From 2a828cd0fdc22dd40ee815681ebab3655ba501bb Mon Sep 17 00:00:00 2001 From: "Tammi L. Coles" Date: Thu, 12 Oct 2023 16:31:59 +0200 Subject: [PATCH 01/18] simplify cryptographic hash functions --- book/source/03-cryptography.md | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/book/source/03-cryptography.md b/book/source/03-cryptography.md index f79051f..788eae5 100644 --- a/book/source/03-cryptography.md +++ b/book/source/03-cryptography.md @@ -8,14 +8,14 @@ - Show example visualizations for operations? (encrypt/decrypt and signing/verification - only if we're going to reuse the visual primitives later) ``` -## (Cryptographic) hash functions +## Cryptographic hash functions -[(Cryptographic) hash functions](https://en.wikipedia.org/wiki/Cryptographic_hash_function) map binary data of arbitrary length to a fixed size "hash" (hashes are also sometimes called "digests"). +[Cryptographic hash functions](https://en.wikipedia.org/wiki/Cryptographic_hash_function) take data strings of any length (like a text message or file) and output a fixed-size code, often called a "hash" or "digest." This hash acts like a unique identifier for the original data. -Hash functions are used in cryptography to produce shorthand "placeholders" for data. Two properties of cryptographic hash functions are particularly important: +Here are two important properties of cryptographic hash functions: -- ["Pre-image resistance"](https://en.wikipedia.org/wiki/Preimage_attack): Given a hash value, it should be hard to find a message that maps to that hash value. -- ["Collision resistance"](https://en.wikipedia.org/wiki/Collision_resistance): It should be hard to find two messages that map to the same hash value. +- ["Pre-image resistance"](https://en.wikipedia.org/wiki/Preimage_attack): Given a hash value, it should be very difficult to determine the original data it represents. +- ["Collision resistance"](https://en.wikipedia.org/wiki/Collision_resistance): It should be very difficult to find two distinct pieces of data that map to the same hash value. ## Symmetric-key cryptography From ce6d28020cba8bc87949231e9a0b5a5911a4343d Mon Sep 17 00:00:00 2001 From: "Tammi L. Coles" Date: Thu, 12 Oct 2023 16:49:51 +0200 Subject: [PATCH 02/18] weave in asymmetric cryptography formerly in ch3 as symm-key explainer --- book/source/03-cryptography.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/book/source/03-cryptography.md b/book/source/03-cryptography.md index 788eae5..4c9fd57 100644 --- a/book/source/03-cryptography.md +++ b/book/source/03-cryptography.md @@ -19,7 +19,7 @@ Here are two important properties of cryptographic hash functions: ## Symmetric-key cryptography -[Symmetric-key cryptography](https://en.wikipedia.org/wiki/Symmetric-key_algorithm) uses the same cryptographic key for both encryption and decryption. Symmetric-key cryptographic systems support *encryption/decryption* operations. +[Symmetric-key cryptography](https://en.wikipedia.org/wiki/Symmetric-key_algorithm) uses the same cryptographic key for both encryption and decryption, unlike asymmetric cryptography where a pair of keys is used: a public key for encryption and a corresponding private key for decryption. Symmetric-key cryptographic systems support *encryption/decryption* operations. Participants in symmetric-key operations need to exchange the shared secret over a secure channel. From 3fb0179a7726bc22138b6fdd26af9fce61597652 Mon Sep 17 00:00:00 2001 From: "Tammi L. Coles" Date: Thu, 12 Oct 2023 17:11:01 +0200 Subject: [PATCH 03/18] clarify and question the benefits and downsides section --- book/source/03-cryptography.md | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/book/source/03-cryptography.md b/book/source/03-cryptography.md index 4c9fd57..ac3021e 100644 --- a/book/source/03-cryptography.md +++ b/book/source/03-cryptography.md @@ -31,13 +31,19 @@ Participants in symmetric-key operations need to exchange the shared secret over ### Benefits and downsides -Symmetric-key cryptography has major benefits: it is much faster than public-key cryptography (see below). Also, most current symmetric cryptographic algorithms are considered quantum-resistant[^postquantum]. +Symmetric-key cryptography has major benefits: It is much faster than public-key cryptography (see below). Also, most current symmetric cryptographic algorithms are considered quantum-resistant[^postquantum]. + +```{admonition} +:class: warning + +I am not convinced that this information is helpful but, if it remains, perhaps we need this additional statement: "That is, symmetric-key cryptographic mechanisms are currently considered to be resilient against known computer threats, providing a measure of assurance in the evolving landscape of cryptography and quantum computing." [^postquantum]: Daniel J. Bernstein (2009). ["Introduction to post-quantum cryptography" (PDF)](http://www.pqcrypto.org/www.springer.com/cda/content/document/cda_downloaddocument/9783540887010-c1.pdf) states that: "many important classes of cryptographic systems", including secret-key cryptographic mechanisms like AES "[..] are believed to resist classical computers and quantum computers." (pages 1, 2). +``` However, exchanging the required shared secret is a problem that needs to be solved separately. -[Hybrid cryptosystems](hybrid_cryptosystems) (see below) are one common approach to leverage the benefits of symmetric-key cryptography, while handling the shared secret with a separate mechanism (using public-key cryptography). +[Hybrid cryptosystems](hybrid_cryptosystems) combine the advantages of symmetric-key cryptography with a separate mechanism for managing the shared secret, using public-key cryptography. ### Symmetric-key cryptography in OpenPGP From 4d0fbb3f434c4533cce350108f2012dc2107f82f Mon Sep 17 00:00:00 2001 From: "Tammi L. Coles" Date: Thu, 12 Oct 2023 17:19:59 +0200 Subject: [PATCH 04/18] simplify sessionkey footnote --- book/source/03-cryptography.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/book/source/03-cryptography.md b/book/source/03-cryptography.md index ac3021e..57e8284 100644 --- a/book/source/03-cryptography.md +++ b/book/source/03-cryptography.md @@ -51,11 +51,11 @@ Symmetric-key cryptography is used in OpenPGP in three contexts: - most prominently, as part of a hybrid cryptosystem to encrypt and decrypt data, - to encrypt [password-protected private key material](https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-10.html#name-secret-key-encryption), and -- for [password-protected data encryption](https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-10.html#name-symmetric-key-encrypted-ses) (a less commonly used feature of the standard). +- for [password-protected data encryption](https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-10.html#name-symmetric-key-encrypted-ses), a less commonly used feature of the standard. Where symmetric keys are used in OpenPGP for data encryption, they are called either "message keys" or "session keys[^sessionkey]." -[^sessionkey]: In OpenPGP version 6, when using the ["Version 2 Symmetrically Encrypted Integrity Protected Data Packet Format"](https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-10.html#name-version-2-symmetrically-enc), a "message key" is derived from a "session key". Previously (up to OpenPGP version 4, and in version 6 when using ["Version 1 Symmetrically Encrypted Integrity Protected Data Packet Format"](https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-10.html#name-version-1-symmetrically-enc)), the "session key" was used directly as a symmetric encryption key. +[^sessionkey]: In OpenPGP version 6, the ["Version 2 Symmetrically Encrypted Integrity Protected Data Packet Format"](https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-10.html#name-version-2-symmetrically-enc) requires that a "message key" is derived from a "session key." In contrast, up to OpenPGP version 4, and in version 6 when using ["Version 1 Symmetrically Encrypted Integrity Protected Data Packet Format"](https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-10.html#name-version-1-symmetrically-enc), the "session key" was used directly as a symmetric encryption key. ### Authenticated encryption with associated data (AEAD) From 61f8a76bd6abf755cdd98827abd878ff87147a1a Mon Sep 17 00:00:00 2001 From: "Tammi L. Coles" Date: Thu, 12 Oct 2023 17:39:16 +0200 Subject: [PATCH 05/18] simplify AEAD language, correct punctuation of footnote --- book/source/03-cryptography.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/book/source/03-cryptography.md b/book/source/03-cryptography.md index 57e8284..dac0b15 100644 --- a/book/source/03-cryptography.md +++ b/book/source/03-cryptography.md @@ -59,15 +59,15 @@ Where symmetric keys are used in OpenPGP for data encryption, they are called ei ### Authenticated encryption with associated data (AEAD) -[Authenticated encryption](https://en.wikipedia.org/wiki/Authenticated_encryption) is a class of cryptographic schemes that gives additional guarantees besides confidentiality. +[Authenticated encryption](https://en.wikipedia.org/wiki/Authenticated_encryption) offers more than just confidentiality; it ensures data integrity too. -In OpenPGP version 6, AEAD was introduced as a successor to the MDC[^MDC] mechanism. AEAD is a common mechanism to solve the problem of "malleability": In past versions of the OpenPGP protocol, some malicious changes to ciphertext were undetectable. AEAD protects against undetected changes of ciphertext. +In OpenPGP version 6, AEAD replaced the MDC[^MDC] mechanism to address malleability. In earlier OpenPGP versions, malicious alterations to ciphertext might go unnoticed. AEAD guards against such undetected changes. [^MDC]: In OpenPGP version 4, a mechanism called MDC (Modification Detection Code) was introduced to serve a comparable purpose as AEAD. While MDC is a non-standard mechanism, as of this writing, there are no known attacks against the scheme. -Protecting against malleability counters a variation of the EFAIL[^efail] attack. +By addressing the malleability problem, AEAD also counters a variation of the EFAIL[^efail] attack. -[^efail]: A variation of the [EFAIL](https://en.wikipedia.org/wiki/EFAIL) attack can be prevented by both the MDC and AEAD mechanisms. Also see ["No, PGP is not broken, not even with the Efail vulnerabilities"](https://proton.me/blog/pgp-vulnerability-efail), especially the section "Malleability Gadget Exfiltration Channel Attack". +[^efail]: A variation of the [EFAIL](https://en.wikipedia.org/wiki/EFAIL) attack can be prevented by both the MDC and AEAD mechanisms. Also see ["No, PGP is not broken, not even with the Efail vulnerabilities,"](https://proton.me/blog/pgp-vulnerability-efail) especially the section "Malleability Gadget Exfiltration Channel Attack." ## Public-key, or asymmetric cryptography From 891ce892fcde1bfa09d67f54011764a1b1973635 Mon Sep 17 00:00:00 2001 From: "Tammi L. Coles" Date: Thu, 12 Oct 2023 17:50:39 +0200 Subject: [PATCH 06/18] simplify public-key cryptophay section for dummies like me --- book/source/03-cryptography.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/book/source/03-cryptography.md b/book/source/03-cryptography.md index dac0b15..843751b 100644 --- a/book/source/03-cryptography.md +++ b/book/source/03-cryptography.md @@ -70,11 +70,11 @@ By addressing the malleability problem, AEAD also counters a variation of the EF [^efail]: A variation of the [EFAIL](https://en.wikipedia.org/wiki/EFAIL) attack can be prevented by both the MDC and AEAD mechanisms. Also see ["No, PGP is not broken, not even with the Efail vulnerabilities,"](https://proton.me/blog/pgp-vulnerability-efail) especially the section "Malleability Gadget Exfiltration Channel Attack." -## Public-key, or asymmetric cryptography +## Public-key (asymmetric) cryptography -[Public-key cryptography](https://en.wikipedia.org/wiki/Public-key_cryptography) systems use asymmetric pairs of related keys. Public-key cryptographic systems support *encryption/decryption* as well as *digital signature* operations. +[Public-key cryptography](https://en.wikipedia.org/wiki/Public-key_cryptography) uses asymmetric pairs of related keys. Each pair consists of a public key and a private key. These systems support encryption, decryption, and digital signature operations. -Unlike symmetric cryptography, public-key cryptography doesn't require participants to pre-arrange a shared secret. Instead, with public-key cryptography, the public parts of the key material can be shared openly and then used for cryptographic operations. +Unlike symmetric cryptography, participants are not required to pre-arrange a shared secret. In public-key cryptography, the public key material is shared openly for certain cryptographic operations, such as encryption and signature creation, while the private key, kept confidential, is used for operations like decryption and signature verification. (asymmetric_key_pair)= ### Asymmetric cryptographic key pairs From 57c4d2ef31a5b753db88cba0aadb6da2e221faa7 Mon Sep 17 00:00:00 2001 From: "Tammi L. Coles" Date: Fri, 13 Oct 2023 14:16:09 +0200 Subject: [PATCH 07/18] improve language of asymmetric key pair section --- book/source/03-cryptography.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/book/source/03-cryptography.md b/book/source/03-cryptography.md index 843751b..bf4de3d 100644 --- a/book/source/03-cryptography.md +++ b/book/source/03-cryptography.md @@ -79,7 +79,7 @@ Unlike symmetric cryptography, participants are not required to pre-arrange a sh (asymmetric_key_pair)= ### Asymmetric cryptographic key pairs -In many places, we'll deal with asymmetric cryptographic key pairs: +Throughout this document, we will frequently reference asymmetric cryptographic key pairs: ```{figure} diag/cryptographic_keypair.png --- @@ -87,14 +87,14 @@ In many places, we'll deal with asymmetric cryptographic key pairs: An asymmetric cryptographic key pair ``` -An asymmetric cryptographic key pair consists of a public and a private part. In this document, we'll show the public part of a key pair in green, and the private part in red. +Each key pair comprises two components: the public key and the private key. For ease of identification, we will depict the public key in green and the private key in red throughout this document. -Note that in many contexts, only the public part is present (more on that later): +It's important to note that in many scenarios, only the public key is exposed or used (we will expand on these situations in subsequent sections): ```{figure} diag/keypair_pub.png --- --- -Only the public part of an asymmetric key pair +The public component of an asymmetric key pair ``` ### Public-key cryptography in OpenPGP From b33251aa31a5ef3512bae00864666848e826cf74 Mon Sep 17 00:00:00 2001 From: "Tammi L. Coles" Date: Fri, 13 Oct 2023 15:19:32 +0200 Subject: [PATCH 08/18] rework language of digital signatures and signers --- book/source/03-cryptography.md | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/book/source/03-cryptography.md b/book/source/03-cryptography.md index bf4de3d..459e25d 100644 --- a/book/source/03-cryptography.md +++ b/book/source/03-cryptography.md @@ -111,20 +111,20 @@ So in OpenPGP, the pair of terms "public/secret key" is sometimes used instead o ### Cryptographic digital signatures -[Digital signatures](https://en.wikipedia.org/wiki/Digital_signature) are a mechanism that is based on asymmetric cryptography. With this mechanism, one actor can make a signature over a digital message, and another actor can check the validity of that signature. +[Digital signatures](https://en.wikipedia.org/wiki/Digital_signature) are a fundamental mechanism of asymmetric cryptography, providing secure, mathematical means to validate the authenticity, integrity, and origin of digital messages and documents. -The signer uses digital signatures to make statements about the message. Third parties can then inspect these statements. +In OpenPGP, digital signatures have diverse applications, extending beyond mere validation of a message's origin. They can signify various intents, including certification, consent, acknowledgment, or even revocation by the signer. The multifaceted nature of "statements" conveyed through digital signatures in cryptographic protocols is wide-ranging but crucial, allowing third parties to inspect/evaluate these statements for authenticity and intended purpose. ```{admonition} VISUAL :class: warning -- add visualization showing: message + private key + sign = signature -> message + signature + public key + verify = ok? +- add visualization showing: message + private key (signing) = signature -> message + signature + public key (verification) = validation confirmed? ``` -In OpenPGP, digital signatures are used in two different contexts: +Digital signatures in OpenPGP are used in two primary contexts: - [Certification statements](certifications_chapter) -- [Signatures over data](signing_data) +- [Data signatures](signing_data) (hybrid_cryptosystems)= ## Hybrid cryptosystems From bef3a69be9dd8478a7793d706641c2f216a1aa24 Mon Sep 17 00:00:00 2001 From: "Tammi L. Coles" Date: Fri, 13 Oct 2023 15:34:45 +0200 Subject: [PATCH 09/18] rewrite header and note on Usage and terminology --- book/source/03-cryptography.md | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/book/source/03-cryptography.md b/book/source/03-cryptography.md index 459e25d..5e2be0a 100644 --- a/book/source/03-cryptography.md +++ b/book/source/03-cryptography.md @@ -97,16 +97,14 @@ It's important to note that in many scenarios, only the public key is exposed or The public component of an asymmetric key pair ``` -### Public-key cryptography in OpenPGP +### Usage and terminology in OpenPGP -OpenPGP makes heavy use of public-key cryptography, both for encryption and signing operations. +OpenPGP extensively uses public-key cryptography for encryption and digital signing operations. ```{admonition} Terminology :class: note -For historical reasons, the OpenPGP RFC and other documentation often use the non-standard term "secret key" instead of the more common "private key." - -So in OpenPGP, the pair of terms "public/secret key" is sometimes used instead of the more common "public/private key." +OpenPGP documentation, including the foundational RFC, opts for the term "secret key" over the more commonly used "private key." As a result, you'll encounter the "public/secret key" pairing more frequently than "public/private key." But don't worry; "secret key" and "private key" serve the same purpose in cryptographic operations. This terminology reflects historical preferences in the OpenPGP community, not a difference in technology. ``` ### Cryptographic digital signatures From 773015bdf4a5e4c09f2252ba025afa6e619d4726 Mon Sep 17 00:00:00 2001 From: "Tammi L. Coles" Date: Fri, 13 Oct 2023 15:48:49 +0200 Subject: [PATCH 10/18] clarify private vs secret in this document --- book/source/03-cryptography.md | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/book/source/03-cryptography.md b/book/source/03-cryptography.md index 5e2be0a..2728c9d 100644 --- a/book/source/03-cryptography.md +++ b/book/source/03-cryptography.md @@ -69,7 +69,6 @@ By addressing the malleability problem, AEAD also counters a variation of the EF [^efail]: A variation of the [EFAIL](https://en.wikipedia.org/wiki/EFAIL) attack can be prevented by both the MDC and AEAD mechanisms. Also see ["No, PGP is not broken, not even with the Efail vulnerabilities,"](https://proton.me/blog/pgp-vulnerability-efail) especially the section "Malleability Gadget Exfiltration Channel Attack." - ## Public-key (asymmetric) cryptography [Public-key cryptography](https://en.wikipedia.org/wiki/Public-key_cryptography) uses asymmetric pairs of related keys. Each pair consists of a public key and a private key. These systems support encryption, decryption, and digital signature operations. @@ -104,7 +103,9 @@ OpenPGP extensively uses public-key cryptography for encryption and digital sign ```{admonition} Terminology :class: note -OpenPGP documentation, including the foundational RFC, opts for the term "secret key" over the more commonly used "private key." As a result, you'll encounter the "public/secret key" pairing more frequently than "public/private key." But don't worry; "secret key" and "private key" serve the same purpose in cryptographic operations. This terminology reflects historical preferences in the OpenPGP community, not a difference in technology. +OpenPGP documentation, including the foundational RFC, opts for the term "secret key" over the more widely accepted "private key." As a result, in the RFC, you'll encounter the "public/secret key" pairing more frequently than "public/private key." This terminology reflects historical developments in the OpenPGP community, not a difference in technology. + +While "secret key" and "private key" serve the same purpose in cryptographic operations, this document will use the more common "public/private" terminology for clarity and consistency with broader cryptographic discussions. ``` ### Cryptographic digital signatures From d810608dc639f75764cd4af4bd33e89585ccfaca Mon Sep 17 00:00:00 2001 From: "Tammi L. Coles" Date: Fri, 13 Oct 2023 15:51:50 +0200 Subject: [PATCH 11/18] swap parts for components --- book/source/03-cryptography.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/book/source/03-cryptography.md b/book/source/03-cryptography.md index 2728c9d..5a129b7 100644 --- a/book/source/03-cryptography.md +++ b/book/source/03-cryptography.md @@ -86,14 +86,14 @@ Throughout this document, we will frequently reference asymmetric cryptographic An asymmetric cryptographic key pair ``` -Each key pair comprises two components: the public key and the private key. For ease of identification, we will depict the public key in green and the private key in red throughout this document. +Each key pair comprises two parts: the public key and the private key. For ease of identification, we will depict the public key in green and the private key in red throughout this document. It's important to note that in many scenarios, only the public key is exposed or used (we will expand on these situations in subsequent sections): ```{figure} diag/keypair_pub.png --- --- -The public component of an asymmetric key pair +The public parts of an asymmetric key pair ``` ### Usage and terminology in OpenPGP From 5e6a857040cc2ade0c44cb3e1da3c14624148e81 Mon Sep 17 00:00:00 2001 From: "Tammi L. Coles" Date: Fri, 13 Oct 2023 15:54:55 +0200 Subject: [PATCH 12/18] clarify private vs secret in this document --- book/source/03-cryptography.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/book/source/03-cryptography.md b/book/source/03-cryptography.md index 5a129b7..115d087 100644 --- a/book/source/03-cryptography.md +++ b/book/source/03-cryptography.md @@ -105,7 +105,7 @@ OpenPGP extensively uses public-key cryptography for encryption and digital sign OpenPGP documentation, including the foundational RFC, opts for the term "secret key" over the more widely accepted "private key." As a result, in the RFC, you'll encounter the "public/secret key" pairing more frequently than "public/private key." This terminology reflects historical developments in the OpenPGP community, not a difference in technology. -While "secret key" and "private key" serve the same purpose in cryptographic operations, this document will use the more common "public/private" terminology for clarity and consistency with broader cryptographic discussions. +While "secret key" (as used in the OpenPGP RFC) and "private key" serve the same purpose in cryptographic operations, this document will use the more common "public/private" terminology for clarity and consistency with broader cryptographic discussions. ``` ### Cryptographic digital signatures From 6734930bd9216046c140d490c1995e2ca36465cf Mon Sep 17 00:00:00 2001 From: "Tammi L. Coles" Date: Fri, 13 Oct 2023 16:08:32 +0200 Subject: [PATCH 13/18] edit hybrid cryptosystems --- book/source/03-cryptography.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/book/source/03-cryptography.md b/book/source/03-cryptography.md index 115d087..3fd7a3b 100644 --- a/book/source/03-cryptography.md +++ b/book/source/03-cryptography.md @@ -128,7 +128,7 @@ Digital signatures in OpenPGP are used in two primary contexts: (hybrid_cryptosystems)= ## Hybrid cryptosystems -[Hybrid cryptosystems](https://en.wikipedia.org/wiki/Hybrid_cryptosystem) combine two cryptosystems and make use of their respective advantages: +[Hybrid cryptosystems](https://en.wikipedia.org/wiki/Hybrid_cryptosystem) merge the strengths of two distinct cryptosystems, capitalizing on their respective advantages: -- A public-key cryptosystem is used to safely handle shared secrets over insecure channels (in OpenPGP: so-called "session keys") -- A symmetric-key cryptosystem is used to efficiently encrypt and decrypt long messages (using an OpenPGP "session key" as the shared secret) +- Public-key cryptosystem: used to securely exchange shared secrets, known as "session keys" in OpenPGP, across insecure channels +- Symmetric-key cryptosystem: used to efficiently encrypt and decrypt long messages, leveraging an OpenPGP "session key" as the shared secret From b9341d921e89a7b0cd6a0de16aaac6d28a23735f Mon Sep 17 00:00:00 2001 From: "Tammi L. Coles" Date: Fri, 13 Oct 2023 16:15:05 +0200 Subject: [PATCH 14/18] clarify MDC --- book/source/03-cryptography.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/book/source/03-cryptography.md b/book/source/03-cryptography.md index 3fd7a3b..b10d29a 100644 --- a/book/source/03-cryptography.md +++ b/book/source/03-cryptography.md @@ -63,7 +63,7 @@ Where symmetric keys are used in OpenPGP for data encryption, they are called ei In OpenPGP version 6, AEAD replaced the MDC[^MDC] mechanism to address malleability. In earlier OpenPGP versions, malicious alterations to ciphertext might go unnoticed. AEAD guards against such undetected changes. -[^MDC]: In OpenPGP version 4, a mechanism called MDC (Modification Detection Code) was introduced to serve a comparable purpose as AEAD. While MDC is a non-standard mechanism, as of this writing, there are no known attacks against the scheme. +[^MDC]: OpenPGP version 4 introduced a mechanism called MDC (Modification Detection Code), which fulfills a comparable purpose as AEAD in safeguarding message integrity. MDC is a non-standard mechanism, but no known attacks have compromised this scheme as of this document's last update. By addressing the malleability problem, AEAD also counters a variation of the EFAIL[^efail] attack. From e1f0452ccdce5eba230ba00352f23be54829f049 Mon Sep 17 00:00:00 2001 From: "Tammi L. Coles" Date: Fri, 13 Oct 2023 17:43:09 +0200 Subject: [PATCH 15/18] expand on hybrid concept --- book/source/03-cryptography.md | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/book/source/03-cryptography.md b/book/source/03-cryptography.md index b10d29a..f1b56bf 100644 --- a/book/source/03-cryptography.md +++ b/book/source/03-cryptography.md @@ -128,7 +128,10 @@ Digital signatures in OpenPGP are used in two primary contexts: (hybrid_cryptosystems)= ## Hybrid cryptosystems -[Hybrid cryptosystems](https://en.wikipedia.org/wiki/Hybrid_cryptosystem) merge the strengths of two distinct cryptosystems, capitalizing on their respective advantages: +OpenPGP uses a hybrid cryptosystem. [Hybrid cryptosystems](https://en.wikipedia.org/wiki/Hybrid_cryptosystem) combine the use of symmetric and asymmetric (public-key) cryptography to capitalize on the strengths of each. -- Public-key cryptosystem: used to securely exchange shared secrets, known as "session keys" in OpenPGP, across insecure channels -- Symmetric-key cryptosystem: used to efficiently encrypt and decrypt long messages, leveraging an OpenPGP "session key" as the shared secret +Within OpenPGP's hybrid system, so-called "session keys" are central. They are generated uniquely for each session and are instrumental in both encrypting and decrypting the actual message content, using the efficiency of symmetric-key cryptography. + +Using asymmetric (public-key) cryptography, the session keys are also encrypted. This ensures that only the intended recipient, the holder of the corresponding private key, can decrypt and gain access to the session key. With the decrypted session key, they can then use the session key to decrypt the actual message. + +OpenPGP's dual-layered security thus capitalizes on symmetric cryptography's speed and efficiency and asymmetric (public-key) cryptography's mechanism for secure key exchange. \ No newline at end of file From bd468da34fff868f516cc352552bd4d5dbbae3e8 Mon Sep 17 00:00:00 2001 From: "Tammi L. Coles" Date: Fri, 13 Oct 2023 17:47:58 +0200 Subject: [PATCH 16/18] expand on hybrid concept, mark for move --- book/source/03-cryptography.md | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/book/source/03-cryptography.md b/book/source/03-cryptography.md index f1b56bf..6673a8c 100644 --- a/book/source/03-cryptography.md +++ b/book/source/03-cryptography.md @@ -128,10 +128,14 @@ Digital signatures in OpenPGP are used in two primary contexts: (hybrid_cryptosystems)= ## Hybrid cryptosystems -OpenPGP uses a hybrid cryptosystem. [Hybrid cryptosystems](https://en.wikipedia.org/wiki/Hybrid_cryptosystem) combine the use of symmetric and asymmetric (public-key) cryptography to capitalize on the strengths of each. +OpenPGP uses a hybrid cryptosystem. [Hybrid cryptosystems](https://en.wikipedia.org/wiki/Hybrid_cryptosystem) combine the use of symmetric and asymmetric (public-key) cryptography to capitalize on the strengths of each, namely symmetric cryptography's speed and efficiency and public-key cryptography's mechanism for secure key exchange. + +```{admonition} +:class: warning + +Move this to the chapter that details it: Within OpenPGP's hybrid system, so-called "session keys" are central. They are generated uniquely for each session and are instrumental in both encrypting and decrypting the actual message content, using the efficiency of symmetric-key cryptography. -Using asymmetric (public-key) cryptography, the session keys are also encrypted. This ensures that only the intended recipient, the holder of the corresponding private key, can decrypt and gain access to the session key. With the decrypted session key, they can then use the session key to decrypt the actual message. - -OpenPGP's dual-layered security thus capitalizes on symmetric cryptography's speed and efficiency and asymmetric (public-key) cryptography's mechanism for secure key exchange. \ No newline at end of file +Using asymmetric (public-key) cryptography, the session keys are also encrypted. This ensures that only the intended recipient, the holder of the corresponding private key, can decrypt and gain access to the session key. With the decrypted session key, they can then use the session key to decrypt the actual message. +``` \ No newline at end of file From 14e3919b9def9c88f93b74a2273c8423e5a1a746 Mon Sep 17 00:00:00 2001 From: Heiko Schaefer Date: Tue, 17 Oct 2023 14:28:50 +0200 Subject: [PATCH 17/18] add new key diagrams for ch3 --- book/source/diag/asymmetric_keypair.png | Bin 0 -> 31366 bytes book/source/diag/asymmetric_keypair.svg | 221 ++++++++++++++++++++++++ book/source/diag/public_key.png | Bin 0 -> 22676 bytes book/source/diag/public_key.svg | 129 ++++++++++++++ book/source/diag/symmetric_key.png | Bin 0 -> 13436 bytes book/source/diag/symmetric_key.svg | 194 +++++++++++++++++++++ 6 files changed, 544 insertions(+) create mode 100644 book/source/diag/asymmetric_keypair.png create mode 100644 book/source/diag/asymmetric_keypair.svg create mode 100644 book/source/diag/public_key.png create mode 100644 book/source/diag/public_key.svg create mode 100644 book/source/diag/symmetric_key.png create mode 100644 book/source/diag/symmetric_key.svg diff --git a/book/source/diag/asymmetric_keypair.png b/book/source/diag/asymmetric_keypair.png new file mode 100644 index 0000000000000000000000000000000000000000..088b3c412cb103d9332f45cf3f271d72bf240aa5 GIT binary patch literal 31366 zcmd?RWmH^E&@DW;2iG9M6Wrb1Ex5b8yE_CD+@0X=?(PsgcyM=zdw9O}e*f=!f8JSZ z*1*8&>8`G>+O>C`iBOOeM}o(L2Z2CHk`f|HAP{&O2n5Cr3k|&EQ$YL;c!9H*&~O5Q zK23Z)!Ho9)0sjHQbrw~3{%&XL>}KF-0&;V6qqDHJaxyZoH=(n0G)q6@!2^N5fFwl( zmEAK=)?D1b-xES#+-FF{w_-a zByT`xMd_Z!b@DZzC7-24V6OhcH*22{nfpn0cD4OAGaI&+CMX&rj*0-vq8c``C*^28d@=)%GYT^veEV(0?G@%>{bBY+Pc zro&0bzLMw7MoTN8{n9zO^_0nc!>!cm3fPn*xVUOIi@JT%(9l?_ zwV?#%xK`j5>y(++=yugJr%ycGMA@Nu?BS=eT12~1bb<+@;Ok(aD$-fc6fo^d^gFyT zz0-d@GdSJWXLc3%J_fZ~v;%?e&iG*^lYoI+%V}Qf{^@-@Ga`Ak$`|Pnwzttg#sq!Y zet;_|GUI3_A<1iB%9At+C6iRYm_qy8f{p-c_Bh7k%eo2(D)VGXoiH7LcOnMm_;zra zFaB2fRfVctL526HD#~e}E=TV?3uSplwfyDPd!|&>Nd%ueCWc_8XJTT0h8z`jwD)G+ADN!o9 z*eYm>YGY}Y#t@b9zE%-WRD%AOWBn0EH}^38<@q2K`rFFZOLLr6&I z#Me(FY3$$m&F$wV5Xf?|JfJxkl8l1FU@deag@Ny#UMrIh;SvsRczD=9IT_o#y(352 z^!;FHU_dy|q^&3nwQOXmjTj3M3&R0}gU;ZWGL(`9eyHt~fIT@`uL+ z-zuNqYZa4{qB1<|7s7y2E>{54te}|ki54S8i;n{Xt?Onflqe@%W5A;(QmF*TYi1s2 z^!JnX4-5$xD&-o6z$=ugJa%Ho(d^uvek~|01gwRGNd>uQVKF{F9^9ipuA(L;M&W;Q zk>V74bK`7me3XMC`tbAw0&VZ0|4d7Y$+1*%?C8Ryq;z+0)~fjS+z}N(CV6pt8yef> z)>)NXEkhB%>x2dc=Ih(pawi=Zys9|Ewt)bwzQn=;1d>N~Wg4+)oPej>W367( zNjDl0u09H_1!5ZcKigV#Az@)uG&GX_fdM!N2VcVuPXS|Nve~&gs7yIEl0*5VU8ZCv zCrx^=9Qkv?@D}u_0qJDYmjgz?N25U0dRgptYlGQ-^n@BDp4;BbF{ z9XEBlyTycehC2%{66cLLNWpn&(MO%k>hjOnu#pM@Uu%WlIaDO23BU$bYIlT|%<)5j zqWwB$h4G>~nK+=K5{u;;^}cL>TYg z8kemHS8mg*4dzs(-N8Y~Zf-Z{s|c@8H}x6UJqd^5Ek(QT;!CzCu&YQQoarj|EKjEA z*j&uAMT5TI6&DxwLv83oJIRlJTPwGpVPP+ZPO417K@>hLNVvGE=5wv&>z=Q>+N?S) zo&-_Jv_pr(bw9~QYCEKMrQDB3P*^P0`KQbj)qx%FeA@E@f(K#Vm(2m}L6W5^2>+8W zO{TA6)_>cPEG!P+JFp4QaHgBspYBF{$Ft+oA|uYdL6S)`O>W519!DcQ_cO=0?q0Lv zz>(^o7JOwid_bYms=?E0JoS%lV%H_Sr}2HaBF@V*qS@!*wwh@ZXGbJpLK*b}-=ENG zsxh3`#OHP8QJcnw1Vj4#r?1W^OX$%NtmTY1NQzk8ZhGv7yA+x6BT zF{i6}Kp0YQw}y&~|300s#gIkxd;`%{bw>g+)YjI1^CL&a?8y}lGX~kaxFjAgA_s^$ ziMl#D#lOD1{Ii(*J>u3^G(K(NhnVK-?AP4xxEqOsi~9}mzX%HpTi|4V6H-nPV`=#e z1+xE61rFhW8sO^n+nt*lv;f4ugHlyP^1`+X%on`BGQa;m-+I#MwLpVVn4Eu_v;lsmR_EJYvqK4H z+$8n%^V+ckx=;x& zekAyq-FCZ4T|3jKUGSHgdP!1Xlfezz?hX2@d#24Dn?%mny+DAcDo`aJ%ydX+aq+!d zV##p&`TzCtNloP{SMT_QO{X(h;6|a|yO&ouhU#ztcR>Xjy&pv<b!H5KqYK!mC!Y3xkq$>B-nPU1k7Hf?7FRd{RXG=$k~YNsfBpOlpr>0<*PehOZ6K6AXi z9lIi(g$qJF^{h=GQOafYwr{-o%O#t@Me77{8(egE+B>=QUB(wNoG1;%yj;$pMg@6iS=?L z1PJ)VYaShX847eD{|SX6iA~w+Y@U=403$HGPlYsl?^4N$XAQL8rZc$f^MktMiG>Z= zQW?z!h#*zU;D3k(jgQOFXtv^OHHCfT6d?4C--?R}#>K^N6{s2k6Ej!nqVq<0u*Mhr zsWKgI8$%Z~N}>2?A3j1U3CN&Qs_;~j6xv!m?MLhd)A+(F%A3zo12>}WNcheZLLwzJB9oax8Nm}sOF)Agz_DfB;&-s zNyN>T$0d5EVB~3(_-oKhNrikJ%ljf-3nI-)z+BEn-!rV3v1Usyneyq|tN2L!$X7RtZSSrT^~=Ep}%^*Lz&z) z9KPFR06eu`ZgLo70||^_P0+lao?&jDhq3GVEzeTTH!DIQe&*?BGUWc!O|+xuH&WYW z5if?r)y)5s;=9wVKZBWtiT!os6dUvKIBKoYencO(xZ0QxD&2Z@qulg6 z_YF_@qint22oVH*6Y>SNSi6K|-Oo*^@;Wm!lkx6QkprJF0QirLF8dmZb2w1@)wWa1 z`p&FGf=S}6FNQ=D-F z-JnQbGER}NS%NZOOIBhDJ@05YU+O{5uZN7>pqW2!*`TSB1SJ`Fa(AGetB{nccW{V{ z3%lBZ44SUADbxPmtX!##dV4%C_%GFIsoe$!`sUc?@LIh~m!N#39x9H^U^Z+H1t=v- zRVo6H=1cQz*EBEguj{mngxlEE>y16`u-_L5l5#xWdPT>0e)@R2)@kbPh#@)M)C-IMlP7H`)hTIV|Jn9Xj1Y~vM3b0GhvB@Q6Qyldqu=ufo% z@Hit6UtVl+xW>AH7S1{Y3vsZM))Sn}ocbg^IjLFScxC>wKJ~l$!^;4CqV=Thdc3lH z)yyM)2TDJAg;%V9(*2saoIO8Zwy4jPo~!(Ix=79KExE-Wb0Y4K(CT|9$e%%e$x zN|6oxibo!A&GJnKS}~V_O4c$+!-|cg$2>Ypn(gq`cMnKs6U4;Crh+KO)yQTwK>UE_ zBxWWf6H#xZQOccxq(V1PvP6=zR7}V;rd*axh{lur#({LSNL?&#KQy^JnrL;lyQL_e zKa=2o5EUC6He*in(5OQ6?o3@zhIfGOf}P?#gJ5`9TZq;)8)0(EbYrj`QZ||#(Y-azjQ!X7>Sw$^o1+5LQD_+n{sT0dVR!mH9>HW{<{SNp) zIBaiy1@7`Uqi+y7Jg|Aqp&zjM@J)?Po7kS+y|7oM*zUV3*SzlXy%zPAOSDI7X|K9yzV+I??d9|6Hi!vMc@5-Be)K{}hAaFC}9>Sye*@U}J7r<>aKv~RHB z?d|1L#+y!4Q?jO}6q`Fg@`vO$hdjD8#U8Z2|2c05y(@9{^2B-ysvO^(th?0aALoe2 zju?+hNy>KMq7yi6EB{L+^`ldFBxC+w6fY~3q|0_>(vec=uWPqpc}q7+7Sy9=B_q!c z2L$}R%}sqt6v!AQKMBM%GM zz>q%iD0llEgEOcND9)fddi?E7r+SKrO4DX#y;x7NKEkSlQuVu*045i0A}xvzhb7Q zroz(b5fb-7_e?Fqk3ZkKX?Ho)ncKlCSfA4>Y7{C{vGT32v--4mSS?iP***Bb z`Fx+!Yj@Y*%EKIs4Gz;wA})j&m8sL6J;a#gni@y+u}q2*ES$w%tkkjkgoMP(Y|V!c zJrQPaHw>90Bdb!vf)}J&7@sLiWxmF0d-k0#{i^WL30C~UZMr44`C%omanB6 zEoc7jjZ(Uu^>5##)_p{cA^8lUIf@@3V;GeN%@81qe9$aOHt~EJp;}G(_J>z0W2`*9 zywi;~)F;bcAg{YKn4fDa2Zx6NjW$y6`QlpMKJBRLojiGY`3^v!jK+O6&Qcr$VD#6- zQEeyt$UN8(A+Wk-#QYiicM~G1{LtGEsD6M1ZM{^F3GsA0+3@}n5+xxiD_Vv%f#4%c zPcQGyacH9qOM{$06AqM|TXNR;o$rTc?ay88#PHzYFRv&lo3Y$(h7M;hz{lMhXJwZ} zN6P^GNwIQEkkizePL1sj7J%r=*Q#-!KjA}yZjRPj7co@swHi!$b^T1VD{UBotG~X$ zf^rN)1OUVfxZ!aU)}nzh^uMDf>M^G1!N1IiC^JD04z8|t3(XEygGhKc98PzCXE?8Y zb?lk0{z4T>rIMvgSa2mq+P# zefkWBufJ){R|-%k^_s)&y58YL_3@?!#!tIK1A#(azrd5}@Mx&X*OD3-L_)wU`P3nRL4C(U?{Xxl)Bv?p80< zNvQXEUrD+*kQHYbIb2^b02U7nU<5=qT7U>-$*;`2*6Q5*B&+o^B_&u?`c2eZh-9VS z5=>1EJA;QH!cVO{R4zHBvWEbHx4T#?d9oNqoe;#}y`-<*=75e01gM9I@9Ld~tiW_8 zed$9#^&<1X1_B4lo5cni8u=vbNN_$!;j2C1JLTFPga9(x{;{Y#%KGfz)P$|sU>^Dk zgA7!nnLp3vt~M&9_q~r-+TOq1Ktp)C9)kk~%Lj`mom^Er9?uED8_+OofM0(Ny7^iu zR02HI2NCiR=nZ3pq9>j7Yik|=AeK-YVTwqnwvQT))oVNn0JfmodcYDOC%C3KCp9Zf zG*j_8eHf?onqf7P>h{HGdcP#kmf9RAH4|X|*ri_FoXk{zxfy%m88S9DCZS`aTkO9- zU2Pn!#Vq@kkP$6OBnR=6_vdcWdDrCJwi*WB59o6_{Mf0^w2*)QFs#>G3DTQvr(B}z z>KeOI%%Z-+y1ynmJbZPAwiOpO+C6e9CR9e6NMjQVbG1Ri#Qc$HwLrQjN3-{K<&|~q zqQOPhPx((nvKU~Jmi#WN3$u-%8*SjV_5Sv)eb5IezD=J8J3O6_1LfR^Hj?SF{TnN^ zw!3rfPq^)2fod)k*trj)uw+hS?+;ntcAv%jc8zH5J7=XXpI&y7iTKZF z3wIzx$HVHJ7ImAOIr{qgcozYy-<&NI(9uoWJ2(u+RP*B8|7FJE$)TrGD>a8J;S6H_ zK*+d6ehF4N5;0yduJu-Pqerz7d0*7e3TtQC6`RevRz_iM6*1nq^$Mx%y*`B$SD!Rt zwV$u~`B9%-5JND!T(z0cluK4h4)Ok7o2igC^X4_Lwy#CH znRWlzc|WF6Hn57m{^9oZlbSD`n?z(}6yP8+M54ghb-&NRZcV=G0@b;AlfE~jk!IFU zxPJsXwpJ+99RN|zx6)u?f;&PVNn*KB90Qa-xKptNna4}XdfuP_CDT^!J|tNV;u#BhDbf%yAdy>&-3TRxVuMz z#xzxIhaDL=d37uL)7m4WO5h5?!NIU5j!0%OXiHrU7iR=ISpYWpNJS>eG!>fD&26om zY8l+m$5m92&{&;DsX+;aiu(hCab(6v&Hydy@f)vo;|(J0Vl5WnFiqvM11(j`5=0`% z=>YCZ5#y@d*+^Pd6)QoiaIF;;$QBZ&Bg8$$)#o8JV<|i?TmbtS1LUgB{QHd>&%ZDH z*qW`nFW39@D55nI{6PYD&tMvjEuEek^^Dt)eA><9N1dIt>066%Rf+bZA|8ci#s~b5 zH`k)ip9t4z(?hH*XE3N?OO1mBC;uFZ_^2igVxTE)^tZ4f#L}jTV&LILGMnXut59K5 zsg%YK7T5=A(6Jw1%NHew{Cwm<6Gg40qf_nLj3wj__@G*VA{?7uXE4w&34Az<@K6yc zRlrqR-9VV)=bDh|RA;H2Wka9lhII#aEzM5$!233Ufh44*hqeo;?SYdC>b@Wj(aVGx zem9%OqilHk1)nNn5>gfwH5W$I&R(h*)JlLM1$hX?*!?wy*SJFPc(?HT}CsQ=w&b}V}9#6R4xG1fJLJnox)wy(%9C_ zVRSQ$`l&QhDoS`uyau3N%QdpS4DaO#R&s4KHGw~bpG?dTi1Oa{Nscmk}k~TnVfW3O|6k-o@ zH8POYa{KY?El$U-6F>{1l8p&LNd`92eAdxHf}T$-r`b(qRtOFat?e=;u8uV&{#S3x zX1A^#&@GVI1#oc&e;!mz@fFP0?>FAgw#zTSUXT^=+Rjb$CqE*yO|A>l_f}#xAXAgGDQ#y8x8U- z&(5#qw-%sKN&NH%C0hOd$_1t{IPe$&P%8Rmrf)bb2tVi2T3k;x2W;vz4!?0*VF>*e zPj93>TBy(}OV2+hC80v7m$QU?a@Tszj%`cNA0w?Do$Kp6TrLuCNF-MKX~HOw%g|be zlvg+MFVE2}ED$0Hey~R%1lW{FfOy=JQi@Y@Rk94GiQi9Al#fxeCpI9-6FQs&2tC*H zqXVY!$a1x*O4fJv3%A05e{MJ=3neh1zUjn9(_ou~GSW>>;p5>^Iq3hiv7Vs`uC8Xd z98IJttdlBClJRVkQUM=bEYT_J$Ui0l9?y<04vL>nR*Q1K!oJ1PJmVnMmZcw@6aYM# zudjn4ptWeRT=(Rp#%2ud0s2dxSbQ_d(#R(tKoE`%n9Sr-4xo7) zi8~;Lhey_^_;YYe<&u`3?!G&U$;USZ6J!boNI8mCggIB&--~7JRntvkLtTy=oSb!l z>y?=-|G-{-RipbNfI&vDf%SKsg2Rf1Dv?4_!Po=}4j;q#GcW)NDQSpSlkGRe)Ktr6 zDZCKXUByam0T=N_QD6viVGPlFi}^gJFYe)S%WGtxSxoCB3+GKE6RC?3yuEFK0p5av zd_>$gA)7Gwhbmro_U3FoKL&jMmvsC^u2`m= z@&`QU=5hwX!omVEmCfEWAN*q>yJNz`3DHu8<%`ge530`2vj1H=3X?P^ki>!lRRPHX z7bmt$C-mzV7-L)Z9>_i|za59=8WnI1;jm9|ab(~AP-vKd|Iw_FPSt~xD4Q3WP_Yj$ zhAi2hp!xrM0hFo4lLc-Rv~{#q0zs5;_Hj^x6(}0 z#n27>l7bOvu4I|<$KQMgD;)ORb+N zAFv3Ab7!bpGPuAm5kEQQu~1QGb|iihj|K`QkZF7?5uGVe4yTAO%b7b&L9zxo2>+f< zYLGw87`X8-ehI)zv5blgQJ^o9d0!>t^qEYW%pD_1k8xO{1XPCuX~tfN0blmShihJa zfD{DY8JxLI07Fa*$ze^0DkNjnM?*#By%QPU_FFp`r=t+8x;GN54iKz^6-kxd{usQW zO`Z+2mPUe#O$amizrKQE6q>dDr3+>A|81wk|7+KObasd+WAzsm?flI&&*(xAimGw@ znUES_tV6+c<9Q%UQH%lK%w@4z;vxnmFRy%aCD!2>P)vja>-J+|W)~fm6EcVb^%o{% z$+sofGelQijv#T^Cdez;1y>D zzqiv*(;405ag^$uT|1K3jeDQwC~MwsBp=#ZjI^KS+{>)wA6i>iZaYOpV!CrAMPe(K z>Xl_Snz6c0S0OTIHh(@(E!BUjbG05Q%WT^WT7TUtaiP290(w+JfXNYZ$I%#_Wo16t zPe_rOm~yn@8{^zOI382HIOr3ZBH~42uebn&eGFYx_(3kCIk2Q%Z5fuqmq+T}Dm~g+ zkK0k0JRJq3KcBvat$^(+%nxDHSyH-lzAu8ORxXlKutF(*8{xo4|1qc7)Xg*9O-|iOy5fJkfVBLlxWwf7^dFgZI8OxT5D8#hT%3tL@2a|;7Y&vy zM$GGM-%ovMZ1fj^Z3;1gjpMzFHf7e;X$N(kt?F#nB(}FR=4#3Ftd;82AWfHS9)>ua zasx)4440Gad4cd^Fk5sLDJodvp=6Z~`>E&Gzq;nNRo6p|^7u6~eDur5Yzs{A5Mdv0 z#jQDfm^OAwpB}dJ`5+itRkYgVIF;A?AmY95hu&Lndp}0=>C@~l&_vDvfZJF_x;-s1 z7{Xvo5PFdiNgh*ZS3~&0uSCETefcMQ1E`a22=i5`F6HjmA9CFMILhY9Rnx@^d&@Fg z4V}vxAB=Z2z1w^cWZ3pjwXslR3dRx3JxqA&OXJFZg&!C=R5;}snzE$g>wpt`k-2Sf zK8B5pVNz{Bz|38Ybmx-eF`e&L&TK~!lUBcHjud~dY@gU^%;XL-;GYV};@1;V4rMT( zHKL}YBShcGjGjJZj`BV`YWU1>xi$h&a$c3EdfvRB*SwJXU-+>w)KYIifK`QjA5med zRz9WDyC4qsxbcgudH3o_T51&H^=_mGQl>T4dW;Vae|O(H-yj}ygi{q0x!DAorKCcT zh537S$JDN@7cCnuZY~5mJYA;iywm{ly=LhwwQzCAyr0qC%M0`IuU3=Y$1i~DNWXaZ zpHMj@mqC?;ckXtfz+w7+fnKUw5tuqxw8CRM(Tb#A|4;A1-D@X4mOrp4EKKL2Qlk8L5ac$~VO71`_5J(z58nARo6SHg zQu@VxUZK5<)4(ulAAzcoFCJTQY$(zZ_sJWe6!l|ojE62Prfpxcq9E&{&V@!)a%oi^toZeCBVHSGAbz)R`tPz92_*T2(utiKFX6L9YZ*nvT!=xBuEOQEGDAN04+RlL~s-RqO}qU zbbW-ezuyxwF*D6n%2F$rX<|l5N^;;i;ER*SZ0#;m>fbG9=eky;A$!MuaPJjOl*GKe z5WAyLIe;R1aeq57Z^d5yzDewTdwMS+BQ?mJFOK!N0_f_bH#_pgV@$tgA3?Nf>qB)w(@F^07!I59&px$^2r0?Igod*6Gb^PUrcT^DV>mTsZ%EMl@%rc0$;=wA zhM8bL>{XY*M{&Wv?#K{Lp@i^AB0p}$)L&Uy0nHEYAph(tyBZyKYH9?{3h1u!S3b3D zz?;M6`QP!ldtHs5iu5+8Hui*a6)+y3#Ny$;^Sxml9^xLXwo$&_FB~hZqa#jc@WxKd zoA$ng>CXMiAG(;S$7M*9dAN9Wo6gO=6{M3K8F@G<)A&gaH^=8m)RW1rdB@9tXYq13 z1P+`XoNT{GTHlmc%$FB$)W0PVji<1EKvxu_=O6Tz%H&_E5wcp1z4P->KAxPNh4x3S zDiRa3yUUe|CDs2zl5-VH@D=9!q5vcK6Pb~2@42K8X@~z1j6Lt9>M0$~dfKJd-&iH; z7A|vf{w5Mja0fJA3dWhdylCCM1YlA_Vm&Fk8g$$amU%!=7AsT9c$$#_U4;(U3pV(i zo+km79d_@6BBG-C0L|UbyY)kx7##$hlpg~Kd-*^^n`rCVB|0Ue$LJ6P4kE}uC54+U zcCFch+L?>M^Y$c*+8BH}b~5|(GmE7%a&O5nbJEZeX(%!ns9d}5)9+`^SvDXxj>`~0 z-<(2J1a-CBQIKx~2&v*M{ZAdeUMm+)S#;uKwO}Lg zFSQOJc13?x`5ifvfj-ovblSW;_4=+yL!%vr!#<1Q+2fgV3nQQjG~m&XMqr*Qai&I? zJDt_MK{NPt#ppK8x3ja^`4OIEDnsH1ZkH>25A73PAw0PEWu)vBV;Ci4}<4Ft5 zAr#T|MLR~%b`3HpQGAs3<>gX$s`FEE@xw`r^UMr64^v|{e^Bz9pSL(slg%$si>?gl)$9Oo$JhpNJ4{;Nkb zHCE4F|GF1*Dn2T3r=6+c$;%=qr+U8;@dLsiChLJ`zdhrvaKPkW_}0hdLEXny(Zb`I z+)GXGU-(k4822Vpq3GqO-YqXi-|i8nVrn48wEnLB1=RD6N+fWIv7Pbd>u???EI_Cq z=%TI*vK+4N8F+Lg9Ig$wH(o#GvaiDPeRHo3IW5E=i%bm)&EJTv`>6u|JJwTKMxzN{ zu+z8Dch)yg94d$+kqXG)qpSvA1^{k=0MY4nTDtf>{0jG;Vo#Gl{4;5V_n*jLmZ^EojRvS@6bR$S|tf`M`?g#JAHm_%}P6 zHo!qQhszKMSagFC@kN)XC!FrLh5JtPDA_;#iF{vht2%f-`TDkqcLB{j=v}Xu?5?NF zVKg0twKU0*3*%*QmrHKDN?E6xiFl-1Nfi;x*Wc&(K>*HnbH+7^D_X#nm*En!EvVePbfMHUrb_0$-;v#EiM*DPs z8bUs%st+`W0iCnrl++M0QY(ARMHQ70e9aEuo2}sa(cT^^K67|HW7$$t_DGh9cp%Hy zSEv%G_(a;l(>g|1h4BVh!Ck8RFr7!EM&RNe-0#rfyPGk+Xs?xL$chXE2*!`{6e>kj z@jXLsOr(Yp7_`ymFC#h zA2f3R$LX+UGdjotLuSb~cUbiR8rx6hG4kww168too15W63~h5(ivDfN??kGdSKU{J zc8e&(%w2z}7$JV+@v*V%^IygSm@r)SecpY{PghQszW)V;Dt!jLt=+>*g=?lGXRg1^9td${ zxk>|(Km#w>&yLWRudo1f*zH(8Vk~5>&7&+;xa;6xsflO178wY12@Jpo0CI-vd3;)0 z-Hb-wUzM6{6R+ZheF6WKGey$c$0elQq?^zHC^YKwu$zm>iLWxP%2 zL;oHTCh>%(Ay6uDdxua{y@v8#{t4)RDA=KZrG!%CDpDS9x)C5zT62+;a~K4eUCE@~ zmm)5Y@oLd{sgOXS?*ZpXZB6C1({)CZS%W$ z=Y>jC*D{~<)IS6ztD3>Zp*ydme+6QIudv;3@WcCU(- zYL#(z!#wu8OrGx-Kju|}t(QHv@HKtj81Fh?!N7TW5cmS5G9Awd)!$dN4ld?p$c~w= zPxOG|8AxmohQqKh%HlWX)X#lP5yk2wwb5{P^1VaZz5xKJ)xSe_sxe-MclUJPEcsQq z6ZPHdN-(S|Xg)l(f&I;RuQ?4Rw#TV!pGDY2{q+j-;ykKK$RvMtC|Qf$ zU_GlkjyCdu@q?jhA)_q%!pe%Y>K43}zRa&bP|A97c{hm7T(o~gu_>`{XjpDrg|4u^ z$BF)~6U|+M%=hT=a9gG-&hUMCroxqX{PS(}#A_Ap<7X>*0{WiFa6%t%XE~7;cMp&4 zs>f^l%UP2THzYheGY6WPlnc!h3AA3RZDduPuI^-M_z+*Go|Y{JuN(LO zW-hAPoc1j{HuP)sfY3eui&V)*abGlhzT8M)PtNx#+gdx_EL$V);?Ft1(NzEaOtT^R zhq(?6rpfYn0I+lPr!s`AL3+QrDLC4>Y}H0qvi`=rdA{T)K!_ObYn|_L(HCe)N88L1 zcKAI|OqB|cw8~g>df^GDv-pJ{jm+?!@#CnWZ&zPj^zb~-*49qH4{2~boP`x{YIu(g zqVZOK+*UQ3;oNbn;`rBk9Ig6RyI}sbD~8aDHN&-B5#jqYQmt=A-9nY9N!S-yfKzf} zQ-f|z%m{wtpWL&Q5gG6YsIF0bEwJv15zpy%pf}P?i_;C+xk6=ek5{b8(#oZ+;+tc! zwSy8>%~c`0!sJ@t(Hl@tZMHyNOE**Hi6aB#Q6i_t@AmvIQ9*xAiw<^$NV;>0YmnQ$ zH>Dx6eO>3q$_ z|BX`7nbJsDvUoApcBN>U^y&Kkyv8F|gS&C5ImwThs$llST81U`l?Mhoe&pyaV$E}F zUQXw~6`=pOf=ae0!xhi+wW{3Pq!PGyy1`O()Rsn|*q>sv>z?v*)9Av|Y8kEPE-5)+ z-`4^NLG?BMdPyg5&U$AW8G)Oxn>RrDxR-EW{r2#rWKCoFxSuI~9kExz;Bgzt6T9Fd z1`#^`3}zElns3v9$B-hss|Vz00_$ky-?Q{{`rX|vbq=h=>ql=3DnS?b zbvw;_oQjNwfHN@-X{JE>U)L}mM77h#1Q2Gq*IBuFH+lrkUw_hWiH1<4!*<`0hd~Nb z`WKW_D-mZB{kCI<-|0Gk^k&J|seV1`Zmx2KRvCRTGx-0R3)6p6M0}aYOll)w$@h$= zw@M2c4+?knH*YAr&85J8l1f;W&Vb#sn~~6BR`K`AyQ{3m6f!vWtJF`UviSkoR_g(p zArAkZSlv0f^F4{5$2;o`zo`<&R<}-#EkhmarGxy~?_o+q!mW+|oBcxCUK_n`wMUF< z;b3XjR#`>5ejM3LqaX5My=_>@D|BvT zlYGE_IvE@SGEw)<4=V>wx`jOlsu1w=+mon~j%VTT;pB34(PA`wo;dtxD*+eBYPl$) zh_-(*(A#c>+H&yNrqb)IU^cmLEV!DpP&C0 zk!!Ks=C*mvp(dq`5)rsK-Re=Xj?Cb(CSTq6cbnt2fo|f7!Ek zsk6jZ&hG;rf!iYfMeXjcral4lH`KYJy&v^&R_J)RjWCK%xI;K7W`zx;9$-?5@z{Uccc;8|CgTwtNYd$ADB``k>{ANd7Vl`h8 zpzK*cnT42YI1WdsVZ`C|qZ?<_o%+)Wap`>QDq5Kw4iDTL8a`S;*Kni{#C)Dr>`xtik89H=?rq!dNS>Ft!OXGo5|iq$ReJ)JeiE7=&^(n%&C?z5217g40uG*BB(+H7j% z?Cx9HKeRPr@~#iC1q$CVlJ2*BjWnD35;`G>N=-?qa6SToB=7M;SiBP4t53Xbm<~tS z=LooB?cpSe!moLyvGhRHUdbO1i!+$sNfbq>{`!(Lp(-XWwP3QX^%;GYzc}R&hIfn0 zoUk5cSD{cF02cJJ@Y2uG3PhB7fZI-sWv(1u1>Zw|)VwUsXs?oM4AMUXOo~78r_%C= z_BKOYEc})8X*@{5uhsNczJH|1Jr}J&l)HXGKE@h@dv!%NmH(7+q!hh#E_9l-J!t$c zS&I{2o=BBS)kPTKZ}rijy4zfWmvefwOR%ckUJi^A1bsMDGagZFRg+zB zq>(rRCKtrtwVJmExC=+uZ?nK{bUlFXp_n?~8wRnH0{ici{(v}_LUL@NI?N4e!pnT89e^;wGiC&1!9VMS6RzKw5fHZlt-k3 z(u2d0dHUF)uAvzHm)VfVPB}%C=`vji;9BY@Hgn@tuI_#^DZ{+8`I2YYiv^t6Io%_i=+yMZ{WLvPkdiZ3dxs$$7T^ib+6}iLRJ>-*wiZIJWWhw4eX}z`1eTDBX4(0f+Ov zXs1d^bMNLfGz0<7om2Xbp*CEPM*k6I&fp3+BrBg6$XIQ6GqYBn{WN85ci9$@~3j+{gIK&U14eH}3!{!{u#{pyAK zVmj$`PDLf@3DTL4d zc<)jCkTv1;*mt9udNi136vgHL#>i0Pa_I^4fnNIC^|GW`|9FKCsJPz)Rd&yTs@ME= zz}cGLZ*Y%M57`S`zQGds10b&Be<*civcPW9yB=6Oy+>%V&urIOq;&Zq8^e4;i!;Ur z&o!=` z=o(eeXe~jT2gGS-MgU;8K)&q5I<*|FvR zN|fc91%p(pvFEwtDHl+kTq}+pwP}7=>V=4Igj6+4 z;wpA}?d=Eh1;@9lv5b;vKqLiNab$h{{NL`CIxshtizrm0TZ<@Du{2{#E|)yMOAQ2N za`-_l{=d#YcI@S4>_DT*x8`qlIKUMG+g@{_T*hXu+X654^7Oqkb_59403uX(Ap!TT zw8dGe=WLy?jM~(6+1x);E%3sVp*ZRAMopj0=$*~qYStYtWLQ-$iwT+P4F96nMY0wf zUR?iC5)6rDI_^3gbRb`Dr6oSt?k|Av&qYhi_qFpHq%=_?0(VpV)&m_SQ2&o)Y%7QN zp}GH_`65~rG-=-bqaRXRTB18*mEC@OVZ!@acU`_hdAlRa=Rz?%U|=CmO5`7KSAocl z`b_Dc2hSyR_usPI?Trt1z~pKa_JQIJNX^YCR@vWv0jyU@wpff{$5nu93m@t)Qs7G( zW{gS{L!_2?9ne(qW4ohetsG8%-?9#zR`@=`KR8b_AX@+FC%&g7sipi+j)n{LH;_#? zGLJW1Lh*ptvs(?;!JgXZMr&_&1}YB#di8gU$r3wGIFfjZ{3nphqd?wRO~bz8vGf89 zdGUDwy}|JZ4EbNcvI2-N7CHbk@^%Ffrcr^@I>Srl_52~uUkaYTH3NkU z!Tyxt&|@8k_bEKx(0fqjTNKvew*5We5zDSpO+Sb~n zY%BVlLEUN^!=ClUK%{~7>MwaLm_PA6rN0D|#eZwc*dT)VC4oRLgVt5GfBB2qY3%;f z)`;0;$9{&P(kf$fk%=6g&r0Kd4lfsT^|S7c<@|3fYHY2Y3f&0aLu%MySbQ#6w;Ani zdj8;&ePKX{ zEo|83bf$7MR8oeR%4G2gJmy2S# zLK?yJRNY#2k)zmz{YQT?yK{r4UD3RrV%19^LAo# zqEI=!0s%aGU;15t<$Mc9VKv5u&P->^cbYRzr4xOLkyDPtW5;qk^sb%kBE%f;&3a*_ zN<+{zYP5#&Z>od@?IQnntA9Cs9g_xQNGl|=u*aSh8#1c)g{Sd)BBRP~P489=f+KX= zJ8NelK4NX5{1S|kw|*rRIqPSyvt7k2bv5R8xlrCaY!$OyOVHYmQDx3al@=BGZ?i%R zLNosb43w}dO;qGf01~TP0C6CgLFl`jL-_MPTD5QQ9z@=_PG;y;`#t$K=@g;dCPK;* z2cz67?K0ojp4G#{knv~rZ1)bPit@e7ghI#4I?5*34(;AlyoCKfFL2=Js>4r(%m54 z4Ko7Lbt5G?ARx`q-Q6&B^B(*@?_cmdKk(tq%$YrVuf6uVuDz~x&f&oF2Hp5iPA9ga z=D)nV=0{r1qbyv7JjUJamoNCOh>z3Y@r2-tk5g6zvFTy@V@S8Ve2(&Xh4i>W|Lltr zIgXgaaKn1c4Xz^_-wCfveS_YR z<>^>A*Oor}ukkQ?r0m1tss}&!`y6V4owa9(5v65M=n53Wu0KNl<@Odr9@F<;Nctpf@9tn+Z1;5_f2n z65H#iRfXQqr95rj4UdAXcGgjugoyl?moZfY6kd{fFwH8eT%Yuu?G@f*Zk(>M>3xqd zHCgAW$kq)ml3t%|z!m@A*k2bO-H2_zX&ROFH<+CaRTlV$#CC)WN{n!Fj|&ZlUhR@C z-P`Dsm)RmH1TRwfkY7b8!6MLspG5>E9g3=|Q+L{07wZ9sGDq8@MsbDZd!HVRX5 zDSG~!KmkD&bTNnJovWKyVyWeH7fXBXb?Eo!T;hdUIA0gGnX4}Lqk+jXpHx>}@(qs9 zlwL1cDf;q#{3`ad&j;QyI*fQumo>v;T=ADxkP2<-Yg?j~J)d_u+-%g|2v+rZ4@PZ~ znryLa?{qfD>N2~Q-p1w7GmDG&gZ~x!%Gr$DE_)D{3mLoYLU!;%rVpOtKyZ;-mH=#- z%`mvhR3z9KwwxQ>A5P9fGmw`2Hk?e* z`QQb*IHRocgUAf|R8E!-vvdx{L7jm{-WDc0CK&qpYt=-Z82QnAUoU89drj`?4KXD= zuaJ8(4qHZ0{8C^~e*I^l=M4Yrxs->sR-W8coX?ii)h&69R%2-2*5UJVZt(07w*qn) z^gA%9p4QVB12JB!1eI-&JB0#feB=7KN)7RsR9s9CclXnx3h(%@#Q&r&hE6z%mVqvx z<#T~&*=_PIc@QgLo~upDJt=Pb?2CAX^zaZCWcl?s1C?d!oweYm*9t@R($++6970geL1;g^7ibpBEZmB_sWO@BMeS`bO<~9E?P}=oMdUPARs!K-A_E4!gt6e-y+3paMxfrZIXH zGo}r~=}}l&uc(5GcmxeJGNUElSg{NZ^#1NAGHYa_vWkAPMNu9TvIx~14v{h~Xbf2R;UC(%(oPnZL1o*>dOmC&x5t@7u0 z;QV0(@g{{=z*fSYDbEw!{QN%t(~-ds$uL$l;G*dF<+lXN7KpE}gT%FDe~~u=M!V>3 zg*o+~h|GhCh33Y0Hi?@wsJY#0)D$M`z zoNbv+Pp0dBO4)Tx)NxZ`Y5jhE%Rc^UnZTIFetwm+S)-o;w&TqNZABwzrgu1dTV%m@ zkz_BUa3>5hp4p;t?z=|nG$i>rW#(#*G0xOS@kenrTG%8KEqau-H ze9r`#5~62{g~ID0@7+&CIrVC~U`t4<_^@}J7iQvxI8^-G`dKrgMm&A=4#OiwWgJol zPQdH@DI~aEaIKbMmZ9&DlU^YNr33AXoE_cyU>JXOL4r#=cCg|N+QrXG8Si6JWNGa8 z?xUi|lZ1t-t~{*G8<8)`KJbI5=<}XEq1kUX03DAf%V-7nRRAPV+MSDa`1%;^YWwTR zy<(S!1K0UzJnOCtXLPsm}}+7quJ-+Vn4j?cx-4dgAR z?heL3U%;2Ne0G!rlxxkuhFHkZT0}(2<*VxR?WYX35}}*NL!sRwUYEv?zCKlD2e77jj(Lxe{fQRR$E!JkriQ*y zX)R4<-&;wPSdpOPuKF)Lw&}hxBPSZRi5Wbvz$&4zB_nOG3&mJ|-}BcsCTn|6FM(mU zoxU{mByCq?e|Nsdp8#$Bc-(pVlEUddnHM3FW~zZkcNB~l!+#ikD<@FrcWDap7anVD z|0Zv$-papt{D+lk2TecW+&j!q^8=t$ZU;rVV9LZsMTxZ|(SQ`dzi>#tS3B?us)Tbp zVO*@+Ke5i9a~h60myg$XwKomC&aExC`25be0MfM0dOe~F^*x@sTJ!;C=(H*}XS&8UV@q zfvk5p)-SjvN-N@<-Darxtcc`;9j_9ag8hc-u`r&!sKiw+@{`j#bTVFf9@cl6l$5;` zz=>`LbKyLZoW_Txe9M&z?I@i8E~c%`MJjIkT^v&fq|NyLSY+YUW&18{&E5Fw8DIAR z%%Q|Y$jKLVtYpf%3A0K7FjDr(bPrn3pn_;e$YdEKqtQxkS2JRgn2=3(Kw}Df4I%v? zH^*yh$?VZ>=>jjZi#lPChX1j(v=EjMQ9A)^N-$rix`4-W{&&g3FEdQf!-*ghREk~~ z3Ct^_QB#P|gP9$LD>+ik8g4B8@ij|e``Np|hzMc=0s2?#ia;pLOAS#XJE7+Jy6uC6t+OD}$UK~1V; zlT`JvOGxXu<%1kFC)t`}8fpJW-S8WBMefkZ!bg6-Ek;nT9l1?wUaG~DeWM_bZgQt! z%6L#E;NO%lYq>pAx6i4(47l>7)Sif0yy2NuJQ!y^BncY}m9fS%G5oXi$WDCCdVIdC z^lbyLS^F*0P;SGvDKc24ZVl@AE*RK1a40-6?xW0up!Tj8@F2H$Hl)NCQQ)o^J_v;LzfKDpsZM8Y zH10?DvF=w@^!&&E5Az;-3Yj3N?Oc}2;&oDL^673rJRvi&Bdv<^xIGN2to<9w{yvE% z)M(i2$Uxr{5#ns|I9EQ(J#;O!u|c45pavJN--Wv^xN@WIFIAR+yoQ7!o);ePmC{3- zdh$Bs#{95O9m)hv&K<>Ug`hg?IQ!w}nTaeLyM4lJ(>6pFiiRP|VbeMvfFD z-hsnWm_lJ>elvY0A(1%#rB$ z?|*rBZEo=ZxvEMAU=TUaUr|+l#$R-|#=-#!M|8=h{JLBO30!RF@n8LT{#}Yj9wHbm z#}3N?YII62DBaf$`47_qG!F96DB2O-6obH@LiJaLQiI2frlW?dU(DAl-M!BH!;rOD zP=>^#H%F*y^UY1B{t2`+TtoA)r~5@)Bs;9{l)XjVPVp7ayca#Ip3TF>7U23h%XLlK z|9zqIxi}aM4~j8)^u1M4S0A{4^hxtNqI~8L-&*VZ*!^s0>nmUPSVsM#FOdYJBIvqv z&`u4y^NFsH@}2H6|D=HrA|gfQdb&KFO>W<~)dvTF6@Hi^9pZsmJKJ*^*l&H!jM>2! zj;_=aEgJ#>xbvQO)l(H;gyvyVZO(b>m(7^CH%}H!qa5u*9Ouj z>JnXmlrN&0E=m;C*yMgdpjk9QmzS4o>5UATR%l46_;KZtxr= zv4dIjSFEX@*V%c`3msAnxh*}m<>f)vcbVBrN6c%gv<&?c3n4xMGPDCvVYsO-)33ti z&TZ-R$(0im2alWVN-wTibsD3r?S6;jh};A(-kz=Yz{vihcT;xsS2q7mU2FZ?1AD0I zJvgWIP3s&r>lgU)=v!kq@vUjEq8}i_3^22oIb)%?{QD@mQz9}O{WRzmP!gGOKf$+3 zN(L}3!`yli$*$v48J`a+%T?xh4L1)Z2h>_iXca-gc7&j#QjC7}>V{1J1Al43s=bKh z>fq8J%c~{66}Wv>e}(jSd0<Dw{7*ksce) zauq~iyybe19UpdTOAP&J?yt8t*Bv@n!iP0NN3oVR!%res3Y7L$TaNn9c zUkd^`tH>+nSbw7gm%|MWHH`2Zb|4%lft?6@9gmDQ>uGN%3&XLzP{zOdf-?vKraIC{ z^F%YhZ8$_pdCa+p(A1+#o$_jfJy-UGkdnvT=Y-HzVr60riqtgAnW)p{pZx&EexRdc z(N3dqX?5?#`}Irw?qI%}Z-$+o-m9qqWHpm3fOfbPYyVeic})qn9K04=?0FP@-jW`q zG;>yGPn~XxSfxu!edKNUw$pgVt!K6|$G38lR4n>zxB{&A6`o!{V=H(x65gv;z~%F| zassk9pTQ2h$q;bbGSMNt_V6gvZb%@tYYvf?n%Da9#VW{@t1HUT+=v*}LxIG;?iFlF z$(5(C`8uT2nDfsHM~8(U2q!si=^XYd$z)c+Mqy6cCQwklnLiOxhpVf}& zj+vR6x$o_@o}F0NdFAY4y3-2>YCPy&vgF#?1lhf@j*pA}2kosaiyw zzADfGgy@TIFdP=s^PjZi7CbI)2FWbj4|F(s{aX$bh-M}{eU&4=1ULq%5O+V2+Ya); z1-PyO8k4*R+~X-GTJbMu22b~FUUy6i`=@N0Cp)xw9){TGp~vOLb0}nPRx4FP&W@&t zoG|kQe1teGPefWgM?GQ{2eSE~jB14==1Yss*B8XX@UuGy?RXU>j?EUF={z;* zA>n&j;83^R82_P*FTZB^>8=(IFGKo!(=}c*Q~r8s9y{i1>+iqmq5Y zMRHp*XnO=ZvKsmcLCm3k#j{po@iN5uZ)6z{e{V=32b9Np55jK`>Xw()#;TE?XefZn zv;aX8c{p<-;j;r4-b2IR^GP(#`bE=huNTSevF|Rf4ovUwt&pYroYJvl_KfSSVrNP~ zXF_E1rGII9d_WJuuLmVxNZ`KA`4gX!{jHsa>9Dz`*;?ZrXKB2I|7 z^X_zj$0=rb_u7Y65YBKty!FW&u0t@>xX$S}hccC@c-e>$0Vd3<|60dcc+AVb@y z4d-MxZNyW-jQXqakx~6!FhD+09=vU$FIi!0ctCoC_Ijn1-^uS8xLVqBfbgJ4@KF#* z%}HJT68c%F&%-~O$M`VpEka38;l~0Oe#EnHsrEhWPDHi+wE)EtiMw2Uj0>DQ+RUm} zEOaSNc~fc7aZBktpd_law2JU@UP`Qlk;4z%u(y&DQ2_{uS!=wzpRcwYYa~boa|NSG z3I91plR93!r5yEw8u0WDn$4VSMBU!#O_np~so1d<;w)af^eTa_QBqh9+x3o``-d~_ zH=ediiGQQtx{n*C@t83|eK=$M48IB7-yTV)4te2Xp{9Yn*p{N8{(Fu4b6(IAl`B%R z>r@Gklbx+J4g}h}mietoP4W_W0yL`NBm}MfbhKW&HZ&UIMsN`K0t0e!OU2n;~=*@5}k)Vo_`vZ<9dC6TSe6&%f$MIKRTW|%?$e}RLQ zO5VLN_Aeu=T`aoIPewr&3%fYrKgz1+NHQLF>>e(&RHN`(wfs5=Q7f0`WM=MMf`c;E zltheD!F%~c_mRn^nuvwqaIB_lUa5IM9A6kTXUb4vsv_It+OP5y_{5vf$aq3zFyq5U zuHU^=VjTL;>m7P5!IUk-JHuLvA=GXcndnCp|1uajxm97e(Y;iwXIu(93P_nC4P`-# zy&rsm6j)E|kw(<~ppxEtxz3A}Sc`W2X*C$#!_681CIKXDRMzmUEDDP{gYAJxbPB&A z%?sRIUlkY(Oh1~WYIVHaE@fmyJ^b@CSHfsx{@?jiL_7^||Tx7;cA z^%W(yc$$2Z#XCT~k7pgq5r8>7%g@iRv7Sl+_6CN&j)2z#U^iQ5DdGE&vemBF;)xxC zNu+9^sd&0MI9;u$RWm7nyJLRmD+;=tJ)`oSa!D7m7h%?{$aTz<0xpfSt+vi)H~1AS z8JU_O|K2hKDqUXzu4^Q`O{u7MDb<|Nq`YbQMBN^h4nrQUl0YN*&{wXxm(_5pUGQQXpJllkp&Xbt85vOBPBlP`PAT47cDH* zj(46NJ!kNMi{V}rrZkN_rv_%il{-NK`w6b*T(c`2^59CXN8LuQs%k}%`+an}(kVqJ zWl`piOtW-POFUVI{ungmu8ZG}Yr^H$SM!~e!2pSl;>HRRxxHA-@p1b0tG>a$FowL& zBg+nKeX&5rUfKI~3S&tZyTEd^+&a}3l4qOATVq?jRzG0%EgPx*i$mmjMnNxRq4Ae_ zeTCktYi34FCM)~yg#heS{AyM2J0LXezgdy9r*W7@?=}r1{MP`pwnL97#i0d{swO`!4Q@iG`xzva7uW}z|)Fs zWEto-4Cog1zwmxl%JeNnn5#0o0&Gm!q$_Rhg3>zdolvJdrB$RCtgq0D7R zn8G>*#W#E=;@O=q+iYn7)qdW(hz1C3!$T=dpR#G6v`W`t%hwI76i>=0Al1brt09(M z_?>*;d)`ZEdmTy;sJMlSQ@GhDBIP2dpuhuUZ0pX&7)2+5tU zt5XV#?qSwM%(K%OXcR~Wp^mC?cS&KDlStY=^0R^ae^!pxMtSjp`^$=VbQiriL7evq zPr`!_4_I$!*V$HSA-kfh?xPpbkOG_&efwn8nUy`?oWVhhMRDq6$Z1D+Q$cC!WJYgC zx4*isI#lLsvLZ~mT@ z%CRSH&>$|jJ1JO^y4$C2-!&&ttKy4xgN1Qq!eHZ_@Y2Aaz`%>cp?Pu-L@0Zm=m-#dep^2T?#8Wa9T_Q+D|Kb3 zs=6*1I(}8`b^a_qPV%G#R+Tb@Xf>kBM;^oM0rg>t8?17_A-MC%*H&EpYp5yk*vt(` zu17c3;1Ue}`&LHiCA&5taWd@9GruJBME-i4!D`LKt5k`T(PtwDE2w#Y-Aj6fL-8H9 zv~qPz76|ge`?Dy^59zGYL92#J>fOpkv86FGorzfhU;FQjZY@3pqA3CcuL`@V6HRfWO zuh>NGOFdOSFoUC;oS#W0764+@3ZUeIYu{AsSV!Fv0;=Ll@*AVNL;v{9FhEN*@L<%u zttgV=9lA^3cE>7pQc{2So!gpZwh951f5;la(}KC=%MNdI58eRlO}QO+lEN#8nb`ru zuj~8zm%5`spfts;*BjW7rolDnBP=7rpox- zzOItS1dt|Jku(9~H4#S|dEVPw2nFSsp3hpo+BG+GuVztWR}e=xn?Z>En5N*f%POqB z-~yY2NBvuwFaYV@gvUpfKt4H7k+vqwwoIk4)#I{HZpl{pn zO&DNRk`K+snWy0=NxAxIR(II-1&`28J~0Cr|;k0 zzv}3*4+psjn@vFzA%8v>%cs(H+WiX*pQLoW&R=x=SUv1NmW_By{{zbgx!jRxsMpy; zXaLA6T#N(oBN*>9$F03^@llf0h{v|}AUnk3ohe5gpzTMgiHPbv{!SU!GC?=gM@oqW zD}PX%)GY=ElTNkJ0f3jXuhiVo-23>+lqH#MX!PB-srJssn zvX|$~{r;pb#J@_bAiMk@e(%km z83PojT4zsQi~f^TPq`B?X)Y1*Q&~O3(#H{6Uk)aSD%}ML9$S3xzaK~(Uy2Hk(b)z3 zVKxY;w_+r?G?Xyi?m&qVd2YD$4EyV-2UT6_6VwD3Ih83cATCA8vWtEK05h_Ye}yAJ z==a!xn5=jYNU9DC@~P5AhbI{eJRKnHO`M_iW=vX*`5~c_wb7)0b$1bT97lHrYREp4#?C06)Lp#SSv0cy)R z0A*|_W3+omT0yFvh8`&P8+Ze}+209;sX*!CKyC<_8gOCMS>yIB&3RW7l4M6ZChY%cBS?P)78QT-fdV)>AD@ zle@vqZ}@`rMxt9n#u)*S4tyM5Yp)82A>PEjYMr@!c#4NY9`WKlEdQrqOoZ}5BIZTg z!?hPsj|C78pk52OMFrk%DrMVNhs`7^P?6x0ij}*1_=vR3mZo4l;G|KCEpS?p2!LDT zFS4i7hSz?UpKe-aL{(hx8#_~@rZ^kL2tXoB5L&l zg_vgzzdwd~A>Z-nN2iWuDj-I(EthLY%`}>L4h@}%Xw-KG(LdN;>VL<@{{F9L*s4#v z$!rft4Iz$WXK$~g*co1OVIR<~5szhP{1le|vZEiJLuapc_JwS{(!Xsek1{ zq9}%yzQd)4Pv5MuIsz^rSXiJ#A6f1#dRnXEFaKBi0UZ4waswQVWBiK*fb(n048H-& zfr4>s#h)4jj*1BW4GVDO@_*|Cc+V>2UmySPnra{y4jFRBe)@?Xto$S?#%S>-S<4Py zS|XdE5O2Ohe;v58OJ_!Rwlc>YzN#_YL1-lL~7_W$B00 zIOX&LjCUetksDlEv3(z{uy+o><=3Xl)2gOde11B=DRnaAM0)^Hv%{D#+;J-05vR8` zM-9sOVCq?r%2h)YOTU_4A^Go2Ei<$Htp-SG(us0RVH-D#aM=&k9yomJor!?2k|$4n zu5>JgAnr>GKc?-5ijDN;GA7+x!7&%~f4$PJGS-j{C^wXgv<^>qWN34} z&bFyqGBT+?Ix%BlV5AA)@2?t9$q3Y`8hC>}dS^G7H3`fbd4cYV?~8~kLR51(nUdx5 zEp^eyPE-TLhOxWWMz3ptd9SA;W*OgD`LEFB4}#}&esmwyFI|NG{~xJ#olQQ--giY8 z-!l*m>V78)k;lyG*Q-FIxAip-nU~nn^N5czJU+vtHqF1R~?w_!_w{U3n;S7Fz z*>3cn5PDI0U~W4p+fogEG$IO_lXK;D8ujU-e_LkMC2ll4OnfBAB9whU4FHv1;pyqA zi=ACaVShh4v|x0r_?O2i5laTQ`9p#{5&e@1XE*p`C~jA}fo2BIqg-ak2sC?SXz@PN z?>E}LQ!dLJDU!FXc>#>!i}jE9^e!QAKs#&qDFTc1Ah#yh{N0 z)~k9DP*|ukk*>5<>t>DZw(Z7L7o@OGHX;O_O&7)5%*EStKDG9o=O)@smXIB6fbxb} zf}p`YpMt4CLMQycy~YuX2BK)GS}c@VF2HX%JkKn^>gwwsII+6fD&=qPG>Z#0M$Qa< zvk{BaIPc9HMgDn!ZU`n}0mKjC7g_VQHZ&QsN02U3J?=XHJN`f04vws7yG*&Bd0+-U zj01gx^C-}hXrTA!jaDw;nH6o&Q2N}h8GgNM6dpVO=l@fH#c%4G4#B_;PPN|l>4j=C z*Klc)Did;fJC0#Z7pwQNvawzK%*&eZgTbo(NY5{(LYrMrD(?NbY5Az1ZaWe`l0b)50?G@6CA#|uSv^l~ zYpK9Z*X>2}DWH=CRK@tNAz`(;%x*igALzL4iCy=EO0_D(%^Riu4VxH#N{j&R%WUWe z@}(k{!yXie5BG!0Wo^2dryP^Nhh>fbZAmuN=LnX<-&ggE@(s4FF0vxf3>8^M|G+@x4<>)HtQQ(xM5bJVIH!nelV&>qo7aSx z@5fL5R)LdN!fvL0ypFP=I~o6e$JTl>>399o2k$Q631WoIdu-yyY7eu95Po zTvHmHV^Q4_IdSCSpRz{sq`mOC>JN1npU#fJ zqE$bo{#IO6LqYn>t~JKCx4_Qh?CWG4%HTl_mCY++jy9w+cZPL7FrUTimwK&HHO>xno{M%&D>FnWx3XmapZDsi#An> z^iqdr)oxX@lssluW`fu*l6=)-@vW=1ST{@z3|iBtpCtd0r268;i`|yXMeh5Dn3Pn# z6}d2lKalcYwMHL!bjA8l(ZOf8)kSBzflsFzR>F5rqy3mD}TNqCP$Z1{dRvpOHrD_!(!|HVu8=Tl42of z#UaJn>B+lmdtAVqaKkT35JA@K8KSkm%{PQ8#1xVcQ}QP`YGm>czeO%65!f^OTIAXMHmx-auvA zv?SoRp|7Y-mywhq$$#BchUF%q^!{C9wLLw0hLF)3WYBT#@7o;Z9%t}WN!i&os~lPz zrf16AQ3yWQ8>8~*I3pb$gFbZYNE-?K^Wla*?r%xddJ-v`C}MgTSRtCa%%4-A5TlMk zn1{rH=VuaiXd!dW=k${(F8TWT+Hf5a?oAKDn8LMCBTd237*a@udI7-{Lj6xKwWT_W z4YYEAjh)?%PdE`BkIO9>WiT6X(O%LW zR6+eiA9A#Dk`eP%HAte6B_B^Waa`k(56@SL&UQ}W1+uG^ErTha3mG3pY}0d8tYcc!Lo)P? zrnaMwuSP~WBQ=(49WLPhQ{jF`aS^__lZLvTdil9ZP=Dc@XZf}HwL8yk8S~}yIY4mk znn_tw-GFe$6;*%`6us7B#AfSLo8?iMIu%yhbDkb&=;m<2NLsT@2;G@ZSyP&M#+ToZ z-Tlj$cliy`me(G%d%O(B&Q9gj4Unr4USB(>zfo_kHsuHI?uZ z)^OQnogb_cjAP1uD7KadjAI|L;Id(I2Ogy7Uv=^LpH|PHa$hk9cOM6j|CT4jC<8J% zdoFx%Q{(zk0CsO)@mM+j`Tgm_WVvHxWF%;(YrdA&;?S7%($0>UL0vz~zQ$HBCnAD{ zn^^rTgSus>{8$YW_Sn(oTSjKfD;wwvKV#54{unc)D?W@2$kM;Pp14hDJXgsd`96*s zqqJF$gjt#N*^6so=z+VPOjFEOLx5>dWLN^kL`Sivd7hbV=M)r z6T5kJ +Asymmetric keypairPublic KeyPrivate Key diff --git a/book/source/diag/public_key.png b/book/source/diag/public_key.png new file mode 100644 index 0000000000000000000000000000000000000000..ff548d8878cd9438a0b53e4e5191a8f8483ca9f1 GIT binary patch literal 22676 zcmdpeWl)@5(Bie}*HT8r6hG*{W+kN_+(+U10FNKCofDC~^&^}0uD?uR8aS#X;IwCxHW$}JZN4&D+ZiVv@e@EG zq>vBdB43=750;$Nu(t`|PS_XXma?6oaNx@D4shI#f5xXKS>^vtlEE^}r%p8K|JY#K zJ!^i@q>l&H22K7^*i?3b_Zq{9qWpbDNc_25DnAl?#Y$rXKEJyqtRl9EICyL#{tRI9 z4gwD=64bc=USauvy_SP_Adp`ra>^}Y`#2F$>>FgJYNlfJ@9FlVh}evX_!q)}0Wa2q zFAM5^r8VjMq#5&hS^s(<4=?{F&qoXF3I>0^S0A70|Ls~kvSrCcL9sy=ERLmjym-tk z_`3Gd=wS%FO@7%!E14GEB$vY*aq(xwjx9_1SAIPbiU(H5TDdLEqK_Wd-#>_d3HLzC zdBYT(JGN2EjR_t+s2x=QGgp#l>F}RpChfcI#t=w48QCY=&8lYVcRX-ZR9z=$XFicN zc#zf6wM?}pE132MhjzcROe>S2nwX3X@?@SQKhY*)ksnYd%Y~+5FMCph7$9p`dl4pg zu-H`7ZyPIvWX;T6X}ti?#5DZ8LwpN&8-Ka>7Sf7mFXR&!XIxZr>o}GcBoyoYE~eYC zzta}t9cw zdK?z5pB-Pnel@(DZ^;*6j*($C>tvB@GF0*ntc&gl)Z5x~+?mVN^qpBpL_jC*{^1)q z*13Wa9n;O%=ut5jR?>2h+0{k0Gg&4uUyUx7t}~+dL0p^@HI6HR6j9VM$Ex#@jg8Gp zyuuNe#|3(`{7mSZzpH@3hWwg)KU|^CH6AI%X@w_SWPg95f#&Y&XzmXOx00(XJi0iE zs9M1&Ar@1GJrkKw3j|A~^&%(DTPEA?Mj%(ihZHgVnTs?dNv!a~pEhJlTRNi0#^trv zYg#x+P)LZVmR2$Z!o$N;eeT+{oK7}jR)vfw(Kyy%e68WO zJ6*T{@leDhzq|g?XVm?)BSyyh#DYS1z=;-JDax0y^LoiMkIily6_)E1`aREi+_ zcw=_J8!kj>vm^~k%MJ*eNTX0vr?%}?d8I3xNXObFq(%o%nLqo4hE^=u)U6gAM>+qq z$Tkd(D{j?xlIxCF>@Y8+5hTMbn0fM#AevW3j%&C+>bVwr3@I-!mzjC4bAU^AJ|Mf; z8!MXUtg%`N4ppC%u8RtZq1n)D+B2T*=hz>skmBOMyy=J<7{DX*;CB*?Am&rdPFcZY z?(#ZnArym`n2jLfaeeD{Ekz+90F#3?@+T_`R-*`aqbH*MI5cj)c%ZM&=ze};BD34( z4WSqEdCLR5zpF>~M(C4PfNiGK>TvIeSFliooR(d;zfd6kfj#u|B;0?}mTVH@(jvK* zJxSv1?F*7M8;y8$+_qfaqajxkX}0LUmXVQ(wj;x#F)*Ole%>yRjd$?n%|)^?x@ z${6hE5F7h%JDBKWw}dR%A-+%TTJQ&yO1N6`?pOl8{^)KzF5A{0= zH#g3in$Fv|Kju-{(4q!L!c)%f)&=Y>moi`Q#bnzOT6xjPr4CO@oH(28t^91Z{ z?5BOnw=DSKh{&j|C+WVco11yk^jRz7NV|jn^6yiUv_!$U$**04dh`s<@Go?)p@dCoUuP@jA<_t^ z_g4Mx{Y5SlJFSJS4)#yEWJY~zk9^=Km92rexE}{Od3*nV+sHdQB@hd$+|T5<%pc_C zBRWAixTfby)7e({hluyW()9L=SIMm#MQMbw<^B1I{8K6OOH?0RjNT7g9JoL3()Vf8 zMrCSWYm}-h)fm(&tY9F*d7nsWSyoAE<{FHh`0pn-s!Q&#_kGnXghbp$$yJJVRF7?L zK@^sTkn>hrhbAx&33t_0N!8d`ER+#yckoS_7N_UrAbe}N$DQ0eGk3e(fwyK>cv(Qr z>ch^>;EmP73H`>*)XuXE7Wb*qaeG6? z_)JW9G?z&@&dvq};Y~poFyGNGDz&?G#SfFbxxZa|bXqRG{Cl-GhGu0|{Br-lOEf}3 zD#`R{-~?H{+GeiF+_^|oxaq0?Tv?Ew#M*lB$(adcVILh`*c5rqU3cjLy~f9X1yNeJ zi*A<(0mjCSK0n8m-trN{v|x&vd+63sw3&@1!iGu#@Z(TW_J<$8ztB$6;C=8n|3R~# z(&Bj%-&hA2zJ-gJm9_V+?`as&F;1y#X`|sb=@;Zdqkr{JQKvvYih{S6#5s9zZ-zd}{=7H1X|CO|Usa&qD_rm0e*m&Udm zGs9uX==xDX3C9)4;YjqPRgI-&di$QWsTmQJrQZI2c!=Cvp}*tqgZmr?vr#g-vanDc z0jT0&%K%L1Fk(wDZmNOL#55kEf`SBK5QUi=_+Xo*Xy0vnJ65?t- zBnYTLLy7QYAaUQ`!d(`xeIFBGsGQi0c>NJg8)2-d7x_= zL^&T)R`nvR7-edFz26CgY@v$ip^DjT@l4nWA5X5i@NjU{+dDdn40|G~N@*ro@tK~} zL-gL@;7}E+S4biY&u4x3QJE!P3`zc_;-8BxhZWmpFtzB?Gh3>&7JT<3|Ao2-f zxCM_RJ1csNtx&Iz@F%@QL1<3m$1~#kHkY#Sog1jMCrlVeGV9cn^D+vY|C}<$ zsQ5!Sfe-6jg&m;95$4^(!^9+CYgU^a>iGl(5d9wmtFJ~zS*1oFlD}l1#q}9wpOFhA z`R8&5<67E$vM(`C^L)>iB@r53T+B2?SpP5SaIYxnmkd>76aN@5LuLP`JW<7Fd64}| zWC-(2cR7{;LbZ#HUBhXL1dEpZK9P5(V8U!IOC>X_5_|jS@N*_kKe!m~toHXPO^oZ; zV*PGv|8}bA_An7y!}!Gg-9m*8)4MsV1*Kp^Tr@W~7qU8Txb2@K znYt@F%6la@b9VZk@aaL!h>txO-LXpue zO&v?Ow73ZU@?5AyC**a#K%4-`-mu1ErOLDKOc_BO6HapMi%G0>h|xEfyv~VFzoW_G zH|^r53)KySLqf_CeMp0@T={cVP~&Fu$kimp#ib$AiSOSCeUreBTf1frm zTB!c&;jv#;oQ5h#Zz}N;;%%kf@P)vjC|sOeq$G8z%<*2HLAMTGzev=AKCz_~3 z&{bZ`eTSj}RZm3#LL))>tKKL(&DmSR#T*kNi|O06)ChF6n&2%w_hZc*|IMh`WHEH- z*uaQok6tL6x=6Yco>-2RpiB+*@KN@6CsK5DG_J@iO4RsE0PTs2(SMs&X(UGLf0CwD zij^oeDUvA|U{?@iHJfb>+SMrf`?MtRtaP|gCGy%!D9hN$plxPFA1o5s<=x#XYv?pL z9z5n2T>pPVi6D=WZi&({;G$@0Yujx93cf7GV01 zp#JoK|8NzQ5ma}MOAdC(L4)z zr&_RZ@WMqZ6u0iksPHh8W;nziJ5R1NP!P)nKYh@M1qFw9aIHN0{b_|{WgF{l7Yocx z5o1PEz{0`74#uBuR$yX!1bXm3hw8E`O>B_8W}>6YZ&bo`_0LHk6nl>k!DG?WArU-G zPc7ap`?UovqxktR?iVFh1y##cV|zh&%k_B03VeorDZ1G8SiCf`{nAemVGUP!a0D^& z@x2j_8XCH11n)0ikM34-+h4r}#Y3!8V=Vi#RO9uuxs6lFvnzFqe5ks0O9a&8y)bz+ z>APF^+jcxf@iZNQlkNiM$$4`m$VN|?xLU!dtiRb5Ahm-&1rgQ6=LIQ%fP(bnH8yfT zz5&&n?DXQz!|{xSTGclJQH^S0&?W6@yM5Aw9JL%X(c&N{3&i<#NJVZe^4yEH6R z>`}{Zhn039CXV)TXR%If-#^Xkt~*L!j3!tmy{gXw@mI(7^=x-*w(fibhk?*%`7XCP}!*EzjL=6%-;>(6qOw2n<9b+e|8p_Aal^ z3d`5)IjN|qdWY*^t7PCvNUY=Ks5k#@iP1&3PE@#)g?1UVWe?O^6D7W}t#AuILw+gOHq@U+q@3%RJoK zRR}QB=p#PA4TNd?A3127nTCg}?@GSnNNnm1ONi)`@e2s7t{;T?_=x^`gSvGtoH7aV z_GuUW6&rg^JFn^YxlNCSl%5X(*&lj&S;sMvK(AUYDmogeVh$C+qlPs7u50Mr`|D{7 zP73f-)Gc$dpo5jO_i@;e6Bioore|T^)z%&YcyUjQ@H) zuJ;!kJ3G;ezarHoTXrt7S6ND?*@n=cOm)%(W~{`~e_7jS7U{P|ijqC|xY@eaHh^1i z>NcnJfq?y!S)1tUdNb3ljc05;tL~@cuasBlw8WNIIXyFbuQNGcET^)CB%-5}s$5** zROr*RssP9}rC{;e=c7CrM}i`&WjtL*jteXtKYjY-ec^x}J%iBTvM>D# zmW+;0CMYuSJq?YNJ|`X@Paj9|kEb7G)-6}-TJW;uIeE%rh@Tu17@mql&r{-XW$=HW4 zDw*=7bl9()4rcWwZc`7FKdZq64Di0Jx}BX}*6k>LGUXA0d0rde-o{K0hw1u4ak_b? z<^a)5nP^H-5J9RqIcBQ+!`PGUX-;{J()d7@3jRl>f-xhy3N`JoDjbv3y}i<>{lxL8 z@l&g%&Wv=fj4?ldQX>0{=6|M}LN-rWm_6-qz1o>}R1%w!0)$vZ=9JkMa|?@ME-YfT zsEGlKI)9e@C~e3e(2|sAWl^uDl zj%Qt$(qG&#s$vCsH-U5t@*5UGT0D{P`6&e zfB_A0Nl9b?-mzl)HT9MHII!w=##*db`p~rTq6NTdF&<9!9dow7=CmASV`Gm_iJ2Jv z`f7}^dtpJA!)kF>9!umR?n7Z}_BY?qeumEjMr?U;su7d`jIH+D-s3YB*j{Q4X!(n3 zP`^{k7%WU8a4}|PW*+gXJ|!DNI~z-OaXwF(yE&N{A)5Y2W4~=U9cXX!?|>(;%B6tY z^#E4KdF$h#^R6Q$RhspVUC<6L`}fVD->=rbvdT8X=Cx1J#pKJ%P|7sP)2uBH?6GQ1 zlhV;4gZ9LyAtpx4bS#(3u0S@eSs?JegSLYkdx9J-6O)Lksd|&H=BH1H5b)J^HG#5I zq@eInsr2SveamG!i_J*X)LasB8IG-gMKpaA zcD?M`q*LOt)wRowX^)k{TiqfuwWM=*y$_SEghW$C0MG`91CO`^3IP`87(dymMTQB^ zk{-6h*Ke}TwD<#OvWp-2z8^$EO5Zz#*AN5@>>&ZdP_#^*W-K1ZE@m!^n9I&YGgcZiOf&$*1D zUCbb)NChZf7tB2R$H&=26NZA0m}l|fI#~X zeE@$o3ohgHxYGg@T3Th!nRI$H!M?Zj8xZ4?;rJ?fMaY19(I2WuBQl2KWSTGEW^zrKzI5k9*`aX#`_g@Rl!J0jFO9{R|}*`N0BTf;z>Js)ux z?(E;lr-pS*@=+UtTevyu(Jd9aBL$pt@bjWqE5B{`O{R85}YHa*!5Jl0?NVe)WxZ{SyjECE1snMD_YkO(+kI?ToSfcP5>%LP-y6DHgMd}uxN`)b3HsfZsL1*Z#+(w z-U1r)C%yiFMfIwk6;t)`VmR2v_{XE9s6HcFdisugl3@`53IRHOfo1CIZ_3Ln%FM5I znLTW@v4{uBPOii98!2)O@3qmXb*9Taz zf3jNAA3Mf2XhxgNxxv|w0cE@y#) z0gkm{!w6UbD2NyWhMydD1suyCcl@WRxNmAKi{DgYBUgs;xdcbod4w*u6vIk?)(sq@Y2657#oj_w8SDv zgHt^s_{cq9Wr_yjcG$#kzPoa(t>^AAtC}|D^_eqh^C@`>eH;t?^QrfA9A#vF9?<%J zX`W9+fRq5;MLXb%$q=DKLPA)ao>X6Sxs_+N5YtEjKOm)%o(`%5Sr5ZWKEWi(?9&&m zu%>%-&?V{JjEcmrl(c!{whf&wPDFMr44{0gc=IA(Bsvn7TJ|tq?BGTK;UXOnsbNF{ z&@gwGBEqk|Ai|!WP~W`x@jxCb{kEj*tbaFA)vO8`#lu-E=A+3}C`q+(v@M=658AnU zy;zwiyPhXrg&3?s-Ww|!Oj?C4o9(Tlq>Wc1o~w$@?L%QVkjZD;5&AyuAE; zKye=H3;*qBn@K-ZwLhLmp#jT<00FWX41}8}79j&9WpNVTu*Jnj`kpD1nQFiV=y5rJ zx_#RY;(cy@U|>Y*qOBw9LpHvFal~5u7{w?r!{qexl-OPjO+?kyI_N`?HY8y{&%@lV z_kMa_Wpneisyfz%6$RcGgtYxNF+>=2juvfL5dOs_+m$6JXvo#UlJ#+B;n*gUA*+qB z5Qtzg>WXJK1CWQVh`13UwZ>*yjEK;}H7CP2d!cne4%y^|lLg9ExD8Dkf_&E z_}Ui+3dSGdL|Q8p1i$ey#q`-+r+j`jUfwuUnL#A-$_BLbnx(K1RaHDxBK}vcD_&1~ zdvZdc1;gf@cB>+(~h|3O{4KNE= zh1OCtK?GU3HKAhr44S0>)Zz*+y(}34ZVpXm2aJlu9HxRY!;l<-ZS8#Sd+zc_mF30lspCWcS$X zp^HjjR^Eqz}!`?>McN1IT>I z0YKukUV?()vli|}=n@}Uoz#8v{7Z^x@)|b)&|^_9tOMWOy)MWsmYQGVRg^1gXdpva zk_OzW=|#P?E6o?`uR?=%s<*Sg{}g$(iB+J?1Z89wtVoBC{S(Uz@&-+NsVH!5To4K( zNA0V})<+d3OXbr=7b~6h&}c>$LN0iFfI>-`8c-95SMP*UbEzju!s`R5?}aM11XSym zC$=jok{8uDS)tB5Y%rAD;f5BSNH8QP)fx8j?!pIv86Xq)02z6<)RaDv%Q}E@;X4E( zIgdmJ`BVRm>S}5sO1nX(p<1WGeBr0oCHGu?B~{D##@7CZZ`5zb{1!!lZ6EWhM2(W@ zz9;m8ua}6*SJ*gs9TO8UU%$eG>S?&_Q*wGo&phjTLHBgHcJyuEr8;Mwo$!6B(C;F( z@X8C+&J-D8Q`0wgc1&cnEUi{HOzd9{m6?QenuWefu&h)Y;x#`$c|{FuZ3$!@9eG2H zjEvS##x}k$~;>mIz%;KWwHN@6A!=S(A4+Em$T*M0z_9C9%t?IuwC-8fCfUZO~4PN~>WYvFvM>$6rU+PrwahwV01ysO~){6S3udW$}cW zt(TB)n>T_XMxX95Hdzhz5C%MT6%Upzya_hJ(%0>*!{zKH;;gebmJVdEMqgd`o~|R(8N>3DKc*rYQL?2pdy=ZAFJ82+|cAAwTN`^`Rf(y#N>t=;}yPUwaNynQRLL+R3 z1BZzPKfwDb|LLd?EEVb>_m+;7hAVPG!SwMeI5>ajtxH;q*+!fXeeXv1LqToBkdW9C zD;ZYxkNM5$gE?LfH;9XZ`>5WGph8QNM?@$DaASYi)1>y zt!r@AlcuZ@wz=_H@E|qu_m9s=IWNSzmUPiQe_O!^N~|zK0W8Q%c6ouXFBX-o&GVb9 z`!tsQ4j$+2CJg;54Rg!=)V$~u8z-rTYD=5z$#)R%OF~Y=l_wLBu$Kj1awp)F8u{)G z-v$Z#fnyOAs?b`q^6Zyj-5mP!=eUez1ini1&h}2(Yw#U!`5Xz5<_n7SpW3ZUZO=Iu z+Dos65`7mJ`FpdJ7Lxlzx;ca@}8Db&y$QHTuMu~t!hMT!Zhhz*z5MXsp+ zYY=WqZ{#auA#NzCK70u~DC97A*KL4;Wi?)guC1$UH+r9*TZ>P8bX1$1WZv+7`>5#! zGlJUPB*O>XHMPJ#Bhv#qk`Nc&RNpBx|G);mdZ$CXj+ID?7cAnxtFTdVixTbpk3le% zy=B}556@Vu-eInK#jpqcaBbtzzwqE~m#Cuvl-TD4fwRrz2QwmM$yF5C`Uq2kZ zEZgf_IOm4@jMz|#-~X{9oY9?X;BoC_$;!$ym`U}x`FH+0X=uTLbI*!16r_n2#MEI(YS4b zTmS$ZuwFtdXY-Qi0F0^~L<;)7rrG$Tk{6W}hv3A;s0^?OegwaA9~!T8`fr z_@sD?(2F`mS!px8vWxrx5xVSR|LrzlACE~m{S#@Ueb1RaU3QU&o5GFho42SjePOt& z0YN{`az^PWkx)rhlWX{c)aREngY zge?J^D*NkfjSvBFX1xHQG$xriG0 ziZAH!iub!oAg~9t?dEHvz9*nr*nZb!*4qrwo|?qikpU|?d4U}DNnYgCYi@x*<@EMU z{wF6kd3_yX>8wfG*%@?@R|{4;Ee7d(^HW4MwIKPeQE z>D_79V&tDGJLBB$y}jf82mciVaAGg^Cr}gwPNiebYb+Li9D6>%0hh(iLChRi!(`Il z4;NjE>cpa-f-aj-i|o12AB%&6AbO|cTX-!Gdkq3ULHND4O4QOZ;SvFFg^RAQRSD*+ zEzKiBLa=zY%ip>&?f&KjkRBgZ^8M*`M_Y#!DCWR9(WW;S^kO;tr+J(%c3;hckIMa> zAKtER@n}OJI4Jj2zcx!#1+d-7D3>n+F}v}I2sz?Q%lx{;;){IvXTU>%QUJgj^rz;& zyUHHo{PI9x=i`t^jdK_nH%UHOyI1V(?G^X*6m<7+U)|ju8~r*aGzq$u`6^3aKq&-e z-~efPE=9b?E|Lb+l>~tZyqJq6p#at{-MBI@yR)(-179hy5wKL9~PqYN!3v%*1 zytV&n599xo7xMq}_X#UZMB&`u! zFQrng`TLVG9*WT=A~GF8lkFAQA%1?sdiVbw0`=&3gKG7NL@>~-9E}LX2U7^m!%XOP2$*9-?KZ&s8mbh7xpKJVuTW#r>AyI@ z_25Y}u4GHjh+|!({UbP~esxMebBu>&CtxKms2B4ke)IKNl32a&aR=w>q165TxgMXW zL*cxLdHkrPFbo|U&~I$ou`4gl?IvDay%+%i?(kJpc5du;wSWaN5Q~FW#4fwqM6w9t z3#Pfl=qxOYSVli2qZ`42R>j@N<-k$^LfaCu?25 zyBp!0FCsZgZ4!rmY%xgi6-aZg0&FN}w$wBzwr}2W+pY1V|E26O;hb^BsF(_2cCzTo zf8BGk)b!j|I&E2UZHa}s^q;X=^{qTlWS)?FxINEYl@2{3^c`$Xr@)e%zS@2@;?+g| zsVj{?v^+B0V)A>Ft&Py2QI>@|tV~S45lVxu(@Ztb2Sg@3ys23gGaV*LcOV|45=UTA z%l(jRXABMAnQjA13%j}?z;}9(*3$M#79&GGyS>sA=2UG3%4F>iqi-@ca+t*eF~vf4 z51!Mq?^aLbYABIrsnD)gRSBj9W}4NUx7fQrwX50BC!;1rN+>`h?*i}n?0Q_N>7VOZ zVAd#^qqNpVMsXt7saMNmYNf^~lYr{vc=)5C{;GAl)48$Pj3;A+M%nFgm_2yseAnXP z^5WcNcxX0w2e-8hoBVDDO9E5j@zlJi%}!>!nEP`2-r0PzmXLscVIm4>Cb_!P)h8D2%(agRUz8>*Gvmc=r=@@Z1LeoCc@zgDeD zQkz?W6>0SlaHTjZQjec}*Eqk=hJ42Ayi6nA?7mB_A|?I>2gL0oy+^4nk>E;o-TZlz zujcyBU=3@rSWc3f@?~QsFN52`J9o}4rrvC&hMBB?TLznP_R*?J?lA=vRkPm?2-qckUw7Vn4|{rrght>BVcRZ{#* z#M;lGCuMLv*MlXVeQ86!k0|U5y$U6Eg+`t$YFM^4*{_}zeB3hI_Ob$}P}5vxaWg+C zs2_ypSc_y{Ul3o*GqMD{@6vhX#cm{=(=tjh>EdSp9y5RL8&1J<{$%B=w8`_azn8N= zUwOq8kdqs{tW`9ZN{O(XYvPjqYd*)e8K)(TbWGR*m`k+4dw)^#Dke4LcHxkD)%2Led*$gIKP&v?0~f`7WlvAcQK=gf)iv9)PQw|s zDloTyuQ|#B`5z%~c4T~+94}lnScoJ6zDjEh63f#)dzEr>Sxm&8;!)OLce_yYNA>)- zjp71{APwp05K)o4J7GO)#sWN8)TOK6L_$6S+rzU0*Djmdi079LeKr zQs^pf;e7^ezn+Yx3W(fKTe6c~5^t8Ii4%Yo|pWt+zJmMmPnX zYJMooyD&<%$jP*+(>+`A&lU?@(g8Hz9{=}Fb zR>NHqG;Mgr%x*XVafgMw!&OhUL;hf6t-xWEC271)r-)aFh(H|mOu z#f{NATF#?hKim{8N&RRpwO~zjaW-%d97g-}MscIt=EE1@1f3@5qd_o~M3;)8esc6& z%9f2Qv)D2Nz|nAzD8{m9BvrP($6iqC{M*n;f9M36sbA7}E?hi2=8eg&LAstM$6@@j zzaCBVa~@ZyY$)f77A&nRQ#gkY(4(0yHkr^541mqo4poVc6^ralZXyzEsw6o)e8y00TRRO_(O}X=<>3_Fv4(J*W8AdYVOE| z#MoGFpX(Jf>KmvcrQ1le?11z6AXaXtcL+iU3))*+WnMyUOF5SCxydXE!uCxiG=-TOzaq$*$!CDT(@_9 zSVK4r7+7C7XuRnsl;-z{?MK(o84s`KLEmZ?ounK)&^kQkiO|24(+o+cT(k@Pc=RCXF3KjBSZgO3%Qq{?|9X9^(;r70gvt8hMP=$V2yFbs4zjFXVM?<@+ zq;8|3WDkdd{#Sxr?S7#3!SHETcbh~}_dHEb$4FP#(Jdp=sk6b@2v;3lMtAVqPbgUZlE#`d?ND=}t4QUL= ziLMPMYu`CjnBfj53#e`rD0Fx0gP(NXDa$!XU8y*RqyT7v^^KJ4 z=$|q_EH){k_iYQBS$4+*R(j0ky4Rq)q&6zghry!;RQ!`xNCSy8EJaUj%SiObU(&rM z3>z|zsqah69tbRYy|nx{y_E#}iBIbV_$)@)5pVfCm#TClH)VNP=I0Ek2W#$liiM6= z!i$2H110wJOAE0l@C6B~{vHvl-ETUWU|(&IK9yQKRYhV^Wwh9;C0o&dgn@zlV$QYA zO7m3ri;pP-va-npFDl?1w}+|puTwp^ZB|Kj(r&Tf(QBWKzl3H4f#CPYDd>M*Kf5{; zt@tJan4+k7XM(gL-Jtkc=SH6MY*!4!BsuEF+hGPE@u42hS9c#=FZ+lpI?9_Rw0XxF zHwV9F-8yD(w5Qo|&`1_^Ltk(@dYSh*ZF95Ew9i4`nJPelPP}<>r$xLKuyPXlq;%#2 zywJWtx4>M!{WrYNpOW(R+L@l@er?>KYJJJE;4n2thO)LnQz6W91(U!ZONuFLbs$AE zx`?^Z?hv4s*+l%vwj#6CnGZF^Og}!J-it*Vj@RhUdnk<%nydV&%fUO^o6m&Gr+DeB zcB_9TC==6ZB_CpV=#+p(0j)F3U!il#qW8`c6uL-@$&IP;r!Yb)XZqIwk0tO_lv;yVh`CRByHP75)?Sa4~B;*wdQRTWY ze=`r6!d$xJW{|H52dvXV>32MY>tFs=$Xx}@L#1%CkWaMO@mI4QI};5wVUiTT8FXE= zEj5c&Ui@?r@3>U2Vx>~p7rCiS?@MH~kcLD-1l-F-(@E-trf z*E5n}9;5Mo+8lVYe+kjqo^_t$3)tbGp&*x9bx=cEd)LJNOqgPNybL_ijeKTcVCei; zw6ON?UkI5m#hzA0<__A|?~(hzu6!?l`*An)q>=D19+4ASr?7iIj%0p!i{?rzU%};I z8bN>SV~l`a<~FRyX}Hd%yY6t+m86BExY26!Av|Qx;)jl|(LD{Apvb|(0-~Z4Kj)!3 zpq4T%lcvGv%n>{0`!;!EhSws8ulW?Vx34Yk0Cu^q&c(*wvCG@j<3ML)?MUYsZD!m3 z3hw*CJPenrD$tTGma1V|9?Lq9s-z;*yt@oU3PxW6XB<#~)wa?i4hOi1g}!fj@d_fy7N>?%VoY%}1y)j{adQ}P^JeW|&8&)-HaO5czMEhLefRvB z|5jmOq~gB!gPHq3`P7i7sS9}>CZ_gT|8xENA1L=h1oY^kpEKUdq{3RQa#+)?C+6o`^n~wktLzBvFWxkT|NfBQ1xbiNj`1Z-n6^C zZMJEiKgYP1EP?F4Nl*hLPTxFk zkZ=c+d;$M&F{6TdU4x9)w&WzASEijJZ+>qLM&nR-R`4`y4qE}Gx(-ICW}BRZ%FFFp z>^euy(q1`aD%Z@{)FukSO!@bA77m)#`~@8s()ViOaoS&~ziWPM4#crM?cdU}&aa>! zlr;mwbu{|F+Vf-WCqe9Vk*5Bz)a8QTqPl8x?e@IO4;%nyjC3kn>TBCmo9+v=(VE?k zpU&nrv{yEt00mDLHvs$_KY;PngaF%F`%r6tsYX}qKl5Rl^MSsRkxu84!2QX5((!r{ zTv|t0Hvg9@QzCfC3u!t+yp*qfVK_n*L!-A}O{CUrhDJ`K&{~eOCANuH7L_CFxK`Y& zC!|$3Xue>O;OV)AMS&9tw^wpr!IJlVU81WWx24r z-o@~6(xQuLU+&I41X9tyRzarnb>VU2PlJY@p2~fb>zn*|LucFDbvn0iR=hZYJ)X~f zN9K~}?*zgV$1J)xt?|Azka-4DL*1N5n?_C9qrV?(K?00p_4fLD7=VGmA@3M}*+%m+ zirFqI2B>c^H;GOPs#mfjFK{GGRf8F=h-;xcY*6P!fqkAVR>t;X7U@Mt%%C;6=v@QD zTLX?WH#Zc|B7?x6k|xs$gCX=o1m-?deS#DlcdyL$T!k`C;YEv=OJzZ~<4a1LiIvIg zL^y5=r%6rt@tU>l#^On|@#3KZ;;pKa96^)j0rfI^xP-wUrY{ChMoS8z%BFgmJ{v>8 zpa9|jeE+mh7aB^QBiGqi>-=!GKmq}iy@bUxSda&;1B{-uq2X#b{=pfHCLc{bFQqB8 z(`}2npchs~Jn8!=?JsWkHU95u0+uyI3F1EYZdc7u?Rg@>89`EB_j&W%%V?=N@ZgmiU{bQ*(Ny{VO}KiALYFE9wO7TgsX3MRe^hD!4=x(*h5>4^XbbJ&<) zE_HVymFsjF+Oji!b#ym%!{eH^WUrBpWuBHCA211Dv;q5^U`48;WP> zf!FJ99hKktcqxeI4T48BF;IvQkH_Eerr^G`KQ&GYegV~m7xhxau8=!X0Z}oH)sE}T zmvKE%hZMDxpoK_C91doQ3HVT49v*u)(Y$dJZ6LbtkX-KqGJ=! zVW!c%FUr-FAuVc;_8s?Cs9p3OlItDe`z8CSmXC?68wB6kYKgM9w%1Y|3s|!4RZ*=! zJF;qPXKm_K-&4N*(@4YJyVP-1H=jJvCt0l%snf=|=kN&l$CKf^y|nR*o{ou89+uuC z7xMftkTl`Eyju1>?}nz_Jv>(TH67a|fb2i|*Rg=Er^LfTf8tLoFJtZ4Ze>tu1*8`Y zQ5~HY)Ya8ZyMFw*cQ+5xJY5lfOCqoYy2DFM-litt4d5Zy)z|8EvfL9YtbnO5(!m~# zK&7AbL?aBet-A-IQ&&vQLRM_$m#z;0IX4~Q?Hz`4C8$ftX{_120lXYol; z3TQKo&vBhSPgvyku+dF9&MBQzKXg*GJQ~%^5J3J(EDzOHieCa;B7Rx@bpiba1B1cn zHnXbrQ2&*7BhHN<_eaGuGUtT5&xcDc&R@2g5KfNoQ`t3pOBKYS+SI-xA(A6Piwf@} zXOri4)zjBb&Ub0%7x8XQ7geb+T2(FYH+z%P{`mvOIpNfQX_FoxQTkD`fB5!~;n?k2 zuTGeatThVi?D3(agU5LI*55dlU)OV6`!3B>vdRVtl2)P<`(8_i?BtBuTC`@`@^l-6 zhDJNgLziOsDA-Ha4JPsH+uJDrjkf7>rNyg%^fxBAh~0P&l`$b%UcW&m&P4q zO&^D}n-x@xgq`ocxK~+yOi8_7UOztB&BwV}IEk*UI`$@*@mW$-{1LZ3)E27yPv4_2 z;&Irc!jq`@ZseT1NJ4gz{U)b2``G)D+P!FAC5T?667(AuO1CAN6CP9?(w+sQLCeN8%^_T)JyDuU9113+Z+_CgL8w-wed9 z=My)b#E}WD@I5(R?ZrBq%wrE08Rjmksuv<>uDIh^yWev>c^rnj9p4@Xxbxq4S;%Qs zLTnd`FNybMzprwEw{xEV62>Eh=d`T@iPT>`+fJ3K4{60&a$7y_Ae{b$knu$i5P@O< zck2(PT%%1F4+REDURTs-T-OOqXis~>r;b7W{bhrWKf>iPcTHQA&u@~$N z^!O&%Ezh3U5xz($cyBA+>PiarHhit%5||=~lOuY*4GUBD;r`y;r1e*Axuwg#4qM=S zioM>&T_C*cVvee#IgF!k@L*7dx$(tzkiQl9K|*9ufXJFkd^w zm)bxbrSZNi;y@((DesrJzm1SGhsj9r^~mX=A$-3eJdGb)2@!m6SX|++DJjgv(F2;i znY+c4vCoe4%YmdRq;E*`ZCG|`ntvJ%<+5&<0$X3c;SPT?NrIbmc`JnUb zqL3rjzb)03ws&vHU;`X>15Tp!cgCuUGLVQ6!r3M^D9xPAL2lWZBCKgTMaH#UR@)bFtKvg*LVp`(KFovX8EJfcN+YG^8^}Zw5Z8PMJ>vdk z8h+mf)6jm@BDLh*M)bd`x$bv1+pry~-WXM}YZaxmG4k3CMU|@5-Yedsu~MtG6;%%i^d*7lp3W*?NOt|j@Vk1s_)77H+;W*Kjk=bSCwTPN|&5PPx{s?}_i$C4c*qiHYp>V}DPFoRDCGp=VglK}|F90&REv|ix*6c!4-Px$;IfX^K~Cv@ z=rNAaYX{F|4{lzqGXmR;)hayrxe;OhDf_jTjEY*CvDI>3e`KED*;Z%S=VX?)wmo}B z)id6?zmw$_jRjl|r|U~=pU%tUCO*dXz+h$O*JC#){>iz()9Z)Gvr=*e(3O7ghRh)s2`l@x`L=}?Bq@Q*+fj=VUVFpLV*z_4Va0!( z)Djgh@)@-OyK9=IJ+?cgEZeldie9FH<+$`eJ7uD!|=fdoAxHKhIaJCJU@6Q3U zFI_jcHEz2MfdChzDDJmBr$0MC*ao{QH#XqGY4I29|2B>3>hkBvT?)-Su#H=%=9jt| z_jkfhe@RdX&H_aHcrHP4lh*sG&$GC7z@4N1>MO^*I;aV(*c?{gC-rEDi-2O=POUQM zkH!N(Mn!F0{O?&3Nr!eFIKNzN0fXh=MVGB%dtZC1j<|TkNw*_{MB83pyjK<^$rYSk z?HUXos_X$soFj_GuINn}&phr+Z$aC5@=X7VAxt?eyV~%`AY-8UTnBSwCp{%HNwzXe zTiINpzxG=`vOu!9037;oukUW{jUNOT?@?4>pS>y9{%9?poTb1V*F$bozfkrX7qo*~skn7&Fp{*#X(9r7-KKKn&q9IVT5AC{;FOuEl%7*pb&OQiYg%q(+DE2Gw6k@6J(}B4>gzxMmBPQwt$NX$&%&~h51C*X& zuTfv6qf3*)0A;Cl-c%A<<2jVe0HDVDjj?s5O+W_-c7P_&hi?FR&wusQdats)qPtLp zVgI!85au-Ks)#7sx&}apxi>kC9C+Nl$dn}z@$h?VbkrsTAl!%`pbLDpzUtg`$#tQ9 zuC-!BEa&SXho#O$_YNi$Abjg5*0E6=Fba$p zq7@iPGj6-pKoYZP4d#i-hiEK$CHL5WsAB>9EAIsm>2T$W4~S#^+!D;MhM4O!d#L`VA}AOPqL;jp%EMgK&_L~ zAPShUVt5y5;jLh^qQj*ytIw)$;uD7X^))Ij5_UG@?=q(SGaQ(+vm&pCD2;e)CANV< zS-ObF0nLP?0%oSG&bSo$xr~k#8$)z4oOBp`;2=9UihNys6dRwAcr)Nwf=k7y4 zJHS9DZ3k29=3r+A_34UaU*!tq4aW_ZoHt=Lw2W!mD=RC`IYT9_srtWpUC{VwA0GLq zx_(H?W1&I`AFK`VI3u;L`UmP@R1jgtM>_fSD{phZr}p@dnqq85&aR5l7*8Ey^x*j> zIfYa~8SJ(>G>U?j<$6=A*?=K3vMi&prv;J53jO?_irjBC2ncVgc z;+GPSv#NJ}q^+%O*^Isc^uL}~JAX}l1~zF{H*M;Rrn}`<(qZUp&=jVo7O5^s+YfNW zlO4d}!_;&{#QS|ykVP+h{TMjCMyP;iY1?b~&c8YZ%wi_lsil|X1`z!mUbqO>sP6G% z-FI+N(MaL}h%rrWT4ou_#klD#`$3>+`PXlUio}tx#wDTK&2!a}00L<=F1AFlucB5V zR}3ZdfCksHz0+8{oxj^RHvM>_^qnk#gvq=0jo<6>S{{vI;DktM zezo4!NyjBGamD}=(A0bGCzgpkN^_esP!gHr>oZs_eo$oRFOIuXqRWGC>9Ll+%KMUd zAOQEnGPIY@BvcV)Zr6<}tw~u_z4$S8c;|U0WtA1h_>iNBGCaIvHilnp_bl26A)8`df#%iwMsAIO%)<9uEQxiI3!S*CAy?V zj}k7puf{6VP438$FzmEsy_gBJ$f!n_Ss6l`^aORs-PgB)KC+V}`76E4Gk}@s$pv(9 zBT9`kpP9a^dXlT-Vp@m8`wxx{eS(Eo_5jYJ$BUl)s7p9GfRgLJ_?DXHnYkwbjeo0M z_O?CMykp)#$@Tb-<h&pH{qi|;ad2?zqP3J1`dhAG=JFdAX>?Lx|%*3U%k8#?%jsyMW{MRn4Q|RCB z8Sg0s5LS_rEYTlS=Z+V#>`*h0VQzBXuR#AU$A=D)+g}Rcj$Oggn3Sw-zv+5q#m}J` z;jHRlkPt7E!&29(qnOE7y|@QfVZ&p~syYetv);U8=O_7JhY*Sb=QB z$HvA6Kfb%S0EF@!p5Lm{SiLgrOQ3O#I_i!HzrKJGvECufVt{&aWp(uyt{&kx-y`iS zNq($<{A`H4uO{%gMK=~-v<$I3jd^TMzJe0Je(@*t=9{3E{h>Y~2y|YKvdQ+r+5nEQ zebi#^HeK~s3*2f&SB=2mUU2B67KvrSp(2<~y)08*vovFf80o8k-ryVkxidam0b>cXklnOW3%l#RVUSkYNyZWnnCS#H z6nQxU0s?|A6%(67N|oQK-_fm?uEC7E)pwER;j7-) z^L-O;?iBibBQAHH9t|6`Om>2uHP%kC+G1dEaBwy8eq=Nt380?C!$TB|OBR$KKi0c^ zcVnkT!+ zZNLQ5qO(Is;i(cpb9fFRre4KDzA5#t)_4a~|JDZMC-8mz0$oImDKHPBqoUiME0O6^ zCyIWng=y_zwZA)t9mcJIB_6W#03sAfKYcSLP3S`h7N+do8v7|`?q8p$Og+O^0V_;4 zx@FFd6|9@IH*cpo`U4En)R>4yA|HVT>!3CgDJBS4l=C)q2h}1TVLb|yASpH+Y+~wk zl!(tIM2eQ#-s$-^EZmZmG;3)|S%jx*VTsZaM_1kf?q7pf6uzHlPx=)Y_pB3EXjD8r z!#3kVkJG)yimk)gG1zfo1*zJ7_(&sbKh#QfDAk<#PYP?HHZvU~pvPRriSf9U9`bD* zvZ#(6>5X|CPj=;m@#YRhKM23AG`qX9zD}M`@|B&&>Cj>O3l`h;9794r4Sf5?VcpOU zrtL>H*>T;Qc&U=g7%IB4)L(6O085wiV##L2Ih2IRLfoCiv6 z`Tbi&ntzC6P#?$q$wDVtGn}Oa1k-(TbEyLc>aU>zd2(t4=W3Q=tfYN;d#nUT@pbO9Qb&DgjX^k8~O?u{QvG%6=~?r&vu3()r|^auEUcOD1BcfUo`!{wZJl Z!(h>UJ__jrh6RH_+M0SA73z;){SRg_*82be literal 0 HcmV?d00001 diff --git a/book/source/diag/public_key.svg b/book/source/diag/public_key.svg new file mode 100644 index 0000000..8bd2492 --- /dev/null +++ b/book/source/diag/public_key.svg @@ -0,0 +1,129 @@ + +Public part of an asymmetric keypairPublic Key diff --git a/book/source/diag/symmetric_key.png b/book/source/diag/symmetric_key.png new file mode 100644 index 0000000000000000000000000000000000000000..42dc44715402fb3b0b543b31f6031e80fa15eec9 GIT binary patch literal 13436 zcmd_RWmH^2v@Y0aaCevB?gS4G!GlY%AdM3of;SQzLIMGT(~!m!+@Y}qceen+-F*&s z-g|S`ta82!t39{J)Qe3jD^; z$jSu%pt~s>d4NDT(a%2!)q&k8z?bBn3WlCicrzmK|`t*FOal3Rlr-(Esq%E%fbq9=hE`k@S#`0jZXlXd!z zrOvJwm;TPB&Py)-<nBVmtJ1TGn3V)Byz zA8%JoDBBgmV7mnL-CQg#PZMT7riSh{%p^?s7wqjH1JMgptGUCY{qZ9e#W-Z65kV{B z?spJNIX=tTQ8Hcm$!3Y0TLNBwg0Y+KL-2pu(f?u`+=okV(CNEL{eo<4inNFxhh7u8 zwrw8?kL@J2P-|CqkIrIJT`@C&avK`RdU|?TxwsCF|LK^R1Teb_f3#+Z5gFHwiHVss zOnd!_iII_!01p!rlL^ny{F9Si^gcBi1>xk$>uO0leO+DFP?-wgaRq1Rasn*dXf0N{ zB(MEsmn$&s3M~d$#XF#WMqS=cQ@Mnuet}|7jJ4Vq5g`|&%J|@CU7frb6^@aisQLT> z@%VxFKz=^M*)`s8(6xi8U#P`{(-z01V9d*snM=4s_Jl=h8%6+W*t)7*~M}Ga(GGvg%`Da=yPs`W!)C*f@Yg?N4 z6d+!^OEn@hZ*V=ecrxp_X9fkomDvj>R6;S3%vgjx8nlXypOZ>#f4mAJv{W_Mr4dyj z@(r4tL4jqUtBk}t6&n*XxNbsAPDA)Y&Kl7kH&#JGK@|-C@z=dssJwdYucvVtNvs1l zd4@V!6`SoSAJon1w(t|_1~!GDeG<(6w|BD;xef+fAqWJ{UN-ERoZMLS2+*@T)Y`Oc zsogO9SXWLo#Ko0-Ku*3x_SP`u)h|1X{?*rfWxUl>B7*W#E)FiQdKgEtz!@d8J|NKO z?CfNDpT^6H-h{S|6+6=EqU5G{Ejl@RNiwV#59(g(N>U5eXB~Z|(^MGW#_b~UiDLd5 z|n!&yl`lU>$#J%;Wk^v{(l{u)O#Rpd(tNRAb;cK#$rUR0e>TBx4;;Wv? z--ON0@?zN5r;(&;-z2K6}-6Qu7Pj2nu-WYGjxeYLd*YvuL;s+1ALL{`Nq|@UG(F`@skUAqvT!M}h^Yv!8JCw~TQMS~h-+v_hq}l| zbP~)b5WNnu0=X2Y$dmNp?Q&w9=hT#W;NuZbyXnsln|)onFnHHO3F|Zo-4rdBaTs7# z)3LF!*r7z z`0jR+)`&lFJ?iYM`90UacRseA2N?~0EJq0Mg*+ZHTJoytgBPL-xwd<9fsI-Bb20Od5tYso}``_K1u~gZE^ZKIz!Yix-y6j8>)1P zNJ;mw5+n&-cgD`-5etMQ-_MvT#yHIU47!L_qRo(gy6p=vu|N)4q?cph(i>^NW+!Q> zLjzP@h^!@G0`QtQ#frwiGfa$+2Y&@ef-{n>r>3UX$IS0B^roh& z=A53rM8n0`Og`&dLHmrzXFq)Xxm|&mC=3trm#x~-D8Goe8oljMdV-Mvlu?MO=xsS| zPz}YDQbN~`8=b2!cgknY*0wFctWGA6auj0w2ydFq{Cb??xH&`c5H|xZ|NgMcj_@Nn zqCMg<36++(BHeCExNot%{vCLw*tH7%APO28D1mUw@;^7l!3W=MQjyKi;PeHZV2h zJ^g@|?8=vdT2ihETR^h&_WotF)}>S4&|r9cs33`JLJ^R3$rsmY5!sWmY-NDWHMQpU zPvUHnFcF9Ht2o#6MUSe#zxkr?Lt54Gg-G6>7)fg*a_q8c7~sBG$%F{j`{H}9G5Zv{ zGKXy8W%)b4dj~$%?q@9aP7bm;lau`?%K^dUAPcSG4sMgIl$0#reLLKO;C3~TjP+Z> z!{F8S)e~QQoG3nCam+*sU+I)YuCMQ^k3ck!bJo0ANVMheV!>$|2d82c83C`_9&0lh z5w5?WRIZgX9Vs$jExO;$xZjkKgXV1sr5^@qt1TyNb@gaFvs>?ya%M;bNdbkUNhH-M zMv~?U!ZSjW%DEH#watHjwXT_e>PGyPi>GtSV7Rls-HX!ua6W#>qz)0ponr*~L>e!> zGh?Fq37n?ZLtP&%x%)w}$#S(aI2aw8>c+&hmi*$VFE=YR`N46zywBv#a*u&)+fH0_ z2`Ml+nD0!GLH(4=BxKYHb^e}aeP=u^SZ`Ia2B>3{Xj*869T)85dCUTtmV>SWTdw~g ze!L!YFm=D-#G*+JpA(3!+8$z>ZL#6l-Q7*je!N*R2LcHK8`Doztd3c}2s>RCZP(P# z-D{dTUltqY`RP!6r&3)wFKLtca&;|}Q z75Rv71I+r$Lp*aRGIMKXlwQtM>Bog7Giu!36AB@@9XxB$?YT-s zD*x$4hJYigpn5ns1`M667bpEo}ajJY9XLSNq1lqpCM? z`rz+I=fp6@i`6VCl3QDT+i5a>`O*ozk1(G$^^C_KaH51%@LeW!e+Az)_XTGQ@ZJs1 zD5_|o6e#9fOe*_IyaRlg%ua&Y?CI~~5?6bfKsluB#|Mw=%BY|?z!NKL9>snlS!5qUbPo*?!!L0E?9{X$RsZJfl&Ko9 zzC22sW1B53d=tQv$6OAwV|(}5C!4NgrSKcp-<`%$nH~>7l7b&U$Z0EAqGOBI zV&d#F^*rZP(ze_^$GV_YA_&E$53u~~pSDp2d*q`q7y}iKPoue>w6tx&kwyRq2k2b= zjrit9$}h7ZR;HVC12?g@>~$8LK>UNyu`j8}u8tg1#*L^q@F>gaxSixaD%z?Swzwfv z4&pl}KY#sVpf!JGCp=wYf}7YETe~N0F<%qQC`~8;)m&eSh#n3Dl<09L{A%g=Ah@}B zZtpBI)s5Fl&lxp^0z0L9ps^CmRYR_(jQ z%|LYpS2hH`#%))_E^Dzo<#F;a#b@opUwo0xb|d=ZGq}9Fr0p2T)$g#a&9A7Sfx)bX zHwA|6ZkCw2%5k$aUH~8m6_+A9;PGKaW6#fSe3RY%wsJ50gOvHStqGX?Lln-=dHUzT zBaO{nj;+;<(uxiwTY&uz^cG2}mQe*-q!vewAD z@;3BJ$`HrrC#F*3w2XEt&YM^GW8cU}+uQg0u9iFwkP;>4o!DXK7>s0>=w>qyy`ACQ z=(!KHJ$wn^IO~I@agc6%`7{X@!yNPnQv2!V-jQ~qtL^Tlu>{THSwYUWIq2vC zN1)UT-ti36kY3<=`7WRQDoms*->LIIjl`9k4tWHH%&ZuOIrmNLAkP~st(czTJg!Gc zcV>9)xi`gQDWsXjn6!Hf+!jLrzPMUMQJ=`&6U)AR@JN=%h{UFh3GFk+Gk@%JOrASF z0ET=2P-M`2?+4DIZgqV^xPRy|KmZYPw}8Hpw-gDCk@6j+#J(8H*7oEh+Sp~jh3~rE z=}y_!zo-E+4GL(TY6M%e<78W^s;a4xsHIFcAw!nP@8`p%Z#&DuV6f3x&RhVe`3XJ+ z1;xodX60&88Y!KK58ADbZ5OXPm6Rzly0S(wBLTsJ8NV0*JELQYj7$@^8YoG}Z+RJ#FDjp-xo{}dmh)CW1#)=RyCHHrC=j#*deFeQ0)i*WebZ`_PV&ZzA+_bClTY2Cc zzu#XWU>=(XGhR^(#6mkAYGp*Q_PJML^&F=y0biEfkuJbXiTkk8rok1R0af@~jWEyb z7uQc4BsFm4T~YY*et#{;s_WVvPd2x%4u?|Mxi?bXd0phY28&CB_q(Xyj4}DE2@9?f zP%y9oxVE37aGL)~TsmDQ-t$dk1lWp6oOV3)Q}BXxRH;OL(SYX@kbBuab9YJl1Yece zF_8kfmcqS;8Yh;=>SHgEbLc4$mlJEaj~0SKd(*Dn#W~JOyhO6VG^P7YEo$^l2x5CA z++N% zXb0@;UkDakdXSB)-7Hhrn{RoF5#CCT+cC}^^!gk&P@6yP4$W3Oid@o)Mt}WU_nRQ_ zw$SSRqg!16h&Y&)T-t^6UBH7nh{e3&6^l6K%Hy;%2yf?7VmZAltpD*c0-h*xkOCyU z#F1GN*c-f;_3Xjmoe%iVpzD9-=HV{e{lgTaVDpp-@>h0uR;vd(Iw|fett(0w$py3T zj3aw{nM*Pv%Mc#iJJZL^mi^uS6vifrd-B$$9m)p=O6t6Q%jY)^>3=kFZ6t51uB^s z(-b=_Ib#-18+>z1rYG-td-yP>Y2dPa`hDM6F>M&#P}{xk z{@N?5XKEUEu{Xn!mt=-%bgv@7tWHVI6Ixwtaz0J)oRsR)E*PDiBx=+=PjhX`4y{h} zcl_P#8$5?WL=q?K;UVCiR{x+j*uK`(fE6b%xs>(lSETdf`@P~Ah6zu$&rbB^J-b>+ z#Kgp?qMyZF_yl|NE-QB6QP^B;Y)&)#U6RhXOlFmW>UQ0N>Q2k2Y(SnUS-cyK{=oZ(7~c+_@@MAp_lC?Ivckfp z4vsD^73m_b@5%-WK3mwwy{)aS?K;5Wa7Y<~kwL|MwnxJZXHwCK6godAl3EAs;84LN zuwtje#!w2HsEU_l8V8gZ{Ls1l!-a-33i2oG(v|DGCX>H5 zH#T0rK`$m!CZGpvYG~+0phd^Tu%l4Tkfk+fSZ9IF3;yg~V6@M}DB7yZ-Q-{6fGW%s zo*giZJa)EYg8BUX$T1ku?c6YCy%?Rs7lreV*v$_ zFgH;r62huZ$dE2kDaEm)|4(*|pHAu0?V{70+N5L@>smmv7cF8Og-%aM#lXz0yjx9P zelmRSz*~=1%MwG654)$v7$Qy;SHu5-U+v!V$}GH2xiW0PPQS&;qmBGDDS!hEkh|L0& zF}u-TY=EXE0`;n`X;N~d89M9LTIG=@j2Np}FBPD5 z6wq4C9=sTKT7Ffq*8c$wO_@GK6ekXZhcjK^{}fv?f8{fqg_P{m$uk;!JVS@9w2FuC zMcS56fDe*UB@B=X1W|r{2k9-Kt#b~KyX%;(Xk`-IsO-A*s<%3eVSt3y@>Rq{v%2#F zWj!o-)QJ8{bf8UpNGg9tbAAE1vbEYoCqx5yyupwbW*PfeR4cn)BS#)yp z=P1uTTS<+$=sG`EF+Ey0!FL#UXmoX-({9D)e?ek=&Qry_cbwVrsXT7HyNXX*PUkc_ zeR7f-V)eSSuw9mQ7d?PzQkOeMMO|M0Q%GKNNg7Q2UccC=55`3P%Fm~#B>!;T6Ibc! zwMdRzAalmvwEKY~L;kPsQRT@uewhPep6Zx+bc~@cooRf>O&XY=->|KnrS_EoW}F=l zyp1$vTt?K;r%RYng)M>)R&v*<@qx?qS90|B{_~v5u2}@8`2<$a^IK^RHCoo%csEKC ziTY=A&@-rF0iL5ZDOE9TLBYUBedv5+`PobyC(q1|CuJ{q2PAx&;%uL5Nz?~ zj)Rj4Lc+{U4qw|2Uufysm2oiS^F$L`MsL@AvqiI^JnV*UPH4Yv+%62o2R&;EM|NM6 z4~ACb*2q>%T_@uq_)exIMC+Od^$8++!qp=$YM2NJv~_={DZfP%AczwJ0uequa{){! zK5f@1ga7^#I@30}nXbkjYYt_4SvXm3z3xK~k-4mL&G~ivK}i}>X!$xvcXaGozXhBHB~ZW?<9gvEdEsXvL8v1uW3dHoPM&sUrmC=9GN%H` zSaggo@LFs;Z*5<`Xu#bWiwDOzeoiQJE*-Bih7LjI*RN0BjTa;xT8szh-v9Hb!2t%*V3@9BSurT zLXp+2aKJj<7A-(30I!sE%L+dJsif3@D|Jf{Te>cFuxGaiUgdw{=ET;>KyZoJ7Cu{J zMe>!a%3^4Nam?);e%Nftu*(O~16X0eoQ=ZO`oC91KV45=9b*?!`=69g3rQlcdy(nW+p%( z2ac|uO70C_ zOk~VKqW5e?R3_fJ0sN54ci7=z2QZIUmUDEW^K!su;1*wSs^VaFibH+UAULFs4?=Ac zng|GT7NtU{lTjkxQaEr#3i73>mqimI*p1Ly121AspymE>8QKcwRVGxN4gVL3txW4? zBVx*je?jB~ewkk)8=9dZU|oJ0#DYx+O3L!qPFsL?&byRzjR9sN_K_QcSSo-Cve2Yh z1m{SC@iegFKo-C3JSn6ss_nAQTi60wyzNoGj?1X7eA3bt=d6n(Yc9d z;~nEmXN3v<`PCHUm&`I)R+NB>^&n>Y!nWVz29 zSl>wCj>OCHVQ$pvv+7u_%sy{>3CE!t^r15x#04m`2uY*^kCf?Jhq$qu# zi@?`T>;niJ`J(wS4YllFG(ulubE7hov%S=#4)3)IpCDz6;&}E;iIZ_}EIrn>Bx1KGdv20e&4dmJcyfq2&zsvX3<>a;9BBA!KlQoex3kTB%9W5KC$;xk$15}+c z6s>gXT$$MtIt1;p$*!a9h+MZP?jWTg_yE@`yZ9k({`k1{mYj7zF z(MnvZ2Pg)Dv)|{onigFId^cK?Y|(^Xn9H$#+)Y|EY0$w)Ho3;*tULc7gH!l2?Mf07 zCFVke;qBb^;%*>2#8y2#uO1OpNG>~SjzXVG*oz2L9^eei7aKNNGEc>$h$NAU&Wph9 zZ6adGPq(%Q6j^7S1^&e!!8o%%c=>}bCm!m<6xwa6xMcC!20l`_;$lDo2NOfSM}#%t zKLyd^nznI6@bK&!70ugUp8;B;Co-dOqWA%eRlCdT4I}>duYjIt^X>#|*FEB(<-!en zJ`*4&5d_|iD6VZhi5Fi)$i>grZb}0#nEBl8?3E5!QlX|U~ zX0D-NWOuijiSION)4{?i6U^PYUCW(T>T)0E<i-uq*?$5Q7qS^WOPk(uu972Pvc#JXcRn;jnR2#NqoWCs zIf@Mqni*-(i)L`HXe?MEZ_ii z)x-8by#dfkX5?;n6E)vVsqkWV$3cf(Zk=6G(-R3gv9@j_ryXTg?r3#wd3i~y=MKN{ z9UCk6<19e%W*>gz(if2zz?zh7ZfMu84iUsmqrwJ5XI`VV?F0A;yUm~ALI+rtE{CHR z?u!Ek@zocp z1nSJgFfg)}*4&)9|8dT2ira76qE`M!PA1ow76^bRwx7T zITs-DF~m^Q3&v$$qE7R)mN=Wi348e?@AYP@cewW#KZ0V`GvH zr2vpxHM;<8__Gf(=u;@MP(N z?_HCF*Icd4aPYNdw{MPcAvFCa1MHjt;Ok#l_eD zYjGuruP{qBM;5RnD>xGv7ig1M(B{vkCV&ib=1PhI_CbHNhglG)X1-@nm7S5o;8@I$btL)zs2amEJ|xL41D|^Lrtoh=RNoT>8bx;kShO^9RRKW zcPW`bLZvdH=79y0q=QDjU;~Peo>z|&UmMPl!fGf2^uif+a07 zpmTpO{H@J!f${k`T-&rTG#oO38-_02k1OpGM-SK=H*i6xwuqnx4EM!%z zI(3^$Hk?reax>J0sk3$EHTZZ4mXL7SWO`}Drs;8EXmvw_XfLsj!E>)bg8k2*kb+L* zw<7PADeRXTn?Jgi?E&o2U7RQ!y~u>=Y2TNtD1w!?)yV4f=Y@qK;Ch3q2tEx!K$dUG z+Ky1fCOw9d&c9}LEgOWwQ-t{146`*hj+k_8qJt*nVF7=t9NEp zK&t00IXU?_z=~X}!XHPG5cfV@tPg(bEU2!CjgH=qHNNfq$%v?msVn$R=gPny&Y<;+DHo09 zmt^a|MTT2Wi29B)0o0>c=*-WhV8Vm#Y*?%4LNp-uYkTaO~~wHQEB) z-wQ*Y_NFRh48e36YBfRGl6PEA5Jd3!s&DUg?U$+`57db3UJ5!qb zZqk-on^6M$;houPYlGuP=|?XS$OmQie+b~eXljD&`V+&W$u32;H$I|3gSI605)nsp-}zc>#;tc zs3Lc*jxs#xW{7S)g#eyQtwTi;JTDRx!y@%-nAwDT0$04G48YT!8%KnL$zChq*3EkU zQdQP|oc-MXum#ljuKJp!fVry>6ci@EdN|LM6cVZpQ1AahrmA4L8jW5wXZyLFCK3Oy zVJ`r2`G#u~ojF-U*4#w9=+nk`h2+EOhr)H(7ifd7t4UXkPcMfJXMkLlXG?*Se2&lOz0J+nG_6dTA7?Lg>+*VRv zUc2p|f`rz@rC}0D!ym;CGjiK2uODnaa5SfOt+v0H3yF@la#)8BJ?2QCWS&BM|4Hhk zHy7%9qy3s}bVmwcH4hvqq=Z_ciPDjUzpZAgqD_&ALz%7f{G7RIr5f#n^l+}{7%oxU&%vDGQ zWBXHL;?n5%FMh@>Gbba%>66zG;L)ztCgguBIerX&+%w13r~UB?6fMcD<&rVW^M1QT zs~nr*y{}VULMZ;~Mp`xmApYUYM*sb5rLCir?+ft%7Rrs`Bop9Bq~GjLJ2AHJ(UIUz zI1BxmK>h8{<}W)O3VzW(n!P3 z)gRGFva3}PKi%}7V@df&CHjd_I4Mr7#fJ}~8&`MOsJ;I|a1@gg1qkRxrR*9`n>BnLSXMevQ{Ue})%; z-zjGqhO#D5Ge(B#2Yv-T3H6JeI<2I?kaCl95E^ zu%7eZ`dq6=1;`!;-qayuZ6P8^)*}EVKb%^+vYmtH}6eo5?&Wis6M@V z4q^=j^qfQXggoXPu5}-Sk>jG8L+v1g7EFhyjA6vdWtrG#JqXwaD>t{T;r<%Hy6-qy zrxM`jPmPHQf!ge5z$=a5B$j#+HEemg>ZDyz_AZBvE*NYau_VKi39c~QaxP1^69E~1v{Z3 zW<0DGdsYl<&d7u^cL%5l&j%4~ot-}!1@Oulq~Pm!b>_0EwG+XZv!KjHKhUS3-*g<3 zbOh*$_4J78)#=sQ;;j273;zJ9X3|7OhBOj_oQuY$)&p_K$Z!El$s%-+3e?;;Y@X`1 zkqCNG^M!XG$s@1O;^N|rJ(gS0nN3IuF-<542dlXq0Y+u)__&U?wszioTU&M^p^RPc z0HStyp6I=>f}W%U>w7({D0-?$GqOl-EI6K9?=1$f^4!<+k8kz#U@+zf2N_t9-mb<( z6$&+U1z+$j7W~*(XK+%t(&+75>wo|LWjvoK0FGJ!@^)F;t63aa(*V(KjD`*=)RfOY z$>91S2>-two|wA4ZtJ8oA^j9x^4ULAJ^%Tr1i#RfW0NVjkv{6|0ddOf>MOv_FwL9L zxpT@R$^aD~z?Io(0Z6rkpP&CFh=_zl6=WaGgAi_2**Q8JOHKOn*^y%+Ssnd%@aC=! lc;f%!7|Z|dbjfWnRjvm1_@q)OaB>KwqM#vPA!`x#e*j*y4VVA` literal 0 HcmV?d00001 diff --git a/book/source/diag/symmetric_key.svg b/book/source/diag/symmetric_key.svg new file mode 100644 index 0000000..8d556c9 --- /dev/null +++ b/book/source/diag/symmetric_key.svg @@ -0,0 +1,194 @@ + +Symmetric key From cf8c754624c120bb34c1afef92c8139635cb8d84 Mon Sep 17 00:00:00 2001 From: Heiko Schaefer Date: Tue, 17 Oct 2023 14:44:39 +0200 Subject: [PATCH 18/18] use new diagrams for ch3 --- book/source/03-cryptography.md | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/book/source/03-cryptography.md b/book/source/03-cryptography.md index 6673a8c..45d1fc7 100644 --- a/book/source/03-cryptography.md +++ b/book/source/03-cryptography.md @@ -23,10 +23,10 @@ Here are two important properties of cryptographic hash functions: Participants in symmetric-key operations need to exchange the shared secret over a secure channel. -```{admonition} VISUAL -:class: warning - -- visualization? (maybe a black key icon, following wikipedia's example?) +```{figure} diag/symmetric_key.png +--- +--- +A symmetric cryptographic key (which acts as a shared secret) ``` ### Benefits and downsides @@ -80,7 +80,7 @@ Unlike symmetric cryptography, participants are not required to pre-arrange a sh Throughout this document, we will frequently reference asymmetric cryptographic key pairs: -```{figure} diag/cryptographic_keypair.png +```{figure} diag/asymmetric_keypair.png --- --- An asymmetric cryptographic key pair @@ -90,7 +90,7 @@ Each key pair comprises two parts: the public key and the private key. For ease It's important to note that in many scenarios, only the public key is exposed or used (we will expand on these situations in subsequent sections): -```{figure} diag/keypair_pub.png +```{figure} diag/public_key.png --- --- The public parts of an asymmetric key pair