| rfc9216.original.xml | rfc9216.xml | |||
|---|---|---|---|---|
| <?xml version='1.0' encoding='utf-8'?> | <?xml version="1.0" encoding="UTF-8"?> | |||
| <!DOCTYPE rfc [ | <!DOCTYPE rfc [ | |||
| <!ENTITY nbsp " "> | <!ENTITY nbsp " "> | |||
| <!ENTITY zwsp "​"> | <!ENTITY zwsp "​"> | |||
| <!ENTITY nbhy "‑"> | <!ENTITY nbhy "‑"> | |||
| <!ENTITY wj "⁠"> | <!ENTITY wj "⁠"> | |||
| ]> | ]> | |||
| <?xml-stylesheet type="text/xsl" href="rfc2629.xslt" ?> | ||||
| <!-- generated by https://github.com/cabo/kramdown-rfc2629 version --> | <rfc xmlns:xi="http://www.w3.org/2001/XInclude" ipr="trust200902" docName="draft | |||
| <rfc xmlns:xi="http://www.w3.org/2001/XInclude" ipr="trust200902" docName="draft | -ietf-lamps-samples-08" number="9216" obsoletes="" updates="" submissionType="IE | |||
| -ietf-lamps-samples-08" category="info" obsoletes="" updates="" submissionType=" | TF" category="info" consensus="true" xml:lang="en" tocInclude="true" sortRefs="t | |||
| IETF" xml:lang="en" version="3"> | rue" symRefs="true" version="3"> | |||
| <!-- xml2rfc v2v3 conversion 3.12.0 --> | ||||
| <front> | <front> | |||
| <title>S/MIME Example Keys and Certificates</title> | <title abbrev="S/MIME">S/MIME Example Keys and Certificates</title> | |||
| <seriesInfo name="Internet-Draft" value="draft-ietf-lamps-samples-08"/> | <seriesInfo name="RFC" value="9216"/> | |||
| <author initials="D.K." surname="Gillmor" fullname="Daniel Kahn Gillmor" rol | <author initials="D. K." surname="Gillmor" fullname="Daniel Kahn Gillmor" ro | |||
| e="editor"> | le="editor"> | |||
| <organization abbrev="ACLU">American Civil Liberties Union</organization> | <organization abbrev="ACLU">American Civil Liberties Union</organization> | |||
| <address> | <address> | |||
| <postal> | <postal> | |||
| <street>125 Broad St.</street> | <street>125 Broad St.</street> | |||
| <city>New York, NY</city> | <city>New York</city> | |||
| <region>NY</region> | ||||
| <code>10004</code> | <code>10004</code> | |||
| <country>USA</country> | <country>United States of America</country> | |||
| </postal> | </postal> | |||
| <email>dkg@fifthhorseman.net</email> | <email>dkg@fifthhorseman.net</email> | |||
| </address> | </address> | |||
| </author> | </author> | |||
| <date year="2022" month="February" day="02"/> | <date year="2022" month="April"/> | |||
| <area>int</area> | ||||
| <area>sec</area> | ||||
| <workgroup>lamps</workgroup> | <workgroup>lamps</workgroup> | |||
| <keyword>Internet-Draft</keyword> | ||||
| <abstract> | <keyword>pkix | |||
| </keyword> | ||||
| <keyword>encryption | ||||
| </keyword> | ||||
| <keyword>security | ||||
| </keyword> | ||||
| <keyword>authentication | ||||
| </keyword> | ||||
| <keyword>S/MIME | ||||
| </keyword> | ||||
| <keyword>smime | ||||
| </keyword> | ||||
| <keyword>email | ||||
| </keyword> | ||||
| <keyword>mail | ||||
| </keyword> | ||||
| <keyword>confidentiality | ||||
| </keyword> | ||||
| <keyword>certificate | ||||
| </keyword> | ||||
| <keyword>pkcs8 | ||||
| </keyword> | ||||
| <keyword>pkcs #12 | ||||
| </keyword> | ||||
| <keyword>x509 | ||||
| </keyword> | ||||
| <keyword>"test vector" | ||||
| </keyword> | ||||
| <abstract> | ||||
| <t>The S/MIME development community benefits from sharing samples of signe d or encrypted data. This document facilitates such collaboration by defining a small set of X.509v3 certificates and keys for use when generating such samples. </t> | <t>The S/MIME development community benefits from sharing samples of signe d or encrypted data. This document facilitates such collaboration by defining a small set of X.509v3 certificates and keys for use when generating such samples. </t> | |||
| </abstract> | </abstract> | |||
| </front> | </front> | |||
| <middle> | <middle> | |||
| <section anchor="introduction" numbered="true" toc="default"> | <section anchor="introduction" numbered="true" toc="default"> | |||
| <name>Introduction</name> | <name>Introduction</name> | |||
| <t>The S/MIME (<xref target="RFC8551" format="default"/>) development comm | <t>The S/MIME (<xref target="RFC8551" format="default"/>) development | |||
| unity, in particular the e-mail development community, benefits from sharing sam | community, in particular the email development community, benefits from | |||
| ples of signed and/or encrypted data. | sharing samples of signed and/or encrypted data. Often, the exact key | |||
| Often the exact key material used does not matter because the properties being t | material used does not matter because the properties being tested | |||
| ested pertain to implementation correctness, completeness or interoperability of | pertain to implementation correctness, completeness, or interoperability | |||
| the overall system. | of the overall system. However, without access to the relevant secret | |||
| However, without access to the relevant secret key material, a sample is useless | key material, a sample is useless.</t> | |||
| .</t> | <t>This document defines a small set of X.509v3 certificates (<xref | |||
| <t>This document defines a small set of X.509v3 certificates (<xref target | target="RFC5280" format="default"/>) and secret keys for use when | |||
| ="RFC5280" format="default"/>) and secret keys for use when generating or operat | generating or operating on such samples.</t> | |||
| ing on such samples.</t> | <t>An example RSA Certification Authority is supplied, and sample RSA | |||
| <t>An example RSA certification authority is supplied, and sample RSA cert | certificates are provided for two "personas", Alice and Bob.</t> | |||
| ificates are provided for two "personas", Alice and Bob.</t> | <t>Additionally, an Ed25519 (<xref target="RFC8032" format="default"/>) Ce | |||
| <t>Additionally, an Ed25519 (<xref target="RFC8032" format="default"/>) ce | rtification Authority is supplied, along with sample Ed25519 certificates for tw | |||
| rtification authority is supplied, along with sample Ed25519 certificates for tw | o more "personas", Carlos and Dana.</t> | |||
| o more "personas", Carlos and Dana.</t> | <t>This document focuses narrowly on functional, well-formed identity | |||
| <t>This document focuses narrowly on functional, well-formed identity and | and key material. It is a starting point that other documents can use | |||
| key material. | to develop sample signed or encrypted messages, test vectors, or other | |||
| It is a starting point that other documents can use to develop sample signed or | artifacts for improved interoperability.</t> | |||
| encrypted messages, test vectors, or other artifacts for improved interoperabili | ||||
| ty.</t> | ||||
| <section anchor="requirements-language" numbered="true" toc="default"> | ||||
| <name>Requirements Language</name> | ||||
| <t>The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", " | ||||
| SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" i | ||||
| n this document are to be interpreted as described in BCP 14 <xref target="RFC21 | ||||
| 19" format="default"/> <xref target="RFC8174" format="default"/> when, and only | ||||
| when, they appear in all capitals, as shown here.</t> | ||||
| </section> | ||||
| <section anchor="terminology" numbered="true" toc="default"> | <section anchor="terminology" numbered="true" toc="default"> | |||
| <name>Terminology</name> | <name>Terminology</name> | |||
| <ul spacing="normal"> | ||||
| <li>"Certification Authority" (or "CA") is a party capable of issuing | <dl> | |||
| X.509 certificates</li> | <dt>"Certification Authority" (or "CA"): | |||
| <li>"End-Entity" is a party that is capable of using X.509 certificate | </dt> | |||
| s (and their corresponding secret key material)</li> | <dd>a party capable of issuing X.509 | |||
| <li>"Mail User Agent" (or "MUA") is a program that generates or handle | certificates | |||
| s <xref target="RFC5322" format="default"/> e-mail messages.</li> | </dd> | |||
| </ul> | ||||
| <dt>"End Entity" (or "EE"): | ||||
| </dt> | ||||
| <dd>a party that is capable of using X.509 certificates (and their | ||||
| corresponding secret key material) | ||||
| </dd> | ||||
| <dt>"Mail User Agent" (or "MUA"): | ||||
| </dt> | ||||
| <dd>a program that generates or handles email messages (<xref | ||||
| target="RFC5322" format="default"/>) | ||||
| </dd> | ||||
| </dl> | ||||
| </section> | </section> | |||
| <section anchor="prior-work" numbered="true" toc="default"> | <section anchor="prior-work" numbered="true" toc="default"> | |||
| <name>Prior Work</name> | <name>Prior Work</name> | |||
| <t><xref target="RFC4134" format="default"/> contains some sample certif | <t><xref target="RFC4134" format="default"/> contains some sample certif | |||
| icates, as well as messages of various S/MIME formats. | icates as well as messages of various S/MIME formats. | |||
| That older work has unacceptably old algorithm choices that may introduce failur | That older work has unacceptably old algorithm choices that may introduce failur | |||
| es when testing modern systems: in 2019, some tools explicitly mark 1024-bit RSA | es when testing modern systems: in 2019, some tools explicitly marked 1024-bit R | |||
| and 1024-bit DSS as weak.</t> | SA and 1024-bit DSS as weak.</t> | |||
| <t>This earlier document also does not use the now widely-accepted PEM e | <t>This earlier document also does not use the now widely accepted | |||
| ncoding (see <xref target="RFC7468" format="default"/>) for the objects, and ins | Privacy-Enhanced Mail (PEM) encoding (see <xref target="RFC7468" | |||
| tead embeds runnable Perl code to extract them from the document.</t> | format="default"/>) for the objects and instead embeds runnable Perl | |||
| <t>It also includes examples of messages and other structures which are | code to extract them from the document.</t> | |||
| greater in ambition than this document intends to be.</t> | <t>It also includes examples of messages and other structures that are g | |||
| <t><xref target="RFC8410" format="default"/> includes an example X25519 | reater in ambition than this document intends to be.</t> | |||
| certificate that is certified with Ed25519, but it appears to be self-issued, an | <t><xref target="RFC8410" format="default"/> includes an example | |||
| d it is not directly useful in testing an S/MIME-capable MUA.</t> | X25519 certificate that is certified with Ed25519, but it appears to | |||
| be self issued, and it is not directly useful in testing an S/MIME-capab | ||||
| le | ||||
| MUA.</t> | ||||
| </section> | </section> | |||
| </section> | </section> | |||
| <section anchor="background" numbered="true" toc="default"> | <section anchor="background" numbered="true" toc="default"> | |||
| <name>Background</name> | <name>Background</name> | |||
| <section anchor="certificate-usage" numbered="true" toc="default"> | <section anchor="certificate-usage" numbered="true" toc="default"> | |||
| <name>Certificate Usage</name> | <name>Certificate Usage</name> | |||
| <t>These X.509 certificates (<xref target="RFC5280" format="default"/>) | <t>These X.509 certificates (<xref target="RFC5280" format="default"/>) | |||
| are designed for use with S/MIME protections (<xref target="RFC8551" format="def | are designed for use with S/MIME protections (<xref target="RFC8551" format="def | |||
| ault"/>) for e-mail (<xref target="RFC5322" format="default"/>).</t> | ault"/>) for email (<xref target="RFC5322" format="default"/>).</t> | |||
| <t>In particular, they should be usable with signed and encrypted messag | <t>In particular, they should be usable with signed and encrypted messag | |||
| es, as part of test suites and interoperability frameworks.</t> | es as part of test suites and interoperability frameworks.</t> | |||
| <t>All end-entity and intermediate CA certificates are marked with Certi ficate Policies from <xref target="TEST-POLICY" format="default"/> indicating th at they are intended only for use in testing environments. | <t>All end-entity and intermediate CA certificates are marked with Certi ficate Policies from <xref target="TEST-POLICY" format="default"/> indicating th at they are intended only for use in testing environments. | |||
| End-entity certificates are marked with policy 2.16.840.1.101.3.2.1.48.1 and int ermediate CAs are marked with policy 2.16.840.1.101.3.2.1.48.2.</t> | End-entity certificates are marked with policy 2.16.840.1.101.3.2.1.48.1 and int ermediate CAs are marked with policy 2.16.840.1.101.3.2.1.48.2.</t> | |||
| </section> | </section> | |||
| <section anchor="certificate-expiration" numbered="true" toc="default"> | <section anchor="certificate-expiration" numbered="true" toc="default"> | |||
| <name>Certificate Expiration</name> | <name>Certificate Expiration</name> | |||
| <t>The certificates included in this draft expire in 2052. | <t>The certificates included in this document expire in 2052. | |||
| This should be sufficiently far in the future that they will be useful for a few decades. | This should be sufficiently far in the future that they will be useful for a few decades. | |||
| However, when testing tools in the far future (or when playing with clock skew s cenarios), care should be taken to consider the certificate validity window.</t> | However, when testing tools in the far future (or when playing with clock-skew s cenarios), care should be taken to consider the certificate validity window.</t> | |||
| <t>Due to this lengthy expiration window, these certificates will not be particularly useful to test or evaluate the interaction between certificate exp iration and protected messages.</t> | <t>Due to this lengthy expiration window, these certificates will not be particularly useful to test or evaluate the interaction between certificate exp iration and protected messages.</t> | |||
| </section> | </section> | |||
| <section anchor="certificate-revocation" numbered="true" toc="default"> | <section anchor="certificate-revocation" numbered="true" toc="default"> | |||
| <name>Certificate Revocation</name> | <name>Certificate Revocation</name> | |||
| <t>Because these are expected to be used in test suites or examples, and we do not expect there to be online network services in these use cases, we do not expect these certificates to produce any revocation artifacts.</t> | <t>Because these are expected to be used in test suites or examples, and we do not expect there to be online network services in these use cases, we do not expect these certificates to produce any revocation artifacts.</t> | |||
| <t>As a result, none of the certificates include either an OCSP indicato | <t>As a result, none of the certificates include either an Online Certif | |||
| r (see <tt>id-ad-ocsp</tt> as defined in the Authority Information Access X.509 | icate Status Protocol (OCSP) | |||
| extension in S.4.2.2.1 of <xref target="RFC5280" format="default"/>) or a CRL in | indicator (see <tt>id-ad-ocsp</tt> as defined in the Authority | |||
| dicator (see the CRL Distribution Points X.509 extension as defined in S.4.2.1.1 | Information Access X.509 extension in <xref target="RFC5280" | |||
| 3 of <xref target="RFC5280" format="default"/>).</t> | sectionFormat="of" section="4.2.2.1" format="default"/>) or a Certificat | |||
| e Revocation List (CRL) | ||||
| indicator (see the CRL Distribution Points X.509 extension as defined | ||||
| in <xref target="RFC5280" sectionFormat="of" section="4.2.1.13" | ||||
| format="default"/>).</t> | ||||
| </section> | </section> | |||
| <section anchor="using-the-ca-in-test-suites" numbered="true" toc="default "> | <section anchor="using-the-ca-in-test-suites" numbered="true" toc="default "> | |||
| <name>Using the CA in Test Suites</name> | <name>Using the CA in Test Suites</name> | |||
| <t>To use these end-entity certificates in a piece of software (for exam | <t>To use these end-entity certificates in a piece of software (for exam | |||
| ple, in a test suite or an interoperability matrix), most tools will need to acc | ple, in a test suite or an interoperability matrix), most tools will need to acc | |||
| ept either the Example RSA CA (<xref target="sample-rsa-ca" format="default"/>) | ept either the example RSA CA (<xref target="sample-rsa-ca" format="default"/>) | |||
| or the Example Ed25519 CA (<xref target="sample-ed25519-ca" format="default"/>) | or the example Ed25519 CA (<xref target="sample-ed25519-ca" format="default"/>) | |||
| as a legitimate root authority.</t> | as a legitimate root authority.</t> | |||
| <t>Note that some tooling behaves differently for certificates validated | <t>Note that some tooling behaves differently for certificates validated | |||
| by "locally-installed root CAs" than for pre-installed "system-level" root CAs) | by "locally installed root CAs" than for pre-installed "system-level" root CAs) | |||
| . | . | |||
| For example, many common implementations of HPKP (<xref target="RFC7469" format= | For example, many common implementations of HTTP Public Key Pinning (HPKP) (<xre | |||
| "default"/>) only applied the designed protections when dealing with a certifica | f target="RFC7469" format="default"/>) only applied the designed protections whe | |||
| te issued by a pre-installed "system-level" root CA, and were disabled when deal | n dealing with a certificate issued by a pre-installed "system-level" root CA an | |||
| ing with a certificate issued by a "locally-installed root CA".</t> | d were disabled when dealing with a certificate issued by a "locally installed r | |||
| oot CA".</t> | ||||
| <t>To test some tooling specifically, it may be necessary to install the root CA as a "system-level" root CA.</t> | <t>To test some tooling specifically, it may be necessary to install the root CA as a "system-level" root CA.</t> | |||
| </section> | </section> | |||
| <section anchor="certificate-chains" numbered="true" toc="default"> | <section anchor="certificate-chains" numbered="true" toc="default"> | |||
| <name>Certificate Chains</name> | <name>Certificate Chains</name> | |||
| <t>In most real-world examples, X.509 certificates are deployed with a c hain of more than one X.509 certificate. | <t>In most real-world examples, X.509 certificates are deployed with a c hain of more than one X.509 certificate. | |||
| In particular, there is typically a long-lived root CA that users' software know s about upon installation, and the end-entity certificate is issued by an interm ediate CA, which is in turn issued by the root CA.</t> | In particular, there is typically a long-lived root CA that users' software know s about upon installation, and the end-entity certificate is issued by an interm ediate CA, which is in turn issued by the root CA.</t> | |||
| <t>The example end-entity certificates in this document can be used with | <t>The example end-entity certificates in this document can be used eith | |||
| either a simple two-link certificate chain (they are directly certified by thei | er with a simple two-link certificate chain (they are directly certified by thei | |||
| r corresponding root CA), or in a three-link chain.</t> | r corresponding root CA) or in a three-link chain.</t> | |||
| <t>For example, Alice's encryption certificate (<xref target="alice-encr | <t>For example, Alice's encryption certificate (<tt>alice.encrypt.crt</t | |||
| ypt-cert" format="default"/>, <tt>alice.encrypt.crt</tt>) can be validated by a | t>; see <xref target="alice-encrypt-cert" format="default"/>) can be validated b | |||
| peer that directly trusts the Example RSA CA's root cert (<xref target="rsa-ca-c | y a peer that directly trusts the example RSA CA's root cert (<tt>ca.rsa.crt</tt | |||
| ert" format="default"/>, <tt>ca.rsa.crt</tt>):</t> | >; see <xref target="rsa-ca-cert" format="default"/>):</t> | |||
| <artwork name="alice-validate-two-hops" type="" align="left" alt=""><![C | <artwork name="alice-validate-two-hops" align="left" ><![CDATA[ | |||
| DATA[ | +==============+ +-------------------+ | |||
| ╔════════════╗ ┌───────────────────┐ | || ca.rsa.crt ||-->| alice.encrypt.crt | | |||
| ║ ca.rsa.crt ╟─→│ alice.encrypt.crt │ | +==============+ +-------------------+ | |||
| ╚════════════╝ └───────────────────┘ | ||||
| ]]></artwork> | ]]></artwork> | |||
| <t>And it can also be validated by a peer that only directly trusts the | <t>And it can also be validated by a peer that only directly trusts the | |||
| Example Ed25519 CA's root cert (<xref target="ed25519-ca-cert" format="default"/ | example Ed25519 CA's root cert (<tt>ca.25519.crt</tt>; see <xref target="ed25519 | |||
| >, <tt>ca.25519.crt</tt>), via an intermediate cross-signed CA cert (<xref targe | -ca-cert" format="default"/>) via an intermediate cross-signed CA cert (<tt>ca.r | |||
| t="rsa-ca-cross-cert" format="default"/>, <tt>ca.rsa.cross.crt</tt>):</t> | sa.cross.crt</tt>; see <xref target="rsa-ca-cross-cert" format="default"/>):</t> | |||
| <artwork name="alice-validate-three-hops" type="" align="left" alt=""><! | <artwork name="alice-validate-three-hops" align="left"><![CDATA[ | |||
| [CDATA[ | +================+ +------------------+ +-------------------+ | |||
| ╔══════════════╗ ┌──────────────────┐ ┌───────────────────┐ | || ca.25519.crt ||-->| ca.rsa.cross.crt |-->| alice.encrypt.crt | | |||
| ║ ca.25519.crt ╟─→│ ca.rsa.cross.crt ├─→│ alice.encrypt.crt │ | +================+ +------------------+ +-------------------+ | |||
| ╚══════════════╝ └──────────────────┘ └───────────────────┘ | ||||
| ]]></artwork> | ]]></artwork> | |||
| <t>By omitting the cross-signed CA certs, it should be possible to test a "transvalid" certificate (an end-entity certificate that is supplied without i ts intermediate certificate) in some configurations.</t> | <t>By omitting the cross-signed CA certs, it should be possible to test a "transvalid" certificate (an end-entity certificate that is supplied without i ts intermediate certificate) in some configurations.</t> | |||
| </section> | </section> | |||
| <section anchor="passwords" numbered="true" toc="default"> | <section anchor="passwords" numbered="true" toc="default"> | |||
| <name>Passwords</name> | <name>Passwords</name> | |||
| <t>Each secret key presented in this draft is represented as a PEM-encod ed PKCS#8 <xref target="RFC5958" format="default"/> object in cleartext form (it has no password).</t> | <t>Each secret key presented in this document is represented as a PEM-en coded PKCS #8 (<xref target="RFC5958" format="default"/>) object in cleartext fo rm (it has no password).</t> | |||
| <t>As such, the secret key objects are not suitable for verifying intero perable password protection schemes.</t> | <t>As such, the secret key objects are not suitable for verifying intero perable password protection schemes.</t> | |||
| <t>However, the PKCS#12 <xref target="RFC7292" format="default"/> object s do have simple textual passwords, because tooling for dealing with passwordles s PKCS#12 objects is underdeveloped at the time of this draft.</t> | <t>However, the PKCS #12 (<xref target="RFC7292" format="default"/>) obj ects do have simple textual passwords, because tooling for dealing with password less PKCS #12 objects is underdeveloped at the time of this document.</t> | |||
| </section> | </section> | |||
| <section anchor="secret-key-origins" numbered="true" toc="default"> | <section anchor="secret-key-origins" numbered="true" toc="default"> | |||
| <name>Secret key origins</name> | <name>Secret Key Origins</name> | |||
| <t>The secret RSA keys in this document are all deterministically derive | <t>The secret RSA keys in this document are all deterministically derive | |||
| d using provable prime generation as found in <xref target="FIPS186-4" format="d | d using provable prime generation as found in <xref target="FIPS186-4" format="d | |||
| efault"/>, based on known seeds derived via <xref target="SHA256" format="defaul | efault"/> based on known seeds derived via SHA-256 (<xref target="SHA" format="d | |||
| t"/> from simple strings. | efault"/>) from simple strings. | |||
| The validation parameters for these derivations are stored in the objects themse lves as specified in <xref target="RFC8479" format="default"/>.</t> | The validation parameters for these derivations are stored in the objects themse lves as specified in <xref target="RFC8479" format="default"/>.</t> | |||
| <t>The secret Ed25519 and X25519 keys in this document are all derived b y hashing a simple string. | <t>The secret Ed25519 and X25519 keys in this document are all derived b y hashing a simple string. | |||
| The seeds and their derivation are included in the document for informational pu | The seeds and their derivation are included in the document for informational pu | |||
| rposes, and to allow re-creation of the objects from appropriate tooling.</t> | rposes and to allow recreation of the objects from appropriate tooling.</t> | |||
| <t>All RSA seeds used are 224 bits long (the first 224 bits of the SHA-2 | <t>All RSA seeds used are 224 bits long (the first 224 bits of the SHA-2 | |||
| 56 digest of the origin string), and are represented in hexadecimal.</t> | 56 digest of the origin string) and are represented in hexadecimal.</t> | |||
| </section> | </section> | |||
| </section> | </section> | |||
| <section anchor="sample-rsa-ca" numbered="true" toc="default"> | <section anchor="sample-rsa-ca" numbered="true" toc="default"> | |||
| <name>Example RSA Certification Authority</name> | <name>Example RSA Certification Authority</name> | |||
| <t>The example RSA Certification Authority has the following information:< /t> | <t>The example RSA Certification Authority has the following information:< /t> | |||
| <ul spacing="normal"> | <dl> | |||
| <li>Name: <tt>Sample LAMPS RSA Certification Authority</tt></li> | <dt>Name: | |||
| </ul> | </dt> | |||
| <section anchor="rsa-ca-cert" numbered="true" toc="default"> | <dd><tt>Sample LAMPS RSA Certification Authority</tt> | |||
| </dd> | ||||
| </dl> | ||||
| <section anchor="rsa-ca-cert" numbered="true" toc="default"> | ||||
| <name>RSA Certification Authority Root Certificate</name> | <name>RSA Certification Authority Root Certificate</name> | |||
| <t>This certificate is used to verify certificates issued by the example RSA Certification Authority.</t> | <t>This certificate is used to verify certificates issued by the example RSA Certification Authority.</t> | |||
| <sourcecode type="application/x-x509-ca-cert" name="ca.rsa.crt"><![CDATA | ||||
| [ | <sourcecode type="x509" name="ca.rsa.crt"><![CDATA[ | |||
| -----BEGIN CERTIFICATE----- | -----BEGIN CERTIFICATE----- | |||
| MIIDezCCAmOgAwIBAgITcBn0xb/zdaeCQlqp6yZUAGZUCDANBgkqhkiG9w0BAQ0F | MIIDezCCAmOgAwIBAgITcBn0xb/zdaeCQlqp6yZUAGZUCDANBgkqhkiG9w0BAQ0F | |||
| ADBVMQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQLEwhMQU1QUyBXRzExMC8GA1UEAxMo | ADBVMQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQLEwhMQU1QUyBXRzExMC8GA1UEAxMo | |||
| U2FtcGxlIExBTVBTIFJTQSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAgFw0xOTEx | U2FtcGxlIExBTVBTIFJTQSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAgFw0xOTEx | |||
| MjAwNjU0MThaGA8yMDUyMDkyNzA2NTQxOFowVTENMAsGA1UEChMESUVURjERMA8G | MjAwNjU0MThaGA8yMDUyMDkyNzA2NTQxOFowVTENMAsGA1UEChMESUVURjERMA8G | |||
| A1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNhbXBsZSBMQU1QUyBSU0EgQ2VydGlm | A1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNhbXBsZSBMQU1QUyBSU0EgQ2VydGlm | |||
| aWNhdGlvbiBBdXRob3JpdHkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB | aWNhdGlvbiBBdXRob3JpdHkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB | |||
| AQC2GGPTEFVNdi0LsiQ79A0Mz2G+LRJlbX2vNo8STibAnyQ9VzFrGJHjUhRX/Omr | AQC2GGPTEFVNdi0LsiQ79A0Mz2G+LRJlbX2vNo8STibAnyQ9VzFrGJHjUhRX/Omr | |||
| OP3rDCB2SYfBPVwd0CdC6z9qfJkcVxDc1hK+VS9vKncL0IPUYlkJwWuMpXa1Ielz | OP3rDCB2SYfBPVwd0CdC6z9qfJkcVxDc1hK+VS9vKncL0IPUYlkJwWuMpXa1Ielz | |||
| +zCuV+gjV83Uvn6wTn39MCmymu7nFPzihcuOnbMYOCdMmUbi1Dm8TX9P6itFR3hi | +zCuV+gjV83Uvn6wTn39MCmymu7nFPzihcuOnbMYOCdMmUbi1Dm8TX9P6itFR3hi | |||
| skipping to change at line 165 ¶ | skipping to change at line 237 ¶ | |||
| heSNUHUigVR9njTVw2EBz7e2p+v3tOsMnunvm6PIDgHxx0W6mjzMX7lG74bJfo+v | heSNUHUigVR9njTVw2EBz7e2p+v3tOsMnunvm6PIDgHxx0W6mjzMX7lG74bJfo+v | |||
| dx+jI/aXt+iih5pi7/2Yu9eTDVu+S52wsnF89BEJeV0r+EmGDxUv47D+5KuQpKM9 | dx+jI/aXt+iih5pi7/2Yu9eTDVu+S52wsnF89BEJeV0r+EmGDxUv47D+5KuQpKM9 | |||
| U/isXpwC6K/36T8RhhdOQXDq0Mt91TZ4dJTT0m3cmo80zzcxsKMDStZHOOzCBtBq | U/isXpwC6K/36T8RhhdOQXDq0Mt91TZ4dJTT0m3cmo80zzcxsKMDStZHOOzCBtBq | |||
| uIbwWw5Oa72o/Iwg9v+W0WkSBCWEadf/uK+cRicxrQ== | uIbwWw5Oa72o/Iwg9v+W0WkSBCWEadf/uK+cRicxrQ== | |||
| -----END CERTIFICATE----- | -----END CERTIFICATE----- | |||
| ]]></sourcecode> | ]]></sourcecode> | |||
| </section> | </section> | |||
| <section anchor="rsa-certification-authority-secret-key" numbered="true" t oc="default"> | <section anchor="rsa-certification-authority-secret-key" numbered="true" t oc="default"> | |||
| <name>RSA Certification Authority Secret Key</name> | <name>RSA Certification Authority Secret Key</name> | |||
| <t>This secret key material is used by the example RSA Certification Aut hority to issue new certificates.</t> | <t>This secret key material is used by the example RSA Certification Aut hority to issue new certificates.</t> | |||
| <sourcecode type="application/x-pem-file" name="ca.rsa.key"><![CDATA[ | <sourcecode type="pkcs8" name="ca.rsa.key"><![CDATA[ | |||
| -----BEGIN PRIVATE KEY----- | -----BEGIN PRIVATE KEY----- | |||
| MIIE+wIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQC2GGPTEFVNdi0L | MIIE+wIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQC2GGPTEFVNdi0L | |||
| siQ79A0Mz2G+LRJlbX2vNo8STibAnyQ9VzFrGJHjUhRX/OmrOP3rDCB2SYfBPVwd | siQ79A0Mz2G+LRJlbX2vNo8STibAnyQ9VzFrGJHjUhRX/OmrOP3rDCB2SYfBPVwd | |||
| 0CdC6z9qfJkcVxDc1hK+VS9vKncL0IPUYlkJwWuMpXa1Ielz+zCuV+gjV83Uvn6w | 0CdC6z9qfJkcVxDc1hK+VS9vKncL0IPUYlkJwWuMpXa1Ielz+zCuV+gjV83Uvn6w | |||
| Tn39MCmymu7nFPzihcuOnbMYOCdMmUbi1Dm8TX9P6itFR3hiIHpSKMbkoXlM1837 | Tn39MCmymu7nFPzihcuOnbMYOCdMmUbi1Dm8TX9P6itFR3hiIHpSKMbkoXlM1837 | |||
| WaFfx57kBIoIuNjKEyPIuK9wGUAeppc5QAHJg95PPEHNHlmMyhBzClmgkyozRSeS | WaFfx57kBIoIuNjKEyPIuK9wGUAeppc5QAHJg95PPEHNHlmMyhBzClmgkyozRSeS | |||
| rkxq9XeJKU94lWGaZ0zb4karCur/eiMoCk3YNV8L3styvcMG1qUDCAaKx6FZEf7h | rkxq9XeJKU94lWGaZ0zb4karCur/eiMoCk3YNV8L3styvcMG1qUDCAaKx6FZEf7h | |||
| E9RN6L3bAgMBAAECggEAE3tFhsm7DpgDlro+1Sk1kjbHssR4sOBHb4zrPp6c18PO | E9RN6L3bAgMBAAECggEAE3tFhsm7DpgDlro+1Sk1kjbHssR4sOBHb4zrPp6c18PO | |||
| 6T8gWuBcj1DzOzykNTzaMaDxAia4vuxVJB1mberkNHzTFqyb8bx3ceSEOCT3aoyq | 6T8gWuBcj1DzOzykNTzaMaDxAia4vuxVJB1mberkNHzTFqyb8bx3ceSEOCT3aoyq | |||
| 5fiFpR0L6Ba1vgg8RTvNCAIApHNa4pVk0XD8Wq+h7mlUAOYGbie5UO8/P2qWjcOz | 5fiFpR0L6Ba1vgg8RTvNCAIApHNa4pVk0XD8Wq+h7mlUAOYGbie5UO8/P2qWjcOz | |||
| skipping to change at line 196 ¶ | skipping to change at line 268 ¶ | |||
| 7v2x+m8rMqlyv+pkyWLV8KKytHmdiBzD+oTWxF7r4ueLjtaxngzxn93pAoGBAKpR | 7v2x+m8rMqlyv+pkyWLV8KKytHmdiBzD+oTWxF7r4ueLjtaxngzxn93pAoGBAKpR | |||
| rR9PnroKHubSE/drUNZFLvnZwPDv6lO8T978tONL372pUT9KjR8eN31DaMpoQOpc | rR9PnroKHubSE/drUNZFLvnZwPDv6lO8T978tONL372pUT9KjR8eN31DaMpoQOpc | |||
| BqvpSoQjBLt1nDysV2krI0RwMIOzAWc0E9C8RMvJ6+RdU50Q1BSyjvLGaKi5AAHk | BqvpSoQjBLt1nDysV2krI0RwMIOzAWc0E9C8RMvJ6+RdU50Q1BSyjvLGaKi5AAHk | |||
| PTk8cGYVO1BCHGlX8p3XYfw0xQaHxtuVCV8eYgCvAoGBAIZeiVhc0YTJOjUadz+0 | PTk8cGYVO1BCHGlX8p3XYfw0xQaHxtuVCV8eYgCvAoGBAIZeiVhc0YTJOjUadz+0 | |||
| vSOzA1arg5k2YCPCGf7z+ijM5rbMk7jrYixD6WMjTOkVLHDsVxMBpbA7GhL7TKy5 | vSOzA1arg5k2YCPCGf7z+ijM5rbMk7jrYixD6WMjTOkVLHDsVxMBpbA7GhL7TKy5 | |||
| cepBH1PVwxEIl8dqN+UoeJeBpnHo/cjJ0iCR9/aMJzI+qiUo3OMDR+UH99NIddKN | cepBH1PVwxEIl8dqN+UoeJeBpnHo/cjJ0iCR9/aMJzI+qiUo3OMDR+UH99NIddKN | |||
| i75GRVLAeW0Izgt09EMEiD9joDswOQYKKwYBBAGSCBIIATErMCkGCWCGSAFlAwQC | i75GRVLAeW0Izgt09EMEiD9joDswOQYKKwYBBAGSCBIIATErMCkGCWCGSAFlAwQC | |||
| AgQcpcG3hHYU7WYaawUiNRQotLfwnYzMotmTAt1i6Q== | AgQcpcG3hHYU7WYaawUiNRQotLfwnYzMotmTAt1i6Q== | |||
| -----END PRIVATE KEY----- | -----END PRIVATE KEY----- | |||
| ]]></sourcecode> | ]]></sourcecode> | |||
| <t>This secret key was generated using provable prime generation found i | <t>This secret key was generated using provable prime generation found | |||
| n <xref target="FIPS186-4" format="default"/> using the seed <tt>a5c1b7847614ed6 | in <xref target="FIPS186-4" format="default"/> using the seed | |||
| 61a6b0522351428b4b7f09d8ccca2d99302dd62e9</tt>. | <tt>a5c1b7847614ed661a6b0522351428b4b7f09d8ccca2d99302dd62e9</tt>. | |||
| This seed is the first 224 bits of the <xref target="SHA256" format="default"/> | This seed is the first 224 bits of the SHA-256 (<xref target="SHA" | |||
| digest of the string <tt>draft-lamps-sample-certs-keygen.ca.rsa.seed</tt>.</t> | format="default"/>) digest of the string | |||
| <tt>draft-lamps-sample-certs-keygen.ca.rsa.seed</tt>.</t> | ||||
| </section> | </section> | |||
| <section anchor="rsa-ca-cross-cert" numbered="true" toc="default"> | <section anchor="rsa-ca-cross-cert" numbered="true" toc="default"> | |||
| <name>RSA Certification Authority Cross-signed Certificate</name> | <name>RSA Certification Authority Cross-Signed Certificate</name> | |||
| <t>If an e-mail client only trusts the Ed25519 Certification Authority R | <t>If an email client only trusts the Ed25519 Certification Authority Ro | |||
| oot Certificate found in <xref target="ed25519-ca-cert" format="default"/>, they | ot Certificate found in <xref target="ed25519-ca-cert" format="default"/>, they | |||
| can use this intermediate CA certificate to verify any end entity certificate i | can use this intermediate CA certificate to verify any end-entity certificate is | |||
| ssued by the example RSA Certification Authority.</t> | sued by the example RSA Certification Authority.</t> | |||
| <sourcecode type="application/x-x509-ca-cert" name="ca.rsa.cross.crt"><! | <sourcecode type="x509" name="ca.rsa.cross.crt"><![CDATA[ | |||
| [CDATA[ | ||||
| -----BEGIN CERTIFICATE----- | -----BEGIN CERTIFICATE----- | |||
| MIIC5zCCApmgAwIBAgITcTQnnf8DUsvAdvkX7mUemYos7DAFBgMrZXAwWTENMAsG | MIIC5zCCApmgAwIBAgITcTQnnf8DUsvAdvkX7mUemYos7DAFBgMrZXAwWTENMAsG | |||
| A1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxNTAzBgNVBAMTLFNhbXBsZSBM | A1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxNTAzBgNVBAMTLFNhbXBsZSBM | |||
| QU1QUyBFZDI1NTE5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MCAXDTIwMTIxNTIx | QU1QUyBFZDI1NTE5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MCAXDTIwMTIxNTIx | |||
| MzU0NFoYDzIwNTIwOTI3MDY1NDE4WjBVMQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQL | MzU0NFoYDzIwNTIwOTI3MDY1NDE4WjBVMQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQL | |||
| EwhMQU1QUyBXRzExMC8GA1UEAxMoU2FtcGxlIExBTVBTIFJTQSBDZXJ0aWZpY2F0 | EwhMQU1QUyBXRzExMC8GA1UEAxMoU2FtcGxlIExBTVBTIFJTQSBDZXJ0aWZpY2F0 | |||
| aW9uIEF1dGhvcml0eTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALYY | aW9uIEF1dGhvcml0eTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALYY | |||
| Y9MQVU12LQuyJDv0DQzPYb4tEmVtfa82jxJOJsCfJD1XMWsYkeNSFFf86as4/esM | Y9MQVU12LQuyJDv0DQzPYb4tEmVtfa82jxJOJsCfJD1XMWsYkeNSFFf86as4/esM | |||
| IHZJh8E9XB3QJ0LrP2p8mRxXENzWEr5VL28qdwvQg9RiWQnBa4yldrUh6XP7MK5X | IHZJh8E9XB3QJ0LrP2p8mRxXENzWEr5VL28qdwvQg9RiWQnBa4yldrUh6XP7MK5X | |||
| 6CNXzdS+frBOff0wKbKa7ucU/OKFy46dsxg4J0yZRuLUObxNf0/qK0VHeGIgelIo | 6CNXzdS+frBOff0wKbKa7ucU/OKFy46dsxg4J0yZRuLUObxNf0/qK0VHeGIgelIo | |||
| skipping to change at line 227 ¶ | skipping to change at line 303 ¶ | |||
| BxcMp/EJKGU2GmccaHb0WTAfBgNVHSMEGDAWgBRropV9uhSb5C0E0Qek0YLkLmuM | BxcMp/EJKGU2GmccaHb0WTAfBgNVHSMEGDAWgBRropV9uhSb5C0E0Qek0YLkLmuM | |||
| tTAFBgMrZXADQQBnQ+0eFP/BBKz8bVELVEPw9WFXwIGnyH7rrmLQJSE5GJmm7cYX | tTAFBgMrZXADQQBnQ+0eFP/BBKz8bVELVEPw9WFXwIGnyH7rrmLQJSE5GJmm7cYX | |||
| FFJBGyc3NWzlxxyfJLsh0yYh04dxdM8R5hcD | FFJBGyc3NWzlxxyfJLsh0yYh04dxdM8R5hcD | |||
| -----END CERTIFICATE----- | -----END CERTIFICATE----- | |||
| ]]></sourcecode> | ]]></sourcecode> | |||
| </section> | </section> | |||
| </section> | </section> | |||
| <section anchor="alices-sample-certificates" numbered="true" toc="default"> | <section anchor="alices-sample-certificates" numbered="true" toc="default"> | |||
| <name>Alice's Sample Certificates</name> | <name>Alice's Sample Certificates</name> | |||
| <t>Alice has the following information:</t> | <t>Alice has the following information:</t> | |||
| <ul spacing="normal"> | ||||
| <li>Name: <tt>Alice Lovelace</tt></li> | <dl> | |||
| <li>E-mail Address: <tt>alice@smime.example</tt></li> | <dt>Name: | |||
| </ul> | </dt> | |||
| <dd><tt>Alice Lovelace</tt> | ||||
| </dd> | ||||
| <dt>Email Address: | ||||
| </dt> | ||||
| <dd><tt>alice@smime.example</tt> | ||||
| </dd> | ||||
| </dl> | ||||
| <section anchor="alice-verify-cert" numbered="true" toc="default"> | <section anchor="alice-verify-cert" numbered="true" toc="default"> | |||
| <name>Alice's Signature Verification End-Entity Certificate</name> | <name>Alice's Signature Verification End-Entity Certificate</name> | |||
| <t>This certificate is used for verification of signatures made by Alice .</t> | <t>This certificate is used for verification of signatures made by Alice .</t> | |||
| <sourcecode type="application/x-pem-file" name="alice.sign.crt"><![CDATA [ | <sourcecode type="x509" name="alice.sign.crt"><![CDATA[ | |||
| -----BEGIN CERTIFICATE----- | -----BEGIN CERTIFICATE----- | |||
| MIIDzzCCAregAwIBAgITN0EFee11f0Kpolw69Phqzpqp1zANBgkqhkiG9w0BAQ0F | MIIDzzCCAregAwIBAgITN0EFee11f0Kpolw69Phqzpqp1zANBgkqhkiG9w0BAQ0F | |||
| ADBVMQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQLEwhMQU1QUyBXRzExMC8GA1UEAxMo | ADBVMQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQLEwhMQU1QUyBXRzExMC8GA1UEAxMo | |||
| U2FtcGxlIExBTVBTIFJTQSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAgFw0xOTEx | U2FtcGxlIExBTVBTIFJTQSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAgFw0xOTEx | |||
| MjAwNjU0MThaGA8yMDUyMDkyNzA2NTQxOFowOzENMAsGA1UEChMESUVURjERMA8G | MjAwNjU0MThaGA8yMDUyMDkyNzA2NTQxOFowOzENMAsGA1UEChMESUVURjERMA8G | |||
| A1UECxMITEFNUFMgV0cxFzAVBgNVBAMTDkFsaWNlIExvdmVsYWNlMIIBIjANBgkq | A1UECxMITEFNUFMgV0cxFzAVBgNVBAMTDkFsaWNlIExvdmVsYWNlMIIBIjANBgkq | |||
| hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtPSJ6Fg4Fj5Nmn9PkrYo0jTkfCv4TfA/ | hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtPSJ6Fg4Fj5Nmn9PkrYo0jTkfCv4TfA/ | |||
| pdO/KLpZbJOAEr0sI7AjaO7B1GuMUFJeSTulamNfCwDcDkY63PQWl+DILs7GxVwX | pdO/KLpZbJOAEr0sI7AjaO7B1GuMUFJeSTulamNfCwDcDkY63PQWl+DILs7GxVwX | |||
| urhYdZlaV5hcUqVAckPvedDBc/3rz4D/esFfs+E7QMFtmd+K04s+A8TCNO12DRVB | urhYdZlaV5hcUqVAckPvedDBc/3rz4D/esFfs+E7QMFtmd+K04s+A8TCNO12DRVB | |||
| DpbP4JFD9hsc8prDtpGmFk7rd0q8gqnhxBW2RZAeLqzJOMayCQtws1q7ktkNBR2w | DpbP4JFD9hsc8prDtpGmFk7rd0q8gqnhxBW2RZAeLqzJOMayCQtws1q7ktkNBR2w | |||
| skipping to change at line 263 ¶ | skipping to change at line 348 ¶ | |||
| E1oAJKKhDbdbEcZXL2+x1V+duGymWtaD01DZZukKYr7agyHahiXRn/C9cy31wbqN | E1oAJKKhDbdbEcZXL2+x1V+duGymWtaD01DZZukKYr7agyHahiXRn/C9cy31wbqN | |||
| sy9x0fjPQg6+DqatiQpMz9EIae6aCHHBhOiPU7IPkazgPYgkLD59fk4PGHnYxs1F | sy9x0fjPQg6+DqatiQpMz9EIae6aCHHBhOiPU7IPkazgPYgkLD59fk4PGHnYxs1F | |||
| hdO6zZk9E8zwlc1ALgZa/iSbczisqckN3qGehD2s16jMhwFXLJtBiN+uCDgNG/D0 | hdO6zZk9E8zwlc1ALgZa/iSbczisqckN3qGehD2s16jMhwFXLJtBiN+uCDgNG/D0 | |||
| qyTbY4fgKieUHx/tHuzUszZxJg== | qyTbY4fgKieUHx/tHuzUszZxJg== | |||
| -----END CERTIFICATE----- | -----END CERTIFICATE----- | |||
| ]]></sourcecode> | ]]></sourcecode> | |||
| </section> | </section> | |||
| <section anchor="alice-sign-key" numbered="true" toc="default"> | <section anchor="alice-sign-key" numbered="true" toc="default"> | |||
| <name>Alice's Signing Private Key Material</name> | <name>Alice's Signing Private Key Material</name> | |||
| <t>This private key material is used by Alice to create signatures.</t> | <t>This private key material is used by Alice to create signatures.</t> | |||
| <sourcecode type="application/x-pem-file" name="alice.sign.key"><![CDATA [ | <sourcecode type="pkcs8" name="alice.sign.key"><![CDATA[ | |||
| -----BEGIN PRIVATE KEY----- | -----BEGIN PRIVATE KEY----- | |||
| MIIE+gIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQC09InoWDgWPk2a | MIIE+gIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQC09InoWDgWPk2a | |||
| f0+StijSNOR8K/hN8D+l078oullsk4ASvSwjsCNo7sHUa4xQUl5JO6VqY18LANwO | f0+StijSNOR8K/hN8D+l078oullsk4ASvSwjsCNo7sHUa4xQUl5JO6VqY18LANwO | |||
| Rjrc9BaX4MguzsbFXBe6uFh1mVpXmFxSpUByQ+950MFz/evPgP96wV+z4TtAwW2Z | Rjrc9BaX4MguzsbFXBe6uFh1mVpXmFxSpUByQ+950MFz/evPgP96wV+z4TtAwW2Z | |||
| 34rTiz4DxMI07XYNFUEOls/gkUP2GxzymsO2kaYWTut3SryCqeHEFbZFkB4urMk4 | 34rTiz4DxMI07XYNFUEOls/gkUP2GxzymsO2kaYWTut3SryCqeHEFbZFkB4urMk4 | |||
| xrIJC3CzWruS2Q0FHbBlfkgKN5wXVgkWFfiOucfCn+IQsaqpo1d3f9jSkbtAV5w3 | xrIJC3CzWruS2Q0FHbBlfkgKN5wXVgkWFfiOucfCn+IQsaqpo1d3f9jSkbtAV5w3 | |||
| vzfog8919MxKI9H6l4KuElnAtJ7BtZcsl7dUy9u9COgEykRiVokFQgqQ7XNDU+r3 | vzfog8919MxKI9H6l4KuElnAtJ7BtZcsl7dUy9u9COgEykRiVokFQgqQ7XNDU+r3 | |||
| SeOWwks7AgMBAAECggEAFKD2DG9A1u77q3u3p2WDH3zueTtiqgaT8u8XO+jhOI/+ | SeOWwks7AgMBAAECggEAFKD2DG9A1u77q3u3p2WDH3zueTtiqgaT8u8XO+jhOI/+ | |||
| HzoX9eo8DIJ/b/G3brwHyfh17JFvLH1zbgsn5bghJTz3r+JcZZ5l3srqMV8t8zjI | HzoX9eo8DIJ/b/G3brwHyfh17JFvLH1zbgsn5bghJTz3r+JcZZ5l3srqMV8t8zjI | |||
| JEHOKC3szH8gYVKWrIgBAqOt1H9Ti8J2oKk2aymqBFr3ZXpBUCTWpEz2s3FMBUUI | JEHOKC3szH8gYVKWrIgBAqOt1H9Ti8J2oKk2aymqBFr3ZXpBUCTWpEz2s3FMBUUI | |||
| skipping to change at line 294 ¶ | skipping to change at line 379 ¶ | |||
| WmFXlX/w5qzKXtWr3ox9JPFzveSfs1bqZBi1QQmfp0skhBo/jyNvpYUNAoGAMNkw | WmFXlX/w5qzKXtWr3ox9JPFzveSfs1bqZBi1QQmfp0skhBo/jyNvpYUNAoGAMNkw | |||
| GhcdQW87GY7QFXQ/ePwOmV49lgrCT/BwKPDKl8l5ZgvfL/ddEzWQgH/XraoyHT2T | GhcdQW87GY7QFXQ/ePwOmV49lgrCT/BwKPDKl8l5ZgvfL/ddEzWQgH/XraoyHT2T | |||
| uEuM18+QM73hfLt26RBCHGXK1CUMMzL+fAQc7sjH1YXlkleFASg4rrpcrKqoR+KB | uEuM18+QM73hfLt26RBCHGXK1CUMMzL+fAQc7sjH1YXlkleFASg4rrpcrKqoR+KB | |||
| YSiayNhAK4yrf+WN66C8VPknbA7us0L1TEbAOAECgYEAtwRiiQwk3BlqENFypyc8 | YSiayNhAK4yrf+WN66C8VPknbA7us0L1TEbAOAECgYEAtwRiiQwk3BlqENFypyc8 | |||
| 0Q1pxp3U7ciHi8mni0kNcTqe57Y/2o8nY9ISnt1GffMs79YQfRXTRdEm2St6oChI | 0Q1pxp3U7ciHi8mni0kNcTqe57Y/2o8nY9ISnt1GffMs79YQfRXTRdEm2St6oChI | |||
| 9Cv5j74LHZXkgEVFfO2Nq/uwSzTZkePk+HoPJo4WtAdokZgRAyyHl0gEae8Rl89e | 9Cv5j74LHZXkgEVFfO2Nq/uwSzTZkePk+HoPJo4WtAdokZgRAyyHl0gEae8Rl89e | |||
| yBX7dutONALjRZFTrg18CuegOzA5BgorBgEEAZIIEggBMSswKQYJYIZIAWUDBAIC | yBX7dutONALjRZFTrg18CuegOzA5BgorBgEEAZIIEggBMSswKQYJYIZIAWUDBAIC | |||
| BBySyJ1DMNPY4x1P3pudD+bp/BQhQd1lpF5bQ28F | BBySyJ1DMNPY4x1P3pudD+bp/BQhQd1lpF5bQ28F | |||
| -----END PRIVATE KEY----- | -----END PRIVATE KEY----- | |||
| ]]></sourcecode> | ]]></sourcecode> | |||
| <t>This secret key was generated using provable prime generation found i | <t>This secret key was generated using provable prime generation found | |||
| n <xref target="FIPS186-4" format="default"/> using the seed <tt>92c89d4330d3d8e | in <xref target="FIPS186-4" format="default"/> using the seed | |||
| 31d4fde9b9d0fe6e9fc142141dd65a45e5b436f05</tt>. | <tt>92c89d4330d3d8e31d4fde9b9d0fe6e9fc142141dd65a45e5b436f05</tt>. | |||
| This seed is the first 224 bits of the <xref target="SHA256" format="default"/> | This seed is the first 224 bits of the SHA-256 (<xref target="SHA" | |||
| digest of the string <tt>draft-lamps-sample-certs-keygen.alice.sign.seed</tt>.</ | format="default"/>) digest of the string | |||
| t> | <tt>draft-lamps-sample-certs-keygen.alice.sign.seed</tt>.</t> | |||
| </section> | </section> | |||
| <section anchor="alice-encrypt-cert" numbered="true" toc="default"> | <section anchor="alice-encrypt-cert" numbered="true" toc="default"> | |||
| <name>Alice's Encryption End-Entity Certificate</name> | <name>Alice's Encryption End-Entity Certificate</name> | |||
| <t>This certificate is used to encrypt messages to Alice.</t> | <t>This certificate is used to encrypt messages to Alice.</t> | |||
| <sourcecode type="application/x-pem-file" name="alice.encrypt.crt"><![CD ATA[ | <sourcecode type="x509" name="alice.encrypt.crt"><![CDATA[ | |||
| -----BEGIN CERTIFICATE----- | -----BEGIN CERTIFICATE----- | |||
| MIIDzzCCAregAwIBAgITDy0lvRE5l0rOQlSHoe49NAaKtDANBgkqhkiG9w0BAQ0F | MIIDzzCCAregAwIBAgITDy0lvRE5l0rOQlSHoe49NAaKtDANBgkqhkiG9w0BAQ0F | |||
| ADBVMQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQLEwhMQU1QUyBXRzExMC8GA1UEAxMo | ADBVMQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQLEwhMQU1QUyBXRzExMC8GA1UEAxMo | |||
| U2FtcGxlIExBTVBTIFJTQSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAgFw0xOTEx | U2FtcGxlIExBTVBTIFJTQSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAgFw0xOTEx | |||
| MjAwNjU0MThaGA8yMDUyMDkyNzA2NTQxOFowOzENMAsGA1UEChMESUVURjERMA8G | MjAwNjU0MThaGA8yMDUyMDkyNzA2NTQxOFowOzENMAsGA1UEChMESUVURjERMA8G | |||
| A1UECxMITEFNUFMgV0cxFzAVBgNVBAMTDkFsaWNlIExvdmVsYWNlMIIBIjANBgkq | A1UECxMITEFNUFMgV0cxFzAVBgNVBAMTDkFsaWNlIExvdmVsYWNlMIIBIjANBgkq | |||
| hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmpUp+ovBouOP6AFQJ+RpwpODxxzY60n1 | hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmpUp+ovBouOP6AFQJ+RpwpODxxzY60n1 | |||
| lJ53pTeNSiJlWkwtw/cxQq0t4uD2vWYB8gOUH/CVt2Zp1c+auzPKJ2Zu5mY6kHm+ | lJ53pTeNSiJlWkwtw/cxQq0t4uD2vWYB8gOUH/CVt2Zp1c+auzPKJ2Zu5mY6kHm+ | |||
| hVB+IthjLeI7Htg6rNeuXq50/TuTSxX5R1I1EXGt8p6hAQVeA5oZ2afHg4b97enV | hVB+IthjLeI7Htg6rNeuXq50/TuTSxX5R1I1EXGt8p6hAQVeA5oZ2afHg4b97enV | |||
| 8gozR0/Nkug4AkXmbk7THNc8vvjMUJanZ/VmS4TgDqXjWShplcI3lcvvBZMswt41 | 8gozR0/Nkug4AkXmbk7THNc8vvjMUJanZ/VmS4TgDqXjWShplcI3lcvvBZMswt41 | |||
| skipping to change at line 329 ¶ | skipping to change at line 418 ¶ | |||
| jqB8+dz2AwYeMxODWq9opwtA/lTOkRg8uuivZfg/m5fFo/QshlHNaaTDVEXsU4Ps | jqB8+dz2AwYeMxODWq9opwtA/lTOkRg8uuivZfg/m5fFo/QshlHNaaTDVEXsU4Ps | |||
| 98Hm/3gznbvhdjFbZbi4oZ3tAadRlE5K9JiQaJYOnUmGpfB8PPwDR6chMZeegSQA | 98Hm/3gznbvhdjFbZbi4oZ3tAadRlE5K9JiQaJYOnUmGpfB8PPwDR6chMZeegSQA | |||
| W++OIKqHrg/WEh4yiuPfqmAvX2hZkPpivNJYdTPUXTSO7K459CyqbqG+sNOo2kc1 | W++OIKqHrg/WEh4yiuPfqmAvX2hZkPpivNJYdTPUXTSO7K459CyqbqG+sNOo2kc1 | |||
| nTXl85RHNrVKQK+L0YWY1Q+hWA== | nTXl85RHNrVKQK+L0YWY1Q+hWA== | |||
| -----END CERTIFICATE----- | -----END CERTIFICATE----- | |||
| ]]></sourcecode> | ]]></sourcecode> | |||
| </section> | </section> | |||
| <section anchor="alice-decrypt-key" numbered="true" toc="default"> | <section anchor="alice-decrypt-key" numbered="true" toc="default"> | |||
| <name>Alice's Decryption Private Key Material</name> | <name>Alice's Decryption Private Key Material</name> | |||
| <t>This private key material is used by Alice to decrypt messages.</t> | <t>This private key material is used by Alice to decrypt messages.</t> | |||
| <sourcecode type="application/x-pem-file" name="alice.encrypt.key"><![CD ATA[ | <sourcecode type="pkcs8" name="alice.encrypt.key"><![CDATA[ | |||
| -----BEGIN PRIVATE KEY----- | -----BEGIN PRIVATE KEY----- | |||
| MIIE+gIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCalSn6i8Gi44/o | MIIE+gIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCalSn6i8Gi44/o | |||
| AVAn5GnCk4PHHNjrSfWUnnelN41KImVaTC3D9zFCrS3i4Pa9ZgHyA5Qf8JW3ZmnV | AVAn5GnCk4PHHNjrSfWUnnelN41KImVaTC3D9zFCrS3i4Pa9ZgHyA5Qf8JW3ZmnV | |||
| z5q7M8onZm7mZjqQeb6FUH4i2GMt4jse2Dqs165ernT9O5NLFflHUjURca3ynqEB | z5q7M8onZm7mZjqQeb6FUH4i2GMt4jse2Dqs165ernT9O5NLFflHUjURca3ynqEB | |||
| BV4DmhnZp8eDhv3t6dXyCjNHT82S6DgCReZuTtMc1zy++MxQlqdn9WZLhOAOpeNZ | BV4DmhnZp8eDhv3t6dXyCjNHT82S6DgCReZuTtMc1zy++MxQlqdn9WZLhOAOpeNZ | |||
| KGmVwjeVy+8FkyzC3jX/Qcm+ZLCqlLqhBwDHdZ5qDTII2PVX1X3K7/cONxhvBbaU | KGmVwjeVy+8FkyzC3jX/Qcm+ZLCqlLqhBwDHdZ5qDTII2PVX1X3K7/cONxhvBbaU | |||
| l/k1swdszUtjhflyFZ80RuQ3qFC6vL/PGeWy6SCf58duq/AOEksCAWlb+MD8QH9Y | l/k1swdszUtjhflyFZ80RuQ3qFC6vL/PGeWy6SCf58duq/AOEksCAWlb+MD8QH9Y | |||
| j7CFSmq1AgMBAAECggEADgxoWEDDRE5yEZ+s7TMw+WH2o+3XOOrryqnsLbOyv34I | j7CFSmq1AgMBAAECggEADgxoWEDDRE5yEZ+s7TMw+WH2o+3XOOrryqnsLbOyv34I | |||
| wAAUWK7qZyjd9rSDOAtBOgFhQNXYhWZlT+0iHslCIfqJMZ8wy1iFHBCIphoMSWs5 | wAAUWK7qZyjd9rSDOAtBOgFhQNXYhWZlT+0iHslCIfqJMZ8wy1iFHBCIphoMSWs5 | |||
| /D+idXrUef5Y23rClBxXH0g1UnSGXnpUH4ehV6p1lvZMh4OJKEoMC4cpyd1SzXrw | /D+idXrUef5Y23rClBxXH0g1UnSGXnpUH4ehV6p1lvZMh4OJKEoMC4cpyd1SzXrw | |||
| skipping to change at line 361 ¶ | skipping to change at line 450 ¶ | |||
| ORCxvXTyGiW2USVu3EkaqFDtnMmH27G6LNxuudc/dco2cFWbZ0bbGFN8yYiBCwJl | ORCxvXTyGiW2USVu3EkaqFDtnMmH27G6LNxuudc/dco2cFWbZ0bbGFN8yYiBCwJl | |||
| fDGDv7wb5FIgykypqtn4lpvjHUHA6hX90gShT3TTTsZ0SjJJGgZEeV/2qyq+ZdF/ | fDGDv7wb5FIgykypqtn4lpvjHUHA6hX90gShT3TTTsZ0SjJJGgZEeV/2qyq+ZdF/ | |||
| Ya+ecV26BzR1Vfuzs4jBnCuS4DaHgxcuWW2N6pZRAoGAWTovk3xdtE0TZvDerxUY | Ya+ecV26BzR1Vfuzs4jBnCuS4DaHgxcuWW2N6pZRAoGAWTovk3xdtE0TZvDerxUY | |||
| l8hX+vwJGy7uZjegi4cFecSkOR4iekVxrEvEGhpNdEB2GqdLgp6Q6GPdalCG2wc4 | l8hX+vwJGy7uZjegi4cFecSkOR4iekVxrEvEGhpNdEB2GqdLgp6Q6GPdalCG2wc4 | |||
| 7pojp/0inc4RtRRf3nZHaTy00bnSe/0y+t0OUbkRMtXhnViVhCcOt6BUcsHupbu2 | 7pojp/0inc4RtRRf3nZHaTy00bnSe/0y+t0OUbkRMtXhnViVhCcOt6BUcsHupbu2 | |||
| Adub72KLk+gvASDduuatGjqgOzA5BgorBgEEAZIIEggBMSswKQYJYIZIAWUDBAIC | Adub72KLk+gvASDduuatGjqgOzA5BgorBgEEAZIIEggBMSswKQYJYIZIAWUDBAIC | |||
| BBwc90hJ90RfRmxCciUfX5a3f6Bpiz6Ys/Hugge/ | BBwc90hJ90RfRmxCciUfX5a3f6Bpiz6Ys/Hugge/ | |||
| -----END PRIVATE KEY----- | -----END PRIVATE KEY----- | |||
| ]]></sourcecode> | ]]></sourcecode> | |||
| <t>This secret key was generated using provable prime generation found i n <xref target="FIPS186-4" format="default"/> using the seed <tt>1cf74849f7445f4 66c4272251f5f96b77fa0698b3e98b3f1ee8207bf</tt>. | <t>This secret key was generated using provable prime generation found i n <xref target="FIPS186-4" format="default"/> using the seed <tt>1cf74849f7445f4 66c4272251f5f96b77fa0698b3e98b3f1ee8207bf</tt>. | |||
| This seed is the first 224 bits of the <xref target="SHA256" format="default"/> digest of the string <tt>draft-lamps-sample-certs-keygen.alice.encrypt.seed</tt> .</t> | This seed is the first 224 bits of the SHA-256 (<xref target="SHA" format="defau lt"/>) digest of the string <tt>draft-lamps-sample-certs-keygen.alice.encrypt.se ed</tt>.</t> | |||
| </section> | </section> | |||
| <section anchor="pkcs12-object-for-alice" numbered="true" toc="default"> | <section anchor="pkcs12-object-for-alice" numbered="true" toc="default"> | |||
| <name>PKCS12 Object for Alice</name> | <name>PKCS #12 Object for Alice</name> | |||
| <t>This PKCS12 (<xref target="RFC7292" format="default"/>) object contai | <t>This PKCS #12 (<xref target="RFC7292" format="default"/>) object | |||
| ns the same information as presented in <xref target="alice-verify-cert" format= | contains the same information as presented in Sections <xref | |||
| "default"/>, <xref target="alice-sign-key" format="default"/>, <xref target="ali | target="rsa-ca-cross-cert" format="counter"/>, <xref | |||
| ce-encrypt-cert" format="default"/>, <xref target="alice-decrypt-key" format="de | target="alice-verify-cert" format="counter"/>, <xref | |||
| fault"/>, and <xref target="rsa-ca-cross-cert" format="default"/>.</t> | target="alice-sign-key" format="counter"/>, <xref | |||
| target="alice-encrypt-cert" format="counter"/>, and <xref | ||||
| target="alice-decrypt-key" format="counter"/>. | ||||
| </t> | ||||
| <t>It is locked with the simple five-letter password <tt>alice</tt>.</t> | <t>It is locked with the simple five-letter password <tt>alice</tt>.</t> | |||
| <sourcecode type="application/x-pem-file" name="alice.p12"><![CDATA[ | <sourcecode type="pkcs12" name="alice.p12"><![CDATA[ | |||
| -----BEGIN PKCS12----- | -----BEGIN PKCS12----- | |||
| MIIX+AIBAzCCF8AGCSqGSIb3DQEHAaCCF7EEghetMIIXqTCCBI8GCSqGSIb3DQEH | MIIX+AIBAzCCF8AGCSqGSIb3DQEHAaCCF7EEghetMIIXqTCCBI8GCSqGSIb3DQEH | |||
| BqCCBIAwggR8AgEAMIIEdQYJKoZIhvcNAQcBMBwGCiqGSIb3DQEMAQMwDgQIWQKs | BqCCBIAwggR8AgEAMIIEdQYJKoZIhvcNAQcBMBwGCiqGSIb3DQEMAQMwDgQIWQKs | |||
| PyUaB9YCAhTCgIIESCsrTOUTY394FyrjkeCBSV1dw7I3o9oZN7N6Ux2KyIamsWiJ | PyUaB9YCAhTCgIIESCsrTOUTY394FyrjkeCBSV1dw7I3o9oZN7N6Ux2KyIamsWiJ | |||
| 77t7RL1/VSxSBLjVV8Sn5+/o3mFjr5NkyQbWuky33ySVy3HZUdZc2RTooyFEdRi8 | 77t7RL1/VSxSBLjVV8Sn5+/o3mFjr5NkyQbWuky33ySVy3HZUdZc2RTooyFEdRi8 | |||
| x82dzEaVmab7pW4zpoG/IVR6OTizcWJOooGoE0ORim6y2G+iRZ3ePBUq0+8eSNYW | x82dzEaVmab7pW4zpoG/IVR6OTizcWJOooGoE0ORim6y2G+iRZ3ePBUq0+8eSNYW | |||
| +jIWov9abdFqj9j1bQKj/Hrdje2TCdl6a9sSlTFYvIxBWUdPlZDwvCQqwiCWmXeI | +jIWov9abdFqj9j1bQKj/Hrdje2TCdl6a9sSlTFYvIxBWUdPlZDwvCQqwiCWmXeI | |||
| 6T9EpZldksDjr5N+zFhSLoRwABGRU8jXSU9AEsem9DFxoqZq8VsQcegQFY6aJcZO | 6T9EpZldksDjr5N+zFhSLoRwABGRU8jXSU9AEsem9DFxoqZq8VsQcegQFY6aJcZO | |||
| Xel7IECIAgK8nZlKCTzyNVALxeFw0ijWnW4ltDaqcC6GepmuINiqqdD94YAOHxRl | Xel7IECIAgK8nZlKCTzyNVALxeFw0ijWnW4ltDaqcC6GepmuINiqqdD94YAOHxRl | |||
| 1lKU4mLknSJ36W4T7vaI4fp98sK0nGpaDzQheu6BbQ+dVd44q52MDwvqvD0Y7UjF | 1lKU4mLknSJ36W4T7vaI4fp98sK0nGpaDzQheu6BbQ+dVd44q52MDwvqvD0Y7UjF | |||
| skipping to change at line 504 ¶ | skipping to change at line 601 ¶ | |||
| Q8MhWk8VRR1FqcuwB0T0bc+SIKEINkvYmDFAMBkGCSqGSIb3DQEJFDEMHgoAYQBs | Q8MhWk8VRR1FqcuwB0T0bc+SIKEINkvYmDFAMBkGCSqGSIb3DQEJFDEMHgoAYQBs | |||
| AGkAYwBlMCMGCSqGSIb3DQEJFTEWBBS79syyLR0GEhyXrilqkBDTIGZmczAvMB8w | AGkAYwBlMCMGCSqGSIb3DQEJFTEWBBS79syyLR0GEhyXrilqkBDTIGZmczAvMB8w | |||
| BwYFKw4DAhoEFO/nnMx9hi1oZ0S+JkJAu+H3/jPzBAj1OQCGvaJQwQICKAA= | BwYFKw4DAhoEFO/nnMx9hi1oZ0S+JkJAu+H3/jPzBAj1OQCGvaJQwQICKAA= | |||
| -----END PKCS12----- | -----END PKCS12----- | |||
| ]]></sourcecode> | ]]></sourcecode> | |||
| </section> | </section> | |||
| </section> | </section> | |||
| <section anchor="bobs-sample" numbered="true" toc="default"> | <section anchor="bobs-sample" numbered="true" toc="default"> | |||
| <name>Bob's Sample</name> | <name>Bob's Sample</name> | |||
| <t>Bob has the following information:</t> | <t>Bob has the following information:</t> | |||
| <ul spacing="normal"> | ||||
| <li>Name: <tt>Bob Babbage</tt></li> | <dl> | |||
| <li>E-mail Address: <tt>bob@smime.example</tt></li> | <dt>Name: | |||
| </ul> | </dt> | |||
| <dd><tt>Bob Babbage</tt> | ||||
| </dd> | ||||
| <dt>Email Address: | ||||
| </dt> | ||||
| <dd><tt>bob@smime.example</tt> | ||||
| </dd> | ||||
| </dl> | ||||
| <section anchor="bob-verify-cert" numbered="true" toc="default"> | <section anchor="bob-verify-cert" numbered="true" toc="default"> | |||
| <name>Bob's Signature Verification End-Entity Certificate</name> | <name>Bob's Signature Verification End-Entity Certificate</name> | |||
| <t>This certificate is used for verification of signatures made by Bob.< /t> | <t>This certificate is used for verification of signatures made by Bob.< /t> | |||
| <sourcecode type="application/x-pem-file" name="bob.sign.crt"><![CDATA[ | <sourcecode type="x509" name="bob.sign.crt"><![CDATA[ | |||
| -----BEGIN CERTIFICATE----- | -----BEGIN CERTIFICATE----- | |||
| MIIDyjCCArKgAwIBAgITaqOkD33fBy/kGaVsmPv8LghbwzANBgkqhkiG9w0BAQ0F | MIIDyjCCArKgAwIBAgITaqOkD33fBy/kGaVsmPv8LghbwzANBgkqhkiG9w0BAQ0F | |||
| ADBVMQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQLEwhMQU1QUyBXRzExMC8GA1UEAxMo | ADBVMQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQLEwhMQU1QUyBXRzExMC8GA1UEAxMo | |||
| U2FtcGxlIExBTVBTIFJTQSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAgFw0xOTEx | U2FtcGxlIExBTVBTIFJTQSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAgFw0xOTEx | |||
| MjAwNjU0MThaGA8yMDUyMDkyNzA2NTQxOFowODENMAsGA1UEChMESUVURjERMA8G | MjAwNjU0MThaGA8yMDUyMDkyNzA2NTQxOFowODENMAsGA1UEChMESUVURjERMA8G | |||
| A1UECxMITEFNUFMgV0cxFDASBgNVBAMTC0JvYiBCYWJiYWdlMIIBIjANBgkqhkiG | A1UECxMITEFNUFMgV0cxFDASBgNVBAMTC0JvYiBCYWJiYWdlMIIBIjANBgkqhkiG | |||
| 9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5nAF0glRof9NjBKke6g+7RLrOgRfwQjcH+2z | 9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5nAF0glRof9NjBKke6g+7RLrOgRfwQjcH+2z | |||
| m0Af67FJRNrEwTuOutlWamUA3p9+wb7XqizVHOQhVesjwgp8PJpo8Adm8ar84d2t | m0Af67FJRNrEwTuOutlWamUA3p9+wb7XqizVHOQhVesjwgp8PJpo8Adm8ar84d2t | |||
| tey1OVdxaCJuNe7SJjfrwShB6NvAm7S8CDG3+EapkO9fzn2pWwaREQ6twWtHi1QT | tey1OVdxaCJuNe7SJjfrwShB6NvAm7S8CDG3+EapkO9fzn2pWwaREQ6twWtHi1QT | |||
| 51PduRtiQ1oqsuJk8LBDgUMZlKUsaXfF8GKzJlGuaLRl5/3Kfr9+b6VkCDuxTZYL | 51PduRtiQ1oqsuJk8LBDgUMZlKUsaXfF8GKzJlGuaLRl5/3Kfr9+b6VkCDuxTZYL | |||
| skipping to change at line 540 ¶ | skipping to change at line 646 ¶ | |||
| 6gKcHED5p+bUhDyIH2fy9hGyeOUs8nvi+7/HwBipN+nA/PfsPn+aU4l1K6qDoG/i | 6gKcHED5p+bUhDyIH2fy9hGyeOUs8nvi+7/HwBipN+nA/PfsPn+aU4l1K6qDoG/i | |||
| kwyuiWcFFlc5yE5rkAe2J0/a4+HtzNmTK4jB/4GbyI6xlUszPlEqKE+Es10Xut/y | kwyuiWcFFlc5yE5rkAe2J0/a4+HtzNmTK4jB/4GbyI6xlUszPlEqKE+Es10Xut/y | |||
| UWL5nKKaqpRRd07Pq371MpFQs2+zXt4fGheKzZU3XXrIPcAPyJjWiyU1DzpqgSJM | UWL5nKKaqpRRd07Pq371MpFQs2+zXt4fGheKzZU3XXrIPcAPyJjWiyU1DzpqgSJM | |||
| OIp/HtXdFscHb9+Qic8= | OIp/HtXdFscHb9+Qic8= | |||
| -----END CERTIFICATE----- | -----END CERTIFICATE----- | |||
| ]]></sourcecode> | ]]></sourcecode> | |||
| </section> | </section> | |||
| <section anchor="bob-sign-key" numbered="true" toc="default"> | <section anchor="bob-sign-key" numbered="true" toc="default"> | |||
| <name>Bob's Signing Private Key Material</name> | <name>Bob's Signing Private Key Material</name> | |||
| <t>This private key material is used by Bob to create signatures.</t> | <t>This private key material is used by Bob to create signatures.</t> | |||
| <sourcecode type="application/x-pem-file" name="bob.sign.key"><![CDATA[ | <sourcecode type="pkcs8" name="bob.sign.key"><![CDATA[ | |||
| -----BEGIN PRIVATE KEY----- | -----BEGIN PRIVATE KEY----- | |||
| MIIE+wIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDmcAXSCVGh/02M | MIIE+wIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDmcAXSCVGh/02M | |||
| EqR7qD7tEus6BF/BCNwf7bObQB/rsUlE2sTBO4662VZqZQDen37BvteqLNUc5CFV | EqR7qD7tEus6BF/BCNwf7bObQB/rsUlE2sTBO4662VZqZQDen37BvteqLNUc5CFV | |||
| 6yPCCnw8mmjwB2bxqvzh3a217LU5V3FoIm417tImN+vBKEHo28CbtLwIMbf4RqmQ | 6yPCCnw8mmjwB2bxqvzh3a217LU5V3FoIm417tImN+vBKEHo28CbtLwIMbf4RqmQ | |||
| 71/OfalbBpERDq3Ba0eLVBPnU925G2JDWiqy4mTwsEOBQxmUpSxpd8XwYrMmUa5o | 71/OfalbBpERDq3Ba0eLVBPnU925G2JDWiqy4mTwsEOBQxmUpSxpd8XwYrMmUa5o | |||
| tGXn/cp+v35vpWQIO7FNlgtnG3r5rf9CRoLcj2bbKA+5u0cUkHk/n6zxuhE5IqbU | tGXn/cp+v35vpWQIO7FNlgtnG3r5rf9CRoLcj2bbKA+5u0cUkHk/n6zxuhE5IqbU | |||
| 4HWCwujDx4X1Ls61wYZ6ihkmIlRAJHXg1pTlsjJ8oRlXZhK1fB3O2gQknZ9FREgr | 4HWCwujDx4X1Ls61wYZ6ihkmIlRAJHXg1pTlsjJ8oRlXZhK1fB3O2gQknZ9FREgr | |||
| 7xifCUHdAgMBAAECggEABcQg1fTtieZ+O/aNdU149NK0qx97GLTBjIguQEDDBVFK | 7xifCUHdAgMBAAECggEABcQg1fTtieZ+O/aNdU149NK0qx97GLTBjIguQEDDBVFK | |||
| 2lu4PhBg9AdgAUqLH1PE+eq65JaGZwvFH8X1Ms2AKiRzYsPOQIoJ4n1hc69uiEN9 | 2lu4PhBg9AdgAUqLH1PE+eq65JaGZwvFH8X1Ms2AKiRzYsPOQIoJ4n1hc69uiEN9 | |||
| Ykcv4QHOvvqtCtWYjJyb5By9WPeLH6QynJ6FlBoSqxhURSWyYfTuwqt1OHEhsUuH | Ykcv4QHOvvqtCtWYjJyb5By9WPeLH6QynJ6FlBoSqxhURSWyYfTuwqt1OHEhsUuH | |||
| skipping to change at line 571 ¶ | skipping to change at line 677 ¶ | |||
| 97HVWOig/tX6mOWg1yBsm+q9TKTrrvm1pRGlmE6BQgSYYy4r5O4u3VlnYwKBgQCl | 97HVWOig/tX6mOWg1yBsm+q9TKTrrvm1pRGlmE6BQgSYYy4r5O4u3VlnYwKBgQCl | |||
| B4FvWyDhTVQHwaAfHUg3av/k+T++KSg6gVKJF1Nw1x8ZW5kvnbJC3pAlgTnyZFyK | B4FvWyDhTVQHwaAfHUg3av/k+T++KSg6gVKJF1Nw1x8ZW5kvnbJC3pAlgTnyZFyK | |||
| s5n5iwI1VZEtDbKTt1kqKCp8tqAV9p9AYWQKrgzxUJsOuUWcZc+X3aWEf87IIpNE | s5n5iwI1VZEtDbKTt1kqKCp8tqAV9p9AYWQKrgzxUJsOuUWcZc+X3aWEf87IIpNE | |||
| iQKfXiZaquZ23T2tKvsoZz8nqg9x7U8hG3uYLV26HQKBgCOJ/C21yW25NwZ5FUdh | iQKfXiZaquZ23T2tKvsoZz8nqg9x7U8hG3uYLV26HQKBgCOJ/C21yW25NwZ5FUdh | |||
| PsQmVH7+YydJaLzHS/c7PrOgQFRMdejvAku/eYJbKbUv7qsJFIG4i/IG0CfVmu/B | PsQmVH7+YydJaLzHS/c7PrOgQFRMdejvAku/eYJbKbUv7qsJFIG4i/IG0CfVmu/B | |||
| ax5fbfYZtoB/0zxWaLkIEStVWaKrSKRdTrNzTAOreeJKsY4RNp6rvmpgojbmIGA1 | ax5fbfYZtoB/0zxWaLkIEStVWaKrSKRdTrNzTAOreeJKsY4RNp6rvmpgojbmIGA1 | |||
| Tg8Mup0xQ8F4d28rtUeynHxzoDswOQYKKwYBBAGSCBIIATErMCkGCWCGSAFlAwQC | Tg8Mup0xQ8F4d28rtUeynHxzoDswOQYKKwYBBAGSCBIIATErMCkGCWCGSAFlAwQC | |||
| AgQc9K+qy7VHPzYOBqwy4AGI/kFzrhXJm88EOouPbg== | AgQc9K+qy7VHPzYOBqwy4AGI/kFzrhXJm88EOouPbg== | |||
| -----END PRIVATE KEY----- | -----END PRIVATE KEY----- | |||
| ]]></sourcecode> | ]]></sourcecode> | |||
| <t>This secret key was generated using provable prime generation found i | <t>This secret key was generated using provable prime generation found | |||
| n <xref target="FIPS186-4" format="default"/> using the seed <tt>f4afaacbb5473f3 | in <xref target="FIPS186-4" format="default"/> using the seed | |||
| 60e06ac32e00188fe4173ae15c99bcf043a8b8f6e</tt>. | <tt>f4afaacbb5473f360e06ac32e00188fe4173ae15c99bcf043a8b8f6e</tt>. | |||
| This seed is the first 224 bits of the <xref target="SHA256" format="default"/> | This seed is the first 224 bits of the SHA-256 (<xref target="SHA" | |||
| digest of the string <tt>draft-lamps-sample-certs-keygen.bob.sign.seed</tt>.</t> | format="default"/>) digest of the string | |||
| <tt>draft-lamps-sample-certs-keygen.bob.sign.seed</tt>.</t> | ||||
| </section> | </section> | |||
| <section anchor="bob-encrypt-cert" numbered="true" toc="default"> | <section anchor="bob-encrypt-cert" numbered="true" toc="default"> | |||
| <name>Bob's Encryption End-Entity Certificate</name> | <name>Bob's Encryption End-Entity Certificate</name> | |||
| <t>This certificate is used to encrypt messages to Bob.</t> | <t>This certificate is used to encrypt messages to Bob.</t> | |||
| <sourcecode type="application/x-pem-file" name="bob.encrypt.crt"><![CDAT A[ | <sourcecode type="x509" name="bob.encrypt.crt"><![CDATA[ | |||
| -----BEGIN CERTIFICATE----- | -----BEGIN CERTIFICATE----- | |||
| MIIDyjCCArKgAwIBAgITMHxHQA+GJjocYtLrgy+WwNeGlDANBgkqhkiG9w0BAQ0F | MIIDyjCCArKgAwIBAgITMHxHQA+GJjocYtLrgy+WwNeGlDANBgkqhkiG9w0BAQ0F | |||
| ADBVMQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQLEwhMQU1QUyBXRzExMC8GA1UEAxMo | ADBVMQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQLEwhMQU1QUyBXRzExMC8GA1UEAxMo | |||
| U2FtcGxlIExBTVBTIFJTQSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAgFw0xOTEx | U2FtcGxlIExBTVBTIFJTQSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAgFw0xOTEx | |||
| MjAwNjU0MThaGA8yMDUyMDkyNzA2NTQxOFowODENMAsGA1UEChMESUVURjERMA8G | MjAwNjU0MThaGA8yMDUyMDkyNzA2NTQxOFowODENMAsGA1UEChMESUVURjERMA8G | |||
| A1UECxMITEFNUFMgV0cxFDASBgNVBAMTC0JvYiBCYWJiYWdlMIIBIjANBgkqhkiG | A1UECxMITEFNUFMgV0cxFDASBgNVBAMTC0JvYiBCYWJiYWdlMIIBIjANBgkqhkiG | |||
| 9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqtHAlBNMiBIk8iJqwHk/yDoFWwj8P9Z1uYdq | 9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqtHAlBNMiBIk8iJqwHk/yDoFWwj8P9Z1uYdq | |||
| 1aqIuofvjoAyjdA8TbsBRGdmvaIOSQOepsNjW1ko7lE8HlDs9JHn1E+tzH3mKfn+ | 1aqIuofvjoAyjdA8TbsBRGdmvaIOSQOepsNjW1ko7lE8HlDs9JHn1E+tzH3mKfn+ | |||
| G2erY+alkMJTXPvMAUdCA8+e1OJ7k91gYXDpzIWrP3Kc0xTlsJ8tGJ6mhydJX3wP | G2erY+alkMJTXPvMAUdCA8+e1OJ7k91gYXDpzIWrP3Kc0xTlsJ8tGJ6mhydJX3wP | |||
| 0/HuyHpfKQQfDusPH8S5yidPciWuB7Wj0X4xY1pUAz2rSSAlnGvhEzKFbW43BPjY | 0/HuyHpfKQQfDusPH8S5yidPciWuB7Wj0X4xY1pUAz2rSSAlnGvhEzKFbW43BPjY | |||
| skipping to change at line 606 ¶ | skipping to change at line 716 ¶ | |||
| Ixvvt7gzvSTpe+NUT1i09xNgsC8v19WB/BwkqMAgDqMxqCxT4fyrvVwpxNBke75j | Ixvvt7gzvSTpe+NUT1i09xNgsC8v19WB/BwkqMAgDqMxqCxT4fyrvVwpxNBke75j | |||
| E6Q3xCjfdOWYcfMLK7EsTSgimYuonZjN7v/yqTdjn/iVH+agL/2MlSfiU36w/Yf1 | E6Q3xCjfdOWYcfMLK7EsTSgimYuonZjN7v/yqTdjn/iVH+agL/2MlSfiU36w/Yf1 | |||
| 7EM09uKGH/Javh+2Vjd0j8rE/q2Iaac5VI91M6xz5oDZUknycBKKinR+nJWMt5AK | 7EM09uKGH/Javh+2Vjd0j8rE/q2Iaac5VI91M6xz5oDZUknycBKKinR+nJWMt5AK | |||
| UAaL2Mjl3YtrUGBpxxY= | UAaL2Mjl3YtrUGBpxxY= | |||
| -----END CERTIFICATE----- | -----END CERTIFICATE----- | |||
| ]]></sourcecode> | ]]></sourcecode> | |||
| </section> | </section> | |||
| <section anchor="bob-decrypt-key" numbered="true" toc="default"> | <section anchor="bob-decrypt-key" numbered="true" toc="default"> | |||
| <name>Bob's Decryption Private Key Material</name> | <name>Bob's Decryption Private Key Material</name> | |||
| <t>This private key material is used by Bob to decrypt messages.</t> | <t>This private key material is used by Bob to decrypt messages.</t> | |||
| <sourcecode type="application/x-pem-file" name="bob.encrypt.key"><![CDAT A[ | <sourcecode type="pkcs8" name="bob.encrypt.key"><![CDATA[ | |||
| -----BEGIN PRIVATE KEY----- | -----BEGIN PRIVATE KEY----- | |||
| MIIE/AIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQCq0cCUE0yIEiTy | MIIE/AIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQCq0cCUE0yIEiTy | |||
| ImrAeT/IOgVbCPw/1nW5h2rVqoi6h++OgDKN0DxNuwFEZ2a9og5JA56mw2NbWSju | ImrAeT/IOgVbCPw/1nW5h2rVqoi6h++OgDKN0DxNuwFEZ2a9og5JA56mw2NbWSju | |||
| UTweUOz0kefUT63MfeYp+f4bZ6tj5qWQwlNc+8wBR0IDz57U4nuT3WBhcOnMhas/ | UTweUOz0kefUT63MfeYp+f4bZ6tj5qWQwlNc+8wBR0IDz57U4nuT3WBhcOnMhas/ | |||
| cpzTFOWwny0YnqaHJ0lffA/T8e7Iel8pBB8O6w8fxLnKJ09yJa4HtaPRfjFjWlQD | cpzTFOWwny0YnqaHJ0lffA/T8e7Iel8pBB8O6w8fxLnKJ09yJa4HtaPRfjFjWlQD | |||
| PatJICWca+ETMoVtbjcE+Nhc9SdFYy1cXJrV2OroRv0z+SVuF1mF4MsuyMtRJdhT | PatJICWca+ETMoVtbjcE+Nhc9SdFYy1cXJrV2OroRv0z+SVuF1mF4MsuyMtRJdhT | |||
| vSv1VcYz+pyN382FZimEJ4FyqzBozmZcth2bSYWaqh5wXraZQTQOI12HApO2d593 | vSv1VcYz+pyN382FZimEJ4FyqzBozmZcth2bSYWaqh5wXraZQTQOI12HApO2d593 | |||
| RyWX4PcVAgMBAAECggEAEvPt6aAQjEJzHfiKnqt1U7p4UKb5Ef4yFrE7PdTLkeK2 | RyWX4PcVAgMBAAECggEAEvPt6aAQjEJzHfiKnqt1U7p4UKb5Ef4yFrE7PdTLkeK2 | |||
| RjncIhb6MeevVs8gO6co7Zn8tuUT95U3cOXLhVOWTvaHYeurTXaknICz3IeOoSl8 | RjncIhb6MeevVs8gO6co7Zn8tuUT95U3cOXLhVOWTvaHYeurTXaknICz3IeOoSl8 | |||
| skiVZko70uJ8pR6asWUlr/zOjlEwZ7RnEUWet97oM0YeA07LDFDkF7eUq//6bfzT | skiVZko70uJ8pR6asWUlr/zOjlEwZ7RnEUWet97oM0YeA07LDFDkF7eUq//6bfzT | |||
| skipping to change at line 637 ¶ | skipping to change at line 747 ¶ | |||
| wKOQvjycMhs3FpXn0arjCczS2wGSgPGEpUR4JJhcpfaF6kphZsWDWzVlAQKBgQC2 | wKOQvjycMhs3FpXn0arjCczS2wGSgPGEpUR4JJhcpfaF6kphZsWDWzVlAQKBgQC2 | |||
| ivbKltNhj4w2q1m7EGC3F5bzl5jOI1QTKQXYbspM8zwz6KuFR3+l+Wvlt30ncJ9u | ivbKltNhj4w2q1m7EGC3F5bzl5jOI1QTKQXYbspM8zwz6KuFR3+l+Wvlt30ncJ9u | |||
| dOXFU7gCdBeMotTBA7uBVUxZOtKQyl9bTorNU1wNn1zNnJbETDLi1WH9zCdkrTIC | dOXFU7gCdBeMotTBA7uBVUxZOtKQyl9bTorNU1wNn1zNnJbETDLi1WH9zCdkrTIC | |||
| PtFK67WQ6yMFdWzC1gEy5YjzRjbTe/rukbP5weH1uQKBgQC+WfachEmQ3NcxSjbR | PtFK67WQ6yMFdWzC1gEy5YjzRjbTe/rukbP5weH1uQKBgQC+WfachEmQ3NcxSjbR | |||
| kUxCcida8REewWh4AldU8U0gFcFxF6YwQI8I7ujtnCK2RKTECG9HCyaDXgMwfArV | kUxCcida8REewWh4AldU8U0gFcFxF6YwQI8I7ujtnCK2RKTECG9HCyaDXgMwfArV | |||
| zf17a9xDJL2LQKrJ9ATeSo34o9zIkpbJL0NCHHocOqYdHU+VO2ZE4Gu8DKk3siVH | zf17a9xDJL2LQKrJ9ATeSo34o9zIkpbJL0NCHHocOqYdHU+VO2ZE4Gu8DKk3siVH | |||
| XAaJ/RJSEqAIMOgwfGuHOhhto6A7MDkGCisGAQQBkggSCAExKzApBglghkgBZQME | XAaJ/RJSEqAIMOgwfGuHOhhto6A7MDkGCisGAQQBkggSCAExKzApBglghkgBZQME | |||
| AgIEHJjImYZSlYkp6InjQZ87/Q7f4KyhXaMGDe34oeg= | AgIEHJjImYZSlYkp6InjQZ87/Q7f4KyhXaMGDe34oeg= | |||
| -----END PRIVATE KEY----- | -----END PRIVATE KEY----- | |||
| ]]></sourcecode> | ]]></sourcecode> | |||
| <t>This secret key was generated using provable prime generation found i | <t>This secret key was generated using provable prime generation found | |||
| n <xref target="FIPS186-4" format="default"/> using the seed <tt>98c899865295892 | in <xref target="FIPS186-4" format="default"/> using the seed | |||
| 9e889e3419f3bfd0edfe0aca15da3060dedf8a1e8</tt>. | <tt>98c8998652958929e889e3419f3bfd0edfe0aca15da3060dedf8a1e8</tt>. | |||
| This seed is the first 224 bits of the <xref target="SHA256" format="default"/> | This seed is the first 224 bits of the SHA-256 (<xref target="SHA" | |||
| digest of the string <tt>draft-lamps-sample-certs-keygen.bob.encrypt.seed</tt>.< | format="default"/>) digest of the string | |||
| /t> | <tt>draft-lamps-sample-certs-keygen.bob.encrypt.seed</tt>.</t> | |||
| </section> | </section> | |||
| <section anchor="pkcs12-object-for-bob" numbered="true" toc="default"> | <section anchor="pkcs12-object-for-bob" numbered="true" toc="default"> | |||
| <name>PKCS12 Object for Bob</name> | <name>PKCS #12 Object for Bob</name> | |||
| <t>This PKCS12 (<xref target="RFC7292" format="default"/>) object contai | <t>This PKCS #12 (<xref target="RFC7292" format="default"/>) object cont | |||
| ns the same information as presented in <xref target="bob-verify-cert" format="d | ains the same information as presented in Sections <xref target="rsa-ca-cross-ce | |||
| efault"/>, <xref target="bob-sign-key" format="default"/>, <xref target="bob-enc | rt" format="counter"/>, <xref target="bob-verify-cert" format="counter"/>, <xref | |||
| rypt-cert" format="default"/>, <xref target="bob-decrypt-key" format="default"/> | target="bob-sign-key" format="counter"/>, <xref target="bob-encrypt-cert" forma | |||
| , and <xref target="rsa-ca-cross-cert" format="default"/>.</t> | t="counter"/>, and <xref target="bob-decrypt-key" format="counter"/>. | |||
| </t> | ||||
| <t>It is locked with the simple three-letter password <tt>bob</tt>.</t> | <t>It is locked with the simple three-letter password <tt>bob</tt>.</t> | |||
| <sourcecode type="application/x-pem-file" name="bob.p12"><![CDATA[ | <sourcecode type="pkcs12" name="bob.p12"><![CDATA[ | |||
| -----BEGIN PKCS12----- | -----BEGIN PKCS12----- | |||
| MIIX6AIBAzCCF7AGCSqGSIb3DQEHAaCCF6EEghedMIIXmTCCBIcGCSqGSIb3DQEH | MIIX6AIBAzCCF7AGCSqGSIb3DQEHAaCCF6EEghedMIIXmTCCBIcGCSqGSIb3DQEH | |||
| BqCCBHgwggR0AgEAMIIEbQYJKoZIhvcNAQcBMBwGCiqGSIb3DQEMAQMwDgQIe/d6 | BqCCBHgwggR0AgEAMIIEbQYJKoZIhvcNAQcBMBwGCiqGSIb3DQEMAQMwDgQIe/d6 | |||
| qDQ/28QCAhQGgIIEQJKA5kzRVm9d6rEwC/0RyBSgpPuSROUQTjspt6EhBZlgHc3u | qDQ/28QCAhQGgIIEQJKA5kzRVm9d6rEwC/0RyBSgpPuSROUQTjspt6EhBZlgHc3u | |||
| FTCPaO5P/vpeWaCnBRarGFn3DmqA3JT+59bmRpGdiP3Zrlk2EbHi0yrd2P3UFDnX | FTCPaO5P/vpeWaCnBRarGFn3DmqA3JT+59bmRpGdiP3Zrlk2EbHi0yrd2P3UFDnX | |||
| qRkkI+7pf6eOHWJRntJA+KJS8v3tZ/hpiEKAEav/Mq0IFNFyEiZpCkbKCX5auDb1 | qRkkI+7pf6eOHWJRntJA+KJS8v3tZ/hpiEKAEav/Mq0IFNFyEiZpCkbKCX5auDb1 | |||
| p5c3J2MNg/WNBfpGJUHKVIzuIF3H+8LfFgayRsDsppoUMffR+GmdL8nxLiqhraHD | p5c3J2MNg/WNBfpGJUHKVIzuIF3H+8LfFgayRsDsppoUMffR+GmdL8nxLiqhraHD | |||
| +Iqr3LpEroNi/iZQWUTFTUlaePf/2KMqaHOuy41IVvcH1jIcLXHGNa66S8AP/Hj2 | +Iqr3LpEroNi/iZQWUTFTUlaePf/2KMqaHOuy41IVvcH1jIcLXHGNa66S8AP/Hj2 | |||
| TJPPg/lve76DVaGdEnx4QJd4pBFQac90zmhxU1HZrvzubK9t4e5lr80wpd2djvZK | TJPPg/lve76DVaGdEnx4QJd4pBFQac90zmhxU1HZrvzubK9t4e5lr80wpd2djvZK | |||
| wSLzUgtQZXq8pSs1r85vrb3KItdYGF6SZpX029FS7rY3uYth5SYVUQWdUYYY3S0/ | wSLzUgtQZXq8pSs1r85vrb3KItdYGF6SZpX029FS7rY3uYth5SYVUQWdUYYY3S0/ | |||
| skipping to change at line 781 ¶ | skipping to change at line 896 ¶ | |||
| gogzwwSaGwx9n/o6czE8MBUGCSqGSIb3DQEJFDEIHgYAYgBvAGIwIwYJKoZIhvcN | gogzwwSaGwx9n/o6czE8MBUGCSqGSIb3DQEJFDEIHgYAYgBvAGIwIwYJKoZIhvcN | |||
| AQkVMRYEFBfFhHvQp+92kDi4s28IvJK1niuUMC8wHzAHBgUrDgMCGgQUgwafFeGU | AQkVMRYEFBfFhHvQp+92kDi4s28IvJK1niuUMC8wHzAHBgUrDgMCGgQUgwafFeGU | |||
| n9Q1rAOUCgw+KWxk+8EECJ1vqXe6ro0FAgIoAA== | n9Q1rAOUCgw+KWxk+8EECJ1vqXe6ro0FAgIoAA== | |||
| -----END PKCS12----- | -----END PKCS12----- | |||
| ]]></sourcecode> | ]]></sourcecode> | |||
| </section> | </section> | |||
| </section> | </section> | |||
| <section anchor="sample-ed25519-ca" numbered="true" toc="default"> | <section anchor="sample-ed25519-ca" numbered="true" toc="default"> | |||
| <name>Example Ed25519 Certification Authority</name> | <name>Example Ed25519 Certification Authority</name> | |||
| <t>The example Ed25519 Certification Authority has the following informati on:</t> | <t>The example Ed25519 Certification Authority has the following informati on:</t> | |||
| <ul spacing="normal"> | <dl> | |||
| <li>Name: <tt>Sample LAMPS Ed25519 Certification Authority</tt></li> | <dt>Name: | |||
| </ul> | </dt> | |||
| <dd><tt>Sample LAMPS Ed25519 Certification Authority</tt> | ||||
| </dd> | ||||
| </dl> | ||||
| <section anchor="ed25519-ca-cert" numbered="true" toc="default"> | <section anchor="ed25519-ca-cert" numbered="true" toc="default"> | |||
| <name>Ed25519 Certification Authority Root Certificate</name> | <name>Ed25519 Certification Authority Root Certificate</name> | |||
| <t>This certificate is used to verify certificates issued by the example Ed25519 Certification Authority.</t> | <t>This certificate is used to verify certificates issued by the example Ed25519 Certification Authority.</t> | |||
| <sourcecode type="application/x-x509-ca-cert" name="ca.25519.crt"><![CDA TA[ | <sourcecode type="x509" name="ca.25519.crt"><![CDATA[ | |||
| -----BEGIN CERTIFICATE----- | -----BEGIN CERTIFICATE----- | |||
| MIIBtzCCAWmgAwIBAgITH59R65FuWGNFHoyc0N3iWesrXzAFBgMrZXAwWTENMAsG | MIIBtzCCAWmgAwIBAgITH59R65FuWGNFHoyc0N3iWesrXzAFBgMrZXAwWTENMAsG | |||
| A1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxNTAzBgNVBAMTLFNhbXBsZSBM | A1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxNTAzBgNVBAMTLFNhbXBsZSBM | |||
| QU1QUyBFZDI1NTE5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MCAXDTIwMTIxNTIx | QU1QUyBFZDI1NTE5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MCAXDTIwMTIxNTIx | |||
| MzU0NFoYDzIwNTIxMjE1MjEzNTQ0WjBZMQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQL | MzU0NFoYDzIwNTIxMjE1MjEzNTQ0WjBZMQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQL | |||
| EwhMQU1QUyBXRzE1MDMGA1UEAxMsU2FtcGxlIExBTVBTIEVkMjU1MTkgQ2VydGlm | EwhMQU1QUyBXRzE1MDMGA1UEAxMsU2FtcGxlIExBTVBTIEVkMjU1MTkgQ2VydGlm | |||
| aWNhdGlvbiBBdXRob3JpdHkwKjAFBgMrZXADIQCEgUZ9yI/rkX/82DihqzVIZQZ+ | aWNhdGlvbiBBdXRob3JpdHkwKjAFBgMrZXADIQCEgUZ9yI/rkX/82DihqzVIZQZ+ | |||
| RKE3URyp+eN2TxJDBKNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMC | RKE3URyp+eN2TxJDBKNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMC | |||
| AQYwHQYDVR0OBBYEFGuilX26FJvkLQTRB6TRguQua4y1MAUGAytlcANBAFAJrlWo | AQYwHQYDVR0OBBYEFGuilX26FJvkLQTRB6TRguQua4y1MAUGAytlcANBAFAJrlWo | |||
| QjzwT0ph7rXe023x3GaLPMXMwQI2Of+apkdG2mH9ID6PE1bu3gRRqIH5w2tyS+xF | QjzwT0ph7rXe023x3GaLPMXMwQI2Of+apkdG2mH9ID6PE1bu3gRRqIH5w2tyS+xF | |||
| Jw0ouxcJyAyXEQ4= | Jw0ouxcJyAyXEQ4= | |||
| -----END CERTIFICATE----- | -----END CERTIFICATE----- | |||
| ]]></sourcecode> | ]]></sourcecode> | |||
| </section> | </section> | |||
| <section anchor="ed25519-certification-authority-secret-key" numbered="tru e" toc="default"> | <section anchor="ed25519-certification-authority-secret-key" numbered="tru e" toc="default"> | |||
| <name>Ed25519 Certification Authority Secret Key</name> | <name>Ed25519 Certification Authority Secret Key</name> | |||
| <t>This secret key material is used by the example Ed25519 Certification Authority to issue new certificates.</t> | <t>This secret key material is used by the example Ed25519 Certification Authority to issue new certificates.</t> | |||
| <sourcecode type="application/x-pem-file" name="ca.25519.key"><![CDATA[ | <sourcecode type="pkcs8" name="ca.25519.key"><![CDATA[ | |||
| -----BEGIN PRIVATE KEY----- | -----BEGIN PRIVATE KEY----- | |||
| MC4CAQAwBQYDK2VwBCIEIAt889xRDvxNT8ak53T7tzKuSn6CQDe8fIdjrCiSFRcp | MC4CAQAwBQYDK2VwBCIEIAt889xRDvxNT8ak53T7tzKuSn6CQDe8fIdjrCiSFRcp | |||
| -----END PRIVATE KEY----- | -----END PRIVATE KEY----- | |||
| ]]></sourcecode> | ]]></sourcecode> | |||
| <t>This secret key is the <xref target="SHA256" format="default"/> diges | <t>This secret key is the SHA-256 (<xref target="SHA" | |||
| t of the ASCII string <tt>draft-lamps-sample-certs-keygen.ca.25519.seed</tt>.</t | format="default"/>) digest of the ASCII string | |||
| > | <tt>draft-lamps-sample-certs-keygen.ca.25519.seed</tt>.</t> | |||
| </section> | </section> | |||
| <section anchor="ed25519-ca-cross-cert" numbered="true" toc="default"> | <section anchor="ed25519-ca-cross-cert" numbered="true" toc="default"> | |||
| <name>Ed25519 Certification Authority Cross-signed Certificate</name> | <name>Ed25519 Certification Authority Cross-Signed Certificate</name> | |||
| <t>If an e-mail client only trusts the RSA Certification Authority Root | <t>If an email client only trusts the RSA Certification Authority Root C | |||
| Certificate found in <xref target="rsa-ca-cert" format="default"/>, they can use | ertificate found in <xref target="rsa-ca-cert" format="default"/>, they can use | |||
| this intermediate CA certificate to verify any end entity certificate issued by | this intermediate CA certificate to verify any end-entity certificate issued by | |||
| the example Ed25519 Certification Authority.</t> | the example Ed25519 Certification Authority.</t> | |||
| <sourcecode type="application/x-x509-ca-cert" name="ca.25519.cross.crt"> | <sourcecode type="x509" name="ca.25519.cross.crt"><![CDATA[ | |||
| <![CDATA[ | ||||
| -----BEGIN CERTIFICATE----- | -----BEGIN CERTIFICATE----- | |||
| MIICvzCCAaegAwIBAgITR49T5oAgYhF5+eBYQ3ZBZIMuujANBgkqhkiG9w0BAQsF | MIICvzCCAaegAwIBAgITR49T5oAgYhF5+eBYQ3ZBZIMuujANBgkqhkiG9w0BAQsF | |||
| ADBVMQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQLEwhMQU1QUyBXRzExMC8GA1UEAxMo | ADBVMQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQLEwhMQU1QUyBXRzExMC8GA1UEAxMo | |||
| U2FtcGxlIExBTVBTIFJTQSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAgFw0yMDEy | U2FtcGxlIExBTVBTIFJTQSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAgFw0yMDEy | |||
| MTUyMTM1NDRaGA8yMDUyMDkyNzA2NTQxOFowWTENMAsGA1UEChMESUVURjERMA8G | MTUyMTM1NDRaGA8yMDUyMDkyNzA2NTQxOFowWTENMAsGA1UEChMESUVURjERMA8G | |||
| A1UECxMITEFNUFMgV0cxNTAzBgNVBAMTLFNhbXBsZSBMQU1QUyBFZDI1NTE5IENl | A1UECxMITEFNUFMgV0cxNTAzBgNVBAMTLFNhbXBsZSBMQU1QUyBFZDI1NTE5IENl | |||
| cnRpZmljYXRpb24gQXV0aG9yaXR5MCowBQYDK2VwAyEAhIFGfciP65F//Ng4oas1 | cnRpZmljYXRpb24gQXV0aG9yaXR5MCowBQYDK2VwAyEAhIFGfciP65F//Ng4oas1 | |||
| SGUGfkShN1Ecqfnjdk8SQwSjfDB6MA8GA1UdEwEB/wQFMAMBAf8wFwYDVR0gBBAw | SGUGfkShN1Ecqfnjdk8SQwSjfDB6MA8GA1UdEwEB/wQFMAMBAf8wFwYDVR0gBBAw | |||
| DjAMBgpghkgBZQMCATACMA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQUa6KVfboU | DjAMBgpghkgBZQMCATACMA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQUa6KVfboU | |||
| m+QtBNEHpNGC5C5rjLUwHwYDVR0jBBgwFoAUkTCOfAcXDKfxCShlNhpnHGh29Fkw | m+QtBNEHpNGC5C5rjLUwHwYDVR0jBBgwFoAUkTCOfAcXDKfxCShlNhpnHGh29Fkw | |||
| skipping to change at line 839 ¶ | skipping to change at line 960 ¶ | |||
| VCk03DFE3Qt4w9mlv9yuMse33nmsBGXog/XZvM2JRY0iKt0xksQqQD9uYm7MoMeH | VCk03DFE3Qt4w9mlv9yuMse33nmsBGXog/XZvM2JRY0iKt0xksQqQD9uYm7MoMeH | |||
| qQs3Ot7EaoPj54xyWvy42run6TLUye64D94SNjB/q/wjL96bsVIKGrRn10T1ybCh | qQs3Ot7EaoPj54xyWvy42run6TLUye64D94SNjB/q/wjL96bsVIKGrRn10T1ybCh | |||
| 4F5HD00hQZgP15Dlb1rg+vskN8MSk5nuD+6z1VsugioW0+k= | 4F5HD00hQZgP15Dlb1rg+vskN8MSk5nuD+6z1VsugioW0+k= | |||
| -----END CERTIFICATE----- | -----END CERTIFICATE----- | |||
| ]]></sourcecode> | ]]></sourcecode> | |||
| </section> | </section> | |||
| </section> | </section> | |||
| <section anchor="carloss-sample-certificates" numbered="true" toc="default"> | <section anchor="carloss-sample-certificates" numbered="true" toc="default"> | |||
| <name>Carlos's Sample Certificates</name> | <name>Carlos's Sample Certificates</name> | |||
| <t>Carlos has the following information:</t> | <t>Carlos has the following information:</t> | |||
| <ul spacing="normal"> | ||||
| <li>Name: <tt>Carlos Turing</tt></li> | <dl> | |||
| <li>E-mail Address: <tt>carlos@smime.example</tt></li> | <dt>Name: | |||
| </ul> | </dt> | |||
| <dd><tt>Carlos Turing</tt> | ||||
| </dd> | ||||
| <dt>Email Address: | ||||
| </dt> | ||||
| <dd><tt>carlos@smime.example</tt> | ||||
| </dd> | ||||
| </dl> | ||||
| <section anchor="carlos-verify-cert" numbered="true" toc="default"> | <section anchor="carlos-verify-cert" numbered="true" toc="default"> | |||
| <name>Carlos's Signature Verification End-Entity Certificate</name> | <name>Carlos's Signature Verification End-Entity Certificate</name> | |||
| <t>This certificate is used for verification of signatures made by Carlo s.</t> | <t>This certificate is used for verification of signatures made by Carlo s.</t> | |||
| <sourcecode type="application/x-pem-file" name="carlos.sign.crt"><![CDAT A[ | <sourcecode type="x509" name="carlos.sign.crt"><![CDATA[ | |||
| -----BEGIN CERTIFICATE----- | -----BEGIN CERTIFICATE----- | |||
| MIICBzCCAbmgAwIBAgITP14fVCTRtAFDeA9zwYoXhR52ljAFBgMrZXAwWTENMAsG | MIICBzCCAbmgAwIBAgITP14fVCTRtAFDeA9zwYoXhR52ljAFBgMrZXAwWTENMAsG | |||
| A1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxNTAzBgNVBAMTLFNhbXBsZSBM | A1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxNTAzBgNVBAMTLFNhbXBsZSBM | |||
| QU1QUyBFZDI1NTE5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MCAXDTIwMTIxNTIx | QU1QUyBFZDI1NTE5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MCAXDTIwMTIxNTIx | |||
| MzU0NFoYDzIwNTIxMjE1MjEzNTQ0WjA6MQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQL | MzU0NFoYDzIwNTIxMjE1MjEzNTQ0WjA6MQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQL | |||
| EwhMQU1QUyBXRzEWMBQGA1UEAxMNQ2FybG9zIFR1cmluZzAqMAUGAytlcAMhAMLO | EwhMQU1QUyBXRzEWMBQGA1UEAxMNQ2FybG9zIFR1cmluZzAqMAUGAytlcAMhAMLO | |||
| gDIs3mHITYRNYO+RnOedrq5/HuQHXSPyAKaS98ito4GwMIGtMAwGA1UdEwEB/wQC | gDIs3mHITYRNYO+RnOedrq5/HuQHXSPyAKaS98ito4GwMIGtMAwGA1UdEwEB/wQC | |||
| MAAwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMB8GA1UdEQQYMBaBFGNhcmxvc0Bz | MAAwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMB8GA1UdEQQYMBaBFGNhcmxvc0Bz | |||
| bWltZS5leGFtcGxlMBMGA1UdJQQMMAoGCCsGAQUFBwMEMA4GA1UdDwEB/wQEAwIG | bWltZS5leGFtcGxlMBMGA1UdJQQMMAoGCCsGAQUFBwMEMA4GA1UdDwEB/wQEAwIG | |||
| wDAdBgNVHQ4EFgQUZIXjO5wdWs3mC7oafwi+xJzMhD8wHwYDVR0jBBgwFoAUa6KV | wDAdBgNVHQ4EFgQUZIXjO5wdWs3mC7oafwi+xJzMhD8wHwYDVR0jBBgwFoAUa6KV | |||
| fboUm+QtBNEHpNGC5C5rjLUwBQYDK2VwA0EAwVGQWbdy6FQIpTFsaWvG2/US2fnS | fboUm+QtBNEHpNGC5C5rjLUwBQYDK2VwA0EAwVGQWbdy6FQIpTFsaWvG2/US2fnS | |||
| 6B+BzgCrkGQKWX1WgkTj4MEOqL+0cFXLr7ZQ2DQUo2iXyTAu58BR6btcCQ== | 6B+BzgCrkGQKWX1WgkTj4MEOqL+0cFXLr7ZQ2DQUo2iXyTAu58BR6btcCQ== | |||
| -----END CERTIFICATE----- | -----END CERTIFICATE----- | |||
| ]]></sourcecode> | ]]></sourcecode> | |||
| </section> | </section> | |||
| <section anchor="carlos-sign-key" numbered="true" toc="default"> | <section anchor="carlos-sign-key" numbered="true" toc="default"> | |||
| <name>Carlos's Signing Private Key Material</name> | <name>Carlos's Signing Private Key Material</name> | |||
| <t>This private key material is used by Carlos to create signatures.</t> | <t>This private key material is used by Carlos to create signatures.</t> | |||
| <sourcecode type="application/x-pem-file" name="carlos.sign.key"><![CDAT A[ | <sourcecode type="pkcs8" name="carlos.sign.key"><![CDATA[ | |||
| -----BEGIN PRIVATE KEY----- | -----BEGIN PRIVATE KEY----- | |||
| MC4CAQAwBQYDK2VwBCIEILvvxL741LfX+Ep3Iyye3Cjr4JmONIVYhZPM4M9N1IHY | MC4CAQAwBQYDK2VwBCIEILvvxL741LfX+Ep3Iyye3Cjr4JmONIVYhZPM4M9N1IHY | |||
| -----END PRIVATE KEY----- | -----END PRIVATE KEY----- | |||
| ]]></sourcecode> | ]]></sourcecode> | |||
| <t>This secret key is the <xref target="SHA256" format="default"/> diges t of the ASCII string <tt>draft-lamps-sample-certs-keygen.carlos.sign.25519.seed </tt>.</t> | <t>This secret key is the SHA-256 (<xref target="SHA" format="default"/> ) digest of the ASCII string <tt>draft-lamps-sample-certs-keygen.carlos.sign.255 19.seed</tt>.</t> | |||
| </section> | </section> | |||
| <section anchor="carlos-encrypt-cert" numbered="true" toc="default"> | <section anchor="carlos-encrypt-cert" numbered="true" toc="default"> | |||
| <name>Carlos's Encryption End-Entity Certificate</name> | <name>Carlos's Encryption End-Entity Certificate</name> | |||
| <t>This certificate is used to encrypt messages to Carlos. | <t>This certificate is used to encrypt messages to Carlos. | |||
| It contains an SMIMECapabilities extension to indicate that Carlos's MUA expects | ||||
| ECDH with HKDF using SHA-256; uses AES-128 key wrap, as indicated in <xref targ | It contains an SMIMECapabilities extension to indicate that Carlos's MUA | |||
| et="RFC8418" format="default"/>.</t> | expects Elliptic Curve Diffie-Hellman (ECDH) with the HMAC-based Key | |||
| <sourcecode type="application/x-pem-file" name="carlos.encrypt.crt"><![C | Derivation Function (HKDF) using SHA-256, and that it uses the AES-128 key wrap | |||
| DATA[ | algorithm, | |||
| as indicated in <xref target="RFC8418" format="default"/>. | ||||
| </t> | ||||
| <sourcecode type="x509" name="carlos.encrypt.crt"><![CDATA[ | ||||
| -----BEGIN CERTIFICATE----- | -----BEGIN CERTIFICATE----- | |||
| MIICNDCCAeagAwIBAgITfz0Bv+b1OMAT79aCh3arViNvhDAFBgMrZXAwWTENMAsG | MIICNDCCAeagAwIBAgITfz0Bv+b1OMAT79aCh3arViNvhDAFBgMrZXAwWTENMAsG | |||
| A1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxNTAzBgNVBAMTLFNhbXBsZSBM | A1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxNTAzBgNVBAMTLFNhbXBsZSBM | |||
| QU1QUyBFZDI1NTE5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MCAXDTIwMTIxNTIx | QU1QUyBFZDI1NTE5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MCAXDTIwMTIxNTIx | |||
| MzU0NFoYDzIwNTIxMjE1MjEzNTQ0WjA6MQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQL | MzU0NFoYDzIwNTIxMjE1MjEzNTQ0WjA6MQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQL | |||
| EwhMQU1QUyBXRzEWMBQGA1UEAxMNQ2FybG9zIFR1cmluZzAqMAUGAytlbgMhAC5o | EwhMQU1QUyBXRzEWMBQGA1UEAxMNQ2FybG9zIFR1cmluZzAqMAUGAytlbgMhAC5o | |||
| MczTIMiddTUYTc/WymEqXw8hZm1QbIz2xX2gFDx0o4HdMIHaMCsGCSqGSIb3DQEJ | MczTIMiddTUYTc/WymEqXw8hZm1QbIz2xX2gFDx0o4HdMIHaMCsGCSqGSIb3DQEJ | |||
| DwQeMBwwGgYLKoZIhvcNAQkQAxMwCwYJYIZIAWUDBAEFMAwGA1UdEwEB/wQCMAAw | DwQeMBwwGgYLKoZIhvcNAQkQAxMwCwYJYIZIAWUDBAEFMAwGA1UdEwEB/wQCMAAw | |||
| FwYDVR0gBBAwDjAMBgpghkgBZQMCATABMB8GA1UdEQQYMBaBFGNhcmxvc0BzbWlt | FwYDVR0gBBAwDjAMBgpghkgBZQMCATABMB8GA1UdEQQYMBaBFGNhcmxvc0BzbWlt | |||
| ZS5leGFtcGxlMBMGA1UdJQQMMAoGCCsGAQUFBwMEMA4GA1UdDwEB/wQEAwIDCDAd | ZS5leGFtcGxlMBMGA1UdJQQMMAoGCCsGAQUFBwMEMA4GA1UdDwEB/wQEAwIDCDAd | |||
| BgNVHQ4EFgQUgSmg+iOgSyCMDXgA3u3aFss0JbkwHwYDVR0jBBgwFoAUa6KVfboU | BgNVHQ4EFgQUgSmg+iOgSyCMDXgA3u3aFss0JbkwHwYDVR0jBBgwFoAUa6KVfboU | |||
| m+QtBNEHpNGC5C5rjLUwBQYDK2VwA0EAzss75UzFuADPfd4hQdo5jyAQ3GvkyyvI | m+QtBNEHpNGC5C5rjLUwBQYDK2VwA0EAzss75UzFuADPfd4hQdo5jyAQ3GvkyyvI | |||
| BdBGnWtJ1eT1WuMaIMhi1rH4vPGPd9scwW+sqd9fG+pv3MShl+zKAQ== | BdBGnWtJ1eT1WuMaIMhi1rH4vPGPd9scwW+sqd9fG+pv3MShl+zKAQ== | |||
| -----END CERTIFICATE----- | -----END CERTIFICATE----- | |||
| ]]></sourcecode> | ]]></sourcecode> | |||
| </section> | </section> | |||
| <section anchor="carlos-decrypt-key" numbered="true" toc="default"> | <section anchor="carlos-decrypt-key" numbered="true" toc="default"> | |||
| <name>Carlos's Decryption Private Key Material</name> | <name>Carlos's Decryption Private Key Material</name> | |||
| <t>This private key material is used by Carlos to decrypt messages.</t> | <t>This private key material is used by Carlos to decrypt messages.</t> | |||
| <sourcecode type="application/x-pem-file" name="carlos.encrypt.key"><![C DATA[ | <sourcecode type="pkcs8" name="carlos.encrypt.key"><![CDATA[ | |||
| -----BEGIN PRIVATE KEY----- | -----BEGIN PRIVATE KEY----- | |||
| MC4CAQAwBQYDK2VuBCIEIIH5782H/otrhLy9Dtvzt79ffsvpcVXgdUczTdUvSQsK | MC4CAQAwBQYDK2VuBCIEIIH5782H/otrhLy9Dtvzt79ffsvpcVXgdUczTdUvSQsK | |||
| -----END PRIVATE KEY----- | -----END PRIVATE KEY----- | |||
| ]]></sourcecode> | ]]></sourcecode> | |||
| <t>This secret key is the <xref target="SHA256" format="default"/> diges | <t>This secret key is the SHA-256 (<xref target="SHA" | |||
| t of the ASCII string <tt>draft-lamps-sample-certs-keygen.carlos.encrypt.25519.s | format="default"/>) digest of the ASCII string | |||
| eed</tt>.</t> | <tt>draft-lamps-sample-certs-keygen.carlos.encrypt.25519.seed</tt>.</t> | |||
| </section> | </section> | |||
| <section anchor="pkcs12-object-for-carlos" numbered="true" toc="default"> | <section anchor="pkcs12-object-for-carlos" numbered="true" toc="default"> | |||
| <name>PKCS12 Object for Carlos</name> | <name>PKCS #12 Object for Carlos</name> | |||
| <t>This PKCS12 (<xref target="RFC7292" format="default"/>) object contai | <t>This PKCS #12 (<xref target="RFC7292" format="default"/>) object cont | |||
| ns the same information as presented in <xref target="carlos-verify-cert" format | ains the same information as presented in Sections <xref target="ed25519-ca-cros | |||
| ="default"/>, <xref target="carlos-sign-key" format="default"/>, <xref target="c | s-cert" format="counter"/>, <xref target="carlos-verify-cert" format="counter"/> | |||
| arlos-encrypt-cert" format="default"/>, <xref target="carlos-decrypt-key" format | , <xref target="carlos-sign-key" format="counter"/>, <xref target="carlos-encryp | |||
| ="default"/>, and <xref target="ed25519-ca-cross-cert" format="default"/>.</t> | t-cert" format="counter"/>, and <xref target="carlos-decrypt-key" format="counte | |||
| r"/>. | ||||
| </t> | ||||
| <t>It is locked with the simple five-letter password <tt>carlos</tt>.</t > | <t>It is locked with the simple five-letter password <tt>carlos</tt>.</t > | |||
| <sourcecode type="application/x-pem-file" name="carlos.p12"><![CDATA[ | <sourcecode type="pkcs12" name="carlos.p12"><![CDATA[ | |||
| -----BEGIN PKCS12----- | -----BEGIN PKCS12----- | |||
| MIIKzgIBAzCCCpYGCSqGSIb3DQEHAaCCCocEggqDMIIKfzCCAvcGCSqGSIb3DQEH | MIIKzgIBAzCCCpYGCSqGSIb3DQEHAaCCCocEggqDMIIKfzCCAvcGCSqGSIb3DQEH | |||
| BqCCAugwggLkAgEAMIIC3QYJKoZIhvcNAQcBMBwGCiqGSIb3DQEMAQMwDgQIwS3R | BqCCAugwggLkAgEAMIIC3QYJKoZIhvcNAQcBMBwGCiqGSIb3DQEMAQMwDgQIwS3R | |||
| pT1mkyMCAhS7gIICsGKkBm0nci9VHfqxOTWy/lkKyQeF5bwsF/9gZrqUym1KtHZF | pT1mkyMCAhS7gIICsGKkBm0nci9VHfqxOTWy/lkKyQeF5bwsF/9gZrqUym1KtHZF | |||
| a4rSJIPUctmzqVnhGmfW9m+LEi7Em9rRmUIQbDZt4kQDG5eDk7AdhyDnB3uZDG1W | a4rSJIPUctmzqVnhGmfW9m+LEi7Em9rRmUIQbDZt4kQDG5eDk7AdhyDnB3uZDG1W | |||
| 4cAeUVXJMzGfnwtzy5TzBZzEo5nnVX74Al+PDW9wdpbv2TIriL0m29fBT+7HVS9F | 4cAeUVXJMzGfnwtzy5TzBZzEo5nnVX74Al+PDW9wdpbv2TIriL0m29fBT+7HVS9F | |||
| Z/95XokSwbb6mmCYeGiPpNEaoeUeuU4zrh/k+JJqDuqNsU66I30wH0CFmk3aarBV | Z/95XokSwbb6mmCYeGiPpNEaoeUeuU4zrh/k+JJqDuqNsU66I30wH0CFmk3aarBV | |||
| 3LkEeCjKFkngzMOZqiKZu8D2hEUjsGQ9ALsRn7P+hIWNFIgjvqgcCMTF8fLK1C/8 | 3LkEeCjKFkngzMOZqiKZu8D2hEUjsGQ9ALsRn7P+hIWNFIgjvqgcCMTF8fLK1C/8 | |||
| vYGD+HOpnn23nLele4b/qpFYx5kJ0bOK1Zo1SpgUQ7Bu6gectUceyOgi7CjRScuV | vYGD+HOpnn23nLele4b/qpFYx5kJ0bOK1Zo1SpgUQ7Bu6gectUceyOgi7CjRScuV | |||
| ew7918ZY0ugyYoIWAT0kecPM0TFtxAn19JPXo4jBYAlwUtx7GYAlDkgZCb/0dbkv | ew7918ZY0ugyYoIWAT0kecPM0TFtxAn19JPXo4jBYAlwUtx7GYAlDkgZCb/0dbkv | |||
| skipping to change at line 974 ¶ | skipping to change at line 1115 ¶ | |||
| Fn7qHw06MDthnKniazFCMBsGCSqGSIb3DQEJFDEOHgwAYwBhAHIAbABvAHMwIwYJ | Fn7qHw06MDthnKniazFCMBsGCSqGSIb3DQEJFDEOHgwAYwBhAHIAbABvAHMwIwYJ | |||
| KoZIhvcNAQkVMRYEFGSF4zucHVrN5gu6Gn8IvsSczIQ/MC8wHzAHBgUrDgMCGgQU | KoZIhvcNAQkVMRYEFGSF4zucHVrN5gu6Gn8IvsSczIQ/MC8wHzAHBgUrDgMCGgQU | |||
| 8nOYIWrnJVXEur957K5cCV3jx5cECJDjaZkfy4FnAgIoAA== | 8nOYIWrnJVXEur957K5cCV3jx5cECJDjaZkfy4FnAgIoAA== | |||
| -----END PKCS12----- | -----END PKCS12----- | |||
| ]]></sourcecode> | ]]></sourcecode> | |||
| </section> | </section> | |||
| </section> | </section> | |||
| <section anchor="danas-sample-certificates" numbered="true" toc="default"> | <section anchor="danas-sample-certificates" numbered="true" toc="default"> | |||
| <name>Dana's Sample Certificates</name> | <name>Dana's Sample Certificates</name> | |||
| <t>Dana has the following information:</t> | <t>Dana has the following information:</t> | |||
| <ul spacing="normal"> | <dl> | |||
| <li>Name: <tt>Dana Hopper</tt></li> | <dt>Name: | |||
| <li>E-mail Address: <tt>dna@smime.example</tt></li> | </dt> | |||
| </ul> | <dd><tt>Dana Hopper</tt> | |||
| <section anchor="dana-verify-cert" numbered="true" toc="default"> | </dd> | |||
| <dt>Email Address: | ||||
| </dt> | ||||
| <dd><tt>dna@smime.example</tt> | ||||
| </dd> | ||||
| </dl> | ||||
| <section anchor="dana-verify-cert" numbered="true" toc="default"> | ||||
| <name>Dana's Signature Verification End-Entity Certificate</name> | <name>Dana's Signature Verification End-Entity Certificate</name> | |||
| <t>This certificate is used for verification of signatures made by Dana. </t> | <t>This certificate is used for verification of signatures made by Dana. </t> | |||
| <sourcecode type="application/x-pem-file" name="dana.sign.crt"><![CDATA[ | <sourcecode type="x509" name="dana.sign.crt"><![CDATA[ | |||
| -----BEGIN CERTIFICATE----- | -----BEGIN CERTIFICATE----- | |||
| MIICAzCCAbWgAwIBAgITaWZI+hVtn8pQZviAmPmBXzWfnjAFBgMrZXAwWTENMAsG | MIICAzCCAbWgAwIBAgITaWZI+hVtn8pQZviAmPmBXzWfnjAFBgMrZXAwWTENMAsG | |||
| A1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxNTAzBgNVBAMTLFNhbXBsZSBM | A1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxNTAzBgNVBAMTLFNhbXBsZSBM | |||
| QU1QUyBFZDI1NTE5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MCAXDTIwMTIxNTIx | QU1QUyBFZDI1NTE5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MCAXDTIwMTIxNTIx | |||
| MzU0NFoYDzIwNTIxMjE1MjEzNTQ0WjA4MQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQL | MzU0NFoYDzIwNTIxMjE1MjEzNTQ0WjA4MQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQL | |||
| EwhMQU1QUyBXRzEUMBIGA1UEAxMLRGFuYSBIb3BwZXIwKjAFBgMrZXADIQCy2h3h | EwhMQU1QUyBXRzEUMBIGA1UEAxMLRGFuYSBIb3BwZXIwKjAFBgMrZXADIQCy2h3h | |||
| hkaKDY67PuCuNLnnrQiHdSWYpPlgFsOif85vrqOBrjCBqzAMBgNVHRMBAf8EAjAA | hkaKDY67PuCuNLnnrQiHdSWYpPlgFsOif85vrqOBrjCBqzAMBgNVHRMBAf8EAjAA | |||
| MBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAdBgNVHREEFjAUgRJkYW5hQHNtaW1l | MBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAdBgNVHREEFjAUgRJkYW5hQHNtaW1l | |||
| LmV4YW1wbGUwEwYDVR0lBAwwCgYIKwYBBQUHAwQwDgYDVR0PAQH/BAQDAgbAMB0G | LmV4YW1wbGUwEwYDVR0lBAwwCgYIKwYBBQUHAwQwDgYDVR0PAQH/BAQDAgbAMB0G | |||
| A1UdDgQWBBRIA4bBabh4ba7e88wGsDOsVzLdljAfBgNVHSMEGDAWgBRropV9uhSb | A1UdDgQWBBRIA4bBabh4ba7e88wGsDOsVzLdljAfBgNVHSMEGDAWgBRropV9uhSb | |||
| 5C0E0Qek0YLkLmuMtTAFBgMrZXADQQDpORBZitzXGYUjxnoKVLIcWL5xner97it5 | 5C0E0Qek0YLkLmuMtTAFBgMrZXADQQDpORBZitzXGYUjxnoKVLIcWL5xner97it5 | |||
| VKxEf8E7AeAp96POPEu//2jXnh4qAT40ymW0wrqxU1NT8WW/dSgC | VKxEf8E7AeAp96POPEu//2jXnh4qAT40ymW0wrqxU1NT8WW/dSgC | |||
| -----END CERTIFICATE----- | -----END CERTIFICATE----- | |||
| ]]></sourcecode> | ]]></sourcecode> | |||
| </section> | </section> | |||
| <section anchor="dana-sign-key" numbered="true" toc="default"> | <section anchor="dana-sign-key" numbered="true" toc="default"> | |||
| <name>Dana's Signing Private Key Material</name> | <name>Dana's Signing Private Key Material</name> | |||
| <t>This private key material is used by Dana to create signatures.</t> | <t>This private key material is used by Dana to create signatures.</t> | |||
| <sourcecode type="application/x-pem-file" name="dana.sign.key"><![CDATA[ | <sourcecode type="pkcs8" name="dana.sign.key"><![CDATA[ | |||
| -----BEGIN PRIVATE KEY----- | -----BEGIN PRIVATE KEY----- | |||
| MC4CAQAwBQYDK2VwBCIEINZ8GPfmQh2AMp+uNIsZMbzvyTOltwvEt13usjnUaW4N | MC4CAQAwBQYDK2VwBCIEINZ8GPfmQh2AMp+uNIsZMbzvyTOltwvEt13usjnUaW4N | |||
| -----END PRIVATE KEY----- | -----END PRIVATE KEY----- | |||
| ]]></sourcecode> | ]]></sourcecode> | |||
| <t>This secret key is the <xref target="SHA256" format="default"/> diges | <t>This secret key is the SHA-256 (<xref target="SHA" | |||
| t of the ASCII string <tt>draft-lamps-sample-certs-keygen.dana.sign.25519.seed</ | format="default"/>) digest of the ASCII string | |||
| tt>.</t> | <tt>draft-lamps-sample-certs-keygen.dana.sign.25519.seed</tt>.</t> | |||
| </section> | </section> | |||
| <section anchor="dana-encrypt-cert" numbered="true" toc="default"> | <section anchor="dana-encrypt-cert" numbered="true" toc="default"> | |||
| <name>Dana's Encryption End-Entity Certificate</name> | <name>Dana's Encryption End-Entity Certificate</name> | |||
| <t>This certificate is used to encrypt messages to Dana. | <t>This certificate is used to encrypt messages to Dana. It contains | |||
| It contains an SMIMECapabilities extension to indicate that Dana's MUA expects E | an SMIMECapabilities extension to indicate that Dana's MUA expects | |||
| CDH with HKDF using SHA-256; uses AES-128 key wrap, as indicated in <xref target | ECDH with HKDF using SHA-256, and that it uses the AES-128 key wrap algo | |||
| ="RFC8418" format="default"/>.</t> | rithm, as | |||
| <sourcecode type="application/x-pem-file" name="dana.encrypt.crt"><![CDA | indicated in <xref target="RFC8418" format="default"/>.</t> | |||
| TA[ | <sourcecode type="x509" name="dana.encrypt.crt"><![CDATA[ | |||
| -----BEGIN CERTIFICATE----- | -----BEGIN CERTIFICATE----- | |||
| MIICMDCCAeKgAwIBAgITDksKNqnvupyaO2gkjlIdwN7zpzAFBgMrZXAwWTENMAsG | MIICMDCCAeKgAwIBAgITDksKNqnvupyaO2gkjlIdwN7zpzAFBgMrZXAwWTENMAsG | |||
| A1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxNTAzBgNVBAMTLFNhbXBsZSBM | A1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxNTAzBgNVBAMTLFNhbXBsZSBM | |||
| QU1QUyBFZDI1NTE5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MCAXDTIwMTIxNTIx | QU1QUyBFZDI1NTE5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MCAXDTIwMTIxNTIx | |||
| MzU0NFoYDzIwNTIxMjE1MjEzNTQ0WjA4MQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQL | MzU0NFoYDzIwNTIxMjE1MjEzNTQ0WjA4MQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQL | |||
| EwhMQU1QUyBXRzEUMBIGA1UEAxMLRGFuYSBIb3BwZXIwKjAFBgMrZW4DIQDgMaI2 | EwhMQU1QUyBXRzEUMBIGA1UEAxMLRGFuYSBIb3BwZXIwKjAFBgMrZW4DIQDgMaI2 | |||
| AWkU9LG8CvaRHgDSEY9d72Y8ENZeMwibPugkVKOB2zCB2DArBgkqhkiG9w0BCQ8E | AWkU9LG8CvaRHgDSEY9d72Y8ENZeMwibPugkVKOB2zCB2DArBgkqhkiG9w0BCQ8E | |||
| HjAcMBoGCyqGSIb3DQEJEAMTMAsGCWCGSAFlAwQBBTAMBgNVHRMBAf8EAjAAMBcG | HjAcMBoGCyqGSIb3DQEJEAMTMAsGCWCGSAFlAwQBBTAMBgNVHRMBAf8EAjAAMBcG | |||
| A1UdIAQQMA4wDAYKYIZIAWUDAgEwATAdBgNVHREEFjAUgRJkYW5hQHNtaW1lLmV4 | A1UdIAQQMA4wDAYKYIZIAWUDAgEwATAdBgNVHREEFjAUgRJkYW5hQHNtaW1lLmV4 | |||
| YW1wbGUwEwYDVR0lBAwwCgYIKwYBBQUHAwQwDgYDVR0PAQH/BAQDAgMIMB0GA1Ud | YW1wbGUwEwYDVR0lBAwwCgYIKwYBBQUHAwQwDgYDVR0PAQH/BAQDAgMIMB0GA1Ud | |||
| DgQWBBSd303UBe+a7GCGvCdtBOnOWtyPpDAfBgNVHSMEGDAWgBRropV9uhSb5C0E | DgQWBBSd303UBe+a7GCGvCdtBOnOWtyPpDAfBgNVHSMEGDAWgBRropV9uhSb5C0E | |||
| 0Qek0YLkLmuMtTAFBgMrZXADQQD6f7DCCxXzpnY3BwmrIuf/SNQSf//Otri7USkd | 0Qek0YLkLmuMtTAFBgMrZXADQQD6f7DCCxXzpnY3BwmrIuf/SNQSf//Otri7USkd | |||
| 9GF+VthGS+9KJ4HTBCh0ZGuHIU9EgnfgdSL1UR3WUkL7tv8A | 9GF+VthGS+9KJ4HTBCh0ZGuHIU9EgnfgdSL1UR3WUkL7tv8A | |||
| -----END CERTIFICATE----- | -----END CERTIFICATE----- | |||
| ]]></sourcecode> | ]]></sourcecode> | |||
| </section> | </section> | |||
| <section anchor="dana-decrypt-key" numbered="true" toc="default"> | <section anchor="dana-decrypt-key" numbered="true" toc="default"> | |||
| <name>Dana's Decryption Private Key Material</name> | <name>Dana's Decryption Private Key Material</name> | |||
| <t>This private key material is used by Dana to decrypt messages.</t> | <t>This private key material is used by Dana to decrypt messages.</t> | |||
| <sourcecode type="application/x-pem-file" name="dana.encrypt.key"><![CDA TA[ | <sourcecode type="pkcs8" name="dana.encrypt.key"><![CDATA[ | |||
| -----BEGIN PRIVATE KEY----- | -----BEGIN PRIVATE KEY----- | |||
| MC4CAQAwBQYDK2VuBCIEIGxZt8L7lY48OEq4gs/smQ4weDhRNMlYHG21StivPfz3 | MC4CAQAwBQYDK2VuBCIEIGxZt8L7lY48OEq4gs/smQ4weDhRNMlYHG21StivPfz3 | |||
| -----END PRIVATE KEY----- | -----END PRIVATE KEY----- | |||
| ]]></sourcecode> | ]]></sourcecode> | |||
| <t>This seed is the <xref target="SHA256" format="default"/> digest of t he ASCII string <tt>draft-lamps-sample-certs-keygen.dana.encrypt.25519.seed</tt> .</t> | <t>This seed is the SHA-256 (<xref target="SHA" format="default"/>) dige st of the ASCII string <tt>draft-lamps-sample-certs-keygen.dana.encrypt.25519.se ed</tt>.</t> | |||
| </section> | </section> | |||
| <section anchor="pkcs12-object-for-dana" numbered="true" toc="default"> | <section anchor="pkcs12-object-for-dana" numbered="true" toc="default"> | |||
| <name>PKCS12 Object for Dana</name> | <name>PKCS #12 Object for Dana</name> | |||
| <t>This PKCS12 (<xref target="RFC7292" format="default"/>) object contai | <t>This PKCS #12 (<xref target="RFC7292" format="default"/>) object cont | |||
| ns the same information as presented in <xref target="dana-verify-cert" format=" | ains the same information as presented in Sections <xref target="ed25519-ca-cros | |||
| default"/>, <xref target="dana-sign-key" format="default"/>, <xref target="dana- | s-cert" format="counter"/>, <xref target="dana-verify-cert" format="counter"/>, | |||
| encrypt-cert" format="default"/>, <xref target="dana-decrypt-key" format="defaul | <xref target="dana-sign-key" format="counter"/>, <xref target="dana-encrypt-cert | |||
| t"/>, and <xref target="ed25519-ca-cross-cert" format="default"/>.</t> | " format="counter"/>, and <xref target="dana-decrypt-key" format="counter"/>. | |||
| </t> | ||||
| <t>It is locked with the simple four-letter password <tt>dana</tt>.</t> | <t>It is locked with the simple four-letter password <tt>dana</tt>.</t> | |||
| <sourcecode type="application/x-pem-file" name="dana.p12"><![CDATA[ | <sourcecode type="pkcs12" name="dana.p12"><![CDATA[ | |||
| -----BEGIN PKCS12----- | -----BEGIN PKCS12----- | |||
| MIIKtgIBAzCCCn4GCSqGSIb3DQEHAaCCCm8EggprMIIKZzCCAu8GCSqGSIb3DQEH | MIIKtgIBAzCCCn4GCSqGSIb3DQEHAaCCCm8EggprMIIKZzCCAu8GCSqGSIb3DQEH | |||
| BqCCAuAwggLcAgEAMIIC1QYJKoZIhvcNAQcBMBwGCiqGSIb3DQEMAQMwDgQIZNqH | BqCCAuAwggLcAgEAMIIC1QYJKoZIhvcNAQcBMBwGCiqGSIb3DQEMAQMwDgQIZNqH | |||
| TA2APx0CAhQXgIICqK+HFHF6dF5qwlWM6MRCXw11VKrcYBff65iLABPyGvWENnVM | TA2APx0CAhQXgIICqK+HFHF6dF5qwlWM6MRCXw11VKrcYBff65iLABPyGvWENnVM | |||
| TTPpDLqbGm6Yd2eLntPZvJoVe5Sf2+DW4q3BZ9aKuEdneBBk8mDJ6/Lq1+wFxY5k | TTPpDLqbGm6Yd2eLntPZvJoVe5Sf2+DW4q3BZ9aKuEdneBBk8mDJ6/Lq1+wFxY5k | |||
| WaBHTA6LNml/NkM3za/fr4abKFQnu6DZgZDGbZh2BsgCMmO9TeHgZyepsh3WP4ZO | WaBHTA6LNml/NkM3za/fr4abKFQnu6DZgZDGbZh2BsgCMmO9TeHgZyepsh3WP4ZO | |||
| aYDvSD0LiEzerDPlOBgjYahcNLjv/Dn/dFxtOO3or010TTUoQCqeHJOoq3hJtSI+ | aYDvSD0LiEzerDPlOBgjYahcNLjv/Dn/dFxtOO3or010TTUoQCqeHJOoq3hJtSI+ | |||
| 8n0iXk6gtf1/ROj6JRt/3Aqz/mLMIhuxIg/5K1wxY9AwFT4oyflapNJozGg9qwGi | 8n0iXk6gtf1/ROj6JRt/3Aqz/mLMIhuxIg/5K1wxY9AwFT4oyflapNJozGg9qwGi | |||
| PWVtEy3QDNvAs3bDfiNQqAfJOEHv2z3Ran7sYuz3vE0FnPfA81oWbazlydjB0P/B | PWVtEy3QDNvAs3bDfiNQqAfJOEHv2z3Ran7sYuz3vE0FnPfA81oWbazlydjB0P/B | |||
| OQ+s6VLbsAosnZq9jv2ZVrCDaDAl/g7oD7fY8qmaC6O2q5/Z3KusfMt+r9En2v81 | OQ+s6VLbsAosnZq9jv2ZVrCDaDAl/g7oD7fY8qmaC6O2q5/Z3KusfMt+r9En2v81 | |||
| skipping to change at line 1109 ¶ | skipping to change at line 1263 ¶ | |||
| hkiG9w0BCRQxCh4IAGQAYQBuAGEwIwYJKoZIhvcNAQkVMRYEFEgDhsFpuHhtrt7z | hkiG9w0BCRQxCh4IAGQAYQBuAGEwIwYJKoZIhvcNAQkVMRYEFEgDhsFpuHhtrt7z | |||
| zAawM6xXMt2WMC8wHzAHBgUrDgMCGgQUzSoHpcIerV21CvCOjAe5ZVhs2M8ECC5D | zAawM6xXMt2WMC8wHzAHBgUrDgMCGgQUzSoHpcIerV21CvCOjAe5ZVhs2M8ECC5D | |||
| kkzl2MltAgIoAA== | kkzl2MltAgIoAA== | |||
| -----END PKCS12----- | -----END PKCS12----- | |||
| ]]></sourcecode> | ]]></sourcecode> | |||
| </section> | </section> | |||
| </section> | </section> | |||
| <section anchor="security-considerations" numbered="true" toc="default"> | <section anchor="security-considerations" numbered="true" toc="default"> | |||
| <name>Security Considerations</name> | <name>Security Considerations</name> | |||
| <t>The keys presented in this document should be considered compromised an d insecure, because the secret key material is published and therefore not secre t.</t> | <t>The keys presented in this document should be considered compromised an d insecure, because the secret key material is published and therefore not secre t.</t> | |||
| <t>Any application which maintains a denylist of invalid key material shou ld include these keys in its list.</t> | <t>Any application that maintains a deny list of invalid key material shou ld include these keys in its list.</t> | |||
| </section> | </section> | |||
| <section anchor="iana-considerations" numbered="true" toc="default"> | <section anchor="iana-considerations" numbered="true" toc="default"> | |||
| <name>IANA Considerations</name> | <name>IANA Considerations</name> | |||
| <t>IANA has nothing to do for this document.</t> | <t>This document has no IANA actions.</t> | |||
| </section> | ||||
| <section anchor="document-considerations" numbered="true" toc="default"> | ||||
| <name>Document Considerations</name> | ||||
| <t>[ RFC Editor: please remove this section before publication ]</t> | ||||
| <t>This document is currently edited as markdown. Minor editorial | ||||
| changes can be suggested via merge requests at | ||||
| https://gitlab.com/dkg/lamps-samples or by e-mail to the | ||||
| author. Please direct all significant commentary to the public IETF | ||||
| LAMPS mailing list: <tt>spasm@ietf.org</tt></t> | ||||
| <section anchor="document-history" numbered="true" toc="default"> | ||||
| <name>Document History</name> | ||||
| <section anchor="substantive-changes-from-draft-ietf-07-to-draft-ietf-08 | ||||
| " numbered="true" toc="default"> | ||||
| <name>Substantive Changes from draft-ietf-*-07 to draft-ietf-*-08</nam | ||||
| e> | ||||
| <ul spacing="normal"> | ||||
| <li>Apply editorial cleanup suggested during review</li> | ||||
| </ul> | ||||
| </section> | ||||
| <section anchor="substantive-changes-from-draft-ietf-06-to-draft-ietf-07 | ||||
| " numbered="true" toc="default"> | ||||
| <name>Substantive Changes from draft-ietf-*-06 to draft-ietf-*-07</nam | ||||
| e> | ||||
| <ul spacing="normal"> | ||||
| <li>Correct document history</li> | ||||
| <li>Restore PKCS12 for dana and bob from -05</li> | ||||
| </ul> | ||||
| </section> | ||||
| <section anchor="substantive-changes-from-draft-ietf-05-to-draft-ietf-06 | ||||
| " numbered="true" toc="default"> | ||||
| <name>Substantive Changes from draft-ietf-*-05 to draft-ietf-*-06</nam | ||||
| e> | ||||
| <ul spacing="normal"> | ||||
| <li>Added outbound references for acronyms PEM, CRL, and OCSP, thank | ||||
| s Stewart Brant.</li> | ||||
| <li>Accidentally modified PKCS12 for dana and bob</li> | ||||
| </ul> | ||||
| </section> | ||||
| <section anchor="substantive-changes-from-draft-ietf-04-to-draft-ietf-05 | ||||
| " numbered="true" toc="default"> | ||||
| <name>Substantive Changes from draft-ietf-*-04 to draft-ietf-*-05</nam | ||||
| e> | ||||
| <ul spacing="normal"> | ||||
| <li>Switch from SHA512 to SHA1 as MAC checksum in PKCS#12 objects, f | ||||
| or interop with Keychain Access on macOS.</li> | ||||
| </ul> | ||||
| </section> | ||||
| <section anchor="substantive-changes-from-draft-ietf-03-to-draft-ietf-04 | ||||
| " numbered="true" toc="default"> | ||||
| <name>Substantive Changes from draft-ietf-*-03 to draft-ietf-*-04</nam | ||||
| e> | ||||
| <ul spacing="normal"> | ||||
| <li>Order subject/issuer DN components by scope.</li> | ||||
| <li>Put cross-signed intermediate CA certificates into PKCS#12 inste | ||||
| ad of self-signed root CA certificates.</li> | ||||
| </ul> | ||||
| </section> | ||||
| <section anchor="substantive-changes-from-draft-ietf-02-to-draft-ietf-03 | ||||
| " numbered="true" toc="default"> | ||||
| <name>Substantive Changes from draft-ietf-*-02 to draft-ietf-*-03</nam | ||||
| e> | ||||
| <ul spacing="normal"> | ||||
| <li>Correct encoding of S/MIME Capabilities extension.</li> | ||||
| <li>Change "Certificate Authority" to "Certification Authority".</li | ||||
| > | ||||
| <li>Add CertificatePolicies to all intermediate and end-entity certi | ||||
| ficates.</li> | ||||
| <li>Add organization and organizational unit to all certificates.</l | ||||
| i> | ||||
| </ul> | ||||
| </section> | ||||
| <section anchor="substantive-changes-from-draft-ietf-01-to-draft-ietf-02 | ||||
| " numbered="true" toc="default"> | ||||
| <name>Substantive Changes from draft-ietf-*-01 to draft-ietf-*-02</nam | ||||
| e> | ||||
| <ul spacing="normal"> | ||||
| <li>Added cross-signed certificates for both CAs</li> | ||||
| <li>Added S/MIME Capabilities extension for Carlos and Dana's encryp | ||||
| tion keys, indicating preferred ECDH parameters.</li> | ||||
| <li>Ensure no serial numbers are negative.</li> | ||||
| <li>Encode keyUsage extensions in minimum-length BIT STRINGs.</li> | ||||
| </ul> | ||||
| </section> | ||||
| <section anchor="substantive-changes-from-draft-ietf-00-to-draft-ietf-01 | ||||
| " numbered="true" toc="default"> | ||||
| <name>Substantive Changes from draft-ietf-*-00 to draft-ietf-*-01</nam | ||||
| e> | ||||
| <ul spacing="normal"> | ||||
| <li>Added Curve25519 sample certificates (new CA, Carlos, and Dana)< | ||||
| /li> | ||||
| </ul> | ||||
| </section> | ||||
| <section anchor="substantive-changes-from-draft-dkg-05-to-draft-ietf-00" | ||||
| numbered="true" toc="default"> | ||||
| <name>Substantive Changes from draft-dkg-*-05 to draft-ietf-*-00</name | ||||
| > | ||||
| <ul spacing="normal"> | ||||
| <li>WG adoption (dkg moves from Author to Editor)</li> | ||||
| </ul> | ||||
| </section> | ||||
| <section anchor="substantive-changes-from-draft-dkg-04-to-draft-dkg-05" | ||||
| numbered="true" toc="default"> | ||||
| <name>Substantive Changes from draft-dkg-*-04 to draft-dkg-*-05</name> | ||||
| <ul spacing="normal"> | ||||
| <li>PEM blobs are now <tt>sourcecode</tt>, not <tt>artwork</tt></li> | ||||
| </ul> | ||||
| </section> | ||||
| <section anchor="substantive-changes-from-draft-dkg-03-to-draft-dkg-04" | ||||
| numbered="true" toc="default"> | ||||
| <name>Substantive Changes from draft-dkg-*-03 to draft-dkg-*-04</name> | ||||
| <ul spacing="normal"> | ||||
| <li>Describe deterministic key generation</li> | ||||
| <li>label PEM blobs with filenames in XML</li> | ||||
| </ul> | ||||
| </section> | ||||
| <section anchor="substantive-changes-from-draft-dkg-02-to-draft-dkg-03" | ||||
| numbered="true" toc="default"> | ||||
| <name>Substantive Changes from draft-dkg-*-02 to draft-dkg-*-03</name> | ||||
| <ul spacing="normal"> | ||||
| <li>Alice and Bob now each have two distinct certificates: one for | ||||
| signing, one for encryption, and public keys to match.</li> | ||||
| </ul> | ||||
| </section> | ||||
| <section anchor="substantive-changes-from-draft-dkg-01-to-draft-dkg-02" | ||||
| numbered="true" toc="default"> | ||||
| <name>Substantive Changes from draft-dkg-*-01 to draft-dkg-*-02</name> | ||||
| <ul spacing="normal"> | ||||
| <li>PKCS#12 objects are deliberately locked with simple passphrases< | ||||
| /li> | ||||
| </ul> | ||||
| </section> | ||||
| <section anchor="substantive-changes-from-draft-dkg-00-to-draft-dkg-01" | ||||
| numbered="true" toc="default"> | ||||
| <name>Substantive Changes from draft-dkg-*-00 to draft-dkg-*-01</name> | ||||
| <ul spacing="normal"> | ||||
| <li>changed all three keys to use RSA instead of RSA-PSS</li> | ||||
| <li>set keyEncipherment keyUsage flag instead of dataEncipherment in | ||||
| EE certs</li> | ||||
| </ul> | ||||
| </section> | ||||
| </section> | ||||
| </section> | ||||
| <section anchor="acknowledgements" numbered="true" toc="default"> | ||||
| <name>Acknowledgements</name> | ||||
| <t>This draft was inspired by similar work in the OpenPGP space by Bjarni | ||||
| Runar and juga at <xref target="I-D.bre-openpgp-samples" format="default"/>.</t> | ||||
| <t>Eric Rescorla helped spot issues with certificate formats.</t> | ||||
| <t>Sean Turner pointed to <xref target="RFC4134" format="default"/> as pri | ||||
| or work.</t> | ||||
| <t>Deb Cooley suggested that Alice and Bob should have separate certificat | ||||
| es for signing and encryption.</t> | ||||
| <t>Wolfgang Hommel helped to build reproducible encrypted PKCS#12 objects. | ||||
| </t> | ||||
| <t>Carsten Bormann got the XML <tt>sourcecode</tt> markup working for this | ||||
| draft.</t> | ||||
| <t>David A. Cooper identified problems with the certificates and suggested | ||||
| corrections.</t> | ||||
| <t>Lijun Liao helped get the terminology right.</t> | ||||
| <t>Stewart Brant and Roman Danyliw provided editorial suggestions.</t> | ||||
| </section> | </section> | |||
| </middle> | </middle> | |||
| <back> | <back> | |||
| <displayreference target="I-D.bre-openpgp-samples" to="OPENPGP-SAMPLES"/> | ||||
| <references> | <references> | |||
| <name>References</name> | <name>References</name> | |||
| <references> | <references> | |||
| <name>Normative References</name> | <name>Normative References</name> | |||
| <reference anchor="RFC2119" target="https://www.rfc-editor.org/info/rfc2 | ||||
| 119"> | <xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.5280. | |||
| <front> | xml"/> | |||
| <title>Key words for use in RFCs to Indicate Requirement Levels</tit | <xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.5958. | |||
| le> | xml"/> | |||
| <author fullname="S. Bradner" initials="S." surname="Bradner"> | <xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.7292. | |||
| <organization/> | xml"/> | |||
| </author> | <xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.7468. | |||
| <date month="March" year="1997"/> | xml"/> | |||
| <abstract> | <xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.8032. | |||
| <t>In many standards track documents several words are used to sig | xml"/> | |||
| nify the requirements in the specification. These words are often capitalized. | ||||
| This document defines these words as they should be interpreted in IETF document | <xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.8479. | |||
| s. This document specifies an Internet Best Current Practices for the Internet | xml"/> | |||
| Community, and requests discussion and suggestions for improvements.</t> | <xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.8551. | |||
| </abstract> | xml"/> | |||
| </front> | ||||
| <seriesInfo name="BCP" value="14"/> | ||||
| <seriesInfo name="RFC" value="2119"/> | ||||
| <seriesInfo name="DOI" value="10.17487/RFC2119"/> | ||||
| </reference> | ||||
| <reference anchor="RFC5280" target="https://www.rfc-editor.org/info/rfc5 | ||||
| 280"> | ||||
| <front> | ||||
| <title>Internet X.509 Public Key Infrastructure Certificate and Cert | ||||
| ificate Revocation List (CRL) Profile</title> | ||||
| <author fullname="D. Cooper" initials="D." surname="Cooper"> | ||||
| <organization/> | ||||
| </author> | ||||
| <author fullname="S. Santesson" initials="S." surname="Santesson"> | ||||
| <organization/> | ||||
| </author> | ||||
| <author fullname="S. Farrell" initials="S." surname="Farrell"> | ||||
| <organization/> | ||||
| </author> | ||||
| <author fullname="S. Boeyen" initials="S." surname="Boeyen"> | ||||
| <organization/> | ||||
| </author> | ||||
| <author fullname="R. Housley" initials="R." surname="Housley"> | ||||
| <organization/> | ||||
| </author> | ||||
| <author fullname="W. Polk" initials="W." surname="Polk"> | ||||
| <organization/> | ||||
| </author> | ||||
| <date month="May" year="2008"/> | ||||
| <abstract> | ||||
| <t>This memo profiles the X.509 v3 certificate and X.509 v2 certif | ||||
| icate revocation list (CRL) for use in the Internet. An overview of this approa | ||||
| ch and model is provided as an introduction. The X.509 v3 certificate format is | ||||
| described in detail, with additional information regarding the format and seman | ||||
| tics of Internet name forms. Standard certificate extensions are described and | ||||
| two Internet-specific extensions are defined. A set of required certificate ext | ||||
| ensions is specified. The X.509 v2 CRL format is described in detail along with | ||||
| standard and Internet-specific extensions. An algorithm for X.509 certificatio | ||||
| n path validation is described. An ASN.1 module and examples are provided in th | ||||
| e appendices. [STANDARDS-TRACK]</t> | ||||
| </abstract> | ||||
| </front> | ||||
| <seriesInfo name="RFC" value="5280"/> | ||||
| <seriesInfo name="DOI" value="10.17487/RFC5280"/> | ||||
| </reference> | ||||
| <reference anchor="RFC5958" target="https://www.rfc-editor.org/info/rfc5 | ||||
| 958"> | ||||
| <front> | ||||
| <title>Asymmetric Key Packages</title> | ||||
| <author fullname="S. Turner" initials="S." surname="Turner"> | ||||
| <organization/> | ||||
| </author> | ||||
| <date month="August" year="2010"/> | ||||
| <abstract> | ||||
| <t>This document defines the syntax for private-key information an | ||||
| d a content type for it. Private-key information includes a private key for a s | ||||
| pecified public-key algorithm and a set of attributes. The Cryptographic Messag | ||||
| e Syntax (CMS), as defined in RFC 5652, can be used to digitally sign, digest, a | ||||
| uthenticate, or encrypt the asymmetric key format content type. This document o | ||||
| bsoletes RFC 5208. [STANDARDS-TRACK]</t> | ||||
| </abstract> | ||||
| </front> | ||||
| <seriesInfo name="RFC" value="5958"/> | ||||
| <seriesInfo name="DOI" value="10.17487/RFC5958"/> | ||||
| </reference> | ||||
| <reference anchor="RFC7292" target="https://www.rfc-editor.org/info/rfc7 | ||||
| 292"> | ||||
| <front> | ||||
| <title>PKCS #12: Personal Information Exchange Syntax v1.1</title> | ||||
| <author fullname="K. Moriarty" initials="K." role="editor" surname=" | ||||
| Moriarty"> | ||||
| <organization/> | ||||
| </author> | ||||
| <author fullname="M. Nystrom" initials="M." surname="Nystrom"> | ||||
| <organization/> | ||||
| </author> | ||||
| <author fullname="S. Parkinson" initials="S." surname="Parkinson"> | ||||
| <organization/> | ||||
| </author> | ||||
| <author fullname="A. Rusch" initials="A." surname="Rusch"> | ||||
| <organization/> | ||||
| </author> | ||||
| <author fullname="M. Scott" initials="M." surname="Scott"> | ||||
| <organization/> | ||||
| </author> | ||||
| <date month="July" year="2014"/> | ||||
| <abstract> | ||||
| <t>PKCS #12 v1.1 describes a transfer syntax for personal identity | ||||
| information, including private keys, certificates, miscellaneous secrets, and e | ||||
| xtensions. Machines, applications, browsers, Internet kiosks, and so on, that s | ||||
| upport this standard will allow a user to import, export, and exercise a single | ||||
| set of personal identity information. This standard supports direct transfer of | ||||
| personal information under several privacy and integrity modes.</t> | ||||
| <t>This document represents a republication of PKCS #12 v1.1 from | ||||
| RSA Laboratories' Public Key Cryptography Standard (PKCS) series. By publishing | ||||
| this RFC, change control is transferred to the IETF.</t> | ||||
| </abstract> | ||||
| </front> | ||||
| <seriesInfo name="RFC" value="7292"/> | ||||
| <seriesInfo name="DOI" value="10.17487/RFC7292"/> | ||||
| </reference> | ||||
| <reference anchor="RFC7468" target="https://www.rfc-editor.org/info/rfc7 | ||||
| 468"> | ||||
| <front> | ||||
| <title>Textual Encodings of PKIX, PKCS, and CMS Structures</title> | ||||
| <author fullname="S. Josefsson" initials="S." surname="Josefsson"> | ||||
| <organization/> | ||||
| </author> | ||||
| <author fullname="S. Leonard" initials="S." surname="Leonard"> | ||||
| <organization/> | ||||
| </author> | ||||
| <date month="April" year="2015"/> | ||||
| <abstract> | ||||
| <t>This document describes and discusses the textual encodings of | ||||
| the Public-Key Infrastructure X.509 (PKIX), Public-Key Cryptography Standards (P | ||||
| KCS), and Cryptographic Message Syntax (CMS). The textual encodings are well-kn | ||||
| own, are implemented by several applications and libraries, and are widely deplo | ||||
| yed. This document articulates the de facto rules by which existing implementat | ||||
| ions operate and defines them so that future implementations can interoperate.</ | ||||
| t> | ||||
| </abstract> | ||||
| </front> | ||||
| <seriesInfo name="RFC" value="7468"/> | ||||
| <seriesInfo name="DOI" value="10.17487/RFC7468"/> | ||||
| </reference> | ||||
| <reference anchor="RFC8032" target="https://www.rfc-editor.org/info/rfc8 | ||||
| 032"> | ||||
| <front> | ||||
| <title>Edwards-Curve Digital Signature Algorithm (EdDSA)</title> | ||||
| <author fullname="S. Josefsson" initials="S." surname="Josefsson"> | ||||
| <organization/> | ||||
| </author> | ||||
| <author fullname="I. Liusvaara" initials="I." surname="Liusvaara"> | ||||
| <organization/> | ||||
| </author> | ||||
| <date month="January" year="2017"/> | ||||
| <abstract> | ||||
| <t>This document describes elliptic curve signature scheme Edwards | ||||
| -curve Digital Signature Algorithm (EdDSA). The algorithm is instantiated with | ||||
| recommended parameters for the edwards25519 and edwards448 curves. An example i | ||||
| mplementation and test vectors are provided.</t> | ||||
| </abstract> | ||||
| </front> | ||||
| <seriesInfo name="RFC" value="8032"/> | ||||
| <seriesInfo name="DOI" value="10.17487/RFC8032"/> | ||||
| </reference> | ||||
| <reference anchor="RFC8174" target="https://www.rfc-editor.org/info/rfc8 | ||||
| 174"> | ||||
| <front> | ||||
| <title>Ambiguity of Uppercase vs Lowercase in RFC 2119 Key Words</ti | ||||
| tle> | ||||
| <author fullname="B. Leiba" initials="B." surname="Leiba"> | ||||
| <organization/> | ||||
| </author> | ||||
| <date month="May" year="2017"/> | ||||
| <abstract> | ||||
| <t>RFC 2119 specifies common key words that may be used in protoco | ||||
| l specifications. This document aims to reduce the ambiguity by clarifying tha | ||||
| t only UPPERCASE usage of the key words have the defined special meanings.</t> | ||||
| </abstract> | ||||
| </front> | ||||
| <seriesInfo name="BCP" value="14"/> | ||||
| <seriesInfo name="RFC" value="8174"/> | ||||
| <seriesInfo name="DOI" value="10.17487/RFC8174"/> | ||||
| </reference> | ||||
| <reference anchor="RFC8479" target="https://www.rfc-editor.org/info/rfc8 | ||||
| 479"> | ||||
| <front> | ||||
| <title>Storing Validation Parameters in PKCS#8</title> | ||||
| <author fullname="N. Mavrogiannopoulos" initials="N." surname="Mavro | ||||
| giannopoulos"> | ||||
| <organization/> | ||||
| </author> | ||||
| <date month="September" year="2018"/> | ||||
| <abstract> | ||||
| <t>This memo describes a method of storing parameters needed for p | ||||
| rivate-key validation in the Private-Key Information Syntax Specification as def | ||||
| ined in PKCS#8 format (RFC 5208). It is equally applicable to the alternative i | ||||
| mplementation of the Private-Key Information Syntax Specification as defined in | ||||
| RFC 5958.</t> | ||||
| <t>The approach described in this document encodes the parameters | ||||
| under a private enterprise extension and does not form part of a formal standard | ||||
| .</t> | ||||
| </abstract> | ||||
| </front> | ||||
| <seriesInfo name="RFC" value="8479"/> | ||||
| <seriesInfo name="DOI" value="10.17487/RFC8479"/> | ||||
| </reference> | ||||
| <reference anchor="RFC8551" target="https://www.rfc-editor.org/info/rfc8 | ||||
| 551"> | ||||
| <front> | ||||
| <title>Secure/Multipurpose Internet Mail Extensions (S/MIME) Version | ||||
| 4.0 Message Specification</title> | ||||
| <author fullname="J. Schaad" initials="J." surname="Schaad"> | ||||
| <organization/> | ||||
| </author> | ||||
| <author fullname="B. Ramsdell" initials="B." surname="Ramsdell"> | ||||
| <organization/> | ||||
| </author> | ||||
| <author fullname="S. Turner" initials="S." surname="Turner"> | ||||
| <organization/> | ||||
| </author> | ||||
| <date month="April" year="2019"/> | ||||
| <abstract> | ||||
| <t>This document defines Secure/Multipurpose Internet Mail Extensi | ||||
| ons (S/MIME) version 4.0. S/MIME provides a consistent way to send and receive | ||||
| secure MIME data. Digital signatures provide authentication, message integrity, | ||||
| and non-repudiation with proof of origin. Encryption provides data confidential | ||||
| ity. Compression can be used to reduce data size. This document obsoletes RFC | ||||
| 5751.</t> | ||||
| </abstract> | ||||
| </front> | ||||
| <seriesInfo name="RFC" value="8551"/> | ||||
| <seriesInfo name="DOI" value="10.17487/RFC8551"/> | ||||
| </reference> | ||||
| </references> | </references> | |||
| <references> | <references> | |||
| <name>Informative References</name> | <name>Informative References</name> | |||
| <reference anchor="FIPS186-4"> | ||||
| <reference anchor="FIPS186-4" target="https://doi.org/10.6028/NIST.FIPS. | ||||
| 186-4"> | ||||
| <front> | <front> | |||
| <title>Digital Signature Standard (DSS)</title> | <title>Digital Signature Standard (DSS)</title> | |||
| <author> | <author> | |||
| <organization/> | <organization>National Institute of Standards and Technology (NIST | |||
| ) | ||||
| </organization> | ||||
| </author> | </author> | |||
| <date month="July" year="2013"/> | <date month="July" year="2013"/> | |||
| </front> | </front> | |||
| <seriesInfo name="National Institute of Standards and Technology" valu | <seriesInfo name="FIPS PUB" value="186-4"/> | |||
| e="report"/> | <seriesInfo name="DOI" value="10.6028/NIST.FIPS.186-4"/> | |||
| <seriesInfo name="DOI" value="10.6028/nist.fips.186-4"/> | ||||
| </reference> | </reference> | |||
| <reference anchor="I-D.bre-openpgp-samples" target="https://www.ietf.org | ||||
| /archive/id/draft-bre-openpgp-samples-01.txt"> | ||||
| <front> | ||||
| <title>OpenPGP Example Keys and Certificates</title> | ||||
| <author fullname="Bjarni Rúnar Einarsson"> | ||||
| <organization>Mailpile ehf</organization> | ||||
| </author> | ||||
| <author fullname="juga"> | ||||
| <organization>Independent</organization> | ||||
| </author> | ||||
| <author fullname="Daniel Kahn Gillmor"> | ||||
| <organization>American Civil Liberties Union</organization> | ||||
| </author> | ||||
| <date day="20" month="December" year="2019"/> | ||||
| <abstract> | ||||
| <t> The OpenPGP development community benefits from sharing samp | ||||
| les of | ||||
| signed or encrypted data. This document facilitates such | ||||
| collaboration by defining a small set of OpenPGP certificates and | ||||
| keys for use when generating such samples. | ||||
| </t> | <xi:include href="https://datatracker.ietf.org/doc/bibxml3/reference.I-D.bre-ope | |||
| </abstract> | npgp-samples.xml"/> | |||
| </front> | <xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.4134. | |||
| <seriesInfo name="Internet-Draft" value="draft-bre-openpgp-samples-01" | xml"/> | |||
| /> | <xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.5322. | |||
| </reference> | xml"/> | |||
| <reference anchor="RFC4134" target="https://www.rfc-editor.org/info/rfc4 | <xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.7469. | |||
| 134"> | xml"/> | |||
| <front> | <xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.8410. | |||
| <title>Examples of S/MIME Messages</title> | xml"/> | |||
| <author fullname="P. Hoffman" initials="P." role="editor" surname="H | <xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.8418. | |||
| offman"> | xml"/> | |||
| <organization/> | ||||
| </author> | <reference anchor="SHA" target="https://doi.org/10.6028/NIST.FIPS.180-4" | |||
| <date month="July" year="2005"/> | > | |||
| <abstract> | ||||
| <t>This document gives examples of message bodies formatted using | ||||
| S/MIME. Specifically, it has examples of Cryptographic Message Syntax (CMS) obje | ||||
| cts and S/MIME messages (including the MIME formatting). It includes examples o | ||||
| f many common CMS formats. The purpose of this document is to help increase int | ||||
| eroperability for S/MIME and other protocols that rely on CMS. This memo provid | ||||
| es information for the Internet community.</t> | ||||
| </abstract> | ||||
| </front> | ||||
| <seriesInfo name="RFC" value="4134"/> | ||||
| <seriesInfo name="DOI" value="10.17487/RFC4134"/> | ||||
| </reference> | ||||
| <reference anchor="RFC5322" target="https://www.rfc-editor.org/info/rfc5 | ||||
| 322"> | ||||
| <front> | ||||
| <title>Internet Message Format</title> | ||||
| <author fullname="P. Resnick" initials="P." role="editor" surname="R | ||||
| esnick"> | ||||
| <organization/> | ||||
| </author> | ||||
| <date month="October" year="2008"/> | ||||
| <abstract> | ||||
| <t>This document specifies the Internet Message Format (IMF), a sy | ||||
| ntax for text messages that are sent between computer users, within the framewor | ||||
| k of "electronic mail" messages. This specification is a revision of Request Fo | ||||
| r Comments (RFC) 2822, which itself superseded Request For Comments (RFC) 822, " | ||||
| Standard for the Format of ARPA Internet Text Messages", updating it to reflect | ||||
| current practice and incorporating incremental changes that were specified in ot | ||||
| her RFCs. [STANDARDS-TRACK]</t> | ||||
| </abstract> | ||||
| </front> | ||||
| <seriesInfo name="RFC" value="5322"/> | ||||
| <seriesInfo name="DOI" value="10.17487/RFC5322"/> | ||||
| </reference> | ||||
| <reference anchor="RFC7469" target="https://www.rfc-editor.org/info/rfc7 | ||||
| 469"> | ||||
| <front> | ||||
| <title>Public Key Pinning Extension for HTTP</title> | ||||
| <author fullname="C. Evans" initials="C." surname="Evans"> | ||||
| <organization/> | ||||
| </author> | ||||
| <author fullname="C. Palmer" initials="C." surname="Palmer"> | ||||
| <organization/> | ||||
| </author> | ||||
| <author fullname="R. Sleevi" initials="R." surname="Sleevi"> | ||||
| <organization/> | ||||
| </author> | ||||
| <date month="April" year="2015"/> | ||||
| <abstract> | ||||
| <t>This document defines a new HTTP header that allows web host op | ||||
| erators to instruct user agents to remember ("pin") the hosts' cryptographic ide | ||||
| ntities over a period of time. During that time, user agents (UAs) will require | ||||
| that the host presents a certificate chain including at least one Subject Publi | ||||
| c Key Info structure whose fingerprint matches one of the pinned fingerprints fo | ||||
| r that host. By effectively reducing the number of trusted authorities who can | ||||
| authenticate the domain during the lifetime of the pin, pinning may reduce the i | ||||
| ncidence of man-in-the-middle attacks due to compromised Certification Authoriti | ||||
| es.</t> | ||||
| </abstract> | ||||
| </front> | ||||
| <seriesInfo name="RFC" value="7469"/> | ||||
| <seriesInfo name="DOI" value="10.17487/RFC7469"/> | ||||
| </reference> | ||||
| <reference anchor="RFC8410" target="https://www.rfc-editor.org/info/rfc8 | ||||
| 410"> | ||||
| <front> | ||||
| <title>Algorithm Identifiers for Ed25519, Ed448, X25519, and X448 fo | ||||
| r Use in the Internet X.509 Public Key Infrastructure</title> | ||||
| <author fullname="S. Josefsson" initials="S." surname="Josefsson"> | ||||
| <organization/> | ||||
| </author> | ||||
| <author fullname="J. Schaad" initials="J." surname="Schaad"> | ||||
| <organization/> | ||||
| </author> | ||||
| <date month="August" year="2018"/> | ||||
| <abstract> | ||||
| <t>This document specifies algorithm identifiers and ASN.1 encodin | ||||
| g formats for elliptic curve constructs using the curve25519 and curve448 curves | ||||
| . The signature algorithms covered are Ed25519 and Ed448. The key agreement al | ||||
| gorithms covered are X25519 and X448. The encoding for public key, private key, | ||||
| and Edwards-curve Digital Signature Algorithm (EdDSA) structures is provided.</t | ||||
| > | ||||
| </abstract> | ||||
| </front> | ||||
| <seriesInfo name="RFC" value="8410"/> | ||||
| <seriesInfo name="DOI" value="10.17487/RFC8410"/> | ||||
| </reference> | ||||
| <reference anchor="RFC8418" target="https://www.rfc-editor.org/info/rfc8 | ||||
| 418"> | ||||
| <front> | ||||
| <title>Use of the Elliptic Curve Diffie-Hellman Key Agreement Algori | ||||
| thm with X25519 and X448 in the Cryptographic Message Syntax (CMS)</title> | ||||
| <author fullname="R. Housley" initials="R." surname="Housley"> | ||||
| <organization/> | ||||
| </author> | ||||
| <date month="August" year="2018"/> | ||||
| <abstract> | ||||
| <t>This document describes the conventions for using the Elliptic | ||||
| Curve Diffie-Hellman (ECDH) key agreement algorithm with curve25519 and curve448 | ||||
| in the Cryptographic Message Syntax (CMS).</t> | ||||
| </abstract> | ||||
| </front> | ||||
| <seriesInfo name="RFC" value="8418"/> | ||||
| <seriesInfo name="DOI" value="10.17487/RFC8418"/> | ||||
| </reference> | ||||
| <reference anchor="SHA256"> | ||||
| <front> | <front> | |||
| <title>Secure Hash Standard</title> | <title>Secure Hash Standard (SHS)</title> | |||
| <author fullname="Quynh H. Dang" initials="Q." surname="Dang"> | <author> | |||
| <organization/> | <organization>National Institute of Standards and Technology (NIST | |||
| )</organization> | ||||
| </author> | </author> | |||
| <date month="July" year="2015"/> | <date month="August" year="2015"/> | |||
| </front> | </front> | |||
| <seriesInfo name="National Institute of Standards and Technology" valu | <seriesInfo name="FIPS PUB" value="180-4"/> | |||
| e="report"/> | <seriesInfo name="DOI" value="10.6028/NIST.FIPS.180-4"/> | |||
| <seriesInfo name="DOI" value="10.6028/nist.fips.180-4"/> | ||||
| </reference> | </reference> | |||
| <reference anchor="TEST-POLICY" target="https://csrc.nist.gov/CSRC/media /Projects/Computer-Security-Objects-Register/documents/test_policy.pdf"> | <reference anchor="TEST-POLICY" target="https://csrc.nist.gov/CSRC/media /Projects/Computer-Security-Objects-Register/documents/test_policy.pdf"> | |||
| <front> | <front> | |||
| <title>Test Certificate Policy to Support PKI Pilots and Testing</ti tle> | <title>Test Certificate Policy to Support PKI Pilots and Testing</ti tle> | |||
| <author> | <author> | |||
| <organization>NIST - Computer Security Divisiion (CSD)</organizati on> | <organization>National Institute of Standards and Technology (NIST )</organization> | |||
| </author> | </author> | |||
| <date year="2012" month="May"/> | <date year="2012" month="May"/> | |||
| </front> | </front> | |||
| <refcontent>Computer Security Resource Center</refcontent> | ||||
| </reference> | </reference> | |||
| </references> | </references> | |||
| </references> | </references> | |||
| </back> | ||||
| <!-- ##markdown-source: | ||||
| H4sIADgD+2EAA9S8W6+jWrYm+M6vsHY+VKa8Iww2xrClkoo7GAM2F4N5qeQO | ||||
| NveLMaTyqFUP/dQPp1vnqEutbvVj/4/+KeeX9MReK2JF7MjMnVWp6qqt2BFe | ||||
| E5hzzHH5xjfGxOvTp09Ql3ZZ+MtCX8mizC7Yh5tXWbiQwrFduEWwoMOmS6PU | ||||
| d7uwhYLSL9wc3B00btR9SsMu+pSBB9pP7fOx9hOMQ/OtcdmMvyzSIiohKK2a | ||||
| XxZd07fdGoYJeA25TejOFztoKJtb3JR99cviOQ10C0cwFvyyEIsubIqw+8TM | ||||
| K0FQ2wFh/qOblQVYfQSiQG7fJWXzC7T4BC3Af2nR/rJgPi+kzws+zbK8bJ7D | ||||
| L3EZt0jDbCG5SfHN1bKJf1mQediA/RULOr2n2eKQevOWw3ZhFmlZPO9ruyYM | ||||
| u18WyHq7oJrSDRZ69/l5xU87sFElHBYXsJefF8rlNVwGYFkEhmH07ee+6GaV | ||||
| mDr5HHA9rwnvYHH6YD4HwtxNM6DYW/wfojTqErC3FowVn4ESnjc05WymMEg7 | ||||
| IPys2SZ3u/QeAg1w4lFHcOwTCnaqip8R+DMGr/GVIurG5/na5+dFaCF+Yj6D | ||||
| ZT+VVVhUcfVuNDCDxtEoskFfn7ab9fr1aYdixOsTjiLwl084+KQL5HqL/eUF | ||||
| 4XlBg9WNT0f1INIX8Miic5t4VmPSdVX7y2rlt43/uUjb7nNc3le0rtGrHGzQ | ||||
| XR2b8hr6Xbuiy7zqgSd80kO/b4CuP6ne88onLYzBg2GzAj7Z52EBbgYe2v3H | ||||
| qsxSf/xcBdG84Mu3fzLAlY+evDg+71p05ULvq6psusVREhfHNCu7l9vPT6RF | ||||
| /BOY5IujvfnLvMvFp8W7aIt30RYM8J82BT6z+D2tM38ADwRgrV8WaxhZf4K3 | ||||
| UPHBZECRawR5U+52jb8pd0ts8TfVr4mvRngbw+HN2xiO7NB3c+zeTbTdIr9A | ||||
| nz59As4FHNb1QdgYSfge2UF4D7OymlUF3DHP+2KW2QuLMErBpqOmzBdt4jZg | ||||
| 14s3x1iU0aJN4yIMwM4XYeE3Y9WBH8C23M8LI0nbxbv2F5Hrp1nazTCxaHs/ | ||||
| AWtkmeuVDdgx0Ig3AgGitJhndxdt7mbZog27eQX78xYm7puF/wFpnja4zRgE | ||||
| /HzRt+FiSMJiEQNp5wlnEec13uT8DD23nadBkIUQ9LsZPZoy6P156W+U8Ps/ | ||||
| /elNU3/+8x9+rJKfAZQsKhfI4veZ2yw68HT4aY7Ov3T/b9Uh2NPq13qE1KgD | ||||
| W3su8wBGm7e9AH4CQMnN5q2D+0owT1F28/DscV7ou7NO5meqBkTzC6+8cF53 | ||||
| jgLwzDzogp0AF09nQWahX6bwy6YBIVSEbfvzvA1wEQgAfpqNnM64O8/oerM5 | ||||
| x1n8eZnyDoZmm41g9vwzJJQDUEbz82JIQXT03cL1/XkKsNx8exNm4d0FampD | ||||
| vwm/3dPPswO8sgxwILAPoKXZhN/609NbZkf4Dc7ysuocRbNVZ9f5uuxf9iAw | ||||
| /Nzo64fie48ii9keTzE1nfyw4KzDFybM+klnd6+qLA2Dn19L/+iZeSPN01j3 | ||||
| NADWmWXqhnLxExCgLQu3/ennBQkgKXxOQZXeLEAAsB4sBnY/zlMv2GANHJd4 | ||||
| d2IABvN2f5tgIHHGT1u9y/c+2TcyvosF8mP4jWy022TlKypBLnV/Za0IfGhn | ||||
| J3WbphyycdZn1Bf+S37gJWGWfZpTFtg7UEDRzRK+xfgXx/gMid0sNjB5N8cf | ||||
| kLgqgUMCj3KB8YFfNV9WbBdzxn4GQfkel+9b+xFk5cDH3DgEHj/Hx+IOAgAk | ||||
| 2J+fTvCceF4QYFj3UgIIGWCqWdjv4gHs/He/W2hh3adN+BLk4BZxD+Z+Ac28 | ||||
| oZnCtIufZFM3gO6e/y4U9flZY0+mqLHM/Bmk0MPhy4f3O3RBNQ/M109fn6RV | ||||
| WWYV5vUwGF18NySTl59ePviTejREVSEPP81g1n1jqtkPgc688LW3CsTJjE3g | ||||
| jrD1G0B+5k0vKPq4QNDF09PmRPXnP78+z4kHfJ5j6bVUWQBrv34EegRGrarQ | ||||
| nXFkMUet71YgJ2RA0WCBNimHYgGUHb60aIRNnhZlVsYjAPDFT/Q3nky+e/JP | ||||
| i98Di/xEkz/94eUdMziP89SuB6wNQCFt2372lic4fOPR87RsEXxinx7308fn | ||||
| n06Vth/n6dsfz7L4/bxTsL20eaFnW5VF8AT5X8PbHxbzovKcL8wWOBYJIKd7 | ||||
| 24Nsft1EU8aNm7/EeEOl8AnBCVhsThwvUANcDOj7LQG9e/FLf8cmBbdbgHdC | ||||
| 0PPmmcKBm/2ymKEfKLzMw/eg+LifpzXmkJz/fZ9zVsAdpK6yb9+z5YtjgtWM | ||||
| ZwBmAdjOTNmBiAC4ixnyqw4ob5yvAXvHs72SfOEnJYCy9rW33B1nT3vm4xDQ | ||||
| hDTrgQJfaNy9WBbAGzB18ZZc2rk2mEkT8fNrB11ZZi0AY4BlgG5ns6qBDAi8 | ||||
| Rj95afdE2tk+XwYYXX9t0L29AxVwSQCEzYcoyNrya159T6ZFOQCQDMJs/PTa | ||||
| HAiGIyvPOFI+7f37NgxfhplZ2Qy/T8icE+SLl76CAii/C0GVEOYgnNpF0xfF | ||||
| 08eOYZM9a4M5AsPHk6TNT+cv6jDP8y4hkFx8EzMt/KwH0fmej56m+mK2ZxA+ | ||||
| IQyQPkB53rSbgmQ2h3oMiq2ZM8wBmXvPhDLb5XtUmLGgCNoXMnx+86eZ9AN/ | ||||
| +rK++zUl2r/KHl8D6jUGVPfMN2+JBtAkwBKAdV4A8bYSCKAs+jTH73v6TJ9z | ||||
| zEYJ0pmmAHMD60R99kSyN38Bgrxc9NN79ILImoNiQbn+s6IsgmeIfOT8ZvsO | ||||
| 0sDaPwryb1kE0B3Y8yuVfKEQ84beggMEcBc+E1z7Ha2c734L2N9/COI/zCb9 | ||||
| SC3fEBPAYg/CByijb597eaXpL5zxh1kM+Pc80ZOezQkNAOA7bf4VhYsAzoRz | ||||
| 3D5pDYh6YOlPH3Lw84Fn4QW0RP+Atszx9m7OX1VRM/N8eu+f/vSh3Hu6TfDE | ||||
| 8pmTzq7xSg9N+OZr4VvueNftB/OGxT1tyuKZXj9D7Fdp/6pkr8pvsf6MYJ9x | ||||
| FP6MgLoU+bz5DAY+o/hn5Ed7/Yuz/MVp1p9/5Vjso0pfZc6LAnwj5VvwBF8T | ||||
| 8dzQmNEsfaoCAN12/fmFUl89oe2jaFZtMft/9MqnMzpE/RzfH/Q5pMCeT9d5 | ||||
| xsisTHcRhQPwXd8N5kzxlal/RNwXpr7PChZ4m3lOU88bq8wd03fO6Gelf1u0 | ||||
| NzBv64fFnCXaP4DiYVbeV6E79xY+Cw6QgNp0Thbdt9oA+SVLg9mQA3COcgCq | ||||
| ZPrwVTOA7WdhEXfJ+NLNiwS87nsGSvudYp87n3ECrPw1pr7CxTzrHBlzMIJ1 | ||||
| +xdEvbEe139VpWE3hEDmjzJ+WH12mLcw/xB8v3YALbyX/psDUF9rM/D3rCAw | ||||
| 4WuCF+I9K7o3Z38P21nGN2x/oeAwJ4Ln7l5Pz9N94W0gbEBptCiA8HMyBiTj | ||||
| /ky3L2u2zyWAbdp5sh9N9L0mwazVW3p2ixHUbu+7+UqKZ+CYWQvILX3W/Qwm | ||||
| LML30vBH7r4I0xerLhYqrR/fsQDs85lB/5gGn9zgU+m31R9f1HMu9oJ3f/xC | ||||
| /UAh/9bnmgnhq8J8ITdIniFwMjAMnvl//x8UxCUI0Fmkb1D8GQ60dvhegHmV | ||||
| eZhJQdJMQWaaZzrOxcavF/hWvtdaABQ23y/28guzfQHeE0nB/c/Wk/40M0CH | ||||
| cvHVN8K/gGtzpl5Uaeg/NdyWUTfMbvT76KuX/Py66asLPTda/Br6geqa9AFC | ||||
| NS/Bra+gfwVO+HLIF815N9csNvuh6AVbABnsxSA/Na0L0u2bVj/e+V5KfnN3 | ||||
| +Bp8e8KdnScLY8A/Zp68aErgkV9qVaA5pXxnEF8o36xHL0zcO9BJkEYRCIAX | ||||
| HILlv1HYE1XcOcK8cfETgKq5Yv40czDwAYw+FwNY/9OL+MzPg6rnww0/vYjn | ||||
| p2yuI3/6cj+wKPdR5/kcHXPfZ/a6b3oqT0YmHKXjW8Kf+6ZPRc0Jzn0V4S92 | ||||
| 984oPrKHJ94GoZt9wVv3G0R60aN5c+5vEvwdQmYGkz4pRfB3rfGXVfjT56cP | ||||
| v/zuo51agC3PqZ69ivTF+r0Zo+aYdZtnq/VtuleD6DXhyzF+vI1f4yydzGXN | ||||
| k0U9/RlQ2+wTwECQfr7C5w+Y3YvLVVk5vmd5sPl5rieRLl8JFfxQ/IAXfv4B | ||||
| Z2uenaturF4bnl27LOJPWXr/qqqXM4Nob9p/9zWIb6DCAPJ4c8esr57o9dTJ | ||||
| 04tedns2An8IDfOiH+xUfE9mfn6j/ekrFfSgovp6+welf37RlHcq/1dw6Nsa | ||||
| Ye64vCewpxbfQR6Q1edMIB8BJRS3b4R+Kfr3X9jfF1r/tU54ifer4vpN3D/8 | ||||
| /GpMzoCXNGH4tsQ8LdjJNxH6bKH9u/adMT+7nR9EAcHpznd8erv+ab745z// | ||||
| vPjjc/jz2/Bnv+n++If37X6DLiAAwydOuh/qk+fZVvsD8ASSPPcwLzMv/kLQ | ||||
| r6v67mcw9FruFwgUXb/MGXdO6p/mc6t//9NL2ncJPs36Tcqq/enP0D/90z9B | ||||
| //av//Jv//rPv+HP/75Y/Nu//C//9i//03/pn38Ga/2vi6/iLv7tX//v+cL/ | ||||
| /L/927/8p8WvlAdW+0/gif/jt0n3f83S/ct/hXT/+akNiHxVj7PZnmXzX7Pd | ||||
| E5j/mgG/5rTvjfg1sX1jyOfgy5Q/L+6p+6v49JuybT+9wf9blfXRKZ6Xf+0a | ||||
| YPSLg/xN/3iGx3+Jh/wj/OSf/2Fe9kWX3/rZ9zoBy/2f/zAv/Ef44n/+B3ky | ||||
| NS7KPO26dyb5I9dpn2n2a/FVgVvSuXvwXveAtNo1btE+veOnb3FwbuT8OMW8 | ||||
| N3Hejw6+nO/M51vf+vPXp/4wo/OTD4DKL0rj/lU/vbcp3bZ9dsQhiHXnI5av | ||||
| PVPAZlogxK+qY/ChCb9efJKEIyt/evbh5p6cROu/w9/YN7HF//znt/7bPI+f | ||||
| hSBKAH9/9i8XvwdqmvuVBahy3iT5w6ucmQ98nvn8o0hvfbxnqprLppleP7sy | ||||
| M20EdXQaPcviD0w7C79M/IHWgUI5AQRx1sGXCnxe6ik6sn5rIq6J9RfZ50y7 | ||||
| mOnul3QK9tC72ZfZ25+/nvy98a5ZqG9Y3fu985nal7Xe55+P2wpQl7+dl8ya | ||||
| fRaEC8DK38q5dxO8TKd/0EuTxk/yZXzV15zlnkdsPzxkmKleEHbPJj8os964 | ||||
| Elj+SZNevfb5lOWlwWYW4f107lV1RXMbb577T3/68obDDI6e2z6bR082BRQd | ||||
| zj3W93ln6P3Tn15vJwDVvo5kX/qcS70ifrazv6SGeSnA7gCaAkHb925uG77m | ||||
| eyP3zzYHqB2/VqjvGp17t22YzSXKfMDxYsHhm9Bvp/N//vPnb7T2nlpmsvfW | ||||
| Rv1bSnxtDeQw4MjJ2xH6xz19fpt/VsTXo4qvW3hru33sRIUfD++aRfq10J49 | ||||
| rm8Anrw3I+YyMcvKAcQkSFPha8b3c+E3RTz1DCodEBPNEx7ePPSt4zh7yku8 | ||||
| J3ucxVmv0YU3o8rzaPL3zz5U2gDg+nLhbQlgy0/AmCBdx89+ztvCT3982/8f | ||||
| XoLO037EjXQ+bXq4AbBKPh8vQr/7lqD9+Lxp8afffVvxfkuX/9qTM848N1LO | ||||
| +nrhxBe9ggS++LRQni8k/VF/TXYg5aP+16b84+u88a+sqT1Z8gcI/9PvPvLM | ||||
| twOQ78qIpxWAXV+A9h3v/6Zm+A3b/vwDZvKVK76oyKsKfj25enx6gCrrXcT5 | ||||
| 3Y1PnyiWF5UFzWqGyIk0abDPUUgWRSacaJrM1ZgcRIqMRcOnCvjhrabADelT | ||||
| VlfY6Jgk75g0QypUfKuTW8oTA0yRJ5iDSIY6yyd4oIcLcz6dJHbQ9tpZ42WN | ||||
| HZjX2IEdEvlkIidzpGxtYh8yjfMkYrLkQy4hc811Pv/IRPZBGWcKiLc3TjrF | ||||
| OPYedi2nuqw58C/RiyyHBHxy9/MMDg0y5gb4oRrsA5Kv5KBcTVg2Epcn8VFm | ||||
| TPD/bVQmcq0Yp4fKlcPZYBWZbJ+r0onM6ubZ1K6sJpM4Dz0HH7JosJxicnJ8 | ||||
| hv2HbJB3KlbOFCkbEqcknk21jk69b0M3YTY+rc9jwGc55FpKAj7cvZSiAlsr | ||||
| vc2+CoTbEMdsKpMwT+s1r4vehjmxQGkmSaIixQzkfF0iS5GCyBO95vkjEOCs | ||||
| BCl8aNPTjiBheVrzy4O2zzx7fVdKXDdSjyzGE3GeuIbfC1cz0eyVmjeQetw0 | ||||
| DE2t9UtEHc9DANMBjU1EHe1v/vnB+EgiLc86cZcK/wCLR/OS3faD1cuV7SJi | ||||
| mE3QcqL78zK+nvGNeS+wwSg2hEznY97vCu44pYnfq4UnX1Q6kHPTSxEmxw2b | ||||
| OGJpx2mbJIVEodIl2buVdiYj+GZnuVz02O5ulFiKvXKV2PEo9hIx8CYZVpW/ | ||||
| PZHCPia2xyMrKEKWy9CYUBOd5fFtLCdND/Xm9qgJO9xLJoFmFu868OShN7eh | ||||
| +2YVpnJJ3zYX5YwfNm033n2Zh5DaZGjSlR4Y57DRLmEJTcEOG4+MZYok+evp | ||||
| CoxJPj0vYAeWWg0nTibBtQgfmPjCQGcNPpInYQVsxJAxy8sU/LyZiU8WRema | ||||
| LG5x6uHL1YrdS7y55nPfdwUPtoxXXEAfA4MkVZo8sSTN2Fa256+T5AaKfPS5 | ||||
| zBELh14K2U47ND7FaOvtVabtmBgPkDjwZ9ZXqnUkoMuLYGgGfxBwxD2SjByY | ||||
| vBBXkR/VwzVs3Xu3ylXYgHX4cN3D2jknNhELJaGumIKZxmeNKK7GeViz1LQL | ||||
| 19XyvunUVi764p5jR5GJhccDtrD8Osn2LuN3qLePyuUdCh7Lq7hy7W6Zpsm2 | ||||
| Sner9aUnQoM590t9ux7agsMJit2HZ7hZsjnPPMw7umOWW6k/VZJMQOYqbe1q | ||||
| oDFptcEMXEuSQD3ZTA3LHYEYDhrsDQPON35e4vA0+Y9Wkhm9cwRVnWiqo2qo | ||||
| F73BGraqu1uXK3GIifvSgq2bTtEW6wbRqpeWvpb6j+b07//9C9pYhfk1sD2J | ||||
| /t+A9jf6JYXjG4r/4HWDL2j+2/H62YubQX5RhMM32P9XkBys+UMkr8L8U5Rm | ||||
| 4UcUP2riGWx0IbGXLyjOLmf0/hVCs8ARdZqSYgA2+g14NTkDzvd4A/29gPM9 | ||||
| 3kB/L+B8jzfQ3ws43+MN9PcCzvd4A/29gPM93kDfAg5LA3gn2U3HJW2+Y6qY | ||||
| yZpyieg35Hb1hLbV0FalBA+dmmOF+Qh+VCEQL7HVU/4VYSZ1Gm+KMbmyyzzI | ||||
| 1EXv/eO8p5DcC5ubIkwGV48e7j02fqizKm1s3HKsoW2UcpUGHzDKRe5xjGvG | ||||
| XaFJkawExUWr8w22Gdyql8kuz0xSvfBeGm5NFV8d17V19dU5DYCqarzYe32V | ||||
| 9j3crVccnCasxfs2lZc+ziyXxS6X2m59vZECgw7ZUVmDjFkXuRtX1ATFpccp | ||||
| Oe2MTsXoy+PR6E4OYt8DntvqZeAvuWl5ray+QG71gxFY1BSdiSFXAulSsap5 | ||||
| IJeyjntu1ZZw2EdYq13dr6MjtZu4FbKXAu2GmnvVfOiwepKo+MTsh7I4brXh | ||||
| rsLtpaTTAZp6zr8YubJKxI22uadS/2gQghawZX7vRRPflqUocJiRlr0zJLcl | ||||
| tjzfdo1vB/p2izIGCq0179zYq226ktXpgfu4KA6lsxfd9jAt7w+cQwssGZMz | ||||
| tvVsZUeKVHmVk3XQ4d1xLTsrDTqzUXtDcyVXsVHqp5GMrvsppQv6JXLBCIR5 | ||||
| McXjrYaP+v2cSiduz9EUQe2PXJIFa6gS43JKh9XemeSNtREtE5Ysfjdv29g8 | ||||
| 8mIj2tgjtyz0biMrGMdHT/Uc63KEw8DDEF6GRIIpxW0aF8EhZoZRPayPXO8A | ||||
| PK9rHyYYdulXewstlLIPagOYq7km+UOheSnmrxmDT9BKvem+fx+HAYjMBLAW | ||||
| ulfNnFL2yjyu3Nr0JumBZ9O+tVFJbNdrXgyEWtfoe+aPOHxyoa2lbMyDko7U | ||||
| ZgsL9BEjBoaT7cuYb5t9eboe7wnGi31yke7oGY+i6HG73Le3x7a3Uts576Hd | ||||
| ff1Y5ngj19l4X1a30TqccUkaOyEPUmpilqVhPbhdg/bh4dq5jyKeHgWxqciS | ||||
| p0ip0qBGI45FU0pC7+nsKmhMxeEO98IZjswdy1TcIHZ4pyqHzW5dmQYhXTU8 | ||||
| VDYI48pVeVIrH6Lqe6UDUalDhxTM2J7Xt0aEtUEW1Ym0fJglaFyT73tsqQXm | ||||
| Fj4hlD5e7wfeldItSQo36GjccJ+/nFWEogU+s/FqY18iQFtPrvDo+jN9xsNL | ||||
| TN+fIotOmJ4TH74Ye/VqusG0hKG7DlZC3Cbe3tYX+kjz0W5apld523jybXdt | ||||
| LumDwSz5aqi380Fg2vNDpiqP3PHJYWdI4xbyw4oSEADQD1bM8KBWlmYZ7kOq | ||||
| KoRy5QPekNIasXLl/SQu69QsN6rMaEtTIAhFDAJJgdLdltfOBzK0YHGKO5hg | ||||
| ZTZliGvJtIN6ukjScKEokgcZRhRBRmpk+sbTFs3rJJeRw4mGyPjkVz6/SYSL | ||||
| ubMurjuYqaKdyu4QDcVlkssuN8gOSbFvsvmvEtwzm3+fogdQDb6/2fe3Gx4/ | ||||
| 7na8Pda9lfeLP7pbH/F2OLrDEDQMMAxxMQ/ertebLYKucQ/1dhFMBLgPqN86 | ||||
| IIgNvA4CbB0Sf3x/x2SeJX0rU39Yb3/onnxbcr9q7cUfX1/++fi9n2cd134C | ||||
| mwYb+vzGGOaV/vj5b5Ic+pvm5g/r2K+tcQgSo+draK/Xq/xsfkXm1c3/2MR/ | ||||
| b97/1pL5g+5/0N5/Hl19ed04SdvvD96+7aB+qarn4+Lw+f7WD07y/pE19ls/ | ||||
| /L+60qa3c6Vd5V8rbeNUFBHOmO2dDO43e5ebYX4p2x1DclQsN45NDtZb6Qr9 | ||||
| qHb9UemqGOT0XroePpSu0FvtyjmMiCgGuxVZJfMLrXLy7Hqxtcpbo/HJPsMu | ||||
| T4yurW1lmrQZQxxkQwSTiqDSnkxY4coLM4kDGBhUQ9zIzAVRGBa1rn+7DwD9 | ||||
| tUbAb+kDQL9uBACF6uLAnC57qXREMKoA0ktRJ5IB9AvUTeD6qZypGEUeLhfo | ||||
| Qsins4msD6d+3DN3mDlNx4uHdmx+7iIXX18fe3Xf0tGeQWzZai+3UNE5LsIx | ||||
| t0VXYQtSq+DsE5wlbGpz2sOH5riu8Fx72KwyWWyzPR/WeB0M91NMaKl1KigX | ||||
| HTOQfBLMPu5kaWtDGK3YU6Avo4ZSowgeJE9yd71vrlSJG1EsaB8xuodHR+sP | ||||
| puo9lAhe1RJ8FkJejMNMLKFHryehOdlT1DnleSUU/YlN4xRdy6Uh4inabEjn | ||||
| RGF5NmUk6efM5objJx8OrcsksYIsAaZMG9JV4fagaDP4BgnQW2Vs0vPFqQpD | ||||
| uada3UrYncDEMZaMIEbs4R6OG0ClB8+qTrIIUWUjlOebtupZA2E35T1oaXIA | ||||
| pYWr4LJQvuytwcarmDYHcq62J9KevVLQSRZiGVKVyYGn8/dUIVIyKT7L8N9S | ||||
| hUN/oQyPXivILM+QVkxpTVmdiT7RvS0Ns/ApvMGXw+2Q9zLUGV8ijDmdqOK0 | ||||
| hEPuuKIoacK9M3s4s8eBsDh7EPliFHZNkx9Oe53d8vs83/kXG+K4PcWP/kax | ||||
| puzxGKP9oU3g8ZLAaPAIZFzbJj7zN8vTLwfqb+3Kb74MCr2+sPLbe56v+w/l | ||||
| PcxcP/zjfIV94TgZBE3Ytr+8HcT/hzYHyfHzGyy+WqBfJAGJwn2+qnieUfYd | ||||
| KL++5P9dDnk7In0i8t/siH4543mf9u3LW+7rrercDcIZs5+y/AiRX2eQ8xN/ | ||||
| EY9/VC//sOs5zVjchF+wWIFZLgwRJIKlqswGjDgm9VTVFTL9D9v1VKe/s+vJ | ||||
| TeT5PXUwN651LWWW8B7k5/YCPgO9UeL1V90u9q3bhZPzDXQsPTtf3VHfY1yM | ||||
| ctetkhfE8dZcSvhq3CL6jhoRuYKqQF1Jh8rx9irJNnAr7sirq+4ohO9lk9uH | ||||
| utEDEqRE9MD4zO2CbY4nK1sy4qHd8Y/zYEN9k1wCJ3PPINjM+kz6t+M9DBjK | ||||
| X22aCWUAXnNRu2R3J5nr8mApwWi7JHGDVlRkzWhnCmIq74juOYZIWh+vGqar | ||||
| +JwD1WAA13hcF8mDstaaQ4aHetqrsjvSp25okXp3624Kpa0HyLG3In0NfQ65 | ||||
| 7LnERq9NIQzVKmUPfF27ih1sVhe44ncnLvSVHb7BxOMxiAxZT4/asgppqEn2 | ||||
| znDQQwCt9mEfbs7y3bufriUlV+wlc/eUKUo3FZlOyLEm4OKatfuDOogMeSKp | ||||
| EuXvwJX5dobSD11NWibJgXthcAzo+cBcSZmKqzi5xZRzAmndICmZQp/PQOzp | ||||
| ZMuURbHrl71PgtK5FpId8jN6sZDB482BfU2WgbkGOr6IT9p/MgVA8Qfo16Dt | ||||
| kd+B9o5ox/GgwTybjHaTZvWNAsSCd3J/IiPoW9D+233W79us0OxtPpqnSh2p | ||||
| tUtV4iZa0tWeSUCV5ayPhHA9saflHaOC446X9ghRuGK7oa57NcDQpiQhSSCr | ||||
| pb/G0fN9PNvWniBArYrXa8c8yQ9h+Uiwkowmv5zyIsBs92wJMRoK4lUv17tj | ||||
| nkgQi5TkXpISxgs81nfsw3r5QM7LoOfH3OpcBkYYx+lv0qXZufEouElqa8WK | ||||
| JvxxAzRcK1A7Eg84uh5PMbZkagBmp0qeCFZ0Q8ylBYFK1PRo7sTjzZ3i4yW+ | ||||
| HZgtEd3QIy8Ul0eLcFASqNjk3AgWn4bMR8hD7LirVPf8KW1r/6Zsaj5MmHWL | ||||
| YFc5GTjgbB2VKsueZmKFXzEwVI+Gd0GjWEpDU3isOqGfzHZyHvv4N/VZP+aP | ||||
| OUkdn2ejz190sJDfe6nv6WJG8Lmaec8V1dvNf6nx+sps85vvz2/bfMgZfyNL | ||||
| /Nd3VeO/1lX1567q9UNXFSbEorSY2Dre1i4UwUu9S6+6omq4tEoUnFlm8A4v | ||||
| +yxrbyip3/Xh2tJKuWsF00UfJzPb7lXsXF8Q/EAqgwpp18YnKNdG5bifWo+z | ||||
| qRDruQTJz5Wdcw+9MqnxtCS2sMxNq/B+jI8ENpyXE2p0oHBYO9AGbYwUQCHA | ||||
| eXhnXxTOZNWsXcU387jmH9OYt+r65l4so+82ejPSdSiwnOdwNwrtG/mGQo9G | ||||
| 3NMberKaXl+DeBM8KotusaRsB/sc3ywuStXej+hiKZ5at65KJNhExFW/eR15 | ||||
| 3g4b6D5FZYwTCCE/JJEQsAyVejYryG6/ozrHb7NdYI5ET9BqzI43LT2XN+4U | ||||
| 16edrTDmstlAeqhaw63dfeyqchKzZniCRPrdrt70m2ptMcJm6kOjS+vYNfAe | ||||
| t9XlNVHF1RISptImwhJnxP3KW/EbrxmEMUqQ3Z67HwRk8uK22HpxsjemTbPc | ||||
| +46zzTZtU8tnvMOnqwjtWUGV6E07CXh8OUtWI8YUWasdIhBGiu/XpQSMPeY1 | ||||
| xTUbx64okzasip3W7YaTKdMUoZpmW3JftwHrJ8tbh27s7e1OlvnuQCOMkLKY | ||||
| JkUgPffe6sArgj5c0CCfQFrHKmLL7ZEEanGhNDVxrYXnqjXcwJWCjVReFB/J | ||||
| /CjKh8BpVwnX7h55PtiSnGdlAZxkEmoGWVF1uIcEH5ePaB8ywXiOxXDVn7vs | ||||
| RCi+dvL68nZjRuYiX85YMr1alLutm1x4jnemQpM6nd1Aw2rdmLVxEa3HY308 | ||||
| TVt+ix/91nBkHMAr6jpqCXh1IHiNcRKyXlN8obRZEVs3Leyfjy3E7MTMUQ8g | ||||
| H+u6ESqs/WC2u/w6jn1UnbGt6oPN5PqezGV7fbVOeBEUam8dfX+7xyLlbkBu | ||||
| D7s7h1LdUBIKErftw4a/pJlMPEWmN9uHlO6i9T7nu/ZyWSNdpPWMmWPsNZEt | ||||
| zNtBvFWIhGhzuMFfkW27Kxn2cq/1o7EPKOxIeqvOGQLvSuQUWl+RHfZAbtRK | ||||
| 2fEqsUNV3DxCq2Mg3Mxd0I/RttBqJG/E5chzwrnlmQ2yafyle7sEkk+v4V2I | ||||
| iZqsG4jDlVNBY7USVylUKEbPTKjjzV1VcssExCqQpHy3i+8XjFC9a4GVFNeb | ||||
| rbo9u66rZ37LqYf12ZEPtFKf9tBSOXDO7oY/9vvT2WdF1Vj37M5e+S0lBaVp | ||||
| +sVhWxRtfXZOx9Mgbnlis5NOcR+PmewcuhCycs7O7NWwrSfJ7qxmUz6I/ZGb | ||||
| 7qEetYhXO1SKnE55VMHtLaHK1XVU7tXFVMiSJ2XlNkB84gcnC9/xF8Bp7NMq | ||||
| PA4qIApEFje0saIG6chIGZ5tnfgeHVZBwE7WKRZWduOWo2CsDahnexnBlyd5 | ||||
| t0miQ7fGtLk5aksIbcrydFhG5MnftVcBudjZLQs5Uo/Rpqn8RqpLbSlR0EVP | ||||
| 3VFJSAkdm2hpKRhG4+fjrfDIXd/CB8RgPVKdceICKOigpelpuG2orGYVbqxG | ||||
| H4fgE1I9qo2581MhxfMihW+Kb9ThdndZrUu8uBCiXnQIH0VyuyMup0izDS1g | ||||
| 87XeYSWdiBBB37fXHXoQHPsWs2cuUtdKveoHfTKcW3i8LYXyuC9RqyOD8ubE | ||||
| GjmOQgbHrBviWoYTIQQKAuBF3fwF8qvmcEYTIzjdh7E6kVsqLhsqZlnSAdkn | ||||
| jilZbwfpdNlfREckLZOhSJGGKGrUxz3CyMrxgj6Q46bqA2bpVSvqlJwCJKu4 | ||||
| rXda49x/Fx1VYu3jRIBuNnCwCfBwgwRoFISERwRwFGIhEfkIukZQJAiwrYtu | ||||
| w62HbrAI3v437Kh+YAwfuqrvlIb9+rb73yiDv3nv/a+/GfR269fvGYOxv1H3 | ||||
| fnj39h9b+jIjnN01dpvBjXrKdKEMUUIhXan7H/eFn/9/S9+8MqtleafKXj1i | ||||
| JHfaL7VqqFTm8ZguGFwgULbfbiqQBvV0n1m3oRtW/uNUwx3aM+u7daHwWDWF | ||||
| FX3u1k6FgLzST0dpv3b6bX7BbkK+hJIztRS75HoIxZ3QxVijhL1db+GV0Rv6 | ||||
| w95qiIiwNt/hFZaQp3NIbktn7UagbvGIXVicITwuJw1eKbc+RsmbnXu3nSEo | ||||
| Pn6/X2Vz7xbO6pzrqBEztX219KTKfHGT+fc75cjt0KEItIKF/T3Xh7rSsfLk | ||||
| k4+NFboxPNLKFTkTZ2LsVxvm6l88QESzfbRVPFnwZORwQe2tn1gRpLDeTcGS | ||||
| U9+Mq+lRZG1/i4tlJHj1fWCS/QFYvLJWV3IFilpLXA6JWdXd6b/z0teMvyt9 | ||||
| UxMWzhozkpJ2xkn9OGxRDHBiZcP8w0rf2MzQcj8+5GqwKnLM1LuEAeXKGRIz | ||||
| WwFBWRqV+0eN9HC9tmNb1SlBxJjIXqEHBmqjxy7Sxb7FY+t82Vi1HPYquRPT | ||||
| CdToS55he7yX7iGrabZT+A9+GNdy5AmI6G1M/DQZ0LWm8GUwrcnhEsoPlbFq | ||||
| oqyGjlxlhnrTYrzv07sTxat8G3Hl6tQmmaC4rsGcWbs1UcAMCVzIV5t4Krx7 | ||||
| ElxB9eGlaOlsOtINtIzdSsQ+Pbn7i1qYOV9FFH48DoyG+YnshGGsn0jIWi5V | ||||
| UaqFJl5ZbIKOaX+M6py82+vEuR2r9K7sL4FxNG1DV3cSuiXosfZqftkqarm+ | ||||
| +QhUGHaGbzVBac7SSVoe4It1QU7LxCL/rtKXCb/kib9a/Qav+/6LCuC3Zz9+ | ||||
| WfpvZIv/1iWwm+kFluJ8iqKrEiLPZLHlC/qGHgVBuTZ6ZJlFEWYKikhifnYN | ||||
| esMQE0c3+iZFjy7hxMJIbk8Rvrc2Tg5watrWOxkvCyff5c61PoUexpkCmq55 | ||||
| uUOvbbhm6hbBtmFTGIS6Bfw4ygTzamq+uxmLmqUg6owyeVI4FR4yyX3TYYE9 | ||||
| 0ldFMPC1jjExrYVOb3Syj0zjcik/TlkdFITlHBKVVKtQcSCJz8/DNTyPS5y7 | ||||
| jRO9udqrk58vnQNdZ4c6oQZGCJxtzRiiuD6ebcTeSLuVryqP5E55rgllqxvS | ||||
| DkE7md01ibKRc3BY60+bmqOx+2F15ENrxHQ62uJBX69Ilb21NGll3lJm8JNA | ||||
| XKDrjub0vEY+lsBM/CgtlmFA2h5ZZ9nuDHlYWsK6XG5sVW2asS7ag6eO9w0q | ||||
| QgNJmpa0q53xGhCNzqhkR6kxl5wU+5JYTmYs4VRoM1qM6r3s4MOIpJxA0WKV | ||||
| lLJutVtoxSzTwG7MMNpe1puGzqiHLcAxYhY6bxcVMEiYnLEKye6OnKDqXmJL | ||||
| mUb9agwQfbKbAVqeedpHlpV9X3WGtdG8dV1aKrEvrcuSrfy2bYatgqucyKlM | ||||
| gp4i76Bg1dno1rh7QqtoBSFScijd6spNtn6pVtfGV66XPVFrgU56Tiup+/Xo | ||||
| wGN9PQgMzaQV141LC65upuPvkzbuITpG9K7bdVKs38nzqmCvCh6u7iSBrEiS | ||||
| liha8Q8TWx7iVz2JhoaMUQw9ZX1r7ykJheZfn2gNZpfsnSlSbwCbhwZmaEMD | ||||
| KjzpzJWK0pPile4kqN75OKHb+ojAkdqt0yMrhPYSOlukbSiNghEykbHTY4zJ | ||||
| TbvDMjK8UtqG8w7WbTpc6iO1KZ1BF9kd3ViCYe/BZiznvrQhjkc0FMGjQgPF | ||||
| 0h694ts6zLfpWL+qdis5yft+x9HwOmrwTd2KwWGok5TpjGowlc0VqqNqty9Z | ||||
| R314+caIZeRxJG/NyTDjqFk7CeAL5tD2kjCm0ePEjn5j3ICfwHFNRjwcFXdo | ||||
| 9EZbwlZx73fC/pSOGJodNsTt2N9PN4laXlQMplYlh03eyN1rtygl+1q1leop | ||||
| m3QzUiZkb1es2q8Oh5eWzfMgWKFFxnq8rGLqQVx5tThKaKLSt6nQ9rt67MvN | ||||
| zrgv2Q2yy7gIul+4e3bRA5Te53lq0jfHuEsb7nbYCQ3IL8KghyfuxHY7l7kp | ||||
| +NUmvOORu+PS0iyV+MZX0IHEL2euYU76cXSDSDlf7m1vJ9P+4OgX/npUeSEW | ||||
| t/s+uhwYBzUZaWUAxnQ7XWaJGUaGVI1+3G1j5FNrbernfsPe3JpjukLOhfWO | ||||
| xw7Ko+8DfxX45drnLM+BPY/nFHy8pBQ97DMoYnjmvhu8LSfG420ErKZAs+p+ | ||||
| FQCrwBKbgGM9MTaGYbQOrF/3ez522PC8WtdjvXQCbgVd3GXon9cYNWnIOeqn | ||||
| Fr1SBd3rKOMK8cPvLWsNosfR5qrdMsr7bfMIOhY2nDsTNg/zAmV4Yi/vw54f | ||||
| d71zDeMU9bnQ12+qhqbh7fxo2DvLJ5USsNSar4NDXGEnjD8Gbkbz68FHoV1V | ||||
| XqsVnBY+qnWaFm0KR3CNEYa9Qg9X8LjsYNX0bprc2UlxTs8J7asdRpl+K/SV | ||||
| 168hMui93Vo63JbxndSZoO/djr/Wf08JPPgEnOwJWIu0/EH7qRnZW3cTYVSV | ||||
| TtilXQl9HIer/y5KYMSPdiiOEuBvdBuhGOaj6916vUWibURg3m4XuTBG4N4m | ||||
| nP+KkDDE1/DOi/6bl8DvpOFDFTx/yQ1ZL16/F/Z5gvskI2+ae7v6+w9ft/vD | ||||
| +3cFv/yetKccgJp8PLl+/oalj98kev/u+Mej5D///GX4y5HBh7Hvv2b+Pv6R | ||||
| YP359dWlH34P+PU7wObfjFP6X35B0VPY15e/ovQefsrC5+8E/fIVxNcR+h// | ||||
| MvGqkPVvJ1xP9X3hWvaSBBwKVOccTn781ohAumBsx7JxEnbzfbVB05SIf3MP | ||||
| RNXz4Py1Eg2fCdlM3oJvXozxQe0z8HT65SGZPMkDqFRE6yS10HE0XYq40GRi | ||||
| 0DF4WKfbxlBN47IhUG5srreQpvQzEgw7cVMSpaPsFMx8rKVRdPPWSvfQbtft | ||||
| tAOyOusPnTpcz2dcL7bLVbnJuWuzVW7jybP627jZjPp53AiOGTj+WjPKcuTY | ||||
| QEtx6IGvg4l1z7nr7SoLnaqSX4lnDVONdPKtvVqWfMnCqpbm2Ljml6nmbMIj | ||||
| ZdbwEg915WJBy6tolXfC9QKuvhJXxDtJ15XQBNdwbdBBhrlEq2cGd7mLD8oy | ||||
| g2PmMMOdPtVDSlu5HYoQZhBs5WTBrWVmkZcTl+iHUhtIitdMkE90kyDZNswJ | ||||
| hnuUtVPj5/bkh/GJu2Du3ndUyA6zncjSIhlLeOFkEm1Mo3ImD4+QG+D0ahUW | ||||
| mnWMW/s0xodV3otKWtcBQ6AXUhUeWgYhmWSi+eFW6PsNZqHG7u6KaFQReCvB | ||||
| BV+5zHRKwh6jvNMyOAcoWm/XMthEfWfgy868cpB4Zo+bM8F6UYGhCK3Bueif | ||||
| aXMsHt7GdaVrElOSwXuXVuqOfUjs0IY5imQjt2shLPFxA/n1Mtrt/RAWz3Sc | ||||
| aW6nYI0+7ikO32fUydpWDu+XODkYMlJJG60JRGZKk5DEGZGilpIBoXuHUjGz | ||||
| ajLf2Q7UBSt823K3LBqF3nZHBxuPWk77vvcom4jQkV/tYV/ntsRArP0VdvKg | ||||
| FGW5G9aR6YQQx0d/OAxXv9whIQaKQfcOxpKVtQe00KbZvhl20vJMhg554CwU | ||||
| 4VfMBoYskdLodQsgSqA2V3y5iZSjf0+BG4N07SjABo3DkVeP6rKSfty2jR9p | ||||
| +u7+6H3yTm9tAkK9HH6wfqCObdFXmbDb9Uvash5XUMogqJ5JjmF6g4+4MIWN | ||||
| GnMvr6bs3JhJrtvHeLkW0J7fnhKZOzXGSB4GOt63x1VDRtvHMeHX1ZI49Rk8 | ||||
| ppQoOsNdUiTtJB2Wl4N/v9yNBPGSK9SYUXaZpvs9HW16JA6+veapsiJGittP | ||||
| op9L0QGW+d7FLPFm2WtKvCa80fXY2UhyTegjSG1rJV45jUIbF3cXIgwWD8dt | ||||
| z2kg1TsBqUdL2DZCTN4BGuwqKF+i5EYAtfx2o19OR6yAKqNbuTBjCNNlt3MV | ||||
| OVnm000UaMTaTGaQ6SjemeNeTkllY3RLLUoEUOhn5X4nBv4lkNeQiohLk1lt | ||||
| D0ScPBQ8SJANl24aZiywy/ZBIQ+ud+D8cC1Zcbk5NsiSIqQ4Wpar5MF1XfSA | ||||
| kP6I2L7QwS4aUw0W76KBV9o2GrY6FmOJTpiMQV7U6n5wAcxma8PJw4szpVeE | ||||
| aNv7BoNuDXJ2tTPx8E+0d4G3vc8svX7MOftYrJrkHDySWByD/K52wcSU0whb | ||||
| HGPc46tJKaFW0FAonxmMzKzAUrOcqlVfzPY67F7WnJXj0rXH1rYDGKWolUN2 | ||||
| GNu+3kxizeRTXu85aehJKNdkJzfPSVklMlvgWDOU3sbBd7HijSNirgI7XbbY | ||||
| efQeq1s6MPY1GhOLKpICiW9JnN6hUk34rluOIO3S5144ZWxWnsKTAqP0FlB3 | ||||
| OEAs9YriBNdhQ3XP4a72M0ypCu1iJh5dcpCdcA06tHNe2Hws4qnBjcFYOecJ | ||||
| Z048DMgfHPxt4jFIHwKE7MtDDMkyMomy9LFkOVY48RQRkLFobkvwMEOqDS+M | ||||
| Crp73LoO2SPnu3VyFIi6iDI3zSXdejVJZcdHO1YOYj0YssctkQzr0QNmcFzF | ||||
| kcZgXmkbJLnrb3umFWyniWwOkq4iKojr0l0paTLUflcl/qEsqL3tl1Ev3JdZ | ||||
| eSTk46Eb+o1cIkNrGalQRVs7f8ilcxqgyGuqdZkc+nivIo5GEVpEmpVLJh0X | ||||
| E0h1UDubraYdbx7YUS0uCaHhaU94epjhXpWhOrQky8dkM2h8SVkTu6TwCt25 | ||||
| WtsFGwEFJYDGFKakl/W57dpM06VCWlkNfzGHctzdFGYYIYZKu6hs5QvcVBYb | ||||
| bhvboIb9jSoDP9scqIrxlCnwGmdYhstR9fbEFGmZXGXw4xyV6TWFasL0tCBW | ||||
| 1mMJa9LAYT62Oa+1gNt215NQKKK8kTYdTUxs2iLINS6IQ6geKIIOkHpk0SNk | ||||
| RbmgwPFQMxwS2gRm5GZa5RcZ2wjY1QfM3ceqXSg6Hd3U/DVpjZobfDmGUcu1 | ||||
| rVBgoCg62AA5JtEE8B3ReBd1psmqpr3pbDRDSnMn4T3ZnwxdWpH2YF6Xsnc6 | ||||
| J9mEdyHKnRtoQPvMQXBUvNQJszkHovqwU+cW6RKdaBO+2p1cv7G5eyTdGr95 | ||||
| 6OtUkMtHAhDFYg2lE6E2s7batumLK4Y0W/hsoALNKdwp4inP6M4EGRx3480l | ||||
| XFANP450aXNx6CEnGOFWVBpPFgSv98ftwQc5I3XhEcdPnjFZSbrdBWgSblWx | ||||
| ggfBTPljsmt3xDrPsu7e65Um7W+qbd2xBKrJ65ZsKQrfK/fYPu6QS/dY3+Xg | ||||
| OmBxPZ38B6nvUVM4xTD9yFOVOZjHJSeQF4Q+KvrV06BKaIwUMbl0tSSSSxGe | ||||
| /HS5rI/3G13LPS+cH24eoOrBLfi9gigPFmFGOQx6t7KBy/THAoox7HAMR4I/ | ||||
| 9exGpxR6HeTXXh13AR5ZNuvUSX3ojlHbD+cpKCwP6Un/qkWno1IueytEIZCr | ||||
| L2lrS5usJrdg51od6Pclxh+wleqcVNpwL/LoiBZDXPV1bGLGpl5f8f6GHBT/ | ||||
| QBQ45OrVafuw2oqyq8kuN0TEY7Qc1pOTcXTd3E/DJQlsr3sUhPpYVWmeA/D0 | ||||
| a/JxXz7GLrEgSn4s0wzZs4FHX2FkO1zzlraUo5XJKHnWkzKrnKQl5Bpr7jFl | ||||
| p4iwj68MzFT6gWbhRwKteKW0S9XeHJpHRIsMmxj4YXTWCrslxmTTYVWO423J | ||||
| TS4ZJ8HVQ7ibvyMKyvMzVDlIMaTnh9WOv3W3BzsVaqpfoiICteT2dnVoGA9w | ||||
| rSj5qGEY02LWgD173kOla5TdsLDTIRtXgPaqrVGqc6CJw3qvAPKZUo7Dj7dk | ||||
| eUxRoxUn+7A2j4CijSjDuGyEj24+XmA0yBKuLRIGqhtA+Qh2o66aioNH01vH | ||||
| dJiwsUEUVXXuZVAGBS19E+owz+Nzs9qu7fvKlojggS4v1PUAoauNGMCr8bw3 | ||||
| tZoRBQEv0TLm0CbKbpPqAoJDFHuuj4+wKeOlMrbugRib3YrJUuTan+HnUaAz | ||||
| fFMf8CUYs+aX5pETTZ7mWkJRvs0Z7AC8WZqfgV4PDaBiIVWKTAOxph4ON9zd | ||||
| WKQ5WiLjWI6NqTHv6ApZ7+viviEPyyNGEHBvI6PnQIpvDPQykbUzLJQw15Pk | ||||
| 6E2BrlGk6/gJssT5JDTxcdqJFys/FMhRER6Zg6eFeIlyI7pBR3eDaje8XWmP | ||||
| vRjiB/lyQOrrbcXJ9YqrYh/WMcAUPPu+xwjBw+OOLHkLPyIeHASEd+chxSNv | ||||
| MJxsm6VopQJq4hNf+bXFWFqchrxItxcYFu4PVJLkM8aJV+5MG054V7VzOU65 | ||||
| bkOOEz/qxrsOKO3UqqWFwlHcuGy3fZztDZUmGg+4rDimLjaaCHxWHYOnpNoy | ||||
| QylXyS0/QLq9yYXV7ZCO7iYeBv4e1Aigy362OyO6oSACN1Zo6PFSjNKtgyk3 | ||||
| 61r6Q70+DvLKqEsH2qbwuqvvaqjhmb07NHoYP3gBR6RhU8hnNBC23aM8d0QS | ||||
| BA4tSby/3zo4l00P7ohSXM9Bu0TNtco8Bo/UTfYr/mYzZ1BGYtReCtATEWLt | ||||
| dX95GGGNzseZZ/Qo94y54wjcXgVEyz6gtb3xEH//6Mndo1MLiTy2FjtaVEzg | ||||
| 1JKWeEwa1G2LG5lzzrMbsuVo83rnSolOLVHiUAW684fUUsXj6ronFIyvKxSw | ||||
| o3yLTArHO7vYIbt7S+n8SVfNYxw5/mOda4+Kyn0b7/LtZQ8lOQglRkI2fW6a | ||||
| vNQcAQ/B/d1KPpOnMNal+tTbeiRLmHQrbD7cXYdru3u4J1fLiYgTdAiWPN7c | ||||
| yO3hofFXa3WdrqZCshYDkOFIn0ucXd0C/MAa9ytZDtxutx6JErYRZ/KPO8Hy | ||||
| M6i8+OrK0vUEDZcc6cX1oVzhknjjp/16Q5F+8MBtsntMppNogeCKXTG4+zYy | ||||
| GtSghxqnIfsBKoYeRVcTlub1qTmrrn2K7jes1RU+4LG1cXP9S7yWsA1DJH68 | ||||
| NDzneDzremfZ4xXXIQVH3WIy1IeHjA/MHTDxsOypA41eRT1WuPTqcttquB50 | ||||
| LzbarbNrb05AuzkOPy55sD+rEKuv+pqjT5ypu7ltK17Z3dPTDb9a/Z6blpQ9 | ||||
| HS97ZdMtN3mF6XlsOOvpiHPmiWVR3tMFiKkvZ2yNML6llavcLXHAmFb5/Sbl | ||||
| aBDwVBakfVsKjntA46Bck0htJLpcyFTrp/Tyyl7BBGqzg+1E8H2DsXCAPpb5 | ||||
| LfrwgLFaHKiauHhugdgwuOe8peL2eQ/0YqglRc6tEP0CLprpX2p5hImvHfKz | ||||
| SVYyTSYndZ4UIgVvG9iONNGhZpZrR7/C5dhz+mY6bYVEGiO3ake69i60dF9l | ||||
| +qRcrHsfuLtH5C57Vd5Bq4GmiNYKJlg2KpeSBetBJPfUc8QLti3lZTOindFL | ||||
| Uq3us81ObYsrBQe6Ykjt1IqbyIWO5rXNHrUobFwaaRNmp9aJqPHOpF0lFD3u | ||||
| R0BD1lh5auJzZ1w0QrkYQRgudY9yvBvbrSC2stJqiIBb8BrW6Zf9qSCIUCXO | ||||
| aYIL4+k+iFUamMmmojk1Kwf07IxkLVqq4A+EQV4pyFbuyzoKhF2U2sQgb1f8 | ||||
| vThpodjWV5s2S8AS9ZNI1swqWoqrAOHWTl7LO2mw4QOvsRoBqRbIhNxug1YK | ||||
| wR88JeysHGukR57p4mqbY8v1/gEUVhQIdlzeKZ2Nrf1KxPliTwJy6VGQMUbX | ||||
| Mkb5dL3M8uY4SbslDdJ3JxNF1Dbo4zyNK+pWDI7o7m9tgJ7vKn/TwUUZa5OO | ||||
| 2kMU0WtLfh91SdfexbMJeO9tWjer7DzJuuapMTFq201yR4RVYdO5ebWmFXUv | ||||
| vbx0z5RP51CuFsXFMQRZcRvxfAkOJy6Nts5B2FnnlX1mz2KpFZ2ipVIrEdiZ | ||||
| FPKt7ZXWiafrA5yECSTaGyXNRiQOCz5HXC7TT4p8PzC3EhEPjCE1onI/5ld+ | ||||
| ZXHloeiqPXfsLk5blgZyvdqHAdqcDb0Mulg6KcHxorJpoO/rQdTxXTQ1NLW2 | ||||
| 8mFs4ZSPgrZXEt2tldqFA1nFuNRaR7ceeuyE5bDTbWRVEJfQMZWD6ofDwad3 | ||||
| LC6SiOg21zhzWOSAXbx1FtiPM1Fvjkd1kHq+cBMYMqSCwUDa3VIir/LGxCHn | ||||
| trK1Zg/qSf8QLh/tXkMarEjFjefLlm2Pu9jLEXtFaywBr0VoLAB9LRlt+XCw | ||||
| 5nq0mP1xdztHKH8n8a6h+abs0Mrbe/mQUaEsjpnuB6dSYIuxbsJCLSBNzm3H | ||||
| laZsU1y7emfddnhd7mvYxc7Jqg1CWPLV/4+6N1t6VTuXBe95CkfUJVFF313S | ||||
| 9yAQIOCOvhW9QFAvX/xruVm2l7fts12niZgzYk4JwRAa48tM+DJ5SN3pxbnJ | ||||
| 9d61vWEdvfkQ1vrB9ehNAH5FaHnKwsjSzNiDkNlYa9UkYlXLZxpyUTPZxRec | ||||
| qBaRVdeCeP09ve5pHg8cRXdn+AZikhWRnSeHQoCoi7XUQeiusPkMZJNRqDFy | ||||
| IabJDf/8mGStPjSYzYSjvzzhAyvowjsWcIBbs2vojutpVej34kkLJyXKWFmp | ||||
| YH0pTadm0zFzxFAdG4YfSiXJ8OA98T5+79dTowDpZkfyexWiTvCm+KosO/k2 | ||||
| PueYmbh/LbXABvbNgvnOUQcZuk7w9FfjXlRSrTSvGzxroCNWvlDEvjhCHX6e | ||||
| GitUpdRHMyaWYhUjWI0f2/gsUy7YrjQ9K9SwisrnjVLVbtJcvgGPCint+U1b | ||||
| uxpyUxELMw9S0JK+abWG0RIJ9MKjLN0TmXPFy3rjT7pXZypqF2j5N28F/Epe | ||||
| Hu+81e6ZxelQgF7jQt6SRz/VHJFT3HE+6njy/VHH4Nwxg4iL5UbjJ3UDl3ke | ||||
| CgD2B00py1PRy+kWWTX/7RfjQ2BqpEP4oxYpLuIZB992dY3DpxyDQ/vBt/MS | ||||
| 3WefWAUBDK1fqKK14BwEdqFvHIGQ7aakzL6kmZ2UNDeMVQlVnc0UgySBZ71c | ||||
| ae1gcTayJ7SWAfmWP1z3hVdHvgQD/aE1ita5ayP5ulumn96eoHjpXMf0debB | ||||
| sTVpg3Vr3KUrL4WbHzDgjwiGqdSDuvkus1qCihDYi1RtdcxPR4TZHXl9lRE/ | ||||
| ISRHgkIWEu6mZU9hZmJzejMDAogDJZEQAq246sdKm0Czu+hMLeAmHM6wUUvh | ||||
| x78+zTTijG367CH/1ZX/zgdM5yj4iqtZ+WATh2tZ2T/Uv6L/XWC6kSjpmufk | ||||
| gfhQ2UkKD06FhKGdIQugsexxawapZ//6nsKtGaTaefJcJP6gMfOzTeFExl+2 | ||||
| OXTWuUXXjcbvnzfVls1+95qSPuPCdnPl0z5/rilNPzt1WN3Zuof9xFfAEEl7 | ||||
| pYYH7ibai/ucYY9SATSS3mflXK5yxsf1ABMetBnmqJpV1Iv85HAqZa/Mxtc0 | ||||
| AfCZ9jvRZddIycQ6F9BadnmDGj9M623LgrtVPCVEwPBaxtnwhqfzifZ+UdrT | ||||
| mxxG0AVCGoc/p4nPhANmpYIsnoMkUAJWRtWn0zaKnQLheeliohE1YWYS/sL9 | ||||
| RDoo2WmKdAYCXphOJdU1U+9t/br08ekT1/LKvkO1cN9DYkGbJl7QJ3AxJ36+ | ||||
| QFH+QgEfHfLyiXvr3ABu56J2jdaBB089CtPZoBGhsovHCRY1GYQk/jw4I8xe | ||||
| WQRaOirGS31LMKntwUco6REGqEHw0GpPZEaq0li4vnY2Gez+8wrHS8Cg18NJ | ||||
| wvpUNeEwUbO9htZATe7Mp5PRab4ZKSBMAvIR0sJ6qXFXqrjAXkRJydQrPfwZ | ||||
| U9vH4/Fq/B3UVhfMh/m66z6KPsMMZHPnga46MJv7g67sSbHXoA9DkSIzYvGz | ||||
| mI8FsJJ3JNltKtq215wKs9HeXEdUNdoI4Zu75HAk1kCxiXCqEZ8dHdraEWrj | ||||
| Puuamr6lZ6XFhUnnm36rvZI44gzlwJvxc6AnpaN8PT8PqkpewAfZ9VWzZg/S | ||||
| ICkS5yx5q6gEbjl1Iatcpi6TdWz2DYsU/TyClNeQhIArt7+YOXgTSgoQJYGF | ||||
| VDI6zoRJmCHIzlsDZcmBxjA8knQecG+3bEYX6u8kZ6bpM+7wqfzS8hmZKzIY | ||||
| 2Mvlegd6nL81jFTstzkYe+UmnVvzAdbJLBdGNFYf/o5QIjKzT0PP2JeaZHXH | ||||
| 8/LEycApbw9UvfXkQD1W40Zi7tKH4pFQZiVl1ch7ozrlzsB7G7sm/Zt7IytO | ||||
| w4aFyRwxtoUMpM5ulTfj2xsW3ioi+Hg4ZON0QH6ip7aq8Zocb2yTWchov2cZ | ||||
| IImR545HxDcNChkuBAEdenD4GLHSd/MnU4cSg5ARc58mX2P4dma3YdRFUOxy | ||||
| 533GSDAKNtPUOH593C8ZBjgLiFFSWhx9Vq2ryOv+eMGQCYsrfCDkcWmK9ykh | ||||
| hCgFaFCosCbMq+YlmN92Y6B38Ik8RqBBIRy2bz6KpmfrS25a8NMlTu433xnY | ||||
| 4FOGNfITPmXmgyMv7FQH3ZKG5K4cfXnzBr4AYo9BTYSrDo2l4+zMt+aGdtdi | ||||
| FaJ5Gc9HP/qTLSA7KQ7gkmzgYzzdUD3R0lA4AyWSAzBqlhvjR+WufGOsjdWM | ||||
| dXkOVbcujl64ld3fEuA+hkYviIivvt4sTp/ZefPiRHJ/c08gvE4L2o69rB6W | ||||
| GlYuvBxkRgV1/QRry1vWbaugb1buGpSWm5Dqb9CNDfB0Rrvr2JJxAWJrrtP8 | ||||
| 4T+JuUzlXUR2azObs0tjmn5GI0vB3nJPSTRRnP4T1Cttt/eCEO35/fzk2RPI | ||||
| A0SsuWlkFG4V4riB1cOeCIhjSl7JB6/mvca/VWLhkO8QhQSOMXqrpirFPg0D | ||||
| Sy4PeCOoAMdTbCXh+TWuvHEbNj+mV/x+F5VtyxR8NrBAFOq3JrN0SD8+GVX5 | ||||
| BE6SFERKyQJ7RvDXNBSo/ajDEO1gu0uP5FgYtlykVi1Z8c1JX0Lm5JvBPxvf | ||||
| eXapz0MrCjNRldgV8PKiDdPDx7V4tabJ8TCEsevJpdqQ+0S76/AIMQIUvgVk | ||||
| TFgVCrmqFS/5noQ3D8XKdQKy0Zsf3RsKZct82zGN6CHkFkH+AHOewdZxR4WP | ||||
| EKeR/HgrvXAjim03LEnLAokL4sfaAIc261dHB66LSHP2OTjYg9MMfKq6qFrd | ||||
| Hr0FiTW57rf3VjRJEE2lGtnI4VaAlTs2Orje5M2/3sgT/5mDdjc5+gC4I5L0 | ||||
| 4y7G9ShKNjQM5i08G2SM4SeodRr7ARUMah8Xx7aI7fDynmjO4ai8zrK/Td75 | ||||
| TUPCHzMKuDH9c0IBANz/+zciCX625pI0Tap/kEeQjunvpRH88Zj/ZhbBvbP/ | ||||
| cBLBr08K/btGj/tA/6EUgrP9sWLof7ZiJLPdCRhWcifUyUmwvh87bVR1evwf | ||||
| nEIg/LtWDIF9/smKwcPa/tM3F720Jnrlf2XD+PMVn39kwyAGVoKr3h1Lxmo5 | ||||
| vSvICvxJ3bQrtzycNlNA9ALeMFuSlKS51iIe3sf+bP0refssNjHgkVLh3FyB | ||||
| Yjt1UKztUU30Q5tGms3fdLLQeI5uwFaciB3k34TXPlZBPbW2XI5nzZHWzr6p | ||||
| J80LMgaKydTZTHkN6PQ6Eld0yO14bUqDOB5AII/8426Ng4zz+tE62uCEyjfj | ||||
| XvfXJCwlWtYvrZc/ieH2BITp5cKAKRl0vPD5enFkAPF3I8EEg5wu4TGVeaNn | ||||
| 9fikmyJpHPEgwJVOR9d+6m/E5pBqNcaDLiTmSdn3by8X4xgDWqP5Du8iuJX4 | ||||
| RKqepS7GARo9t/DIr5vUahpaur6r6iAdDbdYx/5iw9hMVZ6B/zEbxh8/4zgB | ||||
| YHI2J77u37rjrvTVb/GT6Av519lpcuYvG2qOY5rsKPP8PZkcX+IOU7xlw69e | ||||
| DuHXI4v3QpIPgc1/cVY4uChV95b0SywYfqCwxLGN5kqPhu6WV6ETzqH8OsoW | ||||
| 4G4WII2s33m8XbJZKOjll3/WN9ZNgyLXKCN1fxszZP0xZohjZaoAnIh8fKlX | ||||
| zBM7n0pE3drN9h0vbDxN0HCzpye/xijM3/2xWv51YsgkYvnGCnuxu9v6oIGP | ||||
| Rd1ESyfDmLvqZ81C3NZ1cyQ30h4KU/+xv6/3zMOvxztDHje1fytND06yWe6D | ||||
| fwzfHCArPVNEgZjA1K+FU1XQ8mRq+Sxsf6WHvQEpSDm4ZrLAgYUe5foYwMTH | ||||
| e0QnZ2GUoQbojvPTvDJJ6jPiFImlYwtUg6EEB5Xtst6ejrcchMvpqZLf3l+v | ||||
| Ry/OPxRvReDws0En4L8MYtD1ZJ5cN4epx4xRiDlJzoqCV7jhpVwX+hX7WBgu | ||||
| 6iNjH6fWvprTR4RrmqunZgK2OkHKFubSmikpAzpNRv8rFoy/4MV/kT3wAw// | ||||
| bvLAD4D9q7kDf0aF/8lZrsI7Y8MnH8g1BKMmIM4uNQvUJn5WkpMgjreO8iYs | ||||
| qcNBy+r3Irp6nI2TJBrEc+wIxYBR3L4Vs2H5Nw+TAoA8Hzw/HPT73R4cmn7n | ||||
| /aqxBEUowycCTBrVN45Qm/q2wJ3TRWVEaT7djEM10xJ357cDUAhkl0mfcpPo | ||||
| CjPGJXBhBNxj8BmUkFFNeDXzib+9YxVtzvm+/en5nXI6PKLFfPsJMQKbHA5Q | ||||
| 9hNaTOzTy1FtSrL6ahtkbCGWkuHd0chaNE11FiQ+cOZ3SgcN5PX91CKhzqkP | ||||
| 4MqLPz6t8MVDxFhJ5Ihisqm7t9q7rKaEFTJ5/dpq9Oj2YVzrSMlhNlo53RAz | ||||
| kitWC0B9m5L3lfy3lgsucyqk9LamiEEbSqzcR3DG0uH5y1Cy4XGtWn0cUbhB | ||||
| WdIBtP/gj5qrGDavWH82FOQhgsVMEloix8cuKXSImCvK6o17RevDdtRRwwek | ||||
| zkjm04gWA0RdtuOOYu/7vPHbK2q1MyW4k3k9CkMhnXPQSKnnxuf8rX33+Tqj | ||||
| 0vsc84bYiliv/kcBcswiuHcqNS5ntXiissx1gQ3xNeA3hnWmnjQQ27bYqsKs | ||||
| tsZEHLB1lPL0ym9IWOwpCTQ4MjFPUn4eMo8w6Qki99F5xJG3lJCFcdtvNN/f | ||||
| 8ROyMasQMvLLQ0Y8OpliBVUT5xRQIhXZiJ3W85EOCtR3zamIxOCDIpSkhfeh | ||||
| rxvNTp8sePziX/judDuhAqneFKaKyoQHBt/HzIqCj6QKkVshKTbz7MiCyWi+ | ||||
| st0a/RyvdvKS40PTX06Wzhj8Dq95oWTeWvstWQHszeBLg7O4y+D3VDFocLQN | ||||
| HiUrUygv1ssRB+ugmkGYyOhoZhsHR/RTXoq1fKq9WkyBvUJf4GCtYpA58ofv | ||||
| rzqE2VM211+HDHNRh6257KQcC9WRgIjRGpdRkfpNtKO9twGB7FbeWOtSdk+9 | ||||
| l73JDyZyU/0Ug44z6rbqwuvJfOVZP48HhVyMOpzgJcjp1dFiz0EV0D8pWZJD | ||||
| AvZkWH2WiXSLnfy74W+LmfJPLKJp70Eo+Tl9Wgh5kaslyJ7rm95os+5Fnge4 | ||||
| PcYuCVEavw7ZOYOtVU8BnekhiVCBzvD3iO13gT8zFNmcK/MFOsb3ZzStSJ2O | ||||
| K6BbEE7P2tvdsa2dH+AIPsNkjfRVEiF8UpfR+HqBZXWp8yaLbiu37Zhs5HzI | ||||
| NIbbh9EBDKUEL7upoC0k3/arQk5ufYMz4+nesuxvZHLl/i2SnFM9o+jEF8LG | ||||
| P1jQD9EvI+Z7gMOl/XUKtRc4ypGwpeJXWLJDHeiBoP6syCrQNQmxDuRLxy+i | ||||
| 24dU47GJ7StvOGPp1IGVGIjmUJEgFn9EtLch3azzE73NbMBMDBu9HH2prq+v | ||||
| rfbHf2VxBoZY8hJLmlLVyRKBxtHLsImT+ROjmIdu+r6O8UUPc8V8KZ+uZewT | ||||
| GQFKKj8uEd7WIB5FzhdKWEdMSH5eA4/VeQcKBUZnriXGpTyhjHrcTNSRXDMv | ||||
| 2p3tPlARaame+js1r5qkyngDqTLMl8H7A3FA8iXKtIzibeQg+Pq+EqNTxecW | ||||
| vBJ9eepu7i3W5bH2UhSavka4a03kfW6namzTt3pzJMCraPMzwV+Hlm7eSi+b | ||||
| X5yD8r3+rSxXRgfnkwqUxxXZ3HycOCurUCddSx1qb5oW7fHzSKv/TbJcSzwp | ||||
| kyRLUwKnsBIj4QImkwxDCxhGaLosbhjDkgIhMoZJsxLGsYRO6ZIs/ifaLv7M | ||||
| GX7juPiVzPwrqQM/jOa/mTnwXyjc/1jewN+KXFP5Kg4Lylo7ZtFmLNUJvg6r | ||||
| kPv/g/MG/peJ3HlT2J6zzIZTO7rR5uPmQqcwSq+jpR9MjHyifAaQZFY/Y7m3 | ||||
| I3u2OUt76cq5cv7eE9V+OnYxrVb7QrqR6kVa6YWV0ZQBEcHtUrC3Xg4gIKPF | ||||
| EoFJ35maFz52k/VznqXBArE1qmOQKroVyqW+lgemZ/D3Jlcavcka+a7vchdi | ||||
| xwOAIeVzKlOpO04pfNaHQj+Js8kfWfP6cNSrhUP8GyGTz17o8nyy/SDvtXjp | ||||
| UvrCMe7RRkD48Af3ZW6hdCZI3s6kmDIm1PVpncd1IRjG2hr+M4x8Cl6YIJRN | ||||
| aM7aHLLqVzTVfMEB2bweiUm8QyPK3/Bbes9jkUkk+vZFWGisvD5uXBiKMoez | ||||
| vgcFTPrfWuRK6t+I3Odir2Zg8s/4a+EoQeB8UPceqUaN/x8SuTyaAREtVcm3 | ||||
| 4kDhy1Ss1GLEXUD36oqal4qxX0x6fsdqhORr0iHI4HAUIcaC++hh+oabLzcA | ||||
| +DC2X4F6mL0JN2DTs3tgaVaiRIy3VWo10wHEwzy1G/Qz5ywYKYjYVSkSH+sP | ||||
| 0+zRDqjffd+o6tqf3lSAlu8hDcx8rWrl6R1hXhzEHd1sspUwm9+Z/3p4eS57 | ||||
| cExfi+sKimgBkXSwL9+Wuf2KstI0dEpcvWfVvKPPOMStRe3QOXt5O0BNoIBJ | ||||
| ZUCo2T/LxsfIA4pKBKBEE2Y+uqxAWrLXIBq0OdzSiwjNqHrDDRGoDGKS34sY | ||||
| hdjvhjPjdL0ZXHDQ7ulLsDrgs4mBmm2PRdviy9z0/Ub/usj95ykDP6jwP5Ax | ||||
| 8Eep+68kDPwWHf7bYhdi/yux+/MUpWf/m3yBGc74e8Weqth4J6C+F7bwINWu | ||||
| gpR/HBAyvIgaXYJ5bMgaBO1K0C1Y+FqfQxJjNGHGitBYgnwfqJW+nu0H8L2j | ||||
| 8O0L7orS90jMLItoAks8jcmtJeaXc/RWBtIH58KqcBGUjw8fD3txdWYPZp2s | ||||
| EJBNlyfZr2M44WiYE0WD+7JkIY8uKLXo6YnjaJs86PJrDLoGM6eW4MqWPNyy | ||||
| ldpX7wjAI9k0lX9lCSh65hhsaZuJoFVnzDOXohPJQm0JUHsZ3R2+wGfwkZC3 | ||||
| hJvr5zQ3V8trD9ifOxJk0QVOp4XRqBQ3b1HDpXO+uPF6x9lWo+kzeiVzTRzh | ||||
| ksSO59gqgirsZKM5wWCAe75C/JEFf/Xgkv2xkQnrtKJ2KWWjD7e09KkJ9/WU | ||||
| EEv8lBaReuSe0RU6CrjtkKl1SppFsQcrXdlkNlLxQG8f32MIH8vs0KgD++Xt | ||||
| 90IvPosXJt2g8hemFvb47Glg7ZogvuEH/mj05JLJ+vL7BbrsthePmHIH0X8V | ||||
| G0ONJhwVLEwZgiR0ElX4MwSRaXl5QHEs0A0swrqDxXJoXA0yvKvY2ul9BAV5 | ||||
| FfI3CuhAx0wyqHOvlb7hV6oXB5+4gtAgnwUQistR2aT9pSKD6ApG8osn99dC | ||||
| FKi4IiPPcIKZRq8sd1Kq0G2ZpYBtUXVxeraY2zwB+uK9JqQ10TDy9uVumLGy | ||||
| 1Z8I5kYyt98CauEV+54U7q/5AoJJeJ8nzlpOa0ejXW0S8B2DNr1VT27fAuud | ||||
| S13c1JejfLPUiBglLAilT40SUc3wggbR/fb3VtHno3WwmDcmswCKzWeKa5Tc | ||||
| m6c2WM6D3RCUJxvSYoZTRrrp8XyaiM/kAxWDxIw35zFPyYOeHhg4RgQFZNXm | ||||
| JF+k7QvsW7tsSxJZj7jc2/l1yEFqzDp56EL5zOOPGcv+ZkfwsiVvTuAr0SeB | ||||
| RZw59uQfJ2FNEjKNb1/KIv3lQUfqFtK8fc4Ztc+G9Tj4VBSzG3GS8zeLmkPo | ||||
| Da3dBgjKKwxeKwLKuFqJZjB2JtO2S1flEVEti0bSd03SeTCtdozgmkt5qHPl | ||||
| fGxyHh7PxWSAtNiP1BFb5Nd8geYhQlfBPYfrbIvEy42v3LmIC8Yh+ppzK4/m | ||||
| wemal9mVffJ8b4QG4EsitqBcGzzBxWtMghdOwyYZhtLLPp5dau7ES+lpFNeV | ||||
| vdKzcqxhu3ERMThbC6mEL3DotrO3Z2bWKyZN4QAnS8tn1xM95Gf1kMXJd3FN | ||||
| q7PplvJkN9Xx+hJeV9Czv44YBZo91fvNqlv8QGfkTYkyj0lEevVEey9bx9Od | ||||
| MErXyaSv4yL1j+RiYA++9n7D4CHTmA+Q26HkUxWfc4U5bh7HUh8u8L+xvenO | ||||
| 2TOpNy6WjxzWgFzWoKWiJxgN8lKYi8+7xVN54LFJOkm9HPI0pfx18UglnkTU | ||||
| Xm6begW0fLr0QRyFgnx+HTL4KpOsFt8OZmXfXzwunf9jyM8T2hWL41XjbJ/7 | ||||
| tA9XUiZ9JTI6HJVWqU+7DbyOuron8jKj8GcihJV5lOwSAFeJUAnzFTQDNW5l | ||||
| rjGsVzxHDB+ZS+2mVDNgi1eUMbPnKFd8MLDRWMTlDy3oHbbesA2EbKJBrvYU | ||||
| Z1Y17eoo5Y9i1/U2kix1c3eZb37olcN1N7rwrPjVL3biqv5P3E28xa4qKlqr | ||||
| vqP42UfdRKpD68Q0BTlUietnHSamLBT3iIrqfw+xy9AZzTA0SaAMQTMoU9A0 | ||||
| c48PYUosvTltkZcFnGQJQuQJBpNwfr9AJ0hB/08Wu/9SwsBNRf5/yBf429vD | ||||
| vyQG/NVNgT+/8vfJAn9Lqv47uQK/Pkf874IF7kP8bqzAz2n774QKkH8KFaB+ | ||||
| J1SA/CVUIP/Z7v1LqED2O6ECys8tBxf+U6hA+i+GChRQTgKz4EAo7fy02Ms/ | ||||
| oQKOprNEd/08sTAnF/HgIdg9uWc1PT5P1/Ydr12njRRrLu4rJcM+gOTxj8Qm | ||||
| HtA+Fa+EHzg3WWRpwIT3zGKaBxJM+nYnOW8eWLz0HSqmSgOfS44+MF8ShhCY | ||||
| 3a5TQWoqycJWXpo7bBoL6tqT3rEthuqpEXVWTHbInGFVsqRTbOKJ71KdD4nk | ||||
| I6QIMBEZpqGmVUEviysnWfMVPVCvjyphCkgb5S2JTncV1mkafbMsXVB+5wY9 | ||||
| fI1mrpdEEQBQnRfMmMRltBqoiZ2X70me3yfFo4RQ3bxZo/05cUQN9kxBWjUz | ||||
| QkW2EpJ80uwDUloU8LTHo4L6vaBIIUjkXBy+uKPlN32RnCRj4Otdf31EiZf9 | ||||
| +qQ6s+EF0S80fEw5mrd7rAPH07j8G97jcKan54osNLEvKaarWx7JEvmMpxC+ | ||||
| 1d+TWiLsE2018YwC33nlfhRF2BOGgGFNjAo3+Zdv48+aGiIt7gm17TrGeFJa | ||||
| /T70/YZj1/XC1DhdQYHJAmx5tzIyH309/RlAUnFhtBP+ZDp9WQ+vpJUX5z3h | ||||
| T7qfuFba2DuYcFcMIXq8wt64tpec9pKcnonGRHiVAIaJaZP+NbcU8b3vz4UM | ||||
| rJEOuZdjSda5/jX1C2jnnd7xeN6PkoiiqmqVRu5aRsC8HzaQyHG9CnXB0U1g | ||||
| b7e2/DAI1/sk7VCsgSxn+PKf7XgLO/fpkx9TMGJqOeCjj3nkjY+GDHASzb9t | ||||
| XDTeqZ01FF1yKzQLYV9inJZcmbVlTfIWV+cRuXKnsE/OjbZRKIOTfHseDo/A | ||||
| mOZL3FTZzh/bJnAfyt3OgXWCmBZ2/fpKcl2gExpljEKwhGlQ6jFbW3Td6/Nz | ||||
| Sx9PBFrWR1tzPobYIg7fEAcF9SRSZx1r0fONi8x07rxRr74lEZdgpsXp6czU | ||||
| yySHoLRNqgK6TMoLRRgg/jU+LUVFQI3FjqdgwuTV+YRi5qg5eYhreM+keKtv | ||||
| X+dZOWoK7X1YztdlgCRSOO4gOIs7kNDlqJfbJaif1HA4QwdbJSo0Mgb4ftaC | ||||
| K2mt1IAbzQaY7sKvl1LBqA0wc1aH1INQsOcJbTN9+o469mDtNm7blQ0znyT7 | ||||
| Vd1tW3T8lb7wNfM3Ln52FfOROi/wgTMdAvK1c9OAPpfhkCAR+RQ6exeU8fPS | ||||
| IKpsDC3syCPYg+3DxQdaiYQjlx/+mOGHs/LA9/GlzdrqET2OhICX19NfIMNU | ||||
| Ct3KMOSJKobs6FRXQyPoOMmVlI02Zg7YuekTCUJEAAanV+sLv3Z95apLmcYC | ||||
| O5ysZCNindBPWkxrTHhQpHTvZeTeO4tXyN5QQ88XW/UNlxpAA9IO9yQGuaFc | ||||
| o69W+LE8WKYlClJ/Pakvh9Bju3mEZsEjyGzGmjfd/acnGXUNdhAFCn5n5BE8 | ||||
| aoTJnqyB4kt35XrwaVQ2fFLbVfRY8ZLbXB9nTC/ArdS2MX3KC4cx38oIFgCr | ||||
| RxKrc3D2/LPN2DowsJrVmmEHId2DW5cuZ5AX1tAcePH1qZT64ECStOyFpsgf | ||||
| CADSvzeOitEvAQLHH42jbvCPjKM/nwH+YhxtG/kjPLtSxv1D5SXjxVaVM1an | ||||
| AdP1Y/N7As07G+SC5p3J4QuT3sLiwQJQ+Ziw5PCDIvUrunK0Nz5yyuRfGj++ | ||||
| cDhIalhwJi5hzlNIeR3f7I9Gam4iFv7Is2ecA+GpbEYbFJ/x2tCvwgl+5QSi | ||||
| jeSxsnVI4FeX8eTrBFnCNjumBAfp7zyPgYnxPfHhahJwDN8qTjrGol7vOxih | ||||
| vbwqSNu+NSSFcg99mqxS6y3cG2zpMAOThWaF1Xp8MpBImN4ZcEuMN76ZFazs | ||||
| j+ZiyM/RivWB/FQ0u4rVsSoC7TPzVhM/hJaXRKEa+INcs+Z5ix8wDwH9DQd+ | ||||
| nryfC4MVaCE+jPT6xi4swiymZnZLko3yiSefiWr9Wlm1NsyvR3cSjahwHF8t | ||||
| QFvgA6mHrs2D10czKoqauvDraOf+8eACHTNmgQReabNuKIoBA0WSVPU1SpuU | ||||
| WkO8IgF0lDhtBamvM04nyUw83fIDVn5JZKNY6Yu66v4JlAgqfHwNx1enWbOD | ||||
| Bd8WfT5eenvdgktV91fwVaXGaVt7E6Rcjh7yp9PCgUSNNKX5G17fzIq3gj4s | ||||
| sKGoQxUUvlo1+NHtewI4V+xdYemzU3E5lTOf+Bccq7yJJMS3E9hO5n2R3abR | ||||
| ejN3GxgyhRNsry4kMt+ov50E7Dln8c2yg9jFJY1GiB9yhq8HwX8bdA7rZ1rU | ||||
| 8bx7Dw7PBWj/MOdXmeK3z+/Xm1JQBAO8fEmZ11exMwaNJ+5ay4ZnkfUdHJ4g | ||||
| BXICdbNFDuPjgOdXzFpqh1IQmEyr13FREkwJ0E7lwBRn3hBFgIKT6AQwXf7k | ||||
| KJaNnipPuEdFTJ6g5fFm+qB68++We9Wg0CAdPlcSVAL9+n1VV2jZ38ewTWM9 | ||||
| mCQbC98X8+xATuwFI3riL+nwK5JiuFWTydqZ2VjfZYhOqqeCAh3o6Xrkp2Eq | ||||
| BTwHg83HitWjKvH5K1+7SoDq2IF29v3I/HzYHwx20lLkRRlGnFQXvQFoMqwz | ||||
| m/g+aRtlOc/PKUasA7Hv3cTnEf5S3oEs1ObSXMaKElnK3xwNQjWgvQWaQtlG | ||||
| AcUA4UZVVtBOSerqPWWhDp/DN35iDB5T1Ve+LpSePV1LNMPJVyUVLja+tSre | ||||
| xxoPdAEGIVCEsMuXJX+dMgk98TQDK/EQZTqaWm3WZ8o4SppUiWuk0XvWQNV4 | ||||
| ijwrRM5DfJUgYHg2smV23akpyTVH8PI/tj1bLakamomG+7sbWO/0W8aMspyi | ||||
| vrZ2mYsmEsGWmAQXeMDoTpltlHVkv5s6K+RbfYYhUY19N5eGfxX311p762VG | ||||
| nmcc5MaTKphBqq++tCH28DcKuKnnwN1SPgYGv1KvXWQcVZ4EqBc/iVmktNNm | ||||
| DK4MdkbIzjQcmQUP0d8Kw81AniqoDegPOHVQ0DzZri2GJ+HlILbxVO/iqI3y | ||||
| zzJCn4m9ujsoJlHryVfJSJhnUjA5EmAQLyZQbaq+HejYuVnr1okulPWnIdsR | ||||
| J6PoeqVLZT+x/cpIOPgJfrWGv82TAe4Xo597fsEfA2VY+O8DZX7X+yOeSvgI | ||||
| VmDIvt6P+cfB7w+fwpPro0K62Se+bzo7pcaQM9IttaMimjv93cJ9JySVOSs8 | ||||
| ikKDw+xAdaG9PRKSo42J9oVez3FxNlgbTsR5MHucoxuYduWYhLYLm9tbioin | ||||
| vUXiJ9duBslfIBCLB631xUNzH7CD9cMhNs+OsIbQcF/W9VnU4nPGYo4Eqbc3 | ||||
| 0CKh6Oq++rePYYRxT90WeCDrowg7blIj/mEoBy3e+JzwtIx0I3Gcy1B/ZgNX | ||||
| t6vebdv9sX0IZT89mJfXMkbg74AkEALBXFUKT1vyglv1wO/BqXKoirF6Di9c | ||||
| L7vXiUbavobNx1B2C4vp2SCD7WvJHbICFYbDH73z/f56b4I2yx7jBt0YceHX | ||||
| ovSoWNPnttlW/TjyW/d8lUUcaU9WYnZP3/eq34D6BrEMegWbP04PccWdallZ | ||||
| OofN5ZkTfbA9XnD4WLmHOBifmspntn9X1xb1Dzy6tg6FAE0DRdwc13fttql+ | ||||
| mahFvD5yL/DEm9EliNBaKzgcqqArs/B3CKuaq+JlCDeroYIDWQbUu/Bc3OiE | ||||
| jxev5x62Gk5wbjg0zQ9uiqPhAd+6r+siyFcT5DNYHPh6TYbd6c9LIA53ByD0 | ||||
| +7ZsVMAoYVAOT4p4AonTXr8oSW7tij9khggeGW05dCITyzw54PszQ1rTE++w | ||||
| sg5AFQoTT5MjgRFfF6/Zkx0/xapVM+VbQNTVZi9cYzP6F0If2tj7nyOWs3TE | ||||
| R/kZuJSuAL1RqR+eTlRHOCXfDSKXtw77IHxKs4hk6fYY304YmjvCT9uv8xFu | ||||
| YB7JOA8aG+thYQR4kLz2IRO+uLL7OflxwA/UxeVCz+VhEiMp/IJPUKw8uxn9 | ||||
| HuqV4tTH9+ekqLDTjjUABIeEqniwSTclDAdrVfz9kU78wMxBI9VX02dOHM3w | ||||
| Fn8FPYFFaLrEB6SyuCqj+CEagDycH19VQu7JeLCZ1d63p7iqPzP74QqDdP+w | ||||
| TumHEbKw4qJTZLZiJx44QlpGQmNfawIg82yykxriDTTrUu7uwsf4brGTBiy0 | ||||
| WJ/3G4eNh+8Q9i4OlSo+WQqXQQiK7g3a1GwfwAnWbwpCiJkw3JGJvvwTZ3S5 | ||||
| v3BLRhzz1Q5lN9m8FcQ3kDqU95BtNbo4g+x+rmbElQz87SUPLurEnxAB8y8h | ||||
| AjJ//uXqBV+J/I+l0Wh/MgTGA/gtbf1N3IkNwSqfemlsODdrtY97pzcqHR6k | ||||
| qbTfas6jjDxpHDQRGOlLTKfoFerpOB8kdMWrKb/ZwX9UjuUI3/NjBNOyEq2f | ||||
| 4RjVBRxqYhL8pYX2LU5TkQKbUqrj2Y6hRLX5cFdLCaO3dR1hHRnMx/tZ9TDa | ||||
| RPFmz6t9C6OysAmlxe29blBSYx4X4B2PrOoxx3nM5Wun+KOSgwGH6mHj2KV5 | ||||
| PEW8YvuSzebuu2nc+0b1QxjZfLV121yjYQOqV9JOC6JhyhvEcOthwLi/log9 | ||||
| ZcX68DWc577WaYTftl3tS6DoV7DrEWiBLc18vfXcgIuI4FLspHnJenqqOOer | ||||
| UGjLHU/+TUSHcmFc/bqLDJpOLw0pUeOVBeuwWMz2Jd3a2ViA7bLTqkKoWydC | ||||
| fOGaN4IjOd41uQ7VKPm4i780qxmBYErHmjeRPLLB7gt18rky46p+AnGVvEjp | ||||
| yZPCiQo5VFx5F/l81Yi3CC2eXwmiX8JBBgnayMHT+qk0kK0x1GkRp63dZxqo | ||||
| 4Jr1itQHVUyk8IfDuDqNS6W2n4rA8WS5R/ELGj9mVk1Y9GYlMPfeFK7MNB3i | ||||
| eRKAAOQ/ohLKgulsjozzKlLB2qVbVvjUx5ehlou6mxZXFHoMljflGw7ElK7O | ||||
| UPFAFiC/cIFjSWsLfipdTdxosH3g0/XKmXyvkTN1B9gulHNoau6cCzsmSZC4 | ||||
| 4xace+XZRn+j0EICI7Vj5Dla4451wuNFCWX6DLxXeO/udAbams0jwS0k618e | ||||
| /enKOHwm0dlJz1nCDuJKeiDBG7X+wJjcClnZvAzT76OA9bP9+c5U3xCR8UVJ | ||||
| eqNltJ3khfqBNe58uk9xLykOO+geKCJ/vatYjUzbEsd6XSBazm79eu2KBgsC | ||||
| 3JkzS6oVfo7vNZOfYw+trj9PRaY6RxB7POC6M5NrtqR1eq0LhDgyIhyj6zDB | ||||
| SDn5EjH3ZsG1U1R1IdXWp3TuMzgLM8dGdHPtXQYsH5FkXuPIBee4zLriu+1r | ||||
| i8ClvjIOBxWDQo9Yv4whwpp7GSM+a31N+s0z5SQglrZBAFVM8/U4Y1TPcVkL | ||||
| ooZenUnSS3xzFWGBN5VofI6i5xYRuQk58Hl3B6jl8aahQC5ZaeB9QayGEk6x | ||||
| NzyOBy1YeGgUhUkpNPvy/umXCEyVSwWYJKPhw/EoX+hnbr3yhnWvDFOBss4+ | ||||
| dXDM1NKMW1SewpzjBaydVERQU3rsuHNcyMl/3fZ5NJJDQaWboPyX/m5fPeMh | ||||
| FsANeQhZXX2e4MdKhRdLsVHyIN23XJl8YjXhiUnItX8HEUt3kt5CV2L29iPy | ||||
| tT8TpEUCDIPO9ch9lAesQW9X3Q5QG1X8DdnSIPqyh6XW+Z1E6WSpJOREBkmc | ||||
| /Bn2eMJQAw9DLvCUlHtUx0OKqu+ChTmvlhh/EA9hRYnIWsMXvwp8ULQvU1oO | ||||
| +3oLR0KvXBehFAwu8k4B5BzuKfSRBcxEeVD4SZQliDjH0aO9V3txVRG5JR68 | ||||
| zXpp2E8y6HHR8CnaIfcEHWmzBzI/bzAc2+yGhO8KwQv+8XjQXqvHqlXTH0S3 | ||||
| 6quaDsu4kEqE8xyF4R5L0yuPyU8zYi5AoC/n5fIdQsVM7xcrryX7uWVsA7/N | ||||
| ojS/3MO088FvSJv2HoLLwu9srFORWM70EEJ2BDgo8NOjMm8KwE8xFWRP3UJu | ||||
| HjEWDKjXI2zpUHWa4j5s5le2LJVOloD2u0Ia+/5RLxvwee/5MacBX1i0x7XE | ||||
| Ho6k8gELnaPY4Gi5DlrcW6t+hyGQw/RNK5cJdm2TolmE/ITxAIGrQQjoMHL4 | ||||
| GRGM2Jx0TKvMvNj3zM7xxHSCSJuc/7e2RVWpIjaquB1gZfX3QwTE+VoEyWO7 | ||||
| d+YV1qco2D6KfbCR1Z/2Nqn7Y4YA8NsQgerH7//HSJ+fjfLfCRH42wwB4O+E | ||||
| BG81qI6kptj8NBv6efUTIiAYajji4jc7RRrEkyZWW+g11NAzAILAhQdqxR8y | ||||
| n4YbGCy2kjPR5X38JmNnNVMUEs13yrrXSlnNsUw934GLqGOe5FIBEh9gZa9w | ||||
| PM+6Fgs0A72xCNKFWFZw53bHP2syJEIvIJzAZrvjeepye5b5SZNfxKEzAxVQ | ||||
| gDNBd+reSCZtbfW6qxDpk0/yIOBVpkJbf/KmiifkMiiPoHo88tBcWix4PrSI | ||||
| TmtuFgXgEXhD+VRK6NDjRW0I3MYkDOOIdiP5NwMyb0YqcnoAaeQgmMUd3xTK | ||||
| R0zYNNBdsl3GA5Sj/dqx7YC5+u5RTE8+R/H92HLbNLDv0mZhQux9knzrXME0 | ||||
| 9j59lU+vF/QWag0sDNYDhlo7iGWE2FdCRkEogxvRMUaba0j8np94qn137mj6 | ||||
| SZTHGjZNMprgfEFCE397kAhrJvAScIK2qhUm+A8/HawfyrnzrpZglZYlgBXv | ||||
| VIrAEOoCxzRMVkmFf2mBXQjOdb0TG2MBE1TH0RU6Txk0M/n64VTrXlIRYAmt | ||||
| bysS6yto40LNaFmKMbJ4qjhnycozlFj+MD6od0+kawrNd0XAGuvXXPSdRagM | ||||
| it3wFVx7GNVFk8zR0ZXb+9xINrUjL8P6pWKbUNcoqUUgai/YgolHcP8ypvE8 | ||||
| zXGXmQY0psvBmUrlrscHLXPDxZEPMRA28ZaRCE80yua1r2m7EVC/lJ8HK+Ry | ||||
| Pmlr1cw0iDSNf7zLky9TODaw4mH64Au+OnY9BxRNdLoVOMMI4n63YzUAZheT | ||||
| v7gjPZ4dOfOmA4sEHXSmb36jne8v73gWovkhycISIFb3RDAMAyi/ddTz/ZI7 | ||||
| KgLocBF0Qy/fbr70ajEOeaDtxLtD0Ei/65kjF/6sE6HmJ2h+Kcy1l2JIN9GV | ||||
| bzhKIw4PNKGGzcc79UDaHW2D23D9tFe0QONnPLSLwdg2PvqrotqnWLbH8BqN | ||||
| Wk+792egZe07cgB68peXHIFTMtCs+mHyvLIJxdiANEqkY+ySYpTo8cIyR2O3 | ||||
| tiRDLhCRbxA/utL78NgJBMan7Nv7kDmUbZNSMcNHzaGvIinUhivpLdOh+FOK | ||||
| iKwMq+tgXTrMLPEKiyVn/KsYBSAJhFYK5UX1JroYdpiWw2g/XnJoGAgB37rs | ||||
| oz13RASR8zho8mm1XOR7X3iBea1tvQ4FqF31azbyRRbUKEQtmnKeH4IehcPC | ||||
| 576YtGkp5kWHwa/GcEG+Fndxwm9ESkg/8Iw3BLzbqznS9fsmnF7OsveFYAWG | ||||
| us25lGvBge7Z9++r0LYzf6Cq0r10ajoO5rT7hw47W7wCJKnKsT4X4fLiOsaR | ||||
| IiHE0Yo9oa9XVn024rpNJV09Yf7lqc7phcMG2qv9zDKQXYJ7BPnB928w/p7p | ||||
| ZmfBmeTtpL/O/CzZBUu8Tv6GN1dQFvG1IC7DDab8iIpVWMGzCKwVcXJAqMsS | ||||
| Sh3j4I0wl43XYRRk12x+cza0hKV5+WhdyiWRXvR3beHeVGS8q/zr8hqMGpIh | ||||
| AwPMNE/TKoj93ViJ3nyuMsWFicln0azfWpmvnu8mVamp5+wbYwHToqqOV1I3 | ||||
| e3qNrwBgyfHBdh0q0MLgNWZRhbgaQ3GKGY+vprNFaGPRikTOYj2tGOPQWH1y | ||||
| yXTJVy3FpRtcwMN+h7VFYJNQ99/ugNOt09M+Yhl+f4DdVR1Fd/EnZPYzpKQ2 | ||||
| RvMBYulXcmJnhQ9bUQMauDNQR1XJrL9HLH6Zcge/fprBZOkb1e/CyhE8IgmB | ||||
| 8fpzMqFrCZ+nPNpzXD1ZUulZoBqr6zieiXx8mQEayez6r9H4b8EY+DMac6VU | ||||
| K7szgQzaCQ2+orS6a7d4bD6+ydO3/GIVrvIX4WZ/cuX41ZGUUiH7wMA4t7S3 | ||||
| b5l0gPrr24G0KPIass9hQS4jLN0AO7J/9ZSs3wkQEH919v9BzFGCQJjfeBh+ | ||||
| +jTYz1aPy4+34f/9v/7YNFL8uuH/nSW/9K4Wfyj+xT3868EEv8YZ/MFgzcfz | ||||
| n+3210iCf3Zsdxy3v7Fn/OV7/CvujF9bU3777nq/vX5+7c7d/vXT8Hs9JFny | ||||
| //zymX9o5vgS8J8H+s8MHdz28wDJ1/vPhg6FYFySkD4v2ZKU8cxgC2texbqE | ||||
| FytxlbnEIXu8vF8dEsDvWSR+zyFheez1J4eEIVl1GnJr/ORM4I9ODykWVMTy | ||||
| REIVrT4b3Cl+920UulOK4pUTBnAiM2cSuoTJs6HgqYfpqfdO1S9gXj5sSWMk | ||||
| XOrx84LZisj997I8B361XPzP7CbA3/hNEFMw/+Q3Wf/ObiLeCNz6iOl1lYMG | ||||
| Zy73byB5WfX9jz1tOC4P3THFtClXukNv/3zCBNXhxcqPmVOFli6EaFRo6vkK | ||||
| 1NiJQcDVRcx3zwksLNT7agKnW7wpsr8O0YW9X59I6B/sj2Pg53rVL04BmmNL | ||||
| WrxP6M+DA6NDcX7Z2Oa4u0TIn6YPUVLS9s5wPJcjPbf6OJ8EPxGT9WX23PqM | ||||
| tThWYrWlf42A016HB081tYQFjGJfTE6Mhxmah6OidgkmU5fL6FthVIF8iEj6 | ||||
| wapbuasKcaDb+QS/EqAd8Pj5ZtrJnqHo4P9KB/w/W4PPX3vs9OL8+6a732t5 | ||||
| /zcW1c8K/WU1/mEojr9apP/lcvvvdcfz+C/30rn7d9LR4OB4VVTZjaaZryvs | ||||
| 91ymk47APGq79M9zIHlHKOhSzduFb56Sm03/bl/iH7v//mGfH/vkVfVf7vb7 | ||||
| 8zn4TavfPzvJ/C9ddD/9ePcP9I+L6V967QBALf+QDH8ofg2WyfqmGO7xDv39 | ||||
| gy2fdfv1G7lP9l+v27/pt/xTb98fuwDvXd31+T7aPX/u/9ynq7mBfnkXefPz | ||||
| QZ79q9L+l5KeDOcfinufxa8evr+u///5An+fnP9Imef3nzKf/OU5wS7OeMTI | ||||
| VlEtEWDBRQ4Wc7Fqfj7t37o31v+1vr3TFMQTMD3/ND0TsQT3H/r2/oRK/7Jv | ||||
| 7x+h0u+BEvBfo9L454XNniJbq5JcZs3jxlEIsip8TFYEeMq+XHbP2kLEbC6H | ||||
| Nu/op3M821LgyD/i5p/saJLJmj/l/a8sacDveNL4P9nJfuMm47j2r91kCakH | ||||
| ZTr6wBt0Ns4SlcmSeYInltb4i53sX3GTAX9jJzP+kpkSwF/YFq8q6l29+ZrZ | ||||
| tTVN973BLH27yYZMWTMJCAEgA9013CjXq4eXVqwFowHbDpdAL88cNgOcM7ZD | ||||
| m22OeUst4kLuer9vQ469iK0TXFYCSmhnGEPM1tjLPmo6aPOFEXkyON2EQ59J | ||||
| xutbPH7BIc2QdA3O/lZ+hyrb0yDXF3VhbyDgOxgTJBFzNvxg3v3OnB9zLTBs | ||||
| eK+cHI4VFMa7iWpuBDf6Bn+71ZkdgflEb8oczUIBZmfF7I0Sk/HREvj3fO0n | ||||
| ji6fgfQM/yxIXGDwHx0JzdDRGgx5j0LV5cUdENhDzpSvAVwiFAGGayeuHggh | ||||
| 9CmyVOC+dhZtPjti+AggeSHB+qma8QWD3T/H0j/wydKP65+DvX5bAVcA+PXd | ||||
| f4NP//ED3ucHG34/6iv7ZZPfS/v6y1j+zcCvX3f5H878+nU0v19jf3nnP5L8 | ||||
| xXM/xTX9C4d+IHgZ8J67sZJQsMx1/H/tfVuTo0iy5ju/Im325eyqexAgJJh9 | ||||
| We4ggbgLoT1rNtxv4g5C6Pz5DZSZVVld2XOqpvvs7jHbhzarVkKEu4eHX+LD | ||||
| Pdz6nBo4es3/E8bQ1PZnY2hHofV323/UUX72BfIh8QYCzPp4eVDt1yBUSSlF | ||||
| VqGElXqsFCXLNY6uujIqNQq7FofFURfPpjZTB88kiWyoN8KkSMLw2/Jd6Mfq | ||||
| d4n3+l1XoT2aF45pUN5vwZp+QP9MDe/HPlXQbxtVXaRzruJT6ADGmF3txVO2 | ||||
| uu8fSsoS3xndxUJDi4n+zEJ/cSxrMNFJ0B0/nLe8LjXWctP5TUBh20TjyoS2 | ||||
| 9Ip+JExXCPrBOSNOUlj5RuHUVl6tA/4sd7uLjrK6XaPZebaoESdoY+sPAaP/ | ||||
| 0NXY3+zsf9Ca6W0j/2x3pjer86MNmj7u3z8/MJdvt7u82yByfF5xDSbNc4Qx | ||||
| ebfZl+pROrnpRVM2CnlEJNH9vx2YfxXDdxH6lxX7kf4Tb8v2B1tQvBtc6UNJ | ||||
| DwiyTUVSOMZrPD+7ZkMGno3uQ1T1C0VLMlaFb3F26g1fyVZsCjzXRAEI/TmG | ||||
| FV+Lb8QDy79VTAER/gpk+N8XkvoXijN/RVDitSyr85pflrqh96HfsgCDZ4gN | ||||
| Qjzren5Pp/6sXhnMcflmLvK+uIX4saZvKx9RFcrakR6TYl53yo63lP3/buGj | ||||
| W/AT4BYYvIZAHGlJShaGlu1aAezMJdeeJyK9lIjuSw/0fkYTnr2v640YKpLo | ||||
| KcBIfzxQhdhJjxR6moTkI/pY6ICChfQP1xBz/GctIaA/4lMWlwL9AZ/CMsCl | ||||
| QB99SmKWySpTE3NmFPacUNiIeXzfr/d+8alP+d2o/6NPefT9Drcf/EixWhxu | ||||
| Uj2s8XymdEy4FfN8kyA6pIXKGfZIZCHOqHiSkmZIJ25umqCFZB9MzqpvQzIW | ||||
| Vs0NU0DOsHocqJ/0Kf9+J4Q3+/RPNEP46ll+pB/Cb4zAn+lbxqdvkUR8R6Ai | ||||
| XA9dKs8kO9wew46M4/7WBKdzEtpA6UP7Zur94f8J3/Iuie/cy/e1nq+S/g8o | ||||
| 9/wkOXhWcv421vj44/d1n5+o0JfSz8+PpP7Ja6VfJ/q0APRNqH+gBvTwSF5r | ||||
| QJnG/a4GlKkDLkladnkuXrKS2yc1oNS41IDKxVsNKIP9YA3oZGIG1FhIWczL | ||||
| NUvmLgEv98KhoMt1FWTkSYzbu2o5M3wtDrMe8bg/9TxMJpeutecSOQzihYe8 | ||||
| TWfuJc0OhvLRnqpUKGOHLFcyl+24kuyM0pZ0n70Mm0JnBTxiix0VpjNb0dh4 | ||||
| YQXEgTYBFdmn8155CHE1DY8Ztx705cHVeFWdzrsNdV1prENOYePfUEvqMnld | ||||
| omRMW6udeDJJHrrAJH6uC3Py/W1ZMm4kZFpzBBl9ZEejvXl0KVys9vuWHdtj | ||||
| b2+3EraexDXDlwXmeR19gjC54CImP/BFlTwU9dJmh8tIsGjK2Xkv6CQl90a1 | ||||
| 01ap5Bx5KclvbRIwisUTsXxAGJiAbq7ArkS1qSoUq+ToGm18uG14944X+7Wv | ||||
| HpBLjZhNYus7etwmYMfYQTSrSbZjcsMMxhMUTTsSIS7uekxmt5YcyloXUaAp | ||||
| a4sf7lSFkHvtXG9y2qWukz3cdwL4B1skF8aH16Ff3KCNvNKoaH/YFCfW4Fh9 | ||||
| G6TwFk6vrU3cxej4CL2Ec1x5y98dNhMjnzLv0u3yaAs53BknsoRCGeHP/UAa | ||||
| pLDb5Gq/dhSFL0NyqGc1ZdftVriSQK3Vrr4yJxNmDh6zZsagX+pguusehsJR | ||||
| LwZ4PwWcfItGNdmuR3T0hIPdiiWfhthqW5fFajrStbtas7hS0hf4XnUnThbK | ||||
| R0NuoHYdw2J80axtfy9cWhg1NLIpuO3gR1YeBcwahRPgSgmrcBxP6Y1y5TlF | ||||
| Ep8iZqNcSTD0EJjTSLVpDxJP677j2wAb5lMDl7Jrq2t9nJaMfntMH9PhEuPH | ||||
| 1WCs2YsQJBPRXZpoT0GzdT/xQf4432ozvdfJzuhqgzwGG37ap460oVV0g6gi | ||||
| z2X6JTIK4vaQCEfiz1W1HTYo3EI5Up52tLdBH3eNE2oXK1X/MOXGtmOb7WEq | ||||
| y7hI0mZSNBtrNRSmzBPhWMiKFCRXDHCqhEimNFUr05Xr6OzWhocW+EW5TpV/ | ||||
| OM6K4ec2Dc/iNIHtfrh9f1/wIXnGqdV7fUdj/1h9h6o8zko/RDDhLc0V7KsE | ||||
| Xi6Ts7dq0X1qyTenz3HzIIcKSBStAh/prZiqPXtwgbawCRxQdGvz9zkwVAHa | ||||
| R/sxmiSj2Kd9HJ732coyjaHS1baZTwpZG3Z4D3xhZCSSiDlfLk9ztzvwhDCG | ||||
| VsKsfCjy5Lzaim7hNLfd1QlvPS8QNDdv922GwYNGasnx1jBucjopu/m+Nc+E | ||||
| TnWBbOrF3bf6G0RF6+yIECJBOuRdFbnH5oK2ojv7u3jdaGJXNpbAbNtyuNVI | ||||
| cjT6g8WvJzfScXOGSRuLoVrZ+lLQqTeRLXovqDcrvFo/otlkOcslnE2pIof1 | ||||
| yMDDurZUM3AFOjLSU7dmda+5CBYMcTkuN0l+Vse6p2oLkw6VMh0wZq1eiJp+ | ||||
| BLfEbCLKg0+wah3Y5uKj6Nxue84TKa22Wx8KDsa+BFJm8DKUe6xajxpyu15G | ||||
| txfHHXcb1nZa9WTjF9c9mzGJstqYfHKwDD/cngfCjyFBLJyqbG6bRpd3ef6g | ||||
| sKjRUFacGULZe+ztGjnu7oINsMQNxeN0j69yTRQWikThA0GDEhr504HMroqD | ||||
| gfWcM2Pmz7yWnPrxmMEiX2X5mU/uD6oKtF3MayDb6NV6G3oZl+/zqDzE0B4D | ||||
| JjFkt+uEz1I4OpOn1SBcN/MOzoc7Y1AwvimzYdMzMyYz69XqyjUkNfCT4Hbs | ||||
| RKA4NAo5uvN2JYdu20QIhXP4sEh7T/Cx3Uu1oXUCRuibMjWRdWN53XEMHFXI | ||||
| i3i4ZIe97M1QFytGjInuXZXgXTY28R1kDfAG5lU2yz3xQcVmqMcoXe+CXvMe | ||||
| qKgXB3hdzepqGLaESUKNzeRcfNrK2Yyig1clcH6+a7xPswdY2xJKVSYGwWBa | ||||
| 4Kbanqnhw3pvoDDBE83pxLUh/uywqH1yjauy7M75vRpXuf7gNa5pTSbrQZ9d | ||||
| 67ZU40oCBdz+BjObI1P36eWMZUV5QEpV2jcmSqXE+QaRGxPGjxQBEorBO54b | ||||
| ucvdDmNmQyYx2yxxfLwJ1MAxBsz5V/VIPqIabdbJAd1rps92WwhG6vpW7+z6 | ||||
| cjRqg74QjR0lJ2ffT0cnb2+P04jvJaNs2DV+zk/sQfT5NjtT7ZCT8IS1a0hv | ||||
| 4QZWSLuTHZbE0lk+hlLTOB16MNBsIEvKtA6ceCbD9hxYqrA+NKhQdrFwHCJB | ||||
| XqM51J4OF+8yuxKRFOY9Pckm+XgkMaLOFVU8XL2v65VwSEPKQeI9x0QlNWsB | ||||
| Jq+iiDIm2HShFglx/TTdD7HbSHt0yjLvFkbG6eg72XTaWdkK2JRBu8PpCUWP | ||||
| R3lS0lu1D0TPNBHNUzPIzOs7v0e4vSNw/VqfgnBSiOyI1aextXDRhqNQSe6k | ||||
| JR+tjEMSVOBanJRgY6IHRibYFFIfh8r2N5qNXAhkJWblCTtogB8sCMfU9Whj | ||||
| A0ItKlWqYDXh4lna7jEGOQ4UB2ePC+KikBrurivB2se5ljykeZ3mbewrAzHa | ||||
| JEt6Woee86Pq1AfDrHMvQrY3wpfvq5CvtoZy520TSkBcwl22HNvM3T5uBK3c | ||||
| llpyOZjn4VaJIx/45mocCmM8UUM7rndgxKYQaGkvH0+SIdoQnsgU41s5aWkB | ||||
| FURbQ64912QTdeQPa/eihNMj7Slp7SrNLPY2d2l0fMgdk3a33NG/8dBupacl | ||||
| W8XbI0bnq9vdHgRzs25OvcsIfqmyO1vB9ca+S8mpaLQuNupCvfRwnJG9szrP | ||||
| WyjSUbrzK2wgGdSietVwH7w/0tNoMS3vwN1ZNLdZHO+bOxpRCcYyrWdT+7wZ | ||||
| zBM8P/INdLtn5ytLY8AsBM0xxPfRjq1Fc+Pdx3xnymLYHGtb7Fet3gvbmVVw | ||||
| mhvPjnCvYZnshTSCznpnV8VlU26SNdLHiaXG7HHszne41tZzuaJxECdVsu3c | ||||
| 1oN7aUrmlF0xnAglTtA0U3EhSjmna3yQND50zT3myP06uM/4edOfL1d8Qrba | ||||
| I/JJk8eHumkN28c11opPHerrtjJZfgORJB+oerwNEkI8z9aK8DftoSGdOWfo | ||||
| +3d3vwkoLQkPRXo9ZF9uYv3wSfZyEyvtKXwyfV5ElRzTWGW58GF2SxEVv+ZU | ||||
| hmshPouQJsoCk1TN81HP5ck/YoVKXF0FFdvIvNTcYb/Zm/z1hBSOg92neMS9 | ||||
| y6ETOJeOBQUKiS6qjCxXbGkSvv083Vb0TcRSy/13HBUkdE8JBBU8qPyjfYQY | ||||
| w77/e6cnSaD/Npeih8Sk+wdDQz3L0N0n3687IL7+vVzpyAetxClxSNoMBHIl | ||||
| hGZBGjRyvenR7oopSedgEGIqYvtzuqJqxeymgmUO8+AMK+Uonel17qL6RWSB | ||||
| tEaIr3atOK23Cjuk1aHKvAfPKHT/268HVTGZlpuHUkqUKJ+ib5SoPL8ihL77 | ||||
| pl8w+c1jDMRTd8STcStUhHTrzeAh6fBnXxFCRKW6ktNV+9OZGzsS3x3wgDlh | ||||
| +R0POGbP5t6liOcNX/3QV4SsV3m/B1cuf/sJsPL5uFg3TdR9DlWGlfcZTvlO | ||||
| wk+ilCF47U/GKBdKPjspWKb6k/BJ6olPOl9vJnIu0io9DRXR6JdbRpVaSZ8f | ||||
| Tlz9p8QnNz97EG0rtPR+EC0bAj+6Jg02ET1dztJvP9ub0RRLgRX0Dqy73Wkj | ||||
| Mx7lqur0TAxNx220a8L3ahYvLZhale6AWW0fyzHx8SQaz284OCqnKEihg+fx | ||||
| rkTpOkihJhaY0PfDZyrhJpBqvaKHBsfxOWUnxr5wHTzVxePgOcgVAmnPxnWQ | ||||
| yRdsEO89j3qvNDVNTOJKz27vui1Skw5sz/Nv2utHgzoY3AfkrJ/LGALD5NC0 | ||||
| IVEbn/b8dON7u4ggJqFn1f70kMNrTsVPKkyFE1jKSWiQ0DYnckxNH8KZNbfW | ||||
| o2LtyoVcjspgfRWUrrONCoK9bHicBdfO71V9OMlS4Mj4vYo6cpcNOHQ63Dkg | ||||
| jx0VUQ251VSNG2EYzc9VumkpawMcorOeuvZuAy0hHAcOzYT5gTPkDzv5H6CS | ||||
| z437s5jk07j8KCL5db/++Xjk8UIIWlzqKUopzWo8Sv1F8R+32VKvw3TjBgQb | ||||
| +7yyPWdz/L97ZvxVCN8dF7+t049gkc/F+oNI5KtZ/SM45BvB/6dRyKcI/zQM | ||||
| 8pk5Rl/79bNFfzi21W1sZk9FkyK/SuF03D2a/4yfd/9HmX5nA0w/CH08CYUo | ||||
| p7BJWSCYm2eICWtyLhnuUJfgjpdImTJfG5PidFBpFESKKEt1H0NPRic4SMyp | ||||
| QKHrj30J9hwQ1CLhD3dy0LT1vd9Y3Ab0R/zG4jagf85vgK0C/MZrr/qn3zBD | ||||
| bI3ZdLTydgIj3JhwoNVKdYZZa9jf9xuL24D+gd/Yxjugovfzo6lcsA5lJ40x | ||||
| bB51M4ZhFVidnW0WIUQK/Oo0pIK5IkG2IFo0k64vwihKNsklVZyEpozYBubY | ||||
| hbwbbgT1437j30cen9bon8Ad373Hj6CO32z6Px9zFO6XgZB3V3dDqFy7SXq4 | ||||
| L/XNFLGpcVSuriigiDlkNy1+YD/oP742mP0zPcdPYI2LdP8DkMbvAvwncvht | ||||
| 9PD1p+8xxu+U5Q8jjPXYfY8wLtN8ii8+xfhH0MXhHV2sNt+jiyXBJUnTLc9d | ||||
| lpxiJD5DF5czSjl4RxeRH0QXL8dWhCwKpbT7eukwe17QxfawEnmR34Y83k5X | ||||
| R9kqBnOeEOR06AKXjuMtnskUrc3CzeGO1UmBLAtYI7n1hXLrhmgkV4N2ue3r | ||||
| U4SbMbpinU2L0RfSO4xcWEU0XRAlu9/CcousJv7u4gXkeLRoUVv5WF7hY6Fg | ||||
| Dw+Ou43nH3i9GrfsJbmwgn9JUbpPGKVUSSsSk8scNX2KOdrmokKey95Mdi1n | ||||
| 3CPqWO2q0knuemlwlPMbzFZwyN8HVcXqbo2sLcuudaaNxL1at1i6H0xpBVLt | ||||
| dXYutskQI7Ch5tu9McAY1T7gUlakdLxLCYwfkOnuktTEW5t6jq9ec9zXDyEh | ||||
| 20nIIM05DdyM6ezxRvWYz8bZUW+peK9y4g19YIZX7Xp3fGA3bs1XWkwRSO34 | ||||
| 3uM6hzm91mAaUvVVvz3Jfk/VfXVpyfyGXk4dw3osdYWTXc3uYpdoS4/ZqmiL | ||||
| wxfsMPaxMqw6kqvQG4FAInrLk665V6x0zt1RvoRddeTg/moMrReqggE7OoYT | ||||
| hrCa7dKwfRGYoKrIKzJWBdnrJehig6AAZP63wJl5uDB2+gk7naJ70u6V87ZA | ||||
| bg/zbNR7eKioFQI7mjMjJbOPrrmgJm5rnqDhPpzoLaKXAXrWNgS/m2YP5Loh | ||||
| ZZOPOEIQeAAafTjsHbrhkKs0UlwhDJK2rR/unuZzEZIQZKApIs5yqxqTlblR | ||||
| b2aSD71xgleFyWXOhl81E0cYo+XG9rhrV9y0lt1QTgoRV2cO6qu1v0VtvjFg | ||||
| DmHJ6O486rTjfSm0GR8M1J/HoBupVjumDuz51vqRBc6IV7d4pVVZPUHo6X5L | ||||
| p1oY8PyyuhaegV8Ar0LjK0m72XH2LDDJ4bbCBSrY3+07SBJa2aeYPaykcuxq | ||||
| NBTtu/ODiHEmS0pkushZ7zJtNQZEIDDn/NgeC/vaDo86VIj7bZMEiQU/JPle | ||||
| 7q2LhrabCnKpzUzrdxyuUAENL8yqibGCiv1z0KyXrd18D1Uw5RNI1J8+CEqS | ||||
| w/EfdQ790Dj0PtaZZ15Yv1qgCnFFJck+gQoUbBx3UNcrBB/l9hxmx7TD9TWI | ||||
| coJODOv1ZGwFnErkcpJWlputNIK72Dkr7TfWHvM30PZ+262wxiICn+PjrXYO | ||||
| YpOAeyZWdrx3wsxGphj54tP7E46qBw5YnoSSL6o8Sg+8FE42NDgSmiJ3nNgd | ||||
| IumGC4Ym3ceSjXwLE8qiaEi9znA8za2k2hL11UxYb88TNT5VscqmhQnVCLL2 | ||||
| sDupTsXePCLUOS7pOMewQ2URbLDxrZi6zIiJ18iDGTyurYIBtTt/o0UqJsci | ||||
| DXEd3d9cQuQ27K5NtxoeD2dRF6k77GOpbxO5riGDsT6Saro2MzmD4chnIuHs | ||||
| 6EZ4ymUcWp30Lr3qPB5uDg/yct+RNYNtkx2D0ndGr8uxg3nSshD0qD20xuME | ||||
| od5ec3pbzpRYuRMJdczdN+/0zR+44Zrsq/vdR1xc34xFMuePw3aDIfTUoqvs | ||||
| KK9vQkDWaIBzsq2BvSZEMn2BhrNzC8/ozlPFfOy1mL1cd2sGf4iZ2yO8vbWK | ||||
| iqTqIdigGx0LUcmwrMCtqrxHTmaGmB208Y2ZJh4gMi1Dvasy2lmtdtG+xEqY | ||||
| U+21O6+r2raQLVkSh+O+K82+UW4Hc9vMmSsaGwmib5RUGFJ+Cwf9tg/1/cqe | ||||
| u5Uo4qHHbZP66iAksvNR/5zDG6S8nd1i724d4r4uSsRwUxHS95cmda63I9C7 | ||||
| Q73Z2lWxIfQAxvf4IK22Nmud+Q6GT9jmFjQ6Wgxgi1CHK9LRIr4hoxhiekG3 | ||||
| hLolzqKWFn2UcpxilOqejQ7WqTjciTtInCYfI/GZZ6R7zKNHMWLls7baz86q | ||||
| AhZpRuOKZq+zlWn8zj3PQqblGpUcCNkkBJtbXVq0c9pOOC4X7SjwJ/0clWlB | ||||
| GOV3vH/+Ubw/3sM95kIx7icL3l+5y5dF2eboudrm2lDDeB64NXppkyvpyfzU | ||||
| 5yQNd1lB11sVuRjwte/m/UbbQyfBnbfHmdZyYbtLrvuT4mYSJibRKt9u+fPh | ||||
| zMKUlyknFkUuZdyJJIab183FPpjk0Fh7GdLZCYvyhuXYdm/z+8senv2kMahD | ||||
| fczTgMPoHb9bOYpEaN1urSC8P+3mwWaoXI0RopccqOlsYNQJlQzlTEgyZ845 | ||||
| XFSAN+EyH5cUo2nx+0ZHiYbuLKI7uUmtm+Z8KmJxsHcym0F0uSUMkO1w110u | ||||
| tXLYDShYPJHB4CuzuZ/1hD+eI13Ft57REO64OTW1MXXeSbZVbNgXK6iJkQcf | ||||
| l3aUwfsh46/MdozX2g1sRjzdFtSlDoBDku+CxPLiLrbCbfjQdq3F+ra+GrkC | ||||
| g9o+KQYLbYL6VN0tr7rppcVwF4W8LG3u4cdOKMrVg8CugsyyNlkfZ8Ps7mJn | ||||
| 0NItETcThHmCiNy2ReyqzjQBzUh1FcRf/PwQTsbh3Gs7qr/Kq2ozZASGWPfW | ||||
| tC9ntJ1JuZE2Vt5AOAUfZeVQY2NbivzVkqvKtdvlEJ4g+KNLWLB8rsRmfbCK | ||||
| 8cyX4WE/NAg8h22KEDld7KAqlgOdD2PEgPG6mHsfBAaeMubXNLrOpbWUWhEj | ||||
| zhBBJKm70TkTRwmnYYleuRVK3x4XiJTPtZl58CTm1rizD1tkXe8ctSVby42Q | ||||
| DLmvxL7ceyqzTRtPT7c+hp0cthP3/nUXwBtgkW462VKPtmillHcU43w8rDA0 | ||||
| 509Ucu5YwkZ00UGzBu93DnweSoSKki4VkMrUk330cK+QWnHwgGqsM2qRQ24K | ||||
| Yz3ekPjYp9vmKs8XN4Zpr01B2i/2Hpw1LLG9ZSfg35I9QZknmYci2T5gossr | ||||
| 6X6lyNzjso9j90Kple/W81E7ButbsAsbv1hdlOrq4z7LBwrTlLtV7Kh5z0BV | ||||
| fzzKZNXq16MoMnvjIIx3Fe/GPB58TdkZmCBbZAiPeES6Lh6c10bGyve65OP4 | ||||
| mqNuCo1GPZ9XhPPgzIEkJPhQUp3nHM7VXdUQnnO8fDgyXSUw0YM9qNidEy09 | ||||
| 5ZgmWT126qbMISU/bhVJpL61NEKS+BKXeMSUeBP4r/i+JeNSrclSAfSptZFR | ||||
| +oHcnJV7KRZjMyb6xgUBVV5EOHZkbwxvrIPMFi+7LoJiEp60O24lJ6x9CGls | ||||
| bHwN7cImUwcypcTTAQ9KmzJ2qymn9hmIzmz9ruXU+ZvrGBlDvzPpRqIEnXJ1 | ||||
| eqQE7vNGWHsM7Eed3+Fd70oesUfXHLQNcA+TVsU/KwdoEcSncuCnHWEXBHCv | ||||
| 4yKHFZBDFq5zw8f2M6fgcdh4kW6sIJeLlGrl4gfv1lxPLC4Oia67ZJo2ja+3 | ||||
| wsaLdwd3pVjb+9hv6yOnR3uKw6cvcviC8f6wHLiETXu+GcV06IbdA3pQ3qRs | ||||
| 72dlQJ3P0MOHWYtNIEXdCUWYG6PmVIRfTmmPKgTHMDgLFcXjiirX4YfQQzMK | ||||
| xtcK87rqs/Dtbp3+tb0ISLl/k9M/i7vDOhjLpZy8T+vxGr740XIy8HwbPBXU | ||||
| ZdPVZbYc3HjPgvF+mSP6BTwXeK8V4tHvNSBoRv+a9enbq+DBLorrLnqp6uHt | ||||
| FZCnU9X8MRd/mdIsSMEw2fvZ9EsYVTMY53l6klU375qF3071RnlWBdcxfFLU | ||||
| v7ELmFyu9lneXk5LXiTqSH0nnOePC64K6Eqf1w3VQCrPo5RvJPQcgX0X129H | ||||
| +df/+WLwzAsXZkPd/e2luUYeoKKLyvr2VkYPWH5y6L9K4SmdN6b/19t5zZfF | ||||
| WE70x64D/7zOLxEYcxHigox2RVhP1V9fXpSsAgRGz+mAEKAg9arlgH+p3Adr | ||||
| 2I/JcuIEXrtl3ksZdclCTDtGS7cAb4DSYWj6v8Fwkg1Xz/8rWGc4LBL44ylU | ||||
| /wIm8Of3rgNAKkCykPeszwcEaK8chlm3nCZ51+sTBXpiENVyulQujHjd/Pbi | ||||
| G78vEmfx0GtHmmXYRd7L8vzt5e994/Xl/8iiIf5r3SVvYPS7QETwTN3Ny49A | ||||
| z0e/H8AsGRAt88Z3DNT05fUobRni13/9b7+ud8+l/PY3AoJeXn59oYDKzV/F | ||||
| 9xIAbqqx+SC38FnlC4R2y6Lp5+bdfjLv7nVepu6e8vqy0ukbY8sfjWj5d/R+ | ||||
| bLdo4HJq9dw+fu2/zvXrGv85avBPqNm+SSEMAaf1OPjPdhBgf4I9WgXLQGBu | ||||
| L+jqai77F41TfnlhDPn1wE5lTG1pE+FVRf9iDtHkdcML3XnLDnkOGgRgY4C1 | ||||
| vwIJl3UIVAJM8js8/Rwrm09YwZ8fPZhTNgC78XzJFCkcTAUeBf9Cln2jUMxL | ||||
| kEZB0Y/lYhQWYv4LeOT1KLT/5UnWs81F3byeMx6iGewo8CjgJurBVqiAugaq | ||||
| +defIxj7hODNk2C1A8YDqNuTAvjZIaN7YY9Pi1tXQHz9svf6oG6ivy7PayPY | ||||
| VB8bh/yDrhzPlh31Fy6BGR0iL3x+ZRFd4/cBumdPEOq3bV5+hj30E/awJ3vv | ||||
| eg60CWgA2EdgchNeQMaXz1HGJ5Ovc7385SPo+aUhyF+Wyf7yO91C/vJ8H+jz | ||||
| R8BUq4HFyV5Rz8VAfSMy79mrJPz1+34l/ZexgB3yquzxdiReffsDsBpjlQ3v | ||||
| g/8BMSKfiBGFoC8b9Jt1/2adF731gdsC69h/ff4fCvpDPdKTpTe0J/qKPi+u | ||||
| 85d3ZPb12r7FMCzxwBPmbbzOKyMgyldBcVU/Pr060K6nLa3G0gd/fPGWX6PE | ||||
| W/h/exIow9M12wve85Wmp6cusyorx/LXa1QlgCNasl5My5COws+Kc/2JOJEP | ||||
| 4mTG7ha99p559XTfyvRflt5HDPXLm5B++SKl//pDZAA3+rtmd/2kwhFevLB+ | ||||
| lfW/gMdflhjhbYxXhV5efY0kfm7OD/bxCxnPKYEFf/Gvtf+2KPUE3G09dkG0 | ||||
| LMjff3mGZH9/w0v+/lNTYt9P+Wrg2KgPugyEIuGiKsvi9gPw/0vk9vXex+VB | ||||
| EH9E1w8UPu3vAsYsuM1TM86K/FM0od/T9GqVKGAPXnf+cg/0IobIA14j9ZYY | ||||
| bQLvLDRWCzj2QSH+Boz/gjZ1wLu9xjhV8sv7bx/2zauivIU5z/ATUAGC1CD9 | ||||
| Mf19JxX5nvpXY/Abr/VcyjC6Ahkvd2wCZ/sRKHsDyRZgrEk7EKn1P0XE+nsi | ||||
| XrfQa5wZPk3e84rHL6wu2cDSg+qDuwH/+6tmmst7/WuCAExA1qSLFa6Gr4Yg | ||||
| vnrJx/dCb/C+eRIoAcc9V2VhAzjlAizeNQqTaPnze2Hlk97nxaNgrCbrXtFm | ||||
| IIns6nUvi26/pj3Ri9pElSZoLyDmDJ7fGtK511XZizFW4MllHfMxAUHK8PJv | ||||
| /yb9yv7V76JfgSeumqR5j46fACXXgbUGYVtQd1fvJY2uDZizb+rhtefVmzJ/ | ||||
| /DjnFWJdTJoJIs6ll0y14Jd19szKgBifWO0GwZbrT58obFa/0g5eYSMfeNb6 | ||||
| CvbQ10D1+UnOt5r9lhE99bqPFns9RN87jjddfvOE72oMpnHqawz8XPIiLlH8 | ||||
| 9Z0vQJw/ZtclTgRJYTgG2XKV69ubbyHeB/3867PDDiCxAjQBpqvqJQGCWcQP | ||||
| NvQ3BuiZ2IDoe2Fzoehr7rWs6MK4dwNZH/XXhfsGyOsZYL4GloAUf7mW+is+ | ||||
| /A2jC3NfZRW8hiWLywGjylk+Vi9y5tXvLCbRK4GvFqu+1sn80mVJutDwTaj7 | ||||
| HNeoAVeLawD56fS83DZb/MvXrOJt4tfp/jd2zBPBKA8BAA== | ||||
| <section anchor="acknowledgements" numbered="false" toc="default"> | ||||
| <name>Acknowledgements</name> | ||||
| <t>This document was inspired by similar work in the OpenPGP space by <con | ||||
| tact fullname="Bjarni Rúnar Einarsson"/> and <contact fullname="juga"/>; see <xr | ||||
| ef target="I-D.bre-openpgp-samples" format="default"/>.</t> | ||||
| <t><contact fullname="Eric Rescorla"/> helped spot issues with certificate | ||||
| formats.</t> | ||||
| <t><contact fullname="Sean Turner"/> pointed to <xref target="RFC4134" for | ||||
| mat="default"/> as prior work.</t> | ||||
| <t><contact fullname="Deb Cooley"/> suggested that Alice and Bob should ha | ||||
| ve separate certificates for signing and encryption.</t> | ||||
| <t><contact fullname="Wolfgang Hommel"/> helped to build reproducible encr | ||||
| ypted PKCS #12 objects.</t> | ||||
| <t><contact fullname="Carsten Bormann"/> got the XML <tt>sourcecode</tt> m | ||||
| arkup working for this document.</t> | ||||
| <t><contact fullname="David A. Cooper"/> identified problems with the cert | ||||
| ificates and suggested corrections.</t> | ||||
| <t><contact fullname="Lijun Liao"/> helped get the terminology right.</t> | ||||
| <t><contact fullname="Stewart Bryant"/> and <contact fullname="Roman Danyl | ||||
| iw"/> provided editorial suggestions.</t> | ||||
| </section> | ||||
| </back> | ||||
| </rfc> | </rfc> | |||
| End of changes. 86 change blocks. | ||||
| 1644 lines changed or deleted | 434 lines changed or added | |||
This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/ | ||||