Jonas Röckl

Preferable Type: Bachelor Thesis / Master Thesis

Full disk encryption (FDE) [1] [2] [3] is a proven technique to protect data at rest against unauthorized access. Before the operating system boots, the user has to enter a passphrase that is used to decrypt the contents of the disk as required. On a technical level, most often the regular boot process of an operating system is tweaked in order to boot in a stripped-down, unencrypted version of the operating system. This environment contains just enough functionality in order to ask the user for their password, decrypt the required disk blocks, and continuing with the regular boot process. Nowadays, ARMv8-based systems are centered around the concept of two hardware-isolated domains, namely the normal world and the secure world [4] [5]. In the normal world, a regular commodity operating system runs. In the secure world, however, a stripped-down trusted operating system provides security-related functionalities during runtime of the system (e.g. encryption, sealing, and remote attestation [6]).

This thesis aims at providing transparent and secure disk encryption for the normal world software. The encryption is to be backed by the secure world, fencing off attacks targeting the cryptographic operations running in the normal world. A custom virtual block device is to be developed as a kernel module for the normal world. Accessing this device results in a software trap to the secure world, where the request is handled accordingly and the decrypted block is handed back to the normal world. As a result, the normal world is able to mount a device as usual and store data like with every other block device. Transparently to the user in the normal world, the block device’s contents are encrypted and, thus, protected from unauthorized access in case the device is stolen. Moreover, increased isolation of security-critical functionalities comes in handy for the system’s security as a whole.

Prerequisites:

• Proficient use of the Linux command line is required
• Good understanding of operating systems programming techniques (e.g. Linux kernel modules)
• Good understanding of cryptographic protocols
• Basic understanding of virtualization techniques
• Willingness to learn and read source code and literature

—

[1] Götzfried, Johannes, and Tilo Müller. “Analysing Android’s Full Disk Encryption Feature.” J. Wirel. Mob. Networks Ubiquitous Comput. Dependable Appl. 5.1 (2014): 84-100.

[2] Müller, Tilo, Felix C. Freiling, and Andreas Dewald. “TRESOR Runs Encryption Securely Outside RAM.” USENIX Security Symposium. Vol. 17. 2011.

[3] Li Jun and Yu Huiping, “Trusted full disk encryption model based on TPM,” The 2nd International Conference on Information Science and Engineering, 2010, pp. 1-4, doi: 10.1109/ICISE.2010.5689500.

[4] Pinto, Sandro, and Nuno Santos. “Demystifying arm trustzone: A comprehensive survey.” ACM Computing Surveys (CSUR) 51.6 (2019): 1-36.

[5] https://developer.arm.com/documentation/102418/0100/What-is-TrustZone-

[6] https://en.wikipedia.org/wiki/Trusted_Computing

In contrast to full disk encryption [1] [2], file-based encryption [3] [4] works on individual files instead of disk blocks. Relying on file-based encryption, the system can be configured in a way that it is able to boot without user interaction, since some parts of the file system may be directly accessible. Only when accessing confidential files (e.g. your banking application) user interaction is required to decrypt the required files. Most often, the user is required to enter a passphrase in order to decrypt certain files.

Nowadays, ARMv8-based systems are centered around the concept of two hardware-isolated domains, namely the normal world and the secure world [5] [6]. In the normal world, a regular commodity operating system runs. In the secure world, however, a stripped-down trusted operating system provides security-related functionalities during runtime of the system (e.g. encryption, sealing, and remote attestation [7]).

This thesis aims at providing transparent and secure file-based encryption for the normal world software. The encryption is backed by the secure world, fencing off attacks targeting the cryptographic operations running in the normal world. A custom file system is to be developed as a kernel module for the normal world. Accesses to the file system result in a software trap to the secure world, where the request is handled accordingly. Finally, the performance impact of the encryption in the ARM TrustZone is to be evaluated. As a result, the normal world is able to access the file system as any other file system. Transparently to the user in the normal world, the file system’s contents are encrypted and, thus, protected from unauthorized access in case the device is stolen. Moreover, increased isolation of security-critical functionalities comes in handy for the system’s security as a whole.

The conception of the file-based encryption scheme (e.g. deriving different encryption keys for different files) is part of this project as well as a proof-of-concept implementation.

Prerequisites:

• Proficient use of the Linux command line is required
• Good understanding of operating systems programming techniques (e.g. Linux kernel modules)
• Good understanding of cryptographic protocols
• Basic understanding of file system and file system development
• Willingness to learn and read source code and literature

—

[1] Götzfried, Johannes, and Tilo Müller. “Analysing Android’s Full Disk Encryption Feature.” J. Wirel. Mob. Networks Ubiquitous Comput. Dependable Appl. 5.1 (2014): 84-100.

[2] Müller, Tilo, Felix C. Freiling, and Andreas Dewald. “TRESOR Runs Encryption Securely Outside RAM.” USENIX Security Symposium. Vol. 17. 2011.

[3] https://source.android.com/security/encryption/file-based

[4] https://docs.samsungknox.com/admin/knox-platform-for-enterprise/kbas/kba-360039577713.htm

[5] Pinto, Sandro, and Nuno Santos. “Demystifying arm trustzone: A comprehensive survey.” ACM Computing Surveys (CSUR) 51.6 (2019): 1-36.

[6] https://developer.arm.com/documentation/102418/0100/What-is-TrustZone-

[7] https://en.wikipedia.org/wiki/Trusted_Computing

-----BEGIN CERTIFICATE-----
MIIGCjCCBPKgAwIBAgIMJHBmky5sQ3YE2iNAMA0GCSqGSIb3DQEBCwUAMIGNMQsw
CQYDVQQGEwJERTFFMEMGA1UECgw8VmVyZWluIHp1ciBGb2VyZGVydW5nIGVpbmVz
IERldXRzY2hlbiBGb3JzY2h1bmdzbmV0emVzIGUuIFYuMRAwDgYDVQQLDAdERk4t
UEtJMSUwIwYDVQQDDBxERk4tVmVyZWluIEdsb2JhbCBJc3N1aW5nIENBMB4XDTIx
MDMxNjE3MjEwOVoXDTI0MDMxNTE3MjEwOVowgacxCzAJBgNVBAYTAkRFMQ8wDQYD
VQQIDAZCYXllcm4xETAPBgNVBAcMCEVybGFuZ2VuMTwwOgYDVQQKDDNGcmllZHJp
Y2gtQWxleGFuZGVyLVVuaXZlcnNpdGFldCBFcmxhbmdlbi1OdWVybmJlcmcxDzAN
BgNVBAQMBlJvZWNrbDEOMAwGA1UEKgwFSm9uYXMxFTATBgNVBAMMDEpvbmFzIFJv
ZWNrbDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAM5KTRtlNqK/Jfpw
znP1KJ7jTqIkoRpyRSL9SyAEjQnQXMxFJ4RWnMcGekHnhACrILGfg895ipmWxFWp
XOL5pGo8rOvUR0Si4J5Eti7ZnkCwwm9Jd6sPRwlBDNaJf6HJrysmV59DD03W/T6v
D5UOHPDlWl6A97uGnFYbc0OjOHodq3B6oXNBsVbBCt35QFBurVJrL9ncXmE+OVVm
I3c4Pm94fLvQUWUxkeJV/0eAD27yuvw7h8s2qZpqmOl/AM5IjDtsMGDzsT5oIrWT
PGquC2IY1GmLuhlkRzbwMuwdQeWxSYME1bgxX3Pk74We+wgVqaHkFlEiWwNuy8gB
kBT9lEMCAwEAAaOCAkwwggJIMD4GA1UdIAQ3MDUwDwYNKwYBBAGBrSGCLAEBBDAQ
Bg4rBgEEAYGtIYIsAQEECDAQBg4rBgEEAYGtIYIsAgEECDAJBgNVHRMEAjAAMA4G
A1UdDwEB/wQEAwIF4DAdBgNVHSUEFjAUBggrBgEFBQcDAgYIKwYBBQUHAwQwHQYD
VR0OBBYEFGeMxTFpLyaPGaqDjBUo0jLTu0TlMB8GA1UdIwQYMBaAFGs6mIv58lOJ
2uCtsjIeCR/oqjt0MB4GA1UdEQQXMBWBE2pvbmFzLnJvZWNrbEBmYXUuZGUwgY0G
A1UdHwSBhTCBgjA/oD2gO4Y5aHR0cDovL2NkcDEucGNhLmRmbi5kZS9kZm4tY2Et
Z2xvYmFsLWcyL3B1Yi9jcmwvY2FjcmwuY3JsMD+gPaA7hjlodHRwOi8vY2RwMi5w
Y2EuZGZuLmRlL2Rmbi1jYS1nbG9iYWwtZzIvcHViL2NybC9jYWNybC5jcmwwgdsG
CCsGAQUFBwEBBIHOMIHLMDMGCCsGAQUFBzABhidodHRwOi8vb2NzcC5wY2EuZGZu
LmRlL09DU1AtU2VydmVyL09DU1AwSQYIKwYBBQUHMAKGPWh0dHA6Ly9jZHAxLnBj
YS5kZm4uZGUvZGZuLWNhLWdsb2JhbC1nMi9wdWIvY2FjZXJ0L2NhY2VydC5jcnQw
SQYIKwYBBQUHMAKGPWh0dHA6Ly9jZHAyLnBjYS5kZm4uZGUvZGZuLWNhLWdsb2Jh
bC1nMi9wdWIvY2FjZXJ0L2NhY2VydC5jcnQwDQYJKoZIhvcNAQELBQADggEBAEHp
ianYKVlMoVkBRYSBVnZbcxKjml52iuCMFPwLIUdvg+87zk7mWWAya1me8L9IQwW6
toO+27rd2y7jYwyHKOJkSBFYn2fyqtUZjesP0O+8o5Ou4Yu6exeuIKA8Y57ao/EN
U10Q+qeNvsSxV4aMIbZPTJ+ziyYgSlOG7XEt31NHHDZ3AKmrzVawWHM3gocPoCim
tiqmX8zLfEKXhXHlLtri56AThKJRCikdZ9aBj4dJHc5NL3Ra+anCozIKdkyhC9RY
RGwwMGJ7STqtd3FpI4I+FxWG7fh77X5LFOWT6Qi4xjfXDXCqe8vWK3yn0gjye2wF
dBW3VsLCmzSFFKbcAoc=
-----END CERTIFICATE-----

-----BEGIN CERTIFICATE-----
MIIGCjCCBPKgAwIBAgIMJHBmky5sQ3YE2iNAMA0GCSqGSIb3DQEBCwUAMIGNMQswCQYDVQQGEwJERTFFMEMGA1UECgw8VmVyZWluIHp1ciBGb2VyZGVydW5nIGVpbmVzIERldXRzY2hlbiBGb3JzY2h1bmdzbmV0emVzIGUuIFYuMRAwDgYDVQQLDAdERk4tUEtJMSUwIwYDVQQDDBxERk4tVmVyZWluIEdsb2JhbCBJc3N1aW5nIENBMB4XDTIxMDMxNjE3MjEwOVoXDTI0MDMxNTE3MjEwOVowgacxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIDAZCYXllcm4xETAPBgNVBAcMCEVybGFuZ2VuMTwwOgYDVQQKDDNGcmllZHJpY2gtQWxleGFuZGVyLVVuaXZlcnNpdGFldCBFcmxhbmdlbi1OdWVybmJlcmcxDzANBgNVBAQMBlJvZWNrbDEOMAwGA1UEKgwFSm9uYXMxFTATBgNVBAMMDEpvbmFzIFJvZWNrbDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAM5KTRtlNqK/JfpwznP1KJ7jTqIkoRpyRSL9SyAEjQnQXMxFJ4RWnMcGekHnhACrILGfg895ipmWxFWpXOL5pGo8rOvUR0Si4J5Eti7ZnkCwwm9Jd6sPRwlBDNaJf6HJrysmV59DD03W/T6vD5UOHPDlWl6A97uGnFYbc0OjOHodq3B6oXNBsVbBCt35QFBurVJrL9ncXmE+OVVmI3c4Pm94fLvQUWUxkeJV/0eAD27yuvw7h8s2qZpqmOl/AM5IjDtsMGDzsT5oIrWTPGquC2IY1GmLuhlkRzbwMuwdQeWxSYME1bgxX3Pk74We+wgVqaHkFlEiWwNuy8gBkBT9lEMCAwEAAaOCAkwwggJIMD4GA1UdIAQ3MDUwDwYNKwYBBAGBrSGCLAEBBDAQBg4rBgEEAYGtIYIsAQEECDAQBg4rBgEEAYGtIYIsAgEECDAJBgNVHRMEAjAAMA4GA1UdDwEB/wQEAwIF4DAdBgNVHSUEFjAUBggrBgEFBQcDAgYIKwYBBQUHAwQwHQYDVR0OBBYEFGeMxTFpLyaPGaqDjBUo0jLTu0TlMB8GA1UdIwQYMBaAFGs6mIv58lOJ2uCtsjIeCR/oqjt0MB4GA1UdEQQXMBWBE2pvbmFzLnJvZWNrbEBmYXUuZGUwgY0GA1UdHwSBhTCBgjA/oD2gO4Y5aHR0cDovL2NkcDEucGNhLmRmbi5kZS9kZm4tY2EtZ2xvYmFsLWcyL3B1Yi9jcmwvY2FjcmwuY3JsMD+gPaA7hjlodHRwOi8vY2RwMi5wY2EuZGZuLmRlL2Rmbi1jYS1nbG9iYWwtZzIvcHViL2NybC9jYWNybC5jcmwwgdsGCCsGAQUFBwEBBIHOMIHLMDMGCCsGAQUFBzABhidodHRwOi8vb2NzcC5wY2EuZGZuLmRlL09DU1AtU2VydmVyL09DU1AwSQYIKwYBBQUHMAKGPWh0dHA6Ly9jZHAxLnBjYS5kZm4uZGUvZGZuLWNhLWdsb2JhbC1nMi9wdWIvY2FjZXJ0L2NhY2VydC5jcnQwSQYIKwYBBQUHMAKGPWh0dHA6Ly9jZHAyLnBjYS5kZm4uZGUvZGZuLWNhLWdsb2JhbC1nMi9wdWIvY2FjZXJ0L2NhY2VydC5jcnQwDQYJKoZIhvcNAQELBQADggEBAEHpianYKVlMoVkBRYSBVnZbcxKjml52iuCMFPwLIUdvg+87zk7mWWAya1me8L9IQwW6toO+27rd2y7jYwyHKOJkSBFYn2fyqtUZjesP0O+8o5Ou4Yu6exeuIKA8Y57ao/ENU10Q+qeNvsSxV4aMIbZPTJ+ziyYgSlOG7XEt31NHHDZ3AKmrzVawWHM3gocPoCimtiqmX8zLfEKXhXHlLtri56AThKJRCikdZ9aBj4dJHc5NL3Ra+anCozIKdkyhC9RYRGwwMGJ7STqtd3FpI4I+FxWG7fh77X5LFOWT6Qi4xjfXDXCqe8vWK3yn0gjye2wFdBW3VsLCmzSFFKbcAoc=
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIFrDCCBJSgAwIBAgIHG2O60B4sPTANBgkqhkiG9w0BAQsFADCBlTELMAkGA1UEBhMCREUxRTBDBgNVBAoTPFZlcmVpbiB6dXIgRm9lcmRlcnVuZyBlaW5lcyBEZXV0c2NoZW4gRm9yc2NodW5nc25ldHplcyBlLiBWLjEQMA4GA1UECxMHREZOLVBLSTEtMCsGA1UEAxMkREZOLVZlcmVpbiBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAyMB4XDTE2MDUyNDExMzg0MFoXDTMxMDIyMjIzNTk1OVowgY0xCzAJBgNVBAYTAkRFMUUwQwYDVQQKDDxWZXJlaW4genVyIEZvZXJkZXJ1bmcgZWluZXMgRGV1dHNjaGVuIEZvcnNjaHVuZ3NuZXR6ZXMgZS4gVi4xEDAOBgNVBAsMB0RGTi1QS0kxJTAjBgNVBAMMHERGTi1WZXJlaW4gR2xvYmFsIElzc3VpbmcgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCdO3kcR94fhsvGadcQnjnX2aIw23IcBX8pX0to8a0Z1kzhaxuxC3+hq+B7i4vYLc5uiDoQ7lflHn8EUTbrunBtY6C+li5A4dGDTGY9HGRp5ZukrXKuaDlRh3nMF9OuL11jcUs5eutCp5eQaQW/kP+kQHC9A+e/nhiIH5+ZiE0OR41IX2WZENLZKkntwbktHZ8SyxXTP38eVC86rpNXp354ytVK4hrl7UF9U1/Isyr1ijCs7RcFJD+2oAsH/U0amgNSoDac3iSHZeTn+seWcyQUzdDoG2ieGFmudn730Qp4PIdLsDfPU8o6OBDzy0dtjGQ9PFpFSrrKgHy48+enTEzNAgMBAAGjggIFMIICATASBgNVHRMBAf8ECDAGAQH/AgEBMA4GA1UdDwEB/wQEAwIBBjApBgNVHSAEIjAgMA0GCysGAQQBga0hgiweMA8GDSsGAQQBga0hgiwBAQQwHQYDVR0OBBYEFGs6mIv58lOJ2uCtsjIeCR/oqjt0MB8GA1UdIwQYMBaAFJPj2DIm2tXxSqWRSuDqS+KiDM/hMIGPBgNVHR8EgYcwgYQwQKA+oDyGOmh0dHA6Ly9jZHAxLnBjYS5kZm4uZGUvZ2xvYmFsLXJvb3QtZzItY2EvcHViL2NybC9jYWNybC5jcmwwQKA+oDyGOmh0dHA6Ly9jZHAyLnBjYS5kZm4uZGUvZ2xvYmFsLXJvb3QtZzItY2EvcHViL2NybC9jYWNybC5jcmwwgd0GCCsGAQUFBwEBBIHQMIHNMDMGCCsGAQUFBzABhidodHRwOi8vb2NzcC5wY2EuZGZuLmRlL09DU1AtU2VydmVyL09DU1AwSgYIKwYBBQUHMAKGPmh0dHA6Ly9jZHAxLnBjYS5kZm4uZGUvZ2xvYmFsLXJvb3QtZzItY2EvcHViL2NhY2VydC9jYWNlcnQuY3J0MEoGCCsGAQUFBzAChj5odHRwOi8vY2RwMi5wY2EuZGZuLmRlL2dsb2JhbC1yb290LWcyLWNhL3B1Yi9jYWNlcnQvY2FjZXJ0LmNydDANBgkqhkiG9w0BAQsFAAOCAQEAgXhFpE6kfw5V8Amxaj54zGg1qRzzlZ4/8/jfazh3iSyNta0+x/KUzaAGrrrMqLGtMwi2JIZiNkx4blDw1W5gjU9SMUOXRnXwYuRuZlHBQjFnUOVJ5zkey5/KhkjeCBT/FUsrZpugOJ8Azv2n69F/Vy3ITF/cEBGXPpYEAlyEqCk5bJT8EJIGe57u2Ea0G7UDDDjZ3LCpP3EGC7IDBzPCjUhjJSU8entXbveKBTjvuKCuL/TbB9VbhBjBqbhLzmyQGoLkuT36d/HSHzMCv1PndvncJiVBby+mG/qkE5D6fH7ZC2Bd7L/KQaBh+xFJKdioLXUV2EoY6hbvVTQiGhONBg==
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgIJAOML1fivJdmBMA0GCSqGSIb3DQEBCwUAMIGCMQswCQYDVQQGEwJERTErMCkGA1UECgwiVC1TeXN0ZW1zIEVudGVycHJpc2UgU2VydmljZXMgR21iSDEfMB0GA1UECwwWVC1TeXN0ZW1zIFRydXN0IENlbnRlcjElMCMGA1UEAwwcVC1UZWxlU2VjIEdsb2JhbFJvb3QgQ2xhc3MgMjAeFw0xNjAyMjIxMzM4MjJaFw0zMTAyMjIyMzU5NTlaMIGVMQswCQYDVQQGEwJERTFFMEMGA1UEChM8VmVyZWluIHp1ciBGb2VyZGVydW5nIGVpbmVzIERldXRzY2hlbiBGb3JzY2h1bmdzbmV0emVzIGUuIFYuMRAwDgYDVQQLEwdERk4tUEtJMS0wKwYDVQQDEyRERk4tVmVyZWluIENlcnRpZmljYXRpb24gQXV0aG9yaXR5IDIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDLYNf/ZqFBzdL6h5eKc6uZTepnOVqhYIBHFU6MlbLlz87TV0uNzvhWbBVVdgfqRv3IA0VjPnDUq1SAsSOcvjcoqQn/BV0YD8SYmTezIPZmeBeHwp0OzEoy5xadrg6NKXkHACBU3BVfSpbXeLY008F0tZ3pv8B3Teq9WQfgWi9sPKUA3DW9ZQ2PfzJt8lpqS2IB7qw4NFlFNkkF2njKam1bwIFrEczSPKiL+HEayjvigN0WtGd6izbqTpEpPbNRXK2oDL6dNOPRDReDdcQ5HrCUCxLx1WmOJfS4PSu/wI7DHjulv1UQqyquF5deM87I8/QJB+MChjFGawHFEAwRx1npAgMBAAGjggF0MIIBcDAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFJPj2DIm2tXxSqWRSuDqS+KiDM/hMB8GA1UdIwQYMBaAFL9ZIDYAeaCgImuM1fJh0rgsy4JKMBIGA1UdEwEB/wQIMAYBAf8CAQIwMwYDVR0gBCwwKjAPBg0rBgEEAYGtIYIsAQEEMA0GCysGAQQBga0hgiweMAgGBmeBDAECAjBMBgNVHR8ERTBDMEGgP6A9hjtodHRwOi8vcGtpMDMzNi50ZWxlc2VjLmRlL3JsL1RlbGVTZWNfR2xvYmFsUm9vdF9DbGFzc18yLmNybDCBhgYIKwYBBQUHAQEEejB4MCwGCCsGAQUFBzABhiBodHRwOi8vb2NzcDAzMzYudGVsZXNlYy5kZS9vY3NwcjBIBggrBgEFBQcwAoY8aHR0cDovL3BraTAzMzYudGVsZXNlYy5kZS9jcnQvVGVsZVNlY19HbG9iYWxSb290X0NsYXNzXzIuY2VyMA0GCSqGSIb3DQEBCwUAA4IBAQCHC/8+AptlyFYt1juamItxT9q6Kaoh+UYu9bKkD64ROHk4sw50unZdnugYgpZi20wz6N35at8yvSxMR2BVf+d0a7Qsg9h5a7a3TVALZge17bOXrerufzDmmf0i4nJNPoRb7vnPmep/11I5LqyYAER+aTu/de7QCzsazeX3DyJsR4T2pUeg/dAaNH2t0j13s+70103/w+jlkk9ZPpBHEEqwhVjAb3/4ru0IQp4e1N8ULk2PvJ6Uw+ft9hj4PEnnJqinNtgs3iLNi4LY2XjiVRKjO4dEthEL1QxSr2mMDwbf0KJTi1eYe8/9ByT0/L3D/UqSApcb8re2z2WKGqK1chk5
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIDwzCCAqugAwIBAgIBATANBgkqhkiG9w0BAQsFADCBgjELMAkGA1UEBhMCREUxKzApBgNVBAoMIlQtU3lzdGVtcyBFbnRlcnByaXNlIFNlcnZpY2VzIEdtYkgxHzAdBgNVBAsMFlQtU3lzdGVtcyBUcnVzdCBDZW50ZXIxJTAjBgNVBAMMHFQtVGVsZVNlYyBHbG9iYWxSb290IENsYXNzIDIwHhcNMDgxMDAxMTA0MDE0WhcNMzMxMDAxMjM1OTU5WjCBgjELMAkGA1UEBhMCREUxKzApBgNVBAoMIlQtU3lzdGVtcyBFbnRlcnByaXNlIFNlcnZpY2VzIEdtYkgxHzAdBgNVBAsMFlQtU3lzdGVtcyBUcnVzdCBDZW50ZXIxJTAjBgNVBAMMHFQtVGVsZVNlYyBHbG9iYWxSb290IENsYXNzIDIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCqX9obX+hzkeXaXPSi5kfl82hVYAUdAqSzm1nzHoqvNK38DcLZSBnuaY/JIPwhqgcZ7bBcrGXHX+0CfHt8LRvWurmAwhiCFoT6ZrAIxlQjgeTNuUk/9k9uN0goOA/FvudocP05l03Sx5iRUKrERLMjfTlH6VJi1hKTXrcxlkIF+3anHqP1wvzpesVsqXFP6st4vGCvx9702cu+fjOlbpSD8DT6IavqjnKgP6TeMFvvhk1qlVtDRKgQFRzlAVfFmPHmBiiRqiDFt1MmUUOyCxGVWOHAD3bZwI18gfNycJ5v/hqO2V81xrJvNHy+SE/iWjnX2J14np+GPgNeGYtEotXHAgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBS/WSA2AHmgoCJrjNXyYdK4LMuCSjANBgkqhkiG9w0BAQsFAAOCAQEAMQOiYQsfdOhyNsZt+U2e+iKo4YFWz827n+qrkRk4r6p8FU3ztqONpfSO9kSpp+ghla0+AGIWiPACuvxhI+YzmzB6azZie60EI4RYZeLbK4rnJVM3YlNfvNoBYimipidx5joifsFvHZVwIEoHNN/q/xWA5brXethbdXwFeilHfkCoMRN3zUA7tFFHei4R40cR3p1m0IvVVGb6g1XqfMIpiRvpb7PO4gWEyS8+eIVibslfwXhjdFjASBgMmTnrpMwatXlajRWc2BQN9noHV8cigwUtPJslJj0Ys6lDfMjIq2SPDqO/nBudMNva0Bkuqjzx+zOAduTNrRlPBSeOE6Fuwg==
-----END CERTIFICATE-----

-----BEGIN PGP PUBLIC KEY BLOCK-----

mQINBGBHzZ4BEADoiYoWb6iHjljQjAbpRbw/+6RhEdi1nRRVGSHXTTiplkAzvnim
1kTKW17XOxjnfGCvI66yfUZBl4OLTbXgNAPtA76fjRRk6dN9tl2uKPN/r59CDxmU
2CnFWrrJ64Ja3REVCYMy71/5sddw8fuWMznqBKzIVGBBPXsv3YGoV9EvbyUApi9p
zG4uwqE9GIioFL5f+SCcf9KupOoP0D5ueUgDpkDXIfPa5JewAqx7mVDS0STrnpGq
Xk6Gn5J2rz17SU+Kz81CYkDJ+qzpVXJDPSkbrI4RFatwP0XHSklUwPCVkM3U6i5/
BJrXEfPdpF1tHDXVSt2paPuNsJ+A0JzQujXvc7N+SVRi6KCJin5/YP8X2pE4oKB6
O8q7vCNyulp03n/HHDrhjWkhBKB8r5p7sn2YM8AnPHKNGig5PFxDZ6deL3p/ahvR
iVZrMVKWuCaWUW2GwSPX3cJoHDTU6vahuI4AUnuZJTousNvpU84MUeh3Pv637NN4
rx/p0OKYgkwWZeuDUxVZ20tor/LNxl9UEvmWntaH/4Jj+XCiV1m/44/wZbyWHu1l
sUFMhjokNQ+aLs+7JpG34VuxD43H7AOKBKRIj3ilv1tq32xz8468W9b9Gmek9XGO
McmEfF5IK2/njkVTRBBMcGkaQQeZv266ulRmwJEh9YR7mViaSFxgVAC7aQARAQAB
tCJKb25hcyBSw7Zja2wgPGpvbmFzLnJvZWNrbEBmYXUuZGU+iQJUBBMBCgA+FiEE
WvpA3Jj1fFb1v+1rNquOrer3bukFAmBHzZ4CGwMFCQlmAYAFCwkIBwIGFQoJCAsC
BBYCAwECHgECF4AACgkQNquOrer3bumIUA/+LAByEcEvxmpHB8kwyXPRqzR64a/Q
sa/TyDMt5wRidvvksfJL0AVsHRfLoUjShf0qQQgvPVmbh7329VseqFaTk9YpD3aq
Zkiu4UE7PLqJuahVAbWAjswuUi/r5ZI1M8QMr9qxU0q29vYU4Tiq1BiBUQpcOKcS
AZZx+wv3tb39hfwEup1zlv7JUJ5JmrKzzw8WSbaCEvm05kgYbnYyr7AYZZNqKC2N
49VIAb4lcs9CQK3TyVzUKWgjX+4M55Q6kRiIYeEV+f7YN6/xMrZmKkntBGNGyxNf
sRMqRO1QRozrT9teHiR39rev9xKw56mKOfuW0+HleIVh7ok1olcWtbtZOmE8hkCo
hwz7iPZ1SKDQIlsU+wGG5wf/gB1A+wjq+fGLbdt87MWK3tD+GqeTfTWB24iMFBsD
sGSuZgOQVggsGwHi6IMgd96X5DPV/MqA/CQPgF5KFzul29pJYrP6ccrUA9Rai1+T
hoy5o+ZlsKlvBbqWqcD3o+pXnts/V8JArmfPhL82O8oqdOyGgMc6c9s35fJSRKj5
TAcfoYWMKGgXl3mstdvgHQXRVMhzC/kmKCxhwlZ0ZFg6eFTnV4TQBxpUk9yeEoER
bGYjzrgdNlPMcmfrdlGAAJmfumpo6Qd+mV9EEW0ishscUzahI/eCGnpiJsM3AsEp
0tQ3snHLHsmXy0W5Ag0EYEfNngEQAMCHznfxLbWKSbKfLNqupNoCRlxI9L+MjRkT
P1FLnLFdPK0ypoaWrFARFEYdbMNEWpUVCTJXWeK6cifwoJlP6OTbSW/qON2dRS4Q
8xRWcyaCrUB9v8CHs/MFfkdW+wSdxkHTQZjww842rrjwgfKWyhLbHQ2E4ivX2qXu
DpvjLrTtASUvWy9ogaZA9Lfjel/4J0PxbSjc7+qkeyn7z2eC8xZCD0jt7QzwJQ5L
/1p3ttYS28l5YjFMf1GTJ9g5pMwD0fWDvCLqqnSji6v2QhbM3vyGy2tOAP63d4Qa
jp7yNC2R4YQ3AGnoGkApF8RqEKYlrtOVVI8hGao+JmqfvT5M4AwDWKdWmBJrkcuK
1/sN4bjmlf0THPjtnCYkKsjc3ieCpJMRS6nmPF7XQRblj3NAoSKM2OychVrZEk1o
PdhK0lq3/guhk1jH63A6OpgapBOcP0RchEtIe/v5s7B1d7ELzudVmPbpfLPQLUt4
0o9ru9CJOGzgRcmAMY+t9jlX8W9INJB/J6BHVwJKVCJahWmH/L3MK3Q8WYj3hi/g
WdHvsfGMZrJ+fWifGZbFT8cpVr6McIrZZx042mlDMN3mmMPJo88sf/zuGEqSC/8K
7U4pJ5a5kLcO7OqxIzcPLpgXJ52MpHobEIiyZufBGGczjWJmObwEwkdrARZE6QHX
rZTFJ+31ABEBAAGJAjwEGAEKACYWIQRa+kDcmPV8VvW/7Ws2q46t6vdu6QUCYEfN
ngIbDAUJCWYBgAAKCRA2q46t6vdu6d1AEADLqPyUciLCkvMtFfiuAz0LFt4kbbyt
qfUORB3Kgu/0QDLwfpw4ywKNL1zhPBchCae6PR96b6AD6WfumkFeaPFVi81gaHbW
yrcFHN0GcOQOozWMrQD1l/8LdaNsIQKn7J+dVaxmOOm0RwjHVsxg6EOBw5KU91I4
hdR0i/RxTi7kPjPEWmueB+12gUnAU2Ghcmn+XYLewRoN2f1Tmxsaf+DI4nsqb17J
Q4H/Qyu7ZIrpbgBrDpvGAtwD1mswEgd6gXFahZD1q4vEC2mKlPomsEe+Gssx1iJV
QaG5PyvjgTcigrhb+zn6pexsmOIHSjhZ8TGPxjKkLcypXOAznnLjbltY+mySOlZu
Behyr3yNtacoQ9NcprPM4zpafXWAr7OKGTQdwlCLFVLBtGrTSv2S2C5snvUNta3M
Dnrda8sXchp/YxvLtv2XEsUszhDdwsmcz+vNa3MQ9BPXSYzShTTzAySXlQcraHFG
+vZj4G2HwaGseLLW7l6hJDVCc5HNXcaVnQpmCos3BRUgUpTDZ/PnPufjhZYwIJ3B
aR01WgkOcnEWTq+G3yRab3ieD3MlfOPYYqJPQYSyooKYgfnstRFX5QsRkoZU3Hmp
I653THSF5Z8QCCCwViKEbos+1q1Fxos/RPz5F4nluKrT5OW+veP5awiDJWnfbGfG
NRDEXepwnm+uog==
=wbUK
-----END PGP PUBLIC KEY BLOCK-----