.CertificateFactory;
+import java.security.cert.X509Certificate;
+import java.security.interfaces.ECKey;
+import java.security.interfaces.ECPrivateKey;
+import java.security.interfaces.ECPublicKey;
+import java.security.spec.ECGenParameterSpec;
+import java.security.spec.ECParameterSpec;
+import java.security.spec.ECPoint;
+import java.security.spec.ECPublicKeySpec;
+import java.security.spec.InvalidParameterSpecException;
+import java.util.Arrays;
+import java.util.HexFormat;
+import java.util.LinkedList;
+import java.util.List;
+import java.util.Objects;
+import org.bouncycastle.jce.ECNamedCurveTable;
+import org.bouncycastle.jce.provider.BouncyCastleProvider;
+import org.bouncycastle.jce.spec.ECNamedCurveParameterSpec;
+import org.bouncycastle.math.ec.ECCurve;
+import org.bouncycastle.math.ec.custom.sec.SecP384R1Curve;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+/**
+ * EC keys loading, decoding and encoding. Currently, supports only secp384r1 EC keys.
+ */
+public final class ECKeys {
+    public static final String EC_ALGORITHM_NAME = "EC";
+
+    //https://docs.oracle.com/en/java/javase/17/security/oracle-providers.html#GUID-091BF58C-82AB-4C9C-850F-1660824D5254
+    public static final String SECP_384_R_1 = "secp384r1";
+    public static final String SECP_384_OID = "1.3.132.0.34";
+
+    /**
+     * Key length for secp384r1 curve in bytes
+     */
+    public static final int SECP_384_R_1_LEN_BYTES = 384 / 8;
+
+    // for validating that decoded ECPoints are valid for secp384r1 curve
+    private static final ECCurve SECP_384_R_1_CURVE = new SecP384R1Curve();
+
+    private static final Logger log = LoggerFactory.getLogger(ECKeys.class);
+
+    private ECKeys() {
+    }
+
+    public static KeyPair generateEcKeyPair(String ecCurveName)
+            throws NoSuchAlgorithmException, InvalidAlgorithmParameterException {
+        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(EC_ALGORITHM_NAME);
+        keyPairGenerator.initialize(new ECGenParameterSpec(ecCurveName));
+        return keyPairGenerator.generateKeyPair();
+    }
+
+    /**
+     * Encode EcPublicKey in TLS 1.3 format https://datatracker.ietf.org/doc/html/rfc8446#section-4.2.8.2
+     * @param curve EC curve that this ecPublicKey uses. Used to get curve key length.
+     * @param ecPublicKey EC public key
+     * @return ecPublicKey encoded in TLS 1.3 EC pub key format
+     */
+    public static byte[] encodeEcPubKeyForTls(EllipticCurve curve, ECPublicKey ecPublicKey) {
+        int keyLength = curve.getKeyLength();
+        return encodeEcPubKeyForTls(ecPublicKey, keyLength);
+    }
+
+    /**
+     * Encode EcPublicKey in TLS 1.3 format https://datatracker.ietf.org/doc/html/rfc8446#section-4.2.8.2
+     * @param ecPublicKey EC public key
+     * @return ecPublicKey encoded in TLS 1.3 EC pub key format
+     */
+    public static byte[] encodeEcPubKeyForTls(ECPublicKey ecPublicKey) throws GeneralSecurityException {
+        if (ECPoint.POINT_INFINITY.equals(ecPublicKey.getW())) {
+            throw new IllegalArgumentException("Cannot encode infinity ECPoint");
+        }
+        EllipticCurve curve = EllipticCurve.forOid(ECKeys.getCurveOid(ecPublicKey));
+        int keyLength = curve.getKeyLength();
+        return encodeEcPubKeyForTls(ecPublicKey, keyLength);
+    }
+
+    @SuppressWarnings("checkstyle:LineLength")
+    private static byte[] encodeEcPubKeyForTls(ECPublicKey ecPublicKey, int keyLength) {
+        byte[] xBytes = toUnsignedByteArray(ecPublicKey.getW().getAffineX(), keyLength);
+        byte[] yBytes = toUnsignedByteArray(ecPublicKey.getW().getAffineY(), keyLength);
+
+        //CHECKSTYLE:OFF
+        //EC pubKey in TLS 1.3 format
+        //https://datatracker.ietf.org/doc/html/rfc8446#section-4.2.8.2
+        //https://github.com/bcgit/bc-java/blob/526b5846653100fc521c1a68c02dbe9df3347a29/core/src/main/java/org/bouncycastle/math/ec/ECCurve.java#L410
+        //CHECKSTYLE:ON
+        byte[] tlsPubKey = new byte[1 + xBytes.length + yBytes.length];
+        tlsPubKey[0] = 0x04; //uncompressed
+
+        System.arraycopy(xBytes, 0, tlsPubKey, 1, xBytes.length);
+        System.arraycopy(yBytes, 0, tlsPubKey,  1 + xBytes.length, yBytes.length);
+
+        return tlsPubKey;
+    }
+
+    static ECPublicKey decodeSecP384R1EcPublicKeyFromTls(ByteBuffer encoded) throws GeneralSecurityException {
+        return decodeSecP384R1EcPublicKeyFromTls(
+                Arrays.copyOfRange(encoded.array(), encoded.position(), encoded.limit()));
+    }
+
+    /**
+     * Decode EcPublicKey from TLS 1.3 format https://datatracker.ietf.org/doc/html/rfc8446#section-4.2.8.2
+     * @param encoded EC public key octets encoded as in TLS 1.3 format. Expects key to be part of secp384r1 curve
+     * @return decoded ECPublicKey
+     * @throws GeneralSecurityException
+     */
+    private static ECPublicKey decodeSecP384R1EcPublicKeyFromTls(byte[] encoded) throws GeneralSecurityException {
+
+        String encodedHex = HexFormat.of().formatHex(encoded);
+        final int expectedLength = SECP_384_R_1_LEN_BYTES;
+        if (encoded.length != 2 * expectedLength + 1) {
+
+            log.error("Invalid pubKey len {}, expected {}, encoded: {}", encoded.length, (2 * expectedLength + 1),
+                    encodedHex);
+            throw new IllegalArgumentException("Incorrect length for uncompressed encoding");
+        }
+
+        if (encoded[0] != 0x04) {
+            log.error("Illegal EC pub key encoding. Encoded: {}", encodedHex);
+            throw new IllegalArgumentException("Invalid encoding");
+        }
+
+        BigInteger x = new BigInteger(1, Arrays.copyOfRange(encoded, 1, expectedLength + 1));
+        BigInteger y = new BigInteger(1, Arrays.copyOfRange(encoded, expectedLength + 1, encoded.length));
+
+        ECPoint pubPoint = new ECPoint(x, y);
+        AlgorithmParameters params = AlgorithmParameters.getInstance(EC_ALGORITHM_NAME);
+        params.init(new ECGenParameterSpec(SECP_384_R_1));
+
+        ECParameterSpec ecParameters = params.getParameterSpec(ECParameterSpec.class);
+        ECPublicKeySpec pubECSpec = new ECPublicKeySpec(pubPoint, ecParameters);
+        ECPublicKey ecPublicKey = (ECPublicKey) KeyFactory.getInstance(EC_ALGORITHM_NAME).generatePublic(pubECSpec);
+        if (!isValidSecP384R1(ecPublicKey)) {
+            throw new InvalidKeyException("Not valid secp384r1 EC public key " + encodedHex);
+        }
+        return ecPublicKey;
+    }
+
+    private static byte[] toUnsignedByteArray(BigInteger bigInteger, int len) {
+        Objects.requireNonNull(bigInteger, "Cannot convert null bigInteger to byte[]");
+        //https://stackoverflow.com/questions/4407779/biginteger-to-byte
+        byte[] array = bigInteger.toByteArray();
+        if ((array[0] == 0) && (array.length == len + 1)) {
+            return Arrays.copyOfRange(array, 1, array.length);
+        } else if (array.length < len) {
+            byte[] padded = new byte[len];
+            System.arraycopy(array, 0, padded, len - array.length, array.length);
+            return padded;
+        } else {
+            if ((array.length != len) && (log.isWarnEnabled())) {
+                log.warn("Expected EC key to be {} bytes, but was {}. bigInteger: {}",
+                            len, array.length, bigInteger.toString(16));
+            }
+            return array;
+        }
+    }
+
+    /**
+     * Load OpenSSL generated EC private key
+     * openssl ecparam -name secp384r1 -genkey -noout -out key.pem
+     * <code>
+     * -----BEGIN EC PRIVATE KEY-----
+     * MIGkAgEBBDBh1UAT832Nh2ZXvdc5JbNv3BcEZSYk90esUkSPFmg2XEuoA7avS/kd
+     * 4HtHGRbRRbagBwYFK4EEACKhZANiAASERl1rD+bm2aoiuGicY8obRkcs+jt8ks4j
+     * C1jD/f/EQ8KdFYrJ+KwnM6R8rIXqDnUnLJFiF3OzDpu8TUjVOvdXgzQL+n67QiLd
+     * yerTE6f5ujIXoXNkZB8O2kX/3vADuDA=
+     * -----END EC PRIVATE KEY-----
+     * </code>
+     * @param openSslPem OpenSSL generated EC private key in PEM
+     * @return EC private key loaded from openSslPem
+     */
+    public static ECPrivateKey loadECPrivateKey(String openSslPem) throws GeneralSecurityException, IOException {
+
+        KeyPair keyPair = PemTools.loadKeyPair(openSslPem);
+        if (!isECSecp384r1(keyPair)) {
+            throw new IllegalArgumentException("Not EC key pair");
+        }
+
+        return (ECPrivateKey)keyPair.getPrivate();
+    }
+
+    public static String getCurveOid(ECKey key)
+            throws NoSuchAlgorithmException, InvalidParameterSpecException, NoSuchProviderException {
+
+        AlgorithmParameters params = AlgorithmParameters.getInstance("EC", "SunEC");
+        params.init(key.getParams());
+
+        // JavaDoc NamedParameterSpec::getName() : Returns the standard name that determines the algorithm parameters.
+        // and https://docs.oracle.com/en/java/javase/17/docs/specs/security/standard-names.html#parameterspec-names
+        // lists "secp384r1" as standard name.
+        // But in practice SunEC and BC both return "1.3.132.0.34"
+        return params.getParameterSpec(ECGenParameterSpec.class).getName();
+    }
+
+    public static boolean isEcSecp384r1Curve(ECKey key) throws GeneralSecurityException {
+        // https://docs.oracle.com/en/java/javase/17/security/oracle-providers.html
+        // Table 4-28 Recommended Curves Provided by the SunEC Provider
+        final String[] secp384r1Names = {SECP_384_OID, SECP_384_R_1, "NIST P-384"};
+        String oid = getCurveOid(key);
+        return Arrays.asList(secp384r1Names).contains(oid);
+    }
+
+    public static boolean isECSecp384r1(KeyPair keyPair) throws GeneralSecurityException {
+        if (!EC_ALGORITHM_NAME.equals(keyPair.getPrivate().getAlgorithm())) {
+            log.debug("Not EC key pair. Algorithm is {} (expected EC)", keyPair.getPrivate().getAlgorithm());
+            return false;
+        }
+
+        if (!EC_ALGORITHM_NAME.equals(keyPair.getPublic().getAlgorithm())) {
+            log.debug("Not EC key pair. Algorithm is {} (expected EC)", keyPair.getPublic().getAlgorithm());
+            return false;
+        }
+
+        ECPublicKey ecPublicKey = (ECPublicKey)keyPair.getPublic();
+        if (keyPair.getPrivate() instanceof ECKey) {
+            return  isValidSecP384R1(ecPublicKey) && isEcSecp384r1Curve((ECKey) keyPair.getPrivate());
+        } else {
+            return isValidSecP384R1(ecPublicKey)
+                    && Crypto.isECPKCS11Key(keyPair.getPrivate()); //can't get curve for PKCS11 keys
+        }
+    }
+
+    public static boolean isValidSecP384R1(ECPublicKey ecPublicKey) throws GeneralSecurityException {
+        if (ecPublicKey == null) {
+            log.debug("EC pub key is null");
+            return false;
+        }
+
+        // it is not possible to create other instance of ECPoint.POINT_INFINITY
+        if (ECPoint.POINT_INFINITY.equals(ecPublicKey.getW())) {
+            log.debug("EC pub key is infinity");
+            return false;
+        }
+
+        if (!isEcSecp384r1Curve(ecPublicKey)) {
+            log.debug("EC pub key curve OID {} is not secp384r1", getCurveOid(ecPublicKey));
+            return false;
+        }
+
+        // https://neilmadden.blog/2017/05/17/so-how-do-you-validate-nist-ecdh-public-keys/
+        // Instead of implementing public key validation, rely on BC validation
+        // https://github.com/bcgit/bc-java/blob/master/core/src/main/java/org/bouncycastle/math/ec/ECPoint.java
+        org.bouncycastle.math.ec.ECPoint ecPoint = SECP_384_R_1_CURVE.createPoint(ecPublicKey.getW().getAffineX(),
+                ecPublicKey.getW().getAffineY());
+
+        boolean onCurve = ecPoint.isValid();
+        if (!onCurve) {
+            log.debug("EC pub key is not on secp384r1 curve");
+        }
+        return onCurve;
+    }
+
+    /**
+     * Derive EC public key from EC private key (and its curve)
+     * @param ecPrivateKey EC private key
+     * @return EC KeyPair where public key is derived from ecPrivateKey
+     * @throws GeneralSecurityException
+     */
+    public static KeyPair deriveECPubKeyFromPrivKey(ECPrivateKey ecPrivateKey) throws GeneralSecurityException {
+        KeyFactory keyFactory = KeyFactory.getInstance("EC", new BouncyCastleProvider());
+
+        ECNamedCurveParameterSpec spec = ECNamedCurveTable.getParameterSpec(getCurveOid(ecPrivateKey));
+        org.bouncycastle.math.ec.ECPoint q = spec.getG().multiply(ecPrivateKey.getS());
+        PublicKey bcPublicKey = keyFactory.generatePublic(new org.bouncycastle.jce.spec.ECPublicKeySpec(q, spec));
+
+        ECPublicKey publicKey = EllipticCurve.forPubKey(bcPublicKey).decodeFromTls(
+                ByteBuffer.wrap(encodeEcPubKeyForTls((ECPublicKey) bcPublicKey)));
+        return new KeyPair(publicKey, ecPrivateKey);
+    }
+
+    /**
+     * Load EC public keys from certificate files
+     * @param certDerFiles x509 certificates
+     * @return ECPublicKeys loaded from certificates
+     * @throws CertificateException if cert file format is invalid
+     * @throws IOException if error happens when reading certDerFiles
+     */
+    public static List<ECPublicKey> loadCertKeys(File[] certDerFiles) throws CertificateException, IOException {
+        List<ECPublicKey> list = new LinkedList<>();
+        if (certDerFiles != null) {
+            CertificateFactory certFactory = CertificateFactory.getInstance("X.509");
+            for (File f : certDerFiles) {
+                InputStream in = Files.newInputStream(f.toPath());
+                X509Certificate cert = (X509Certificate) certFactory.generateCertificate(in);
+                ECPublicKey ecPublicKey = (ECPublicKey) cert.getPublicKey();
+                list.add(ecPublicKey);
+            }
+        }
+        return list;
+    }
+}
diff --git a/cdoc20-lib/src/main/java/ee/cyber/cdoc20/crypto/EllipticCurve.java b/cdoc20-lib/src/main/java/ee/cyber/cdoc20/crypto/EllipticCurve.java
new file mode 100644
index 00000000..7f632f6e
--- /dev/null
+++ b/cdoc20-lib/src/main/java/ee/cyber/cdoc20/crypto/EllipticCurve.java
@@ -0,0 +1,153 @@
+package ee.cyber.cdoc20.crypto;
+
+import java.nio.ByteBuffer;
+import java.security.GeneralSecurityException;
+import java.security.InvalidKeyException;
+import java.security.KeyPair;
+import java.security.NoSuchAlgorithmException;
+import java.security.NoSuchProviderException;
+import java.security.PublicKey;
+import java.security.interfaces.ECPublicKey;
+import java.security.spec.InvalidParameterSpecException;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+/**
+ * Curve values from {@link ee.cyber.cdoc20.fbs.recipients.EllipticCurve} defined as enum and mapped to
+ * known elliptic curve names and oid's
+ */
+public enum EllipticCurve {
+    UNKNOWN(ee.cyber.cdoc20.fbs.recipients.EllipticCurve.UNKNOWN, null, null),
+    SECP384R1(ee.cyber.cdoc20.fbs.recipients.EllipticCurve.secp384r1, ECKeys.SECP_384_R_1, ECKeys.SECP_384_OID);
+
+    private static final Logger log = LoggerFactory.getLogger(EllipticCurve.class);
+
+    private final byte value;
+    private final String name;
+    private final String oid;
+
+    EllipticCurve(byte value, String name, String oid) {
+        this.value = value;
+        this.name = name;
+        this.oid = oid;
+    }
+    public byte getValue() {
+        return value;
+    }
+
+    public String getName() {
+        return name;
+    }
+    public String getOid() {
+        return oid;
+    }
+
+    public boolean isValidKey(ECPublicKey key) throws GeneralSecurityException {
+        switch (this) {
+            case SECP384R1:
+                return ECKeys.isValidSecP384R1(key);
+            default:
+                throw new IllegalStateException("isValidKey not implemented for " + this);
+        }
+    }
+
+    public boolean isValidKeyPair(KeyPair keyPair) throws GeneralSecurityException {
+        switch (this) {
+            case SECP384R1:
+                return ECKeys.isECSecp384r1(keyPair);
+            default:
+                throw new IllegalStateException("isValidKeyPair not implemented for " + this);
+        }
+    }
+
+    /**
+     * Key length in bytes. For secp384r1, its 384/8=48
+     */
+    public int getKeyLength() {
+        switch (this) {
+            case SECP384R1:
+                return ECKeys.SECP_384_R_1_LEN_BYTES;
+            default:
+                throw new IllegalStateException("getKeyLength not implemented for " + this);
+        }
+    }
+
+    public ECPublicKey decodeFromTls(ByteBuffer encoded) throws GeneralSecurityException {
+        switch (this) {
+            case SECP384R1:
+                // calls also isValidSecP384R1
+                return ECKeys.decodeSecP384R1EcPublicKeyFromTls(encoded);
+            default:
+                throw new IllegalStateException("decodeFromTls not implemented for " + this);
+        }
+    }
+
+    public KeyPair generateEcKeyPair() throws GeneralSecurityException {
+        return ECKeys.generateEcKeyPair(this.getName());
+    }
+
+    public static EllipticCurve forName(String name) throws NoSuchAlgorithmException {
+        if (ECKeys.SECP_384_R_1.equalsIgnoreCase(name)) {
+            return SECP384R1;
+        }
+        throw new NoSuchAlgorithmException("Unknown curve name " + name);
+    }
+
+    public static EllipticCurve forOid(String oid) throws NoSuchAlgorithmException {
+        if (ECKeys.SECP_384_OID.equals(oid)) {
+            return SECP384R1;
+        }
+        throw new NoSuchAlgorithmException("Unknown EC curve oid " + oid);
+    }
+
+    public static EllipticCurve forValue(byte value) throws NoSuchAlgorithmException {
+        switch (value) {
+            case ee.cyber.cdoc20.fbs.recipients.EllipticCurve.secp384r1:
+                return SECP384R1;
+            default:
+                throw new NoSuchAlgorithmException("Unknown EC curve value " + value);
+        }
+    }
+
+    /**
+     * @param publicKey ECPublicKey
+     * @return
+     * @throws NoSuchAlgorithmException      if publicKey EC curve is not supported
+     * @throws InvalidParameterSpecException
+     * @throws NoSuchProviderException
+     * @throws InvalidKeyException           if publicKey is not ECPublicKey
+     */
+    public static EllipticCurve forPubKey(PublicKey publicKey) throws NoSuchAlgorithmException,
+        InvalidParameterSpecException, NoSuchProviderException, InvalidKeyException {
+
+        if (publicKey instanceof ECPublicKey) {
+            ECPublicKey ecPublicKey = (ECPublicKey) publicKey;
+            return forOid(ECKeys.getCurveOid(ecPublicKey));
+        } else {
+            throw new InvalidKeyException("Unsupported key algorithm " + publicKey.getAlgorithm());
+        }
+    }
+
+    /**
+     * Check if public key is supported by CDOC lib
+     *
+     * @param publicKey to check for encryption by CDOC
+     * @return if publicKey is supported for encryption by CDOC
+     */
+    public static boolean isSupported(PublicKey publicKey) {
+        try {
+            EllipticCurve curve = forPubKey(publicKey);
+            return curve.isValidKey((ECPublicKey) publicKey);
+        } catch (GeneralSecurityException ge) {
+            log.info("Unsupported public key {}", ge.toString());
+            return false;
+        }
+    }
+
+    /**
+     * Supported curve names
+     */
+    public static String[] names() {
+        return ee.cyber.cdoc20.fbs.recipients.EllipticCurve.names;
+    }
+}
diff --git a/cdoc20-lib/src/main/java/ee/cyber/cdoc20/crypto/EncryptionKeyMaterial.java b/cdoc20-lib/src/main/java/ee/cyber/cdoc20/crypto/EncryptionKeyMaterial.java
new file mode 100644
index 00000000..3335d894
--- /dev/null
+++ b/cdoc20-lib/src/main/java/ee/cyber/cdoc20/crypto/EncryptionKeyMaterial.java
@@ -0,0 +1,82 @@
+package ee.cyber.cdoc20.crypto;
+
+import java.security.Key;
+import java.security.PublicKey;
+import javax.crypto.SecretKey;
+import javax.security.auth.DestroyFailedException;
+import javax.security.auth.Destroyable;
+
+/**
+ * Represents key material required for encryption.
+ */
+public interface EncryptionKeyMaterial extends Destroyable {
+
+    /**
+     * @return the key to derive the encryption key
+     */
+    Key getKey();
+
+    /**
+     * @return identifier for the encryption key
+     */
+    String getLabel();
+
+    /**
+     * Create EncryptionKeyMaterial from publicKey and keyLabel. To decrypt CDOC, recipient must have
+     * the private key part of the public key. RSA and EC public keys are supported by CDOC.
+     * @param publicKey
+     * @param keyLabel
+     * @return
+     */
+    static EncryptionKeyMaterial from(PublicKey publicKey, String keyLabel) {
+        return new EncryptionKeyMaterial() {
+
+            @Override
+            public Key getKey() {
+                return publicKey;
+            }
+
+            @Override
+            public String getLabel() {
+                return keyLabel;
+            }
+
+            @Override
+            public void destroy() {
+                // no secret key material that needs to be destroyed
+            }
+        };
+    }
+
+    /**
+     * Create EncryptionKeyMaterial from preSharedKey and keyLabel. To decrypt CDOC, recipient must also have same
+     * preSharedKey that is identified by the same keyLabel
+     * @param preSharedKey preSharedKey will be used to generate key encryption key
+     * @param keyLabel unique identifier for preSharedKey
+     * @return
+     */
+    static EncryptionKeyMaterial from(SecretKey preSharedKey, String keyLabel) {
+        return new EncryptionKeyMaterial() {
+
+            @Override
+            public Key getKey() {
+                return preSharedKey;
+            }
+
+            @Override
+            public String getLabel() {
+                return keyLabel;
+            }
+
+            @Override
+            public void destroy() throws DestroyFailedException {
+                preSharedKey.destroy();
+            }
+
+            @Override
+            public boolean isDestroyed() {
+                return preSharedKey.isDestroyed();
+            }
+        };
+    }
+}
diff --git a/cdoc20-lib/src/main/java/ee/cyber/cdoc20/crypto/KekDerivable.java b/cdoc20-lib/src/main/java/ee/cyber/cdoc20/crypto/KekDerivable.java
new file mode 100644
index 00000000..097d45bc
--- /dev/null
+++ b/cdoc20-lib/src/main/java/ee/cyber/cdoc20/crypto/KekDerivable.java
@@ -0,0 +1,13 @@
+package ee.cyber.cdoc20.crypto;
+
+import ee.cyber.cdoc20.CDocException;
+import ee.cyber.cdoc20.client.KeyCapsuleClientFactory;
+import java.security.GeneralSecurityException;
+
+/**
+ * Classes that implement this interface, can derive KEK (key encryption key) using key material and key capsule client
+ */
+public interface KekDerivable {
+    byte[] deriveKek(DecryptionKeyMaterial keyMaterial, KeyCapsuleClientFactory factory)
+        throws GeneralSecurityException, CDocException;
+}
diff --git a/cdoc20-lib/src/main/java/ee/cyber/cdoc20/crypto/KekTools.java b/cdoc20-lib/src/main/java/ee/cyber/cdoc20/crypto/KekTools.java
new file mode 100644
index 00000000..5b576cc2
--- /dev/null
+++ b/cdoc20-lib/src/main/java/ee/cyber/cdoc20/crypto/KekTools.java
@@ -0,0 +1,159 @@
+package ee.cyber.cdoc20.crypto;
+
+import ee.cyber.cdoc20.CDocException;
+import ee.cyber.cdoc20.CDocUserException;
+import ee.cyber.cdoc20.UserErrorCode;
+import ee.cyber.cdoc20.client.EcCapsuleClient;
+import ee.cyber.cdoc20.client.EcCapsuleClientImpl;
+import ee.cyber.cdoc20.client.ExtApiException;
+import ee.cyber.cdoc20.client.KeyCapsuleClientFactory;
+import ee.cyber.cdoc20.client.RsaCapsuleClient;
+import ee.cyber.cdoc20.client.RsaCapsuleClientImpl;
+import ee.cyber.cdoc20.container.CDocParseException;
+import ee.cyber.cdoc20.container.recipients.EccPubKeyRecipient;
+import ee.cyber.cdoc20.container.recipients.EccServerKeyRecipient;
+import ee.cyber.cdoc20.container.recipients.RSAPubKeyRecipient;
+import ee.cyber.cdoc20.container.recipients.RSAServerKeyRecipient;
+import ee.cyber.cdoc20.container.recipients.SymmetricKeyRecipient;
+import ee.cyber.cdoc20.fbs.header.FMKEncryptionMethod;
+import java.security.GeneralSecurityException;
+import java.security.KeyPair;
+import java.security.interfaces.ECPublicKey;
+import java.security.interfaces.RSAPrivateKey;
+import java.util.NoSuchElementException;
+import java.util.Optional;
+import javax.crypto.SecretKey;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+/**
+ * Functions for deriving KEK in different scenarios
+ */
+public final class KekTools {
+
+    private static final Logger log = LoggerFactory.getLogger(KekTools.class);
+    private static final String MUST_CONTAIN_RSA_KEY_PAIR_FOR_RSA_SCENARIO =
+            "must contain RSA key pair for RSA scenario";
+
+    private KekTools() { }
+
+
+    public static byte[] deriveKekForSymmetricKey(SymmetricKeyRecipient recipient,
+                                                  DecryptionKeyMaterial keyMaterial) {
+
+        SecretKey secretKey = keyMaterial.getSecretKey().orElseThrow(
+                () -> new IllegalArgumentException("Expected SecretKey for SymmetricKeyRecipient"));
+        SecretKey kek = Crypto.deriveKeyEncryptionKey(recipient.getRecipientKeyLabel(),
+                secretKey,
+                recipient.getSalt(),
+                FMKEncryptionMethod.name(recipient.getFmkEncryptionMethod()));
+        return kek.getEncoded();
+    }
+
+    public static byte[] deriveKekForEcc(EccPubKeyRecipient eccPubKeyRecipient,
+                                         DecryptionKeyMaterial keyMaterial)
+            throws GeneralSecurityException {
+        ECPublicKey senderPubKey = eccPubKeyRecipient.getSenderPubKey();
+
+        KeyPair recipientKeyPair = keyMaterial.getKeyPair()
+                .orElseThrow(() -> new IllegalArgumentException("EC key pair required for KEK derive"));
+
+        return Crypto.deriveKeyDecryptionKey(recipientKeyPair, senderPubKey, Crypto.CEK_LEN_BYTES);
+    }
+
+    public static byte[] deriveKekForEccServer(EccServerKeyRecipient keyRecipient,
+                                               DecryptionKeyMaterial keyMaterial,
+                                               KeyCapsuleClientFactory capsulesClientFac)
+            throws GeneralSecurityException, CDocException {
+
+        KeyPair recipientKeyPair = keyMaterial.getKeyPair().orElseThrow(
+                () -> new IllegalArgumentException("must contain EC key pair for ECC Server scenario"));
+
+        String transactionId = keyRecipient.getTransactionId();
+        if (transactionId == null) {
+            log.error("No transactionId for recipient {}", keyRecipient.getRecipientKeyLabel());
+            throw new CDocParseException("TransactionId missing in record");
+        }
+
+        String serverId = keyRecipient.getKeyServerId();
+        if (serverId == null) {
+            log.error("No serverId for recipient {}", keyRecipient.getRecipientKeyLabel());
+            throw new CDocUserException(UserErrorCode.SERVER_NOT_FOUND, "serverId missing in record");
+        }
+
+        if (capsulesClientFac == null || capsulesClientFac.getForId(serverId) == null) {
+            log.error("Configuration not found for server {}", serverId);
+            throw new CDocUserException(
+                UserErrorCode.SERVER_NOT_FOUND,
+                String.format("Configuration not found for server '%s'", serverId)
+            );
+        }
+
+        try {
+            EcCapsuleClient client = new EcCapsuleClientImpl(capsulesClientFac.getForId(serverId));
+            Optional<ECPublicKey> senderPubKeyOptional = client.getSenderKey(transactionId);
+            ECPublicKey senderPubKey = senderPubKeyOptional.orElseThrow();
+            return Crypto.deriveKeyDecryptionKey(recipientKeyPair, senderPubKey, Crypto.KEK_LEN_BYTES);
+        } catch (NoSuchElementException nse) {
+            log.error("Key not found for id {} from {}", transactionId, serverId);
+            throw new ExtApiException("Sender key not found for " + transactionId);
+        } catch (ExtApiException apiException) {
+            log.error("Error querying {} for {} ({})", serverId, transactionId, apiException);
+            throw apiException;
+        }
+    }
+
+    public static byte[] deriveKekForRsaServer(RSAServerKeyRecipient recipient,
+                                               DecryptionKeyMaterial keyMaterial,
+                                               KeyCapsuleClientFactory capsulesClientFac)
+            throws GeneralSecurityException, CDocException {
+
+        String transactionId = recipient.getTransactionId();
+        String serverId = recipient.getKeyServerId();
+
+        KeyPair recipientKeyPair = keyMaterial.getKeyPair().orElseThrow(
+                () -> new IllegalArgumentException("must contain RSA key pair for RSA Server scenario"));
+
+        if (!"RSA".equals(recipientKeyPair.getPrivate().getAlgorithm())) {
+            throw new IllegalArgumentException(MUST_CONTAIN_RSA_KEY_PAIR_FOR_RSA_SCENARIO);
+        }
+
+        if (transactionId == null) {
+            log.error("No transactionId for recipient {}", recipient.getRecipientKeyLabel());
+            throw new CDocParseException("TransactionId missing in record");
+        }
+
+        if (serverId == null) {
+            log.error("No serverId for recipient {}", recipient.getRecipientKeyLabel());
+            throw new CDocParseException("ServerId missing in record");
+        }
+
+        if (capsulesClientFac == null || capsulesClientFac.getForId(serverId) == null) {
+            log.error("Configuration not found for server {}", serverId);
+            throw new CDocUserException(
+                UserErrorCode.SERVER_NOT_FOUND,
+                String.format("Configuration not found for server '%s'", serverId)
+            );
+        }
+
+        RsaCapsuleClient client = new RsaCapsuleClientImpl(capsulesClientFac.getForId(serverId));
+        byte[] encryptedKek = client.getEncryptedKek(transactionId).orElseThrow();
+
+        RSAPrivateKey rsaPrivateKey = (RSAPrivateKey) recipientKeyPair.getPrivate();
+        return RsaUtils.rsaDecrypt(encryptedKek, rsaPrivateKey);
+    }
+
+    public static byte[] deriveKekForRsa(RSAPubKeyRecipient rsaPubKeyRecipient, DecryptionKeyMaterial keyMaterial)
+            throws GeneralSecurityException {
+
+        KeyPair recipientKeyPair = keyMaterial.getKeyPair().orElseThrow(
+                () -> new IllegalArgumentException(MUST_CONTAIN_RSA_KEY_PAIR_FOR_RSA_SCENARIO));
+
+        if (!"RSA".equals(recipientKeyPair.getPrivate().getAlgorithm())) {
+            throw new IllegalArgumentException(MUST_CONTAIN_RSA_KEY_PAIR_FOR_RSA_SCENARIO);
+        }
+
+        RSAPrivateKey rsaPrivateKey = (RSAPrivateKey) recipientKeyPair.getPrivate();
+        return RsaUtils.rsaDecrypt(rsaPubKeyRecipient.getEncryptedKek(), rsaPrivateKey);
+    }
+}
diff --git a/cdoc20-lib/src/main/java/ee/cyber/cdoc20/crypto/PemTools.java b/cdoc20-lib/src/main/java/ee/cyber/cdoc20/crypto/PemTools.java
new file mode 100644
index 00000000..dac5a982
--- /dev/null
+++ b/cdoc20-lib/src/main/java/ee/cyber/cdoc20/crypto/PemTools.java
@@ -0,0 +1,300 @@
+package ee.cyber.cdoc20.crypto;
+
+import ee.cyber.cdoc20.util.Resources;
+import ee.cyber.cdoc20.util.SkLdapUtil;
+import java.io.File;
+import java.io.IOException;
+import java.io.InputStream;
+import java.io.StringReader;
+import java.nio.file.Files;
+import java.security.GeneralSecurityException;
+import java.security.InvalidKeyException;
+import java.security.KeyManagementException;
+import java.security.KeyPair;
+import java.security.KeyStore;
+import java.security.KeyStoreException;
+import java.security.PrivateKey;
+import java.security.PublicKey;
+import java.security.cert.CertificateException;
+import java.security.cert.CertificateFactory;
+import java.security.cert.X509Certificate;
+import java.security.interfaces.ECPrivateKey;
+import java.security.interfaces.RSAPublicKey;
+import java.util.AbstractMap;
+import java.util.LinkedHashMap;
+import java.util.LinkedList;
+import java.util.List;
+import java.util.Map;
+import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
+import org.bouncycastle.openssl.PEMKeyPair;
+import org.bouncycastle.openssl.PEMParser;
+import org.bouncycastle.openssl.jcajce.JcaPEMKeyConverter;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import javax.annotation.Nullable;
+
+/**
+ * Utility class to deal with EC and RSA keys and certificates in PEM format.
+ */
+public final class PemTools {
+    private static final Logger log = LoggerFactory.getLogger(PemTools.class);
+
+    private PemTools() {
+    }
+
+    /**
+     * Load EC or RSA pub key from PEM
+     *
+     * EC key:
+     * openssl ec -in key.pem -pubout -out public.pem
+     * <code>
+     * -----BEGIN PUBLIC KEY-----
+     * MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEhEZdaw/m5tmqIrhonGPKG0ZHLPo7fJLO
+     * IwtYw/3/xEPCnRWKyfisJzOkfKyF6g51JyyRYhdzsw6bvE1I1Tr3V4M0C/p+u0Ii
+     * 3cnq0xOn+boyF6FzZGQfDtpF/97wA7gw
+     * -----END PUBLIC KEY-----
+     * <code/>
+     *
+     * ASN.1:
+     * <pre>
+     SEQUENCE (2 elem)
+     SEQUENCE (2 elem)
+     OBJECT IDENTIFIER 1.2.840.10045.2.1 ecPublicKey (ANSI X9.62 public key type)
+     OBJECT IDENTIFIER 1.3.132.0.34 secp384r1 (SECG (Certicom) named elliptic curve)
+     BIT STRING (776 bit) 0000010001111001011000011010011100101001101001111001000111111000011010…
+     * </pre>
+     *
+     * RSA is standard PEM encoded RSA public key
+     * @param pem
+     * @return public key
+     */
+    public static PublicKey loadPublicKey(String pem) throws IOException {
+
+        Object parsed = new PEMParser(new StringReader(pem)).readObject();
+        SubjectPublicKeyInfo publicKeyInfo = SubjectPublicKeyInfo.getInstance(parsed);
+
+        JcaPEMKeyConverter converter = new JcaPEMKeyConverter();
+        return converter.getPublicKey(publicKeyInfo);
+    }
+
+    /**
+     * Load key pair (EC or RSA) from OpenSSL generated PEM file:
+     * openssl ecparam -name secp384r1 -genkey -noout -out key.pem
+     * Example key PEM:
+     * <pre>
+     * -----BEGIN EC PRIVATE KEY-----
+     * MIGkAgEBBDBh1UAT832Nh2ZXvdc5JbNv3BcEZSYk90esUkSPFmg2XEuoA7avS/kd
+     * 4HtHGRbRRbagBwYFK4EEACKhZANiAASERl1rD+bm2aoiuGicY8obRkcs+jt8ks4j
+     * C1jD/f/EQ8KdFYrJ+KwnM6R8rIXqDnUnLJFiF3OzDpu8TUjVOvdXgzQL+n67QiLd
+     * yerTE6f5ujIXoXNkZB8O2kX/3vADuDA=
+     * -----END EC PRIVATE KEY-----
+     * </pre>
+     * Decoded PEM has ASN.1 structure:
+     * <pre>
+     SEQUENCE (4 elem)
+     INTEGER 1
+     OCTET STRING (48 byte) 61D54013F37D8D876657BDD73925B36FDC1704652624F747AC52448F1668365C4BA803…
+     [0] (1 elem)
+     OBJECT IDENTIFIER 1.3.132.0.34 secp384r1 (SECG (Certicom) named elliptic curve)
+     [1] (1 elem)
+     BIT STRING (776 bit) 0000010010000100010001100101110101101011000011111110011011100110110110…
+     </pre>
+     *
+     * @param pem OpenSSL generated private key in PEM
+     * @return KeyPair decoded from PEM
+     * @throw InvalidKeyException if key is not supported by CDOC2 lib
+     */
+    public static KeyPair loadKeyPair(String pem) throws GeneralSecurityException, IOException {
+
+        Object parsed = new PEMParser(new StringReader(pem)).readObject();
+        PEMKeyPair pemKeyPair = (PEMKeyPair) parsed;
+
+        PrivateKey privateKey = new JcaPEMKeyConverter().getPrivateKey(pemKeyPair.getPrivateKeyInfo());
+        PublicKey publicKey = pemKeyPair.getPublicKeyInfo() == null
+            ? null
+            : new JcaPEMKeyConverter().getPublicKey(pemKeyPair.getPublicKeyInfo());
+
+        KeyPair keyPair = new KeyPair(publicKey, privateKey);
+
+        // openssl pkcs12 -in INFILE.p12 -nodes -nocerts | openssl ec -out OUTFILE.key
+        // doesn't export public key part, which is added by
+        // openssl ecparam -name secp384r1 -genkey -noout -out key.pem
+        // Derive public key from EC private if public key was not in PEM
+        // see ECKeysTest::testLoadKeyPairFromPemShort
+        if (publicKey == null) {
+            if ((privateKey != null) && ("EC".equals(privateKey.getAlgorithm()))) {
+                keyPair = ECKeys.deriveECPubKeyFromPrivKey((ECPrivateKey) privateKey);
+            } else {
+                throw new IllegalArgumentException("No public key found");
+            }
+        }
+
+        publicKey = keyPair.getPublic();
+        if ("EC".equals(publicKey.getAlgorithm())) {
+            if (!ECKeys.isECSecp384r1(keyPair)) {
+                throw new InvalidKeyException("Not an EC keypair with secp384r1 curve");
+            }
+        } else if ("RSA".equals(publicKey.getAlgorithm())) {
+            // all RSA keys are considered good. Shorter will fail during encryption as OAEP takes some space
+            RSAPublicKey rsaPublicKey = (RSAPublicKey) publicKey;
+            // no good way to check RSA key length as BigInteger can start with 00 and that changes bit-length
+            if (rsaPublicKey.getModulus().bitLength() <= 512) {
+                throw new InvalidKeyException("RSA key does not meet length requirements");
+            }
+        } else {
+            throw new InvalidKeyException("Unsupported key algorithm " + publicKey.getAlgorithm());
+        }
+        return keyPair;
+    }
+
+    /**
+     * Load key pair from OpenSSL generated PEM file:
+     * openssl ecparam -name secp384r1 -genkey -noout -out key.pem
+     * Example key PEM:
+     * <pre>
+     * -----BEGIN EC PRIVATE KEY-----
+     * MIGkAgEBBDBh1UAT832Nh2ZXvdc5JbNv3BcEZSYk90esUkSPFmg2XEuoA7avS/kd
+     * 4HtHGRbRRbagBwYFK4EEACKhZANiAASERl1rD+bm2aoiuGicY8obRkcs+jt8ks4j
+     * C1jD/f/EQ8KdFYrJ+KwnM6R8rIXqDnUnLJFiF3OzDpu8TUjVOvdXgzQL+n67QiLd
+     * yerTE6f5ujIXoXNkZB8O2kX/3vADuDA=
+     * -----END EC PRIVATE KEY-----
+     * </pre>
+     * @param pemFile OpenSSL generated EC private key in PEM
+     * @return EC KeyPair decoded from PEM
+     */
+    public static KeyPair loadKeyPair(File pemFile) throws GeneralSecurityException, IOException {
+        return loadKeyPair(Files.readString(pemFile.toPath()));
+    }
+
+    /**
+     * Load first private key and certificate from .p12 (PKCS12) input stream
+     * @param p12InputStream InputStream containing PKCS12 structure
+     * @param passwd optional password for p12 input stream
+     * @return private key and certificate pair
+     * @throws GeneralSecurityException
+     * @throws IOException
+     */
+    public static AbstractMap.SimpleEntry<PrivateKey, X509Certificate> loadKeyCertFromP12(InputStream p12InputStream,
+                                                                                          @Nullable char[] passwd)
+            throws GeneralSecurityException, IOException {
+
+        KeyStore clientKeyStore = KeyStore.getInstance("PKCS12");
+        clientKeyStore.load(p12InputStream, passwd);
+        final List<String> entryNames = new LinkedList<>();
+        clientKeyStore.aliases().asIterator().forEachRemaining(alias -> {
+            try {
+                log.debug("{} key={} cert={}", alias, clientKeyStore.isKeyEntry(alias),
+                        clientKeyStore.isCertificateEntry(alias));
+                entryNames.add(alias);
+            } catch (KeyStoreException e) {
+                log.error("KeyStoreException", e);
+            }
+        });
+
+        if (entryNames.size() != 1) {
+            if (entryNames.isEmpty()) {
+                log.error("No keys found from .p12");
+                throw new KeyManagementException("No keys found from p12");
+            } else {
+                log.warn("Multiple keys found {}", entryNames);
+            }
+        }
+
+        String keyAlias = entryNames.get(0);
+
+        log.info("Loading key \"{}\"", keyAlias);
+        KeyStore.PrivateKeyEntry privateKeyEntry =
+                (KeyStore.PrivateKeyEntry) clientKeyStore.getEntry(keyAlias, new KeyStore.PasswordProtection(passwd));
+        if (privateKeyEntry == null) {
+            log.error("Entry not found {}", keyAlias);
+            throw new KeyStoreException("Key not found for " + keyAlias);
+        }
+
+        PrivateKey key = privateKeyEntry.getPrivateKey();
+        X509Certificate cert = (X509Certificate) privateKeyEntry.getCertificate();
+
+        return new AbstractMap.SimpleEntry<>(key, cert);
+    }
+
+    public static Map<PublicKey, String> loadPubKeysWithKeyLabel(File[] pubPemFiles) throws IOException {
+        Map<PublicKey, String> map = new LinkedHashMap<>();
+        if (pubPemFiles != null) {
+            for (File f : pubPemFiles) {
+                map.put(loadPublicKey(Files.readString(f.toPath())), "N/A");
+            }
+        }
+        return map;
+    }
+
+    /**
+     * Load public key (EC or RSA) from InputStream
+     * @param certIs Certificate InputStream in PEM (.cer) format
+     * @return public key paired with key label {@link SkLdapUtil#getKeyLabel(X509Certificate)}
+     * @throws CertificateException
+     */
+    public static Map.Entry<PublicKey, String> loadCertKeyWithLabel(InputStream certIs) throws CertificateException {
+        var cert = loadCertificate(certIs);
+        PublicKey publicKey = cert.getPublicKey();
+        String label = SkLdapUtil.getKeyLabel(cert);
+        return Map.entry(publicKey, label);
+    }
+
+    /**
+     * Load a certificate from input stream
+     * @param is the input stream
+     * @return the X509Certificate
+     * @throws CertificateException when parsing fails
+     */
+    public static X509Certificate loadCertificate(InputStream is) throws CertificateException {
+        CertificateFactory certFactory = CertificateFactory.getInstance("X.509");
+        return (X509Certificate) certFactory.generateCertificate(is);
+    }
+
+    /**
+     * Parse public keys (EC or RSA) from certificate files
+     * @param certFiles Array of certificates files in PEM (.cer) format
+     * @return public keys parsed from certFiles. Public keys are paired with key label
+     *          {@link SkLdapUtil#getKeyLabel(X509Certificate)}
+     * @throws CertificateException
+     * @throws IOException
+     */
+    public static Map<PublicKey, String> loadCertKeysWithLabel(File[] certFiles)
+            throws CertificateException, IOException {
+
+        Map<PublicKey, String> map = new LinkedHashMap<>();
+
+        if (certFiles != null) {
+            for (File f : certFiles) {
+                InputStream in = Files.newInputStream(f.toPath());
+                Map.Entry<PublicKey, String> keyLabelEntry = loadCertKeyWithLabel(in);
+                map.put(keyLabelEntry.getKey(), keyLabelEntry.getValue());
+            }
+        }
+
+        return map;
+    }
+
+    /**
+     * Load keypair from P12 representation.
+     * @param p12 the .p12 file with optional password, i.e filename:password
+     * @return the key pair
+     */
+    public static KeyPair loadKeyPairFromP12File(String p12) throws GeneralSecurityException, IOException {
+        String[] split = p12.split(":");
+        if (split.length < 1 || split.length > 2) {
+            throw new IllegalArgumentException("Invalid .p12 file: " + p12);
+        }
+
+        String p12FileName = split.length == 2 ? split[0] : p12;
+        char[] p12Passwd = split.length == 2 ? split[1].toCharArray() : null;
+
+        var keyCert = PemTools.loadKeyCertFromP12(
+            Resources.getResourceAsStream(p12FileName), p12Passwd);
+
+        PrivateKey key = keyCert.getKey();
+        X509Certificate cert = keyCert.getValue();
+        PublicKey publicKey = cert.getPublicKey();
+        return new KeyPair(publicKey, key);
+    }
+}
diff --git a/cdoc20-lib/src/main/java/ee/cyber/cdoc20/crypto/Pkcs11Tools.java b/cdoc20-lib/src/main/java/ee/cyber/cdoc20/crypto/Pkcs11Tools.java
new file mode 100644
index 00000000..9d650d2e
--- /dev/null
+++ b/cdoc20-lib/src/main/java/ee/cyber/cdoc20/crypto/Pkcs11Tools.java
@@ -0,0 +1,405 @@
+package ee.cyber.cdoc20.crypto;
+
+import ee.cyber.cdoc20.CDocConfiguration;
+import ee.cyber.cdoc20.CDocUserException;
+import ee.cyber.cdoc20.UserErrorCode;
+import java.io.BufferedWriter;
+import java.io.ByteArrayOutputStream;
+import java.io.Console;
+import java.io.IOException;
+import java.io.OutputStreamWriter;
+import java.nio.charset.StandardCharsets;
+import java.nio.file.Files;
+import java.nio.file.Path;
+import java.nio.file.StandardOpenOption;
+import java.security.GeneralSecurityException;
+import java.security.KeyManagementException;
+import java.security.KeyPair;
+import java.security.KeyStore;
+import java.security.KeyStoreException;
+import java.security.PrivateKey;
+import java.security.Provider;
+import java.security.Security;
+import java.security.cert.X509Certificate;
+import java.util.AbstractMap;
+import java.util.Arrays;
+import java.util.LinkedList;
+import java.util.List;
+import javax.annotation.Nullable;
+import javax.security.auth.callback.Callback;
+import javax.security.auth.callback.PasswordCallback;
+import javax.swing.*;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import static ee.cyber.cdoc20.util.OperatingSystem.getOS;
+
+/**
+ * Utility class for PKCS11 operations.
+ * <p>
+ * Common pkcs11 provider library locations:
+ * <ul>
+ *   <li>For Windows, it could be C:\Windows\SysWOW64\opensc-pkcs11.dll,
+ *   <li>For Linux, it could be /usr/lib/x86_64-linux-gnu/opensc-pkcs11.so,
+ *   <li>For OSX, it could be /usr/local/lib/opensc-pkcs11.so
+ * </ul>
+ */
+public final class Pkcs11Tools {
+    private static final Logger log = LoggerFactory.getLogger(Pkcs11Tools.class);
+
+    private static String pkcs11ProviderName;
+
+    private Pkcs11Tools() {
+    }
+
+    /**
+     * Load KeyPair using automatically generated SunPKCS11 configuration and the default callback to get the pin.
+     * Not thread-safe.
+     *
+     * @param pkcs11LibPath pkcs11 provider library location, defaults described above if null
+     * @param slot the slot number with the keys
+     * @param keyAlias key alias (optional) to use in case the are more than one entry in the keystore
+     *
+     * @see <a href="iframe.php?url=https%3A%2F%2Fdocs.oracle.com%2Fen%2Fjava%2Fjavase%2F17%2Fsecurity%2Fpkcs11-reference-guide1.html">
+     *     SunPKCS11 documentation Table 5-1</a>
+     */
+    public static KeyPair loadFromPKCS11Interactively(String pkcs11LibPath, Integer slot, @Nullable String keyAlias)
+            throws GeneralSecurityException, IOException {
+
+        String pinPrompt;
+        if (slot == null) {
+            pinPrompt = "PIN:";
+        } else {
+            pinPrompt = "PIN for slot " + slot + ":";
+        }
+
+        var entry = loadFromPKCS11(
+            createSunPkcsConfigurationFile(null, pkcs11LibPath, slot),
+            getKeyStoreProtectionHandler(pinPrompt),
+            keyAlias
+        );
+
+        return new KeyPair(entry.getValue().getPublicKey(), entry.getKey());
+    }
+
+    /**
+     * Init OpenSC based KeyStore (like EST-EID). OpenSC must be installed. Creates configuration file for SunPKCS11,
+     * configures SunPkcs11 Provider and loads and configures PKCS11 KeyStore from SunPkcs11 Provider.
+     *
+     * @param openScLibPath OpenSC library location, defaults described above if null
+     * @param slot Slot, default 0
+     * @param ksProtection {@link KeyStore.ProtectionParameter KeyStore.ProtectionParameter},
+     *                     example for password: <code>new KeyStore.PasswordProtection("1234".toCharArray())</code> or
+     *                     interactive {@link #getKeyStoreProtectionHandler(String)}
+     * @return Configured PKCS11 KeyStore
+     * @throws IOException when SunPKCS configuration file creation fails
+     * @throws KeyStoreException when KeyStore initialization fails
+     * @see <a href="iframe.php?url=https%3A%2F%2Fdocs.oracle.com%2Fen%2Fjava%2Fjavase%2F17%2Fsecurity%2Fpkcs11-reference-guide1.html">
+     *     SunPKCS11 documentation Table 5-1</a>
+     */
+    public static KeyStore initPKCS11KeysStore(String openScLibPath, Integer slot,
+            KeyStore.ProtectionParameter ksProtection) throws IOException, KeyStoreException {
+        log.trace("initPKCS11KeysStore");
+        Path sunPkcsConPath = createSunPkcsConfigurationFile(null, openScLibPath, slot);
+        initSunPkcs11Provider(sunPkcsConPath);
+
+        return getConfiguredPkcs11KeyStore(ksProtection);
+    }
+
+    /**
+     * Get Provider for PKCS11
+     * @return PKCS11 provider or null, if not found or configured
+     */
+    public static Provider getConfiguredPKCS11Provider() {
+        // Name depends on name parameter in configuration file used for initializing SunPKCS11 provider
+        Provider sunPKCS11Provider = Security.getProvider(getPkcs11ProviderName());
+        if (sunPKCS11Provider != null && sunPKCS11Provider.isConfigured()) {
+            return sunPKCS11Provider;
+        }
+
+        return null;
+    }
+
+    /**
+     * Get KeyStore.ProtectionParameter that gets KeyStore.ProtectionParameter value from user interactively
+     * @param prompt Prompt value displayed to user when asking protectionParameter value (e.g `PIN:`)
+     * @return KeyStore.ProtectionParameter that interactively communicates with user
+     */
+    public static KeyStore.CallbackHandlerProtection getKeyStoreProtectionHandler(String prompt) {
+        return new KeyStore.CallbackHandlerProtection(callbacks -> {
+            for (Callback cp: callbacks) {
+                if (cp instanceof PasswordCallback) {
+                    // prompt the user for sensitive information
+                    PasswordCallback pc = (PasswordCallback) cp;
+
+                    Console console = System.console();
+                    if (console != null) {
+                        char[] pin = console.readPassword(prompt);
+                        pc.setPassword(pin);
+                    } else { //running from IDE, console is null
+                        JPasswordField pf = new JPasswordField();
+                        int result = JOptionPane.showConfirmDialog(null, pf, prompt,
+                            JOptionPane.OK_CANCEL_OPTION, JOptionPane.PLAIN_MESSAGE);
+
+                        if (result == JOptionPane.OK_OPTION) {
+                            String password = new String(pf.getPassword());
+                            pc.setPassword(password.toCharArray());
+                        } else if (result == JOptionPane.OK_CANCEL_OPTION) {
+                            throw new CDocUserException(UserErrorCode.USER_CANCEL, "PIN entry cancelled by user");
+                        }
+                    }
+                }
+            }
+        });
+    }
+
+    static AbstractMap.SimpleEntry<PrivateKey, X509Certificate> loadFromPKCS11(
+            Path pkcs11Conf, KeyStore.ProtectionParameter keyProtection, @Nullable String keyAlias)
+                throws GeneralSecurityException {
+
+        Provider provider = initSunPkcs11Provider(pkcs11Conf);
+
+        log.debug("{} provider isConfigured={}", provider.getName(), provider.isConfigured());
+
+        var ks = getConfiguredPkcs11KeyStore(keyProtection);
+
+        final List<String> entryNames = new LinkedList<>();
+        ks.aliases().asIterator().forEachRemaining(alias -> {
+            try {
+                log.debug("{} key={} cert={}", alias, ks.isKeyEntry(alias), ks.isCertificateEntry(alias));
+                entryNames.add(alias);
+            } catch (KeyStoreException e) {
+                log.error("KeyStoreException", e);
+            }
+        });
+
+        if (entryNames.isEmpty()) {
+            throw new KeyManagementException("No keys found for " + getPkcs11ProviderName());
+        }
+
+        String entryAlias;
+        if (entryNames.size() == 1) {
+            entryAlias = entryNames.get(0);
+        } else {
+            if (keyAlias == null) {
+                log.info("Multiple key entries found: {}", entryNames);
+                throw new KeyStoreException("Multiple entries in keystore but no key alias specified");
+            }
+            entryAlias = keyAlias;
+        }
+
+        log.info("Loading key '{}'", entryAlias);
+        KeyStore.PrivateKeyEntry privateKeyEntry =
+            (KeyStore.PrivateKeyEntry) ks.getEntry(entryAlias, keyProtection);
+        if (privateKeyEntry == null) {
+            log.error("Entry not found {}", entryAlias);
+            throw new KeyStoreException("Key not found for " + entryAlias);
+        }
+
+        PrivateKey key = privateKeyEntry.getPrivateKey();
+        X509Certificate cert = (X509Certificate) privateKeyEntry.getCertificate();
+
+        log.debug("key class: {}", key.getClass());
+        log.debug("key: {}", key);
+        log.debug("cert: {} ", cert.getSubjectX500Principal().getName());
+
+        return new AbstractMap.SimpleEntry<>(key, cert);
+    }
+
+    /**
+     * Creates a configuration file for SunPKCS11.
+     * <p>
+     * File example:
+     * <pre>
+     *     {
+     *         name=OpenSC
+     *         library=/usr/lib/x86_64-linux-gnu/opensc-pkcs11.so
+     *         slot=0
+     *         attributes(*,CKO_SECRET_KEY,*) = {
+     *              CKA_TOKEN = false
+     *         }
+     *     }
+     * </pre>
+     * @param name any string, default OpenSC
+     * @param openScLibrary OpenSC library location, defaults described above
+     * @param slot Slot, default 0
+     * @see <a href="iframe.php?url=https%3A%2F%2Fdocs.oracle.com%2Fen%2Fjava%2Fjavase%2F17%2Fsecurity%2Fpkcs11-reference-guide1.html">
+     *     SunPKCS11 documentation Table 5-1</a>
+     */
+    static Path createSunPkcsConfigurationFile(String name, String openScLibrary, Integer slot) throws IOException {
+        Path confPath = Path.of(System.getProperty("java.io.tmpdir")).resolve("opensc-java.cfg");
+
+        String library = openScLibrary;
+
+        if (library == null) {
+            library = System.getProperty(CDocConfiguration.PKCS11_LIBRARY_PROPERTY, null);
+        }
+
+        if (library == null) {
+            library = getOpenSCDefaultLocation();
+        }
+
+        if (!Files.isReadable(Path.of(library))) {
+            log.error(
+                "OpenSC library not found at {}, define {} System.property to overwrite ",
+                library, CDocConfiguration.PKCS11_LIBRARY_PROPERTY
+            );
+        }
+
+        String slotStr = "";
+        if (slot == null) {
+            slotStr = "-slot0";
+        } else {
+            slotStr = "-slot" + slot;
+        }
+
+        ByteArrayOutputStream bos = new ByteArrayOutputStream();
+        try (BufferedWriter writer = new BufferedWriter(new OutputStreamWriter(bos))) {
+
+            if (name == null) {
+                writer.write("name=OpenSC" + slotStr);
+            } else {
+                writer.write("name=" + name + slotStr);
+            }
+            writer.newLine();
+
+            writer.write("library=" + library);
+            writer.newLine();
+
+            if (slot != null) {
+                writer.write("slot=" + slot);
+                writer.newLine();
+            }
+
+            //est-eid specific
+            writer.write("attributes(*,CKO_SECRET_KEY,*) = {");
+            writer.newLine();
+            writer.write("  CKA_TOKEN = false");
+            writer.newLine();
+            writer.write("}");
+            writer.newLine();
+        }
+
+        String confFileStr = bos.toString(StandardCharsets.UTF_8);
+
+        log.debug("Creating SunPKCS11 configuration file: {}", confPath);
+        if (log.isDebugEnabled()) {
+            log.debug("\n{}", confFileStr);
+        }
+
+        try (BufferedWriter w = Files.newBufferedWriter(confPath, StandardCharsets.UTF_8,
+            StandardOpenOption.CREATE,
+            StandardOpenOption.TRUNCATE_EXISTING)) {
+            w.write(confFileStr);
+        }
+
+        return confPath;
+    }
+
+    private static KeyStore getConfiguredPkcs11KeyStore(KeyStore.ProtectionParameter keyProtection)
+            throws KeyStoreException {
+        try {
+            return KeyStore.Builder
+                .newInstance("PKCS11", getConfiguredPKCS11Provider(), keyProtection)
+                .getKeyStore();
+        } catch (KeyStoreException e) {
+            log.error("Failed to get PKCS11 keystore", e);
+            handlePkcs11KeyStoreException(e);
+            throw e;
+        }
+    }
+
+    private static synchronized Provider initSunPkcs11Provider(Path confPath) {
+        log.debug("initSunPkcs11Provider({})", confPath);
+        log.info("Configuring SunPKCS11 from {}", confPath);
+        Provider sunPkcs11Provider = Security.getProvider("SunPKCS11").configure(confPath.toString());
+
+        log.debug("Provider info {}", sunPkcs11Provider.getInfo());
+        log.debug("Adding provider {}", sunPkcs11Provider);
+
+        // print algorithms available
+        //log.debug("Provider properties: {}", sunPkcs11Provider.stringPropertyNames());
+        //sunPkcs11Provider.getServices().forEach(s -> log.debug("{} {}",s.getAlgorithm(), s.getType()));
+
+        Security.addProvider(sunPkcs11Provider);
+        log.info("SunPKCS11 provider available under name: {} {}", sunPkcs11Provider.getName(),
+                Security.getProvider(sunPkcs11Provider.getName()) != null);
+
+        pkcs11ProviderName = sunPkcs11Provider.getName();
+
+        return sunPkcs11Provider;
+    }
+
+    private static synchronized String getPkcs11ProviderName() {
+        if (pkcs11ProviderName != null) {
+            return pkcs11ProviderName;
+        }
+
+        if (System.getProperties().containsKey(CDocConfiguration.PKCS11_PROVIDER_SYSTEM_PROPERTY)) {
+            pkcs11ProviderName = System.getProperty(CDocConfiguration.PKCS11_PROVIDER_SYSTEM_PROPERTY);
+            return pkcs11ProviderName;
+        }
+
+        //[SunPKCS11-OpenSC]
+        Provider[] pkcs11ProvidersArr = Security.getProviders("KeyStore.PKCS11");
+        List<String> pkcs11Providers = Arrays
+            .stream(pkcs11ProvidersArr == null ? new Provider[] {} : pkcs11ProvidersArr)
+            .map(Provider::getName).toList();
+        log.debug("KeyStore.PKCS11 providers {}", pkcs11Providers);
+
+        //[SunEC, SunPKCS11-OpenSC]
+        Provider[] ecdhProvidersArr = Security.getProviders("KeyAgreement.ECDH");
+        List<String> ecdhProviders = Arrays.stream((ecdhProvidersArr == null) ? new Provider[]{} : ecdhProvidersArr)
+                .map(Provider::getName).toList();
+        log.debug("KeyAgreement.ECDH {}", ecdhProviders);
+
+        List<String> common = pkcs11Providers.stream().filter(ecdhProviders::contains).toList();
+
+        if (common.size() == 1) {
+            pkcs11ProviderName = common.get(0);
+            return pkcs11ProviderName;
+        }
+
+        if (common.size() > 1) {
+            log.info("Several PKCS11 providers found that support \"KeyStore.PKCS11\" & \"KeyAgreement.ECDH\": {}",
+                    common);
+            log.info("Choose correct one by setting system property {} to one of {}",
+                    CDocConfiguration.PKCS11_PROVIDER_SYSTEM_PROPERTY, common);
+        }
+
+        log.error("PKCS11 provider not configured");
+        return null;
+    }
+
+    private static void handlePkcs11KeyStoreException(KeyStoreException exc) {
+        var cause = exc.getCause();
+
+        while (cause != null && cause.getCause() != null) {
+            cause = cause.getCause();
+        }
+
+        if (cause != null && cause.getMessage() != null) {
+            var errorMessage = cause.getMessage();
+
+            if (errorMessage.contains("CKR_PIN_INCORRECT") || errorMessage.contains("CKR_PIN_LEN_RANGE")) {
+                throw new CDocUserException(UserErrorCode.WRONG_PIN, errorMessage);
+            }
+            if (errorMessage.contains("CKR_PIN_LOCKED")) {
+                throw new CDocUserException(UserErrorCode.PIN_LOCKED, errorMessage);
+            }
+            throw new CDocUserException(UserErrorCode.SMART_CARD_NOT_PRESENT, exc.getMessage());
+        }
+    }
+
+    private static String getOpenSCDefaultLocation() {
+        switch (getOS()) {
+            case LINUX:
+                return "/usr/lib/x86_64-linux-gnu/opensc-pkcs11.so";
+            case WINDOWS:
+                return "C:\\Windows\\SysWOW64\\opensc-pkcs11.dll";
+            case MAC:
+                return "/usr/local/lib/opensc-pkcs11.so";
+            default:
+                throw new IllegalStateException("Unknown OS");
+        }
+    }
+}
diff --git a/cdoc20-lib/src/main/java/ee/cyber/cdoc20/crypto/RsaUtils.java b/cdoc20-lib/src/main/java/ee/cyber/cdoc20/crypto/RsaUtils.java
new file mode 100644
index 00000000..f90a92f9
--- /dev/null
+++ b/cdoc20-lib/src/main/java/ee/cyber/cdoc20/crypto/RsaUtils.java
@@ -0,0 +1,142 @@
+package ee.cyber.cdoc20.crypto;
+
+import java.io.IOException;
+import java.nio.ByteBuffer;
+import java.security.GeneralSecurityException;
+import java.security.Key;
+import java.security.KeyFactory;
+import java.security.PrivateKey;
+import java.security.interfaces.RSAPublicKey;
+import java.security.spec.MGF1ParameterSpec;
+import java.security.spec.RSAPublicKeySpec;
+import java.util.Arrays;
+import java.util.Objects;
+import javax.crypto.Cipher;
+import javax.crypto.spec.OAEPParameterSpec;
+import javax.crypto.spec.PSource;
+import org.bouncycastle.asn1.ASN1EncodableVector;
+import org.bouncycastle.asn1.ASN1Integer;
+import org.bouncycastle.asn1.ASN1Primitive;
+import org.bouncycastle.asn1.ASN1Sequence;
+import org.bouncycastle.asn1.DERSequence;
+
+/**
+ * Utility class for RSA related functions
+ */
+public final class RsaUtils {
+    private RsaUtils() { }
+
+    /**
+     * Init RSA OAEP cipher.
+     * @param opMode the operation mode of RSA cipher (this is one of the following: ENCRYPT_MODE, DECRYPT_MODE)
+     * @param key PublicKey if opMode is ENCRYPT, PrivateKey for DECRYPT_MODE. General Key class is used
+     *            as PKCS11 usb hardware tokens use a wrapped PKCS11 implementation of the public key.
+     * @return initialized to RsaOAEP Cipher
+     * @throws GeneralSecurityException if cipher initialization failed
+     */
+    private static Cipher getRsaOaepCipher(int opMode, Key key) throws GeneralSecurityException {
+
+        final String rsaOaepTransformation = "RSA/ECB/OAEPPadding";
+        // OAEP algorithm padding specifier string from
+        // https://docs.oracle.com/en/java/javase/17/docs/specs/security/standard-names.html#cipher-algorithm-paddings
+        // is not enough as standard name doesn't specify if the hash should also be used for Mask Generation Function
+        // (MGF1) or should default be used (SHA-1). As a result SunJCE and BC are not compatible for
+        // "RSA/ECB/OAEPWithSHA-256AndMGF1Padding" as SunJCE uses MGF param sha1 and BC sha256
+        // https://stackoverflow.com/questions/32161720/breaking-down-rsa-ecb-oaepwithsha-256andmgf1padding
+        OAEPParameterSpec oaepParams =
+                new OAEPParameterSpec("SHA-256",
+                        "MGF1", new MGF1ParameterSpec("SHA-256"),
+                        PSource.PSpecified.DEFAULT); //DEFAULT is new byte[0], equal to pSpecified Empty from Spec
+        Cipher rsaOaepCipher = Cipher.getInstance(rsaOaepTransformation);
+        rsaOaepCipher.init(opMode, key, oaepParams);
+        return rsaOaepCipher;
+    }
+
+    /**
+     * Encrypt plain with rsaPublicKey
+     * @param plain data to encrypted with rsaPublicKey
+     * @param rsaPublicKey key to use for encryption
+     * @return encrypted data
+     * @throws GeneralSecurityException if encryption failed
+     */
+    public static byte[] rsaEncrypt(byte[] plain, RSAPublicKey rsaPublicKey) throws GeneralSecurityException {
+
+        Cipher rsa = getRsaOaepCipher(Cipher.ENCRYPT_MODE, rsaPublicKey);
+        return rsa.doFinal(plain);
+    }
+
+    /**
+     * Decrypt encrypted with rsaPrivateKey
+     * @param encrypted data rsaPrivateKey matching public RSA key
+     * @param rsaPrivateKey key to use for decryption
+     * @return decrypted data
+     * @throws GeneralSecurityException if decryption failed
+     */
+    public static byte[] rsaDecrypt(byte[] encrypted, PrivateKey rsaPrivateKey) throws GeneralSecurityException {
+
+        Cipher rsa = getRsaOaepCipher(Cipher.DECRYPT_MODE, rsaPrivateKey);
+        return rsa.doFinal(encrypted);
+    }
+
+    /**
+     * Encode RSA public key as in RFC8017 RSA Public Key Syntax (A.1.1) https://www.rfc-editor.org/rfc/rfc8017#page-54
+     * <pre>
+     *           RSAPublicKey ::= SEQUENCE {
+     *              modulus           INTEGER,  -- n
+     *              publicExponent    INTEGER   -- e
+     *          }
+     * </pre>
+     * See RsaTest.java for examples
+     * @return rsaPublicKey encoded as ASN1 RSAPublicKey
+     */
+    public static byte[] encodeRsaPubKey(RSAPublicKey rsaPublicKey) {
+        Objects.requireNonNull(rsaPublicKey);
+
+        ASN1EncodableVector v = new ASN1EncodableVector(2);
+        v.add(new ASN1Integer(rsaPublicKey.getModulus()));
+        v.add(new ASN1Integer(rsaPublicKey.getPublicExponent()));
+        DERSequence derSequence = new DERSequence(v);
+        try {
+            return derSequence.getEncoded();
+        } catch (IOException io) {
+            // getEncoded uses internally ByteArrayOutputStream that shouldn't throw IOException
+            throw new IllegalStateException("Failed to encode rsaPublicKey", io);
+        }
+    }
+
+    /**
+     * Decode RSA public key from byte stream as defined in
+     * RFC8017 RSA Public Key Syntax (A.1.1) https://www.rfc-editor.org/rfc/rfc8017#page-54
+     * <pre>
+     *           RSAPublicKey ::= SEQUENCE {
+     *              modulus           INTEGER,  -- n
+     *              publicExponent    INTEGER   -- e
+     *          }
+     * </pre>
+     * @param asn1Data asn1 sequence containing RSAPublicKey structure
+     * @return decoded RSA public key
+     * @throws IOException if decoding fails
+     * @throws GeneralSecurityException if converting ASN1 data to RSA public key fails
+     * see RsaTest.java for examples
+     */
+    public static RSAPublicKey decodeRsaPubKey(byte[] asn1Data) throws IOException, GeneralSecurityException {
+
+        ASN1Primitive p = ASN1Primitive.fromByteArray(asn1Data);
+        ASN1Sequence asn1Sequence = ASN1Sequence.getInstance(p);
+
+        if (asn1Sequence.size() != 2) {
+            throw new IOException("Bad sequence size: " + asn1Sequence.size());
+        }
+
+        ASN1Integer mod = ASN1Integer.getInstance(asn1Sequence.getObjectAt(0));
+        ASN1Integer exp = ASN1Integer.getInstance(asn1Sequence.getObjectAt(1));
+
+        RSAPublicKeySpec spec = new RSAPublicKeySpec(mod.getPositiveValue(), exp.getPositiveValue());
+        KeyFactory keyFactory = KeyFactory.getInstance("RSA");
+        return (RSAPublicKey) keyFactory.generatePublic(spec);
+    }
+
+    public static RSAPublicKey decodeRsaPubKey(ByteBuffer asn1BB) throws GeneralSecurityException, IOException {
+        return decodeRsaPubKey(Arrays.copyOfRange(asn1BB.array(), asn1BB.position(), asn1BB.limit()));
+    }
+}
diff --git a/cdoc20-lib/src/main/java/ee/cyber/cdoc20/util/OperatingSystem.java b/cdoc20-lib/src/main/java/ee/cyber/cdoc20/util/OperatingSystem.java
new file mode 100644
index 00000000..99c2b859
--- /dev/null
+++ b/cdoc20-lib/src/main/java/ee/cyber/cdoc20/util/OperatingSystem.java
@@ -0,0 +1,39 @@
+package ee.cyber.cdoc20.util;
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+/**
+ * Operating system.
+ */
+public enum OperatingSystem {
+    WINDOWS,
+    LINUX,
+    MAC;
+
+    private static final Logger log = LoggerFactory.getLogger(OperatingSystem.class);
+    private static final String OS_NAME = "os.name";
+
+    /**
+     * @return the operating system
+     */
+    public static OperatingSystem getOS() {
+        log.debug("os.family: {}, os.name: {}", System.getProperty("os.family"), System.getProperty(OS_NAME));
+        String os = System.getProperty(OS_NAME).toLowerCase();
+
+        if (os.contains("win")) {
+            return OperatingSystem.WINDOWS;
+        }
+        if (os.contains("nix") || os.contains("nux")) {
+            return OperatingSystem.LINUX;
+        }
+        if (os.contains("mac")) {
+            return OperatingSystem.MAC;
+        }
+
+        log.error("Unknown operating system: os.family: {}, os.name: {}",
+            System.getProperty("os.family"), System.getProperty(OS_NAME)
+        );
+        throw new IllegalStateException("Unknown OS");
+    }
+}
diff --git a/cdoc20-lib/src/main/java/ee/cyber/cdoc20/util/Resources.java b/cdoc20-lib/src/main/java/ee/cyber/cdoc20/util/Resources.java
new file mode 100644
index 00000000..2ff9ac3f
--- /dev/null
+++ b/cdoc20-lib/src/main/java/ee/cyber/cdoc20/util/Resources.java
@@ -0,0 +1,49 @@
+package ee.cyber.cdoc20.util;
+
+import ee.cyber.cdoc20.client.KeyCapsuleClientImpl;
+
+import javax.annotation.Nullable;
+import java.io.IOException;
+import java.io.InputStream;
+import java.nio.file.Files;
+import java.nio.file.Path;
+import java.util.Objects;
+
+/**
+ * Utility class for loading resources (ex. properties files) from classpath
+ */
+public final class Resources {
+
+    private Resources() { }
+    /**
+     * Load resource from classpath or file as InputStream.
+     * @param name starts with classpath: then loads resource from classpath otherwise reads from file
+     * @return a new input stream created from name
+     * @throws IOException if an I/O error occurs
+     * @throws NullPointerException if name is null
+     */
+    public static InputStream getResourceAsStream(String name) throws IOException {
+        return getResourceAsStream(name, null);
+    }
+
+    /**
+     * Load resource from classpath or file as InputStream.
+     * @param name starts with classpath: then loads resource from classpath otherwise reads from file
+     * @param cl optional ClassLoader to load the resource
+     * @return a new input stream created from name
+     * @throws IOException if an I/O error occurs
+     * @throws NullPointerException if name is null
+     */
+    public static InputStream getResourceAsStream(String name, @Nullable ClassLoader cl) throws IOException {
+        final String classpath = "classpath:";
+        Objects.requireNonNull(name);
+
+        ClassLoader classLoader = (cl != null) ? cl : KeyCapsuleClientImpl.class.getClassLoader();
+
+        if (name.startsWith(classpath) && (name.length() > classpath.length())) {
+            return classLoader.getResourceAsStream(name.substring(classpath.length()));
+        } else {
+            return Files.newInputStream(Path.of(name));
+        }
+    }
+}
diff --git a/cdoc20-lib/src/main/java/ee/cyber/cdoc20/util/SkLdapUtil.java b/cdoc20-lib/src/main/java/ee/cyber/cdoc20/util/SkLdapUtil.java
new file mode 100644
index 00000000..699bd044
--- /dev/null
+++ b/cdoc20-lib/src/main/java/ee/cyber/cdoc20/util/SkLdapUtil.java
@@ -0,0 +1,210 @@
+package ee.cyber.cdoc20.util;
+
+import java.io.ByteArrayInputStream;
+import java.security.PublicKey;
+import java.security.cert.CertificateException;
+import java.security.cert.CertificateFactory;
+import java.security.cert.X509Certificate;
+import java.util.Collections;
+import java.util.Hashtable;
+import java.util.LinkedHashMap;
+import java.util.List;
+import java.util.Map;
+import javax.annotation.Nullable;
+import javax.naming.Context;
+import javax.naming.InvalidNameException;
+import javax.naming.NamingEnumeration;
+import javax.naming.NamingException;
+import javax.naming.directory.Attributes;
+import javax.naming.directory.DirContext;
+import javax.naming.directory.InitialDirContext;
+import javax.naming.directory.SearchControls;
+import javax.naming.directory.SearchResult;
+import javax.naming.ldap.LdapName;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+/**
+ * Utility class to downloading and parsing certificates from SK LDAP server
+ * @see <a href=https://www.skidsolutions.eu/repositoorium/ldap/esteid-ldap-kataloogi-kasutamine/>SK LDAP</a>
+ */
+public final class SkLdapUtil {
+    private SkLdapUtil() {
+
+    }
+
+    private static final Logger log = LoggerFactory.getLogger(SkLdapUtil.class);
+    private static final String SK_ESTEID_LDAP = "ldaps://esteid.ldap.sk.ee/";
+
+    private static final String DIGI_ID = "Digital identity card";
+    private static final String ID_CARD = "Identity card of Estonian citizen";
+    private static final String E_RESIDENT_DIGI_ID = "Digital identity card of e-resident";
+    private static final String AUTH_CERT_PART = "ou=Authentication,o=";
+
+    // distinguished name fragment for authentication certificates using id-card
+    private static final String AUTH_ID_CARD = AUTH_CERT_PART + ID_CARD;
+
+    // distinguished name fragment for authentication certificates using digi-id
+    private static final String AUTH_DIGI_ID = AUTH_CERT_PART + DIGI_ID;
+
+    // distinguished name fragment for authentication certificates using e-resident digi-id
+    private static final String AUTH_E_RESIDENT_DIGI_ID = AUTH_CERT_PART + E_RESIDENT_DIGI_ID;
+
+    private static DirContext initDirContext() throws NamingException {
+        Hashtable<String, Object> env = new Hashtable<>(11);
+        env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
+        env.put(Context.PROVIDER_URL, SK_ESTEID_LDAP);
+        env.put(Context.SECURITY_AUTHENTICATION, "simple");
+
+        return new InitialDirContext(env);
+    }
+
+    /**
+     * Find id-kaart (o=Identity card of Estonian citizen) and digi-id (o=Digital identity card)
+     * authentication (ou=Authentication) certificates for ESTEID identification code
+     * @param ctx DirContext from {@link #initDirContext()}
+     * @param identificationCode (isikukood) ESTEID identification code, ex 37101010021
+     * @return Map of X509Certificate and distinguished name pairs or empty map if none found
+     * @throws NamingException If an error occurred while querying sk LDAP server
+     * @throws CertificateException If parsing found certificate fails
+     * @see <a href=https://www.skidsolutions.eu/repositoorium/ldap/esteid-ldap-kataloogi-kasutamine/>SK LDAP</a>
+     */
+    public static Map<X509Certificate, String> findAuthenticationEstEidCertificates(DirContext ctx,
+            String identificationCode) throws NamingException, CertificateException {
+
+        Map<X509Certificate, String> certificateNameMap = new LinkedHashMap<>();
+        CertificateFactory certFactory = CertificateFactory.getInstance("X.509");
+
+        SearchControls searchControls = new SearchControls();
+        searchControls.setSearchScope(SearchControls.SUBTREE_SCOPE);
+        String filter = "(serialNumber=PNOEE-" + identificationCode + ")";
+
+        NamingEnumeration<SearchResult> answer = ctx.search("dc=ESTEID,c=EE", filter, searchControls);
+
+        while (answer.hasMore()) {
+            SearchResult searchResult = answer.next();
+            Attributes attrs = searchResult.getAttributes();
+
+            // distinguished name
+            // e.g: cn=ŽAIKOVSKI\,IGOR\,37101010021,ou=Authentication,o=Identity card of Estonian citizen
+            String dn = searchResult.getName();
+
+            if (dn.contains(AUTH_ID_CARD) || dn.contains(AUTH_DIGI_ID) || dn.contains(AUTH_E_RESIDENT_DIGI_ID)) {
+
+                // there can be more than one 'userCertificate;binary' attribute
+                var certAttrs = (NamingEnumeration<Object>) attrs.get("userCertificate;binary").getAll();
+                while (certAttrs.hasMore()) {
+                    Object certObject = certAttrs.nextElement();
+                    if (certObject != null) {
+                        byte[] certBuf = (byte[]) certObject;
+                        try {
+                            X509Certificate cert = (X509Certificate) certFactory.generateCertificate(
+                                    new ByteArrayInputStream(certBuf));
+                            log.debug("Found cert for {}, name:{}", identificationCode, dn);
+                            certificateNameMap.put(cert, dn);
+                        } catch (CertificateException ce) {
+                            log.error("Invalid certificate for {}", identificationCode);
+                            throw ce;
+                        }
+                    }
+                }
+            }
+        }
+
+        return certificateNameMap;
+    }
+
+    /**
+     * Find id-kaart (o=Identity card of Estonian citizen) and digi-id (o=Digital identity card)
+     * authentication (ou=Authentication) certificate for each ESTEID identification code from sk ESTEID LDAP and
+     * extract public keys
+     * @param ids ESTEID identification codes (isikukood), e.g 37101010021
+     * @return Map of public keys with key labels for each identification code or empty list if none found
+     * @throws NamingException If an error occurred while querying sk LDAP server
+     * @throws CertificateException If parsing found certificate fails
+     * @see <a href=https://www.skidsolutions.eu/repositoorium/ldap/esteid-ldap-kataloogi-kasutamine/>SK LDAP</a>
+     */
+    public static Map<PublicKey, String> getPublicKeysWithLabels(String[] ids)
+            throws NamingException, CertificateException {
+
+        if (ids == null) {
+            return Collections.emptyMap();
+        }
+        DirContext ctx = initDirContext();
+        Map<PublicKey, String> keysWithLabels = new LinkedHashMap<>();
+        try {
+            for (String id: ids) {
+                Map<X509Certificate, String> certs = findAuthenticationEstEidCertificates(ctx, id);
+                for (var certNameEntry: certs.entrySet()) {
+                    X509Certificate cert = certNameEntry.getKey();
+                    String distinguishedName = certNameEntry.getValue();
+                    String keyLabel = getKeyLabel(cert, distinguishedName);
+                    log.debug("Adding key label {}", keyLabel);
+                    keysWithLabels.put(cert.getPublicKey(), keyLabel);
+                }
+            }
+        } finally {
+            ctx.close();
+        }
+
+        return keysWithLabels;
+    }
+
+    /**
+     * Get label value from certificate. Used as KeyLabel value in FBS header. For SK issued certificates,
+     * use CN part of Subject as label, for other certs use x509 Subject
+     * @param cert certificate to be used for label creation
+     * @return label parsed from cert
+     */
+    public static String getKeyLabel(X509Certificate cert) {
+        return getKeyLabel(cert, null);
+    }
+
+    /**
+     * Get label value from certificate. Used as KeyLabel value in FBS header. For SK issued certificates,
+     * use CN part of Subject as label, for other certs use x509 Subject
+     * @param cert certificate to be used for label creation
+     * @param dName the distinguished name (optional) - used to add certificate type to the label
+     * @return label parsed from cert
+     */
+    private static String getKeyLabel(X509Certificate cert, @Nullable String dName)  {
+        // KeyLabel is UI specific field, so its value is not specified in the Spec.
+        // DigiDoc4-Client uses this field to hint user what type of eID was used for encryption
+        // https://github.com
+        // /open-eid/DigiDoc4-Client/blob/f4298ad9d2fbb40cffc488bed6cf1d3116dff450/client/SslCertificate.cpp#L302
+        // https://github.com/open-eid/DigiDoc4-Client/blob/master/client/dialogs/AddRecipients.cpp#L474
+
+        // cdoc20-lib is not trying to be compatible DigiDoc4-Client as this value is not standardized
+        // if compatibility is required then lib client must write its own certificate parsing
+
+        // SK issued id-cards have following Subject:
+        // Subject: C = EE, CN = "\C5\BDAIKOVSKI,IGOR,37101010021",
+        //        SN = \C5\BDAIKOVSKI, GN = IGOR, serialNumber = 37101010021
+        // use CN as label.
+        // If it fails, use whole certificate subject
+        try {
+            List<String> cn = new LdapName(cert.getSubjectX500Principal().getName()).getRdns().stream()
+                    .filter(rdn -> rdn.getType().equalsIgnoreCase("cn"))
+                    .map(rdn -> rdn.getValue().toString())
+                    .toList();
+            if (cn.size() == 1) {
+                String keyLabel = cn.get(0);
+                if (dName != null) {
+                    if (dName.contains(DIGI_ID)) {
+                        keyLabel += " (digi-id)";
+                    } else if (dName.contains(ID_CARD)) {
+                        keyLabel += " (id-card)";
+                    } else if (dName.contains(E_RESIDENT_DIGI_ID)) {
+                        keyLabel += " (e-resident digi-id)";
+                    }
+                }
+                return keyLabel;
+            } else {
+                log.warn("Unexpected certificate cn values {}", cn);
+                return cert.getSubjectX500Principal().getName();
+            }
+        } catch (InvalidNameException e) {
+            return cert.getSubjectX500Principal().getName();
+        }
+    }
+}
diff --git a/cdoc20-lib/src/main/resources/simplelogger.properties b/cdoc20-lib/src/main/resources/simplelogger.properties
new file mode 100644
index 00000000..c63c47da
--- /dev/null
+++ b/cdoc20-lib/src/main/resources/simplelogger.properties
@@ -0,0 +1,3 @@
+org.slf4j.simpleLogger.defaultLogLevel=trace
+org.slf4j.simpleLogger.showDateTime=true
+org.slf4j.simpleLogger.dateTimeFormat=yyyy-MM-dd HH:mm:ss.SSS
diff --git a/cdoc20-lib/src/test/java/ee/cyber/cdoc20/SkLdapTest.java b/cdoc20-lib/src/test/java/ee/cyber/cdoc20/SkLdapTest.java
new file mode 100644
index 00000000..a1dea333
--- /dev/null
+++ b/cdoc20-lib/src/test/java/ee/cyber/cdoc20/SkLdapTest.java
@@ -0,0 +1,40 @@
+package ee.cyber.cdoc20;
+
+import ee.cyber.cdoc20.crypto.EllipticCurve;
+import ee.cyber.cdoc20.util.SkLdapUtil;
+import java.security.PublicKey;
+import java.security.cert.CertificateException;
+import java.util.Map;
+import java.util.stream.Collectors;
+import javax.naming.NamingException;
+import org.junit.jupiter.api.Tag;
+import org.junit.jupiter.api.Test;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import static org.junit.jupiter.api.Assertions.assertEquals;
+import static org.junit.jupiter.api.Assertions.assertFalse;
+
+class SkLdapTest {
+    private static final Logger log = LoggerFactory.getLogger(SkLdapTest.class);
+
+    // Igor cert is not available from SKs
+    //private static final String id = "37101010021";//Igor
+
+    @Test
+    @Tag("ldap")
+    void testFindAuthenticationCerts() throws NamingException, CertificateException {
+        String[] ids = new String[]{"37903130370", "38207162766"};
+        Map<PublicKey, String> keysWithLabels =  SkLdapUtil.getPublicKeysWithLabels(ids);
+
+        // Since testing against external service, then can't be really sure what is returned
+        // if something is returned then consider it success
+        assertFalse(keysWithLabels.isEmpty());
+
+        Map<PublicKey, String> ecKeysWithLabels = keysWithLabels.entrySet().stream()
+                .filter(entry -> EllipticCurve.isSupported(entry.getKey()))
+                .collect(Collectors.toMap(Map.Entry::getKey, Map.Entry::getValue));
+
+        // all returned keys were supported by cdoc
+        assertEquals(keysWithLabels.size(), ecKeysWithLabels.size());
+    }
+}
diff --git a/cdoc20-lib/src/test/java/ee/cyber/cdoc20/container/EnvelopeTest.java b/cdoc20-lib/src/test/java/ee/cyber/cdoc20/container/EnvelopeTest.java
new file mode 100644
index 00000000..1bc360ec
--- /dev/null
+++ b/cdoc20-lib/src/test/java/ee/cyber/cdoc20/container/EnvelopeTest.java
@@ -0,0 +1,839 @@
+package ee.cyber.cdoc20.container;
+
+import ee.cyber.cdoc20.CDocConfiguration;
+import ee.cyber.cdoc20.client.KeyCapsuleClient;
+import ee.cyber.cdoc20.client.model.Capsule;
+import ee.cyber.cdoc20.container.recipients.EccRecipient;
+import ee.cyber.cdoc20.container.recipients.EccServerKeyRecipient;
+import ee.cyber.cdoc20.container.recipients.RSAServerKeyRecipient;
+import ee.cyber.cdoc20.container.recipients.Recipient;
+import ee.cyber.cdoc20.crypto.Crypto;
+import ee.cyber.cdoc20.crypto.DecryptionKeyMaterial;
+import ee.cyber.cdoc20.crypto.ECKeys;
+import ee.cyber.cdoc20.crypto.EllipticCurve;
+import ee.cyber.cdoc20.crypto.EncryptionKeyMaterial;
+import ee.cyber.cdoc20.crypto.PemTools;
+import ee.cyber.cdoc20.crypto.RsaUtils;
+import ee.cyber.cdoc20.fbs.header.Header;
+import ee.cyber.cdoc20.fbs.header.RecipientRecord;
+import ee.cyber.cdoc20.fbs.recipients.RSAPublicKeyCapsule;
+import ee.cyber.cdoc20.fbs.recipients.SymmetricKeyCapsule;
+
+import java.io.ByteArrayInputStream;
+import java.io.ByteArrayOutputStream;
+import java.io.File;
+import java.io.FileInputStream;
+import java.io.FileOutputStream;
+import java.io.IOException;
+import java.io.OutputStream;
+import java.nio.ByteBuffer;
+import java.nio.charset.StandardCharsets;
+import java.nio.file.Files;
+import java.nio.file.Path;
+import java.security.GeneralSecurityException;
+import java.security.KeyPair;
+import java.security.KeyPairGenerator;
+import java.security.PublicKey;
+import java.security.SecureRandom;
+import java.security.interfaces.ECPublicKey;
+import java.security.interfaces.RSAPublicKey;
+import java.time.Instant;
+import java.util.Arrays;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+import java.util.Optional;
+import java.util.Random;
+import java.util.UUID;
+import java.util.stream.Collectors;
+import javax.crypto.AEADBadTagException;
+import javax.crypto.SecretKey;
+import javax.crypto.spec.SecretKeySpec;
+
+import org.apache.commons.compress.utils.CountingInputStream;
+import org.apache.commons.compress.archivers.ArchiveEntry;
+import org.junit.jupiter.api.DisplayName;
+import org.junit.jupiter.api.Tag;
+import org.junit.jupiter.api.Test;
+import org.junit.jupiter.api.extension.ExtendWith;
+import org.junit.jupiter.api.io.TempDir;
+import org.junit.jupiter.api.parallel.Isolated;
+import org.mockito.Mock;
+import org.mockito.junit.jupiter.MockitoExtension;
+import org.mockito.stubbing.Answer;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import static ee.cyber.cdoc20.container.EnvelopeTestUtils.testContainer;
+import static ee.cyber.cdoc20.fbs.header.Capsule.recipients_RSAPublicKeyCapsule;
+import static ee.cyber.cdoc20.fbs.header.Capsule.recipients_SymmetricKeyCapsule;
+import static org.junit.jupiter.api.Assertions.assertEquals;
+import static org.junit.jupiter.api.Assertions.assertFalse;
+import static org.junit.jupiter.api.Assertions.assertInstanceOf;
+import static org.junit.jupiter.api.Assertions.assertNotNull;
+import static org.junit.jupiter.api.Assertions.assertThrows;
+import static org.junit.jupiter.api.Assertions.assertTrue;
+import static org.junit.jupiter.api.Assertions.fail;
+import static org.mockito.ArgumentMatchers.any;
+import static org.mockito.Mockito.doAnswer;
+import static org.mockito.Mockito.times;
+import static org.mockito.Mockito.verify;
+import static org.mockito.Mockito.when;
+
+// as tests create and write files, and set/read System Properties, then it's safer to run tests isolated
+// some tests can be run parallel, but this is untested
+@Isolated
+@ExtendWith(MockitoExtension.class)
+public class EnvelopeTest {
+    private static final Logger log = LoggerFactory.getLogger(EnvelopeTest.class);
+
+    @SuppressWarnings("checkstyle:OperatorWrap")
+    private final String bobKeyPem = "-----BEGIN EC PRIVATE KEY-----\n" +
+            "MIGkAgEBBDAFxoHAdX8mU9cjiXOy46Gljmongxto0nHwRQs5cb93vIcysAaYLmhL\n" +
+            "mH4DPqnSXJWgBwYFK4EEACKhZANiAAR5Yacpp5H4aBAIxkDtdBXcw/BFyMNEQu4B\n" +
+            "LqnEv1cUVHROnhw3hAW63F3H2PI93ZzB/BT6+C+gOLt3XkCT/H3C9X1ZktCd5lS2\n" +
+            "BmC8zN4UciwrTb68gt4ylKUCd5g30KY=\n" +
+            "-----END EC PRIVATE KEY-----\n";
+
+    @Mock
+    KeyCapsuleClient capsuleClientMock;
+
+    Capsule capsuleData;
+
+    // Mainly flatbuffers and friends
+    @Test
+    void testHeaderSerializationParse() throws Exception {
+
+        KeyPair recipientKeyPair = PemTools.loadKeyPair(bobKeyPem);
+
+        File payloadFile = new File(System.getProperty("java.io.tmpdir"), "payload-" + UUID.randomUUID() + ".txt");
+        payloadFile.deleteOnExit();
+        try (FileOutputStream payloadFos = new FileOutputStream(payloadFile)) {
+            payloadFos.write("payload".getBytes(StandardCharsets.UTF_8));
+        }
+
+        ECPublicKey recipientPubKey = (ECPublicKey) recipientKeyPair.getPublic();
+
+        String keyLabel = "testHeaderSerializationParse";
+        Envelope envelope = Envelope.prepare(
+                List.of(EncryptionKeyMaterial.from(recipientKeyPair.getPublic(), keyLabel)), null);
+        ByteArrayOutputStream dst = new ByteArrayOutputStream();
+        envelope.encrypt(List.of(payloadFile), dst);
+
+        byte[] resultBytes = dst.toByteArray();
+
+        assertTrue(resultBytes.length > 0);
+
+        //no exception is also good indication that parsing worked
+        List<Recipient> recipients = Envelope.parseHeader(new ByteArrayInputStream(resultBytes));
+
+        assertEquals(1, recipients.size());
+
+        var recipient = recipients.get(0);
+        assertInstanceOf(EccRecipient.class, recipient);
+
+        assertEquals(recipientPubKey, ((EccRecipient) recipient).getRecipientPubKey());
+        assertNotNull(recipient.getRecipientKeyLabel());
+        assertEquals(keyLabel, recipient.getRecipientKeyLabel());
+    }
+
+    @Test
+    void testRsaSerialization(@TempDir Path tempDir) throws Exception {
+
+        UUID uuid = UUID.randomUUID();
+        String payloadFileName = "payload-" + uuid + ".txt";
+        String payloadData = "payload-" + uuid;
+        File payloadFile = tempDir.resolve(payloadFileName).toFile();
+
+        try (FileOutputStream payloadFos = new FileOutputStream(payloadFile)) {
+            payloadFos.write(payloadData.getBytes(StandardCharsets.UTF_8));
+        }
+
+        KeyPairGenerator generator = KeyPairGenerator.getInstance("RSA");
+        generator.initialize(2048, SecureRandom.getInstanceStrong());
+
+        KeyPair keyPair = generator.generateKeyPair();
+        RSAPublicKey publicKey = (RSAPublicKey) keyPair.getPublic();
+
+        String keyLabel = "testRsaSerialization";
+        Envelope envelope = Envelope.prepare(List.of(EncryptionKeyMaterial.from(publicKey, keyLabel)), null);
+
+        ByteArrayOutputStream dst = new ByteArrayOutputStream();
+        envelope.encrypt(List.of(payloadFile), dst);
+
+        byte[] cdocBytes = dst.toByteArray();
+
+        assertTrue(cdocBytes.length > 0);
+
+        log.debug("available: {}", cdocBytes.length);
+
+        byte[] fbsBytes = Envelope.readFBSHeader(new ByteArrayInputStream(cdocBytes));
+        Header header = Envelope.deserializeFBSHeader(fbsBytes);
+
+        assertNotNull(header);
+        assertEquals(1, header.recipientsLength());
+
+        RecipientRecord recipient = header.recipients(0);
+
+        assertEquals(keyLabel, recipient.keyLabel());
+        assertEquals(recipients_RSAPublicKeyCapsule, recipient.capsuleType());
+
+        RSAPublicKeyCapsule rsaPublicKeyCapsule = (RSAPublicKeyCapsule) recipient.capsule(new RSAPublicKeyCapsule());
+        assertNotNull(rsaPublicKeyCapsule);
+
+        ByteBuffer rsaPubKeyBuf = rsaPublicKeyCapsule.recipientPublicKeyAsByteBuffer();
+        assertNotNull(rsaPubKeyBuf);
+        byte[] rsaPubKeyBytes = Arrays.copyOfRange(rsaPubKeyBuf.array(), rsaPubKeyBuf.position(), rsaPubKeyBuf.limit());
+        PublicKey publicKeyOut = RsaUtils.decodeRsaPubKey(rsaPubKeyBytes);
+
+        assertEquals(publicKey, publicKeyOut);
+    }
+
+    @Test
+    void testEccServerSerialization(@TempDir Path tempDir) throws Exception {
+        KeyPair recipientKeyPair = PemTools.loadKeyPair(bobKeyPem);
+
+        UUID uuid = UUID.randomUUID();
+        String payloadFileName = "payload-" + uuid + ".txt";
+        String payloadData = "payload-" + uuid;
+        File payloadFile = tempDir.resolve(payloadFileName).toFile();
+
+        try (FileOutputStream payloadFos = new FileOutputStream(payloadFile)) {
+            payloadFos.write(payloadData.getBytes(StandardCharsets.UTF_8));
+        }
+
+        ECPublicKey recipientPubKey = (ECPublicKey) recipientKeyPair.getPublic();
+        final String recipientKeyLabel = "testEccServerSerialization";
+
+        when(capsuleClientMock.getServerIdentifier()).thenReturn("mock");
+        when(capsuleClientMock.storeCapsule(any())).thenReturn("SD1234567890");
+
+        Envelope envelope = Envelope.prepare(
+            List.of(EncryptionKeyMaterial.from(recipientPubKey, recipientKeyLabel)),
+            capsuleClientMock
+        );
+        ByteArrayOutputStream dst = new ByteArrayOutputStream();
+        envelope.encrypt(List.of(payloadFile), dst);
+
+        byte[] resultBytes = dst.toByteArray();
+
+        assertTrue(resultBytes.length > 0);
+
+        //no exception is also good indication that parsing worked
+        List<Recipient> eccRecipients = Envelope.parseHeader(new ByteArrayInputStream(resultBytes));
+
+        assertEquals(1, eccRecipients.size());
+
+        assertInstanceOf(EccServerKeyRecipient.class, eccRecipients.get(0));
+
+        EccServerKeyRecipient eccServerKeyRecipient = (EccServerKeyRecipient) eccRecipients.get(0);
+
+        assertEquals(recipientPubKey, eccServerKeyRecipient.getRecipientPubKey());
+
+        assertEquals("mock", eccServerKeyRecipient.getKeyServerId());
+        assertEquals("SD1234567890", eccServerKeyRecipient.getTransactionId());
+        assertEquals(recipientKeyLabel, eccServerKeyRecipient.getRecipientKeyLabel());
+    }
+
+    @Test
+    void testRsaServerSerialization(@TempDir Path tempDir) throws Exception {
+        KeyPairGenerator generator = KeyPairGenerator.getInstance("RSA");
+        generator.initialize(2048, SecureRandom.getInstanceStrong());
+
+        KeyPair keyPair = generator.generateKeyPair();
+        RSAPublicKey publicKey = (RSAPublicKey) keyPair.getPublic();
+
+        UUID uuid = UUID.randomUUID();
+        String payloadFileName = "payload-" + uuid + ".txt";
+        String payloadData = "payload-" + uuid;
+        File payloadFile = tempDir.resolve(payloadFileName).toFile();
+
+        try (FileOutputStream payloadFos = new FileOutputStream(payloadFile)) {
+            payloadFos.write(payloadData.getBytes(StandardCharsets.UTF_8));
+        }
+
+        final String recipientKeyLabel = "testRsaServerSerialization";
+
+        when(capsuleClientMock.getServerIdentifier()).thenReturn("mock_rsa");
+        when(capsuleClientMock.storeCapsule(any())).thenReturn("KC1234567890123456789012");
+
+        Envelope envelope = Envelope.prepare(
+                List.of(EncryptionKeyMaterial.from(publicKey, recipientKeyLabel)),
+            capsuleClientMock
+        );
+        ByteArrayOutputStream dst = new ByteArrayOutputStream();
+        envelope.encrypt(List.of(payloadFile), dst);
+
+        byte[] resultBytes = dst.toByteArray();
+
+        assertTrue(resultBytes.length > 0);
+
+        //no exception is also good indication that parsing worked
+        List<Recipient> recipients = Envelope.parseHeader(new ByteArrayInputStream(resultBytes));
+
+        assertEquals(1, recipients.size());
+
+        assertInstanceOf(RSAServerKeyRecipient.class, recipients.get(0));
+
+        RSAServerKeyRecipient rsaServerKeyRecipient = (RSAServerKeyRecipient) recipients.get(0);
+
+        assertEquals(publicKey, rsaServerKeyRecipient.getRecipientPubKey());
+
+        assertEquals("mock_rsa", rsaServerKeyRecipient.getKeyServerId());
+        assertEquals("KC1234567890123456789012", rsaServerKeyRecipient.getTransactionId());
+        assertEquals(recipientKeyLabel, rsaServerKeyRecipient.getRecipientKeyLabel());
+
+    }
+
+    @Test
+    void testSymmetricKeySerialization(@TempDir Path tempDir) throws Exception {
+
+        UUID uuid = UUID.randomUUID();
+        String payloadFileName = "payload-" + uuid + ".txt";
+        String payloadData = "payload-" + uuid;
+        File payloadFile = tempDir.resolve(payloadFileName).toFile();
+
+        try (FileOutputStream payloadFos = new FileOutputStream(payloadFile)) {
+            payloadFos.write(payloadData.getBytes(StandardCharsets.UTF_8));
+        }
+
+        byte[] secret = new byte[Crypto.SYMMETRIC_KEY_MIN_LEN_BYTES];
+        SecretKey preSharedKey = new SecretKeySpec(secret, "");
+
+
+        String keyLabel = "testSymmetricKeySerialization";
+        Envelope envelope = Envelope.prepare(List.of(EncryptionKeyMaterial.from(preSharedKey, keyLabel)), null);
+
+        ByteArrayOutputStream dst = new ByteArrayOutputStream();
+        envelope.encrypt(List.of(payloadFile), dst);
+
+        byte[] cdocBytes = dst.toByteArray();
+
+        assertTrue(cdocBytes.length > 0);
+
+        log.debug("available: {}", cdocBytes.length);
+
+        byte[] fbsBytes = Envelope.readFBSHeader(new ByteArrayInputStream(cdocBytes));
+        Header header = Envelope.deserializeFBSHeader(fbsBytes);
+
+        assertNotNull(header);
+        assertEquals(1, header.recipientsLength());
+
+        RecipientRecord recipient = header.recipients(0);
+
+        assertEquals(keyLabel, recipient.keyLabel());
+        assertEquals(recipients_SymmetricKeyCapsule, recipient.capsuleType());
+
+        SymmetricKeyCapsule symmetricKeyCapsule = (SymmetricKeyCapsule) recipient.capsule(new SymmetricKeyCapsule());
+        assertNotNull(symmetricKeyCapsule);
+
+        ByteBuffer saltBuf = symmetricKeyCapsule.saltAsByteBuffer();
+        assertNotNull(saltBuf);
+    }
+
+
+    @Test
+    void testECContainer(@TempDir Path tempDir) throws Exception {
+        KeyPair bobKeyPair = PemTools.loadKeyPair(bobKeyPem);
+        testContainer(tempDir, DecryptionKeyMaterial.fromKeyPair(bobKeyPair),
+                "testECContainer", null);
+    }
+
+    @Test
+    void testECServerScenario(@TempDir Path tempDir) throws Exception {
+        KeyPair keyPair = PemTools.loadKeyPair(bobKeyPem);
+        String transactionId = "KC1234567890123456789011";
+
+        when(capsuleClientMock.getServerIdentifier()).thenReturn("mock_ec_server");
+
+        doAnswer(invocation -> {
+            capsuleData = (Capsule) invocation.getArguments()[0];
+            log.debug("storing capsule {}", capsuleData);
+            return transactionId;
+        }).when(capsuleClientMock).storeCapsule(any(Capsule.class));
+
+        when(capsuleClientMock.getCapsule(transactionId)).thenAnswer((Answer<Optional<Capsule>>) invocation -> {
+            log.debug("returning capsule {}", capsuleData);
+            return Optional.of(capsuleData);
+        });
+
+        testContainer(tempDir, DecryptionKeyMaterial.fromKeyPair(keyPair), "testECContainer", capsuleClientMock);
+
+        verify(capsuleClientMock, times(1)).storeCapsule(any());
+        verify(capsuleClientMock, times(1)).getCapsule(transactionId);
+
+        assertEquals(Capsule.CapsuleTypeEnum.ECC_SECP384R1, capsuleData.getCapsuleType());
+        assertEquals(keyPair.getPublic(), EllipticCurve.SECP384R1.decodeFromTls(
+                ByteBuffer.wrap(capsuleData.getRecipientId())));
+        assertTrue(EllipticCurve.SECP384R1.isValidKey(
+                    EllipticCurve.SECP384R1.decodeFromTls(
+                        ByteBuffer.wrap(capsuleData.getEphemeralKeyMaterial())))
+        );
+    }
+
+    @Test
+    void testContainerUsingRSAKey(@TempDir Path tempDir) throws Exception {
+
+        KeyPairGenerator generator = KeyPairGenerator.getInstance("RSA");
+        generator.initialize(2048, SecureRandom.getInstanceStrong());
+        KeyPair rsaKeyPair = generator.generateKeyPair();
+
+        testContainer(tempDir, DecryptionKeyMaterial.fromKeyPair(rsaKeyPair), "testContainerUsingRSAKey", null);
+    }
+
+    @Test
+    void testSymmetricKeyScenario(@TempDir Path tempDir) throws Exception {
+        String label = "testSymmetricKeyScenario";
+        byte[] secret = new byte[32];
+        Crypto.getSecureRandom().nextBytes(secret);
+        SecretKey key = new SecretKeySpec(secret, "");
+
+        testContainer(tempDir, DecryptionKeyMaterial.fromSecretKey(label, key), label, null);
+    }
+
+    @Test
+    void testRsaServerScenario(@TempDir Path tempDir) throws Exception {
+
+        KeyPairGenerator generator = KeyPairGenerator.getInstance("RSA");
+        generator.initialize(2048, SecureRandom.getInstanceStrong());
+        KeyPair rsaKeyPair = generator.generateKeyPair();
+
+        String transactionId = "KC1234567890123456789012";
+
+        when(capsuleClientMock.getServerIdentifier()).thenReturn("mock_rsa_server");
+
+        doAnswer(invocation -> {
+            capsuleData = (Capsule) invocation.getArguments()[0];
+            log.debug("storing capsule {}", capsuleData);
+            return transactionId;
+        }).when(capsuleClientMock).storeCapsule(any(Capsule.class));
+
+        when(capsuleClientMock.getCapsule(transactionId)).thenAnswer((Answer<Optional<Capsule>>) invocation -> {
+            log.debug("returning capsule {}", capsuleData);
+            return Optional.of(capsuleData);
+        });
+
+        testContainer(tempDir, DecryptionKeyMaterial.fromKeyPair(rsaKeyPair),
+                "testContainerUsingRSAKey", capsuleClientMock);
+
+        verify(capsuleClientMock, times(1)).storeCapsule(any());
+        verify(capsuleClientMock, times(1)).getCapsule(transactionId);
+        assertEquals(Capsule.CapsuleTypeEnum.RSA, capsuleData.getCapsuleType());
+
+        assertEquals(rsaKeyPair.getPublic(), RsaUtils.decodeRsaPubKey(capsuleData.getRecipientId()));
+        assertEquals(((RSAPublicKey)rsaKeyPair.getPublic()).getModulus().bitLength(),
+                capsuleData.getEphemeralKeyMaterial().length * 8);
+    }
+
+
+    @Test
+    @DisplayName("Check that already created files are removed, when mac check in ChaCha20Poly1305 fails")
+    void testContainerWrongPoly1305Mac(@TempDir Path tempDir) throws Exception {
+        KeyPair bobKeyPair = PemTools.loadKeyPair(bobKeyPem);
+        UUID uuid = UUID.randomUUID();
+        String payloadFileName = "payload-" + uuid + ".txt";
+        String payloadData = "payload-" + uuid;
+        File payloadFile = tempDir.resolve(payloadFileName).toFile();
+
+        byte[] bytes = new byte[1024];
+
+        int bytesWanted = 8 * 1024;
+        // create bigger file, so that payload file is written to disk, before MAC check
+        File biggerFile = tempDir.resolve("biggerFile").toFile();
+        try (OutputStream os = Files.newOutputStream(biggerFile.toPath())) {
+            for (int i = 0; i <= bytesWanted; i++) {
+                new Random().nextBytes(bytes);
+                os.write(bytes);
+            }
+        }
+
+        Path outDir = tempDir.resolve("testContainer-" + uuid);
+        Files.createDirectories(outDir);
+
+        var encKM = EncryptionKeyMaterial.from(bobKeyPair.getPublic(), "testContainerWrongPoly1305Mac");
+
+        byte[] cdocContainerBytes = EnvelopeTestUtils.createContainer(payloadFile,
+                payloadData.getBytes(StandardCharsets.UTF_8), encKM, List.of(biggerFile), null);
+
+        log.debug("cdoc size: {}", cdocContainerBytes.length);
+
+        //last 16 bytes are Poly1305 MAC, corrupt that
+        cdocContainerBytes[cdocContainerBytes.length - 1] = (byte) 0xff;
+        cdocContainerBytes[cdocContainerBytes.length - 2] = (byte) 0xfe;
+
+        var ex = assertThrows(
+            Exception.class,
+            () -> EnvelopeTestUtils.checkContainerDecrypt(cdocContainerBytes, outDir,
+                    DecryptionKeyMaterial.fromKeyPair(bobKeyPair),
+                    List.of(payloadFileName), payloadFileName, payloadData, null)
+        );
+
+        assertInstanceOf(AEADBadTagException.class, ex.getCause());
+        assertEquals("mac check in ChaCha20Poly1305 failed", ex.getCause().getMessage());
+
+        assertNotNull(outDir.toFile().listFiles());
+        //extracted files were deleted
+        assertTrue(Arrays.stream(outDir.toFile().listFiles()).toList().isEmpty());
+    }
+
+    @Test
+    void testThatIncompleteCDocFilesAreRemoved(@TempDir Path tempDir)
+            throws IOException, GeneralSecurityException {
+        KeyPair bobKeyPair = PemTools.loadKeyPair(bobKeyPem);
+        UUID uuid = UUID.randomUUID();
+        String payloadFileName = "-payload:" + uuid + ".txt"; //invalid
+        String payloadData = "payload-" + uuid;
+        File payloadFile = tempDir.resolve(payloadFileName).toFile();
+
+
+        Path outDir = tempDir.resolve("testContainer-" + uuid);
+        Files.createDirectories(outDir);
+
+        var encKM = EncryptionKeyMaterial.from(bobKeyPair.getPublic(), "blah");
+
+        File cdocFile = tempDir.resolve("incomplete.cdoc").toFile();
+
+        Files.createFile(cdocFile.toPath());
+        assertTrue(cdocFile.exists());
+
+        String overwrite = System.getProperty(CDocConfiguration.OVERWRITE_PROPERTY);
+        System.setProperty(CDocConfiguration.OVERWRITE_PROPERTY, "true");
+        try {
+            var ex = assertThrows(
+                    Exception.class,
+                    () -> EnvelopeTestUtils.createContainerUsingCDocBuilder(cdocFile, payloadFile,
+                            payloadData.getBytes(StandardCharsets.UTF_8), encKM, null, null)
+            );
+
+            assertFalse(cdocFile.exists());
+        } finally {
+            if (overwrite != null) {
+                System.setProperty(CDocConfiguration.OVERWRITE_PROPERTY, overwrite);
+            }
+        }
+    }
+
+    // tar processing is ended after zero block has encountered. It is possible to add extra data after this and tar lib
+    // won't process it. Verify that all data is processed and Poly1305 MAC is validated
+    @Test
+    void testTarWithExtraData(@TempDir Path tempDir) throws Exception {
+
+        UUID uuid = UUID.randomUUID();
+        String payloadFileName = "payload-" + uuid + ".txt";
+        String payloadData = "payload-" + uuid;
+        File payloadFile = tempDir.resolve(payloadFileName).toFile();
+
+        try (FileOutputStream payloadFos = new FileOutputStream(payloadFile)) {
+            payloadFos.write(payloadData.getBytes(StandardCharsets.UTF_8));
+        }
+
+        byte[] secret = new byte[Crypto.SYMMETRIC_KEY_MIN_LEN_BYTES];
+        SecureRandom.getInstanceStrong().nextBytes(secret);
+        SecretKey preSharedKey = new SecretKeySpec(secret, "");
+        String keyLabel = "testTarWithExtraData";
+
+        byte[] cdocBytes =  EnvelopeTestUtils.createContainer(payloadFile, payloadData.getBytes(StandardCharsets.UTF_8),
+                EncryptionKeyMaterial.from(preSharedKey, keyLabel), null, null);
+
+        assertTrue(cdocBytes.length > 0);
+
+        log.debug("cdoc length: {}", cdocBytes.length);
+
+        byte[] tarWithExtraDataPayload = EnvelopeTestUtils.createTarWithExtraData();
+        byte[] newCdocBytes =
+                EnvelopeTestUtils.replacePayload(cdocBytes, preSharedKey, keyLabel, tarWithExtraDataPayload);
+
+        log.debug("CDOC size {}", newCdocBytes.length);
+
+        CountingInputStream countingInputStream = new CountingInputStream(new ByteArrayInputStream(newCdocBytes));
+
+        IOException ioex = assertThrows(IOException.class, () -> Envelope.list(
+                    countingInputStream,
+                    DecryptionKeyMaterial.fromSecretKey(keyLabel, preSharedKey), null
+                ));
+
+        assertEquals("Unexpected data after tar", ioex.getMessage());
+
+        assertEquals(newCdocBytes.length, countingInputStream.getBytesRead());
+
+        // Although IOException is thrown, it should not be reported if MAC is wrong
+        // MAC check exception is thrown instead of "Unexpected data after tar"
+        byte[] wrongPoly1305MacCdoc = Arrays.copyOf(newCdocBytes, newCdocBytes.length);
+        wrongPoly1305MacCdoc[wrongPoly1305MacCdoc.length - 1] = (byte) 0xff; //corrupt MAC
+
+        CountingInputStream wrongMacIs =
+                new CountingInputStream(new ByteArrayInputStream(wrongPoly1305MacCdoc));
+
+        IOException ex = assertThrows(IOException.class, () -> Envelope.list(
+                wrongMacIs,
+                DecryptionKeyMaterial.fromSecretKey(keyLabel, preSharedKey), null
+        ));
+
+        assertInstanceOf(AEADBadTagException.class, ex.getCause());
+        assertEquals("mac check in ChaCha20Poly1305 failed", ex.getCause().getMessage());
+
+        assertEquals(newCdocBytes.length, wrongMacIs.getBytesRead());
+    }
+
+    @Test
+    void testIllegalTarEntryType(@TempDir Path tempDir) throws Exception {
+
+        byte[] tarWithIllegalFileTypeBytes = EnvelopeTestUtils.createTarWithIllegalFileType();
+
+        Path outDir = tempDir.resolve("testIllegalTarEntryType.out");
+        Files.createDirectories(outDir);
+
+        UUID uuid = UUID.randomUUID();
+        String payloadFileName = "payload-" + uuid + ".txt";
+        String payloadData = "payload-" + uuid;
+        File payloadFile = tempDir.resolve(payloadFileName).toFile();
+
+        try (FileOutputStream payloadFos = new FileOutputStream(payloadFile)) {
+            payloadFos.write(payloadData.getBytes(StandardCharsets.UTF_8));
+        }
+
+        byte[] secret = new byte[Crypto.SYMMETRIC_KEY_MIN_LEN_BYTES];
+        SecureRandom.getInstanceStrong().nextBytes(secret);
+        SecretKey preSharedKey = new SecretKeySpec(secret, "");
+
+
+        String keyLabel = "testTarWithExtraData";
+
+
+        byte[] cdocBytes =  EnvelopeTestUtils.createContainer(payloadFile, payloadData.getBytes(StandardCharsets.UTF_8),
+                EncryptionKeyMaterial.from(preSharedKey, keyLabel), null, null);
+
+        assertTrue(cdocBytes.length > 0);
+
+        log.debug("original cdoc length: {}", cdocBytes.length);
+
+        byte[] newCdocBytes =
+                EnvelopeTestUtils.replacePayload(cdocBytes, preSharedKey, keyLabel, tarWithIllegalFileTypeBytes);
+        log.debug("replaced payload");
+
+        log.debug("modified CDOC size {}", newCdocBytes.length);
+
+        CountingInputStream countingInputStream = new CountingInputStream(new ByteArrayInputStream(newCdocBytes));
+
+        IOException ioex = assertThrows(IOException.class, () -> Envelope.decrypt(
+                countingInputStream,
+                DecryptionKeyMaterial.fromSecretKey(keyLabel, preSharedKey), outDir, null
+        ));
+
+        assertEquals("Tar entry with illegal type found", ioex.getMessage());
+
+        // all cdoc bytes were processed and Poly1305 MAC checked
+        assertEquals(newCdocBytes.length, countingInputStream.getBytesRead());
+
+        //extracted files were deleted
+        assertTrue(Arrays.stream(outDir.toFile().listFiles()).toList().isEmpty());
+
+
+
+        // MAC check exception is thrown instead of "Unexpected data after tar"
+        byte[] wrongPoly1305MacCdoc = Arrays.copyOf(newCdocBytes, newCdocBytes.length);
+        wrongPoly1305MacCdoc[wrongPoly1305MacCdoc.length - 1] = (byte) 0xff; //corrupt MAC
+
+        CountingInputStream wrongMacIs =
+                new CountingInputStream(new ByteArrayInputStream(wrongPoly1305MacCdoc));
+
+        IOException ex = assertThrows(IOException.class, () -> Envelope.decrypt(
+                wrongMacIs,
+                DecryptionKeyMaterial.fromSecretKey(keyLabel, preSharedKey), outDir, null
+        ));
+
+        assertInstanceOf(AEADBadTagException.class, ex.getCause());
+        assertEquals("mac check in ChaCha20Poly1305 failed", ex.getCause().getMessage());
+
+        assertEquals(newCdocBytes.length, wrongMacIs.getBytesRead());
+
+        //extracted files were deleted
+        assertTrue(Arrays.stream(outDir.toFile().listFiles()).toList().isEmpty());
+    }
+
+
+    // test that near max size header can be created and parsed
+    @Test
+    @Tag("slow")
+    void testLongHeader(@TempDir Path tempDir) throws Exception {
+
+        UUID uuid = UUID.randomUUID();
+        String payloadFileName = "A";
+
+        String payloadData = "";
+
+        File payloadFile = tempDir.resolve(payloadFileName).toFile();
+
+        try (FileOutputStream payloadFos = new FileOutputStream(payloadFile)) {
+            payloadFos.write(payloadData.getBytes(StandardCharsets.UTF_8));
+        }
+
+        Path outDir = tempDir.resolve("testContainer-" + uuid);
+        Files.createDirectories(outDir);
+
+        KeyPair bobKeyPair = PemTools.loadKeyPair(bobKeyPem);
+
+        ECPublicKey bobPubKey = (ECPublicKey) bobKeyPair.getPublic();
+
+        // Code to find the limit of max header
+        int singleKeyLen = Envelope.prepare(
+                List.of(EncryptionKeyMaterial.from(bobPubKey, "longHeader")), null)
+            .serializeHeader().length;
+        int twoKeyLen = Envelope.prepare(
+                List.of(
+                    EncryptionKeyMaterial.from(bobPubKey, "longHeader"),
+                    EncryptionKeyMaterial.from(
+                            ECKeys.generateEcKeyPair(ECKeys.SECP_384_R_1).getPublic(), "longHeader"
+                    )
+                ), null
+            )
+            .serializeHeader().length;
+
+        // Seems that FBS adds overhead for arrays, as recipient_length grows, if recipients number grows
+        final int fbsOverhead = 4;
+        int recipientLength = twoKeyLen - singleKeyLen + fbsOverhead;
+        int emptyHeaderLen = singleKeyLen - recipientLength;
+
+        log.debug("empty header len:{}, single recipient len {}",
+            emptyHeaderLen, singleKeyLen - recipientLength
+        );
+
+        int maxRecipientsNum = (Envelope.MAX_HEADER_LEN - emptyHeaderLen) / recipientLength;
+
+        log.debug("Generating: {} EC key pairs. {} < {}",
+            maxRecipientsNum,
+            maxRecipientsNum * recipientLength + emptyHeaderLen, Envelope.MAX_HEADER_LEN);
+        assertTrue(maxRecipientsNum * recipientLength + emptyHeaderLen < Envelope.MAX_HEADER_LEN);
+
+        Map<PublicKey, String> keyLabelMap = new HashMap<>();
+        Instant start = Instant.now();
+        for  (int i = 1; i < maxRecipientsNum; i++) {
+            keyLabelMap.put(ECKeys.generateEcKeyPair(ECKeys.SECP_384_R_1).getPublic(), "longHeader");
+        }
+        keyLabelMap.put(bobPubKey, "_bob_key_");
+
+        List<EncryptionKeyMaterial> recipients = keyLabelMap.entrySet().stream()
+                .map(entry -> EncryptionKeyMaterial.from(entry.getKey(), entry.getValue()))
+                .collect(Collectors.toList()); //mutable list
+
+        Instant end = Instant.now();
+        log.debug("Generated {} EC keys in {}s", keyLabelMap.size(), end.getEpochSecond() - start.getEpochSecond());
+
+        Instant prepareStart = Instant.now();
+        Envelope senderEnvelope = Envelope.prepare(recipients, null);
+        Instant prepareEnd = Instant.now();
+        log.debug("Prepared {} EC sender keys in {}s", keyLabelMap.size(),
+                prepareEnd.getEpochSecond() - prepareStart.getEpochSecond());
+
+        Instant serializeStart = Instant.now();
+        byte[] headerBuf = senderEnvelope.serializeHeader();
+        Instant serializeEnd = Instant.now();
+        log.debug("Recipients: {} header size: {}B in {}s", keyLabelMap.size(), headerBuf.length,
+                serializeEnd.getEpochSecond() - serializeStart.getEpochSecond());
+
+        //  test that serialization fails for oversize header
+        recipients.add(EncryptionKeyMaterial.from(
+                ECKeys.generateEcKeyPair(ECKeys.SECP_384_R_1).getPublic(), "longHeader+1"));
+        IllegalStateException exception = assertThrows(IllegalStateException.class, () ->
+            Envelope.prepare(recipients, null).serializeHeader());
+        assertTrue(exception.getMessage().contains("Header serialization failed"));
+
+        try (ByteArrayOutputStream dst = new ByteArrayOutputStream()) {
+            senderEnvelope.encrypt(List.of(payloadFile), dst);
+            byte[] cdocContainerBytes = dst.toByteArray();
+
+            assertTrue(cdocContainerBytes.length > 0);
+
+            log.debug("CDOC container with {} recipients and minimal payload is {}B. ", keyLabelMap.size() - 1,
+                    cdocContainerBytes.length);
+
+            try (ByteArrayInputStream bis = new ByteArrayInputStream(cdocContainerBytes)) {
+                List<String> filesExtracted = Envelope.decrypt(bis, DecryptionKeyMaterial.fromKeyPair(bobKeyPair),
+                        outDir, null);
+
+                assertEquals(List.of(payloadFileName), filesExtracted);
+                Path payloadPath = Path.of(outDir.toAbsolutePath().toString(), payloadFileName);
+
+                assertEquals(payloadData, Files.readString(payloadPath));
+            }
+        }
+    }
+
+    // test that over 8GB files can be encrypted/decrypted.
+    // Over 8GB files are tar extension
+    // Not all ChaCha implementation can handle big files
+    // requires 16GB of free disk space on /tmp
+    @Test
+    @Tag("slow") // about 8 min, depends on IO speed
+    void test8GBPlusFileContainer(@TempDir Path tempDir) throws Exception {
+
+        // since generated file is random, zlib can't compress it effectively and
+        // created cdoc might be bigger than original file
+        long sixteenGB = (16 + 1) * 1024 * 1024 * 1024;
+        if (tempDir.toFile().getUsableSpace() < sixteenGB) {
+            log.error("Need {} B of free space, but only {} B available", sixteenGB, tempDir.toFile().getUsableSpace());
+            fail("Not enough free disk space at " + tempDir);
+        }
+
+        UUID uuid = UUID.randomUUID();
+        String payloadFileName = "payload-" + uuid + ".txt";
+        String payloadData = "payload-" + uuid;
+        File payloadFile = tempDir.resolve(payloadFileName).toFile();
+
+        Files.write(payloadFile.toPath(), payloadData.getBytes(StandardCharsets.UTF_8));
+
+        String bigFileName = "bigFile";
+
+        byte[] oneMb = new byte[1024 * 1024]; // 1 MB
+
+        log.debug("Generating {} bytes of random...", oneMb.length);
+        new Random().nextBytes(oneMb);
+
+        log.debug("Done.");
+
+        long mbWanted = 8192 + 1; // 8,0001 GB
+        // create over 8GB file (limit of standard tar to force use of POSIX bigFile extension headers)
+        File biggerFile = tempDir.resolve(bigFileName).toFile();
+
+        log.debug("Writing {} MB to file..", mbWanted);
+        try (OutputStream os = Files.newOutputStream(biggerFile.toPath())) {
+            for (long i = 0; i < mbWanted; i++) {
+                os.write(oneMb);
+            }
+        }
+        log.debug("Done.");
+
+        Path outDir = tempDir.resolve("testContainer-" + uuid);
+        Files.createDirectories(outDir);
+
+        String label = "test8GBFileContainer";
+        byte[] secret = new byte[32];
+        Crypto.getSecureRandom().nextBytes(secret);
+        SecretKey key = new SecretKeySpec(secret, "");
+
+        Envelope envelope = Envelope.prepare(List.of(EncryptionKeyMaterial.from(key, label)), null);
+
+        File bigDotCdoc = outDir.resolve("big.cdoc").toFile();
+
+        log.debug("Encrypting big payload...");
+        try (FileOutputStream dst = new FileOutputStream(bigDotCdoc)) {
+            envelope.encrypt(List.of(payloadFile, biggerFile), dst);
+        }
+        log.debug("Done.");
+        log.debug("Created {} {}B", bigDotCdoc, bigDotCdoc.length());
+
+        log.debug("Decrypting {}", bigDotCdoc);
+        try (FileInputStream cdoc = new FileInputStream(bigDotCdoc)) {
+            // use list, instead of decrypt. Container is decrypted, but files are not extracted - save disk space
+            List<ArchiveEntry> entryList =
+                    Envelope.list(cdoc, DecryptionKeyMaterial.fromSecretKey(label, key), null);
+
+            entryList.forEach(entry -> log.debug("{} {}", entry.getName(), entry.getSize()));
+
+            assertEquals(2, entryList.size());
+            assertEquals("bigFile", entryList.get(1).getName());
+            assertEquals(mbWanted * oneMb.length, entryList.get(1).getSize());
+        }
+        log.debug("Done.");
+    }
+}
diff --git a/cdoc20-lib/src/test/java/ee/cyber/cdoc20/container/EnvelopeTestUtils.java b/cdoc20-lib/src/test/java/ee/cyber/cdoc20/container/EnvelopeTestUtils.java
new file mode 100644
index 00000000..ef8886b6
--- /dev/null
+++ b/cdoc20-lib/src/test/java/ee/cyber/cdoc20/container/EnvelopeTestUtils.java
@@ -0,0 +1,325 @@
+package ee.cyber.cdoc20.container;
+
+import ee.cyber.cdoc20.CDocBuilder;
+import ee.cyber.cdoc20.CDocException;
+import ee.cyber.cdoc20.CDocValidationException;
+import ee.cyber.cdoc20.client.ExtApiException;
+import ee.cyber.cdoc20.client.KeyCapsuleClient;
+import ee.cyber.cdoc20.client.KeyCapsuleClientFactory;
+import ee.cyber.cdoc20.crypto.ChaChaCipher;
+import ee.cyber.cdoc20.crypto.Crypto;
+import ee.cyber.cdoc20.crypto.DecryptionKeyMaterial;
+import ee.cyber.cdoc20.crypto.EncryptionKeyMaterial;
+import ee.cyber.cdoc20.fbs.header.FMKEncryptionMethod;
+import ee.cyber.cdoc20.fbs.header.Header;
+import ee.cyber.cdoc20.fbs.header.RecipientRecord;
+import ee.cyber.cdoc20.fbs.recipients.SymmetricKeyCapsule;
+import org.apache.commons.compress.archivers.tar.TarArchiveEntry;
+import org.apache.commons.compress.archivers.tar.TarArchiveOutputStream;
+import org.apache.commons.compress.archivers.tar.TarConstants;
+import org.apache.commons.compress.compressors.deflate.DeflateCompressorOutputStream;
+import org.apache.commons.compress.compressors.deflate.DeflateParameters;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import javax.annotation.Nullable;
+import javax.crypto.CipherOutputStream;
+import javax.crypto.SecretKey;
+import java.io.BufferedOutputStream;
+import java.io.ByteArrayInputStream;
+import java.io.ByteArrayOutputStream;
+import java.io.File;
+import java.io.FileOutputStream;
+import java.io.IOException;
+import java.io.InputStream;
+import java.nio.ByteBuffer;
+import java.nio.charset.StandardCharsets;
+import java.nio.file.Files;
+import java.nio.file.Path;
+import java.security.GeneralSecurityException;
+import java.util.Arrays;
+import java.util.LinkedList;
+import java.util.List;
+import java.util.Objects;
+import java.util.Properties;
+import java.util.Random;
+import java.util.UUID;
+
+import static ee.cyber.cdoc20.fbs.header.Capsule.recipients_SymmetricKeyCapsule;
+import static org.junit.jupiter.api.Assertions.assertEquals;
+import static org.junit.jupiter.api.Assertions.assertNotNull;
+import static org.junit.jupiter.api.Assertions.assertTrue;
+
+public final class EnvelopeTestUtils {
+    private static final Logger log = LoggerFactory.getLogger(EnvelopeTestUtils.class);
+
+
+    private EnvelopeTestUtils() {
+    }
+
+    /**
+     * Replace payload inside cdoc2 container. Limitation is that container must be created with SecretKey and Label
+     * @param origCdocBytes cdoc2 container
+     * @param preSharedKey
+     * @param keyLabel
+     * @param newCdocPayload payload from origCdocBytes will be replaced with encrypted newCdocPayload
+     * @return new cdoc2 container where original payload was replaced with newCdocPayload
+     * @throws IOException
+     * @throws CDocParseException
+     */
+    static byte[] replacePayload(byte[] origCdocBytes, SecretKey preSharedKey, String keyLabel, byte[] newCdocPayload)
+            throws IOException, CDocParseException, GeneralSecurityException {
+        byte[] headerBytes = Envelope.readFBSHeader(new ByteArrayInputStream(origCdocBytes));
+        Header header = Envelope.deserializeFBSHeader(headerBytes);
+
+        int hmacStart = Envelope.PRELUDE.length
+                + Byte.BYTES //version 0x02
+                + Integer.BYTES //header length field
+                + headerBytes.length;
+        byte[] hmacBytes = Arrays.copyOfRange(origCdocBytes, hmacStart, hmacStart + Crypto.HHK_LEN_BYTES);
+        assertEquals(Crypto.HHK_LEN_BYTES, hmacBytes.length);
+
+
+        RecipientRecord recipient = header.recipients(0);
+        ByteBuffer encFmkBuf = recipient.encryptedFmkAsByteBuffer();
+        byte[] encFmk = Arrays.copyOfRange(encFmkBuf.array(), encFmkBuf.position(), encFmkBuf.limit());
+
+        if (recipient.capsuleType() != recipients_SymmetricKeyCapsule) {
+            throw new IllegalArgumentException("Expected CDOC2 container to contain SymmetricKeyCapsule");
+        }
+
+        SymmetricKeyCapsule symmetricKeyCapsule = (SymmetricKeyCapsule) recipient.capsule(new SymmetricKeyCapsule());
+        ByteBuffer saltBuf = symmetricKeyCapsule.saltAsByteBuffer();
+        byte[] salt = Arrays.copyOfRange(saltBuf.array(), saltBuf.position(), saltBuf.limit());
+
+        SecretKey kek = Crypto.deriveKeyEncryptionKey(keyLabel,
+                preSharedKey,
+                salt,
+                FMKEncryptionMethod.name(recipient.fmkEncryptionMethod()));
+        byte[] fmk = Crypto.xor(kek.getEncoded(), encFmk);
+
+        SecretKey cek = Crypto.deriveContentEncryptionKey(fmk);
+
+
+
+        byte[] encryptedTarWithExtraData = encryptPayload(cek,
+                Envelope.getAdditionalData(headerBytes, hmacBytes),
+                newCdocPayload);
+
+
+        //replace original cdoc payload part with new custom tar
+        byte[] newCdocBytes = new byte[hmacStart + Crypto.HHK_LEN_BYTES + encryptedTarWithExtraData.length];
+
+        System.arraycopy(origCdocBytes, 0, newCdocBytes, 0,
+                hmacStart + Crypto.HHK_LEN_BYTES);
+        System.arraycopy(encryptedTarWithExtraData, 0,
+                newCdocBytes, hmacStart + Crypto.HHK_LEN_BYTES, encryptedTarWithExtraData.length);
+        return newCdocBytes;
+    }
+
+    static byte[] encryptPayload(SecretKey cek, byte[] aad, byte[] payloadBytes)
+            throws IOException, GeneralSecurityException {
+
+        ByteArrayOutputStream destChaChaStream = new ByteArrayOutputStream();
+        try (CipherOutputStream cipherOutputStream = ChaChaCipher.initChaChaOutputStream(destChaChaStream, cek, aad)) {
+            cipherOutputStream.write(payloadBytes);
+            cipherOutputStream.flush();
+        }
+        return destChaChaStream.toByteArray();
+    }
+
+    static byte[] createTarWithExtraData() throws IOException {
+        // https://superuser.com/questions/448623/how-to-get-an-empty-tar-archive
+        byte[] tarBytes = new byte[1024 + 512]; //1024 bytes of 0x00 is valid tar
+        // + 512 bytes for extra data, that will not be processed by tar
+        String extraData = "testTarWithExtraData";
+        System.arraycopy(extraData.getBytes(StandardCharsets.UTF_8), 0, tarBytes, 1024,
+                extraData.getBytes(StandardCharsets.UTF_8).length);
+
+
+        // generate random bytes so that compression ratio would not be over 10.0
+        // copy tar to begging of it
+        byte[] randomBytes  = new byte[64 * 1024];
+        new Random().nextBytes(randomBytes);
+
+        System.arraycopy(tarBytes, 0, randomBytes, 0,
+                tarBytes.length);
+
+
+        ByteArrayOutputStream destTarZlib = new ByteArrayOutputStream();
+
+        InputStream tarInputStream = new ByteArrayInputStream(randomBytes);
+        DeflateParameters deflateParameters = new DeflateParameters();
+        deflateParameters.setCompressionLevel(9);
+
+        try (DeflateCompressorOutputStream zOs =
+                     new DeflateCompressorOutputStream(new BufferedOutputStream(destTarZlib), deflateParameters)) {
+            long copied = tarInputStream.transferTo(zOs);
+            log.debug("Copied {}B from tar to deflate", copied);
+        }
+
+        log.debug("Compressed {} into {}", randomBytes.length, destTarZlib.size());
+
+        // Tar is able to process empty tar without exceptions
+        //assertTrue(Tar.listFiles(new ByteArrayInputStream(destTarZlib.toByteArray())).isEmpty());
+        return destTarZlib.toByteArray();
+    }
+
+    static byte[] createTarWithIllegalFileType() throws IOException {
+
+        String validFileName = "validFile";
+        byte[] data = new byte[10 * 1024];
+        //new Random().nextBytes(data);
+
+        ByteArrayOutputStream dest = new ByteArrayOutputStream();
+
+        try (TarArchiveOutputStream tarOs = Tar.createPosixTarZArchiveOutputStream(dest)) {
+
+            TarArchiveEntry tarEntry1 = new TarArchiveEntry(validFileName);
+            tarEntry1.setSize(data.length);
+            tarOs.putArchiveEntry(tarEntry1);
+            new Random().nextBytes(data);
+            tarOs.write(data);
+            tarOs.closeArchiveEntry();
+
+            TarArchiveEntry tarEntry2 = new TarArchiveEntry("nonRegularFile/", TarConstants.LF_LINK);
+            tarOs.putArchiveEntry(tarEntry2);
+            tarOs.closeArchiveEntry();
+
+
+            TarArchiveEntry tarEntry3 = new TarArchiveEntry(validFileName + ".2");
+            tarEntry3.setSize(data.length);
+            tarOs.putArchiveEntry(tarEntry3);
+            new Random().nextBytes(data);
+            tarOs.write(data);
+            tarOs.closeArchiveEntry();
+
+
+
+        }
+
+        return dest.toByteArray();
+    }
+
+    /**
+     * Creates payloadFile, adds payloadData to payloadFile and creates encrypted container for recipientPubKey
+     * @param payloadFile input payload file to be created and added to container
+     * @param payloadData data to be written to payloadFile
+     * @param encKeyMaterial encryption key material (either public key or symmetric key)
+     * @param additionalFiles optional additional file to add
+     * @param capsuleClient
+     * @return created container as byte[]
+     * @throws IOException if IOException happens
+     * @throws GeneralSecurityException if GeneralSecurityException happens
+     */
+    public static byte[] createContainer(File payloadFile, byte[] payloadData,
+                                         EncryptionKeyMaterial encKeyMaterial, @Nullable List<File> additionalFiles,
+                                         @Nullable KeyCapsuleClient capsuleClient)
+            throws IOException, GeneralSecurityException, ExtApiException {
+
+        try (FileOutputStream payloadFos = new FileOutputStream(payloadFile)) {
+            payloadFos.write(payloadData);
+        }
+
+        List<File> files = new LinkedList<>();
+        files.add(payloadFile);
+        if (additionalFiles != null) {
+            files.addAll(additionalFiles);
+        }
+
+        byte[] cdocContainerBytes;
+        Envelope senderEnvelope = Envelope.prepare(List.of(encKeyMaterial), capsuleClient);
+        try (ByteArrayOutputStream dst = new ByteArrayOutputStream()) {
+            senderEnvelope.encrypt(files, dst);
+            cdocContainerBytes = dst.toByteArray();
+        }
+        assertNotNull(cdocContainerBytes);
+        assertTrue(cdocContainerBytes.length > 0);
+        return cdocContainerBytes;
+    }
+
+    /**
+     * Creates CDOC2 container in tempDir and encrypts/decrypts it with keyPair. If capsulesClient is provided, then
+     * test server scenarios
+     */
+    public static void testContainer(Path tempDir, DecryptionKeyMaterial keyMaterial, String keyLabel,
+                                     @Nullable KeyCapsuleClient capsulesClient) throws Exception {
+
+        UUID uuid = UUID.randomUUID();
+        String payloadFileName = "payload-" + uuid + ".txt";
+        String payloadData = "payload-" + uuid;
+        File payloadFile = tempDir.resolve(payloadFileName).toFile();
+
+        Path outDir = tempDir.resolve("testContainer-" + uuid);
+        Files.createDirectories(outDir);
+
+        EncryptionKeyMaterial encKeyMaterial = (keyMaterial.getKeyPair().isPresent())
+                ? EncryptionKeyMaterial.from(keyMaterial.getKeyPair().get().getPublic(), keyLabel)
+                : EncryptionKeyMaterial.from(keyMaterial.getSecretKey().orElseThrow(), keyLabel);
+
+        byte[] cdocContainerBytes = createContainer(payloadFile,
+                payloadData.getBytes(StandardCharsets.UTF_8), encKeyMaterial, null,
+                capsulesClient);
+
+        assertTrue(cdocContainerBytes.length > 0);
+
+        checkContainerDecrypt(cdocContainerBytes, outDir, keyMaterial,
+                List.of(payloadFileName), payloadFileName, payloadData, capsulesClient);
+    }
+
+    public static void checkContainerDecrypt(byte[] cdocBytes, Path outDir, DecryptionKeyMaterial keyMaterial,
+                                             List<String> expectedFilesExtracted, String payloadFileName,
+                                             String expectedPayloadData,
+                                             KeyCapsuleClient capsulesClient)  throws Exception {
+
+        try (ByteArrayInputStream bis = new ByteArrayInputStream(cdocBytes)) {
+
+            KeyCapsuleClientFactory clientFactory = (capsulesClient == null) ? null : new KeyCapsuleClientFactory() {
+                @Override
+                public KeyCapsuleClient getForId(String serverId) {
+                    Objects.requireNonNull(serverId);
+                    if ((capsulesClient != null)
+                            && (serverId.equals(capsulesClient.getServerIdentifier()))) {
+                        return capsulesClient;
+                    }
+
+                    log.warn("No KeyCapsulesClient for {}", serverId);
+                    return null;
+                }
+            };
+
+            List<String> filesExtracted = Envelope.decrypt(bis, keyMaterial, outDir, clientFactory);
+
+            assertEquals(expectedFilesExtracted, filesExtracted);
+            Path payloadPath = Path.of(outDir.toAbsolutePath().toString(), payloadFileName);
+
+            assertEquals(expectedPayloadData, Files.readString(payloadPath));
+        }
+    }
+
+    public static void createContainerUsingCDocBuilder(File cdocFileToCreate,
+                                                       File payloadFile, byte[] payloadData,
+                                                       EncryptionKeyMaterial encKeyMaterial,
+                                                       @Nullable List<File> additionalFiles,
+                                                       @Nullable Properties serverProperties)
+            throws IOException, CDocException, CDocValidationException {
+
+        try (FileOutputStream payloadFos = new FileOutputStream(payloadFile)) {
+            payloadFos.write(payloadData);
+        }
+
+        List<File> files = new LinkedList<>();
+        files.add(payloadFile);
+        if (additionalFiles != null) {
+            files.addAll(additionalFiles);
+        }
+
+        CDocBuilder builder = new CDocBuilder()
+                .withPayloadFiles(files)
+                .withRecipients(List.of(encKeyMaterial))
+                .withServerProperties(serverProperties);
+
+        builder.buildToFile(cdocFileToCreate);
+
+    }
+}
diff --git a/cdoc20-lib/src/test/java/ee/cyber/cdoc20/container/TarDeflateTest.java b/cdoc20-lib/src/test/java/ee/cyber/cdoc20/container/TarDeflateTest.java
new file mode 100644
index 00000000..a55a224a
--- /dev/null
+++ b/cdoc20-lib/src/test/java/ee/cyber/cdoc20/container/TarDeflateTest.java
@@ -0,0 +1,348 @@
+package ee.cyber.cdoc20.container;
+
+import java.io.*;
+import java.nio.file.*;
+import java.util.*;
+import java.util.stream.Collectors;
+import java.util.stream.Stream;
+
+import ee.cyber.cdoc20.CDocConfiguration;
+import org.apache.commons.compress.archivers.tar.TarArchiveEntry;
+import org.apache.commons.compress.archivers.tar.TarArchiveInputStream;
+import org.apache.commons.compress.archivers.tar.TarArchiveOutputStream;
+import org.apache.commons.compress.compressors.deflate.DeflateCompressorInputStream;
+import org.apache.commons.compress.compressors.deflate.DeflateCompressorOutputStream;
+import org.apache.commons.compress.compressors.deflate.DeflateParameters;
+import org.junit.jupiter.api.Test;
+import org.junit.jupiter.api.io.TempDir;
+import org.junit.jupiter.api.parallel.Isolated;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import static ee.cyber.cdoc20.CDocConfiguration.DISK_USAGE_THRESHOLD_PROPERTY;
+import static java.nio.charset.StandardCharsets.*;
+import static org.junit.jupiter.api.Assertions.*;
+
+// test are executed sequentially without any other tests running at the same time
+@Isolated
+class TarDeflateTest {
+    private static final  Logger log = LoggerFactory.getLogger(TarDeflateTest.class);
+
+    private static final String TGZ_FILE_NAME = "archive.tgz";
+    private static final String PAYLOAD = "payload\n";
+    private static final List<String> INVALID_FILE_NAMES = List.of(
+        "CON", "con", "PRN", "AUX", "aux", "NUL", "nul", "COM2", "LPT1", "com1", "lpt1",
+        "abc:", "test ", "test.", "abc>", "abc<", "abc\\",
+        "abc|", "abc?", "abc*", "abc\"",
+        "test ", "test.", "test\n", "test\t", "-test.text",
+        "ann\u202Etxt.exe" //.exe file that is rendered as annexe.txt on unicode supporting UI
+    );
+
+    private static final List<String> VALID_FILE_NAMES = List.of("control", "test");
+
+    void testCreateArchive(Path tempDir) throws IOException {
+        File payloadFile = tempDir.resolve("payload.txt").toFile();
+        try (FileOutputStream payloadFos = new FileOutputStream(payloadFile)) {
+            payloadFos.write(PAYLOAD.getBytes(UTF_8));
+        }
+
+        File readmeFile = new File("../README.md"); //cdoc20-lib
+        if (!readmeFile.exists()) {
+            readmeFile = new File("README.md"); // parent dir
+        }
+
+        File tarGZipFile = tempDir.resolve(TGZ_FILE_NAME).toFile();
+        log.debug("Creating tar {}", tarGZipFile);
+        try (FileOutputStream fos = new FileOutputStream(tarGZipFile)) {
+            Tar.archiveFiles(fos, List.of(payloadFile, readmeFile));
+        }
+
+        Set<String> entries = new HashSet<>();
+
+        try (TarArchiveInputStream tar = new TarArchiveInputStream(new DeflateCompressorInputStream(
+                new BufferedInputStream(new FileInputStream(tarGZipFile))))) {
+
+            TarArchiveEntry entry;
+            while ((entry = tar.getNextTarEntry()) != null) {
+                entries.add(entry.getName());
+            }
+        }
+
+        assertEquals(Set.of("payload.txt", "README.md"), entries);
+    }
+
+    @Test
+    void testExtract(@TempDir Path tempDir) throws IOException {
+        testCreateArchive(tempDir); //create archive
+        File tarGZipFile = tempDir.resolve(TGZ_FILE_NAME).toFile();
+
+        Path outDir = tempDir.resolve("testExtract");
+        Files.createDirectories(outDir);
+
+        log.debug("Extracting {} to {}", tarGZipFile, outDir);
+        try (FileInputStream fis = new FileInputStream(tarGZipFile); TarDeflate tar = new TarDeflate(fis)) {
+            tar.extractToDir(outDir);
+        }
+
+        Set<String> extractedFiles;
+        try (Stream<Path> stream = Files.list(outDir)) {
+            extractedFiles = stream
+                    .filter(file -> !Files.isDirectory(file))
+                    .map(Path::getFileName)
+                    .map(Path::toString)
+                    .collect(Collectors.toSet());
+        }
+
+        assertEquals(Set.of("payload.txt", "README.md"), extractedFiles);
+
+        Path payloadPath = Path.of(outDir.toAbsolutePath().toString(), "payload.txt");
+
+        String read = Files.readString(payloadPath);
+
+        assertEquals(PAYLOAD, read);
+    }
+
+    //TempDir and its contents will be automatically cleaned up by Junit
+    @Test
+    void testArchiveData(@TempDir Path tempDir) throws IOException {
+        Path outFile = tempDir.resolve("testArchiveData.tar.gz");
+
+        String tarEntryName = "payload-" + UUID.randomUUID();
+
+        try (FileOutputStream fos = new FileOutputStream(outFile.toFile())) {
+            ByteArrayInputStream bos = new ByteArrayInputStream(PAYLOAD.getBytes(UTF_8));
+            Tar.archiveData(fos, bos, tarEntryName);
+        }
+
+        try (FileInputStream is = new FileInputStream(outFile.toFile())) {
+            List<String> filesList = TarDeflate.listFiles(is);
+            assertEquals(List.of(tarEntryName), filesList);
+        }
+
+        try (FileInputStream is = new FileInputStream(outFile.toFile());
+             ByteArrayOutputStream bos = new ByteArrayOutputStream()) {
+
+            long extractedLen = Tar.extractTarEntry(is, bos, tarEntryName);
+            assertTrue(extractedLen > 0);
+            assertEquals(PAYLOAD, bos.toString(UTF_8));
+        }
+    }
+
+    @Test
+    void testTarGzBomb(@TempDir Path tempDir) throws IOException {
+        byte[] zeros = new byte[1024]; //1KB
+
+        long bigFileSize = 1024 //1KB
+                * 1024; //1MB
+                //*1024 //1GB
+                //;
+
+        Path bombPath =  tempDir.resolve("bomb.tgz");
+        //bombPath.toFile().deleteOnExit();
+
+        try (TarArchiveOutputStream tarOs = new TarArchiveOutputStream(new DeflateCompressorOutputStream(
+                new BufferedOutputStream(Files.newOutputStream(bombPath))))) {
+            tarOs.setLongFileMode(TarArchiveOutputStream.LONGFILE_POSIX);
+            tarOs.setAddPaxHeadersForNonAsciiNames(true);
+            TarArchiveEntry tarEntry = new TarArchiveEntry("A");
+            tarEntry.setSize(bigFileSize);
+            tarOs.putArchiveEntry(tarEntry);
+
+            long written = 0;
+            while (written < bigFileSize) {
+                tarOs.write(zeros);
+                written += zeros.length;
+                if (written % (1024 * 1024) == 0) {
+                    log.debug("Wrote {}MB", written / (1024 * 1024));
+                }
+            }
+
+            log.debug("Wrote {}B", written);
+            tarOs.closeArchiveEntry();
+        }
+
+
+        Path outDir = tempDir.resolve("testTarGzBomb");
+        Files.createDirectories(outDir);
+
+        log.debug("Extracting {} to {}", bombPath, outDir);
+        Exception exception = assertThrows(IllegalStateException.class, () -> {
+            try (TarDeflate tar = new TarDeflate(Files.newInputStream(bombPath))) {
+                tar.extractToDir(outDir);
+            }
+        });
+
+        log.debug("Got {} with message: {}", exception.getClass().getName(), exception.getMessage());
+    }
+
+    @Test
+    void testCheckDiskSpaceAvailable(@TempDir Path tempDir) {
+        //might cause other tests to fail, if tests executed parallel
+        System.setProperty(DISK_USAGE_THRESHOLD_PROPERTY, "0.1");
+
+        assertThrows(IllegalStateException.class, () -> testExtract(tempDir));
+
+        System.clearProperty(DISK_USAGE_THRESHOLD_PROPERTY);
+    }
+
+    @Test
+    void testMaxExtractEntries(@TempDir Path tempDir) {
+        //might cause other tests to fail, if tests executed parallel
+        System.setProperty(CDocConfiguration.TAR_ENTRIES_THRESHOLD_PROPERTY, "1");
+
+        assertThrows(IllegalStateException.class, () -> testExtract(tempDir));
+
+        System.clearProperty(CDocConfiguration.TAR_ENTRIES_THRESHOLD_PROPERTY);
+    }
+
+    @Test
+    void shouldValidateFileNameWhenCreatingTar(@TempDir Path tempDir) throws IOException {
+        File outputTarFile = tempDir.resolve(TGZ_FILE_NAME).toFile();
+
+        assertFalse(INVALID_FILE_NAMES.isEmpty());
+
+        // should fail
+        for (String fileName: INVALID_FILE_NAMES) {
+            File file = createAndWriteToFile(tempDir, fileName, PAYLOAD);
+            OutputStream os = new ByteArrayOutputStream();
+            assertThrows(
+                InvalidPathException.class,
+                () -> Tar.archiveFiles(os, List.of(file)),
+                "File with name '" + file + "' should not be allowed in created tar"
+            );
+        }
+
+        // should pass
+        for (String fileName: VALID_FILE_NAMES) {
+            File file = createAndWriteToFile(tempDir, fileName, PAYLOAD);
+            var bos = new ByteArrayOutputStream();
+            Tar.archiveFiles(bos, List.of(file));
+            assertTrue(bos.toByteArray().length > 0);
+        }
+    }
+
+    @Test
+    void shouldValidateFileNameWhenExtractingTar(@TempDir Path tempDir) throws IOException {
+        // should fail
+        for (int i = 0; i < INVALID_FILE_NAMES.size(); i++) {
+            String fileName = INVALID_FILE_NAMES.get(i);
+            File file = createTar(tempDir, TGZ_FILE_NAME + '.' + i, fileName, PAYLOAD);
+
+            assertThrows(
+                InvalidPathException.class,
+                () -> TarDeflate.process(new FileInputStream(file), tempDir, List.of(fileName), true),
+                "File with name '" + fileName + "' should not be extracted from tar"
+            );
+
+        }
+
+        // should pass
+        int i = 0;
+        for (String fileName: VALID_FILE_NAMES) {
+            File file = createTar(tempDir, TGZ_FILE_NAME + '.' + i++, fileName, PAYLOAD);
+            var result = TarDeflate.process(new FileInputStream(file), tempDir, List.of(fileName), true);
+            assertTrue(result.size() == 1);
+        }
+    }
+
+    @Test
+    void findZlibMinSize() throws IOException {
+        // code to find out minimum compressed tar file, used to find minimum payload size in
+        // ChaChaCipherTest.findTarZChaChaCipherStreamMin
+
+        byte[] data = {0x00};
+        ByteArrayOutputStream dest = new ByteArrayOutputStream();
+        try (DeflateCompressorOutputStream zOs = new DeflateCompressorOutputStream(new BufferedOutputStream(dest))) {
+            zOs.write(data);
+        }
+
+        //zlib header 2 bytes, crc 4
+        log.debug("zLib size {}", dest.size()); //9
+
+        ByteArrayOutputStream destTarZ = new ByteArrayOutputStream();
+        Tar.archiveData(destTarZ, new ByteArrayInputStream(data), "A");
+
+        log.debug("TarZ size {}", destTarZ.size()); //76
+
+        ByteArrayOutputStream destEmptyTarZ = new ByteArrayOutputStream();
+        // https://superuser.com/questions/448623/how-to-get-an-empty-tar-archive
+        byte[] emptyTarBytes = new byte[1024]; //1024 bytes of 0x00 is valid tar
+        InputStream emptyTar = new ByteArrayInputStream(emptyTarBytes);
+        DeflateParameters deflateParameters = new DeflateParameters();
+        deflateParameters.setCompressionLevel(9);
+        try (DeflateCompressorOutputStream zOs =
+                     new DeflateCompressorOutputStream(new BufferedOutputStream(destEmptyTarZ), deflateParameters)) {
+            emptyTar.transferTo(zOs);
+        }
+
+        log.debug("Compressed empty.tar {}", destEmptyTarZ.size()); //17
+
+        // Tar is able to process empty tar without exceptions
+        assertTrue(TarDeflate.listFiles(new ByteArrayInputStream(destEmptyTarZ.toByteArray())).isEmpty());
+    }
+
+    @Test
+    void shouldSupportLongFileName(@TempDir Path tempDir) throws IOException {
+        byte[] data = {0x00};
+        ByteArrayOutputStream destTarZ = new ByteArrayOutputStream();
+
+        // test also utf-8 support
+        String longFileName = "\uD83D\uDC4D";
+        do {
+            longFileName += "a";
+        } while (longFileName.getBytes(UTF_8).length < 300);
+
+        log.debug("longFilename: {}", longFileName);
+
+        Tar.archiveData(destTarZ, new ByteArrayInputStream(data), longFileName);
+
+
+        ByteArrayInputStream is = new ByteArrayInputStream(destTarZ.toByteArray());
+        List<String> filesList = TarDeflate.listFiles(is);
+        assertEquals(List.of(longFileName), filesList);
+    }
+
+    @Test
+    void testTarDeflateAutoClose() throws Exception {
+        byte[] emptyTarBytes = new byte[1024]; //1024 bytes of 0x00 is valid tar
+        InputStream emptyTar = new ByteArrayInputStream(emptyTarBytes);
+
+        ByteArrayOutputStream deflateTarOs = new ByteArrayOutputStream();
+        try (DeflateCompressorOutputStream zOs =
+                     new DeflateCompressorOutputStream(new BufferedOutputStream(deflateTarOs))) {
+            emptyTar.transferTo(zOs);
+        }
+
+        final boolean[] closeWasCalled = {false};
+        ByteArrayInputStream deflateTarStream = new ByteArrayInputStream(deflateTarOs.toByteArray()) {
+            @Override
+            public void close() throws IOException {
+                closeWasCalled[0] = true;
+                super.close();
+            }
+        };
+
+        TarDeflate.process(deflateTarStream, null, null, false);
+        assertTrue(closeWasCalled[0]);
+    }
+
+    private static File createAndWriteToFile(Path path, String fileName, String contents) throws IOException {
+        File file = path.resolve(fileName).toFile();
+        try (FileOutputStream fos = new FileOutputStream(file)) {
+            fos.write(contents.getBytes(UTF_8));
+        }
+        return file;
+    }
+
+    private static File createTar(Path path, String tarFileName, String entryFileName, String entryContents)
+            throws IOException {
+        File outFile = path.resolve(tarFileName).toFile();
+
+        try (FileOutputStream fos = new FileOutputStream(outFile)) {
+            ByteArrayInputStream bos = new ByteArrayInputStream(entryContents.getBytes(UTF_8));
+            Tar.archiveData(fos, bos, entryFileName);
+        }
+        return outFile;
+    }
+
+}
diff --git a/cdoc20-lib/src/test/java/ee/cyber/cdoc20/crypto/ChaChaChipherTest.java b/cdoc20-lib/src/test/java/ee/cyber/cdoc20/crypto/ChaChaChipherTest.java
new file mode 100644
index 00000000..a191a990
--- /dev/null
+++ b/cdoc20-lib/src/test/java/ee/cyber/cdoc20/crypto/ChaChaChipherTest.java
@@ -0,0 +1,233 @@
+package ee.cyber.cdoc20.crypto;
+
+import ee.cyber.cdoc20.container.Envelope;
+import ee.cyber.cdoc20.container.Tar;
+import ee.cyber.cdoc20.container.TarDeflate;
+import org.apache.commons.compress.compressors.deflate.DeflateCompressorOutputStream;
+import org.apache.commons.compress.compressors.deflate.DeflateParameters;
+import org.junit.jupiter.api.Tag;
+import org.junit.jupiter.api.Test;
+import org.junit.jupiter.api.io.TempDir;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import javax.crypto.*;
+import javax.crypto.spec.SecretKeySpec;
+import java.io.*;
+import java.nio.ByteBuffer;
+import java.nio.charset.StandardCharsets;
+import java.nio.file.Files;
+import java.nio.file.Path;
+import java.security.*;
+import java.time.Duration;
+import java.time.Instant;
+import java.util.Random;
+import java.util.UUID;
+
+import static org.junit.jupiter.api.Assertions.assertEquals;
+import static org.junit.jupiter.api.Assertions.assertTrue;
+
+class ChaChaChipherTest {
+    private static final Logger log = LoggerFactory.getLogger(ChaChaChipherTest.class);
+
+    @Test
+    void testChaCha() throws GeneralSecurityException {
+        log.trace("testChaCha()");
+
+        SecretKey cek = Crypto.deriveContentEncryptionKey(Crypto.generateFileMasterKey());
+
+        byte[] additionalData = Envelope.getAdditionalData(new byte[0], new byte[0]);
+        String payload = "secret";
+        byte[] encrypted =
+                ChaChaCipher.encryptPayload(cek, payload.getBytes(StandardCharsets.UTF_8), additionalData);
+
+        String decrypted = new String(ChaChaCipher.decryptPayload(cek, encrypted, additionalData),
+                StandardCharsets.UTF_8);
+        assertEquals(payload, decrypted);
+    }
+
+    @Test
+    void testChaChaCipherStream()
+            throws GeneralSecurityException,
+            IOException {
+
+        log.trace("testChaChaCipherStream()");
+        SecretKey cek = Crypto.deriveContentEncryptionKey(Crypto.generateFileMasterKey());
+
+        byte[] header = new byte[0];
+        byte[] headerHMAC = new byte[0];
+        byte[] additionalData = Envelope.getAdditionalData(header, headerHMAC);
+        String payload = "secret";
+
+
+        ByteArrayOutputStream bos = new ByteArrayOutputStream();
+        try (CipherOutputStream cos = ChaChaCipher.initChaChaOutputStream(bos, cek, additionalData)) {
+            cos.write(payload.getBytes(StandardCharsets.UTF_8));
+        }
+
+        byte[] encrypted = bos.toByteArray();
+
+
+        ByteArrayInputStream bis = new ByteArrayInputStream(encrypted);
+
+        CipherInputStream cis = ChaChaCipher.initChaChaInputStream(bis, cek, additionalData);
+
+        byte[] buf = new byte[1024];
+        int read = cis.read(buf);
+        assertTrue(read > 0);
+        String decrypted = new String(buf, 0, read, StandardCharsets.UTF_8);
+
+        assertEquals(payload, decrypted);
+    }
+
+    @Test
+    void testTarGZipChaChaCipherStream()
+            throws GeneralSecurityException, IOException {
+
+        log.trace("testTarGZipChaChaCipherStream()");
+        SecretKey cek = Crypto.deriveContentEncryptionKey(Crypto.generateFileMasterKey());
+
+        byte[] header = new byte[0];
+        byte[] headerHMAC = new byte[0];
+        byte[] additionalData = Envelope.getAdditionalData(header, headerHMAC);
+        String payload = "secret";
+
+
+        //Path encryptedPath = Path.of(System.getProperty("java.io.tmpdir")).resolve( "encrypted.tar.gz");
+        //encrypted.toFile().deleteOnExit();
+
+
+        ByteBuffer encryptedTarGzBuf;
+
+        String tarEntryName = "payload-" + UUID.randomUUID();
+        try (ByteArrayOutputStream encryptedTarGzBos = new ByteArrayOutputStream();
+            CipherOutputStream cipherOutputStream = ChaChaCipher.initChaChaOutputStream(
+                    encryptedTarGzBos, cek, additionalData)) {
+
+            Tar.archiveData(cipherOutputStream, new ByteArrayInputStream(payload.getBytes(StandardCharsets.UTF_8)),
+                    tarEntryName);
+            encryptedTarGzBuf = ByteBuffer.wrap(encryptedTarGzBos.toByteArray());
+        }
+
+        try (CipherInputStream cis = ChaChaCipher.initChaChaInputStream(
+                new ByteArrayInputStream(encryptedTarGzBuf.array()), cek, additionalData);
+             ByteArrayOutputStream out = new ByteArrayOutputStream()) {
+            Tar.extractTarEntry(cis, out, tarEntryName);
+            assertEquals(payload, out.toString(StandardCharsets.UTF_8));
+        }
+    }
+
+    @Test
+    void findTarZChaChaCipherStreamMin() throws IOException, GeneralSecurityException {
+        //see also TarGzTest.findZlibMinSize
+
+
+        //Create empty.tar and compress it with deflate
+        ByteArrayOutputStream destEmptyTarZ = new ByteArrayOutputStream();
+        // https://superuser.com/questions/448623/how-to-get-an-empty-tar-archive
+        byte[] emptyTarBytes = new byte[1024]; //1024 bytes of 0x00 is valid tar archive, see link above
+        InputStream emptyTar = new ByteArrayInputStream(emptyTarBytes);
+        DeflateParameters deflateParameters = new DeflateParameters();
+        deflateParameters.setCompressionLevel(9);
+        try (DeflateCompressorOutputStream zOs =
+                     new DeflateCompressorOutputStream(new BufferedOutputStream(destEmptyTarZ), deflateParameters)) {
+            emptyTar.transferTo(zOs);
+        }
+
+        log.debug("Compressed empty.tar {}", destEmptyTarZ.size()); //17
+        // Tar is able to process empty tar without exceptions
+        assertTrue(TarDeflate.listFiles(new ByteArrayInputStream(destEmptyTarZ.toByteArray())).isEmpty());
+
+        // encrypt compressed empty.tar with ChaCha stream, find out size
+        SecretKey cek = Crypto.deriveContentEncryptionKey(Crypto.generateFileMasterKey());
+        byte[] header = new byte[0];
+        byte[] headerHMAC = new byte[0];
+        byte[] additionalData = Envelope.getAdditionalData(header, headerHMAC);
+
+        ByteArrayInputStream minCompressedTarInputStream = new ByteArrayInputStream(destEmptyTarZ.toByteArray());
+        ByteArrayOutputStream encryptedTarGzBos = new ByteArrayOutputStream();
+
+        try (CipherOutputStream cipherOutputStream = ChaChaCipher.initChaChaOutputStream(
+                     encryptedTarGzBos, cek, additionalData)) {
+
+            minCompressedTarInputStream.transferTo(cipherOutputStream);
+        }
+
+        log.debug("ChaCha encrypted minimum compressed tar {} bytes", encryptedTarGzBos.size());
+        //nonce 12 + min compressed tar 17 + Poly1305 MAC 16
+        //45 - value for Envelope.MIN_PAYLOAD_LEN
+        assertTrue(encryptedTarGzBos.size() >= Envelope.MIN_PAYLOAD_LEN);
+    }
+
+    @Test // test speed of ChaCha cipher - on SSD decrypting 8GB took ~105 seconds (just reading file 17 seconds)
+    @Tag("slow")
+    void testChaChaCipherSpeed(@TempDir Path tempDir) throws IOException, GeneralSecurityException {
+        String bigFileName = "bigFile";
+        String bigFileNameEncrypted = "bigFile.enc";
+
+        byte[] buf = new byte[4096];
+        int read = 0;
+        long totalread = 0;
+
+        byte[] oneMb = new byte[1024 * 1024]; // 1 MB
+
+        log.debug("Generating {} bytes of random...", oneMb.length);
+        new Random().nextBytes(oneMb);
+
+        log.debug("Done.");
+
+        long mbWanted = 8192; // 8 GB
+
+        File biggerFile = tempDir.resolve(bigFileName).toFile();
+
+        log.debug("Writing {} MB to file..", mbWanted);
+        try (OutputStream os = Files.newOutputStream(biggerFile.toPath())) {
+            for (long i = 0; i < mbWanted; i++) {
+                os.write(oneMb);
+            }
+        }
+        log.debug("Done.");
+
+        // Perform read speed test
+        Instant readStart = Instant.now();
+        log.debug("Reading speed test");
+        try (InputStream is =
+                Files.newInputStream(tempDir.resolve(biggerFile.toPath()))) {
+            while ((read = is.read(buf)) > 0) {
+                totalread += read;
+            }
+        }
+        log.debug("Read {}B in {} seconds", totalread, Duration.between(readStart, Instant.now()).toSeconds());
+
+
+        log.debug("Encrypting");
+        OutputStream destChaChaStream = Files.newOutputStream(tempDir.resolve(bigFileNameEncrypted));
+        InputStream inputStream = Files.newInputStream(biggerFile.toPath());
+
+        byte[] aad = Envelope.getAdditionalData(new byte[]{}, new byte[] {});
+        byte[] secret = new byte[32];
+        Crypto.getSecureRandom().nextBytes(secret);
+        SecretKey cek = new SecretKeySpec(secret, "");
+        try (CipherOutputStream cipherOutputStream = ChaChaCipher.initChaChaOutputStream(destChaChaStream, cek, aad)) {
+            inputStream.transferTo(cipherOutputStream);
+        }
+        log.debug("Created {}", tempDir.resolve(bigFileNameEncrypted));
+
+        // Perform decrypt speed test
+        Instant decryptStart = Instant.now();
+        log.debug("Decrypting {}", tempDir.resolve(bigFileNameEncrypted));
+
+        read = 0;
+        totalread = 0;
+        try (CipherInputStream cis = ChaChaCipher.initChaChaInputStream(
+                Files.newInputStream(tempDir.resolve(bigFileNameEncrypted)), cek, aad)) {
+            while ((read = cis.read(buf)) > 0) {
+                totalread += read;
+            }
+        }
+        log.debug("Decrypted {}B in {} seconds", totalread, Duration.between(decryptStart, Instant.now()).toSeconds());
+
+    }
+
+
+}
diff --git a/cdoc20-lib/src/test/java/ee/cyber/cdoc20/crypto/CryptoTest.java b/cdoc20-lib/src/test/java/ee/cyber/cdoc20/crypto/CryptoTest.java
new file mode 100644
index 00000000..058e0072
--- /dev/null
+++ b/cdoc20-lib/src/test/java/ee/cyber/cdoc20/crypto/CryptoTest.java
@@ -0,0 +1,152 @@
+package ee.cyber.cdoc20.crypto;
+
+import ee.cyber.cdoc20.fbs.header.FMKEncryptionMethod;
+import org.junit.jupiter.api.BeforeAll;
+import org.junit.jupiter.api.Test;
+import static org.junit.jupiter.api.Assertions.*;
+
+import java.io.IOException;
+import java.nio.charset.StandardCharsets;
+import java.security.*;
+import java.security.interfaces.ECPublicKey;
+
+import java.util.HexFormat;
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import javax.crypto.*;
+import javax.crypto.spec.SecretKeySpec;
+
+
+class CryptoTest {
+    private static final Logger log = LoggerFactory.getLogger(CryptoTest.class);
+
+    @BeforeAll
+    static void initCrypto() {
+        Security.setProperty("crypto.policy", "unlimited");
+    }
+
+    @Test
+    void testMaxCrypto() throws NoSuchAlgorithmException {
+        int maxKeySize = javax.crypto.Cipher.getMaxAllowedKeyLength("AES");
+        assertTrue(maxKeySize > 256);
+    }
+
+    @Test
+    void testHKDF() throws NoSuchAlgorithmException {
+        byte[] fmk = Crypto.generateFileMasterKey();
+        assertEquals(Crypto.FMK_LEN_BYTES, fmk.length);
+
+        SecretKey cekKey = Crypto.deriveContentEncryptionKey(fmk);
+        String format = cekKey.getFormat();
+        byte[] cekBytes = cekKey.getEncoded();
+        assertEquals(Crypto.CEK_LEN_BYTES, cekBytes.length);
+
+        SecretKey hhkKey = Crypto.deriveHeaderHmacKey(fmk);
+        byte[] hhkBytes = hhkKey.getEncoded();
+        assertEquals(Crypto.HHK_LEN_BYTES, hhkBytes.length);
+    }
+
+
+    @Test
+    void testGenSharedSecret() throws GeneralSecurityException {
+        KeyPair keyPair = ECKeys.generateEcKeyPair(ECKeys.SECP_384_R_1);
+        KeyPair other = ECKeys.generateEcKeyPair(ECKeys.SECP_384_R_1);
+        byte[] ecdhSharedSecret =
+                Crypto.calcEcDhSharedSecret(keyPair.getPrivate(), (ECPublicKey) other.getPublic());
+
+        assertEquals(ECKeys.SECP_384_R_1_LEN_BYTES, ecdhSharedSecret.length);
+    }
+
+    @Test
+    void testXorCrypto() throws GeneralSecurityException {
+        log.trace("testXorCrypto()");
+        byte[] fmk = Crypto.generateFileMasterKey();
+        KeyPair keyPair = ECKeys.generateEcKeyPair(ECKeys.SECP_384_R_1);
+        KeyPair other = ECKeys.generateEcKeyPair(ECKeys.SECP_384_R_1);
+
+        byte[] kek = Crypto.deriveKeyEncryptionKey(keyPair, (ECPublicKey) other.getPublic(), fmk.length);
+        byte[] encryptedFmk = Crypto.xor(fmk, kek);
+        byte[] decrypted = Crypto.xor(encryptedFmk, kek);
+
+        log.debug("FMK:       {}", HexFormat.of().formatHex(fmk));
+        log.debug("encrypted: {}", HexFormat.of().formatHex(encryptedFmk));
+        log.debug("decrypted: {}", HexFormat.of().formatHex(decrypted));
+
+        assertArrayEquals(fmk, decrypted);
+    }
+
+    @Test
+    void testFmkECCycle() throws GeneralSecurityException, IOException {
+        log.trace("testFmkECCycle()");
+        byte[] fmk = Crypto.generateFileMasterKey();
+
+        //openssl ecparam -name secp384r1 -genkey -noout -out key.pem
+        @SuppressWarnings("checkstyle:OperatorWrap")
+        String pem =
+                "-----BEGIN EC PRIVATE KEY-----\n" +
+                "MIGkAgEBBDBh1UAT832Nh2ZXvdc5JbNv3BcEZSYk90esUkSPFmg2XEuoA7avS/kd\n" +
+                "4HtHGRbRRbagBwYFK4EEACKhZANiAASERl1rD+bm2aoiuGicY8obRkcs+jt8ks4j\n" +
+                "C1jD/f/EQ8KdFYrJ+KwnM6R8rIXqDnUnLJFiF3OzDpu8TUjVOvdXgzQL+n67QiLd\n" +
+                "yerTE6f5ujIXoXNkZB8O2kX/3vADuDA=\n" +
+                "-----END EC PRIVATE KEY-----\n";
+        KeyPair aliceKeyPair = PemTools.loadKeyPair(pem);
+        KeyPair bobKeyPair = ECKeys.generateEcKeyPair(ECKeys.SECP_384_R_1);
+
+        byte[] aliceKek = Crypto.deriveKeyEncryptionKey(aliceKeyPair, (ECPublicKey) bobKeyPair.getPublic(), fmk.length);
+        byte[] encryptedFmk = Crypto.xor(fmk, aliceKek);
+
+        byte[] bobKek = Crypto.deriveKeyDecryptionKey(bobKeyPair, (ECPublicKey) aliceKeyPair.getPublic(), fmk.length);
+        byte[] decryptedFmk = Crypto.xor(encryptedFmk, bobKek);
+
+
+
+        log.debug("FMK:       {}", HexFormat.of().formatHex(fmk));
+        log.debug("alice KEK: {}", HexFormat.of().formatHex(aliceKek));
+        log.debug("encrypted: {}", HexFormat.of().formatHex(encryptedFmk));
+        log.debug("bob KEK:   {}", HexFormat.of().formatHex(bobKek));
+        log.debug("decrypted: {}", HexFormat.of().formatHex(decryptedFmk));
+
+        assertArrayEquals(aliceKek, bobKek);
+        assertArrayEquals(fmk, decryptedFmk);
+    }
+
+
+    @Test
+    void testHmacSha256() throws NoSuchAlgorithmException, InvalidKeyException {
+        byte[] data = "header".getBytes(StandardCharsets.UTF_8);
+        SecretKey hhk = Crypto.deriveHeaderHmacKey(Crypto.generateFileMasterKey());
+        byte[] hmac = Crypto.calcHmacSha256(hhk, data);
+        assertNotNull(hmac);
+        assertEquals(Crypto.HHK_LEN_BYTES, hmac.length);
+    }
+
+
+    @Test
+    void deriveKeyEncryptionKeyFromSharedSecret() {
+        byte[] sharedSecret = new byte[32];
+        // sharedSecret should be initialized from SecureRandom, for test repeatability sharedSecret in this test is
+        // initialized to 0 bytes
+
+        byte[] salt = new byte[32];
+        salt[0] = 's';
+        salt[1] = 'a';
+        salt[2] = 'l';
+        salt[3] = 't';
+
+        SecretKey kekSecretKey = Crypto.deriveKeyEncryptionKey("deriveKeyEncryptionKeyFromSharedSecret",
+                new SecretKeySpec(sharedSecret, ""),
+                salt,
+                FMKEncryptionMethod.name(FMKEncryptionMethod.XOR));
+
+        assertEquals("XOR", kekSecretKey.getAlgorithm());
+        assertEquals("RAW", kekSecretKey.getFormat()); // SecretKey created using SecretKeySpec
+
+        byte[] kek = kekSecretKey.getEncoded();
+        assertNotNull(kek);
+        assertEquals(Crypto.FMK_LEN_BYTES, kek.length);
+        assertEquals("962b1d44a6e36e9d117136e972e2da0bff7b35fc29b3d8ec5bde246d2c145984",
+                HexFormat.of().formatHex(kek));
+    }
+}
diff --git a/cdoc20-lib/src/test/java/ee/cyber/cdoc20/crypto/ECKeysTest.java b/cdoc20-lib/src/test/java/ee/cyber/cdoc20/crypto/ECKeysTest.java
new file mode 100644
index 00000000..a205387b
--- /dev/null
+++ b/cdoc20-lib/src/test/java/ee/cyber/cdoc20/crypto/ECKeysTest.java
@@ -0,0 +1,389 @@
+package ee.cyber.cdoc20.crypto;
+
+import org.junit.jupiter.api.Test;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import java.io.ByteArrayInputStream;
+import java.io.IOException;
+import java.io.InputStream;
+import java.math.BigInteger;
+import java.nio.ByteBuffer;
+import java.nio.charset.StandardCharsets;
+import java.security.AlgorithmParameters;
+import java.security.GeneralSecurityException;
+import java.security.KeyPair;
+import java.security.PublicKey;
+import java.security.cert.CertificateException;
+import java.security.NoSuchAlgorithmException;
+import java.security.interfaces.ECPrivateKey;
+import java.security.interfaces.ECPublicKey;
+import java.security.spec.ECGenParameterSpec;
+import java.security.spec.ECParameterSpec;
+import java.security.spec.ECPoint;
+import java.security.spec.InvalidParameterSpecException;
+import java.util.HexFormat;
+import java.util.Map;
+
+import static org.junit.jupiter.api.Assertions.assertEquals;
+import static org.junit.jupiter.api.Assertions.assertFalse;
+import static org.junit.jupiter.api.Assertions.assertThrows;
+import static org.junit.jupiter.api.Assertions.assertTrue;
+
+class ECKeysTest {
+    private static final Logger log = LoggerFactory.getLogger(ECKeysTest.class);
+
+    @Test
+    void testBigInteger() {
+        byte[] neg = new BigInteger("-255").toByteArray(); //0xff, 0x01
+        byte[] neg254 = new BigInteger("-254").toByteArray(); //0xff, 0x02
+        byte[] zero = new BigInteger("0").toByteArray(); // 0x00
+        byte[] pos127 = new BigInteger("127").toByteArray(); // 0x7f
+        byte[] pos128 = new BigInteger("128").toByteArray(); // 0x00, 0x80
+        byte[] pos = new BigInteger("255").toByteArray(); // 0x00, 0xff
+
+        assertEquals(new BigInteger("255"), new BigInteger(1, new byte[] {(byte)0xff}));
+        assertEquals(new BigInteger("255"), new BigInteger(1, new byte[] {(byte)0x00, (byte)0xff}));
+    }
+
+    @Test
+    void testEcPubKeyEncodeDecode() throws GeneralSecurityException {
+        log.trace("testEcPubKeyEncodeDecode()");
+
+        KeyPair keyPair = ECKeys.generateEcKeyPair(ECKeys.SECP_384_R_1);
+        ECPublicKey ecPublicKey = (ECPublicKey) keyPair.getPublic();
+        byte[] encodedEcPubKey = ECKeys.encodeEcPubKeyForTls(ecPublicKey);
+
+        assertEquals(1 + ECKeys.SECP_384_R_1_LEN_BYTES * 2, encodedEcPubKey.length);
+        assertEquals(1 + ECKeys.SECP_384_R_1_LEN_BYTES * 2, encodedEcPubKey.length);
+        assertEquals(0x04, encodedEcPubKey[0]);
+
+        ECPublicKey decoded = EllipticCurve.SECP384R1.decodeFromTls(ByteBuffer.wrap(encodedEcPubKey));
+        assertEquals(ecPublicKey.getW(), decoded.getW());
+        assertEquals(ecPublicKey, decoded);
+    }
+
+    @Test
+    void testLoadEcPrivKey() throws GeneralSecurityException, IOException {
+        @SuppressWarnings("checkstyle:OperatorWrap")
+        String privKeyPem =
+                "-----BEGIN EC PRIVATE KEY-----\n" +
+                        "MIGkAgEBBDBh1UAT832Nh2ZXvdc5JbNv3BcEZSYk90esUkSPFmg2XEuoA7avS/kd\n" +
+                        "4HtHGRbRRbagBwYFK4EEACKhZANiAASERl1rD+bm2aoiuGicY8obRkcs+jt8ks4j\n" +
+                        "C1jD/f/EQ8KdFYrJ+KwnM6R8rIXqDnUnLJFiF3OzDpu8TUjVOvdXgzQL+n67QiLd\n" +
+                        "yerTE6f5ujIXoXNkZB8O2kX/3vADuDA=\n" +
+                        "-----END EC PRIVATE KEY-----\n";
+
+        //        openssl ec -in key.pem -text -noout
+        //        read EC key
+        //        Private-Key: (384 bit)
+        //        priv:
+        //        61:d5:40:13:f3:7d:8d:87:66:57:bd:d7:39:25:b3:
+        //        6f:dc:17:04:65:26:24:f7:47:ac:52:44:8f:16:68:
+        //        36:5c:4b:a8:03:b6:af:4b:f9:1d:e0:7b:47:19:16:
+        //        d1:45:b6
+        //        pub:
+        //        04:84:46:5d:6b:0f:e6:e6:d9:aa:22:b8:68:9c:63:
+        //        ca:1b:46:47:2c:fa:3b:7c:92:ce:23:0b:58:c3:fd:
+        //        ff:c4:43:c2:9d:15:8a:c9:f8:ac:27:33:a4:7c:ac:
+        //        85:ea:0e:75:27:2c:91:62:17:73:b3:0e:9b:bc:4d:
+        //        48:d5:3a:f7:57:83:34:0b:fa:7e:bb:42:22:dd:c9:
+        //        ea:d3:13:a7:f9:ba:32:17:a1:73:64:64:1f:0e:da:
+        //        45:ff:de:f0:03:b8:30
+        //        ASN1 OID: secp384r1
+        //        NIST CURVE: P-384
+        String expectedSecretHex =
+                "61d54013f37d8d876657bdd73925b36fdc1704652624f747ac52448f1668365c4ba803b6af4bf91de07b471916d145b6";
+
+        ECPrivateKey key = ECKeys.loadECPrivateKey(privKeyPem);
+        assertEquals("EC", key.getAlgorithm());
+        assertEquals(expectedSecretHex, key.getS().toString(16));
+    }
+
+
+    @Test
+    void testLoadEcPubKey() throws GeneralSecurityException, IOException {
+        //openssl ecparam -name secp384r1 -genkey -noout -out key.pem
+        //openssl ec -in key.pem -pubout -out public.pem
+        @SuppressWarnings("checkstyle:OperatorWrap")
+        String pubKeyPem = "-----BEGIN PUBLIC KEY-----\n" +
+                "MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEhEZdaw/m5tmqIrhonGPKG0ZHLPo7fJLO\n" +
+                "IwtYw/3/xEPCnRWKyfisJzOkfKyF6g51JyyRYhdzsw6bvE1I1Tr3V4M0C/p+u0Ii\n" +
+                "3cnq0xOn+boyF6FzZGQfDtpF/97wA7gw\n" +
+                "-----END PUBLIC KEY-----\n";
+
+//        openssl ec -in key.pem -text -noout
+//        read EC key
+//        Private-Key: (384 bit)
+//        priv:
+//        61:d5:40:13:f3:7d:8d:87:66:57:bd:d7:39:25:b3:
+//        6f:dc:17:04:65:26:24:f7:47:ac:52:44:8f:16:68:
+//        36:5c:4b:a8:03:b6:af:4b:f9:1d:e0:7b:47:19:16:
+//        d1:45:b6
+//        pub:
+//        04:84:46:5d:6b:0f:e6:e6:d9:aa:22:b8:68:9c:63:
+//        ca:1b:46:47:2c:fa:3b:7c:92:ce:23:0b:58:c3:fd:
+//        ff:c4:43:c2:9d:15:8a:c9:f8:ac:27:33:a4:7c:ac:
+//        85:ea:0e:75:27:2c:91:62:17:73:b3:0e:9b:bc:4d:
+//        48:d5:3a:f7:57:83:34:0b:fa:7e:bb:42:22:dd:c9:
+//        ea:d3:13:a7:f9:ba:32:17:a1:73:64:64:1f:0e:da:
+//        45:ff:de:f0:03:b8:30
+//        ASN1 OID: secp384r1
+//        NIST CURVE: P-384
+        String expectedHex = "04"
+                + "84465d6b0fe6e6d9aa22b8689c63ca1b46472cfa3b7c92ce230b58c3fdffc443c29d158ac9f8ac2733a47cac85ea0e75"
+                + "272c91621773b30e9bbc4d48d53af75783340bfa7ebb4222ddc9ead313a7f9ba3217a17364641f0eda45ffdef003b830";
+
+        PublicKey publicKey = PemTools.loadPublicKey(pubKeyPem);
+        assertEquals("EC", publicKey.getAlgorithm());
+
+        ECPublicKey ecPublicKey = (ECPublicKey) publicKey;
+
+
+        assertTrue(ECKeys.isEcSecp384r1Curve(ecPublicKey));
+
+        log.debug("{} {}", ECKeys.getCurveOid(ecPublicKey), ecPublicKey.getParams().toString());
+
+        assertEquals(expectedHex, HexFormat.of().formatHex(ECKeys.encodeEcPubKeyForTls(ecPublicKey)));
+    }
+
+    @Test
+    void testLoadEcKeyPairFromPem() throws GeneralSecurityException, IOException {
+        //openssl ecparam -name secp384r1 -genkey -noout -out key.pem
+        @SuppressWarnings("checkstyle:OperatorWrap")
+        String privKeyPem =
+                "-----BEGIN EC PRIVATE KEY-----\n" +
+                        "MIGkAgEBBDBh1UAT832Nh2ZXvdc5JbNv3BcEZSYk90esUkSPFmg2XEuoA7avS/kd\n" +
+                        "4HtHGRbRRbagBwYFK4EEACKhZANiAASERl1rD+bm2aoiuGicY8obRkcs+jt8ks4j\n" +
+                        "C1jD/f/EQ8KdFYrJ+KwnM6R8rIXqDnUnLJFiF3OzDpu8TUjVOvdXgzQL+n67QiLd\n" +
+                        "yerTE6f5ujIXoXNkZB8O2kX/3vADuDA=\n" +
+                        "-----END EC PRIVATE KEY-----\n";
+
+        //        openssl ec -in key.pem -text -noout
+        //        read EC key
+        //        Private-Key: (384 bit)
+        //        priv:
+        //        61:d5:40:13:f3:7d:8d:87:66:57:bd:d7:39:25:b3:
+        //        6f:dc:17:04:65:26:24:f7:47:ac:52:44:8f:16:68:
+        //        36:5c:4b:a8:03:b6:af:4b:f9:1d:e0:7b:47:19:16:
+        //        d1:45:b6
+        //        pub:
+        //        04:84:46:5d:6b:0f:e6:e6:d9:aa:22:b8:68:9c:63:
+        //        ca:1b:46:47:2c:fa:3b:7c:92:ce:23:0b:58:c3:fd:
+        //        ff:c4:43:c2:9d:15:8a:c9:f8:ac:27:33:a4:7c:ac:
+        //        85:ea:0e:75:27:2c:91:62:17:73:b3:0e:9b:bc:4d:
+        //        48:d5:3a:f7:57:83:34:0b:fa:7e:bb:42:22:dd:c9:
+        //        ea:d3:13:a7:f9:ba:32:17:a1:73:64:64:1f:0e:da:
+        //        45:ff:de:f0:03:b8:30
+        //        ASN1 OID: secp384r1
+        //        NIST CURVE: P-384
+        String expectedSecretHex =
+                  "61d54013f37d8d876657bdd73925b36fdc1704652624f747ac52448f1668365c4ba803b6af4bf91de07b471916d145b6";
+        String expectedPubHex = "04"
+                + "84465d6b0fe6e6d9aa22b8689c63ca1b46472cfa3b7c92ce230b58c3fdffc443c29d158ac9f8ac2733a47cac85ea0e75"
+                + "272c91621773b30e9bbc4d48d53af75783340bfa7ebb4222ddc9ead313a7f9ba3217a17364641f0eda45ffdef003b830";
+
+        KeyPair keyPair = PemTools.loadKeyPair(privKeyPem);
+        ECPrivateKey ecPrivKey = (ECPrivateKey) keyPair.getPrivate();
+        ECPublicKey ecPublicKey = (ECPublicKey) keyPair.getPublic();
+
+        assertEquals("EC", ecPrivKey.getAlgorithm());
+        assertEquals(expectedSecretHex, ecPrivKey.getS().toString(16));
+        //No good way to verify secp384r1 curve - this might be different for non Sun Security Provider
+        assertEquals("secp384r1 [NIST P-384] (1.3.132.0.34)", ecPrivKey.getParams().toString());
+
+        AlgorithmParameters params = AlgorithmParameters.getInstance("EC");
+        params.init(ecPrivKey.getParams());
+        log.debug("{} oid {}", params.getProvider(), params.getParameterSpec(ECGenParameterSpec.class).getName());
+        assertTrue(ECKeys.isEcSecp384r1Curve(ecPrivKey));
+
+        assertEquals("EC", ecPublicKey.getAlgorithm());
+        assertEquals(expectedPubHex, HexFormat.of().formatHex(ECKeys.encodeEcPubKeyForTls(ecPublicKey)));
+    }
+
+
+    /**
+     * <pre>openssl pkcs12 -in INFILE.p12 -nodes -nocerts | openssl ec -out OUTFILE.key</pre>
+     * exports only private key, where
+     * <pre>openssl ecparam -name secp384r1 -genkey -noout -out key.pem</pre> appends also public key. Both
+     * have header -----BEGIN EC PRIVATE KEY-----, but structure is different
+     *
+     * Example pem exported from p12:
+     * </pre>
+     * -----BEGIN EC PRIVATE KEY-----
+     * MD4CAQEEMNLrqy74Rn1LO3dAuhBuqV6ucTqJXY/8/6DD1ESBkTy46XKKHVuZmy2K
+     * pSsqr4gWhaAHBgUrgQQAIg==
+     * -----END EC PRIVATE KEY-----
+     * </pre>
+     *
+     * <pre>
+     * openssl asn1parse -in exported_from_p12.pem
+     *     0:d=0  hl=2 l=  62 cons: SEQUENCE
+     *     2:d=1  hl=2 l=   1 prim: INTEGER           :01
+     *     5:d=1  hl=2 l=  48 prim: OCTET STRING      [HEX DUMP]:D2EBAB2EF8467D4B3B7740BA106EA95EAE713A895D8FFCFFA0C..
+     *    55:d=1  hl=2 l=   7 cons: cont [ 0 ]
+     *    57:d=2  hl=2 l=   5 prim: OBJECT            :secp384r1
+     *
+     * openssl asn1parse -in generated.pem
+     *     0:d=0  hl=2 l=  62 cons: SEQUENCE
+     *     2:d=1  hl=2 l=   1 prim: INTEGER           :01
+     *     5:d=1  hl=2 l=  48 prim: OCTET STRING      [HEX DUMP]:D2EBAB2EF8467D4B3B7740BA106EA95EAE713A895D8FFCFFA0C..
+     *    55:d=1  hl=2 l=   7 cons: cont [ 0 ]
+     *    57:d=2  hl=2 l=   5 prim: OBJECT            :secp384r1
+     *    65:d=1  hl=2 l= 100 cons: cont [ 1 ]
+     *    67:d=2  hl=2 l=  98 prim: BIT STRING
+     * </pre>
+     *
+     * @throws GeneralSecurityException
+     * @throws IOException
+     */
+    @Test
+    void testLoadKeyPairFromPemShort() throws GeneralSecurityException, IOException {
+        @SuppressWarnings("checkstyle:OperatorWrap")
+        final String pem = "-----BEGIN EC PRIVATE KEY-----\n" +
+                "MD4CAQEEMNLrqy74Rn1LO3dAuhBuqV6ucTqJXY/8/6DD1ESBkTy46XKKHVuZmy2K\n" +
+                "pSsqr4gWhaAHBgUrgQQAIg==\n" +
+                "-----END EC PRIVATE KEY-----\n";
+
+//        openssl ec -in blah.pem -text -noout
+//        read EC key
+//        Private-Key: (384 bit)
+//        priv:
+//        d2:eb:ab:2e:f8:46:7d:4b:3b:77:40:ba:10:6e:a9:
+//        5e:ae:71:3a:89:5d:8f:fc:ff:a0:c3:d4:44:81:91:
+//        3c:b8:e9:72:8a:1d:5b:99:9b:2d:8a:a5:2b:2a:af:
+//        88:16:85
+//        pub:
+//        04:54:76:e4:8b:6d:12:80:7b:7f:0c:c9:8b:92:8e:
+//        69:53:13:36:b7:c6:81:79:42:fd:28:a5:12:55:6e:
+//        6d:7f:21:98:62:f8:a2:b6:2a:fe:83:f9:8c:fe:9d:
+//        11:10:fb:16:7c:38:5d:49:3b:49:08:2b:8f:bd:26:
+//        a1:7f:4a:fb:70:88:49:a7:d0:54:4b:c4:8e:18:60:
+//        96:30:4b:57:d8:d2:89:9b:81:da:dc:2b:92:60:4d:
+//        ee:28:4b:1a:28:3b:7b
+//        ASN1 OID: secp384r1
+//        NIST CURVE: P-384
+
+        final String expectedSecretHex =
+                  "d2ebab2ef8467d4b3b7740ba106ea95eae713a895d8ffcffa0c3d44481913cb8e9728a1d5b999b2d8aa52b2aaf881685";
+
+        String expectedPubHex = "04"
+                + "5476e48b6d12807b7f0cc98b928e69531336b7c6817942fd28a512556e6d7f219862f8a2b62afe83f98cfe9d1110fb16"
+                + "7c385d493b49082b8fbd26a17f4afb708849a7d0544bc48e186096304b57d8d2899b81dadc2b92604dee284b1a283b7b";
+
+        KeyPair keyPair = PemTools.loadKeyPair(pem);
+        ECPrivateKey ecPrivKey = (ECPrivateKey) keyPair.getPrivate();
+        ECPublicKey ecPublicKey = (ECPublicKey) keyPair.getPublic();
+
+        //log.debug("key: {}", ecPrivKey.getS().toString(16));
+        assertEquals("EC", ecPrivKey.getAlgorithm());
+        assertEquals(expectedSecretHex, ecPrivKey.getS().toString(16));
+
+
+        //log.debug("pub: {}", HexFormat.of().formatHex(ECKeys.encodeEcPubKeyForTls(ecPublicKey)));
+        assertEquals("EC", ecPublicKey.getAlgorithm());
+        assertEquals(expectedPubHex, HexFormat.of().formatHex(ECKeys.encodeEcPubKeyForTls(ecPublicKey)));
+    }
+
+
+    @Test
+    void testLoadCertWithLabel() throws CertificateException, IOException {
+
+        @SuppressWarnings("checkstyle:OperatorWrap")
+        final String igorCertificate =
+                "-----BEGIN CERTIFICATE-----\n" +
+                "MIIGPjCCBCagAwIBAgIQWh4k6BI9wW9aAwcOMosU6DANBgkqhkiG9w0BAQsFADBr\n" +
+                "MQswCQYDVQQGEwJFRTEiMCAGA1UECgwZQVMgU2VydGlmaXRzZWVyaW1pc2tlc2t1\n" +
+                "czEXMBUGA1UEYQwOTlRSRUUtMTA3NDcwMTMxHzAdBgNVBAMMFlRFU1Qgb2YgRVNU\n" +
+                "RUlELVNLIDIwMTUwHhcNMTcxMTA4MTMzMDU0WhcNMjIxMTA3MjE1OTU5WjCBlzEL\n" +
+                "MAkGA1UEBhMCRUUxDzANBgNVBAoMBkVTVEVJRDEXMBUGA1UECwwOYXV0aGVudGlj\n" +
+                "YXRpb24xJDAiBgNVBAMMG8W9QUlLT1ZTS0ksSUdPUiwzNzEwMTAxMDAyMTETMBEG\n" +
+                "A1UEBAwKxb1BSUtPVlNLSTENMAsGA1UEKgwESUdPUjEUMBIGA1UEBRMLMzcxMDEw\n" +
+                "MTAwMjEwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAATlalHxt8gcK5Asvap7DqJQI6PU\n" +
+                "Tkoz0/FWBJwZGuzK733wy5RV2D+scuj6NsinEW4rQBxQegm3ASU1aNcRTiSO9sCv\n" +
+                "GtGiptdt5w+9f7ddo855Lc/7C0vW0gG4tRLvob+jggJdMIICWTAJBgNVHRMEAjAA\n" +
+                "MA4GA1UdDwEB/wQEAwIDiDCBiQYDVR0gBIGBMH8wcwYJKwYBBAHOHwMBMGYwLwYI\n" +
+                "KwYBBQUHAgEWI2h0dHBzOi8vd3d3LnNrLmVlL3JlcG9zaXRvb3JpdW0vQ1BTMDMG\n" +
+                "CCsGAQUFBwICMCcMJUFpbnVsdCB0ZXN0aW1pc2Vrcy4gT25seSBmb3IgdGVzdGlu\n" +
+                "Zy4wCAYGBACPegECMCIGA1UdEQQbMBmBF2lnb3IuemFpa292c2tpQGVlc3RpLmVl\n" +
+                "MB0GA1UdDgQWBBRWH+VJhoWaZU4WgnVNJCoDJNSRfTBhBggrBgEFBQcBAwRVMFMw\n" +
+                "UQYGBACORgEFMEcwRRY/aHR0cHM6Ly9zay5lZS9lbi9yZXBvc2l0b3J5L2NvbmRp\n" +
+                "dGlvbnMtZm9yLXVzZS1vZi1jZXJ0aWZpY2F0ZXMvEwJFTjAgBgNVHSUBAf8EFjAU\n" +
+                "BggrBgEFBQcDAgYIKwYBBQUHAwQwHwYDVR0jBBgwFoAUScDyRDll1ZtGOw04YIOx\n" +
+                "1i0ohqYwgYMGCCsGAQUFBwEBBHcwdTAsBggrBgEFBQcwAYYgaHR0cDovL2FpYS5k\n" +
+                "ZW1vLnNrLmVlL2VzdGVpZDIwMTUwRQYIKwYBBQUHMAKGOWh0dHBzOi8vc2suZWUv\n" +
+                "dXBsb2FkL2ZpbGVzL1RFU1Rfb2ZfRVNURUlELVNLXzIwMTUuZGVyLmNydDBBBgNV\n" +
+                "HR8EOjA4MDagNKAyhjBodHRwOi8vd3d3LnNrLmVlL2NybHMvZXN0ZWlkL3Rlc3Rf\n" +
+                "ZXN0ZWlkMjAxNS5jcmwwDQYJKoZIhvcNAQELBQADggIBAG71HyOLLR7yUiEp18eK\n" +
+                "vtmOLx4sd9rnvqgxtCy5AqoKkPirqJ9FRlg07GxZ4ReQCCLNLufsXzVbLCMCPzK6\n" +
+                "UBJxeO+LwzGgsNSUQ4UbbETaA5M9zqq8GvuAdqFC+gipCcwyVmlCQ45gV5w2fV39\n" +
+                "aZVjZjW9sJSlUubgxBRqfUsaIr/Ft1z1zmf/2cWWtOijP/iXTakJWQCrqM70EPWo\n" +
+                "pFUWea8Ak7UHSETF8S6zvxigW9Fveufk0JZ76+iDFD+fKqCGurAveKJQxj3yVHIL\n" +
+                "kFIhn1/8l6HterApbnwribJs3sCmgVd13na3cXideUG/SNLD3sQsS7UXS7E3Ksx7\n" +
+                "5ZgQmAJ388lD5ouGo7XmOGJQFsahlANIwPlHSr30eofYxt8rzELXy1lcSNsiGXj1\n" +
+                "xz1zkayfjiifHRurieeETm2hW/gla90CGUVHduHDxniQmbQOPbL/sr/0mebo+3j4\n" +
+                "IlFpIqJXO72sM0e3hIw59aJSHwQf2WTPkVm+Sm8XZ8UOHNpkLJbQj/cT58myWVM9\n" +
+                "bL0dJj7FoY0fgO9iDsHtAaNvsF3gq9Tz9pTNE1PYrAhrFDP/tw2JrruvoHXLyCbz\n" +
+                "Tv/YlZk9raKUO4GtUgcGbBdrKEhzMzLkPpgsnjyyPwjdi2Umbmbs9trOQ5uL2ap+\n" +
+                "A2FOma3WzswqJuVKeVIQx3O1\n" +
+                "-----END CERTIFICATE-----";
+
+
+        InputStream certStream = new ByteArrayInputStream(igorCertificate.getBytes(StandardCharsets.UTF_8));
+        Map.Entry<PublicKey, String> keyLabel =  PemTools.loadCertKeyWithLabel(certStream);
+
+        String label = keyLabel.getValue();
+
+        assertEquals("\u017DAIKOVSKI,IGOR,37101010021", label);
+    }
+
+
+    public static ECPublicKey getInfinityPublicKey() throws InvalidParameterSpecException, NoSuchAlgorithmException {
+        AlgorithmParameters params = AlgorithmParameters.getInstance("EC");
+        params.init(new ECGenParameterSpec(ECKeys.SECP_384_R_1));
+
+        ECParameterSpec ecParameterSpec = params.getParameterSpec(ECParameterSpec.class);
+
+        ECPublicKey infinityPublicKey = new ECPublicKey() {
+            @Override
+            public ECPoint getW() {
+                return ECPoint.POINT_INFINITY;
+            }
+
+            @Override
+            public String getAlgorithm() {
+                return "EC";
+            }
+
+            @Override
+            public String getFormat() {
+                return null;
+            }
+
+            @Override
+            public byte[] getEncoded() {
+                return new byte[0];
+            }
+
+            @Override
+            public ECParameterSpec getParams() {
+                return ecParameterSpec;
+            }
+        };
+
+        return infinityPublicKey;
+    }
+
+    @Test
+    void testInfinityPublicKeyValidity() throws GeneralSecurityException {
+
+        ECPublicKey infinityPublicKey = getInfinityPublicKey();
+        assertFalse(ECKeys.isValidSecP384R1(infinityPublicKey));
+    }
+
+    @Test
+    void testEncodeInfinityPubKey() throws GeneralSecurityException {
+        ECPublicKey infinityPublicKey = getInfinityPublicKey();
+        assertThrows(IllegalArgumentException.class, () -> ECKeys.encodeEcPubKeyForTls(infinityPublicKey));
+    }
+}
diff --git a/cdoc20-lib/src/test/java/ee/cyber/cdoc20/crypto/Pkcs11DeviceConfiguration.java b/cdoc20-lib/src/test/java/ee/cyber/cdoc20/crypto/Pkcs11DeviceConfiguration.java
new file mode 100644
index 00000000..47054b6a
--- /dev/null
+++ b/cdoc20-lib/src/test/java/ee/cyber/cdoc20/crypto/Pkcs11DeviceConfiguration.java
@@ -0,0 +1,67 @@
+package ee.cyber.cdoc20.crypto;
+
+import java.io.InputStream;
+import java.util.Optional;
+import java.util.Properties;
+import javax.annotation.Nullable;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+/**
+ * Test configuration for running PKCS11 tests using a hardware device.
+ */
+public record Pkcs11DeviceConfiguration(
+        // full path to the PKCS11 provider library
+        String pkcs11Library,
+
+        // the PKCS11 device slot
+        int slot,
+
+        // alias of the key in the keystore to use (if multiple keys in the keystore)
+        @Nullable String keyAlias,
+
+        // the keystore pin
+        char[] pin,
+
+        // part of the CN field in the certificate
+        String certCn) {
+
+    private static final Logger log = LoggerFactory.getLogger(Pkcs11DeviceConfiguration.class);
+
+    /**
+     * Loads the PKCS11 device configuration from a file on the classpath.
+     * <p>
+     * The properties file can be specified with the system property cdoc2.pkcs11.test-configuration
+     * e.g -D cdoc2.pkcs11.test-configuration=pkcs11-test-idcard.properties
+     *
+     */
+    public static Pkcs11DeviceConfiguration load() {
+        String filename = System.getProperty("cdoc2.pkcs11.conf-file", "pkcs11-test-idcard.properties");
+        return loadFromPropertiesFile(filename);
+    }
+
+    private static Pkcs11DeviceConfiguration loadFromPropertiesFile(String filename) {
+        log.info("Loading PKCS11 device configuration from {}", filename);
+
+        try (InputStream is = Pkcs11Test.class.getClassLoader().getResourceAsStream(filename)) {
+            var properties = new Properties();
+            properties.load(is);
+
+            return new Pkcs11DeviceConfiguration(
+                getRequiredProperty(properties, "pkcs11.library"),
+                Integer.parseInt(getRequiredProperty(properties, "pkcs11.slot")),
+                properties.getProperty("pkcs11.key-alias"),
+                getRequiredProperty(properties, "pkcs11.pin").toCharArray(),
+                getRequiredProperty(properties, "pkcs11.cert.cn")
+            );
+        } catch (Exception e) {
+            log.error("Failed to read pkcs11 device properties", e);
+            throw new RuntimeException(e);
+        }
+    }
+
+    private static String getRequiredProperty(Properties properties, String property) {
+        return Optional.ofNullable(properties.getProperty(property))
+            .orElseThrow(() -> new IllegalArgumentException("Required property '" + property + "' not found"));
+    }
+}
diff --git a/cdoc20-lib/src/test/java/ee/cyber/cdoc20/crypto/Pkcs11Test.java b/cdoc20-lib/src/test/java/ee/cyber/cdoc20/crypto/Pkcs11Test.java
new file mode 100644
index 00000000..287c7fb2
--- /dev/null
+++ b/cdoc20-lib/src/test/java/ee/cyber/cdoc20/crypto/Pkcs11Test.java
@@ -0,0 +1,97 @@
+package ee.cyber.cdoc20.crypto;
+
+import java.nio.file.Path;
+import java.security.KeyPair;
+import java.security.KeyStore;
+import java.security.cert.X509Certificate;
+import java.util.List;
+import javax.naming.InvalidNameException;
+import javax.naming.ldap.LdapName;
+
+import ee.cyber.cdoc20.container.EnvelopeTestUtils;
+import org.junit.jupiter.api.Tag;
+import org.junit.jupiter.api.Test;
+import org.junit.jupiter.api.io.TempDir;
+import org.junit.jupiter.api.parallel.Isolated;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import static ee.cyber.cdoc20.crypto.Pkcs11Tools.createSunPkcsConfigurationFile;
+import static org.junit.jupiter.api.Assertions.assertEquals;
+import static org.junit.jupiter.api.Assertions.assertTrue;
+
+/**
+ * These tests will fail without a PKCS11 device (smart card, usb token).
+ * The device and its details can be configured using a properties file under src/test/resources/
+ * @see Pkcs11DeviceConfiguration for details
+ */
+@Isolated
+class Pkcs11Test {
+    private static final Logger log = LoggerFactory.getLogger(Pkcs11Test.class);
+
+    // load pkcs11 devive properties
+    private static final Pkcs11DeviceConfiguration CONF = Pkcs11DeviceConfiguration.load();
+
+    @Test
+    @Tag("pkcs11")
+    void testLoadKeyInteractively() throws Exception {
+        // seems that when pin has already been provided to SunPKCS11, then pin is not asked again
+        // so running this test with other tests doesn't make much sense
+        KeyPair keyPair = Pkcs11Tools.loadFromPKCS11Interactively(
+            CONF.pkcs11Library(), CONF.slot(), CONF.keyAlias()
+        );
+
+        if (Crypto.isECPKCS11Key(keyPair.getPrivate())) {
+            assertTrue(EllipticCurve.SECP384R1.isValidKeyPair(keyPair));
+        }
+    }
+
+    @Test
+    @Tag("pkcs11")
+    void testLoadCert() throws Exception {
+        var pair = Pkcs11Tools.loadFromPKCS11(
+            createSunPkcsConfigurationFile(null, CONF.pkcs11Library(), CONF.slot()),
+            new KeyStore.PasswordProtection(CONF.pin()),
+            CONF.keyAlias()
+        );
+
+        X509Certificate cert = pair.getValue();
+
+        List<String> cn;
+        try {
+            cn = new LdapName(cert.getSubjectX500Principal().getName())
+                .getRdns().stream()
+                .filter(rdn -> rdn.getType().equalsIgnoreCase("cn"))
+                .map(rdn -> rdn.getValue().toString())
+                .toList();
+        } catch (InvalidNameException e) {
+            cn = List.of();
+            log.error("InvalidNameException", e);
+        }
+
+        log.debug("CN {}", cn);
+
+        assertEquals(1, cn.size());
+        assertTrue(cn.get(0).contains(CONF.certCn()));
+    }
+
+    @Test
+    @Tag("pkcs11")
+    void testContainerUsingPKCS11Key(@TempDir Path tempDir) throws Exception {
+
+        log.trace("Pkcs11Test::testContainerUsingPKCS11Key");
+        KeyPair keyPair = loadFromPKCS11();
+
+        log.debug("Using hardware private key for decrypting");
+
+        EnvelopeTestUtils.testContainer(tempDir, DecryptionKeyMaterial.fromKeyPair(keyPair),
+                "testContainerUsingPKCS11Key", null);
+    }
+
+    private static KeyPair loadFromPKCS11() throws Exception {
+        Path confPath = createSunPkcsConfigurationFile("OpenSC", CONF.pkcs11Library(), CONF.slot());
+        var entry = Pkcs11Tools.loadFromPKCS11(
+            confPath, new KeyStore.PasswordProtection(CONF.pin()), CONF.keyAlias()
+        );
+        return new KeyPair(entry.getValue().getPublicKey(), entry.getKey());
+    }
+}
diff --git a/cdoc20-lib/src/test/java/ee/cyber/cdoc20/crypto/RsaTest.java b/cdoc20-lib/src/test/java/ee/cyber/cdoc20/crypto/RsaTest.java
new file mode 100644
index 00000000..21ac8525
--- /dev/null
+++ b/cdoc20-lib/src/test/java/ee/cyber/cdoc20/crypto/RsaTest.java
@@ -0,0 +1,155 @@
+package ee.cyber.cdoc20.crypto;
+
+import java.io.IOException;
+import java.nio.charset.StandardCharsets;
+import java.security.GeneralSecurityException;
+import java.security.KeyPair;
+import java.security.KeyPairGenerator;
+import java.security.PublicKey;
+import java.security.SecureRandom;
+import java.security.interfaces.RSAPrivateKey;
+import java.security.interfaces.RSAPublicKey;
+import java.util.Base64;
+
+import org.junit.jupiter.api.Test;
+import static org.junit.jupiter.api.Assertions.assertEquals;
+import static org.junit.jupiter.api.Assertions.assertNotNull;
+
+class RsaTest {
+
+    // openssl genrsa -out rsa_priv.pem 2048
+    @SuppressWarnings("checkstyle:OperatorWrap")
+    static final String rsaKeyPem =
+            "-----BEGIN RSA PRIVATE KEY-----\n" +
+            "MIIEogIBAAKCAQEAs18v09QVTnzSTRrFnVhkxDWM2rSHOua2rPz60CVazfOk5Vv9\n" +
+            "Jo4Nq6Uzo3yWS4DZ+3JgO5iRntFeI0NWZGsPGbMWGWKlb4OYlbK0gnBdwsi4LS6L\n" +
+            "nRx7CfYKxOicL5akXqDP2NCoytHFG8QePPE1XAHC7pHyC+hEa7Hggol6sdbEWOK7\n" +
+            "WLCmIjmJ+gJx2O3bg433ad0LX6swvclGNbe0z+YagmYsu4ChfwY9Be6oVRvQzFEH\n" +
+            "OKh+tEibyutdFJ9fioyMjjZtL6lEx5xKUJ18d4efC9apvJ810wRkMDqwR203HEJr\n" +
+            "kRnBg9RtkVPNzOMl8eH6eUdS/oDW5eysnKbtrwIDAQABAoIBAD8N0QRH442Jt2u/\n" +
+            "Y4RiVFnc8TzYhUkhXUoGTCzrVLZdVbQC2ES7Xvbdxf9MhpDYJMiNdmK8yUPpGYyP\n" +
+            "2UjHkbFZEQWvdbRzsCm/flD0KyGT6ZqIaC+8mUvxH+wEURMxg2p4YVg4UX2qq/2M\n" +
+            "vYxyxm0neVzgFRQ2fAbXqrJ4nZbx75KAU8Vepyn1zUHbyjwnaxly+rjiEkTujtrV\n" +
+            "+/FjAwZQ/mnoS0GbMlX6DKfMm6+wJW0ZYZKoqkaCuMPMT+msn2x3DPVgbwm8OO/V\n" +
+            "Qari5g8XwB+b9R5dWnli9dGyW9jFzQ/rhkgni0Z3hVc4lP/6WWbfxwRmAXFjIVyf\n" +
+            "PeavBsECgYEA4N/aivOA3YLUVBlKojUf3deBM6FvPuvELfhSCNVfotIwSsT2krP4\n" +
+            "NKR56PvbScNopdnaXgw1SrmWLZjEQy16cv8DL3a7o70HjSiHn15GZSqt1pBkBKuc\n" +
+            "9fj7JhvWCyNIqcAguchSQS4gf1GrvgIQUvBahIo3vJbdkOpmnfO7QrECgYEAzDMB\n" +
+            "OtgO/0PX5VGr9u7K9Fm7ER/fQym7L+pTigMgFUP15dfO4srbHzYyPyws+jOazDbF\n" +
+            "huGeX8rQqdFJtRgkfVLFVK+taK6UFh4tspzFW1QTX+cIt2XVR9gb4Aq+8mbodb0c\n" +
+            "feT70sOXqeaxrqqgwpdI20B04xALyQTUMQqbjl8CgYAZyhJqNRrmTIbFTlE84RLS\n" +
+            "glCS90Sm1qsdCol98dqR9cEMEiKlGHaysto4WgoAH6T0wFNGzeeetkH+4LJBcgnE\n" +
+            "/nIDE37ZfGhNTAShxlIUcByXqt+NmZDatL8406BsjpNaxGn8ZHjqeLvJXjhwBhSR\n" +
+            "LndzE9bojfTDFd7G5pjnQQKBgFV2f2xGYzh5B5IFtaha1vyf1YhcQ5ATljF+rEoV\n" +
+            "9saPtAnnYcJPzpfoke0YqxZopMAVqGREZ4mGFAEPA/9URGljTA2enUAz2OzM4qlf\n" +
+            "rcYEkTtRMbe4WiSAkWIafUJsyZwFczhJrw/OJtrIH9OPvErVEHwbJRCndZdDex+v\n" +
+            "Zd2XAoGAcA2ntZzUHM7K3A02pCPHtW6X2pmvgcNdQk2trI893mEPdFKPH+FPdaEa\n" +
+            "hxr/6JxIBbP93XG7m0Na8g0SaSl+jJHQOe2Vii7SgCSI47mp2bECUEQXqw0gek+E\n" +
+            "FpMKKtuLmE733CZbg85d9dCMU808+XR+psNvUR6XhxRB+lzgVjc=\n" +
+            "-----END RSA PRIVATE KEY-----\n";
+
+    // X.509 encoding, Java default for RSAPublicKey
+    //    SEQUENCE (2 elem)
+    //        SEQUENCE (2 elem)
+    //            OBJECT IDENTIFIER 1.2.840.113549.1.1.1 rsaEncryption (PKCS #1)
+    //            NULL
+    //        BIT STRING (2160 bit) 001100001000001000000001000010100000001010000010000000010000000100000…
+    //            SEQUENCE (2 elem)
+    //                INTEGER (2048 bit) 226435949622400733452861302723380091312050670462871263385722374431288…
+    //                INTEGER 65537
+    // openssl rsa -in rsa_priv.pem -outform PEM -pubout -out rsa_pub.pem
+    @SuppressWarnings("checkstyle:OperatorWrap")
+    static final String pubKeyPem = "-----BEGIN PUBLIC KEY-----\n" +
+            "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs18v09QVTnzSTRrFnVhk\n" +
+            "xDWM2rSHOua2rPz60CVazfOk5Vv9Jo4Nq6Uzo3yWS4DZ+3JgO5iRntFeI0NWZGsP\n" +
+            "GbMWGWKlb4OYlbK0gnBdwsi4LS6LnRx7CfYKxOicL5akXqDP2NCoytHFG8QePPE1\n" +
+            "XAHC7pHyC+hEa7Hggol6sdbEWOK7WLCmIjmJ+gJx2O3bg433ad0LX6swvclGNbe0\n" +
+            "z+YagmYsu4ChfwY9Be6oVRvQzFEHOKh+tEibyutdFJ9fioyMjjZtL6lEx5xKUJ18\n" +
+            "d4efC9apvJ810wRkMDqwR203HEJrkRnBg9RtkVPNzOMl8eH6eUdS/oDW5eysnKbt\n" +
+            "rwIDAQAB\n" +
+            "-----END PUBLIC KEY-----";
+
+    // openssl rsa -pubin -in rsa_pub.pem -RSAPublicKey_out -out pub.pem
+    // header, footer and '\n' removed to get base64 encoded RSAPublicKey structure defined in
+    // RFC8017 RSA Public Key Syntax (A.1.1) https://www.rfc-editor.org/rfc/rfc8017#page-54
+    //    SEQUENCE (2 elem)
+    //        INTEGER (2048 bit) 226435949622400733452861302723380091312050670462871263385722374431288…
+    //        INTEGER 65537
+    @SuppressWarnings("checkstyle:OperatorWrap")
+    static final String pubKeyRSAPublicKeyB64 =
+            //-----BEGIN RSA PUBLIC KEY-----
+            "MIIBCgKCAQEAs18v09QVTnzSTRrFnVhkxDWM2rSHOua2rPz60CVazfOk5Vv9Jo4N" +
+            "q6Uzo3yWS4DZ+3JgO5iRntFeI0NWZGsPGbMWGWKlb4OYlbK0gnBdwsi4LS6LnRx7" +
+            "CfYKxOicL5akXqDP2NCoytHFG8QePPE1XAHC7pHyC+hEa7Hggol6sdbEWOK7WLCm" +
+            "IjmJ+gJx2O3bg433ad0LX6swvclGNbe0z+YagmYsu4ChfwY9Be6oVRvQzFEHOKh+" +
+            "tEibyutdFJ9fioyMjjZtL6lEx5xKUJ18d4efC9apvJ810wRkMDqwR203HEJrkRnB" +
+            "g9RtkVPNzOMl8eH6eUdS/oDW5eysnKbtrwIDAQAB";
+            //-----END RSA PUBLIC KEY-----
+
+    @Test
+    void testRsaOep() throws Exception {
+
+        KeyPairGenerator generator = KeyPairGenerator.getInstance("RSA");
+        generator.initialize(2048, SecureRandom.getInstanceStrong());
+
+        KeyPair keyPair = generator.generateKeyPair();
+        RSAPublicKey publicKey = (RSAPublicKey) keyPair.getPublic();
+        RSAPrivateKey privateKey = (RSAPrivateKey) keyPair.getPrivate();
+
+        String plainSecret = "_secret_"; // 8 bytes as FMK_LEN
+
+        checkRsaEncryption(plainSecret, publicKey, privateKey);
+    }
+
+    static void checkRsaEncryption(String plainSecret, RSAPublicKey publicKey, RSAPrivateKey privateKey)
+            throws Exception {
+        byte[] data = plainSecret.getBytes(StandardCharsets.UTF_8);
+        byte[] encrypted = RsaUtils.rsaEncrypt(data, publicKey);
+
+        byte[] decryptedBytes = RsaUtils.rsaDecrypt(encrypted, privateKey);
+        String decrypted =  new String(decryptedBytes, StandardCharsets.UTF_8);
+
+        assertEquals(plainSecret, decrypted);
+    }
+
+    @Test
+    void testLoadRsaKeys() throws Exception {
+        PublicKey publicKey = PemTools.loadPublicKey(pubKeyPem);
+        KeyPair keyPair = PemTools.loadKeyPair(rsaKeyPem);
+
+        assertEquals("RSA", keyPair.getPublic().getAlgorithm());
+        assertEquals(publicKey, keyPair.getPublic());
+
+        checkRsaEncryption("secret", (RSAPublicKey) publicKey, (RSAPrivateKey) keyPair.getPrivate());
+    }
+
+    @Test
+    void testRsaPubKeyEncode() throws IOException {
+        RSAPublicKey rsaPublicKey = (RSAPublicKey) PemTools.loadPublicKey(pubKeyPem);
+        byte[] encoded = RsaUtils.encodeRsaPubKey(rsaPublicKey);
+
+        assertEquals(pubKeyRSAPublicKeyB64, Base64.getEncoder().encodeToString(encoded));
+    }
+
+    @Test
+    void testRsaPubKeyDecode() throws IOException, GeneralSecurityException {
+
+        byte[] rsaPubDer = Base64.getDecoder().decode(pubKeyRSAPublicKeyB64);
+
+        RSAPublicKey rsaPublicKey = RsaUtils.decodeRsaPubKey(rsaPubDer);
+        RSAPublicKey expected = (RSAPublicKey) PemTools.loadPublicKey(pubKeyPem);
+
+        assertEquals(expected, rsaPublicKey);
+    }
+
+    @Test
+    void testRsaEncodingDigiDocInteroperability() throws GeneralSecurityException, IOException {
+        // RSA pub key encoded by DigiDoc client, interoperability test
+        @SuppressWarnings("checkstyle:LineLength")
+        String m = "MIIBCgKCAQEAxKTvy+zUftuk3gK5SbUW6RUG3VQYTgqFQrjcAuLyquhSIun06xu9nz4N3Vfqg9h4BUYQKmcGNwoYC7ka1bjnQcblUy7FSznlwQssddE7BL4r3av52atU90Dvr3K9eaJmlfTpbpEa1JpUkDpnDCKf2vM6wPxhxNQYDDoA6QnKFjxOlfzJno/pHFnHKqdDBqmoJlU2o2XcTHzm5vtkg/Z4jjb7tHkrLV75tl+puXK1Kr598cl8pvsLRQHm0L+zKMs+btLZv2LlLNkXEl6dIm73a60bSf65Ya5fLeC+/znde3QibmlmN3yJenP/5bZsqmxExQmX9mFLrAr1g/8jw6O2xwIDAQAB";
+        //should not throw exceptions
+        RSAPublicKey rsaPublicKey = RsaUtils.decodeRsaPubKey(Base64.getDecoder().decode(m));
+        assertNotNull(rsaPublicKey);
+    }
+}
+
diff --git a/cdoc20-lib/src/test/resources/pkcs11-test-idcard.properties b/cdoc20-lib/src/test/resources/pkcs11-test-idcard.properties
new file mode 100644
index 00000000..1df8eff4
--- /dev/null
+++ b/cdoc20-lib/src/test/resources/pkcs11-test-idcard.properties
@@ -0,0 +1,10 @@
+# pkcs11 configuration for test id-card
+
+pkcs11.library=/usr/lib/x86_64-linux-gnu/opensc-pkcs11.so
+pkcs11.slot=0
+# pin
+pkcs11.pin=3471
+# key alias in the key store
+pkcs11.key-alias=Isikutuvastus
+# part of the CN in the certificate to match
+pkcs11.cert.cn=37101010021
diff --git a/cdoc20-lib/src/test/resources/pkcs11-test-safenet.properties b/cdoc20-lib/src/test/resources/pkcs11-test-safenet.properties
new file mode 100644
index 00000000..9eb30445
--- /dev/null
+++ b/cdoc20-lib/src/test/resources/pkcs11-test-safenet.properties
@@ -0,0 +1,8 @@
+# pkcs11 configuration for SafeNet eToken 5110
+pkcs11.library=/usr/lib/libeToken.so
+pkcs11.slot=2
+pkcs11.pin=12345678
+# part of the CN in the certificate to match
+pkcs11.cert.cn=Cybernetica
+# key alias to use when fetching the keystore entry (optional)
+pkcs11.key-alias=cdoc2-test
diff --git a/cdoc20-openapi/cdoc20-key-capsules.yaml b/cdoc20-openapi/cdoc20-key-capsules.yaml
new file mode 100644
index 00000000..22e58374
--- /dev/null
+++ b/cdoc20-openapi/cdoc20-key-capsules.yaml
@@ -0,0 +1,113 @@
+# Key Capsules API, version 2.0 of cdoc20services API
+openapi: 3.0.3
+info:
+  contact:
+    url: http://ria.ee
+  title: cdoc20-key-capsules
+  version: '2.0'
+  description: API for exchanging CDOC2.0 ephemeral key material in key capsules
+servers:
+  - url: 'https://localhost:8443'
+    description: no auth (for creating key capsules)
+  - url: 'https://localhost:8444'
+    description: mutual TLS authentication (for retrieving key capsules)
+
+paths:
+  '/key-capsules/{transactionId}':
+    get:
+      summary: Get key capsule for transactionId
+      description: Get key capsule for transactionId
+      tags:
+        - cdoc20-key-capsules
+      parameters:
+        - name: transactionId
+          in: path
+          schema:
+            type: string
+            minLength: 18
+            maxLength: 34
+          required: true
+          description: transaction id from recipients.KeyServerCapsule.transaction_id (fbs)
+      responses:
+        '200':
+          description: OK
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/Capsule'
+        '400':
+          description: 'Bad request. Client error.'
+        '401':
+          description: 'Unauthorized. Client certificate was not presented with the request.'
+        '404':
+          description: 'Not Found. 404 is also returned, when recipient id in record does not match with public key in client certificate.'
+      operationId: getCapsuleByTransactionId
+      security:
+        - mutualTLS: []
+  '/key-capsules':
+    post:
+      summary: Add Key Capsule
+      description: Save Capsule and generate transaction id using secure random. Generated transactionId is returned in Location header
+      operationId: createCapsule
+      responses:
+        '201':
+          description: Created
+          headers:
+            Location:
+              schema:
+                type: string
+                example: /key-capsules/KC0123456789ABCDEF
+              description: 'URI of created resource. TransactionId can be extracted from URI as it follows pattern /key-capsules/{transactionId}'
+        '400':
+          description: 'Bad request. Client error.'
+      requestBody:
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/Capsule'
+      security: []
+      tags:
+        - cdoc20-key-capsules
+components:
+  schemas:
+    Capsule:
+      title: Capsule
+      type: object
+      properties:
+        recipient_id:
+          type: string
+          format: byte
+          minLength: 97 # EC public key
+          maxLength: 2100 # 16 K RSA public key = 2086 bytes
+          description: 'Binary format is defined by capsule_type'
+        ephemeral_key_material:
+          type: string
+          format: byte
+          maxLength: 2100
+          description: 'Binary format is defined by capsule_type'
+        capsule_type:
+          type: string
+          enum:
+            - ecc_secp384r1
+            - rsa
+          description: |
+            Depending on capsule type, Capsule fields have the following contents:
+             - ecc_secp384r1:
+                  * recipient_id is EC pub key with secp384r1 curve in TLS format (0x04 + X coord 48 bytes + Y coord 48 bytes) (https://www.rfc-editor.org/rfc/rfc8446#section-4.2.8.2)
+                  * ephemeral_key_material contains sender public EC key (generated) in TLS format.
+             - rsa:
+                  * recipient_id is DER encoded RSA recipient public key - RsaPublicKey encoding [https://www.rfc-editor.org/rfc/rfc8017#page-54](RFC8017 RSA Public Key Syntax A.1.1)
+                  * ephemeral_key_material contains KEK encrypted with recipient public RSA key
+      required:
+        - recipient_id
+        - ephemeral_key_material
+        - capsule_type
+  securitySchemes:
+    mutualTLS:
+      # since mutualTLS is not supported by OAS 3.0.x, then define it as http basic auth. MutualTLS must be implemented
+      # manually anyway
+      #type: mutualTLS
+      type: http
+      scheme: basic
+tags:
+  - name: cdoc20-key-capsules
diff --git a/cdoc20-openapi/pom.xml b/cdoc20-openapi/pom.xml
new file mode 100644
index 00000000..eeb76736
--- /dev/null
+++ b/cdoc20-openapi/pom.xml
@@ -0,0 +1,203 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+    <modelVersion>4.0.0</modelVersion>
+    <parent>
+        <artifactId>cdoc20</artifactId>
+        <groupId>ee.cyber.cdoc20</groupId>
+        <version>0.6.0-SNAPSHOT</version>
+    </parent>
+
+    <artifactId>cdoc20-openapi</artifactId>
+    <description>CDOC 2.0 OpenApi server generation</description>
+
+    <properties>
+        <java.version>17</java.version>
+
+        <swagger-annotations-version>1.6.4</swagger-annotations-version>
+        <jackson-version>2.14.0</jackson-version>
+        <jodatime-version>2.10.13</jodatime-version>
+        <maven-plugin-version>1.0.0</maven-plugin-version>
+        <junit-version>4.13.2</junit-version>
+        <springfox-version>3.0.0</springfox-version>
+        <threetenbp-version>1.5.1</threetenbp-version>
+        <datatype-threetenbp-version>2.12.5</datatype-threetenbp-version>
+        <spring-boot-starter-test-version>2.7.5</spring-boot-starter-test-version>
+        <spring-boot-starter-web-version>2.7.5</spring-boot-starter-web-version>
+        <migbase64-version>2.2</migbase64-version>
+        <jackson-databind-nullable>0.2.2</jackson-databind-nullable>
+        <javax-annotation-api.version>1.3.2</javax-annotation-api.version>
+        <spotbugs-annotations.version>4.5.3</spotbugs-annotations.version>
+    </properties>
+
+
+    <dependencies>
+        <dependency>
+            <groupId>io.swagger</groupId>
+            <artifactId>swagger-annotations</artifactId>
+            <version>${swagger-annotations-version}</version>
+        </dependency>
+        <dependency>
+            <groupId>com.fasterxml.jackson.jaxrs</groupId>
+            <artifactId>jackson-jaxrs-base</artifactId>
+            <version>${jackson-version}</version>
+        </dependency>
+        <dependency>
+            <groupId>com.fasterxml.jackson.core</groupId>
+            <artifactId>jackson-core</artifactId>
+            <version>${jackson-version}</version>
+        </dependency>
+        <dependency>
+            <groupId>com.fasterxml.jackson.core</groupId>
+            <artifactId>jackson-annotations</artifactId>
+            <version>${jackson-version}</version>
+        </dependency>
+        <dependency>
+            <groupId>com.fasterxml.jackson.core</groupId>
+            <artifactId>jackson-databind</artifactId>
+            <version>${jackson-version}</version>
+        </dependency>
+        <dependency>
+            <groupId>com.fasterxml.jackson.jaxrs</groupId>
+            <artifactId>jackson-jaxrs-json-provider</artifactId>
+            <version>${jackson-version}</version>
+        </dependency>
+        <dependency>
+            <groupId>com.fasterxml.jackson.datatype</groupId>
+            <artifactId>jackson-datatype-joda</artifactId>
+            <version>${jackson-version}</version>
+        </dependency>
+        <dependency>
+            <groupId>joda-time</groupId>
+            <artifactId>joda-time</artifactId>
+            <version>${jodatime-version}</version>
+        </dependency>
+        <dependency>
+            <groupId>com.brsanthu</groupId>
+            <artifactId>migbase64</artifactId>
+            <version>${migbase64-version}</version>
+        </dependency>
+        <dependency>
+            <groupId>junit</groupId>
+            <artifactId>junit</artifactId>
+            <version>${junit-version}</version>
+            <scope>test</scope>
+        </dependency>
+        <dependency>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-starter-test</artifactId>
+            <version>${spring-boot-starter-test-version}</version>
+            <scope>test</scope>
+        </dependency>
+        <dependency>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-starter-web</artifactId>
+            <version>${spring-boot-starter-web-version}</version>
+        </dependency>
+        <dependency>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-starter-validation</artifactId>
+            <version>${spring-boot-starter-web-version}</version>
+        </dependency>
+        <dependency>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-starter-hateoas</artifactId>
+            <version>${spring-boot-starter-web-version}</version>
+        </dependency>
+
+        <dependency>
+            <groupId>javax.annotation</groupId>
+            <artifactId>javax.annotation-api</artifactId>
+            <version>${javax-annotation-api.version}</version>
+        </dependency>
+        <dependency>
+            <groupId>io.springfox</groupId>
+            <artifactId>springfox-swagger2</artifactId>
+            <version>${springfox-version}</version>
+        </dependency>
+        <dependency>
+            <groupId>io.springfox</groupId>
+            <artifactId>springfox-swagger-ui</artifactId>
+            <version>${springfox-version}</version>
+        </dependency>
+        <dependency>
+            <groupId>org.threeten</groupId>
+            <artifactId>threetenbp</artifactId>
+            <version>${threetenbp-version}</version>
+        </dependency>
+        <dependency>
+            <groupId>com.github.joschi.jackson</groupId>
+            <artifactId>jackson-datatype-threetenbp</artifactId>
+            <version>${datatype-threetenbp-version}</version>
+        </dependency>
+        <dependency>
+            <groupId>org.openapitools</groupId>
+            <artifactId>jackson-databind-nullable</artifactId>
+            <version>${jackson-databind-nullable}</version>
+        </dependency>
+
+        <dependency>
+            <!-- javax.annotation.Nonnull and friends used by jersey2 client-->
+            <groupId>com.github.spotbugs</groupId>
+            <artifactId>spotbugs-annotations</artifactId>
+            <version>${spotbugs-annotations.version}</version>
+        </dependency>
+    </dependencies>
+
+    <build>
+        <plugins>
+            <plugin>
+                <groupId>org.openapitools</groupId>
+                <artifactId>openapi-generator-maven-plugin</artifactId>
+                <version>6.2.1</version>
+                <executions>
+                    <execution>
+                        <id>generate-cdoc20-capsules</id>
+                        <goals>
+                            <goal>generate</goal>
+                        </goals>
+                        <configuration>
+                            <inputSpec>${project.basedir}/cdoc20-key-capsules.yaml</inputSpec>
+                            <apiPackage>ee.cyber.cdoc20.server.api</apiPackage>
+                        </configuration>
+                    </execution>
+
+                </executions>
+                <configuration>
+                    <generatorName>spring</generatorName>
+                    <apiPackage>ee.cyber.cdoc20.server.api</apiPackage>
+                    <modelPackage>ee.cyber.cdoc20.server.model</modelPackage>
+                    <!-- Without this some broken openapi classes are generated that use old 2.x springfox API -->
+                    <supportingFilesToGenerate>ApiUtil.java</supportingFilesToGenerate>
+                    <generateAliasAsModel>false</generateAliasAsModel>
+                    <configOptions>
+                        <delegatePattern>true</delegatePattern>
+                        <dateLibrary>java8-localdatetime</dateLibrary>
+                        <hateoas>false</hateoas>
+                        <oas3>true</oas3>
+                        <useOptional>true</useOptional>
+                        <bigDecimalAsString>true</bigDecimalAsString>
+                        <enumUnknownDefaultCase>true</enumUnknownDefaultCase>
+                        <legacyDiscriminatorBehavior>false</legacyDiscriminatorBehavior>
+                        <!-- requestMappingMode: https://github.com/OpenAPITools/openapi-generator/pull/13838 -->
+                        <requestMappingMode>none</requestMappingMode>&gt;
+                    </configOptions>
+                    <typeMappings>
+                        <typeMapping>duration=Duration</typeMapping>
+                    </typeMappings>
+                    <importMappings>Duration=java.time.Duration</importMappings>
+                </configuration>
+            </plugin>
+
+            <plugin>
+                <groupId>org.apache.maven.plugins</groupId>
+                <artifactId>maven-compiler-plugin</artifactId>
+                <version>3.8.1</version>
+                <configuration>
+                    <source>1.8</source>
+                    <target>1.8</target>
+                    <proc>none</proc>
+                </configuration>
+            </plugin>
+        </plugins>
+    </build>
+</project>
diff --git a/cdoc20-schema/README.md b/cdoc20-schema/README.md
new file mode 100644
index 00000000..d216b573
--- /dev/null
+++ b/cdoc20-schema/README.md
@@ -0,0 +1,13 @@
+# CDOC 2.0 schema
+
+flatbuffer schemas and source code generation from schemas
+
+## Building
+
+To install flatbuffer compiler and compile schemas, run `mvn compile`
+
+This will install flatc compiler under `target/bin` and compile schemas under `src/main/fbs`
+
+Flatbuffers:
+- https://google.github.io/flatbuffers/
+- https://github.com/davidmoten/flatbuffers
\ No newline at end of file
diff --git a/cdoc20-schema/pom.xml b/cdoc20-schema/pom.xml
new file mode 100644
index 00000000..354a6446
--- /dev/null
+++ b/cdoc20-schema/pom.xml
@@ -0,0 +1,173 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+    <modelVersion>4.0.0</modelVersion>
+
+    <parent>
+        <version>0.6.0-SNAPSHOT</version>
+        <groupId>ee.cyber.cdoc20</groupId>
+        <artifactId>cdoc20</artifactId>
+    </parent>
+
+    <artifactId>cdoc20-schema</artifactId>
+
+    <description>CDOC 2.0 flatbuffer schemas and related functionality </description>
+
+    <properties>
+        <fbs.sources>${basedir}/src/main/fbs</fbs.sources>
+        <fbs.generated.sources>${project.build.directory}/generated-sources/java</fbs.generated.sources>
+
+        <!-- flatbuffers flatc compiler (native binary) version -->
+        <flatbuffers-compiler.version>2.0.8</flatbuffers-compiler.version>
+
+        <!-- flatbuffers-java (java) library. Must be supported by flatbuffers-compiler-->
+        <!-- see https://github.com/davidmoten/flatbuffers for supported versions -->
+        <flatbuffers-java.version>2.0.8</flatbuffers-java.version>
+        <sonar.coverage.jacoco.xmlReportPaths>${project.basedir}/../cdoc20-schema/target/site/jacoco-aggregate/jacoco.xml</sonar.coverage.jacoco.xmlReportPaths>
+    </properties>
+
+    <!-- profiles for flatc compiler -->
+    <!-- untested for win/osx -->
+    <!-- run mvn -version to determine os family/name -->
+    <profiles>
+        <profile>
+            <id>os-linux</id>
+            <activation>
+                <os>
+                    <!--family>Windows</family-->
+                    <name>linux</name>
+                </os>
+            </activation>
+            <properties>
+                <flatbuffers-compiler.distribution>linux</flatbuffers-compiler.distribution>
+                <flatbuffers-compiler.package>tar.gz</flatbuffers-compiler.package>
+            </properties>
+        </profile>
+        <profile>
+
+            <id>os-osx</id>
+            <activation>
+                <os>
+                    <family>mac</family>
+                    <!--name>osx</name-->
+                </os>
+            </activation>
+            <properties>
+                <flatbuffers-compiler.distribution>osx</flatbuffers-compiler.distribution>
+                <flatbuffers-compiler.package>tar.gz</flatbuffers-compiler.package>
+            </properties>
+        </profile>
+        <profile>
+            <id>os-win</id>
+            <activation>
+                <os>
+                    <family>Windows</family>
+                </os>
+            </activation>
+            <properties>
+                <flatbuffers-compiler.distribution>windows</flatbuffers-compiler.distribution>
+                <flatbuffers-compiler.package>zip</flatbuffers-compiler.package>
+            </properties>
+        </profile>
+
+    </profiles>
+
+    <dependencies>
+        <dependency>
+            <groupId>com.google.flatbuffers</groupId>
+            <artifactId>flatbuffers-java</artifactId>
+            <version>${flatbuffers-compiler.version}</version>
+        </dependency>
+
+        <!-- test -->
+        <dependency>
+            <groupId>org.junit.jupiter</groupId>
+            <artifactId>junit-jupiter</artifactId>
+            <scope>test</scope>
+        </dependency>
+
+    </dependencies>
+
+    <build>
+        <plugins>
+            <plugin>
+                <groupId>org.apache.maven.plugins</groupId>
+                <artifactId>maven-dependency-plugin</artifactId>
+                <version>3.2.0</version>
+                <executions>
+                    <execution>
+                        <id>unpack</id>
+                        <phase>generate-sources</phase>
+                        <goals>
+                            <goal>unpack</goal>
+                        </goals>
+                        <configuration>
+                            <artifactItems>
+                                <artifactItem>
+                                    <groupId>com.github.davidmoten</groupId>
+                                    <artifactId>flatbuffers-compiler</artifactId>
+                                    <version>${flatbuffers-compiler.version}</version>
+                                    <type>${flatbuffers-compiler.package}</type>
+                                    <classifier>distribution-${flatbuffers-compiler.distribution}</classifier>
+                                    <overWrite>true</overWrite>
+                                    <outputDirectory>${project.build.directory}</outputDirectory>
+                                </artifactItem>
+                            </artifactItems>
+                        </configuration>
+                    </execution>
+                </executions>
+            </plugin>
+            <plugin>
+                <groupId>org.codehaus.mojo</groupId>
+                <artifactId>exec-maven-plugin</artifactId>
+                <version>${exec-maven-plugin.version}</version>
+                <executions>
+                    <execution>
+                        <goals>
+                            <goal>exec</goal>
+                        </goals>
+                        <phase>generate-sources</phase>
+                    </execution>
+                </executions>
+                <configuration>
+                    <executable>${project.build.directory}/bin/flatc</executable>
+                    <workingDirectory>${fbs.sources}</workingDirectory>
+                    <arguments>
+                        <argument>--java</argument>
+                        <argument>-o</argument>
+                        <argument>${fbs.generated.sources}</argument>
+                        <argument>header.fbs</argument>
+                        <argument>recipients.fbs</argument>
+                    </arguments>
+                </configuration>
+            </plugin>
+            <plugin>
+                <groupId>org.codehaus.mojo</groupId>
+                <artifactId>build-helper-maven-plugin</artifactId>
+                <version>3.3.0</version>
+                <executions>
+                    <execution>
+                        <id>add-source</id>
+                        <phase>generate-sources</phase>
+                        <goals>
+                            <goal>add-source</goal>
+                        </goals>
+                        <configuration>
+                            <sources>
+                                <source>${fbs.generated.sources}</source>
+                            </sources>
+                        </configuration>
+                    </execution>
+                </executions>
+            </plugin>
+            <plugin>
+                <groupId>org.apache.maven.plugins</groupId>
+                <artifactId>maven-deploy-plugin</artifactId>
+                <version>2.8.2</version>
+                <configuration>
+                    <skip>true</skip>
+                </configuration>
+            </plugin>
+        </plugins>
+    </build>
+
+</project>
diff --git a/cdoc20-schema/src/main/fbs/header.fbs b/cdoc20-schema/src/main/fbs/header.fbs
new file mode 100644
index 00000000..199a4733
--- /dev/null
+++ b/cdoc20-schema/src/main/fbs/header.fbs
@@ -0,0 +1,44 @@
+ 
+include "recipients.fbs";
+
+namespace ee.cyber.cdoc20.fbs.header;
+
+// Union for communicating the recipient type
+union Capsule {
+    recipients.ECCPublicKeyCapsule,
+    recipients.RSAPublicKeyCapsule,
+    recipients.KeyServerCapsule,
+    recipients.SymmetricKeyCapsule
+}
+
+// FMK encryption method enum.
+enum FMKEncryptionMethod:byte {
+    UNKNOWN,
+    XOR
+}
+
+// Payload encryption method enum.
+enum PayloadEncryptionMethod:byte {
+    UNKNOWN,
+    CHACHA20POLY1305
+}
+
+// Intermediate record, some languages act very poorly when it comes
+// to an array of unions.
+// Thus it is better to have an an array of tables that
+// contains the union as a field.
+table RecipientRecord {
+    capsule:                Capsule;
+    key_label:              string (required);
+    encrypted_fmk:          [ubyte] (required);
+    fmk_encryption_method:  FMKEncryptionMethod = UNKNOWN;
+}
+
+// Header structure.
+table Header {
+    recipients:                [RecipientRecord];
+
+    payload_encryption_method: PayloadEncryptionMethod = UNKNOWN;
+}
+
+root_type Header;
diff --git a/cdoc20-schema/src/main/fbs/recipients.fbs b/cdoc20-schema/src/main/fbs/recipients.fbs
new file mode 100644
index 00000000..ba44238a
--- /dev/null
+++ b/cdoc20-schema/src/main/fbs/recipients.fbs
@@ -0,0 +1,54 @@
+
+namespace ee.cyber.cdoc20.fbs.recipients;
+
+//server recipient type
+union KeyDetailsUnion {
+    EccKeyDetails, RsaKeyDetails
+}
+
+// Elliptic curve type enum for ECCPublicKey recipient
+enum EllipticCurve:byte {
+    UNKNOWN,
+    secp384r1
+}
+
+
+table RsaKeyDetails {
+    //RSA pub key in DER - RFC8017 RSA Public Key Syntax (A.1.1) https://www.rfc-editor.org/rfc/rfc8017#page-54
+    recipient_public_key:   [ubyte] (required);
+}
+
+table EccKeyDetails {
+     // Elliptic curve type enum
+     curve:                 EllipticCurve = UNKNOWN;
+
+     //EC pub key in TLS 1.3 format https://datatracker.ietf.org/doc/html/rfc8446#section-4.2.8.2
+     //for secp384r1 curve: 0x04 + X 48 coord bytes + Y coord 48 bytes)
+     recipient_public_key:  [ubyte] (required);
+}
+
+// ECC public key recipient
+table ECCPublicKeyCapsule {
+    curve:                 EllipticCurve = UNKNOWN;
+    recipient_public_key:  [ubyte] (required);
+    sender_public_key:     [ubyte] (required);
+}
+
+table RSAPublicKeyCapsule {
+    recipient_public_key:  [ubyte] (required);
+    encrypted_kek:         [ubyte] (required);
+}
+
+// recipient where ephemeral key material is download from server (server scenarios)
+table KeyServerCapsule {
+    // recipient id - key type specific. For public key cryptography this is usually recipient public key
+    recipient_key_details: KeyDetailsUnion;
+    keyserver_id:          string (required);
+    transaction_id:        string (required);
+}
+
+
+// symmetric long term crypto
+table SymmetricKeyCapsule {
+    salt:                 [ubyte] (required);
+}
diff --git a/cdoc20-schema/src/test/java/ee/cyber/cdoc20/fbs/header/FbsHeaderTest.java b/cdoc20-schema/src/test/java/ee/cyber/cdoc20/fbs/header/FbsHeaderTest.java
new file mode 100644
index 00000000..0bcdfe42
--- /dev/null
+++ b/cdoc20-schema/src/test/java/ee/cyber/cdoc20/fbs/header/FbsHeaderTest.java
@@ -0,0 +1,157 @@
+package ee.cyber.cdoc20.fbs.header;
+
+import ee.cyber.cdoc20.fbs.recipients.EllipticCurve;
+import ee.cyber.cdoc20.fbs.recipients.KeyServerCapsule;
+import ee.cyber.cdoc20.fbs.recipients.KeyDetailsUnion;
+import ee.cyber.cdoc20.fbs.recipients.EccKeyDetails;
+import org.junit.jupiter.api.Assertions;
+import org.junit.jupiter.api.Test;
+
+import com.google.flatbuffers.FlatBufferBuilder;
+
+import java.io.IOException;
+import java.nio.ByteBuffer;
+import java.util.Arrays;
+
+import static ee.cyber.cdoc20.fbs.header.Capsule.recipients_KeyServerCapsule;
+
+class FbsHeaderTest {
+
+    public static final int KEYLEN_BYTES = 256 / 8;
+
+    @Test
+    void testFbsHeaderSerialization() throws IOException {
+
+        byte payloadEnc = PayloadEncryptionMethod.CHACHA20POLY1305;
+
+        byte[] fmkBuf =  new byte[KEYLEN_BYTES];
+        fmkBuf[0] = 'f';
+        fmkBuf[1] = 'm';
+        fmkBuf[2] = 'k';
+        fmkBuf[fmkBuf.length - 1] = (byte)0xff;
+
+
+        byte[] recipientPubKeyBuf = new byte[KEYLEN_BYTES];
+        recipientPubKeyBuf[0] = 'r';
+        recipientPubKeyBuf[1] = 'e';
+        recipientPubKeyBuf[2] = 'c';
+        recipientPubKeyBuf[recipientPubKeyBuf.length - 1] = (byte)0xfe;
+
+
+        byte[] senderPubKeyBuf = new byte[KEYLEN_BYTES];
+        senderPubKeyBuf[0] = 's';
+        senderPubKeyBuf[1] = 'e';
+        senderPubKeyBuf[2] = 'n';
+        senderPubKeyBuf[senderPubKeyBuf.length - 1]  = (byte)0xfc;
+
+        String keyLabel = "id-kaart";
+
+        FlatBufferBuilder builder = new FlatBufferBuilder(1024);
+        int recipientPubKeyOffset = builder.createByteVector(recipientPubKeyBuf);
+
+        int serverEccDetailsOffset = EccKeyDetails.createEccKeyDetails(builder,
+                EllipticCurve.secp384r1,
+                recipientPubKeyOffset
+        );
+
+        int keyServerOffset = builder.createString("keyserver");
+        int transactionIdOffset = builder.createString("SD1234567890");
+
+
+        int detailsOffset  = KeyServerCapsule.createKeyServerCapsule(builder,
+                KeyDetailsUnion.EccKeyDetails,
+                serverEccDetailsOffset,
+                keyServerOffset,
+                transactionIdOffset
+        );
+
+
+        int encFmkOffset = RecipientRecord.createEncryptedFmkVector(builder, fmkBuf);
+
+        int keyLabelOffset = builder.createString(keyLabel);
+
+        RecipientRecord.startRecipientRecord(builder);
+        RecipientRecord.addCapsuleType(builder, recipients_KeyServerCapsule);
+        RecipientRecord.addCapsule(builder, detailsOffset);
+
+        RecipientRecord.addKeyLabel(builder, keyLabelOffset);
+
+        RecipientRecord.addEncryptedFmk(builder, encFmkOffset);
+        RecipientRecord.addFmkEncryptionMethod(builder, FMKEncryptionMethod.XOR);
+
+
+        // endRecipientRecord will return RecipientRecord offset value
+        int[] recipients = new int[] {RecipientRecord.endRecipientRecord(builder)};
+        int recipientsOffset = Header.createRecipientsVector(builder, recipients);
+
+        Header.startHeader(builder);
+        Header.addRecipients(builder, recipientsOffset);
+        Header.addPayloadEncryptionMethod(builder, payloadEnc);
+        int headerOffset = Header.endHeader(builder);
+        Header.finishHeaderBuffer(builder, headerOffset);
+
+        ByteBuffer buf = builder.dataBuffer();
+
+// temp examples generation
+//        FileChannel fc = new FileOutputStream("target/Header.bin").getChannel();
+//        int pos = buf.position();
+//        int limit = buf.limit();
+//        fc.write(buf);
+//        fc.close();
+//
+//        buf.position(pos);
+//        buf.limit(limit);
+
+        Header header = Header.getRootAsHeader(buf);
+
+        Assertions.assertNotNull(header);
+
+        Assertions.assertEquals(payloadEnc, header.payloadEncryptionMethod());
+
+        Assertions.assertEquals(1, header.recipientsLength());
+        RecipientRecord recipient = header.recipients(0);
+
+
+        Assertions.assertEquals(recipients_KeyServerCapsule, recipient.capsuleType());
+
+        KeyServerCapsule keyServerDetails = (KeyServerCapsule) recipient.capsule(new KeyServerCapsule());
+        Assertions.assertNotNull(keyServerDetails);
+        Assertions.assertEquals(KeyDetailsUnion.EccKeyDetails, keyServerDetails.recipientKeyDetailsType());
+
+        EccKeyDetails serverEccDetails =
+                (EccKeyDetails) keyServerDetails.recipientKeyDetails(new EccKeyDetails());
+        Assertions.assertNotNull(serverEccDetails);
+        Assertions.assertEquals(EllipticCurve.secp384r1, serverEccDetails.curve());
+        Assertions.assertEquals(recipientPubKeyBuf.length, serverEccDetails.recipientPublicKeyLength());
+
+        Assertions.assertNotNull(serverEccDetails.recipientPublicKeyAsByteBuffer());
+
+        byte[] recipientPubKeyBytesOut = new byte[recipientPubKeyBuf.length];
+        serverEccDetails.recipientPublicKeyAsByteBuffer().get(
+                serverEccDetails.recipientPublicKeyAsByteBuffer().position(),
+                recipientPubKeyBytesOut);
+
+        Assertions.assertArrayEquals(recipientPubKeyBuf, recipientPubKeyBytesOut );
+
+
+        Assertions.assertNotNull(recipient.encryptedFmkAsByteBuffer());
+        Assertions.assertEquals(fmkBuf.length, recipient.encryptedFmkLength());
+
+        Assertions.assertEquals(keyLabel, recipient.keyLabel());
+
+        Assertions.assertEquals(fmkBuf[0], (byte)recipient.encryptedFmk(0));
+
+        //whole underlying bytebuffer, with position() set to start of fmkBuf and limit() at end of fmkBuf
+        ByteBuffer byteBuffer = recipient.encryptedFmkAsByteBuffer();
+
+        byte[] fmkArray = Arrays.copyOfRange(byteBuffer.array(), byteBuffer.position(), byteBuffer.limit());
+
+        //preferred for speed
+        byte[] fmkBytes = new byte[KEYLEN_BYTES];
+        byteBuffer.get(byteBuffer.position(), fmkBytes);
+
+        Assertions.assertArrayEquals(fmkBuf, fmkArray);
+        Assertions.assertArrayEquals(fmkBuf, fmkBytes);
+        Assertions.assertEquals(ByteBuffer.wrap(fmkBuf), byteBuffer.slice());
+    }
+}
diff --git a/cdoc20-server/.gitignore b/cdoc20-server/.gitignore
new file mode 100644
index 00000000..add68601
--- /dev/null
+++ b/cdoc20-server/.gitignore
@@ -0,0 +1,38 @@
+HELP.md
+target/
+!.mvn/wrapper/maven-wrapper.jar
+!**/src/main/**/target/
+!**/src/test/**/target/
+
+**/logs
+**/src/test/resources/keystore/
+**/src/test/resources/test.properties
+
+
+### STS ###
+.apt_generated
+.classpath
+.factorypath
+.project
+.settings
+.springBeans
+.sts4-cache
+
+### IntelliJ IDEA ###
+.idea
+*.iws
+*.iml
+*.ipr
+
+### NetBeans ###
+/nbproject/private/
+/nbbuild/
+/dist/
+/nbdist/
+/.nb-gradle/
+build/
+!**/src/main/**/build/
+!**/src/test/**/build/
+
+### VS Code ###
+.vscode/
diff --git a/cdoc20-server/README.md b/cdoc20-server/README.md
new file mode 100644
index 00000000..0f0b1e2c
--- /dev/null
+++ b/cdoc20-server/README.md
@@ -0,0 +1,111 @@
+#Running locally (dev)
+
+This file describes how to run cdoc20 key servers in your local development machine, without external dependencies
+
+## Installing and creating PostgreSQL DB in Docker
+
+### Install PostgreSQL in Docker
+(Docker must be installed)
+```
+docker run --name cdoc20-psql -p 5432:5432 -e POSTGRES_DB=cdoc20 -e POSTGRES_PASSWORD=secret -d postgres
+docker start cdoc20-psql
+```
+
+### Create DB
+From server-db directory run:
+```
+mvn liquibase:update
+```
+
+## Compiling the servers
+From cdoc20-server directory run:
+```
+mvn clean package
+```
+
+## Running
+(psql in docker must be running)
+
+From cdoc20-server/put-server directory run:
+```
+java -Dspring.config.location=config/application-local.properties -jar target/cdoc20-put-server-VER.jar
+```
+
+and from cdoc20-server/get-server directory run:
+```
+java -Dspring.config.location=config/application-local.properties -jar target/cdoc20-get-server-VER.jar
+```
+
+where VER is the version of the package built by mvn package previously.
+
+Note: to enable TLS handshake debugging, add `-Djavax.net.debug=ssl:handshake` option
+
+
+#Testing
+## Create Key Capsule
+Run from cdoc20-server/keys directory or adjust paths to certificates and keys
+
+recipient_id is public key extracted from certificate in cdoc20client.p12 file.
+ephemeral_key_material is any EC public key with same curve as recipient_pub_key (can be reused from example below)
+```
+curl -v -k -X 'POST' \
+'https://localhost:8443/key-capsules' \
+-H 'Content-Type: application/json' \
+-H 'Accept: application/json' \
+-d '{
+"recipient_id":"BFR25IttEoB7fwzJi5KOaVMTNrfGgXlC/SilElVubX8hmGL4orYq/oP5jP6dERD7Fnw4XUk7SQgrj70moX9K+3CISafQVEvEjhhgljBLV9jSiZuB2twrkmBN7ihLGig7ew==",
+"ephemeral_key_material":"BHvMJnfeeEGbhTieRHskVVajbcdzJ5RQDwpLK/1CR1k6o8sZpaWFBUnA/vPhFyZFL8IS3fVQPYFnRQuMqRWXRgy5WmvAZb2/pBMDb5P68aAIHYn9PGeGTFnmwg13vGskew==",
+"capsule_type":"ecc_secp384r1"}'
+```
+Response:
+```
+HTTP/1.1 201 
+Location: /key-capsules/KC6efa76980f591f0cfb4966a2229505cb
+```
+
+Copy transaction id from Location header
+
+```
+curl -k --cert-type P12 --cert cdoc20client.p12:passwd --cacert server-certificate.pem -v -H "Content-Type: application/json" -H 'Accept: application/json' -X GET https://localhost:8444/key-capsules/KC6eab12a4e1900e58cc8da0975e8cc394
+```
+Response:
+```
+{"recipient_id":"BFR25IttEoB7fwzJi5KOaVMTNrfGgXlC/SilElVubX8hmGL4orYq/oP5jP6dERD7Fnw4XUk7SQgrj70moX9K+3CISafQVEvEjhhgljBLV9jSiZuB2twrkmBN7ihLGig7ew==","ephemeral_key_material":"BHvMJnfeeEGbhTieRHskVVajbcdzJ5RQDwpLK/1CR1k6o8sZpaWFBUnA/vPhFyZFL8IS3fVQPYFnRQuMqRWXRgy5WmvAZb2/pBMDb5P68aAIHYn9PGeGTFnmwg13vGskew==","capsule_type":"ecc_secp384r1"}
+```
+
+If the private key does not match with recipient_pub_key from the POST request, then the server returns 404 Not Found
+
+## Generating request data from certificate
+
+See cdoc20-server/keys/README.md how to generate client private key and EC certificate (cdoc20client.p12 and client-certificate.pem)
+
+Extract EC public key from certificate
+```
+openssl x509 -pubkey -noout -in client-certificate.pem  > pubkey.pem
+```
+
+Display EC public key (TLS 1.3 format)
+```
+openssl ec -pubin -in pubkey.pem -text -noout
+read EC key
+Public-Key: (384 bit)
+pub:
+    04:54:76:e4:8b:6d:12:80:7b:7f:0c:c9:8b:92:8e:
+    69:53:13:36:b7:c6:81:79:42:fd:28:a5:12:55:6e:
+    6d:7f:21:98:62:f8:a2:b6:2a:fe:83:f9:8c:fe:9d:
+    11:10:fb:16:7c:38:5d:49:3b:49:08:2b:8f:bd:26:
+    a1:7f:4a:fb:70:88:49:a7:d0:54:4b:c4:8e:18:60:
+    96:30:4b:57:d8:d2:89:9b:81:da:dc:2b:92:60:4d:
+    ee:28:4b:1a:28:3b:7b
+ASN1 OID: secp384r1
+NIST CURVE: P-384
+```
+
+Base64 encode EC public key
+```
+openssl ec -pubin -in pubkey.pem -text -noout 2>/dev/null|grep '    '|sed s/://g|xxd -r -p -|base64|tr -d '\n' && echo ''
+BFR25IttEoB7fwzJi5KOaVMTNrfGgXlC/SilElVubX8hmGL4orYq/oP5jP6dERD7Fnw4XUk7SQgrj70moX9K+3CISafQVEvEjhhgljBLV9jSiZuB2twrkmBN7ihLGig7ew==
+```
+
+Replace "recipient_pub_key" value with output
+
diff --git a/cdoc20-server/admin-guide.md b/cdoc20-server/admin-guide.md
new file mode 100644
index 00000000..62fc4228
--- /dev/null
+++ b/cdoc20-server/admin-guide.md
@@ -0,0 +1,294 @@
+# CDOC 2.0 Key Capsule Server Administration Guide
+
+This document describes how to configure and run CDOC2.0 key capsule servers.
+
+## Database
+
+The key capsule server requires a pre-installed PostgreSQL database to store data.
+
+### Configuration
+
+The creation and updating of the database schema is currently done from the source tree
+using `liquibase-maven-plugin`. In order to create or update the database schema
+Maven (at least 3.8.4) and Java (at least JDK 17) are required.
+
+In `server-db/liquibase.properties` configure the database connection parameters to match your PostgreSQL
+installation:
+
+```
+url: jdbc:postgresql://HOST/DB_NAME
+username: postgres
+password: secret
+```
+
+### Create and Update
+
+To create or update the CDOC2.0 key capsule server's database run the following command from `server-db` folder:
+
+`
+mvn liquibase:update
+`
+
+## Servers
+
+The CDOC 2.0 Key Capsule Server backend consists of two separate servers:
+
+- CDOC 2.0 Key Capsule Put Server for sending key capsules.
+- CDOC 2.0 Key Capsule Get Server for fetching key capsules.
+
+### Keystore Creation
+
+The servers require a keystore file to secure HTTP connections using TLS.
+
+The keystore file is created with the `keytool` utility
+(included with Java Runtime).
+
+To generate a keystore file `cdoc20server.p12` with password `passwd`, alias `cdoc20-server` and validity of 365 days:
+```
+keytool -genkeypair -alias cdoc20-server -keyalg ec -groupname secp384r1 -sigalg SHA512withECDSA -keystore cdoc20server.p12 -storepass passwd -validity 365
+```
+
+For more details about operations with certificates in keystore files, see [^1].
+
+### Put Server
+
+#### Requirements
+- Java runtime (at least JDK 17)
+- the application binary `cdoc20-put-server-<VERSION>.jar`
+- the configuration file `application.properties`
+
+#### Configuration
+
+The configuration file `application.properties` must contain the following configuration parameters:
+
+```
+# The format used for the keystore. It could be set to JKS in case it is a JKS file
+server.ssl.key-store-type=PKCS12
+
+# The path to the keystore containing the certificate
+server.ssl.key-store=/path/to/cdoc20server.p12
+
+# The keystore password to access its entries
+server.ssl.key-store-password=passwd
+
+# The alias mapped to the certificate in the keystore
+server.ssl.key-alias=cdoc20-server
+
+# Enable server TLS
+server.ssl.enabled=true
+
+# allow only TLSv1.3
+server.ssl.enabled-protocols=TLSv1.3
+
+# The port the server is started on
+server.port=8443
+
+# Database configuration
+spring.datasource.url=jdbc:postgresql://HOST/DB_NAME
+spring.datasource.username=postgres
+spring.datasource.password=secret
+spring.datasource.driver-class-name=org.postgresql.Driver
+
+# logging levels
+logging.level.root=info
+logging.level.ee.cyber.cdoc20=trace
+```
+
+#### Running
+
+To run the server, execute the following command:
+
+`
+java -jar -Dspring.config.location=application.properties cdoc20-put-server-VER.jar
+`
+
+### Get Server
+
+#### Requirements
+- Java runtime (at least JDK 17)
+- the application binary `cdoc20-get-server-<VERSION>.jar`
+- the configuration file `application.properties`
+
+#### Truststore Configuration
+
+The CDOC 2.0 Key Capsule Get Server must use client authentication (Mutual TLS) when returning key capsules to clients.
+
+For mutual TLS to work, a trust store file containing trusted certificates is required.
+
+The server truststore file is created using the `keytool` utility.
+
+To add an entry to the trust store file `server-truststore.jks` with password `passwd` execute:
+
+```
+keytool -import -trustcacerts -file esteid2018.pem.crt -alias esteid2018 -storepass passwd -keystore server-truststore.jks
+```
+
+This will configure the Get Server to trust all requests done by Estonian ID cards signed with the esteid2018 CA certificate.
+
+
+#### Configuration file
+
+The configuration file `application.properties` must contain the following configuration parameters:
+
+```
+# The format used for the keystore. It could be set to JKS in case it is a JKS file
+server.ssl.key-store-type=PKCS12
+
+# The path to the keystore containing the certificate
+server.ssl.key-store=/path/to/cdoc20server.p12
+
+# The keystore password to access its entries
+server.ssl.key-store-password=passwd
+
+# The alias mapped to the certificate in the keystore
+server.ssl.key-alias=cdoc20-server
+
+# Enable server TLS
+server.ssl.enabled=true
+# allow only TLSv1.3
+server.ssl.enabled-protocols=TLSv1.3
+
+# The port the server is started on
+server.port=8444
+
+# Mutual TLS
+server.ssl.client-auth=need
+server.ssl.trust-store=/path/to/server-truststore.jks
+server.ssl.trust-store-password=passwd
+#cdoc20.ssl.client-auth.revocation-checks.enabled=false
+
+# Database configuration
+spring.datasource.url=jdbc:postgresql://HOST/DB_NAME
+spring.datasource.username=postgres
+spring.datasource.password=secret
+spring.datasource.driver-class-name=org.postgresql.Driver
+
+# logging levels
+logging.level.root=info
+logging.level.ee.cyber.cdoc20=trace
+```
+
+#### Running
+
+To run the server, execute the following command:
+
+`java -jar -Dspring.config.location=application.properties cdoc20-get-server-VER.jar`
+
+####  Client authentication certificate revocation checking
+By default, client authentication certificate revocation checking is enabled for get-server.
+
+This option requires connection to external OCSP servers. Est-eID certificates are checked from http://aia.sk.ee/.
+Depending on your network and firewall setup, it may be necessary to also configure your firewalls and/or networking proxy servers.
+
+Timeouts in seconds for connection and read timeouts can be specified by setting
+`com.sun.security.ocsp.timeout` Java system properties (-D for java executable)
+
+To enable certificate revocation debug use `-Djava.security.debug="certpath"`
+
+Other options available for fine-tuning certificate revocation are described in
+
+https://docs.oracle.com/en/java/javase/17/security/java-pki-programmers-guide.html#GUID-EB250086-0AC1-4D60-AE2A-FC7461374746
+
+To disable client certificate checking over OCSP `application.properties` must have:
+```
+cdoc20.ssl.client-auth.revocation-checks.enabled=false
+```
+
+
+
+## Monitoring
+
+To enable standard Spring monitoring endpoints, `application.properties` must contain following lines:
+```
+# https://docs.spring.io/spring-boot/docs/current/reference/html/actuator.html#actuator.monitoring
+# run management on separate port
+management.server.port=18443
+management.server.ssl.enabled=true
+management.server.ssl.key-store-type=PKCS12
+# The path to the keystore containing the certificate
+# See copy-keys-and-certificates in pom.xml
+management.server.ssl.key-store=../keys/cdoc20server.p12
+# The password used to generate the certificate
+management.server.ssl.key-store-password=passwd
+# The alias mapped to the certificate
+management.server.ssl.key-alias=cdoc20
+
+# configure monitoring endpoints
+management.endpoints.enabled-by-default=false
+management.endpoints.web.discovery.enabled=false
+
+# explicitly enable endpoints
+management.endpoint.info.enabled=true
+management.endpoint.health.enabled=true
+management.endpoint.health.show-details=always
+management.endpoint.startup.enabled=true
+
+# expose endpoints
+management.endpoints.web.exposure.include=info,health,startup
+```
+
+NB! Currently, the monitoring endpoints require no authentication. As these endpoints are
+running on a separate HTTP port, the access to the monitoring endpoints must be implemented by network access rules (e.g firewall).
+
+
+### Info endpoint 
+`curl -X GET https://<management_host>:<management_port>/actuator/info | jq`
+
+```json
+
+{
+  "build": {
+    "artifact": "cdoc20-put-server",
+    "name": "cdoc20-put-server",
+    "time": "2023-01-17T14:31:18.918Z",
+    "version": "0.3.0-SNAPSHOT",
+    "group": "ee.cyber.cdoc20"
+  },
+  "system.time": "2023-01-17T14:48:39Z"
+}
+```
+
+### Health endpoint
+`curl -X GET https://<management_host>:<management_port>/actuator/health | jq`
+
+```json
+{
+  "status": "UP",
+  "components": {
+    "db": {
+      "status": "UP",
+      "details": {
+        "database": "PostgreSQL",
+        "validationQuery": "isValid()"
+      }
+    },
+    "diskSpace": {
+      "status": "UP",
+      "details": {
+        "total": 499596230656,
+        "free": 415045992448,
+        "threshold": 10485760,
+        "exists": true
+      }
+    },
+    "ping": {
+      "status": "UP"
+    }
+  }
+}
+```
+
+### Startup endpoint
+`curl -X GET https://<management_host>:<management_port>/actuator/startup | jq`
+
+```json
+{
+  "springBootVersion": "2.7.5",
+  "timeline": {
+    "startTime": "2023-01-17T14:36:17.935227352Z",
+    "events": []
+  }
+}
+```
+
+[^1]: https://docs.oracle.com/cd/E54932_01/doc.705/e54936/cssg_create_ssl_cert.htm#CSVSG182
diff --git a/cdoc20-server/get-server/config/application-local.properties b/cdoc20-server/get-server/config/application-local.properties
new file mode 100644
index 00000000..426017be
--- /dev/null
+++ b/cdoc20-server/get-server/config/application-local.properties
@@ -0,0 +1,70 @@
+# Configuration file for running from cdoc20-server directory, see cdoc20-server/README.md
+debug=false
+# The format used for the keystore. It could be set to JKS in case it is a JKS file
+server.ssl.key-store-type=PKCS12
+# The path to the keystore containing the certificate
+# See copy-keys-and-certificates in pom.xml
+server.ssl.key-store=../keys/cdoc20server.p12
+# The password used to generate the certificate
+server.ssl.key-store-password=passwd
+# The alias mapped to the certificate
+server.ssl.key-alias=cdoc20
+
+# Mutual TLS/SSL
+server.ssl.client-auth=need
+
+# Enable client authentication certificate revocation checking for mutual TLS over OCSP
+# For Est-ID (sk issued) certificates requires connection to http://aia.sk.ee
+cdoc20.ssl.client-auth.revocation-checks.enabled=true
+
+# trust store, must include CA cert that was used to sign client certificate
+# See copy-keys-and-certificates in pom.xml
+server.ssl.trust-store=../keys/servertruststore.jks
+server.ssl.trust-store-password=passwd
+
+server.ssl.enabled=true
+# enable TLSv1.3 only
+server.ssl.enabled-protocols=TLSv1.3
+server.port=8444
+
+logging.level.root=info
+logging.level.ee.cyber.cdoc20=trace
+
+spring.datasource.url=jdbc:postgresql://localhost/cdoc20
+spring.datasource.username=postgres
+spring.datasource.password=secret
+spring.datasource.driver-class-name=org.postgresql.Driver
+
+
+# https://docs.spring.io/spring-boot/docs/current/reference/html/actuator.html#actuator.monitoring
+# run management on separate https port
+management.server.port=18444
+management.server.ssl.enabled=true
+management.server.ssl.key-store-type=PKCS12
+# The path to the keystore containing the certificate
+# See copy-keys-and-certificates in pom.xml
+management.server.ssl.key-store=../keys/cdoc20server.p12
+# The password used to generate the certificate
+management.server.ssl.key-store-password=passwd
+# The alias mapped to the certificate
+management.server.ssl.key-alias=cdoc20
+
+# configure monitoring endpoints
+management.endpoints.enabled-by-default=false
+management.endpoints.web.discovery.enabled=false
+
+# explicitly enable endpoints
+management.endpoint.info.enabled=true
+management.endpoint.health.enabled=true
+management.endpoint.health.show-details=always
+management.endpoint.startup.enabled=true
+
+# expose endpoints
+management.endpoints.web.exposure.include=info,health,startup
+
+# access security must be implemented at network access rules (firewall)
+management.security.enabled=false
+endpoints.health.sensitive=false
+
+
+
diff --git a/cdoc20-server/get-server/docker/Dockerfile b/cdoc20-server/get-server/docker/Dockerfile
new file mode 100644
index 00000000..ed709443
--- /dev/null
+++ b/cdoc20-server/get-server/docker/Dockerfile
@@ -0,0 +1,12 @@
+FROM openjdk:17-slim
+ARG NAME
+WORKDIR /opt/cdoc2
+
+COPY get-server/docker/docker-entrypoint.sh /
+COPY get-server/docker/application.properties /opt/cdoc2/
+COPY get-server/target/cdoc20-get-server*.jar /opt/cdoc2/${NAME}.jar
+COPY keys/servertruststore.jks keys/cdoc20server.p12 /opt/cdoc2/keys/
+
+ENV NAME ${NAME}
+
+ENTRYPOINT ["/docker-entrypoint.sh"]
diff --git a/cdoc20-server/get-server/docker/application.properties b/cdoc20-server/get-server/docker/application.properties
new file mode 100644
index 00000000..aef3cee7
--- /dev/null
+++ b/cdoc20-server/get-server/docker/application.properties
@@ -0,0 +1,67 @@
+# Configuration file for running in Docker container
+debug=false
+# The format used for the keystore. It could be set to JKS in case it is a JKS file
+server.ssl.key-store-type=PKCS12
+# The path to the keystore containing the certificate
+server.ssl.key-store=/opt/cdoc2/keys/cdoc20server.p12
+# The password used to generate the certificate
+server.ssl.key-store-password=passwd
+# The alias mapped to the certificate
+server.ssl.key-alias=cdoc20
+
+# Mutual TLS/SSL
+server.ssl.client-auth=need
+
+# Enable client authentication certificate revocation checking for mutual TLS over OCSP
+# For Est-ID (sk issued) certificates requires connection to http://aia.sk.ee
+cdoc20.ssl.client-auth.revocation-checks.enabled=true
+
+# trust store, must include CA cert that was used to sign client certificate
+server.ssl.trust-store=/opt/cdoc2/keys/servertruststore.jks
+server.ssl.trust-store-password=passwd
+
+server.ssl.enabled=true
+# enable TLSv1.3 only
+server.ssl.enabled-protocols=TLSv1.3
+server.port=8443
+
+logging.level.root=info
+logging.level.ee.cyber.cdoc20=trace
+
+spring.datasource.url=jdbc:postgresql://cdoc2-postgres:5432/postgres
+spring.datasource.username=postgres
+spring.datasource.password=postgres
+spring.datasource.driver-class-name=org.postgresql.Driver
+
+# https://docs.spring.io/spring-boot/docs/current/reference/html/actuator.html#actuator.monitoring
+# run management on separate https port
+management.server.port=18443
+management.server.ssl.enabled=true
+management.server.ssl.key-store-type=PKCS12
+# The path to the keystore containing the certificate
+# See copy-keys-and-certificates in pom.xml
+management.server.ssl.key-store=/opt/cdoc2/keys/cdoc20server.p12
+# The password used to generate the certificate
+management.server.ssl.key-store-password=passwd
+# The alias mapped to the certificate
+management.server.ssl.key-alias=cdoc20
+
+# configure monitoring endpoints
+management.endpoints.enabled-by-default=false
+management.endpoints.web.discovery.enabled=false
+
+# explicitly enable endpoints
+management.endpoint.info.enabled=true
+management.endpoint.health.enabled=true
+management.endpoint.health.show-details=always
+management.endpoint.startup.enabled=true
+
+# expose endpoints
+management.endpoints.web.exposure.include=info,health,startup
+
+# access security must be implemented at network access rules (firewall)
+management.security.enabled=false
+endpoints.health.sensitive=false
+
+
+
diff --git a/cdoc20-server/get-server/docker/docker-entrypoint.sh b/cdoc20-server/get-server/docker/docker-entrypoint.sh
new file mode 100755
index 00000000..96be4038
--- /dev/null
+++ b/cdoc20-server/get-server/docker/docker-entrypoint.sh
@@ -0,0 +1,9 @@
+#!/usr/bin/env bash
+
+## default JAVA_OPTS, overwritten by env variable of same name
+JAVA_OPTS="${JAVA_OPTS:=-XX:InitialRAMPercentage=30 -XX:MinRAMPercentage=50 -XX:MaxRAMPercentage=80}"
+
+cd /opt/cdoc2
+
+echo "Running ${NAME}"
+exec java $JAVA_OPTS -jar cdoc2-get-server.jar
diff --git a/cdoc20-server/get-server/pom.xml b/cdoc20-server/get-server/pom.xml
new file mode 100644
index 00000000..cf68a595
--- /dev/null
+++ b/cdoc20-server/get-server/pom.xml
@@ -0,0 +1,279 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd">
+	<modelVersion>4.0.0</modelVersion>
+
+	<parent>
+		<groupId>org.springframework.boot</groupId>
+		<artifactId>spring-boot-starter-parent</artifactId>
+		<version>2.7.5</version>
+		<relativePath /> <!-- lookup parent from repository -->
+	</parent>
+
+	<artifactId>cdoc20-get-server</artifactId>
+	<groupId>ee.cyber.cdoc20</groupId>
+	<version>0.6.0-SNAPSHOT</version>
+	<packaging>jar</packaging>
+
+	<name>cdoc20-get-server</name>
+	<description>CDOC 2.0 server for getting key capsules</description>
+
+	<properties>
+		<java.version>17</java.version>
+		<tests>!(pkcs11 | slow)</tests>
+
+		<!-- spring boot depends jersey 2.35, cdoc20-client depends 3.1.0 -->
+		<!-- overwrite jersey.version property and its dependencies from spring-boot-dependencies.pom -->
+		<jersey.version>3.1.0</jersey.version>
+		<jakarta-annotation.version>2.1.1</jakarta-annotation.version>
+		<jakarta-xml-bind.version>4.0.0</jakarta-xml-bind.version>
+		<jakarta-ws-rs.version>3.1.0</jakarta-ws-rs.version>
+	</properties>
+	<profiles>
+		<profile>
+			<id>allTests</id>
+			<properties>
+				<!-- empty, means all tests-->
+				<tests />
+			</properties>
+		</profile>
+
+		<profile>
+			<id>excludePkcs11AndSlowTests</id>
+			<properties>
+				<tests>!(pkcs11 | slow)</tests>
+			</properties>
+		</profile>
+	</profiles>
+
+	<dependencies>
+		<dependency>
+			<groupId>ee.cyber.cdoc20</groupId>
+			<artifactId>cdoc20-common-server</artifactId>
+			<version>0.6.0-SNAPSHOT</version>
+		</dependency>
+
+		<dependency>
+			<groupId>ee.cyber.cdoc20</groupId>
+			<artifactId>cdoc20-server-db</artifactId>
+			<version>0.6.0-SNAPSHOT</version>
+		</dependency>
+
+		<dependency>
+			<groupId>ee.cyber.cdoc20</groupId>
+			<artifactId>cdoc20-openapi</artifactId>
+			<version>0.6.0-SNAPSHOT</version>
+			<scope>compile</scope>
+		</dependency>
+
+		<dependency>
+			<groupId>ee.cyber.cdoc20</groupId>
+			<artifactId>cdoc20-client</artifactId>
+			<version>0.6.0-SNAPSHOT</version>
+			<scope>test</scope>
+		</dependency>
+
+		<dependency>
+			<groupId>ee.cyber.cdoc20</groupId>
+			<artifactId>cdoc20-common-server</artifactId>
+			<version>0.6.0-SNAPSHOT</version>
+			<type>test-jar</type>
+			<scope>test</scope>
+		</dependency>
+
+		<dependency>
+			<groupId>org.springframework.boot</groupId>
+			<artifactId>spring-boot-starter</artifactId>
+		</dependency>
+
+		<!--
+		without jaxp-api dependency server will fail to start with:
+
+		org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'entityManagerFactory'
+		defined in class path resource [org/springframework/boot/autoconfigure/orm/jpa/HibernateJpaConfiguration.class]:
+		Invocation of init method failed;
+		nested exception is java.lang.NoClassDefFoundError: javax/xml/bind/JAXBException
+		-->
+		<dependency>
+			<groupId>javax.xml.bind</groupId>
+			<artifactId>jaxb-api</artifactId>
+		</dependency>
+
+		<dependency>
+			<groupId>org.springframework.boot</groupId>
+			<artifactId>spring-boot-starter-test</artifactId>
+			<scope>test</scope>
+		</dependency>
+		<dependency>
+			<groupId>org.springframework.boot</groupId>
+			<artifactId>spring-boot-test</artifactId>
+			<scope>test</scope>
+		</dependency>
+		<dependency>
+			<groupId>org.testcontainers</groupId>
+			<artifactId>postgresql</artifactId>
+			<version>1.17.2</version>
+			<scope>test</scope>
+		</dependency>
+		<dependency>
+			<groupId>org.liquibase</groupId>
+			<artifactId>liquibase-core</artifactId>
+			<version>4.11.0</version>
+			<scope>test</scope>
+		</dependency>
+		<dependency>
+			<groupId>org.testcontainers</groupId>
+			<artifactId>junit-jupiter</artifactId>
+			<version>1.17.2</version>
+			<scope>test</scope>
+		</dependency>
+		<dependency>
+			<groupId>org.apache.httpcomponents</groupId>
+			<artifactId>httpclient</artifactId>
+			<version>4.5.13</version>
+			<scope>test</scope>
+		</dependency>
+		<dependency>
+			<groupId>ee.cyber.cdoc20</groupId>
+			<artifactId>cdoc20-lib</artifactId>
+			<version>0.6.0-SNAPSHOT</version>
+			<type>test-jar</type>
+			<scope>test</scope>
+		</dependency>
+    </dependencies>
+
+	<build>
+		<resources>
+			<resource>
+				<directory>src/main/resources</directory>
+				<filtering>true</filtering>
+				<excludes>
+					<exclude>**/*</exclude>
+				</excludes>
+			</resource>
+		</resources>
+		<plugins>
+			<plugin>
+				<groupId>org.apache.maven.plugins</groupId>
+				<artifactId>maven-checkstyle-plugin</artifactId>
+				<version>3.2.0</version>
+
+				<configuration>
+					<configLocation>../../checkstyle.xml</configLocation>
+					<suppressionsLocation>../../checkstyle-suppressions.xml</suppressionsLocation>
+
+					<sourceDirectories>
+						<sourceDirectory>${project.build.sourceDirectory}</sourceDirectory>
+						<sourceDirectory>${project.build.testSourceDirectory}</sourceDirectory>
+					</sourceDirectories>
+
+					<encoding>UTF-8</encoding>
+					<consoleOutput>true</consoleOutput>
+
+					<failsOnError>true</failsOnError>
+					<failOnViolation>false</failOnViolation>
+
+					<linkXRef>false</linkXRef>
+				</configuration>
+				<executions>
+					<execution>
+						<goals>
+							<goal>check</goal>
+						</goals>
+					</execution>
+				</executions>
+			</plugin>
+
+			<plugin>
+				<groupId>org.apache.maven.plugins</groupId>
+				<artifactId>maven-resources-plugin</artifactId>
+				<version>3.2.0</version>
+				<executions>
+					<execution>
+						<id>copy-keys-and-certificates-to-test-resources</id>
+						<phase>generate-test-resources</phase>
+						<goals>
+							<goal>copy-resources</goal>
+						</goals>
+						<configuration>
+							<!--referenced from application-test.properties for running through IntelliJ-->
+							<outputDirectory>${basedir}/src/test/resources/keystore</outputDirectory>
+							<resources>
+								<resource>
+									<directory>${basedir}/../keys</directory>
+									<includes>
+										<include>servertruststore.jks</include>
+										<include>cdoc20server.p12</include>
+									</includes>
+								</resource>
+							</resources>
+						</configuration>
+					</execution>
+				</executions>
+			</plugin>
+			<plugin>
+				<groupId>org.apache.maven.plugins</groupId>
+				<artifactId>maven-antrun-plugin</artifactId>
+				<version>1.8</version>
+				<executions>
+					<execution>
+						<id>clean</id>
+						<phase>clean</phase>
+						<goals>
+							<goal>run</goal>
+						</goals>
+						<configuration>
+							<target>
+								<delete file="${basedir}/src/test/resources/test.properties" />
+								<delete file="${basedir}/src/test/resources/keystore/servertruststore.jks" />
+								<delete file="${basedir}/src/test/resources/keystore/cdoc20server.p12" />
+							</target>
+						</configuration>
+					</execution>
+					<execution>
+						<id>generate-test.properties</id>
+						<phase>generate-test-resources</phase>
+						<goals>
+							<goal>run</goal>
+						</goals>
+						<configuration>
+							<target>
+								<!-- create properties file for tests -->
+								<echo file="${basedir}/src/test/resources/test.properties" append="false">cdoc20.keys.dir=${basedir}/../keys
+								</echo>
+							</target>
+						</configuration>
+					</execution>
+
+				</executions>
+			</plugin>
+			<plugin>
+				<groupId>org.apache.maven.plugins</groupId>
+				<artifactId>maven-surefire-plugin</artifactId>
+				<version>2.22.0</version>
+				<configuration>
+					<trimStackTrace>false</trimStackTrace>
+					<groups>${tests}</groups>
+				</configuration>
+			</plugin>
+
+			<!-- generate build info -->
+			<plugin>
+				<groupId>org.springframework.boot</groupId>
+				<artifactId>spring-boot-maven-plugin</artifactId>
+				<executions>
+					<execution>
+						<goals>
+							<goal>build-info</goal>
+						</goals>
+					</execution>
+				</executions>
+			</plugin>
+
+		</plugins>
+	</build>
+
+  <scm>
+    <tag>v0.0.12</tag>
+  </scm>
+
+</project>
diff --git a/cdoc20-server/get-server/src/main/java/ee/cyber/cdoc20/server/Cdoc20GetServerApplication.java b/cdoc20-server/get-server/src/main/java/ee/cyber/cdoc20/server/Cdoc20GetServerApplication.java
new file mode 100644
index 00000000..07470eff
--- /dev/null
+++ b/cdoc20-server/get-server/src/main/java/ee/cyber/cdoc20/server/Cdoc20GetServerApplication.java
@@ -0,0 +1,55 @@
+package ee.cyber.cdoc20.server;
+
+import io.micrometer.core.instrument.MeterRegistry;
+import lombok.extern.slf4j.Slf4j;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.boot.SpringApplication;
+import org.springframework.boot.actuate.autoconfigure.metrics.MeterRegistryCustomizer;
+import org.springframework.boot.autoconfigure.SpringBootApplication;
+import org.springframework.boot.info.BuildProperties;
+import org.springframework.boot.web.server.Ssl;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.context.event.ContextRefreshedEvent;
+import org.springframework.context.event.EventListener;
+import org.springframework.data.jpa.repository.config.EnableJpaAuditing;
+
+@SpringBootApplication
+@Configuration
+@EnableJpaAuditing
+@Slf4j
+public class Cdoc20GetServerApplication {
+
+    @Autowired
+    BuildProperties buildProperties;
+
+    public static void main(String[] args) {
+        SpringApplication app = new SpringApplication(Cdoc20GetServerApplication.class);
+        // capture startup events for startup actuator endpoint
+        app.setApplicationStartup(MonitoringUtil.getApplicationStartupInfo());
+        app.run(args);
+    }
+
+    @Bean
+    MeterRegistryCustomizer<MeterRegistry> metricsCommonTags() {
+        // 'application' tag for all metrics
+        return registry -> registry.config().commonTags(
+                "application", buildProperties.getArtifact() //cdoc20-get-server
+        );
+    }
+
+    /**
+     * Checks that the application is configured with mutual TLS.
+     * @param event the context
+     * @throws IllegalStateException when mutual TLS is not configured
+     */
+    @EventListener
+    public static void checkMutualTlsConfigured(ContextRefreshedEvent event) {
+        var env = event.getApplicationContext().getEnvironment();
+        var clientAuth = env.getRequiredProperty("server.ssl.client-auth");
+
+        if (Ssl.ClientAuth.NEED != Ssl.ClientAuth.valueOf(clientAuth.toUpperCase())) {
+            throw new IllegalStateException("TLS client authentication not enabled");
+        }
+    }
+}
diff --git a/cdoc20-server/get-server/src/main/java/ee/cyber/cdoc20/server/ClientAuthCertRevocationCustomizer.java b/cdoc20-server/get-server/src/main/java/ee/cyber/cdoc20/server/ClientAuthCertRevocationCustomizer.java
new file mode 100644
index 00000000..b47dc1ba
--- /dev/null
+++ b/cdoc20-server/get-server/src/main/java/ee/cyber/cdoc20/server/ClientAuthCertRevocationCustomizer.java
@@ -0,0 +1,58 @@
+package ee.cyber.cdoc20.server;
+
+import java.security.Security;
+import lombok.extern.slf4j.Slf4j;
+import org.apache.catalina.connector.Connector;
+import org.apache.coyote.http11.Http11NioProtocol;
+import org.apache.tomcat.util.net.SSLHostConfig;
+import org.springframework.beans.factory.annotation.Value;
+import org.springframework.boot.web.embedded.tomcat.TomcatConnectorCustomizer;
+import org.springframework.stereotype.Component;
+
+/**
+ * Configure client authentication certificate revocation checking for mutual TLS
+ */
+@Component
+@Slf4j
+public class ClientAuthCertRevocationCustomizer implements TomcatConnectorCustomizer {
+    //spring properties
+    @Value("${cdoc20.ssl.client-auth.revocation-checks.enabled:true}")
+    private boolean revocationCheckEnabled;
+
+    @Override
+    @SuppressWarnings("LineLength")
+    public void customize(Connector connector) {
+        //https://docs.oracle.com/en/java/javase/17/security/java-pki-programmers-guide.html#GUID-650D0D53-B617-4055-AFD3-AF5C2629CBBF
+        // run with -Djava.security.debug="certpath" to produce detailed log
+        // when client auth cert has AuthorityInfoAccess extension
+
+        log.debug("Customizing {}", connector);
+        log.debug("cdoc20.ssl.client-auth.revocation-checks.enabled={}", revocationCheckEnabled);
+
+        if (revocationCheckEnabled) {
+            log.info("Enabling OCSP revocation check for {}", connector);
+            log.debug("Setting ocsp.enable=true");
+            Security.setProperty("ocsp.enable", "true");
+            System.setProperty("com.sun.security.enableAIAcaIssuers", "true");
+
+            // Optional revocation related properties
+            ////https://docs.oracle.com/en/java/javase/17/security/java-pki-programmers-guide.html#GUID-650D0D53-B617-4055-AFD3-AF5C2629CBBF
+            //System.setProperty("com.sun.security.enableCRLDP", "true");
+            //System.setProperty("com.sun.security.crl.timeout", "15");
+            //System.setProperty("com.sun.security.crl.readtimeout", "15");
+            //System.setProperty("com.sun.security.ocsp.timeout", "15");
+            //System.setProperty("jdk.security.certpath.OCSPNonce", "true");
+
+            //OCSP checks are done by
+            //sun.security.provider.certpath.OCSP class
+
+            Http11NioProtocol protocol = (Http11NioProtocol) connector.getProtocolHandler();
+            SSLHostConfig[] sslConfigs = protocol.findSslHostConfigs();
+            for (SSLHostConfig sslHostConfig : sslConfigs) {
+                //https://tomcat.apache.org/tomcat-10.1-doc/config/http.html#SSL_Support_-_SSLHostConfig
+                sslHostConfig.setRevocationEnabled(true);
+            }
+        }
+        log.debug("ocsp.enable={}", Security.getProperty("ocsp.enable"));
+    }
+}
diff --git a/cdoc20-server/get-server/src/main/java/ee/cyber/cdoc20/server/api/GetKeyCapsuleApi.java b/cdoc20-server/get-server/src/main/java/ee/cyber/cdoc20/server/api/GetKeyCapsuleApi.java
new file mode 100644
index 00000000..121c9f23
--- /dev/null
+++ b/cdoc20-server/get-server/src/main/java/ee/cyber/cdoc20/server/api/GetKeyCapsuleApi.java
@@ -0,0 +1,131 @@
+package ee.cyber.cdoc20.server.api;
+
+import ee.cyber.cdoc20.crypto.ECKeys;
+import ee.cyber.cdoc20.crypto.RsaUtils;
+import ee.cyber.cdoc20.server.model.Capsule;
+import ee.cyber.cdoc20.server.model.db.KeyCapsuleDb;
+import ee.cyber.cdoc20.server.model.db.KeyCapsuleRepository;
+import java.security.GeneralSecurityException;
+import java.security.PublicKey;
+import java.security.cert.X509Certificate;
+import java.security.interfaces.ECPublicKey;
+import java.security.interfaces.RSAPublicKey;
+import java.util.Arrays;
+import java.util.Optional;
+import javax.security.auth.x500.X500Principal;
+import javax.servlet.http.HttpServletRequest;
+import lombok.extern.slf4j.Slf4j;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.http.HttpStatus;
+import org.springframework.http.ResponseEntity;
+import org.springframework.stereotype.Service;
+import org.springframework.web.context.request.NativeWebRequest;
+
+/**
+ * Implements API for getting CDOC2.0 key capsules {@link KeyCapsulesApi}
+ */
+@Service
+@Slf4j
+public class GetKeyCapsuleApi implements KeyCapsulesApiDelegate {
+
+    @Autowired
+    private NativeWebRequest nativeWebRequest;
+
+    @Autowired
+    private KeyCapsuleRepository capsuleRepository;
+
+    @Override
+    public Optional<NativeWebRequest> getRequest() {
+        return Optional.of(this.nativeWebRequest);
+    }
+
+    @Override
+    public ResponseEntity<Capsule> getCapsuleByTransactionId(String transactionId) {
+        var clientCertOpt = this.getClientCertFromRequest();
+        if (clientCertOpt.isEmpty()) {
+            return new ResponseEntity<>(HttpStatus.UNAUTHORIZED);
+        }
+        var clientCert = clientCertOpt.get();
+        PublicKey clientPubKey = clientCert.getPublicKey();
+
+        Optional<KeyCapsuleDb> capsuleDbOpt = this.capsuleRepository.findById(transactionId);
+        if (capsuleDbOpt.isEmpty()) {
+            log.debug("Capsule with transactionId {} not found", transactionId);
+            return new ResponseEntity<>(HttpStatus.NOT_FOUND);
+        }
+
+        var capsule = capsuleDbOpt.get();
+        if (isRecipient(clientPubKey, capsule)) {
+            log.info("Found capsule(transaction={}) for client certificate", transactionId);
+            return ResponseEntity.ok(toDto(capsule));
+        } else {
+            log.info("Client certificate does not match capsule(transactionId={}) recipient", transactionId);
+            return new ResponseEntity<>(HttpStatus.NOT_FOUND);
+        }
+    }
+
+    @Override
+    public ResponseEntity<Void> createCapsule(Capsule capsule) {
+        log.error("createCapsule() operation not supported on key capsule get server");
+        return new ResponseEntity<>(HttpStatus.METHOD_NOT_ALLOWED);
+    }
+
+    private static boolean isRecipient(PublicKey publicKey, KeyCapsuleDb capsule) {
+        try {
+            if (capsule.getCapsuleType() == KeyCapsuleDb.CapsuleType.SECP384R1
+                    && "EC".equals(publicKey.getAlgorithm())
+                    && ECKeys.isEcSecp384r1Curve((ECPublicKey) publicKey)) {
+                return Arrays.equals(
+                    capsule.getRecipient(),
+                    ECKeys.encodeEcPubKeyForTls((ECPublicKey) publicKey)
+                );
+            }
+            if (capsule.getCapsuleType() == KeyCapsuleDb.CapsuleType.RSA
+                    && "RSA".equals(publicKey.getAlgorithm())) {
+                return Arrays.equals(capsule.getRecipient(), RsaUtils.encodeRsaPubKey((RSAPublicKey) publicKey));
+            }
+        } catch (GeneralSecurityException exc) {
+            log.error("Error occurred while verifying recipient", exc);
+        }
+        return false;
+    }
+
+    private static Capsule toDto(KeyCapsuleDb db) {
+        var dto = new Capsule();
+        dto.setRecipientId(db.getRecipient());
+        dto.setEphemeralKeyMaterial(db.getPayload());
+
+        switch (db.getCapsuleType()) {
+            case SECP384R1:
+                dto.setCapsuleType(Capsule.CapsuleTypeEnum.ECC_SECP384R1);
+                break;
+            case RSA:
+                dto.setCapsuleType(Capsule.CapsuleTypeEnum.RSA);
+                break;
+            default:
+                throw new IllegalArgumentException("Unsupported capsule type: " + db.getCapsuleType());
+        }
+        return dto;
+    }
+
+    private Optional<X509Certificate> getClientCertFromRequest() {
+        HttpServletRequest req = this.nativeWebRequest.getNativeRequest(HttpServletRequest.class);
+        X509Certificate[] certs = (req != null)
+                ? (X509Certificate[]) req.getAttribute("javax.servlet.request.X509Certificate")
+                : new X509Certificate[0];
+        if (certs.length > 0) {
+            var clientCert = certs[0];
+            log.info("Got client certificate(subject='{}')", getCertSubjectName(clientCert));
+            return Optional.of(clientCert);
+        } else {
+            log.info("No client certificate in http request");
+            return Optional.empty();
+        }
+    }
+
+    private static String getCertSubjectName(X509Certificate certificate) {
+        return Optional.ofNullable(certificate.getSubjectX500Principal())
+            .map(X500Principal::getName)
+            .orElse("");
+    }
+}
diff --git a/cdoc20-server/get-server/src/test/java/ee/cyber/cdoc20/server/GetKeyCapsuleApiTests.java b/cdoc20-server/get-server/src/test/java/ee/cyber/cdoc20/server/GetKeyCapsuleApiTests.java
new file mode 100644
index 00000000..a7b1ccbc
--- /dev/null
+++ b/cdoc20-server/get-server/src/test/java/ee/cyber/cdoc20/server/GetKeyCapsuleApiTests.java
@@ -0,0 +1,435 @@
+package ee.cyber.cdoc20.server;
+
+import ee.cyber.cdoc20.CDocUserException;
+import ee.cyber.cdoc20.UserErrorCode;
+import ee.cyber.cdoc20.client.Cdoc20KeyCapsuleApiClient;
+import ee.cyber.cdoc20.client.EcCapsuleClientImpl;
+import ee.cyber.cdoc20.client.KeyCapsuleClientImpl;
+import ee.cyber.cdoc20.client.RsaCapsuleClientImpl;
+import ee.cyber.cdoc20.client.model.Capsule;
+import ee.cyber.cdoc20.crypto.Crypto;
+import ee.cyber.cdoc20.crypto.ECKeys;
+import ee.cyber.cdoc20.crypto.EllipticCurve;
+import ee.cyber.cdoc20.crypto.PemTools;
+import ee.cyber.cdoc20.crypto.Pkcs11DeviceConfiguration;
+import ee.cyber.cdoc20.crypto.Pkcs11Tools;
+import ee.cyber.cdoc20.crypto.RsaUtils;
+import java.io.ByteArrayInputStream;
+import java.io.File;
+import java.io.IOException;
+import java.io.StringReader;
+import java.net.URI;
+import java.nio.file.Files;
+import java.security.GeneralSecurityException;
+import java.security.KeyPair;
+import java.security.KeyStore;
+import java.security.PublicKey;
+import java.security.cert.X509Certificate;
+import java.security.interfaces.ECPublicKey;
+import java.security.interfaces.RSAPublicKey;
+import java.util.Base64;
+import java.util.Collections;
+import java.util.Optional;
+import java.util.Properties;
+import java.util.UUID;
+import lombok.extern.slf4j.Slf4j;
+import org.junit.jupiter.api.Disabled;
+import org.junit.jupiter.api.Tag;
+import org.junit.jupiter.api.Test;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.beans.factory.annotation.Qualifier;
+import org.springframework.web.client.HttpClientErrorException;
+import org.springframework.web.client.RestTemplate;
+import org.springframework.http.HttpStatus;
+import static ee.cyber.cdoc20.server.TestData.getKeysDirectory;
+import static org.junit.jupiter.api.Assertions.assertArrayEquals;
+import static org.junit.jupiter.api.Assertions.assertEquals;
+import static org.junit.jupiter.api.Assertions.assertNotNull;
+import static org.junit.jupiter.api.Assertions.assertThrows;
+import static org.junit.jupiter.api.Assertions.assertTrue;
+
+@Slf4j
+class GetKeyCapsuleApiTests extends BaseIntegrationTest {
+
+    // read hardware PKCS11 device conf from a properties file
+    private static final Pkcs11DeviceConfiguration PKCS11_CONF = Pkcs11DeviceConfiguration.load();
+
+    // rest client with client auth using keystore rsa/client-rsa-2048.p12
+    @Qualifier("trustAllWithClientAuth")
+    @Autowired
+    private RestTemplate restTemplate;
+
+    @Test
+    void testPKCS12Client() throws Exception {
+        KeyStore clientKeyStore = null;
+        KeyStore trustKeyStore = null;
+        try {
+            clientKeyStore = KeyStore.getInstance("PKCS12");
+            clientKeyStore.load(Files.newInputStream(getKeysDirectory().resolve("cdoc20client.p12")),
+                    "passwd".toCharArray());
+            clientKeyStore.aliases().asIterator().forEachRemaining(a -> log.debug("client KS alias: {}", a));
+
+            trustKeyStore = KeyStore.getInstance("JKS");
+            trustKeyStore.load(Files.newInputStream(getKeysDirectory().resolve("clienttruststore.jks")),
+                    "passwd".toCharArray());
+            trustKeyStore.aliases().asIterator().forEachRemaining(a -> log.debug("client trust KS alias: {}", a));
+        }  catch (GeneralSecurityException | IOException e) {
+            e.printStackTrace();
+            log.error("Error initializing key stores", e);
+        }
+
+        Cdoc20KeyCapsuleApiClient client = Cdoc20KeyCapsuleApiClient.builder()
+                .withBaseUrl(baseUrl)
+                .withClientKeyStore(clientKeyStore)
+                .withClientKeyStorePassword("passwd".toCharArray())
+                .withTrustKeyStore(trustKeyStore)
+                .build();
+
+        var capsule = new Capsule()
+            .capsuleType(Capsule.CapsuleTypeEnum.ECC_SECP384R1);
+
+        // Recipient public key TLS encoded and base64 encoded from client-certificate.pem
+        File[] certs = {getKeysDirectory().resolve("ca_certs/client-certificate.pem").toFile()};
+        ECPublicKey recipientKey = ECKeys.loadCertKeys(certs).get(0);
+        EllipticCurve curve = EllipticCurve.forPubKey(recipientKey);
+        capsule.recipientId(ECKeys.encodeEcPubKeyForTls(curve, recipientKey));
+
+        // Sender public key
+        KeyPair senderKeyPair = curve.generateEcKeyPair();
+        ECPublicKey senderPubKey = (ECPublicKey) senderKeyPair.getPublic();
+        capsule.ephemeralKeyMaterial(ECKeys.encodeEcPubKeyForTls(senderPubKey));
+
+        String id = this.saveCapsule(capsule).getTransactionId();
+
+        assertNotNull(id);
+
+        var serverCapsule = client.getCapsule(id);
+
+        assertTrue(serverCapsule.isPresent());
+        assertEquals(capsule, serverCapsule.get());
+    }
+
+    @Test
+    void testKeyServerPropertiesClientPKCS12() throws Exception {
+        var client = createPkcs12ServerClient(baseUrl);
+
+        X509Certificate cert = (X509Certificate) client.getClientCertificate();
+
+        assertNotNull(cert);
+
+        //recipientPubKey must match with pub key in mutual TLS
+        ECPublicKey recipientPubKey = (ECPublicKey) cert.getPublicKey();
+
+        ECPublicKey senderPubKey = (ECPublicKey) EllipticCurve.SECP384R1.generateEcKeyPair().getPublic();
+
+        log.debug("Sender pub key: {}",
+            Base64.getEncoder().encodeToString(
+                ECKeys.encodeEcPubKeyForTls(EllipticCurve.SECP384R1, senderPubKey)
+            )
+        );
+        assertNotNull(client.getServerIdentifier());
+
+        var curve = EllipticCurve.forPubKey(recipientPubKey);
+
+        var capsule = new Capsule()
+            .ephemeralKeyMaterial(ECKeys.encodeEcPubKeyForTls(senderPubKey))
+            .recipientId(ECKeys.encodeEcPubKeyForTls(curve, recipientPubKey))
+            .capsuleType(Capsule.CapsuleTypeEnum.ECC_SECP384R1);
+
+        String transactionID = this.saveCapsule(capsule).getTransactionId();
+
+        assertNotNull(transactionID);
+
+        Optional<ECPublicKey> serverSenderKey = new EcCapsuleClientImpl(client).getSenderKey(transactionID);
+        assertTrue(serverSenderKey.isPresent());
+        assertEquals(senderPubKey, serverSenderKey.get());
+
+    }
+
+    @Test
+    void testKeyCapsulesClientImplRsaPKCS12() throws Exception {
+        String prop = "cdoc20.client.server.id=testKeyCapsulesClientImplRsaPKCS12\n";
+        prop += "cdoc20.client.server.base-url.post=" + baseUrl + "\n";
+        prop += "cdoc20.client.server.base-url.get=" + baseUrl + "\n";
+        prop += "cdoc20.client.ssl.trust-store.type=JKS\n";
+        prop += "cdoc20.client.ssl.trust-store=" + getKeysDirectory().resolve("clienttruststore.jks") + "\n";
+        prop += "cdoc20.client.ssl.trust-store-password=passwd\n";
+
+        prop += "cdoc20.client.ssl.client-store.type=PKCS12\n";
+        prop += "cdoc20.client.ssl.client-store=" + getKeysDirectory().resolve("rsa/client-rsa-2048.p12") + "\n";
+        prop += "cdoc20.client.ssl.client-store-password=passwd\n";
+
+        Properties p = new Properties();
+        p.load(new StringReader(prop));
+
+        KeyCapsuleClientImpl client = (KeyCapsuleClientImpl) KeyCapsuleClientImpl.create(p);
+
+        X509Certificate cert = (X509Certificate) client.getClientCertificate();
+        assertNotNull(cert);
+        RSAPublicKey senderPubKey = (RSAPublicKey) cert.getPublicKey();
+
+        RSAPublicKey rsaPublicKey = (RSAPublicKey) cert.getPublicKey();
+        byte[] kek = new byte[Crypto.FMK_LEN_BYTES];
+        Crypto.getSecureRandom().nextBytes(kek);
+        byte[] encryptedKek = RsaUtils.rsaEncrypt(kek, rsaPublicKey);
+
+        var capsule = new Capsule()
+                .ephemeralKeyMaterial(encryptedKek)
+                .recipientId(RsaUtils.encodeRsaPubKey(senderPubKey))
+                .capsuleType(Capsule.CapsuleTypeEnum.RSA);
+
+        String transactionID = this.saveCapsule(capsule).getTransactionId();
+
+        assertNotNull(transactionID);
+
+        Optional<byte[]> serverEncKek = new RsaCapsuleClientImpl(client).getEncryptedKek(transactionID);
+
+        assertTrue(serverEncKek.isPresent());
+        assertArrayEquals(encryptedKek, serverEncKek.get());
+    }
+
+    @Test
+    @Tag("pkcs11")
+    void testKeyServerPropertiesClientPKCS11Passwd() throws Exception {
+        testKeyServerPropertiesClientPKCS11(false);
+    }
+
+    @Test
+    @Tag("pkcs11")
+    @Disabled("Requires user interaction. Needs to be run separately from other PKCS11 tests as SunPKCS11 caches "
+            + "passwords ")
+    void testKeyServerPropertiesClientPKCS11Prompt() throws Exception {
+        if (System.console() == null) {
+            //SpringBootTest sets headless to true and causes graphic dialog to fail, when running inside IDE
+            System.setProperty("java.awt.headless", "false");
+        }
+
+        testKeyServerPropertiesClientPKCS11(true);
+    }
+
+    void testKeyServerPropertiesClientPKCS11(boolean interactive) throws Exception {
+        String prop = "cdoc20.client.server.id=testKeyServerPropertiesClientPKCS11\n";
+        prop += "cdoc20.client.server.base-url.post=" + baseUrl + "\n";
+        prop += "cdoc20.client.server.base-url.get=" + baseUrl + "\n";
+        prop += "cdoc20.client.ssl.trust-store.type=JKS\n";
+        prop += "cdoc20.client.ssl.trust-store=" + getKeysDirectory().resolve("clienttruststore.jks") + "\n";
+        prop += "cdoc20.client.ssl.trust-store-password=passwd\n";
+
+        prop += "cdoc20.client.ssl.client-store.type=PKCS11\n";
+
+        if (interactive) {
+            prop += "cdoc20.client.ssl.client-store-password.prompt=PIN1\n";
+        } else {
+            prop += "cdoc20.client.ssl.client-store-password=" + new String(PKCS11_CONF.pin()) + "\n";
+        }
+
+        Properties p = new Properties();
+        p.load(new StringReader(prop));
+
+        KeyCapsuleClientImpl client = (KeyCapsuleClientImpl) KeyCapsuleClientImpl.create(p);
+
+        KeyPair senderKeyPair = EllipticCurve.SECP384R1.generateEcKeyPair();
+        ECPublicKey senderPubKey = (ECPublicKey) senderKeyPair.getPublic();
+
+        // Storing clientKeyStore in KeyServerPropertiesClient is a bit of hack for tests.
+        // It's required to get recipient pub key
+        // normally recipient certificate would come from LDAP, but for test-id card certs are not in LDAP
+        X509Certificate cert  = (X509Certificate) client.getClientCertificate(PKCS11_CONF.keyAlias());
+        assertNotNull(cert);
+        // Client public key TLS encoded binary base64 encoded
+        PublicKey recipientPubKey = cert.getPublicKey();
+
+        if (recipientPubKey instanceof ECPublicKey pubKey) {
+            var curve = EllipticCurve.forPubKey(recipientPubKey);
+            var capsule = new Capsule()
+                .ephemeralKeyMaterial(ECKeys.encodeEcPubKeyForTls(senderPubKey))
+                .recipientId(ECKeys.encodeEcPubKeyForTls(curve, pubKey))
+                .capsuleType(Capsule.CapsuleTypeEnum.ECC_SECP384R1);
+
+            String id = this.saveCapsule(capsule).getTransactionId();
+            assertNotNull(id);
+
+            Optional<ECPublicKey> payload = new EcCapsuleClientImpl(client).getSenderKey(id);
+            assertTrue(payload.isPresent());
+            assertEquals(senderPubKey, payload.get());
+        } else if (recipientPubKey instanceof RSAPublicKey pubKey) {
+            var keyMaterial = senderPubKey.getEncoded();
+            var capsule = new Capsule()
+                .ephemeralKeyMaterial(keyMaterial)
+                .recipientId(RsaUtils.encodeRsaPubKey(pubKey))
+                .capsuleType(Capsule.CapsuleTypeEnum.RSA);
+
+            String id = this.saveCapsule(capsule).getTransactionId();
+            assertNotNull(id);
+
+            Optional<byte[]> payload = new RsaCapsuleClientImpl(client).getEncryptedKek(id);
+            assertTrue(payload.isPresent());
+            assertArrayEquals(keyMaterial, payload.get());
+        } else {
+            throw new RuntimeException("Unsupported PKCS11 public key type: " + recipientPubKey.getClass());
+        }
+    }
+
+    @Test
+    @Tag("pkcs11")
+    void testPKCS11Client() throws Exception {
+
+        //PIN1 for 37101010021 test id-kaart
+        var protectionParameter = new KeyStore.PasswordProtection(PKCS11_CONF.pin());
+
+        //Or ask pin interactively
+        //KeyStore.ProtectionParameter protectionParameter = getKeyStoreCallbackProtectionParameter("PIN1");
+
+        KeyStore clientKeyStore = null;
+        KeyStore trustKeyStore = null;
+        try {
+            clientKeyStore = Pkcs11Tools.initPKCS11KeysStore(
+                PKCS11_CONF.pkcs11Library(),
+                PKCS11_CONF.slot(),
+                protectionParameter
+            );
+
+            trustKeyStore = KeyStore.getInstance("JKS");
+            trustKeyStore.load(Files.newInputStream(getKeysDirectory().resolve("clienttruststore.jks")),
+                    "passwd".toCharArray());
+
+        }  catch (GeneralSecurityException | IOException e) {
+            e.printStackTrace();
+            log.error("Error initializing key stores", e);
+        }
+
+        assertNotNull(clientKeyStore);
+        log.debug("aliases: {}", Collections.list(clientKeyStore.aliases()));
+
+
+        X509Certificate cert  = (X509Certificate) clientKeyStore.getCertificate(PKCS11_CONF.keyAlias());
+        log.debug("Certificate issuer is {}.  This must be in server truststore "
+                + "or SSL handshake will fail with cryptic error", cert.getIssuerDN());
+
+        Cdoc20KeyCapsuleApiClient client = Cdoc20KeyCapsuleApiClient.builder()
+                .withBaseUrl(baseUrl)
+                .withClientKeyStore(clientKeyStore)
+                .withClientKeyStoreProtectionParameter(protectionParameter)
+                .withTrustKeyStore(trustKeyStore)
+                .build();
+
+        Capsule capsule = new Capsule();
+
+        KeyPair senderKeyPair = EllipticCurve.SECP384R1.generateEcKeyPair();
+        ECPublicKey senderPubKey = (ECPublicKey) senderKeyPair.getPublic();
+
+        PublicKey pubKey = cert.getPublicKey();
+
+        if (pubKey instanceof ECPublicKey publicKey) {
+            capsule.capsuleType(Capsule.CapsuleTypeEnum.ECC_SECP384R1);
+            // Client public key TLS encoded and base64 encoded from id-kaart
+            //recipient must match to client's cert pub key or GET will fail with 404
+            capsule.recipientId(ECKeys.encodeEcPubKeyForTls(publicKey));
+            capsule.ephemeralKeyMaterial(ECKeys.encodeEcPubKeyForTls(senderPubKey));
+        } else if (pubKey instanceof RSAPublicKey publicKey) {
+            capsule.capsuleType(Capsule.CapsuleTypeEnum.RSA);
+            capsule.recipientId(RsaUtils.encodeRsaPubKey(publicKey));
+            capsule.ephemeralKeyMaterial(senderPubKey.getEncoded());
+        }
+
+        String id = this.saveCapsule(capsule).getTransactionId();
+
+        assertNotNull(id);
+
+        Optional<Capsule> serverCapsule = client.getCapsule(id);
+        assertTrue(serverCapsule.isPresent());
+        assertEquals(capsule, serverCapsule.get());
+    }
+
+    @Test
+    void shouldGetRsaCapsule() throws Exception {
+        var recipientCert = PemTools.loadCertificate(
+            new ByteArrayInputStream(
+                Files.readAllBytes(getKeysDirectory().resolve("rsa/client-rsa-2048-cert.pem")
+                    .toAbsolutePath())
+            )
+        );
+
+        var rsaCapsule = new Capsule()
+            .capsuleType(Capsule.CapsuleTypeEnum.RSA)
+            .ephemeralKeyMaterial(UUID.randomUUID().toString().getBytes())
+            .recipientId(RsaUtils.encodeRsaPubKey((RSAPublicKey) recipientCert.getPublicKey()));
+
+        String txId = this.saveCapsule(rsaCapsule).getTransactionId();
+
+        var response = this.restTemplate.getForEntity(
+            new URI(this.capsuleApiUrl() + "/" + txId),
+            Capsule.class
+        );
+
+        assertNotNull(response);
+        assertNotNull(response.getBody());
+
+        assertEquals(rsaCapsule.getCapsuleType(), response.getBody().getCapsuleType());
+        assertArrayEquals(rsaCapsule.getRecipientId(), response.getBody().getRecipientId());
+        assertArrayEquals(rsaCapsule.getEphemeralKeyMaterial(), response.getBody().getEphemeralKeyMaterial());
+    }
+
+    @Test
+    void shouldGetHttp400() throws Exception {
+        // constraint errors should be converted to HTTP 400, see GlobalExceptionHandler
+
+        String txId = "KC123"; // too short tx
+        HttpClientErrorException ex = assertThrows(
+                HttpClientErrorException.class,
+                () -> this.restTemplate.getForEntity(new URI(this.capsuleApiUrl() + "/" + txId), Capsule.class)
+        );
+
+        assertEquals(HttpStatus.BAD_REQUEST, ex.getStatusCode());
+    }
+
+    @Test
+    void shouldGetHttp404() throws Exception {
+        String txId = "KC12345678901234567890"; // certificate provided and passes validation, but capsule not found
+        HttpClientErrorException ex = assertThrows(
+                HttpClientErrorException.class,
+                () -> this.restTemplate.getForEntity(new URI(this.capsuleApiUrl() + "/" + txId), Capsule.class)
+        );
+
+        assertEquals(HttpStatus.NOT_FOUND, ex.getStatusCode());
+    }
+
+
+    @Test
+    void shouldThrowUserExceptions() throws Exception {
+        // unknown serverId should throw exception
+        var client = createPkcs12ServerClient(baseUrl);
+        CDocUserException notFoundException = assertThrows(
+            CDocUserException.class,
+            () -> client.getForId(UUID.randomUUID().toString())
+        );
+        assertEquals(UserErrorCode.SERVER_NOT_FOUND, notFoundException.getErrorCode());
+
+        // test network error
+        var misconfiguredClient = createPkcs12ServerClient("https://foo");
+        CDocUserException networkException = assertThrows(
+            CDocUserException.class,
+            () -> misconfiguredClient.getCapsule(UUID.randomUUID().toString())
+        );
+        assertEquals(UserErrorCode.NETWORK_ERROR, networkException.getErrorCode());
+
+    }
+
+    private static KeyCapsuleClientImpl createPkcs12ServerClient(String serverBaseUrl) throws Exception {
+        String prop = "cdoc20.client.server.id=testKeyServerPropertiesClientPKCS12\n";
+        prop += "cdoc20.client.server.base-url.post=" + serverBaseUrl + "\n";
+        prop += "cdoc20.client.server.base-url.get=" + serverBaseUrl + "\n";
+        prop += "cdoc20.client.ssl.trust-store.type=JKS\n";
+        prop += "cdoc20.client.ssl.trust-store=" + getKeysDirectory().resolve("clienttruststore.jks") + "\n";
+        prop += "cdoc20.client.ssl.trust-store-password=passwd\n";
+
+        prop += "cdoc20.client.ssl.client-store.type=PKCS12\n";
+        prop += "cdoc20.client.ssl.client-store=" + getKeysDirectory().resolve("cdoc20client.p12") + "\n";
+        prop += "cdoc20.client.ssl.client-store-password=passwd\n";
+
+        Properties p = new Properties();
+        p.load(new StringReader(prop));
+
+        return (KeyCapsuleClientImpl) KeyCapsuleClientImpl.create(p);
+    }
+}
diff --git a/cdoc20-server/get-server/src/test/resources/application.properties b/cdoc20-server/get-server/src/test/resources/application.properties
new file mode 100644
index 00000000..d0179203
--- /dev/null
+++ b/cdoc20-server/get-server/src/test/resources/application.properties
@@ -0,0 +1,28 @@
+# Spring configuration file used by Junit tests
+# https://docs.spring.io/spring-boot/docs/current/reference/html/application-properties.html
+# The format used for the keystore. It could be set to JKS in case it is a JKS file
+server.ssl.key-store-type=PKCS12
+# The path to the keystore containing the certificate
+# See copy-keys-and-certificates in pom.xml
+server.ssl.key-store=classpath:keystore/cdoc20server.p12
+# The password used to generate the certificate
+server.ssl.key-store-password=passwd
+# The alias mapped to the certificate
+server.ssl.key-alias=cdoc20
+
+# Mutual TLS/SSL
+server.ssl.client-auth=need
+# trust store, must include CA cert that was used to sign client certificate
+# See copy-keys-and-certificates in pom.xml
+server.ssl.trust-store=classpath:keystore/servertruststore.jks
+server.ssl.trust-store-password=passwd
+
+
+server.ssl.enabled=true
+# enable TLSv1.3 only
+server.ssl.enabled-protocols=TLSv1.3
+server.port=8444
+
+spring.datasource.driver-class-name=org.postgresql.Driver
+#DB is managed by liquibase scripts
+spring.jpa.hibernate.ddl-auto: none
diff --git a/cdoc20-server/get-server/src/test/resources/logback.xml b/cdoc20-server/get-server/src/test/resources/logback.xml
new file mode 100644
index 00000000..66f58e30
--- /dev/null
+++ b/cdoc20-server/get-server/src/test/resources/logback.xml
@@ -0,0 +1,46 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<configuration>
+
+    <property name="LOGS" value="./logs" />
+
+    <appender name="Console"
+              class="ch.qos.logback.core.ConsoleAppender">
+        <layout class="ch.qos.logback.classic.PatternLayout">
+            <Pattern>
+                %white(%d{ISO8601}) %highlight(%-5level) [%blue(%t)] %yellow(%C{1.}): %msg%n%throwable
+            </Pattern>
+        </layout>
+    </appender>
+
+    <appender name="RollingFile"
+              class="ch.qos.logback.core.rolling.RollingFileAppender">
+        <file>${LOGS}/server.log</file>
+        <encoder
+                class="ch.qos.logback.classic.encoder.PatternLayoutEncoder">
+            <Pattern>%d %p %C{1.} [%t] %m%n</Pattern>
+        </encoder>
+
+        <rollingPolicy
+                class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+            <!-- rollover daily and when the file reaches 10 MegaBytes -->
+            <fileNamePattern>${LOGS}/server-%d{yyyy-MM-dd}.%i.log
+            </fileNamePattern>
+            <timeBasedFileNamingAndTriggeringPolicy
+                    class="ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP">
+                <maxFileSize>10MB</maxFileSize>
+            </timeBasedFileNamingAndTriggeringPolicy>
+        </rollingPolicy>
+    </appender>
+
+    <!-- LOG everything at INFO level -->
+    <root level="info">
+        <appender-ref ref="RollingFile" />
+        <appender-ref ref="Console" />
+    </root>
+
+    <logger name="ee.cyber" level="trace" additivity="false">
+        <appender-ref ref="RollingFile" />
+        <appender-ref ref="Console" />
+    </logger>
+
+</configuration>
diff --git a/cdoc20-server/keys/README.md b/cdoc20-server/keys/README.md
new file mode 100644
index 00000000..d89c1638
--- /dev/null
+++ b/cdoc20-server/keys/README.md
@@ -0,0 +1,27 @@
+
+### Generate server key store
+```
+keytool -genkeypair -alias cdoc20-server -keyalg ec -groupname secp384r1 -sigalg SHA512withECDSA -keystore cdoc20server.p12 -storepass passwd -ext san=ip:127.0.0.1,dns:localhost
+keytool -exportcert -keystore cdoc20server.p12 -alias cdoc20-server -storepass passwd -rfc -file server-certificate.pem
+openssl x509 -in server-certificate.pem -text
+```
+
+Add the server certificate to the client's trust store:
+
+```
+keytool -import -trustcacerts -file server-certificate.pem -alias cdoc20-server -keypass password -storepass passwd -keystore clienttruststore.jks
+```
+
+Gen temp client key store and add it to server trust store(to be replaced with cert from id-kaart)
+```
+keytool -genkeypair -alias cdoc20-client -keyalg ec -groupname secp384r1 -sigalg SHA512withECDSA -keystore cdoc20client.p12 -storepass passwd -ext san=ip:127.0.0.1,dns:localhost
+keytool -exportcert -keystore cdoc20client.p12 -alias cdoc20-client -storepass passwd -rfc -file client-certificate.pem
+keytool -import -trustcacerts -file client-certificate.pem -alias cdoc20-client -storepass passwd -keystore servertruststore.jks
+```
+
+Add TEST of ESTEID-SK 2015 (test id-kaart issuer)
+and esteid2018 (id-kaart issuer) and server trust store so that id-kaart certificates are trusted by the server
+```
+keytool -import -trustcacerts -file ca_certs/TEST_of_ESTEID-SK_2015.pem.crt -alias TEST_of_ESTEID-SK_2015 -storepass passwd -keystore servertruststore.jks
+keytool -import -trustcacerts -file ca_certs/esteid2018.pem.crt -alias esteid2018 -storepass passwd -keystore servertruststore.jks
+```
diff --git a/cdoc20-server/keys/ca_certs/TEST_of_ESTEID-SK_2015.pem.crt b/cdoc20-server/keys/ca_certs/TEST_of_ESTEID-SK_2015.pem.crt
new file mode 100644
index 00000000..bd666aa0
--- /dev/null
+++ b/cdoc20-server/keys/ca_certs/TEST_of_ESTEID-SK_2015.pem.crt
@@ -0,0 +1,37 @@
+-----BEGIN CERTIFICATE-----
+MIIGgzCCBWugAwIBAgIQEDb9gCZi4PdWc7IoNVIbsTANBgkqhkiG9w0BAQwFADB9
+MQswCQYDVQQGEwJFRTEiMCAGA1UECgwZQVMgU2VydGlmaXRzZWVyaW1pc2tlc2t1
+czEwMC4GA1UEAwwnVEVTVCBvZiBFRSBDZXJ0aWZpY2F0aW9uIENlbnRyZSBSb290
+IENBMRgwFgYJKoZIhvcNAQkBFglwa2lAc2suZWUwIBcNMTUxMjE4MDcxMzQ0WhgP
+MjAzMDEyMTcyMzU5NTlaMGsxCzAJBgNVBAYTAkVFMSIwIAYDVQQKDBlBUyBTZXJ0
+aWZpdHNlZXJpbWlza2Vza3VzMRcwFQYDVQRhDA5OVFJFRS0xMDc0NzAxMzEfMB0G
+A1UEAwwWVEVTVCBvZiBFU1RFSUQtU0sgMjAxNTCCAiIwDQYJKoZIhvcNAQEBBQAD
+ggIPADCCAgoCggIBAMTeAFvLxmAeaOsRKaf+hlkOhW+CdEilmUIKWs+qCWVq+w8E
+8PA/TohAZdUcO4KFXothmPDmfOCb0ExXcnOPCr2NndavzB39htlyYKYxkOkZi3pL
+z8bZg/HvpBoy8KIg0sYdbhVPYHf6i7fuJjDac4zN1vKdVQXA6Tv5wS/e90/ZyF95
+5vycxdNLticdozm5yCDMNgsEji6QNA1zIi3+C2YmnDXx6VyxhuC2R3q0xNkwtJ4e
+zs1RZGxWokTNPzQc3ilGhEJlVsS8vP624hUHwufQnwrKWpc3+D+plMIO0j3E+hmh
+46gIadDRweFR/dzb+CIBHRaFh0LEBjd/cDFQlBI+E8vpkhqeWp6rp1xwnhCL201M
+3E1E1Mw+51Xqj7WOfY0TzjOmQJy8WJPEwU2m44KxW1SnpeEBVkgb4XYFeQHAllc7
+J7JDv50BoIPpecgaqn1vKR7l//wDsL0MN1tDlBhl3x7TJ/fwMnwB1E3zVZR74TUZ
+h5J49CAcFrfM4RmP/0hcDW8+4wNWMg2Qgst2qmPZmHCI/OJt5yMt0Ud5yPF8AWxV
+ot3TxOBGjMiM8m6WsksFsQxp5WtA0DANGXIIfydTaTV16Mg+KpYVqFKxkvFBmfVp
+6xApMaFl3dY/m56O9JHEqFpBDF+uDQIMjFJxJ4Pt7Mdk40zfL4PSw9Qco2T3AgMB
+AAGjggINMIICCTAfBgNVHSMEGDAWgBS1NAqdpS8QxechDr7EsWVHGwN2/jAdBgNV
+HQ4EFgQUScDyRDll1ZtGOw04YIOx1i0ohqYwDgYDVR0PAQH/BAQDAgEGMGYGA1Ud
+IARfMF0wMQYKKwYBBAHOHwMBATAjMCEGCCsGAQUFBwIBFhVodHRwczovL3d3dy5z
+ay5lZS9DUFMwDAYKKwYBBAHOHwMBAjAMBgorBgEEAc4fAwEDMAwGCisGAQQBzh8D
+AQQwEgYDVR0TAQH/BAgwBgEB/wIBADBBBgNVHR4EOjA4oTYwBIICIiIwCocIAAAA
+AAAAAAAwIocgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwJwYDVR0l
+BCAwHgYIKwYBBQUHAwkGCCsGAQUFBwMCBggrBgEFBQcDBDCBiQYIKwYBBQUHAQEE
+fTB7MCUGCCsGAQUFBzABhhlodHRwOi8vZGVtby5zay5lZS9jYV9vY3NwMFIGCCsG
+AQUFBzAChkZodHRwOi8vd3d3LnNrLmVlL2NlcnRzL1RFU1Rfb2ZfRUVfQ2VydGlm
+aWNhdGlvbl9DZW50cmVfUm9vdF9DQS5kZXIuY3J0MEMGA1UdHwQ8MDowOKA2oDSG
+Mmh0dHBzOi8vd3d3LnNrLmVlL3JlcG9zaXRvcnkvY3Jscy90ZXN0X2VlY2NyY2Eu
+Y3JsMA0GCSqGSIb3DQEBDAUAA4IBAQDBOYTpbbQuoJKAmtDPpAomDd9mKZCarIPx
+AH8UXphSndMqOmIUA4oQMrLcZ6a0rMyCFR8x4NX7abc8T81cvgUAWjfNFn8+bi6+
+DgbjhYY+wZ010MHHdUo2xPajfog8cDWJPkmz+9PAdyjzhb1eYoEnm5D6o4hZQCiR
+yPnOKp7LZcpsVz1IFXsqP7M5WgHk0SqY1vs+Yhu7zWPSNYFIzNNXGoUtfKhhkHiR
+WFX/wdzr3fqeaQ3gs/PyD53YuJXRzFrktgJJoJWnHEYIhEwbai9+OeKr4L4kTkxv
+PKTyjjpLKcjUk0Y0cxg7BuzwevonyBtL72b/FVs6XsXJJqCa3W4T
+-----END CERTIFICATE-----
diff --git a/cdoc20-server/keys/ca_certs/client-certificate.pem b/cdoc20-server/keys/ca_certs/client-certificate.pem
new file mode 100644
index 00000000..43c38b1f
--- /dev/null
+++ b/cdoc20-server/keys/ca_certs/client-certificate.pem
@@ -0,0 +1,15 @@
+-----BEGIN CERTIFICATE-----
+MIICWTCCAd+gAwIBAgIJAIGzuV1v0kYtMAoGCCqGSM49BAMEMHQxCzAJBgNVBAYT
+AkVFMRAwDgYDVQQIEwdVbmtub3duMRAwDgYDVQQHEwdVbmtub3duMRcwFQYDVQQK
+Ew5DeWJlcm5ldGljYSBBUzEQMA4GA1UECxMHVW5rbm93bjEWMBQGA1UEAxMNY2Rv
+YzIwLWNsaWVudDAeFw0yMjA1MDIxMTQ5MjZaFw0yMjA3MzExMTQ5MjZaMHQxCzAJ
+BgNVBAYTAkVFMRAwDgYDVQQIEwdVbmtub3duMRAwDgYDVQQHEwdVbmtub3duMRcw
+FQYDVQQKEw5DeWJlcm5ldGljYSBBUzEQMA4GA1UECxMHVW5rbm93bjEWMBQGA1UE
+AxMNY2RvYzIwLWNsaWVudDB2MBAGByqGSM49AgEGBSuBBAAiA2IABFR25IttEoB7
+fwzJi5KOaVMTNrfGgXlC/SilElVubX8hmGL4orYq/oP5jP6dERD7Fnw4XUk7SQgr
+j70moX9K+3CISafQVEvEjhhgljBLV9jSiZuB2twrkmBN7ihLGig7e6M9MDswHQYD
+VR0OBBYEFGZcVZHppMn0R9RJOpYYE3VbPnz6MBoGA1UdEQQTMBGHBH8AAAGCCWxv
+Y2FsaG9zdDAKBggqhkjOPQQDBANoADBlAjEA3d+oUUShWb2DHPpyIY4y6/Fk25ow
+Dy5oHThaRh5/6GY0APVFIp/kd6lm3fY/JmORAjAO7+sHJ2fsUzNq5o1cPK65roDJ
+glqz1a3PNEiYGQJhduVaJ5Qqu4GeyxmWr4oiw+U=
+-----END CERTIFICATE-----
diff --git a/cdoc20-server/keys/ca_certs/esteid2018.pem.crt b/cdoc20-server/keys/ca_certs/esteid2018.pem.crt
new file mode 100644
index 00000000..eb0d1fac
--- /dev/null
+++ b/cdoc20-server/keys/ca_certs/esteid2018.pem.crt
@@ -0,0 +1,31 @@
+-----BEGIN CERTIFICATE-----
+MIIFVzCCBLigAwIBAgIQdUf6rBR0S4tbo2bU/mZV7TAKBggqhkjOPQQDBDBaMQsw
+CQYDVQQGEwJFRTEbMBkGA1UECgwSU0sgSUQgU29sdXRpb25zIEFTMRcwFQYDVQRh
+DA5OVFJFRS0xMDc0NzAxMzEVMBMGA1UEAwwMRUUtR292Q0EyMDE4MB4XDTE4MDky
+MDA5MjIyOFoXDTMzMDkwNTA5MTEwM1owWDELMAkGA1UEBhMCRUUxGzAZBgNVBAoM
+ElNLIElEIFNvbHV0aW9ucyBBUzEXMBUGA1UEYQwOTlRSRUUtMTA3NDcwMTMxEzAR
+BgNVBAMMCkVTVEVJRDIwMTgwgZswEAYHKoZIzj0CAQYFK4EEACMDgYYABAHHOBlv
+7UrRPYP1yHhOb7RA/YBDbtgynSVMqYdxnFrKHUXh6tFkghvHuA1k2DSom1hE5kqh
+B5VspDembwWDJBOQWQGOI/0t3EtccLYjeM7F9xOPdzUbZaIbpNRHpQgVBpFX0xpL
+TgW27MpIMhU8DHBWFpeAaNX3eUpD4gC5cvhsK0RFEqOCAx0wggMZMB8GA1UdIwQY
+MBaAFH4pVuc0knhOd+FvLjMqmHHB/TSfMB0GA1UdDgQWBBTZrHDbX36+lPig5L5H
+otA0rZoqEjAOBgNVHQ8BAf8EBAMCAQYwEgYDVR0TAQH/BAgwBgEB/wIBADCCAc0G
+A1UdIASCAcQwggHAMAgGBgQAj3oBAjAJBgcEAIvsQAECMDIGCysGAQQBg5EhAQEB
+MCMwIQYIKwYBBQUHAgEWFWh0dHBzOi8vd3d3LnNrLmVlL0NQUzANBgsrBgEEAYOR
+IQEBAjANBgsrBgEEAYORfwEBATANBgsrBgEEAYORIQEBBTANBgsrBgEEAYORIQEB
+BjANBgsrBgEEAYORIQEBBzANBgsrBgEEAYORIQEBAzANBgsrBgEEAYORIQEBBDAN
+BgsrBgEEAYORIQEBCDANBgsrBgEEAYORIQEBCTANBgsrBgEEAYORIQEBCjANBgsr
+BgEEAYORIQEBCzANBgsrBgEEAYORIQEBDDANBgsrBgEEAYORIQEBDTANBgsrBgEE
+AYORIQEBDjANBgsrBgEEAYORIQEBDzANBgsrBgEEAYORIQEBEDANBgsrBgEEAYOR
+IQEBETANBgsrBgEEAYORIQEBEjANBgsrBgEEAYORIQEBEzANBgsrBgEEAYORIQEB
+FDANBgsrBgEEAYORfwEBAjANBgsrBgEEAYORfwEBAzANBgsrBgEEAYORfwEBBDAN
+BgsrBgEEAYORfwEBBTANBgsrBgEEAYORfwEBBjAqBgNVHSUBAf8EIDAeBggrBgEF
+BQcDCQYIKwYBBQUHAwIGCCsGAQUFBwMEMGoGCCsGAQUFBwEBBF4wXDApBggrBgEF
+BQcwAYYdaHR0cDovL2FpYS5zay5lZS9lZS1nb3ZjYTIwMTgwLwYIKwYBBQUHMAKG
+I2h0dHA6Ly9jLnNrLmVlL0VFLUdvdkNBMjAxOC5kZXIuY3J0MBgGCCsGAQUFBwED
+BAwwCjAIBgYEAI5GAQEwMAYDVR0fBCkwJzAloCOgIYYfaHR0cDovL2Muc2suZWUv
+RUUtR292Q0EyMDE4LmNybDAKBggqhkjOPQQDBAOBjAAwgYgCQgDeuUY4HczUbFKS
+002HZ88gclgYdztHqglENyTMtXE6dMBRnCbgUmhBCAA0mJSHbyFJ8W9ikLiSyurm
+kJM0hDE9KgJCASOqA405Ia5nKjTJPNsHQlMi7KZsIcTHOoBccx+54N8ZX1MgBozJ
+mT59rZY/2/OeE163BAwD0UdUQAnMPP6+W3Vd
+-----END CERTIFICATE-----
diff --git a/cdoc20-server/keys/cdoc20client.p12 b/cdoc20-server/keys/cdoc20client.p12
new file mode 100644
index 0000000000000000000000000000000000000000..7bd88c71f8e0179638cdbd9122f90e55930262c4
GIT binary patch
literal 1330
zcmXqLV%1|}WHxAGxxvP%)#lOmotKfFaX}NyNtPy-qd?(<22G3}C{m1;EKQ82Kw(25
z)@9>{>f+&IWLnU8)}Zl}K^j~=E3ZMMfdzugW1!6<l4#V-_O0K(@O)8(yFk&FT(!KY
z7fej*0!)kw20UyW5c8NgSs4su**Fv0JQ!1%Ss1lg1bkAB=Kj2@^EWL)W@FDq15K8M
zzyGd;D7BOwTqphWz&2$+o`3rU%4cp-SS0Xii(kkp^9=4E-pV%@)F{k*Y~Aj(#Nws*
z#T~2H-$|IE7xnVY@9I6bA}>3#3;IkFN-?=He_GhZO9tjgIk<c4vL{q+v3+>@D665L
zfhOGXoFaxYa#9S*3@HrxK+=f8fI$~X=P+b4q%!0&lo%)?l!_XPun2`@=B6qbnwc7!
zSQ;6cnHgJJ7&I{#!WFTzEofp+0t&@3F){$DaD)sap&&fknxE7A^6osNjR*dVO=B)l
zEm+w_Oc3e?30)O8KhiYy=|_jgBWD*hG%-E6bmruB-^R_E=BJ<eiEOW_E<e7-PAZE@
zx6v$DYtml5$Z0QK-^Xo_`@y$K?D>!8n`!5zmYkgvEnZ}~Y0tZj4O`VtpKI2C@<goT
zz_C>&VrI?~Cl|0x%ggsz=NrmfcY5a0yF#0!V_te0%UK@Km(?w?nXqY@peoCauk%{E
zLyK(wKhAXC9LV<Pr%TxGQzqLFzML;(cAzokuetpzwqD)8Th&|oJoX2dRK=y9X9*X5
zmLQ^Uw(af1zB>w~=a+73Ff(G>o%=R^{dX~qVDSr%z5k?{7AdYOYL$1`9xh_abKCZQ
z^1nnW`wI>&N7lPvvEnk4`><~5t68rjj&6_IQ}N|x+{@-8nT!He_g;JxxTzB?Y3P`g
zF~i5k`8qe_IWF~oPgft#h}hkc8gl*SqK$Jbljr&g9`+MW+Ix5*kMh1L4@@L4AFTbi
zNUeGE#e%=d3xBNtsXe7}Z{@A+?mqv|-jz02(r^Es+&U?Q_2o*3u2QXSue5fp>Uh#`
zvFnx7cikmwrB~zCAFK_Ccs6mZkoRHt^m#{FeuaI^5L)Vg%{5hPud(r}2b(RsnCI`2
zaw|2OK3DRKlu1@!$C-C=My@x#Km0n}t+RNdrs@l~O>3uqUA=fR<EkezVh1)AG$pSU
zkPT*=S(hdwyzl-bjdR}uRoBfd{9NM_&7*s}@zR%j2Swk!3V(O-@RRFbm&SAW-7}eA
z{wrRA{jmGj({>wUtD|*v?WFJgv09`TUMVgVt*D~bvHG9||M|Y>>Q`TOTQ2i;SH95G
zIJ=RtFm{HP!ET;+=jB5$UpsrJM)AS>(2!RLj3h2!ah(yh%kbs#Fm^wwS=*+Vsus3?
zy!H82*#4@v`CrWhb{5TT-+Hq}v-LsG`<SNYkI5gN7)UP)tSVge$j?A+<AyVDs~q(1
zJ1pir!CrjC!NmGf#>rP7p8GAIx@_*clet$4N~Wq#|E4E&?6vJL>kpmT@w4rYJa^qO
zk!$9mkHTy6So-fC-?rN0%)9afQ%mRNoH6h<Ff`zWmn2M#tPCs)9x<_(1z44Sg^AB~
zFgeq>|4=$hi-^|$E%IW~MGL(}`dLKY>|S=7A?^FFyw$hL{Qh5`xq&^A2b9GC3`R33

literal 0
HcmV?d00001

diff --git a/cdoc20-server/keys/cdoc20server.p12 b/cdoc20-server/keys/cdoc20server.p12
new file mode 100644
index 0000000000000000000000000000000000000000..ad7bd1e4f55c85198322d633db0991b4fdb0e86a
GIT binary patch
literal 1316
zcmXqLVpU*bWHxAGImO1Q)#lOmotKfFaX}NyZk8sN?Lgtp22G4sC{m2tEKQ8+Kw)Jd
zmS^LJ>f+&IWLnU8)}Zl}K^j~=E3ZMMfdzugW1!6<vh_lNKznBLk*D)t)v`0sYCp8)
zw=olwx&RZSf&mX32gE!kPF4m3SvJmuHV?*BW)?;*7J(Q8*EySds@7j}5H#HwmYdI#
zU>E9|!SHL!g;fWBeDb-{Ua_M&Zqg0u8*I@YbNn{GJNh{G{I63=QW@XNqYh-aS)NMe
zjxn;GdHrN_?%9}KTOH0Rtt@_^I!!^zL~Z)lcHbE;(+<p)ah@;o_lMoh*9InPHzf@n
z45Z<X=M*vIljC7XW=LVk2a-k%1_p`<Nl`-)7NL;L+*AcaGgCtoOG6VAb7Nx*gC^!e
zxFUA81x?IJK%qD$Mg|}ij*wv_6li;w&gA{=v2sqX-=~J3PyRRZDRtWt6KE&CGfP-R
zdWOk<o>jBbrT9`q6Vrn)2m3Z2lA7tZSbO(3qld1JANKxvHt$!3@R44g=cYg2vM)WS
z(;a!e@11>#Mx4c?)fsnJGiOQ7>b4cXda~)-mw3B#|AYC1b$?lExWtwUPCjAjAG2<4
ztM1iviZ(N^R^4Q4yi(%wJ8Vv_u&wQ!$z?Zd(!=)t;BwC{PZLS2a0xz~b=OU@VSDSx
zvr~6!<jK!jsoSly#?AaeLC765PDTIN9j2djR@Xh6Cvb5Jk7(ZVtLoN_PLKYkMsLhg
z>R5B6`SR(xQ2|HZ+-cF|f90BMvZ^^U?6J#)7}ElF1|I*Pa}M2S?{9haDJ0s%aKe_E
zHiz<+Cj8~;+I!OQ^4!}j&hk22WL23io!X}0#Q(MCnAHl;^yLooqF0tryzF~2>$up8
z6{l+sK03u(ec9*r&BT|Nv;Oqn*=J^+|FE>Q-1m_2|FE!=Y=OtDo36d&d$vN(E?(vB
z=^xizl%!erpYh(Frj#T5Z}IJ<YLSy0Or;`)SbZK>_!`cb<goJK)XE2M3P1TSxYc(%
zscyIZ^%$@B>x1_%`M2rz{ifn23`{k7y9(0^-<QU&Ja}4C(8AP9VIJo#v#C?AoHyK8
zV{>AP&or|i9<BGiG&B!f6?|)6>H0Kgs%LYGN6C-GwpqNLg*A-khfMYVwC%o{dG^ZB
z3n3hx+N|-6FLfdfm0x^h+qC=Hjm(gZJS%>hmCBVB2A8|H>Q4Hb{i6SZO~ZLU>411{
zwflZcb~;S)nN`J8zb0&1U+8Mxz_Yp$eQ`%+I&-;|GB$l&b8o$f@6>tK)1x`RbxDcb
zJKMCJ|KVci()HDGI|6b760_D`QDxuW)KKo;)b(w@hLqWX*ehW(1rLN>-1^DcXlcmY
zM?rH#PrT)Ko@-)n`u+08cI8j0w-#$ZGj)D7ZQAqu^#_$FF)S10b51|a;?~TZ|I*(x
z`$zl(=O<?mzO8$;_26;OKkelmAFtnMT_jkwN1n;O;iGuj6LryK<I?8sV&5)5Nq2t6
zQIgi|wqi=AZLxu`fuR8}yzF3NWMyDcFkM-D!+rgF?vE+o9iCMiZd+xUGet^$8`q<k
k69T0koBU=GQTm=z7rFd%eCW|g79mB|m^kJ`%RpHS0A@`nqW}N^

literal 0
HcmV?d00001

diff --git a/cdoc20-server/keys/clienttruststore.jks b/cdoc20-server/keys/clienttruststore.jks
new file mode 100644
index 0000000000000000000000000000000000000000..27b765779f8d46c5948f3fae90160b9c9f69b2a3
GIT binary patch
literal 982
zcmXqLV!p)0$ZXKWT*Jnx)#lOmotKfFaX}MvE=v=0CQvvPh!YV~Y(S|XppYLEBLk3f
zN60W5q`^6?yatg576>knfi{bXm@o4(PMs+R&zIaeAUS2eggR5wdL|}y0VYNT10FUG
zh~-S2tPBRSY@7*g9*n8XER0$#0@IE)<feD_mVK7#b*_GXM!TVj=>ogL*UT9iyPWd(
z{_1;SV)#Zv@$hD|dp}B^ggfLOef`7y$p+_hwoEJ5-R|sJS$jF}RPp+`Pu;~ke!Tl~
z?BB^x!RvM<AKq&Cz|`~cyVL)Fh+OFEmfklvZoh&KGmpWAo#*;Da~iWwFq*WKN%~vJ
z+x%}=LmeZV{_QQERI_21$ia6FN8Kmv_dopf-|@PR+jcwtv+x$2{HiitCgjf}i|m;D
z+ulm+Z;;}?B|e?K-6Ug?+p&kqQgdGY5_bApR#0et_{;llZ!xa@3+m3OG&p@VW>6Cp
zy^-{~RO6iC=W{b_S07JhTvKT^Md`uaW7j_I{>!=ikyd)0oA{2K1q~<VzST6bEKTrO
z{wX{^)+boaO>#D`dd}mnhT9XvWF3}q70vo{YqIvwxpgP*FRhb2{;?|T!gZNVTp6#|
ztEYYl<_u9tf0=Ie<MQ-i55dVBWR8ifc;^+S?DzHk5>BUCMT!PCXY4O+Hs9y&dhoXO
zoo#bpwHPS9da(CP?9MgKUE#~#dHP=dm9)HD;n%^iO-2ec)T+uKh_D`8vcqPYLFw<<
zGyOSMJFa+eT!>V6{BcL<d_H^9?qgop9_rQ!bES34*9Bku;}n>*Z-ckl&q8-g7d!9g
zuQYfUSY7{>eeM!>Xhg|U!%UtxH%$7j8GM;pdNy5I$z;lOFR#yD#;@+$uxEOlQZcN~
zHN0o>^p~ty?Vg2A6^jCF@|=<kBV(fcW}Z@<U0fgj<=ty-mw2TWSLW^!w^?B4kvz+l
z!%ynypUeC0+>4Hv8ytzyYr1tp#>FA%u+P<qy)$<ickwKfytytX<KZjQgSuZUx@4k4
zmkZBz73}eOb}eFct?E-Np--x@Ke=i<r?zE1;QqYD<%6_d_h-$Vmq*?l^VCtev-akz
z@5$S0Z!oI(*<CbZC=ORIbbRquEjn}FHRX@Krb?!)&*d1jCth~j*yMKMAx}f@vfzxp
z?-*ON-{(xUf2Ae)biuR!_cMPhpEB?@Ff`zWCwnGFRt6RY&Ka)PI-k}2S)FvUr|F>B
w|F_*Uv)4_&ul9d~@qC`6Czx17%-N@J=2rS~Hpol6{7hN8-Dd9G9iS`)08Picg#Z8m

literal 0
HcmV?d00001

diff --git a/cdoc20-server/keys/rsa/client-rsa-16384-cert.pem b/cdoc20-server/keys/rsa/client-rsa-16384-cert.pem
new file mode 100644
index 0000000000000000000000000000000000000000..13f2c63d2ed38df9b746e5a2ee7f101f37c0ee1f
GIT binary patch
literal 4488
zcmc(hWmgo8)`n;3?oMe31coj_1Q|M{hwhRVq`RdNN$Kt(#~D((ySoHQX;A7s&xf<#
z^AFy&Kizv>_gZ`HPZv0pI2;^`?U;{>0z^T<27E4xrg?moGy%rPz~+oph`hxI0`buS
zU{^j|Fg6CN4jKk2inTQ#5t!iLfJKU_<NU$d#mo7>8%$D6ZF5IQduL}pGBC-%3=S!-
ztdE7YyR)^2y`}koIo$til7mVA<xolSG_~Ho;1gDU;bHyJ1I$2)&(F`t2NwHhgoT6*
z{)qzr6aODB3dLgn-?sqK0jQx^gaB|T77j`%77&2&?BcwFa4Gx3DSbdbyc)5_fEb_5
zK22S@fa3>7vN5eVT@-AT)OSvnAI<ma{aOeer7%*2iU{&oG?xma5c`;g%aa4}FvR`m
zJ~Mdip8^b8H<XsWZ>yUS0d2+y-eAHgiwyMUA3kvOK)X9^Y%8oYzv6}rNLSST051il
zf%orzN*5_Hw1kH#Da3cpDberjj-0Lra;!_{o%I_{-#l&A{-PP@*SXrZVUI&er1voF
zn_8D!@}|#q#amC@g#~UBR#Eg}$XCBR(8k4y&fM;lk;w_eLeCll(KtzN+X$q1;L^Pf
z^<Tu~Nc3Q}WvEGk{VH$xU$q94eU|AKv$#Jv??)~NZQ{;9#1ASI)MaWXT6uD_*e5l+
zxyle#8pRV|$r?ISNA<9g)P#GAO}wUStvV+Iw*WMX_SSkulPW+SOg<zO6~tP?(ag2d
z(?7W#82Cnj22Fv7Z)Sj^blaEj$%!s8D?O4;30H+=AtiT;><Z`cU+FoMJWCYXh84wf
zy~6rcWfQRqNdA&S2YdK2>OOOdMwJbbN4D2o3nZ<tBJ<BV`CRw>kAyxeA{j`E%J;8(
zTAqA6C%iMLiQVw@Mar++L#zEk8d)opk26Z|SNhUeRI&bSvgSXzCyFVol#T>n7e2&q
zidF1!nP7Et@70oNL5I8etz=saXT9L7ylOpNDR(JK(7tc>>w@H^ghBZBW3OfPYBQqV
z@t<^5F}NK$%}`@|LWB+yC^a)LC%#O9>3CRzHz(pZ6tB5rf(&j(>qa09jsp4C?nBpe
z{pfoyJl52)+OIJ5Q)irwW{>vasRXGpbIaAgOvKbQ0}`9u0Hlr&krN&(4t<}J$QHkl
zdt<T^yWpWRn+GS*HI4HN(uP;YB&3}1KJh%-%$JN!vP?>HG#HcH!UfFsIYtAcVFtrq
zS3EtV!EXwkoAv!d@9~zAX#4tYltwv@9}m|~at)6rZ<=>wEA{5TS{4n6=--?1)d;oZ
zNy)vXY!B(t<9Ntbd%Dm-Xa5Aw*&V5x_M4t5YU2ic^Dy-}G=T>~oT=Z9@cG&odqo9`
zca`XOZ9ms#jFs<ixD))inN?=Sv%Aj@5=-Uc7CR_NOTm0|4w799)Sa#iFTRe4)^VGn
zgkf(57zc_L9&6|N?kNqZW|`M4I0Tjz58>d;XI#uIU{B^$@S{Wc67xTS{F4q7;T7@6
z?cT37*fCqOBqEvyF&Ij`7q^?eu}8yj&%-=(QNnN@N~*ox#Y4Oj=o|+Q&XyQYV=p|o
zY`%fN|Ex?9)Z(wDpPN}E;%dgNk+V2C(V>e&kGtM$#%Xdkl=l%0Y`L|r3Z#!-EftFO
zXIq!(dAWnTA98ndARDlTFI@-ekNdT`VbNL;B_so97w|8kDbw0HOz6IgEMNB5&6y8b
zYTgiL8H_FaX7S@sv|W#zfa7Zo2%_8iVmah0>j4eBB;vco_QlvVNS2sDT!1Nj-YF$T
zJ<K*l%Li%at2VM=!<UgV<Mo(TTjR;|Ml6A+7<8Z+c0e*g7rEF#s#j_y5`bE2Z{b>i
zyr%|5W9zvrqjljMV4YKmJ|=oJ!52+^88JUdbTbe=2&mt7EHqT~j-_$(n@~=sjP|Wi
z4S&R$5CU`d=Y^LAqWUDJ^+J8wCG=;b+3C0Di%CoCcbcZLGAB5n(b3|4<YjoM&Q0UP
zx^LE3lyiaE+Ln*^-<yD}I-ER`^);ABE5lLS4!%Z|)CgZ0-LuRisNZbRafxr_591o@
zfeQY+P!AoXeT9c1llKwKipou`luq}?S}+g*nSowVa#=yyklb|jgHl10ohjKyEJ3%3
zen?mKQL8L*WV4IQWHvC(ki>H5T~o-_%OQY}9QN&bDEY|@m&tN~8APSnf{3G}oEycZ
zeBCzL=QeN2;dHd0V+9}9x}~E&prH>CB|9ZyCJ~1b%ChIw5spQ2XZ?l7irnYBP%Db+
z*X6g{{rQVv+j@H)CSn0~r#_n)fPPx<qn&!^g&)VZD_{4Po@!zXtZqkX^1^uE5}I@{
z-VE(@?sUvu=b)QfGOW#kXepk!Uh%SvMEU=IZdfZJbSQZO;A=2ovC&)*N|~V(bs{~8
z9rokeTX6|sSD3r385jz)H11n2XPPb3IGNk5nlHOlDH4Ur>Ii-FZrM6j*0NRD<GE>4
z-mgVgC6uZKA&fCWXHRLt<)t93P5zz@@fL2AWR+9yM8nOM-Wi~XcD*25WNW+WdJ3wO
zi!ntE3~^C>c#-_RW()PMbtP)F`m?(MgqV9l`m`-2c*p?m4#Fj#{)X(JBXPqv5mxqG
zocnlmVbGOB!i<BEvRemh*XzoLr=#tv0nX<!;=gh%>&r=QfT<wosfB4O!}^7Iqr%IF
z9+$JUfbd2Zn~&Yz5zA(Z`Bq|;xOC6wN&>K2a%x|efagm@lwsFPiHGItwN>BR_>#n2
z7cKb_{Min#%8XvV5f;hv5Px~LJkW<5PbD5H8qdSE&(_~)isbPZJsMjRi19m;;qf7_
z<8apUdSegOXs5<Kd<2tTH1!u0g-Te;06@J{h+o6k(*uFASZJN;R6JG!Cdu-=9pstX
zuFB;apmmx!9gx2N5V^35QCj^YX~dG`_itcGcY3FUaLPL!=38+R<Hy(U-JVYh{Ju!P
zJ7>Na*(Ai$C3RA8w5E`dT^I#J3Qa@&`KRn0Kg}8BGmsl<YyBpXk}c7lC9%&&K?MSU
zMND8uF#SJ5Lr;K4fkr0Cqrc}?s-&P^xU^=JSRwo<5@+<k67i2){UZ@TfL7jBn_pNh
zYF4fHY2VILU=EM1qJi@(SfFrQbYn>hK}^ujJBP*U7GfIz<@?XLK9{+y-R<J>`)3gp
z<q^RXqqezo+C}_TE2p}vaD!}ZjF$yV<1=e~`HOL*3<N}}6!IG>^`F)YyI_e?XZ8A}
zRBbA~$&4uCGEanWxFDQY&qN`XmDW^IvY6k;jJ$}<iAxdTHPfoqdJUA~gClBrT?{No
zp~|{GmdPUBW(oS{7AB;*_s`FRUnI5VUXn6I7?`ZY&55d0vAoi6pOs_u#%$)w{!Qnu
z=cv!dv|-8l-HKNx-TCq^==Y&?rg6E|p4vIau0z*rJVE9$`KL#JqInr%e4s=wqh*dq
zhLu9L1xnk>Z)62b7Aby*^W5es*1##U6o&ao#c`_=ax<iP!62k`ksp$_`9oZXPux7L
zE^OJB^RdTebiWfz-xugkXo)Fv$iGf?5n1{I(3wWCee#fr<Zz{x`i?$?#bj3%q7Oea
z9zsRGfws*L2Mh+xnY_d#SjO@Lvh<U5JkYK>+9}<Oe<_%yHqA>GOLwdBI`6Z9OlN*d
zljCjJZSNFw71*(}I<G-0<#v65Idw~3l8fQx6J7p<>$=Jwzj%4mK4xDriYnLhwdg}u
z%r@~>67tYfd$_2G$~D!b#!<BuFxgmBG1I*;zYCOLgsp+x!HP8tg_)hNXa|)-iM@VZ
zedBW?dSEwFop~MnR?xl|^oB&$1T|uDF%Z}Nq3S#-o=u8gyyT1dlT3Iml1dLgy0h)t
zE~USI%}`OPFhgf(#1`EmNj8)|u^Cv}*ruwS&K1xGSLzJQuWQ+m%{%{$${DH@`t!DC
zzug;qpm&?sx$#Y$_@e{so7*OONh=nC+V%y?d7Ep!==sKnBAnWL-{2x#`?*u*p1*fN
z!_q9%M4)z<1S>(rqu&hGs#S(&trMNV3TZ5c7h(z-`Sp9|<vHV5l#?k5sQc}vsU>Vy
zNOLHSdGe?588-1R+pyaPrKzOd4WF)A0#68c^+Pcx%pb-H0OZ&rx5j0H!rU(CEKk3p
z-S)dxElp2|iJgCLHqq6|(PTQM&HWSVN75trDp5I`cF8)98{*2Wl}JB2AVQWo!^k$Q
z43w6Z`=i!`(goF;*?~NFoO#9iZi}X!FnH~C3PN7;WjFca@RE*`Er(bYBe){9B78wV
z77B*b^d{7C@?4%PR&iz@mcDcBh=dYA1CN9zFnRp6?zl>LpLewMEOA#W@6&pia?_`L
z{8KQkIi3@9sS1Gmm0oolL@(N6ZMnTdtq`)^qD)Rh*1B_TR94mI`(%T7png1KbA^-_
z6{1YzIg_<}jh!R6OyNTMNyKoP1j+S%YA@Tl%V?XQ)#}b_P4@jO>-k0>#Z)#B{fNc<
zUg-1PdJtVruc5q3?4M_`N6a_9%kPfIJ3Yjcv0vS$UCo!Ner9{E6NYbJkLzzrnRPmh
zDWhwHs;>~RPn4?XTq5d9B|I}b`*ha+5v0JB_{CDpOQ}T)s)U!d1d~c@J-P`54|V+{
zJcKc$Cyi0tc$y*!FOiLD1+=A~0FquOi6L^D;`jcfGD*k5fr<~w-W5Y<Ee%VyJvLlt
zBdDAq9xtoz42Om@;*h)px{(QJ(vNv7%2A?9P`woXfSElIUSH4g@CQr!J_AnI04jiM
z!serTZ>uDXG0ej=<;vEzv~QfcRP!0)>e}$4Z!(JKL&F=wiK5Kq+&slFhVThsvqbiK
zBh1XZB(wF^ZvRHn-0J*1Bt-m_B6&yRhX*i7p@RV5;8Ggn2zr8kqP^#^wf-}2_nkxI
zR%uDi9PlC&Sl``U-})JiG|ZVU2SFDfqWBugq5A_w4ccq_^_D(<zotng7QXw$#E|%l
z+#9^`xB3<vi^hwt4daN4M8h=LOp4G_8+Q+|u@I45N)c{Jt&#c=`ho}H9UN$;m+bAt
z<Ile|4(%_KIcv_B-s%*J{}8ZvAA?;ckl#(_nA<zBBF&%9-{4!-aKIwE>}5uo#_>1c
zRtn)$FB46^mJ$^}@rkif*n?JAKEjg$W!mHT%UjackIYJc%2`a`ccDKOEl5abm-Vpj
zb&MTM`K54=mZ<8(T8O9&YtPaVlz76T=XagDR?uUb9)GaOcEV11Es><AFS!@nF7A5Q
zhcv=)l`q~mc-cR(D)>-hCJ$yVd29WD!(s%OPZyN^e)A8Vw*0Wcr6mwcGG5+F7-Y0T
z3bKe*hNnoh+_$e?ryGdDDXE|Nm~M($CdXjT+6S506<y95{^SYt>WWu(=n*I}vBi}L
z_OSab42a?zRL`P~>y0JZ?l@UHoN$GkZ;Mf-&4<L*Tpy%2+JpP4F${jyE!G#)?vY?N
zA_(jJFEj5R$JXg?;feK~@@Zd^)VW~|)javX7#NsowyH{dCCWCsxsOZYn?xC0x7!%~
zIPAYD(DbU<tX3d6iCGv-B>u9i{N-r3$O=0=x|3oSG#s&fMH|TL)E`E)8JaY&fW!w)
z$&9U3nmM~s*laMnzU^<|%3_2F%^zH}+$cM}EgLP<kx_oYE5rR!4_{IV^^;LeeR8MK
zdHOkQjvd)wh9{YRPVaGpm{W~|A7z;c58{$)rWR8AofZ#h`BaUF2pkW$TjTR~0IlW%
zwqFkw#f;n=RWXP@c4NRwhEzGNz=Zvx!{iZ^QFR}Cj#l9=G%~DEG`$|8e$2>|fxnf?
StifXacQ_POqJkTK8UF#zbX`yY

literal 0
HcmV?d00001

diff --git a/cdoc20-server/keys/rsa/client-rsa-16384.p12 b/cdoc20-server/keys/rsa/client-rsa-16384.p12
new file mode 100644
index 0000000000000000000000000000000000000000..2b8b161654f63477b692ae8d7bab85d956ae577f
GIT binary patch
literal 14424
zcma*OL#!}N(6)JO+qP}nwr$(CZQHh=W81cEpZ}fA<ohzKnMJ44cOmITFRJTmh9C|V
zAV6S-AogD{NUAW2us2vhaKM5f_B)Uu_N)KoGln2izW<ktlpZ9Al=?rJ{J%vE2L1nJ
z!9W256$FtCFa(kGFqr*M1}H3pCIiR+ZebXxK~S1I7HxC#$ql6ZSEkpvCuRm38<c>6
z$Ps`52^e6&ApY-)K#-sS47gyB24NC_robS8R3He;RDE(t<_r&DoR}{`v?v}RK_m(j
zFdxZmS7cp@q?`F+mY;r&Z9qPr!Gjwn-L%)6LQ)VkT(li0rn1gJ0S6SD9N&kF8FCMO
zVYRVb+a_}HlNO(>_IkDoTXBh)K{JQwu%*L{HS?Q}3u0_L6s_zcp;GG#9NMesA@L>J
z)Ufvdx&}e{fg&leW71WBZM4!Uq~!}i!s`c}&sJ?*nLfyZJIwG7<35qG`FN0tgdK-r
z1029Mii#i8f^J!>2hztfMD0LBt$cZs%2X~FDxwLiUk#)^Z8|-u&{RmhY&PB;odz7>
z*N}@pe7Z%_JvDy6-s^6bVkym?Z?}Uv`WN}5e-VYXc3o(}>$C9-SArc~++l_q<#ZT!
zdyl9rf^@r}n}Ch+B;?#tvvveJ2+iZKRI1{5^6fV25P>8Yc-=|TBJ%pGhXJi7Rk}`&
z)#rA0oP@HY(B{pDa-RP?3_CGsh!LXyGo4eUL2c$mH~&iMx)!mGi{KOY#c5_`d!?op
zSbTwLv#-g#e~V~-c`ac5_km)Wa)l2g`tmjPOv}75x^sePy@vBN9MxyZ2v(k@zvwz{
z9@8WmE~=!FfkrbZvciL1-fnk-hf1qLr_i%&NXLdFqiAu%S!Nx+NV<L9b=x&TQsG&>
zww}m9mzdmST|0D?ghyBfT04Ue1t@;-CVY(%t&etn=><$|xp?h*&R500z;7o_sy$WO
z2QS6JnQI<i<k8TMiph`TBtZ~FOGn3U397sTs=BJerk#J`S(1_ffl)_Q-)>#)oUHdP
z(8hu~gbQA={X!Bcr77xw!ZgZa*VdX;^&}8I3wo=RGw03f9(pH>-fk-n26M>eUpE&)
z73iyovUr{MU%=nH_$d=DQl0y&u=xhaOWjx=Rxt3ei4q?T4$tBzFI+b?*yJjL`Xe%}
z+PVQN?b#kwC~2!iwd8`BgcBo-Or<bbQJ!8v-SmndymKbNZ_5ZqHdjh|E>QVz917}i
z;E+oWI4UbZ(;z(|SL8A~O)$o?<6_22X8-Sro$xgXf9erw)YqDQ&<D-m)g?&C44a0u
zu(`1ad0-G~+`VR$Lz?`WZ9S#pb{p-{fl2R47(YOR@qYU>Gn{wAGqeiy7BUpQFiWpY
zz$mUajlr^*gC@q#oqAZV=p^M^woj2d)0pFY)EWSL+WsAnn3hJx(m#3>OlfY2q^oaF
zMNt-$YZA%H;et7xJ2Nmugq}S#*Zbfhuz!qTGm^%?I$4dHPCUza0n@V{u=@hq9?iJu
zm7<s7T)d7SK3p2_at4+hq9k+GW<Q(lJ26AbK?zF1|6Ua4qPducR)J8q^c^VWQm?Sm
zxKAA^hYdbvCE1%d)Z?w$412J#BLf!Gz3co)FSP<QV%N%3GhA?-ADdy*rf?4P1)l;u
z7D=IFtPU-J8wYQkA@jl8Ij4B*<xQPb8A_nXNhevvRF2i$AD@a3>)$Oqx3f}<8U+5z
z39!7>G(K}BMjal0h%BC&+wgD#hienKxdOtq^fj^KmL{bNb!Gz^Z_S)=aGC9Gt+#rc
zMCenkL!j>H)QrR-Cm}w*>T&h%5TULjkISLo^xg)Ezgrg!#}~sC?kMyg49nBjO5X8t
z=lZXzs=zMzU^8KX<GH}#Okx+0W@+*PL3qU^E%;7JamoSfa+@&vL;Q=Aqn6fgLG)N!
z%3A|BgnHSx{TFqH6)W|DGqA}JztY%Vf<JifPH36q+N_fCzPfKBtcm$$LZJqt<>zMI
zTMg6@**tq9&5goC#AD`7395PwFY{#uWow953d!9)iu`=u9_>x(2R=e6d)=tAa#xbZ
zr%<CM6_<M%Q_fftlYqJhnlph)imku`J!s4Mc^3@tB;h6j`8`-&3*<nbAh||;a%+H^
z$S}^bynA^56(;w)E|pU}(-GSjGaONIEih=w-T&hD$uwI31ax}(b9wRh*E0tXyztTf
zyBa`S)|>$(Mkeh!?6)nVkOHRmqW?G}!;4npR&ei7WRL71QQj+#^u$={QR7}?Xe0Nj
z$r8+g&BKP)U7UX#Q_=;ePs&rk&F2*4+^@rTX1%A{E{A_gTx@fM@f@6JfMYiWuD+iB
zm5lkjO3f&wj7@G^uv#Lcy*tt~UxTN&yjL(j(?K0<m3+~NqdExgg0eIL?HEY{D0S!J
z^vrqDFxVjv`bJ&joM;H>+qt-%spq#pEbkf#FnZwAy7a#ib^iMMW_3Scd-yA4w}C<W
zZBeC?H2H}I55cMldWPR7I}n<QmCdeO4p5r0rm1Uh26+;s@I$uDmG*JHkq;Ww5olmt
z^huQ&Lldej;znE}Pnw3|Lwpv#{cX3sZ86inF|Bw+Pkt2enw1it35;q=>m|+VSQ<s^
zOis<smD|fp0stD<@mU%KDK;z@gVd8t43+-Nmt|udni~+sBx5@QY+AIO;8~KqtYJt*
zH1J~JA4XvcTO^|CsUb=YFPpws<3oH2<a*LC^LC<1iQFeC0P>rwOzNhbr#%zmDWzD0
z8WWE=S=$(YjY?U&OA<?hc^&<tMC`a9Nqyj|pn%{N^GkFeKQ!ivavv!=wx^=4RS(L;
z9?b9z#%>8`EBB%am18F^A|yqp0aWNKq+(LIYB2iEwKb{|4C1^xW+r|DUvR=k*#hL@
z880T&&4S;dXI3GI*?RMq{-8&#{fAVe!;^M<>K@M_njU>4#mVUcMM30p^ZO3m>CyuA
zS#gfV5&E8<E%a@njq-V%*xi5-Y|;=8Elg3G!@tG@hkb24QKp(kr2UrJPpj`o>s;4w
zdu+gVn(s1f1Z)hX=hv)7fGTMD$lVvHKtBf;c$?NG|5@bgv1Ld!W00dITkfbxnU|fh
zy%E=YQn7|a2#IA3X$j1(8t=kx^w9aw$LFfWbkA+6A-fLsfULBu-Rh5e4I%V31{#YY
zza$Fqgsj!8FEax6LU8^P5eL0gMqUnl<dZ&XH@`cT)2q$xbhkh(i*w{p++CdlJPgW~
z=nIkdmY?8Wfvsu3IaEorvu)M-E)9D3#o}i?mk;3ZIbEm8vUEWt^V~6a_M{kyWQ#|d
zfL|KAWdz)uZ|BDCd-gQsgn;xCPqW=injhcwXY;nDNgy*G4a=Qs&;(0%hVIr~m*vHE
zQ%;fS<7d3>OoW=Wx}bsiVtEO27@)@6K1Dql?RFO<xao8=hAlJi+5HRd*d=w3=VQUl
z1SUekvv>U~&DYLGa826Ej%a9Q<&koWVb3b~<`U6-PQs|RmknbWR453$I%nx_vDEQO
ztoR!lI&8vI<mEzRr7c#Pkid7jNR!!ad7$tp&9RA0oa5cut*cYMCQzjrSe)M)W%Hx}
zeIZN4Q@A@V2QXY;D?!MzysKSyxZg8z!of{s8L*dHQb`lt3Y0qR#vGd|(*G`It6a3x
zr0t}OEh&d;ADWL9K87{J$-WQPP3(<@IY${y6t!eu%B^t#8sHyr#<n-loeYK`9m-U>
zD~DXR76oDWgp<{19VR`~IMbo#fs1X!U~Ry=*r{`Dg+i7<n^lzLs&XbG*p(>Rb{F2)
z`qTINN%vZ!=g6`$2Z~{YVYSXjgc22ka!08qEliXk7M@`k(?jGe08~Xh%rsyjQd4XY
z-D(+OEpmsHz_uLgzZaG}n90M)Z)l0KFn-fC{YmG?px*?0DmHpF<7)u!Tw*zocU!YU
zgo!7wEu>s~L*X+!Z}0=KB8O#`_FWE~YT~G%pC-p-O_^qiCb0>FU5mu&m63+GPKM7T
z3xW2yfyD){ui|T^1`9HStg+n|Wp|uZXOX$erOM5SBdbal5ZqeM>({Tr>-o3WdW|C}
zf093g1{$2X7>wmr%K_6rA(?L4x(9MWUCw`P6`9rKyYKpWfzvRNV1w)^a;erQXdXht
z<ZLX)l2#4QfwHE?6uTax8^{<d%3?1M%Cor_@mhS^1!}0s1upp>P)&7)uYNVYjGwQR
z^Cfh^aA|2U!>P_$cB;94ux8f2a@JH<kH_EW3YByfd)<b^z45^yx{tvZMm#MoAQx&H
zg)m~rl_ltFL7P{T5s=bk;bVY~u>#I@QjI?@^4PT<3|N-YXQKpzOYA;Uu2rIyR7H+N
z9E`dzqHEvgnPpe%-D&xzDrz!`B6-kE-+^qaPKrPLl`neC4OKBm&R;t=EsRt0nk;Zk
zgOU}xB7D@rkxGMtOxga!CRUWN6QF7qFMmjZ)P%<T=y4zIH#Q}H!Z)McJYvXx#Wfk?
z;7#Xu!d_c7#W^QLGUq05-KB;qd+31{;NfCTsVK0~WhX+O8T=|1e;ouPMUi}YkMbk!
zEoX^FzexU^)b0GHF@#TNa;wD$OXFF*nP2^>1iuoLz@!&Wdco}Rmz&#MRx=J-Un3RF
zOY>77juC}%h&i7}&$D6~!BXhRW4ESyFeIZcF$s<ih_9=dk`_|dbDlqEz;x+XRRR^o
zIdqY8`EW=D=i$L~nD;z%Ec-M0>eVJ~+f}0>?uOy|iQuwiwyHux@Kd(s=KU$r!^5<Z
z7>csJ0a@2+@qY<#Vd;PYt`~_x*Jma?5f2c4v9YXA7qh|;!XXcRsziy+F6vhYhWPYT
zN=-SdQ>6<Z`F*Jvedwfs=FZxx(mml6eQkomnH&{xoYEAUu$4<$q$c84&Zsv*n^72O
z$9U+;jORNFOi-s)&M><`gn=qOlXCoI8iG67&&wFrlwT$tn^Pz>(>z-CoIT$TQy4us
zD_R?lN=k3PbFac&(0Am-7SA|Q(EEknNZlM#Yuj<7RdT_1j8%WtJ0$zK@1}T%c%78^
ziM>m*3d-XEdL|C{iRfi%$+}dS1FZaSBfrtGpAWdRB#X}s{0{n}>j}+G#WBxi!z>>;
z>j=9W4VtwYhk(bX`t3k&V(`=&-Lr?=T%(SB8Gq;{(Gi)oDBISAiM6+9y}#QIH>(qI
zU4HbsaYrZqg>Uf1#L7;sO<Rp%#dH$F#X*`ENfnbS&S1{|dl|K1XUn!p9~rF=x@j?=
zWANU28-2_|oCk(im>usEuv4@^B{RGORlm>BKx0!cUlLTLkkCCPpjs2=o1OX9MC^sI
z1;-ZtsQ{iwTgC^K<j<#LHOf@>rRZP5#xcA>SkTk1G<73#(LDTQN$4g>Z4~P?ah~0w
zPxu=({F_e<*3F%5m8)I_(&=Ip{bR+jxR=!u1v8`etJ&$mt(%?QAfBePcZw8&G@ka3
z-p6Eqq}CMIi3|jSo@dM>-HHlmcozcL^u_nRUGs0^Xe$$YyIzyVX_7r{+;M--&Lz|=
zI$kMn4_O$<D7a_ww;O2z0@b&a-7A|=Vd!;a^wAYPu^eBVR$euXEUiqBp8nx*{7XB+
zrcy5uino=&dPJvJKiM6ZDD!^#Iu*NRe%uoAjs(L6rY7k_5sDQ0@h4t^^n{r@I!XON
z(*BA2gY^_c`;~sdAyew$vfJCeS!R&V>1NFJ2H^JRC`uvcSE#WMvKIHN3fG5Ix!|TL
zeISI*6NDvIJNA8Z?F!C2kVzbkqqPz`3ir;LxQ`Y}RlLQ8Bn;-xxQPEc-;@NT?C1(3
ze=8>REac2;9p`Wjkw8bahMsbw&>3BKLmQZz@>J|laCxiLiwmI=j1d~NjcEJU(g+Az
zZS=qmoK42kUIo`!vwh^elaaN%%KV9~?0HVHo^82>S5;wu$9Vgrv6yQ1xYZdhz86_A
z7oS9-J@+dt<M_Iy?_qf>QHs#3ka-u@f?@Yitn2CAPRso@z15L-T6@gE(N{ww!m)?5
zYP^5B`v`?593ADR_IcTyKP_jpmI?HT_K~ck$-1y)1^47l^nxAYj8{uW7|jb2cvuD`
zD(K^<NqF-p`yXK1k&N8>3^8!M@(gHX{>7VUfC^dOP^+>vOvvq5XaJR|$ogz-GEEze
zuxgw#KOF=EdbIX_+?5mhoL`D626A;MWKeG<;cu}VbV~TwWVZFbU2a}zjn(e1P$s1m
zv!8iK2U^B^I!L7|C})3gY0<(2hA&-(r}U1t3C^qhD^B0BKdP%@julGCntw8Wxv5&R
z%j#U}1UGav#a}%z_(*}fOARJzq|T5G5am9+QqYLuUi*{5;nU-0&-`%OwK3T#u0A@Y
zg{vFa-_iGMupY;B{ry`OjGTDXgFu#j*%*_KS&_KoTvP6p_wTau);?=puVnwi2kDgG
zfHc?f^-3}x#QOb8kTgSYrSx6zf-l|FiR+m?_o8^y&%QNzMnUBj>;L=;F|!$EXwZvh
zF}2XUz-x!38(0QT@7W!PZ~*2n0v0B2#|}KT_I(!CEr;k6-7Ub!0p;a9V{=D~?Jhsl
z;`PW6Id7CxayxB~x^R7F6@I(OeoGj@S6&A1Sp~UjkGcxPrnL4GNHSOZwvDuCFNm@!
zs3ld1o7GHd?rCTy%vAYl-@>KSgKDWM-Y=+8-~90}l4oxyYcnDez+0Mp5(55C13l%4
zJx+K)y8FXzl6y_^6ee7r;&HqV%FL2rr7>`@FSUaFW*QT!pqd<M98ji$NV%~S4*eDu
z*pgQK(^k(qiYB0uz<S%MFR+7AJ3zW01nO|5z31TvtSUuo;;vr$FeW0$>t$nJQf77?
z4cldCO7f79D{nI$u+Ma(>R6$-IivLBu`d~HL>n&p;)B~+yg^;=ZA?79M~meHYK+N6
z$Zz6u!o(}s6c)>Zn8_L)0>;8<xh0cwxEf42!Q`~{#c<AghZnjst*3MkfX^m$*Q5b^
zunWQ`^>4T;96A%QF$kP^QC%;H>y~+H8mvK)b7_}z>ZC&%p#tda*>6xIcn+yAQiA{C
z+oQ-jy=_kDbP^0P^BitSSmH055Ot7Ob+{|iaQ(7C-4iX4bVw1CuJJ)@%x=yO-_JIu
z!{}Hb`SBnDDL@mKl=<qZ)wf5bj^e8SQ01IRR;mH?Hd^81W6-?@tC~QNf1x&_)JyI|
zmD08V>E*N63w&M2pokqk3cAw?P0~F8p8L&2x}I&>`cTix{X<55u_KaK6U?xe_}p`w
zX*-9@q&TzNK7Zc|9Q(r3{L7Noa=uKylMEwt<X%GstkbNycs|Qg!7sxCSlTZX187=l
zCQ4I-u)JVA`lhlq{$naPJgkvyYkAIKGEo0_fixb3C`Oi@vJ)#ZU>#5CRB!vUmqha(
zyH6Cps9t!#0pd9)pZENCnNo;;8CwS3%Qv#J)@O9SG0td<1OQ_^CY2SZ6y5CeF0js#
z4A!Y<{*Sv&!;pWwlER2Ws&!eraPnJ~-?U&q#6mnr_|0sMU0Due$_5!y{Qiv93L^%a
zhYKlX<^+qOjciPO(-y1INrgoe+s1ga-b)23AG%s%&PT5$yc~iJiH!xCf>OP<AaRO!
zHrp@vE1Ts_N|r?A<jHL>OZ%{qISSSb2`t(;wv(uy#Xa8!yK0BmFw1zqGA1eYw4^<Q
ze4+y@E}ycAve6-=S_P(N(KUfs*C!vXae-O%pC@Z~ExF<+2;&qnIQzn*3+_1BREV4Z
zE<a0_6|5LG740oLnmQ*OIE5BMeYP>X`wH(k&h6=)jDZV!o(Iuv0H;-_NjSNlcyJzm
z3%s}eJ-On3v1LtY&ajZOSboOUOOidxp(8E8f+_>_8j%sT+4+|4?H)d_(qQ!7<D~zd
z2n;@+FEGE(OI7@<^;*1iiqJhatdG-+2aK=N=4MgY$oNB%`wM2@bU0qjY_o~#+<vGl
zJl9CKA?QZ@;^I#KBMcxZ3zkTJ<h@qWxOkANavMs*Og#@mXXwa?#P4syW3B4_8Y7GU
zM^)os((hMyNrO~l7aShDV&8+nC~)51pwnk2M;&!>e%DleKGb|jYcS2~<4sqI?e!TP
zM=9q+=@@{+-(<G4+Fn<z=2!2>9At5hC5Ej(P$s5z5VYwni?zSz+efJ{?o?-f1_r@|
zjD^?U)T~9EEPhx%<&F1?pYCD|b1EgOh;n27mBH0IGRrRzJ}?=I7I=V?|MB@{ST$j_
zpwuyvZJQ<ED6fZ~9=WNLjIz}O6b;-=4*65~_`^Nd;TigNOp?Xv5<W6)mi~=0<(e#F
z?pq*Vd{eo^GLdq9NLSH4wdEek_ODf4>9&Gc1FWG7W9W6-*%Ic)>gUw2+)ZdWu->a@
z4#EH&Ys_|2V2YU@!h@yKht8&k;eb^dpj^rV9PR;EniXtzERE#n?1CVqhW6@vSBA1z
z0xw=R8Il_^87lwJ8d&IY$5(blU4_vdTbS;qQY^TkZC;hELjSM(c*dO_cF3?L!s?<@
z4JNkwj`?)0AXBpH+8%{56|l`(aE^ju8NSoSwf8(#&|nk5pV6e*Y(nZhO9LTwePFS&
zBDE?kwpA*_cQ>04xx|9>qvBPtU2p;YKO~HR?7Y)vJ1-?_NAO?S^N+}ojSm@9`jk4n
zIkwY+Q3MmDXJ-ZgI4B@O`@wQWqODMyF065jumHMxgU=#;4^vEN`Ff8055FcPD!Rs+
z1w@NwR@6@RSV%JwcDrxLv@p_}H{^#F)Qg5?&<$W)94!;~jTH~nZGR1y;Re~3I{tN&
z)uHoNU?f@iO=7<Q9C$!sq&%i%vCQrfP;58H0dVL<r3j1m;t}!h<qGk%R-QNf)z>D5
zTuY}pkHnJMdF|YWhG~blMwWNcXmsQqMT1qFB@_Coh+oU-KipcNQ9J&=m9V;PzXO<)
zQ+F1iV-t4~a@EByJ@q_Bwm`)idQ<mExp~+;&}Q;Xz5q_e`qQ)e8;!w=K;$U_3a%Df
zpp?R~VPELvppY}}-NfZ%3nd*Tns9?aJ<C+G^w_Fb8FI^`1bNHzvnF&|ezMxlvWj%2
zm+60LHYX1EH}dSn1zc=NrVYt#1bIDmR!y9NHHMt6VTTm;XY_BLaA^!y=#hdCpXm><
zDZM+#GWwi*aO}4D?VhSCP8sZ(D!J|ZR2w+a_ztxn{3^TCUiG<PIyY>1Fu2$N<?aq5
zc4)Z`4)`Vlhuzr`P2yC0q^Le!j=Ab?*1N&0DzpQK8N#7r`*0B86m0Z)BU@T^*i<cw
z_y~zmhNB9bKKHg=z{r41)(Nv68f6WBKHN31yuYz&T6{kIC+>FyuBLk!nQTndt|S98
z#0HSx=}O6_zKZrQujZb;tNsMaDhIEMgpyUMeP7)f0$wkPoA=a1E^ewY7!7k9MIaR>
zB5|(1>uJSQmrl!kWOW`?T!q9K+yu5nc1NjzzEiIXz<|c%A5(~UzcxZcW6@L}K0@LO
z>$feO>tda^YNHmOKv%x;)ItQZ<P4t%-}a@5B5(L*r~$<snK$APa%+xSgB4<)+ili9
z!HU@PzF(}IE)Gsa@tK%99uHTzmT2Px(rmKaIGFX>T_{XfNeR5h2x}z-UcmMc(!UCH
za)-MROS@1Ji_4&FGq@eYS=J@&5={!BIVU(DSx?~VMSYhZQOuxA-Dj_<JVDknyx7!`
zLixPp%A(+W5@;cD?JNpt-p&d@21()}x*oX{vg%q7R&mwIsCBoc1*o!Un$}HoNFL7V
ze$>zxo~=(W>IH1-kDS-;umt2m939qn;};3=%YD{xPx)2h(q(MX&!9^Pc%fr-tw$km
zm$4J^83i%hl;gntbt#XI0A=GlgA+sIkzLftD_)w*F`@0K_vQE72JQqt-*5OG^U>%w
ziep>*K&f7grguCX$`dabLEX1YOmJsyWDgxEvfw!Zb)!RL?3m(ZTbbc3W1CLt`8Q)c
z2%rXi0`GdZmeh%8&RYD#H*0NK0!3~^Yr;mL3XjJ8dTuKx0Cn4vvI_0!BC+?-Q6wAL
z_EgSACwGe7bf3OnXWT*1jEd<=zmA_pETq#Gc4P6rIe{?08R6;t<d>>vBiSo|Bsu#<
ztV%#bj`M>?ZQ(p!y#W3^FGi@Yl-^*4iZ|57UZ1f2X~o~VkNHEdbDT);HbmvB`GxC;
zwHbv)eiJLixc)N9Ec%g~9RA)XdA}*wg%{L~0{Oa%Zm25Ki`FlF(7-|6hdGc@4%orU
z^;lTKG$er*3O}Rm<h`oIIruCoNm>a#;F|UpKHlS$b4G4|br-2!_Gt<F+5l%hnz&4a
zhct6l5(${-45)CQj1?vSuzwNzO2b_j9p5jtibH{w>R(jkN!I60w>#=ZJuNZAw@4W;
z+Bs_V1kOY+={_HpnJaSV>^MhCH$t`XT*)(62H=Pbwy>)W<>=l6MnprLYcV>pWtmbs
zE0FlK#DLeoCa-d~KgM{pbJQNfRhvKw6ZO8kQ9F76shmKtx1{?as^PE8e_tZW@Y3?W
zLQ1|5=c7<S1(28x4GS{X1cAV>eIeo%yh|n7S$~}$5T2?0Hyem_=F$ph-+t1TFJJ`3
zBz21$qf@h`_eWk%EPvCrAGb4d>_y_{cSCe99dnD5`|a_A$2L1RBr<pHdN-Lq0Yr)k
zDfix^tR_fiK2@lQ&Gc0J7L&q%R0_|pK8h)_S03ywwdW*Z{IYT3z&H`&&x_)<SHp<#
z<C}x%W!}bJY6BJfJM(RF2WR^-ZqPG!gy^^8ZYbb$`2g%LDx@SuYl4-z-u$d;eAxGs
z0KpFW04LxE{5YkYP0SsX@h%N%Ty*c2wcmU$4iE_$$|yb8?Dt#)Y7*vN(0z#YqJmy&
ziPg${<5&eT*lS%5ltMDJw-?wu*W66Yjwr>X(|}ce_j1cu?`qc;NO|!rccn&`&-CNF
zZb)^mRxg~d=J~fD3528Xy=<4dw(Ml#__$9gr)T=@k8@*6w(CE8vrn+aYk9aU&#Sbc
zy9ig|MZ&K%Nl5I$I%~w4PV$O^oJJi`<cHx93QAypKaIYd+FO3bc7aw&ww!pTTPY><
zviN9BHAJ4ovqOF?)#i^I_p!Z(Klh{BJZiE2ec&i#FOjvqTP<M#G@$tS%^(Phe-x<n
z$w31NYiwfE4`vt#{RDMEPs84v>zkmS!5pc9#m#5Q%8;SazUC=jOE#GOzHWO$I93d`
zX)3U6qK*vmUQA!l*Vd(x8B8vXFmsMF7rdi>(1W^rO-c+WGu5Qr8yh*%0u>bXZ;=<h
z7FnWvp_}H1C8uD&awcSZ2jL`BOYX+VlLwl*)}xlV4GVDV&1v1}eL1MzG6Wd1u7^WQ
zHmHQ(=j~l$NROix#Ld()8_9%W4*-3`<M0jS<r+>WAqWhu?lX>@=1pp|{S^0bbC$m1
zyyOj9v7U#iO<q9$Xlfi`OG`E<=ejD~$aFA{Ts`RXhLs;}AF-ZFLXC5{Lx8?HX5)6r
z!FYrcwVv5}A}bpRfy27uF~0a&wR(m8cRhCQM&xBwU|)!K;4!uhC3oDl5W!Z{XDIJ}
zo)@Q+oV}PlgF32*yka$x9D~c0szIh{@<Vltt+u^61yZ&8Zw;QX-Y)OmAmFDb%nDQ8
z6%Kid-SuPt*<URnsv~HrmTL>2zt{tUkp{7HEGnZlZr8nLHDg02I0KU|C^`p%!el==
z(HC)2YV!3&Vj9;XGI3zo<P1}@IYhA0zD?3yn1Uh6jB?7ayE!yWyhb}iq7iJ4ganA{
zdrr1_)_?-HNzzHicp*e!s-dg78%XCCtm5RJ>T81loUPMvh5bIQDN8ME!#TYi(t45K
zc>=x!d)Jl<-h&quc7t^tQ0XbXO3?y&`WZSG2zFUWsP*LX=No%wYt;jE#v0_fQtg}M
z{U<7l%(ZFO@=bZj85*1}NGD@UBur$6WZ~{uW3Z5fBH%(!R-p#Epj}M{jEO3W+^5q(
zMTPL4Kyhn0Maz{o{lD&X+jp*6$>8iNWrtC02y@H;W`Eu$I$tQ=oI$sO34ROQq8Pa@
z!6j5QbKH;AH%=d|qh??{^rYFwXm$th(F#Bh=E+yX;HY&JFAA%n*H<oxX(&t$5q@y%
zShCN9LSR~zhj(PxMfT?QA0%ym7-!Oeym_wN!&q~zQ3_8%pEDguk^^y>mYg5Z4K_W;
znJW;3<zVK3OnBrmwld}1Tib#&_BHlfdxO`e;V7#<vub~xZ)W(M+Uy;<zSq^PFcisq
z+lE%atVNMv<C9HtbxF7Lr75}*j*}dDwQdRRj}X;(JTKPZ$uWJrUSb?_?9H}PI1Q<G
zx^TY(AtiFQbODmPB(2!%ld+**I*~9i)N&Z;z_$~Y;OcG{D#6p^{ww$I&iV@yM5%$x
zU$-qIv@77$0Z7}o5uSMoW*zqm<1W$4jIY2%R$#bYxNnCr30XkC!7E)$AMLAo%k5@J
zk7*)FCr}2fkSF14Jd#(<IS?RAdce=$knz{|O9kLY`s_$ldp__S_{$^M*%9(6{jMUA
zGMm#N<?_&Aj2-|N7MjsVeADNawO1ue1mQJaA&au8bc>r+-5}uTgt-MwtE>M2;ZtE9
z9OFTmy6b}(W^`x$z@Mj&k6Y#p&_iadA6GrGk1g-jO!0i;`Z38Gdo`m11NHylN{}dw
zcz8Gf#sD?|mH?&zb^tB_v;a;3&H#r0S?m84PX@yO4Mt@|0YOr+v^6DQWMgCJ<Y3`o
zWM$=KX9z+n{GT9ju!10@r2nKiAV7fsO!)tL0RO+RDc0f$T}T4n>nM{B7wi!h#iU=s
z`2RoHRE7UhXu38B#q(oelY@x9bU+XiLayo)NS-i#efN;wgnel7e-qf|q{dfwi%zvs
zIo(h<o+WVq49?hIU`;rnYmk(dscWiHO5J=LI|A?|osLWzJYUf8>v~-)#;QU{(FJKN
zL@v9`wBj$f6QSk1w@=j8+|`a=90qIt(l9r_0LDe$X*~;&Hm9nCJ+a{gIb#@2TrC&k
zPC1$_NzFF{ZcqdNI~W<@aqL#{6k97K#2aKeWxLChAfoKoX1oXK!Kx-~(s6LAf^<fA
zt}b{f;u%}O4~lG)#V&!5zj_;5h-p*ukY&n>Q7<f>p<>gJvsS4Y;^7rgS69u^i)-1+
zky@p8_#&rV-I9}5DXwUv_TMnNaQ6u5P|;ITqe@s!0AEA?lwNUIu{+62x(nzj_>C6c
z*X#LQqN;>C57!SL!~i3%DL=GF+Skw8nuBEH;nORdUou$-L7g)*ulQGPlJ(9sNiqCi
z!Cf1s=mk7Q^=$Jmpdxp3Kq{py_ARvLpxL0NF$)>rB2SQHP1VEAfVqMOlu6sXQhgmG
zG`l5i2|bNtH6g|L&Dj$U<5Ak&1HvmZb!(-Dujo?mBlF*mqS=VF1i6Ny6-Q!8V(7$J
z1NU)cc*)jbxjty0(V3wU<o!)bV00CMY(+-T_<W0cZT6DgB0)^fT})oG@*n8k>sO~$
zNQfWV=Sm#0IYY4%WflOj{2K3#%LEu5Bopl_3%Tz}1pj5urM_QIaL?vwXJ)=v-(zc-
zwX^MN-p;`AfEDN@H+BHEw>zy>F#0RdxuLYuAKg%0p6|{PfT#~)&FlV5HG)V!SQ)@X
z%l<I~FhGOk()!XaVZkljwwCnv>Y}}&(grRv{!Fzwczx+Y$!J`bv)s}H*ow{zZ}0uT
zpdnC-(O9{gE+EWQg+~EzGHAMlN0FfijME}i+??3=<`k1J)YiBU(OWo`>%E-Y7Lrm8
zx(dYp+K<l7LnBQ81(k{1v2F^ek9DyA7xAR{-|gJHo_a^o#QIbO!1MPf^7~Q-$C`hY
z*~rl%+4u#YeK=XPm}aU(R=ke2+i~fBipCu6`Px9C*!9lzzv9Ui_-Pij;qfG8T473W
zPtjaH{chalbF@zR`*hL84tJN!Nc~*f0_8F5xJKRoQC%YM`*E+_Q?UJ?YW!ikq(i4<
zr#(xQEyI0yp{{^xVmBTdYX&a0Zrwx)$0lxLCe4XV3ua;=_$5=BKL|FLT$HQ`cu*F$
zX{!%lPU9%%9-%bS*v)c$AkSFIDR_c44kTzvD9q|fVncY)H}F7|<u1v;ES>M)V6d|X
zpm)9plRWH~)>V<3vxs7vA#R1kNL+IzL}f{_L$58zLcg(GQM=!w*LmtCq~clQzazJ8
z=|EZ=NTgZdUz=83HPE=)0Q=68f)PB1oi<^v!VwlPI>y*Tj5wS<z5^<7^jSuDKM2Fb
zM`xNs$pO1L^~;Q~gdjRmLZ)0dWU<_=3X3ytT(ax5U7}4|W0EMV`9X0wS1T6wFRS1x
ze1eF$AOMe~d2>us3+kba_ItqNi7=zxRu^0yZ*A7;lkjO@b<J~gxU_=x95`3{0k8Y&
zIxM8YgAB79b=1vhjGXP8gjr$}r~c_Yo8@R8cvHttEzoGAm9u+1_o~7C=6OFhbRZ}i
zv(~m8Ca`R*%RV!5f0613zfBr3u7=D9OW$M=uf127RvzM2NC}yp0@&ndJYCi=5a#8y
zxjU{g@Z({|ZIzyc|2SRI<q`l#H0DZuZ}y~zy?d#OH6DDOYj&G7b#vV(wKUO?&>cop
zDl_lSf0IiQ6I9B~ZL<YF+5^=GvGieIQMRdJAY*+8UD<G-f(dTRqkAp_dtF?00j|KJ
z11o*P@bjZ@B*r|B?ik2P^I~yUS5zoSI*0GG-sCRY-Wcz9xJGI{gwF<qrFuKxWSaIm
zju|F~!!w&@cOy@OHN#)j*R~L%NCa>Dn0ChB<P>7N__`a6ATY)=lRy*hE0v)Y#EQDp
zHD^br9Hl$rge+HWEgpsz6p{xy=$NruC3Wh(4mVbbXEisnQjn^7aYw`xhs>aj_u!?H
zm~ANYbmrw}4!c%pHM*j`O3e0%JS8&-wl$0Zqr%^)CiP#gpMY~V44USwB}h69l8dn#
zG!nh3xFpH!zSIGH3)H)Uajh^)!=f=Z!TPhhN*KWmDZoE<N+8+zY_1)ku`i(F7x=Cp
zZcX7tc&+(5^fAPoCkW2E1iyHL`2HP-RG0QRd!)<2x7L#cWwh=J?kg;yLWTI6IQ5fH
zk^b3N8fm1_+|Weo$=GlYK9k)C%F9Qfg$IVtpbAdibGtgL*+@2AtRX(8C{W2s5dhgF
zpS)dGXI`2L7pF5b_~FbGKaNzIo@ryPVAFyP88B~S*T|h*Jh2th^i`(3wj*NEoYUNM
z!xszW!{I_NRMoj2rE)2|LBn5i%+@5COHV>Lpb?E`*4vj9e}r21Cw`U$bCs}Tj{V{$
z;<}t9L(}TLd?|>ksLb}J)3W#%*zN*Jgm>h<kMYD}l5u`h+KzVDGBr+ot_@A)DXd|<
z+`b$GD!q@v>atGv=3v1=d<$tG(t^3=%t0ktafX@<r+HdK9w9#G#iSj9TcU<A&*V*X
zjboP>BV>i`!ap{L1*Rvp^@b*@BF+>%hoTI*R-LME3<rI}x$UWCvoDmjS5O3{8N$%o
zcy)M{rU1ba9oTO8{OY;uF690u2wxpGf;_{kP>l7*8vBf7<%viNv=);j=O{B6n&E^(
zDq1zg$zIp>`a*SQ?gn$yeOhp=q^tIO<}Zlp#7gdK3hhaSDy3xrM!GC{DRjec(t<bX
z-=&g&$SGoNYxo^G)fthQynj$?-co;d4_cAE-&1?IitNqRiFkTk?}(%ofZi@+W?o=@
zRgllPS$RexI#3#M!<FutGYabAAsze!`basE`FCJ^weKVrWJ`trh0Kq~T%T6hiDCwJ
zj+5R4zEktBu;RbIolr-y9;t26x4i>1;M&`(sr6Mf2`;xPB1Le92B<S#;zg4T5Q%H}
z`PGuA0E^>1Wl)9TmM~(*$7H)rpN-01iBzyE`ZgX#=OoA=tfB0kk62w<0l%XX(GROH
zRz1QtBSEkX9UG`P-MoTOa_yhSPX`H&FZK#-oTeCZf4Sf!OznefwY6-Rv0tw<^I>DT
ze3q&w|01=_`ToBb_R-$iQ3>*@VDj=>gwKa7IRr=HgF`*6xY47`f0a+M>O3!RmmO=A
z@O0Y%54OHlB%zksyB@#6#~SmU@n>4ZjPqxyx2y4=t;&`)4;$_o$t;@Cnk?at5&};J
zr7wVB7!bWUdns7a5sx9_%qX}X8H>>&5u8&j41og$&j?!O+?LkX)1UAj*GCvd704(5
zHfElXTRH5?mXusXW|9D`*9Ih46ath!YsXkD!P^BFl|ZKGD~qBQN1%1r(QPfi@}Hn!
zQ)d1AQ|MXB`L@EOzvg1C>W=C)@)2ws2`t`Z2EsmcwbqNU>4G;-;+ngGRrGy+p;Yqa
zZ#B`dN|g&rF4WTOuKoHM+)YO9c&nfOr4;)H&V&L`xu#LMpKJJ=8ZEjr!r|VxN#p@!
zfFS<{JBXN1a)*6uR3VOZ((0R=$_n6p-)!z|3-0rhKijItidPp}1-{!j6qbE0@ja!0
zPJYVFN+8Y2+=0aZeabr5(3jJz8c}imDfp!FlCGeD?3aXH2{G{D%Cj}*xSM7Yf_+?$
zJG9USfwy{_6uxo(0pZo+xbu#O5$=K<PX;gN@W1CP5<5jR-4dHaXn^Mx3^Fvb-VW@n
zX|o?0PQ=}j(^VC4<`#?f27g3rim76rd}u9`S6C)(vB`wy`7m-Bw{o22Hkw1K^waWz
zVXStF$L`^G)Lso!h|HQT&?;0J7C&k(D2cH4TA25r5S3xk1bP{92*eKTcP+im(Z6=*
z!p+4Sau0iRLFtlx@(G_CzxHSrnN0+~oBcQr^pPWryBM_Rugc>h$3W8G4o;H;Y=yQC
z^~F3Brqu3&fx!A=WEQd?<ik{B#8AlW8JW*!(wrt$VJBM<R+uM`oi*9unS<Q<9meNo
zaDJwy%_pd*0;}h>pG%e@m+wYlVYrQ54G7dZGbGz(3<13}4vWCCcXV2gKS~9k5*R6k
z0k5?tIt=&%HO%-E?1qTxKGck4RFfYRdmXyvA%<@5%Y@1n5o^B*PeON-MI;JSK;+zP
zfHZGrH^Tz<OUZ5uZlQnD8)L&?z`O@>Fuq6yD2M?NO73xgd2hN_FHAoXlWu8GB_JZN
z;D{8Q^a0SK8A2f(u{I0zLF(*n1*lfbja_`x0MH0+c&-myH@x8?xckroWdNRLwCzWT
z)Xdb~`XY?0@Zq^o2e4F|yJ4m!Xo30_L_?sUhRV))>~$U7A%h)yZK`}tr&-&1p_>t^
zXPgv^QQjX;jH?=dr=;*C#o-?yP>lm27jAjA@$M^Jl4d`D1*5XOSL{!iaQi1g(U#j`
zu7B~<gf#-TKZL`e2Id4WWYo)up`}>Y3p&7mOvzwIpLeyZq{>r&0U+G$l2~EGrs^pw
zBc9Gu#Hk;`zVrP7tX5l9J=>qn+PJw4#*4gP-xHv17Tb&gIZA1v8M05g?$6KEI`Pd{
z`sJP@1WglQPMZ3Yd0QjZ&7qVG**><v<UZx-sX-Bak+-$y>f7PCE!UzDiuw3z@}nRZ
zO;;}`Kd+p;<A~nnqiksXDU8vlnK|!MSOa0M?xUXQ|760ONk|EM$5$TvE}du3!(A8=
zIzfgdiHi-iKB)*Rr_dq+Hg*5vR@y4~<^(7rVg<Y>>rfLiP$!KQG>$YDmFNK{`Ds8Z
zCQOuO(ZAo`BeFUkuVZh8l+&xxnxgd@(wKxN+Ci_f@2CEd$=AM10L$NqrIq@T!%kcq
z_=ll3{SC?KKFb!_5Ov)1f`i1!f{Hv_v8m!f3@4j^#1@4E-8qffrT`m{SNmxAg@dfN
zwrC;NB~(&J$i?ox^e7R_&1tIe%6;iCmzz?>F5l#H-g=up&7KR7aMdB8c$h)Y^2fN%
zi8D&F_%~~HWHuD8hHyq;z?^~GeCw<chC%SlvBirx0Fqb}Ob7v8V}}~_l!y$T8@`HW
zi^Mlh1Jl>PfRK_{o7Yr`4M*eSvb4Z&Oe0xvFf`zY)4lk<Ma_FG=P|@svy@#?itTz!
znh1*Y62sBDwDeGU!E~&0yMHaqyI;G?@PO;P4nT2h(tjSAo1^Hs5Qzvwyg#);)%tSO
z%g|Pi?HD|pHLzw!8W*r*M>>MvX}34TPnE}F{#&Sr7!opwX2vDLol?l$VY<5y-{8s=
z&cinYM^Gzp|0fT*i_SK971KfU0!!(biA(cU6yrtRdoX_e%b+?v^$0L;@b4rPxL@Ea
z!|yGG&pMW9&hCPfwz+{K)&rMs(4-;L>(ujO7c>t!p^Y<SNKaMp5mabOEf<&Qu+R~g
zag13sZ&NA+@#-+#dS`I2uPw2;B^Fo8PO-Pt+7NfPwfdu4Rou<p(Rl#9{G^w9#X5Kq
z3%fHgix{2@1{1C^=ON@uw}@mhLt0T%?b~7RKDFA=e-aDo@<gTPwKFnDUxulgHUM&G
z|7{-jYx%SDU?K=HNwPWTd9`{QG<C^Bay>Fb?dIOHCx2%$pHS0j|3sE6;Ng(9u?(K=
zmlN8oW?u>dv6S)}`dP&)=yM;H>awL?vX@Sul3AHUwrtaVc8+yi)GCaDuy3&&x9cpQ
zpjCz+j=inAfRBT;tELi<4dWFC&<Y|OJ+tB+G^-?1=KIE<_j0MS#YPS>K!amQWYX@2
zs0;_7Lf(RNMXX=Fe%F3+_SnRK#CIV`*D}+9y<stRHdm`c+rD_Fz5-7ofN|trFrvae
zUc%@_<ZPnEJZd4scQ8v%Ip8l6%#4bVfcgEWUXo7z?gWhUzZ;4lbX~v7sKJ_z1?mp^
zabweB($Z#-i<7S&wul=@Yu~;<4yIpZpMy`fs7`j^OYZdMCf(<~bE6s{`My2(VTcne
zUeiE^v6CNgCd7a07$`jTXv*TTq!5v!Jo8Qn^VNoddztbQe@Q4cSUAL*^_{S`XY<8D
z)nN?@(x`)sH61uKg}<pXz5@j0o3N2bV5lYe)R?t^X1aHy_FD#y7ne0MMwAh2R3t*=
zbyb7ETsC$+ntD4@f{spQBcx1BB<aT>%fQG0`#-<!fB-=OKnQ-j7_Ag6HnB>-snn;O
xkMJv=_D14X0G$^ok9x5set1DpaQXF3;p*fC`B|~p6r%p4MRUQT|F0*h{{!%t(&7LB

literal 0
HcmV?d00001

diff --git a/cdoc20-server/keys/rsa/client-rsa-2048-cert.pem b/cdoc20-server/keys/rsa/client-rsa-2048-cert.pem
new file mode 100644
index 0000000000000000000000000000000000000000..0ab2167d1c8430b6c55782cafb7341874050a1f0
GIT binary patch
literal 888
zcmXqLVlFXgVv1S7%*4pV#L2MU*rs65)BX|zUN%mxHjlRNyo`+8tPBPjhTI06Y|No7
zY{E>bsfGdud>{^oFnefTc3ysY9!!K?m^~yhCnqy6&rrlb2&9HfnA^EBDYYmswInk+
z5vGnCp_A8u8>Eg|m?gxuxWqtCoY%<6(9pob(8R>Rz$gmHHAdpn(IricO31;$$jZRn
z#K_NJ(8S2a)Wpchu>17oqjA=mm$W>l`pxveQ}D^Mbmgu~w>M`BHLl&^to7}c%Gz0{
zUqr;4#w#Cc*dnwu_i)0i4<F~5Y|dHzeM6}lOY!|Z(^4)*T>1QZ#?w<<?>wE6fBxi!
z>yhraOfLxg9$PHxJ4HBA!|A?zM4t4yCq?>Zk2PW@mTrIG{_4d2>hmjvkIeM_pH|az
zzv;(%htip>w#{o^K4jS*$Pq2Y!rf<A@-KN+fOFn=E|$lV&-L4mmMdRe7!y>sf}d+`
zZs{a9r&&%%KGpf&xZ87Qol!}+qW-tb`!;odUYfbLOhR_z(E$I}uz>AxmeX$ip8DeS
z*2kK?t{Hg@zf43wFL`e8^7g@_g02~zOw5c7jEfZw<PBtj5h%;YBE}-pcIuF<+HM(x
zjGgIUW*#xwem_(EHF6*V(-JTc85x*g&0o7d^wDJ1l<1{%RHAtvcro?bB(~RnuAFqe
zDra9`1{X79&x(acR?SyRUmYq=|EqASK}K-$|FbofHLs_;eRTfj(6U&ic-~z9Ow~pE
zW^{<2|J@MIE4FE!{|;u}N#CFH+s%A5)5!4Um85eUzu5>pe6wP2>kKE|$QZs^Mo+j_
zG8_s%d$r)64$tgo)grMS|CdklpOR{8(LV3iRjxa}S2RxB$F1#rzb-d@L!#Xe?}kwI
z4`nWI<V+f44{x(&vgJH?*=yah!`gd;LRQRiThP4IS@J4hA;)fZt;`zpnM}sV-Rp0C
ltoqaRe5+J^$0@h#?{-#rs_&PXws?I?O!Yd3_GuF@0RWxtSKI&q

literal 0
HcmV?d00001

diff --git a/cdoc20-server/keys/rsa/client-rsa-2048.p12 b/cdoc20-server/keys/rsa/client-rsa-2048.p12
new file mode 100644
index 0000000000000000000000000000000000000000..70e3012430ba07518a09fcfd022ce2bbcfd8ca97
GIT binary patch
literal 2760
zcma);X*kr67RP7Cj4gZCAz89Cw%<^8GEA~&8(Z0GEF)5O62{mvja?WdSyGn9z7B?L
zV<}3MN{rA#`6n_raoy+Mr~h+b-TUG^=Q*G6`JR{G=KuuGK?s-yAaDk;av)O7QhsuS
z*}!E4PERO-^Wq_P1_-d;|B_%7C;?V`h^r5)g7wIMTwI)BNErcUbO`kU-#-o*H{c3r
z|2=X6N>IUz8YG$o+RM!_549IaYkZc=jB<xS6!;)uDS(TW{ofZM954`YjFrPH#SHAj
z0tF+WeDSoIZWj$3`EO_gm$$N7Nl*fGDl|Q5wCk)aWt_;Q+P|IiAExJBQo=;T&&@@^
z<D{SGM4g|)qWy-N-tbw6`p#R`8E9kt)s1sYZiB8WuMPV>PCGAR1h@Zq1S`MAcyO@z
zF0|Sk>2Fhrc{nza{}gB40jEjJ9j)*tMt90QKO<@DrIMF$x0X!@q$HVSk{T#*H`!us
zlQDguaLrq$PUj~6p}5Lj9m>ek&Z{?zB^alIw4hr_)-e;d*F1#xDw9e(?Dky~FKB8+
zd}t;Ut8DOHkmJnhFGc~ERSHZ_c&G;BZWc$)TZ`t^Vno+70j36GMzx+Wz7t`A61}%f
zV;}R_L0oVqI}YG%-SGl?l!1xWA#bZbetEm(6JOREf?5s8d-|_pBzoMfCSx6s5Bum*
zqRP#t8;7(J!HT?==<ufc)~zMpFHBe6dYk0dK~FyVOvJ{x`PLHYhRxIv!z7#IIFE9L
zp^)zCSp^xn`UT9xws#c1wKONQcU#4giPTAt-i1X_j}M^Gg7##oR+B!n_Qm<C+A}AS
zS&orH&nKW)l73&<7e<jjPno*;jH5>zXVbn03El(fg&DM7ziIPb!CFajZ#r@a`w_7n
ztZJoh-n)^brI<alAofPQwQb3e9mR+*o7uPqO2K&uB~8-MwRW++vs0GxeRE*vuYw2Z
zR&rl=K)%*vsiaNZr^Kq^_CVMO=AIoDB2`tKiv2Ep+gD^}Brwn9^!ALxIa_-rNRecv
z8bVy=()$4A`^1VBy+Wsx4#HD_D(C2S>*(l@zd$f0<E@Ps$rc94V$zY=y}OBUj&SZ2
ze|0#4Xcd}TCV4BXd^6U}F!a7krYPbH3_5rfz40yW&W>E^6>fw>!@0jgTLy~eTn9eG
zo~7{CZJQyug5W*t1@Zi`!UheKn~Iv`U-QzY4791p%eK-Yw$a}G%3RWq52;J~PQpv_
zNG7(9ruVKsI>$;FqH6IOi!a}dH(JLV%x*S+!{^nN{krr$=yO~|-ROsIN3FQx$k8W0
zUi29!J)vD(z`<AU_4}XMN`U<f3m4aVzAz(m6lhQ0*O_mdp(-;UdI+6f83rg892BCB
zatN%CJ+1ubazU+dQ<l6Ayq?t*bfinIcI5+4Oo~(SNuG1<%U&TSStHP|u)3=blx9mC
zR59DC>TH^r-?cVEfmG-3)`oNf(xBs{LXgzXhwhGDiJhj4u`zIq-<B)qj2>N!3KY^>
z=&{R>Q8U}5+uz7ju$A~_@w=fS)~6hK3oqngdfAgC{DTXVbwR*8k#%yMnsH=tMsIQZ
z%I<aZS+30=f>}Ce+~xa^&Ch6u<Qj{@OeoD5bQb*-HQ3%yB_H{g(lq?>rjh4ErlkqF
z<Uz|*QZi&Bhps`{aPM8RHq3m>n{r<N0(s`CZrG*g5_B{AFHT)Wh{pi+czDPGPJj!W
z?5mV-C0p(LGu0TYk`T(kT=gkHxia|LE3#$R$}ZDObORvP7sFTfsH{OBcv#yGy7Z@`
zy7T=9k5xh##8$UL9y=!0jlxl`I~0pj)CZRfMGoeP%oh<;gSLpNZw!zPZN8(`v}C8m
z*(5&>r3pRk-i7N;D-4duVF;mEniYoL_ZOeo>nCvmKS@Z-%*pSpXIpC$^bpLSW81dF
zziAoITQNvmK<Q6hatI<NB_%*uP$0-3<O2!<g@IH+A)rvurNbU@NTLDhzn6uOf=~gB
z|5YC;q^72p4pRFRpsuZ<2@s&!f0o!-%Lq`yA&P^5L5D5!Zw36nV!OHZ`jDTiGoxRP
z01q!QZ}Vo%QU0IUX5nn+0;cCOm0B3MxTdioJOK)-@srYyfSJZ5F<y?|Y3y1J1l_DA
z_YG8`JM&i-$kFBxHeZ^^N!gE#-j#jL@6!2TX<`Suu^zr0`~mOL*U0Zbe~MU9&vIp{
zFZEkV#ZZh)zJ<*UuipcTS(CLCb*mvsbv?lyZXLRjSV+zCV|%*#*x)l&k$AK3CXN^%
z8@6L#kd<R{%2YB!i>HAN@PFkco*Uj(+^8WE-c2@Fosoa9k-d=WBHQ1%QE(Q%B;Dpb
z&q?h^_A-rHQgzi=HTdtT_+VVzObXJpL^{+;W04tfEAIX440c1!vh~;We3cfwW3XU!
zjL1nOz8&wc+2fmw7`^3D{tujmeUgI$MP`-xNs-IDWk-DF9eg!Tv-|tWhfdvjBZJ0K
zgQVBY6Za>^;u@j=Exz-2X4)U>rAMQcPnat%3%oGYeyoZmQr5CaWD6Va0KSSBtQptX
zwKO2UWByW$FXIC&+uriYqKuum>o}E=2(YtK&7BO*;V|v5kAjU~j!3l}jE^%DcwWA2
ze!Pyvlp1JF;g0&bzjw*l$K4(`v2o!wk%`8?eZ7#q5+;tl$6BOF^X!*Tv2a{{F+Cnw
z!`}>5J8L`IS~$^9^dMKC`0ZBQ7h@5BW1tZYc!v*NOpk0oURawl8Cmp;{oLkcv_V|k
z?k#i*mvAV{$$R~0Zfl$3sHEMJa)E-+r41>P3Fb}jCxs|iwb&p_C+cdh$ob4^)Edxi
zZ?tKjT4n>vxb%hLaV&=Zjrz8^9jM;qe>nesC3>J`qmd?|Q%`LT$yTa#7?5HsYL7z2
z{LYE2>4;H04K{0A>oRm#ub9lr-;gMgRt9(0x}DD|*kE5)=2!|_=}<Pp1b#go?x9n9
zUDCAfQaBWEBr7%_gDMI(s3ZwK+P6o#M!fxGj+!%#^?fdHa>`3?b<H^|Xzr-n(GA3V
zO*Y4^30dApE84rmmuD}Z$|7Al4V4FBhwRZP;U~w)g3;gS<`^}@3H0h-A@zj2_D#*{
z)F0z<In!8mF+!0yZx~hRXwajsOip3cFlo{17T~f4{;aczC;09QbV>GL?uXTW{1)Hr
z?bN<8ffFgHk}4zb-QXd)4zi4w?i&j1i;$X9#w3-*$Qc1*YIGxNvP@rHW>r%D638-o
z?`d0Z&S}BLyAa1hE@J^>+?@EC2ddRs4aE~OX=k4sSr{#B7%qz=>^SP}@5~VuKiyER
zuT)uR<`?8mzugC`8Ug24p^nvvx*c&?ttDvh6fydH$WmhEY$;FN8Dqn4E`wEE*Y)h6
zi#>pivRvo0mI>-Nql;M7NXwNezB_~C2`|u{uPz+p;Mxy}eS!8TTIP+sGkwz3JsJC5
zIx%PN75|BPmClGaji4g10bmUv0q#HF9Rv&mL8Z*_89$A}(GVfOkONB<{cnD>k1ek)
nTA@2%Faj$taNnVVFuD^_Y%~NAUN&2Zi&(N;v<El+D}w$B86oFY

literal 0
HcmV?d00001

diff --git a/cdoc20-server/keys/rsa/client-rsa-4096-cert.pem b/cdoc20-server/keys/rsa/client-rsa-4096-cert.pem
new file mode 100644
index 0000000000000000000000000000000000000000..177f017aa02f9e1ba5cf7678dbc8d9780bc016de
GIT binary patch
literal 1408
zcmXqLVy!V~Voq7W%*4pV#L2Li&3(}^j}Lzhc-c6$+C196^D;8>ure6r7;+nMvN4CU
zun9AzrWy(u@PRlS!t9}W*?IZpc`y-nVfK*3oSe+OJVOx!A&?p_VQ%Njq|~Ck)RN5P
zM3_2mgib*Nevmq5VUCd0;u3|RU`GQvab6=MLqh`#LlYAqBMQhhM&i=hHBC%P$iczL
z%D~*j#Lr;R#Kgta#Kg$3r9N7>wMoToQ|l8`u6WzV?}ls%f=Nr%T-Gc-P`|5eljr&7
z?);r4CBdz^Yw|DYY`k|U+c0|OSJ!Q?pU;0GbF--{B>H~j(hqZWo_-BKP^P%`EXUm!
zh5hrNE@FBAtcmN@xn(RKj8{~YPw3A!-`g-RaluT6AE%UmX(TW6JuRI%J^%2XNp9~G
z4kRwVsjqYJ!I58|N)2v%2;8`7dw24}@W^#n9RhEBSn*RLMZZndy0OA+26IQ)i?uA5
z{SPdY-qg0`^j1CF>VMspq7StG`eg*2nC%vM_c5Etyq~O!srzqNdsSZ9ebO{>>ak1l
z?e`jXtT)fecTKr%kSZ_AXSvn!va`i>)nDtyn7^K!dr~O5{@;A7pCx&$^H#)GP4B<e
zHOX?<uJ9?JQ<|(_rn@P&x+wjdyyVe&`Rp^Y^6!G>u5`^!(0Ll{B^~-)dG;9|8(kUK
z2o245dG#OnZ>uhjsN#Ejc<bUB5>+``-!%dRZ@G&!rItrcR5)W&`nNs$f#gZv0H=t=
zlZ$Wfc%n0J=e5l&4t5P&&mQPGRWiF$P@pFBWW>Ji^|8xVe7>U8(ok3I$n)fp>ukme
zO_zHYTwbv6htom%F!x@cd!<?z{E{B4Y^u)OY_{dzn<KN29kg{c^$zgsi`>xlUqGq+
z=j4_AOJrQ4j=rkN$SpPQxxz8qU3{O!<9@dsRe^VQb3ZO;VrFDuT&!pyZy*ay$g+Ga
zVk{!}e(!!`n?32|H}lU9n~pu<S<}qIft-kdc?y__7#U`nNi7ilU(dR$y6?|XYZ-<*
z`M)AZl|%m@SfV#|os+_`x!0roWxx5&S~ZI=V&luWq9dCgStZO}_jy;+RWDI%lRu)r
zmoI*4>Ah<DJbpI|tz}PzDm}D~R!6R#7OgtDb(2dW^Glh<rJAZuQHPSZT$~n`U?1|^
zV#TC5$t?#qK1oP>xBP3<zuJ12=B?AdH9xvNxAsX<S&xn2xuuW2?u1DF+ijaI8W+8J
z-9$~tBORaQrPR~zUW<EeB)inmyf%Gv%qlLH&&;cIIqKQxE$3V2zBlLC*ShrA0>M>$
z)mxdP|J%5HxEW&e`P{EvWw&R)ZA$5mbjs&R2zslYUbcTLM~!D&td+UKWR-}MSEcXg
zmWZF%SiM?3Cu3qrPUMtL`Arrx^rA0S_OXRXzY1;pW2Y8#I^s#<f&R{vip_#EkMvzT
z|LC6K(f7>Ue_Nl(*b2KZd{$eg{o#9wzWKy%u50bbZ+RTQ$6Kvld*wx=J<H<8cM)mf
z>|yq1TbRW|E<E^Us>GJ*|MX1l^!*dcimoT-H~-o3>3`c_v8)!G!m^nLpZPsxXC6;n
zwerZO*y*l?>te-cMFjs=+pB4pP@K5;;WhPxSMQ%O-8d_}!ji>#@4C*nPwS0#fB$F4
zCj0YT-2|7$-J3$(p1#dHnpF_x?Px0SZMMtHi(32(8um)w|GMjv#80Cj-SakbhHD>q
Givj>v;8rmJ

literal 0
HcmV?d00001

diff --git a/cdoc20-server/keys/rsa/client-rsa-4096.p12 b/cdoc20-server/keys/rsa/client-rsa-4096.p12
new file mode 100644
index 0000000000000000000000000000000000000000..9bbdc6bb3507cc00c6524ee9ef5b6bf4b318917b
GIT binary patch
literal 4440
zcma)AXEYoNw;iI)sG|%~!Vo3;=tD#h!__9rgwYA3_g;b+y+-uj8CP#nql+%O5Ro8S
zLZU<;;mcd^t$Ww|_1=%O&N}<-eg2(w_Bt>u4T_N94h##vAp!A6{uOynNkB?ahy@=I
zVZnQU;2jv2O#Xkh$V7;+WCDL+-am1lg#3S06l4U1g;-E83=4V-v-w9sObIiD!T&8O
zU;;$+wm>K1=%XirOLiM^nC;X+CH>YFLPB0JApsOdK?3~miG(0x0PG$K$RhGD0?ZvE
z0)8TJVpu(vEd1&NoYel{VVyFD2n*7#X!SI4OFMreThHv&*3Yo`DN+%?|CgIA&j@3n
z^79offx4~EvqR?Sgu-VmhR*(lCS&D`cf_}hm`DQP1-%7nKqpQ&8m-5pD}#e2zonoD
z^g-V>S-Nl?L#BQXr72&Eap=%(HG&~q+1&@ySB<kpZe%4CI}V2FEO}tp^_1Lz(ijrz
zL-WEp5Q}o_&_IL1x#+2VBz`7r->%n7hfUTu(h);=lUz~rwa0>=-cVPC0a&l5l40BK
zcQ9b{bPt`gIZP^6)NU>0)|&T&Vy5X!L5K;&Gpd9!9Zm62oWLIei{}_qDCb^L_gI%3
zSc~eo9T{sZW2M(W@zET6B*0aMuT}E)qRe))C#3}|vg`)oW3`nGW_W}~^C7Gm_`@d7
zenfz(3CzmXrpVHJ>lWf-z|IMaA|o}CR+iM+cziR!qRUN*d)#_aQutvQ6W+XsCS`kj
zn<3{NoEk*P*5{&j-}hOZ_k4aPvt(cO2O82`d8<A}hmaHLG8wh#o@ujHf=T(u39;Q#
z>)*4?vzf|^b4tqT$>nZj>Y0<Swa8ne+Sgkzoih#P0F_ja@H(#-J9v)1fA5T2%&g>j
zbFbfZ??#i!(gYbHM?W2uMcCK^t^VFU8#EI=om2Ah7Q%RJ^?gBjMOZHf#k*?hAYjis
zp9cPVw+(%ho&VfG1Dw~X6mWQwE1vcRKJD`ZDkK-H7}9Sv#v_O4o+{#2c+*JyLB$+!
zrZ#^yu2HRsn^d?(BQ6JBAvn&Q93`!BYH5jAC0pHs{Ycua@pA-1HZ+21^VV$r$Q&ph
zP@OKHUBLqiC%*_aPW0}OWXysT6pCbf(?U*{&Bv3>1HA@*22qaA*}BU>fi3#7`G+y9
zhL>b41Y(l`YHHUkBk;7GU26PLN7AN_27OQaN3hS~^yYf-Ko^%{MP<FuO-u8_E%dd@
zBm%>Jb;?Gk%#pG&n$~ie6V}A`%g>C<5ixLHTpev`tN;d+;ee-_5s{ID@joo^hIDRS
zAhSGkyETg>D^dNf?BE>uug`j>DoI3poW*rqyLT&W$fDDWkh&ez&2W8Qh2dSNX*#`9
zIsOiqhwFXj2h(qxt$tzHPAJ0`MtLV$ffC4z3bu&37f$e@Qtd1{$2Xd_<J9$y-bFEd
zZQr)$&&eCw%@^}(*pI1vM!!ga==5iAHxgT{hqo2FTYBFes|K_5?#VIpo@-KN%{hPB
zCVKlK7V@k(NW<q)er-j#n)#Izm1N5~$N0|k3yR2cVj@8U&0?MN;84}rD?$7j^k;-M
z%I|ohB$>2STT{rjex&fl2G{jP4k#*mtL@y@U-pYTh2ua;VA^j~$Lyrl$E#y3)z25e
zzs+CHw1<iy0>|g`GJAk2`MOiN4f1vS^a6izrw<LwF&=XH`CNsF5p6`0LF4SLe%HPp
zk^W)V-OCSb5J615K4*SC!*HfR^Ki=8nS=W&J)h*?pMFT}mem24H#Tm&GTR!8d;A5n
z^$q>|Digvf7mR}v9CwsOSOHw-AzZT)VmZc1G#8m8F}8fbVi9Wgmo_F;{yUW?-jA4w
zDfVN)r*d90Bc*G8o0PyTIRiubpD@j_Vv4OdQi;l9t4$hLg$#j5dOE#WT#R?m{;jK?
z;Kt{>?F_%1rS(ZY8kT8p*U+oklr0mIr3pT3!Sz?mB=c1|AuO51wd|N2FPi08YHF-u
zc7sDW`KQ~a=E6*}4-xlcXI!0A8+Y>L!@l4lurWV|@N$E8ZP!`tj$OayJK<<ir-vjc
zQTN;!$R+g5>W%t?cD%`u*EvgNbIId(c;k2tOuk*|o&z<|?7R=s?W_@JFz@DG0-%Iv
z64SKJ7I}Dr-3}(>?+qv}I%@q4M=L2>@fU5oLpje(!SM_+-9dO;38!9xL2u_%PM;Jr
zWh1W7I?a<WZ1mwvGLq;ce`4mQjWj+LTa94t=k;Xt-HDb*Kl4Gl=0YELRx}uUL9GK(
zNk>ds(wR`VNg12XU|i-WpIgn0e$P2pXAXr~Yq_O}J^yH<DI%;oQUR>u=FNRfJR(1w
z;QX0yJOri9gT{IhWt=cupgmCZs7@=(1qq?9IJ}K%d>77f<C9h?i+e+bsf^$O2a0e<
zH{K<V6eZoMc9AT~6}FN^VCHqtph4xG4@44PZN@fp`R%=%wS`!>+$ii@K|>Si%y#^{
zfyepoHKC>vBlmaL-;73Wp?D)4T+p?{90v(Q<P6DU7r!h{3Pe$^wX{nwy1zOlNJvwm
z%ktJ@l&vE<@iZgLm4;5OcBJCgiYRrtQUAFz>@;qP|H6ZceAMKrTsu1g*Qj7KmlSho
z8zI`KG;pJ2(p(XGRlZT?fxDoUKVha%W)Eja#<x~>3d?sPo1_-dmz*KFwm<F8kx2_u
z*-Tx&qWfQvOb#(4sC}NwaLr;=r0g{~+?d-jQ({eSHN0ZhNa>o|+hCL5fmOfr(312u
zJ`L6Ty^gaFDP6s#(o%Mk;$7O__@KUE+wZ2i;(_t-;pOo9eM5t+8MK0d&T)YKJ$nxJ
zsrT1>SMB~Fkb_Gv%LR{!xTWgTLO;W4j&PuoyGm1s9!)UPhK`ddy43BwsqFg5YLVN%
zpHeS)U+8*+EL+<=w$hLnZq63BwI`VnpPyXUX!l*7CF#74P#6Tw>b)J6kttP&tIbc>
zR6MI;d|qhqA$BNp?(`}&xLE$TacGWg8Ql$fO`!AT;BT*(Rms2kbZdw0=gbORxMG8l
zc6v3!FO?#`PK-(!c|0MNaulJ|GutAq>{z<kz!kMy<x6Fg=L#Gy$c?>ujCeJnvKMRb
zpF6m(^;HD|=_wiQ%Ap=W8@-qeqM}C;rZY(i9~z2wDyFR1-=66H)F*kOS<l)dzM)_A
zTAn8R&bKtGjp@H-v4gA_b6|#^>pKm_xp2=4bz250VcoiL`y_L;r-+S&0mIN#*_pVr
zQH~wP`mx-`@OaiIUsYl~Yp%(F8Kyc{7BX$&NG(T2wok^=DK?>>8RAt_BrQ`%3~k>6
zoFrcZTx4|on$~>@dO#;%gB0hCVrHBK(wR>Xly47iRvlwM2xC4|`vADTy!GA#s<i@N
zo#-waEG^?N<bXZIQyeaC`30w1XR~Ldzg|St_u-~xi7VL4lTz-MJYL30B~&f_kT9-e
z{InPj1p1P!kVc%o;TF|~3H)Q%K=h()Y^(q)fD^zTfC0DwyZ}M~4}d4Y@=tdBgZRTZ
z{v|_1>4|7j_RbinsFaknj3``ELKG$;2E&pR{X-%pDa4W_|A7(-2>^dm)W02q|I0Q;
z-KxJgoDGJ*SAD3ozSI!4X?0!u|FMnohKP@jd^Q<qcvoo6TD;RsED2cED|9!XR|dfP
z>Lo3rpkkT?H&{;tMa{+DxU%-VjM>Q3cODccDRq$^aKE2Wo5JUR%0w>=A#qn!Pzb=S
z`hFMXA$+vCFN}vB3eq$^l{(63{Y;~V81Nf2c-QUVa=k^t#P@{&3o89u*5f{=)0!~K
zGiLJ<7D|nsO$QCWQY24jZicdnf8)wSs42<z5)prHEMJuD^TleEWx59W!UP&Esyqh|
zmjj0gqpEVA9Ws6-9b`hE<vG}Q?2&PmL8DbQN}{2(Ro3Skl@bRez;?RNq2z+OnY%5S
zbXAEXCXk5K+qVieYQ7p>CU>*>AEY%x*p!Rd2m|)T92kE1AA0*<Ej>+y_v7hRJw*84
zx4PwT%uiC$F<ZPL4xI^r{P+<}%bx5O>G~sPsfXCiK5>?ALDz?=I=-ERsykwtd;zaL
zt}%pv{Z<R&Yh38b#ADKlys}7ql$ljo6y@;{C=ynUM)K3n3f7B6yoq|^keRAodprbu
zvdR&66#%}#4z3UST$IX0-kMmIR;>(m2(TF4n>&J0#k<x-Ld5RtTAFE$;T)**M(-bZ
z3Jyy1lZ0``Im%e@2jxRVXlo>q64p(-o1?Pu^1i>?4$2!Al#YT>5c`pR8swg7hx2Aj
zUmFt12ql<MSfo9E+7lBG5n}4`N}h_=MkE>G7oZ!d6N&KEyQ<$bY(Khy3HS9)uda45
z%mcwI<Yn?pu$+N+$xZ<0{tU#_B7;DC(36SKj!OT0#&1nb^)+EOT=P^DlVaXb!TEH(
zs@3P)r^LcOrx4L-y+anE0Pp$tf7a+_;$=>)eG=>CG@{|jaYLGNq#8-riw6;|Pt~T!
z*X+o;j2s(m0F{Qh%!>_HIZTh*B53u_bt?R)OC|yxjU<W`tRC<3S6yYxVtBcDUXoVK
zf@<fx8ph`*FVdF!FP>r42{nJOjqBT{A<a+Q#AVZ)Txq_)c)KNaM>be;e}XQeX_6p)
z?IKt}VSm3gi#)f@`{^*8SDj8Nlq@kZh*at`62<wscQ3{!TPqnZFmnp5vyi0zaCgge
zl!c%+C|G}XIYTuMJoaYUKfa=(6)=(RPpI3)FdqDBSJYb5wlMu{jSj;vJBv%(wpKsI
zT?<tN-lN1;j*>U8_h(D>Kf+zPK0WG8n`PbJ!nJ*DDWN5=$=v4%J~ZSCq;5JlZNA55
z?~sG>|8Cfm-tzKp%%_{m2?|k^s)}5d)CWcbgETeGBE7f|YR~!AH{;cOM#G<BG0)Ln
zNG0J2Hd_a2vxoalL`qflHEBvDy1&XVJxO`;c1bY(;GuM>hOCiqsnk~@KyP^&Qjv%K
zn|?9SHlEOT&Oe^Srd`d4bWDz$#=w4$iyQBe1iE79i|jcHntW}4fc@R!ZqFD^@+mT#
z8ey7epdBh_r@hRKg*aVDt~=-OE4v#GHOtr?+EIuwD=_b}GsPXjw$kB|OurK2!}R;n
zA`^k7E<2^~iAS+_YVn4T(n+t<RQ|7_Pw!?t<f(9->DS^3bAHQVhc@sUGsC!E0DmD!
zzPAo7p72qYb0AQA?N{AS2_S&8@wp3YT4qJkZ2F`PR+anY<sH6bF>-IM94Ip($90m3
z!epmNZpH&7U8T-h@P(_6mmW)reeuH^>(Q_NA`m&>QD{{eH`lA#)xl&^a_%w}mGwK@
zOh428GkA;4C@ewuzL)~=!)1A4ZTEDsP2)nWR(ZDUmr;nvk$ult&2vIZm+An*YlN+P
z!#vaG)kb;YytSG(Jp+v&E4cJ;mE|)->R70P96%?^;ur%;?%CiYY4h$+LzIlxTvI&@
zsbU{`{hGau^ILfvkAwa=c9UgPNxMesl4V`E(~DO2r>W-1=O&}vKD>4*VP?;Clz`i1
znlmG;KYJp1pc05DLJ5AGTZoqID!TsAx|Z;9>8Wjk;^QxcXE^4Vw~stPMLM+MkPvtj
zJDrka^K~nO8Itz2A)%-4w{Ec~XC&dl7I%I(`mbMauk+0I4;#oTy2aEFWc-?CUrSb3
zYUXv%xiUcKQ52OvXa|W%hG|B;%2WXu9T60JDCkLhgMn$mL}8Twd>aS}hyg^<d)eo#
zq0L#1R9zJ-yy+rP9&#cCX4>$9J*Cn^*O2{aBKp9=Qu5%5_sl^zqNWRs88Vi$bMF6j
GlKulQtRYDN

literal 0
HcmV?d00001

diff --git a/cdoc20-server/keys/rsa/client-rsa-8192-cert.pem b/cdoc20-server/keys/rsa/client-rsa-8192-cert.pem
new file mode 100644
index 0000000000000000000000000000000000000000..6599a8d29429f17714180318d1a61d470c9a23ee
GIT binary patch
literal 2432
zcmchX`8yMiAHa7pGb|f<!pN~4IYx_w%9%}swwO7V8OdzUK16B~IV<GIE!9w>oVh8J
zrF~L4>XWM!qPdTVPyO(DzWoK?A7Ah1^?siB^Zwz5je$jBV}!hmz#t$91Ov24?Gj6=
za&E$k3&S+yY~t3$fk1H~0G6Q#$HIicB#1ByM5pWR!b<!G5fqff^k=gEV*WRQqM*bx
z42B<*sV9X+{&qxBaEk~pdN7k7>PI{Cp9lZnrX&{e+XJISi1d)qy-ughunIEb`uci$
z*h6|a+yOl!*I#(x5Bxu069ZBH^Bq7T05}GM0AOPvqM#TE5YXREKb61o2+;ic=cf03
zTR_U~2vQDJQM-ZZIQF9$rFQb{#ceq)-!P`d_JE&euIlhzoAY`mk%TZ+dt;-xx{d)G
zslyi;Ek0tUe*RycWo4N>B}^URewkL;+>)DlLdCIjfy?=sWPC<rp&gJ2Tn2F|JV7Em
z(*$$$;8OPL>CTga@UkvUi{e4M;J(_$1oO&|-}=<pf{K^dE;Jx7@NQJy51Uc#%>L0`
zJA$kj9Dh_*;bizZeb)Dt`$U26>gg2A=QTRL(EVe+hhAJeay?wk0F~`h^&zcxP?oE7
zVjE-OZs%HtRi|pxz#lHmQTriNw)0=(AlHqJ<DU@(DFI;@d9a0d*R*<NbMW676Lja)
zo{<9(+hfYtYimr-)~p8j1X}rQHG^kA2AjJ1w35ve{O_%mMtb^~UnYH9mD(Uyj4)Xh
z4i+$bxK8otN0O=7_g&&o#&oSBWV;IW&53=V5kobH2<cET)0=QBtk-KxRGXc(e+yhH
z?&=UK7gwvZ{WgA>XwBC01R9>P#Xg*s=WR!ED6$77R1(!o<TrafM)dzCmlOwvt`;V(
z%-~)}8hr0D6d_r81R?nbk*He*tsTgtA1251gikaB5PRbviAZxjZ7#K4ABvMdc&8<2
ztId!=2q|Yv7CP^>R&jj7x?m@RjgAE>=$vaaJMU<vpXhA~80A=XYaJ@~NHwMvNkFt;
zx==W&>$Gb*9iq=@W6L3U=X*QhEX4kvDRPt{c&f%!;`}|KGt=6b`9N;bP>Hwb#@r(9
zc{2K(q~A)Su`S^^Q!dicttI>mE74pgLTX*ccKF6#_73!cO7d1}Ud~3w!@vp64S&xf
zpI-jq+-PYw1M@QY>N@b6y!AVcYAOo&Y%D>euc6iV6nF|ru*wnYQYy6eB+aI)O09SW
zzY7ZSmOg15I;jwU<7?=Ii>i3mBxmhg%%0_p{d{GYoGKUl7K)&&%!`Jw>pAlBLsH=7
z#!{_|I9ufDy3Q@aWsSQ#^)Sn!_g$9o=5F==v$zFKug1!+i-27!j=Akm9Ww{tM#+-u
zmW|yS9+kZ=FcR)8fzuK)nXBPM_l$tuS29l4hZR)vtG$p7zTTq}uj;io@El6~drW=W
zgIZx{59o=O_7`_Pp$}Y^diY@zL$#>nqGGV)91#+`T$I1_DK#b?A;3UkMYCt)<j3T`
z_Nh0LxbMM5Fq!Dv{XnbIl}SoaXvx4G%g&v+TXvG+Co<hT>h?&O3>-a-p2=c_8|nD2
zp0tAvldUISS!Wv;3oqvlmOHL=Co4tf)({W@I87|ZiV`exbCwwsmMa?6?5gBgrP&nw
zgLzv#qkKuD4f}=>m*4Y7)z#Dy1O@_tca*S-SoE)up(P-@AyW1hP<D6yC0+)=1?b_l
zX9Q2ak@aUpel_)1M1X+9whK`U6`A?G<L--r*6j6Wl}@2(QwJi}I^EwsDM@ANzEuzQ
zYRHD7{<L*NW)ge19i#^_FQlvTgPX(te%|~wdZfAa9X35pP}^hgt2r|N7`_~&JxU$_
zsWjIP|G8C`5tuKnCrfJ=n{*a<mlD($0YBtl6{=!`Ze)0WL?nA~p3vRbKHgG7pA+kE
z*^HUJ5s+4)Fr*#dp+=rm#H-eh$Y9vke?t|jm$*OSv8fTtpc!@zr?fA36skB{@QG54
z`T89{bOe3fH0^G<{0DdaaAYrePpQp2-Ye_8>b#|DR%HrYiiSGA&~Z1uxNQzM90pe2
z^-oHn+dk=MJVNwXi<-klBQ`xERjo2H3o*T&5<uQ$TzESZd{-_#GXb*x;`#jqP~EJC
zXaup|<G|4iV2PK)mS6iBGAdVx$sD46W8%<~poyCbFL^)SQzbVBix7N^()r?<vbc8k
z4gN`8-j=SslL78@^;*kY*A(q)<hi9w;jNVgq^bknmvs#0%Q+4;t?_R&LlWmbY_m~m
z;<cSmO}}qFo)@q5CNH71e!@RlgryMsH&}LtgJCw)=pnB+_XXGykAx~dGVdHpJ7l-`
z<4<@2vRi(Mflx@=6|q!%`be3F#*3eA$5up&hNVnq=sS;EHymI?9NZU^H{}DMKCanK
zCCv1lta_~y=q)9Urf5R!sowX;ld9<Nn$yhuRt3+ZQ_LiQZ1`)xSydZnv|V)4M5!Vw
zH-`aB;!EF_5y|KOg|H9VZ8p_CZ+1u0=WUbrsUqoQcGp6f#c|#V<J>EH)f;0>?kZVC
zse%@HpLS~Q^y(nJT}sm6TubTI81*&Ila?Hc0U&_qsv)}=GJ37tHEU7vUO*Hj?;GZE
zyE!YAVC=kMOa)2kqeox;LoYR*&K1q$zp)8r1r^G-Uom<Lwsd)z@I~gLG$;FUEc!uG
z&Cx7GovM`ELmzdg!&du@3hv44EgPu|_7XP`QB8NL6MWVs88KWH5xEiq0wlN?l8Hr+
zb{GO>Nn-9~cx{A=tJ7ph^Zm+9lholWP5kF1zha3)v)TAq6JeD^82@;>K_(MKj>k2!
z8fT8_zP>&@N!nBjFdKKPQl>WZb>kgH+O3vw*}eU{J-ewK{~UnBw2NEA&HaI4<MI?>
zDC^R`orO`<xB|nXKIjUyqT$}SkzY9^TCsFJ-(g=5%U}4!l(nq)_oDaCb4GTt-Q)8z
z1bkej?q_>f-d_;V3I;JroF3SkuoZ^$Dih{r@m^=BVnz=X{EiMe{h&ptZBhox*159!
zB{@xKWIkm(t00`>7dMMff}T%~5L4$xn^+hL4f=N_;}z?B)gBCt7E9JO@e=+87#TwL

literal 0
HcmV?d00001

diff --git a/cdoc20-server/keys/rsa/client-rsa-8192.p12 b/cdoc20-server/keys/rsa/client-rsa-8192.p12
new file mode 100644
index 0000000000000000000000000000000000000000..0021ee3355b41218a35d7352759f4204f80902f3
GIT binary patch
literal 7768
zcma)hRZtuZlkEV5LvVN3;0z84?l!m++}(l?4#7Qm2=49{+}+*XHRyh~?$-C$KJ7kq
zo$7PC`?b4Hvq4DJprK&cASCZ_h>W4qp^vCg@KCuBl1m_j<n$l<kPU(*{68ctRv-k6
z=^vWzpP+(6{_idnBq-=y2xd1M1hbvZ{ND~(R5ook-v6X1Y)nAxnfAkEIfNAM%Ht?y
zK6cU~@P2G8G&CJLG!!`-3LL`!p9qZz3t%IGLo^DNhBAWzLNNl-1%D77V#^H4b~NXk
z{%S-;1VS*CpLU+d^#xs@$%U2eI<`_IhwS5DsLgAg&~p8OG%fd=f*$1z(`6B2QSci-
z;{OhEDd50Wbn4_~HFPNX(ytEnnfjY`ytg=YIGK<DPX6?UWN%C3PkN$EdIb$QVrf=b
zr0zN2D}5bLY)8Efe^ROKI?e`*_TY>3BM-%*)Cnvscu`u$;U&E1-KO|Yj&b^~-Zb%P
z@~VB_+s8z-K5tR`d1&088!DdxiTGfFxd|pEBJar^CmNUB{uPGnYsW+NfawAClh494
zp#d6O?4)5H+WZVhOs+pIUtB%2O8C@wFyU%BCN8sxu(KdDL<mHg(CD7d2yT7hPf=RH
zWfO=W#y(2=i*6`(BElNhzf3))AUocJvV>2QerR&`TnS8C1Vp+=C0(fLKrFk73`!HA
zL04!4u~aOTg8oZ`f!6D(7?a&(!2`!l!i@tb;>fXk)Eq9m<QJizZ1G~;q8?Fcl$BqS
zAHjMX;Mx|p3Rp2r;&gIxO$(TnVH@2hs(X1JB9c)J+DE-|@1V29YZ}iG_*!QTy?EX8
zsB}&a_QaghG(i!CVePDu`u9!d@+SYtidTaW5q4cL>1bW!V-86tesB}6TK`;5lJg8^
zDDR>&@akG5MVdr}PhW7w{(-MU@pAEm8i~3dKaX-L0)=Tla#%z>QK>+ZWOd#hzO{5-
zAYN;BDS5oNkx~DSpUo!IfAzf@_yOi@LOzn5B0g7&hVQhaUki1^RBY${EAxzcBWzX~
zt!7Qrn!c>j3=?G+FlU6^9ccG%*?MzX6AI@#<>SZ(CD>DPb=$<_R^6{lRjHmWdx_(<
z=O)>rjp#{K-q2wYk%C;*lYil1g5#e6gEMt|j-HWBdbse%->?#4pra~WRX;%*mjDl2
zxVc5lx!^zm6|Gy{<kW~Lq@>kLPD1x>9>$5(_;J9Uin9~QwfF;*Qx65BfRZJOG&p)S
zgYcch;PG@##Z~oP0*extvH%5s&b8ri2rIcg(XghC-n`DAK8GDmRQMv|D<3!YZMn&S
zaIRJW?W-Z8BEpW=<5ThIneVU$YDsZt>+-Ng50ZzE*AIj7_FM9E;c!+sP|9VIs4GhF
zy3%$cOb+n{YWN`rIv5VB8yL-2hCZ?+%!1G4z?Iu{wg3_$fuQ&4QJTy48XRzQQZgQO
z?K@j(jL3OC*~Uoy=8fgaoE|AQ&pYB)e=7is^LIM(ob}ZO6Ua9(FSh@d)k@8Vo_+KG
z;YSc^<|tQ`Q?xl8)BM)oaAa>XXRJ7S_4{n1`{Qg_5e1R{VaC|`oqqajXDA#YtJ3Ei
z)ayVgVy{)ZY-Xo?Oqr0YapFz%R>5BjQT?K#ZD#_4UTe!<{aQz`S>QBjAJoc(a_*A2
zK&pBG0^v}t^CVVw)|ea|gOyU%@8zQ;f*0NmN7~Ex9YFj|e=z<a2nW+UFMp*YV<&hQ
z@06_Q>Y#Md&|aUh9UYP#$Ob!FJ?~g(y#np#aJ{(rCD7;@Xgo?AnsPEC#EyA|z)T4c
z(|ssC_@OchVPt^&hV2(i+1uqCZ4)c?TE)YmTqtxrdo=NaYv_-aoB?<8F$@X2x|Z>u
z`RgTVEHAS0^m~P;S8URX@y)BR&wj1Q+Xwz^6=A@md3$TKO?{xhH%$Hn3)iu`zrs2K
z>f4W&*S>s<rZ|@cAt?qiNltJc6>OgmwNGA`{L#x|QaFy$PF&f>chqp_lU`$6daPs{
zrfOWKZ)mOGl336eGRB9Elb+e7!wFACyyZN|c5iaVV9r!9Q*z?h{DPP=76j|^TQtpk
zBkAqvt;=&*jgIMW#%MvFdnc!Vzy0*7(@D18CU39Nx5?-ztVA%OnLjiEUEH|v@<tUd
z&$KEueAt<F->%v}aOg>!!+-WS5$V$J^l!F%=mR<1ZwbvPc{A#j-}l{Hj2g{UjDD`5
zf^(2tznDXQ(CPj27)7F|>e>A1mI5pEO%Yv?W48i>K}6h!BkhrcgS>EiV_q#lAu6q6
z$$z1X1jh;QJ;W$Uv^#K|GLjUxpzLeX%=&Wpjw{V((8Z!irjz81e5>Cw1r*>u3e@CD
zEuPS~e~>Tn(q6|lN`sDw$2<mutN>$M@>-q~#`4)fNU&O*CZIsDr+6lk+H%9<JPsEx
zXz!ugk?&s6CkP@mi=G(tIB?=WQ$rZ^;LQ`P*qLpel2fK6`$9P5cZO9&C8NgO-XzT8
z>pfr`GcAkL4J7c?Z7I5=tw~nD)i+=GNaa^1=_mmqsi&kqM62~1ZqT;sOu<@IEJvXP
zIHg6+WUWsYU`R&OG6laM{6(N0y9T+?{k?##QC+&qFKB;N(}|DE^|Y1H`+BL+z%R?%
z^<t515cJ}kB~rJE(vDsDG?o>Q8i_bbylro=`YKB<!x^JD{@K$kSvW3+F<|5v<ZdyD
z4I4_vjW*V-npwksHy{Ncdo^+rQuT_td~;Jw5C4w$Nq-tr3O_=?(!Kv!xpD3h*Al%>
z`#?RtizB6xZ=q=<3GP|@4zXAH`3IZ_!}0~E|Atn1`t!PQs11~np#$4vdE@wgRHMP}
z@8JqFIE}7H9QED=i6zG(Ga2FuRasrrJj0<96Gly29eZO;?9;5fv92K+_Poy8xcyiA
zC19H)3J?Dt8fYAgfpunwv?+czNCEe@gXoa&+c>NzyNFY{gkvsi`?B0laY32;Ra8QI
z5Fi**XgJS8SE)E$%^w}4E!)I+!RCK>QBj<tAwE7s$@pcd7L~(z0!SW&Mm_th?4)}c
zEQJnFynOw=TCo*}ZY3-?A8E3+JbLk1Ma(Wn61J|b@w7Eq>*1RZhYu%@pTM&RP^$li
z$;=s_Ylg@JgZxqPr(=&avW(~YRUt0XA2ROf2t#*|gEcG8Y27l6Gy+w6#EI-lq5Jxp
z4{=6kvuheR37wyiprQ2mMS=O9<`me0O7km&wUd_Pbf?*wPs5l4pN*B<uQaguh2yQ0
z=$Rzxxs+Di%$+ct@=7flg@m#T6x9GaQnWk<WUPKRaxngB=u5`Vv&O}0Ua~LQ332z3
zP2&}EMfVMO4!kUcTy!wB>;ecS(FhjweT!Omyp(sl=Z!Fr)p94=D0?xGb?l`@^I3%J
zoB`JP%sOr3MgA7+{W{q)^KMI^B2^wAtmx=YV%hgFLY;62IlF!ZaS?T~KT$G@YuwOp
z^CX%Ul}oHl90j~dmy7QWmv!71<lZ+mPoCR@e4VN)Bv(NeTe{%19Y~foVV+LTw(^kp
zQ3c2Tt0u0_)342}iG_MbTLq!*KXBoZg4AS6-xOW2FyLJXq=<A2>5$UN_L_x%9VX<q
z?Y$%a&8u$ko;etFoWu2#iSN(hAEm6tsHKiURa;C7fOJR=jR%dCQHihF&na`U7aBoc
zpIxUB@>5<Y5Auopb8<{t&rn8ccZFe5Ua?>z<yf`d_&Qu7#6`C*x7r-~_%)F6fpZyS
z=oy3n6}7gA^U$4B`x<j6R=jp?I<5Z2m7%C%v*b*%nLKaJmdV6Ul9ljNpYB3NsyGkL
z^eWVHef5~YjW#2u0y`oHtVrr%+7SA*6%6jMZ&Wt-gMN3~ECLkKM}6mL91D`3UB<#|
zZmicJ<leMd|1pda96wA<@HFroe(VZFo8&Wb`=w^B7Ue@C^6!zW3-RjP@ij7`T_i5T
z^8teZ+OJRgG6H<Y`(cYp%nS_l-`jQyoev*ugGp}+H;|?ZxXk;PuQEm#yBqqpEfe*o
zs@ipK(6@EH<nug6(nZu+pr?B$O5ED&tDJ8_SdOEEuv-b3mRCei-~Sw}5dDl3e>r)D
z+hxlWB@T0@K4Yy9*3(6FehlZxj!a*%p~w9E<fOXfr>MfS3-zA-SZ1F4J3TdXif%q?
z)o(=n)0vGQ10`t<dcw{S^Y4pXPs_=Tm1Tu^=QmS{s-@fMdA?XW+t``ghfZ$<!P^24
zK5msJHMC);ZcOFKXSL_H8C6xLBxd~`9}>v%Up{IHWmee>K<AafB!->i3`VNMu3yFd
zmCVw`v^=>#R1p6AauoA-kVB&EnqU{sWl}LI8$idu>j#yx7|&e>g$Sm})GC#j;_e&{
z0uxvIrs6M+!(9Hoq`h`k$)b;8G4X)9uT0ZVN?a(n^$%Tg7l9mxPM^anuR>zV?xMam
zY1>6G<$j&=QjVXodIaP7?O3#j*+n>$feL4{8sXjeVwh$3os6dqm<tX2+d-UH^&)kT
z@mbjdHP*Q=?Av_&%U*WdcctPTV1VQG0QD|TGVU@<N)rC#Wg|+_asi<kMo3{o+1!O#
zCCMHq<)3H%HdN2rQ)r~eI#<`?!lv2D`N7hU8P=IENY^W2O2wMQaLp%o(|130uQL}b
zcuBujn9SI`=5^^b>IAj@C7W?xqXc=+bv;P^!lTsT2-`!V%vlk9L&=gMJGTAOa;1~P
zU^ROYYN2nUgCb~NC5arG-A=WV-lY)cGtWyGqKl;D|7HAEFxb%)yuVG}xkh?%fyL8t
ztLc}~#E1TS0+kHcxwziD$?n>pC^dXxUxzd(1=yCIaWY)@2#CDF8y#XhB^SQZK~z-X
zRG4}uP}GU&h+7`mQ*WwtlriTSz^4>_G%pqbAw-CD%vgCNcVI?u>f8e0^&Mw|fh!c)
z%SX<Yzw#!+qAsw~$(OK7e7l-MccHPS{AwNwx2k?X(QIkxgXpGzc*pGffq4yI`LkLz
zyKhty>0d%SNeq7~tw%VVBv<4(a34|c)dis=s<;`H1)3;ruZ`s^zXB6aUP5zu!Ey?9
zPs|xUP&Td-PU^v&om)ofcazhn0egi>S_9_v!<(%?nnc1Rkbb|^6YL>(Ce2KowVgFs
zC$F(-cz+$$=xIC}uZfQJG5mr-nQM~iu?e4!ox6&I8)&hsEHprL{d%}{G9M;ph=S$0
zSF{#X`I7ot$!GHp_w#~q=AE&)5W<!yU~i;Z66Gzil2)#zqDF-EVuXDEb5YU-dMj`v
zHTBzZT?&l_jR_a-Rmc_iI-|mr?1ehlaiT4G>w2CLl5wGI<YyZwa>t98$Puk&+(K+a
ziaFjo!D-BWmz_4L)iD<N5Y!Z9%}d|Q!GNDYzGU(qVAJW9(<ry^2_EU71!xu`*Ya0~
zr(^;}6Xi|4CezI2HhLl0L;Qt=&czSX8?a9(lx?9Kgl-sp@3pq<CB3>&k#p`|t^``7
zB~h_?K7u#iwN%J*l~>ovmEU=B?<>#q@Polfem3ahJ2$Qi7A^S{fSFx#Ul(}0oUleq
z#eH>{7`4?g^d%ZH7HNdZY;v2Q;g+%A`1iGagvU>;R5t~zwiFO<l1&`Pq-zJCb4A~{
zXKG68Z=(%YO6oC}#Ck@oOO(ro*D5kc$uT?+!eh>jQmp>$$Kc`FkBbxi{yxNX>$|Z?
ziS~5N=7)+<O2va`w2Fj#d>Xq*%R?9@1|s_;E5nv@CmPcF67KMLxO7hutKKqj<+xRy
zWZKP8NQuvh81R9!PqC$|L^V!5pgSdN+UO6*;N+O)BgfD@pn%?9)#nj0Ofu>suwiMw
z=@^3*82}@=mR=!=@u?~@59$jxR(XYY|3zyeNKRn@oD6&ofv3?gc)G^8u7uf+F~$g3
zd-J!<^?SO<4rg3=ewbV9tI5Gz2=&(P*@-JK`v$-G`dgf&E|>$A82MLk+vri?${D5<
z+U~j}4M(o?9T#uw`VdDjcQD9WQQ<diQwA7jU?OIH@x)$mr^VrI|MgvFgpzfR0`+Z6
z&4Mh2q5VAc2o*wR&O@(c>fSI`+^n&<I>{M>?PB)y!$KWlMbahpk1o6=>iejwSv1MA
zlQN#<KU-7K!FV@;K6`A4*Ffoejnw`yPauc{gJ8ZmSRvDrc~gZ)1li5*aTz%C`=vTr
z`UTpkO>YNg`N_o-86!Exx<;Dd6wX%%zQfMGFc1IBx8x#+czrrJ(|#!vLf1G752`c-
zlOb~?{WOK9lva8p&qw<V&ODyh@n83>E{p65$uikHR9z)o<ldTEqat>M^Vth@C#wZN
z)p_*&)^|`WSZwJ8MSSmSa}2^1t}*B5V^L9nTzI+idJbQ^AgZMaDQNzxvVWT5cwG*g
zzuS)e8j%sP`{7d{3CCjbQEUE_UO$Ek+L%0t+s>aa*r4#e8hsMm1fIKB@X}9DBJ(Pd
zRKT!1SDLmO-^Y2oa$cgW{(YnhfgdTiZYAJ`mP(HR@$L++lmrx~GUh$?ah<vmp59m{
zm}ltnq~lPeh5sp%WO+!$4(gg+nT_dRy9yDTos^UqU;?lOSOLrc_5fGFXMi)n1z`LS
z+Wf<Ku~Gb|7>6Ajh^b~}XGYEr0`c&%^K$d?aq)7oL6GwPErN&3g&-yTL&ZQt0seuo
z|0q!Zn{5^XAiZPP7~1c-TFF1lDX)flcIx=Q*k-jff?qGJ$t+!l5uo1>c!vTYNa!Md
zBkXZ5k{#-9+dT{v7I-N**k3w|0D+W7_)9ts*qR^$LCm)ZtS|*Q#yo--x97g8Lk&R%
zhZ@Q;qHNLt_a)?FF$v-E?yom&GSs9!PA%rDBR{pCYni~gWrpbTrJ>>(S?3pqvxO`|
zan4>K`lV;<vWRY$E5pkvUl(_84))88RA$Uohm#Nw6*WTK%?6D&%zDLM>JL%xrBdTt
zabgt3KPPrOz$sPA-aqJ{9e4UFJutz8*}4&$@QvROM|pDQu<jcU;qqL2tPS2Yo`OuD
zEv7=t4%ME2Wf}`J#w;v+0DfgRxD;(VGWt8fJuGJgh2P*AXe000&naHD1hKr4OvST^
z-JB{FPRs{BS}$Px_+U#|y&lm1^pl~(przwm?`@Wu5Yzm#c|ZvCe3{c7%F#Nko%70G
z%nY%v9ui^9+OpKQiBCVm?e(|Sf^W?QUL_XCPq;d0`vxHlU7|WmLOlJStMKX=i4Sh@
zN(R1i?e8GCZ+C~RG}drqhzMG=A{zDhDJdLmwZ-1UAx~LcTu6oQrls1h?peGL&^2@5
z0I4!PRfT#If&wutp^11msbB`ICtXks#dv+CO3a?W-+6cr9Awu$AcL%cVUtJYTE<?B
z7==bPGHzdbH*<>Y<2K}&;g>HJ_B*2--TTE6l>H*f6L1B>?S+VBJQLItXC-KO!daO4
zF{R8;V>js0(i9L~3brF#@+$nf@uVa)Ot7%%(71bB>Y??kN*XJ0Y~RsMx!#+ZpPs09
zooFpzspvLJ*IwO5!6T%@mB3-@d~lWJ+F1=wwb`J`*XMbBRY^`5;owO#PTIy#+kv28
zl9R7HS{;JT$FbMR9o88(_+r9W8?jX89SjtXwc)J_(L0mMNCA4dC(nLWCQB^61y3Im
zCbHf(r)rF^){hZWIj^J4rL)BrU6L*RN-|oEHL2;Dl6r|HPzy2GbU?qu%<cR;zP|$}
z`Q5riaw~-*xELA4^J@aee`&~Ci-$dcoZ>S15+aQQ$VQ{NJtI!TZ*voh@xpmGEy7q-
ztHbfyvvK}reuUN>K-Q3CJ(~_`b;Y*L>2lvmrqs|N4@tD}!aYp_f96dff^TR;`_k!1
zFgc&n5st^`uR=4x+04vOa~tH|Y14oWC}cmnq-Y}+I6H?O{e8=@xmj8yKE1aCLt6wu
zu*b$%DKd{mEveum3S{wMp_F9vh7ZoP?UM4b6ihDmHTg=g9G};AWs#F*B|dGuobzpA
zM^#K9q&L$E4-MnDsR&lk>AJhb$Lw0qH{8M2=Egr)_{?9bi-8m9&dD(f;|*1n!Lm{+
zH0y=b^J0`wBiw8yWe|<Ag*_3<;{odSCc^GlD)rzm`Y{<Svw^9bk*fp*cx|9|JHuk9
z`T)&=E>m7i1fG$uO2`^bA$W4o{FWp6NJ>{VYd>`5?#zF3P~uR2DW}1p`5D`@viDpL
zHNznDRlGQ~W{hW)lorySiO|<bYDtnZ(gX?pnhS4~{>ZRacDi_68h{fxAj@i>mMp|u
zBZpd0eg3L$b<cg(w_W-+U+UbP9Pnowms;0-{M56oZ9)~Z5DV$E&hJh7{WgQmQHwe*
zRHYe+Pd&9G&0yquR?45PCaVkNnv%=#!8qbiS)YvzvEDYk)i>gtkr!_xVm{YrNV;Bs
zAx0p@imCQb<S<Z2e-<w3e)G|WRg>Jklh*t#s&NyBk{w|%^B_zw|IEp}5mg%qe9N8<
zbn+09>9V)87+U-|9%ldDKTN4ejHcH+q>{KT=1MY3vU|t+@LBA#^@$xmP7+n6S)5J7
z#AkqcC{$ZT+Jk2zB*yhj7^Un4KQF$9x@p<U)fDie5*IUC9JKac_f9KSnBAg+{3XvI
zYpm!*?Hryvt;sfJfr|!e6sefkFxHYWqI!sS^uRb7-f|Ve?r>CFwcNdt9RaDX(gH%u
zt|n0IX#qg$tK{tntR0dySr>%v!+lOyZSS!!P-CS4S6i_!3rone?^zC)v8dm4ejU(L
z$vA%MLb@#Y{&x7Wotw=kojz-({PStsu5F+loZN#J4lxMlTeebSLm~IG#=~i7^>Ik!
z*|{IEX-c=`6@ygPyiW=cxmI^b)*AED#=Ub&_n%Y!ISRw7(C)|%FkC0h38<g*aIW16
zlPA<!OxMFBzt!+apGh}tk5y7@FUY}O%e&BH>~hPS1lh+Gff}@K@Ug4vm=`;wH)02;
z^&yy^0lBfZTWFG;W)wya$L<@0>_!W%TD(Wsg)jZFV}mY)*qy2NgNE`ewNl1GS_b%!
zQ@WGs!}>jE(kHJHrzI*sU^!L-zOqY%5eK9vuHo_hX)-)(7sWmHd;MG1iJwT=>9{NP
zSrbh6m*tfwHN8H*aJDzc*$BTzh@U5ITJ|x1&XjO%*=V_Ef{976RscR~P#V^E%+tkt
zZ^ia^nv1G?*<Bc3JoyzumW(Ntg6KV--ZHfPJL__l?c`g7EHFT>5LF0(d@QF3OD|q1
zO5))<BXyZRUCZelPzv36AWK}$K|mE`&`IYi+m5)<$)mkxcr>>Lzkb7)PcWGCC^vK-
zKDd+!XZ)=W;|I5q?)Xzn)|bz>e4WRLVK~(RG27|0`sG$&tR1(k>6c)?1>^}RmL~D*
zGFJ(nTguFdavX}m+hjS)gz#@*EFtME9H^>sa+f$9^G}~dbv`hj<F;6vlAbWw!rA4S
z_cwjuL$xawYXU$V3qwZ>yHC2C%N<tZX$+Ea9*PnNN%?uj@HhwVB*%8c;kFi{+|Enm
zj8inH*4$LMi1-^0mHv0JqLQC+TbEy>%uv1vXYkM?TZ|56VHH<=9Yth)8_Lo`)SSHQ
z0`JJb<b)GQbKH)st21DLWDC*=jmV1KD75`+wBVhgyZEe<oaomz^n=w~T$K8FBI)h(
zY^&h3Bg1FC>?YuSUY%54&pwsl4aWRzW=jbH-f|<QTnfrY*X;?^Dbp{&5-LIiR6uKv
zyJBBmx9<dbvK#&$Xz$_L*wX)UxBqpexu9XDl$=1#VErlS(e<4Q4Q$Ga`(xav4jE4l
zAlo+jEt27HlbA@E9w(!(*NvL)yj~3Hlu%T0_I~a#GbIE4o(gl*P5$5hHLij_WPXYw
zothU~#^s+0DafqmHfVLfO@{_E9IGbMXL5}2W!MzNc1XCF-iNw)xf0OVGU$KNpKpyg
zdH76--)xL5@GD1U-O<C9eg6)QG3k8Hx`gpYT6xBv4hqhWu%3(BYB57&P+C+<h1+{-
zRbGXW-p@KyqS$oc%)aJ$T3{>CU`Nfs*XwN8y2&tIST&ubCdbNJ?fZ*gp+H2jkeG2{
z_Thr2%=t$6gs{VRh9`n`;Wh{GR#9&_pdV|z3d>lzak6o6ifdG1V$<Tqwn@Q7z$RX}
z0^EKdUh5f?x^307{M5k|Dc&DuqH6Gz&>4%V!=}K-&W8H$w-p)+762qKem$e&AXNBd
zk1={%FTdT}Tu&=wM~c%OB{4P=ElczY#I{tS0FdrRz0@8{84-4(ay`mLU;n?8^uGY0
C8R0_!

literal 0
HcmV?d00001

diff --git a/cdoc20-server/keys/server-certificate.pem b/cdoc20-server/keys/server-certificate.pem
new file mode 100644
index 00000000..acc6deca
--- /dev/null
+++ b/cdoc20-server/keys/server-certificate.pem
@@ -0,0 +1,15 @@
+-----BEGIN CERTIFICATE-----
+MIICWTCCAd+gAwIBAgIJAMlBnRR21uxrMAoGCCqGSM49BAMEMHQxCzAJBgNVBAYT
+AkVFMRAwDgYDVQQIEwdVbmtub3duMRAwDgYDVQQHEwdVbmtub3duMRcwFQYDVQQK
+Ew5DeWJlcm5ldGljYSBBUzEQMA4GA1UECxMHVW5rbm93bjEWMBQGA1UEAxMNQ2Rv
+YzIwIHNlcnZlcjAeFw0yMjA1MDIxMTM3MjdaFw0yMjA3MzExMTM3MjdaMHQxCzAJ
+BgNVBAYTAkVFMRAwDgYDVQQIEwdVbmtub3duMRAwDgYDVQQHEwdVbmtub3duMRcw
+FQYDVQQKEw5DeWJlcm5ldGljYSBBUzEQMA4GA1UECxMHVW5rbm93bjEWMBQGA1UE
+AxMNQ2RvYzIwIHNlcnZlcjB2MBAGByqGSM49AgEGBSuBBAAiA2IABJdOtXUpxGEC
+0qXXLS1ZHV93mV3T/AvmEPnRBy/ZjLoeVAZdcFUpi2x8oDSmtV3Q8X0X/HMH/rDs
+WaG1S7Q1e97nDOikW/bNUCTFUReOtONkokmc3nWJPWH260vSPxHxnaM9MDswHQYD
+VR0OBBYEFI9TFoiYjmDSEPo2RQuC4LBN5Q4ZMBoGA1UdEQQTMBGHBH8AAAGCCWxv
+Y2FsaG9zdDAKBggqhkjOPQQDBANoADBlAjEAraJ0GxBRekk5GdUCzt42+Jb0ELzi
+MV0q9hSTM2TgCtjBb+XIuelNPe/MQIDXbGujAjADPdXzjmofwNPEZsCYpH61siI7
+H3rJMXqSEpUsfXxy48tUYGws4qtW8D6gOCpEdXQ=
+-----END CERTIFICATE-----
diff --git a/cdoc20-server/keys/servertruststore.jks b/cdoc20-server/keys/servertruststore.jks
new file mode 100644
index 0000000000000000000000000000000000000000..cc8e046a19d1d12ae5b705c491386149c0bb7688
GIT binary patch
literal 5974
zcmV-c7pdqlf)`Q(0Ru3C7W@VYDuzgg_YDCD0ic2w?F51r=`ey8<uHO4;RXpRhDe6@
z4FLxRpn?|CFoG7&0s#Opf)>XH2`Yw2hW8Bt2LUi<1_>&LNQU<f0R;^(Sui*T2`Yw2
zhW8Bt1q?7N1Qb@>{?jnsQ0R)KpO}$Gvsxe1gb4xyClCSwATSID2r7n1hW8Bu2?YQ!
z9R>+thDZTr0|Wso1Q4re3r`O1F<m9*nK5h{s1<;M7EqAMpD-vXHxWUre?nJHu8}Gl
zGY*B`Ep=;1?0*!>37Hex60>J?Lq1g+a$-#`TfuoX>d2m&vLQ%vVCzHkUxPJ$!z05Z
z5Ix$eo3rA=0dMD9CzCC-7$B~_>x80ds-ww<F;U^Os5*#qxLn%I(0wJM-aBl}O6<{V
z{_@AP7r`Y3tgi`Y_=u?IpnApH>B}2LQUX*^qU7U*r2ZfWP3n7T8aqwmg(dFtU4kc(
z5PcVKV<|gd$8sRm8%+T8j0H#w97`HsW}iEDYabeWWyzsd!${sIp0Q1&jO$W*#Hz%u
zH^$ZF=#={$@dNM;Cjt=j8E2$LyB5i;77iQa_ZxvgU-d-ckjOUn0}&W8asBApt+KYB
zbm<Z#w|w4u?1AyO11eL-f{Mwxq^2xd=LbBkq7MiZHBV<Ws}vZ~Cmbk-uarkiqoR$>
z>>BAt!}4bwPNVM($Ppn<++~63+%7W590EI>tKmETA|iDj>If$bDYZ@J%tk%9B_v8f
zp~$o1t7LZTZigwEu!Vny)-;3c3;g$kDeVk+d*0|rCl4sk3bGKDmoANADrzTZ?<q5R
zry$da5SC`MfW@j{Ec)=`28QL37vvj0*vjt|Y?iGvxbqezwt_^$!4R9W4I6Zxb6-Ye
zT=2B<+h+7<tw*4@v?-3q(9(=Nh!OFjF&y8tRrzWZGNw48C<e7r$x^K0UgzL0rwC`o
zcp97xOK=%%Eti#K<pS?VWr9v@+A=11aUMJF23aFJgFq2I4R1=(-X=%oBbPiixj~js
zPtBl_TDT|{`PF}YU!7xk6vuW2J@DCls~$DcR5EuV)LYpgTi4AEPpK7yP{Ujm-0Wib
zVGdaoW-wnwet%RG22SR+@rwiYy6T7Gu+z?-YsYN|DY-Ydj6*)go(5!MDthoh;k?M*
zE#?t-gaZuu5MVI?-i(HA&$h`({5X;q$9f>rhmJK~Hs+LTj!f~xuC?VI2p{!-IHO4k
z9TI9@U);JX1vp`Tr_DwLOnQIGKza-N&^l-7Hem5rnCyWIGpggq?I@mxV@BaYlEB!5
z)W2)~K?4`P00AmZr6faup(oxIn*PPdFr3o60Q&?g{;AxivGl$?TppQGjGz0A2w`;u
z(ZFu@n%8H(ajeYzaufiHnatcfbbmjW**Z3E2Fr2OBc5iCvubjXSNmj%sl%;p2PZ{2
z#Md03Dq`I3O|K+IZqcS#A!B&GTh&q>w5kbfEMbL02^+<g5a@^rl+$c$nmXBl+N7+Q
z^XIUe!$qVrsmxvujmt~yL+Sg6Bqh;yic4!+Y6mz8Wd=Kqsv2{SR%TFf0VJ!32*vkw
zRfI2d2o|G%6TOf&atV<sE(t?*(~gTuN6e8db8Sst_3bgJf019(X|Qe!dA7c4G)~B3
zUilkTst2QTUdl9AH=H`5#}-q5k(@kLC{2fLF(3>`>R#m2l8<Hp4;W9^OZkJYsAx}@
z3xQ!C?H|R+i302Y?f$0zpHfXVB6BLnmE*CpeL0F9PyRxd99p}nVE+mEyhbk!wm_q>
z^S2ZjHFXSLVQo2jLtHNQ6>*CJjD-#L1L!^~2802*_2j8!@Rcw;4-To4Gdc1@7krqP
zfOI=a%dtom6gnFu4A7uiTxx1dWXwL^VuQoC9}uxQz!i|AzFKCht&jKg{l2>rVE3d>
zQhq7=6eRLgF_40bWV}f;4P1u}OzLt-kz5@Y&+5B*LbDQ#R!}gTQMqs!5W>jhEcE7H
zyor(+9LC{4H7Q6__25qM@3KEUQ2GL~0!!zV(LU@4f9(t0nZCqj-6?k1;FDPKLtkG5
z=i-4YH{m-^(^u;tXh35iIk8&mtOp#u3K0^$1o(~88+XBq{wJVF=cO%WRRd!c25@TT
z>oAG%A0v}3TUjI-&%qw(>m2yre*WF$0kFrQN}YfZ36ed(pbhTt@3IJa7lE&2uN;UZ
zLKQ(4hsR#i$sB1acF;&Nl<b+g9<pv<cyT~l$l_RlwMvvj0){zbr-OXAAX2TaRjpKl
zeg+ld@9NBJkB_F#S96oSp-dHCNA1~u@_YFE?i+eQk?ks-(D2xE@@440k;;M5ra{sy
z9_*A8z#3a`jPwwOtM(s5SC|^)ud>vf6;UST0voQ>co6*YnhezOBQ2}{;aOmCM}Ox0
z*#e189lFh~LSsrXsnXQQ{f2t+8<QdAlX)lrk3c%xJvuZ3`s>ROnpxW#4fdn#7|t?B
z2j2@?oFe(|LG$bJ%N~s<_RdW)mf$gSLSjAa-;WCW#%xl(brlv}<3rI-D6Sv@$gOTg
z$83q)$umdNNHLwm-%U9rMdW-^Q~8#F(=iaUXIkXj>x-q%{v3=iUHGtC1ug%08bVH-
z8`>I=+QQoL|3^Hq$H<LCZmZ-p-sSV?-GS_0@gC?Sx{_)6#K*%?bxH*Y`xNpMSv6GB
zi31pkzH!RB|In%S#K6lE;mTals(1^!z$hkrWa+H)(#%Y0OvyyI{%Bj#_Ga3?L`X6t
z1{P1o!wV44<DD>&2K>#vDdzd56q<b;LZ@a?h^$wKuku$lDtp!=+l?b{&*g~hHI+6e
z)!|T9b}ih;VUgy@9}@it5;Qt@O4it}BS=(jK)u;QT)I($@&fs~>5GmZ&_Y4+`@j)t
zAL6jNV)Aj1c!nmYnOtfj0d(GW{CI=yK#bR+@mu52x;$z9IcW8}-1n|lrbx3nF=E<%
z+m8l8fH#U#H?plowbd)Z)5a#$B>L*V6^q}}%)AB_alxQPaJ{sUZNsC}uY^>t{Zxlq
z5i3&MQZG$^CIQ$`7C<yZ`*au@x{66p@t|`IFn5^7ooE+5q@(1XgG}HM>O6^{tjfpc
zZLf{Lj_iZ-mW=P<fS%<jwkV9`k(ib4yv^!`?ndQk;8&WNc9Y|@F8|)qn_lf3x>Vwh
zlw~SybpQpaseZi?BrYWzum4K5UU-C>lX-r$lxCuoy-nX?nFH%U=XM=zS7ChZyd_~M
z44lJl9=CUBzi-(rtbEktN33~&)l+B<3D(*-N%WUylY1T)tyOslWZK+=?S6CvHsfhN
zr(2jT;9biZ&2JGFKwo&A+aFCeg(hacfYV&r>+6Lw45RD@j~V{7@dH>!3JhRxYQglT
zo=G>?9^GkSLMTsg5EmB+b=>sqcIl30!RJxyuyJU^@g2G(au-{DDr<gV5`7y}Gn@$s
z@KC1Pd6d4Kh^c5*of5T~Nkx9GNa*ny&5lIU6cZNSvD(&kpvwTaBIdw<&T2C4ts`)h
z8~^`e`+F6Pv@f{9`ExSjXG5P4=8gfL2vCd;d$-*Vhb=${h3&zD#}*&(Jks^od0ag3
z3>E}Cqh5ltUiJcH;CUmC#w$3ki`++FU!afX604gEc*JaGvLK@iX2vRb$0Z+cVToQz
z_U*!DNe%)bH)u5FZ$b;x?MQaegQ{r`i;b;GIUh7t_ol(M@?)+r4|~qzt}i=DTu*m}
z=8H7%(6Gs+|A+c(I5#EiZg>7wI+X=cM26OG$E%{=o@D`zwdFo+3iXTp%(neI;tT>f
z!ICR#+A3R^vn&oMuDQp{5ah#G=Rq2hR`2GZ;YK4t?O{r*rlvQKc;ocn-oN?%HR|gC
zCd=($1BhC@5w6Niivj?<JN4Ho?|AHJAt)`X2sPlX2usziltWo?8QA+wCj9}0Nj#t9
zvJbS!{?p<TsuG7&I^np!#0zQcr?Yb^8*X&8@p7n*xo|eP@{0`&pXG|(hc2E!6$+Io
zCE8x6vy_fg2{d&-{6H%z_a@XWYDriZvbrsnCkoA>;_YaVOJw)N)snV9(M{F?LvuBm
z4p<S{FT4I<ZRGn(_Hh!Cp0>9?elptIjrngBOQUiD=@V2G8*Zj~%l}vWmK~%$GXr8q
z`OB>f&4Q40-pOgx2*277nTAcsx9%3UX|R~^%dZ3+QE+bO|6pKz&2e2U?03xiIaEwg
z6%b2S@*9ty$F2X#PK&(G{jBbwH9v(D&ShXZDnTP$NXFD+o>!kpw}M*rj@W?3>uGAS
zFB#Qp5XYj`p5L{L3C>(JTd*+g9-r0P6N7Olp}!PbZ;b2i^%5R7zXFpto<sqLoFHu^
z$(LH<e_e}m*LkHpF|y$r48I#KYLyazaMAsMtg<DK4)ZjHb9PU)J_1)Ca`PaZnxIpz
zAZfJxS`m&_AH#wja!T`IT+@a2e7rVb@Y~)>K*G)tuub~UMT$ZlPLP*D_E#fd{ABoB
z>eXnq?TIG^cPQ+v=AG<mQ`}h5^hNT6KgJS?UeYUsNzmdEWa(1uBv-N+PHbUM9U+`n
zBsNoIqY32&e29=BhtVLThVIX>$<!cvsszgB&hJ8yfX`-i74EQJ0RnpJWn{uX_u~3!
z8Y(MeJdT{q$<K<D2Yh<a6#1$|n!A@l3&yPst-VTZQ0uI58lf*Dt6Z~y*lmbZ#as@l
zx`x?C&IH%Mmnr1DZ=2pbsR0VG|0+mfKi7860&iE{%IFkoRvJV8Y$s}g_fa_w35pJj
zy#PRHcfyik-KZ@(N?5nZtpx-$WC@>M37#jZ&fvR;qrC7C2AQl1hZq257AeLGGI&#-
ztL3MmN<HLENPGN+YB5U>KKrgXY8pl`(7g065=)!e#MGXVm;{5AV%mH{FP`u#^-KKu
zuhq5NR#u&6Zm<~0hvXx85|>aVAPLmv4F45u?Qy5hmpqNH1*N*BpiRLoDPt<o-Ax7Y
zXIbPSWXCgT>6DqUp9M~BqnQY>tDqs$0WtwSehj6`4*0T&wv;6RWb#z3aY5)lD<8{R
zk^Pm<<O!mhonJ351+!X*4KO58lw{M?weq+;ge~G{n`38A+L(G6ubinP4b`m$D6vCz
zEDn|t@*+{vK9Cy>mqd_7@UERh_SqhHv(+3~DG%kSsn3abL+JKB(o)nj^pc`nGbY-L
zJN~m$^=70#&8{p+rp<`(zgBUKUr76e%4*r$y3Q#wzKkL~H4hkAJ$nlH=jZ$s8V~yh
zm6s!J={;d7F7ZS{oxqtw0PmctC>eCQq~mmE4_lK*`&MnWWP(?rgw95vLzkN}Z@u%&
zY}+lWmr-Y}0A!I>NfB3JohT7qvM$m#p3*+7&@7Le+5k!uU5&)=L@VrGKAW+~Nex+3
zD?*s`glCR1*0)|ZaNSwuhv>b?XcI+|FyO|h+e_JUC_A6QgIr39ta}u>lm(vQrp$A+
z<&6}!dI_HY^rV=8EbPJPa>t-OT{;Hq+FsoXSC99BVyN@<9zVzRYh3eYzvbTz$Ke<=
zTyPm~MS&S!6igoyO<7_<Ahy*8$8I7&h7lAb%c(VJ*D4ne*G-A#lL4nLLY~}XfWx2a
zK5}<?XaN6Yb>fUo7S=O|StfIwrv&?$2Xo&1!JTcV7td`Nbc_Pb<BnloB{`#<zr|(1
zgvsDhh=s)YVl>Z6+xeB-bc`dJ%L0<?g_NzQ0ZZ(#;}?r7P8PEQ-Ex)_wShDMLXGs_
zX!wqull}L#CnE+OC&%1k+W>HYoBgR|CbQ&siX#APFfY~n$BiBR^EOH7cu7vyrLyZ(
zdax_Mu+sE;Dsl${a&`ttz#k~^-q|DHVKsx{j6J=K7LQm;vS(rl;W2gzAtV%hDMWxc
z=>V&!Z~Q0g<HUpw_EDSm&AFc~oN8WxSwWvIUKPfpZ%;qbz4NH|zsv_>Kq+!yWujLZ
z_!W^-@)JF8T=y-nf5G69m4~m{<|ij><EE1wz$S3W<d}%<-|sVE;x&%EMLHv_M}O=c
z3Dw#{IX=G5fuUYCf=SzU3R2ld38oa<*6s=#++9*>)5lj3EWqwf8C*Ko+y2Nki+$Ck
zeHtKu6p}V2%?xpoXvU~6OCBH%Ln{XV$CvG`5q0ZATzUj8#Q@e3c5TYnMqXe72j;lq
zV9{!GB8L=dJrN3;XZ~dY+R{5YwfxMD6RFU;y6Pm1OO(qH<j<Y>yupPh$`^RBq2Bff
z1R!iyo+4^wysPhvO0XRLcVR_(@z6N3EyU!g==Go7`EU-i)Ce<oA2Hs6{e6feiF@Gz
z1(+v_PL;Le5j<;t;=|nHm$SzZ_oX@V_S;2hl9#L)+6@EUu<GhAE9`^rXQ2puK}sBg
zQP!+kP+su^^*v+5Dgps?iE@m+q;*(Xr0_+K%NU?d2~%b7e0^;07(n+J&wjZWSyyUm
z3DQZT(iJ)C(YCxR7q?cE4;CzQ@P#{=0*{V8l(5xiJ0ii@7ukerh?eq{1$q0R6YuZ-
zxRU9>*TxYFiTe8Cw<Yqd9GWk<Fh|1n+&Fh6=e%2JB+q9aRGAJema=tzhTJ>qxugSx
zjQ^xlj6We;-HJ`q(jg^EL6SVg6IlB-{)C5ZZ*F`mNFSy9A12crFU)zKkwsHuto`}m
zXjxL3Ku;@r#%eYp#87#leG3-vt6Y#9saxTNLpwN?URapd1OB=tUtgoL1^$WRhrxQo
zQd}0QF=sMTU$UCEmf$;NCQB9$5P#QfFgOV<?DLQd0TJW5l~r%#$+CFxCfy0JRKFaQ
z0yb;Io$2LbUD*}Jd(nC!Mmru4kdUQ1^Ck=*owL@7X{3Vv5-c*v^FcKViwFOt8Q8BQ
z*HjD;SpNinG5za)AyYg<J}M(Ol2t=e{DjXdg`HZ+aS@Y`R;k_&Pgy8gSV&*&x}kw;
zEPh=2hT%)6zWP|o+$tbJB1DRZMCgUwA~Ultz`zx1Q{lzlO`P(MubpN7tF>)=A_F^%
zr<M6LVWv+z6H7sSIPPd1jVN%driiul{K(~WJ8`f{IP5=!U3sAIC4jH{-`w{w>l_IX
z$1xZPr+?#uK`IaQAaHx&{p&_OYy`9MvL}{`H>ZGw*i-9#c(lkokVB1-zcpQK0bz^g
z*fC+vN>v+pI_PTr2JQlzYKUZek*)8;hm|kY`XFz+XK&4#uonIdd*U>QD#p(NQw3<h
zQxH^nk^5cM^20*nD-hTC`T|jzyL#pO`^v0pUe}$hn%#$R8a`2h7P<sbiI$((b-ksj
zPm`Yjke)4eB;Byvp~BETjXQ@M%q~gL+U2Fp;x90LXf-B@cH1f%C@lm;+Os@lG;PYo
zQ&NO3ooek0YSuWO#s5lqm|E0y%NnlD__D`NUix_#WB}y8#Zb~(bRFK!{BgvPhy4q_
zJ%aN9^+yIy(pd(~J^F1iXdBZ3bH!OI%f<&Z(sPLzkpPwXd~N$UsB_RtyjeOwp_Yyg
zwW=ETUGdi)g(8L9doSwo%U`XK8ug)x+BRWB-GnoePj-1{(cfR|_BsfQ%bFxQwTxfm
zn%q<=>4nA@(@C{RX-g$&bo11kNybw0IUc$YQY1O_b2x8tlFl$%6fJASo;q#T%5m2;
z9zLg)#ZUco>eK5{Q4cc}1^hK0f}QDonvmsZdiuGr;3WVfS9Y;RkMrR1O5Zj%y$cx&
zxb-!`NY~jkgcltb^g~7i`EZQ=LQsgVir(f2I8Ik+ZMuVL%S>H1*Weg`@OULh2<hMc
z{Ma2Y%TSGYrw?ibU!^v!#csXr6J){V0z!1pu-Vaef6l0@=U3NsXvET}GM@I9Mt;6?
znP^pf<{T$~Guiy#dPMLBGW2O@mD5K=_6{&jFflL<1_@w>NC9O71OfpC00bb?r|EKI
z)mj7EMF*UC```^~x2(NW0ndk?sjH6Ji1r->6lJ2`jLB>#3c@%DE~C}!gn-g=ZUO=)
E5NnHAX#fBK

literal 0
HcmV?d00001

diff --git a/cdoc20-server/keys/sk-signed-test-certs/cdoc2-rsa-test-sk-cert.pem b/cdoc20-server/keys/sk-signed-test-certs/cdoc2-rsa-test-sk-cert.pem
new file mode 100644
index 00000000..87edb099
--- /dev/null
+++ b/cdoc20-server/keys/sk-signed-test-certs/cdoc2-rsa-test-sk-cert.pem
@@ -0,0 +1,34 @@
+-----BEGIN CERTIFICATE-----
+MIIF6DCCA9CgAwIBAgIQHgkki303FchjfzSjknpsbjANBgkqhkiG9w0BAQsFADCB
+jjELMAkGA1UEBhMCRUUxIjAgBgNVBAoMGUFTIFNlcnRpZml0c2VlcmltaXNrZXNr
+dXMxITAfBgNVBAsMGFNlcnRpZml0c2VlcmltaXN0ZWVudXNlZDEXMBUGA1UEYQwO
+TlRSRUUtMTA3NDcwMTMxHzAdBgNVBAMMFlRFU1Qgb2YgS0xBU1MzLVNLIDIwMTYw
+HhcNMjIxMTI0MDkwODIzWhcNMjMxMjA0MDkwODIzWjCBhzERMA8GA1UEBRMIMTAx
+NDAxMzMxETAPBgNVBAgMCEhhcmp1bWFhMRAwDgYDVQQHDAdUYWxsaW5uMQswCQYD
+VQQGEwJFRTEXMBUGA1UECgwOQ3liZXJuZXRpY2EgQVMxDDAKBgNVBAsMA0lUTzEZ
+MBcGA1UEAwwQQ3liZXJuZXRpY2EgVGVzdDCCASIwDQYJKoZIhvcNAQEBBQADggEP
+ADCCAQoCggEBALJtSa9whHzC8IlQFMMznnywSScwqrJ42U+bjMhmMPZCtZ0nWZ6B
+Jbo1f9K9+afbAnIWmGArV8u1K98qUgAzNQ1AlRgw1eo3tSIrss4GJ6sQQgq+gms0
+7HoVfbuotx6VaSiQ610Y1Bv75zTwA/gB22Tze7ZUptLMrgmp2FiRvb/9uR9T5+35
+7adAww7xKnk5b1HeQpwwahnaHaUJViNJWicts831gP5oIq+o5ZKCoMT/2O0fmIX1
+AB0IgCVg6tDQu79BiC21SrE+6kGiDIdJIUJya36DG+oXI3CW4cGTR+SLzZ1COQiv
+bATIwGj+BBPOY287J7AeLcrTpvQObM1azM8CAwEAAaOCAUUwggFBMAkGA1UdEwQC
+MAAwVAYDVR0gBE0wSzAyBgsrBgEEAc4fBwECBjAjMCEGCCsGAQUFBwIBFhVodHRw
+czovL3d3dy5zay5lZS9jcHMwCAYGBACPegEBMAsGCSsGAQQBzh8JAzATBgNVHSUE
+DDAKBggrBgEFBQcDAjAfBgNVHSMEGDAWgBQuG4+7AS80+NowBItcwfJcJePY9zAO
+BgNVHQ8BAf8EBAMCBLAwHQYDVR0OBBYEFKfbFczwi+aiD4OFqdAcd1brCxXWMHkG
+CCsGAQUFBwEBBG0wazAtBggrBgEFBQcwAYYhaHR0cDovL2FpYS5kZW1vLnNrLmVl
+L2tsYXNzMy0yMDE2MDoGCCsGAQUFBzAChi5odHRwczovL2Muc2suZWUvVEVTVF9v
+Zl9LTEFTUzMtU0tfMjAxNi5kZXIuY3J0MA0GCSqGSIb3DQEBCwUAA4ICAQCWXFJX
+1/CMeIw/t/WdCQy43/bg9JYT/2q1UTTTHR59fa+XFqUpeUCI6CEofLrzyWzdsgwb
+3qfKmUfb0XFyGvjl1qq1Rwveb6ysJWiKCp2ve3zFM7hof6XIPpGmEGEYbgWMLpbg
+FGQ0XSEuGckQLUNtz4Rkr6ZD1qD4Qc7K3C1iqHxuFqY5iPs5YoaV42NZXVtrpdxR
+syfCj72nC9yCEhb7N3rxv2kRx9Kgd7c+8w+nA6xfHMm3aSDZJBqnkAi8Xh+25dRJ
+wGz0oKyW62CAj2H2phgLq4SJWZk2htTCTI2OJhreDS+KuuwgwSFrGz3Gji9UJCUy
+PavHUfizBB006GP+ryVQpqF/8nRoDmCH9/nB1Jp3X6XYc7sJoeEshVxhGyBFgbKa
++0i9YNi0/Jagk8cO/kE1bnuKklPbeqpv/Ogxvh5HpeYkHPqVo5GzIqTLU54tBZsz
+03dAQdX+/Sa5sbyWKR6/cNAE02a00WHlIxcQQZbLsAjdjLXjq9LHkCx2TxrOarto
+bxZMKq9U2DQA4wmwx/S1zZhI058TlqeicA47OWWUKCqzL6hiALNCmyPaRL+vT/9t
+xkSDtgd+kPNG2xoskN7ijyr9CzTe9OQKodWWd8J6dzDsCRALOXlI1ZgJL1RGF+xY
+WAvn3f+hN4b3bCRNF0lL/p3DWrflH4mlCJ7X8Q==
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/cdoc20-server/keys/sk-signed-test-certs/cdoc2-rsa-test-sk.p12 b/cdoc20-server/keys/sk-signed-test-certs/cdoc2-rsa-test-sk.p12
new file mode 100644
index 0000000000000000000000000000000000000000..b901be399eb4c381e713b16e2ad9c015d3ba49f2
GIT binary patch
literal 3117
zcmV+|4AS#3f($7F0Ru3C3-1OADuzgg_YDCD0ic2l-~@sT+%SR**f4?yj|K@UhDe6@
z4FLxRpn?W~FoFhr0s#Opf(CU42`Yw2hW8Bt2LUh~1_~;MNQU<f0So~KFb)I=x9c5@
z|6&3l0s;sCfPw}{I6FImk%39k-ehQ8xo{1#TO{f?9f57r1%zxZ;&sy|u~VHB=AoUI
z;1qZ2fHU1euj1IARCHKhOCr_48dj5w@=nU$M)<>R%9LH9CPmV#0O>Q_!*2^0_9FvB
ztoBEZ`n-R}5I$Og#7$nPPfwchXYC5mQNRlk8V_B&usiBD+?P6Yr85L=tl-`@+ZU&E
z`4&2Dv)n$S)w5}s#`F{VV%RfJy6MW&++bAO38y7~w8-_5sDsDRGx;}+-E<XU0Mf|C
zZIoG|yj;un3OEEWr$d1Z)l)V~NYF>o*E;S1+SVAk;#pc+_vSqMK-@!Qt3ztOO2p(l
zYDP!|u<G8nKtCgy0J(rtG2acP6^E92KtiI0Wc|$)pHr!PL1f;F02ykziW|^XWfdGt
zc!x#gFLZd7q3V;)P3q;5F2~e35BRHguW|$UJCpL;V;~6zd`dhO*-VrfdPGc}nD!8C
z4wZq33k#CA(;g=0!`5<y-}aX+JB#dd2ydiwh{){}9AnS-0j^U;sjKTGvDH0V+6=!F
zuihPIS?y-69C<Bq{Ngtl7*Mn2J2Y8C<b>gH0uI7?T0`w<t%D*Y*Mf8kx98$El4;vd
z7^A>lnuQgdL=SAeAfkrfCAmdi=f8d8NQYY1JU$=t*Hs|zA7dpno8345>vY@fK*+)x
z3WOq|-vj#HIQqAeqRHU$i7u$j{0QZ!MD&HCZ`Gcu1X{>N3A%-&W-_&3&B!m;CVgSe
z;(U7n6?_PRg40Wx8sCidi)dfG62Yz`rM_WQ6yqR8$$M=&9O`>ggslFDWY87PhB6wx
zM3XtI=`;~oeDm`&m5vG6N<=6*b|wj1!1S#z5!dYYNB?T%ys^V4@mPZc3(BT@iIp7K
z!eh`USwVp>cGv1qe+7i5Es09v7)l^Sbe^cS=d(TDj}}q19ZfQduj&%pML$2LsAZY3
zF-frT+N;iHayGUS%FAi*ZIF)w)nK3QO`KjY@P1~uK?ky6Um$7qNEZ@)BREbsF9OhI
zm6W;_3xw8wfM~SF%#SS!;?_EHVqyc@x$gnBIaD`w^v*eb`~I2{=2LG01j9Ds``h&}
zuaemKrh=(@e_|=dhL&jo0Dp;p#qHlOIZpbTvKlQ(lOEC;uj6y~4v-<Opw~q6VI6ay
zcnJcdStl)qxw)v<;hQd^h(Br?>*W+Zx8=2|4G3)ZS7N?1&8Wo3Hg+!;NyyaNH)KZ?
z+Hp14JfE?4af)@!u&1&w4!L%BY}TUs^(&<Dg=9Aq<b)T0*nXkX6%L^na8tUCC2Mi+
z-e+k&aEhGEV@1}G+kh=iK<hED_W|K&&o@zQ>T&8{9);8WJgK|R^f;OOM>AQijIlHI
zS2F?wSh+t&p1=5YB7dh5A0=UtT?k?+KU`H(gW0}9lL#(oFyr39aP`Ch4*5+W5q)kt
zw@Etu*?R&aBR31@0nwvVbY%?Rv8i%4TnUlTtPiyAu|(HZ45qy|9SYhj%wsq%9AEgO
zvuK2CCs!H{zepSz%o`l}VPcj(gOA@B6pI>L$lED4DtS38YPbqMNo%wh_N{(X!rpa{
zkIX353i=i2MLj5aEv=T-Rvrj?F2f@=Ye)A)_#nq+R?1fwt8Fclr#l+xtiV1+#RTH%
zNb_lN=K`+{kmjrBS4tb1=SOB;FmP3)FPJO5B$^e$(SZW(qWv~n7p=HP2BG0=#|ksA
zlI+L*7F12TRR8Un7(^Vf#D;FiWnqhf*HRB_jLu2l*nh?TVw8v-T=aWYyRlk*Q#jdX
zJ$Ik{c)*I(1%uz0Sc)p?dx<;PJ&ct_lkV1YDP@CABbyKZk=z?zw?<iC^96(GEQq%-
zol8VrqM^;qSi)xVAhnh$Lg!c@S94xFOz|@a(G<;L-qx203YJ+^TZVJ_LB!}TX18bu
z8S;U#?Tr|wqud$$lKu=Y4Ty)AN+@V237KhZVcsO)m_f9lcU_SYj0y~e@U_&#x?5K_
z0bTYJz&g97o0st1Dz}Klo+Z=^nN+(cQdzvF|Ax(KhcdslW`bGL!(}8@Q7s!*$F)N=
zA%K6U$#<S%Ku6=(9^HTg%BzV+pbGAci=4mYSKIMA7b79hv12iRU5?D;*Rk=z#H>#r
zF}Q)0U@gkMFoFd^1_>&LNQU<f0S5t~f(0@Jf(0%xf(0rtf(0f93o3?4hW8Bt3<?1P
zpn?SMFoFc?FdPO7Duzgg_YDCI0Ru1&1PDE}(*V;Sw|)Ww2ml0v1jy+wrz*VDchY=2
zpgb(b;~zVo<5GLtXp>D_FUy48l{%Qsbm`!iyVcOhw(L|uZW@W5T4recH0Z^9b}sX>
zV{!H@$DHa8H|eQha;xd+?0&Tv$}2>Jmgqr4jR5=+sCWaX#KW}=ucG}z<UiSbe$5#F
z{)lI*sh=hZ^1cvQT62c*@I_oDGq70BL{~R{Xnzz^J$>~2s)`;a)=<)FG5iP?^mQ0L
z-cYXn)Ydi_w|&`71#Dz3#1vvIeV&`n$EhpNy;%Okv2~u&b||jC0pY7C@Kt&^iudIO
z>1PKaWXzkU`3f%@?R4|wBhBC6^1SNapdQ}Xon!CKCt4238)H+oHVif*nEwKUTO@@b
zokL;a;QDCQZRpCCI>#&xn8XF4_#XJNRIxK^+<N$17oU2O>t<`<?l8&G5v)31MJ;*5
zCmn$_{CF;tFru^F^=f}a_?@6dkn<_>P&&WP`}&_fZb>xfSwxV<dHNG_hQ#?_$$#;h
zHZ3V1xkBJ-xxR}kqqzv#BH?;(o1Jkrc3UU%v#Y<A?q)O#IjzhBxvcguNT9_0SjG~5
z6dvh`U((18E;Zre(w<DHXajHQ@@02^)cdXGcU=m^T(?rJsS$F)2+dl}B6*+c$Mx*G
zB|J@(u7I^=1=EZ|I!R57qmZDZTyr(`e*}5z@7|aL=iBtAl_J$A;MJe7gEy#j*U>|=
zCHQw(5XQD8zs48X6<`Y*wpm<GS^Y%^rTs~l*V}8rz4dNdjGwL1e7ueBf=%&8IqXK6
zMV{P<xfhGfmxknxtW{3Q!=SyF4wgc5w)sEqJ|d@zVps{7+@^RBG_R!5)&iyhPd32E
zIG5H6IDBinZ91pwmx-xRf%p2vV6pNqS74M#I$+Q~s_p9-M?>LYEKmtoRO553tc{{E
zk!+01!I7t3hLqip_-0Vol8tUsQ))?trK!u2k6L|W#OhIu^KUDGhHqDu^|KubaQsNz
z-)yMu^grSDwss%C(#PA<Jyg+y!9l!a0pNwnZU0M5fx+vE#Q3Rqr=rm%R29>M_T@mC
zrLjxnA!Kad@<fEai#4V!p+9~JfRgxS0XtK&;8fB@ZIHDe74Q^QudFn*5g{+grMyW1
z8l#Cr6L`#%kBJ`!`ib!n6gf!qF&iJ59)%I4HTFDG&7?nGOH0&c!q2wOSbP1t{?!IP
z{eu+@Fz*U@TrtH-yfPp!&R99;CZQZgc@zV}vJD&{pc6X@4P*&aV{~g%ep~t`D^ABD
z@oe|CFThsY8|$5=+f}EROLc$NZWt$FgXJ**?&+&Vxm2{~FCXo_Jr5As=fB2@Ge665
zGFW;btG?<}ax)E})kEpJDvv~WNIbf^z&iZ1h@~S6LX%TRi2EnNbXKC0kjmA<I2_$g
zhdTv!kpqtxzZquIwYgj-(y@s0vJpaLZ*5c>Lh5MZk#9GUzT}eMu-pO<y^N;SKqVre
zyizVgYqd;d9PtdpJIV%T(3H7*8<zHHUAnu%e@qS>cDQ|_c!Kb-1;e%Tv=yfOR&6sM
zDrw&}D%)XfH1xwvl6(y7d>-mFL%9tt-Ag1{BGAzmfr=-ryopqNR$jGatz`JY69x@>
z*<a|L`xDimI}NpQtw#7K=Mga_Fe3&DDuzgg_YDCF6)_eB6kLEp5u0r5(W^B@J|&pi
zDy?6B(l9YFAutIB1uG5%0vZJX1QdlNIqJ3ocJ8E*=lUbz*fDoEtPTVSq=nJf1Rb#~
H0s;sC3{}_-

literal 0
HcmV?d00001

diff --git a/cdoc20-server/keys/sk-signed-test-certs/cdoc2-rsa-test-sk.pem b/cdoc20-server/keys/sk-signed-test-certs/cdoc2-rsa-test-sk.pem
new file mode 100644
index 00000000..fa802d6a
--- /dev/null
+++ b/cdoc20-server/keys/sk-signed-test-certs/cdoc2-rsa-test-sk.pem
@@ -0,0 +1,30 @@
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIIFHDBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQIuIbyTA50WuwCAggA
+MAwGCCqGSIb3DQIJBQAwFAYIKoZIhvcNAwcECOV5Z1nBcp4MBIIEyMgW+t88ywzt
+wHUb61YzO3NZXuCdoIEzj1VsqP9BJDjJo4W2ghfYu3t9zYDmY+x9jxPR9hHoSyDF
+kDYdvAuwH7qcw/0bwdBFa+jtby9EtmlPEf6CjDCTgz+4dSKD0A9giTOuIKKMr7dk
+hq3Y4+WNQZV+HTmR4fNAgejwQ49miVYanpg/pqOmiRsLTI/hf7oUpGU+L9Y1g8ER
+Qsbnu4nWqX75/fx/BQPSZYONIS21iPzPmplmarzVKrzozatPDrl+xIdqlTOOdt5V
+/J4Rj0aKSm9Cz2StAUbcTujsS9RppdKOKBp5hW2yoMA9eChl5Ox4EvResOinucYe
+NOLUL5dqXQoVu8KRGSLkvY+h2Qe7+m/Mej28oarZ+kkHux5AE2M+YddMI213n+a5
+12RO3M+Gor8OadZ1iL/881AO2szk30ot1prmqKmO4SMvRLWxslN3ojN/qs0Ms154
+xBto3rOMWY04fJlPcWYQaxTWf5n35W9cAibQMSfVEqhc025nTGlU16ES7jphx674
+l5hUjWDMc6qnGh765poSUbm7Az6+rott214glWrWzTSHYM/NfLRm/I++GYvrEbRx
+r349cP0lksNTgfMuA5bPGDLaKqeYJpJHpa3M5GA071vMinNBIBg8k1AuI6sIKcrC
+lkGbPHM1G/F37jwsFpy5gSRKLNPV1A2KOHU6fVStn1MjnOB+RUdoTfzuihz2mmyF
+XKJJODGZ9afR/lzdukbjFYACsjH2Pg+ua0MU9ayrv1UI2Wr26sUE1Vws762DbQI7
+s5un3lnxymbEOtwA3RLdgaKOovRqlfxktF8E+dQNcO9uBOfGjSfwr3DJv/NEQ+rb
+zEvAI5Jk6uWXXcx1Pz6t9vk3VUr+v9lOWPQ+1FWLLpI01Mneti2zR2UP384omY/4
+fz43bKkCNaF0iEAwQEJu1cQ7KReeVCmzmAyj2k/78vAFdf1E/0gW+nPt/a86m1NY
+39+sMAN2mCxV6YbpnJApjkjidABsu4TGggGFQZG9i9AvPJC4A437dR2vsoPWu4Kj
+gaLI8LaqncQXBR/oLI8w/x5Yvdj+B/pviIh8t6eKB2UWrJJPI8LeFM4bOPAz2LfK
+YfM9F/pl2igxRSHyDGTFokFMsqQL4iw4QvzBjkM8FKDkv41rJZY0p6msiKJ4sz0N
+TKfEjV0Qv9mogT9sqntgYS60wtBip7SgeWvjZ/PXt/2x8UxfOMavid+6WBG8vYkm
+2zsKmM3/X8h3RAEdFs+sS/AL7MAX7whg0gZkQVIrmQVj9k4x3bdVVHRWWFArg4CO
+XW7UU6JbC8UWDegtJ5G4D8x6OI/A535xKeLoVZarxA70J/gVdpmT18ld2HOXb6PI
+H6vLcVL97FmHYhX28BchoiIwDTL3e8pxclqXd57jWNnNlaT8o4TEymiiyb92U1FT
+CDJzAS7A4F3vhWw4PUBnBnsu2SZUftQuc+TPH/beYaH63K5K3vj1KlcPGrmcC+QV
+OD0UberT93ew/tBlcb5kFtGcIybsDdlPIlOnB58MZ1z+mQRGQ7d6ulu7Ofu3dDQ1
+NLzLhsmXSmnS/n0WpFpRiQsTZWXHCRogJBtr8hN4K6TPXqzQ+P5qRrHWj1+WtduU
+18SCuByFtIh+70dV3WSybw==
+-----END ENCRYPTED PRIVATE KEY-----
diff --git a/cdoc20-server/keys/sk-signed-test-certs/cdoc2-test-pulk-cert.pem b/cdoc20-server/keys/sk-signed-test-certs/cdoc2-test-pulk-cert.pem
new file mode 100644
index 00000000..e3b0f743
--- /dev/null
+++ b/cdoc20-server/keys/sk-signed-test-certs/cdoc2-test-pulk-cert.pem
@@ -0,0 +1,34 @@
+-----BEGIN CERTIFICATE-----
+MIIF0zCCA7ugAwIBAgIQXME0W7N+oYpjfzRA+PKOJjANBgkqhkiG9w0BAQsFADCB
+jjELMAkGA1UEBhMCRUUxIjAgBgNVBAoMGUFTIFNlcnRpZml0c2VlcmltaXNrZXNr
+dXMxITAfBgNVBAsMGFNlcnRpZml0c2VlcmltaXN0ZWVudXNlZDEXMBUGA1UEYQwO
+TlRSRUUtMTA3NDcwMTMxHzAdBgNVBAMMFlRFU1Qgb2YgS0xBU1MzLVNLIDIwMTYw
+HhcNMjIxMTI0MDkwNjUyWhcNMjMxMjA0MDkwNjUyWjCBhzERMA8GA1UEBRMIMTAx
+NDAxMzMxETAPBgNVBAgMCEhhcmp1bWFhMRAwDgYDVQQHDAdUYWxsaW5uMQswCQYD
+VQQGEwJFRTEXMBUGA1UECgwOQ3liZXJuZXRpY2EgQVMxDDAKBgNVBAsMA0lUTzEZ
+MBcGA1UEAwwQQ3liZXJuZXRpY2EgVGVzdDCCASIwDQYJKoZIhvcNAQEBBQADggEP
+ADCCAQoCggEBAKnQVWrAULAAmFMadHBf0XUBhustBFdyGulNbtR6dtbPT1kbLY5L
+DgmR5ujcOhBccYOjOT56FIH/Zwt2bFty+Z/Q3AXNYlnIDZ6Y7E9l3bVd1OeA/ErI
+xbUI243Fb8cYifEO1wiWRgtQcs9o7haKGozg0e6Ym43hQcMPS9Yn/Pf56cg/T/OP
+6zfWWoa0Ggci3isYIGkwsn4pa0mCmgWgXBuonfhhRKo/6adTW79gKjhuHMKTjMF/
+KfH3/WegPNTS7vBnEePUldYE5KOlMkw+5XpY0kWAj1mAP3N+iLbA+bTERMx14MH5
+Sco57VZnlBnfhxoASJBUe+w6VjnZFeckENUCAwEAAaOCATAwggEsMAkGA1UdEwQC
+MAAwVAYDVR0gBE0wSzAyBgsrBgEEAc4fBwECBjAjMCEGCCsGAQUFBwIBFhVodHRw
+czovL3d3dy5zay5lZS9jcHMwCAYGBACPegEBMAsGCSsGAQQBzh8JBDAfBgNVHSME
+GDAWgBQuG4+7AS80+NowBItcwfJcJePY9zAOBgNVHQ8BAf8EBAMCBLAwHQYDVR0O
+BBYEFC0uIYgU2tj/tgljpU7Q7iz2p4rjMHkGCCsGAQUFBwEBBG0wazAtBggrBgEF
+BQcwAYYhaHR0cDovL2FpYS5kZW1vLnNrLmVlL2tsYXNzMy0yMDE2MDoGCCsGAQUF
+BzAChi5odHRwczovL2Muc2suZWUvVEVTVF9vZl9LTEFTUzMtU0tfMjAxNi5kZXIu
+Y3J0MA0GCSqGSIb3DQEBCwUAA4ICAQBziHzJ8qCSAyEEjjjU1IhI+iEphCNJHju9
+p+edcwooaKQXjwdNTNekXGKfv2Zq++fFpe5j0PPnrD2sKa5+PiNX139O5DCj7mHe
+egKyXJtXuilxou5Ye62qtkxh64YwFf15aI6m3cnxw6UMEx/ZK7qxvZURD7wBLpGj
+45fZxXtITxmhjWH0b5pVLhigj2pesAPjzB5Z21T1tTGKkmEk71H2dLZkLUGEAPGL
+1LjYNfP+/PFPG9YXSF7UK/TDwFwGWK2EE1eFkOkkhCLKZ2/9ijU0r+phVDYvFSU1
+Fb0IgsxuFKFCd24XDySB2iYvaqa4XBC+Wr26phIHR8qF0ulTdCsBHqYyvVzQzeJL
+ARhYQN7HDckwCYSM5UIOUgcInDBpokAbaHeZhV9VcJzom0holGT794SjoF/tAdNC
+X4xvpTuLpJeB/gN8F5ogjGKOrQw+1Hkfxueld/Avlr7sFDdUUqKl/xJn/evBDz0E
+CjWSoc4gJP9t1bI4S7KI9rSnZLrJIQHl7hlpM9n6sF+KjqQNToCJlR7MBSBMspy2
+lH1FDzZ7QDSBHxiwnZN9BIqHpXQ9tUCj5UH50lPthGYxbzIELdJS1kfMkpxtM+0y
+BmJER1f1v78z81fFYd+eVK2no3Ef7WrJeYVqr87Bsktt9Ms04Xj0hfyEWJLWGOWJ
+jiY8+HJvzg==
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/cdoc20-server/pom.xml b/cdoc20-server/pom.xml
new file mode 100644
index 00000000..dddce307
--- /dev/null
+++ b/cdoc20-server/pom.xml
@@ -0,0 +1,22 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd">
+	<modelVersion>4.0.0</modelVersion>
+
+	<parent>
+		<groupId>ee.cyber.cdoc20</groupId>
+		<artifactId>cdoc20</artifactId>
+		<version>0.6.0-SNAPSHOT</version>
+		<relativePath>..</relativePath>
+	</parent>
+
+	<artifactId>cdoc20-server</artifactId>
+	<packaging>pom</packaging>
+
+	<modules>
+		<module>server-common</module>
+		<module>server-db</module>
+		<module>put-server</module>
+		<module>get-server</module>
+	</modules>
+
+</project>
diff --git a/cdoc20-server/postgres.README.md b/cdoc20-server/postgres.README.md
new file mode 100644
index 00000000..20e7fca2
--- /dev/null
+++ b/cdoc20-server/postgres.README.md
@@ -0,0 +1,9 @@
+Create postgres instance inside docker
+
+```
+docker run --name cdoc20-psql -p 5432:5432 -e POSTGRES_DB=cdoc20 -e POSTGRES_PASSWORD=secret -d postgres
+
+docker start cdoc20-psql
+docker stop cdoc20-psql
+```
+#docker rm cdoc20-psql
\ No newline at end of file
diff --git a/cdoc20-server/put-server/config/application-local.properties b/cdoc20-server/put-server/config/application-local.properties
new file mode 100644
index 00000000..1e3cb2e0
--- /dev/null
+++ b/cdoc20-server/put-server/config/application-local.properties
@@ -0,0 +1,54 @@
+# Configuration file for running from put-server directory, see cdoc20-server/README.md
+# The format used for the keystore. It could be set to JKS in case it is a JKS file
+server.ssl.key-store-type=PKCS12
+# The path to the keystore containing the certificate
+# See copy-keys-and-certificates in pom.xml
+server.ssl.key-store=../keys/cdoc20server.p12
+# The password used to generate the certificate
+server.ssl.key-store-password=passwd
+# The alias mapped to the certificate
+server.ssl.key-alias=cdoc20
+
+server.ssl.enabled=true
+# enable TLSv1.3 only
+server.ssl.enabled-protocols=TLSv1.3
+server.port=8443
+
+logging.level.root=info
+logging.level.ee.cyber.cdoc20=trace
+
+# database configuration
+spring.datasource.url=jdbc:postgresql://localhost/cdoc20
+spring.datasource.username=postgres
+spring.datasource.password=secret
+spring.datasource.driver-class-name=org.postgresql.Driver
+
+# https://docs.spring.io/spring-boot/docs/current/reference/html/actuator.html#actuator.monitoring
+# run management on separate https port
+management.server.port=18443
+management.server.ssl.enabled=true
+management.server.ssl.key-store-type=PKCS12
+# The path to the keystore containing the certificate
+# See copy-keys-and-certificates in pom.xml
+management.server.ssl.key-store=../keys/cdoc20server.p12
+# The password used to generate the certificate
+management.server.ssl.key-store-password=passwd
+# The alias mapped to the certificate
+management.server.ssl.key-alias=cdoc20
+
+# configure monitoring endpoints
+management.endpoints.enabled-by-default=false
+management.endpoints.web.discovery.enabled=false
+
+# explicitly enable endpoints
+management.endpoint.info.enabled=true
+management.endpoint.health.enabled=true
+management.endpoint.health.show-details=always
+management.endpoint.startup.enabled=true
+
+# expose endpoints
+management.endpoints.web.exposure.include=info,health,startup
+
+# access security must be implemented at network access rules (firewall)
+management.security.enabled=false
+endpoints.health.sensitive=false
diff --git a/cdoc20-server/put-server/docker/Dockerfile b/cdoc20-server/put-server/docker/Dockerfile
new file mode 100644
index 00000000..b71a62e1
--- /dev/null
+++ b/cdoc20-server/put-server/docker/Dockerfile
@@ -0,0 +1,12 @@
+FROM openjdk:17-slim
+ARG NAME
+WORKDIR /opt/cdoc2
+
+COPY put-server/docker/docker-entrypoint.sh /
+COPY put-server/docker/application.properties /opt/cdoc2/
+COPY put-server/target/cdoc20-put-server*.jar /opt/cdoc2/${NAME}.jar
+COPY keys/servertruststore.jks keys/cdoc20server.p12 /opt/cdoc2/keys/
+
+ENV NAME ${NAME}
+
+ENTRYPOINT ["/docker-entrypoint.sh"]
diff --git a/cdoc20-server/put-server/docker/application.properties b/cdoc20-server/put-server/docker/application.properties
new file mode 100644
index 00000000..23c45b30
--- /dev/null
+++ b/cdoc20-server/put-server/docker/application.properties
@@ -0,0 +1,53 @@
+# Configuration file for running in Docker container
+
+server.ssl.key-store-type=PKCS12
+# The path to the keystore containing the certificate
+server.ssl.key-store=/opt/cdoc2/keys/cdoc20server.p12
+# The password used to generate the certificate
+server.ssl.key-store-password=passwd
+# The alias mapped to the certificate
+server.ssl.key-alias=cdoc20
+
+server.ssl.enabled=true
+# enable TLSv1.3 only
+server.ssl.enabled-protocols=TLSv1.3
+server.port=8443
+
+logging.level.root=info
+logging.level.ee.cyber.cdoc20=trace
+
+# database configuration
+spring.datasource.url=jdbc:postgresql://cdoc2-postgres:5432/postgres
+spring.datasource.username=postgres
+spring.datasource.password=postgres
+spring.datasource.driver-class-name=org.postgresql.Driver
+
+# https://docs.spring.io/spring-boot/docs/current/reference/html/actuator.html#actuator.monitoring
+# run management on separate https port
+management.server.port=18443
+management.server.ssl.enabled=true
+management.server.ssl.key-store-type=PKCS12
+# The path to the keystore containing the certificate
+# See copy-keys-and-certificates in pom.xml
+management.server.ssl.key-store=/opt/cdoc2/keys/cdoc20server.p12
+# The password used to generate the certificate
+management.server.ssl.key-store-password=passwd
+# The alias mapped to the certificate
+management.server.ssl.key-alias=cdoc20
+
+# configure monitoring endpoints
+management.endpoints.enabled-by-default=false
+management.endpoints.web.discovery.enabled=false
+
+# explicitly enable endpoints
+management.endpoint.info.enabled=true
+management.endpoint.health.enabled=true
+management.endpoint.health.show-details=always
+management.endpoint.startup.enabled=true
+
+# expose endpoints
+management.endpoints.web.exposure.include=info,health,startup
+
+# access security must be implemented at network access rules (firewall)
+management.security.enabled=false
+endpoints.health.sensitive=false
diff --git a/cdoc20-server/put-server/docker/docker-entrypoint.sh b/cdoc20-server/put-server/docker/docker-entrypoint.sh
new file mode 100755
index 00000000..bd2975a4
--- /dev/null
+++ b/cdoc20-server/put-server/docker/docker-entrypoint.sh
@@ -0,0 +1,9 @@
+#!/usr/bin/env bash
+
+## default JAVA_OPTS, overwritten by env variable of same name
+JAVA_OPTS="${JAVA_OPTS:=-XX:InitialRAMPercentage=30 -XX:MinRAMPercentage=50 -XX:MaxRAMPercentage=80}"
+
+cd /opt/cdoc2
+
+echo "Running ${NAME}"
+exec java $JAVA_OPTS -jar cdoc2-put-server.jar
diff --git a/cdoc20-server/put-server/pom.xml b/cdoc20-server/put-server/pom.xml
new file mode 100644
index 00000000..7f1e788c
--- /dev/null
+++ b/cdoc20-server/put-server/pom.xml
@@ -0,0 +1,279 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd">
+	<modelVersion>4.0.0</modelVersion>
+
+	<parent>
+		<groupId>org.springframework.boot</groupId>
+		<artifactId>spring-boot-starter-parent</artifactId>
+		<version>2.7.5</version>
+		<relativePath /> <!-- lookup parent from repository -->
+	</parent>
+
+	<artifactId>cdoc20-put-server</artifactId>
+	<groupId>ee.cyber.cdoc20</groupId>
+	<version>0.6.0-SNAPSHOT</version>
+	<packaging>jar</packaging>
+
+	<name>cdoc20-put-server</name>
+	<description>CDOC 2.0 server for creating key capsules</description>
+
+	<properties>
+		<java.version>17</java.version>
+		<tests>!(pkcs11 | slow)</tests>
+
+		<!-- spring boot depends jersey 2.35, cdoc20-client depends 3.1.0 -->
+		<!-- overwrite jersey.version property and its dependencies from spring-boot-dependencies.pom -->
+		<jersey.version>3.1.0</jersey.version>
+		<jakarta-annotation.version>2.1.1</jakarta-annotation.version>
+		<jakarta-xml-bind.version>4.0.0</jakarta-xml-bind.version>
+		<jakarta-ws-rs.version>3.1.0</jakarta-ws-rs.version>
+	</properties>
+	<profiles>
+		<profile>
+			<id>allTests</id>
+			<properties>
+				<!-- empty, means all tests-->
+				<tests />
+			</properties>
+		</profile>
+
+		<profile>
+			<id>excludePkcs11AndSlowTests</id>
+			<properties>
+				<tests>!(pkcs11 | slow)</tests>
+			</properties>
+		</profile>
+	</profiles>
+
+	<dependencies>
+
+		<dependency>
+			<groupId>ee.cyber.cdoc20</groupId>
+			<artifactId>cdoc20-common-server</artifactId>
+			<version>0.6.0-SNAPSHOT</version>
+		</dependency>
+
+		<dependency>
+			<groupId>ee.cyber.cdoc20</groupId>
+			<artifactId>cdoc20-server-db</artifactId>
+			<version>0.6.0-SNAPSHOT</version>
+		</dependency>
+
+		<dependency>
+			<groupId>ee.cyber.cdoc20</groupId>
+			<artifactId>cdoc20-openapi</artifactId>
+			<version>0.6.0-SNAPSHOT</version>
+			<scope>compile</scope>
+		</dependency>
+
+		<dependency>
+			<groupId>ee.cyber.cdoc20</groupId>
+			<artifactId>cdoc20-client</artifactId>
+			<version>0.6.0-SNAPSHOT</version>
+			<scope>test</scope>
+		</dependency>
+
+		<dependency>
+			<groupId>ee.cyber.cdoc20</groupId>
+			<artifactId>cdoc20-common-server</artifactId>
+			<version>0.6.0-SNAPSHOT</version>
+			<type>test-jar</type>
+			<scope>test</scope>
+		</dependency>
+
+		<dependency>
+			<groupId>ee.cyber.cdoc20</groupId>
+			<artifactId>cdoc20-lib</artifactId>
+			<version>0.6.0-SNAPSHOT</version>
+			<type>test-jar</type>
+			<scope>test</scope>
+		</dependency>
+
+		<dependency>
+			<groupId>org.springframework.boot</groupId>
+			<artifactId>spring-boot-starter</artifactId>
+		</dependency>
+
+		<!--
+		without jaxp-api dependency server will fail to start with:
+
+		org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'entityManagerFactory'
+		defined in class path resource [org/springframework/boot/autoconfigure/orm/jpa/HibernateJpaConfiguration.class]:
+		Invocation of init method failed;
+		nested exception is java.lang.NoClassDefFoundError: javax/xml/bind/JAXBException
+		-->
+		<dependency>
+			<groupId>javax.xml.bind</groupId>
+			<artifactId>jaxb-api</artifactId>
+		</dependency>
+
+		<dependency>
+			<groupId>org.springframework.boot</groupId>
+			<artifactId>spring-boot-starter-test</artifactId>
+			<scope>test</scope>
+		</dependency>
+		<dependency>
+			<groupId>org.springframework.boot</groupId>
+			<artifactId>spring-boot-test</artifactId>
+			<scope>test</scope>
+		</dependency>
+		<dependency>
+			<groupId>org.testcontainers</groupId>
+			<artifactId>postgresql</artifactId>
+			<version>1.17.2</version>
+			<scope>test</scope>
+		</dependency>
+		<dependency>
+			<groupId>org.liquibase</groupId>
+			<artifactId>liquibase-core</artifactId>
+			<version>4.11.0</version>
+			<scope>test</scope>
+		</dependency>
+		<dependency>
+			<groupId>org.testcontainers</groupId>
+			<artifactId>junit-jupiter</artifactId>
+			<version>1.17.2</version>
+			<scope>test</scope>
+		</dependency>
+
+		<dependency>
+			<groupId>org.apache.httpcomponents</groupId>
+			<artifactId>httpclient</artifactId>
+			<version>4.5.13</version>
+			<scope>test</scope>
+		</dependency>
+
+	</dependencies>
+
+	<build>
+		<resources>
+			<resource>
+				<directory>src/main/resources</directory>
+				<filtering>true</filtering>
+				<excludes>
+					<exclude>**/*</exclude>
+				</excludes>
+			</resource>
+		</resources>
+		<plugins>
+			<plugin>
+				<groupId>org.apache.maven.plugins</groupId>
+				<artifactId>maven-checkstyle-plugin</artifactId>
+				<version>3.2.0</version>
+
+				<configuration>
+					<configLocation>../../checkstyle.xml</configLocation>
+					<suppressionsLocation>../../checkstyle-suppressions.xml</suppressionsLocation>
+
+					<sourceDirectories>
+						<sourceDirectory>${project.build.sourceDirectory}</sourceDirectory>
+						<sourceDirectory>${project.build.testSourceDirectory}</sourceDirectory>
+					</sourceDirectories>
+
+					<encoding>UTF-8</encoding>
+					<consoleOutput>true</consoleOutput>
+
+					<failsOnError>true</failsOnError>
+					<failOnViolation>false</failOnViolation>
+
+					<linkXRef>false</linkXRef>
+				</configuration>
+				<executions>
+					<execution>
+						<goals>
+							<goal>check</goal>
+						</goals>
+					</execution>
+				</executions>
+			</plugin>
+
+			<plugin>
+				<groupId>org.apache.maven.plugins</groupId>
+				<artifactId>maven-resources-plugin</artifactId>
+				<version>3.2.0</version>
+				<executions>
+					<execution>
+						<id>copy-keys-and-certificates-to-test-resources</id>
+						<phase>generate-test-resources</phase>
+						<goals>
+							<goal>copy-resources</goal>
+						</goals>
+						<configuration>
+							<!--referenced from application-test.properties for running through IntelliJ-->
+							<outputDirectory>${basedir}/src/test/resources/keystore</outputDirectory>
+							<resources>
+								<resource>
+									<directory>${basedir}/../keys</directory>
+									<includes>
+										<include>cdoc20server.p12</include>
+									</includes>
+								</resource>
+							</resources>
+						</configuration>
+					</execution>
+				</executions>
+			</plugin>
+			<plugin>
+				<groupId>org.apache.maven.plugins</groupId>
+				<artifactId>maven-antrun-plugin</artifactId>
+				<version>1.8</version>
+				<executions>
+					<execution>
+						<id>clean</id>
+						<phase>clean</phase>
+						<goals>
+							<goal>run</goal>
+						</goals>
+						<configuration>
+							<target>
+								<delete file="${basedir}/src/test/resources/test.properties" />
+								<delete file="${basedir}/src/test/resources/keystore/cdoc20server.p12" />
+							</target>
+						</configuration>
+					</execution>
+					<execution>
+						<id>generate-test.properties</id>
+						<phase>generate-test-resources</phase>
+						<goals>
+							<goal>run</goal>
+						</goals>
+						<configuration>
+							<target>
+								<!-- create properties file for tests -->
+								<echo file="${basedir}/src/test/resources/test.properties" append="false">cdoc20.keys.dir=${basedir}/../keys
+								</echo>
+							</target>
+						</configuration>
+					</execution>
+				</executions>
+			</plugin>
+			<plugin>
+				<groupId>org.apache.maven.plugins</groupId>
+				<artifactId>maven-surefire-plugin</artifactId>
+				<version>2.22.0</version>
+				<configuration>
+					<trimStackTrace>false</trimStackTrace>
+					<groups>${tests}</groups>
+				</configuration>
+			</plugin>
+			<!-- generate build info -->
+			<plugin>
+				<groupId>org.springframework.boot</groupId>
+				<artifactId>spring-boot-maven-plugin</artifactId>
+				<executions>
+					<execution>
+						<goals>
+							<goal>build-info</goal>
+						</goals>
+					</execution>
+				</executions>
+			</plugin>
+
+		</plugins>
+	</build>
+
+  <scm>
+    <tag>v0.0.12</tag>
+  </scm>
+
+</project>
diff --git a/cdoc20-server/put-server/src/main/java/ee/cyber/cdoc20/server/Cdoc20PutServerApplication.java b/cdoc20-server/put-server/src/main/java/ee/cyber/cdoc20/server/Cdoc20PutServerApplication.java
new file mode 100644
index 00000000..5cdbe855
--- /dev/null
+++ b/cdoc20-server/put-server/src/main/java/ee/cyber/cdoc20/server/Cdoc20PutServerApplication.java
@@ -0,0 +1,46 @@
+package ee.cyber.cdoc20.server;
+
+import io.micrometer.core.instrument.MeterRegistry;
+import lombok.extern.slf4j.Slf4j;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.boot.CommandLineRunner;
+import org.springframework.boot.SpringApplication;
+import org.springframework.boot.actuate.autoconfigure.metrics.MeterRegistryCustomizer;
+import org.springframework.boot.autoconfigure.SpringBootApplication;
+import org.springframework.boot.info.BuildProperties;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.data.jpa.repository.config.EnableJpaAuditing;
+
+@SpringBootApplication
+@Configuration
+@EnableJpaAuditing
+@Slf4j
+public class Cdoc20PutServerApplication implements CommandLineRunner {
+
+    @Autowired
+    BuildProperties buildProperties;
+
+
+    public static void main(String[] args) {
+        SpringApplication app = new SpringApplication(Cdoc20PutServerApplication.class);
+        // capture startup events for startup actuator endpoint
+        app.setApplicationStartup(MonitoringUtil.getApplicationStartupInfo());
+        app.run(args);
+    }
+
+    @Override
+    public void run(final String... args) throws Exception {
+        log.info("CDOC 2.0 key capsule put-server is running.");
+    }
+
+    @Bean
+    MeterRegistryCustomizer<MeterRegistry> metricsCommonTags() {
+        // 'application' tag for all metrics
+        return registry -> registry.config()
+                .commonTags("application", buildProperties.getArtifact() //cdoc20-put-server
+        );
+    }
+
+}
+
diff --git a/cdoc20-server/put-server/src/main/java/ee/cyber/cdoc20/server/api/CapsuleValidator.java b/cdoc20-server/put-server/src/main/java/ee/cyber/cdoc20/server/api/CapsuleValidator.java
new file mode 100644
index 00000000..14e7da23
--- /dev/null
+++ b/cdoc20-server/put-server/src/main/java/ee/cyber/cdoc20/server/api/CapsuleValidator.java
@@ -0,0 +1,70 @@
+package ee.cyber.cdoc20.server.api;
+
+import ee.cyber.cdoc20.crypto.EllipticCurve;
+import java.io.IOException;
+
+import ee.cyber.cdoc20.crypto.RsaUtils;
+import lombok.extern.slf4j.Slf4j;
+
+import java.nio.ByteBuffer;
+import java.security.GeneralSecurityException;
+import java.security.interfaces.ECPublicKey;
+
+import ee.cyber.cdoc20.server.model.Capsule;
+
+/**
+ * Utility class for validating capsules.
+ */
+@Slf4j
+public final class CapsuleValidator {
+
+    private CapsuleValidator() {
+        // utility class
+    }
+
+    static boolean isValid(Capsule capsule) {
+        switch (capsule.getCapsuleType()) {
+            case ECC_SECP384R1:
+                return validateEcSecp34r1Capsule(capsule);
+            case RSA:
+                return validateRSACapsule(capsule);
+            default:
+                throw new IllegalArgumentException("Unexpected capsule type: " + capsule.getCapsuleType());
+        }
+    }
+
+    private static boolean validateEcSecp34r1Capsule(Capsule capsule) {
+        try {
+            var curve = EllipticCurve.SECP384R1;
+            int tlsEncodedKeyLen = 2 * curve.getKeyLength() + 1;
+
+            if (capsule.getRecipientId() == null || capsule.getEphemeralKeyMaterial() == null) {
+                log.error("Recipient id or ephemeral key was null");
+                return false;
+            }
+            if (capsule.getRecipientId().length != tlsEncodedKeyLen
+                    || capsule.getEphemeralKeyMaterial().length != tlsEncodedKeyLen) {
+                log.error("Invalid secp384r1 curve key length");
+                return false;
+            }
+
+            ECPublicKey recipientPubKey = curve.decodeFromTls(ByteBuffer.wrap(capsule.getRecipientId()));
+            ECPublicKey senderPubKey = curve.decodeFromTls(ByteBuffer.wrap(capsule.getEphemeralKeyMaterial()));
+
+            return curve.isValidKey(recipientPubKey) && curve.isValidKey(senderPubKey);
+        } catch (GeneralSecurityException gse) {
+            log.error("Invalid EC key", gse);
+        }
+        return false;
+    }
+
+    private static boolean validateRSACapsule(Capsule capsule) {
+        try {
+            RsaUtils.decodeRsaPubKey(capsule.getRecipientId());
+            return true;
+        } catch (GeneralSecurityException | IOException exc) {
+            log.error("Failed to parse capsule recipient's RSA public key", exc);
+            return false;
+        }
+    }
+}
diff --git a/cdoc20-server/put-server/src/main/java/ee/cyber/cdoc20/server/api/CreateKeyCapsuleApi.java b/cdoc20-server/put-server/src/main/java/ee/cyber/cdoc20/server/api/CreateKeyCapsuleApi.java
new file mode 100644
index 00000000..466c65cd
--- /dev/null
+++ b/cdoc20-server/put-server/src/main/java/ee/cyber/cdoc20/server/api/CreateKeyCapsuleApi.java
@@ -0,0 +1,105 @@
+package ee.cyber.cdoc20.server.api;
+
+import ee.cyber.cdoc20.server.model.Capsule;
+import ee.cyber.cdoc20.server.model.db.KeyCapsuleDb;
+import ee.cyber.cdoc20.server.model.db.KeyCapsuleRepository;
+import java.net.URI;
+import java.net.URISyntaxException;
+import java.util.Base64;
+import java.util.Optional;
+import lombok.extern.slf4j.Slf4j;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.http.HttpStatus;
+import org.springframework.http.ResponseEntity;
+import org.springframework.stereotype.Service;
+import org.springframework.web.context.request.NativeWebRequest;
+import static ee.cyber.cdoc20.server.Utils.getPathAndQueryPart;
+import static org.springframework.hateoas.server.mvc.WebMvcLinkBuilder.linkTo;
+import static org.springframework.hateoas.server.mvc.WebMvcLinkBuilder.methodOn;
+
+/**
+ * Implements API for creating CDOC2.0 key capsules {@link KeyCapsulesApi}
+ */
+@Service
+@Slf4j
+public class CreateKeyCapsuleApi implements KeyCapsulesApiDelegate {
+
+    @Autowired
+    private NativeWebRequest nativeWebRequest;
+
+    @Autowired
+    private KeyCapsuleRepository keyCapsuleRepository;
+
+    @Override
+    public Optional<NativeWebRequest> getRequest() {
+        return Optional.of(nativeWebRequest);
+    }
+
+    @Override
+    public ResponseEntity<Void> createCapsule(Capsule capsule) {
+        log.trace("createCapsule(type={}, recipientId={} bytes, ephemeralKey={} bytes)",
+            capsule.getCapsuleType(), capsule.getRecipientId().length,
+            capsule.getEphemeralKeyMaterial().length
+        );
+
+        if (!CapsuleValidator.isValid(capsule)) {
+            return ResponseEntity.badRequest().build();
+        }
+
+        try {
+            var saved = this.keyCapsuleRepository.save(
+                new KeyCapsuleDb()
+                    .setCapsuleType(getDbCapsuleType(capsule.getCapsuleType()))
+                    .setRecipient(capsule.getRecipientId())
+                    .setPayload(capsule.getEphemeralKeyMaterial())
+            );
+
+            log.info(
+                "Capsule(transactionId={}, type={}) created",
+                saved.getTransactionId(), saved.getCapsuleType()
+            );
+
+            URI created = getResourceLocation(saved.getTransactionId());
+
+            return ResponseEntity.created(created).build();
+        } catch (Exception e) {
+            log.error(
+                "Failed to save key capsule(type={}, recipient={}, payloadLength={})",
+                capsule.getCapsuleType(),
+                Base64.getEncoder().encodeToString(capsule.getRecipientId()),
+                capsule.getEphemeralKeyMaterial().length,
+                e
+            );
+            return new ResponseEntity<>(HttpStatus.INTERNAL_SERVER_ERROR);
+        }
+    }
+
+    @Override
+    public ResponseEntity<Capsule> getCapsuleByTransactionId(String transactionId) {
+        log.error("getCapsuleByTransactionId() operation not supported on key capsule put server");
+        return new ResponseEntity<>(HttpStatus.METHOD_NOT_ALLOWED);
+    }
+
+    /**
+     * Get URI for getting Key Capsule resource (Location).
+     * @param id Capsule id example: KC9b7036de0c9fce889850c4bbb1e23482
+     * @return URI (path and query) example: /key-capsules/KC9b7036de0c9fce889850c4bbb1e23482
+     * @throws URISyntaxException
+     */
+    private static URI getResourceLocation(String id) throws URISyntaxException {
+        return getPathAndQueryPart(
+            linkTo(methodOn(KeyCapsulesApiController.class).getCapsuleByTransactionId(id)).toUri()
+        );
+    }
+
+    private static KeyCapsuleDb.CapsuleType getDbCapsuleType(Capsule.CapsuleTypeEnum dtoType) {
+        switch (dtoType) {
+            case ECC_SECP384R1:
+                return KeyCapsuleDb.CapsuleType.SECP384R1;
+            case RSA:
+                return KeyCapsuleDb.CapsuleType.RSA;
+            default:
+                throw new IllegalArgumentException("Unknown capsule type: " + dtoType);
+        }
+    }
+}
diff --git a/cdoc20-server/put-server/src/test/java/ee/cyber/cdoc20/server/CreateKeyCapsuleTests.java b/cdoc20-server/put-server/src/test/java/ee/cyber/cdoc20/server/CreateKeyCapsuleTests.java
new file mode 100644
index 00000000..a5f6c262
--- /dev/null
+++ b/cdoc20-server/put-server/src/test/java/ee/cyber/cdoc20/server/CreateKeyCapsuleTests.java
@@ -0,0 +1,386 @@
+package ee.cyber.cdoc20.server;
+
+import ee.cyber.cdoc20.client.Cdoc20KeyCapsuleApiClient;
+import ee.cyber.cdoc20.client.EcCapsuleClientImpl;
+import ee.cyber.cdoc20.client.ExtApiException;
+import ee.cyber.cdoc20.client.KeyCapsuleClient;
+import ee.cyber.cdoc20.client.KeyCapsuleClientImpl;
+import ee.cyber.cdoc20.client.RsaCapsuleClientImpl;
+import ee.cyber.cdoc20.crypto.Crypto;
+import ee.cyber.cdoc20.crypto.ECKeys;
+import ee.cyber.cdoc20.crypto.EllipticCurve;
+import ee.cyber.cdoc20.crypto.PemTools;
+import ee.cyber.cdoc20.crypto.Pkcs11DeviceConfiguration;
+import ee.cyber.cdoc20.crypto.Pkcs11Tools;
+import ee.cyber.cdoc20.crypto.RsaUtils;
+import ee.cyber.cdoc20.server.model.Capsule;
+import ee.cyber.cdoc20.server.model.db.KeyCapsuleDb;
+import java.io.ByteArrayInputStream;
+import java.io.File;
+import java.io.IOException;
+import java.io.StringReader;
+import java.net.URI;
+import java.nio.file.Files;
+import java.security.GeneralSecurityException;
+import java.security.KeyPair;
+import java.security.KeyStore;
+import java.security.PublicKey;
+import java.security.cert.X509Certificate;
+import java.security.interfaces.ECPublicKey;
+import java.security.interfaces.RSAPublicKey;
+import java.util.Arrays;
+import java.util.Base64;
+import java.util.Collections;
+import java.util.Properties;
+import java.util.UUID;
+import lombok.extern.slf4j.Slf4j;
+import org.junit.jupiter.api.Disabled;
+import org.junit.jupiter.api.Tag;
+import org.junit.jupiter.api.Test;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.beans.factory.annotation.Qualifier;
+import org.springframework.web.client.HttpClientErrorException;
+import org.springframework.web.client.RestTemplate;
+import static ee.cyber.cdoc20.server.TestData.getKeysDirectory;
+import static org.junit.jupiter.api.Assertions.assertArrayEquals;
+import static org.junit.jupiter.api.Assertions.assertEquals;
+import static org.junit.jupiter.api.Assertions.assertNotNull;
+import static org.junit.jupiter.api.Assertions.assertThrows;
+import static org.junit.jupiter.api.Assertions.assertTrue;
+
+@Slf4j
+class CreateKeyCapsuleTests extends BaseIntegrationTest {
+    private static final KeyStore CLIENT_TRUST_STORE = TestData.loadKeyStore(
+        "JKS",
+        getKeysDirectory().resolve("clienttruststore.jks"),
+        "passwd"
+    );
+
+    // read hardware PKCS11 device conf from a properties file
+    private static final Pkcs11DeviceConfiguration PKCS11_CONF = Pkcs11DeviceConfiguration.load();
+
+    @Qualifier("trustAllNoClientAuth")
+    @Autowired
+    private RestTemplate restTemplate;
+
+    @Test
+    void shouldCreateEcCapsuleUsingPKCS12Client() throws Exception {
+        Cdoc20KeyCapsuleApiClient noAuthClient = Cdoc20KeyCapsuleApiClient.builder()
+            .withBaseUrl(this.baseUrl)
+            .withTrustKeyStore(CLIENT_TRUST_STORE)
+            .build();
+
+        EcCapsuleClientImpl client = new EcCapsuleClientImpl(
+                KeyCapsuleClientImpl.create("shouldCreateEcCapsuleUsingPKCS12Client", noAuthClient, noAuthClient));
+
+        // Client public key TLS encoded and base64 encoded from client-certificate.pem
+        File[] certs = {getKeysDirectory().resolve("ca_certs/client-certificate.pem").toFile()};
+        ECPublicKey recipientKey = ECKeys.loadCertKeys(certs).get(0);
+        EllipticCurve curve = EllipticCurve.forPubKey(recipientKey);
+
+        // Sender public key
+        KeyPair senderKeyPair = curve.generateEcKeyPair();
+        ECPublicKey senderPubKey = (ECPublicKey) senderKeyPair.getPublic();
+
+        String id = client.storeSenderKey(recipientKey, senderPubKey);
+        assertNotNull(id);
+
+        this.checkCapsuleExistsInDb(
+            id,
+            KeyCapsuleDb.CapsuleType.SECP384R1,
+            ECKeys.encodeEcPubKeyForTls(recipientKey),
+            ECKeys.encodeEcPubKeyForTls(senderPubKey)
+        );
+
+        // getting the capsule must not succeed without client auth
+        assertThrows(ExtApiException.class, () -> client.getSenderKey(id));
+    }
+
+    @Test
+    void shouldCreateCapsuleUsingKeyServerPropertiesClientPKCS12() throws Exception {
+        String prop = "cdoc20.client.server.id=testKeyServerPropertiesClientPKCS12\n";
+        prop += "cdoc20.client.server.base-url.post=" + this.baseUrl + "\n";
+        prop += "cdoc20.client.server.base-url.get=" + this.baseUrl + "\n";
+        prop += "cdoc20.client.ssl.trust-store.type=JKS\n";
+        prop += "cdoc20.client.ssl.trust-store=" + getKeysDirectory().resolve("clienttruststore.jks") + "\n";
+        prop += "cdoc20.client.ssl.trust-store-password=passwd\n";
+
+        Properties p = new Properties();
+        p.load(new StringReader(prop));
+
+        //use KeyCapsulesClientImpl directly to get access to client public certificate loaded using properties file
+        KeyCapsuleClientImpl client = (KeyCapsuleClientImpl) KeyCapsuleClientImpl.create(p);
+
+        File[] certs = {getKeysDirectory().resolve("ca_certs/client-certificate.pem").toFile()};
+        ECPublicKey recipientPubKey = ECKeys.loadCertKeys(certs).get(0);
+
+        ECPublicKey senderPubKey = (ECPublicKey) EllipticCurve.SECP384R1.generateEcKeyPair().getPublic();
+
+        log.debug("Sender pub key: {}",
+            Base64.getEncoder().encodeToString(
+                ECKeys.encodeEcPubKeyForTls(EllipticCurve.SECP384R1, senderPubKey)
+            )
+        );
+
+        assertNotNull(client.getServerIdentifier());
+
+        String transactionID = new EcCapsuleClientImpl(client).storeSenderKey(recipientPubKey, senderPubKey);
+
+        assertNotNull(transactionID);
+
+        var dbCapsule = this.capsuleRepository.findById(transactionID);
+        assertTrue(dbCapsule.isPresent());
+    }
+
+    @Test
+    void shouldCreateRsaCapsuleUsingPKCS12Client() throws Exception {
+        String prop = "cdoc20.client.server.id=shouldCreateRsaCapsuleUsingPKCS12Client\n";
+        prop += "cdoc20.client.server.base-url.post=" + this.baseUrl + "\n";
+        prop += "cdoc20.client.server.base-url.get=" + this.baseUrl + "\n";
+        prop += "cdoc20.client.ssl.trust-store.type=JKS\n";
+        prop += "cdoc20.client.ssl.trust-store=" + getKeysDirectory().resolve("clienttruststore.jks") + "\n";
+        prop += "cdoc20.client.ssl.trust-store-password=passwd\n";
+
+        Properties p = new Properties();
+        p.load(new StringReader(prop));
+
+        KeyCapsuleClient client = KeyCapsuleClientImpl.create(p);
+
+        assertNotNull(client.getServerIdentifier());
+
+        X509Certificate cert = PemTools.loadCertificate(
+            Files.newInputStream(getKeysDirectory().resolve("rsa/client-rsa-2048-cert.pem"))
+        );
+
+        RSAPublicKey rsaPublicKey = (RSAPublicKey) cert.getPublicKey();
+        byte[] kek = new byte[Crypto.FMK_LEN_BYTES];
+        Crypto.getSecureRandom().nextBytes(kek);
+
+        byte[] encryptedKek = RsaUtils.rsaEncrypt(kek, rsaPublicKey);
+
+        String transactionID = new RsaCapsuleClientImpl(client).storeRsaCapsule(rsaPublicKey, encryptedKek);
+
+        assertNotNull(transactionID);
+
+        var dbCapsule = this.capsuleRepository.findById(transactionID);
+        assertTrue(dbCapsule.isPresent());
+
+        assertEquals(KeyCapsuleDb.CapsuleType.RSA, dbCapsule.get().getCapsuleType());
+        assertArrayEquals(encryptedKek, dbCapsule.get().getPayload());
+    }
+
+    @Test
+    @Tag("pkcs11")
+    void testKeyServerPropertiesClientPKCS11Passwd() throws Exception {
+        testKeyServerPropertiesClientPKCS11(false);
+    }
+
+    @Test
+    @Tag("pkcs11")
+    @Disabled("Requires user interaction. Needs to be run separately from other PKCS11 tests as SunPKCS11 caches "
+            + "passwords ")
+    void testKeyServerPropertiesClientPKCS11Prompt() throws Exception {
+        if (System.console() == null) {
+            //SpringBootTest sets headless to true and causes graphic dialog to fail, when running inside IDE
+            System.setProperty("java.awt.headless", "false");
+        }
+
+        testKeyServerPropertiesClientPKCS11(true);
+    }
+
+    void testKeyServerPropertiesClientPKCS11(boolean interactive) throws Exception {
+        String prop = "cdoc20.client.server.id=testKeyServerPropertiesClientPKCS11\n";
+        prop += "cdoc20.client.server.base-url.post=" + this.baseUrl + "\n";
+        prop += "cdoc20.client.server.base-url.get=" + this.baseUrl + "\n";
+        prop += "cdoc20.client.ssl.trust-store.type=JKS\n";
+        prop += "cdoc20.client.ssl.trust-store=" + getKeysDirectory().resolve("clienttruststore.jks") + "\n";
+        prop += "cdoc20.client.ssl.trust-store-password=passwd\n";
+
+        prop += "cdoc20.client.ssl.client-store.type=PKCS11\n";
+        if (interactive) {
+            prop += "cdoc20.client.ssl.client-store-password.prompt=PIN1\n";
+        } else {
+            prop += "cdoc20.client.ssl.client-store-password=" + Arrays.toString(PKCS11_CONF.pin()) + "\n";
+        }
+
+        Properties p = new Properties();
+        p.load(new StringReader(prop));
+
+        KeyCapsuleClientImpl client = (KeyCapsuleClientImpl) KeyCapsuleClientImpl.create(p);
+
+        KeyPair senderKeyPair = EllipticCurve.SECP384R1.generateEcKeyPair();
+        ECPublicKey senderPubKey = (ECPublicKey) senderKeyPair.getPublic();
+
+        // Storing clientKeyStore in KeyCapsulesClientImpl is a bit of hack for tests.
+        // normally recipient certificate would come from LDAP, but for test-id card certs are not in LDAP
+        X509Certificate cert  = (X509Certificate) client.getClientCertificate(PKCS11_CONF.keyAlias());
+        assertNotNull(cert);
+
+        // Client public key TLS encoded binary base64 encoded
+        var recipientPubKey = cert.getPublicKey();
+        log.info("Recipient public key class: {}", recipientPubKey.getClass());
+
+        String transactionId;
+        if (recipientPubKey instanceof ECPublicKey pubKey) {
+            var capsuleClient = new EcCapsuleClientImpl(client);
+
+            transactionId = capsuleClient.storeSenderKey(pubKey, senderPubKey);
+            assertNotNull(transactionId);
+
+            this.checkCapsuleExistsInDb(
+                transactionId,
+                KeyCapsuleDb.CapsuleType.SECP384R1,
+                ECKeys.encodeEcPubKeyForTls(pubKey),
+                ECKeys.encodeEcPubKeyForTls(senderPubKey)
+            );
+        } else if (recipientPubKey instanceof RSAPublicKey pubKey) {
+            var capsuleClient = new RsaCapsuleClientImpl(client);
+            var payload = senderPubKey.getEncoded();
+
+            transactionId = capsuleClient.storeRsaCapsule(pubKey, payload);
+            assertNotNull(transactionId);
+
+            this.checkCapsuleExistsInDb(
+                transactionId,
+                KeyCapsuleDb.CapsuleType.RSA,
+                RsaUtils.encodeRsaPubKey(pubKey),
+                payload
+            );
+        } else {
+            throw new RuntimeException("Unknown PKCS11 public key type received " + recipientPubKey.getClass());
+        }
+    }
+
+    @Test
+    @Tag("pkcs11")
+    void testPKCS11Client() throws Exception {
+        //PIN from conf file
+        var protectionParameter = new KeyStore.PasswordProtection(PKCS11_CONF.pin());
+
+        KeyStore clientKeyStore = null;
+        KeyStore trustKeyStore = null;
+        try {
+            clientKeyStore = Pkcs11Tools.initPKCS11KeysStore(
+                PKCS11_CONF.pkcs11Library(), PKCS11_CONF.slot(), protectionParameter
+            );
+
+            trustKeyStore = KeyStore.getInstance("JKS");
+            trustKeyStore.load(Files.newInputStream(getKeysDirectory().resolve("clienttruststore.jks")),
+                    "passwd".toCharArray());
+
+        }  catch (GeneralSecurityException | IOException e) {
+            e.printStackTrace();
+            log.error("Error initializing key stores", e);
+        }
+
+        log.debug("aliases: {}", Collections.list(clientKeyStore.aliases()));
+
+        X509Certificate cert  = (X509Certificate) clientKeyStore.getCertificate(PKCS11_CONF.keyAlias());
+        log.debug("Certificate issuer is {}.  This must be in server truststore "
+                + "or SSL handshake will fail with cryptic error", cert.getIssuerDN());
+
+        Cdoc20KeyCapsuleApiClient mTlsClient = Cdoc20KeyCapsuleApiClient.builder()
+                .withBaseUrl(baseUrl)
+                .withClientKeyStore(clientKeyStore)
+                .withClientKeyStoreProtectionParameter(protectionParameter)
+                .withTrustKeyStore(trustKeyStore)
+                .build();
+
+        //recipient must match to client's cert pub key or GET will fail with 404
+        PublicKey recipientPubKey = cert.getPublicKey();
+        KeyPair senderKeyPair = EllipticCurve.SECP384R1.generateEcKeyPair();
+        EllipticCurve curve = EllipticCurve.forPubKey(recipientPubKey);
+        ECPublicKey senderPubKey = (ECPublicKey) senderKeyPair.getPublic();
+
+        var serverClient = KeyCapsuleClientImpl.create("testPKCS11Client", mTlsClient, null);
+
+        if (recipientPubKey instanceof ECPublicKey) {
+            var capsuleClient = new EcCapsuleClientImpl(serverClient);
+            var transactionId = capsuleClient.storeSenderKey((ECPublicKey) recipientPubKey, senderPubKey);
+
+            assertNotNull(transactionId);
+            this.checkCapsuleExistsInDb(
+                transactionId,
+                KeyCapsuleDb.CapsuleType.SECP384R1,
+                ECKeys.encodeEcPubKeyForTls((ECPublicKey) recipientPubKey),
+                ECKeys.encodeEcPubKeyForTls(senderPubKey)
+            );
+        } else if (recipientPubKey instanceof RSAPublicKey) {
+            var capsuleClient = new RsaCapsuleClientImpl(serverClient);
+            var payload = senderPubKey.getEncoded();
+            var transactionId = capsuleClient.storeRsaCapsule((RSAPublicKey) recipientPubKey, payload);
+
+            assertNotNull(transactionId);
+            this.checkCapsuleExistsInDb(
+                transactionId,
+                KeyCapsuleDb.CapsuleType.RSA,
+                RsaUtils.encodeRsaPubKey((RSAPublicKey) recipientPubKey),
+                payload
+            );
+        } else {
+            throw new RuntimeException("Unknown PKCS11 public key type received " + recipientPubKey.getClass());
+        }
+    }
+
+    private void checkCapsuleExistsInDb(String txId, KeyCapsuleDb.CapsuleType expectedType,
+            byte[] expectedRecipient, byte[] expectedPayload) {
+        var dbCapsuleOpt = this.capsuleRepository.findById(txId);
+        assertTrue(dbCapsuleOpt.isPresent());
+        var dbCapsule = dbCapsuleOpt.get();
+
+        assertEquals(expectedType, dbCapsule.getCapsuleType());
+        assertArrayEquals(expectedRecipient, dbCapsule.getRecipient());
+        assertArrayEquals(expectedPayload, dbCapsule.getPayload());
+    }
+
+    @Test
+    void shouldValidateCapsule() {
+        var invalidCapsules = Arrays.asList(
+            // empty capsule
+            new Capsule(),
+
+            // invalid recipient EC pub key
+            new Capsule()
+                .capsuleType(Capsule.CapsuleTypeEnum.ECC_SECP384R1)
+                .recipientId(UUID.randomUUID().toString().getBytes())
+                .ephemeralKeyMaterial(UUID.randomUUID().toString().getBytes()),
+
+            // invalid RSA pub key
+            new Capsule()
+                .capsuleType(Capsule.CapsuleTypeEnum.RSA)
+                .recipientId(UUID.randomUUID().toString().getBytes())
+                .ephemeralKeyMaterial(UUID.randomUUID().toString().getBytes())
+        );
+
+        invalidCapsules.forEach(capsule -> assertThrows(
+            HttpClientErrorException.BadRequest.class,
+            () -> this.restTemplate.postForEntity(this.capsuleApiUrl(), capsule, Void.class)
+        ));
+    }
+
+    @Test
+    void shouldCreateRsaCapsule() throws Exception {
+        var rsaCapsule = new Capsule()
+            .capsuleType(Capsule.CapsuleTypeEnum.RSA)
+            .ephemeralKeyMaterial(UUID.randomUUID().toString().getBytes());
+
+        var rsaCerts = Arrays.asList(
+            "rsa/client-rsa-2048-cert.pem",
+            "rsa/client-rsa-4096-cert.pem",
+            "rsa/client-rsa-8192-cert.pem",
+            "rsa/client-rsa-16384-cert.pem"
+        );
+
+        for (String certFile: rsaCerts) {
+            var bytes = Files.readAllBytes(getKeysDirectory().resolve(certFile).toAbsolutePath());
+            var rsaCert = PemTools.loadCertificate(new ByteArrayInputStream(bytes));
+
+            rsaCapsule.recipientId(RsaUtils.encodeRsaPubKey((RSAPublicKey) rsaCert.getPublicKey()));
+
+            log.info("Creating RSA capsule for {}", certFile);
+
+            var location = this.restTemplate.postForLocation(new URI(this.capsuleApiUrl()), rsaCapsule);
+            assertNotNull(location);
+        }
+    }
+}
diff --git a/cdoc20-server/put-server/src/test/resources/application.properties b/cdoc20-server/put-server/src/test/resources/application.properties
new file mode 100644
index 00000000..d5563f76
--- /dev/null
+++ b/cdoc20-server/put-server/src/test/resources/application.properties
@@ -0,0 +1,19 @@
+# Spring configuration file used by Junit tests
+# The format used for the keystore. It could be set to JKS in case it is a JKS file
+server.ssl.key-store-type=PKCS12
+# The path to the keystore containing the certificate
+# See copy-keys-and-certificates in pom.xml
+server.ssl.key-store=classpath:keystore/cdoc20server.p12
+# The password used to generate the certificate
+server.ssl.key-store-password=passwd
+# The alias mapped to the certificate
+server.ssl.key-alias=cdoc20
+
+server.port=8443
+server.ssl.enabled=true
+# enable TLSv1.3 only
+server.ssl.enabled-protocols=TLSv1.3
+
+spring.datasource.driver-class-name=org.postgresql.Driver
+#DB is managed by liquibase scripts
+spring.jpa.hibernate.ddl-auto: none
diff --git a/cdoc20-server/put-server/src/test/resources/logback.xml b/cdoc20-server/put-server/src/test/resources/logback.xml
new file mode 100644
index 00000000..6f91de6c
--- /dev/null
+++ b/cdoc20-server/put-server/src/test/resources/logback.xml
@@ -0,0 +1,46 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<configuration>
+
+    <property name="LOGS" value="./logs" />
+
+    <appender name="Console"
+              class="ch.qos.logback.core.ConsoleAppender">
+        <layout class="ch.qos.logback.classic.PatternLayout">
+            <Pattern>
+                %white(%d{ISO8601}) %highlight(%-5level) [%blue(%t)] %yellow(%C{1.}): %msg%n%throwable
+            </Pattern>
+        </layout>
+    </appender>
+
+    <appender name="RollingFile"
+              class="ch.qos.logback.core.rolling.RollingFileAppender">
+        <file>${LOGS}/put-server.log</file>
+        <encoder
+                class="ch.qos.logback.classic.encoder.PatternLayoutEncoder">
+            <Pattern>%d %p %C{1.} [%t] %m%n</Pattern>
+        </encoder>
+
+        <rollingPolicy
+                class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+            <!-- rollover daily and when the file reaches 10 MegaBytes -->
+            <fileNamePattern>${LOGS}/put-server-%d{yyyy-MM-dd}.%i.log
+            </fileNamePattern>
+            <timeBasedFileNamingAndTriggeringPolicy
+                    class="ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP">
+                <maxFileSize>10MB</maxFileSize>
+            </timeBasedFileNamingAndTriggeringPolicy>
+        </rollingPolicy>
+    </appender>
+
+    <!-- LOG everything at INFO level -->
+    <root level="info">
+        <appender-ref ref="RollingFile" />
+        <appender-ref ref="Console" />
+    </root>
+
+    <logger name="ee.cyber" level="trace" additivity="false">
+        <appender-ref ref="RollingFile" />
+        <appender-ref ref="Console" />
+    </logger>
+
+</configuration>
diff --git a/cdoc20-server/server-common/pom.xml b/cdoc20-server/server-common/pom.xml
new file mode 100644
index 00000000..cae4c554
--- /dev/null
+++ b/cdoc20-server/server-common/pom.xml
@@ -0,0 +1,114 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd">
+	<modelVersion>4.0.0</modelVersion>
+
+	<parent>
+		<groupId>ee.cyber.cdoc20</groupId>
+		<artifactId>cdoc20-server</artifactId>
+		<version>0.6.0-SNAPSHOT</version>
+		<relativePath>..</relativePath>
+	</parent>
+
+	<artifactId>cdoc20-common-server</artifactId>
+	<packaging>jar</packaging>
+
+	<dependencies>
+		<dependency>
+			<groupId>org.springframework</groupId>
+			<artifactId>spring-webmvc</artifactId>
+			<version>${spring.version}</version>
+		</dependency>
+
+		<dependency>
+			<groupId>org.springframework.boot</groupId>
+			<artifactId>spring-boot-starter-parent</artifactId>
+			<version>${spring-boot.version}</version>
+			<scope>compile</scope>
+			<type>pom</type>
+		</dependency>
+
+		<!-- metrics using micrometer -->
+		<dependency>
+			<groupId>org.springframework.boot</groupId>
+			<artifactId>spring-boot-starter-actuator</artifactId>
+			<version>${spring-boot.version}</version>
+		</dependency>
+
+		<dependency>
+			<groupId>ch.qos.logback</groupId>
+			<artifactId>logback-classic</artifactId>
+			<version>${logback-classic.version}</version>
+		</dependency>
+
+		<dependency>
+			<groupId>org.projectlombok</groupId>
+			<artifactId>lombok</artifactId>
+			<version>${lombok.version}</version>
+		</dependency>
+
+		<dependency>
+			<groupId>ee.cyber.cdoc20</groupId>
+			<artifactId>cdoc20-server-db</artifactId>
+			<version>0.6.0-SNAPSHOT</version>
+			<scope>test</scope>
+		</dependency>
+		<dependency>
+			<groupId>org.testcontainers</groupId>
+			<artifactId>postgresql</artifactId>
+			<version>1.17.2</version>
+			<scope>test</scope>
+		</dependency>
+		<dependency>
+			<groupId>org.testcontainers</groupId>
+			<artifactId>junit-jupiter</artifactId>
+			<version>1.17.2</version>
+			<scope>test</scope>
+		</dependency>
+		<dependency>
+			<groupId>org.springframework.boot</groupId>
+			<artifactId>spring-boot-starter-test</artifactId>
+			<version>${spring-boot.version}</version>
+			<scope>test</scope>
+		</dependency>
+		<dependency>
+			<groupId>org.springframework.boot</groupId>
+			<artifactId>spring-boot-test</artifactId>
+			<version>${spring-boot.version}</version>
+			<scope>test</scope>
+		</dependency>
+		<dependency>
+			<groupId>org.apache.httpcomponents</groupId>
+			<artifactId>httpclient</artifactId>
+			<version>4.5.13</version>
+			<scope>test</scope>
+		</dependency>
+		<dependency>
+			<groupId>jakarta.validation</groupId>
+			<artifactId>jakarta.validation-api</artifactId>
+			<version>2.0.2</version>
+			<scope>compile</scope>
+		</dependency>
+	</dependencies>
+
+	<build>
+		<plugins>
+			<plugin>
+				<!-- compile tests as a jar for use by server projects -->
+				<groupId>org.apache.maven.plugins</groupId>
+				<artifactId>maven-jar-plugin</artifactId>
+				<version>3.2.2</version>
+				<executions>
+					<execution>
+						<goals>
+							<goal>test-jar</goal>
+						</goals>
+					</execution>
+				</executions>
+			</plugin>
+		</plugins>
+	</build>
+
+  <scm>
+    <tag>v0.0.12</tag>
+  </scm>
+</project>
diff --git a/cdoc20-server/server-common/src/main/java/ee/cyber/cdoc20/server/GlobalExceptionHandler.java b/cdoc20-server/server-common/src/main/java/ee/cyber/cdoc20/server/GlobalExceptionHandler.java
new file mode 100644
index 00000000..4783ffbb
--- /dev/null
+++ b/cdoc20-server/server-common/src/main/java/ee/cyber/cdoc20/server/GlobalExceptionHandler.java
@@ -0,0 +1,31 @@
+package ee.cyber.cdoc20.server;
+
+import javax.validation.ConstraintViolationException;
+import lombok.extern.slf4j.Slf4j;
+import org.springframework.http.HttpStatus;
+import org.springframework.http.ResponseEntity;
+import org.springframework.web.bind.annotation.ExceptionHandler;
+import org.springframework.web.bind.annotation.RestControllerAdvice;
+import org.springframework.web.servlet.mvc.method.annotation.ResponseEntityExceptionHandler;
+
+/**
+ * Global exception handler
+ */
+@RestControllerAdvice
+@Slf4j
+public class GlobalExceptionHandler extends ResponseEntityExceptionHandler {
+
+    /**
+     * Handle ConstraintViolationException as HTTP 400.  ConstraintViolationException is thrown when constraints
+     * in OpenAPI spec are violated (example length is wrong).
+     * <pre>
+     * GET "/key-capsules/KC6eab"
+     * javax.validation.ConstraintViolationException:
+     *  getCapsuleByTransactionId.transactionId: size must be between 18 and 34
+     * </pre>
+     */
+    @ExceptionHandler(ConstraintViolationException.class)
+    protected ResponseEntity<Object> handleConstraintViolationException(ConstraintViolationException e) {
+        return new ResponseEntity<>(HttpStatus.BAD_REQUEST);
+    }
+}
diff --git a/cdoc20-server/server-common/src/main/java/ee/cyber/cdoc20/server/MonitoringUtil.java b/cdoc20-server/server-common/src/main/java/ee/cyber/cdoc20/server/MonitoringUtil.java
new file mode 100644
index 00000000..375f22d0
--- /dev/null
+++ b/cdoc20-server/server-common/src/main/java/ee/cyber/cdoc20/server/MonitoringUtil.java
@@ -0,0 +1,22 @@
+package ee.cyber.cdoc20.server;
+
+import org.springframework.boot.context.metrics.buffering.BufferingApplicationStartup;
+
+/**
+ * Utilities for server monitoring.
+ */
+public final class MonitoringUtil {
+
+    private MonitoringUtil() {
+    }
+
+    /**
+     * @return application startup information
+     */
+    public static BufferingApplicationStartup getApplicationStartupInfo() {
+        var startup = new BufferingApplicationStartup(2048);
+        // the default application startup has too much details, filter only required info
+        startup.addFilter(startupStep -> startupStep.getName().matches("timeline.startTime"));
+        return startup;
+    }
+}
diff --git a/cdoc20-server/server-common/src/main/java/ee/cyber/cdoc20/server/RegisteredEndpointsLogger.java b/cdoc20-server/server-common/src/main/java/ee/cyber/cdoc20/server/RegisteredEndpointsLogger.java
new file mode 100644
index 00000000..9045cca3
--- /dev/null
+++ b/cdoc20-server/server-common/src/main/java/ee/cyber/cdoc20/server/RegisteredEndpointsLogger.java
@@ -0,0 +1,34 @@
+package ee.cyber.cdoc20.server;
+
+import java.util.Map;
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.context.ApplicationContext;
+import org.springframework.context.ApplicationListener;
+import org.springframework.context.event.ContextRefreshedEvent;
+import org.springframework.stereotype.Component;
+import org.springframework.web.method.HandlerMethod;
+import org.springframework.web.servlet.mvc.method.RequestMappingInfo;
+import org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerMapping;
+
+/**
+ * On server start-up lists registered endpoints and their handler classes (DEBUG)
+ */
+@Component
+public class RegisteredEndpointsLogger implements ApplicationListener<ContextRefreshedEvent> {
+    private static final Logger log = LoggerFactory.getLogger(RegisteredEndpointsLogger.class);
+
+    @Override
+    public void onApplicationEvent(ContextRefreshedEvent event) {
+        ApplicationContext applicationContext = event.getApplicationContext();
+        RequestMappingHandlerMapping requestMappingHandlerMapping = applicationContext
+                .getBean("requestMappingHandlerMapping", RequestMappingHandlerMapping.class);
+        Map<RequestMappingInfo, HandlerMethod> map = requestMappingHandlerMapping
+                .getHandlerMethods();
+        if (log.isDebugEnabled()) {
+            map.forEach((key, value) -> log.debug("{}:{} ", key, value));
+        }
+    }
+
+}
diff --git a/cdoc20-server/server-common/src/main/java/ee/cyber/cdoc20/server/SystemTimeInfoContributor.java b/cdoc20-server/server-common/src/main/java/ee/cyber/cdoc20/server/SystemTimeInfoContributor.java
new file mode 100644
index 00000000..6393065d
--- /dev/null
+++ b/cdoc20-server/server-common/src/main/java/ee/cyber/cdoc20/server/SystemTimeInfoContributor.java
@@ -0,0 +1,23 @@
+package ee.cyber.cdoc20.server;
+
+import java.time.Instant;
+import java.time.temporal.ChronoUnit;
+import java.util.HashMap;
+import java.util.Map;
+import org.springframework.boot.actuate.info.Info;
+import org.springframework.boot.actuate.info.InfoContributor;
+import org.springframework.stereotype.Component;
+
+/**
+ * Display time on info endpoint (/actuator/info)
+ */
+@Component
+public class SystemTimeInfoContributor implements InfoContributor {
+    @Override
+    public void contribute(Info.Builder builder) {
+        Map<String, Object> details = new HashMap<>();
+        details.put("system.time", Instant.now().truncatedTo(ChronoUnit.SECONDS));
+
+        builder.withDetails(details);
+    }
+}
diff --git a/cdoc20-server/server-common/src/main/java/ee/cyber/cdoc20/server/Utils.java b/cdoc20-server/server-common/src/main/java/ee/cyber/cdoc20/server/Utils.java
new file mode 100644
index 00000000..a86b3e53
--- /dev/null
+++ b/cdoc20-server/server-common/src/main/java/ee/cyber/cdoc20/server/Utils.java
@@ -0,0 +1,26 @@
+package ee.cyber.cdoc20.server;
+
+import java.net.URI;
+import java.net.URISyntaxException;
+
+/**
+ * Server utilities.
+ */
+public final class Utils {
+
+    private Utils() {
+    }
+
+    public static URI getPathAndQueryPart(URI fullURI) throws URISyntaxException {
+        // return only path and query part of URI as host and port might be different, when running behind load balancer
+
+        String uriStr = fullURI.toString();
+        URI uri = new URI(uriStr).normalize();
+
+        if (uri.getQuery() != null) {
+            return new URI(uri.getPath() + '?' + uri.getQuery());
+        } else {
+            return new URI(uri.getPath());
+        }
+    }
+}
diff --git a/cdoc20-server/server-common/src/test/java/ee/cyber/cdoc20/server/BaseIntegrationTest.java b/cdoc20-server/server-common/src/test/java/ee/cyber/cdoc20/server/BaseIntegrationTest.java
new file mode 100644
index 00000000..6650f55c
--- /dev/null
+++ b/cdoc20-server/server-common/src/test/java/ee/cyber/cdoc20/server/BaseIntegrationTest.java
@@ -0,0 +1,144 @@
+package ee.cyber.cdoc20.server;
+
+import ee.cyber.cdoc20.client.model.Capsule;
+import ee.cyber.cdoc20.server.model.db.KeyCapsuleDb;
+import ee.cyber.cdoc20.server.model.db.KeyCapsuleRepository;
+import java.util.Optional;
+import javax.validation.ConstraintViolationException;
+import lombok.SneakyThrows;
+import lombok.extern.slf4j.Slf4j;
+import org.junit.jupiter.api.Test;
+import org.junit.jupiter.api.extension.ExtendWith;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.beans.factory.annotation.Value;
+import org.springframework.boot.test.context.SpringBootTest;
+import org.springframework.boot.test.util.TestPropertyValues;
+import org.springframework.context.ApplicationContextInitializer;
+import org.springframework.context.ConfigurableApplicationContext;
+import org.springframework.test.context.ContextConfiguration;
+import org.springframework.test.context.junit.jupiter.SpringExtension;
+import org.testcontainers.containers.PostgreSQLContainer;
+import org.testcontainers.junit.jupiter.Container;
+import org.testcontainers.junit.jupiter.Testcontainers;
+import static org.junit.jupiter.api.Assertions.assertEquals;
+import static org.junit.jupiter.api.Assertions.assertNotNull;
+import static org.junit.jupiter.api.Assertions.assertThrows;
+import static org.junit.jupiter.api.Assertions.assertTrue;
+
+// Starts server on https
+// Starts PostgreSQL running on docker
+@ExtendWith(SpringExtension.class)
+@SpringBootTest(
+    webEnvironment = SpringBootTest.WebEnvironment.RANDOM_PORT,
+    properties = { "management.server.port=0" }
+)
+@Testcontainers
+@ContextConfiguration(initializers = BaseIntegrationTest.Initializer.class)
+@Slf4j
+abstract class BaseIntegrationTest {
+    // start PostgreSQL on Docker container
+    @Container
+    protected static final PostgreSQLContainer postgresContainer = new PostgreSQLContainer("postgres:11.1")
+        .withDatabaseName("integration-tests-db")
+        .withUsername("sa")
+        .withPassword("sa");
+
+    static class Initializer
+            implements ApplicationContextInitializer<ConfigurableApplicationContext> {
+        public void initialize(ConfigurableApplicationContext configurableApplicationContext) {
+            TestPropertyValues.of(
+                    "spring.datasource.url="iframe.php?url=https%3A%2F%2Fgithub.com%2F+%2B+postgresContainer.getJdbcUrl%28%29%2C%0A%2B++++++++++++++++++++"spring.datasource.username=" + postgresContainer.getUsername(),
+                    "spring.datasource.password=" + postgresContainer.getPassword()
+            ).applyTo(configurableApplicationContext.getEnvironment());
+        }
+    }
+
+    // context path of the key capsule api
+    protected static final String API_CONTEXT_PATH = "/key-capsules";
+
+    @Value("https://localhost:${local.server.port}")
+    protected String baseUrl;
+
+    @Autowired
+    protected KeyCapsuleRepository capsuleRepository;
+
+    @Test
+    void contextLoads() {
+        // tests that server is configured properly (no exceptions means success)
+        // In case configuration errors, spring fails run-time during initialization
+        assertNotNull(capsuleRepository);
+        assertTrue(postgresContainer.isRunning());
+    }
+
+    @Test
+    void testJpaConstraints() {
+        KeyCapsuleDb model = new KeyCapsuleDb();
+
+        model.setCapsuleType(KeyCapsuleDb.CapsuleType.SECP384R1);
+        model.setPayload("123".getBytes());
+        model.setRecipient(null);
+
+        Throwable cause = assertThrows(Throwable.class, () -> this.capsuleRepository.save(model));
+
+        //check that exception is or is caused by ConstraintViolationException
+        while (cause.getCause() != null) {
+            cause = cause.getCause();
+        }
+
+        assertEquals(ConstraintViolationException.class, cause.getClass());
+        assertNotNull(cause.getMessage());
+    }
+
+    @Test
+    void testJpaSaveAndFindById() {
+        assertTrue(postgresContainer.isRunning());
+
+        // test that jpa is up and running (expect no exceptions)
+        this.capsuleRepository.count();
+
+        KeyCapsuleDb model = new KeyCapsuleDb();
+        model.setCapsuleType(KeyCapsuleDb.CapsuleType.SECP384R1);
+
+        model.setRecipient("123".getBytes());
+        model.setPayload("345".getBytes());
+        KeyCapsuleDb saved = this.capsuleRepository.save(model);
+
+        assertNotNull(saved);
+        assertNotNull(saved.getTransactionId());
+        log.debug("Created {}", saved.getTransactionId());
+
+        Optional<KeyCapsuleDb> retrievedOpt = this.capsuleRepository.findById(saved.getTransactionId());
+        assertTrue(retrievedOpt.isPresent());
+
+        var dbRecord = retrievedOpt.get();
+        assertNotNull(dbRecord.getTransactionId()); // transactionId was generated
+        assertTrue(dbRecord.getTransactionId().startsWith("KC"));
+        assertNotNull(dbRecord.getCreatedAt()); // createdAt field was filled
+        assertEquals(dbRecord.getCapsuleType(), model.getCapsuleType());
+        log.debug("Retrieved {}", dbRecord);
+    }
+
+    /**
+     * Saves the capsule in the database
+     * @param dto the capsule dto
+     * @return the saved capsule
+     */
+    protected KeyCapsuleDb saveCapsule(Capsule dto) {
+        return this.capsuleRepository.save(
+            new KeyCapsuleDb()
+                .setCapsuleType(
+                    dto.getCapsuleType() == Capsule.CapsuleTypeEnum.ECC_SECP384R1
+                        ? KeyCapsuleDb.CapsuleType.SECP384R1
+                        : KeyCapsuleDb.CapsuleType.RSA
+                )
+                .setRecipient(dto.getRecipientId())
+                .setPayload(dto.getEphemeralKeyMaterial())
+        );
+    }
+
+    @SneakyThrows
+    protected String capsuleApiUrl() {
+        return this.baseUrl + API_CONTEXT_PATH;
+    }
+}
diff --git a/cdoc20-server/server-common/src/test/java/ee/cyber/cdoc20/server/TestData.java b/cdoc20-server/server-common/src/test/java/ee/cyber/cdoc20/server/TestData.java
new file mode 100644
index 00000000..faf3c133
--- /dev/null
+++ b/cdoc20-server/server-common/src/test/java/ee/cyber/cdoc20/server/TestData.java
@@ -0,0 +1,46 @@
+package ee.cyber.cdoc20.server;
+
+import java.io.IOException;
+import java.nio.file.Files;
+import java.nio.file.Path;
+import java.security.GeneralSecurityException;
+import java.security.KeyStore;
+import java.util.Properties;
+import lombok.SneakyThrows;
+import lombok.extern.slf4j.Slf4j;
+
+/**
+ * Input test data utility class.
+ */
+@Slf4j
+public final class TestData {
+    private TestData() {
+        // utility class
+    }
+
+    @SneakyThrows
+    public static Path getKeysDirectory() {
+        Properties prop = new Properties();
+        //generated during maven generate-test-resources phase, see pom.xml
+        prop.load(TestData.class.getClassLoader().getResourceAsStream("test.properties"));
+        String keysProperty = prop.getProperty("cdoc20.keys.dir");
+        Path keysPath = Path.of(keysProperty).normalize();
+        log.debug("Loading keys/certs from {}", keysPath);
+        return keysPath;
+    }
+
+    @SneakyThrows
+    public static KeyStore loadKeyStore(String keyStoreType, Path keyStoreFile, String keyStorePassword) {
+        log.debug("loadKeyStore({}, {})", keyStoreType, keyStoreFile);
+        try {
+            var keyStore = KeyStore.getInstance(keyStoreType);
+            keyStore.load(Files.newInputStream(keyStoreFile), keyStorePassword.toCharArray());
+
+            keyStore.aliases().asIterator().forEachRemaining(a -> log.debug("Alias in keystore: {}", a));
+            return keyStore;
+        } catch (GeneralSecurityException | IOException e) {
+            log.error("Error initializing key stores", e);
+            throw e;
+        }
+    }
+}
diff --git a/cdoc20-server/server-common/src/test/java/ee/cyber/cdoc20/server/TestingConfiguration.java b/cdoc20-server/server-common/src/test/java/ee/cyber/cdoc20/server/TestingConfiguration.java
new file mode 100644
index 00000000..7c303313
--- /dev/null
+++ b/cdoc20-server/server-common/src/test/java/ee/cyber/cdoc20/server/TestingConfiguration.java
@@ -0,0 +1,69 @@
+package ee.cyber.cdoc20.server;
+
+import lombok.SneakyThrows;
+
+import javax.net.ssl.SSLContext;
+
+import org.apache.http.conn.ssl.TrustAllStrategy;
+import org.apache.http.impl.client.HttpClients;
+import org.apache.http.ssl.SSLContextBuilder;
+import org.springframework.boot.web.client.RestTemplateBuilder;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.http.client.HttpComponentsClientHttpRequestFactory;
+import org.springframework.web.client.RestTemplate;
+import static ee.cyber.cdoc20.server.TestData.getKeysDirectory;
+
+/**
+ * Test configuration
+ */
+@Configuration
+public class TestingConfiguration {
+
+    /**
+     * @param builder the REST template builder
+     * @return a REST template that trusts all hosts it connects to
+     */
+    @Bean(name = "trustAllNoClientAuth")
+    @SneakyThrows
+    public RestTemplate getTrustAllRestTemplate(RestTemplateBuilder builder) {
+        SSLContext sslContext = SSLContextBuilder
+            .create()
+            .loadTrustMaterial(new TrustAllStrategy())
+            .build();
+
+        var client = HttpClients.custom()
+            .setSSLContext(sslContext)
+            .build();
+
+        return builder
+            .requestFactory(() -> new HttpComponentsClientHttpRequestFactory(client))
+            .build();
+    }
+
+    /**
+     * @param builder the REST template builder
+     * @return a REST template with client authentication and trusts all hosts strategy
+     */
+    @Bean(name = "trustAllWithClientAuth")
+    @SneakyThrows
+    public RestTemplate getTrustAllWithClientAuthRestTemplate(RestTemplateBuilder builder) {
+        SSLContext sslContext = SSLContextBuilder
+            .create()
+            .loadTrustMaterial(new TrustAllStrategy())
+            .loadKeyMaterial(
+                getKeysDirectory().resolve("rsa/client-rsa-2048.p12").toFile(),
+                "passwd".toCharArray(),
+                "passwd".toCharArray()
+            )
+            .build();
+
+        var client = HttpClients.custom()
+            .setSSLContext(sslContext)
+            .build();
+
+        return builder
+            .requestFactory(() -> new HttpComponentsClientHttpRequestFactory(client))
+            .build();
+    }
+}
diff --git a/cdoc20-server/server-common/src/test/java/ee/cyber/cdoc20/server/UtilsTest.java b/cdoc20-server/server-common/src/test/java/ee/cyber/cdoc20/server/UtilsTest.java
new file mode 100644
index 00000000..813331d6
--- /dev/null
+++ b/cdoc20-server/server-common/src/test/java/ee/cyber/cdoc20/server/UtilsTest.java
@@ -0,0 +1,22 @@
+package ee.cyber.cdoc20.server;
+
+import lombok.extern.slf4j.Slf4j;
+import org.junit.jupiter.api.Test;
+
+import java.net.URI;
+import java.net.URISyntaxException;
+
+import static org.junit.jupiter.api.Assertions.*;
+
+@Slf4j
+class UtilsTest {
+
+    @Test
+    void getPathAndQueryPart() throws URISyntaxException {
+        String fullURI = "https://localhost:44063/key-capsules/KC8f0659982eb50829662a9ee5d4ae87a0";
+
+        assertEquals(new URI("/key-capsules/KC8f0659982eb50829662a9ee5d4ae87a0"),
+                Utils.getPathAndQueryPart(new URI(fullURI))
+        );
+    }
+}
diff --git a/cdoc20-server/server-db/liquibase.properties b/cdoc20-server/server-db/liquibase.properties
new file mode 100644
index 00000000..8daccfc9
--- /dev/null
+++ b/cdoc20-server/server-db/liquibase.properties
@@ -0,0 +1,4 @@
+# liquibase properties file for updating DB running in localhost (docker), running 'mvn liquibase:update' (see pom.xml)
+url: jdbc:postgresql://localhost/cdoc20
+username: postgres
+password: secret
diff --git a/cdoc20-server/server-db/pom.xml b/cdoc20-server/server-db/pom.xml
new file mode 100644
index 00000000..4366b43b
--- /dev/null
+++ b/cdoc20-server/server-db/pom.xml
@@ -0,0 +1,71 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd">
+	<modelVersion>4.0.0</modelVersion>
+
+	<parent>
+		<groupId>ee.cyber.cdoc20</groupId>
+		<artifactId>cdoc20-server</artifactId>
+		<version>0.6.0-SNAPSHOT</version>
+		<relativePath>..</relativePath>
+	</parent>
+
+	<artifactId>cdoc20-server-db</artifactId>
+	<packaging>jar</packaging>
+
+	<dependencies>
+		<dependency>
+			<groupId>ee.cyber.cdoc20</groupId>
+			<artifactId>cdoc20-lib</artifactId>
+			<version>0.6.0-SNAPSHOT</version>
+		</dependency>
+
+		<dependency>
+			<groupId>javax.validation</groupId>
+			<artifactId>validation-api</artifactId>
+			<version>2.0.1.Final</version>
+		</dependency>
+
+		<dependency>
+			<groupId>org.springframework.boot</groupId>
+			<artifactId>spring-boot-starter-data-jpa</artifactId>
+			<version>${spring-boot.version}</version>
+		</dependency>
+
+		<dependency>
+			<groupId>org.postgresql</groupId>
+			<artifactId>postgresql</artifactId>
+			<version>42.3.6</version>
+		</dependency>
+
+		<dependency>
+			<groupId>org.projectlombok</groupId>
+			<artifactId>lombok</artifactId>
+			<version>${lombok.version}</version>
+		</dependency>
+    </dependencies>
+
+	<build>
+		<plugins>
+			<plugin>
+				<groupId>org.liquibase</groupId>
+				<artifactId>liquibase-maven-plugin</artifactId>
+				<version>4.17.0</version>
+				<configuration>
+					<propertyFile>liquibase.properties</propertyFile>
+					<changeLogFile>db/changelog/db.changelog-master.yaml</changeLogFile>
+				</configuration>
+				<dependencies>
+					<dependency>
+						<groupId>org.postgresql</groupId>
+						<artifactId>postgresql</artifactId>
+						<version>42.3.6</version>
+					</dependency>
+				</dependencies>
+			</plugin>
+		</plugins>
+	</build>
+
+  <scm>
+    <tag>v0.0.12</tag>
+  </scm>
+</project>
diff --git a/cdoc20-server/server-db/src/main/java/ee/cyber/cdoc20/server/model/db/KeyCapsuleDb.java b/cdoc20-server/server-db/src/main/java/ee/cyber/cdoc20/server/model/db/KeyCapsuleDb.java
new file mode 100644
index 00000000..dd30c2a3
--- /dev/null
+++ b/cdoc20-server/server-db/src/main/java/ee/cyber/cdoc20/server/model/db/KeyCapsuleDb.java
@@ -0,0 +1,77 @@
+package ee.cyber.cdoc20.server.model.db;
+
+import ee.cyber.cdoc20.crypto.Crypto;
+import java.security.NoSuchAlgorithmException;
+import java.time.Instant;
+import java.util.HexFormat;
+import javax.persistence.Column;
+import javax.persistence.Entity;
+import javax.persistence.EntityListeners;
+import javax.persistence.EnumType;
+import javax.persistence.Enumerated;
+import javax.persistence.Id;
+import javax.persistence.PrePersist;
+import javax.persistence.Table;
+import javax.validation.constraints.NotNull;
+import javax.validation.constraints.Size;
+import lombok.Data;
+import lombok.experimental.Accessors;
+import lombok.extern.slf4j.Slf4j;
+import org.hibernate.annotations.Type;
+import org.springframework.data.annotation.CreatedDate;
+import org.springframework.data.jpa.domain.support.AuditingEntityListener;
+
+/**
+ * CDOC 2.0 key capsule database entity
+ */
+@Data
+@Entity
+@Table(name = "cdoc2_capsule")
+@Slf4j
+@EntityListeners(AuditingEntityListener.class)
+@Accessors(chain = true)
+public class KeyCapsuleDb {
+
+    // key capsule type
+    public enum CapsuleType {
+        SECP384R1, // elliptic curve
+        RSA
+    }
+
+    @PrePersist
+    private void generateTransactionId() throws NoSuchAlgorithmException {
+        byte[] sRnd = new byte[16];
+        Crypto.getSecureRandom().nextBytes(sRnd);
+        this.transactionId = String.format("KC%s", HexFormat.of().formatHex(sRnd));
+    }
+
+    @Id
+    @Column(length = 34)
+    @Size(max = 34)
+    private String transactionId;
+
+    /**
+     * Depending on capsuleType:
+     *  - secp384r1 base64 TLS encoded (97bytes) EC public key
+     *  - DER encoded RSA public key
+     */
+    @NotNull
+    @Column(nullable = false)
+    @Size(max = 2500) // 16 K RSA public key is ~2100 bytes
+    @Type(type = "org.hibernate.type.BinaryType")
+    private byte[] recipient;
+
+    @NotNull
+    @Column(nullable = false)
+    @Size(max = 3000)
+    @Type(type = "org.hibernate.type.BinaryType")
+    private byte[] payload;
+
+    @NotNull
+    @Column(nullable = false)
+    @Enumerated(EnumType.STRING)
+    private CapsuleType capsuleType;
+
+    @CreatedDate
+    private Instant createdAt;
+}
diff --git a/cdoc20-server/server-db/src/main/java/ee/cyber/cdoc20/server/model/db/KeyCapsuleRepository.java b/cdoc20-server/server-db/src/main/java/ee/cyber/cdoc20/server/model/db/KeyCapsuleRepository.java
new file mode 100644
index 00000000..7c320e65
--- /dev/null
+++ b/cdoc20-server/server-db/src/main/java/ee/cyber/cdoc20/server/model/db/KeyCapsuleRepository.java
@@ -0,0 +1,6 @@
+package ee.cyber.cdoc20.server.model.db;
+
+import org.springframework.data.jpa.repository.JpaRepository;
+
+public interface KeyCapsuleRepository extends JpaRepository<KeyCapsuleDb, String> {
+}
diff --git a/cdoc20-server/server-db/src/main/resources/db/changelog/changes/001-initial-state.sql b/cdoc20-server/server-db/src/main/resources/db/changelog/changes/001-initial-state.sql
new file mode 100644
index 00000000..4f50ecb7
--- /dev/null
+++ b/cdoc20-server/server-db/src/main/resources/db/changelog/changes/001-initial-state.sql
@@ -0,0 +1,11 @@
+-- liquibase formatted sql
+-- changeset initial-state:1
+CREATE TABLE cdoc2_capsule (
+    transaction_id VARCHAR(34) NOT NULL,
+    recipient bytea NOT NULL,
+    payload bytea NOT NULL,
+    capsule_type VARCHAR(50) NOT NULL,
+    created_at TIMESTAMP WITH TIME ZONE NOT NULL,
+    CONSTRAINT pk_cdoc2_capsule PRIMARY KEY (transaction_id)
+);
+
diff --git a/cdoc20-server/server-db/src/main/resources/db/changelog/db.changelog-master.yaml b/cdoc20-server/server-db/src/main/resources/db/changelog/db.changelog-master.yaml
new file mode 100644
index 00000000..10fddb50
--- /dev/null
+++ b/cdoc20-server/server-db/src/main/resources/db/changelog/db.changelog-master.yaml
@@ -0,0 +1,3 @@
+databaseChangeLog:
+  - includeAll:
+      path: db/changelog/changes/
\ No newline at end of file
diff --git a/cdoc20-server/server-db/src/main/resources/db/liquibase.properties.docker b/cdoc20-server/server-db/src/main/resources/db/liquibase.properties.docker
new file mode 100644
index 00000000..33feafab
--- /dev/null
+++ b/cdoc20-server/server-db/src/main/resources/db/liquibase.properties.docker
@@ -0,0 +1,2 @@
+classpath: /liquibase/changelog
+changelog-file: db.changelog-master.yaml
diff --git a/checkstyle-suppressions.xml b/checkstyle-suppressions.xml
new file mode 100644
index 00000000..100d3ac2
--- /dev/null
+++ b/checkstyle-suppressions.xml
@@ -0,0 +1,16 @@
+<?xml version="1.0"?>
+
+<!DOCTYPE suppressions PUBLIC
+    "-//Checkstyle//DTD SuppressionFilter Configuration 1.2//EN"
+    "https://checkstyle.org/dtds/suppressions_1_2.dtd">
+
+<suppressions>
+    <suppress checks="Javadoc.*" files="[\\/]src[\\/]main[\\/]java[\\/]"/>
+    <suppress checks="MagicNumber" files="[\\/]src[\\/]main[\\/]java[\\/]"/>
+    <suppress checks="Javadoc.*" files="[\\/]src[\\/]test[\\/]java[\\/]"/>
+    <suppress checks="MagicNumber" files="[\\/]src[\\/]test[\\/]java[\\/]"/>
+    <suppress checks=".+" files="[\\/]src[\\/]main[\\/]resources[\\/]"/>
+    <suppress checks=".+" files="[\\/]src[\\/]test[\\/]resources[\\/]"/>
+    <suppress checks=".+" files="[\\/]generated[\\/]"/>
+    <suppress checks=".+" files="[\\/]ee.cyber.cdoc20.fbs[\\/]"/>
+</suppressions>
diff --git a/checkstyle.xml b/checkstyle.xml
new file mode 100644
index 00000000..be6c133a
--- /dev/null
+++ b/checkstyle.xml
@@ -0,0 +1,137 @@
+<?xml version="1.0"?><!DOCTYPE module PUBLIC "-//Puppy Crawl//DTD Check Configuration 1.3//EN"
+        "http://www.puppycrawl.com/dtds/configuration_1_3.dtd">
+<module name="Checker">
+
+    <!-- Checks whether files end with a new line.                        -->
+    <!-- See http://checkstyle.sf.net/config_misc.html#NewlineAtEndOfFile -->
+    <module name="NewlineAtEndOfFile"/>
+
+    <!-- Checks that property files contain the same keys.         -->
+    <!-- See http://checkstyle.sf.net/config_misc.html#Translation -->
+    <module name="Translation"/>
+
+    <!-- Checks for Size Violations.                    -->
+    <!-- See http://checkstyle.sf.net/config_sizes.html -->
+    <module name="FileLength"/>
+
+    <module name="LineLength">
+        <property name="max" value="120"/>
+        <property name="ignorePattern" value="^(package|import) .*"/>
+        <property name="ignorePattern" value="^ \* @see .*$"/>
+    </module>
+
+    <!-- Checks for whitespace                               -->
+    <!-- See http://checkstyle.sf.net/config_whitespace.html -->
+    <module name="FileTabCharacter"/>
+
+    <!-- Miscellaneous other checks.                   -->
+    <!-- See http://checkstyle.sf.net/config_misc.html -->
+    <module name="RegexpSingleline">
+        <property name="format" value="^(?!\s*(?:\*\s+)?$)(.*?)\s+$"/>
+        <property name="minimum" value="0"/>
+        <property name="maximum" value="0"/>
+        <property name="message" value="Line has trailing spaces."/>
+    </module>
+
+    <module name="SuppressWarningsFilter" />
+    <module name="TreeWalker">
+
+        <module name="SuppressWarningsHolder" />
+        <module name="SuppressionCommentFilter"/>
+        <!-- Checks for Javadoc comments.                     -->
+        <!-- See http://checkstyle.sf.net/config_javadoc.html -->
+        <module name="JavadocMethod">
+            <property name="accessModifiers" value="public"/>
+            <!--<property name="allowMissingPropertyJavadoc" value="true"/>-->
+        </module>
+        <module name="JavadocType">
+            <property name="scope" value="public"/>
+        </module>
+        <module name="JavadocStyle">
+            <property name="checkFirstSentence" value="false"/>
+        </module>
+
+        <!-- Checks for Naming Conventions.                  -->
+        <!-- See http://checkstyle.sf.net/config_naming.html -->
+      <!--<module name="ConstantName"/>-->
+      <module name="LocalFinalVariableName"/>
+        <module name="LocalVariableName"/>
+        <module name="MemberName"/>
+        <module name="MethodName"/>
+        <module name="PackageName"/>
+        <module name="ParameterName"/>
+        <module name="StaticVariableName"/>
+        <module name="TypeName"/>
+
+        <!-- Checks for imports                              -->
+        <!-- See http://checkstyle.sf.net/config_import.html -->
+        <!--<module name="AvoidStarImport"/>-->
+        <module name="IllegalImport"/>
+        <!-- defaults to sun.* packages -->
+        <module name="RedundantImport"/>
+        <module name="UnusedImports"/>
+
+        <!-- Checks for Size Violations.                    -->
+        <!-- See http://checkstyle.sf.net/config_sizes.html -->
+<!--        <module name="LineLength">-->
+<!--            <property name="max" value="120"/>-->
+<!--        </module>-->
+        <module name="MethodLength"/>
+        <module name="ParameterNumber"/>
+
+        <!-- Checks for whitespace                               -->
+        <!-- See http://checkstyle.sf.net/config_whitespace.html -->
+        <module name="EmptyForIteratorPad"/>
+        <module name="GenericWhitespace"/>
+        <module name="MethodParamPad"/>
+        <module name="NoWhitespaceAfter"/>
+        <module name="NoWhitespaceBefore"/>
+        <module name="OperatorWrap"/>
+        <module name="ParenPad"/>
+        <module name="TypecastParenPad"/>
+        <module name="WhitespaceAfter">
+            <property name="tokens" value="COMMA, SEMI"/>
+        </module>
+        <module name="WhitespaceAround"/>
+
+        <!-- Modifier Checks                                    -->
+        <!-- See http://checkstyle.sf.net/config_modifiers.html -->
+        <module name="ModifierOrder"/>
+        <module name="RedundantModifier"/>
+
+        <!-- Checks for blocks. You know, those {}'s         -->
+        <!-- See http://checkstyle.sf.net/config_blocks.html -->
+        <module name="AvoidNestedBlocks"/>
+        <module name="EmptyBlock"/>
+        <module name="LeftCurly"/>
+        <module name="NeedBraces">
+            <property name="tokens" value="LITERAL_DO, LITERAL_WHILE, LITERAL_FOR"/>
+        </module>
+        <module name="RightCurly"/>
+
+        <!-- Checks for common coding problems               -->
+        <!-- See http://checkstyle.sf.net/config_coding.html -->
+        <module name="EmptyStatement"/>
+        <module name="EqualsHashCode"/>
+        <module name="HiddenField">
+            <property name="ignoreConstructorParameter" value="true"/>
+            <property name="ignoreSetter" value="true"/>
+            <property name="setterCanReturnItsClass" value="true"/>
+        </module>
+        <module name="InnerAssignment"/>
+        <module name="MagicNumber"/>
+        <module name="MissingSwitchDefault"/>
+
+        <!-- Checks for class design                         -->
+        <!-- See http://checkstyle.sf.net/config_design.html -->
+        <module name="FinalClass"/>
+        <module name="HideUtilityClassConstructor"/>
+        <module name="InterfaceIsType"/>
+
+        <!-- Miscellaneous other checks.                   -->
+        <!-- See http://checkstyle.sf.net/config_misc.html -->
+        <!--module name="TodoComment"/-->
+        <module name="UpperEll"/>
+
+    </module>
+</module>
diff --git a/docker/README.md b/docker/README.md
new file mode 100644
index 00000000..b0282f4c
--- /dev/null
+++ b/docker/README.md
@@ -0,0 +1,65 @@
+# Build and run CDOC 2.0 components
+
+## Build binaries
+
+Follow the instructions in [Main README](../README.md#building) to build all Java binaries.
+
+## Start CDOC 2.0 Key Capsule Server using Docker Compose
+
+To install the latest Docker Compose version see https://docs.docker.com/compose/install/
+
+In `cdoc20_java/docker`  directory run
+
+```
+docker compose up
+```
+
+This will create the database and CDOC 2.0 Key Capsule servers.
+The servers use self-signed test certificates and keystores found in `cdoc_java/cdoc20_server/keys`
+
+For more details on creating server certificates and trust stores, see [Generating Server keystore](../cdoc20-server/keys/README.md).
+
+## Testing
+
+### Server health check
+
+CDOC 2.0 Key Capsule servers provide a health-check endpoint.
+To verify that the servers are working properly, execute:
+
+```
+curl -k https://localhost:18443/actuator/health
+```
+
+and
+
+```
+curl -k https://localhost:18444/actuator/health
+```
+
+### Encrypt a file using CDOC 2.0 Key Capsule Server
+
+In the `cdoc20_java/cdoc20_cli` folder execute:
+
+```
+java -jar target/cdoc20-cli-*.jar create \
+  --server=config/localhost/localhost.properties \
+  -f /path/to/enrypted-file.cdoc \
+  -r EST_ID_CODE \
+  /path/to/input-file
+```
+
+Replace `EST_ID_CODE` with the Estonian identification code of the recipient.
+
+### Decrypt a file using CDOC 2.0 Key Capsule Server
+
+In the `cdoc20_java/cdoc20_cli` folder execute:
+
+```
+java -jar target/cdoc20-cli*.jar decrypt \
+  --server=config/localhost/localhost.properties \
+  -f /path/to/enrypted-file.cdoc \
+  -o /path/to/derypted-file.cdoc
+```
+
+For more details on how to use `cdoc20-cli` see [CDOC 2.0 CLI](../cdoc20-cli/README.md).
+
diff --git a/docker/docker-compose.yml b/docker/docker-compose.yml
new file mode 100644
index 00000000..03b9d85b
--- /dev/null
+++ b/docker/docker-compose.yml
@@ -0,0 +1,56 @@
+version: '3.4'
+
+services:
+  cdoc2-postgres:
+    container_name: cdoc2-postgres
+    image: postgres
+    restart: always
+    ports:
+      - "7432:5432"
+    environment:
+      POSTGRES_DB: postgres
+      POSTGRES_PASSWORD: postgres
+
+  cdoc2-liquibase:
+    container_name: cdoc2-liquibase
+    image: liquibase/liquibase:4.19
+    depends_on:
+      cdoc2-postgres:
+        condition: service_started
+    volumes:
+      - ../cdoc20-server/server-db/src/main/resources/db/changelog/changes/:/liquibase/changelog/db/changelog/changes/
+      - ../cdoc20-server/server-db/src/main/resources/db/changelog/db.changelog-master.yaml:/liquibase/db.changelog-master.yaml
+      - ../cdoc20-server/server-db/src/main/resources/db/liquibase.properties.docker:/liquibase/changelog/liquibase.properties
+    command: liquibase --url="iframe.php?url=jdbc%3Apostgresql%3A%2F%2Fcdoc2-postgres%3A5432%2Fpostgres%3Fuser%3Dpostgres%26password%3Dpostgres" --defaults-file=/liquibase/changelog/liquibase.properties update
+
+  cdoc2-put-server:
+    container_name: cdoc2-put-server
+    build:
+      context: ../cdoc20-server/
+      dockerfile: put-server/docker/Dockerfile
+      args:
+        NAME: cdoc2-put-server
+    ports:
+      - "8443:8443"
+      # monitoring
+      - "18443:18443"
+    depends_on:
+      cdoc2-liquibase:
+        condition: service_completed_successfully
+    mem_limit: 1g
+
+  cdoc2-get-server:
+    container_name: cdoc2-get-server
+    build:
+      context: ../cdoc20-server/
+      dockerfile: get-server/docker/Dockerfile
+      args:
+        NAME: cdoc2-get-server
+    ports:
+      - "8444:8443"
+      # monitoring
+      - "18444:18443"
+    depends_on:
+      cdoc2-liquibase:
+        condition: service_completed_successfully
+    mem_limit: 1g
\ No newline at end of file
diff --git a/gatling-tests/.gitignore b/gatling-tests/.gitignore
new file mode 100644
index 00000000..b94bc0d7
--- /dev/null
+++ b/gatling-tests/.gitignore
@@ -0,0 +1,2 @@
+/src/test/resources/application.conf
+/src/test/resources/keys/test-clients/*.p12
diff --git a/gatling-tests/README.md b/gatling-tests/README.md
new file mode 100644
index 00000000..d9c148f9
--- /dev/null
+++ b/gatling-tests/README.md
@@ -0,0 +1,149 @@
+# Gatling tests for CDOC2.0 server
+
+## Preconditions for executing tests
+
+* The latest cdoc20 java libraries are installed locally. From cdoc20_java directory run:
+
+```
+mvn clean install
+```
+
+* CDOC2.0 key servers are is running
+  * Can be started inside cdoc20-server catalog with commands:
+```
+cd get-server
+java -Dspring.config.location=config/application-local.properties -jar target/cdoc20-get-server-VER.jar
+```
+
+```
+cd put-server
+java -Dspring.config.location=config/application-local.properties -jar target/cdoc20-put-server-VER.jar
+```
+
+## Configuration
+
+In configuration file one can specify following parameters
+* Target server URL
+* Client certificate information (generated automatically, used for accessing server while getting capsules)
+  * location for generated client key stores (make sure specified location folder exists)
+  * password for key-stores
+  * alias for key-store files
+* Load test configuration
+  * Create and upload capsule
+    * start-users-per-second - initial number of users added right after test start (e.g 5)
+    * increment-users-per-second - number of users added to concurrent amount of users per second (5)
+      increment-cycles - how many times number of concurrent users is incremented (3 -> 5>10>15>20)
+      cycle-duration-seconds duration of each cycle with currently reached number of concurrent users (10 -> 10s with 5 concurrent users; 10s with 10 concurrent users; 10s with 15 concurrent users; 10s with 20 concurrent users - total duration time = increment cycles x cycle-duration-time)
+  * Get capsule
+    * initial-delay-seconds - in addition to previous parameters delay is used for allowing generating and uploading capsules
+
+Create a configuration file using the sample file:
+
+```
+cp src/test/resources/application.conf.sample src/test/resources/application.conf
+```
+
+## Generate TLS certificates for connecting to cdoc2.0 server
+
+From gatling-tests directory run:
+```
+mvn clean compile exec:java -Damount=10
+```
+
+Or using a compiled jar:
+
+```
+export JAVA_OPTS="-Doutput-dir=/tmp -Dkeystore-password=secret -Dkey-alias=client-key -Droot-keystore=/tmp/gatling-ca.p12 -Droot-keystore-password=secret -Droot-key-alias=gatling-ca -Damount=3"
+java $JAVA_OPTS -cp target/gatling-tests-VER.jar ee.cyber.cdoc20.server.datagen.KeyStoreGenerator
+```
+
+
+This will generate 10 key stores (the ouput folder and other parameters are configured in pom.xml)
+with private keys and certificates that can be used later in Gatling tests.
+The number of generated key stores is specified by the `amount` system property.
+
+
+## Running functional tests
+
+The following functional tests exist for testing {SERVER_NAME} server functionality
+* create and upload capsule to server (createAndGetCreateEccCapsule)
+* Get successfully capsule from server (createAndGetCreateEccCapsule)
+* Get capsule with incorrect transactionId (createAndGetRecipientTransactionMismatch)
+* Get capsule with invalid transactionId (getWithInvalidTransactionIds)
+
+A CDOC2.0 server must be running on the host:port as configured in the configuration file specified above.
+
+From gatling-tests directory run:
+```
+mvn gatling:test -Dgatling.simulationClass=ee.cyber.cdoc20.server.KeyCapsuleFunctionalTests
+```
+
+Or using a compiled jar:
+
+```
+export JAVA_OPTS="-Dconfig.file=src/test/resources/application.conf -Dlogback.configurationFile=src/test/resources/logback-test.xml"
+java $JAVA_OPTS -cp target/gatling-tests-VER.jar io.gatling.app.Gatling -s ee.cyber.cdoc20.server.KeyCapsuleFunctionalTests
+```
+
+## Running load tests
+
+For running load tests first execution profile should be designed and configured. Load test execution models and configuring options are described in more detail here https://gatling.io/docs/gatling/reference/current/core/injection/#incrementuserspersec
+
+Open Model is implemented for CDOC 2.0 server load tests, meaning that continuously growing load is applied to the server.
+
+* Sample configuration for continuously growing load example:
+  - start-users-per-second = 10
+  - increment-users-per-second = 5
+  - increment-cycles = 10
+  - cycle-duration-seconds = 60
+
+
+  Test lasts 10 cycles x 60 seconds = 600 seconds = 10 minutes.
+  Each next test cycle has 5 concurrent users more. Last cycle will have 60 concurrent users for 1 minute.
+
+
+* Sample configuration for relatively stable slowly growing load:
+
+  - start-users-per-second = 100
+  - increment-users-per-second = 2
+  - increment-cycles = 10
+  - cycle-duration-seconds = 60
+
+Test lasts 10 cycles x 60 seconds = 600 seconds = 10 minutes.
+Initial load - 100 concurrent users will be applied and each next test cycle has 2 concurrent users more. Last cycle will have 120 concurrent users for 1 minute.
+
+For executing load tests run from gatling-tests directory:
+
+```
+mvn gatling:test -Dgatling.simulationClass=ee.cyber.cdoc20.server.KeyCapsuleLoadTests
+```
+
+Or using a compiled jar:
+
+```
+export JAVA_OPTS="-Dconfig.file=src/test/resources/application.conf -Dlogback.configurationFile=src/test/resources/logback-test.xml"
+java $JAVA_OPTS -cp target/gatling-tests-VER.jar io.gatling.app.Gatling -s ee.cyber.cdoc20.server.KeyCapsuleLoadTests
+```
+
+
+## Server Keystore configuration
+
+Note: Certificates are already generated in development phase and added to Server trust store. Following commands are useful once new trust chain needs to be added to the server.
+
+The generated certificates are signed with a test CA cert that was created with:
+
+```
+keytool -genkeypair -alias gatling-ca -keyalg ec -groupname secp384r1 -sigalg SHA512withECDSA -keystore gatling-ca.p12 -storepass secret -ext KeyUsage=digitalSignature,keyCertSign -ext BasicConstraints=ca:true,PathLen:3 -validity 365
+```
+
+To export the test CA certificate from the test CA keystore:
+
+```
+keytool -exportcert -keystore gatling-ca.p12 -alias gatling-ca -storepass secret -rfc -file gatling-ca.pem
+```
+
+To add the test CA certificate to the server's truststore:
+
+```
+keytool -import -trustcacerts -file gatling-ca.pem -alias gatling-ca -storepass passwd -keystore path/to/servertruststore.jks
+```
diff --git a/gatling-tests/pom.xml b/gatling-tests/pom.xml
new file mode 100644
index 00000000..2069232b
--- /dev/null
+++ b/gatling-tests/pom.xml
@@ -0,0 +1,130 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+
+    <modelVersion>4.0.0</modelVersion>
+
+    <parent>
+        <artifactId>cdoc20</artifactId>
+        <groupId>ee.cyber.cdoc20</groupId>
+        <version>0.6.0-SNAPSHOT</version>
+    </parent>
+
+    <artifactId>gatling-tests</artifactId>
+
+    <dependencies>
+        <dependency>
+            <groupId>ee.cyber.cdoc20</groupId>
+            <artifactId>cdoc20-lib</artifactId>
+            <version>${project.version}</version>
+        </dependency>
+
+        <dependency>
+            <groupId>io.gatling.highcharts</groupId>
+            <artifactId>gatling-charts-highcharts</artifactId>
+            <version>${gatling.version}</version>
+        </dependency>
+
+        <dependency>
+            <groupId>org.projectlombok</groupId>
+            <artifactId>lombok</artifactId>
+            <version>${lombok.version}</version>
+        </dependency>
+
+        <dependency>
+            <groupId>ch.qos.logback</groupId>
+            <artifactId>logback-classic</artifactId>
+            <version>${logback-classic.version}</version>
+        </dependency>
+
+        <dependency>
+            <groupId>org.bouncycastle</groupId>
+            <artifactId>bcpkix-jdk15on</artifactId>
+            <version>${bouncycastle.version}</version>
+        </dependency>
+    </dependencies>
+
+    <build>
+        <plugins>
+            <plugin>
+                <groupId>io.gatling</groupId>
+                <artifactId>gatling-maven-plugin</artifactId>
+                <version>${gatling-maven-plugin.version}</version>
+            </plugin>
+
+            <!-- task to generate key store files to use in gatling tests -->
+            <plugin>
+                <groupId>org.codehaus.mojo</groupId>
+                <artifactId>exec-maven-plugin</artifactId>
+                <version>${exec-maven-plugin.version}</version>
+                <configuration>
+                    <mainClass>ee.cyber.cdoc20.server.datagen.KeyStoreGenerator</mainClass>
+                    <systemProperties>
+                        <systemProperty>
+                            <!-- the folder where the generated files will be written -->
+                            <key>output-dir</key>
+                            <value>${basedir}/src/test/resources/keys/test-clients</value>
+                        </systemProperty>
+                        <systemProperty>
+                            <!-- the password for the generated keystores -->
+                            <key>keystore-password</key>
+                            <value>secret</value>
+                        </systemProperty>
+                        <systemProperty>
+                            <!-- the key alias for the generated entry in the keystore -->
+                            <key>key-alias</key>
+                            <value>client-key</value>
+                        </systemProperty>
+                        <systemProperty>
+                            <!-- location of the root keystore to use to sign certificate in the generated keystore -->
+                            <key>root-keystore</key>
+                            <value>${basedir}/src/test/resources/keys/gatling-ca.p12</value>
+                        </systemProperty>
+                        <systemProperty>
+                            <!-- the root keystore type -->
+                            <key>root-keystore-type</key>
+                            <value>pkcs12</value>
+                        </systemProperty>
+                        <systemProperty>
+                            <!-- the key alias for the entry in the root keystore to use for signing -->
+                            <key>root-key-alias</key>
+                            <value>gatling-ca</value>
+                        </systemProperty>
+                        <systemProperty>
+                            <!-- the root keystore password -->
+                            <key>root-keystore-password</key>
+                            <value>secret</value>
+                        </systemProperty>
+                    </systemProperties>
+                </configuration>
+            </plugin>
+
+            <!-- creates the jar with all dependencies -->
+            <plugin>
+                <groupId>org.apache.maven.plugins</groupId>
+                <artifactId>maven-shade-plugin</artifactId>
+                <version>${maven-shade-plugin.version}</version>
+                <executions>
+                    <execution>
+                        <phase>package</phase>
+                        <goals>
+                            <goal>shade</goal>
+                        </goals>
+                        <configuration>
+                            <filters>
+                                <filter>
+                                    <artifact>*:*</artifact>
+                                    <excludes>
+                                        <exclude>META-INF/*.SF</exclude>
+                                        <exclude>META-INF/*.DSA</exclude>
+                                        <exclude>META-INF/*.RSA</exclude>
+                                    </excludes>
+                                </filter>
+                            </filters>
+                        </configuration>
+                    </execution>
+                </executions>
+            </plugin>
+        </plugins>
+    </build>
+
+</project>
diff --git a/gatling-tests/src/main/java/ee/cyber/cdoc20/server/KeyCapsuleFunctionalTests.java b/gatling-tests/src/main/java/ee/cyber/cdoc20/server/KeyCapsuleFunctionalTests.java
new file mode 100644
index 00000000..ed7e4761
--- /dev/null
+++ b/gatling-tests/src/main/java/ee/cyber/cdoc20/server/KeyCapsuleFunctionalTests.java
@@ -0,0 +1,72 @@
+package ee.cyber.cdoc20.server;
+
+import ee.cyber.cdoc20.server.conf.TestConfig;
+import ee.cyber.cdoc20.server.scenarios.EccKeyCapsuleScenarios;
+import ee.cyber.cdoc20.server.scenarios.RsaKeyCapsuleScenarios;
+import io.gatling.javaapi.core.Simulation;
+import io.gatling.javaapi.http.HttpProtocolBuilder;
+import lombok.extern.slf4j.Slf4j;
+import static io.gatling.javaapi.core.CoreDsl.atOnceUsers;
+import static io.gatling.javaapi.core.CoreDsl.global;
+import static io.gatling.javaapi.http.HttpDsl.http;
+
+
+/**
+ * Functional tests for the key-capsules API
+ */
+@Slf4j
+@SuppressWarnings("squid:S2187") //SonarQube: TestCases should contain tests
+public final class KeyCapsuleFunctionalTests extends Simulation {
+
+    private final TestConfig config = TestConfig.load(false);
+    private final TestDataGenerator testData = new TestDataGenerator(this.config);
+    private final EccKeyCapsuleScenarios eccScenarios = new EccKeyCapsuleScenarios(config, testData);
+    private final RsaKeyCapsuleScenarios rsaScenarios = new RsaKeyCapsuleScenarios(config, testData);
+
+    HttpProtocolBuilder eccClient = http
+        .acceptHeader("application/json")
+        .perUserKeyManagerFactory(this.eccScenarios::getKeyManager)
+        .disableWarmUp();
+
+    HttpProtocolBuilder rsaClient = http
+        .acceptHeader("application/json")
+        .perUserKeyManagerFactory(this.rsaScenarios::getKeyManager)
+        .disableWarmUp();
+
+    {
+        setUp(
+            // elliptic curve key capsule scenarios
+           this.eccScenarios.sendAndGetEccKeyCapsule()
+                .injectOpen(atOnceUsers(1))
+                .protocols(this.eccClient),
+            this.eccScenarios.sendEccKeyCapsuleRepeatedly()
+                .injectOpen(atOnceUsers(1))
+                .protocols(this.eccClient),
+            this.eccScenarios.getRecipientMismatch()
+                .injectOpen(atOnceUsers(1))
+                .protocols(this.eccClient),
+            this.eccScenarios.getWithInvalidTransactionIds()
+                .injectOpen(atOnceUsers(1))
+                .protocols(this.eccClient),
+
+            this.rsaScenarios.sendRsaKeyCapsuleRandomKeyMaterial()
+                .injectOpen(atOnceUsers(1))
+                .protocols(this.eccClient),
+
+            // rsa key capsule scenarios
+            this.rsaScenarios.sendAndGetRsaKeyCapsule()
+                .injectOpen(atOnceUsers(1))
+                .protocols(this.rsaClient),
+            this.rsaScenarios.sendRsaKeyCapsuleRepeatedly()
+                .injectOpen(atOnceUsers(1))
+                .protocols(this.rsaClient),
+            this.rsaScenarios.sendAndGetRecipientMismatch()
+                .injectOpen(atOnceUsers(1))
+                .protocols(this.rsaClient),
+            this.rsaScenarios.sendRsaKeyCapsuleTooBigKeyMaterial()
+                .injectOpen(atOnceUsers(1))
+                .protocols(this.rsaClient)
+        )
+        .assertions(global().successfulRequests().percent().is(100.0));
+    }
+}
diff --git a/gatling-tests/src/main/java/ee/cyber/cdoc20/server/KeyCapsuleLoadTests.java b/gatling-tests/src/main/java/ee/cyber/cdoc20/server/KeyCapsuleLoadTests.java
new file mode 100644
index 00000000..c821e3f4
--- /dev/null
+++ b/gatling-tests/src/main/java/ee/cyber/cdoc20/server/KeyCapsuleLoadTests.java
@@ -0,0 +1,99 @@
+package ee.cyber.cdoc20.server;
+
+import ee.cyber.cdoc20.server.conf.TestConfig;
+import ee.cyber.cdoc20.server.scenarios.EccKeyCapsuleScenarios;
+import ee.cyber.cdoc20.server.scenarios.RsaKeyCapsuleScenarios;
+import io.gatling.commons.shared.unstable.util.Ssl;
+import io.gatling.javaapi.core.Simulation;
+import io.gatling.javaapi.http.HttpProtocolBuilder;
+import javax.net.ssl.KeyManagerFactory;
+import lombok.extern.slf4j.Slf4j;
+import scala.Option;
+import scala.Some;
+import static io.gatling.javaapi.core.CoreDsl.global;
+import static io.gatling.javaapi.core.CoreDsl.incrementUsersPerSec;
+import static io.gatling.javaapi.core.CoreDsl.nothingFor;
+import static io.gatling.javaapi.core.CoreDsl.scenario;
+import static io.gatling.javaapi.http.HttpDsl.http;
+
+/**
+ * Load tests for the key-capsules API
+ */
+@Slf4j
+public final class KeyCapsuleLoadTests extends Simulation {
+
+    private final TestConfig config = TestConfig.load(true);
+    private final TestDataGenerator testData = new TestDataGenerator(this.config);
+    private final EccKeyCapsuleScenarios eccScenarios = new EccKeyCapsuleScenarios(this.config, this.testData);
+    private final RsaKeyCapsuleScenarios rsaScenarios = new RsaKeyCapsuleScenarios(this.config, this.testData);
+
+    HttpProtocolBuilder httpConf = http
+        .baseUrl(this.config.getGetServerBaseUrl())
+        .acceptHeader("application/json")
+        .perUserKeyManagerFactory(this::getKeyManager)
+        .disableWarmUp();
+
+    {
+        var loadTestConfig = this.config.getLoadTestConfig()
+            .orElseThrow(() -> new IllegalArgumentException("No load test configuration"));
+
+        var createConf = loadTestConfig.getCreateCapsule();
+        var getConf = loadTestConfig.getGetCapsule();
+
+        // divide conf values by 2 to get equal amount of ec and rsa scenarios executed
+        var createScnIncUsersPerSec = createConf.getIncrementUsersPerSec() / 2.0;
+        var createScnStartUsersPerSec = createConf.getStartingUsersPerSec() / 2.0;
+        var getScnIncUsersPerSec = getConf.getIncrementUsersPerSec() / 2.0;
+        var getScnStartUsersPerSec = getConf.getStartingUsersPerSec() / 2.0;
+
+        setUp(
+            scenario("Send ecc key capsule")
+                .exec(this.eccScenarios.sendEccKeyCapsule())
+                .injectOpen(
+                    incrementUsersPerSec(createScnIncUsersPerSec)
+                        .times(createConf.getIncrementCycles())
+                        .eachLevelLasting(createConf.getCycleDurationSec())
+                        .startingFrom(createScnStartUsersPerSec)
+                ),
+            scenario("Send rsa key capsule")
+                .exec(this.rsaScenarios.sendRsaKeyCapsule())
+                .injectOpen(
+                    incrementUsersPerSec(createScnIncUsersPerSec)
+                        .times(createConf.getIncrementCycles())
+                        .eachLevelLasting(createConf.getCycleDurationSec())
+                        .startingFrom(createScnStartUsersPerSec)
+                ),
+            this.eccScenarios.getRandomKeyCapsule("Get random ecc key capsule")
+                .injectOpen(
+                    // wait for some capsules to be created and their urls returned
+                    nothingFor(loadTestConfig.getGetCapsuleStartDelay()),
+                    incrementUsersPerSec(getScnIncUsersPerSec)
+                        .times(getConf.getIncrementCycles())
+                        .eachLevelLasting(getConf.getCycleDurationSec())
+                        .startingFrom(getScnStartUsersPerSec)
+                ),
+            this.rsaScenarios.getRandomKeyCapsule("Get random rsa key capsule")
+                .injectOpen(
+                    // wait for some capsules to be created and their urls returned
+                    nothingFor(loadTestConfig.getGetCapsuleStartDelay()),
+                    incrementUsersPerSec(getScnIncUsersPerSec)
+                        .times(getConf.getIncrementCycles())
+                        .eachLevelLasting(getConf.getCycleDurationSec())
+                        .startingFrom(getScnStartUsersPerSec)
+                )
+        )
+        .protocols(this.httpConf)
+        .assertions(global().successfulRequests().percent().is(100.0));
+    }
+
+    // returns the key store to use for the user injected by Gatling
+    private KeyManagerFactory getKeyManager(long userId) {
+        var keyStore = this.testData.getEccKeyStore(userId);
+        return Ssl.newKeyManagerFactory(
+            new Some<>(keyStore.keyStoreType()),
+            keyStore.file().getAbsolutePath(),
+            keyStore.password(),
+            Option.empty()
+        );
+    }
+}
diff --git a/gatling-tests/src/main/java/ee/cyber/cdoc20/server/TestDataGenerator.java b/gatling-tests/src/main/java/ee/cyber/cdoc20/server/TestDataGenerator.java
new file mode 100644
index 00000000..e911edbc
--- /dev/null
+++ b/gatling-tests/src/main/java/ee/cyber/cdoc20/server/TestDataGenerator.java
@@ -0,0 +1,195 @@
+package ee.cyber.cdoc20.server;
+
+import com.fasterxml.jackson.databind.ObjectMapper;
+import ee.cyber.cdoc20.server.conf.LoadedKeyStore;
+import ee.cyber.cdoc20.server.conf.TestConfig;
+import ee.cyber.cdoc20.server.dto.KeyCapsuleRequest;
+import ee.cyber.cdoc20.server.dto.KeyCapsuleType;
+import ee.cyber.cdoc20.server.datagen.CertUtil;
+import ee.cyber.cdoc20.server.dto.GeneratedCapsule;
+import java.security.KeyPair;
+import java.security.interfaces.ECPublicKey;
+import java.security.interfaces.RSAPublicKey;
+import java.util.Base64;
+import java.util.Random;
+import lombok.RequiredArgsConstructor;
+import lombok.SneakyThrows;
+import lombok.extern.slf4j.Slf4j;
+
+/**
+ * Generates test data
+ */
+@Slf4j
+@RequiredArgsConstructor
+public class TestDataGenerator {
+    private static final ObjectMapper JSON = new ObjectMapper();
+    private static final Random RANDOM = new Random();
+
+    private final TestConfig conf;
+
+    public GeneratedCapsule generateEccCapsule(Long userId) {
+        log.debug("generateEccCapsule(userId={})", userId);
+
+        var keyStore = this.getEccKeyStore(userId);
+        // ephemeral key pair
+        var senderKeyPair = CertUtil.generateEcKeyPair();
+
+        return new GeneratedCapsule(
+            keyStore, createEccKeyCapsuleRequest(keyStore, senderKeyPair)
+        );
+    }
+
+    public GeneratedCapsule generateRsaCapsule(Long userId) {
+        log.debug("generateRsaCapsule(userId={})", userId);
+
+        var keyStore = this.getRsaKeyStore(userId);
+        return new GeneratedCapsule(keyStore, createRsaKeyCapsuleRequest(keyStore));
+    }
+
+    public GeneratedCapsule generateEccCapsuleWithWrongRecipient(Long userId) {
+        log.debug("generateEccCapsuleWithWrongRecipient(userId={})", userId);
+
+        var currentUserKeyStore = this.getEccKeyStore(userId);
+        var otherUserKeyStore = this.getEccKeyStore(userId + 1L);
+
+        if (currentUserKeyStore.publicKey().equals(otherUserKeyStore.publicKey())) {
+            throw new IllegalArgumentException(
+                String.format(
+                    "Invalid test data detected: key stores %s and %s contain the same keys",
+                    currentUserKeyStore.file().getAbsolutePath(),
+                    otherUserKeyStore.file().getAbsoluteFile()
+                )
+            );
+        }
+
+        var senderKeyPair = CertUtil.generateEcKeyPair();
+        var request = createEccKeyCapsuleRequest(otherUserKeyStore, senderKeyPair);
+        return new GeneratedCapsule(otherUserKeyStore, request);
+    }
+
+    public GeneratedCapsule generateRsaCapsuleWithWrongRecipient(Long userId) {
+        log.debug("generateRsaCapsuleWithWrongRecipient(userId={})", userId);
+
+        var currentUserKeyStore = this.getRsaKeyStore(userId);
+        var otherUserKeyStore = this.getRsaKeyStore(userId + 1L);
+
+        if (currentUserKeyStore.publicKey().equals(otherUserKeyStore.publicKey())) {
+            throw new IllegalArgumentException(
+                String.format(
+                    "Invalid test data detected: key stores %s and %s contain the same keys",
+                    currentUserKeyStore.file().getAbsolutePath(),
+                    otherUserKeyStore.file().getAbsoluteFile()
+                )
+            );
+        }
+        return new GeneratedCapsule(otherUserKeyStore, createRsaKeyCapsuleRequest(otherUserKeyStore));
+    }
+
+    /**
+     * @param userId the userId given by Gatling (starts from 1, increasing)
+     * @return n-th elliptic curve keystore from configuration
+     */
+    public LoadedKeyStore getEccKeyStore(long userId) {
+        var keyStores = this.conf.getEccKeyStores();
+
+        // use modulo in case the test uses more users than there are key stores
+        int index = (int) userId % keyStores.size();
+
+        return keyStores.get(index);
+    }
+
+    /**
+     * @param userId the userId given by Gatling (starts from 1, increasing)
+     * @return n-th RSA keystore from configuration
+     */
+    public LoadedKeyStore getRsaKeyStore(long userId) {
+        var keyStores = this.conf.getRsaKeyStores();
+
+        if (keyStores.isEmpty()) {
+            throw new IllegalStateException("No RSA key stores configured");
+        }
+
+        // use modulo in case the test uses more users than there are key stores
+        int index = (int) userId % keyStores.size();
+
+        return keyStores.get(index);
+    }
+
+    /**
+     * @return an elliptic curve keystore from configuration
+     */
+    public LoadedKeyStore getRandomEccKeyStore() {
+        return getEccKeyStore(1L);
+    }
+
+    /**
+     * @return a RSA keystore from configuration
+     */
+    public LoadedKeyStore getRandomRsaKeyStore() {
+        return getRsaKeyStore(1L);
+    }
+
+    public static KeyCapsuleRequest createEccKeyCapsuleRequest(LoadedKeyStore recipient, KeyPair sender) {
+        if (recipient.publicKey() instanceof ECPublicKey ecPublicKey) {
+            return new KeyCapsuleRequest(
+                CertUtil.encodePublicKey(ecPublicKey),
+                CertUtil.encodePublicKey((ECPublicKey) sender.getPublic()),
+                KeyCapsuleType.ecc_secp384r1
+            );
+        } else {
+            throw new IllegalArgumentException(
+                "Expecting key store with EcPublicKey, got " + recipient.publicKey().getClass()
+            );
+        }
+    }
+
+    public static KeyCapsuleRequest createRsaKeyCapsuleRequest(LoadedKeyStore recipient) {
+        return createRsaKeyCapsuleRequest(
+            recipient,
+            recipient.publicKey().getEncoded() // in reality, should be encrypted kek
+        );
+    }
+
+    public static KeyCapsuleRequest createRsaKeyCapsuleRequest(LoadedKeyStore recipient,
+                                                               byte[] keyMaterial) {
+        if (recipient.publicKey() instanceof RSAPublicKey rsaPublicKey) {
+            return new KeyCapsuleRequest(
+                CertUtil.encodePublicKey(rsaPublicKey),
+                Base64.getEncoder().encodeToString(keyMaterial),
+                KeyCapsuleType.rsa
+            );
+        } else {
+            throw new IllegalArgumentException(
+                "Expecting key store with RSAPublicKey, got " + recipient.publicKey().getClass()
+            );
+        }
+    }
+
+    @SneakyThrows
+    public static String toJson(Object dto) {
+        return JSON.writeValueAsString(dto);
+    }
+
+    /**
+     * Generates a random string
+     * @param length the length of the string
+     * @return a random string with the given length
+     */
+    public static String randomString(int length) {
+        return Base64.getEncoder()
+            .encodeToString(randomBytes(length))
+            .substring(0, length)
+            .replaceAll("/", "-"); // make url safe
+    }
+
+    /**
+     * Generates random bytes
+     * @param length the number of bytes to generate
+     * @return random bytes
+     */
+    public static byte[] randomBytes(int length) {
+        var bytes = new byte[length];
+        RANDOM.nextBytes(bytes);
+        return bytes;
+    }
+}
diff --git a/gatling-tests/src/main/java/ee/cyber/cdoc20/server/conf/LoadTestConfig.java b/gatling-tests/src/main/java/ee/cyber/cdoc20/server/conf/LoadTestConfig.java
new file mode 100644
index 00000000..7c88e64b
--- /dev/null
+++ b/gatling-tests/src/main/java/ee/cyber/cdoc20/server/conf/LoadTestConfig.java
@@ -0,0 +1,19 @@
+package ee.cyber.cdoc20.server.conf;
+
+import lombok.Value;
+
+/**
+ * Load test configuration
+ *
+ */
+@Value
+public class LoadTestConfig {
+
+    LoadTestParameters createCapsule;
+    LoadTestParameters getCapsule;
+    /**
+     * Delay before executing getCapsule scenario to allow for some capsules to be created
+     * first so that there is input data for getCapsule tests available.
+     */
+    Long getCapsuleStartDelay;
+}
diff --git a/gatling-tests/src/main/java/ee/cyber/cdoc20/server/conf/LoadTestParameters.java b/gatling-tests/src/main/java/ee/cyber/cdoc20/server/conf/LoadTestParameters.java
new file mode 100644
index 00000000..4ead8697
--- /dev/null
+++ b/gatling-tests/src/main/java/ee/cyber/cdoc20/server/conf/LoadTestParameters.java
@@ -0,0 +1,11 @@
+package ee.cyber.cdoc20.server.conf;
+
+import lombok.Value;
+
+@Value
+public class LoadTestParameters {
+    Long incrementUsersPerSec;
+    int incrementCycles;
+    Long cycleDurationSec;
+    Long startingUsersPerSec;
+}
diff --git a/gatling-tests/src/main/java/ee/cyber/cdoc20/server/conf/LoadedKeyStore.java b/gatling-tests/src/main/java/ee/cyber/cdoc20/server/conf/LoadedKeyStore.java
new file mode 100644
index 00000000..f12336f2
--- /dev/null
+++ b/gatling-tests/src/main/java/ee/cyber/cdoc20/server/conf/LoadedKeyStore.java
@@ -0,0 +1,15 @@
+package ee.cyber.cdoc20.server.conf;
+
+import java.io.File;
+import java.security.PublicKey;
+
+/**
+ * Holds a key store that has been verified and loaded from a file
+ */
+public record LoadedKeyStore(
+    PublicKey publicKey,
+    File file,
+    String keyStoreType, // pkcs12
+    String password
+) {
+}
diff --git a/gatling-tests/src/main/java/ee/cyber/cdoc20/server/conf/TestConfig.java b/gatling-tests/src/main/java/ee/cyber/cdoc20/server/conf/TestConfig.java
new file mode 100644
index 00000000..7b7fbeda
--- /dev/null
+++ b/gatling-tests/src/main/java/ee/cyber/cdoc20/server/conf/TestConfig.java
@@ -0,0 +1,133 @@
+package ee.cyber.cdoc20.server.conf;
+
+import com.typesafe.config.Config;
+import com.typesafe.config.ConfigFactory;
+import java.io.File;
+import java.security.interfaces.ECPublicKey;
+import java.security.interfaces.RSAPublicKey;
+import java.util.ArrayList;
+import java.util.List;
+import java.util.Optional;
+import java.util.stream.Stream;
+import lombok.AccessLevel;
+import lombok.AllArgsConstructor;
+import lombok.Getter;
+import lombok.ToString;
+import lombok.extern.slf4j.Slf4j;
+import static ee.cyber.cdoc20.server.datagen.KeyStoreUtil.KEY_STORE_TYPE;
+import static ee.cyber.cdoc20.server.datagen.KeyStoreUtil.getCertificate;
+import static ee.cyber.cdoc20.server.datagen.KeyStoreUtil.loadKeyStore;
+
+/**
+ * Gatling test configuration properties
+ */
+@Getter
+@AllArgsConstructor(access = AccessLevel.PRIVATE)
+@Slf4j
+@ToString
+public class TestConfig {
+
+    private final String getServerBaseUrl;
+    private final String putServerBaseUrl;
+    @ToString.Exclude
+    private final List<LoadedKeyStore> eccKeyStores;
+    @ToString.Exclude
+    private final List<LoadedKeyStore> rsaKeyStores;
+    private final Optional<LoadTestConfig> loadTestConfig;
+
+    /**
+     * Loads the configuration from file
+     *
+     * @param isLoadTest boolean indicating whether to read load test configuration
+     *
+     * see @link https://github.com/lightbend/config#standard-behavior for file names and formats
+     */
+    public static TestConfig load(boolean isLoadTest) {
+        var conf = ConfigFactory.load();
+
+        var keyStores = readClientKeyStores(conf);
+
+        var testConf = new TestConfig(
+            conf.getString("get-server.base-url"),
+            conf.getString("put-server.base-url"),
+            keyStores.stream().filter(x -> x.publicKey() instanceof ECPublicKey).toList(),
+            keyStores.stream().filter(x -> x.publicKey() instanceof RSAPublicKey).toList(),
+            isLoadTest ? Optional.of(readLoadTestConfig(conf)) : Optional.empty()
+        );
+
+        if (testConf.getEccKeyStores().size() < 2) {
+            throw new IllegalArgumentException("Not enough elliptic curve key stores configured");
+        }
+        if (testConf.getRsaKeyStores().size() < 2) {
+            throw new IllegalArgumentException("Not enough RSA key stores configured");
+        }
+
+        log.info("Loaded test configuration: {}", testConf);
+
+        return testConf;
+    }
+
+    private static List<LoadedKeyStore> readClientKeyStores(Config config) {
+        var clientKeyStoresConf = config.getConfig("client-keystores");
+
+        File keystoreDir = new File(clientKeyStoresConf.getString("path"));
+        String keystorePassword = clientKeyStoresConf.getString("password");
+        String keyAlias = clientKeyStoresConf.getString("alias");
+
+        if (!keystoreDir.exists() || !keystoreDir.isAbsolute()) {
+            throw new IllegalArgumentException(
+                "Invalid client keystore folder (must be absolute): " + keystoreDir
+            );
+        }
+
+        var files = keystoreDir.listFiles();
+        if (files == null) {
+            throw new IllegalArgumentException(
+                "Client keystore folder " + keystoreDir + " contains no files"
+            );
+        }
+
+        var keyStores = new ArrayList<LoadedKeyStore>();
+        Stream.of(files)
+            .filter(file -> !file.isDirectory())
+            .forEach(file -> {
+                try {
+                    var ks = loadKeyStore(file.toPath(), KEY_STORE_TYPE, keystorePassword);
+                    var cert = getCertificate(ks, keystorePassword, keyAlias);
+                    keyStores.add(
+                        new LoadedKeyStore(
+                            cert.getPublicKey(),
+                            file,
+                            KEY_STORE_TYPE,
+                            keystorePassword
+                        )
+                    );
+                } catch (Exception e) {
+                    log.error("Failed to load keystore {}", file, e);
+                }
+            });
+        log.info("Found {} key stores", keyStores.size());
+        return keyStores;
+    }
+
+    private static LoadTestConfig readLoadTestConfig(Config config) {
+        var create = config.getConfig("load-test.create-capsule");
+        var get = config.getConfig("load-test.get-capsule");
+
+        return new LoadTestConfig(
+            new LoadTestParameters(
+                create.getLong("increment-users-per-second"),
+                create.getInt("increment-cycles"),
+                create.getLong("cycle-duration-seconds"),
+                create.getLong("start-users-per-second")
+            ),
+            new LoadTestParameters(
+                get.getLong("increment-users-per-second"),
+                get.getInt("increment-cycles"),
+                get.getLong("cycle-duration-seconds"),
+                get.getLong("start-users-per-second")
+            ),
+            get.getLong("initial-delay-seconds")
+        );
+    }
+}
diff --git a/gatling-tests/src/main/java/ee/cyber/cdoc20/server/datagen/CertUtil.java b/gatling-tests/src/main/java/ee/cyber/cdoc20/server/datagen/CertUtil.java
new file mode 100644
index 00000000..a4b0e65f
--- /dev/null
+++ b/gatling-tests/src/main/java/ee/cyber/cdoc20/server/datagen/CertUtil.java
@@ -0,0 +1,131 @@
+package ee.cyber.cdoc20.server.datagen;
+
+import ee.cyber.cdoc20.crypto.ECKeys;
+import ee.cyber.cdoc20.crypto.RsaUtils;
+import java.math.BigInteger;
+import java.security.KeyPair;
+import java.security.KeyPairGenerator;
+import java.security.SecureRandom;
+import java.security.Security;
+import java.security.cert.X509Certificate;
+import java.security.interfaces.ECPublicKey;
+import java.security.interfaces.RSAPublicKey;
+import java.time.Duration;
+import java.time.Instant;
+import java.util.Base64;
+import java.util.Date;
+import javax.security.auth.x500.X500Principal;
+import lombok.SneakyThrows;
+import lombok.extern.slf4j.Slf4j;
+import org.bouncycastle.asn1.ASN1Encodable;
+import org.bouncycastle.asn1.DERSequence;
+import org.bouncycastle.asn1.x509.Extension;
+import org.bouncycastle.asn1.x509.GeneralName;
+import org.bouncycastle.cert.X509CertificateHolder;
+import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;
+import org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder;
+import org.bouncycastle.jce.ECNamedCurveTable;
+import org.bouncycastle.jce.provider.BouncyCastleProvider;
+import org.bouncycastle.jce.spec.ECParameterSpec;
+import org.bouncycastle.operator.ContentSigner;
+import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;
+
+/**
+ * Utility class for generating keys and certificates
+ */
+@Slf4j
+public final class CertUtil {
+    private static final String BC = BouncyCastleProvider.PROVIDER_NAME;
+    private static final String CERT_SIG_ALGO = "SHA512WITHECDSA";
+    private static final Duration CERT_VALIDITY = Duration.ofDays(365L);
+    private static final int RSA_KEY_SIZE = 2048;
+
+    static {
+        Security.addProvider(new BouncyCastleProvider());
+    }
+
+    private CertUtil() {
+        // utility class
+    }
+
+    @SneakyThrows
+    static X509Certificate generateCertificate(X500Principal subject, KeyPair subjectKeyPair,
+            X500Principal signedBy, KeyPair signedByKeyPair, String cn) {
+
+        var notBefore = Instant.now();
+        var notAfter = notBefore.plus(CERT_VALIDITY);
+
+        var altNames = new ASN1Encodable[] {
+            new GeneralName(GeneralName.dNSName, cn)
+        };
+
+        var certBuilder = new JcaX509v3CertificateBuilder(
+            signedBy, BigInteger.ONE,
+            new Date(notBefore.toEpochMilli()), new Date(notAfter.toEpochMilli()),
+            subject,
+            subjectKeyPair.getPublic()
+        );
+
+        try {
+            certBuilder
+                .addExtension(Extension.subjectAlternativeName, false, new DERSequence(altNames));
+
+            final ContentSigner signer = new JcaContentSignerBuilder(CERT_SIG_ALGO)
+                .setProvider(BC)
+                .build(signedByKeyPair.getPrivate());
+
+            X509CertificateHolder certHolder = certBuilder.build(signer);
+
+            log.info(
+                "Created cert(issuer={}, subject={}, type={})",
+                certHolder.getIssuer(), certHolder.getSubject(), subjectKeyPair.getPrivate().getAlgorithm()
+            );
+
+            return getCertificate(certHolder);
+        } catch (Exception e) {
+            log.error("Failed to create certificate", e);
+            throw e;
+        }
+    }
+
+    @SneakyThrows
+    public static KeyPair generateEcKeyPair() {
+        ECParameterSpec ecSpec = ECNamedCurveTable.getParameterSpec(ECKeys.SECP_384_R_1);
+        try {
+            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("EC", BC);
+            keyPairGenerator.initialize(ecSpec, SecureRandom.getInstanceStrong());
+            return keyPairGenerator.generateKeyPair();
+        } catch (Exception e) {
+            log.error("Failed to generate EC key pair", e);
+            throw e;
+        }
+    }
+
+    @SneakyThrows
+    public static KeyPair generateRsaKeyPair() {
+        try {
+            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA");
+            keyPairGenerator.initialize(RSA_KEY_SIZE, SecureRandom.getInstanceStrong());
+            return keyPairGenerator.generateKeyPair();
+        } catch (Exception e) {
+            log.error("Failed to generate RSA key pair", e);
+            throw e;
+        }
+    }
+
+
+    @SneakyThrows
+    static X509Certificate getCertificate(X509CertificateHolder holder) {
+        return new JcaX509CertificateConverter().setProvider(BC).getCertificate(holder);
+    }
+
+    @SneakyThrows
+    public static String encodePublicKey(ECPublicKey pubKey) {
+        return Base64.getEncoder().encodeToString(ECKeys.encodeEcPubKeyForTls(pubKey));
+    }
+
+    @SneakyThrows
+    public static String encodePublicKey(RSAPublicKey pubKey) {
+        return Base64.getEncoder().encodeToString(RsaUtils.encodeRsaPubKey(pubKey));
+    }
+}
diff --git a/gatling-tests/src/main/java/ee/cyber/cdoc20/server/datagen/KeyStoreGenerator.java b/gatling-tests/src/main/java/ee/cyber/cdoc20/server/datagen/KeyStoreGenerator.java
new file mode 100644
index 00000000..fafc2438
--- /dev/null
+++ b/gatling-tests/src/main/java/ee/cyber/cdoc20/server/datagen/KeyStoreGenerator.java
@@ -0,0 +1,68 @@
+package ee.cyber.cdoc20.server.datagen;
+
+import java.nio.file.Paths;
+import java.security.KeyPair;
+import java.security.KeyStore;
+import java.security.PrivateKey;
+import java.security.cert.X509Certificate;
+import java.util.Optional;
+import lombok.SneakyThrows;
+import lombok.extern.slf4j.Slf4j;
+
+/**
+ * Java key store generator for test input data
+ */
+@Slf4j
+public final class KeyStoreGenerator {
+
+    private KeyStoreGenerator() {
+        // utility class
+    }
+
+    @SneakyThrows
+    public static void main(String[] args) {
+        String outputDir = getRequiredProperty("output-dir");
+        String keystorePassword = getRequiredProperty("keystore-password");
+        String keyAlias = getRequiredProperty("key-alias");
+        int amount = Integer.parseInt(getRequiredProperty("amount"));
+
+        String rootKeyStorePath = getRequiredProperty("root-keystore");
+        String rootKeyStoreType = System.getProperty("root-keystore-type", "pkcs12");
+        String rootKeyStorePassword = getRequiredProperty("root-keystore-password");
+        String rootKeyAlias = getRequiredProperty("root-key-alias");
+
+        log.info("Output folder: {}", outputDir);
+        log.info("KeyStores to generate: {}", amount);
+        log.info("Root keystore: {}", rootKeyStorePath);
+        log.info("Root keystore type: {}", rootKeyStoreType);
+
+        KeyStore rootKeyStore = KeyStoreUtil.loadKeyStore(
+            Paths.get(rootKeyStorePath), rootKeyStoreType, rootKeyStorePassword
+        );
+        X509Certificate rootCert = (X509Certificate) rootKeyStore.getCertificate(rootKeyAlias);
+        var rootKeyPair = new KeyPair(
+            rootCert.getPublicKey(),
+            (PrivateKey) rootKeyStore.getKey(rootKeyAlias, rootKeyStorePassword.toCharArray())
+        );
+
+        for (int i = 0; i < amount; i++) {
+            var fileName = Paths.get(outputDir, String.format("ks-%d.p12", i + 1));
+            KeyStoreUtil.generateKeyStore(
+                fileName,
+                keyAlias,
+                keystorePassword,
+                "localhost",
+                rootKeyPair,
+                rootCert,
+                i % 2 == 0 ? CertUtil::generateEcKeyPair : CertUtil::generateRsaKeyPair
+            );
+        }
+    }
+
+    private static String getRequiredProperty(String property) {
+        return Optional.ofNullable(System.getProperty(property))
+            .orElseThrow(() -> new IllegalArgumentException(
+                "Required property '" + property + "' not set."
+            ));
+    }
+}
diff --git a/gatling-tests/src/main/java/ee/cyber/cdoc20/server/datagen/KeyStoreUtil.java b/gatling-tests/src/main/java/ee/cyber/cdoc20/server/datagen/KeyStoreUtil.java
new file mode 100644
index 00000000..57a7f2a8
--- /dev/null
+++ b/gatling-tests/src/main/java/ee/cyber/cdoc20/server/datagen/KeyStoreUtil.java
@@ -0,0 +1,82 @@
+package ee.cyber.cdoc20.server.datagen;
+
+import java.io.FileInputStream;
+import java.io.FileOutputStream;
+import java.nio.file.Path;
+import java.security.KeyPair;
+import java.security.KeyStore;
+import java.security.PrivateKey;
+import java.security.cert.Certificate;
+import java.security.cert.X509Certificate;
+import java.util.function.Supplier;
+import javax.security.auth.x500.X500Principal;
+import lombok.SneakyThrows;
+import lombok.extern.slf4j.Slf4j;
+
+/**
+ * Utility class for dealing with key stores
+ */
+@Slf4j
+public final class KeyStoreUtil {
+    // the type of generated key store
+    public static final String KEY_STORE_TYPE = "pkcs12";
+
+    private KeyStoreUtil() {
+        // utility class
+    }
+
+    /**
+     * Generates a new key store, signs the certificate using the root certificate
+     * @param fullPath the absolute path of the file to write the keystore to
+     * @param alias the alias
+     * @param password the keystore password
+     * @param cn the CN for the certificate
+     * @param caKeyPair the CA keypair to use to sign the certificate
+     * @param caCert the CA certificate
+     * @param keyPairGenerator the key pair generator
+     */
+    @SneakyThrows
+    public static void generateKeyStore(Path fullPath, String alias, String password, String cn,
+            KeyPair caKeyPair, X509Certificate caCert, Supplier<KeyPair> keyPairGenerator) {
+        KeyStore ks = KeyStore.getInstance(KEY_STORE_TYPE);
+        // no password
+        ks.load(null, null);
+
+        try (var out = new FileOutputStream(fullPath.toAbsolutePath().toString())) {
+            X500Principal subject = new X500Principal("CN=" + cn);
+            X500Principal signer = caCert.getIssuerX500Principal();
+
+            var clientKeys = keyPairGenerator.get();
+            var clientCert = CertUtil.generateCertificate(
+                subject, clientKeys, signer, caKeyPair, cn
+            );
+
+            X509Certificate[] chain = new X509Certificate[2];
+            chain[0] = clientCert;
+            chain[1] = caCert;
+
+            ks.setKeyEntry(alias, clientKeys.getPrivate(), password.toCharArray(), chain);
+            ks.store(out, password.toCharArray());
+        }
+    }
+
+    @SneakyThrows
+    public static KeyStore loadKeyStore(Path file, String type, String password) {
+        KeyStore ks = KeyStore.getInstance(type);
+        ks.load(new FileInputStream(file.toAbsolutePath().toString()), password.toCharArray());
+        log.info("Loaded keystore {} with {} entries", file, ks.size());
+        return ks;
+    }
+
+    @SneakyThrows
+    public static Certificate getCertificate(KeyStore keyStore, String password, String alias) {
+        var key = keyStore.getKey(alias, password.toCharArray());
+        if (key instanceof PrivateKey) {
+            return keyStore.getCertificate(alias);
+        } else {
+            throw new IllegalArgumentException(
+                "Unsupported keystore, expecting private key, got " + key.getClass()
+            );
+        }
+    }
+}
diff --git a/gatling-tests/src/main/java/ee/cyber/cdoc20/server/dto/GeneratedCapsule.java b/gatling-tests/src/main/java/ee/cyber/cdoc20/server/dto/GeneratedCapsule.java
new file mode 100644
index 00000000..c8ee31bc
--- /dev/null
+++ b/gatling-tests/src/main/java/ee/cyber/cdoc20/server/dto/GeneratedCapsule.java
@@ -0,0 +1,15 @@
+package ee.cyber.cdoc20.server.dto;
+
+import ee.cyber.cdoc20.server.conf.LoadedKeyStore;
+
+/**
+ * Generated capsule
+ *
+ * @param keyStore      keystore with client certificate used by this user
+ * @param request       the request payload for the server
+ */
+public record GeneratedCapsule(
+    LoadedKeyStore keyStore,
+    KeyCapsuleRequest request
+) {
+}
diff --git a/gatling-tests/src/main/java/ee/cyber/cdoc20/server/dto/KeyCapsuleRequest.java b/gatling-tests/src/main/java/ee/cyber/cdoc20/server/dto/KeyCapsuleRequest.java
new file mode 100644
index 00000000..9182c883
--- /dev/null
+++ b/gatling-tests/src/main/java/ee/cyber/cdoc20/server/dto/KeyCapsuleRequest.java
@@ -0,0 +1,29 @@
+package ee.cyber.cdoc20.server.dto;
+
+import lombok.AllArgsConstructor;
+import lombok.Getter;
+
+import com.fasterxml.jackson.annotation.JsonProperty;
+
+/**
+ * CDOC 2.0 key capsule request DTO
+ */
+@Getter
+@AllArgsConstructor
+public class KeyCapsuleRequest {
+
+    /**
+     * Base64 encoded public key
+     */
+    @JsonProperty("recipient_id")
+    private String recipientId;
+
+    /**
+     * Base64 encoded key material
+     */
+    @JsonProperty("ephemeral_key_material")
+    private String ephemeralKeyMaterial;
+
+    @JsonProperty("capsule_type")
+    private KeyCapsuleType capsuleType;
+}
diff --git a/gatling-tests/src/main/java/ee/cyber/cdoc20/server/dto/KeyCapsuleType.java b/gatling-tests/src/main/java/ee/cyber/cdoc20/server/dto/KeyCapsuleType.java
new file mode 100644
index 00000000..5322debd
--- /dev/null
+++ b/gatling-tests/src/main/java/ee/cyber/cdoc20/server/dto/KeyCapsuleType.java
@@ -0,0 +1,9 @@
+package ee.cyber.cdoc20.server.dto;
+
+/**
+ * CDOC 2.0 key capsule type
+ */
+public enum KeyCapsuleType {
+    ecc_secp384r1,
+    rsa;
+}
diff --git a/gatling-tests/src/main/java/ee/cyber/cdoc20/server/scenarios/EccKeyCapsuleScenarios.java b/gatling-tests/src/main/java/ee/cyber/cdoc20/server/scenarios/EccKeyCapsuleScenarios.java
new file mode 100644
index 00000000..9aaa266c
--- /dev/null
+++ b/gatling-tests/src/main/java/ee/cyber/cdoc20/server/scenarios/EccKeyCapsuleScenarios.java
@@ -0,0 +1,93 @@
+package ee.cyber.cdoc20.server.scenarios;
+
+import ee.cyber.cdoc20.server.TestDataGenerator;
+import ee.cyber.cdoc20.server.conf.TestConfig;
+import io.gatling.commons.shared.unstable.util.Ssl;
+import io.gatling.javaapi.core.ChainBuilder;
+import io.gatling.javaapi.core.ScenarioBuilder;
+import io.netty.handler.codec.http.HttpResponseStatus;
+import javax.net.ssl.KeyManagerFactory;
+import lombok.extern.slf4j.Slf4j;
+import scala.Option;
+import scala.Some;
+import static ee.cyber.cdoc20.server.scenarios.ScenarioIdentifiers.NEG_GET_02;
+import static ee.cyber.cdoc20.server.scenarios.ScenarioIdentifiers.NEG_GET_03;
+import static ee.cyber.cdoc20.server.scenarios.ScenarioIdentifiers.NEG_GET_04;
+import static ee.cyber.cdoc20.server.scenarios.ScenarioIdentifiers.NEG_GET_05;
+import static ee.cyber.cdoc20.server.scenarios.ScenarioIdentifiers.NEG_GET_06;
+import static ee.cyber.cdoc20.server.scenarios.ScenarioIdentifiers.POS_GET_02;
+import static ee.cyber.cdoc20.server.scenarios.ScenarioIdentifiers.POS_PUT_01;
+import static ee.cyber.cdoc20.server.scenarios.ScenarioIdentifiers.POS_PUT_03;
+import static io.gatling.javaapi.core.CoreDsl.scenario;
+
+/**
+ * Test scenarios for elliptic curve key capsules
+ */
+@Slf4j
+@SuppressWarnings("unchecked") // compiler warning come from usage of Gatling API
+public class EccKeyCapsuleScenarios extends KeyCapsuleScenarios {
+
+    public EccKeyCapsuleScenarios(TestConfig conf, TestDataGenerator generator) {
+        super(conf, generator);
+    }
+
+    // returns the key store to use for the user injected by Gatling
+    public KeyManagerFactory getKeyManager(long userId) {
+        var keyStore = this.testData.getEccKeyStore(userId);
+        return Ssl.newKeyManagerFactory(
+            new Some<>(keyStore.keyStoreType()),
+            keyStore.file().getAbsolutePath(),
+            keyStore.password(),
+            Option.empty()
+        );
+    }
+
+    public ScenarioBuilder sendAndGetEccKeyCapsule() {
+        return scenario("Send and get ecc capsule")
+            .exec(this.sendEccKeyCapsule(), this.getAndCheckEccKeyCapsule());
+    }
+
+    public ScenarioBuilder getRecipientMismatch() {
+        return scenario("Request EC capsule with mismatching recipient")
+            .exec(this.sendKeyCapsuleCheckSuccess(
+                this.testData::generateEccCapsuleWithWrongRecipient, NEG_GET_06 + " create")
+            )
+            .exec(this.checkKeyCapsuleMismatch(NEG_GET_06 + " get"));
+    }
+
+    public ScenarioBuilder getWithInvalidTransactionIds() {
+        return scenario("Request capsule with invalid transactionId values")
+            .exec(
+                this.checkInvalidTransactionId(
+                    NEG_GET_02, TestDataGenerator.randomString(TX_ID_MIN_LENGTH),
+                    HttpResponseStatus.NOT_FOUND
+                ),
+                this.checkInvalidTransactionId(NEG_GET_03, "123", HttpResponseStatus.BAD_REQUEST),
+                this.checkInvalidTransactionId(NEG_GET_04, "", HttpResponseStatus.METHOD_NOT_ALLOWED),
+                this.checkInvalidTransactionId(
+                    NEG_GET_05, TestDataGenerator.randomString(TX_ID_MAX_LENGTH + 1),
+                    HttpResponseStatus.BAD_REQUEST
+                )
+            )
+            .exitHereIfFailed();
+    }
+
+    public ChainBuilder sendEccKeyCapsule() {
+        return this.sendKeyCapsuleCheckSuccess(
+            this.testData::generateEccCapsule, POS_PUT_01 + " - Create ecc key capsule"
+        );
+    }
+
+    public ScenarioBuilder sendEccKeyCapsuleRepeatedly() {
+        var capsule = this.testData.generateEccCapsule(1L);
+
+        return scenario("Send same ecc capsule twice").exec(
+            this.sendKeyCapsuleCheckSuccess(x -> capsule, POS_PUT_03 + " - 1st"),
+            this.sendKeyCapsuleCheckSuccess(x -> capsule, POS_PUT_03 + " - 2nd")
+        );
+    }
+
+    private ChainBuilder getAndCheckEccKeyCapsule() {
+        return this.checkLatestKeyCapsule(POS_GET_02 + " - Get correct ecc key capsule");
+    }
+}
diff --git a/gatling-tests/src/main/java/ee/cyber/cdoc20/server/scenarios/KeyCapsuleScenarios.java b/gatling-tests/src/main/java/ee/cyber/cdoc20/server/scenarios/KeyCapsuleScenarios.java
new file mode 100644
index 00000000..ff64a653
--- /dev/null
+++ b/gatling-tests/src/main/java/ee/cyber/cdoc20/server/scenarios/KeyCapsuleScenarios.java
@@ -0,0 +1,179 @@
+package ee.cyber.cdoc20.server.scenarios;
+
+import ee.cyber.cdoc20.server.TestDataGenerator;
+import ee.cyber.cdoc20.server.conf.TestConfig;
+import ee.cyber.cdoc20.server.dto.GeneratedCapsule;
+import io.gatling.javaapi.core.ChainBuilder;
+import io.gatling.javaapi.core.ScenarioBuilder;
+import io.netty.handler.codec.http.HttpResponseStatus;
+import java.util.Optional;
+import java.util.Random;
+import java.util.Set;
+import java.util.concurrent.ConcurrentHashMap;
+import java.util.function.Function;
+import lombok.RequiredArgsConstructor;
+import lombok.extern.slf4j.Slf4j;
+import static io.gatling.javaapi.core.CoreDsl.StringBody;
+import static io.gatling.javaapi.core.CoreDsl.bodyLength;
+import static io.gatling.javaapi.core.CoreDsl.bodyString;
+import static io.gatling.javaapi.core.CoreDsl.doIfOrElse;
+import static io.gatling.javaapi.core.CoreDsl.exec;
+import static io.gatling.javaapi.core.CoreDsl.scenario;
+import static io.gatling.javaapi.http.HttpDsl.header;
+import static io.gatling.javaapi.http.HttpDsl.http;
+import static io.gatling.javaapi.http.HttpDsl.status;
+
+/**
+ * Base class for key capsule test scenarios
+ */
+@RequiredArgsConstructor
+@SuppressWarnings("unchecked") // compiler warning come from usage of Gatling API
+@Slf4j
+public abstract class KeyCapsuleScenarios {
+    private static final Random RANDOM = new Random();
+
+    // context path of the API (
+    protected static final String API_ENDPOINT = "/key-capsules";
+
+    protected final TestConfig testConf;
+    protected final TestDataGenerator testData;
+
+    // holds latest sent data for each user (used in verifying that the same data was received back)
+    protected final ConcurrentHashMap<Long, GeneratedCapsule> sentData = new ConcurrentHashMap<>();
+    // holds received urls (with transaction ids) for created capsules
+    protected final Set<String> createdCapsuleUrls = ConcurrentHashMap.newKeySet();
+
+    // key capsule transactionId min length
+    protected static final int TX_ID_MIN_LENGTH = 18;
+    // key capsule transactionId max length
+    protected static final int TX_ID_MAX_LENGTH = 34;
+
+    // key capsule key material max length in bytes
+    protected static final int KEY_MATERIAL_MAX_LENGTH = 2100;
+
+    // Gatling session variables
+    protected static final String LOCATION = "location";
+
+    public ScenarioBuilder getRandomKeyCapsule(String scenarioName) {
+        return scenario(scenarioName).exec(this.getRandomKeyCapsule);
+    }
+
+    /**
+     * Sends the capsule and verifies successful response.
+     */
+    protected ChainBuilder sendKeyCapsuleCheckSuccess(Function<Long, GeneratedCapsule> capsuleGenerator,
+            String requestName) {
+        return exec(
+            http(requestName)
+                .post(this.testConf.getPutServerBaseUrl() + API_ENDPOINT)
+                .body(StringBody(session -> {
+                    var userId = session.userId();
+                    var capsule = capsuleGenerator.apply(userId);
+                    this.sentData.put(userId, capsule);
+                    return TestDataGenerator.toJson(capsule.request());
+                })).asJson()
+                .check(
+                    status().is(HttpResponseStatus.CREATED.code()),
+                    header("Location").exists().saveAs(LOCATION),
+                    header("Location").transformWithSession((location, session) -> {
+                        // save the created capsule url
+                        this.createdCapsuleUrls.add(location);
+                        return location;
+                    })
+                )
+            ).exitHereIfFailed();
+    }
+
+    /**
+     * Sends the capsule and verifies that an error response was received.
+     */
+    protected ChainBuilder sendKeyCapsuleCheckError(Function<Long, GeneratedCapsule> capsuleGenerator,
+            String requestName, HttpResponseStatus errorResponse) {
+        return exec(
+            http(requestName)
+                .post(this.testConf.getPutServerBaseUrl() + API_ENDPOINT)
+                .body(StringBody(session -> {
+                    var userId = session.userId();
+                    var capsule = capsuleGenerator.apply(userId);
+                    return TestDataGenerator.toJson(capsule.request());
+                })).asJson()
+                .check(
+                    status().not(HttpResponseStatus.OK.code()),
+                    status().not(HttpResponseStatus.CREATED.code()),
+                    status().is(errorResponse.code()),
+                    header("Location").notExists() // location header must not exist
+                )
+            ).exitHereIfFailed();
+    }
+
+    protected ChainBuilder checkLatestKeyCapsule(String testCaseName) {
+        return exec(
+            http(testCaseName)
+                .get(session -> this.testConf.getGetServerBaseUrl() + session.getString(LOCATION))
+                .check(
+                    status().is(HttpResponseStatus.OK.code()),
+                    // check that the same data we sent is returned
+                    bodyString().is(session -> TestDataGenerator.toJson(
+                        this.getSentData(session.userId()).request()
+                    ))
+                )
+        ).exitHereIfFailed();
+    }
+
+    protected ChainBuilder checkKeyCapsuleMismatch(String testCaseName) {
+        return exec(
+            http(testCaseName)
+                .get(session -> this.testConf.getGetServerBaseUrl() + session.getString(LOCATION))
+                .check(
+                    status().is(HttpResponseStatus.NOT_FOUND.code()),
+                    bodyLength().is(0)
+                )
+        ).exitHereIfFailed();
+    }
+
+    // sends a request with the given transaction id and checks it to be handled as invalid input
+    protected ChainBuilder checkInvalidTransactionId(String testId, String transactionId,
+            HttpResponseStatus expectedResponse) {
+        return exec(
+            http(testId + " - with invalid txId '" + transactionId + "'")
+                .get(this.testConf.getGetServerBaseUrl() + API_ENDPOINT + '/' + transactionId)
+                .check(
+                    status().is(expectedResponse.code()),
+                    bodyLength().is(0)
+                )
+        );
+    }
+
+    protected GeneratedCapsule getSentData(Long userId) {
+        return Optional.ofNullable(this.sentData.get(userId))
+            .orElseThrow(() -> new RuntimeException("No sent data for user " + userId));
+    }
+
+    private ChainBuilder getRandomKeyCapsule =
+        doIfOrElse(session -> !this.createdCapsuleUrls.isEmpty()).then(
+            exec(
+                http("Get random previously created key capsule")
+                    .get(session -> this.getRandomSavedCapsuleUrl())
+                    .check(
+                        status().in(
+                            HttpResponseStatus.OK.code(), // client key matches recipient pub key
+                            HttpResponseStatus.NOT_FOUND.code() // client key mismatch
+                        )
+                    )
+            )
+            .exitHereIfFailed()
+        ).orElse(
+            exec(session -> {
+                log.error("Failed to get random capsule: no capsules created yet");
+                return session;
+            })
+        );
+
+    private String getRandomSavedCapsuleUrl() {
+        if (this.createdCapsuleUrls.isEmpty()) {
+            throw new IllegalArgumentException("No capsule urls saved yet");
+        }
+        var urls = this.createdCapsuleUrls.toArray(new String[0]);
+        return urls[RANDOM.nextInt(urls.length)];
+    }
+}
diff --git a/gatling-tests/src/main/java/ee/cyber/cdoc20/server/scenarios/RsaKeyCapsuleScenarios.java b/gatling-tests/src/main/java/ee/cyber/cdoc20/server/scenarios/RsaKeyCapsuleScenarios.java
new file mode 100644
index 00000000..38279eef
--- /dev/null
+++ b/gatling-tests/src/main/java/ee/cyber/cdoc20/server/scenarios/RsaKeyCapsuleScenarios.java
@@ -0,0 +1,112 @@
+package ee.cyber.cdoc20.server.scenarios;
+
+import ee.cyber.cdoc20.server.TestDataGenerator;
+import ee.cyber.cdoc20.server.conf.TestConfig;
+import ee.cyber.cdoc20.server.datagen.CertUtil;
+import ee.cyber.cdoc20.server.dto.GeneratedCapsule;
+import ee.cyber.cdoc20.server.dto.KeyCapsuleRequest;
+import ee.cyber.cdoc20.server.dto.KeyCapsuleType;
+import io.gatling.commons.shared.unstable.util.Ssl;
+import io.gatling.javaapi.core.ChainBuilder;
+import io.gatling.javaapi.core.ScenarioBuilder;
+import io.netty.handler.codec.http.HttpResponseStatus;
+import java.security.interfaces.RSAPublicKey;
+import java.util.Base64;
+import javax.net.ssl.KeyManagerFactory;
+import lombok.extern.slf4j.Slf4j;
+import scala.Option;
+import scala.Some;
+import static ee.cyber.cdoc20.server.scenarios.ScenarioIdentifiers.NEG_GET_08;
+import static ee.cyber.cdoc20.server.scenarios.ScenarioIdentifiers.NEG_PUT_01;
+import static ee.cyber.cdoc20.server.scenarios.ScenarioIdentifiers.POS_GET_01;
+import static ee.cyber.cdoc20.server.scenarios.ScenarioIdentifiers.POS_PUT_02;
+import static ee.cyber.cdoc20.server.scenarios.ScenarioIdentifiers.POS_PUT_04;
+import static ee.cyber.cdoc20.server.scenarios.ScenarioIdentifiers.POS_PUT_06;
+import static io.gatling.javaapi.core.CoreDsl.scenario;
+
+/**
+ * Test scenarios for RSA key capsules
+ */
+@Slf4j
+@SuppressWarnings("unchecked") // compiler warning come from usage of Gatling API
+public class RsaKeyCapsuleScenarios extends KeyCapsuleScenarios {
+
+    public RsaKeyCapsuleScenarios(TestConfig conf, TestDataGenerator generator) {
+        super(conf, generator);
+    }
+
+    // returns the key store to use for the user injected by Gatling
+    public KeyManagerFactory getKeyManager(long userId) {
+        var keyStore = this.testData.getRsaKeyStore(userId);
+        return Ssl.newKeyManagerFactory(
+            new Some<>(keyStore.keyStoreType()),
+            keyStore.file().getAbsolutePath(),
+            keyStore.password(),
+            Option.empty()
+        );
+    }
+
+    public ScenarioBuilder sendAndGetRsaKeyCapsule() {
+        return scenario("Send and get rsa capsule")
+            .exec(this.sendRsaKeyCapsule(), this.getAndCheckRsaKeyCapsule());
+    }
+
+    public ScenarioBuilder sendAndGetRecipientMismatch() {
+        return scenario("Request RSA capsule with mismatching recipient")
+            .exec(
+                this.sendKeyCapsuleCheckSuccess(
+                    this.testData::generateRsaCapsuleWithWrongRecipient, NEG_GET_08 + " create"
+                )
+            )
+            .exec(this.checkKeyCapsuleMismatch(NEG_GET_08 + " get"));
+    }
+
+    public ScenarioBuilder sendRsaKeyCapsuleRepeatedly() {
+        var capsule = this.testData.generateRsaCapsule(1L);
+
+        return scenario("Send same rsa capsule twice").exec(
+            this.sendKeyCapsuleCheckSuccess(x -> capsule, POS_PUT_04 + " - 1st"),
+            this.sendKeyCapsuleCheckSuccess(x -> capsule, POS_PUT_04 + " - 2nd")
+        );
+    }
+
+    public ScenarioBuilder sendRsaKeyCapsuleRandomKeyMaterial() {
+        var keyStore = this.testData.getRandomRsaKeyStore();
+        var payload = new KeyCapsuleRequest(
+            CertUtil.encodePublicKey((RSAPublicKey) keyStore.publicKey()),
+            Base64.getEncoder().encodeToString(TestDataGenerator.randomBytes(KEY_MATERIAL_MAX_LENGTH)),
+            KeyCapsuleType.rsa
+        );
+        var capsule = new GeneratedCapsule(keyStore, payload);
+
+        return scenario("Send rsa capsule with random material").exec(
+            this.sendKeyCapsuleCheckSuccess(x -> capsule, POS_PUT_06)
+        );
+    }
+
+    public ScenarioBuilder sendRsaKeyCapsuleTooBigKeyMaterial() {
+        var keyStore = this.testData.getRandomRsaKeyStore();
+        var payload = new KeyCapsuleRequest(
+            CertUtil.encodePublicKey((RSAPublicKey) keyStore.publicKey()),
+            Base64.getEncoder().encodeToString(TestDataGenerator.randomBytes(KEY_MATERIAL_MAX_LENGTH + 1)),
+            KeyCapsuleType.rsa
+        );
+        var capsule = new GeneratedCapsule(keyStore, payload);
+
+        return scenario("Create rsa capsule with too big key material").exec(
+            this.sendKeyCapsuleCheckError(x -> capsule, NEG_PUT_01, HttpResponseStatus.BAD_REQUEST)
+        );
+    }
+
+    public ChainBuilder sendRsaKeyCapsule() {
+        return this.sendKeyCapsuleCheckSuccess(
+            this.testData::generateRsaCapsule,
+            POS_PUT_02 + " - Create rsa key capsule"
+        );
+    }
+
+    private ChainBuilder getAndCheckRsaKeyCapsule() {
+        return this.checkLatestKeyCapsule(POS_GET_01 + " - Get correct rsa key capsule");
+    }
+
+}
diff --git a/gatling-tests/src/main/java/ee/cyber/cdoc20/server/scenarios/ScenarioIdentifiers.java b/gatling-tests/src/main/java/ee/cyber/cdoc20/server/scenarios/ScenarioIdentifiers.java
new file mode 100644
index 00000000..6e3e2bdc
--- /dev/null
+++ b/gatling-tests/src/main/java/ee/cyber/cdoc20/server/scenarios/ScenarioIdentifiers.java
@@ -0,0 +1,27 @@
+package ee.cyber.cdoc20.server.scenarios;
+
+/**
+ * Test scenario identifiers
+ */
+public final class ScenarioIdentifiers {
+    private ScenarioIdentifiers() {
+    }
+
+    public static final String POS_PUT_01 = "ECC-PUT_CAPSULE-POS-01-ONCE";
+    public static final String POS_PUT_02 = "RSA-PUT_CAPSULE-POS-01-ONCE";
+    public static final String POS_PUT_03 = "ECC-PUT_CAPSULE-POS-02-REPEATEDLY";
+    public static final String POS_PUT_04 = "RSA-PUT_CAPSULE-POS-02-REPEATEDLY";
+    public static final String POS_PUT_06 = "RSA-PUT-CAPSULE-POS-03-RANDOM_CONTENT";
+
+    public static final String POS_GET_01 = "RSA-GET_CAPSULE-POS-01-CORRECT_REQUEST";
+    public static final String POS_GET_02 = "ECC-GET_CAPSULE-POS-01-CORRECT_REQUEST";
+
+    public static final String NEG_GET_02 = "GET_CAPSULE-NEG-02-RANDOM_UUID_TRANSACTION_ID";
+    public static final String NEG_GET_03 = "GET_CAPSULE-NEG-03-TOO_SHORT_TRANSACTION_ID";
+    public static final String NEG_GET_04 = "GET_CAPSULE-NEG-04-EMPTY_STRING_TRANSACTION_ID";
+    public static final String NEG_GET_05 = "GET_CAPSULE-NEG-05-TOO_LONG_RANDOM_STRING_TRANSACTION_ID";
+    public static final String NEG_GET_06 = "ECC-GET_CAPSULE-NEG-06-PUBLIC_KEY_NOT_MATCHING";
+    public static final String NEG_GET_08 = "RSA-GET_CAPSULE-NEG-08-PUBLIC_KEY_NOT_MATCHING";
+
+    public static final String NEG_PUT_01 = "RSA-PUT_CAPSULE-NEG-01-CAPSULE_TOO_BIG";
+}
diff --git a/gatling-tests/src/test/resources/application.conf.sample b/gatling-tests/src/test/resources/application.conf.sample
new file mode 100644
index 00000000..e42f296d
--- /dev/null
+++ b/gatling-tests/src/test/resources/application.conf.sample
@@ -0,0 +1,43 @@
+# CDOC2.0 Gatling tests configuration
+
+# create capsule server configuration
+put-server {
+# the base url of the server
+  base-url = "https://localhost:8443"
+}
+
+# fetch capsule server configuration
+get-server {
+  # the base url of the server
+  base-url = "https://localhost:8444"
+}
+
+# key stores to use in communicating with the server
+client-keystores {
+    # absolute path to the folder containing client keystore files
+    path = "/home/user/cdoc20_java/gatling-tests/src/test/resources/keys/test-clients"
+    # keystore password (must be the same for all keystores)
+    password = "secret"
+    # alias for the key entry
+    alias = "client-key"
+}
+
+# Load test configuration
+# See https://gatling.io/docs/gatling/reference/current/core/injection/#incrementuserspersec
+# for details.
+load-test {
+    create-capsule {
+        start-users-per-second = 10
+        increment-users-per-second = 10
+        increment-cycles = 3
+        cycle-duration-seconds = 10
+    }
+    get-capsule {
+        start-users-per-second = 10
+        increment-users-per-second = 10
+        increment-cycles = 3
+        cycle-duration-seconds = 10
+        # wait for some capsules to be created for get capsule input
+        initial-delay-seconds = 5
+    }
+}
diff --git a/gatling-tests/src/test/resources/cdoc20client.p12 b/gatling-tests/src/test/resources/cdoc20client.p12
new file mode 100644
index 0000000000000000000000000000000000000000..7bd88c71f8e0179638cdbd9122f90e55930262c4
GIT binary patch
literal 1330
zcmXqLV%1|}WHxAGxxvP%)#lOmotKfFaX}NyNtPy-qd?(<22G3}C{m1;EKQ82Kw(25
z)@9>{>f+&IWLnU8)}Zl}K^j~=E3ZMMfdzugW1!6<l4#V-_O0K(@O)8(yFk&FT(!KY
z7fej*0!)kw20UyW5c8NgSs4su**Fv0JQ!1%Ss1lg1bkAB=Kj2@^EWL)W@FDq15K8M
zzyGd;D7BOwTqphWz&2$+o`3rU%4cp-SS0Xii(kkp^9=4E-pV%@)F{k*Y~Aj(#Nws*
z#T~2H-$|IE7xnVY@9I6bA}>3#3;IkFN-?=He_GhZO9tjgIk<c4vL{q+v3+>@D665L
zfhOGXoFaxYa#9S*3@HrxK+=f8fI$~X=P+b4q%!0&lo%)?l!_XPun2`@=B6qbnwc7!
zSQ;6cnHgJJ7&I{#!WFTzEofp+0t&@3F){$DaD)sap&&fknxE7A^6osNjR*dVO=B)l
zEm+w_Oc3e?30)O8KhiYy=|_jgBWD*hG%-E6bmruB-^R_E=BJ<eiEOW_E<e7-PAZE@
zx6v$DYtml5$Z0QK-^Xo_`@y$K?D>!8n`!5zmYkgvEnZ}~Y0tZj4O`VtpKI2C@<goT
zz_C>&VrI?~Cl|0x%ggsz=NrmfcY5a0yF#0!V_te0%UK@Km(?w?nXqY@peoCauk%{E
zLyK(wKhAXC9LV<Pr%TxGQzqLFzML;(cAzokuetpzwqD)8Th&|oJoX2dRK=y9X9*X5
zmLQ^Uw(af1zB>w~=a+73Ff(G>o%=R^{dX~qVDSr%z5k?{7AdYOYL$1`9xh_abKCZQ
z^1nnW`wI>&N7lPvvEnk4`><~5t68rjj&6_IQ}N|x+{@-8nT!He_g;JxxTzB?Y3P`g
zF~i5k`8qe_IWF~oPgft#h}hkc8gl*SqK$Jbljr&g9`+MW+Ix5*kMh1L4@@L4AFTbi
zNUeGE#e%=d3xBNtsXe7}Z{@A+?mqv|-jz02(r^Es+&U?Q_2o*3u2QXSue5fp>Uh#`
zvFnx7cikmwrB~zCAFK_Ccs6mZkoRHt^m#{FeuaI^5L)Vg%{5hPud(r}2b(RsnCI`2
zaw|2OK3DRKlu1@!$C-C=My@x#Km0n}t+RNdrs@l~O>3uqUA=fR<EkezVh1)AG$pSU
zkPT*=S(hdwyzl-bjdR}uRoBfd{9NM_&7*s}@zR%j2Swk!3V(O-@RRFbm&SAW-7}eA
z{wrRA{jmGj({>wUtD|*v?WFJgv09`TUMVgVt*D~bvHG9||M|Y>>Q`TOTQ2i;SH95G
zIJ=RtFm{HP!ET;+=jB5$UpsrJM)AS>(2!RLj3h2!ah(yh%kbs#Fm^wwS=*+Vsus3?
zy!H82*#4@v`CrWhb{5TT-+Hq}v-LsG`<SNYkI5gN7)UP)tSVge$j?A+<AyVDs~q(1
zJ1pir!CrjC!NmGf#>rP7p8GAIx@_*clet$4N~Wq#|E4E&?6vJL>kpmT@w4rYJa^qO
zk!$9mkHTy6So-fC-?rN0%)9afQ%mRNoH6h<Ff`zWmn2M#tPCs)9x<_(1z44Sg^AB~
zFgeq>|4=$hi-^|$E%IW~MGL(}`dLKY>|S=7A?^FFyw$hL{Qh5`xq&^A2b9GC3`R33

literal 0
HcmV?d00001

diff --git a/gatling-tests/src/test/resources/keys/gatling-ca.p12 b/gatling-tests/src/test/resources/keys/gatling-ca.p12
new file mode 100644
index 0000000000000000000000000000000000000000..8dda1bf527cd8b197cb54ce1a77bbabe59d634d0
GIT binary patch
literal 1308
zcmXqLVwGTGWHxAGImE`P)#lOmotKfFaX}NyW|k(F^+4g(22G4kC{m2ZEKQ91Kw)hl
zR%hde>f+&IWLnU8)}Zl}K^j~=E3ZMMfdzugW1!6<(w)q{*gsi*mN`RK!`1@_9=E?g
z%E82>F2Ka7V8Fx10Wpt>la;|hmW?x^&4V$OnT1h{Mc@;kb8bwt;NSa4cumu@n$1}f
zenbZ>>AEeE%=u99@{gc8nGZMi&$P}uDjjv=R?m~RHUsIW#rg}31#h0t?a?=tT0BG4
zXrijcG*$L!eeY+EuiW33*6wXlf8bs}wI=1~I`j6-68kgBn|^SF*)J5*wfquz$k4+;
z8SZ#a5koOK5r%YzM1~TE9EMDWJRn<_A(<i3KoOxx)KG*)C?qpCRl(5A%)s2p*v!<(
z%)-K;i8&Fjh@EXg6LSzy$d8GU0Z6$cWEcqr-r1EqIfDMzrAX~L;8+^Zu%R&JM-(xE
zC!KVl{CMiVU(R7?0~KlwH#RgeU8uC2{<h)p)CXlR*6(0@XkI*FjbM>rb*W!#3&){U
z{ji>Fjo7=(AAPK~?%DD5jv~{Jn0xCR;;i%71otmh`Y9Y)`{Vf8>kC@FS`O^_k!_bc
z&7#!Pe!<!mte5#UOMWEU@b<0`TRfK~Q_B4MhPNl1|CfGrcdV;;$iumC`H`rLkp~Q~
zJeeut6}dyf?NH7ftA#1eOIC^(dha_O667St$6uB&_hgot!xb~9kT1tsP6}1}8t%C$
z&2_lroJyj3jMQe8)8?+S+RPW9H`}V2yfZbF-q`j(X-jnQx)~)(vnTjCFTA_gKL6dG
zb3W$5?@f5OwJy2%X69sz<X}N*GnuSaAvRaLcC0?$5hbBf^F4S6_pL2Y4r;Eyw(?AB
z_{n+eg%v;cWZt#v3luOlW9dBq@+DvDg9qY!m?V80-()N}$MNe_*K(U1Z$m{3&n>wj
z!sGG(y*clM=ns;z_T@_tYvrey-;-dsahRQcdBW18Q{Buz6^Lx8`lk3+#V8@`p3hAY
z2_<3E!*@$~AB1X2wy)k(8*p0n|0@p8+=q;-YcknXCBI9C{q51XaJys1nG5@#cuJfT
zNvZv^)o%L#Xv3ogXXV_r{MD8$&|MQ%RI+3Sca8LnGc$IFCPb>unjG?Z?)N0ABeR&;
z78I;HZ^<a?r|t9O{0hZ=3;q=}ueLrFeqZ3GYkpYO{Orc7+mrqlCCaaTvc2r>%Qu_m
zt7=ZGi<~^^6h~qa@25)@vAjRpc1?Y;ZNqN<$(bf!e#&*ob025iHe*_h+)aT%!-=AC
zQ(n3Hl*!31myWM46f{i|)GZEcpP_Jucl)tLzZRO_In{GK&oR-SO?}xuksW6{-~G72
z+wXDr&9*f^1iJ5qJ@-#LZhE3kZ~jv|W|yaahA}T6na3w`+eYl4z4pmU|3Zh|ong{E
zUH8xAi*vN5{Bb#a!?-r|Sy#e^hsCOrYOOog{8{^4MSA-3)h(A_1Xh(PM8<qCHrlz#
zz}LXgfEQk7Ffp<+uqarmpSoG2+*HwO>^nQ8t9tg+wTpcxOHA<PdiT3-o!_)}77@<5
Z+nCEtW;8k4Sb8V;@*KL^bdm*>r2y6^6ZZfB

literal 0
HcmV?d00001

diff --git a/gatling-tests/src/test/resources/keys/gatling-ca.pem b/gatling-tests/src/test/resources/keys/gatling-ca.pem
new file mode 100644
index 00000000..fd0489c6
--- /dev/null
+++ b/gatling-tests/src/test/resources/keys/gatling-ca.pem
@@ -0,0 +1,15 @@
+-----BEGIN CERTIFICATE-----
+MIICSDCCAc2gAwIBAgIJAOBRPfdGvE8YMAoGCCqGSM49BAMEMGoxCzAJBgNVBAYT
+AkVFMRAwDgYDVQQIEwdVbmtub3duMRAwDgYDVQQHEwdUYWxsaW5uMRQwEgYDVQQK
+EwtDeWJlcm5ldGljYTEMMAoGA1UECxMDSVRPMRMwEQYDVQQDEwpHYXRsaW5nIENB
+MB4XDTIyMDgxNzA4MDczMloXDTIzMDgxNzA4MDczMlowajELMAkGA1UEBhMCRUUx
+EDAOBgNVBAgTB1Vua25vd24xEDAOBgNVBAcTB1RhbGxpbm4xFDASBgNVBAoTC0N5
+YmVybmV0aWNhMQwwCgYDVQQLEwNJVE8xEzARBgNVBAMTCkdhdGxpbmcgQ0EwdjAQ
+BgcqhkjOPQIBBgUrgQQAIgNiAARCAp54x81BBAZnA+fo73zaJpNAxIR5vFyG/EBP
+j3NvMkRSSiZABJ/uF85Qk1TmAK5+7I2Cg5g6dT8lb9JBDh9iWW28MnMOIYTDglOf
+qsGAIBo7HOaWqCLiLI41bKL5oI6jPzA9MB0GA1UdDgQWBBSOc+QzKfFtmItd8Cph
+TRuFZQPf+zALBgNVHQ8EBAMCAoQwDwYDVR0TBAgwBgEB/wIBAzAKBggqhkjOPQQD
+BANpADBmAjEA6FuSWYlw9MSy8w4UGNhET7TstFbM/P6gYgb2T+GEqq+kOMavybD8
+uQdbupALwg4FAjEA5K67Y51Fc5nMTHZYELoiwy/4SLylHRSzEWwzejv2mYpg+I/H
+2yyxduEnF5WvQdfc
+-----END CERTIFICATE-----
diff --git a/gatling-tests/src/test/resources/keys/test-clients/.gitignore b/gatling-tests/src/test/resources/keys/test-clients/.gitignore
new file mode 100644
index 00000000..edd25bc7
--- /dev/null
+++ b/gatling-tests/src/test/resources/keys/test-clients/.gitignore
@@ -0,0 +1 @@
+*.p12
diff --git a/gatling-tests/src/test/resources/logback-test.xml b/gatling-tests/src/test/resources/logback-test.xml
new file mode 100644
index 00000000..30a3798f
--- /dev/null
+++ b/gatling-tests/src/test/resources/logback-test.xml
@@ -0,0 +1,19 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<configuration>
+
+    <appender name="CONSOLE" class="ch.qos.logback.core.ConsoleAppender">
+        <encoder>
+            <pattern>%d{HH:mm:ss.SSS} [%-5level] %logger{15} - %msg%n%rEx</pattern>
+        </encoder>
+        <immediateFlush>false</immediateFlush>
+    </appender>
+
+    <!-- uncomment and set to DEBUG to log all failing HTTP requests -->
+    <!-- uncomment and set to TRACE to log all HTTP requests -->
+    <!--logger name="io.gatling.http.engine.response" level="TRACE" /-->
+
+    <root level="INFO">
+        <appender-ref ref="CONSOLE" />
+    </root>
+
+</configuration>
diff --git a/pom.xml b/pom.xml
new file mode 100644
index 00000000..3ad1f3cc
--- /dev/null
+++ b/pom.xml
@@ -0,0 +1,232 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd">
+
+    <modelVersion>4.0.0</modelVersion>
+
+    <version>0.6.0-SNAPSHOT</version>
+    <groupId>ee.cyber.cdoc20</groupId>
+    <artifactId>cdoc20</artifactId>
+    <description>CDOC 2.0 reference implementation </description>
+
+    <packaging>pom</packaging>
+
+    <properties>
+        <java.version>17</java.version>
+        <maven.compiler.source>17</maven.compiler.source>
+        <maven.compiler.target>17</maven.compiler.target>
+        <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
+
+        <sonar.qualitygate.wait>true</sonar.qualitygate.wait>
+
+        <!-- by default slow and pcks11 tests are excluded from running-->
+        <!-- ldap test require connection to external esteid.ldap.sk.ee server -->
+        <tests>!(pkcs11 | slow | ldap)</tests>
+
+        <junit.jupiter.version>5.8.2</junit.jupiter.version>
+        <lombok.version>1.18.24</lombok.version>
+        <logback-classic.version>1.2.11</logback-classic.version>
+        <exec-maven-plugin.version>3.0.0</exec-maven-plugin.version>
+        <maven-shade-plugin.version>3.3.0</maven-shade-plugin.version>
+        <bouncycastle.version>1.70</bouncycastle.version>
+        <spring-boot.version>2.7.5</spring-boot.version>
+        <spring.version>5.3.23</spring.version>
+        <gatling.version>3.9.0</gatling.version>
+        <gatling-maven-plugin.version>4.1.6</gatling-maven-plugin.version>
+
+        <sonar.coverage.jacoco.xmlReportPaths>
+            ${project.basedir}/cdoc20-lib/target/site/jacoco-aggregate/jacoco.xml,
+            ${project.basedir}/cdoc20-schema/target/site/jacoco-aggregate/jacoco.xml,
+            ${project.basedir}/cdoc20-cli/target/site/jacoco-aggregate/jacoco.xml
+        </sonar.coverage.jacoco.xmlReportPaths>
+    </properties>
+
+    <profiles>
+        <profile>
+            <id>allTests</id>
+            <properties>
+                <!-- empty, means all tests-->
+                <tests />
+            </properties>
+        </profile>
+
+        <profile>
+            <id>excludeSlowTests</id>
+            <properties>
+                <tests>!slow</tests>
+            </properties>
+        </profile>
+
+        <profile>
+            <id>excludePkcs11AndSlowTests</id>
+            <properties>
+                <tests>!(pkcs11 | slow)</tests>
+            </properties>
+        </profile>
+
+        <profile>
+            <id>coverage</id>
+            <build>
+                <plugins>
+                    <plugin>
+                        <!-- https://mvnrepository.com/artifact/org.jacoco/jacoco-maven-plugin -->
+                        <groupId>org.jacoco</groupId>
+                        <artifactId>jacoco-maven-plugin</artifactId>
+                        <version>0.8.7</version>
+                        <executions>
+                            <execution>
+                                <id>prepare-agent</id>
+                                <goals>
+                                    <goal>prepare-agent</goal>
+                                </goals>
+                            </execution>
+                            <execution>
+                                <id>report</id>
+                                <goals>
+                                    <goal>report</goal>
+                                </goals>
+                            </execution>
+                        </executions>
+                    </plugin>
+                </plugins>
+            </build>
+        </profile>
+    </profiles>
+
+    <!-- Configuration for Maven Release plugin -->
+    <scm>
+      <developerConnection>scm:git:git@repo-url</developerConnection>
+      <url>git@repo-url</url>
+      <tag>v0.0.1</tag>
+    </scm>
+
+    <modules>
+        <module>cdoc20-schema</module>
+        <module>cdoc20-lib</module>
+        <module>cdoc20-cli</module>
+        <module>cdoc20-openapi</module>
+        <module>cdoc20-server</module>
+        <module>cdoc20-client</module>
+        <module>gatling-tests</module>
+    </modules>
+
+    <dependencyManagement>
+        <dependencies>
+            <dependency>
+                <groupId>org.junit</groupId>
+                <artifactId>junit-bom</artifactId>
+                <version>${junit.jupiter.version}</version>
+                <type>pom</type>
+                <scope>import</scope>
+            </dependency>
+        </dependencies>
+    </dependencyManagement>
+
+
+    <dependencies>
+        <dependency>
+            <groupId>org.junit.jupiter</groupId>
+            <artifactId>junit-jupiter</artifactId>
+            <version>${junit.jupiter.version}</version>
+        </dependency>
+    </dependencies>
+
+    <build>
+        <pluginManagement>
+            <plugins>
+
+               <plugin>
+                    <groupId>org.apache.maven.plugins</groupId>
+                    <artifactId>maven-checkstyle-plugin</artifactId>
+                    <version>3.2.0</version>
+
+                    <configuration>
+                        <configLocation>checkstyle.xml</configLocation>
+                        <suppressionsLocation>checkstyle-suppressions.xml</suppressionsLocation>
+
+                        <sourceDirectories>
+                            <sourceDirectory>${project.build.sourceDirectory}</sourceDirectory>
+                            <sourceDirectory>${project.build.testSourceDirectory}</sourceDirectory>
+                        </sourceDirectories>
+
+
+                        <encoding>UTF-8</encoding>
+                        <consoleOutput>true</consoleOutput>
+
+                        <failsOnError>true</failsOnError>
+                        <failOnViolation>false</failOnViolation>
+
+                        <linkXRef>false</linkXRef>
+                    </configuration>
+                </plugin>
+
+                <plugin>
+                    <groupId>org.apache.maven.plugins</groupId>
+                    <artifactId>maven-jar-plugin</artifactId>
+
+                    <configuration>
+                        <excludes>
+                            <exclude>**/*-dev.properties</exclude>
+                            <exclude>**/logback.xml</exclude>
+                        </excludes>
+                    </configuration>
+                </plugin>
+                <plugin>
+                    <groupId>org.apache.maven.plugins</groupId>
+                    <artifactId>maven-surefire-plugin</artifactId>
+                    <version>2.22.0</version>
+                    <configuration>
+                        <trimStackTrace>false</trimStackTrace>
+                        <groups>${tests}</groups>
+                    </configuration>
+                </plugin>
+                <plugin>
+                    <groupId>org.apache.maven.plugins</groupId>
+                    <artifactId>maven-failsafe-plugin</artifactId>
+                    <version>2.22.0</version>
+                </plugin>
+
+                <plugin>
+                    <groupId>org.apache.maven.plugins</groupId>
+                    <artifactId>maven-release-plugin</artifactId>
+                    <version>3.0.0-M5</version>
+                    <configuration>
+                        <tagNameFormat>v@{project.version}</tagNameFormat>
+                    </configuration>
+                </plugin>
+            </plugins>
+        </pluginManagement>
+
+        <plugins>
+            <plugin>
+                <groupId>org.apache.maven.plugins</groupId>
+                <artifactId>maven-checkstyle-plugin</artifactId>
+                <executions>
+                    <execution>
+                        <id>validate</id>
+                        <phase>verify</phase>
+                        <goals>
+                            <goal>check</goal>
+                        </goals>
+                    </execution>
+                </executions>
+            </plugin>
+
+            <plugin>
+                <groupId>com.github.spotbugs</groupId>
+                <artifactId>spotbugs-maven-plugin</artifactId>
+                <version>4.5.2.0</version>
+            </plugin>
+
+            <plugin>
+                <groupId>org.apache.maven.plugins</groupId>
+                <artifactId>maven-deploy-plugin</artifactId>
+                <version>2.8.2</version>
+                <!--configuration>
+                    <skip>true</skip>
+                </configuration-->
+            </plugin>
+
+        </plugins>
+    </build>
+
+</project>
diff --git a/test/generate_documents.sh b/test/generate_documents.sh
new file mode 100755
index 00000000..58132c94
--- /dev/null
+++ b/test/generate_documents.sh
@@ -0,0 +1,238 @@
+#!/bin/bash
+# show commands
+set -x #echo ON
+
+LC_ALL=en_US.UTF-8
+LANG=en_US.UTF-8
+LANGUAGE=en_US.UTF-8
+
+
+# if script should create CDOC documents
+RUN_CREATE=true
+
+# if script should decrypt CDOC documents (expect for id-card)
+RUN_DECRYPT=false
+
+
+
+
+CDOC_DIR=$(cd .. && pwd) #root of cdoc20_java
+TESTVECTORS_DIR=${CDOC_DIR}/test/testvectors
+TMP_DIR=/tmp
+
+CDOC_VER=$(cd $CDOC_DIR && mvn help:evaluate -Dexpression=project.version -q -DforceStdout)
+#CDOC_VER="0.3.0-SNAPSHOT"
+
+CLI_DIR=${CDOC_DIR}/cdoc20-cli
+CLI_KEYS_DIR=${CDOC_DIR}/cdoc20-cli/keys
+CLI_JAR=${CDOC_DIR}/cdoc20-cli/target/cdoc20-cli-${CDOC_VER}.jar
+CLI_CONF=${CDOC_DIR}/cdoc20-cli/config
+
+SERVER_KEYS_DIR=${CDOC_DIR}/cdoc20-server/keys
+
+#by default overwrite of files is not allowed
+OVERWRITE_FILES=true
+
+CDOC_CREATE_CMD="java -Dee.cyber.cdoc20.overwrite=${OVERWRITE_FILES} -jar ${CLI_JAR} create"
+CDOC_DECRYPT_CMD="java -Dee.cyber.cdoc20.overwrite=${OVERWRITE_FILES} -jar ${CLI_JAR} decrypt"
+CDOC_LIST_CMD="java -jar ${CLI_JAR} list"
+
+create_simple_ec() {
+  local cdoc_file="ec_simple.cdoc"
+
+  if $RUN_CREATE
+  then
+    echo "Creating ${cdoc_file}"
+    $CDOC_CREATE_CMD --file ${TESTVECTORS_DIR}/${cdoc_file} \
+        -c ${CLI_KEYS_DIR}/cdoc20client-certificate.pem ${CDOC_DIR}/README.md
+    echo
+  fi
+
+  if $RUN_DECRYPT
+  then
+    echo "Decrypting ${cdoc_file}"
+    $CDOC_DECRYPT_CMD --file ${TESTVECTORS_DIR}/${cdoc_file} -k ${CLI_KEYS_DIR}/cdoc20client.pem -o ${TMP_DIR}
+  fi
+}
+
+create_ec_server_ria_dev_pkcs12() {
+  local cdoc_file="ec_server_ria_dev_pkcs12.cdoc"
+
+  if $RUN_CREATE
+  then
+    echo "Creating ${cdoc_file}"
+    #config file has values relative to cdoc20-cli dir, need to cd to $CLI_DIR
+    cd $CLI_DIR && $CDOC_CREATE_CMD --file ${TESTVECTORS_DIR}/${cdoc_file} \
+        --server=${CLI_CONF}/ria-dev/ria-dev_pkcs12.properties \
+        -c ${CLI_KEYS_DIR}/cdoc20client-certificate.pem ${CDOC_DIR}/README.md
+    echo
+  fi
+
+
+  if $RUN_DECRYPT
+  then
+    echo "Decrypting ${cdoc_file}"
+      cd $CLI_DIR && $CDOC_DECRYPT_CMD --file ${TESTVECTORS_DIR}/${cdoc_file} \
+          --server=${CLI_CONF}/ria-dev/ria-dev_pkcs12.properties \
+          -k ${CLI_KEYS_DIR}/cdoc20client.pem -o ${TMP_DIR}
+  fi
+}
+
+
+# encrypt cdoc with certificate downloaded from ldap.sk.ee
+# can be decrypted with physical est-eid smart-card only
+create_ec_server_ria_dev_id_card() {
+  local cdoc_file="ec_server_ria_dev_id_card.cdoc"
+
+  if $RUN_CREATE
+  then
+    echo "Creating ${cdoc_file}"
+
+    # for decrypting use id-code of est-eid you physically have and know PIN codes
+    local isikukood='35803262731'
+
+    #config file has values relative to cdoc20-cli dir, need to cd to $CLI_DIR
+    cd $CLI_DIR && $CDOC_CREATE_CMD --file ${TESTVECTORS_DIR}/${cdoc_file} \
+        --server=${CLI_CONF}/ria-dev/ria-dev.properties \
+        -r ${isikukood} ${CDOC_DIR}/README.md
+    echo
+  fi
+
+
+  if false
+  then
+    echo "Decrypting ${cdoc_file}"
+      cd $CLI_DIR && $CDOC_DECRYPT_CMD --file ${TESTVECTORS_DIR}/${cdoc_file} \
+          --server=${CLI_CONF}/ria-dev/ria-dev.properties \
+          -o ${TMP_DIR}
+  fi
+}
+
+
+create_simple_rsa() {
+  local cdoc_file="rsa_simple.cdoc"
+  if $RUN_CREATE
+  then
+    echo "Creating ${cdoc_file}"
+    $CDOC_CREATE_CMD --file ${TESTVECTORS_DIR}/${cdoc_file} \
+        -p ${CLI_KEYS_DIR}/rsa_pub.pem ${CDOC_DIR}/README.md
+    echo
+  fi
+
+  if $RUN_DECRYPT
+  then
+    echo "Decrypting ${cdoc_file}"
+    $CDOC_DECRYPT_CMD --file ${TESTVECTORS_DIR}/${cdoc_file} -k ${CLI_KEYS_DIR}/rsa_priv.pem -o ${TMP_DIR}
+  fi
+}
+
+
+create_rsa_server_ria_dev_pkcs12() {
+  local cdoc_file="rsa_server_ria_dev_pkcs12.cdoc"
+
+  if $RUN_CREATE
+  then
+    echo "Creating ${cdoc_file}"
+    #config file has values relative to cdoc20-cli dir, need to cd to $CLI_DIR
+    cd $CLI_DIR && $CDOC_CREATE_CMD --file ${TESTVECTORS_DIR}/${cdoc_file} \
+        --server=${CLI_CONF}/ria-dev/ria-dev_pkcs12_rsa.properties \
+        -c ${SERVER_KEYS_DIR}/sk-signed-test-certs/cdoc2-rsa-test-sk-cert.pem ${CDOC_DIR}/README.md
+    echo
+  fi
+
+  if $RUN_DECRYPT
+  then
+    echo "Decrypting ${cdoc_file}"
+    cd $CLI_DIR && $CDOC_DECRYPT_CMD --file ${TESTVECTORS_DIR}/${cdoc_file} \
+          --server=${CLI_CONF}/ria-dev/ria-dev_pkcs12_rsa.properties \
+          -p12 ${SERVER_KEYS_DIR}/sk-signed-test-certs/cdoc2-rsa-test-sk.p12:passwd  -o ${TMP_DIR}
+  fi
+}
+
+create_symmetric() {
+  local cdoc_file="symmetric.cdoc"
+  if $RUN_CREATE
+  then
+    echo "Creating ${cdoc_file}"
+    $CDOC_CREATE_CMD --file ${TESTVECTORS_DIR}/${cdoc_file} \
+        --secret "test_label:base64,HHeUrHfo+bCZd//gGmEOU2nA5cgQolQ/m18UO/dN1tE=" ${CDOC_DIR}/README.md
+  fi
+  echo
+
+  if $RUN_DECRYPT
+  then
+    echo "Decrypting ${cdoc_file}"
+    $CDOC_DECRYPT_CMD --file ${TESTVECTORS_DIR}/${cdoc_file} \
+    --secret "test_label:base64,HHeUrHfo+bCZd//gGmEOU2nA5cgQolQ/m18UO/dN1tE=" -o ${TMP_DIR}
+  fi
+}
+
+create_symmetric_longfilename() {
+  # over 100 bytes filenames require POSIX tar long filename extension
+  local cdoc_file="symmetric_longfilename.cdoc"
+  local unicode=$(echo -e "\u2620")
+  local long_filename="long_filename_${unicode}_AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB"
+
+  if $RUN_CREATE
+  then
+    touch ${TMP_DIR}/${long_filename}
+    echo "Hello from create_symmetric_longfilename()" >> ${TMP_DIR}/${long_filename}
+    echo "Creating ${cdoc_file}"
+    $CDOC_CREATE_CMD --file ${TESTVECTORS_DIR}/${cdoc_file} \
+        --secret "test_label:base64,HHeUrHfo+bCZd//gGmEOU2nA5cgQolQ/m18UO/dN1tE=" ${TMP_DIR}/${long_filename}
+  fi
+  echo
+
+  if $RUN_DECRYPT
+  then
+    echo "Decrypting ${cdoc_file}"
+    $CDOC_DECRYPT_CMD --file ${TESTVECTORS_DIR}/${cdoc_file} \
+    --secret "test_label:base64,HHeUrHfo+bCZd//gGmEOU2nA5cgQolQ/m18UO/dN1tE=" -o ${TMP_DIR}
+  fi
+}
+
+create_zipbomb() {
+  #over 8GB files require POSIX tar long file extension
+  local cdoc_file="zipbomb.cdoc"
+  local bomb=$(echo -e "\U0001F4A3")
+
+  # requires 8GB+ of disk space
+  if $RUN_CREATE
+  then
+    #create bomb file with 8GB + 1MB size
+    dd if=/dev/zero of=${TMP_DIR}/${bomb} bs=1M count=8193
+    echo "Creating ${cdoc_file}"
+    $CDOC_CREATE_CMD --file ${TESTVECTORS_DIR}/${cdoc_file} \
+        --secret "test_label:base64,HHeUrHfo+bCZd//gGmEOU2nA5cgQolQ/m18UO/dN1tE=" ${TMP_DIR}/${bomb}
+    rm ${TMP_DIR}/${bomb}
+  fi
+  echo
+
+  if $RUN_DECRYPT
+  then
+    # list succeeds as no files are created
+    echo "Listing ${cdoc_file}"
+    $CDOC_LIST_CMD --file ${TESTVECTORS_DIR}/${cdoc_file} \
+    --secret "test_label:base64,HHeUrHfo+bCZd//gGmEOU2nA5cgQolQ/m18UO/dN1tE="
+
+    # decrypt should fail with java.lang.IllegalStateException: Gzip compression ratio 20.642857142857142 is over 10.0
+#    echo "Decrypting ${cdoc_file}"
+#    $CDOC_DECRYPT_CMD --file ${TESTVECTORS_DIR}/${cdoc_file} \
+#    --secret "test_label:base64,HHeUrHfo+bCZd//gGmEOU2nA5cgQolQ/m18UO/dN1tE=" -o ${TMP_DIR}
+  fi
+
+}
+
+
+
+create_simple_ec
+create_ec_server_ria_dev_pkcs12
+create_ec_server_ria_dev_id_card
+create_simple_rsa
+create_rsa_server_ria_dev_pkcs12
+create_symmetric
+create_symmetric_longfilename
+create_zipbomb
+
+
+
diff --git a/test/testvectors/ec_server_ria_dev_id_card.cdoc b/test/testvectors/ec_server_ria_dev_id_card.cdoc
new file mode 100644
index 0000000000000000000000000000000000000000..a32bfefa5db3b9516c56ce2097ff0dc1be6584f4
GIT binary patch
literal 4029
zcmaJ<WmFVg*BzRnOOOT$X@+4ak#2_=8l++9mKbsf5mdSnN$EzqrFj79l4fW{kQk6q
zc+vH&uYP=It$ohD>+XB^S^FLZMJ)wP001+B2mk=!1BmW{caOh;fqh@@4*?Ji0N~Gh
z^Y-rUzF>&or$2nXd)x;W%YA~%>8R=Q$*Iff@Cl2EgM`7NU@>7K7A{9Pzm3%kIQJjo
zAD#>#pb%g^#NhnoMkn2!d8z8ME0gSmInk_}?f@#BjGFydL-w8vy2l^gNB4j#fJMb^
zZQvjgh`5cAE!ajvL_`8CBxYkL1`>x0iCNnL?mGtnUN~Cu!)<*5|NQ&TpZiw#z&3Bz
z-@4P(j#yHeSfeJ*W~DATC6=Qoc+qtI)&)kJc$x=8$F?3eL5i_x`{=N2t^0C0SIU|R
z_m84Ih~}ys+&+T!#Zk|%tW-I(<hoG=h^9MlOX(lM^q~1xJA`vE4uAyk5I_SU``1H~
zd(Hd!FRv{BZvTI;;Ewi={Eq+a6?~S0#nQV^9@NqGE4+k@eCeH1_y-{#X77f!t!FpB
zUPJ(@zrRKFSM{#|hU$I!Kfb}?;&70V9Y`1=W+eu`_fS|&$QCXJw*m{>3fl?&Z{PmR
zz@G{DpEK~+zwa7_>9Wzat*nW99uWFMm@s*M-mRo0L4n*T;{$7*W91!RG~%1s;+M)n
zuL`swYBgQ#q27~i{U&$s%<EcWka8U;6xW7pwk~K{`jiHIcsxLiuIYZSJ@)2{5h&a>
z>b~zaV9ZPoqFM?lO2u%%`+flFu_b~`%Etaozo9rWbHzjq`?||BdIE(IR)si`UF7i-
zg~h8_@1gmUa4`vNvHVo<&(e}U6F)lY=KGS5OP4>bL>?AmwK0dqr!~Q;X+JeE>e^m}
zj#PLj;PA9}L=Wbr<Pam`m;N<%J?Zig+w_*%iDecu^Xnw%oMoVn<|eP>w{%jNy<=&!
zy}KbhmHH*~I}LB~05t1rQdGY)$Cq1%T)5{LZW(%4g>S!+${(QttQH5!Ua~g?_(%Ao
zC~R>U^I7#t$*~J`LO-LL5aJ9g`@LA>y>hNO)tS>_E75mWdMlSk8bIa25qR*&iC23P
z&MyU5M;umD)_uWtf(6}^%QAy*;X1maA!pLc7HEMdQPu|*+_4H#%?D5LfDwkPtvbRR
z*6o4Db-nYZwKs|xb(!T)oh#_zm)9j$nT3qKJns$pJ5yU{)z~5*l=fmo4wLm4<OA&~
z-~DEHS6!Fl)9FcCp!aMTYzhV*d4Luul@Bf`%C{_)kF<18ISyO*6!1uzrPtA2FgS5y
zVA|buAg_C)w^`MgcWH#@kqy3^`eH6(ul)(-I3Cg<-6%T8`Z1JrD52`1#WMd@>Jdr4
zwIq?f_!h$NA$NIN>=J8z2y-wf6k~M6>7_DOIh}S(2L0A;dH8V^s;p*Ac0`#uj!`1L
zQ?hLq$Rn>MMLXr|lKXT}`LXV`Gq6Bk_;cv!&SH;wU*ZqyxyZ?CtayRz^w*&XrLQ8T
z&}W~e-guh%&k4+3m=W%1Kr;ypx2M6?zPFteKO~2Dnr`E|`XFodPI~dvM^$mQDOR6o
zX0NVjGx6lj_ugvt18*6M3UBPTuBM!_IkVrm9qLLZ2Mr8<drzYfR$w#-`ytyu3H;C!
zWHUAvP@~X6fkl%u;p`j((n#19PcS}zLAeA`YB;D)z>nm{Y6KFkwX<Ab9qfNOCQLJt
zeWqnV!<BtuFpq@{us_v$nqu5Z&N2I<7A9w(5#?r!s`z~x65|IV82qK$J?Cq)-lwXB
zx#%G`Dm_sDtZGi;!5VwMsYv2HA$m)uWl4HTFNub@pWRKGS0VIUb+6-)<&>S>JW)c7
zBY$)Q;BuUB-nFT7?2{wQkuiIg#(*I&*##?$1?{gpZ&@LV&ug)c1$sKMep?tk1MXhx
zMG9X?Epa{H4C^x~M0sE%hbSovRpat!oGskiC4(~k*D%RzIFdicsz%4qfdkJO29@Wj
z6q9mue}AZN!g?KK_}ffNmnAsXH2#tIl~(x3ZP0D%s-Rh=V_;euuBU#k8o}YFCnkb^
zt|=CA6GFj<8y%)*aOA{fL`|8n_0H2&d0CV7j?cV9;L%LcB=-blp@tfOQN*vw^lg0l
zkjgpcPRF-oKl>18P?v*xcv3WcSTAl)XMq|==+hNmZ?<iDOIcZyRrlNB^TDnIXhmS?
znk(;UY2;-VFo{j3y-$Hem#BWDMLmTbLwzwz^AZiWTOdo}C*3?SL<_EO_=t||T4Pe`
zZMSJIAv@CXF!v@>KsP}gQY4<&Dn;_>jNBK_R(uvZUY7CaA~xjTkN}uMCG^`>BTxeC
zs`3T<V3%Gb%I?to+~ONk<OMymO4su6U1gloBZAovs7SU4%%M_c4uw9*u!?6KWow1T
zXK_3!b7~VBE)x$I3)dTk3DqM*^(03Vv+y-KG~zWNcavcYbWCuLkDROHFw*UE9a&_Y
zPi-ZmbkuF5u)IuP!$;&K4ogdhUrsvJaoNwp5|*({bYX=T8X92f!0R{F1cK%8FLG3y
zt0?hFvm@t^H$;(3SljENs#320b+nVg!KI0+c=KBCXywvoigoj~BR9TO8QCM)%7pTK
z@H?xlEJJ(V?-55dCd6T$ZnKi2Na7(WmB)BB%>_~&8x7YKFpSD>ZCd@#;GLVvAktZC
zL+uP!&lUCngAz8_?*?atxiuf74ftG3W^tNIB*X9VMj%~ZQlrUJ@h9bZ1b)Iy?>=xO
z{9<)>q%HWwR@$EK-hDKAI0R<%-?p`EHl~h44yN*f33*L-j{K%w6T0~I1e}H3j<5tJ
z4@!D+5S{ZT7KcO|!9HRlH6gW6%NmyLJ-@!0S01>Y-MwA$&G?ZD6}I+!UE`)jKyuU4
z%myAtw(op;^-cREvhNoxSVy3?txn}wtNW+f(DJ9<9HZPIA<ylp*SJv?c*=|?WP6<p
zgVF!ksM4DHc)VmXaePwyy>s8EyiZ$E<)!$PkNB2~qOKkzvbj~O1a%R#Qz29n81}UF
zRqJUlI&ya>WaKQhQO2jmDP1<8N+sdvbAxzNJk2HUGcC7h1jxqB=<JtXCXO2HnBZet
z4#ebHemq<*6T6heDL`=%b6u71$d#r$(b7;p$9Z<hf@x~p{Z)@O9oJE_Avu7AMi-v?
zn%rZ}RYvg2G0##4GwQh}Et&J!Is}6j3VFlVS>Go+So-7r@^URk&Z}pws(nPVuae70
zaa8!KPiqq6*i!Pz1I!*2t$jstQh_&J7JRsBA*d@Zl2z#@lc&y|_NE5u#3#G@#zvMS
zUr^6igp!=da0kL7$XevO>opAv&bV&<n!QkT3s=O#PktN2_#JQ>tnx$ONtCF`_v1%E
z1KM_jUirsZ=Qu66UUcb=Tju!;=7=<Lo5@O);@p%eB;%xUm4%7g_>DPDI<kGWI;wAI
zouxy2SG(>~JyfmpqKh>+|J0FgSZ!19A}!aW8}7#QE8buG`ggI&z~cGZ-Qp7D6+!=k
zHE4PzRBr5m37W*H&c_YpqHkd!=c~<T6RmzSAw-`mS0xzO_Di-EVe?+8$TZfjkZ9j!
zp;(OkkRKmV+}`niZDeIHoOwuGn<KeTnth#`jb}M&rofwXL~ln+^ytIflO@5mmba2;
z5RC%;v7MOjB3;e+kF_f!0<JmDw!OBS=k<cl16?_3e&^yPT(jiW;hp<FKmrN{*|1lG
zYEEd<eTm&a$>1#f+!i4RnyB!5kA3K?{^ppEr>4E)usg)Klgoi|NtN@O9eb^JfkqPT
zV-E!yz#{CNm^!Cn`wp}f|NL{g>we*jKjpZHJek>JFlX3oH0aNt(l@?h={;kYk_$3c
zQu@yL$i6x=c!_)SZnA=g+%_D~pYM^;%z{LQ;raL=3F=&I-xR~Go}0iHlUo?DP@K>K
zWO>*FA%!A$Fx)It>hx859l1+tqFCm%jHJfImmFqNH{-JsyoO?u2N*vU^CF=qQjqlM
zsf&Jzs0PHyiBOt1$Su-k9~^ru!A*eAv=WU+Y{qQ%3n8qZTV}Rqo9t=sIuB6c8o$9)
zxt@;V1FI>G^{2gBz4R|x?s?wJzp_hbq6634uySt1tsnV<G^c2yGZI_fVB_-o@bRZ;
z&6y8vC7;BixFxFCgua*Z&FiN}ZeyoZx+TG@wy4YCnCp)AE*W`jS>Oox;KuIF#x}jq
z4c1kV^~$rDkJOYi<Fh)L$yox>ploK$VNIrr4*eyx3m2TgRHb*pEd&RK>5AJ(B@vHm
zIaQ5;0hQmOr}I+86My+>NZo``NvFB7`92uK7)-4^ijiWeJ7}3Sq&3_VEs<KDJ&u=K
z&K!MiaYc`Dm)e<w^WdcoMUf`U!5!5OvM3KWp4P&*t>Ocw|GufCi#_DEvn}>hkZaj1
zsy2wGjSPXxS2!X+!j3l#fQg)FLhfu%WX9Cf1h|i5lH{qxapaapSvDHGO3;D~sm>f1
zN(TguX7)wagx{U#k#%qFJu8x~h8{kR2>&Vs18R=$o!Ml*$pCFZ_wdJ2=2H7j*cWwU
z_OlK;62xi75(22!lrlLIhoPXG<aO{^25=s2qO?0Hq^ik;j_lhM6G3z_7}TSK&C08r
za3SIa=7v1(h6QV-3cH;a#B;t$#XZSgb=Q*CA1Ra8*=^|`n}uZk#Al^*G`w-xhnGQ{
zCfX}vDK6AYmW)RiR1<^O)?(_52TX~WcUvEmo=iRx(9Ig&fd*SDyT9ZamG$WD0m2Ct
z%iid-;#1DB2R?*UWNnge-IgJY!hU-+v5h6a_Im7&@I%a{7cO(W4aoJkE}(RBS8IzG
zX|pIk$7T&HDO+GjcyWSF-tp93GI24TVlC@E5L@bJXVvKEFw#c~q7hA@gI~H<g=6ip
z5KDN0JT6IOB$jIb+@1Dcfq7fx*JPoG$x#yVBxKo<$jh+3V&BNT_(X)fl3V#DKgfkQ
zs+;Z=FXpHkiT7uX<r`d8?;eli3I@@JRvQ1e7?H`{A5ADJw{e>PF~jScyo+nQg0?w{
z%kLdg*5FEY)S8dw(2sby5Shwv`Ed76*TB2z4A_Pbc4aKuw{OMV+6uZmF_routc|(S
z4;OP2K@ZeCH97B0t|tPx>E8ibUBHUpVXGvRFA?5#S``ERw#<Yr<d)ltaVoJXi8)t_
zziYs6H7Fh@i8*GUrg|I~5e><!v$)W1bGq*Vq(Psld`lM7K@0~!uy{*_Re#P?mj|nZ
F{{we#M%VxV

literal 0
HcmV?d00001

diff --git a/test/testvectors/ec_server_ria_dev_pkcs12.cdoc b/test/testvectors/ec_server_ria_dev_pkcs12.cdoc
new file mode 100644
index 0000000000000000000000000000000000000000..627423fed102363ed62320a53616225db8d142f4
GIT binary patch
literal 3721
zcmV;44tDWFL{CEk0003{3;+NC2mlNK2ml8F2mk;8000011ONa40RR916aWAK000gE
z7yuUl5C9AS2ml8F4gdfE00001Bme*a3;+NCOaK4?000034FCWDV`Oh*GB7P;Y-wd~
zbN~PVAOHXW_lC%|RDnzrN;kAPycuHTtVh>HnGO<;)F2XyIDd;H3;+}W2LK2F3;+-S
z3;+NC00001NB{r;FaQ7m1ONa4A^-pYOG9KiV=!YhW@Ip9V>vl8GBPnYHZ(M4WH2~o
zH#jgbIbi?*2LJ#7a%o{LWMy^$2mlNK2LK2F2mk;8000011ONa4VE_OC1XOn9i)|8s
zdw&eci;|9MQxi6~#({Z4{V1gpRc>v6A(&$LqP8mjgZYg9oe>cG7JN8eNjpghE04V<
zp?^yIaEM8#&{Rvrju>E;FiTh1(utda+T1IWU`_5QOByIUdjJ3cPL`(#M<Dr{@O7(k
zYJ24s9r)MSl+n_)HPd2*WwCcxG;rD%(#k3@04PI7Ho1wv%6#ifrpMzdW3E4nA)M@k
zarzHW|4JYnyO#s1{1p6FyvTrThNK!frHSKz#@Ht(v@*zqbrwUJTwM}{{pjod$_o6F
zP|_DRqE$vyuIebEe7_1aW0wr0F+m!Cxd2Q2{cy5)E@uJ{DLCluEV>kW9qb2;Ottqv
zHGV@km1-KNFE4xe8wo)56(@%Lb@h`UG4At)$;EH$=PS<o;nL#<zXw(VpwGvcsx?NY
ze2kj<*mxy=4Gv_$SSB8L^5U|~qzY<P$V&pCMX20c#4t8W&gBuXYor~KwMzwIwb^M=
z{_Am<qh`t0ho5J2S4wF0Q~A1{RhB%xXi62kwQ7<$fdZM^Jc`FZt{!Ya?0iNy%N=xb
zsqOvqb6xcoqoc>-LSuq{ErjMfc4x+ov>Dv4ed>q@;b)8$bsb>j%pZ>xSts9QtpBRv
zKwITv6olfgB<;+kf4&oC9I>cA78Wi{Ycj!f6q#3zJ1JB62Ruc|sXiYsuCKc+`E_t)
zXBL&Im0Kf%<TlzasSb>U>F=;tyqdEoK*$oK(sFOO=>Bmd%Ny^@tpY5i%Bflk|8Sz*
z%;nx(dL%(?f1yZ3L2W~UA?hHZNjDVRbO8e?9_zZi`~Syt+P$-cG)P%5&D=;6H*j<H
z)>N*Yk=vEIOUKEe;mO_ASWWq$SixKdigiD{`>!KsCheJ_m3NYcj^#l|9m3fE!?rQW
zz19u|L(;fgYBicjLSmA~gSyg5GdF+P(<ce!lCLRa-F>>84OuIUz=;QeN*bin4B#*=
zKD7xlBgkH2VdAukGUN));krk$e-4f^Gc_T@=U}tR$K_*L=|8A{I9Wg|T*jvzfHpwW
z)?Gb2sxy6S*6s+2b2gYEi{`Mru51<t_mcEQisfz(s<3&hkM1@C)j?_$$g#lG1RQ3*
z%V(Ykq*UUBl7QtE<l`d=luCq-DMlqw7F__I27aANLWo<TZ<8R=VBz_HY+Qdnq6*If
zHyT+%dk(0ntU$=6dtJl;siOmeYNrS|1+&YB$1Djrg4oXlLYV`YG|^}aLU4QEzeiXM
zQ|#WLF;d+6D=-LeRhaV4rz4({lEUc6^yXVJ{18)q?mN`e^0PWe7B=<`vk6S%;D{Dv
zCB+y?;g~k@O}K}-O7B;i&&S6u%ifmz%-ns~M!%F~s&MB&P-<g-0(yGf_mXh*6UVa3
zpDQyY@5@X_vS!vOiV`zC6(gNWxnUQ?<>lv!Gu0RRVG)&ug*O85&EBU=2;;qkDe9YD
zL@JVZDmn3{o5e|qg#>9!%6ZVNx?<HhlLF?sw)1&mt4_?2b>;_~{jn3eC-$Y2c1Y#a
z#@&OvmQcQ`{wLLRR4L%D@othay*k26n*B9ou)o4Ze$AyF`-{C+*8-3IxTOr_6coPx
z@a9T_Z2~LI0)e;s%N<{o{AQ+Z7<@TGfI_YJs%;OhKf(oIgB7N6b={~2DQj6j&7DxE
zsd*6G8+u|C=GU2o)h;~ru|0CkYR;0U@fj`E5a&?7zJzycq)z&Y=RD$xX%htfhtTo9
zY@x=F!%?u3o>HqN?>VnYi4h{OgTVHf0b`^$g7r?(Xe~fSIo^%8+s;6j1YAPZsAV1`
zB?7laBOk0~*1qG4YkafojcpZyfde=tz^y%!NXzmnH+S;7mTg)R9oNe_H5AoRv7&^v
zJvD#lq`DAz+?(j+>;KV96-rYk6K%*U7o+33)0~IPDQkfiebb=sJpP~|g|_ef;8M2n
zH%yJgb!K%j9!xs_+xPsSVG%1vhBtl?-&;65u?@SS-OC3?PG}dm8pSD`GNpjTIfto~
zvLc&#mhxBITp^+A(ktkSVPj>R+LNKQ3#AuH-R9;(3Gg%krl9*uF(HRfLmE)C6G~{v
ziNG3q3_8HLDVqQiJ+mNs8~n#FO#nUM|J%kYY?b%qHsX}7`Dy#_BqZ3Nhr$zcA9?1r
z__7F1eUF+nJo65pj7y<}u_vbGN=+d3VO<k$YnE0RcA3}<dwoFcVLAUOhuT)n372Hk
z2fb6=c(fiyHK<LHgOcSYa5Yom{r*OY>v@dzI!6!?S85Y-ux=&Zt{dovb!(#)eQuDx
znyL~iB22$^$`ZniiI4<`Q|Rt2oMjp6I5$cCq`*}=rqOp17*p_$f0(y1U{Ae=*{xA2
zcjMJ@OYt*M=r-q#h&vpnV!Zf!z@P*K3!qTuK(rU)<}8G+kKLzqn4aeQ7`E$(w4}jo
z!d>iJ;xmYYF)8s%Ze-@2SW@;$Xr@ouVdJZgpuZh=4maYNlq#`f2ajXiGv}kvA?>i&
zi)fhTGhsqluzMYT{nlA1Rtbb5*E<|OG(vMCj$^1K{sHwj6zt2a``fF!-roF^ot8lA
zM<APoG7|h3%4h{ML6RkoZ}MCWN#b!pN?Kc>8U}vc9kLoPZkB<CZgD3B=IDn-#7txf
zg|P1q_|}mUHgr0FX`U^J^^lKLCV;;Ac}pvXF7fjrIwGBT?Zi_hI$yRkyP=BDsCgi&
z5i=Ma4u3MIQBOywFC^*fbC|msiOCN?$kG2Q?lL#&|Bgu<!FGKUta+8>Ar;jmEX%Iv
zd1^E-FjLV@HKNl1w=ixrYPEs)vuD1w$*zk9FhWVqi!jClcPF)5hK}mo!pbtv=>Vs8
z>c&tI;+<TP)k~Nfz6)iWaYH!12ZLyx5Zdy>vV{gy4(7m#xxWbmF_izCY~R6!g`cwO
z3yV<c!lm3CA~M72eG#-V?52v^n^ky>zxE#U60{dL7crPdc-SlleS+oh=4KNW0jJe;
zH#YU+DGgXv^yyj#PJPv4f-%L}@`059bv>&g6>9VJ)7gn-&hoykHNbQiiVWUy2?eFB
z1=qF~2go~bbTx9v*LtJ}_V`98nQDf(RuJL77krryR`oo6<83u3zU|@o;;&fYezKuD
ziplp?{9q7%SG%LzxnP`tdY0{wp7%yEGYF}f*^E{4xJ`_>1Z{N2<tJt3mT@2M7i_lH
zU;Z&{59=;mXSjTkR<#HY<>~q3vxnQ-=-D}m<@hK!E2N&vRDVk6SBj}F{y<F<5efU+
z0AJF3p?R{T@~e4D@;!~${P7w!f5RqGIrB)>Vg-yK=_*46O#<Yc>^LGeMr}K*aHcq^
zXXc^c_9Uz0HX`x7MZ!I$7=6^e4J<3--M3(}blrCZXsJ%07VWSV7f)5-2oO4k>uaCG
ztOXH7EYuK$Ni6O&qK1Z>!YKd+FUCdF(M<gFfr*`lPPZM&e6$VPq#ggoa?an<I$xkQ
z)+;(p=nJwl7xuh@He1Y#{5CFG#X|G`rfUfb1(KnTXKNn?FqRP$QW88BA*fNgX~sEO
ze+iS2!2-MKI=T_zW(`Vf<g74dq$y-^FwbIW`^%SJ6pM<!IHAvBiTCU`P}ecwP*E0B
zC?3zVOkX10IIa2?UR6LP2}*S4XeTy7o9}DiW^9(H5ZF>9;}uVxu;K7HfGXcd4R@#Y
z2FmVcNr%0W2Mb~Gadx8aL-8Bp>>Zi(OB6v5gyY&=o1C)+%J!<M{@46*K?*`g;<iF1
zY$`qzuj{DJR`fcE?keB+)0z1y<dlPv@-uDm%w>gF&TVw=ox5U+GX}ni9L@%Wf?M1e
z-!oJTl^tAnYkpLb(VCM?&!2XI5oGx>c()|wORY+X$1hkP<Q!uq!ai+t?-lyO+SYSY
zUW%+h5j;tNnaC4cS$bBDU|#e#b*anIOH2CqEZlVC*LZuFVeSCO`J`_Udn4+`K@bu2
zSG9>n$HCun8IR`Zt7)NzrTEVGJ0-xS6Q?I*1VJ37U&i?~L$dyvwq6Lqoh7%Y><oRR
zR;CSwF9{HExg+ZyuKMt{=*@)p+aT;n_+V!oH!Q@a4t7w+=&Tp&U0|^kL->Y3{zHPz
z!85q}6tkiTXX;+~-bpPp80lfK_|<oW9;=F(-8<}29~*aM0ck4Ge~M!njyDeA9CIY<
zdcu7pQ0|FZI$hTlA1ol)?<mnqK3y!Yi@_-IDf_|&+%$!VHIh<3BP#cm@XO|}jcr8!
zrdp97KP@xq0?aj;wx!KG3`aBH;qW4YfDl5_sL=-=voou)%+O9@3K_t_4zUpR;57e0
zU?d@q>3e{$x4PTFMK0g~D1uk%v1s^;A&(j<Zg(Hf9d9jyU9vCj+B~y7A($~vmarUt
zE5dCmD(vS-t29RcX8KttzIgA)AxZd23W<R{AdZ{~Nx~vPpLgI{?Jb_!NCN2B*;j_g
zYXRNJT9YZ+=LvL5)t<)4X@d_4^%vVUewZRT`MCznz@(c8yn5$xb0|q|QOBH~LwoQ;
z+s>iSG%X<Lf@R$HV#!zy$BM^LpM63x(^p!u$A6c%kaf7Tx9|@b=MO=Vaw?e6W3Pmx
npD=Ihr$y5XpQxBaj%zVJI^Ca<^*+Nl%Ik{-a(2Sy{1g^~yuITX

literal 0
HcmV?d00001

diff --git a/test/testvectors/ec_simple.cdoc b/test/testvectors/ec_simple.cdoc
new file mode 100644
index 0000000000000000000000000000000000000000..2ad28db5cfc97d80ff0b58e9b2b0b56379056317
GIT binary patch
literal 3749
zcmV;W4qEX;L{CEk0004O3;+NC2mlNK2ml8F2mk;8000011ONa40RR916aWAK000gE
z7yuUl5C9AS2ml8F4gdfE00001Bme*a3;+NCOaK4?000014FCWDV`Oh*GB7P;Y-wd~
zbN~PVAOHXWiwuaO<~j4#A(Kd}AdbmJ5L-bG?C7>AdoWXtdU|p3000UA5C8`N2mlNK
z3IG5A00001Z~y=R1ONa4VE_OC1nxyWrK4ESA|HD-K00u^o${Uai}2b@<3HUW1-jjA
za3oK@p_U`Qyw({;p3E@-A#*wSWN=+ZrPD@u%n=)}nk?%hpQj;Fk0tz?sdiIy<Te;I
z-rFy5EwAkVH&Zuuy8r+HVE_OC1XOn9i)|8sdw&eci;|9MQxi6~#({Z4{V1gpRc>v6
zA(&$LqP8mjgZYg9oe>cG7JN8eNjpghE04V<p?^yIaEM8#&{Rvrju>E;FiTh1(utda
z+T1IWU`_5QOByIUdjJ3cQf~(*IG7(4l@1ci`U|hX8&lCZae7&oAuGE1vh6}d3vDiY
zTJ>=|NdJ|EiViwdoyc=`2b1|7gXQona41wg->UIu8OaWD_=Dq)b45SsOAXEOVygrr
zoZBGRv~DMy-nxb+&A1B|nQOaLja3iF<-l#kL6?@SlU}JJP|+v*DDr4divli>oTU+R
zEn%s{o++h;pKoU#g3Sk}co<6n$~PFbmu%!?P@g=!I#r+~yZUqA3T1HQ>+A}Ed$iWf
zgcNG=RUS?TRYC$G7l)o=)xVx=e23VKjpQn|aq(926J8B6cmdhaNVGLcDF*3LS#2Y{
zy`{DELw~FBg@Curqoi`B&dWmNeeB8VP(P4(&zSh^v~k>&dd$No0mLim4N%d(KW)+V
z4uVUZbUmo$q)`R6zX#n3JUsjh{_v6tnCtE@v<io^6=zP&7(hyfZzIbi(<fLWG89=j
zX6Aj%^GHjb^k_fw?A)Q6FvT}0hJ5+}6Y;+|Y(f`S3WU0JXfX|)5Zx0u&?rqKLYzZ<
z5lbxKQFc9ULBnij8p6I!S`jOmr~jB)V1aFZxyc7sS2F`TT9ZHc8ZWYnT=Zxyq!R2h
zM#>Wo-HxT9_?{)W;YHyw&{|dfkl1z`m`mBTb<F{)t7~iqsG=E$(56H7D)}t#pCb>7
zUL^Hq6#?;CXINNyC?gV+Gt@m}&&plhp9H^Od2v!%YoZ|gZn)kp_A?>4s?UUue@91)
zM5zC0lb&_Vz*P>Zo0$_BxKQHQHPp^7BLOg0@l@x_i{Fqt!EfB{1YLHCKFwrB+Yz#y
zV!GVe%_kb?gSiz{VWG4*o{FzeMHvX4KVplj1)lyPOc$e|S)bf%U&+`Oh2w0Q^oFE^
z?y@5Lf|Kg0dY<Qhjj+7J_%|F~@b;$^>Pt+x(6GQEgV)Gg-p`H55j;!gT*>4UTHyqT
zle5U6So}phISSRydu9&*MeFKEQV`gNvJzLd1=+@=(quW-VRVq}pH85C8WZT>8ZBqt
zOfJVp%>dGk94Z~g%Qb8{>Hz9Pa-9L$7=%YkbMJ!}NFFClBgIv|4CqyLlj&#H;e!mD
zy(a$9=?=Zn5*ag8`2YY0iTj>MhFQX#P9*1?UK4c8B;lpg%8{y^3?#&VmD1VGb3ZxS
zegTBIQ+G+7n-0Vb1OxY|O-%{V<ScGTOe$}<nN7yG=QkE0NgyC{z0uHXraEOcFyV{l
zZ^=Uds%*DC?PcFc7Wr6@k_J<~Brub3?}*TSmNi}6=Tz>rP0jP&E_lGIr-)R6*O!s|
zgChS$cYnX%`o`O~HQZg<THQ2rUJ26lxc|8|^V+BalXP<Skg*%5Lcmb6QWfsn@2vo5
z=LqC?90!B^>$;}u(?P3CT*Y&ab;F#d#un1ZEm?MQ*<e8cyM&U-jlnoPG9P0BjN35j
z(XPK{JxY^N)i*{9m$O@<;AgpZvkI03oxd^$!2ff{Vi6mO{Kbfu4(i;W2038yRLG#>
zRE@U@Vq7c5MOxw%_GUeP92vBfpmPPIwwI<ZvLddn?d;s8<;hkH!D#VW7XK>&pQ?(=
zFJin^UHq&?RkZEFrzl010qAXI=RdSa^@HTS(shP6C&sS{fL?eHoIG7Ic{@Zr$<Z`^
z1~O2~`vlHl>UdkcB@l2?4uHRpgPk4b!Ui`W1Pc_bO@FLEu&C4$Ddt#Tx}PT=w9OrS
z?r6>Zh)zZ8@0=pE?lZ<)THfF*#HG6*Xd)J2)`v3bRPL$;9ii&~FZaD~Sa!74>0L#C
zgtdgn9Fq3nbj8NeL6f#COGr(RK|HG!%tg`(^LDBR_p%=5UDL!XmFxNK|FQ-Az@5+l
zd_@M>ba|l9JbQZExZ(FiA8b{`7iScI^WkVsHQ<j(Jx<dWqfU^xOc<-%z!m@GuXUt#
z0|_6VX;qZ%B983Trz8jKS%3kib$g7DbD4pWjqcIMlWgYPvniazM3ibi8)V)pqjl8j
z_oHBPhjNna?DGt$tVSU3`Yjyjqh!N-KbhCPMUwo3kWc!~6MU{$B)&hBasEHz<T7WM
z)ebHbCcJlF=n0qR!h$Z*)@Z{l?e|i@MKdNO_9LB)SYc3qq+cl|SvOk4TzU@waD(Q;
zvSLvhz_VJo!>;5{8(%q2wfz}6sPEq_av`bc5eUp`x}E9@>SK(J^{AhabfE`GULp=D
zi2Y(paIG7dD&ax*OVm<(P{9&ocG>pRQ&mEX8CC>Wy>k{9-LshXD_-h$7SQ9<!NM3`
zJM3~gYPV*JFVf0Z?g46>enZrY({s_$vObu{qLXfAsjPQZw;P=KGbS@bHe#F~K}Xbj
zM!H9xq<T-AsxuohzVrk7<%{JPIXSwEWealfTT7#%kdoMF-R2!_5F~iJR6%Jf=Vi+y
zsAq)HM1iCL&hk+{?GOdJTD4kaavpxg&hGdMA8XW`DFfTP-f6O1_V1gZa)Q)}YojGB
z)p1FB7%JtO_0f#IX{50)&!vGD5NlY+f0p%(J{TtYF}f8iUAhriT(XDlhZorMlTjFU
zx0u;WeWfp9`%<6!RtGv$^`F!hr;Vm0UW=ffE<S<R^%C${bQ>`YIA13@;5Lzf>+;~a
z#Tt;i$VjdFV#`%!G44r%K0Mn~dsk#%Ch^n(LaAhdzsiXF(I^p`tKWD3MBJrEMzkuf
zdgA9woD@|8$wVbZ18X4Mn;hV`OK1phS%ew?6q7~YvRl=HGw%}@GHvUHt3jwBK>>_Z
z5Z?B27Z;e#ivCGZhfHmdu>gIuvSwYAE6Cam?roP^ndb*Hvp5rZ^^_f+fvpBdVDS%Q
zhq^UNW!$<+TlwF19>Qgfy$F)^mU!SkJ-}YJC3!T@$K}+ddy{vDU~+%YF<2WAvqp1q
z?i&8M?`hn~{@8usnP-i-QZ$WBf@<q!3aXxI&>a%-!B}RkCc$WC6CJ29EY@AZdqD;0
zvB4&*={1?SGd-Us@-y&s@0o!BQY#vu!At%y<xuyvqCBuvs3b6dCTGLVLu*4clvXSr
z4pj!S9JazOCy{0KzN{hIc?uJ7h-e)TL^c5uq|qpr96P-{m}skQkPylyH2I<Tm3N;C
z;mI#>ni^si@J}_j3lyTfBsp#^7LTjOR2m5nd)?}olYP)l3YKz_R{$_DSPXsAKs&HL
zAw_c}(DpapWkWtox=g=!^R(7<3-1b{(+gh}O3U-A_kGa9!2eC9nn)W6*)hCYi-9Yo
z>DNFOeJ`XB4T-jPIbV(-F1n?x^WP<k%e{t#u~knS!bXmEexYJ4=$n)0K?R?AXJia!
zWs{p;!hsS2DU?Pl2!><TdO=dB9kl=Fo1>E7uUi?tA8+fqr+5dZ*jj2!1?tzeJ_CAd
zV0WSdh9eHvH`Gov0MuZ<CRFLDf1%p=%l!P|KBW!X%fV)HaKHjJhFt0xGb@!U?0mY-
zcfsH}G$a?BQ>*I|w$-?z;RimhYD6|k9GEP7mH={P9}4nLb`m2A^Jz!?1v1UD-XE1X
zS9D|x-1kX?N@bt*fIH=}@5$^8!c0qIYkcC;ZId(zGCzi}@>=kA27Fg)*WLT0O$>o6
zI&cq7uSVRURw9T_U;Q$KmIDcPZql#So>x^0Thm|~e}T`?t8+W6mG3KbojZ9VNLcTJ
zpP1|WUl0UfG`YhAd{Pt`8rZ;I?fF*IOD3V|%(LF7R#0<!u53P|)sxx;?kH1r@o@8W
zcT*ufaef7tP*sgUS%M4kr{R?2-u-O%NjP7zI?0>QW*OK7IQz%8)$srn4=lsC>)BW5
zw=2Mho4I5E2+N#d>oT7%b+K+-EQKwu;apJ{BEEbk1NxOS0D1*CGrEX!NUW?*8crn0
zTK^|D*>Biex6Rtu#idQKwpFK>qeG!qS)sCk^@rB<^38HevjVK2fJ)mh7BTq=<^6~w
z?K{^p=la6h;|1X$<b<r{=r!VC(+z@hsB=t}6eN_Cg8Tl*rl0DN9+-pxi#bur79`zr
zcTyukvPlwV1Fdd$ox4t%={Dh`zL#a=GgEnesLc5j)rQ?*slkQ~a{_eTHiZ*j+41-1
zOZxeQZ~}*-H`8-chbOj`FmSk1;Ng)f`aV6!=_^6Q@)N1e4*PWtxi`%;Uq0Tvp5hE3
zy3w(DafGxCo0^FTEX#rBowNN~wiMzsesmUbvA+^6wb!l$d#0T1bVq$xmP#@WG+|B+
zcS8%!{qOaGOYfe%4%M}IvKTD@h`Abg$`c&$KtXeSQ>Pta5kN%9Tqb<Cx@jh3KwW5R
zG{1+jw$qL5;nkaT-M8+m4H#p<g_)fIst9lhReLe_kfx)NBD23PKc?f!rJX8S3`|Gr
z=b)B(pphzUDl)Eo$X2IPv;@#31W;e1Z|}Dsks+y^scl_WI%H!HD2RyfgIOBlnzP$>
zN9eU^L$2VDi6-kgT-0)gaM4|pLkZxra961Xe%E+1N@jDOC!A$gnp+=Pq{I$@4AQp!
Pyy=;>9rjHorKc_9svi5j

literal 0
HcmV?d00001

diff --git a/test/testvectors/rsa_server_ria_dev_pkcs12.cdoc b/test/testvectors/rsa_server_ria_dev_pkcs12.cdoc
new file mode 100644
index 0000000000000000000000000000000000000000..7d3256b466f657befadd3fe08ab67b2a43b53e81
GIT binary patch
literal 3893
zcmV-556bXEL{CEk0005}3;+NC2mlNK2ml8F2mk;8000011ONa40RR916aWAK000gE
z7yuUl5C9AS2ml8F4gdfE00001C;$Ke3;+NCPyhe`000035C8xGLwRCla&BdGX=7m^
zRAqB?00000AOHXW2G!*}Gb57lIVI)O@)>kc8<lVY=Rqq7?Wwv@80xTp3;+}W2LK2F
z3;+-S3;+NC00002NB{r;FaQ7m1ONa4A^-pYOG7eaVliW4F=k;mF*Rj3Vlz1~IWROg
zV=y^1GGa4fIW+(P2LJ#7a%o{LWMy^$000I62mk~C1^@s61ONa44gmlFFoFRJ0)hbn
z0J3dKuW*EX!tjYu6vH!~e6UF;Fsib6*-x8{$YwD1LbaVIS)PF<x;1~&z4@ox0&*6Z
zU@KS4wJYB$QUEhG4M3F`FxBcewIVCB&ITu|5JC#Rf@?JFdKG=UsJ9-KX(*8ET^Q6G
z`{y+91NZ^kWb=ErRHo9*t_i8wSdqQI{kb1g=k59Jr$ECF@hW*aZ&BVtoG@w`+8w0{
zRwGGTCoQwh^??3pBCn|Bl7gVb|Jdyxn1%HK9SDFWVCvA&yT3t*EwxIqKI%cD42MY}
zLUL<<gB$7>BXE}C!IMYii_M)vIS8+81jxW>{sa@wV{bbrupTYS)28$eY|UEC&jJGh
z009617b}u&EUG?m<l*Ut>h+3Kk>VkguVyG}_cBzRk6)3X^CD<7zHAffKu$lEOFyD;
zOhCG_fqB5m#9dBmsU3IVrBX9L=O%ZG<600Sl2mc0f5WzxeLp}Gy}`sw9HsQo?T1;I
zW=V_;Y?A5F^J%M!Pve-z9h1wGXqo4(=lNgpPx|;Eq%BApZ@&0a#}PI}x$bW#A`&6Y
zM_o~<{pJmfJSHO&?^6hzM%0TZNYIq{zr}!~Gk!%H2B_^SsJF2!U<WNF0A&py$1LEK
zL+o;181-u24$-C+QRc~CA87j($x*R^?!i>Ljd8a&sVZj!E!XIMYKibChP$g#AKy2{
z$)4OmbyS*$($N-Ij@({Yi7^ynW%Js=$+2pmW)+7Pr6{2Bd8(04(BBkh;H!cmQHpgd
z11{#GVHq#f?s`n3w6Dj4G^t1yQKlop+W#@FQRpG=Lz~fMm$6PIP5c82j2w(4(w4b3
z^XsJvN^q^xYa&lhMP72*59bBjt&hM%MsPkB@R)Pv#$B-zTuxLMMsmxxHMp@a3$12|
z?N%wPbm~cy{hIc)wX^j&4UE<0-x3Hn=abAqng$hnk@M$^-&;yy>vB~6EhI9-3zK^o
zv*w5Nk3>)}eK!P?E@$!zR+X9F^a!Kj9HhS^(ux~)3z-(1Ufz{;_ZTgU4_Us#KaYK^
zCClZ6M8qGnbpW#nx7-Lun_u)EVduoRIqGoFZK?j6u6eG@(S==C5pe+je``n~t5Drw
zq{T~80}8_##MVf%$n*>wxrIO3cPFk>43iBOeiEGQkGhE5t6Fa#l$!0CMP5ulh}5N=
zw4b#WYHP#G=7`V;FP=qz-3h!=TdZ!li!`M$?66=q*-j&i>!($6#n;O7OxNtq?mQ$u
zRI;r#C%xhoVq1`XrO`*=9N~6~s`=FvH}1&n$9X1~|Do={FIH(&8r|~RY^|j#EeuvS
z)b+_4;?`kZ=(b0Z|2!zbXReOYg9@>*)@yCq6~7b=Lqv_80``)V>7(nd9b@%Fpx(92
zgSf57F*j+#9V`<gn&;M;VKvyMErf(On+c;p{gUQ>A?EipkBXYAVmsKq_Yh|_Vl#P+
z#T_@a!&Z?{Na#B(&7LZ7IxDjYFc#?JR&`%^UH}D**7!dAJ_rgI#amif2Qt^XAsYkl
zI)x}sA2N}2Z^-Mt$O&uxZr%jPGT|1@#PgOHzRY>wDh_yh9G7F<uqh$6spmvA5Tpfo
zLoTf9hNZnd{Ay49kV&TOEe8tcB34fPd5$ceA7_GvE(Dm>j8byA@6FI5lZN(XFaoZ^
z(#6S+l90{WDx0+*qwI12aW)@+r>hskn=1trGLiNWtkpv2C-;w2PxgAH=N8;#PXo)Y
zxcdTR4Pg^ts+FO~5j(y&65m5_8Y7h9vi_%f`a;S746n$ZiRx!W$U3E^j`+2O&Y|s2
zSRBA_x`*kk2O7-}8*r&|YBNXHRz1K3-U3u}0r}q4i!aqdFECNo!G6G%CaDJ2wD45K
zLu)9hbK|7NKPh(Ek;fV7THCo$=~(d`q<QJyfq2>xli(v&2|YR;ju27zh-jhk7I^9|
zVR|Gec^sBl(gS|{W4coY+(ai9{rObbD_Z~xrtaMKA0o8{<pGCMSuhwAR4^Q4?Oj=U
z`?iQ!p-g_IIfaD9S*a0+)J|&zyb+?DlJ*beui00F!U7QmjkQ$_uvwMh`r!8M*dtyd
zTLB?AcAperuM9X$@X^#*SHwJIFE}OQJkn5+Le;V5dzbNZjV^s8)z;i*f`^Aqttf*;
zG`y7>wM<F4cOft5N}cN{`aT?J`A3h9w%s>dOs=uqId@{q!Rb$UV|>nKdhxQX`cd;j
zEH0mzH)8j=E>SP3h!m|l<AhrxDcCweOfsc@s^o%e_Z9L103A<-lF|6}W#WYQ+0Rm`
z4**76x6h4wacE2>%TrS&uS+PU>MkG0(b2?lY34cOa((tFQ@xnFaGv&4M3pI~^_%Mv
zuTe|BMA%)|=I;n@hXoa(e6iD=PE^oCm#e=rEGXc`28VE^L30|ZQ8yLE&NDH#JyvS|
z5L2agtwZ{@<@Y_GJn7sZi+<J`4is$A$I@GYUQH0Uf;E|gP4OAXW)5{yN`)W@FGXX(
zsmqVlA&1};o5nmZ&(M_N_0xl4f+NeOHO(zHk=IfUtB2q6Sli-&gXHtv?gvgTiRXyY
zcW{&UbAsIZ0?VlLWU5j-e-yHHE2~Rj1frrJYc&Ie6R~^bA$iS6uGL4GL<g$d+^*7S
zz}RcR&w~|N&DIIZ6{s|i$)=nKN!DzgOb)uvEz=kQwE+L3>AWL3<Br)*Fi%{MImYQ~
zegaL|_&!+6`EX1q<3owbcWfsQ=pOa0$?+0^%ta9o?%t_dEXb_13{{;}A&kihoW*UP
zd*fmpXw`u>pDZc5w=qdn9HgscE=UuDrU^ZcsO{;!Rp!t~tA%3m{hG+SDB*nSe5X)5
z`gpkkld$^WXm%MH+=oQvYR65_Dk?R!+zG0HXI7k{${;6K)p!v2A{y-NN`{0;h7`ka
z<AnPStC~iOZ}iL(h}M92E&8TJEn~Ps@`(}`lTvxpjC<;L9*>|M);9ELChN-T%I1y7
zLUQO`lt88;E&d!Ec;6k)D~kqw0=Jjzr>!yWfGlL+jd#^s>az+*fXu&HnHg48GPdbS
z2bRo@A~7w>{-dM8ahm4Q{T6tvnAngBilW%#D}OQ-<R~1%pz*Fg-T!Rff4#Et+c#y*
z^g9XT45O!1TvE2tK}Xc>oA03c<uB6M6Q#)Qb}(@BrK3NZ7yLvcAi_E$IlWVvU#5p&
zsQ?PQOM>(FEye<^gHmew{X~MunK~`lMv(S}W<YLyf=Zz2Wksb>6CFh94~Z*h>R0by
z60)v<n(NhTQy54D8EK7Az(LG9k4;9s{1P5ZwFlb*!Oylr-RXf$*htB_vKoJsbX56u
z*WG@OzruY;={eTf^M)(~Q{`{whoAHBxVl6b2n)WwD=IZ3=9k3=Ewi(lqZ4wA(oL0s
ziDJV>gC{41kZ-x7)6}OxDvUR8ygm5Lb4jFtF&GO}`;~A(paE=sBUE`oz*$1p0j5i}
zB*E|TP;Edyrz~1Ef^007FjEQ~*4lclsXT)Fl1qNi?0SWo*ATY;Bcx}mxlWzjzt8ub
zbhHz^Y{?LcD)LFZ>mADodd83z=Zqt36p>xNy7~rk%ty~9;BRfN1+&-CYlo!aunLuP
z7N$(YHeQ_iyntIfnR>@pn%ZB4QyZ)=Co>HZc7A6)H#JbttO=4V+aEwH1N2XYY;Qwl
z@Hx|Y<|Cjwyw`&W9?BcSso)}vmgpDe+ZEaUYNkvJ43;YC$mEGEIk-#vL(vm83Nl(*
z2Gy;%t>_M)pPKSplS#Vp8EzGRRtu1=iow5hD;`zT+6!l>=GB*&FkRJQe*j;Fw&5Qv
zh+u^!msVT3c{TmtA7<W4?5WqdD_n%iZsnU2I1Ot_M`cE~;<{n@o{BS2W=UF`9rhFn
zcLZE3BJCC)YTdZ_!;`*l+tGA<A~MH0TH}KTB}P)>NjMz_buj)q{XL_tQ31wu-H+fR
z4S2_bo5`E%U#Lv)p2e~>aZZrPOs8OdbOwNQrwK+^A&eG~e%;AG(l^UBXfR!D$imt}
zwCvViQ$`E?wW?*F|9Ap5sG9aI{kqF~tVG|Vq`ZD`)4(M`_4f!c!^=n$J;mB3ew3?E
z1~o3PikzSYPr1;rBh{PjTAJTm6!}mPFCmB57fr%(CeT9z`+o9?j^(>vFPummgrabu
zC4<7Sq)C~y0u0eLAhWK{m!78Q;=ST2t3`TcgS3~xJ7Ao8n#}BPECyw-|7F#Gv7~(P
zaAOPOv`s|>3)2r^m9<2B^ty(8h1}GTH}&@2+})pqAw8o$V^hUDI-P-^%B)d)nSXwS
zUowvew204G8&&R9CAG2tw8%u9cJ~m$kn`irgZ-g~H;QF4kLDa4yghc|`AoCHc7;ZX
z_yspQtLuG<3lHmy>hzeZ;<Y^7BEMR6#pF&BNf3Curxf`~j(N;1W)=Md*Wn1DM7as-
zT;W2`vkUOU^<@wP(1=d)EX^!HvC-Cf`Gt(73&d##mGI;&y&BppF<?cgXai4M0jv;0
zz5)Hzz3Ba{jBi#NIr%<B4%C*80(|dnPuMBMX~WUergygiL;4`gjmNm9hI{R27<?Zd
z%(W-s2Z!?(*Nmf8BYAJsimwCL>Vf|uDrD7W0EU5^<%}7|CU&l5;22F_r`PP!`Kj%U
zC@W7EYpf3zllzM1KmB-%8_|9cmUuF2C_Xp1f3_4OO`uDB9!l1<AO<*tW+#KqK&??(
zun<)e#RC+2Zu|R_e*!4m&BcOWDQp)qTG8+RGZ<pYuy;r%YK0NuV@k#YGQxEGtlt1g
zByl}+03n1^;kYDuvVMCIXk1>dm!c)DBpgALs)b$JQL5qJZHFnfu((fPy@O@g%zVCS
Df3-cE

literal 0
HcmV?d00001

diff --git a/test/testvectors/rsa_simple.cdoc b/test/testvectors/rsa_simple.cdoc
new file mode 100644
index 0000000000000000000000000000000000000000..5d728978553b378ef11ca1f1b3d51d59ab9366b9
GIT binary patch
literal 4057
zcmV;~4<_(KL{CEk0007@3;+NC2mlNK2ml8F2mk;8000011ONa40RR916aWAK000gE
z7yuUl5C9AS2ml8F4gdfE000017ytkO3;+NCJOBUy000020{{R3PA@?KAOHXW4y<l*
zmhf2Ne=Rmd@!oS}guI+A4`$%%nshDw&(x<-2mlNK1ONyC2mk;83;_TD1ONa400961
zYtpE1L&4x|>$py{Rmu9?SjDiLCwFv6mAb5PnzCzN<gH>%55l`c(ytm#oAhiodY!aS
zd>xIl)1e;{gE$yYV98<PAR2S&>sz+n3bk0Bw#Ua)@1Z2ef}HP!jQhQiMgOXkyv&xK
zn`-kd+*!4$Sp2`95FmWR05gkg)WC&P+qMhANud2mr5-xtI)83e)2&hE6p%U>3f#L7
z3LM0zBJ^uy0T;%yLuLv%61v;wQ@UMnYzGyIpeb3YCD}0#5Uwl4(fT-*!DRD%$KYI(
znBb`peTiyALFu!_n!w;6-t%f7o&|o|dwCYOYtDj@m_nhAbuNfKY}5cGFN&KV4gmlF
zFoFRJ0)hbn0JC2&)6^ACe9}!C#hqAW#5IiCw1+z8wyga6&?Q>U^Q7fl{U(kLtEDre
ze3naq+52)}JD8E4(Ox4%R%B}r8M77{Vx@0`n3b}$f^c2J$ha*oi=7;M3HA!a=$tQ>
zq+X!U*wCoT(Zw6Y9z5|iTmi!Fk@5@ZL~F6&f{A*u*2GxiyI8QMA~}ir0&&>w+k=hw
zY26E7t1!LEMm4vz&*mC}W-Pmap??NF1@5R-8_>*A2RNvHv`CxE>s=I|Uy6*3jy7#C
zsYJ(|N>H7AcZZ(~)~URoHPZxSFgmbDZ8sc3YmphjgVb%2Q_aldCGp|<c}G(IfY#;g
ztemFpuL1)B00961LQ}57imtWO6sy!9LT*NlCMHl66zp9}CUqh*!MYo3vB>bPL5>&U
zNZ~5krHVWsOms2#++m?=t2z9vpO{7%NlGQBlh}XB*+a)p5KURU`nxV+{Mfm0EE-lh
z&WH?>#8RzkSgLq%8EwUd5H^-MUq4#5Z|_0wCKph<X)Ff^BB<Qc5Rqlbd&0;7c~yDv
zA2Flyc%es)`HobOE|xYN^I_(CiTWKRr@am1>Zi5pk!&xAO`dH(FxzowDFI$hxGKp!
z)E$j=`Vy}0kTG!m?BXfS!N5K1d$flb!QTl($$EketeNRcrrvtIy+`XUlJ8os45|VG
z{ub7n)I8z)E?aB{<o|bp^(y1x1qeUA_Z!DzU`)TGV}nLu<e(tzQ`$ixg?;Cp(-6!|
zyY`dpP!NU#Cytt%lut<PPHWwHZPYKXTJgkf{7unl|2Qw*7yV|ky(>ls9JvwL-$qH!
z{~Bdr0gCtGBF?2(vMujfop3_|6fqsH6HNel&%k{zC`M0f*qysyt%J(<QSbAuxDQC@
z;04fk$VoX+SWgm{d_#s%FG(O{BC=BA<cbt#T}p%#em1qPl(4rCqE~{edZdI01cP-&
z-)4Q&#q+F(#jhw1y-f|{)?OLWg<`gjj|a~tzIy9WbN_U8nlA)d%o~661sDs5rM3y}
z1^bq$zhD~t+*K+bhdgcsClHu9)Q1RZXWp0Q2rwAV!F1;~1f4)nn}Ox!4zAr)H82-B
z{@{^mw<;RK-n-T?ez}!^oFHE@=exi;rcD&{bIBVy%{FwLoNy6>y;T_5qQ|kxRKP?-
z(gQyHQ+s-~$6Yc^>~;Udxu<vug+v#)M@e<Cke^3tOL0mpZX1-wIuvbI;`q_^Uy2Ev
zs`@G5CYF60p&BfRCr#DvRqwj3*y>F#gBq5_b`GaQT`?y-G`to~&^3bMI1q1Kh=qVI
zbWNianz<=VNNs7()v{W0oavmU8-*e)^~<pwt`Noys1h5)4EWL}S=_kR6=Jk<3kyOt
zvPC`blqUC8wlg=#yaj^KNM?R9)G{Z068lt}Q!3dtq+D9zH(15gm=<G=1a(PFz7}}@
zC%9m!feC>;eQG?i#uvz2WQT!Pw+sNB`U;GpS=gY0cfb9L@+`QTS+tQfPaj6U&Dazu
zLle-{lXwahTqW=sg62g=UoV!!>cFe`{5oXv^S;udFy_#NADb<*eA$K-uYRjDf*k@Q
zO?FjyuB_d3WyW@6MCSM0E`g*b3(~b$ox!W1sjPcru9Avkwfr9BX&{eskCyZJ`i8FX
z3%}tzGmW+#DIU)5Izff;4LQ)6W4|fs#%7oLOZjX$=i^rS`N{YO&*ztnq|z{hY^dp0
zAKL)A5g3+}85(Bh^_hJWqYJXzFEmH|C+bt(lUs-=>I6-{?>1U(t_Dme04DUSNEC+(
z{*&I5Eq`wZTC5TOl*k2_c@b?9+I7ecc1Us<y5~Zw*?mZclx%H?vN&zr*_a=`yg-$}
zxwk{<H^+XQ`Il6?r!*(%p5j6mt_5KK0Qe?yg)YWFN<lHm+Zp%~-taU1x)5^xf2(8-
zw=chWO+v7dhdb^Ib*VnHDN=lG#R0f$ZW52B3GM1di?F=IH~<4FTzaeVD3F#zU##4(
za_(`160H310nZuf^N~uVs0a)JM%)V9Glj#|{$_Q_#8!P=OpBXNU{Z=PwonP~LU1ck
z7wwq1BVD*n1iDZFSneK}T0Q27Cnw7(CU3@4i8|$GD}027`5N_nJXo7|hbL+9Sg1K^
z_&c!N(Sn>=8Q}zf(G@ZRA(!$F%YXY-AmSP_w0$uSQlF#AZNLmp%E>LsX_;7RUw!!A
z8U>eJc(XEdqEAoK#*CH87@ELyhbs2bixJqQQq<Qi;sI;?{TnoYqLW*)?kqzG%t7sq
zDkSUlB<y3D?9E%)ad7LaNe5OS&u@bv>qx*~ZO(A6bBE+0O0#9D>=s<%NL%`~xftft
z&vf4hkm(Q0<DkU~a}}Hh2kgmFm8&3pa8+GLPw7AMtYl_PG{_4a>wV~d4b$P4Zy8G#
zi^4ceSFjd7w}gJd)?2KMDRNXjTn7(*A}_oW48qlMfBCKRxgNnA2IW?g>&bdB=Q{CX
zdoi~<P~^^5`XGlgQ13=qm#|@NN)_+=B!=~|@OM~;jza)VJjnjwG~gBRYu6MQbET{F
zsTGt2G`3ZE!v4K9nKOZe_>Ne?>zK=Roc0yq&f4Wzq^$&;cOq~zdV5lz^M+gvUbr9X
z%kSr;BTc40(PtX_Kvs+F&B}c($%snGi#%sdt;;V#KEw3h43h3pFy!IpUjZbay%BYx
zq#ZR>u0{<tEFD==zp_=<9$1s{!cnitMV3k<`s8$e5e5CaSnHa{;%pH07;*>B@D;T7
zq8Q}GnXJ1BW1$Z#lzZ4{4X%}&XM-H$VHPRLwrih4&d%0W@kLgrOIZ+SY7=8#&OB~g
zQu7EmffH<KzTO9UjHVdAEhRIc^qtughSBB2RSNYYayd#mg~q_mux@JGFIicaW0~Ur
zR#?zYfE~B08m_#QnE~{(-M7)pZ*2PaZIlTRHS*Bf65SMtsXc2(OOlS9&BbcJqzrAb
zUdmZTnO`A&*HnETHDsvA#~O1gt?hIDUjEYt`+J~j5xJH&Cnlwrt0^n^{MUUv9>Fp`
z?>=qFko+nsZ0IkAg*tjan1NukB>f)*a_wmM<Wwgi2vdOvaZTWnSQ6@`$)hy%5a$wb
zUea+!)_)xuwa&HiU<X4v3)}1MPVHu+2VzdC#_R2s0?vw3Bmo7W9yaStDK96fXvYRi
z*lu5C9e*6Zoeyc)t_}S$9XB4*@GgJI!b2y<uaU^wuhqTw1-q(mGcrA$g^muWzQ7^j
zN6<k_zgizno@pR%gzyyqcT%T3mJcCi=y<j|oWbWL55(*@iWh4l{10)r@BNZMkSV4N
z1L>s@DN+4pMcNrY7UDC^oH?apHCtDX1PURM#^M(?yP!B1rl2W@MIyXCw{GJ{UU)&V
zRGvFE5g5FdB{;#cqnjCts8n~<^ICZO3TKSoq7fBHo)1x1@#Hd=1}W4cm-Hh680N*a
zgpIPlqZR9>Ont*tA{HEcu?1MQBOHa0<e3SxfKL$*Ps!F>&O0_E7cu)X)yqq#Rj(Yb
zRQCs|0nj%wW0TD`L#Q)4&j!)Xu^Y>~E~ncRq1W9#FAHT##is3E<J>C_DYH>!u>pBX
z%|>qPW-5<&Yh5FPj2sjSVCUB#EcjSDQ;1v3NA8lh^<df?`Fa1u)$<Oc24-Z!RObL)
z_XuKF?P)DbFM94@)x>eIT23|)$H*t}v9Snz0Jp_^svdx|=(xyF2+v{_J((XtN!(%4
zdDXaVW5ky(7ub$rBTZ!P6P!L}VIcs$EApwex)GrE%fF>SvFK-gE`rF<>t!U7#X+Z<
zqXWL^1hSb0cKt!<P0QIq?+?ZlE)sx+0>WUX+2W=kkUXsw-KU8lKH>jE_HvkmeU!c~
zaK=v;{}~q<1=b7FHsM~fgZx0gtDg6|WxK9jv8Hi$El{1oxJv_>(m7Gz7i?kSJG)g?
zNge6(WWTBCAR7e_7a2Y-UqcQsI>F%zMnK<=TX=)Iueq3C9Wvx>_~|9Z;r^9#{+2Hw
zLIooYx}QCBNfWoy2%TogfRMKMLWByW^)Vzpc3DTY2zx9*m(Ho7!;ndQO#lC2LOGSC
z_t`tabo?E&J3>gSUiyRNDPe?Kl4^_B`VT!T=_4{GZp9vVu<18DlU1;qcC8KF8H75A
zNJ_<dR{Sa^I5&mC$RFHF&Ue<T7IFS*NO5TbwNJ8Zh%H`{oqy{mu$`mh`_%ked-e&p
zQ*bOA;8?!N28(PGSc%<W`b?zjdcwm-g1+uGXedc{ifDjAU*qkHja4BA{c|co@^LQ#
zELX**O{@o02a$|Wzlc-tGWY;ndBLmz{}>?PLfvFvfSbXOHyO|Z?HU#zYrv9dk%WoY
z56f~HWJQ_qCe!Zu#58J5n&>H)RbijldAh-^><DE%dEFtkT;a<P&#Z<j%ec)>C3gIJ
zO#x?*sXHTZUq0KNgSi5_;bo(<fnA=+tFR0D3LTcpW^hE^@4t;IUSi|Grz_LB@3=B&
z15{i9WY-6j66Ovrxcz-2&1iy@WgZ?kYYdwGR{l+lyS>zaeSpltl@yf;Wq4=I$AY<+
zzK9SRD`i;BQEGrxz>#T~Ij)PbZ$Gi7p5!$EowM`@&<r6@FuBnDEfXyDzcpbUVqs2c
z;VxjZxzV&f4^7K>e<_UGKhO-7&B82=R;oMi_#HpaJHTVba`-|4D0@&5!0JI*MabYF
zgO3!{0cIB~w}(_N)W?X$sSIBVBX)Sv(}xR(?+W0u4vfX2&?Tw9>B5QvqCN%=kf-{U
z?fT!Na7fN2Hm;B1iP8qD5&$%|bP#&C?o5HxtC_A<hHoFzHaOT$YO*EKhd`ULlqjdq
LOn6!AdliNDc5#zo

literal 0
HcmV?d00001

diff --git a/test/testvectors/symmetric.cdoc b/test/testvectors/symmetric.cdoc
new file mode 100644
index 0000000000000000000000000000000000000000..b916c3dc997de0309b83b3087a7d76973a31960e
GIT binary patch
literal 3573
zcmV<R4GQu@L{CEk0002I3;+NC2mlNK2ml8F2mk;8000011ONa40RR916aWAK000gE
z7yuUl5C9AS2ml8F4gdfE00001EC2ui3;+NCPyhe`00004761SMV{&C-bY)+2d2MZF
zbaH89Uu<DwWo!TdAOHXWiYgHzF>r(0QhPIYWoIE4glyAU@kE_ZKP>**uTBw%000I6
z2mk~C1^@s61ONa4AOHXW*;+eK@|E2(Ve_0ae}?x91xg)mxx$S&GC6COCSZUVH!`aW
zCWLNy(NfdD;R9s`%1r7@(XrZybQhxI+A!fpj9~as7))jTc90@aOgc1|<SK6@JaIqp
z(+5TVbgCG#Rt?M@p^@AgEk8}uP9kOszx{25v`LEN^h5i8T`g3Yuz;NV#0bJxnD$B-
zWkV=xjvDFP{L?c56Jx8blLPg63!zd^gQ9Oa7QGLi++#1`{iK^8PPn4Cy{(v82xGRL
z7?rdn)^1aayYxL1Y>rxO6|>y7B!QXXP_c&8FU6;)UZOa?nEqf)qL`|Hq<qkc?BGI8
zQZh^3&C(W((VWKxAWX@tXTL?tIuby7hVo8g|E_Z>t~6i&v%3b^$)0nLL%ReV9Mv-C
zdd2}o8e<ejYm-!g$IXKHm1snEO!r~&c#3L*B?2{4H1taSEcrU*v0ew;b#%kw5(me!
zw1V0Xr2p1BUf&S{n+v;Ot?6CTClLOts^<C#e-}jhzQKV*>{dr6<+Kwmdq{nGP%Gdx
zvqVvM*7xB~#`+!%3{QfpCpGnmGP(+%N!-G~b`_g5iAy7TGQfh*KfJ!G^ZZ}2rM3e8
zV6GZ6W97hCfFS!+6ehlB(d)ZjV8YrSq~HVBW2Eb|6r%S9Mu9flKNM2<?TKgHo4R69
zum}69C|wWM!W$P@{>&>#vL?coL^z&E@T-Sg4(hwgydDLmI`h<CXR7%cE-h11)3zxj
zkL&UCQ<AAyLTb4|$h_4lEFBU)_ijMO)$?+th)8s4IQr|oD6DaIVcbRl8WVW1Wk~N^
ztZuln2SQmjz`Qv5iH93EoHzp@$fs-GC>q6nd<6!ScATN-=c%q3tIFjNh4{gkI?R8k
zy-~*Q4KKaVdx)WkJxU<;?H>v|@@K3`PEzk3W4V75451w(-9o`t#i_U?iz{V>wF=pT
z1VeeKzZM$eC(Xyeww+6z4k`fS7Sv~lX)EkktUtXcLyCfymfZCI-YLd#Km<`utRvR}
zI-tIMkIo*sAXv(IZ?1h-2$o`9iQVoUC=9;Wb)mov{3dk4mWc)!;xIomNsZ)%H!gco
z%=84n9t)OzLooC;<Is4Uq4rn@yo~^<wf^Hxmswx`u^ooiHuZUuV!8({Ug{d`Skx&N
znY_m*Uq_5ezNK*uaPRJ;xwnJIsh!rvQ=?ua;NV8&Y|tC`jKP~4*{h-RP#d5tuZ76u
z`%(>i95*dTeH#tHYguo;>;w0WXG*Sw+rE4KCGYpWDn{Eyyylm@+rq>4@fTjgu{;Y<
zOxVh4zN+8*h;GhVOK8L8u)jUYKZ2cQ7#sY|x(?PcMi@na(gvpf^WxsUcAc|)-ygQt
zk8ig`F05!=zTuq!XUzs4Np4+I&J(HRRC6Zf3#O0rpQ{@qiD-DL2VKDR>G9@`3fzSs
zrfsi&OlR^l!WM2T(R&N*Z)?-$(|6#UVg^4N<SmbCwOgc@ob==4v4+66cpd&gjS3|q
z(JZW_VuAx*1@I$es3FC`@UZLd)O~Qt3N+kUXN+__7={Jo)KcYz1>SDY4H@tyM>xCK
z_1J+d2@p0BcARVTrm;lo^>jb5C5KVe@9_h#q_0h%n%mcS7$8<s4yrL<VG(9B>n+n|
zR5&^M8YBtTQWTg2#xLjcD=z9~cd|?ztBP|XwiUWstx2U*_XyjM7fT5a8p>YA`TLMr
zBE->}hS&X01|2a!UzYfXB(n#}=Y&Z~mHWVn9Y=4SS7NkorN_Mgzq}cI4`p=2_SlO?
z$+DJjGoGo525<|sVp;sHnTYPgBozg2jTZGNqF^kTK2QtglO#^#PuGoD1y#DSXt!k3
zUWvsaVp!JNI^A#CM0ZxOl#B?UG!Dw0Q;nSV88Vnom<R}EDWvB0$nUbQ>$!6Re+_N=
zeVaco1u8?MeK_8zX=HEQglVH?LTveCV|FxCI-L?*(u_3?7z(2-Zz^LUN*9EPy$;y!
z?FLg@cq47!wem>J?0krF##~qe$rkuGK+=)=*3h_EA-pnQVQtHCN$uVQZWmqI^zg(_
zm&-dX9`w=R-m0;=I^>4<4^fyI-9}h*-CXky6?=6gK4iAH#<<+L>uYVg5_AkE(kZqI
zds6l?BMX`hctHoiQATC#P$iC&0p6=#c_IwB0OHZ10W7b?4rsfv;OrMf>;Ci4r2{F|
ziW}-ufg3(yz8sUwz#O-j>G<581pQ*?Il-~TZ9oVd{t`ZL*cVsLj=mwj?5X#m`HQ|8
zSoiR>ke<K}@T8&8J&;*Ske#?`zD2#DxiyyhSgbK5)9zc%c2)<e$XIvCF!p~;lgp*_
zw`@zJFM=il&1bH|jhrM45u0+K<ah_y*+=;_o@_zi*uVl6@4=6yK#H59`{;eFsW02Y
zEZlRGtjO8DRZ9U(hCIvN0$MK5P-+kR{^zuMvGU);AsPKyaLG8|I>(GfD&~aqzpWMc
zol{869m^Opu9cOz6=pC?LfIonWG$2;apl$SlEi*l?rCO=H<+2`Rl@YzDO$kCa&Sab
zb+?e_l8--L2$G|9f(QZB(xI>LTAi3V1F>F8xxTwM4k)K=_Z_!2PiZbAw6r&X>!K{C
zk@srWRka+kz;0bY7qVyPC&soYMjbU67#XBF4?n5Xa0`=;DyE{3?MKO6&Y+_3cCiiS
zZ8YtqrC1uOq@rP>8{0B;%1PnK-Q)s+U$vX44L?Ywqoy4}ON|q|#2Q*X_xO?)SE(uU
zWX_??Ip(xH6*@3g@ic6Er1~z|qsJ7G+!JKSC!sRD&)Kr*`7ItJbvE39!n-i`Wf}6G
z7nkjpb@b7CF|l!P{CXj%{V0uyB~Lrvncqf^>!J+lL5_buvO@>sr%3Hn^d~bC3=s7V
z7(7zyE*X*9GwUBxD5E9}f}lJvYzVJmH^tLb%%;`JhV6G&GDePt<PKkbrr#o~+x#6g
z-|7HygI91~uNwV>5m!pe+`xnYZHKe8@p#Y>{b+R0UC5|cblVEi4yx6fIkU`$3&_jb
z<7i+sDQG&tnJrr<S;)Bn#CtXzDfV=Z-z-T)IVjh{qEsMaYEbo2%{zG5ALjP${k*-R
zK-uPSms2|N=`!V{fG_%}89Jiq@MT5$`d;9Es!}L`QlUt=d)^*@;P-u5%lLY?Zn57J
z!d&ru&;>Dj2c#Uqgt;Ru%sn0sc!~4zo8bD@Ti6jjrHzWRcbT|ZMjjdJJ9pn@4M7<2
zB3Uvs&>1eCR13}M!;|*O5UtPloi__sxMY{TLXRO;O6Ge*ffO8>-jt0NAe;ogu%xkT
zjA8ROP~`T>1U$-W;R%T(t9>SO^B3e)q^|DsZ;fk&1LS3dj7L}W$-}6G8@x|MrEx6o
zrrlx|4mGhg9DPLucioNn$ugO_3thZer6B?~Sa27?SSPiuXOF;rlJ!iBp^bgw^T^b?
z15ytp7<#+c_mucv)~Qh%snu5+jE%b*4UJH&cHmUWts{8z?H6^ix{I}Ha}Y)n7;s{e
z^m8$KPqmR6<4|GDj1(@`qN7SjC45O&(hCQUqlUGg+_K1Hs7g+yx#(Iwc%^O%=X6L+
zvT2R+7B&DjUiO?6C$veI3Xy(nk`tBh33^vFOeFtCM<9@0=Z8$EgYYzNvV6bOg~5`h
zG+)jp0*}}^dPx;C+}Q6)s=;u`4`8<Ipew<!CZdiphPmUe1C(F#mC|X7Z5Zh1`=C%L
zdc>vAo529B`1JMWt)Ch|jVH^y?$wfL3OaRbb|AfSR4BEkr7r6u))PnwRLo&31^_3{
zlS}ICa0hqG$2c{B--XrFPE_qtu)ehS&_4A|NL+eC{lsyg`u>INhrtig=fl8mc7$xZ
zzpuFJ$*p)-(dTv~kWS}!p%4979%xTInrWxG&Ct_;Z6Uqoj6Pf4_Y&+T9~J>sg59Wl
z1u?4lP2e2sjR8(19o)W{YhiAhl@Po>@YX+lM_Q{&B!#Pm?Bt{=>=5uh*YL#jm6!`l
zeL}lE-^8%stD{)=|F>(!FgkYVn#%L}eK{YdLVCWLSkVyBrD&iHm|*s(l$2|gF9Wiw
zj*um;D-TN_%X_X`CK!U;Bnu#!n?{a8aS`3ZQHraM`qNA7L?Y63-j8K0kb&Q7c1R?0
zMblWZ*kSJk#jP&jus;t+t(!F<i;VyF)XtQ*Ri=I-6P!z7L@+~4$?4b;xDwTFAT$y?
zuo81!_EZy!-jlQxO&IDPmC*_RA2-9C!pozjz|OtjSt0zvBZJGQ#{eEv4$^8#ScvyC
z{Lpbu&E#W*I#0$CQR&i><K(45#W)lK-BzJZx26;x>h|N`qA1(WOTGSSulw`cE_9p*
zIb%4~CUiM}1c(kJDDv?(_UQaBzOVuIS6Go4!Egs_@5tif#2d5Svd2=g3l-K`_?nYB
zs4p5PmU#`1%m;9IZ|FJ<9@>v(QKf7RS35Y#axQVx0_`!>HkPn?9<-YgH3OSUCMS+t
v&Sq-eIMPe)9`xIMD|O2+3AOO`x~;A<@WZN!Z#VuI+2x!stM+z8DNi0dGULrA

literal 0
HcmV?d00001

diff --git a/test/testvectors/symmetric_longfilename.cdoc b/test/testvectors/symmetric_longfilename.cdoc
new file mode 100644
index 0000000000000000000000000000000000000000..ec0be2e7c7bc6e46583da55cb1f2d1c4988cf84a
GIT binary patch
literal 444
zcmZ>E@poooU|`t510*;Ycz~E4h{1r71xPUhu?U#U#~{HV&L99)!v_{)U{nCoAiXX?
z3<NA(K%ykIxFkL&F)1~Nfk6St=XJke5qBqAJk|Ph{Duj~jP3Zv70V9n>-w^!-)qxb
zy~PX+Y(P6%fF#fWAO`7qG_|qvlk?6O_Qz!Z#k(FiX0WoZH{9&U9epkE{+dMZdvjLg
zF5GiS(fPx(;JDO@@d*uY+H;?7RJ?HZS;!oPr)lZSMFN%YTz%7#;CkbaJ746K)HIRc
zS#QOT{kXU+oqy48tA+(THTD@7Osm@DH|cThiRpFy5x(#GJ!k%Zk^Xki`_4=1A1W#*
z*C`d%iF5puV%1v6C=&Nl_keH8lrX{jo6IeDY;J3)neKO>X~B&L*AM(`+Puu#^!Ku$
z)}Dk?{YP6ps%mF{{2?&&<lnb)ZVk6}Gn-V+1YPaamb#Ulk_f-}Py5bauX=S>^{>@A
zlP&5dA30_`KcTTObxw}N6y+DS+;09Sn?GLnK7P(o@TCmnd9g-uMJv~iuM;}Y3om`B
Ox}wm4_2(0rfFJ-Hkf|^L

literal 0
HcmV?d00001


From 2a92bb81e61371fff3e678216e89b3df98d0ae26 Mon Sep 17 00:00:00 2001
From: Rainer Metsvahi <rainer@cyber.ee>
Date: Tue, 9 May 2023 11:15:43 +0300
Subject: [PATCH 4/9] Add readme

---
 README.md | 1 -
 1 file changed, 1 deletion(-)

diff --git a/README.md b/README.md
index 3f811c54..9bdb515f 100644
--- a/README.md
+++ b/README.md
@@ -4,7 +4,6 @@
 
 CDOC 2.0 is a new version of [CDOC](https://www.id.ee/wp-content/uploads/2020/06/sk-cdoc-1.0-20120625_en.pdf) (CDOC lib [cdoc4j](https://github.com/open-eid/cdoc4j)), featuring additional security measures with optional server backend. CDoc version are not compatible. Additional background info can be found in [CDOC 2.0](https://www.ria.ee/media/2340/download).
 
-
 Current CDoc 2.0 supports five scenarios
 
 ## CDoc 2.0 ECDH scenario

From ccb98e4c053a10fcdf13e0de85a21379fdb7433e Mon Sep 17 00:00:00 2001
From: Rainer Metsvahi <rainer@cyber.ee>
Date: Tue, 9 May 2023 14:42:06 +0300
Subject: [PATCH 5/9] Remove test keys

---
 .../cdoc2-rsa-test-sk-cert.pem                |  34 ------------------
 .../cdoc2-rsa-test-sk.p12                     | Bin 3117 -> 0 bytes
 .../cdoc2-rsa-test-sk.pem                     |  30 ----------------
 .../cdoc2-test-pulk-cert.pem                  |  34 ------------------
 4 files changed, 98 deletions(-)
 delete mode 100644 cdoc20-server/keys/sk-signed-test-certs/cdoc2-rsa-test-sk-cert.pem
 delete mode 100644 cdoc20-server/keys/sk-signed-test-certs/cdoc2-rsa-test-sk.p12
 delete mode 100644 cdoc20-server/keys/sk-signed-test-certs/cdoc2-rsa-test-sk.pem
 delete mode 100644 cdoc20-server/keys/sk-signed-test-certs/cdoc2-test-pulk-cert.pem

diff --git a/cdoc20-server/keys/sk-signed-test-certs/cdoc2-rsa-test-sk-cert.pem b/cdoc20-server/keys/sk-signed-test-certs/cdoc2-rsa-test-sk-cert.pem
deleted file mode 100644
index 87edb099..00000000
--- a/cdoc20-server/keys/sk-signed-test-certs/cdoc2-rsa-test-sk-cert.pem
+++ /dev/null
@@ -1,34 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIF6DCCA9CgAwIBAgIQHgkki303FchjfzSjknpsbjANBgkqhkiG9w0BAQsFADCB
-jjELMAkGA1UEBhMCRUUxIjAgBgNVBAoMGUFTIFNlcnRpZml0c2VlcmltaXNrZXNr
-dXMxITAfBgNVBAsMGFNlcnRpZml0c2VlcmltaXN0ZWVudXNlZDEXMBUGA1UEYQwO
-TlRSRUUtMTA3NDcwMTMxHzAdBgNVBAMMFlRFU1Qgb2YgS0xBU1MzLVNLIDIwMTYw
-HhcNMjIxMTI0MDkwODIzWhcNMjMxMjA0MDkwODIzWjCBhzERMA8GA1UEBRMIMTAx
-NDAxMzMxETAPBgNVBAgMCEhhcmp1bWFhMRAwDgYDVQQHDAdUYWxsaW5uMQswCQYD
-VQQGEwJFRTEXMBUGA1UECgwOQ3liZXJuZXRpY2EgQVMxDDAKBgNVBAsMA0lUTzEZ
-MBcGA1UEAwwQQ3liZXJuZXRpY2EgVGVzdDCCASIwDQYJKoZIhvcNAQEBBQADggEP
-ADCCAQoCggEBALJtSa9whHzC8IlQFMMznnywSScwqrJ42U+bjMhmMPZCtZ0nWZ6B
-Jbo1f9K9+afbAnIWmGArV8u1K98qUgAzNQ1AlRgw1eo3tSIrss4GJ6sQQgq+gms0
-7HoVfbuotx6VaSiQ610Y1Bv75zTwA/gB22Tze7ZUptLMrgmp2FiRvb/9uR9T5+35
-7adAww7xKnk5b1HeQpwwahnaHaUJViNJWicts831gP5oIq+o5ZKCoMT/2O0fmIX1
-AB0IgCVg6tDQu79BiC21SrE+6kGiDIdJIUJya36DG+oXI3CW4cGTR+SLzZ1COQiv
-bATIwGj+BBPOY287J7AeLcrTpvQObM1azM8CAwEAAaOCAUUwggFBMAkGA1UdEwQC
-MAAwVAYDVR0gBE0wSzAyBgsrBgEEAc4fBwECBjAjMCEGCCsGAQUFBwIBFhVodHRw
-czovL3d3dy5zay5lZS9jcHMwCAYGBACPegEBMAsGCSsGAQQBzh8JAzATBgNVHSUE
-DDAKBggrBgEFBQcDAjAfBgNVHSMEGDAWgBQuG4+7AS80+NowBItcwfJcJePY9zAO
-BgNVHQ8BAf8EBAMCBLAwHQYDVR0OBBYEFKfbFczwi+aiD4OFqdAcd1brCxXWMHkG
-CCsGAQUFBwEBBG0wazAtBggrBgEFBQcwAYYhaHR0cDovL2FpYS5kZW1vLnNrLmVl
-L2tsYXNzMy0yMDE2MDoGCCsGAQUFBzAChi5odHRwczovL2Muc2suZWUvVEVTVF9v
-Zl9LTEFTUzMtU0tfMjAxNi5kZXIuY3J0MA0GCSqGSIb3DQEBCwUAA4ICAQCWXFJX
-1/CMeIw/t/WdCQy43/bg9JYT/2q1UTTTHR59fa+XFqUpeUCI6CEofLrzyWzdsgwb
-3qfKmUfb0XFyGvjl1qq1Rwveb6ysJWiKCp2ve3zFM7hof6XIPpGmEGEYbgWMLpbg
-FGQ0XSEuGckQLUNtz4Rkr6ZD1qD4Qc7K3C1iqHxuFqY5iPs5YoaV42NZXVtrpdxR
-syfCj72nC9yCEhb7N3rxv2kRx9Kgd7c+8w+nA6xfHMm3aSDZJBqnkAi8Xh+25dRJ
-wGz0oKyW62CAj2H2phgLq4SJWZk2htTCTI2OJhreDS+KuuwgwSFrGz3Gji9UJCUy
-PavHUfizBB006GP+ryVQpqF/8nRoDmCH9/nB1Jp3X6XYc7sJoeEshVxhGyBFgbKa
-+0i9YNi0/Jagk8cO/kE1bnuKklPbeqpv/Ogxvh5HpeYkHPqVo5GzIqTLU54tBZsz
-03dAQdX+/Sa5sbyWKR6/cNAE02a00WHlIxcQQZbLsAjdjLXjq9LHkCx2TxrOarto
-bxZMKq9U2DQA4wmwx/S1zZhI058TlqeicA47OWWUKCqzL6hiALNCmyPaRL+vT/9t
-xkSDtgd+kPNG2xoskN7ijyr9CzTe9OQKodWWd8J6dzDsCRALOXlI1ZgJL1RGF+xY
-WAvn3f+hN4b3bCRNF0lL/p3DWrflH4mlCJ7X8Q==
------END CERTIFICATE-----
\ No newline at end of file
diff --git a/cdoc20-server/keys/sk-signed-test-certs/cdoc2-rsa-test-sk.p12 b/cdoc20-server/keys/sk-signed-test-certs/cdoc2-rsa-test-sk.p12
deleted file mode 100644
index b901be399eb4c381e713b16e2ad9c015d3ba49f2..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 3117
zcmV+|4AS#3f($7F0Ru3C3-1OADuzgg_YDCD0ic2l-~@sT+%SR**f4?yj|K@UhDe6@
z4FLxRpn?W~FoFhr0s#Opf(CU42`Yw2hW8Bt2LUh~1_~;MNQU<f0So~KFb)I=x9c5@
z|6&3l0s;sCfPw}{I6FImk%39k-ehQ8xo{1#TO{f?9f57r1%zxZ;&sy|u~VHB=AoUI
z;1qZ2fHU1euj1IARCHKhOCr_48dj5w@=nU$M)<>R%9LH9CPmV#0O>Q_!*2^0_9FvB
ztoBEZ`n-R}5I$Og#7$nPPfwchXYC5mQNRlk8V_B&usiBD+?P6Yr85L=tl-`@+ZU&E
z`4&2Dv)n$S)w5}s#`F{VV%RfJy6MW&++bAO38y7~w8-_5sDsDRGx;}+-E<XU0Mf|C
zZIoG|yj;un3OEEWr$d1Z)l)V~NYF>o*E;S1+SVAk;#pc+_vSqMK-@!Qt3ztOO2p(l
zYDP!|u<G8nKtCgy0J(rtG2acP6^E92KtiI0Wc|$)pHr!PL1f;F02ykziW|^XWfdGt
zc!x#gFLZd7q3V;)P3q;5F2~e35BRHguW|$UJCpL;V;~6zd`dhO*-VrfdPGc}nD!8C
z4wZq33k#CA(;g=0!`5<y-}aX+JB#dd2ydiwh{){}9AnS-0j^U;sjKTGvDH0V+6=!F
zuihPIS?y-69C<Bq{Ngtl7*Mn2J2Y8C<b>gH0uI7?T0`w<t%D*Y*Mf8kx98$El4;vd
z7^A>lnuQgdL=SAeAfkrfCAmdi=f8d8NQYY1JU$=t*Hs|zA7dpno8345>vY@fK*+)x
z3WOq|-vj#HIQqAeqRHU$i7u$j{0QZ!MD&HCZ`Gcu1X{>N3A%-&W-_&3&B!m;CVgSe
z;(U7n6?_PRg40Wx8sCidi)dfG62Yz`rM_WQ6yqR8$$M=&9O`>ggslFDWY87PhB6wx
zM3XtI=`;~oeDm`&m5vG6N<=6*b|wj1!1S#z5!dYYNB?T%ys^V4@mPZc3(BT@iIp7K
z!eh`USwVp>cGv1qe+7i5Es09v7)l^Sbe^cS=d(TDj}}q19ZfQduj&%pML$2LsAZY3
zF-frT+N;iHayGUS%FAi*ZIF)w)nK3QO`KjY@P1~uK?ky6Um$7qNEZ@)BREbsF9OhI
zm6W;_3xw8wfM~SF%#SS!;?_EHVqyc@x$gnBIaD`w^v*eb`~I2{=2LG01j9Ds``h&}
zuaemKrh=(@e_|=dhL&jo0Dp;p#qHlOIZpbTvKlQ(lOEC;uj6y~4v-<Opw~q6VI6ay
zcnJcdStl)qxw)v<;hQd^h(Br?>*W+Zx8=2|4G3)ZS7N?1&8Wo3Hg+!;NyyaNH)KZ?
z+Hp14JfE?4af)@!u&1&w4!L%BY}TUs^(&<Dg=9Aq<b)T0*nXkX6%L^na8tUCC2Mi+
z-e+k&aEhGEV@1}G+kh=iK<hED_W|K&&o@zQ>T&8{9);8WJgK|R^f;OOM>AQijIlHI
zS2F?wSh+t&p1=5YB7dh5A0=UtT?k?+KU`H(gW0}9lL#(oFyr39aP`Ch4*5+W5q)kt
zw@Etu*?R&aBR31@0nwvVbY%?Rv8i%4TnUlTtPiyAu|(HZ45qy|9SYhj%wsq%9AEgO
zvuK2CCs!H{zepSz%o`l}VPcj(gOA@B6pI>L$lED4DtS38YPbqMNo%wh_N{(X!rpa{
zkIX353i=i2MLj5aEv=T-Rvrj?F2f@=Ye)A)_#nq+R?1fwt8Fclr#l+xtiV1+#RTH%
zNb_lN=K`+{kmjrBS4tb1=SOB;FmP3)FPJO5B$^e$(SZW(qWv~n7p=HP2BG0=#|ksA
zlI+L*7F12TRR8Un7(^Vf#D;FiWnqhf*HRB_jLu2l*nh?TVw8v-T=aWYyRlk*Q#jdX
zJ$Ik{c)*I(1%uz0Sc)p?dx<;PJ&ct_lkV1YDP@CABbyKZk=z?zw?<iC^96(GEQq%-
zol8VrqM^;qSi)xVAhnh$Lg!c@S94xFOz|@a(G<;L-qx203YJ+^TZVJ_LB!}TX18bu
z8S;U#?Tr|wqud$$lKu=Y4Ty)AN+@V237KhZVcsO)m_f9lcU_SYj0y~e@U_&#x?5K_
z0bTYJz&g97o0st1Dz}Klo+Z=^nN+(cQdzvF|Ax(KhcdslW`bGL!(}8@Q7s!*$F)N=
zA%K6U$#<S%Ku6=(9^HTg%BzV+pbGAci=4mYSKIMA7b79hv12iRU5?D;*Rk=z#H>#r
zF}Q)0U@gkMFoFd^1_>&LNQU<f0S5t~f(0@Jf(0%xf(0rtf(0f93o3?4hW8Bt3<?1P
zpn?SMFoFc?FdPO7Duzgg_YDCI0Ru1&1PDE}(*V;Sw|)Ww2ml0v1jy+wrz*VDchY=2
zpgb(b;~zVo<5GLtXp>D_FUy48l{%Qsbm`!iyVcOhw(L|uZW@W5T4recH0Z^9b}sX>
zV{!H@$DHa8H|eQha;xd+?0&Tv$}2>Jmgqr4jR5=+sCWaX#KW}=ucG}z<UiSbe$5#F
z{)lI*sh=hZ^1cvQT62c*@I_oDGq70BL{~R{Xnzz^J$>~2s)`;a)=<)FG5iP?^mQ0L
z-cYXn)Ydi_w|&`71#Dz3#1vvIeV&`n$EhpNy;%Okv2~u&b||jC0pY7C@Kt&^iudIO
z>1PKaWXzkU`3f%@?R4|wBhBC6^1SNapdQ}Xon!CKCt4238)H+oHVif*nEwKUTO@@b
zokL;a;QDCQZRpCCI>#&xn8XF4_#XJNRIxK^+<N$17oU2O>t<`<?l8&G5v)31MJ;*5
zCmn$_{CF;tFru^F^=f}a_?@6dkn<_>P&&WP`}&_fZb>xfSwxV<dHNG_hQ#?_$$#;h
zHZ3V1xkBJ-xxR}kqqzv#BH?;(o1Jkrc3UU%v#Y<A?q)O#IjzhBxvcguNT9_0SjG~5
z6dvh`U((18E;Zre(w<DHXajHQ@@02^)cdXGcU=m^T(?rJsS$F)2+dl}B6*+c$Mx*G
zB|J@(u7I^=1=EZ|I!R57qmZDZTyr(`e*}5z@7|aL=iBtAl_J$A;MJe7gEy#j*U>|=
zCHQw(5XQD8zs48X6<`Y*wpm<GS^Y%^rTs~l*V}8rz4dNdjGwL1e7ueBf=%&8IqXK6
zMV{P<xfhGfmxknxtW{3Q!=SyF4wgc5w)sEqJ|d@zVps{7+@^RBG_R!5)&iyhPd32E
zIG5H6IDBinZ91pwmx-xRf%p2vV6pNqS74M#I$+Q~s_p9-M?>LYEKmtoRO553tc{{E
zk!+01!I7t3hLqip_-0Vol8tUsQ))?trK!u2k6L|W#OhIu^KUDGhHqDu^|KubaQsNz
z-)yMu^grSDwss%C(#PA<Jyg+y!9l!a0pNwnZU0M5fx+vE#Q3Rqr=rm%R29>M_T@mC
zrLjxnA!Kad@<fEai#4V!p+9~JfRgxS0XtK&;8fB@ZIHDe74Q^QudFn*5g{+grMyW1
z8l#Cr6L`#%kBJ`!`ib!n6gf!qF&iJ59)%I4HTFDG&7?nGOH0&c!q2wOSbP1t{?!IP
z{eu+@Fz*U@TrtH-yfPp!&R99;CZQZgc@zV}vJD&{pc6X@4P*&aV{~g%ep~t`D^ABD
z@oe|CFThsY8|$5=+f}EROLc$NZWt$FgXJ**?&+&Vxm2{~FCXo_Jr5As=fB2@Ge665
zGFW;btG?<}ax)E})kEpJDvv~WNIbf^z&iZ1h@~S6LX%TRi2EnNbXKC0kjmA<I2_$g
zhdTv!kpqtxzZquIwYgj-(y@s0vJpaLZ*5c>Lh5MZk#9GUzT}eMu-pO<y^N;SKqVre
zyizVgYqd;d9PtdpJIV%T(3H7*8<zHHUAnu%e@qS>cDQ|_c!Kb-1;e%Tv=yfOR&6sM
zDrw&}D%)XfH1xwvl6(y7d>-mFL%9tt-Ag1{BGAzmfr=-ryopqNR$jGatz`JY69x@>
z*<a|L`xDimI}NpQtw#7K=Mga_Fe3&DDuzgg_YDCF6)_eB6kLEp5u0r5(W^B@J|&pi
zDy?6B(l9YFAutIB1uG5%0vZJX1QdlNIqJ3ocJ8E*=lUbz*fDoEtPTVSq=nJf1Rb#~
H0s;sC3{}_-

diff --git a/cdoc20-server/keys/sk-signed-test-certs/cdoc2-rsa-test-sk.pem b/cdoc20-server/keys/sk-signed-test-certs/cdoc2-rsa-test-sk.pem
deleted file mode 100644
index fa802d6a..00000000
--- a/cdoc20-server/keys/sk-signed-test-certs/cdoc2-rsa-test-sk.pem
+++ /dev/null
@@ -1,30 +0,0 @@
------BEGIN ENCRYPTED PRIVATE KEY-----
-MIIFHDBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQIuIbyTA50WuwCAggA
-MAwGCCqGSIb3DQIJBQAwFAYIKoZIhvcNAwcECOV5Z1nBcp4MBIIEyMgW+t88ywzt
-wHUb61YzO3NZXuCdoIEzj1VsqP9BJDjJo4W2ghfYu3t9zYDmY+x9jxPR9hHoSyDF
-kDYdvAuwH7qcw/0bwdBFa+jtby9EtmlPEf6CjDCTgz+4dSKD0A9giTOuIKKMr7dk
-hq3Y4+WNQZV+HTmR4fNAgejwQ49miVYanpg/pqOmiRsLTI/hf7oUpGU+L9Y1g8ER
-Qsbnu4nWqX75/fx/BQPSZYONIS21iPzPmplmarzVKrzozatPDrl+xIdqlTOOdt5V
-/J4Rj0aKSm9Cz2StAUbcTujsS9RppdKOKBp5hW2yoMA9eChl5Ox4EvResOinucYe
-NOLUL5dqXQoVu8KRGSLkvY+h2Qe7+m/Mej28oarZ+kkHux5AE2M+YddMI213n+a5
-12RO3M+Gor8OadZ1iL/881AO2szk30ot1prmqKmO4SMvRLWxslN3ojN/qs0Ms154
-xBto3rOMWY04fJlPcWYQaxTWf5n35W9cAibQMSfVEqhc025nTGlU16ES7jphx674
-l5hUjWDMc6qnGh765poSUbm7Az6+rott214glWrWzTSHYM/NfLRm/I++GYvrEbRx
-r349cP0lksNTgfMuA5bPGDLaKqeYJpJHpa3M5GA071vMinNBIBg8k1AuI6sIKcrC
-lkGbPHM1G/F37jwsFpy5gSRKLNPV1A2KOHU6fVStn1MjnOB+RUdoTfzuihz2mmyF
-XKJJODGZ9afR/lzdukbjFYACsjH2Pg+ua0MU9ayrv1UI2Wr26sUE1Vws762DbQI7
-s5un3lnxymbEOtwA3RLdgaKOovRqlfxktF8E+dQNcO9uBOfGjSfwr3DJv/NEQ+rb
-zEvAI5Jk6uWXXcx1Pz6t9vk3VUr+v9lOWPQ+1FWLLpI01Mneti2zR2UP384omY/4
-fz43bKkCNaF0iEAwQEJu1cQ7KReeVCmzmAyj2k/78vAFdf1E/0gW+nPt/a86m1NY
-39+sMAN2mCxV6YbpnJApjkjidABsu4TGggGFQZG9i9AvPJC4A437dR2vsoPWu4Kj
-gaLI8LaqncQXBR/oLI8w/x5Yvdj+B/pviIh8t6eKB2UWrJJPI8LeFM4bOPAz2LfK
-YfM9F/pl2igxRSHyDGTFokFMsqQL4iw4QvzBjkM8FKDkv41rJZY0p6msiKJ4sz0N
-TKfEjV0Qv9mogT9sqntgYS60wtBip7SgeWvjZ/PXt/2x8UxfOMavid+6WBG8vYkm
-2zsKmM3/X8h3RAEdFs+sS/AL7MAX7whg0gZkQVIrmQVj9k4x3bdVVHRWWFArg4CO
-XW7UU6JbC8UWDegtJ5G4D8x6OI/A535xKeLoVZarxA70J/gVdpmT18ld2HOXb6PI
-H6vLcVL97FmHYhX28BchoiIwDTL3e8pxclqXd57jWNnNlaT8o4TEymiiyb92U1FT
-CDJzAS7A4F3vhWw4PUBnBnsu2SZUftQuc+TPH/beYaH63K5K3vj1KlcPGrmcC+QV
-OD0UberT93ew/tBlcb5kFtGcIybsDdlPIlOnB58MZ1z+mQRGQ7d6ulu7Ofu3dDQ1
-NLzLhsmXSmnS/n0WpFpRiQsTZWXHCRogJBtr8hN4K6TPXqzQ+P5qRrHWj1+WtduU
-18SCuByFtIh+70dV3WSybw==
------END ENCRYPTED PRIVATE KEY-----
diff --git a/cdoc20-server/keys/sk-signed-test-certs/cdoc2-test-pulk-cert.pem b/cdoc20-server/keys/sk-signed-test-certs/cdoc2-test-pulk-cert.pem
deleted file mode 100644
index e3b0f743..00000000
--- a/cdoc20-server/keys/sk-signed-test-certs/cdoc2-test-pulk-cert.pem
+++ /dev/null
@@ -1,34 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIF0zCCA7ugAwIBAgIQXME0W7N+oYpjfzRA+PKOJjANBgkqhkiG9w0BAQsFADCB
-jjELMAkGA1UEBhMCRUUxIjAgBgNVBAoMGUFTIFNlcnRpZml0c2VlcmltaXNrZXNr
-dXMxITAfBgNVBAsMGFNlcnRpZml0c2VlcmltaXN0ZWVudXNlZDEXMBUGA1UEYQwO
-TlRSRUUtMTA3NDcwMTMxHzAdBgNVBAMMFlRFU1Qgb2YgS0xBU1MzLVNLIDIwMTYw
-HhcNMjIxMTI0MDkwNjUyWhcNMjMxMjA0MDkwNjUyWjCBhzERMA8GA1UEBRMIMTAx
-NDAxMzMxETAPBgNVBAgMCEhhcmp1bWFhMRAwDgYDVQQHDAdUYWxsaW5uMQswCQYD
-VQQGEwJFRTEXMBUGA1UECgwOQ3liZXJuZXRpY2EgQVMxDDAKBgNVBAsMA0lUTzEZ
-MBcGA1UEAwwQQ3liZXJuZXRpY2EgVGVzdDCCASIwDQYJKoZIhvcNAQEBBQADggEP
-ADCCAQoCggEBAKnQVWrAULAAmFMadHBf0XUBhustBFdyGulNbtR6dtbPT1kbLY5L
-DgmR5ujcOhBccYOjOT56FIH/Zwt2bFty+Z/Q3AXNYlnIDZ6Y7E9l3bVd1OeA/ErI
-xbUI243Fb8cYifEO1wiWRgtQcs9o7haKGozg0e6Ym43hQcMPS9Yn/Pf56cg/T/OP
-6zfWWoa0Ggci3isYIGkwsn4pa0mCmgWgXBuonfhhRKo/6adTW79gKjhuHMKTjMF/
-KfH3/WegPNTS7vBnEePUldYE5KOlMkw+5XpY0kWAj1mAP3N+iLbA+bTERMx14MH5
-Sco57VZnlBnfhxoASJBUe+w6VjnZFeckENUCAwEAAaOCATAwggEsMAkGA1UdEwQC
-MAAwVAYDVR0gBE0wSzAyBgsrBgEEAc4fBwECBjAjMCEGCCsGAQUFBwIBFhVodHRw
-czovL3d3dy5zay5lZS9jcHMwCAYGBACPegEBMAsGCSsGAQQBzh8JBDAfBgNVHSME
-GDAWgBQuG4+7AS80+NowBItcwfJcJePY9zAOBgNVHQ8BAf8EBAMCBLAwHQYDVR0O
-BBYEFC0uIYgU2tj/tgljpU7Q7iz2p4rjMHkGCCsGAQUFBwEBBG0wazAtBggrBgEF
-BQcwAYYhaHR0cDovL2FpYS5kZW1vLnNrLmVlL2tsYXNzMy0yMDE2MDoGCCsGAQUF
-BzAChi5odHRwczovL2Muc2suZWUvVEVTVF9vZl9LTEFTUzMtU0tfMjAxNi5kZXIu
-Y3J0MA0GCSqGSIb3DQEBCwUAA4ICAQBziHzJ8qCSAyEEjjjU1IhI+iEphCNJHju9
-p+edcwooaKQXjwdNTNekXGKfv2Zq++fFpe5j0PPnrD2sKa5+PiNX139O5DCj7mHe
-egKyXJtXuilxou5Ye62qtkxh64YwFf15aI6m3cnxw6UMEx/ZK7qxvZURD7wBLpGj
-45fZxXtITxmhjWH0b5pVLhigj2pesAPjzB5Z21T1tTGKkmEk71H2dLZkLUGEAPGL
-1LjYNfP+/PFPG9YXSF7UK/TDwFwGWK2EE1eFkOkkhCLKZ2/9ijU0r+phVDYvFSU1
-Fb0IgsxuFKFCd24XDySB2iYvaqa4XBC+Wr26phIHR8qF0ulTdCsBHqYyvVzQzeJL
-ARhYQN7HDckwCYSM5UIOUgcInDBpokAbaHeZhV9VcJzom0holGT794SjoF/tAdNC
-X4xvpTuLpJeB/gN8F5ogjGKOrQw+1Hkfxueld/Avlr7sFDdUUqKl/xJn/evBDz0E
-CjWSoc4gJP9t1bI4S7KI9rSnZLrJIQHl7hlpM9n6sF+KjqQNToCJlR7MBSBMspy2
-lH1FDzZ7QDSBHxiwnZN9BIqHpXQ9tUCj5UH50lPthGYxbzIELdJS1kfMkpxtM+0y
-BmJER1f1v78z81fFYd+eVK2no3Ef7WrJeYVqr87Bsktt9Ms04Xj0hfyEWJLWGOWJ
-jiY8+HJvzg==
------END CERTIFICATE-----
\ No newline at end of file

From daeb63474a54c19cd920eb760563f586ef1ded89 Mon Sep 17 00:00:00 2001
From: Rainer Metsvahi <rainer@cyber.ee>
Date: Tue, 9 May 2023 14:50:44 +0300
Subject: [PATCH 6/9] Cleanup

---
 README.md | 2 --
 1 file changed, 2 deletions(-)

diff --git a/README.md b/README.md
index 9bdb515f..31cdba71 100644
--- a/README.md
+++ b/README.md
@@ -196,5 +196,3 @@ For more info, see
 [Maven Non-interactive Release](https://maven.apache.org/maven-release/maven-release-plugin/examples/non-interactive-release.html)
 
 
-
-

From 2b41606adfc514e553c653f0d77c91a495cfbb25 Mon Sep 17 00:00:00 2001
From: Rainer Metsvahi <rainer@cyber.ee>
Date: Tue, 9 May 2023 14:52:59 +0300
Subject: [PATCH 7/9] Fix style

---
 cdoc20-server/README.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/cdoc20-server/README.md b/cdoc20-server/README.md
index 0f0b1e2c..17d4964c 100644
--- a/cdoc20-server/README.md
+++ b/cdoc20-server/README.md
@@ -1,4 +1,4 @@
-#Running locally (dev)
+# Running locally (dev)
 
 This file describes how to run cdoc20 key servers in your local development machine, without external dependencies
 
@@ -41,7 +41,7 @@ where VER is the version of the package built by mvn package previously.
 Note: to enable TLS handshake debugging, add `-Djavax.net.debug=ssl:handshake` option
 
 
-#Testing
+# Testing
 ## Create Key Capsule
 Run from cdoc20-server/keys directory or adjust paths to certificates and keys
 

From 3a32ccc609ab8d1b7bdd72bd36b8e2696ca2d2eb Mon Sep 17 00:00:00 2001
From: Rainer Metsvahi <rainer@cyber.ee>
Date: Tue, 9 May 2023 14:58:18 +0300
Subject: [PATCH 8/9] Fix style

---
 gatling-tests/README.md | 1 -
 1 file changed, 1 deletion(-)

diff --git a/gatling-tests/README.md b/gatling-tests/README.md
index d9c148f9..28f2b280 100644
--- a/gatling-tests/README.md
+++ b/gatling-tests/README.md
@@ -101,7 +101,6 @@ Open Model is implemented for CDOC 2.0 server load tests, meaning that continuou
   Test lasts 10 cycles x 60 seconds = 600 seconds = 10 minutes.
   Each next test cycle has 5 concurrent users more. Last cycle will have 60 concurrent users for 1 minute.
 
-
 * Sample configuration for relatively stable slowly growing load:
 
   - start-users-per-second = 100

From 4fa3028298e7f1ea5414e3215dbfd8b0e9b49409 Mon Sep 17 00:00:00 2001
From: Rainer Metsvahi <rainer@cyber.ee>
Date: Wed, 10 May 2023 10:24:27 +0300
Subject: [PATCH 9/9] Update changelog

---
 CHANGELOG.md | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 7b740a01..6a31f888 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -5,9 +5,8 @@
 
 ### Features
 
-* Added Jenkins pipeline for uploading cdoc2.0 jar artifacts to RIA Nexus repository
-* Update and run key server instances also on cdoc2-keyserver-02.dev.riaint.ee host
-
+* Added Jenkins pipeline for uploading cdoc2.0 jar to artifact repository
+* Update and run key server also on second server instance
 
 ## [0.4.0] ChaCha Poly1305 MAC is checked before other errors are reported (2023-01-30)