security and email
Apr. 2nd, 2011 02:03 pm![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
vlionwhat
a mini howto/guide to securing email for people okay with computers but not programmers
why
There's not a lot of clarity when it comes to security, encryption, and the internet. Here's some disambiguity, geared to the non-techhead.
definitions
encryption
A method of mathematically "twisting" data using an algorithm and a password.
symmetric encryption
A method of encryption that uses the same password to twist the data and to untwist it.
asymmetric encryption a.k.a. public-key encryption
A method of encryption that uses two different passwords( a public one and a private one) to twist and untwist data.
key
The password used in combination with the encryption algorithm
algorithm
The recipe for performing operations on data
AES, DES, Triple-DES, Blowfish, Twofish, RSA
Different encryption algorithms.
PART ONE: WHEREIN YOU ARE BOTH CONFUSED AND SCARED
So you've decided to secure/protect your email.
Great. I'll tell you how to secure your email "in-flight". That doesn't mean that the person on the other side can't read it, or show it to other people, or video cameras can't watch your screen, or a TEMPEST system can't deduce it, or your laptop can't be stolen with your "private key", or any of one thousand and one other things can't happen.
It just means you can secure your data in-flight. Everything else is fair game. Security is hard. Cross-check your sources for how to make this stuff happen.
okay. that's out of the way.
There are two basic mechanisms for encryption - symmetric and asymmetric. Traditionally symmetric is what is thought of: I have a key, I share the key with other people, everyone uses the same key to secure the data. Thing of Sherlock Holmes and the Dancing Men. Or the Brits and the Enigma.
There's just one problem: when the key is known, the secret isn't secret. And if one person defects (computer stolen, key file hacked into and downloaded, codebook stolen/copied), you are out of luck creek, and your paddle is back at camp, and the 'water' is going to the rapids pretty fast.
So some chaps invented public/private encryption, aka asymmetric encryption, in the 70s. It's a long and occasionally thrilling story documented elsewhere. This is what lets the entire ecommerce world operate. Online banking, stock trading, Amazon buying, eBay trading, and a little thing called HTTPS. Public/Private key encryption splits an encryption password into two parts: the public one, which is used to encrypt, and the private one, which is used to decrypt. Note the bold. This is important.
I've never read a competent guide to public key encryption. They all read like they were written by either aging cyberpunks or aging math geeks. This probably won't be a competent one either. Anyway.
HTTPS means "secure HTTP", or, put another way, "secure internet". Most browsers (all?) put a little padlock symbol somewhere on the program when HTTPS is enabled.
What this method of securing the internet does is present the public part of a public/private key. Your browser goes around behind the scenes and asks for the 'pubkey'. The browser reads the pubkey and does a bit of 'handshaking' (the technically interested are referred to the diffie-hellman key exchange as an example) to set up an encrypted connection.
SOUNDS GREAT, YEAH? There's a problem. What if someone hacked your ISP to intercept these public key requests and do sort of a "water bucket chain" of encryption on your website operation? Then they could read the communication! (The Tunesian government did this in late December before they were brought down. NOT JUST A JOKE, FOLKS.).
So what has to happen is some way of authenticating a public key to be coming from the right website. This is done by what's called a Certificate Authority and the "Public Key Infrastructure", fondly referred to as CAs and the PKI. The CA builds certificates for entities (websites) and theoretically authenticates that a website is for real (Please don't look behind the curtain, but the CA by the name of COMODO got hacked to generate some fake certificates for Google and a few others).
But we're looking behind the curtain, because you, dear reader, are paranoid/vaguely interested enough to want to secure your communications (from people who aren't in your apartment or your reader's apartment).
The reality is that CAscan be are hacked, and HTTPS can be falsified (pro tip: a commercial-grade web proxy can be configured to unwrap HTTPS).
So we are forced to consider methods a bit more manual. This is where you go reading guides online and being confused, because us tech geeks can't write for a broad audience to save ourselves. (Plus crypto software makes Lotus Notes look easy to use).
Here is where you will find that modern crypto is madly confusing. Not only can you encrypt, but you can "sign" and "hash". Go ahead. Read about it. Knowledge is power.
Now what I want to talk about for a bit is the "signing" idea. Signing a computer file works roughly like this: Given a private key (known only to you), and a file (just a stream of data), then a secondary file that is unique to the combination of private key and original file can be created. The secondary file is like a real-world signature (except it isn't, since it doesn't modify the original file), in that it can only have come from you (or anyone who has the private key). You can always sign files. But if you want to encrypt files, you need to know someone else's public key - remember, public keys are for encrypting, private keys are for decrypting.
And one last caveat: All security can be broken. The only question is the time and effort needed to break it. Encryption security is predicated on current algorithms for breaking encryption. Those get better all the time. Plan your security based on the level of your opponent.
PART TWO: ACTUALLY GETTING THE BLEEPING EMAIL SECURE, FOR A GIVEN VALUE OF SECURE.
In order to have a secure email conversation, we're going to use public key encryption. But the mechanism of public key infrastructure is going to be manual.
The canonical public key encryption system for email is the PGP system, created by Zimmerman in the '90s. The GNU project didn't want to shell out the fees to have security, so they built an open source public key software suite called GPG.
RECIPE FOR SECURE EMAIL.
* Computer
* Patience
* Access to the Internet
If you have a Mac computer and want to use Mac Mail, download http://www.gpgtools.org/index.html. Shut down Mail. Install it. Start up GPG Keychain Access. Create a new key. Make the key length as long as you can - I suggest 4096 for stuff that should be secure for a few years.
When you boot up Mail and go to create a message, you should have the option for signing emails.
If you have a Windows computer, it is not as easy. I used Claws-Mail for a while, which is an email client with a GPG feature. http://www.claws-mail.org/. You will need GPG4Win: http://www.claws-mail.org/. Install Claws Mail and GPG4Win. Load up Kleopatra and create a key. Boot up Claws Mail and configure your email account. You will need to define each email that you want to be signed or unencrypted - security is on be default.
If you have a Linux computer, you are not my target audience.
So in order to communicate with email, you need other people's public keys. That is what the CA system and the current public key infrastructure provides, in a very flawed fashion. So if you want to communicate with your buddy in the clubhouse, and not have your little sister reading in, you two need to share your public keys with each other.
Go ahead. Email them. They are public. It's not a breach of security to share a public key.
Yes, it's a problem when you have a bunch of people. Sorry. Look up key signing parties and the "Web of Trust". It gets unfortunately complicated. Yes, the public key system is problematic when there are no automated tools to manage them.
What about that nasty little private key thing? Ah, there's another rub. Private keys have to be private. They are how you decrypt incoming data to you. You need to back private keys up. But you need to back them up securely. One mechanism that you might do - determine if this is practical for you! - is burn a CD-R (not RW) and put it in a safe. Or print it out and put it in a safe place.
Remember, if someone can start signing with your private key, they are faking as you. (One approach might be to symmetrically encrypt your private key!)
Meticulously consider the threats you are defending against and their possible capabilities; build your security to handle those capabilities.
PART TWO POINT ONE: WHEREIN WE TALK ABOUT OTHER FILES
What about other files besides email?
You can do that too with GPG. But I'm not writing that guide today. (Hint: check gpg --help on your command line)
Thanks for reading.
AND NOW FOR MY PUBKEY:
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools - http://gpgtools.org
mQINBE2Xn6oBEADS2g7K2CoLivDYYLs/VFd01lkQZ+q+KwvWiKWbNMTt0EU9VARZ
wfmUJzODCYF6JsMqayC3HVPi8RtIqs97CYlb2lMGclWlqItURxhnprz6qjl/ezJ+
bDqzH+X5bFz/KOpVQEi/sNRkOfKjR+o3QoXte6G8PvyVPSehY22QeZ/FQC/37vj5
T0g1OOx7Q1MDP7uDdhlwBARbgW0jRl0qGzWzZCQ0EqNgKH/cN87VUh9+HqK0+zau
mnjCSXkSdrKHB5I2CjrT0cuknYZNAMFomGG5xpY46ZpUBva0dF/etviKAUc6KE+c
wbxwiGgAtnuP42uLORuTnMfxiGnE7pKnA6wZ9xlurx/znFOFA6UHSd1aZb5JowBp
Du11ZM41LfaCq6Q+s7y1OtiMLL4iQbvCEerHHVtQalUwXzIl1LiLBYYMukVG0Y9A
dZn8lnXJ5RIbn0FwyxjstBrZgckgcscXxq349UyPfzlKx6g8+GSTXjg5x8QAJVsL
ZRc3guTfV1JgKmY/IOb6jr6q554QOXe9exhoqw3q/DGKLJ1dun43GSc0Uzkpmu5j
SOaQt+4EcpWyQmJsRYfOuHgKjElw6gpXHp6jRFlKoNajCn6JFPGjSCRRD+D5QM+e
293H0AQ2UQcc50JGAVXLi6BOMRVI94VdAbyybFlggiNJ/83VmEEoiBeAwwARAQAB
tCZ2bGlvbiAobWUgQCBkdykgPHZsaW9uQGRyZWFtd2lkdGgub3JnPokCOAQTAQIA
IgUCTZefqgIbLwYLCQgHAwIGFQgCCQoLBBYCAwECHgECF4AACgkQZ4QI6upxf9Gf
AQ//fXooBhuvVuvzQELkqZ1eKb+YTB+XeQ77K56m9wkK5Kc2UvYlD0yhw3wiUclF
Xj7A9+STh/WMyUmCX833sWjIK/jbXYV8EZ+fqRi+Pp8NPaaA2uufbE0Sk0zBp3ZL
Fx9RzHOv8JQJxAYGB+wDzEcC/6Fb13IzxSxTPcB6DCDfZ2sW2nckQ5uLRf/Y3uTT
K7NbuFk5ndxXomq9SEiE6czsGuURFvcCBpvtn5Tkn1zl2kDe09clNEPJ29+IbikB
xu6sAh5UvPrN5TYa6X9wP3ALbgzWH2SbmPzabLHjx4m+l7E57Vpew/EJxR8Qb8UN
LfNXtkZVy68kEFYbqAu7Vno5zxRr6Q/glV2bhC5yFN1fqGORGdFLapJxdPcQs0B6
v+gOiRIgAbtocP7L44YWB5HeFT1g3zo8UGpdqmHn80Ht+/TRUisa0CUr/QtSHdv7
tpf8ZJ1wywTnbkIbYTlmb/dZqHRVWeYSxh0Jm9APRFxFGZ+N+44Ii4JMZcls6gLq
w0zBzXdbF9di05fZtOq70hPgOu5KbjETOmrmrawSbQ6QNI4wcPNXuQtaRjLDJx1W
PedLoWvBdBZdAs8E2J0p1C6t+Dia9xOW2exxdxsw0b9cuRMYLln16sZUXrd48nig
xot+wBh20gS8oK14tAUlaSJ+Tm5tCYuxwAtbTYOt7CeTddG5Ag0ETZefqgEQAOYB
99tmRPV4lAzzjsby8WrALiWfCfwy8IgbURXuFRX2lmaio0Juddj3N80hOJEiVs22
7B8DbfcpeKsQwp7f+lC9ichkMXyGxIqriHNfkiZBfx6sFSIxWaHeFgTAxovTBYuC
6lqH6E6YC1EzVcxnu4jKFcl6U4+RoT1ChTRjP6M7axQ6Tqpx03PKHcZv66rWDGb5
1PwgIPvVsRhn9rywERc/oSZFtEB8HJE2tiUwOxzwyXBvCOUb0MVc045P76IFkSd3
zKbg14ZJrqaWoJjzIKlSJkSc1BMVAeOzLw6jmuHcnElpGkaVO6YEEvB60OudDbMR
i0WQo/HRz1D6YCBQDl2eHQg8wic6ox2OWRqIkBC42a9yfNS+eU6QTsRuelKwqmDV
g0cZOUnoBMUBTR6YRvGDfFrOA6w3mf+8XKZ/eL3rXpQ+Dshgz4rNj4qtwzxc/XL7
IyQv6sGqNnBCq7L/mwpQze8MdG8xWjcSzuDmEiajiHFfHSUrZPLMha+JMiOqIA2X
Y6Rq9651CBA15k1JiOmz4NYlsPI97vmRhXKGoFgydHc7svjvS6PBi97G5odHTKAa
eJoUxxcpm7NUVxr7ra1dOMu8CR7rSC/d8xyWsr9oTvvYTQCu+cwoOmCm9NdNIKM8
K42rqHkExYR991N7IHvMsNGw/u8isIw3aNibpvBhABEBAAGJBD4EGAECAAkFAk2X
n6oCGy4CKQkQZ4QI6upxf9HBXSAEGQECAAYFAk2Xn6oACgkQ4zlOnkKAhFg1JxAA
miRmh3q7B2GspgEtegWXGJK+4D6CYOfa/p/qIqjrNea7Vp8l2dHRshM0QreMIso7
Cd10FarDyHluP37HXfE+sCSZC1x6p2/jBz/7dc1nUNBufMVmvOq8gWwWONUhDth6
AaZUXmOF5HVt+Jyr5VfCBTG4lfXvP+fjbBYAkUjL4mUHJ2mjoRFO+dcsrfa4qOb/
rGatEn81sqYEqJazjDnYMK1KNZbnXykned5AmqOAxsT4UELhAzt4Ghr3rEMiCKIa
8tzSBDdCS2QkJfDSxYXYkTMdXvlhZycqcSkDMkBAYs+ma1AisfFj2cW7bM83sdlw
xyeVGO56W6M5qImolEBAxEAXGSUeT5fsfOfaAn1hkZIHYoVMDFOiO5Pn+c85pRec
QOfh1u3P9v20g/QcYGvrZ0PkD98ZRwyLSJQYSn6tcHO2yrG/z3Eg/G02MkU9lnSA
8HEDtkh7513Tpe44vrLXV037lvwjd/RC6NQjWcIphtwijkpNJjS++mDIvj2ubF/8
+kU/nWa0yn+1EW4HGcsjaLbu+4BofLD5ShDd6aqfwy2pTFu/NUmLpIWJip07o4f4
AbGGkQ9GnSzvi3nKHGsetgK1Ln4yYjATF2QBLFvA/GR1D6MkTsB9OVO0C3xzIKmU
A3JK25vOwjSGg0O7u4SrrMcmO9V+fBz0jLFzveZoM6ESiQ/8CckHfwgu6ALo0YdT
q/Pq+JTDKBYgGJvvKXN++ZFcX/SZFo+fpBMOsinzT5JuRJeK39o51b2pGHQjrX4F
AZqnrRDa+FWTiTMERdwv0IIcudiNaqZ1SUoD+VziawyJ26sttAFr3ntKWecSudkN
H0AOJFh5VcF1akmxyCZjB1pq4H6MY20kdyYNhwQPPeGx0TunRWm2vBXt0d6kIHsd
dPGHHy9pksOq6/oFAmkT0alyxuu+jSihnKCUOFoJHdD9uVjDLWJh6hMJlAKeb+FN
0+PEF1rVCQnRjS/CS+y/A/m6f8nwy4gh3O/6yzUBCWtXKps2IWswPCwkvMPSq7Ap
Y0ThXcGVynJiPS5LTd5ge978dFGM7h3OBwkTGJ70L3Z9pEiv19taCDlsU8gOe+aU
5VDf0DyvKIc8Ct+XjxDavNg4oSMgJt5X2L4oFskINQbJT0GW6CVrSvf6PHHfKDb/
4NBpjCTVJYCw02lcSs/H1rcoIWPYz0d0CVGv2koXxnqMKKq/jYSCHjG3+8kjivQa
qem6xILj/H+Z7W/6apzSQem9BTs3bwVrig0diNqAdwx2Bq52ljSwiE4k0OVGWnRq
zAXskiCwo5J8Mz/XffdwvMjEFqfg1j5GTtisoEocOHwFmd6E2YYgmus1pp6X47fr
+2Wpy/zOXur6g9BoNFodHQyikAo=
=P5TL
-----END PGP PUBLIC KEY BLOCK-----
a mini howto/guide to securing email for people okay with computers but not programmers
why
There's not a lot of clarity when it comes to security, encryption, and the internet. Here's some disambiguity, geared to the non-techhead.
definitions
encryption
A method of mathematically "twisting" data using an algorithm and a password.
symmetric encryption
A method of encryption that uses the same password to twist the data and to untwist it.
asymmetric encryption a.k.a. public-key encryption
A method of encryption that uses two different passwords( a public one and a private one) to twist and untwist data.
key
The password used in combination with the encryption algorithm
algorithm
The recipe for performing operations on data
AES, DES, Triple-DES, Blowfish, Twofish, RSA
Different encryption algorithms.
PART ONE: WHEREIN YOU ARE BOTH CONFUSED AND SCARED
So you've decided to secure/protect your email.
Great. I'll tell you how to secure your email "in-flight". That doesn't mean that the person on the other side can't read it, or show it to other people, or video cameras can't watch your screen, or a TEMPEST system can't deduce it, or your laptop can't be stolen with your "private key", or any of one thousand and one other things can't happen.
It just means you can secure your data in-flight. Everything else is fair game. Security is hard. Cross-check your sources for how to make this stuff happen.
okay. that's out of the way.
There are two basic mechanisms for encryption - symmetric and asymmetric. Traditionally symmetric is what is thought of: I have a key, I share the key with other people, everyone uses the same key to secure the data. Thing of Sherlock Holmes and the Dancing Men. Or the Brits and the Enigma.
There's just one problem: when the key is known, the secret isn't secret. And if one person defects (computer stolen, key file hacked into and downloaded, codebook stolen/copied), you are out of luck creek, and your paddle is back at camp, and the 'water' is going to the rapids pretty fast.
So some chaps invented public/private encryption, aka asymmetric encryption, in the 70s. It's a long and occasionally thrilling story documented elsewhere. This is what lets the entire ecommerce world operate. Online banking, stock trading, Amazon buying, eBay trading, and a little thing called HTTPS. Public/Private key encryption splits an encryption password into two parts: the public one, which is used to encrypt, and the private one, which is used to decrypt. Note the bold. This is important.
I've never read a competent guide to public key encryption. They all read like they were written by either aging cyberpunks or aging math geeks. This probably won't be a competent one either. Anyway.
HTTPS means "secure HTTP", or, put another way, "secure internet". Most browsers (all?) put a little padlock symbol somewhere on the program when HTTPS is enabled.
What this method of securing the internet does is present the public part of a public/private key. Your browser goes around behind the scenes and asks for the 'pubkey'. The browser reads the pubkey and does a bit of 'handshaking' (the technically interested are referred to the diffie-hellman key exchange as an example) to set up an encrypted connection.
SOUNDS GREAT, YEAH? There's a problem. What if someone hacked your ISP to intercept these public key requests and do sort of a "water bucket chain" of encryption on your website operation? Then they could read the communication! (The Tunesian government did this in late December before they were brought down. NOT JUST A JOKE, FOLKS.).
So what has to happen is some way of authenticating a public key to be coming from the right website. This is done by what's called a Certificate Authority and the "Public Key Infrastructure", fondly referred to as CAs and the PKI. The CA builds certificates for entities (websites) and theoretically authenticates that a website is for real (Please don't look behind the curtain, but the CA by the name of COMODO got hacked to generate some fake certificates for Google and a few others).
But we're looking behind the curtain, because you, dear reader, are paranoid/vaguely interested enough to want to secure your communications (from people who aren't in your apartment or your reader's apartment).
The reality is that CAs
So we are forced to consider methods a bit more manual. This is where you go reading guides online and being confused, because us tech geeks can't write for a broad audience to save ourselves. (Plus crypto software makes Lotus Notes look easy to use).
Here is where you will find that modern crypto is madly confusing. Not only can you encrypt, but you can "sign" and "hash". Go ahead. Read about it. Knowledge is power.
Now what I want to talk about for a bit is the "signing" idea. Signing a computer file works roughly like this: Given a private key (known only to you), and a file (just a stream of data), then a secondary file that is unique to the combination of private key and original file can be created. The secondary file is like a real-world signature (except it isn't, since it doesn't modify the original file), in that it can only have come from you (or anyone who has the private key). You can always sign files. But if you want to encrypt files, you need to know someone else's public key - remember, public keys are for encrypting, private keys are for decrypting.
And one last caveat: All security can be broken. The only question is the time and effort needed to break it. Encryption security is predicated on current algorithms for breaking encryption. Those get better all the time. Plan your security based on the level of your opponent.
PART TWO: ACTUALLY GETTING THE BLEEPING EMAIL SECURE, FOR A GIVEN VALUE OF SECURE.
In order to have a secure email conversation, we're going to use public key encryption. But the mechanism of public key infrastructure is going to be manual.
The canonical public key encryption system for email is the PGP system, created by Zimmerman in the '90s. The GNU project didn't want to shell out the fees to have security, so they built an open source public key software suite called GPG.
RECIPE FOR SECURE EMAIL.
* Computer
* Patience
* Access to the Internet
If you have a Mac computer and want to use Mac Mail, download http://www.gpgtools.org/index.html. Shut down Mail. Install it. Start up GPG Keychain Access. Create a new key. Make the key length as long as you can - I suggest 4096 for stuff that should be secure for a few years.
When you boot up Mail and go to create a message, you should have the option for signing emails.
If you have a Windows computer, it is not as easy. I used Claws-Mail for a while, which is an email client with a GPG feature. http://www.claws-mail.org/. You will need GPG4Win: http://www.claws-mail.org/. Install Claws Mail and GPG4Win. Load up Kleopatra and create a key. Boot up Claws Mail and configure your email account. You will need to define each email that you want to be signed or unencrypted - security is on be default.
If you have a Linux computer, you are not my target audience.
So in order to communicate with email, you need other people's public keys. That is what the CA system and the current public key infrastructure provides, in a very flawed fashion. So if you want to communicate with your buddy in the clubhouse, and not have your little sister reading in, you two need to share your public keys with each other.
Go ahead. Email them. They are public. It's not a breach of security to share a public key.
Yes, it's a problem when you have a bunch of people. Sorry. Look up key signing parties and the "Web of Trust". It gets unfortunately complicated. Yes, the public key system is problematic when there are no automated tools to manage them.
What about that nasty little private key thing? Ah, there's another rub. Private keys have to be private. They are how you decrypt incoming data to you. You need to back private keys up. But you need to back them up securely. One mechanism that you might do - determine if this is practical for you! - is burn a CD-R (not RW) and put it in a safe. Or print it out and put it in a safe place.
Remember, if someone can start signing with your private key, they are faking as you. (One approach might be to symmetrically encrypt your private key!)
Meticulously consider the threats you are defending against and their possible capabilities; build your security to handle those capabilities.
PART TWO POINT ONE: WHEREIN WE TALK ABOUT OTHER FILES
What about other files besides email?
You can do that too with GPG. But I'm not writing that guide today. (Hint: check gpg --help on your command line)
Thanks for reading.
AND NOW FOR MY PUBKEY:
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools - http://gpgtools.org
mQINBE2Xn6oBEADS2g7K2CoLivDYYLs/VFd01lkQZ+q+KwvWiKWbNMTt0EU9VARZ
wfmUJzODCYF6JsMqayC3HVPi8RtIqs97CYlb2lMGclWlqItURxhnprz6qjl/ezJ+
bDqzH+X5bFz/KOpVQEi/sNRkOfKjR+o3QoXte6G8PvyVPSehY22QeZ/FQC/37vj5
T0g1OOx7Q1MDP7uDdhlwBARbgW0jRl0qGzWzZCQ0EqNgKH/cN87VUh9+HqK0+zau
mnjCSXkSdrKHB5I2CjrT0cuknYZNAMFomGG5xpY46ZpUBva0dF/etviKAUc6KE+c
wbxwiGgAtnuP42uLORuTnMfxiGnE7pKnA6wZ9xlurx/znFOFA6UHSd1aZb5JowBp
Du11ZM41LfaCq6Q+s7y1OtiMLL4iQbvCEerHHVtQalUwXzIl1LiLBYYMukVG0Y9A
dZn8lnXJ5RIbn0FwyxjstBrZgckgcscXxq349UyPfzlKx6g8+GSTXjg5x8QAJVsL
ZRc3guTfV1JgKmY/IOb6jr6q554QOXe9exhoqw3q/DGKLJ1dun43GSc0Uzkpmu5j
SOaQt+4EcpWyQmJsRYfOuHgKjElw6gpXHp6jRFlKoNajCn6JFPGjSCRRD+D5QM+e
293H0AQ2UQcc50JGAVXLi6BOMRVI94VdAbyybFlggiNJ/83VmEEoiBeAwwARAQAB
tCZ2bGlvbiAobWUgQCBkdykgPHZsaW9uQGRyZWFtd2lkdGgub3JnPokCOAQTAQIA
IgUCTZefqgIbLwYLCQgHAwIGFQgCCQoLBBYCAwECHgECF4AACgkQZ4QI6upxf9Gf
AQ//fXooBhuvVuvzQELkqZ1eKb+YTB+XeQ77K56m9wkK5Kc2UvYlD0yhw3wiUclF
Xj7A9+STh/WMyUmCX833sWjIK/jbXYV8EZ+fqRi+Pp8NPaaA2uufbE0Sk0zBp3ZL
Fx9RzHOv8JQJxAYGB+wDzEcC/6Fb13IzxSxTPcB6DCDfZ2sW2nckQ5uLRf/Y3uTT
K7NbuFk5ndxXomq9SEiE6czsGuURFvcCBpvtn5Tkn1zl2kDe09clNEPJ29+IbikB
xu6sAh5UvPrN5TYa6X9wP3ALbgzWH2SbmPzabLHjx4m+l7E57Vpew/EJxR8Qb8UN
LfNXtkZVy68kEFYbqAu7Vno5zxRr6Q/glV2bhC5yFN1fqGORGdFLapJxdPcQs0B6
v+gOiRIgAbtocP7L44YWB5HeFT1g3zo8UGpdqmHn80Ht+/TRUisa0CUr/QtSHdv7
tpf8ZJ1wywTnbkIbYTlmb/dZqHRVWeYSxh0Jm9APRFxFGZ+N+44Ii4JMZcls6gLq
w0zBzXdbF9di05fZtOq70hPgOu5KbjETOmrmrawSbQ6QNI4wcPNXuQtaRjLDJx1W
PedLoWvBdBZdAs8E2J0p1C6t+Dia9xOW2exxdxsw0b9cuRMYLln16sZUXrd48nig
xot+wBh20gS8oK14tAUlaSJ+Tm5tCYuxwAtbTYOt7CeTddG5Ag0ETZefqgEQAOYB
99tmRPV4lAzzjsby8WrALiWfCfwy8IgbURXuFRX2lmaio0Juddj3N80hOJEiVs22
7B8DbfcpeKsQwp7f+lC9ichkMXyGxIqriHNfkiZBfx6sFSIxWaHeFgTAxovTBYuC
6lqH6E6YC1EzVcxnu4jKFcl6U4+RoT1ChTRjP6M7axQ6Tqpx03PKHcZv66rWDGb5
1PwgIPvVsRhn9rywERc/oSZFtEB8HJE2tiUwOxzwyXBvCOUb0MVc045P76IFkSd3
zKbg14ZJrqaWoJjzIKlSJkSc1BMVAeOzLw6jmuHcnElpGkaVO6YEEvB60OudDbMR
i0WQo/HRz1D6YCBQDl2eHQg8wic6ox2OWRqIkBC42a9yfNS+eU6QTsRuelKwqmDV
g0cZOUnoBMUBTR6YRvGDfFrOA6w3mf+8XKZ/eL3rXpQ+Dshgz4rNj4qtwzxc/XL7
IyQv6sGqNnBCq7L/mwpQze8MdG8xWjcSzuDmEiajiHFfHSUrZPLMha+JMiOqIA2X
Y6Rq9651CBA15k1JiOmz4NYlsPI97vmRhXKGoFgydHc7svjvS6PBi97G5odHTKAa
eJoUxxcpm7NUVxr7ra1dOMu8CR7rSC/d8xyWsr9oTvvYTQCu+cwoOmCm9NdNIKM8
K42rqHkExYR991N7IHvMsNGw/u8isIw3aNibpvBhABEBAAGJBD4EGAECAAkFAk2X
n6oCGy4CKQkQZ4QI6upxf9HBXSAEGQECAAYFAk2Xn6oACgkQ4zlOnkKAhFg1JxAA
miRmh3q7B2GspgEtegWXGJK+4D6CYOfa/p/qIqjrNea7Vp8l2dHRshM0QreMIso7
Cd10FarDyHluP37HXfE+sCSZC1x6p2/jBz/7dc1nUNBufMVmvOq8gWwWONUhDth6
AaZUXmOF5HVt+Jyr5VfCBTG4lfXvP+fjbBYAkUjL4mUHJ2mjoRFO+dcsrfa4qOb/
rGatEn81sqYEqJazjDnYMK1KNZbnXykned5AmqOAxsT4UELhAzt4Ghr3rEMiCKIa
8tzSBDdCS2QkJfDSxYXYkTMdXvlhZycqcSkDMkBAYs+ma1AisfFj2cW7bM83sdlw
xyeVGO56W6M5qImolEBAxEAXGSUeT5fsfOfaAn1hkZIHYoVMDFOiO5Pn+c85pRec
QOfh1u3P9v20g/QcYGvrZ0PkD98ZRwyLSJQYSn6tcHO2yrG/z3Eg/G02MkU9lnSA
8HEDtkh7513Tpe44vrLXV037lvwjd/RC6NQjWcIphtwijkpNJjS++mDIvj2ubF/8
+kU/nWa0yn+1EW4HGcsjaLbu+4BofLD5ShDd6aqfwy2pTFu/NUmLpIWJip07o4f4
AbGGkQ9GnSzvi3nKHGsetgK1Ln4yYjATF2QBLFvA/GR1D6MkTsB9OVO0C3xzIKmU
A3JK25vOwjSGg0O7u4SrrMcmO9V+fBz0jLFzveZoM6ESiQ/8CckHfwgu6ALo0YdT
q/Pq+JTDKBYgGJvvKXN++ZFcX/SZFo+fpBMOsinzT5JuRJeK39o51b2pGHQjrX4F
AZqnrRDa+FWTiTMERdwv0IIcudiNaqZ1SUoD+VziawyJ26sttAFr3ntKWecSudkN
H0AOJFh5VcF1akmxyCZjB1pq4H6MY20kdyYNhwQPPeGx0TunRWm2vBXt0d6kIHsd
dPGHHy9pksOq6/oFAmkT0alyxuu+jSihnKCUOFoJHdD9uVjDLWJh6hMJlAKeb+FN
0+PEF1rVCQnRjS/CS+y/A/m6f8nwy4gh3O/6yzUBCWtXKps2IWswPCwkvMPSq7Ap
Y0ThXcGVynJiPS5LTd5ge978dFGM7h3OBwkTGJ70L3Z9pEiv19taCDlsU8gOe+aU
5VDf0DyvKIc8Ct+XjxDavNg4oSMgJt5X2L4oFskINQbJT0GW6CVrSvf6PHHfKDb/
4NBpjCTVJYCw02lcSs/H1rcoIWPYz0d0CVGv2koXxnqMKKq/jYSCHjG3+8kjivQa
qem6xILj/H+Z7W/6apzSQem9BTs3bwVrig0diNqAdwx2Bq52ljSwiE4k0OVGWnRq
zAXskiCwo5J8Mz/XffdwvMjEFqfg1j5GTtisoEocOHwFmd6E2YYgmus1pp6X47fr
+2Wpy/zOXur6g9BoNFodHQyikAo=
=P5TL
-----END PGP PUBLIC KEY BLOCK-----
