draft-ietf-lamps-header-protection-06.txt   draft-ietf-lamps-header-protection-07.txt 
LAMPS Working Group D.K. Gillmor LAMPS Working Group D.K. Gillmor
Internet-Draft American Civil Liberties Union Internet-Draft American Civil Liberties Union
Intended status: Standards Track B. Hoeneisen Intended status: Standards Track B. Hoeneisen
Expires: 27 January 2022 pEp Foundation Expires: 6 August 2022 pEp Foundation
A. Melnikov A. Melnikov
Isode Ltd Isode Ltd
26 July 2021 2 February 2022
Header Protection for S/MIME Header Protection for S/MIME
draft-ietf-lamps-header-protection-06 draft-ietf-lamps-header-protection-07
Abstract Abstract
S/MIME version 3.1 has introduced a feasible standardized option to S/MIME version 3.1 has introduced a feasible standardized option to
accomplish Header Protection. However, few implementations generate accomplish Header Protection. However, few implementations generate
messages using this structure, and several legacy and non-legacy messages using this structure, and several legacy and non-legacy
implementations have revealed rendering issues at the receiving side. implementations have revealed rendering issues at the receiving side.
Clearer specifications regarding message processing, particularly Clearer specifications regarding message processing, particularly
with respect to header sections, are needed in order to resolve these with respect to header sections, are needed in order to resolve these
rendering issues. Some mail user agents are also sending and rendering issues. Some mail user agents are also sending and
skipping to change at page 1, line 46 skipping to change at page 1, line 46
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at https://datatracker.ietf.org/drafts/current/. Drafts is at https://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on 27 January 2022. This Internet-Draft will expire on 6 August 2022.
Copyright Notice Copyright Notice
Copyright (c) 2021 IETF Trust and the persons identified as the Copyright (c) 2022 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents (https://trustee.ietf.org/ Provisions Relating to IETF Documents (https://trustee.ietf.org/
license-info) in effect on the date of publication of this document. license-info) in effect on the date of publication of this document.
Please review these documents carefully, as they describe your rights Please review these documents carefully, as they describe your rights
and restrictions with respect to this document. Code Components and restrictions with respect to this document. Code Components
extracted from this document must include Simplified BSD License text extracted from this document must include Revised BSD License text as
as described in Section 4.e of the Trust Legal Provisions and are described in Section 4.e of the Trust Legal Provisions and are
provided without warranty as described in the Simplified BSD License. provided without warranty as described in the Revised BSD License.
Table of Contents Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 5 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 5
1.1. Two Schemes of Protected Headers . . . . . . . . . . . . 5 1.1. Two Schemes of Protected Headers . . . . . . . . . . . . 5
1.2. Problems with Wrapped Messages . . . . . . . . . . . . . 6 1.2. Problems with Wrapped Messages . . . . . . . . . . . . . 6
1.3. Problems with Injected Headers . . . . . . . . . . . . . 6 1.3. Problems with Injected Headers . . . . . . . . . . . . . 6
1.4. Motivation . . . . . . . . . . . . . . . . . . . . . . . 7 1.4. Motivation . . . . . . . . . . . . . . . . . . . . . . . 7
1.5. Other Protocols to Protect Email Headers . . . . . . . . 7 1.5. Other Protocols to Protect Email Headers . . . . . . . . 7
1.6. Requirements Language . . . . . . . . . . . . . . . . . . 7 1.6. Requirements Language . . . . . . . . . . . . . . . . . . 7
skipping to change at page 2, line 45 skipping to change at page 2, line 45
3.1. Interactions . . . . . . . . . . . . . . . . . . . . . . 11 3.1. Interactions . . . . . . . . . . . . . . . . . . . . . . 11
3.1.1. Main Use Case . . . . . . . . . . . . . . . . . . . . 12 3.1.1. Main Use Case . . . . . . . . . . . . . . . . . . . . 12
3.1.2. Backward Compatibility Use Cases . . . . . . . . . . 12 3.1.2. Backward Compatibility Use Cases . . . . . . . . . . 12
3.2. Protection Levels . . . . . . . . . . . . . . . . . . . . 13 3.2. Protection Levels . . . . . . . . . . . . . . . . . . . . 13
3.2.1. In-Scope . . . . . . . . . . . . . . . . . . . . . . 13 3.2.1. In-Scope . . . . . . . . . . . . . . . . . . . . . . 13
3.2.2. Out-of-Scope . . . . . . . . . . . . . . . . . . . . 13 3.2.2. Out-of-Scope . . . . . . . . . . . . . . . . . . . . 13
4. Specification . . . . . . . . . . . . . . . . . . . . . . . . 14 4. Specification . . . . . . . . . . . . . . . . . . . . . . . . 14
4.1. Main Use Case . . . . . . . . . . . . . . . . . . . . . . 14 4.1. Main Use Case . . . . . . . . . . . . . . . . . . . . . . 14
4.1.1. MIME Format . . . . . . . . . . . . . . . . . . . . . 15 4.1.1. MIME Format . . . . . . . . . . . . . . . . . . . . . 15
4.1.2. Sending Side . . . . . . . . . . . . . . . . . . . . 17 4.1.2. Sending Side . . . . . . . . . . . . . . . . . . . . 17
4.1.3. Default Header Confidentiality Policy . . . . . . . . 22 4.1.3. Default Header Confidentiality Policy . . . . . . . . 23
4.1.4. Receiving Side . . . . . . . . . . . . . . . . . . . 23 4.1.4. Receiving Side . . . . . . . . . . . . . . . . . . . 24
4.2. Backward Compatibility Use Cases . . . . . . . . . . . . 31 4.2. Backward Compatibility Use Cases . . . . . . . . . . . . 33
4.2.1. Receiving Side MIME-Conformant . . . . . . . . . . . 32 4.2.1. Receiving Side MIME-Conformant . . . . . . . . . . . 33
4.2.2. Receiving Side Not MIME-Conformant . . . . . . . . . 32 4.2.2. Receiving Side Not MIME-Conformant . . . . . . . . . 33
5. Usability Considerations . . . . . . . . . . . . . . . . . . 33 5. Usability Considerations . . . . . . . . . . . . . . . . . . 34
5.1. Mixed Protections Within a Message Are Hard To 5.1. Mixed Protections Within a Message Are Hard To
Understand . . . . . . . . . . . . . . . . . . . . . . . 33 Understand . . . . . . . . . . . . . . . . . . . . . . . 34
5.2. Users Should Not Have To Choose a Header Confidentiality 5.2. Users Should Not Have To Choose a Header Confidentiality
Policy . . . . . . . . . . . . . . . . . . . . . . . . . 33 Policy . . . . . . . . . . . . . . . . . . . . . . . . . 34
6. Security Considerations . . . . . . . . . . . . . . . . . . . 33 6. Security Considerations . . . . . . . . . . . . . . . . . . . 34
7. Privacy Considerations . . . . . . . . . . . . . . . . . . . 33 7. Privacy Considerations . . . . . . . . . . . . . . . . . . . 34
8. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 33 8. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 34
9. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 33 9. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 34
10. References . . . . . . . . . . . . . . . . . . . . . . . . . 33 10. References . . . . . . . . . . . . . . . . . . . . . . . . . 34
10.1. Normative References . . . . . . . . . . . . . . . . . . 33 10.1. Normative References . . . . . . . . . . . . . . . . . . 34
10.2. Informative References . . . . . . . . . . . . . . . . . 34 10.2. Informative References . . . . . . . . . . . . . . . . . 35
Appendix A. Possible Problems with some Legacy Clients . . . . . 36 Appendix A. Possible Problems with some Legacy Clients . . . . . 37
A.1. Problems Reviewing signed+encrypted Messages in List A.1. Problems Reviewing signed+encrypted Messages in List
View . . . . . . . . . . . . . . . . . . . . . . . . . . 36 View . . . . . . . . . . . . . . . . . . . . . . . . . . 37
A.2. Problems when Rendering a signed+encrypted Message . . . 36 A.2. Problems when Rendering a signed+encrypted Message . . . 37
A.3. Problems when Replying to a signed+encrypted Message . . 37 A.3. Problems when Replying to a signed+encrypted Message . . 38
A.4. Problems Reviewing signed-only Messages in List View . . 38 A.4. Problems Reviewing signed-only Messages in List View . . 39
A.5. Problems when Rendering a signed-only Message . . . . . . 38 A.5. Problems when Rendering a signed-only Message . . . . . . 39
A.6. Problems when Replying to a signed-only Message . . . . . 39 A.6. Problems when Replying to a signed-only Message . . . . . 40
Appendix B. Test Vectors . . . . . . . . . . . . . . . . . . . . 39 Appendix B. Test Vectors . . . . . . . . . . . . . . . . . . . . 40
B.1. Baseline Messages . . . . . . . . . . . . . . . . . . . . 39 B.1. Baseline Messages . . . . . . . . . . . . . . . . . . . . 40
B.1.1. No cryptographic protections over a simple message . 40 B.1.1. No cryptographic protections over a simple message . 41
B.1.2. S/MIME signed-only signedData over a simple message, No B.1.2. S/MIME signed-only signedData over a simple message, No
Header Protection . . . . . . . . . . . . . . . . . . 40 Header Protection . . . . . . . . . . . . . . . . . . 41
B.1.3. S/MIME signed-only multipart/signed over a simple B.1.3. S/MIME signed-only multipart/signed over a simple
message, No Header Protection . . . . . . . . . . . . 42 message, No Header Protection . . . . . . . . . . . . 43
B.1.4. S/MIME encrypted and signed over a simple message, No B.1.4. S/MIME encrypted and signed over a simple message, No
Header Protection . . . . . . . . . . . . . . . . . . 44 Header Protection . . . . . . . . . . . . . . . . . . 45
B.1.5. No cryptographic protections over a complex B.1.5. No cryptographic protections over a complex
message . . . . . . . . . . . . . . . . . . . . . . . 47 message . . . . . . . . . . . . . . . . . . . . . . . 48
B.1.6. S/MIME signed-only signedData over a complex message, B.1.6. S/MIME signed-only signedData over a complex message,
No Header Protection . . . . . . . . . . . . . . . . 48 No Header Protection . . . . . . . . . . . . . . . . 49
B.1.7. S/MIME signed-only multipart/signed over a complex B.1.7. S/MIME signed-only multipart/signed over a complex
message, No Header Protection . . . . . . . . . . . . 51 message, No Header Protection . . . . . . . . . . . . 52
B.1.8. S/MIME encrypted and signed over a complex message, No B.1.8. S/MIME encrypted and signed over a complex message, No
Header Protection . . . . . . . . . . . . . . . . . . 54 Header Protection . . . . . . . . . . . . . . . . . . 55
B.2. Signed-only Messages . . . . . . . . . . . . . . . . . . 57 B.2. Signed-only Messages . . . . . . . . . . . . . . . . . . 58
B.2.1. S/MIME signed-only signedData over a simple message, B.2.1. S/MIME signed-only signedData over a simple message,
Wrapped Message . . . . . . . . . . . . . . . . . . . 57 Wrapped Message . . . . . . . . . . . . . . . . . . . 58
B.2.2. S/MIME signed-only multipart/signed over a simple B.2.2. S/MIME signed-only multipart/signed over a simple
message, Wrapped Message . . . . . . . . . . . . . . 59 message, Wrapped Message . . . . . . . . . . . . . . 60
B.2.3. S/MIME signed-only signedData over a simple message, B.2.3. S/MIME signed-only signedData over a simple message,
Injected Headers . . . . . . . . . . . . . . . . . . 62 Injected Headers . . . . . . . . . . . . . . . . . . 63
B.2.4. S/MIME signed-only multipart/signed over a simple B.2.4. S/MIME signed-only multipart/signed over a simple
message, Injected Headers . . . . . . . . . . . . . . 63 message, Injected Headers . . . . . . . . . . . . . . 64
B.2.5. S/MIME signed-only signedData over a complex message, B.2.5. S/MIME signed-only signedData over a complex message,
Wrapped Message . . . . . . . . . . . . . . . . . . . 66 Wrapped Message . . . . . . . . . . . . . . . . . . . 67
B.2.6. S/MIME signed-only multipart/signed over a complex B.2.6. S/MIME signed-only multipart/signed over a complex
message, Wrapped Message . . . . . . . . . . . . . . 68 message, Wrapped Message . . . . . . . . . . . . . . 69
B.2.7. S/MIME signed-only signedData over a complex message, B.2.7. S/MIME signed-only signedData over a complex message,
Injected Headers . . . . . . . . . . . . . . . . . . 71 Injected Headers . . . . . . . . . . . . . . . . . . 72
B.2.8. S/MIME signed-only multipart/signed over a complex B.2.8. S/MIME signed-only multipart/signed over a complex
message, Injected Headers . . . . . . . . . . . . . . 74 message, Injected Headers . . . . . . . . . . . . . . 75
B.3. Encrypted-and-signed Messages . . . . . . . . . . . . . . 77 B.3. Encrypted-and-signed Messages . . . . . . . . . . . . . . 78
B.3.1. S/MIME encrypted and signed over a simple message, B.3.1. S/MIME encrypted and signed over a simple message,
Wrapped Message with hcp_minimal . . . . . . . . . . 77 Wrapped Message with hcp_minimal . . . . . . . . . . 78
B.3.2. S/MIME encrypted and signed over a simple message, B.3.2. S/MIME encrypted and signed over a simple message,
Injected Headers with hcp_minimal . . . . . . . . . . 80 Injected Headers with hcp_minimal . . . . . . . . . . 81
B.3.3. S/MIME encrypted and signed over a simple message, B.3.3. S/MIME encrypted and signed over a simple message,
Injected Headers with hcp_minimal (+ Legacy Display) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 83 Injected Headers with hcp_minimal (+ Legacy Display) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 84
B.3.4. S/MIME encrypted and signed over a simple message, B.3.4. S/MIME encrypted and signed over a simple message,
Wrapped Message with hcp_strong . . . . . . . . . . . 86 Wrapped Message with hcp_strong . . . . . . . . . . . 87
B.3.5. S/MIME encrypted and signed over a simple message, B.3.5. S/MIME encrypted and signed over a simple message,
Injected Headers with hcp_strong . . . . . . . . . . 89 Injected Headers with hcp_strong . . . . . . . . . . 90
B.3.6. S/MIME encrypted and signed over a simple message, B.3.6. S/MIME encrypted and signed over a simple message,
Injected Headers with hcp_strong (+ Legacy Display) . 92 Injected Headers with hcp_strong (+ Legacy Display) . 93
B.3.7. S/MIME encrypted and signed reply over a simple B.3.7. S/MIME encrypted and signed reply over a simple
message, Wrapped Message with hcp_minimal . . . . . . 95 message, Wrapped Message with hcp_minimal . . . . . . 96
B.3.8. S/MIME encrypted and signed reply over a simple B.3.8. S/MIME encrypted and signed reply over a simple
message, Injected Headers with hcp_minimal . . . . . 98 message, Injected Headers with hcp_minimal . . . . . 99
B.3.9. S/MIME encrypted and signed reply over a simple B.3.9. S/MIME encrypted and signed reply over a simple
message, Injected Headers with hcp_minimal (+ Legacy message, Injected Headers with hcp_minimal (+ Legacy
Display) . . . . . . . . . . . . . . . . . . . . . . 101 Display) . . . . . . . . . . . . . . . . . . . . . . 102
B.3.10. S/MIME encrypted and signed reply over a simple B.3.10. S/MIME encrypted and signed reply over a simple
message, Wrapped Message with hcp_strong . . . . . . 105 message, Wrapped Message with hcp_strong . . . . . . 105
B.3.11. S/MIME encrypted and signed reply over a simple B.3.11. S/MIME encrypted and signed reply over a simple
message, Injected Headers with hcp_strong . . . . . . 108 message, Injected Headers with hcp_strong . . . . . . 108
B.3.12. S/MIME encrypted and signed reply over a simple B.3.12. S/MIME encrypted and signed reply over a simple
message, Injected Headers with hcp_strong (+ Legacy message, Injected Headers with hcp_strong (+ Legacy
Display) . . . . . . . . . . . . . . . . . . . . . . 111 Display) . . . . . . . . . . . . . . . . . . . . . . 111
B.3.13. S/MIME encrypted and signed over a complex message, B.3.13. S/MIME encrypted and signed over a complex message,
Wrapped Message with hcp_minimal . . . . . . . . . . 114 Wrapped Message with hcp_minimal . . . . . . . . . . 114
B.3.14. S/MIME encrypted and signed over a complex message, B.3.14. S/MIME encrypted and signed over a complex message,
Injected Headers with hcp_minimal . . . . . . . . . . 118 Injected Headers with hcp_minimal . . . . . . . . . . 118
B.3.15. S/MIME encrypted and signed over a complex message, B.3.15. S/MIME encrypted and signed over a complex message,
Injected Headers with hcp_minimal (+ Legacy Display) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 122 Injected Headers with hcp_minimal (+ Legacy Display) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 122
B.3.16. S/MIME encrypted and signed over a complex message, B.3.16. S/MIME encrypted and signed over a complex message,
Wrapped Message with hcp_strong . . . . . . . . . . . 126 Wrapped Message with hcp_strong . . . . . . . . . . . 126
B.3.17. S/MIME encrypted and signed over a complex message, B.3.17. S/MIME encrypted and signed over a complex message,
Injected Headers with hcp_strong . . . . . . . . . . 129 Injected Headers with hcp_strong . . . . . . . . . . 130
B.3.18. S/MIME encrypted and signed over a complex message, B.3.18. S/MIME encrypted and signed over a complex message,
Injected Headers with hcp_strong (+ Legacy Display) . 133 Injected Headers with hcp_strong (+ Legacy Display) . 133
B.3.19. S/MIME encrypted and signed reply over a complex B.3.19. S/MIME encrypted and signed reply over a complex
message, Wrapped Message with hcp_minimal . . . . . . 137 message, Wrapped Message with hcp_minimal . . . . . . 137
B.3.20. S/MIME encrypted and signed reply over a complex B.3.20. S/MIME encrypted and signed reply over a complex
message, Injected Headers with hcp_minimal . . . . . 141 message, Injected Headers with hcp_minimal . . . . . 141
B.3.21. S/MIME encrypted and signed reply over a complex B.3.21. S/MIME encrypted and signed reply over a complex
message, Injected Headers with hcp_minimal (+ Legacy message, Injected Headers with hcp_minimal (+ Legacy
Display) . . . . . . . . . . . . . . . . . . . . . . 145 Display) . . . . . . . . . . . . . . . . . . . . . . 145
B.3.22. S/MIME encrypted and signed reply over a complex B.3.22. S/MIME encrypted and signed reply over a complex
message, Wrapped Message with hcp_strong . . . . . . 149 message, Wrapped Message with hcp_strong . . . . . . 150
B.3.23. S/MIME encrypted and signed reply over a complex B.3.23. S/MIME encrypted and signed reply over a complex
message, Injected Headers with hcp_strong . . . . . . 153 message, Injected Headers with hcp_strong . . . . . . 153
B.3.24. S/MIME encrypted and signed reply over a complex B.3.24. S/MIME encrypted and signed reply over a complex
message, Injected Headers with hcp_strong (+ Legacy message, Injected Headers with hcp_strong (+ Legacy
Display) . . . . . . . . . . . . . . . . . . . . . . 157 Display) . . . . . . . . . . . . . . . . . . . . . . 157
Appendix C. Additional information . . . . . . . . . . . . . . . 161 Appendix C. Additional information . . . . . . . . . . . . . . . 161
C.1. Stored Variants of Messages with Bcc . . . . . . . . . . 161 C.1. Stored Variants of Messages with Bcc . . . . . . . . . . 161
Appendix D. Text Moved from Above . . . . . . . . . . . . . . . 162 Appendix D. Text Moved from Above . . . . . . . . . . . . . . . 162
D.1. MIME Format . . . . . . . . . . . . . . . . . . . . . . . 162 D.1. MIME Format . . . . . . . . . . . . . . . . . . . . . . . 162
D.1.1. S/MIME Specification . . . . . . . . . . . . . . . . 163 D.1.1. S/MIME Specification . . . . . . . . . . . . . . . . 163
D.1.2. Sending Side . . . . . . . . . . . . . . . . . . . . 165 D.1.2. Sending Side . . . . . . . . . . . . . . . . . . . . 165
Appendix E. Document Considerations . . . . . . . . . . . . . . 169 Appendix E. Examples . . . . . . . . . . . . . . . . . . . . . . 169
Appendix F. Document Changelog . . . . . . . . . . . . . . . . . 170 E.1. Example text/plain Cryptographic Payload with Legacy
Appendix G. Open Issues . . . . . . . . . . . . . . . . . . . . 171 Display Elements . . . . . . . . . . . . . . . . . . . . 170
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 172 E.2. Example text/html Cryptographic Payload with Legacy Display
Elements . . . . . . . . . . . . . . . . . . . . . . . . 170
Appendix F. Document Considerations . . . . . . . . . . . . . . 171
Appendix G. Document Changelog . . . . . . . . . . . . . . . . . 172
Appendix H. Open Issues . . . . . . . . . . . . . . . . . . . . 173
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 174
1. Introduction 1. Introduction
Privacy and security issues regarding email Header Protection in S/ Privacy and security issues regarding email Header Protection in S/
MIME have been identified for some time. Most current MIME have been identified for some time. Most current
implementations of cryptographically-protected electronic mail implementations of cryptographically-protected electronic mail
protect only the body of the message, which leaves significant room protect only the body of the message, which leaves significant room
for attacks against otherwise-protected messages. For example, lack for attacks against otherwise-protected messages. For example, lack
of header protection allows an attacker to substitute the message of header protection allows an attacker to substitute the message
subject and/or author. subject and/or author.
skipping to change at page 6, line 6 skipping to change at page 6, line 6
well with legacy MUAs. well with legacy MUAs.
1.1. Two Schemes of Protected Headers 1.1. Two Schemes of Protected Headers
Unfortunately, there are two different schemes for cryptographically- Unfortunately, there are two different schemes for cryptographically-
protected email headers that may be in use on the Internet today. protected email headers that may be in use on the Internet today.
This document addresses them both and provides guidance to This document addresses them both and provides guidance to
implementers. implementers.
One scheme is the form specified in S/MIME 3.1 and later, which One scheme is the form specified in S/MIME 3.1 and later, which
involves wrapping a "message/rfc822" MIME object with a Cryptographic involves wrapping a message/rfc822 MIME object with a Cryptographic
Envelope. This document calls this scheme "Wrapped Message", and it Envelope. This document calls this scheme "Wrapped Message", and it
is documented in more detail in [RFC8551]. Experience has shown that is documented in more detail in [RFC8551]. Experience has shown that
this form does not interact well with some legacy MUAs (see this form does not interact well with some legacy MUAs (see
Section 1.2). Section 1.2).
Consequently, another form of header protection is produced and Consequently, another form of header protection is produced and
consumed by some MUAs, where the protected headers are placed consumed by some MUAs, where the protected headers are placed
directly on the Cryptographic Payload, without using an intervening directly on the Cryptographic Payload, without using an intervening
"message/*" MIME object. This document calls this scheme "Injected message/* MIME object. This document calls this scheme "Injected
Headers", and it is documented in more detail in Headers", and it is documented in more detail in Section 4.1.2.4 and
[I-D.autocrypt-lamps-protected-headers]. Section 4.1.4.4.
1.2. Problems with Wrapped Messages 1.2. Problems with Wrapped Messages
Several legacy MUAs have revealed rendering issues when dealing with Several legacy MUAs have revealed rendering issues when dealing with
a message with headers protected by the Wrapped Message scheme. In a message with headers protected by the Wrapped Message scheme. In
some cases the user sees an attachment suggesting a forwarded email some cases the user sees an attachment suggesting a forwarded email
message, which -- in fact -- contains the protected email message message, which -- in fact -- contains the protected email message
that should be rendered directly. For these cases, the user can that should be rendered directly. For these cases, the user can
click on the attachment to view the protected message. However, click on the attachment to view the protected message. However,
there have also been reports of email clients displaying garbled there have also been reports of email clients displaying garbled
skipping to change at page 6, line 47 skipping to change at page 6, line 47
"wrapped message" (for the sake of Header Protection) "wrapped message" (for the sake of Header Protection)
* Not enough guidance with respect to handling of Header Fields on * Not enough guidance with respect to handling of Header Fields on
both the sending and the receiving side both the sending and the receiving side
1.3. Problems with Injected Headers 1.3. Problems with Injected Headers
A legacy MUA dealing with an encrypted message that has some header A legacy MUA dealing with an encrypted message that has some header
fields obscured using the Injected Headers scheme will not render the fields obscured using the Injected Headers scheme will not render the
obscured header fields to the user at all. A workaround "legacy obscured header fields to the user at all. A workaround "legacy
display" mechanism is provided in this document, which some legacy display" mechanism is provided in this document, which most legacy
MUAs will render to the user, albeit not in the same location that MUAs should render to the user, albeit not in the same location that
the header fields would normally be rendered. However, some legacy the header fields would normally be rendered.
MUAs also fail to render the "legacy display" part, leaving the
obscured header fields hidden from users of those MUAs.
1.4. Motivation 1.4. Motivation
Furthermore, the need (technical) Data Minimization, which includes Furthermore, the need (technical) Data Minimization, which includes
data sparseness and hiding all technically concealable information, data sparseness and hiding all technically concealable information,
has grown in importance over the past several years. In addition, has grown in importance over the past several years. In addition,
backwards compatibility must be considered when it is possible to do backwards compatibility must be considered when it is possible to do
so without compromising privacy and security. so without compromising privacy and security.
No mechanism for Header Protection has been standardized for PGP/MIME No mechanism for Header Protection has been standardized for PGP/MIME
skipping to change at page 10, line 26 skipping to change at page 10, line 26
(e.g. new Header Fields are added by intermediary nodes). (e.g. new Header Fields are added by intermediary nodes).
* Receiving User Facing Message (RUFM): The Message used for * Receiving User Facing Message (RUFM): The Message used for
rendering at the receiving side. Typically this is the same as rendering at the receiving side. Typically this is the same as
the Inner Message. the Inner Message.
* Data Minimization: Data sparseness and hiding of all technically * Data Minimization: Data sparseness and hiding of all technically
concealable information whenever possible. concealable information whenever possible.
* Cryptographic Layer, Cryptographic Payload, Cryptographic * Cryptographic Layer, Cryptographic Payload, Cryptographic
Envelope, Structural Headers, and MUA are all used as defined in Envelope, Structural Headers, Main Body Part, User-Facing Headers,
[I-D.dkg-lamps-e2e-mail-guidance] and MUA are all used as defined in
[I-D.ietf-lamps-e2e-mail-guidance]
* User-Facing Headers are defined in
[I-D.autocrypt-lamps-protected-headers].
* Legacy MUA: a MUA that does not understand protected headers as * Legacy MUA: a MUA that does not understand protected headers as
described in this document. A Legacy Non-Crypto MUA is incapable described in this document. A Legacy Non-Crypto MUA is incapable
of doing any end-to-end cryptographic operations. A Legacy Crypto of doing any end-to-end cryptographic operations. A Legacy Crypto
MUA is capable of doing cryptographic operations, but does not MUA is capable of doing cryptographic operations, but does not
understand or generate protected headers. understand or generate protected headers.
* Wrapped Message: The protected headers scheme that uses the * Wrapped Message: The protected headers scheme that uses the
mechanism described in [RFC8551], where the Cryptographic Payload mechanism described in [RFC8551], where the Cryptographic Payload
is a "message/rfc822" or "message/global" MIME object. is a message/rfc822 or message/global MIME object.
* Injected Headers: The protected headers scheme that uses the * Injected Headers: The protected headers scheme that uses the
mechanism described in [I-D.autocrypt-lamps-protected-headers], mechanism described in this document (see Section 4.1.2.4 and
where the protected headers are inserted on the Cryptographic Section 4.1.4.4), where the protected headers are inserted on the
Payload directly. Cryptographic Payload directly.
* Header Confidentiality Policy: documented in Section 4.1.2.2 * Header Confidentiality Policy: documented in Section 4.1.2.2
2. Problem Statement 2. Problem Statement
The LAMPS charter contains the following Work Item: The LAMPS charter contains the following Work Item:
Update the specification for the cryptographic protection of email Update the specification for the cryptographic protection of email
headers -- both for signatures and encryption -- to improve the headers -- both for signatures and encryption -- to improve the
implementation situation with respect to privacy, security, implementation situation with respect to privacy, security,
skipping to change at page 17, line 21 skipping to change at page 17, line 21
4.1.2. Sending Side 4.1.2. Sending Side
This section describes the process an MUA should use to apply This section describes the process an MUA should use to apply
cryptographic protection to an e-mail message with header protection. cryptographic protection to an e-mail message with header protection.
We start by describing the legacy message composition process as a We start by describing the legacy message composition process as a
baseline. baseline.
4.1.2.1. Composing a Cryptographically-Protected Message Without Header 4.1.2.1. Composing a Cryptographically-Protected Message Without Header
Protection Protection
[I-D.dkg-lamps-e2e-mail-guidance] describes the typical process for a [I-D.ietf-lamps-e2e-mail-guidance] describes the typical process for
legacy crypto MUA to apply cryptographic protections to an e-mail a legacy crypto MUA to apply cryptographic protections to an e-mail
message. That guidance and terminology is replicated here for message. That guidance and terminology is replicated here for
reference: reference:
* "origbody": the traditional unprotected message body as a well- * origbody: the traditional unprotected message body as a well-
formed MIME tree (possibly just a single MIME leaf part). As a formed MIME tree (possibly just a single MIME leaf part). As a
well-formed MIME tree, "origbody" already has structural headers well-formed MIME tree, origbody already has structural headers
("Content-*") present. (Content-*) present.
* "origheaders": the intended non-structural headers for the * origheaders: the intended non-structural headers for the message,
message, represented here as a list of "(h,v)" pairs, where "h" is represented here as a list of (h,v) pairs, where h is a header
a header field name and "v" is the associated value. Note that field name and v is the associated value. Note that these are
these are header fields that the MUA intends to be visible to the header fields that the MUA intends to be visible to the recipient
recipient of the message. In particular, if the MUA uses the of the message. In particular, if the MUA uses the Bcc header
"Bcc" header during composition, but plans to omit it from the during composition, but plans to omit it from the message (see
message (see section 3.6.3 of [RFC5322]), it will not be in section 3.6.3 of [RFC5322]), it will not be in origheaders.
"origheaders".
* "crypto": The series of cryptographic protections to apply (for * crypto: The series of cryptographic protections to apply (for
example, "sign with the secret key corresponding to X.509 example, "sign with the secret key corresponding to X.509
certificate X, then encrypt to X.509 certificates X and Y"). This certificate X, then encrypt to X.509 certificates X and Y"). This
is a routine that accepts a MIME tree as input (the Cryptographic is a routine that accepts a MIME tree as input (the Cryptographic
Payload), wraps the input in the appropriate Cryptographic Payload), wraps the input in the appropriate Cryptographic
Envelope, and returns the resultant MIME tree as output. Envelope, and returns the resultant MIME tree as output.
The algorithm returns a MIME object that is ready to be injected into The algorithm returns a MIME object that is ready to be injected into
the mail system: the mail system:
* Apply "crypto" to "origbody", yielding MIME tree "output" * Apply crypto to origbody, yielding MIME tree output
* For each header name and value "(h,v)" in "origheaders": * For each header name and value (h,v) in origheaders:
- Add header "h" of "output" with value "v" - Add header h of output with value v
* Return "output" * Return output
4.1.2.2. Header Confidentiality Policy 4.1.2.2. Header Confidentiality Policy
When composing an encrypted message with protected headers, the When composing an encrypted message with protected headers, the
composing MUA needs a Header Confidentialiy Policy. In this composing MUA needs a Header Confidentialiy Policy. In this
document, we represent that Header Confidentiality Policy as a document, we represent that Header Confidentiality Policy as a
function "hcp": function hcp:
* "hcp(name, val_in) --> val_out": this function takes a header * hcp(name, val_in) --> val_out: this function takes a header field
field name "name" and initial value "val_in" as arguments, and name name and initial value val_in as arguments, and returns a
returns a replacement header value "val_out". If "val_out" is the replacement header value val_out. If val_out is the special value
special value "null", it mean that the header in question should null, it mean that the header in question should be omitted from
be omitted from the set of headers visible outside the the set of headers visible outside the Cryptographic Envelope.
Cryptographic Envelope.
For example, an MUA that only obscures the "Subject" header field by For example, an MUA that only obscures the Subject header field by
replacing it with the literal string "[...]" and does not offer replacing it with the literal string [...] and does not offer
confidentiality to any other header fields would be represented as confidentiality to any other header fields would be represented as
(in pseudocode): (in pseudocode):
"hcp(name, val_in) --> val_out: if name is 'Subject': return '[...]' hcp(name, val_in) val_out:
else: return val_in" if name is 'Subject':
return '[...]'
else:
return val_in
Note that such a policy is only needed when the end-to-end Note that such a policy is only needed when the end-to-end
protections include encryption (confidentiality). No comparable protections include encryption (confidentiality). No comparable
policy is needed for other end-to-end cryptographic protections policy is needed for other end-to-end cryptographic protections
(integrity and authenticity), as they are simply uniformly applied so (integrity and authenticity), as they are simply uniformly applied so
that all header fields known by the sender have these protections. that all header fields known by the sender have these protections.
This asymmetry is an unfortunate consequence of complexities in This asymmetry is an unfortunate consequence of complexities in
message delivery systems, some of which may reject, drop, or delay message delivery systems, some of which may reject, drop, or delay
messages where all headers are removed from the top-level MIME messages where all headers are removed from the top-level MIME
skipping to change at page 19, line 9 skipping to change at page 19, line 9
a policy for an MUA with specific needs. Such a recommendation might a policy for an MUA with specific needs. Such a recommendation might
be motivated by descriptions of metadata-derived attacks, or stem be motivated by descriptions of metadata-derived attacks, or stem
from research about message deliverability, or describe new from research about message deliverability, or describe new
signalling mechanisms, but these topics are out of scope for this signalling mechanisms, but these topics are out of scope for this
document. document.
4.1.2.3. Composing with "Wrapped Message" Header Protection 4.1.2.3. Composing with "Wrapped Message" Header Protection
To compose a message using "Wrapped Message" header protection, we To compose a message using "Wrapped Message" header protection, we
use those inputs described in Section 4.1.2.1 plus the Header use those inputs described in Section 4.1.2.1 plus the Header
Confidentiality Policy "hcp" defined in Section 4.1.2.2. The new Confidentiality Policy hcp defined in Section 4.1.2.2. The new
algorithm is: algorithm is:
* For header name and value "(h,v)" in "origheaders": * For header name and value (h,v) in origheaders:
- Add header "h" of "origbody" with value "v" - Add header h of origbody with value v
* If any of the header fields in "origbody", including headers in * If any of the header fields in origbody, including headers in the
the nested internal MIME structure, contain any 8-bit UTF-8 nested internal MIME structure, contain any 8-bit UTF-8 characters
characters (see section section 3.7 of [RFC6532]): (see section section 3.7 of [RFC6532]):
- Let "payload" be a new MIME part with one header: "Content- - Let payload be a new MIME part with one header: Content-Type:
Type: message/global; forwarded=no", and whose body is message/global; forwarded=no, and whose body is origbody.
"origbody".
* Else: * Else:
- Let "payload" be a new MIME part with one header: "Content- - Let payload be a new MIME part with one header: Content-Type:
Type: message/rfc822; forwarded=no", and whose body is message/rfc822; forwarded=no, and whose body is origbody.
"origbody".
* Apply "crypto" to "payload", yielding MIME tree "output" * Apply crypto to payload, yielding MIME tree output
* If "crypto" contains encryption: * If crypto contains encryption:
- Create new empty list of header field names and values "newh" - Create new empty list of header field names and values newh
- For header name and value "(h,v)" in "origheaders": - For header name and value (h,v) in origheaders:
o Let "newval" be "hcp(h, v)" o Let newval be hcp(h, v)
o If "newval" is not "null": o If newval is not null:
+ Append "(h,newval)" to "newh" + Append (h,newval) to newh
- Set "origheaders" to "newh" - Set origheaders to newh
* For header name and value "(h,v)" in "origheaders": * For header name and value (h,v) in origheaders:
- Add header "h" of "output" with value "v" - Add header h of output with value v
* Return "output" * Return output
Note that the Header Confidentiality Policy "hcp" is ignored if
"crypto" does not contain encryption. This is by design. Note that the Header Confidentiality Policy hcp is ignored if crypto
does not contain encryption. This is by design.
4.1.2.4. Composing with "Injected Headers" Header Protection 4.1.2.4. Composing with "Injected Headers" Header Protection
To compose a message using "Injected Headers" header protection, the To compose a message using "Injected Headers" header protection, the
composing MUA needs one additional input in addition to the Header composing MUA needs one additional input in addition to the Header
Confidentiality Policy "hcp" defined in Section 4.1.2.2. Confidentiality Policy hcp defined in Section 4.1.2.2.
* "legacy": a boolean value, indicating whether any recipient of the * legacy: a boolean value, indicating whether any recipient of the
message is believed to have a legacy client. If all recipients message is believed to have a legacy client. If all recipients
are known to implement this draft, "legacy" should be set to are known to implement this draft, legacy should be set to false.
"false". (How a MUA determines the value of "legacy" is out of (How a MUA determines the value of legacy is out of scope for this
scope for this document; an initial implementation can simply set document; an initial implementation can simply set it to true)
it to "true")
Enabling visibility of obscured headers for decryption-capable legacy
clients requires transforming a header list into a readable form and
including it as a "Legacy Display" element in specially-marked parts
of the message. This document recommends two different mechanisms:
one for a text/html Main Body part of the e-mail message, and one for
a text/plain Main Body part. This document does not recommend adding
a Legacy Display element to any other part.
Please see [I-D.ietf-lamps-e2e-mail-guidance] for guidance on
identifying the parts of a message that are a Main Body Part.
The revised algorithm for applying cryptographic protection to a The revised algorithm for applying cryptographic protection to a
message is as follows: message is as follows:
* Create a new MIME leaf part "legacydisplay" with header "Content- * if crypto contains encryption, and legacy is true:
Type: text/plain; protected-headers="v1"" and an empty body.
* if "crypto" contains encryption, and "legacy" is "true":
- For each header name and value "(h,v)" in "origheaders": - Create ldlist, an empty list of (header, value) pairs
o If "h" is user-facing (see - For each header name and value (h,v) in origheaders:
[I-D.autocrypt-lamps-protected-headers]):
+ If "hcp(h,v)" is not "v": o If h is user-facing (see
[I-D.ietf-lamps-e2e-mail-guidance]):
* Add "h: v" to the body of "legacydisplay". For + If hcp(h,v) is not v:
example, if "h" is "Subject", and "v" is "lunch
plans?", then add the line "Subject: lunch plans?" to
the body of "legacydisplay"
* If the body of "legacydisplay" is empty: * Append (h,v) to ldlist
- Let "payload" be MIME part "origbody", discarding - If ldlist is not empty:
"legacydisplay"
* Else: (body of "legacydisplay" is not empty) o Identify each leaf MIME part of payload that represents the
"main body" of the message.
- Construct a new MIME part "wrapper" with "Content-Type: o For each "Main Body Part" bodypart of type text/plain or
multipart/mixed" text/html:
- Give "wrapper" exactly two subparts: "legacydisplay" and + Insert Legacy Display element header list ldlist into the
"origbody", in that order. content of bodypart (see Section 4.1.2.4.1 for text/plain
and Section 4.1.2.4.2 for text/html)
- Let "payload" be MIME part "wrapper" + Add Content-Type parameter hp-legacy-display with value 1
to bodypart
* For each header name and value "(h,v)" in "origheaders": * For each header name and value (h,v) in origheaders:
- Add header "h" of MIME part "payload" with value "v" - Add header h of MIME part payload with value v
* Set the "protected-headers" parameter on the "Content-Type" of * Set the protected-headers parameter on the Content-Type of payload
"payload" to "v1" to v1
* Apply "crypto" to "payload", producing MIME tree "output" * Apply crypto to payload, producing MIME tree output
* If "crypto" contains encryption: * If crypto contains encryption:
- Create new empty list of header field names and values "newh" - Create new empty list of header field names and values newh
- For header name and value "(h,v)" in "origheaders": - For header name and value (h,v) in origheaders:
o Let "newval" be "hcp(h, v)" o Let newval be hcp(h, v)
o If "newval" is not "null": o If newval is not null:
+ Add "newh[h]" to "newval" + Add newh[h] to newval
- Set "origheaders" to "newh" - Set origheaders to newh
* For each header name and value "(h,v)" in "origheaders": * For each header name and value (h,v) in origheaders:
- Add header "h" of "output" with value "v" - Add header h of output with value v
* Return "output" * Return output
Note that both new parameters ("hcp" and "legacy") are effectively Note that both new parameters (hcp and legacy) are effectively
ignored if "crypto" does not contain encryption. This is by design, ignored if crypto does not contain encryption. This is by design,
because they are irrelevant for signed-only cryptographic because they are irrelevant for signed-only cryptographic
protections. protections.
4.1.2.4.1. Adding a Legacy Display Element to a text/plain Part
For a list of obscured headers represented as (header, value) pairs,
concatenate them as a set of lines, with one newline at the end of
each pair. Add an additional trailing newline after the resultant
text, and prepend the entire list to the body of the text/plain part.
For example, if the list of obscured headers was [("Cc",
"alice@example.net"), ("Subject", "Thursday's meeting")], then a
text/plain part that originally contained:
I think we should skip the meeting.
Would become:
Subject: Thursday's meeting
Cc: alice@example.net
I think we should skip the meeting.
4.1.2.4.2. Adding a Legacy Display Element to a text/html Part
Adding a Legacy Display Element to a text/html part is similar to how
it is added to a text/plain part (see Section 4.1.2.4.1). Instead of
adding the obscured headers to a block of text delimited by a blank
line, the composing MUA injects them in an HTML <div> element
annotated with a class attribute of header-protecton-legacy-display.
The content and formatting of this decorative <div> have no strict
requirements, but they SHOULD represent all the obscured headers in a
readable fashion. A simple approach is to assemble the text in the
same way as Section 4.1.2.4.1, wrap it in a verbatim <pre> element,
and put that element in the annotated <div>.
The annotated <div> should be placed as close to the start of the
<body> as possible, where it will be visible when viewed with a
standard HTML renderer.
For example, if the list of obscured headers was [("Cc",
"alice@example.net"), ("Subject", "Thursday's meeting")], then a
text/html part that originally contained:
<html><head><title></title></head><body>
<p>I think we should skip the meeting.</p>
</body></html>
Would become:
<html><head><title></title></head><body>
<div class="header-protection-legacy-display">
<pre>Subject: Thursday's meeting
Cc: alice@example.net</pre></div>
<p>I think we should skip the meeting.</p>
</body></html>
4.1.2.4.3. Do Not Add a Legacy Display Element to Other Content-Types
The purpose of injecting a Legacy Display element into each Main Body
MIME part is to enable rendering of otherwise obscured headers in
legacy clients that are capable of message decryption, but don't know
how to follow the rest of the guidance in this document.
The authors are unaware of any legacy client that would render any
MIME part type other than text/plain and text/html as the Main Body.
A generating MUA SHOULD NOT add a Legacy Display element to any MIME
part with any other Content-Type.
4.1.2.5. Choosing Between Wrapped Message and Injected Headers 4.1.2.5. Choosing Between Wrapped Message and Injected Headers
When composing a message with end-to-end cryptographic protections, When composing a message with end-to-end cryptographic protections,
an MUA SHOULD protect the headers of that message as well as the an MUA SHOULD protect the headers of that message as well as the
body. body.
An MUA MAY protect the headers of any outbound message using either An MUA MAY protect the headers of any outbound message using either
the "Wrapped Message" or the "Injected Headers" style of protection. the "Wrapped Message" or the "Injected Headers" style of protection.
See Section 4.2 for more discussion about reasons to choose one See Section 4.2 for more discussion about reasons to choose one
mechanism or another. mechanism or another.
[[ TODO: this document should recommend generation of one particular [[ TODO: this document should recommend generation of one particular
scheme by default for new implementers ]] scheme by default for new implementers ]]
4.1.3. Default Header Confidentiality Policy 4.1.3. Default Header Confidentiality Policy
An MUA SHOULD have a sensible default Header Confidentiality Policy, An MUA SHOULD have a sensible default Header Confidentiality Policy,
and SHOULD NOT require the user to select one. and SHOULD NOT require the user to select one.
The default Header Confidentiality Policy SHOULD provide The default Header Confidentiality Policy SHOULD provide
confidentiality for the "Subject" header field by replacing it with confidentiality for the Subject header field by replacing it with the
the literal string "[...]". Most users treat the Subject of a literal string [...]. Most users treat the Subject of a message the
message the same way that they treat the body, and they are surprised same way that they treat the body, and they are surprised to find
to find that the Subject of an encrypted message is visible. that the Subject of an encrypted message is visible.
[[ TODO: select one of the two policies below the recommended default [[ TODO: select one of the two policies below the recommended default
]] ]]
4.1.3.1. Minimalist Header Confidentiality Policy 4.1.3.1. Minimalist Header Confidentiality Policy
Accordingly, the most conservative recommended Header Confidentiality Accordingly, the most conservative recommended Header Confidentiality
Policy only protects the "Subject": Policy only protects the Subject:
"hcp_minimal(name, val_in) --> val_out: if name is 'Subject': return hcp_minimal(name, val_in) val_out:
'[...]' else: return val_in" if name is 'Subject':
return '[...]'
else:
return val_in
4.1.3.2. Strong Header Confidentiality Policy 4.1.3.2. Strong Header Confidentiality Policy
Alternately, a more aggressive (and therefore more privacy- Alternately, a more aggressive (and therefore more privacy-
preserving) Header Confidentiality Policy only leaks a handful of preserving) Header Confidentiality Policy only leaks a handful of
fields whose absence is known to increase rates of delivery failure, fields whose absence is known to increase rates of delivery failure,
and simultaneously obscures the "Message-ID" behind a random new one: and simultaneously obscures the Message-ID behind a random new one:
"hcp_strong(name, val_in) --> val_out: if name in ['From', 'To', hcp_strong(name, val_in) val_out:
'Cc', 'Date']: return val_in else if name is 'Subject': return if name in ['From', 'To', 'Cc', 'Date']:
'[...]' else if name is 'Message-ID': return return val_in
generate_new_message_id() else: return null" else if name is 'Subject':
return '[...]'
else if name is 'Message-ID':
return generate_new_message_id()
else:
return null
The function "generate_new_message_id()" represents whatever process The function generate_new_message_id() represents whatever process
the MUA typically uses to generate a "Message-ID" for a new outbound the MUA typically uses to generate a Message-ID for a new outbound
message. message.
4.1.3.3. Offering Stronger Header Confidentiality 4.1.3.3. Offering Stronger Header Confidentiality
A MUA MAY offer even stronger confidentiality for headers of an A MUA MAY offer even stronger confidentiality for headers of an
encrypted message than described in Section 4.1.3.2. For example, it encrypted message than described in Section 4.1.3.2. For example, it
might implement an HCP that obfuscates the "From" field, or omits the might implement an HCP that obfuscates the From field, or omits the
"Cc" field, or ensures "Date" is represented in "UTC" (obscuring the Cc field, or ensures Date is represented in UTC (obscuring the local
local timezone). timezone).
The authors of this document hope that implementers with deployment The authors of this document hope that implementers with deployment
experience will document their chosen Header Confidentiality Policy experience will document their chosen Header Confidentiality Policy
and the rationale behind their choice. and the rationale behind their choice.
4.1.4. Receiving Side 4.1.4. Receiving Side
An MUA that receives a cryptographically-protected e-mail will render An MUA that receives a cryptographically-protected e-mail will render
it for the user. it for the user.
The receiving MUA will render the message body, a selected subset of The receiving MUA will render the message body, a selected subset of
header fields, and (as described in header fields, and (as described in
[I-D.dkg-lamps-e2e-mail-guidance]) provide a summary of the [I-D.ietf-lamps-e2e-mail-guidance]) provide a summary of the
cryptographic properties of the message. cryptographic properties of the message.
Most MUAs only render a subset of header fields by default. For Most MUAs only render a subset of header fields by default. For
example, few MUAs typically render "Message-Id" or "Received" header example, few MUAs typically render Message-Id or Received header
fields for the user, but most do render "From", "To", "Cc", "Date", fields for the user, but most do render From, To, Cc, Date, and
and "Subject". Subject.
A MUA that knows how to handle a message with protected headers makes A MUA that knows how to handle a message with protected headers makes
the following two changes to its behavior when rendering a message: the following two changes to its behavior when rendering a message:
* If it detects that an incoming message had protected headers, it * If it detects that an incoming message had protected headers, it
renders header fields for the message from the protected headers, renders header fields for the message from the protected headers,
ignoring the external (unprotected) headers. ignoring the external (unprotected) headers.
* It includes information in the message's cryptographic summary to * It includes information in the message's cryptographic summary to
indicate the types of protection that applied to each rendered indicate the types of protection that applied to each rendered
header field (if any). header field (if any).
A MUA that handles protected headers does _not_ need to render any A MUA that handles protected headers does _not_ need to render any
new header fields that it did not render before. new header fields that it did not render before.
4.1.4.1. Identifying that a Message has Protected Headers 4.1.4.1. Identifying that a Message has Protected Headers
An incoming message can be identified as having protected headers An incoming message can be identified as having protected headers
based on one of two signals: based on one of two signals:
* The Cryptographic Payload has "Content-Type: message/rfc822" or * The Cryptographic Payload has Content-Type: message/rfc822 or
"Content-Type: message/global" and the parameter "forwarded" has a Content-Type: message/global and the parameter forwarded has a
value of "no". See Section 4.1.4.3 for rendering guidance. value of no. See Section 4.1.4.3 for rendering guidance.
* The Cryptographic Payload has some other "Content-Type" and it has * The Cryptographic Payload has some other Content-Type and it has
parameter "protected-headers" set to "v1". See Section 4.1.4.4 parameter protected-headers set to v1. See Section 4.1.4.4 for
for rendering guidance. rendering guidance.
Messages of both types exist in the wild, and a sensible MUA should Messages of both types exist in the wild, and a sensible MUA should
be able to handle them both. They provide the same semantics and the be able to handle them both. They provide the same semantics and the
same meaning. same meaning.
4.1.4.2. Updating the Cryptographic Summary 4.1.4.2. Updating the Cryptographic Summary
Regardless of whether a cryptographically-protected message has Regardless of whether a cryptographically-protected message has
protected headers, the cryptographic summary of the message should be protected headers, the cryptographic summary of the message should be
modified to indicate what protections the headers have. modified to indicate what protections the headers have.
Each header individually has exactly one the following protections: Each header individually has exactly one the following protections:
* "unprotected" (this is the case for all headers in messages that * unprotected (this is the case for all headers in messages that
have no protected headers) have no protected headers)
* "signed-only" (bound into the same validated signature as the * signed-only (bound into the same validated signature as the
enclosing message, but also visible in transit) enclosing message, but also visible in transit)
* "encrypted-only" (only appears within the cryptographic payload; * encrypted-only (only appears within the cryptographic payload; the
the corresponding external header was either omitted or corresponding external header was either omitted or obfuscated)
obfuscated)
* "encrypted-and-signed" (same as encrypted, but additionally is * encrypted-and-signed (same as encrypted, but additionally is under
under a validatd signature) a validatd signature)
Note that while the message itself may be "encrypted-and-signed", Note that while the message itself may be encrypted-and-signed, some
some headers may be replicated on the outside of the message (e.g. headers may be replicated on the outside of the message (e.g. Date)
"Date") Those headers would be "signed-only", despite the message Those headers would be signed-only, despite the message itself being
itself being "encrypted-and-signed". encrypted-and-signed.
Rendering this information is likely to be complex and messy --- Rendering this information is likely to be complex and messy ---
users may not understand it. It is beyond the scope of this document users may not understand it. It is beyond the scope of this document
to suggest any specific graphical affordances or user experience. to suggest any specific graphical affordances or user experience.
Future work should include examples of successful rendering of this Future work should include examples of successful rendering of this
information. information.
4.1.4.3. Rendering a Wrapped Message 4.1.4.3. Rendering a Wrapped Message
When the Cryptographic Payload has "Content-Type" of "message/rfc822" When the Cryptographic Payload has Content-Type of message/rfc822 or
or "message/global", and the parameter "forwarded" is set to "no", message/global, and the parameter forwarded is set to no, the values
the values of the protected headers are drawn from the headers of the of the protected headers are drawn from the headers of the
Cryptographic Payload, and the body that is rendered is the body of Cryptographic Payload, and the body that is rendered is the body of
the Cryptographic Payload. the Cryptographic Payload.
4.1.4.3.1. Example Signed-Only Wrapped Message 4.1.4.3.1. Example Signed-Only Wrapped Message
Consider a message with this structure, where the MUA is able to Consider a message with this structure, where the MUA is able to
validate the cryptographic signature: validate the cryptographic signature:
A └─╴application/pkcs7-mime; smime-type="signed-data" A └─╴application/pkcs7-mime; smime-type="signed-data"
⇩ (unwraps to) ⇩ (unwraps to)
skipping to change at page 25, line 18 skipping to change at page 26, line 51
C └┬╴multipart/alternative [Rendered Body] C └┬╴multipart/alternative [Rendered Body]
D ├─╴text/plain D ├─╴text/plain
E └─╴text/html E └─╴text/html
The message body should be rendered the same way as this message: The message body should be rendered the same way as this message:
C └┬╴multipart/alternative C └┬╴multipart/alternative
D ├─╴text/plain D ├─╴text/plain
E └─╴text/html E └─╴text/html
It should render header fields taken from part "C". It should render header fields taken from part C.
Its cryptographic summary should indicates that the message was Its cryptographic summary should indicates that the message was
signed and all rendered header fields were included in the signature. signed and all rendered header fields were included in the signature.
The MUA SHOULD ignore header fields from part "A" for the purposes of The MUA SHOULD ignore header fields from part A for the purposes of
rendering. rendering.
4.1.4.3.2. Example Encrypted-and-Signed Wrapped Message 4.1.4.3.2. Example Encrypted-and-Signed Wrapped Message
Consider a message with this structure, where the MUA is able to Consider a message with this structure, where the MUA is able to
validate the cryptographic signature: validate the cryptographic signature:
F └─╴application/pkcs7-mime; smime-type="enveloped-data" F └─╴application/pkcs7-mime; smime-type="enveloped-data"
↧ (decrypts to) ↧ (decrypts to)
G └─╴application/pkcs7-mime; smime-type="signed-data" G └─╴application/pkcs7-mime; smime-type="signed-data"
skipping to change at page 25, line 46 skipping to change at page 27, line 31
I └┬╴multipart/alternative [Rendered Body] I └┬╴multipart/alternative [Rendered Body]
J ├─╴text/plain J ├─╴text/plain
K └─╴text/html K └─╴text/html
The message body should be rendered the same way as this message: The message body should be rendered the same way as this message:
I └┬╴multipart/alternative I └┬╴multipart/alternative
J ├─╴text/plain J ├─╴text/plain
K └─╴text/html K └─╴text/html
It should render headers taken from part "I". It should render headers taken from part I.
Its cryptographic summary should indicates that the message was Its cryptographic summary should indicates that the message was
signed and encrypted. Each rendered header field found in "I" should signed and encrypted. Each rendered header field found in I should
be compared against the header field of the same name from "F". If be compared against the header field of the same name from F. If the
the value found in "F" matches the value found in "I", the header value found in F matches the value found in I, the header field
field should be marked as "signed-only". If no matching header field should be marked as signed-only. If no matching header field was
was found in "F", or the value found did not match the value from found in F, or the value found did not match the value from I, the
"I", the header field should be marked as "signed-and-encrypted". header field should be marked as signed-and-encrypted.
4.1.4.4. Rendering a Message with Injected Headers 4.1.4.4. Rendering a Message with Injected Headers
When the Cryptographic Payload does not have a "Content-Type" of When the Cryptographic Payload does not have a Content-Type of
"message/rfc822" or "message/global", and the parameter "protected- message/rfc822 or message/global, and the parameter protected-headers
headers" is set to "v1", the values of the protected headers are is set to v1, the values of the protected headers are drawn from the
drawn from the headers of the Cryptographic Payload, and the body headers of the Cryptographic Payload, and the body that is rendered
that is rendered is the Cryptographic Payload itself. is the Cryptographic Payload itself.
4.1.4.4.1. Example Signed-only Message with Injected Headers 4.1.4.4.1. Example Signed-only Message with Injected Headers
L └─╴application/pkcs7-mime; smime-type="signed-data" L └─╴application/pkcs7-mime; smime-type="signed-data"
⇩ (unwraps to) ⇩ (unwraps to)
M └┬╴multipart/alternative [Cryptographic Payload + Rendered Body] M └┬╴multipart/alternative [Cryptographic Payload + Rendered Body]
N ├─╴text/plain N ├─╴text/plain
O └─╴text/html O └─╴text/html
The message body should be rendered the same way as this message: The message body should be rendered the same way as this message:
M └┬╴multipart/alternative M └┬╴multipart/alternative
N ├─╴text/plain N ├─╴text/plain
skipping to change at page 26, line 35 skipping to change at page 28, line 16
M └┬╴multipart/alternative [Cryptographic Payload + Rendered Body] M └┬╴multipart/alternative [Cryptographic Payload + Rendered Body]
N ├─╴text/plain N ├─╴text/plain
O └─╴text/html O └─╴text/html
The message body should be rendered the same way as this message: The message body should be rendered the same way as this message:
M └┬╴multipart/alternative M └┬╴multipart/alternative
N ├─╴text/plain N ├─╴text/plain
O └─╴text/html O └─╴text/html
It should render header fieldss taken from part "M". It should render header fieldss taken from part M.
Its cryptographic summary should indicates that the message was Its cryptographic summary should indicates that the message was
signed and all rendered header fields were included in the signature. signed and all rendered header fields were included in the signature.
The MUA SHOULD ignore header fields from part "L" for the purposes of The MUA SHOULD ignore header fields from part L for the purposes of
rendering. rendering.
4.1.4.4.2. Example Signed-and-Encrypted Message with Injected Headers 4.1.4.4.2. Example Signed-and-Encrypted Message with Injected Headers
Consider a message with this structure, where the MUA is able to Consider a message with this structure, where the MUA is able to
validate the cryptographic signature: validate the cryptographic signature:
P └─╴application/pkcs7-mime; smime-type="enveloped-data" P └─╴application/pkcs7-mime; smime-type="enveloped-data"
↧ (decrypts to) ↧ (decrypts to)
Q └─╴application/pkcs7-mime; smime-type="signed-data" Q └─╴application/pkcs7-mime; smime-type="signed-data"
skipping to change at page 27, line 19 skipping to change at page 28, line 43
R └┬╴multipart/alternative [Cryptographic Payload + Rendered Body] R └┬╴multipart/alternative [Cryptographic Payload + Rendered Body]
S ├─╴text/plain S ├─╴text/plain
T └─╴text/html T └─╴text/html
The message body should be rendered the same way as this message: The message body should be rendered the same way as this message:
R └┬╴multipart/alternative R └┬╴multipart/alternative
S ├─╴text/plain S ├─╴text/plain
T └─╴text/html T └─╴text/html
It should render headers taken from part "R". It should render headers taken from part R.
Its cryptographic summary should indicates that the message was Its cryptographic summary should indicates that the message was
signed and encrypted. As in Section 4.1.4.3.2, each rendered header signed and encrypted. As in Section 4.1.4.3.2, each rendered header
field found in "R" should be compared against the header field of the field found in R should be compared against the header field of the
same name from "P". If the value found in "P" matches the value same name from P. If the value found in P matches the value found in
found in "R", the header field should be marked as "signed-only". If R, the header field should be marked as signed-only. If no matching
no matching header field was found in "P", or the value found did not header field was found in P, or the value found did not match the
match the value from "R", the header field should be marked as value from R, the header field should be marked as signed-and-
"signed-and-encrypted". encrypted.
4.1.4.4.3. Do Not Render Legacy Display Part 4.1.4.4.3. Do Not Render Legacy Display Elements
As described [I-D.autocrypt-lamps-protected-headers], a message with As described in FIXME:SECTION_REFERENCE, a message with cryptographic
cryptographic confidentiality protection MAY include a "Legacy confidentiality protection MAY include "Legacy Display" elements for
Display" part for backward-compatibility with legacy MUAs backward-compatibility with legacy MUAs. These Legacy Display
elements are strictly decorative, unambiguously identifiable, and
will be discarded by compliant implementations.
The receiving MUA SHOULD avoid rendering the Legacy Display part to The receiving MUA SHOULD avoid rendering the identified Legacy
the user at all, since it is aware of and can render the actual Display elements to the user at all, since it is aware of and can
Protected Headers. render the actual Protected Headers.
If a Legacy Display part is detected, it and its enclosing If a text/html or text/plain part within the cryptographic envelope
"multipart/mixed" wrapper should be discarded before rendering. is identified as containing Legacy Display elements, those elements
should be hidden when rendering or generating a draft reply.
4.1.4.4.3.1. Legacy Display Detection Algorithm 4.1.4.4.3.1. Identifying a Part with Legacy Display Elements
A receiving MUA acting on a message SHOULD detect the presence of a A receiving MUA acting on a message that contains an encrypting
Legacy Display part and the corresponding "original body" with the Cryptographic Layer identifies a MIME subpart with within the
following simple algorithm: Cryptographic Payload as containing Legacy Display elements based on
the Content-Type of the subpart.
* Check that all of the following are true for the message: * The subpart's Content-Type contains a parameter hp-legacy-display
with value set to 1
* The Cryptographic Envelope must contain an encrypting * The subpart's Content-Type is either text/html (see
Cryptographic Layer Section 4.1.4.4.3.3) or text/plain (see Section 4.1.4.4.3.2)
* The Cryptographic Payload must have a "Content-Type" of Note that the term "subpart" above is used in the general sense: if
"multipart/mixed" the Cryptographic Payload is a single part, that part itself may
contain a Legacy Display element if it is marked with the hp-legacy-
display=1 parameter.
* The Cryptographic Payload must have exactly two subparts 4.1.4.4.3.2. Omitting Legacy Display Elements from text/plain
* The first subpart of the Cryptographic Payload must have a If a text/plain part within the Cryptographic Payload has the
"Content-Type" of "text/plain" or "text/rfc822-headers" Content-Type parameter hp-legacy-display="1", it should be processed
before rendering in the following fashion:
* The first subpart of the Cryptographic Payload's "Content-Type" * Discard the leading lines of the body of the part up to and
must contain a property of "protected-headers", and its value must including the first entirely blank line.
be "v1".
* If all of the above are true, then the first subpart is the Legacy Note that implementing this strategy is depenent on the charset used
Display part, and the second subpart is the "original body". by the MIME part.
Otherwise, the message does not have a Legacy Display part.
4.1.4.4.3.2. Legacy Display Example See Appendix E.1 for an example.
Consider a message with this structure, where the MUA is able to 4.1.4.4.3.3. Omitting Legacy Display Elements from text/html
validate the cryptographic signature:
U └─╴application/pkcs7-mime; smime-type="enveloped-data" If a text/html part within the Cryptographic Payload has the Content-
↧ (decrypts to) Type parameter hp-legacy-display="1", it should be processed before
V └─╴application/pkcs7-mime; smime-type="signed-data" rendering in the following fashion:
⇩ (unwraps to)
W └┬╴multipart/mixed [Cryptographic Payload]
X ├─╴text/plain [Legacy Display]
Y └┬╴multipart/alternative [Rendered Body]
Z ├─╴text/plain
A' └─╴text/html
The message body should be rendered the same way as this message, * If any element of the HTML <body> is a <div> with class attribute
effectively hiding the Legacy Display part ("X") and its wrapper: header-protecton-legacy-display, that entire element should be
omitted.
Y └┬╴multipart/alternative A straightforward way for an HTML-capable MUA to do this is to add an
Z ├─╴text/plain entry to the [CSS] stylesheet for such a part:
A' └─╴text/html
It should render headers taken from part "W", following the same body div.header-protection-legacy-display:firstchild { display: none; }
guidance as in Section 4.1.4.4.2 and Section 4.1.4.3.2 about the
cryptographic status of each rendered header field.
4.1.4.5. Affordances for Debugging and Troubleshooting 4.1.4.5. Affordances for Debugging and Troubleshooting
Note that advanced users of an MUA may need access to the original Note that advanced users of an MUA may need access to the original
message, for example to troubleshoot problems with the MUA itself, or message, for example to troubleshoot problems with the MUA itself, or
problems with the SMTP transport path taken by the message. problems with the SMTP transport path taken by the message.
A MUA that applies these rendering guidelines SHOULD ensure that the A MUA that applies these rendering guidelines SHOULD ensure that the
full original source of the message as it was received remains full original source of the message as it was received remains
available to such a user for debugging and troubleshooting. available to such a user for debugging and troubleshooting.
skipping to change at page 29, line 20 skipping to change at page 30, line 49
Headers Headers
When composing a reply to an encrypted message with protected When composing a reply to an encrypted message with protected
headers, the MUA is acting both as a receiving MUA and as a sending headers, the MUA is acting both as a receiving MUA and as a sending
MUA. Special guidance applies here, as things can go wrong in at MUA. Special guidance applies here, as things can go wrong in at
least two ways: leaking previously-confidential information, and least two ways: leaking previously-confidential information, and
replying to the wrong party. replying to the wrong party.
4.1.4.6.1. Avoid Leaking Encrypted Headers in Reply 4.1.4.6.1. Avoid Leaking Encrypted Headers in Reply
As noted in [I-D.dkg-lamps-e2e-mail-guidance], an MUA in this As noted in [I-D.ietf-lamps-e2e-mail-guidance], an MUA in this
position MUST NOT leak previously-encrypted content in the clear in a position MUST NOT leak previously-encrypted content in the clear in a
followup message. The same is true for protected headers. followup message. The same is true for protected headers.
Values from any header field that was identified as either Values from any header field that was identified as either encrypted
"encrypted" or "signed-and-encrypted" based on the steps outlined or signed-and-encrypted based on the steps outlined above MUST NOT be
above MUST NOT be placed in cleartext output when generating a placed in cleartext output when generating a message.
message.
In particular, if "Subject" was encrypted, and it is copied into the In particular, if Subject was encrypted, and it is copied into the
draft encrypted reply, the replying MUA MUST obfuscate the "Subject" draft encrypted reply, the replying MUA MUST obfuscate the Subject
field in the cleartext header as described above. field in the cleartext header as described above.
[[ TODO: formally describe how a replying MUA should generate a [[ TODO: formally describe how a replying MUA should generate a
message-specific Header Protection policy based on the cryptographic message-specific Header Protection policy based on the cryptographic
status of the headers of the incoming message ]] status of the headers of the incoming message ]]
4.1.4.6.2. Avoid Misdirected Replies to Encrypted Messages with 4.1.4.6.2. Avoid Misdirected Replies to Encrypted Messages with
Protected Headers Protected Headers
When replying to a message, the Composing MUA typically decides who When replying to a message, the Composing MUA typically decides who
to send the reply to based on: to send the reply to based on:
* the "Reply-To", "Mail-Followup-To", or "From" headers * the Reply-To, Mail-Followup-To, or From headers
* optionally, the other "To" or "Cc" headers (if the user chose to * optionally, the other To or Cc headers (if the user chose to
"reply all") "reply all")
When a message has protected headers, the replying MUA MUST populate When a message has protected headers, the replying MUA MUST populate
the destination fields of the draft message using the protected the destination fields of the draft message using the protected
headers, and ignore any unprotected headers. headers, and ignore any unprotected headers.
This mitigates against an attack where Mallory gets a copy of an This mitigates against an attack where Mallory gets a copy of an
encrypted message from Alice to Bob, and then replays the message to encrypted message from Alice to Bob, and then replays the message to
Bob with an additional "Cc" to Mallory's own e-mail address in the Bob with an additional Cc to Mallory's own e-mail address in the
message's outer header. message's outer header.
If Bob knows Mallory's certificate already, and he replies to such a If Bob knows Mallory's certificate already, and he replies to such a
message without following the guidance in this section, it's likely message without following the guidance in this section, it's likely
that his MUA will encrypt the cleartext of the message directly to that his MUA will encrypt the cleartext of the message directly to
Mallory. Mallory.
4.1.4.7. Implicitly-rendered Header Fields 4.1.4.7. Implicitly-rendered Header Fields
While "From" and "To" and "Cc" and "Subject" and "Date" are often While From and To and Cc and Subject and Date are often explicitly
explicitly rendered to the user, some header fields do affect message rendered to the user, some header fields do affect message display,
display, without being explicitly rendered. without being explicitly rendered.
For example, "Message-Id", "References", and "In-Reply-To" header For example, Message-Id, References, and In-Reply-To header fields
fields may collectively be used to place a message in a "thread" or may collectively be used to place a message in a "thread" or series
series of messages. of messages.
In another example, Section 4.1.4.6.2 observes that the value of the In another example, Section 4.1.4.6.2 observes that the value of the
"Reply-To" field can influence the draft reply message. So while the Reply-To field can influence the draft reply message. So while the
user may never see the "Reply-To" header directly, it is implicitly user may never see the Reply-To header directly, it is implicitly
"rendered" when the user interacts with the message by replying to "rendered" when the user interacts with the message by replying to
it. it.
An MUA that depends on any implicitly-rendered header field in a An MUA that depends on any implicitly-rendered header field in a
message with protected headers SHOULD use the value from the message with protected headers SHOULD use the value from the
protected header, and SHOULD NOT use any value found outside the protected header, and SHOULD NOT use any value found outside the
cryptographic protection. cryptographic protection.
4.1.4.8. Unprotected Headers Added in Transit 4.1.4.8. Unprotected Headers Added in Transit
Some headers are legitimately added in transit, and could not have Some headers are legitimately added in transit, and could not have
been known to the sender at message composition time. been known to the sender at message composition time.
The most common of these headers are "Received" and "DKIM-Signature", The most common of these headers are Received and DKIM-Signature,
neither of which are typically rendered, either explicitly or neither of which are typically rendered, either explicitly or
implicitly. implicitly.
If a receiving MUA has specific knowledge about a given header field, If a receiving MUA has specific knowledge about a given header field,
including that: including that:
* the header field would not have been known to the original sender, * the header field would not have been known to the original sender,
and and
* the header field might be rendered explicitly or implicitly, * the header field might be rendered explicitly or implicitly,
skipping to change at page 31, line 4 skipping to change at page 32, line 32
neither of which are typically rendered, either explicitly or neither of which are typically rendered, either explicitly or
implicitly. implicitly.
If a receiving MUA has specific knowledge about a given header field, If a receiving MUA has specific knowledge about a given header field,
including that: including that:
* the header field would not have been known to the original sender, * the header field would not have been known to the original sender,
and and
* the header field might be rendered explicitly or implicitly, * the header field might be rendered explicitly or implicitly,
then the MUA MAY decide to operate on the value of that header field then the MUA MAY decide to operate on the value of that header field
from the unprotected header section, even though the message has from the unprotected header section, even though the message has
protected headers. protected headers.
The MUA MAY prefer to verify that the headers in question have The MUA MAY prefer to verify that the headers in question have
additional transit-derived cryptographic protections (e.g., to test additional transit-derived cryptographic protections (e.g., to test
whether they are covered by a valid "DKIM-Signature") before whether they are covered by a valid DKIM-Signature) before rendering
rendering or acting on them. or acting on them.
Specific examples appear below. Specific examples appear below.
4.1.4.8.1. Mailing list headers: List-* and Archived-At 4.1.4.8.1. Mailing list headers: List-* and Archived-At
If the message arrives through a mailing list, the list manager If the message arrives through a mailing list, the list manager
itself may inject headers (most of which start with "List-") in the itself may inject headers (most of which start with List-) in the
message: message:
* "List-Archive" * List-Archive
* "List-Subscribe"
* "List-Unsubscribe" * List-Subscribe
* List-Unsubscribe
* "List-Id" * List-Id
* "List-Help" * List-Help
* "List-Post" * List-Post
* "Archived-At" * Archived-At
For some MUAs, these headers are implicitly rendered, by providing For some MUAs, these headers are implicitly rendered, by providing
buttons for actions like "Subscribe", "View Archived Version", "Reply buttons for actions like "Subscribe", "View Archived Version", "Reply
List", "List Info", etc. List", "List Info", etc.
An MUA that receives a message with protected headers that contains An MUA that receives a message with protected headers that contains
these header fields in the unprotected section, and that has reason these header fields in the unprotected section, and that has reason
to believe the message is coming through a mailing list MAY decide to to believe the message is coming through a mailing list MAY decide to
render them to the user (explicitly or implicitly) even though they render them to the user (explicitly or implicitly) even though they
are not protected. are not protected.
skipping to change at page 32, line 29 skipping to change at page 34, line 5
[[ TODO: Verify once solution is stable and update last sentence. ]] [[ TODO: Verify once solution is stable and update last sentence. ]]
4.2.2. Receiving Side Not MIME-Conformant 4.2.2. Receiving Side Not MIME-Conformant
This section applies to cases where the sending side (fully) supports This section applies to cases where the sending side (fully) supports
Header Protection as specified in this document, while the receiving Header Protection as specified in this document, while the receiving
side neither supports this specification *nor* is MIME-conformant side neither supports this specification *nor* is MIME-conformant
according to [RFC2045], ff. (cf. Section 3.1.2 and Section 3.1.2.2). according to [RFC2045], ff. (cf. Section 3.1.2 and Section 3.1.2.2).
[I-D.autocrypt-lamps-protected-headers] describes a possible way to
achieve backward compatibility with existing S/MIME (and PGP/MIME)
implementations that predate this specification and are not MIME-
conformant (Legacy Display) either. It mainly focuses on email
clients that do not render emails which utilize header protection in
a user friendly manner, which may confuse the user. While this has
been observed occasionally in PGP/MIME (cf. [RFC3156]), the extent
of this problem with S/MIME implementations is still unclear. (Note:
At this time, none of the samples in
[I-D.autocrypt-lamps-protected-headers] apply header protection as
specified in Section 3.1 of [RFC8551], which is wrapping as Media
Type "message/RFC822".)
Should serious backward compatibility issues with rendering at the
receiving side be discovered, the Legacy Display format described in
[I-D.autocrypt-lamps-protected-headers] may serve as a basis to
mitigate those issues (cf. Section 4.2).
Another variant of backward compatibility has been implemented by pEp Another variant of backward compatibility has been implemented by pEp
[I-D.pep-email], i.e. pEp Email Format 1.0. At this time pEp has [I-D.pep-email], i.e. pEp Email Format 1.0. At this time pEp has
implemented this for PGP/MIME, but not yet S/MIME. implemented this for PGP/MIME, but not yet S/MIME.
5. Usability Considerations 5. Usability Considerations
This section describes concerns for MUAs that are interested in easy This section describes concerns for MUAs that are interested in easy
adoption of header protection by normal users. adoption of header protection by normal users.
While they are not protocol-level artifacts, these concerns motivate While they are not protocol-level artifacts, these concerns motivate
the protocol features described in this document. the protocol features described in this document.
See also the Usability section in [I-D.dkg-lamps-e2e-mail-guidance]. See also the Usability section in [I-D.ietf-lamps-e2e-mail-guidance].
5.1. Mixed Protections Within a Message Are Hard To Understand 5.1. Mixed Protections Within a Message Are Hard To Understand
[[ TODO ]] [[ TODO ]]
5.2. Users Should Not Have To Choose a Header Confidentiality Policy 5.2. Users Should Not Have To Choose a Header Confidentiality Policy
[[ TODO ]] [[ TODO ]]
6. Security Considerations 6. Security Considerations
skipping to change at page 33, line 50 skipping to change at page 35, line 5
provided helpful comments and suggestions for this document: Berna provided helpful comments and suggestions for this document: Berna
Alp, Bernhard E. Reiter, Claudio Luck, David Wilson, Hernani Alp, Bernhard E. Reiter, Claudio Luck, David Wilson, Hernani
Marques, juga, Krista Bennett, Kelly Bristol, Lars Rohwedder, Robert Marques, juga, Krista Bennett, Kelly Bristol, Lars Rohwedder, Robert
Williams, Russ Housley, Sofia Balicka, Steve Kille, Volker Birk, and Williams, Russ Housley, Sofia Balicka, Steve Kille, Volker Birk, and
Wei Chuang. Wei Chuang.
10. References 10. References
10.1. Normative References 10.1. Normative References
[I-D.dkg-lamps-e2e-mail-guidance] [I-D.ietf-lamps-e2e-mail-guidance]
Gillmor, D. K., "Guidance on End-to-End E-mail Security", Gillmor, D. K., "Guidance on End-to-End E-mail Security",
Work in Progress, Internet-Draft, draft-dkg-lamps-e2e- Work in Progress, Internet-Draft, draft-ietf-lamps-e2e-
mail-guidance-01, 22 February 2021, mail-guidance-02, 25 January 2022,
<https://www.ietf.org/archive/id/draft-dkg-lamps-e2e-mail- <https://www.ietf.org/archive/id/draft-ietf-lamps-e2e-
guidance-01.txt>. mail-guidance-02.txt>.
[I-D.ietf-lamps-header-protection-requirements] [I-D.ietf-lamps-header-protection-requirements]
Melnikov, A. and B. Hoeneisen, "Problem Statement and Melnikov, A. and B. Hoeneisen, "Problem Statement and
Requirements for Header Protection", Work in Progress, Requirements for Header Protection", Work in Progress,
Internet-Draft, draft-ietf-lamps-header-protection- Internet-Draft, draft-ietf-lamps-header-protection-
requirements-01, 29 October 2019, requirements-01, 29 October 2019,
<https://www.ietf.org/archive/id/draft-ietf-lamps-header- <https://www.ietf.org/archive/id/draft-ietf-lamps-header-
protection-requirements-01.txt>. protection-requirements-01.txt>.
[RFC2045] Freed, N. and N. Borenstein, "Multipurpose Internet Mail [RFC2045] Freed, N. and N. Borenstein, "Multipurpose Internet Mail
skipping to change at page 35, line 5 skipping to change at page 36, line 5
DOI 10.17487/RFC5322, October 2008, DOI 10.17487/RFC5322, October 2008,
<https://www.rfc-editor.org/info/rfc5322>. <https://www.rfc-editor.org/info/rfc5322>.
[RFC8551] Schaad, J., Ramsdell, B., and S. Turner, "Secure/ [RFC8551] Schaad, J., Ramsdell, B., and S. Turner, "Secure/
Multipurpose Internet Mail Extensions (S/MIME) Version 4.0 Multipurpose Internet Mail Extensions (S/MIME) Version 4.0
Message Specification", RFC 8551, DOI 10.17487/RFC8551, Message Specification", RFC 8551, DOI 10.17487/RFC8551,
April 2019, <https://www.rfc-editor.org/info/rfc8551>. April 2019, <https://www.rfc-editor.org/info/rfc8551>.
10.2. Informative References 10.2. Informative References
[I-D.autocrypt-lamps-protected-headers] [CSS] World Wide Web Consortium, "Cascading Style Sheets Level 2
Einarsson, B. R., juga, and D. K. Gillmor, "Protected Revision 2 (CSS 2.2) Specification", 12 April 2016,
Headers for Cryptographic E-mail", Work in Progress, <https://www.w3.org/TR/2016/WD-CSS22-20160412/>.
Internet-Draft, draft-autocrypt-lamps-protected-headers-
02, 20 December 2019, <https://www.ietf.org/archive/id/
draft-autocrypt-lamps-protected-headers-02.txt>.
[I-D.ietf-lamps-samples] [I-D.ietf-lamps-samples]
Gillmor, D. K., "S/MIME Example Keys and Certificates", Gillmor, D. K., "S/MIME Example Keys and Certificates",
Work in Progress, Internet-Draft, draft-ietf-lamps- Work in Progress, Internet-Draft, draft-ietf-lamps-
samples-04, 18 May 2021, <https://www.ietf.org/archive/id/ samples-07, 13 December 2021,
draft-ietf-lamps-samples-04.txt>. <https://www.ietf.org/archive/id/draft-ietf-lamps-samples-
07.txt>.
[I-D.melnikov-iana-reg-forwarded] [I-D.melnikov-iana-reg-forwarded]
Melnikov, A. and B. Hoeneisen, "IANA Registration of Melnikov, A. and B. Hoeneisen, "IANA Registration of
Content-Type Header Field Parameter 'forwarded'", Work in Content-Type Header Field Parameter 'forwarded'", Work in
Progress, Internet-Draft, draft-melnikov-iana-reg- Progress, Internet-Draft, draft-melnikov-iana-reg-
forwarded-00, 4 November 2019, forwarded-00, 4 November 2019,
<https://www.ietf.org/archive/id/draft-melnikov-iana-reg- <https://www.ietf.org/archive/id/draft-melnikov-iana-reg-
forwarded-00.txt>. forwarded-00.txt>.
[I-D.pep-email] [I-D.pep-email]
skipping to change at page 39, line 38 skipping to change at page 40, line 38
This section contains sample messages using the different schemes This section contains sample messages using the different schemes
described in this document. Each sample contains a MIME object, a described in this document. Each sample contains a MIME object, a
textual and diagrammatic view of its structure, and examples of how textual and diagrammatic view of its structure, and examples of how
an MUA might render it. an MUA might render it.
The cryptographic protections used in this document use the S/MIME The cryptographic protections used in this document use the S/MIME
standard, and keying material and certificates come from standard, and keying material and certificates come from
[I-D.ietf-lamps-samples]. [I-D.ietf-lamps-samples].
These messages should be accessible to any IMAP client at These messages should be accessible to any IMAP client at
"imap://bob@header-protection.cmrg.net/" (any password should imap://bob@header-protection.cmrg.net/ (any password should
authenticate to this read-only IMAP mailbox). authenticate to this read-only IMAP mailbox).
You can also download copies of these test vectors separately at You can also download copies of these test vectors separately at
"https://header-protection.cmrg.net". https://header-protection.cmrg.net.
If any of the messages downloaded differ from those offered here, If any of the messages downloaded differ from those offered here,
this document is the canonical source. this document is the canonical source.
B.1. Baseline Messages B.1. Baseline Messages
These messages offer no header protection at all, and can be used as These messages offer no header protection at all, and can be used as
a baseline. They are provided in this document as a counterexample. a baseline. They are provided in this document as a counterexample.
An MUA implementer can use these messages to verify that the reported An MUA implementer can use these messages to verify that the reported
cryptographic summary of the message indicates no header protection. cryptographic summary of the message indicates no header protection.
skipping to change at page 47, line 29 skipping to change at page 48, line 29
U4lkcOY/ijmuhL5mn2YYUE6w4oywZuLx5WCv2oAvQawMmNP9AeI1jcV9JiKa+8y0 U4lkcOY/ijmuhL5mn2YYUE6w4oywZuLx5WCv2oAvQawMmNP9AeI1jcV9JiKa+8y0
sAa1LzD78Dg4FKO8t3d13Q== sAa1LzD78Dg4FKO8t3d13Q==
B.1.5. No cryptographic protections over a complex message B.1.5. No cryptographic protections over a complex message
This message uses no cryptographic protection at all. Its body is a This message uses no cryptographic protection at all. Its body is a
multipart/alternative message with an inline image/png attachment. multipart/alternative message with an inline image/png attachment.
It has the following structure: It has the following structure:
└┬╴multipart/mixed 1357 bytes └┬╴multipart/mixed 1371 bytes
├┬╴multipart/alternative 780 bytes ├┬╴multipart/alternative 794 bytes
│├─╴text/plain 206 bytes │├─╴text/plain 206 bytes
│└─╴text/html 290 bytes │└─╴text/html 304 bytes
└─╴image/png inline 232 bytes └─╴image/png inline 232 bytes
Its contents are: Its contents are:
MIME-Version: 1.0 MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="0f4" Content-Type: multipart/mixed; boundary="428"
Subject: no-crypto-complex Subject: no-crypto-complex
Message-ID: <no-crypto-complex@lhp.example> Message-ID: <no-crypto-complex@lhp.example>
From: Alice <alice@smime.example> From: Alice <alice@smime.example>
To: Bob <bob@smime.example> To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 12:00:02 -0500 Date: Sat, 20 Feb 2021 12:00:02 -0500
--0f4 --428
MIME-Version: 1.0 MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="384" Content-Type: multipart/alternative; boundary="db9"
--384 --db9
Content-Type: text/plain; charset="us-ascii" Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0 MIME-Version: 1.0
Content-Transfer-Encoding: 7bit Content-Transfer-Encoding: 7bit
This is the no-crypto-complex message. This is the no-crypto-complex message.
This message uses no cryptographic protection at all. Its body is a This message uses no cryptographic protection at all. Its body is a
multipart/alternative message with an inline image/png attachment. multipart/alternative message with an inline image/png attachment.
-- --
Alice Alice
alice@smime.example alice@smime.example
--384 --db9
Content-Type: text/html; charset="us-ascii" Content-Type: text/html; charset="us-ascii"
MIME-Version: 1.0 MIME-Version: 1.0
Content-Transfer-Encoding: 7bit Content-Transfer-Encoding: 7bit
<html><head><title></title></head><body> <html><head><title></title></head><body>
<p>This is the <b>no-crypto-complex</b> message.</p> <p>This is the <b>no-crypto-complex</b> message.</p>
<p>This message uses no cryptographic protection at all. Its body is a <p>This message uses no cryptographic protection at all. Its body is a
multipart/alternative message with an inline image/png attachment.</p> multipart/alternative message with an inline image/png attachment.</p>
<p><tt>-- <br/>Alice<br/>alice@smime.example</tt></p> <p><tt>-- <br/>Alice<br/>alice@smime.example</tt></p></body></html>
--384-- --db9--
--0f4 --428
Content-Type: image/png Content-Type: image/png
Content-Transfer-Encoding: base64 Content-Transfer-Encoding: base64
Content-Disposition: inline Content-Disposition: inline
iVBORw0KGgoAAAANSUhEUgAAABQAAAAUCAYAAACNiR0NAAAAcElEQVR42uVTOxbA iVBORw0KGgoAAAANSUhEUgAAABQAAAAUCAYAAACNiR0NAAAAcElEQVR42uVTOxbA
MAgS739nO3TpRw20dqpbfARQEjOywiwYnCtkDKnbcLk66sqlT+zt9cidkE+6KwkZ MAgS739nO3TpRw20dqpbfARQEjOywiwYnCtkDKnbcLk66sqlT+zt9cidkE+6KwkZ
sgrzfcqVMpL2jo0447gYDpeArk+OnJHkIhAfTPRicihAf5YJrw7vjv0ZWRWM/uli sgrzfcqVMpL2jo0447gYDpeArk+OnJHkIhAfTPRicihAf5YJrw7vjv0ZWRWM/uli
vdPf1QZ2kDD9xppd8wAAAABJRU5ErkJggg== vdPf1QZ2kDD9xppd8wAAAABJRU5ErkJggg==
--0f4-- --428--
B.1.6. S/MIME signed-only signedData over a complex message, No Header B.1.6. S/MIME signed-only signedData over a complex message, No Header
Protection Protection
This is a signed-only S/MIME message via PKCS#7 signedData. The This is a signed-only S/MIME message via PKCS#7 signedData. The
payload is a multipart/alternative message with an inline image/png payload is a multipart/alternative message with an inline image/png
attachment. It uses no header protection. attachment. It uses no header protection.
It has the following structure: It has the following structure:
└─╴application/pkcs7-mime [smime.p7m] 5229 bytes └─╴application/pkcs7-mime [smime.p7m] 5249 bytes
⇩ (unwraps to) ⇩ (unwraps to)
└┬╴multipart/mixed 1274 bytes └┬╴multipart/mixed 1288 bytes
├┬╴multipart/alternative 868 bytes ├┬╴multipart/alternative 882 bytes
│├─╴text/plain 258 bytes │├─╴text/plain 258 bytes
│└─╴text/html 339 bytes │└─╴text/html 353 bytes
└─╴image/png inline 236 bytes └─╴image/png inline 236 bytes
Its contents are: Its contents are:
Content-Transfer-Encoding: base64 Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-mime; name="smime.p7m"; Content-Type: application/pkcs7-mime; name="smime.p7m";
smime-type="signed-data" smime-type="signed-data"
Subject: smime-one-part-complex Subject: smime-one-part-complex
Message-ID: <smime-one-part-complex@lhp.example> Message-ID: <smime-one-part-complex@lhp.example>
From: Alice <alice@smime.example> From: Alice <alice@smime.example>
To: Bob <bob@smime.example> To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 12:01:02 -0500 Date: Sat, 20 Feb 2021 12:01:02 -0500
MIIPEQYJKoZIhvcNAQcCoIIPAjCCDv4CAQExDTALBglghkgBZQMEAgEwggU6Bgkq MIIPHwYJKoZIhvcNAQcCoIIPEDCCDwwCAQExDTALBglghkgBZQMEAgEwggVIBgkq
hkiG9w0BBwGgggUrBIIFJ01JTUUtVmVyc2lvbjogMS4wDQpDb250ZW50LVR5cGU6 hkiG9w0BBwGgggU5BIIFNU1JTUUtVmVyc2lvbjogMS4wDQpDb250ZW50LVR5cGU6
IG11bHRpcGFydC9taXhlZDsgYm91bmRhcnk9ImM4YiINCg0KLS1jOGINCk1JTUUt IG11bHRpcGFydC9taXhlZDsgYm91bmRhcnk9IjExMCINCg0KLS0xMTANCk1JTUUt
VmVyc2lvbjogMS4wDQpDb250ZW50LVR5cGU6IG11bHRpcGFydC9hbHRlcm5hdGl2 VmVyc2lvbjogMS4wDQpDb250ZW50LVR5cGU6IG11bHRpcGFydC9hbHRlcm5hdGl2
ZTsgYm91bmRhcnk9ImM4MSINCg0KLS1jODENCkNvbnRlbnQtVHlwZTogdGV4dC9w ZTsgYm91bmRhcnk9IjE5MyINCg0KLS0xOTMNCkNvbnRlbnQtVHlwZTogdGV4dC9w
bGFpbjsgY2hhcnNldD0idXMtYXNjaWkiDQpNSU1FLVZlcnNpb246IDEuMA0KQ29u bGFpbjsgY2hhcnNldD0idXMtYXNjaWkiDQpNSU1FLVZlcnNpb246IDEuMA0KQ29u
dGVudC1UcmFuc2Zlci1FbmNvZGluZzogN2JpdA0KDQpUaGlzIGlzIHRoZSBzbWlt dGVudC1UcmFuc2Zlci1FbmNvZGluZzogN2JpdA0KDQpUaGlzIGlzIHRoZSBzbWlt
ZS1vbmUtcGFydC1jb21wbGV4IG1lc3NhZ2UuDQoNClRoaXMgaXMgYSBzaWduZWQt ZS1vbmUtcGFydC1jb21wbGV4IG1lc3NhZ2UuDQoNClRoaXMgaXMgYSBzaWduZWQt
b25seSBTL01JTUUgbWVzc2FnZSB2aWEgUEtDUyM3IHNpZ25lZERhdGEuICBUaGUN b25seSBTL01JTUUgbWVzc2FnZSB2aWEgUEtDUyM3IHNpZ25lZERhdGEuICBUaGUN
CnBheWxvYWQgaXMgYSBtdWx0aXBhcnQvYWx0ZXJuYXRpdmUgbWVzc2FnZSB3aXRo CnBheWxvYWQgaXMgYSBtdWx0aXBhcnQvYWx0ZXJuYXRpdmUgbWVzc2FnZSB3aXRo
IGFuIGlubGluZSBpbWFnZS9wbmcNCmF0dGFjaG1lbnQuIEl0IHVzZXMgbm8gaGVh IGFuIGlubGluZSBpbWFnZS9wbmcNCmF0dGFjaG1lbnQuIEl0IHVzZXMgbm8gaGVh
ZGVyIHByb3RlY3Rpb24uDQoNCi0tIA0KQWxpY2UNCmFsaWNlQHNtaW1lLmV4YW1w ZGVyIHByb3RlY3Rpb24uDQoNCi0tIA0KQWxpY2UNCmFsaWNlQHNtaW1lLmV4YW1w
bGUNCi0tYzgxDQpDb250ZW50LVR5cGU6IHRleHQvaHRtbDsgY2hhcnNldD0idXMt bGUNCi0tMTkzDQpDb250ZW50LVR5cGU6IHRleHQvaHRtbDsgY2hhcnNldD0idXMt
YXNjaWkiDQpNSU1FLVZlcnNpb246IDEuMA0KQ29udGVudC1UcmFuc2Zlci1FbmNv YXNjaWkiDQpNSU1FLVZlcnNpb246IDEuMA0KQ29udGVudC1UcmFuc2Zlci1FbmNv
ZGluZzogN2JpdA0KDQo8aHRtbD48aGVhZD48dGl0bGU+PC90aXRsZT48L2hlYWQ+ ZGluZzogN2JpdA0KDQo8aHRtbD48aGVhZD48dGl0bGU+PC90aXRsZT48L2hlYWQ+
PGJvZHk+DQo8cD5UaGlzIGlzIHRoZSA8Yj5zbWltZS1vbmUtcGFydC1jb21wbGV4 PGJvZHk+DQo8cD5UaGlzIGlzIHRoZSA8Yj5zbWltZS1vbmUtcGFydC1jb21wbGV4
PC9iPiBtZXNzYWdlLjwvcD4NCjxwPlRoaXMgaXMgYSBzaWduZWQtb25seSBTL01J PC9iPiBtZXNzYWdlLjwvcD4NCjxwPlRoaXMgaXMgYSBzaWduZWQtb25seSBTL01J
TUUgbWVzc2FnZSB2aWEgUEtDUyM3IHNpZ25lZERhdGEuICBUaGUNCnBheWxvYWQg TUUgbWVzc2FnZSB2aWEgUEtDUyM3IHNpZ25lZERhdGEuICBUaGUNCnBheWxvYWQg
aXMgYSBtdWx0aXBhcnQvYWx0ZXJuYXRpdmUgbWVzc2FnZSB3aXRoIGFuIGlubGlu aXMgYSBtdWx0aXBhcnQvYWx0ZXJuYXRpdmUgbWVzc2FnZSB3aXRoIGFuIGlubGlu
ZSBpbWFnZS9wbmcNCmF0dGFjaG1lbnQuIEl0IHVzZXMgbm8gaGVhZGVyIHByb3Rl ZSBpbWFnZS9wbmcNCmF0dGFjaG1lbnQuIEl0IHVzZXMgbm8gaGVhZGVyIHByb3Rl
Y3Rpb24uPC9wPg0KPHA+PHR0Pi0tIDxici8+QWxpY2U8YnIvPmFsaWNlQHNtaW1l Y3Rpb24uPC9wPg0KPHA+PHR0Pi0tIDxici8+QWxpY2U8YnIvPmFsaWNlQHNtaW1l
LmV4YW1wbGU8L3R0PjwvcD4NCi0tYzgxLS0NCg0KLS1jOGINCkNvbnRlbnQtVHlw LmV4YW1wbGU8L3R0PjwvcD48L2JvZHk+PC9odG1sPg0KLS0xOTMtLQ0KDQotLTEx
ZTogaW1hZ2UvcG5nDQpDb250ZW50LVRyYW5zZmVyLUVuY29kaW5nOiBiYXNlNjQN MA0KQ29udGVudC1UeXBlOiBpbWFnZS9wbmcNCkNvbnRlbnQtVHJhbnNmZXItRW5j
CkNvbnRlbnQtRGlzcG9zaXRpb246IGlubGluZQ0KDQppVkJPUncwS0dnb0FBQUFO b2Rpbmc6IGJhc2U2NA0KQ29udGVudC1EaXNwb3NpdGlvbjogaW5saW5lDQoNCmlW
U1VoRVVnQUFBQlFBQUFBVUNBWUFBQUNOaVIwTkFBQUFjRWxFUVZSNDJ1VlRPeGJB Qk9SdzBLR2dvQUFBQU5TVWhFVWdBQUFCUUFBQUFVQ0FZQUFBQ05pUjBOQUFBQWNF
DQpNQWdTNzM5bk8zVHBSdzIwZHFwYmZBUlFFak95d2l3WW5DdGtES25iY0xrNjZz bEVRVlI0MnVWVE94YkENCk1BZ1M3MzluTzNUcFJ3MjBkcXBiZkFSUUVqT3l3aXdZ
cWxUK3p0OWNpZGtFKzZLd2taDQpzZ3J6ZmNxVk1wTDJqbzA0NDdnWURwZUFyaytP bkN0a0RLbmJjTGs2NnNxbFQrenQ5Y2lka0UrNkt3a1oNCnNncnpmY3FWTXBMMmpv
bkpIa0loQWZUUFJpY2loQWY1WUpydzd2anYwWldSV00vdWxpDQp2ZFBmMVFaMmtE MDQ0N2dZRHBlQXJrK09uSkhrSWhBZlRQUmljaWhBZjVZSnJ3N3ZqdjBaV1JXTS91
RDl4cHBkOHdBQUFBQkpSVTVFcmtKZ2dnPT0NCg0KLS1jOGItLQ0KoIIHpjCCA88w bGkNCnZkUGYxUVoya0REOXhwcGQ4d0FBQUFCSlJVNUVya0pnZ2c9PQ0KDQotLTEx
ggK3oAMCAQICEw8tJb0ROZdKzkJUh6HuPTQGirQwDQYJKoZIhvcNAQENBQAwVTEN MC0tDQqgggemMIIDzzCCAregAwIBAgITDy0lvRE5l0rOQlSHoe49NAaKtDANBgkq
MAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNhbXBs hkiG9w0BAQ0FADBVMQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQLEwhMQU1QUyBXRzEx
ZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwIBcNMTkxMTIwMDY1 MC8GA1UEAxMoU2FtcGxlIExBTVBTIFJTQSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0
NDE4WhgPMjA1MjA5MjcwNjU0MThaMDsxDTALBgNVBAoTBElFVEYxETAPBgNVBAsT eTAgFw0xOTExMjAwNjU0MThaGA8yMDUyMDkyNzA2NTQxOFowOzENMAsGA1UEChME
CExBTVBTIFdHMRcwFQYDVQQDEw5BbGljZSBMb3ZlbGFjZTCCASIwDQYJKoZIhvcN SUVURjERMA8GA1UECxMITEFNUFMgV0cxFzAVBgNVBAMTDkFsaWNlIExvdmVsYWNl
AQEBBQADggEPADCCAQoCggEBAJqVKfqLwaLjj+gBUCfkacKTg8cc2OtJ9ZSed6U3 MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmpUp+ovBouOP6AFQJ+Rp
jUoiZVpMLcP3MUKtLeLg9r1mAfIDlB/wlbdmadXPmrszyidmbuZmOpB5voVQfiLY wpODxxzY60n1lJ53pTeNSiJlWkwtw/cxQq0t4uD2vWYB8gOUH/CVt2Zp1c+auzPK
Yy3iOx7YOqzXrl6udP07k0sV+UdSNRFxrfKeoQEFXgOaGdmnx4OG/e3p1fIKM0dP J2Zu5mY6kHm+hVB+IthjLeI7Htg6rNeuXq50/TuTSxX5R1I1EXGt8p6hAQVeA5oZ
zZLoOAJF5m5O0xzXPL74zFCWp2f1ZkuE4A6l41koaZXCN5XL7wWTLMLeNf9Byb5k 2afHg4b97enV8gozR0/Nkug4AkXmbk7THNc8vvjMUJanZ/VmS4TgDqXjWShplcI3
sKqUuqEHAMd1nmoNMgjY9VfVfcrv9w43GG8FtpSX+TWzB2zNS2OF+XIVnzRG5Deo lcvvBZMswt41/0HJvmSwqpS6oQcAx3Weag0yCNj1V9V9yu/3DjcYbwW2lJf5NbMH
ULq8v88Z5bLpIJ/nx26r8A4SSwIBaVv4wPxAf1iPsIVKarUCAwEAAaOBrzCBrDAM bM1LY4X5chWfNEbkN6hQury/zxnlsukgn+fHbqvwDhJLAgFpW/jA/EB/WI+whUpq
BgNVHRMBAf8EAjAAMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAeBgNVHREEFzAV tQIDAQABo4GvMIGsMAwGA1UdEwEB/wQCMAAwFwYDVR0gBBAwDjAMBgpghkgBZQMC
gRNhbGljZUBzbWltZS5leGFtcGxlMBMGA1UdJQQMMAoGCCsGAQUFBwMEMA4GA1Ud ATABMB4GA1UdEQQXMBWBE2FsaWNlQHNtaW1lLmV4YW1wbGUwEwYDVR0lBAwwCgYI
DwEB/wQEAwIFIDAdBgNVHQ4EFgQUolNB1UQ8gCkVfAEj8OeOr83zdw8wHwYDVR0j KwYBBQUHAwQwDgYDVR0PAQH/BAQDAgUgMB0GA1UdDgQWBBSiU0HVRDyAKRV8ASPw
BBgwFoAUkTCOfAcXDKfxCShlNhpnHGh29FkwDQYJKoZIhvcNAQENBQADggEBAIFJ 546vzfN3DzAfBgNVHSMEGDAWgBSRMI58BxcMp/EJKGU2GmccaHb0WTANBgkqhkiG
eKCcsTKcFqQMpTryujRGzJdYA+R9eBAuDLsatbtKtl4FzkgRyOg31/+Cw7H8e30i 9w0BAQ0FAAOCAQEAgUl4oJyxMpwWpAylOvK6NEbMl1gD5H14EC4Muxq1u0q2XgXO
LrPIFlWN1qjHrjgOyIs5AQ/hgxLvLir3hEUV2Z3MRsMtjH2x9SG91PEM046gfPnc SBHI6DfX/4LDsfx7fSIus8gWVY3WqMeuOA7IizkBD+GDEu8uKveERRXZncxGwy2M
9gMGHjMTg1qvaKcLQP5UzpEYPLror2X4P5uXxaP0LIZRzWmkw1RF7FOD7PfB5v94 fbH1Ib3U8QzTjqB8+dz2AwYeMxODWq9opwtA/lTOkRg8uuivZfg/m5fFo/QshlHN
M5274XYxW2W4uKGd7QGnUZROSvSYkGiWDp1JhqXwfDz8A0enITGXnoEkAFvvjiCq aaTDVEXsU4Ps98Hm/3gznbvhdjFbZbi4oZ3tAadRlE5K9JiQaJYOnUmGpfB8PPwD
h64P1hIeMorj36pgL19oWZD6YrzSWHUz1F00juyuOfQsqm6hvrDTqNpHNZ015fOU R6chMZeegSQAW++OIKqHrg/WEh4yiuPfqmAvX2hZkPpivNJYdTPUXTSO7K459Cyq
Rza1SkCvi9GFmNUPoVgwggPPMIICt6ADAgECAhM3QQV57XV/QqmiXDr0+GrOmqnX bqG+sNOo2kc1nTXl85RHNrVKQK+L0YWY1Q+hWDCCA88wggK3oAMCAQICEzdBBXnt
MA0GCSqGSIb3DQEBDQUAMFUxDTALBgNVBAoTBElFVEYxETAPBgNVBAsTCExBTVBT dX9CqaJcOvT4as6aqdcwDQYJKoZIhvcNAQENBQAwVTENMAsGA1UEChMESUVURjER
IFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFNUFMgUlNBIENlcnRpZmljYXRpb24gQXV0 MA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNhbXBsZSBMQU1QUyBSU0EgQ2Vy
aG9yaXR5MCAXDTE5MTEyMDA2NTQxOFoYDzIwNTIwOTI3MDY1NDE4WjA7MQ0wCwYD dGlmaWNhdGlvbiBBdXRob3JpdHkwIBcNMTkxMTIwMDY1NDE4WhgPMjA1MjA5Mjcw
VQQKEwRJRVRGMREwDwYDVQQLEwhMQU1QUyBXRzEXMBUGA1UEAxMOQWxpY2UgTG92 NjU0MThaMDsxDTALBgNVBAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMRcwFQYD
ZWxhY2UwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC09InoWDgWPk2a VQQDEw5BbGljZSBMb3ZlbGFjZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
f0+StijSNOR8K/hN8D+l078oullsk4ASvSwjsCNo7sHUa4xQUl5JO6VqY18LANwO ggEBALT0iehYOBY+TZp/T5K2KNI05Hwr+E3wP6XTvyi6WWyTgBK9LCOwI2juwdRr
Rjrc9BaX4MguzsbFXBe6uFh1mVpXmFxSpUByQ+950MFz/evPgP96wV+z4TtAwW2Z jFBSXkk7pWpjXwsA3A5GOtz0FpfgyC7OxsVcF7q4WHWZWleYXFKlQHJD73nQwXP9
34rTiz4DxMI07XYNFUEOls/gkUP2GxzymsO2kaYWTut3SryCqeHEFbZFkB4urMk4 68+A/3rBX7PhO0DBbZnfitOLPgPEwjTtdg0VQQ6Wz+CRQ/YbHPKaw7aRphZO63dK
xrIJC3CzWruS2Q0FHbBlfkgKN5wXVgkWFfiOucfCn+IQsaqpo1d3f9jSkbtAV5w3 vIKp4cQVtkWQHi6syTjGsgkLcLNau5LZDQUdsGV+SAo3nBdWCRYV+I65x8Kf4hCx
vzfog8919MxKI9H6l4KuElnAtJ7BtZcsl7dUy9u9COgEykRiVokFQgqQ7XNDU+r3 qqmjV3d/2NKRu0BXnDe/N+iDz3X0zEoj0fqXgq4SWcC0nsG1lyyXt1TL270I6ATK
SeOWwks7AgMBAAGjga8wgawwDAYDVR0TAQH/BAIwADAXBgNVHSAEEDAOMAwGCmCG RGJWiQVCCpDtc0NT6vdJ45bCSzsCAwEAAaOBrzCBrDAMBgNVHRMBAf8EAjAAMBcG
SAFlAwIBMAEwHgYDVR0RBBcwFYETYWxpY2VAc21pbWUuZXhhbXBsZTATBgNVHSUE A1UdIAQQMA4wDAYKYIZIAWUDAgEwATAeBgNVHREEFzAVgRNhbGljZUBzbWltZS5l
DDAKBggrBgEFBQcDBDAOBgNVHQ8BAf8EBAMCBsAwHQYDVR0OBBYEFLv2zLItHQYS eGFtcGxlMBMGA1UdJQQMMAoGCCsGAQUFBwMEMA4GA1UdDwEB/wQEAwIGwDAdBgNV
HJeuKWqQENMgZmZzMB8GA1UdIwQYMBaAFJEwjnwHFwyn8QkoZTYaZxxodvRZMA0G HQ4EFgQUu/bMsi0dBhIcl64papAQ0yBmZnMwHwYDVR0jBBgwFoAUkTCOfAcXDKfx
CSqGSIb3DQEBDQUAA4IBAQBziaI2p86poGkjd/4KkkOHG25nY/0eNARD6/oF0/sY CShlNhpnHGh29FkwDQYJKoZIhvcNAQENBQADggEBAHOJojanzqmgaSN3/gqSQ4cb
onX2doizcGMk53riugAocCn5zbzhW/JVdYn30UxfyrZlRAzEf7GHqgB/NyjOad3p bmdj/R40BEPr+gXT+xiidfZ2iLNwYyTneuK6AChwKfnNvOFb8lV1iffRTF/KtmVE
dpVYeDh4ciNKjbs+aEoTWgAkoqENt1sRxlcvb7HVX524bKZa1oPTUNlm6QpivtqD DMR/sYeqAH83KM5p3el2lVh4OHhyI0qNuz5oShNaACSioQ23WxHGVy9vsdVfnbhs
IdqGJdGf8L1zLfXBuo2zL3HR+M9CDr4Opq2JCkzP0Qhp7poIccGE6I9Tsg+RrOA9 plrWg9NQ2WbpCmK+2oMh2oYl0Z/wvXMt9cG6jbMvcdH4z0IOvg6mrYkKTM/RCGnu
iCQsPn1+Tg8YedjGzUWF07rNmT0TzPCVzUAuBlr+JJtzOKypyQ3eoZ6EPazXqMyH mghxwYToj1OyD5Gs4D2IJCw+fX5ODxh52MbNRYXTus2ZPRPM8JXNQC4GWv4km3M4
AVcsm0GI364IOA0b8PSrJNtjh+AqJ5QfH+0e7NSzNnEmMYICADCCAfwCAQEwbDBV rKnJDd6hnoQ9rNeozIcBVyybQYjfrgg4DRvw9Ksk22OH4ConlB8f7R7s1LM2cSYx
MQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQLEwhMQU1QUyBXRzExMC8GA1UEAxMoU2Ft ggIAMIIB/AIBATBsMFUxDTALBgNVBAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdH
cGxlIExBTVBTIFJTQSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eQITN0EFee11f0Kp MTEwLwYDVQQDEyhTYW1wbGUgTEFNUFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9y
olw69Phqzpqp1zALBglghkgBZQMEAgGgaTAYBgkqhkiG9w0BCQMxCwYJKoZIhvcN aXR5AhM3QQV57XV/QqmiXDr0+GrOmqnXMAsGCWCGSAFlAwQCAaBpMBgGCSqGSIb3
AQcBMBwGCSqGSIb3DQEJBTEPFw0yMTAyMjAxNzAxMDJaMC8GCSqGSIb3DQEJBDEi DQEJAzELBgkqhkiG9w0BBwEwHAYJKoZIhvcNAQkFMQ8XDTIxMDIyMDE3MDEwMlow
BCCBo3TZITs9IUGlq1clkkamrYq1pC+qAOmbM6mBrJaWJDANBgkqhkiG9w0BAQEF LwYJKoZIhvcNAQkEMSIEIAiYlRaTjUNCbHnrieg64m3mMEmTRF8kqt5E8+ogUh5/
AASCAQARpMjNRbLD+Z682oraEKCbEbDsym9Mrdu6nkcZ+ivEj+AHTU9rt+LBdvTb MA0GCSqGSIb3DQEBAQUABIIBAILQrmFl9ls0ehRVddBjQEsH5VnT+NxYWjofr2i0
gHEKrWW8/HJ8C9eybTU4XJlVzbvGLRFhLPrLNz23qygzUH9AJ3nONY9eGAHLRagc w5OoB4RU3+6bPs2i5Y+IZvdnQTkfux+L/Rmy+cK5tlK8J9taLXm3/mJO/57tW+Cl
Ij3L+IAoRjfC3KO00s0/rLfb/l4EmMLCUDJlShrsqCrFfXQxKi9dWWvVZUzEsGqG E9WSBFb1Ik29FHbTuTbrcSaE6Dr5zGwZBmlkcb3rx+AdYM8PMAhDd+ESwYwyjWk4
lhkY58o+No6WN/0SsWTHNNXrg1RKql5PyaHfWtySsMZjUOCJrlQDMeKBSE7dpTjX A7zRNEA1pD4XZdiz0a/kULobW9W3OKaQdJANQG0CX23puEW+wk9hzuuWX+IXeLwh
wA5N/m9eBDASJyzlxdLOHGfJ1uWn/VR0Lm4xbscAdVJEm5gaH9o4QKf7jXAl7O9n 4R1kXSigeWxlu44jrBGOzkr/UjonxvpjBzyvlS6ltj0HekROzHy9tXEHyeP6BOzC
yuP+ZEhRpnjHfJ3XjFKuHiZ36Yon kWKI9KZRyeZenYIOJRgqicDLdDgrZN5AoQqE+rBlK5i82l0=
B.1.7. S/MIME signed-only multipart/signed over a complex message, No B.1.7. S/MIME signed-only multipart/signed over a complex message, No
Header Protection Header Protection
This is a signed-only S/MIME message via PKCS#7 detached signature This is a signed-only S/MIME message via PKCS#7 detached signature
(multipart/signed). The payload is a multipart/alternative message (multipart/signed). The payload is a multipart/alternative message
with an inline image/png attachment. It uses no header protection. with an inline image/png attachment. It uses no header protection.
It has the following structure: It has the following structure:
└┬╴multipart/signed 5185 bytes └┬╴multipart/signed 5199 bytes
├┬╴multipart/mixed 1330 bytes ├┬╴multipart/mixed 1344 bytes
│├┬╴multipart/alternative 924 bytes │├┬╴multipart/alternative 938 bytes
││├─╴text/plain 278 bytes ││├─╴text/plain 278 bytes
││└─╴text/html 362 bytes ││└─╴text/html 376 bytes
│└─╴image/png inline 232 bytes │└─╴image/png inline 232 bytes
└─╴application/pkcs7-signature [smime.p7s] 3429 bytes └─╴application/pkcs7-signature [smime.p7s] 3429 bytes
Its contents are: Its contents are:
MIME-Version: 1.0 MIME-Version: 1.0
Content-Type: multipart/signed; Content-Type: multipart/signed;
protocol="application/pkcs7-signature"; boundary="d66"; protocol="application/pkcs7-signature"; boundary="e18";
micalg="sha-256" micalg="sha-256"
Subject: smime-multipart-complex Subject: smime-multipart-complex
Message-ID: <smime-multipart-complex@lhp.example> Message-ID: <smime-multipart-complex@lhp.example>
From: Alice <alice@smime.example> From: Alice <alice@smime.example>
To: Bob <bob@smime.example> To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 12:02:02 -0500 Date: Sat, 20 Feb 2021 12:02:02 -0500
--d66 --e18
MIME-Version: 1.0 MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="7fe" Content-Type: multipart/mixed; boundary="831"
--7fe --831
MIME-Version: 1.0 MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="848" Content-Type: multipart/alternative; boundary="a1e"
--848 --a1e
Content-Type: text/plain; charset="us-ascii" Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0 MIME-Version: 1.0
Content-Transfer-Encoding: 7bit Content-Transfer-Encoding: 7bit
This is the smime-multipart-complex message. This is the smime-multipart-complex message.
This is a signed-only S/MIME message via PKCS#7 detached signature This is a signed-only S/MIME message via PKCS#7 detached signature
(multipart/signed). The payload is a multipart/alternative message (multipart/signed). The payload is a multipart/alternative message
with an inline image/png attachment. It uses no header protection. with an inline image/png attachment. It uses no header protection.
-- --
Alice Alice
alice@smime.example alice@smime.example
--848 --a1e
Content-Type: text/html; charset="us-ascii" Content-Type: text/html; charset="us-ascii"
MIME-Version: 1.0 MIME-Version: 1.0
Content-Transfer-Encoding: 7bit Content-Transfer-Encoding: 7bit
<html><head><title></title></head><body> <html><head><title></title></head><body>
<p>This is the <b>smime-multipart-complex</b> message.</p> <p>This is the <b>smime-multipart-complex</b> message.</p>
<p>This is a signed-only S/MIME message via PKCS#7 detached signature <p>This is a signed-only S/MIME message via PKCS#7 detached signature
(multipart/signed). The payload is a multipart/alternative message (multipart/signed). The payload is a multipart/alternative message
with an inline image/png attachment. It uses no header protection.</p> with an inline image/png attachment. It uses no header protection.</p>
<p><tt>-- <br/>Alice<br/>alice@smime.example</tt></p> <p><tt>-- <br/>Alice<br/>alice@smime.example</tt></p></body></html>
--848-- --a1e--
--7fe --831
Content-Type: image/png Content-Type: image/png
Content-Transfer-Encoding: base64 Content-Transfer-Encoding: base64
Content-Disposition: inline Content-Disposition: inline
iVBORw0KGgoAAAANSUhEUgAAABQAAAAUCAYAAACNiR0NAAAAcElEQVR42uVTOxbA iVBORw0KGgoAAAANSUhEUgAAABQAAAAUCAYAAACNiR0NAAAAcElEQVR42uVTOxbA
MAgS739nO3TpRw20dqpbfARQEjOywiwYnCtkDKnbcLk66sqlT+zt9cidkE+6KwkZ MAgS739nO3TpRw20dqpbfARQEjOywiwYnCtkDKnbcLk66sqlT+zt9cidkE+6KwkZ
sgrzfcqVMpL2jo0447gYDpeArk+OnJHkIhAfTPRicihAf5YJrw7vjv0ZWRWM/uli sgrzfcqVMpL2jo0447gYDpeArk+OnJHkIhAfTPRicihAf5YJrw7vjv0ZWRWM/uli
vdPf1QZ2kDD9xppd8wAAAABJRU5ErkJggg== vdPf1QZ2kDD9xppd8wAAAABJRU5ErkJggg==
--7fe-- --831--
--d66 --e18
Content-Transfer-Encoding: base64 Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-signature; name="smime.p7s" Content-Type: application/pkcs7-signature; name="smime.p7s"
MIIJ4AYJKoZIhvcNAQcCoIIJ0TCCCc0CAQExDTALBglghkgBZQMEAgEwCwYJKoZI MIIJ4AYJKoZIhvcNAQcCoIIJ0TCCCc0CAQExDTALBglghkgBZQMEAgEwCwYJKoZI
hvcNAQcBoIIHpjCCA88wggK3oAMCAQICEw8tJb0ROZdKzkJUh6HuPTQGirQwDQYJ hvcNAQcBoIIHpjCCA88wggK3oAMCAQICEw8tJb0ROZdKzkJUh6HuPTQGirQwDQYJ
KoZIhvcNAQENBQAwVTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cx KoZIhvcNAQENBQAwVTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cx
MTAvBgNVBAMTKFNhbXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3Jp MTAvBgNVBAMTKFNhbXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3Jp
dHkwIBcNMTkxMTIwMDY1NDE4WhgPMjA1MjA5MjcwNjU0MThaMDsxDTALBgNVBAoT dHkwIBcNMTkxMTIwMDY1NDE4WhgPMjA1MjA5MjcwNjU0MThaMDsxDTALBgNVBAoT
BElFVEYxETAPBgNVBAsTCExBTVBTIFdHMRcwFQYDVQQDEw5BbGljZSBMb3ZlbGFj BElFVEYxETAPBgNVBAsTCExBTVBTIFdHMRcwFQYDVQQDEw5BbGljZSBMb3ZlbGFj
ZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJqVKfqLwaLjj+gBUCfk ZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJqVKfqLwaLjj+gBUCfk
skipping to change at page 53, line 38 skipping to change at page 54, line 38
8QkoZTYaZxxodvRZMA0GCSqGSIb3DQEBDQUAA4IBAQBziaI2p86poGkjd/4KkkOH 8QkoZTYaZxxodvRZMA0GCSqGSIb3DQEBDQUAA4IBAQBziaI2p86poGkjd/4KkkOH
G25nY/0eNARD6/oF0/sYonX2doizcGMk53riugAocCn5zbzhW/JVdYn30UxfyrZl G25nY/0eNARD6/oF0/sYonX2doizcGMk53riugAocCn5zbzhW/JVdYn30UxfyrZl
RAzEf7GHqgB/NyjOad3pdpVYeDh4ciNKjbs+aEoTWgAkoqENt1sRxlcvb7HVX524 RAzEf7GHqgB/NyjOad3pdpVYeDh4ciNKjbs+aEoTWgAkoqENt1sRxlcvb7HVX524
bKZa1oPTUNlm6QpivtqDIdqGJdGf8L1zLfXBuo2zL3HR+M9CDr4Opq2JCkzP0Qhp bKZa1oPTUNlm6QpivtqDIdqGJdGf8L1zLfXBuo2zL3HR+M9CDr4Opq2JCkzP0Qhp
7poIccGE6I9Tsg+RrOA9iCQsPn1+Tg8YedjGzUWF07rNmT0TzPCVzUAuBlr+JJtz 7poIccGE6I9Tsg+RrOA9iCQsPn1+Tg8YedjGzUWF07rNmT0TzPCVzUAuBlr+JJtz
OKypyQ3eoZ6EPazXqMyHAVcsm0GI364IOA0b8PSrJNtjh+AqJ5QfH+0e7NSzNnEm OKypyQ3eoZ6EPazXqMyHAVcsm0GI364IOA0b8PSrJNtjh+AqJ5QfH+0e7NSzNnEm
MYICADCCAfwCAQEwbDBVMQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQLEwhMQU1QUyBX MYICADCCAfwCAQEwbDBVMQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQLEwhMQU1QUyBX
RzExMC8GA1UEAxMoU2FtcGxlIExBTVBTIFJTQSBDZXJ0aWZpY2F0aW9uIEF1dGhv RzExMC8GA1UEAxMoU2FtcGxlIExBTVBTIFJTQSBDZXJ0aWZpY2F0aW9uIEF1dGhv
cml0eQITN0EFee11f0Kpolw69Phqzpqp1zALBglghkgBZQMEAgGgaTAYBgkqhkiG cml0eQITN0EFee11f0Kpolw69Phqzpqp1zALBglghkgBZQMEAgGgaTAYBgkqhkiG
9w0BCQMxCwYJKoZIhvcNAQcBMBwGCSqGSIb3DQEJBTEPFw0yMTAyMjAxNzAyMDJa 9w0BCQMxCwYJKoZIhvcNAQcBMBwGCSqGSIb3DQEJBTEPFw0yMTAyMjAxNzAyMDJa
MC8GCSqGSIb3DQEJBDEiBCCpaVCRppoO9Sw65TWLCDTpvw7N8HHyZsFXr4qP43kV MC8GCSqGSIb3DQEJBDEiBCDXOvk8vYdge4ktwwFa4GFP+Zxia/eTOacb5ZgEXQA7
mjANBgkqhkiG9w0BAQEFAASCAQCW76eXVAXnm6vEII1CD4QNEh2kpQeBr4/NyspF WjANBgkqhkiG9w0BAQEFAASCAQAIBfufI8gxAWPFjnahNo6lRRGWj0U1S4GkRl6h
5VopKxNrBRfQs000ewQ0y2n07BUJtVyZrZOdrP5cG6K9KByxVGgpRY2Uyllz6hUA LCNh5x49ns9BM51cZp+s5KhQSxhFdmuru+wCwgRk7KjzckAnizh70/dEYJmsjSZl
K12zvtU3hU5oKTKVgNtDMh8qCMVqYdJzFSZ+exTGLIaN88bMNErzw9Id1F5TpJYF zmLEGmtQ+q9MoyydZD9s2l9891WDjsCFjVIIhRkLTI7Zeh6+wQQpGKDbv0MoYQ95
ISUP1mXY1+GpjuXo5WEM8c7cfFH2/uDw3PSFILmuXowedbBptFH7ccGhNg6huY2c a9HPz6DuuCjCTCv+rUEOAys4X+dQsgDx3hsSITVoKDR11kHVmZnjC4Byce6HY0Gn
AxIADVfW6YVG3SWVAaTHUM0QmvG9AyV4d0dce+p4aoZfhUfjAF6nWIRLcrfu18z5 cEg/VqBGK4R70/46XTk/EgLPsnSPLPfc8Pc1kw6yyF+QNyLV4tKvOKRvNJGf+Pjy
FBxL02+VfWaYOg0d3TgScxQgE2vjAgdz+TqDbQpPriQXf/h7 GvJIthBGOKFbOtWPpY+nFTMT+aNODuyAVQUmlbQIvz0/WXvU
--d66-- --e18--
B.1.8. S/MIME encrypted and signed over a complex message, No Header B.1.8. S/MIME encrypted and signed over a complex message, No Header
Protection Protection
This is a encrypted and signed S/MIME message using PKCS#7 This is a encrypted and signed S/MIME message using PKCS#7
envelopedData around signedData. The payload is a multipart/ envelopedData around signedData. The payload is a multipart/
alternative message with an inline image/png attachment. It uses no alternative message with an inline image/png attachment. It uses no
header protection. header protection.
It has the following structure: It has the following structure:
└─╴application/pkcs7-mime [smime.p7m] 8670 bytes └─╴application/pkcs7-mime [smime.p7m] 8690 bytes
↧ (decrypts to) ↧ (decrypts to)
└─╴application/pkcs7-mime [smime.p7m] 5408 bytes └─╴application/pkcs7-mime [smime.p7m] 5426 bytes
⇩ (unwraps to) ⇩ (unwraps to)
└┬╴multipart/mixed 1342 bytes └┬╴multipart/mixed 1356 bytes
├┬╴multipart/alternative 936 bytes ├┬╴multipart/alternative 950 bytes
│├─╴text/plain 293 bytes │├─╴text/plain 293 bytes
│└─╴text/html 374 bytes │└─╴text/html 388 bytes
└─╴image/png inline 236 bytes └─╴image/png inline 236 bytes
Its contents are: Its contents are:
Content-Transfer-Encoding: base64 Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-mime; name="smime.p7m"; Content-Type: application/pkcs7-mime; name="smime.p7m";
smime-type="enveloped-data" smime-type="enveloped-data"
Subject: smime-enc-signed-complex Subject: smime-enc-signed-complex
Message-ID: <smime-enc-signed-complex@lhp.example> Message-ID: <smime-enc-signed-complex@lhp.example>
From: Alice <alice@smime.example> From: Alice <alice@smime.example>
To: Bob <bob@smime.example> To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 12:03:02 -0500 Date: Sat, 20 Feb 2021 12:03:02 -0500
MIIY/AYJKoZIhvcNAQcDoIIY7TCCGOkCAQAxggMQMIIBhAIBADBsMFUxDTALBgNV MIIZDAYJKoZIhvcNAQcDoIIY/TCCGPkCAQAxggMQMIIBhAIBADBsMFUxDTALBgNV
BAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFN BAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFN
UFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhMPLSW9ETmXSs5CVIeh7j00 UFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhMPLSW9ETmXSs5CVIeh7j00
Boq0MA0GCSqGSIb3DQEBAQUABIIBABKoUk6G/5pRCkn0XsCial0oDti/uEUw6E3T Boq0MA0GCSqGSIb3DQEBAQUABIIBAJGYWhyOEdeaxA1hlsqTJL/nwL8aIuFtQBnq
PAqN2WP4KjYkf10gKJZNaJYEGhOmHfu1r53FsuW3jq2IS3A16AkpZHY7ROluKpAV 8aptWsaRxmbkwfd639Jspx9JZhc4gu50hiKu1HdJ2+IL7vvPRB49SfqiCst+ImD3
3qkTBDqBnsC16f3q5uQxCWZ3DOJDvf9X48iASbXArXOjGk14lgjW8GeC5stnK9s9 syFxHjbMJSpFDNNukyut/SYV+DAHbvgiGxB0vCT8iW+qbKgwvQYcm2Kcs0UYV7ek
4O5KpkCQges3lVWngSPYxGkDgyp1xjvftn7M/EnXAKf6F2ujLp7is9EgEjdK52zV NXA7wkNjIygcyRSbg7Xdhv9HcGGtIshTBvwS9DaYwmjo/8IlrXfeIusKU7dhZgMK
GE6Pqqeq8hy7Cyqlz5pWn76MTbgjg7OxXFzDCTePXiDPUCrOoCxwHpj6yo/bfbrE bVVbotXAylbEFH6vpDFWK5pc+DPgVPFe8iA8z02k8HdtXEM44g++0/chZAiqe8uw
HDq5rZXDY4ZWyHGpTQbVLA8zMMJqoVXiFz8NqNeDwY7ApaODpU4wggGEAgEAMGww UARmERg+5Y+2dROAVHRWFvloW6qWw71jBmtf55abK6jJFhSIzmowggGEAgEAMGww
VTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNh VTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNh
bXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkCEzB8R0APhiY6 bXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkCEzB8R0APhiY6
HGLS64MvlsDXhpQwDQYJKoZIhvcNAQEBBQAEggEAhI15RwR9LLMR9+cR4l8VmlBW HGLS64MvlsDXhpQwDQYJKoZIhvcNAQEBBQAEggEAB9sGmAYY1DHhoMQbd734joYE
PuYAz1vENb+Il48IFNmnN2xqAU7ATw+HvD2noH+6yqf9N0fXz9/ARD0GtsGrG+wS SjbvkHEPyOAlJI7FfGdAr4I+dmkYeBuvZVM1YWhtejpVAlurNbbLkOEj+yPhGbTG
s0gYC34/x1zwZ0DWIvrVq5yPsly4Qd5KkFEo8ACtFJFfInL3KaHg7SMHYObg6OcT nxBGt08KsSGKCM1blIY9MpkbsdUs0rSkPs33cYeRLJwGTzAsTSy0txkCETlKQBgK
izGKSOp6wBNnVlvknSoIGjdg7IMFO2dVeqUXCkpf7N944kqvfxJXKPcOgleAG0Qw 0JGNQHIu8gvPjyMrlRI5xHGVjvbdz0LiWeQPJmoqBFyO53sliYgWGiZmeqjVUSc9
n2v/gJtM0hsB6lQhh+vc5RUYIfmX4N5hNW7Polz3NnYrPPB0QFBGyAiCuFFEoWa/ LeQ1h0kHl+vF0QQxAqIl9+SpjRTlFe3MXdq3gmvwgkYPelF48YaBst45yyJh57+z
nj+DWJbH+cYYyWXBMVcqasx05FCNkuX+RcemRzDHyrMQEs1TFj7NxSYjvjCaXjCC Z3pAX7dJgjE75Msb1MKn7q/OSpF4Ux/yfwTVFxNJEGFGo46FOWkVb2lSBRhqxTCC
Fc4GCSqGSIb3DQEHATAdBglghkgBZQMEAQIEED8PrzsI9SpFxgbjoB0E0g2AghWg Fd4GCSqGSIb3DQEHATAdBglghkgBZQMEAQIEEN/jbIuyBiQPvx9QS9tgtISAghWw
gsBBxGC3GwCWWfnJH4kpa67Ta1NLifl03nBkTKakYEGsNRk6BvffDHiQzB1dJg25 /W8bWpUqIZAatmwlv5kmA9az3Z9YUJnqm2X8mh1MO+UrRCcq/uk04cXYQaF0iqS+
NKp4YLNTAWPLW2OP77KAvc2NQooQgP2bSaaNSuEf7OPnfhb/p2rLvLeMD5o6aSbp M6torBqIrSRUMFkcC7k9TEaDFIuUYpRfp00AFGT/+imSNuouqRb69TcXkAHqfU7S
WGFcMaIhjqmNAtp1BPBANEyDgiTdIFP8mMDklvqRIFh2lJNRN3bCQqfYxH9dCfaP p9atNXNLr7tSxVec1j/uuW8cwTToPi7U/kHFCdGQt+YwMoUhD4gVp6lxWtgeNUE+
RLAmqGnkaG4i4BROgn+kHCprDoHvlWy+4l/iIi8DIaKSwDIvsbtk5yVhUNpbfxZE RNr/vN/hPSwXyWR/WCk4Vlc9AjGlwds4m4R9MzGHaaFWjOSGbkhm8dN/e0s409ze
wuKvVdMDRMf9BPMY9QgoK0BfpmovhMuqDClzn9503Rdv/Um1NErlPj9fNgtEZg17 8YzvbRc3GKz669zduW9lLGzjbaGGd+X3Oug9zf6JPkdwvQAv6rPfQK6zbOBtNs7Q
bxKvsBRAX6k2J6r5chEjdiMsoCB+niFL8pOIH5sj0G556MnPWFfNi4bRehRzq5+o KYm2APsaHFjItbN6/pM1E5ypYb+q+W+jQQqrbZOFziwlxFWWU0vUe0GwADCjEkKN
91iYlHfNEHTQDNjPSc8zWfH/KqcfymxoRY1cUdXyuE0N4E1FSdlS2kqLkJYXcIvJ 68ImJdvWjB1FvdFrGQLFRogHBwcyxCttF9ZJcG88ldMGOt5S7vKfSWY8l5ZEOtr0
9ReXT7eyUUrV8YGgsFxAXmjQ0Ky48+TCohDsf2BzgMaKULGjiHwNQPrd5ojhWZiR ZqgmIA5tiajWyasZPpqgz4Cz0pP6NJpeuTlpHrDKH/YjMvtdzzpnaBvFPMQJGu7Z
RzVbN+I7AVeu6pDbs35pEyIypgGXTMlNPLzKuHcF+XVuQ8bDJzOTCoEaYTc6sXwA 2gG5BX36PMHNFWDUi+L9fUnXl2pjuWqYPOS4WatITNaRP6NIyR3qsbSNZ0uqS7Ry
c5LxLa3N+p2q5J3PO9hNWY6kt7inpommoAr4X9JmUvCk5Z7rQWf2WWkwkA6GGt5/ bZs9xvpYBsFIupxr6b3a2o1aSx4I0rjLijDjYDesIjV2b+eis/vMi5HKbY2feFch
Wtpkne+vk5L2fFKK+DfBNv3f/fjhp6SIgkShF1h69iNzgN+SA/SMQ7c6eXB9WMZv tTPdcv2KxP1yxflB5xF/jVxaFXlsRr7ZW3tPrWuR/oGhSn5DM6Ruqg0zN7RoMAuu
dSLKt6dWztY2Xd4DvjiTaQAT6mK2MjpvCxoBbEphmYqtfBVibLBzxVr/v/rBI5j7 9QxQRWS8eyw5VFxThQ/5pWVos2xwF3WtKVfuOXbhhKlWwwcZpiW32UvwnLG6QdLp
sR4dVHyN0/TMCktR7qZfMdfpDyY5d9uabxzUI0sGKJOxB+fQ7iTnPCpQBGPZCUeJ 2FdmgD/MJMkGHOrB2LyUx6fABSOrOBz7iEe2uwPDTKIyLNj8uH4P9+O9IaYnNHbT
41CiiNif5ybqgjhzl16Pv4UXQfdwBnR0qf8r4z1rMjXO33LM8Vo4H3I3YwFlFiUV mOjGGF4eTRVwRe8QTj8aQA+ObyxriGHEDNIXTF+QFES9+roo2zWbbOF2PT+C/LIA
FwFiDFXccPW7zQnUwcRA8cFkb0xI9oLFyWQ4M1+yhJ2j+x/cLesukAWJ3lDSX9nd Rmhtc0gFnpcCQ0iZNNssJDBlZhu1iEGq5Vbm/UXqS11b/vWtBmqrwUoBsrgXvkvx
obBObwCRjPNgYwhbG0DnSK0dSU8oAm2FA65T4y+rkwaT2NnsFJsyISHHZG7LHlPU HevFH4VrRQE8aIDCKMFDTme6Ti9zZyJh7sviuBQETt0rIQ4Hd8tVPR4B9VSIKbER
lFwRQ+FND1LO8XUs+ZYj17XndZ5tndZx3wQwHmoweejvJZdgx+ThS2I47YBw/5kx mgOsxcNkGEDPipr8Z+hioTO7g1++ZhUbPQSY6biWrQmRemE4nIXisAEXfX5oPtrN
Zd+mJQ0E0Uc4FWhtGqSw0l95727xWbF84HEYnC066DaGFGFXsF4bF2+ocq57kKWa X9y92vgfUEF9q8c6uiVlh7MMt/U8WyjuoM/pEQRd24sA1n+Hxytq99aStV0DQqg8
GSFFm+San0QoMWj7brKmfRccX+MDhOHFfFvVsJ4i4VbVvSNTnazKZLndeZcUwMAk eC7RmmtjGToJkdeOPPJwZEn2QVloYuJs4jD4Aqrt+KlaooFh59tAacHt3KL7LO/c
TWcVLXwEnPdQpQCwHmfxbuYj7WlmhS3YfISS8Yu915+/U1zPlska+jGJi4W3YN69 U/sUfENJ9ouHlfmJd84xc5w0D4g0lB53Ly6YRjLlzlrd1fhkU2OJiG9s7Ki6yC/a
FjGjcoRMn3fyGgvwaITiPcSF/r7QATQOfOiI3vy6KZTHBU5VNXuKYV5yeC2Mf0SW 4B7rA5cULoxyKiSIlQTDbTqo7CO0dA0RPkKP7ZQWMTrRhjeF4qfNJNKwkTu1kXJt
pgwH2vaSlBBgBQDnG44BL6JDRXIC/0JfOaS7ouutPWRWn6i5z/d1NA89f2g1HUbh rIlw6XRj3xix+kYBrDHkzZI8Jp27Z4lbkpcXu9U3iOHP+HPD8T8HepC2n63eQop2
gFBJhM6ayBU6nAAiYDLcN1yGpPykDTCF3QgJsw7hqcdZuA48maulywP4CR43XiS4 +EJ2A06pintq029gtfssP7Tl4kybuimSgyaVLEIwcwzdI44fYg/Oiiezr66DSi/F
ouRui/DpJk1TdwI2oBY52y0dNb2RI30bYJHCmbxpTJ8yVjdQjjldSGTBs+7ScV/m QggHZW3pgIdudD/CS4Uf7MdZid3S19NSBh3iAdiajotqXz7SEMCCt3YfdrIDFX7b
axNqcLxf4ciE5BGr7TVMCCEl/s6yFbL4BrEZKgpaf28LiOQdc/3sWA9jpQCSR10o XQxhbVD/26zPKilLSYbAs634xeU91PUEdFvYdeA6uMSGo5Fn+0D2ldT8vZiE5H2T
xlVurEK7fTNQhMCTwd0wxqrOZhPm0HL2GcKyIGpAJh6UkkvOAp5V8pDJyzMxmKpH ud0buFrNqN8mnvAo6PxIDHqobXkTjcbdFDnPm43xGfvNPO8WUvGOHwSEhlzz+pvh
K20PQqWU5xVeMFF1Aa6HUOuFYCMb0fKRaWBo65KsEepQCNHcQszQT6PywIFt20Ny BeQ7XxOo/U0aNSXdT88TZ9v9z4VYCLaW2ko+WAd9PrmKLkcdqxmt0WT7z1ii2RG7
y5jbiKzcXZ3xpJgGRWeCHrM+w8/bkA+yrzAQaFXM9OVxg9pU7ov4YTxn+DbzA+I9 hLOpjKI4FHWFGwtXcx8YnXr4FDr6m87DhiYURQbLSV4iUfBgECFFhVuz4quYIyZn
bu4ob7lehti/z0AfmowF1db8B9ccBq2KJPoL/r6iAunDoppE8p8P0n+KKX7Ns59f yDrMlVJJ15vmZmwOlJKfSjMKyUZTJRPZaqRqjEu1hmLfuTKygTpFHw0Rx8HTkiDE
MA9cA0ujcnWX2rptYxrJXub8gqIfiPo/6HUCG+Y63iy+MsFXJ6n4KdPbcBQXgsZU wWG4c3Jyh5AMSjYmTNnVgr/fqH1N56k9LD9ydWquMKe0HW3X2bhMQ6M+x03l1b/k
XsOkuIYpdjAZMsy0trlgftS71fwY+6z3Pirfzq8I7SsKO7IBOqbuOGRxw2o6En14 XUbF7lD2W+u2BJMGDnhvU2alL42QPQebGjrsb/Dmoq9BtJr1ldrB224aCbaYCSkN
i4huYm7fizX5oWIqQb3+nZpgX/mnxyPDSrrblgsCl9IW2NYbIh6FibjG9gOXzSFk dsQCCSPLCB/TXJAGoDSznw5f0OdG/gsafEOq2SvCrnACoQwkpz8HHYezx1QnV4Bn
AvVjY5oPYct2eorxyKdYl8pZq0/mSQfbHSVp5iCOxRJr7F1l364F+KsunF4Qg6Qg kv7Cq70vb3wndsctTZrdR39fpB/rWILMer7kfsClrto7WK3p2QRgEAgDya82SWtJ
4qye+wSXYiBDnOIzWRGNR9BPbvwHWv5p0mv0eDObVm8n6kDvdLa7IJnVN7VJkjGr FJpOzO/6hW3EcIvq7TZHElWCvf/5gG6YsaDi36dBGfwUMI+NkAVOCCcKCLmro6ET
8+RB/uWTX33h3N52sRbEs51sstdXkg/4H4PwtxiIRviWWM8bDcXmMjclwot3xvej Rw0Yb3sawxuBrS5hOG4jCXcuN3lEC8AVVARho17xHU5nt+pfFTV4jt/uJh6iWxx8
xgJ7iHbgLsLYc4GshIk/lxxaUbZdRJWKqrVRJtUP50AKALjldfUGuKh++Z2SWSI2 zmwiPKO3tCaNAWsVHy3UHNG9D8kz+ygMqMSQLFtzMnW8cty2Xf9YF5SiBefQflgM
knZOJRjvaWECd0soQMOvwP6oCq5xgKtovIr6JPNe48t4DAAlIb+vvbzHPBVAm1eQ HbI0dvzXxGStYSOjrQehUVLaW6gLnPuyssSDISubCQuf89AILtRpH+rETIq8Ai6L
gqaZ+DzpYiPR/+A9j9u7q4CtNAXbIep6MbV36W51oix0W4La8aINl4uXxvM/ahHt t1v1dsbI2ikHBvWe0z9f+EsXks1E2hO7GyPiK3TgwzVeT+t3z5wA0/39l7qigGZ/
nVvKHs4MQfUwT6CoriHcyPGr4n6DudlLzlKHt2pvotyR8LFUSdfrWaXoZK7gHn6t R6v3e2RhaBu6DSBhUX97hvJgn0rIjdkNv2A380mrW9Xz2ZXJhYkj5Isp5cH5wy8p
IoKAfNwE7Kqse/JLcVDBkdQhodLwyLWnVWCmabwjUtBr6zMApjpLJGsB27DV7IOn rW11eL6trfkuqozm174uYA44/DRqnEqqU6QhIeIJEAUeXilsfBittZ24twIulKx7
VqaBMqMOmurYA2/+zgznnxQeK/rFutc7hckG6I+MO7T47JRgmWECNYp8zbBVsEkL 8S6g2BjuoBvv6RiwNw1gUtch45H844gqTrwjAr4j+CarCc8mYmI1LjaM9uVUOgtl
A4TDTarRoLLz2z4GaLmFKG1YPR/70urvWINp1YbyhCwZm+WvroLRmF5dYpiVdbXj 4q5+2m2f294KOKgiY45Q7Hit+TwqO+inWlskDqZAb04zn0/aZbdrqomWh+f7Nufd
9DUzI1ucxoGKEAWXTxXq9RUmHwNuDN6SvILzaSvFzUigygZgMjCM8CvRK3Nf/rAF KvlFWAoljZg+ekAFFytBreBJsw+zah4yAz4W28gldy1w44f68xNzCRg4SpoEm8Rp
sHp80koNZ3cfK8Z+LPMHDEdMXuep0ahEhOTBlpVbeq/Idq6rpOkjXpvcowlyj1Jm gbQXVKzi7mFcfYn0R1GgFFldLDLLV9FOb4hXYAgY3KV0qu6hfyrq6zAw8CRAPYkP
L8ADlcyStEdVViv4/VLyzDSeDLOIqBz9RTBLfXb4Ek2h2nFJ7MpH/BJZi253VYxB 3rhV082VlFOaxIUiA/U06vuXOWFzkMKciH8XEDvdPZycExa5HTzr9D7Je89csh5Z
xXc9NuJ9M1odj9uJJNS3n8U4gLHFm1fjGvGAOExd5M5qmN8b/ASoeA6oHaSg39Ur AuQFRoHOshr3cDpiq+MLO1HpL+b0Ol+tCkWlJSBE0y3JV4udFnWmESoqU4WAGKhP
27N4/a2HpnRWck9H6aAOB7PQyh3L497/sWs3yoFa93Mlwe7vO4uYbW8X34ewXTNs +AWSZdwjySJEZnZtRgovk+fquvxnL6FjPJL/ohdEAQPeXfvbvgxQoeeiDFCcst9q
oX7gH4lRuj+XbbVM6DCH6KzNOkWyazhCNMGBTeO+txUZgoZD01OgAQQE2JPF2f7B O5G1Ekiq3VH4NDCgARDCeGFag4oJU6Naw0rKAW3dzZQjZxU0c8a+CdVLV+ZaXYUC
OT1ZeYkxSDLJH3nkGzfzvhvJ1b8eRUT1f9JrDdm+qd1/fGt+uyTIMp7GqovjiPJL rbopg4GKcAnCo2RP3tIXNvgHvnHWhWhtiys7hzVNPtO6jXk0d7qIF7hClxq5aShe
q/NbbXq5CrtUZf2rBq6pK2NM5l2l/43h37gH/xMJH76u/VdAbcXRkq5HnfEuG77q kweXjMHYZJLjB/NT4JZoIgeyQKJAZkSSqbqBgbK3Mtuw5aZQaChuMr0MYyXbZ5Yv
VXKeoZDsXgwdhQRP3VGVKjCvqLpHs/rXco8v2xGDvqAnOT19mXxFh1jFl82KFbQq 4EABKcGUj1nIcsx4goKlsCnNVUIakz4oHCaxdKfGA/SyKbs8cgS+zusjpD9ankYh
XDQCJnyMsG4Jvc6Zv1mFyFba5GaMwxWq61thCVEqWA5AwnMsSnTnsyG+CpBctyWZ tH8VGAO6s0td3CvDhHVoX8S5kyUO1LkyNhkXDCe5TnTEKRF4b7vLpNj71FzLYPC7
dAOkrjb5/NAgSAsta6S51Nk/7oo+CyEt/yOs+A19kPFdtBjtEot8r2YXCLg9gqbh vc1FHNSFhyPjD+MGQsqohf1HozSJUMlt/Au72XxP8LXQgqJiRP0UkZ39IjRMt4BK
exX1kgYR13wh5x4LpVY5cfMeLkjKWmvUfTPSmVLdjBYuG21F+Sp6T3Z2znQqqYEF +rXt6baHjmcQfowjAhIPsqDNGLgFRGGK4FSJ1hRb11kOFz4VHJ8604AkmS2Mk5fF
7qXMocZHhLSLWQOj0bk0DVL9AF+hIvuAlB/urwWuIBKdQyf1tjsS61u7VNQOLqqm kTXLOkxOEqvb+JBVd4J/NmW6wvlEZ7iHw+3nRS7E6o1+wefl5b/axmVeJgU/h6KP
HB7vNkzdkihIyNU7f56a8D8k75GLF6q9cvZHfTmNWYDOxsU9Po0CbX8OtffpxmAQ OfJZ8vDjzNtrkHFTbix4Vj7bzQFLLfiGl7bP++hN+8ioJDsxob0/DijdcTvdJnzR
ikAi+40f0elM5AMV1Au11tYuA6ckSvT/PqHZPsU4bFk365LIZRm/wQ+Lffi8CZOw XJRgBH4iEEJrOcleQ5HIq2kLmUoYz+U4YpBVFbOKUyQfheYl689HphhUg2NEs9w/
S0L52RfwSKIP4kjjwYHE03XoNXVM3iDgBesI1HMVJQYeP+kLUPrzAtwxtQ7Lccv3 6am0jNfHpdUrRuBCHtBLIJySdyexq9Gzy/M5/+j51v29YXCLZo/lu6JpPXv21wGy
oLVtVDK0a2VR5DqW6oluyNPddsa/RV4Ld+8GVZVLA+iuSziaW+bmD23OtLw0ycEn uG/+T5wFKVlcIBVfwgYJJM4Whht7I9S6IAqp35b0hLNtYoyGAqttOSEENpM5wJKw
4pB5heZNxVSvQ5NzE6mY6AYLolSN+trTT9hihc+Z10hN+S2z06w2M4zKYVCd0Qzo DGLeB4vye2vyiK67ZACxcnqUrDePFYRFKUMSj+U/zeB62y/DVmZBkr7XAXiGBKbp
UnMbJNHbPgaGRDSaLl/dBmezCL0NuHFUklZUCCKD5ut5fTFCY/zEpe7Xky/2WFS+ M5YMTuLmsz6uB2S9Pp1fuiwO3qV4myPHlNQMtHZVnn/Fcgo+3rpW1zx3JSX+aMdT
Tk+9f9A6Eha5zVx59yTwriWgiBhyu5zOq6vJoeiYoKluDkganEVKyco7Cy1ejEU6 eEran9uQRAyfMHOd6k1tghZwvvZwGaU+9Oi7hyL2o4nJY1G/cqWvSK1E48u8aftK
C8Z/FzC2iuoXf0hH7/D+jSmMhKkCu3bFz4sR4A4+ItamCFgA1DoeljCMrZwLwZBz oPv6RmpJDvJbh/uriqGZKNIf27t5O/IGBBcwRGeMBgqYYkmG4ss6cvbIcBcnyP/D
fEwajERkr1tVW0YvyzBB8Qff48MpjCmrGcpi9WRRob9tXzf7DtIURwgXUDAEtL4X w4EoGDTLL+YU3vOZKUp5l8TEHYvtDGuBf1nMt0uTT1Zk6savmLVEHOYObjpHGAVO
ApSmswV9ZG0UrSytwzGfFz2v/SIXIcZCcgWzGx1QhpnjyS9Sz6AFz3Ba/SvcUk6Q Mn5PvfV2L+QYi2mpCxAmArscHVJSysWXJ66Lzps4J0hI2mfxalyK/N+qW8dNrvkJ
r+Hx6HWqdN4MEVeUnhFwCK7XwzNEA110g4twEYO+M38F2LDXzvPAQkmKkQ2BwItc tyokrjjfnO3FVyD4j2Ph962pMLP9m0FsNBVaO2ntBYojDYYd5MqXNcUMVkvaxORk
3wpK9Cl3d0Td+TS+bxdKV89YoQNIWw37/Bzg2uSerSsEmrmo+ZGcrcZtGlZX5TQK UTuUsCwU7CwIkTDpHtDt+9u8Ljl39jkejwEAovh70EVDkGaclDCi0PVs/jq9ferb
OHgkPM/CUztbjKFcv1mCBF5DH4sXYVNP4G/OticVMLiL9QBIeXAZcjdb0CuSkt/8 V1T9QGbP8U2wp6pwVsJAdo4nuH+sn7HUsDxGP0/Zwz65dhSyd7eHLNSfEdxBMFSq
gZyhCDNzVN5me/fhtN+tuTjTETaQFcF7ErTOEHokvns//NdpSFgrUvFe5jhc+nMZ GyQ/RG03Rxq+sgtAKLjaBlS4Ra7xNLAKdxO0dlyciNXPFHubDDhaib7BQE3qG7WY
VryVxxW/iDk76C+H1HxF8LWAlXeeVi0PPfeYX+TwWvaKPX2wBv5qOy4KlX/NvJGL 9JYC9NeBS6qtfn5PBS9xaf5xtHLbIBegz0NRmct2KkamMIQsAJYRvcJ98mMXrFwO
XyrDB8NJe/csuU21wsKs+k4qlsoDIz7U8lU8JiZ2oxwYFkffqUJBlncHnjX7jN95 qpqtQ0KHePJk7CLjUB8oQooWUuD7LGpmeSCnjTUSXqqJiW40ZWX0IWJYGkCEOLuZ
bBKMolpwSd2Rvnin/X2L97QceFPoMYxWA2YWbVHyfXRdQoNpFHGvDWREBqZGl2K7 KrCIkTYimOq6fQBfbe6aAzrF1Wpdk7/7GXhiJf/agQnRkvrCP3xAeYNDBxDMnWmD
UTqWptWWsOQD7MGC5bmGDFj4sq0/D4F1HoAwHDjZ/t/BSYXv8JsahPT1L6ymNJ2J EKeY12hNSGbEx/GEvM3c0odMtd6HMko8X1G9OXevZWd10CiEFkqeL6faFO0v+rZc
QpYkqkUTFoAcPGGdRY7V3LDFnprFHQf329krDizoHx8zXkSWX1RPW/SB8jcxkbKT gHF18L09KUOIxIjyPis3lKTrFLBqJnfzyHDeIiIlCCfqAgW/2ng3EK5sDs4fnvYN
5nN06+GIJI+CmO+YJbT1OQ8a5bLDAE8rrS5K6d8LAS2b1zX1tnYSqFWIyb84iEG5 DmNJIE0oDiDodIQrznGwn5Qsj2sG/aUgp8cNNdsLWn7diGmSrdJFZWji9/rluO60
sy6NM1VU14rWIzEVnr0iJmAn3PLDGxVtVKJMlzp5m4EZBESadPFUwdLKvQXQUFeK 1nwrMHbPBzEpEufZjGs8TbN5Ww2CUfuSFBkB+dn7dkoORVppiakqygh/OzSiNYp1
bmUo1BAcLxaemP0S8LJ7AS7mfQSHTRQGI1UCAU0LTuEQg75kQtEPdic71NjorMEZ KCNU7RkGV45I+hadL7RU811L5F4Qimo7WQXW6F8fFEakURm4PU2cREpR86dhe/Xt
a3oBk72PFLq0AMF3KZOSih8PQisdlUJckiUqlppbgoxTJBbHWd7Cb5GykRb1Sy3X XNp6pvLjvgZb9G2CgtgDMgsZqSRlDa71B6ktIvg1js0blZ4Tcn4APcdi5F2Tm6Uj
hLCfuvxZ4ima8SCulHGfDF4StdJMdpqtfdn0ttKbcRkMsIVHrNhwwdIwLKR+JXUW h7V01OozajrZ4VGJVYI6DsBRPfa5DY+l4f/ITDyONn9VBmnOlIQhwC1G4l1csAnW
UotEh3clhvEkuMvzBtkJLG2eEbmCQ7tSOkZB6+fqCJ8rwjFYrlLxzsrJZMmN6+Wk L4T0bi2glMl3BdafBAR0H7RePm08oohRiV9gB3lm9OXy7t9tyMdmfJSKExALnc5/
uIFRnM5GAwdr/y3cNcUA0lHliXhYjZ+aux5QqM3hnqiXwRyjtdBqjZIAZdfphdYf aE+7QfadJ1uaKI8MvFbfkWKB6x5KD+XHjNQ0NHOewM3aloJUp2Ok6CiNp9yekVAb
6kIuJIsmfvT2vV8IWKzoWeNswd+n+u6qqVWGSvIG2u1+F1WhKS+35kVcppVawtA0 w8cIhvODtQysXPMj/q+wnuieOzkYHt9I2TA+wc4Bq+p6ZFGbIZUBzmb21h8SRqUw
BG4wMhkqEBJg0CIL3RE3AMEMvswp6i6xwuk+hIOlfk2hhenTed8T2Y8vnAZiTxk6 HXC6D2VSMCBFjIVpePbYB8TbgEkY60obahPfkiq4BN1SnJc9rGK3ueMOcXLwyp8j
rmArxR9BCXWBi10JryL4Yr9eHc6e/eOhhxk+QrKC2nJs+QTcArXdLJvbsYXdVNuM 5enxquno55PmmeSvyU9VS5vwcUiLoEggLfmc3l0/XVlVpyFUsl1y1KjhBh0YfSDf
Cf8xLegWrkMRsK/FbarFPHzESH2Chy7Q1DbY5ICyfluSvFFlFh91FGycMRGgd3rr R0wTA3fMRH8v9UVQlVcoNBS+FzXPk8wRm4Nbx0zQ/d6BqDeL25dvQw8qy0+CIntR
ITLV57i2OS9blJVGZNoF3bmRjejxCCHgl5A+Qz5Jxszsi6HIEeg07IrhE/CCtike cMWV+BG5PIFFmL4N9fqw1iHyK6ccIhp9KpUuVrpTTmmE2DuuJJiO00lZU52DzaTg
BfqlJvR3rm8XSZYX6Neo0aqbXOFAMp9YrevJrZ1hIPT5BfBvElbyaJYGX/jWeqx9 GvRuEjZz/TryEYploSpya4iaNzqnaaWd/g4STf5EXzH192QBf7WJoct/EaioK+8T
7nJ2Mh5MxNTnzz//xTdqCrU9gCk5bBe2ZvDwnZ7nCwXRbcNd97+x30EAdHirss/5 hIpyR5qXBX0RK/+TlIT2+oOPFdEXXOI5II+0YTdYa+y1uV9qKnN3apBXS+7GLodr
kZyJwrWwuDGUFVinUYf1i1Wo2a2dEHlfYymNr8Uwe31wRMJKqqy0bUhB/Rez2I2t fjOABQTpXkglp6d7CTJU5gJlR+xQjkOKMvuQJn1WzeN3pkEFKaC/9SwoL/olvs5+
7U05g0svEnAz/SPbgGk1TUvqcxMqC2GmpPq6Tfk27sDfUCqYKgrDfE44Q9IszBpR uCpE5QWUXNuCPyd9us8/mNsXse69SNK/oF5/Zqn8NawfmQVMo8JaPWpWarqJXdoY
fAdMTIQLtUWmLCq7ZM2yFkl2mx+ymmEaqKA+3SzC2A32nZ4IKqebD3vIYA6c8aFn 2Mt/UhmLgfrZ6QidZEQi6OPcLgNbbYY35VHGgYsHj8c07GYTo3p59lKC6xEotY92
V8OHuub1VAvFsGjviVitZmXL9wTvTLCFzYlRoZJWqmgH+oZZJ36o1tYaEobaTvCU 9MyKOgM8fw3dfAbBPXA4TqyUm6kD1J2Fy1sMMkyfR5WnQDsR+/Vxq5k5bTlJ1ZRF
MfpKuuqQO1ifjFtdnO5wJtd4Usw9OngspR3V2EoTiUC4+oGJYQ1ux8ACWjNJ9vEB 8FZHeWv5AItHWP8KknJv9yHpygUWgj1PtFTPI9JfC4OI4kTybfGkS67iIB72oojf
pH7DBVIIGyiAXSuqL+W77PRi2I6xnhA5eWR+jUXRnr0v4DGjdsQ8LWeyS1APmCHh dLLyzdJ/WMy9HSlT6EncV0clQTVlsCpxvNMn7Wxt4BkYd0v8eLPm7d7saiwl38D5
Wbf5p/Z6k3mcMF+vJz3DkWq5BI/horJK0/lLGGgi2j4klnus2H52OOh+f+4Vn7Ky TtHy3EgkOABsPPUoihuls1gJKoRq7hWT3CYf5UBCsa3Ocd7Qo2yKJNgDrRosp45j
vYby8jm5Oo6RXgAgc/rFoUinUo3//syk/+xExYZYt37hL6PlewkeG8vhXoFvuJAJ X6u//xxA/LDXgrq+th28PN7i+E9ZkWHt16wdUbtFQBEOmpm5ZB3hq88mDk15v9vb
gi0d7rnqWYuse+UrzUrbp5z/UpJQp/PyY6rdDlScWQp3WJYSNgEe62EmnMShGf+q OnQnwGf6h3UWx/AzmPuRPu2C/7mEtB7/tUj9nqwCgjXIJ8oYhv2uD6IjoAZgRbwm
TboTsuXy8MfKltJsV9ybuJGZdtA6yIrlKwj8YYfbPX2neXmZrdnDMGkOSfdGi3lU T7KoMb9T780h/0LealOBpZ2a9LZgNAIcDWWhb8fGcS537GIzIS6eZG31J2Pdb+ip
/yXCBPWOnMCR+MVWVXUpf3wfXlHO4nZfNtyVb/v7e4lRCylyayXo7g2rkmR+LrH3 isCzrnRZmWJqR9MPhUq0lhTLEuxd0RnuqQE+VnYydNvDu0p3L5nfINK9vtGWybkc
dEnczDF/LZLbDnkizNpzlgLU5BAlk9rDW6uwyMywrLIYlttVnRrHwjAol6US+mjF XRFbJS23dc0vS6ug29jGzLzjODz/S6TTvo0qgl2heFVFdYzD/z1pw2dPQAlk+RhO
sZib126lo8EIeHyccGZIqfyTHld03m32IzMnDnl6dVeX5TAuBmDuNGbXHP4h2OSG dAG0tDQCIyVr719e64j4ZbFjMNfE7QA+YJfMaQ1HlXEGQvF9oLA34dN9hiNAh2Ls
m6tUHSFI9fMxO2pBT1Tts1kjYBU+jMenqI8GxpP6DD/Y8PUbxBNoPoP8aVR3rkBk 9ehAOIo7gs192SDDOwDHSmJJr27A/BdGGc4vC+t8Bc7hjFza2ixJ9VkIh1pa8ZU9
GONb4ksn6zWoRxT4XyaPvmImvFX5nkHHnvkThvL0DaWcwuIOrjtqOJwmPBTOywjA aNnNbLcnfb5l8/7DXgSpiVFncgsLaCZ3iORFxE/IsNX9+R0An0+y+r2mpdtDWg1w
KYPPCK7qVCwVAssJxx7adE1W+F15UoTyyyjpe6pVtgO90lGRcprYQnBasw03kATd 69g+EMg4dJw8u7pTTW4J47TCAECjF3WVybl8YpvVmgVsrTIL/jDlNWq66JtH2yC7
k8GFN7Ej37OiXIvrmsJ1toHzlhungW5uYedaTMBNmw8iU63r36sMhj46i9nML2jP Kcc7IF1neMYTpW033hDTKDcY271nz/BhdumwynboWzKTjyNuim6e/OdCKOJHT8YJ
mUjfxMeMvQGMIMmjDBN0j10+5tANXtQY8CdC3pSJLe0lmIIHMB7gTlf4QuyU2LP9 8icUmzbOi8iYjAwhSqu6t8OZBYIT7oItqzfkQMKKLWwuguJsRa3P6OY9Gg7FUZno
5NRz07fwamd09k3N3dIeAB0I+YJyeElO69772qnqpiGnx10uq5lnhEyvtJCyH1tS PXjOCpNyGzY0hg5VVk6FV+thB11MYmlnG16D50UbrH4tgnzkUwpUCMrXLdWr7dfp
vWUvX0tyAFfuIBkdyCKMFP6zhHVxZCCa+r3W/qrfON6GH/tJ3aLdilvjwC2zQy29 l9u77ICFSiWnIUTtah+s9TUULnBAL1TWyEN6dcqdtT2+HYzDN+FT9+HJsUabDIVP
iuNYYJoyAS3PCjC7CL41U0kAOBNJPka6Vqn6PwxpnxGaZZyFCSU2fpAvNyT2auOh 9421qkTt5VlCWImXEPdeq4PqfE7LWtEA666xhpgzdnmmE35QHI/por/HS47TlxTV
CmLz/P0tNE7z7l1JXqao62CoPa1dOQJ27NbEjsoR3GobhcGQQkYb3Zsss/y1QZaa 38m+Laew31eEWGaiORbPI8XlNZqlfwjv39bpJH9nqMdaeY/kbgFCAsJyuW1nfJ4W
9lkTdk02ZDXfPPyaIUY46+VA3VcHlmWxChZiiFpqOdV21aAt+f4PJLtspE2/OTEG uiTUYsk0Cs9u70BdYYfo0+zdUgem+XM0epL9zH9gsKiJ4gfdbv8x0rmcXhIhaA/V
GqHngtafmMV75z+MO8ExXvy5YrI5N+S2eArIteQxBjNs5DjXnsPjE3CGwb7GPx8T bRGj9MYxyBbCORCNCMt1OeX/GndLxj9azdHKugZdLzGTA0Dx84xRd9rDWOSxGv1/
XMsEmWDQ7TDtqFSUzHAIb8EieTziP0LL2LOd9dpE8xDH1X0gDC82whSxUrZOa15Z bNVXqDqCaW7BcSiO8pAnWlvwQ+m/p2Wxkzi71uxJhhHX7M8/k6mdJmmrB6SRf6S2
iJ1sZkS1VRI/iq9/5zc8BX+218FfdN+rbHWZZAM02ge1IMyOsLF9qaaiR1K9ZQPJ 4oc7ojwI6vXTexWry421uQcrQTOMIFutqna5NYRylICuC0vm3WdNuRLfN7Lkpafq
lYDLcCmnS6Q1oKA2JvDOiB8sbrpKLsLk31lcqCrVJ9eOIqnA4yAijsCNiUjI1DSC evbT4zaksQOuDFoXIGIQ8kJ6HTEOA+v33uV7BZfqlo1yIetX1JnToGheZBMc3skU
TefQo1PVS8qAGhfkcA/4nw== pCQjWDeZA6u42Nz+ewytKgYRwr2trDE0bX3xMfH0+/o=
B.2. Signed-only Messages B.2. Signed-only Messages
These messages are signed-only, using different schemes of header These messages are signed-only, using different schemes of header
protection and different S/MIME structure. The use no Header protection and different S/MIME structure. The use no Header
Confidentiality Policy because the hcp is only relevant when a Confidentiality Policy because the hcp is only relevant when a
message is encrypted. message is encrypted.
B.2.1. S/MIME signed-only signedData over a simple message, Wrapped B.2.1. S/MIME signed-only signedData over a simple message, Wrapped
Message Message
skipping to change at page 66, line 15 skipping to change at page 67, line 15
B.2.5. S/MIME signed-only signedData over a complex message, Wrapped B.2.5. S/MIME signed-only signedData over a complex message, Wrapped
Message Message
This is a signed-only S/MIME message via PKCS#7 signedData. The This is a signed-only S/MIME message via PKCS#7 signedData. The
payload is a multipart/alternative message with an inline image/png payload is a multipart/alternative message with an inline image/png
attachment. It uses the Wrapped Message header protection scheme. attachment. It uses the Wrapped Message header protection scheme.
It has the following structure: It has the following structure:
└─╴application/pkcs7-mime [smime.p7m] 5615 bytes └─╴application/pkcs7-mime [smime.p7m] 5631 bytes
⇩ (unwraps to) ⇩ (unwraps to)
└┬╴message/rfc822 1599 bytes └┬╴message/rfc822 1613 bytes
└┬╴multipart/mixed 1535 bytes └┬╴multipart/mixed 1549 bytes
├┬╴multipart/alternative 932 bytes ├┬╴multipart/alternative 946 bytes
│├─╴text/plain 282 bytes │├─╴text/plain 282 bytes
│└─╴text/html 366 bytes │└─╴text/html 380 bytes
└─╴image/png inline 232 bytes └─╴image/png inline 232 bytes
Its contents are: Its contents are:
Content-Transfer-Encoding: base64 Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-mime; name="smime.p7m"; Content-Type: application/pkcs7-mime; name="smime.p7m";
smime-type="signed-data" smime-type="signed-data"
Subject: smime-one-part-complex-wrapped Subject: smime-one-part-complex-wrapped
Message-ID: <smime-one-part-complex-wrapped@lhp.example> Message-ID: <smime-one-part-complex-wrapped@lhp.example>
From: Alice <alice@smime.example> From: Alice <alice@smime.example>
To: Bob <bob@smime.example> To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 12:04:02 -0500 Date: Sat, 20 Feb 2021 12:04:02 -0500
MIIQLAYJKoZIhvcNAQcCoIIQHTCCEBkCAQExDTALBglghkgBZQMEAgEwggZVBgkq MIIQOgYJKoZIhvcNAQcCoIIQKzCCECcCAQExDTALBglghkgBZQMEAgEwggZjBgkq
hkiG9w0BBwGgggZGBIIGQk1JTUUtVmVyc2lvbjogMS4wDQpDb250ZW50LVR5cGU6 hkiG9w0BBwGgggZUBIIGUE1JTUUtVmVyc2lvbjogMS4wDQpDb250ZW50LVR5cGU6
IG1lc3NhZ2UvcmZjODIyOyBmb3J3YXJkZWQ9Im5vIg0KDQpNSU1FLVZlcnNpb246 IG1lc3NhZ2UvcmZjODIyOyBmb3J3YXJkZWQ9Im5vIg0KDQpNSU1FLVZlcnNpb246
IDEuMApDb250ZW50LVR5cGU6IG11bHRpcGFydC9taXhlZDsgYm91bmRhcnk9IjNm IDEuMApDb250ZW50LVR5cGU6IG11bHRpcGFydC9taXhlZDsgYm91bmRhcnk9Ijhm
YyIKU3ViamVjdDogc21pbWUtb25lLXBhcnQtY29tcGxleC13cmFwcGVkCk1lc3Nh ZiIKU3ViamVjdDogc21pbWUtb25lLXBhcnQtY29tcGxleC13cmFwcGVkCk1lc3Nh
Z2UtSUQ6IDxzbWltZS1vbmUtcGFydC1jb21wbGV4LXdyYXBwZWRAbGhwLmV4YW1w Z2UtSUQ6IDxzbWltZS1vbmUtcGFydC1jb21wbGV4LXdyYXBwZWRAbGhwLmV4YW1w
bGU+CkZyb206IEFsaWNlIDxhbGljZUBzbWltZS5leGFtcGxlPgpUbzogQm9iIDxi bGU+CkZyb206IEFsaWNlIDxhbGljZUBzbWltZS5leGFtcGxlPgpUbzogQm9iIDxi
b2JAc21pbWUuZXhhbXBsZT4KRGF0ZTogU2F0LCAyMCBGZWIgMjAyMSAxMjowNDow b2JAc21pbWUuZXhhbXBsZT4KRGF0ZTogU2F0LCAyMCBGZWIgMjAyMSAxMjowNDow
MiAtMDUwMAoKLS0zZmMKTUlNRS1WZXJzaW9uOiAxLjAKQ29udGVudC1UeXBlOiBt MiAtMDUwMAoKLS04ZmYKTUlNRS1WZXJzaW9uOiAxLjAKQ29udGVudC1UeXBlOiBt
dWx0aXBhcnQvYWx0ZXJuYXRpdmU7IGJvdW5kYXJ5PSJjMGUiCgotLWMwZQpDb250 dWx0aXBhcnQvYWx0ZXJuYXRpdmU7IGJvdW5kYXJ5PSIxYWUiCgotLTFhZQpDb250
ZW50LVR5cGU6IHRleHQvcGxhaW47IGNoYXJzZXQ9InVzLWFzY2lpIgpNSU1FLVZl ZW50LVR5cGU6IHRleHQvcGxhaW47IGNoYXJzZXQ9InVzLWFzY2lpIgpNSU1FLVZl
cnNpb246IDEuMApDb250ZW50LVRyYW5zZmVyLUVuY29kaW5nOiA3Yml0CgpUaGlz cnNpb246IDEuMApDb250ZW50LVRyYW5zZmVyLUVuY29kaW5nOiA3Yml0CgpUaGlz
IGlzIHRoZSBzbWltZS1vbmUtcGFydC1jb21wbGV4LXdyYXBwZWQgbWVzc2FnZS4K IGlzIHRoZSBzbWltZS1vbmUtcGFydC1jb21wbGV4LXdyYXBwZWQgbWVzc2FnZS4K
ClRoaXMgaXMgYSBzaWduZWQtb25seSBTL01JTUUgbWVzc2FnZSB2aWEgUEtDUyM3 ClRoaXMgaXMgYSBzaWduZWQtb25seSBTL01JTUUgbWVzc2FnZSB2aWEgUEtDUyM3
IHNpZ25lZERhdGEuICBUaGUKcGF5bG9hZCBpcyBhIG11bHRpcGFydC9hbHRlcm5h IHNpZ25lZERhdGEuICBUaGUKcGF5bG9hZCBpcyBhIG11bHRpcGFydC9hbHRlcm5h
dGl2ZSBtZXNzYWdlIHdpdGggYW4gaW5saW5lIGltYWdlL3BuZwphdHRhY2htZW50 dGl2ZSBtZXNzYWdlIHdpdGggYW4gaW5saW5lIGltYWdlL3BuZwphdHRhY2htZW50
LiBJdCB1c2VzIHRoZSBXcmFwcGVkIE1lc3NhZ2UgaGVhZGVyIHByb3RlY3Rpb24g LiBJdCB1c2VzIHRoZSBXcmFwcGVkIE1lc3NhZ2UgaGVhZGVyIHByb3RlY3Rpb24g
c2NoZW1lLgoKLS0gCkFsaWNlCmFsaWNlQHNtaW1lLmV4YW1wbGUKLS1jMGUKQ29u c2NoZW1lLgoKLS0gCkFsaWNlCmFsaWNlQHNtaW1lLmV4YW1wbGUKLS0xYWUKQ29u
dGVudC1UeXBlOiB0ZXh0L2h0bWw7IGNoYXJzZXQ9InVzLWFzY2lpIgpNSU1FLVZl dGVudC1UeXBlOiB0ZXh0L2h0bWw7IGNoYXJzZXQ9InVzLWFzY2lpIgpNSU1FLVZl
cnNpb246IDEuMApDb250ZW50LVRyYW5zZmVyLUVuY29kaW5nOiA3Yml0Cgo8aHRt cnNpb246IDEuMApDb250ZW50LVRyYW5zZmVyLUVuY29kaW5nOiA3Yml0Cgo8aHRt
bD48aGVhZD48dGl0bGU+PC90aXRsZT48L2hlYWQ+PGJvZHk+CjxwPlRoaXMgaXMg bD48aGVhZD48dGl0bGU+PC90aXRsZT48L2hlYWQ+PGJvZHk+CjxwPlRoaXMgaXMg
dGhlIDxiPnNtaW1lLW9uZS1wYXJ0LWNvbXBsZXgtd3JhcHBlZDwvYj4gbWVzc2Fn dGhlIDxiPnNtaW1lLW9uZS1wYXJ0LWNvbXBsZXgtd3JhcHBlZDwvYj4gbWVzc2Fn
ZS48L3A+CjxwPlRoaXMgaXMgYSBzaWduZWQtb25seSBTL01JTUUgbWVzc2FnZSB2 ZS48L3A+CjxwPlRoaXMgaXMgYSBzaWduZWQtb25seSBTL01JTUUgbWVzc2FnZSB2
aWEgUEtDUyM3IHNpZ25lZERhdGEuICBUaGUKcGF5bG9hZCBpcyBhIG11bHRpcGFy aWEgUEtDUyM3IHNpZ25lZERhdGEuICBUaGUKcGF5bG9hZCBpcyBhIG11bHRpcGFy
dC9hbHRlcm5hdGl2ZSBtZXNzYWdlIHdpdGggYW4gaW5saW5lIGltYWdlL3BuZwph dC9hbHRlcm5hdGl2ZSBtZXNzYWdlIHdpdGggYW4gaW5saW5lIGltYWdlL3BuZwph
dHRhY2htZW50LiBJdCB1c2VzIHRoZSBXcmFwcGVkIE1lc3NhZ2UgaGVhZGVyIHBy dHRhY2htZW50LiBJdCB1c2VzIHRoZSBXcmFwcGVkIE1lc3NhZ2UgaGVhZGVyIHBy
b3RlY3Rpb24gc2NoZW1lLjwvcD4KPHA+PHR0Pi0tIDxici8+QWxpY2U8YnIvPmFs b3RlY3Rpb24gc2NoZW1lLjwvcD4KPHA+PHR0Pi0tIDxici8+QWxpY2U8YnIvPmFs
aWNlQHNtaW1lLmV4YW1wbGU8L3R0PjwvcD4KLS1jMGUtLQoKLS0zZmMKQ29udGVu aWNlQHNtaW1lLmV4YW1wbGU8L3R0PjwvcD48L2JvZHk+PC9odG1sPgotLTFhZS0t
dC1UeXBlOiBpbWFnZS9wbmcKQ29udGVudC1UcmFuc2Zlci1FbmNvZGluZzogYmFz CgotLThmZgpDb250ZW50LVR5cGU6IGltYWdlL3BuZwpDb250ZW50LVRyYW5zZmVy
ZTY0CkNvbnRlbnQtRGlzcG9zaXRpb246IGlubGluZQoKaVZCT1J3MEtHZ29BQUFB LUVuY29kaW5nOiBiYXNlNjQKQ29udGVudC1EaXNwb3NpdGlvbjogaW5saW5lCgpp
TlNVaEVVZ0FBQUJRQUFBQVVDQVlBQUFDTmlSME5BQUFBY0VsRVFWUjQydVZUT3hi VkJPUncwS0dnb0FBQUFOU1VoRVVnQUFBQlFBQUFBVUNBWUFBQUNOaVIwTkFBQUFj
QQpNQWdTNzM5bk8zVHBSdzIwZHFwYmZBUlFFak95d2l3WW5DdGtES25iY0xrNjZz RWxFUVZSNDJ1VlRPeGJBCk1BZ1M3MzluTzNUcFJ3MjBkcXBiZkFSUUVqT3l3aXdZ
cWxUK3p0OWNpZGtFKzZLd2taCnNncnpmY3FWTXBMMmpvMDQ0N2dZRHBlQXJrK09u bkN0a0RLbmJjTGs2NnNxbFQrenQ5Y2lka0UrNkt3a1oKc2dyemZjcVZNcEwyam8w
SkhrSWhBZlRQUmljaWhBZjVZSnJ3N3ZqdjBaV1JXTS91bGkKdmRQZjFRWjJrREQ5 NDQ3Z1lEcGVBcmsrT25KSGtJaEFmVFBSaWNpaEFmNVlKcnc3dmp2MFpXUldNL3Vs
eHBwZDh3QUFBQUJKUlU1RXJrSmdnZz09CgotLTNmYy0tCqCCB6YwggPPMIICt6AD aQp2ZFBmMVFaMmtERDl4cHBkOHdBQUFBQkpSVTVFcmtKZ2dnPT0KCi0tOGZmLS0K
AgECAhMPLSW9ETmXSs5CVIeh7j00Boq0MA0GCSqGSIb3DQEBDQUAMFUxDTALBgNV oIIHpjCCA88wggK3oAMCAQICEw8tJb0ROZdKzkJUh6HuPTQGirQwDQYJKoZIhvcN
BAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFN AQENBQAwVTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNV
UFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MCAXDTE5MTEyMDA2NTQxOFoY BAMTKFNhbXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwIBcN
DzIwNTIwOTI3MDY1NDE4WjA7MQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQLEwhMQU1Q MTkxMTIwMDY1NDE4WhgPMjA1MjA5MjcwNjU0MThaMDsxDTALBgNVBAoTBElFVEYx
UyBXRzEXMBUGA1UEAxMOQWxpY2UgTG92ZWxhY2UwggEiMA0GCSqGSIb3DQEBAQUA ETAPBgNVBAsTCExBTVBTIFdHMRcwFQYDVQQDEw5BbGljZSBMb3ZlbGFjZTCCASIw
A4IBDwAwggEKAoIBAQCalSn6i8Gi44/oAVAn5GnCk4PHHNjrSfWUnnelN41KImVa DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJqVKfqLwaLjj+gBUCfkacKTg8cc
TC3D9zFCrS3i4Pa9ZgHyA5Qf8JW3ZmnVz5q7M8onZm7mZjqQeb6FUH4i2GMt4jse 2OtJ9ZSed6U3jUoiZVpMLcP3MUKtLeLg9r1mAfIDlB/wlbdmadXPmrszyidmbuZm
2Dqs165ernT9O5NLFflHUjURca3ynqEBBV4DmhnZp8eDhv3t6dXyCjNHT82S6DgC OpB5voVQfiLYYy3iOx7YOqzXrl6udP07k0sV+UdSNRFxrfKeoQEFXgOaGdmnx4OG
ReZuTtMc1zy++MxQlqdn9WZLhOAOpeNZKGmVwjeVy+8FkyzC3jX/Qcm+ZLCqlLqh /e3p1fIKM0dPzZLoOAJF5m5O0xzXPL74zFCWp2f1ZkuE4A6l41koaZXCN5XL7wWT
BwDHdZ5qDTII2PVX1X3K7/cONxhvBbaUl/k1swdszUtjhflyFZ80RuQ3qFC6vL/P LMLeNf9Byb5ksKqUuqEHAMd1nmoNMgjY9VfVfcrv9w43GG8FtpSX+TWzB2zNS2OF
GeWy6SCf58duq/AOEksCAWlb+MD8QH9Yj7CFSmq1AgMBAAGjga8wgawwDAYDVR0T +XIVnzRG5DeoULq8v88Z5bLpIJ/nx26r8A4SSwIBaVv4wPxAf1iPsIVKarUCAwEA
AQH/BAIwADAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwHgYDVR0RBBcwFYETYWxp AaOBrzCBrDAMBgNVHRMBAf8EAjAAMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAe
Y2VAc21pbWUuZXhhbXBsZTATBgNVHSUEDDAKBggrBgEFBQcDBDAOBgNVHQ8BAf8E BgNVHREEFzAVgRNhbGljZUBzbWltZS5leGFtcGxlMBMGA1UdJQQMMAoGCCsGAQUF
BAMCBSAwHQYDVR0OBBYEFKJTQdVEPIApFXwBI/Dnjq/N83cPMB8GA1UdIwQYMBaA BwMEMA4GA1UdDwEB/wQEAwIFIDAdBgNVHQ4EFgQUolNB1UQ8gCkVfAEj8OeOr83z
FJEwjnwHFwyn8QkoZTYaZxxodvRZMA0GCSqGSIb3DQEBDQUAA4IBAQCBSXignLEy dw8wHwYDVR0jBBgwFoAUkTCOfAcXDKfxCShlNhpnHGh29FkwDQYJKoZIhvcNAQEN
nBakDKU68ro0RsyXWAPkfXgQLgy7GrW7SrZeBc5IEcjoN9f/gsOx/Ht9Ii6zyBZV BQADggEBAIFJeKCcsTKcFqQMpTryujRGzJdYA+R9eBAuDLsatbtKtl4FzkgRyOg3
jdaox644DsiLOQEP4YMS7y4q94RFFdmdzEbDLYx9sfUhvdTxDNOOoHz53PYDBh4z 1/+Cw7H8e30iLrPIFlWN1qjHrjgOyIs5AQ/hgxLvLir3hEUV2Z3MRsMtjH2x9SG9
E4Nar2inC0D+VM6RGDy66K9l+D+bl8Wj9CyGUc1ppMNURexTg+z3web/eDOdu+F2 1PEM046gfPnc9gMGHjMTg1qvaKcLQP5UzpEYPLror2X4P5uXxaP0LIZRzWmkw1RF
MVtluLihne0Bp1GUTkr0mJBolg6dSYal8Hw8/ANHpyExl56BJABb744gqoeuD9YS 7FOD7PfB5v94M5274XYxW2W4uKGd7QGnUZROSvSYkGiWDp1JhqXwfDz8A0enITGX
HjKK49+qYC9faFmQ+mK80lh1M9RdNI7srjn0LKpuob6w06jaRzWdNeXzlEc2tUpA noEkAFvvjiCqh64P1hIeMorj36pgL19oWZD6YrzSWHUz1F00juyuOfQsqm6hvrDT
r4vRhZjVD6FYMIIDzzCCAregAwIBAgITN0EFee11f0Kpolw69Phqzpqp1zANBgkq qNpHNZ015fOURza1SkCvi9GFmNUPoVgwggPPMIICt6ADAgECAhM3QQV57XV/Qqmi
hkiG9w0BAQ0FADBVMQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQLEwhMQU1QUyBXRzEx XDr0+GrOmqnXMA0GCSqGSIb3DQEBDQUAMFUxDTALBgNVBAoTBElFVEYxETAPBgNV
MC8GA1UEAxMoU2FtcGxlIExBTVBTIFJTQSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0 BAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFNUFMgUlNBIENlcnRpZmlj
eTAgFw0xOTExMjAwNjU0MThaGA8yMDUyMDkyNzA2NTQxOFowOzENMAsGA1UEChME YXRpb24gQXV0aG9yaXR5MCAXDTE5MTEyMDA2NTQxOFoYDzIwNTIwOTI3MDY1NDE4
SUVURjERMA8GA1UECxMITEFNUFMgV0cxFzAVBgNVBAMTDkFsaWNlIExvdmVsYWNl WjA7MQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQLEwhMQU1QUyBXRzEXMBUGA1UEAxMO
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtPSJ6Fg4Fj5Nmn9PkrYo QWxpY2UgTG92ZWxhY2UwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0
0jTkfCv4TfA/pdO/KLpZbJOAEr0sI7AjaO7B1GuMUFJeSTulamNfCwDcDkY63PQW 9InoWDgWPk2af0+StijSNOR8K/hN8D+l078oullsk4ASvSwjsCNo7sHUa4xQUl5J
l+DILs7GxVwXurhYdZlaV5hcUqVAckPvedDBc/3rz4D/esFfs+E7QMFtmd+K04s+ O6VqY18LANwORjrc9BaX4MguzsbFXBe6uFh1mVpXmFxSpUByQ+950MFz/evPgP96
A8TCNO12DRVBDpbP4JFD9hsc8prDtpGmFk7rd0q8gqnhxBW2RZAeLqzJOMayCQtw wV+z4TtAwW2Z34rTiz4DxMI07XYNFUEOls/gkUP2GxzymsO2kaYWTut3SryCqeHE
s1q7ktkNBR2wZX5ICjecF1YJFhX4jrnHwp/iELGqqaNXd3/Y0pG7QFecN7836IPP FbZFkB4urMk4xrIJC3CzWruS2Q0FHbBlfkgKN5wXVgkWFfiOucfCn+IQsaqpo1d3
dfTMSiPR+peCrhJZwLSewbWXLJe3VMvbvQjoBMpEYlaJBUIKkO1zQ1Pq90njlsJL f9jSkbtAV5w3vzfog8919MxKI9H6l4KuElnAtJ7BtZcsl7dUy9u9COgEykRiVokF
OwIDAQABo4GvMIGsMAwGA1UdEwEB/wQCMAAwFwYDVR0gBBAwDjAMBgpghkgBZQMC QgqQ7XNDU+r3SeOWwks7AgMBAAGjga8wgawwDAYDVR0TAQH/BAIwADAXBgNVHSAE
ATABMB4GA1UdEQQXMBWBE2FsaWNlQHNtaW1lLmV4YW1wbGUwEwYDVR0lBAwwCgYI EDAOMAwGCmCGSAFlAwIBMAEwHgYDVR0RBBcwFYETYWxpY2VAc21pbWUuZXhhbXBs
KwYBBQUHAwQwDgYDVR0PAQH/BAQDAgbAMB0GA1UdDgQWBBS79syyLR0GEhyXrilq ZTATBgNVHSUEDDAKBggrBgEFBQcDBDAOBgNVHQ8BAf8EBAMCBsAwHQYDVR0OBBYE
kBDTIGZmczAfBgNVHSMEGDAWgBSRMI58BxcMp/EJKGU2GmccaHb0WTANBgkqhkiG FLv2zLItHQYSHJeuKWqQENMgZmZzMB8GA1UdIwQYMBaAFJEwjnwHFwyn8QkoZTYa
9w0BAQ0FAAOCAQEAc4miNqfOqaBpI3f+CpJDhxtuZ2P9HjQEQ+v6BdP7GKJ19naI ZxxodvRZMA0GCSqGSIb3DQEBDQUAA4IBAQBziaI2p86poGkjd/4KkkOHG25nY/0e
s3BjJOd64roAKHAp+c284VvyVXWJ99FMX8q2ZUQMxH+xh6oAfzcozmnd6XaVWHg4 NARD6/oF0/sYonX2doizcGMk53riugAocCn5zbzhW/JVdYn30UxfyrZlRAzEf7GH
eHIjSo27PmhKE1oAJKKhDbdbEcZXL2+x1V+duGymWtaD01DZZukKYr7agyHahiXR qgB/NyjOad3pdpVYeDh4ciNKjbs+aEoTWgAkoqENt1sRxlcvb7HVX524bKZa1oPT
n/C9cy31wbqNsy9x0fjPQg6+DqatiQpMz9EIae6aCHHBhOiPU7IPkazgPYgkLD59 UNlm6QpivtqDIdqGJdGf8L1zLfXBuo2zL3HR+M9CDr4Opq2JCkzP0Qhp7poIccGE
fk4PGHnYxs1FhdO6zZk9E8zwlc1ALgZa/iSbczisqckN3qGehD2s16jMhwFXLJtB 6I9Tsg+RrOA9iCQsPn1+Tg8YedjGzUWF07rNmT0TzPCVzUAuBlr+JJtzOKypyQ3e
iN+uCDgNG/D0qyTbY4fgKieUHx/tHuzUszZxJjGCAgAwggH8AgEBMGwwVTENMAsG oZ6EPazXqMyHAVcsm0GI364IOA0b8PSrJNtjh+AqJ5QfH+0e7NSzNnEmMYICADCC
A1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNhbXBsZSBM AfwCAQEwbDBVMQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQLEwhMQU1QUyBXRzExMC8G
QU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkCEzdBBXntdX9CqaJcOvT4 A1UEAxMoU2FtcGxlIExBTVBTIFJTQSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eQIT
as6aqdcwCwYJYIZIAWUDBAIBoGkwGAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEHATAc N0EFee11f0Kpolw69Phqzpqp1zALBglghkgBZQMEAgGgaTAYBgkqhkiG9w0BCQMx
BgkqhkiG9w0BCQUxDxcNMjEwMjIwMTcwNDAyWjAvBgkqhkiG9w0BCQQxIgQgGiss CwYJKoZIhvcNAQcBMBwGCSqGSIb3DQEJBTEPFw0yMTAyMjAxNzA0MDJaMC8GCSqG
3bBs4a2FSojj2NVcmGx+Y2J2N13x7iIWxuaypk0wDQYJKoZIhvcNAQEBBQAEggEA SIb3DQEJBDEiBCDMOILEox46FkWxHI/3mD5yDe0N8CAfZ/xaQnI0alyyOTANBgkq
huOPBptjY2fcRzq9DPryHFCFCPa75LnQl2zLijpFMW7qyswoyR6BguvTEzV4kBPV hkiG9w0BAQEFAASCAQBWzuGAP7C0InZ86JeaKimYKXpArooRzZnso+wJtXhZlmTX
D2Sbh86FibwmvNdgzzXc2PJzcj6jtYE0R58tdO/ks7qOeIbtZUgpZT3W/wlEpnmd csHp783QCEKYE0F+rv1IrD+fcFULz8Lo7Mm+PWQbtkbx5uZR7IFLGlK+8i8wVCZj
Pr7Df4oVEV9qS+vJh0iNASJspYwccPwIf5fKCPJf5H+xhQlSJ1rLIhw6Cu2ogkWB 1Bs2lgpZ/qg1qP+ddCPwZuywITEGnjjqg76OHJOgxJniG3/teIy6dHMI2OBogZjN
bQDijNyjP5jM1X7Xo3mP4ReuauS4e0DnnRMH3pDGUaKAN5dnEVqdXG1C76+yOBwr kdVSbBhOa9GnTtnWJd2zH7t0tV16NyH3+pNn4DTUWR2IvRgxHky/KT7cIOTfQj9C
/foPN5vjE8RMtte3DtOKqGeWwsoEcjinU77z6d0kIWQqNYUNmqDHJ7O/yla0xG14 HEizTljQMDvHhoHslWdwjAGjH3foH4CXP1/1bN+qBH2QAuRZ8+LueDcllQsPJXtc
IPJnl/JphEWKl3FjI6iL4A== fUseHVMstoHac0rajLjDZ8FXSLCkmto6RRSQVsT0
B.2.6. S/MIME signed-only multipart/signed over a complex message, B.2.6. S/MIME signed-only multipart/signed over a complex message,
Wrapped Message Wrapped Message
This is a signed-only S/MIME message via PKCS#7 detached signature This is a signed-only S/MIME message via PKCS#7 detached signature
(multipart/signed). The payload is a multipart/alternative message (multipart/signed). The payload is a multipart/alternative message
with an inline image/png attachment. It uses the Wrapped Message with an inline image/png attachment. It uses the Wrapped Message
header protection scheme. header protection scheme.
It has the following structure: It has the following structure:
└┬╴multipart/signed 5528 bytes └┬╴multipart/signed 5542 bytes
├┬╴message/rfc822 1657 bytes ├┬╴message/rfc822 1671 bytes
│└┬╴multipart/mixed 1593 bytes │└┬╴multipart/mixed 1607 bytes
│ ├┬╴multipart/alternative 988 bytes │ ├┬╴multipart/alternative 1002 bytes
│ │├─╴text/plain 310 bytes │ │├─╴text/plain 310 bytes
│ │└─╴text/html 394 bytes │ │└─╴text/html 408 bytes
│ └─╴image/png inline 232 bytes │ └─╴image/png inline 232 bytes
└─╴application/pkcs7-signature [smime.p7s] 3429 bytes └─╴application/pkcs7-signature [smime.p7s] 3429 bytes
Its contents are: Its contents are:
MIME-Version: 1.0 MIME-Version: 1.0
Content-Type: multipart/signed; Content-Type: multipart/signed;
protocol="application/pkcs7-signature"; boundary="932"; protocol="application/pkcs7-signature"; boundary="ce9";
micalg="sha-256" micalg="sha-256"
Subject: smime-multipart-complex-wrapped Subject: smime-multipart-complex-wrapped
Message-ID: <smime-multipart-complex-wrapped@lhp.example> Message-ID: <smime-multipart-complex-wrapped@lhp.example>
From: Alice <alice@smime.example> From: Alice <alice@smime.example>
To: Bob <bob@smime.example> To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 12:05:02 -0500 Date: Sat, 20 Feb 2021 12:05:02 -0500
--932 --ce9
MIME-Version: 1.0 MIME-Version: 1.0
Content-Type: message/rfc822; forwarded="no" Content-Type: message/rfc822; forwarded="no"
MIME-Version: 1.0 MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="c35" Content-Type: multipart/mixed; boundary="c33"
Subject: smime-multipart-complex-wrapped Subject: smime-multipart-complex-wrapped
Message-ID: <smime-multipart-complex-wrapped@lhp.example> Message-ID: <smime-multipart-complex-wrapped@lhp.example>
From: Alice <alice@smime.example> From: Alice <alice@smime.example>
To: Bob <bob@smime.example> To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 12:05:02 -0500 Date: Sat, 20 Feb 2021 12:05:02 -0500
--c35 --c33
MIME-Version: 1.0 MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="645" Content-Type: multipart/alternative; boundary="bb6"
--645 --bb6
Content-Type: text/plain; charset="us-ascii" Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0 MIME-Version: 1.0
Content-Transfer-Encoding: 7bit Content-Transfer-Encoding: 7bit
This is the smime-multipart-complex-wrapped message. This is the smime-multipart-complex-wrapped message.
This is a signed-only S/MIME message via PKCS#7 detached signature This is a signed-only S/MIME message via PKCS#7 detached signature
(multipart/signed). The payload is a multipart/alternative message (multipart/signed). The payload is a multipart/alternative message
with an inline image/png attachment. It uses the Wrapped Message with an inline image/png attachment. It uses the Wrapped Message
header protection scheme. header protection scheme.
-- --
Alice Alice
alice@smime.example alice@smime.example
--645 --bb6
Content-Type: text/html; charset="us-ascii" Content-Type: text/html; charset="us-ascii"
MIME-Version: 1.0 MIME-Version: 1.0
Content-Transfer-Encoding: 7bit Content-Transfer-Encoding: 7bit
<html><head><title></title></head><body> <html><head><title></title></head><body>
<p>This is the <b>smime-multipart-complex-wrapped</b> message.</p> <p>This is the <b>smime-multipart-complex-wrapped</b> message.</p>
<p>This is a signed-only S/MIME message via PKCS#7 detached signature <p>This is a signed-only S/MIME message via PKCS#7 detached signature
(multipart/signed). The payload is a multipart/alternative message (multipart/signed). The payload is a multipart/alternative message
with an inline image/png attachment. It uses the Wrapped Message with an inline image/png attachment. It uses the Wrapped Message
header protection scheme.</p> header protection scheme.</p>
<p><tt>-- <br/>Alice<br/>alice@smime.example</tt></p> <p><tt>-- <br/>Alice<br/>alice@smime.example</tt></p></body></html>
--645-- --bb6--
--c35 --c33
Content-Type: image/png Content-Type: image/png
Content-Transfer-Encoding: base64 Content-Transfer-Encoding: base64
Content-Disposition: inline Content-Disposition: inline
iVBORw0KGgoAAAANSUhEUgAAABQAAAAUCAYAAACNiR0NAAAAcElEQVR42uVTOxbA iVBORw0KGgoAAAANSUhEUgAAABQAAAAUCAYAAACNiR0NAAAAcElEQVR42uVTOxbA
MAgS739nO3TpRw20dqpbfARQEjOywiwYnCtkDKnbcLk66sqlT+zt9cidkE+6KwkZ MAgS739nO3TpRw20dqpbfARQEjOywiwYnCtkDKnbcLk66sqlT+zt9cidkE+6KwkZ
sgrzfcqVMpL2jo0447gYDpeArk+OnJHkIhAfTPRicihAf5YJrw7vjv0ZWRWM/uli sgrzfcqVMpL2jo0447gYDpeArk+OnJHkIhAfTPRicihAf5YJrw7vjv0ZWRWM/uli
vdPf1QZ2kDD9xppd8wAAAABJRU5ErkJggg== vdPf1QZ2kDD9xppd8wAAAABJRU5ErkJggg==
--c35-- --c33--
--932 --ce9
Content-Transfer-Encoding: base64 Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-signature; name="smime.p7s" Content-Type: application/pkcs7-signature; name="smime.p7s"
MIIJ4AYJKoZIhvcNAQcCoIIJ0TCCCc0CAQExDTALBglghkgBZQMEAgEwCwYJKoZI MIIJ4AYJKoZIhvcNAQcCoIIJ0TCCCc0CAQExDTALBglghkgBZQMEAgEwCwYJKoZI
hvcNAQcBoIIHpjCCA88wggK3oAMCAQICEw8tJb0ROZdKzkJUh6HuPTQGirQwDQYJ hvcNAQcBoIIHpjCCA88wggK3oAMCAQICEw8tJb0ROZdKzkJUh6HuPTQGirQwDQYJ
KoZIhvcNAQENBQAwVTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cx KoZIhvcNAQENBQAwVTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cx
MTAvBgNVBAMTKFNhbXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3Jp MTAvBgNVBAMTKFNhbXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3Jp
dHkwIBcNMTkxMTIwMDY1NDE4WhgPMjA1MjA5MjcwNjU0MThaMDsxDTALBgNVBAoT dHkwIBcNMTkxMTIwMDY1NDE4WhgPMjA1MjA5MjcwNjU0MThaMDsxDTALBgNVBAoT
BElFVEYxETAPBgNVBAsTCExBTVBTIFdHMRcwFQYDVQQDEw5BbGljZSBMb3ZlbGFj BElFVEYxETAPBgNVBAsTCExBTVBTIFdHMRcwFQYDVQQDEw5BbGljZSBMb3ZlbGFj
ZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJqVKfqLwaLjj+gBUCfk ZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJqVKfqLwaLjj+gBUCfk
skipping to change at page 71, line 25 skipping to change at page 72, line 25
8QkoZTYaZxxodvRZMA0GCSqGSIb3DQEBDQUAA4IBAQBziaI2p86poGkjd/4KkkOH 8QkoZTYaZxxodvRZMA0GCSqGSIb3DQEBDQUAA4IBAQBziaI2p86poGkjd/4KkkOH
G25nY/0eNARD6/oF0/sYonX2doizcGMk53riugAocCn5zbzhW/JVdYn30UxfyrZl G25nY/0eNARD6/oF0/sYonX2doizcGMk53riugAocCn5zbzhW/JVdYn30UxfyrZl
RAzEf7GHqgB/NyjOad3pdpVYeDh4ciNKjbs+aEoTWgAkoqENt1sRxlcvb7HVX524 RAzEf7GHqgB/NyjOad3pdpVYeDh4ciNKjbs+aEoTWgAkoqENt1sRxlcvb7HVX524
bKZa1oPTUNlm6QpivtqDIdqGJdGf8L1zLfXBuo2zL3HR+M9CDr4Opq2JCkzP0Qhp bKZa1oPTUNlm6QpivtqDIdqGJdGf8L1zLfXBuo2zL3HR+M9CDr4Opq2JCkzP0Qhp
7poIccGE6I9Tsg+RrOA9iCQsPn1+Tg8YedjGzUWF07rNmT0TzPCVzUAuBlr+JJtz 7poIccGE6I9Tsg+RrOA9iCQsPn1+Tg8YedjGzUWF07rNmT0TzPCVzUAuBlr+JJtz
OKypyQ3eoZ6EPazXqMyHAVcsm0GI364IOA0b8PSrJNtjh+AqJ5QfH+0e7NSzNnEm OKypyQ3eoZ6EPazXqMyHAVcsm0GI364IOA0b8PSrJNtjh+AqJ5QfH+0e7NSzNnEm
MYICADCCAfwCAQEwbDBVMQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQLEwhMQU1QUyBX MYICADCCAfwCAQEwbDBVMQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQLEwhMQU1QUyBX
RzExMC8GA1UEAxMoU2FtcGxlIExBTVBTIFJTQSBDZXJ0aWZpY2F0aW9uIEF1dGhv RzExMC8GA1UEAxMoU2FtcGxlIExBTVBTIFJTQSBDZXJ0aWZpY2F0aW9uIEF1dGhv
cml0eQITN0EFee11f0Kpolw69Phqzpqp1zALBglghkgBZQMEAgGgaTAYBgkqhkiG cml0eQITN0EFee11f0Kpolw69Phqzpqp1zALBglghkgBZQMEAgGgaTAYBgkqhkiG
9w0BCQMxCwYJKoZIhvcNAQcBMBwGCSqGSIb3DQEJBTEPFw0yMTAyMjAxNzA1MDJa 9w0BCQMxCwYJKoZIhvcNAQcBMBwGCSqGSIb3DQEJBTEPFw0yMTAyMjAxNzA1MDJa
MC8GCSqGSIb3DQEJBDEiBCAqHXFyYQoKOPnaQ8OYqY4ornV0eciFU8bWD8ky9iEo MC8GCSqGSIb3DQEJBDEiBCAv+o7fTfRFOqnpRsH2sYzOleh5w2W+5q6Nde9GJQWH
CjANBgkqhkiG9w0BAQEFAASCAQAPH0Gm13RZy3gpCgSpM94kN7gG0Qz7gYXsP10Y nTANBgkqhkiG9w0BAQEFAASCAQBrqtTw1eU834PA6rF6Vsac5dGAswyv4vh/EVxO
+A4JB3xAPM1deb6TWBBbmoX8KktiMIIQQz+im/6ab96G5VlvSXpaAsHjTg8pkvMS xBY7A+uEacaMOXRaSzkTqehOkOGa31d2bV6XmWbcR9kNvradw//dXOkctHW/cW6x
K220ePIQLYGMgbf/h/CDO6kXr4D74QPwhaRzo/DKErgwlvY+osiwrC/srFXyv6M8 1BALj1aFAbYmObCY/FTItu7nLGIAIQCm0W4OVHgH7I/QXOsz3o7hH68SWItJnLDy
673VBGD5XXq8d8LSYQjiSpAQjyGu6Ddo4hZdRNzDQU6a6HRD6qYmaYszb9z6HMHL cSEDzRKNh1vl5cN0euY0mNA6HcvKchkIlWCj1pcJVmTq3FQE4GNeeO1x2Pz3ao7y
AR28J5t4YynW2Hr8/4HSZ5YMt+sXjm1nsGGqLsOdxo6VmgKSiC2nhx7QbJhqevQL vDO/E/s1iF2SiPS7GcgluywZ1ln5xAwR95/G/lUlqWFBXPAPgIMda1kDsqRI++tE
CJWufMVWkvIX74TyfK6W0hl1x/pw0YfHnZMimppl69rRSEsF 7aFVuQ9rEoAQJ8KeS8QWA/Lf/iefFfu0ESJxjRDdbJ3+gm5P
--932-- --ce9--
B.2.7. S/MIME signed-only signedData over a complex message, Injected B.2.7. S/MIME signed-only signedData over a complex message, Injected
Headers Headers
This is a signed-only S/MIME message via PKCS#7 signedData. The This is a signed-only S/MIME message via PKCS#7 signedData. The
payload is a multipart/alternative message with an inline image/png payload is a multipart/alternative message with an inline image/png
attachment. It uses the Injected Headers header protection scheme. attachment. It uses the Injected Headers header protection scheme.
It has the following structure: It has the following structure:
└─╴application/pkcs7-mime [smime.p7m] 5631 bytes └─╴application/pkcs7-mime [smime.p7m] 5651 bytes
⇩ (unwraps to) ⇩ (unwraps to)
└┬╴multipart/mixed 1565 bytes └┬╴multipart/mixed 1579 bytes
├┬╴multipart/alternative 936 bytes ├┬╴multipart/alternative 950 bytes
│├─╴text/plain 292 bytes │├─╴text/plain 292 bytes
│└─╴text/html 373 bytes │└─╴text/html 387 bytes
└─╴image/png inline 236 bytes └─╴image/png inline 236 bytes
Its contents are: Its contents are:
Content-Transfer-Encoding: base64 Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-mime; name="smime.p7m"; Content-Type: application/pkcs7-mime; name="smime.p7m";
smime-type="signed-data" smime-type="signed-data"
Subject: smime-one-part-complex-injected Subject: smime-one-part-complex-injected
Message-ID: <smime-one-part-complex-injected@lhp.example> Message-ID: <smime-one-part-complex-injected@lhp.example>
From: Alice <alice@smime.example> From: Alice <alice@smime.example>
To: Bob <bob@smime.example> To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 12:06:02 -0500 Date: Sat, 20 Feb 2021 12:06:02 -0500
MIIQOQYJKoZIhvcNAQcCoIIQKjCCECYCAQExDTALBglghkgBZQMEAgEwggZiBgkq MIIQRwYJKoZIhvcNAQcCoIIQODCCEDQCAQExDTALBglghkgBZQMEAgEwggZwBgkq
hkiG9w0BBwGgggZTBIIGT01JTUUtVmVyc2lvbjogMS4wDQpTdWJqZWN0OiBzbWlt hkiG9w0BBwGgggZhBIIGXU1JTUUtVmVyc2lvbjogMS4wDQpTdWJqZWN0OiBzbWlt
ZS1vbmUtcGFydC1jb21wbGV4LWluamVjdGVkDQpNZXNzYWdlLUlEOiA8c21pbWUt ZS1vbmUtcGFydC1jb21wbGV4LWluamVjdGVkDQpNZXNzYWdlLUlEOiA8c21pbWUt
b25lLXBhcnQtY29tcGxleC1pbmplY3RlZEBsaHAuZXhhbXBsZT4NCkZyb206IEFs b25lLXBhcnQtY29tcGxleC1pbmplY3RlZEBsaHAuZXhhbXBsZT4NCkZyb206IEFs
aWNlIDxhbGljZUBzbWltZS5leGFtcGxlPg0KVG86IEJvYiA8Ym9iQHNtaW1lLmV4 aWNlIDxhbGljZUBzbWltZS5leGFtcGxlPg0KVG86IEJvYiA8Ym9iQHNtaW1lLmV4
YW1wbGU+DQpEYXRlOiBTYXQsIDIwIEZlYiAyMDIxIDEyOjA2OjAyIC0wNTAwDQpD YW1wbGU+DQpEYXRlOiBTYXQsIDIwIEZlYiAyMDIxIDEyOjA2OjAyIC0wNTAwDQpD
b250ZW50LVR5cGU6IG11bHRpcGFydC9taXhlZDsgYm91bmRhcnk9ImNmZiI7IHBy b250ZW50LVR5cGU6IG11bHRpcGFydC9taXhlZDsgYm91bmRhcnk9IjVkYSI7IHBy
b3RlY3RlZC1oZWFkZXJzPSJ2MSINCg0KLS1jZmYNCk1JTUUtVmVyc2lvbjogMS4w b3RlY3RlZC1oZWFkZXJzPSJ2MSINCg0KLS01ZGENCk1JTUUtVmVyc2lvbjogMS4w
DQpDb250ZW50LVR5cGU6IG11bHRpcGFydC9hbHRlcm5hdGl2ZTsgYm91bmRhcnk9 DQpDb250ZW50LVR5cGU6IG11bHRpcGFydC9hbHRlcm5hdGl2ZTsgYm91bmRhcnk9
IjdiZSINCg0KLS03YmUNCkNvbnRlbnQtVHlwZTogdGV4dC9wbGFpbjsgY2hhcnNl IjllYyINCg0KLS05ZWMNCkNvbnRlbnQtVHlwZTogdGV4dC9wbGFpbjsgY2hhcnNl
dD0idXMtYXNjaWkiDQpNSU1FLVZlcnNpb246IDEuMA0KQ29udGVudC1UcmFuc2Zl dD0idXMtYXNjaWkiDQpNSU1FLVZlcnNpb246IDEuMA0KQ29udGVudC1UcmFuc2Zl
ci1FbmNvZGluZzogN2JpdA0KDQpUaGlzIGlzIHRoZSBzbWltZS1vbmUtcGFydC1j ci1FbmNvZGluZzogN2JpdA0KDQpUaGlzIGlzIHRoZSBzbWltZS1vbmUtcGFydC1j
b21wbGV4LWluamVjdGVkIG1lc3NhZ2UuDQoNClRoaXMgaXMgYSBzaWduZWQtb25s b21wbGV4LWluamVjdGVkIG1lc3NhZ2UuDQoNClRoaXMgaXMgYSBzaWduZWQtb25s
eSBTL01JTUUgbWVzc2FnZSB2aWEgUEtDUyM3IHNpZ25lZERhdGEuICBUaGUNCnBh eSBTL01JTUUgbWVzc2FnZSB2aWEgUEtDUyM3IHNpZ25lZERhdGEuICBUaGUNCnBh
eWxvYWQgaXMgYSBtdWx0aXBhcnQvYWx0ZXJuYXRpdmUgbWVzc2FnZSB3aXRoIGFu eWxvYWQgaXMgYSBtdWx0aXBhcnQvYWx0ZXJuYXRpdmUgbWVzc2FnZSB3aXRoIGFu
IGlubGluZSBpbWFnZS9wbmcNCmF0dGFjaG1lbnQuIEl0IHVzZXMgdGhlIEluamVj IGlubGluZSBpbWFnZS9wbmcNCmF0dGFjaG1lbnQuIEl0IHVzZXMgdGhlIEluamVj
dGVkIEhlYWRlcnMgaGVhZGVyIHByb3RlY3Rpb24gc2NoZW1lLg0KDQotLSANCkFs dGVkIEhlYWRlcnMgaGVhZGVyIHByb3RlY3Rpb24gc2NoZW1lLg0KDQotLSANCkFs
aWNlDQphbGljZUBzbWltZS5leGFtcGxlDQotLTdiZQ0KQ29udGVudC1UeXBlOiB0 aWNlDQphbGljZUBzbWltZS5leGFtcGxlDQotLTllYw0KQ29udGVudC1UeXBlOiB0
ZXh0L2h0bWw7IGNoYXJzZXQ9InVzLWFzY2lpIg0KTUlNRS1WZXJzaW9uOiAxLjAN ZXh0L2h0bWw7IGNoYXJzZXQ9InVzLWFzY2lpIg0KTUlNRS1WZXJzaW9uOiAxLjAN
CkNvbnRlbnQtVHJhbnNmZXItRW5jb2Rpbmc6IDdiaXQNCg0KPGh0bWw+PGhlYWQ+ CkNvbnRlbnQtVHJhbnNmZXItRW5jb2Rpbmc6IDdiaXQNCg0KPGh0bWw+PGhlYWQ+
PHRpdGxlPjwvdGl0bGU+PC9oZWFkPjxib2R5Pg0KPHA+VGhpcyBpcyB0aGUgPGI+ PHRpdGxlPjwvdGl0bGU+PC9oZWFkPjxib2R5Pg0KPHA+VGhpcyBpcyB0aGUgPGI+
c21pbWUtb25lLXBhcnQtY29tcGxleC1pbmplY3RlZDwvYj4gbWVzc2FnZS48L3A+ c21pbWUtb25lLXBhcnQtY29tcGxleC1pbmplY3RlZDwvYj4gbWVzc2FnZS48L3A+
DQo8cD5UaGlzIGlzIGEgc2lnbmVkLW9ubHkgUy9NSU1FIG1lc3NhZ2UgdmlhIFBL DQo8cD5UaGlzIGlzIGEgc2lnbmVkLW9ubHkgUy9NSU1FIG1lc3NhZ2UgdmlhIFBL
Q1MjNyBzaWduZWREYXRhLiAgVGhlDQpwYXlsb2FkIGlzIGEgbXVsdGlwYXJ0L2Fs Q1MjNyBzaWduZWREYXRhLiAgVGhlDQpwYXlsb2FkIGlzIGEgbXVsdGlwYXJ0L2Fs
dGVybmF0aXZlIG1lc3NhZ2Ugd2l0aCBhbiBpbmxpbmUgaW1hZ2UvcG5nDQphdHRh dGVybmF0aXZlIG1lc3NhZ2Ugd2l0aCBhbiBpbmxpbmUgaW1hZ2UvcG5nDQphdHRh
Y2htZW50LiBJdCB1c2VzIHRoZSBJbmplY3RlZCBIZWFkZXJzIGhlYWRlciBwcm90 Y2htZW50LiBJdCB1c2VzIHRoZSBJbmplY3RlZCBIZWFkZXJzIGhlYWRlciBwcm90
ZWN0aW9uIHNjaGVtZS48L3A+DQo8cD48dHQ+LS0gPGJyLz5BbGljZTxici8+YWxp ZWN0aW9uIHNjaGVtZS48L3A+DQo8cD48dHQ+LS0gPGJyLz5BbGljZTxici8+YWxp
Y2VAc21pbWUuZXhhbXBsZTwvdHQ+PC9wPg0KLS03YmUtLQ0KDQotLWNmZg0KQ29u Y2VAc21pbWUuZXhhbXBsZTwvdHQ+PC9wPjwvYm9keT48L2h0bWw+DQotLTllYy0t
dGVudC1UeXBlOiBpbWFnZS9wbmcNCkNvbnRlbnQtVHJhbnNmZXItRW5jb2Rpbmc6 DQoNCi0tNWRhDQpDb250ZW50LVR5cGU6IGltYWdlL3BuZw0KQ29udGVudC1UcmFu
IGJhc2U2NA0KQ29udGVudC1EaXNwb3NpdGlvbjogaW5saW5lDQoNCmlWQk9SdzBL c2Zlci1FbmNvZGluZzogYmFzZTY0DQpDb250ZW50LURpc3Bvc2l0aW9uOiBpbmxp
R2dvQUFBQU5TVWhFVWdBQUFCUUFBQUFVQ0FZQUFBQ05pUjBOQUFBQWNFbEVRVlI0 bmUNCg0KaVZCT1J3MEtHZ29BQUFBTlNVaEVVZ0FBQUJRQUFBQVVDQVlBQUFDTmlS
MnVWVE94YkENCk1BZ1M3MzluTzNUcFJ3MjBkcXBiZkFSUUVqT3l3aXdZbkN0a0RL ME5BQUFBY0VsRVFWUjQydVZUT3hiQQ0KTUFnUzczOW5PM1RwUncyMGRxcGJmQVJR
bmJjTGs2NnNxbFQrenQ5Y2lka0UrNkt3a1oNCnNncnpmY3FWTXBMMmpvMDQ0N2dZ RWpPeXdpd1luQ3RrREtuYmNMazY2c3FsVCt6dDljaWRrRSs2S3drWg0Kc2dyemZj
RHBlQXJrK09uSkhrSWhBZlRQUmljaWhBZjVZSnJ3N3ZqdjBaV1JXTS91bGkNCnZk cVZNcEwyam8wNDQ3Z1lEcGVBcmsrT25KSGtJaEFmVFBSaWNpaEFmNVlKcnc3dmp2
UGYxUVoya0REOXhwcGQ4d0FBQUFCSlJVNUVya0pnZ2c9PQ0KDQotLWNmZi0tDQqg MFpXUldNL3VsaQ0KdmRQZjFRWjJrREQ5eHBwZDh3QUFBQUJKUlU1RXJrSmdnZz09
ggemMIIDzzCCAregAwIBAgITDy0lvRE5l0rOQlSHoe49NAaKtDANBgkqhkiG9w0B DQoNCi0tNWRhLS0NCqCCB6YwggPPMIICt6ADAgECAhMPLSW9ETmXSs5CVIeh7j00
AQ0FADBVMQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQLEwhMQU1QUyBXRzExMC8GA1UE Boq0MA0GCSqGSIb3DQEBDQUAMFUxDTALBgNVBAoTBElFVEYxETAPBgNVBAsTCExB
AxMoU2FtcGxlIExBTVBTIFJTQSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAgFw0x TVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFNUFMgUlNBIENlcnRpZmljYXRpb24g
OTExMjAwNjU0MThaGA8yMDUyMDkyNzA2NTQxOFowOzENMAsGA1UEChMESUVURjER QXV0aG9yaXR5MCAXDTE5MTEyMDA2NTQxOFoYDzIwNTIwOTI3MDY1NDE4WjA7MQ0w
MA8GA1UECxMITEFNUFMgV0cxFzAVBgNVBAMTDkFsaWNlIExvdmVsYWNlMIIBIjAN CwYDVQQKEwRJRVRGMREwDwYDVQQLEwhMQU1QUyBXRzEXMBUGA1UEAxMOQWxpY2Ug
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmpUp+ovBouOP6AFQJ+RpwpODxxzY TG92ZWxhY2UwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCalSn6i8Gi
60n1lJ53pTeNSiJlWkwtw/cxQq0t4uD2vWYB8gOUH/CVt2Zp1c+auzPKJ2Zu5mY6 44/oAVAn5GnCk4PHHNjrSfWUnnelN41KImVaTC3D9zFCrS3i4Pa9ZgHyA5Qf8JW3
kHm+hVB+IthjLeI7Htg6rNeuXq50/TuTSxX5R1I1EXGt8p6hAQVeA5oZ2afHg4b9 ZmnVz5q7M8onZm7mZjqQeb6FUH4i2GMt4jse2Dqs165ernT9O5NLFflHUjURca3y
7enV8gozR0/Nkug4AkXmbk7THNc8vvjMUJanZ/VmS4TgDqXjWShplcI3lcvvBZMs nqEBBV4DmhnZp8eDhv3t6dXyCjNHT82S6DgCReZuTtMc1zy++MxQlqdn9WZLhOAO
wt41/0HJvmSwqpS6oQcAx3Weag0yCNj1V9V9yu/3DjcYbwW2lJf5NbMHbM1LY4X5 peNZKGmVwjeVy+8FkyzC3jX/Qcm+ZLCqlLqhBwDHdZ5qDTII2PVX1X3K7/cONxhv
chWfNEbkN6hQury/zxnlsukgn+fHbqvwDhJLAgFpW/jA/EB/WI+whUpqtQIDAQAB BbaUl/k1swdszUtjhflyFZ80RuQ3qFC6vL/PGeWy6SCf58duq/AOEksCAWlb+MD8
o4GvMIGsMAwGA1UdEwEB/wQCMAAwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMB4G QH9Yj7CFSmq1AgMBAAGjga8wgawwDAYDVR0TAQH/BAIwADAXBgNVHSAEEDAOMAwG
A1UdEQQXMBWBE2FsaWNlQHNtaW1lLmV4YW1wbGUwEwYDVR0lBAwwCgYIKwYBBQUH CmCGSAFlAwIBMAEwHgYDVR0RBBcwFYETYWxpY2VAc21pbWUuZXhhbXBsZTATBgNV
AwQwDgYDVR0PAQH/BAQDAgUgMB0GA1UdDgQWBBSiU0HVRDyAKRV8ASPw546vzfN3 HSUEDDAKBggrBgEFBQcDBDAOBgNVHQ8BAf8EBAMCBSAwHQYDVR0OBBYEFKJTQdVE
DzAfBgNVHSMEGDAWgBSRMI58BxcMp/EJKGU2GmccaHb0WTANBgkqhkiG9w0BAQ0F PIApFXwBI/Dnjq/N83cPMB8GA1UdIwQYMBaAFJEwjnwHFwyn8QkoZTYaZxxodvRZ
AAOCAQEAgUl4oJyxMpwWpAylOvK6NEbMl1gD5H14EC4Muxq1u0q2XgXOSBHI6DfX MA0GCSqGSIb3DQEBDQUAA4IBAQCBSXignLEynBakDKU68ro0RsyXWAPkfXgQLgy7
/4LDsfx7fSIus8gWVY3WqMeuOA7IizkBD+GDEu8uKveERRXZncxGwy2MfbH1Ib3U GrW7SrZeBc5IEcjoN9f/gsOx/Ht9Ii6zyBZVjdaox644DsiLOQEP4YMS7y4q94RF
8QzTjqB8+dz2AwYeMxODWq9opwtA/lTOkRg8uuivZfg/m5fFo/QshlHNaaTDVEXs FdmdzEbDLYx9sfUhvdTxDNOOoHz53PYDBh4zE4Nar2inC0D+VM6RGDy66K9l+D+b
U4Ps98Hm/3gznbvhdjFbZbi4oZ3tAadRlE5K9JiQaJYOnUmGpfB8PPwDR6chMZee l8Wj9CyGUc1ppMNURexTg+z3web/eDOdu+F2MVtluLihne0Bp1GUTkr0mJBolg6d
gSQAW++OIKqHrg/WEh4yiuPfqmAvX2hZkPpivNJYdTPUXTSO7K459CyqbqG+sNOo SYal8Hw8/ANHpyExl56BJABb744gqoeuD9YSHjKK49+qYC9faFmQ+mK80lh1M9Rd
2kc1nTXl85RHNrVKQK+L0YWY1Q+hWDCCA88wggK3oAMCAQICEzdBBXntdX9CqaJc NI7srjn0LKpuob6w06jaRzWdNeXzlEc2tUpAr4vRhZjVD6FYMIIDzzCCAregAwIB
OvT4as6aqdcwDQYJKoZIhvcNAQENBQAwVTENMAsGA1UEChMESUVURjERMA8GA1UE AgITN0EFee11f0Kpolw69Phqzpqp1zANBgkqhkiG9w0BAQ0FADBVMQ0wCwYDVQQK
CxMITEFNUFMgV0cxMTAvBgNVBAMTKFNhbXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNh EwRJRVRGMREwDwYDVQQLEwhMQU1QUyBXRzExMC8GA1UEAxMoU2FtcGxlIExBTVBT
dGlvbiBBdXRob3JpdHkwIBcNMTkxMTIwMDY1NDE4WhgPMjA1MjA5MjcwNjU0MTha IFJTQSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAgFw0xOTExMjAwNjU0MThaGA8y
MDsxDTALBgNVBAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMRcwFQYDVQQDEw5B MDUyMDkyNzA2NTQxOFowOzENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMg
bGljZSBMb3ZlbGFjZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALT0 V0cxFzAVBgNVBAMTDkFsaWNlIExvdmVsYWNlMIIBIjANBgkqhkiG9w0BAQEFAAOC
iehYOBY+TZp/T5K2KNI05Hwr+E3wP6XTvyi6WWyTgBK9LCOwI2juwdRrjFBSXkk7 AQ8AMIIBCgKCAQEAtPSJ6Fg4Fj5Nmn9PkrYo0jTkfCv4TfA/pdO/KLpZbJOAEr0s
pWpjXwsA3A5GOtz0FpfgyC7OxsVcF7q4WHWZWleYXFKlQHJD73nQwXP968+A/3rB I7AjaO7B1GuMUFJeSTulamNfCwDcDkY63PQWl+DILs7GxVwXurhYdZlaV5hcUqVA
X7PhO0DBbZnfitOLPgPEwjTtdg0VQQ6Wz+CRQ/YbHPKaw7aRphZO63dKvIKp4cQV ckPvedDBc/3rz4D/esFfs+E7QMFtmd+K04s+A8TCNO12DRVBDpbP4JFD9hsc8prD
tkWQHi6syTjGsgkLcLNau5LZDQUdsGV+SAo3nBdWCRYV+I65x8Kf4hCxqqmjV3d/ tpGmFk7rd0q8gqnhxBW2RZAeLqzJOMayCQtws1q7ktkNBR2wZX5ICjecF1YJFhX4
2NKRu0BXnDe/N+iDz3X0zEoj0fqXgq4SWcC0nsG1lyyXt1TL270I6ATKRGJWiQVC jrnHwp/iELGqqaNXd3/Y0pG7QFecN7836IPPdfTMSiPR+peCrhJZwLSewbWXLJe3
CpDtc0NT6vdJ45bCSzsCAwEAAaOBrzCBrDAMBgNVHRMBAf8EAjAAMBcGA1UdIAQQ VMvbvQjoBMpEYlaJBUIKkO1zQ1Pq90njlsJLOwIDAQABo4GvMIGsMAwGA1UdEwEB
MA4wDAYKYIZIAWUDAgEwATAeBgNVHREEFzAVgRNhbGljZUBzbWltZS5leGFtcGxl /wQCMAAwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMB4GA1UdEQQXMBWBE2FsaWNl
MBMGA1UdJQQMMAoGCCsGAQUFBwMEMA4GA1UdDwEB/wQEAwIGwDAdBgNVHQ4EFgQU QHNtaW1lLmV4YW1wbGUwEwYDVR0lBAwwCgYIKwYBBQUHAwQwDgYDVR0PAQH/BAQD
u/bMsi0dBhIcl64papAQ0yBmZnMwHwYDVR0jBBgwFoAUkTCOfAcXDKfxCShlNhpn AgbAMB0GA1UdDgQWBBS79syyLR0GEhyXrilqkBDTIGZmczAfBgNVHSMEGDAWgBSR
HGh29FkwDQYJKoZIhvcNAQENBQADggEBAHOJojanzqmgaSN3/gqSQ4cbbmdj/R40 MI58BxcMp/EJKGU2GmccaHb0WTANBgkqhkiG9w0BAQ0FAAOCAQEAc4miNqfOqaBp
BEPr+gXT+xiidfZ2iLNwYyTneuK6AChwKfnNvOFb8lV1iffRTF/KtmVEDMR/sYeq I3f+CpJDhxtuZ2P9HjQEQ+v6BdP7GKJ19naIs3BjJOd64roAKHAp+c284VvyVXWJ
AH83KM5p3el2lVh4OHhyI0qNuz5oShNaACSioQ23WxHGVy9vsdVfnbhsplrWg9NQ 99FMX8q2ZUQMxH+xh6oAfzcozmnd6XaVWHg4eHIjSo27PmhKE1oAJKKhDbdbEcZX
2WbpCmK+2oMh2oYl0Z/wvXMt9cG6jbMvcdH4z0IOvg6mrYkKTM/RCGnumghxwYTo L2+x1V+duGymWtaD01DZZukKYr7agyHahiXRn/C9cy31wbqNsy9x0fjPQg6+Dqat
j1OyD5Gs4D2IJCw+fX5ODxh52MbNRYXTus2ZPRPM8JXNQC4GWv4km3M4rKnJDd6h iQpMz9EIae6aCHHBhOiPU7IPkazgPYgkLD59fk4PGHnYxs1FhdO6zZk9E8zwlc1A
noQ9rNeozIcBVyybQYjfrgg4DRvw9Ksk22OH4ConlB8f7R7s1LM2cSYxggIAMIIB LgZa/iSbczisqckN3qGehD2s16jMhwFXLJtBiN+uCDgNG/D0qyTbY4fgKieUHx/t
/AIBATBsMFUxDTALBgNVBAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYD HuzUszZxJjGCAgAwggH8AgEBMGwwVTENMAsGA1UEChMESUVURjERMA8GA1UECxMI
VQQDEyhTYW1wbGUgTEFNUFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhM3 TEFNUFMgV0cxMTAvBgNVBAMTKFNhbXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlv
QQV57XV/QqmiXDr0+GrOmqnXMAsGCWCGSAFlAwQCAaBpMBgGCSqGSIb3DQEJAzEL biBBdXRob3JpdHkCEzdBBXntdX9CqaJcOvT4as6aqdcwCwYJYIZIAWUDBAIBoGkw
BgkqhkiG9w0BBwEwHAYJKoZIhvcNAQkFMQ8XDTIxMDIyMDE3MDYwMlowLwYJKoZI GAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEHATAcBgkqhkiG9w0BCQUxDxcNMjEwMjIw
hvcNAQkEMSIEIEZJTcpCQRTwXEI88+nlLqN3b7JQ6wZ3y/JlosQRxxY4MA0GCSqG MTcwNjAyWjAvBgkqhkiG9w0BCQQxIgQgSnZFRpoKyudHBvkAo6hqyxtaGzBVpz8R
SIb3DQEBAQUABIIBAEj1f7sJy7g9/S/3wXfUqyyg/3Sr/4H7n/Wyxg+FP74Bi0Km sk+FJtjH7PgwDQYJKoZIhvcNAQEBBQAEggEADAiUCPkW4o6qXePSs+Yh+ZPDq8Zy
Z01zoauH8fpjsOg0fS/ll14j69FCkaFUqHYotT6kojdodBRM36IGMIHEPPYH6pAL v5hHlSNGGLmQP82ZDL/+zob54QvODTFnFb8SNL05nxIZlmZo/XtxRThlSiIy/Cnb
4K4CPk62J9PWRwlX+6HYPr+WDfSjzGAL5mDTzYVAuu2aUn46SmTUVNDv3UBaxQCS xL9dkylfOaOdtkc5MMv+W5AWQQ4CsJfkN+g9EPr+XcsFCn7Dsb/Vu836eZhSQ+tB
sghtVe1snSHpJYz3LciIWyKrE+Kpw+g6cb9hVY/a4p9jHu11x7MfCQddVg2qjZsO kttfKuhy/XKImI3fp5GLZhGu5NVWnwwC+lUm3AoKhmKhI3M8KCt84xpMGYXHJd1t
9TH1X9hfSzxV6bmFRZ39+MU/mOV2pxVYXyDnk6BX48PVx7C5tFWDtr+hB5dEQ93i DfADNo6cWgQ0pQeF7mSh4gSneysep2koZNVx9LpCjoYzto6t5DorJBtBiZBr7qBg
sQt3VRgv6NwEiyxqfxyQhHgpJY2+DqhoFgwbhkI= jY68KcMpZ2N4IIPLtcup96bHPeR+IkDqaF4EeeFIfCysEKBRFkbF+qzgNw==
B.2.8. S/MIME signed-only multipart/signed over a complex message, B.2.8. S/MIME signed-only multipart/signed over a complex message,
Injected Headers Injected Headers
This is a signed-only S/MIME message via PKCS#7 detached signature This is a signed-only S/MIME message via PKCS#7 detached signature
(multipart/signed). The payload is a multipart/alternative message (multipart/signed). The payload is a multipart/alternative message
with an inline image/png attachment. It uses the Injected Headers with an inline image/png attachment. It uses the Injected Headers
header protection scheme. header protection scheme.
It has the following structure: It has the following structure:
└┬╴multipart/signed 5496 bytes └┬╴multipart/signed 5510 bytes
├┬╴multipart/mixed 1623 bytes ├┬╴multipart/mixed 1637 bytes
│├┬╴multipart/alternative 992 bytes │├┬╴multipart/alternative 1006 bytes
││├─╴text/plain 312 bytes ││├─╴text/plain 312 bytes
││└─╴text/html 396 bytes ││└─╴text/html 410 bytes
│└─╴image/png inline 232 bytes │└─╴image/png inline 232 bytes
└─╴application/pkcs7-signature [smime.p7s] 3429 bytes └─╴application/pkcs7-signature [smime.p7s] 3429 bytes
Its contents are: Its contents are:
MIME-Version: 1.0 MIME-Version: 1.0
Content-Type: multipart/signed; Content-Type: multipart/signed;
protocol="application/pkcs7-signature"; boundary="a23"; protocol="application/pkcs7-signature"; boundary="34f";
micalg="sha-256" micalg="sha-256"
Subject: smime-multipart-complex-injected Subject: smime-multipart-complex-injected
Message-ID: <smime-multipart-complex-injected@lhp.example> Message-ID: <smime-multipart-complex-injected@lhp.example>
From: Alice <alice@smime.example> From: Alice <alice@smime.example>
To: Bob <bob@smime.example> To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 12:07:02 -0500 Date: Sat, 20 Feb 2021 12:07:02 -0500
--a23 --34f
MIME-Version: 1.0 MIME-Version: 1.0
Subject: smime-multipart-complex-injected Subject: smime-multipart-complex-injected
Message-ID: <smime-multipart-complex-injected@lhp.example> Message-ID: <smime-multipart-complex-injected@lhp.example>
From: Alice <alice@smime.example> From: Alice <alice@smime.example>
To: Bob <bob@smime.example> To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 12:07:02 -0500 Date: Sat, 20 Feb 2021 12:07:02 -0500
Content-Type: multipart/mixed; boundary="d03"; protected-headers="v1" Content-Type: multipart/mixed; boundary="193"; protected-headers="v1"
--d03 --193
MIME-Version: 1.0 MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="8d8" Content-Type: multipart/alternative; boundary="db5"
--8d8 --db5
Content-Type: text/plain; charset="us-ascii" Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0 MIME-Version: 1.0
Content-Transfer-Encoding: 7bit Content-Transfer-Encoding: 7bit
This is the smime-multipart-complex-injected message. This is the smime-multipart-complex-injected message.
This is a signed-only S/MIME message via PKCS#7 detached signature This is a signed-only S/MIME message via PKCS#7 detached signature
(multipart/signed). The payload is a multipart/alternative message (multipart/signed). The payload is a multipart/alternative message
with an inline image/png attachment. It uses the Injected Headers with an inline image/png attachment. It uses the Injected Headers
header protection scheme. header protection scheme.
-- --
Alice Alice
alice@smime.example alice@smime.example
--8d8 --db5
Content-Type: text/html; charset="us-ascii" Content-Type: text/html; charset="us-ascii"
MIME-Version: 1.0 MIME-Version: 1.0
Content-Transfer-Encoding: 7bit Content-Transfer-Encoding: 7bit
<html><head><title></title></head><body> <html><head><title></title></head><body>
<p>This is the <b>smime-multipart-complex-injected</b> message.</p> <p>This is the <b>smime-multipart-complex-injected</b> message.</p>
<p>This is a signed-only S/MIME message via PKCS#7 detached signature <p>This is a signed-only S/MIME message via PKCS#7 detached signature
(multipart/signed). The payload is a multipart/alternative message (multipart/signed). The payload is a multipart/alternative message
with an inline image/png attachment. It uses the Injected Headers with an inline image/png attachment. It uses the Injected Headers
header protection scheme.</p> header protection scheme.</p>
<p><tt>-- <br/>Alice<br/>alice@smime.example</tt></p> <p><tt>-- <br/>Alice<br/>alice@smime.example</tt></p></body></html>
--8d8-- --db5--
--d03 --193
Content-Type: image/png Content-Type: image/png
Content-Transfer-Encoding: base64 Content-Transfer-Encoding: base64
Content-Disposition: inline Content-Disposition: inline
iVBORw0KGgoAAAANSUhEUgAAABQAAAAUCAYAAACNiR0NAAAAcElEQVR42uVTOxbA iVBORw0KGgoAAAANSUhEUgAAABQAAAAUCAYAAACNiR0NAAAAcElEQVR42uVTOxbA
MAgS739nO3TpRw20dqpbfARQEjOywiwYnCtkDKnbcLk66sqlT+zt9cidkE+6KwkZ MAgS739nO3TpRw20dqpbfARQEjOywiwYnCtkDKnbcLk66sqlT+zt9cidkE+6KwkZ
sgrzfcqVMpL2jo0447gYDpeArk+OnJHkIhAfTPRicihAf5YJrw7vjv0ZWRWM/uli sgrzfcqVMpL2jo0447gYDpeArk+OnJHkIhAfTPRicihAf5YJrw7vjv0ZWRWM/uli
vdPf1QZ2kDD9xppd8wAAAABJRU5ErkJggg== vdPf1QZ2kDD9xppd8wAAAABJRU5ErkJggg==
--d03-- --193--
--a23 --34f
Content-Transfer-Encoding: base64 Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-signature; name="smime.p7s" Content-Type: application/pkcs7-signature; name="smime.p7s"
MIIJ4AYJKoZIhvcNAQcCoIIJ0TCCCc0CAQExDTALBglghkgBZQMEAgEwCwYJKoZI MIIJ4AYJKoZIhvcNAQcCoIIJ0TCCCc0CAQExDTALBglghkgBZQMEAgEwCwYJKoZI
hvcNAQcBoIIHpjCCA88wggK3oAMCAQICEw8tJb0ROZdKzkJUh6HuPTQGirQwDQYJ hvcNAQcBoIIHpjCCA88wggK3oAMCAQICEw8tJb0ROZdKzkJUh6HuPTQGirQwDQYJ
KoZIhvcNAQENBQAwVTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cx KoZIhvcNAQENBQAwVTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cx
MTAvBgNVBAMTKFNhbXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3Jp MTAvBgNVBAMTKFNhbXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3Jp
dHkwIBcNMTkxMTIwMDY1NDE4WhgPMjA1MjA5MjcwNjU0MThaMDsxDTALBgNVBAoT dHkwIBcNMTkxMTIwMDY1NDE4WhgPMjA1MjA5MjcwNjU0MThaMDsxDTALBgNVBAoT
BElFVEYxETAPBgNVBAsTCExBTVBTIFdHMRcwFQYDVQQDEw5BbGljZSBMb3ZlbGFj BElFVEYxETAPBgNVBAsTCExBTVBTIFdHMRcwFQYDVQQDEw5BbGljZSBMb3ZlbGFj
ZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJqVKfqLwaLjj+gBUCfk ZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJqVKfqLwaLjj+gBUCfk
skipping to change at page 76, line 45 skipping to change at page 77, line 45
8QkoZTYaZxxodvRZMA0GCSqGSIb3DQEBDQUAA4IBAQBziaI2p86poGkjd/4KkkOH 8QkoZTYaZxxodvRZMA0GCSqGSIb3DQEBDQUAA4IBAQBziaI2p86poGkjd/4KkkOH
G25nY/0eNARD6/oF0/sYonX2doizcGMk53riugAocCn5zbzhW/JVdYn30UxfyrZl G25nY/0eNARD6/oF0/sYonX2doizcGMk53riugAocCn5zbzhW/JVdYn30UxfyrZl
RAzEf7GHqgB/NyjOad3pdpVYeDh4ciNKjbs+aEoTWgAkoqENt1sRxlcvb7HVX524 RAzEf7GHqgB/NyjOad3pdpVYeDh4ciNKjbs+aEoTWgAkoqENt1sRxlcvb7HVX524
bKZa1oPTUNlm6QpivtqDIdqGJdGf8L1zLfXBuo2zL3HR+M9CDr4Opq2JCkzP0Qhp bKZa1oPTUNlm6QpivtqDIdqGJdGf8L1zLfXBuo2zL3HR+M9CDr4Opq2JCkzP0Qhp
7poIccGE6I9Tsg+RrOA9iCQsPn1+Tg8YedjGzUWF07rNmT0TzPCVzUAuBlr+JJtz 7poIccGE6I9Tsg+RrOA9iCQsPn1+Tg8YedjGzUWF07rNmT0TzPCVzUAuBlr+JJtz
OKypyQ3eoZ6EPazXqMyHAVcsm0GI364IOA0b8PSrJNtjh+AqJ5QfH+0e7NSzNnEm OKypyQ3eoZ6EPazXqMyHAVcsm0GI364IOA0b8PSrJNtjh+AqJ5QfH+0e7NSzNnEm
MYICADCCAfwCAQEwbDBVMQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQLEwhMQU1QUyBX MYICADCCAfwCAQEwbDBVMQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQLEwhMQU1QUyBX
RzExMC8GA1UEAxMoU2FtcGxlIExBTVBTIFJTQSBDZXJ0aWZpY2F0aW9uIEF1dGhv RzExMC8GA1UEAxMoU2FtcGxlIExBTVBTIFJTQSBDZXJ0aWZpY2F0aW9uIEF1dGhv
cml0eQITN0EFee11f0Kpolw69Phqzpqp1zALBglghkgBZQMEAgGgaTAYBgkqhkiG cml0eQITN0EFee11f0Kpolw69Phqzpqp1zALBglghkgBZQMEAgGgaTAYBgkqhkiG
9w0BCQMxCwYJKoZIhvcNAQcBMBwGCSqGSIb3DQEJBTEPFw0yMTAyMjAxNzA3MDJa 9w0BCQMxCwYJKoZIhvcNAQcBMBwGCSqGSIb3DQEJBTEPFw0yMTAyMjAxNzA3MDJa
MC8GCSqGSIb3DQEJBDEiBCA4lKOx9a084fB6gb7XvsxC6U70hVOXe3FjeF9sS6mN MC8GCSqGSIb3DQEJBDEiBCBpheScfJ+ESh8/z2r5jHx3Lw+5VkH8zTicO3HRGxfm
qDANBgkqhkiG9w0BAQEFAASCAQAfMFJgqp9Vb8dS34Kz4fZfKGA1SMbqun/XqC6S ozANBgkqhkiG9w0BAQEFAASCAQADy9VgxUcoI8DWKdyHqPM8nLuaHB1B/SONgbzi
9/+EpIiDL54Mw3qug01eU/ms0YoBlu8aV/9CbC2DlOdPrFCRuHTWyFClWgi2X5Mj 4S1gIMs4wR6S02LpiG36z4/zFw0JUbvqwC2WJN7+W0Vra6ZX/x7Hfmv+uqdsMW6j
fg57SXgGd1KJmhWAtcNuI11l1k6TeoI/pmU/R9tNKrF349tDVHZU/4GWUfuyiorK r8IXATRFWNm6GEbih2BsYABTNy8z0JGs+y6dcNNdDIwDJIkJETi+xv1eFA0deoWI
t6TQK0/Vf+JUySQVCUqnx+Zb+bhvWmKfKuX0CJDEOyD+kH21ar0HMNGLK9S9R3MJ PyHmUjpzzjOcTAkFnSsa4lwSBOty8lZPW6u0klUx+VVGRkgg/0uXTBB1yGD02gbw
dfL9+1PmXCXsTP7TIhmnwCJSpBJpmzzq345uu3N52/3SsJYrahIUkbPLnYxTAKDD q5893RxO3g5zzxaYJP03zyO/WW7FmCJNNQbyZbQD8R4rvR0hVna0r7XoW4Q+WZfU
N1k0ijGbEofDEC9RtdwnoGPfv1UG95LK22Ys3tLqApQqkByY Dz29oLszzmumpedAaP7q/M0jySdSjWfQn1W5hHHhAMIlwcqt
--a23-- --34f--
B.3. Encrypted-and-signed Messages B.3. Encrypted-and-signed Messages
These messages are encrypted and signed. They use PKCS#7 signedData These messages are encrypted and signed. They use PKCS#7 signedData
inside envelopedData, with different header protection schemes and inside envelopedData, with different header protection schemes and
different Header Confidentiality Policies. different Header Confidentiality Policies.
B.3.1. S/MIME encrypted and signed over a simple message, Wrapped B.3.1. S/MIME encrypted and signed over a simple message, Wrapped
Message with hcp_minimal Message with hcp_minimal
skipping to change at page 83, line 18 skipping to change at page 84, line 18
Headers with hcp_minimal (+ Legacy Display) Headers with hcp_minimal (+ Legacy Display)
This is a encrypted and signed S/MIME message using PKCS#7 This is a encrypted and signed S/MIME message using PKCS#7
envelopedData around signedData. The payload is a text/plain envelopedData around signedData. The payload is a text/plain
message. It uses the Injected Headers header protection scheme with message. It uses the Injected Headers header protection scheme with
the hcp_minimal Header Confidentiality Policy with a "Legacy Display" the hcp_minimal Header Confidentiality Policy with a "Legacy Display"
part. part.
It has the following structure: It has the following structure:
└─╴application/pkcs7-mime [smime.p7m] 7865 bytes └─╴application/pkcs7-mime [smime.p7m] 7565 bytes
↧ (decrypts to) ↧ (decrypts to)
└─╴application/pkcs7-mime [smime.p7m] 4810 bytes └─╴application/pkcs7-mime [smime.p7m] 4584 bytes
⇩ (unwraps to) ⇩ (unwraps to)
└┬╴multipart/mixed 923 bytes └─╴text/plain 423 bytes
├─╴text/plain 51 bytes
└─╴text/plain 370 bytes
Its contents are: Its contents are:
Content-Transfer-Encoding: base64 Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-mime; name="smime.p7m"; Content-Type: application/pkcs7-mime; name="smime.p7m";
smime-type="enveloped-data" smime-type="enveloped-data"
Subject: [...] Subject: [...]
Message-ID: Message-ID:
<smime-enc-signed-injected-minimal-legacy@lhp.example> <smime-enc-signed-injected-minimal-legacy@lhp.example>
From: Alice <alice@smime.example> From: Alice <alice@smime.example>
To: Bob <bob@smime.example> To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 10:10:02 -0500 Date: Sat, 20 Feb 2021 10:10:02 -0500
MIIWrAYJKoZIhvcNAQcDoIIWnTCCFpkCAQAxggMQMIIBhAIBADBsMFUxDTALBgNV MIIVzAYJKoZIhvcNAQcDoIIVvTCCFbkCAQAxggMQMIIBhAIBADBsMFUxDTALBgNV
BAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFN BAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFN
UFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhMPLSW9ETmXSs5CVIeh7j00 UFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhMPLSW9ETmXSs5CVIeh7j00
Boq0MA0GCSqGSIb3DQEBAQUABIIBAEa22w/F1c0bIG8WvzjmjX22NFNUPhwFe1V/ Boq0MA0GCSqGSIb3DQEBAQUABIIBAC+Eq3peshJhf1JB/ataWrNRTuNhGtgwfe7q
qCroT/wns59jF5f1JcoqaBlFwKcb681of5DTO8vnSkWPKWrnokNw+n7WDxPDCt97 0EmuJ93I3x04yobd1gfM+UQ8fBXZNobbjj57dkoxkbYEEtGKltv9PQrZ4Qw/e8UM
mpdL2yESFnqJNtOPRi8A+wIqaWL3tbMTcVmkNv2Z+x2gkdjvtXpkv1uGrnVdJ3+I rgYA++xUC/h4dLTBBD+6U2KFinZFbVBJ7irGCZVB4ddzF2F9dMzZjMH9DOZIS4Yy
6GqCibr/IXM0bqpOLOpDAu3oGz7E7phULsVNqf5pKBgFBO2rz5LoifSfzVXb6NzA sB8Egd8ouTVQCLCfc7FB7i6f5qpfj3FibrPFQBrxFobqID08eoeQLv0oNkI4b78W
3G2W2+ohE5tR1tEWif7EAVI/szW1nIHh3bjwvMIcL+LPVR4ktMZQMI7108AUb+95 xdkG88IHfdWmjCr0+5Zj/1XdmMnuQfDaGV0r4FemW/gCjq9UnQCF9Z6Yi3WQeCm9
HJAZQcl6eiyePfhy+Sep7ADdPufBa1sZE28NA6LF8OCrkRx1xVswggGEAgEAMGww xyEcMfUBWbBlpt5sBXqfV9JrdP6/5bQn53myy2B77XRrGmIzA04wggGEAgEAMGww
VTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNh VTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNh
bXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkCEzB8R0APhiY6 bXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkCEzB8R0APhiY6
HGLS64MvlsDXhpQwDQYJKoZIhvcNAQEBBQAEggEAcikf/KvXtwpXJ3UkcmT89anq HGLS64MvlsDXhpQwDQYJKoZIhvcNAQEBBQAEggEAdfxEVSY21BQVbKsyGRIhEI8f
Gwo/y0iMoldTtl2ZC1RIivydxs2bZY9f4+aGk8eHlvqo/WKedsln6X6h/VuysHg8 oJYQGAob33mMh9x08UAKGVuquskYMwZs2ZzPcFIPCBQquiecjjXN5wxq1MWLaiRW
LysyubrBhH7iTE636Jh67I+juBDcX8B7H/qc/lYsBp1ryJ5UGSMp0lctF5OSQsy7 Uxg4tqnwezPRnGQD9GsjwmlV/n2JMhbMx/iXXYfvZ3f3mEwsUzfKPkxmO/G3j6q9
2MJZkYHuA5EbDAHsUVmbTfK5ms3rkomKkDPeg55OV+aYXZb5KROw/mNzeK2tgvYk zXW3J5c0ipriUdJHt26EFllENbXUWSp32pwEjOXxp/nCHy4SphqyoHLgHTxQ9oTj
ec5AGboecFaiedYYXootzo4XkbplhYLf0Pw2GnUhBvNLdzYEbKdB390EQjZI7liG sJU9nMm2Tdl0Z+WtHuRMxLbFjFF4lURAz35aWJ5Iw+v0eBxQX1GxuNZ4CrmQsKrd
5sAbkYcjfQBfCwSrPHlGV+AwgldpHtIRrgYlxywI72HekKN/BIj/2AyxOcKmKTCC CE2hcL2vXsRECb4A+6596OGIon3R/BLQeLC8DPVdUFHvx1/N2REyW+hENgsY6jCC
E34GCSqGSIb3DQEHATAdBglghkgBZQMEAQIEEB/2upKq23GgsDZUcUo9+5GAghNQ Ep4GCSqGSIb3DQEHATAdBglghkgBZQMEAQIEEFVaSaXfBQr5J2dso1R7Q+6AghJw
iuAya0TZqTCj2e/BIPKVzRT2h+7eY7OHIsBha+U8Xns2rMqCPtYEwYfyJAmX0nFK pYrgLyq6XYnx9XGh8iNTbg26fpAqJ/xIjvD6nilunwHyMUMY08cEIIe7V6BClAKi
tkaXj5MDdhXtSBATyz+QMVzEC/m/0+D5U7ssdE9dK1ZfxwW8DpYlzQvNfujGPuXZ kBfWqycgmbgBhr0X92qKyLS/izZ5+QdJeqracwwwepbT33PZXDBy5q7hhIF90Bc/
XP4m2Fwfy4If9itpq3cZubfD9n43HLDcIxiceNYf6Gp0ITvKGPW0z+AThblA0gdS GMId1bJGopFeyjjrczBpN30biBPas7kzVFn/wGrRfTi2Mo7crR0v9znT0ixht33F
aGlRpRokqqYhwNqPS17KqCzSuZz3DfdaOis5d4SDq5l/BC7vSNLb3k10ERgZ5+dJ KB49E/QZFdtyip1Dz+2zIm+1WkYX9nsW+fyLcUo4OHpywofaDHWpx1MrxUs2QF91
+EaNyDlOuFqL+qm5xnkJzgw5iNJ7Gp9XwjTLbXNwmx7U/1n1X7PufBQPiKsVhTLa 8CR68OCF/GSnUVJcySVKp1xXrEeoN7i3TX4+0BWSWlIVYp5g0vrJ1eD3vadQTJuB
W98kvrWzckKeHOveCjvjIsHvgtoKBO5l/PL1WINKcDTDH9iFO52FiGLdLtVimTLl gDk2Myz7mtAdswdqd/wpPn28tBGM5+GLwImlTORyf2Eqscr1ptWJXsdDlsKf/u7u
LqY7ysLEV1N7k7FpVR6RYYdKk6G9xEG3r9bIMlwGQAn4wLk70qFC2BmNGekpzG9/ Wgrz+Z6GFqiSVmB35k2oO03E/hEu74u0H3zErccItnxq6ElhDmVBRgYO+3Nwmh7/
muiOdB2XIaweUvNrYGB+jy4oqVYl7Re7+TY+De63ZCBx4odw8tDKgExKWoVHHYWP Cr7nfoSykkpZPona4ULy+3O9VrRI31cCheD+EIB+HRo58Ez22AxmlVINMq9ANC67
eBxk1vZd/EZjwAkbHI4NMPajKJ+rdT1axfyvRxVfzINsJixkvp1A314fBbNtkub8 Gl/xTtJBiqb/PvT/mQiAgOvD95GtK152R361w630qTBcIV36ZN+zCC82AQIDKbOK
k9kR+oq6R0SxlMOgp9PzKNqkWMkmJyvOORb70BcagZh/Vii+ySQEtRIdoNUZUT+2 PmZm9nMyACvQ8oogodcctHvFcQj87+eqJRmmFU2/CMsreSXmujzxXH6HGK+kanBN
d+TYlunEGiNp3Ny+JvL7n5nSHE0WskzzQrGWV0mZX1pi5lXeaZPXorBt0JPk6H8A lDAV8efJXHsD8+2V2on05j6WN7inIUdZeZGvEzrDeGu8mTdGQwCEoyH0PVRYYVKF
bzm8480Ioo4QOAohfJsuztHmWlIcBX9KX/fBDzBYux0SGbbsTD3TWK/+ITUZASkG 31uCk4eB50Rdze4z+Fn0mBNjwykdbVySdLZnKMX2jalrcbrP510I6dsUnG9T83xk
gxxt6XJ98uJ/Fji86TMkiE5EZpAcsFQucELhe/IrdTT2sOc3C61c5i7VsGkiCpRS uvcNrf1RfNq63Iy/GsHMNnLNtgSpLc4N+hz67uU6G2y2+dLikA3ODBomVXDxqPvq
URpHL0HcyOmvdLQIKPlpTxEku2W8mBoiRWXWs9tFOcmKatS97ZCj8SbHA8ptq1VL ozR2Lcaqb5Wi/T8YLB4AY6BUAAfTWrhT0FWeccWYe8O+l0PnPHbqKTejSDpkzz6M
0P5Wjuno8PghvVeAafPpq7CI06+EaWu0NETzfywAYhPIs6zfcnct8Zk7nVEHiDZX 3wB2MtLOsCxSDJouFWohnAlwFbZ7hEfdcuRXSklk1rSbpEFHOsWiNCdfzmoSvVOa
cEBrILiR3pZdigh48YySLofFjYpj1vqb8GuRsVTIhQeyP2K42y4kUHkD7Nteg1Wk yXOMR9fWCaYXXZJyZOZwTZ7KjFswa7LbZNJxPpV4RDNEOBGrGkxfGe8N2B0AuN46
FpA7Z3bSYwAJp/FGu8+Cc7ItaiMwNstOf+ajrbNkI2+tPJoVuXJmR5wLaXyMFC6F 7YkKLTQRy2f2BhZGKrKnGgNLPWvccBouqR0tvA09X7QUFAqfDJKJKAq2jPFfnjLI
PjFkUsJKpB6ZcEFYkJ16WxWYtysYn2FIcQOJXLCQeAn7lPw+awous3Gmfo0wjGo3 S/DA1pUuMzGd1AAJPXkRXC5MvbepTLxPcwvo8Ucw+zzzmSTYQuyOyUwXqNyj+DpS
lXjZFKJxTSKsEpMyFPfCHSv6BCwMDfg1/29IjzvhmhGAijs8RHHWm0YexfTf724I cdqSt5QYxQiMMBQ7QCA95OIGmwXXXX+PvpS6ShMGtidC3Q/h7M+oT+SCoCZqOVNW
eBYvn0IpPxfpvlTf+/9gVU6Gp2hJ6u3zkbH/2d/30m2/F9DhDcT5IxIx/9B2r6o7 ttRmECtUzx3t5IVRPE1shpsdNE7SyUS0KHUnguliMTWhaAWWfM03vppFHRMQ1Paj
Qi0ln9Tx/vCawSIBYE07PCijretGbjthGQzOzXlEG24ARa35tCO4pgPfkD35VSd0 KPybWs+V+Pa0gOzstjTqKr0u5L0wX1CRtH+add6GnjZuzaJ+pOZtC1CIGlHl8Rji
xHV2bewdZDFKTCpTatl0KhSgBwLeAixU7jBVrZR8VnJByjxWBgFLEDE8KzEddKn4 dCO472JhGSeEt/T5ugKEQ3gvVE38GdduYyDNL0u5Ef6vBRbY9mJCITfI134szZac
Nomaa1oifV+yVBwzzG2C1vZjH4O9paMGCfX3z8TWU90+tOhMmkpwyQriTLjKfIwN axoN5PKF2Gd5XM7kyU+DeHntXpvxfwDF/39ScoZ1Fow1qHbxRcFEH+3YyhFfPvar
cIEl2yii4eqWWrrU6gg9POEP04OhmgCsEn48SPlMxnQ6n6g2r0V+wCcow2rPqvjC JELk7bMfE1CLcE93CAmuVdxLjwMgXLD0fD2p7o03dgEcoMfuQBtk9LqaiND0/b8U
Jsz6VOnLZ1gloZwrJo3Vm9UBmNqiB/PHH/dDjTTRYf+FJFZ2A02Gdc57PQ6MWGYG N2FJbAyLGxKn+Dkorl+TF16ydEJIGQnIv6kvJYi2v6QdblmSCoY7rF3IuA72aO8A
plbzAKYunqcYkVe20/qEV7E6nDaWBK9CkeT1tDB4PVq7MdrzmpgV+Ww7BZ5GVvnH dpenqkKsPLgp5ltXAbND8d2gXVaLxyMOSJSSgKo0vZYKQYcPh5FeaIMtWhbpo6ci
KTH+gxoGRd3osBXGiDXSJh1gLjCJeRKyK0L9h281No1WtoF0kEucHubBg8tei6BX ht3Wb3jFcXT7REyuTVIbXcmwp5BfGF5HjtdsAUhuyZUWUfOdHWyirtORHoFlmokS
P4gYgchmcZ/vE3K4adRSm2bnudFRE9jM5tU2ttwxmsp2t+trVIc16MTq193JHYZT UMlRMaDa0CcoiJPXpQmvUivQxM+rPQUEHSTShwnx7hMjOUTUXxiaakiw0QNA9ZKL
SzIaxa7oshTxNVJamKzyeabTgeDnB0VQhPrFPxwCxssCs5NQpyWBP7ho+iaqMf58 +GMSQBAFIz+20NO4OGUtL86+ypHLQppCgOlYrbxcLKRvIIs4+VsaIvgCw5DGdStR
tKgV2OegfK/6N33l45npAb2hmA9e4pGuPtbw41/Vvl9q5wdA5M1R2tdMN9PYHLZ9 9jftX9HpMUXcIQvUIxZn+pWNMeTD9f1ScHgQzYklDcbLf+YCYM0GXnnVr1Xeu4Me
HinWeDjg9ibHoQejI2Ji3pbtfqhhBVlVDLGOtJ+4Lc6PoFuZcrR2RWGQxtHOOSdb VlhyXuHUZdsghw4BpyRk12gvO4UQcCvrwo/jLr3TO+msHMj8K7GZagwqzwBNJ3EV
R7zenb+kXANT9Ax0IRPr7MlJAt8etw1yswd/YUws4ifmrfGZSOp+tm9inXWCLzR3 UeuYuFPYxk3nwsS9csq0WnH8i1YIBa63pdYH4VuRGWm8Y7vbI5/I0HTb6O3jYVB0
4bxdlmsUL3AKRqsWQd8xi463Ye69G0W7auEaCl/GR0RnOk5L/FcxcGXAyPdcvn3q 8Iwn+GdBK/UJe5scdKBgBPc/cg6M043WgzdQp0jYpRZbehyB/KVU/W9x8df3DkXa
+mYNGErvcyJIDHAiPbrTvLSrrO61Uy+qU5rv8r6D7JtxUubJujNrs29WmVN44hUL DM53Ub6Is1CK8/eSrjkmjnwytkF+JuVUxYB52yoDzg8JbxiBKwn7NcNN79k8hW3I
SNcf1d/nLuJH6xXFOK+JheMjbb1wQe8fGh79sLoSqp+HNlHnBH+AQ68o4YgomUzq KZTSRImiDH4s59fzHmCMZYN4TrZ7aMC/jqMKlPfJjZRraM3aeRC4DvvHh0fD/bcB
0bDNjU3aYg8hQZV2vwpM+hWAUPqU3NMJGpR3k+Nji32R+0RhvdLWeqN1kfnQoT1R rWzmZfFZeTjsKTYKHh4ehbgMKbBU0wMQyYg8HZ8XILgHNhGHz3UqiEKGlY3tOE+P
4aJub4sThKfLuYV44UGr5lbfaZHyNDgjjTCD80AM41L5m/EZSQs91fjzumpIYwBl 9/2DFIerkICH5xybrAxcvDJeyMF8sWVxW6ZJ8Ka7OOUMEmCfdcum625cz1uIs9u3
QypmLkoUGiLOyBVP0wdpwmjA3IzbiWMbOmDKHXHsUyMCbxLGs0SYGS2rriwtcqCq MyD6VCyef/j0TpqD+kn40IqQnfzL0QzrHA9Vp6k/pg3NpMhFc5ftr4QsBgyCDA5n
5sJJbn1l0PizytS8i/BrJII9Nsab1GtX2J35+njd32FsdtL53FN6cPIL0KcTjElG vKcsC5p2gi7/I9BgEw4aVu98QCO5dtULTssnjxZZHXhggg40FEw0gv254T7r6yJz
4WOg//34Jl+MGbgVPjTurXXGOVZvsdZN4EHy+4rnfd4fMKRYT4HQ27gYMBXHIDHn gYa/tRiRzM4I1VILMvTdbC91eqBR2QSEBfjpBoPWJTXNcQfw+6lSdQCXC9LyIhwR
rm8HIuDZ+jYC8AKin3dxJcJhHlitKYTgCeEbzy/svlbhkA96MQaBjiSpVYrELIQ7 +8BNMu883XsyEW2nHu5pELYUuFFIG1LLAPL9h13BKbOg/Q0tvhHnjRZvujBGlLSK
a7hZ5ud9S2Av0hwgcOiMRonpYCGtCdkCCyHa704w5hVxZiHelf5jThQtfTK86oJf rSbq9JZX9cT+r6R4kab92kbII2bEuBAOei7rNge0kLba5jTmsLiOSI38Vsr5AZok
3HiCAcd3iUpLlNtxBTZ6fbF1yTymjcjO1iGL1wJGFanWRg2ZV3AI5mY3hMq7AtxH pIbQl8SbqDEnnApKiIL9BuFCUfHG+uoM5hpg9B7ldmDyCAiFSAzm/YsNwHqcHpEs
Y/Bj90EF0sz1Gs4SSLlfYt9lblYjs7c7uSSv06GWIE9UbD8z7HW5FU5tK+HBjBdw el83W3ds1EMf+VJ6St/mq5GJfAKH+vfp3qXaNqJ3WoaII+VAK0VJ42gxXgtdzojS
LPM8brWaTrwL3XzRy/w9ZXdZEPh70HUIMeTC+Oi71hgemjjQYZUDhvXoYVwaIU3v pNX505etbGndrzjGEUSrcfXKhUduDklpB0wtAPewEXQFJj5pIZCO/KX2B6Xxe7xn
CyZ5FajozqxAHng3E8i3dLOYjNygTlqQYsw9joGA1BA2EpQYgEUjSqhd47gXXtdo xGk3b3zY6FQfIMVX4VIYDA+eaTu2AvEJ+1HNAZNJmPO1y59VBUif0vfARKnuh7fP
qHRVrHIl9Iz6LAzkdSZrMwb1IJ6kBCI+aP9p9zygcLC9qTWUI6bye0/ICzGIPOgP mQVBAguXLkzbZomaCs/WEYLFIN7dKw3gJw5nYyKNRjRUgW5PSRjsv4UVsCUIw2EJ
yQPZFiR0aOo6akIeDznSedHDhR0YN3RE/QMTVDk3v7vBtgyM/z9zDID7bScE/SJj bWiJ6n2B0LM97iaDbMTlHUBb5O1HDNn0o5qgd0lqto+2BCsWJpqvCSNUXPW/kXGr
KjV5V6BDgnnavicg9wsxeqV9V/3cql39JugZR/ABxhy3E1fqLIc/G1ZYruGH1Oej Suq0yAcjmajGOvZSuN3/uUMdd7f8z+g/kzOw5tGz4m/Y3rx+WdM2IvyRuw5pVNWd
csJrtIOhX2Gq27Cq74oezEg5D6wEf4YNs/GNwBPo8ptu/hOIHEHwyKzX1GAQWgnm 4NXI7onnvatoU9lPkXzaDpUTUj0bI3MOiGWEsId8pyCDIAkjhud80in/kQsAoU9q
Ip1+AtGXuZlOsWo+ZsrYjfgoL3ziKIszdBpUJTcH51Qlj7GoSjzyppyIRZZxqXBt E8RFW1YopzYsXXG3bVWYYVGoqk8mew/5dYAThg5LnTNuQw1SGb61TSpwhNjh4uuO
dl0cVI56eZD+nJuT2oFJN3Rgdv7VHOAOtG8kl5iwwsvT4uO7hA2pcAAV55OutMPm 0coeDjLGD7+IDcwHZ/lOqIGXi1W0L02y+jT3GGUVQ6gM6b+JmTHgz9WREh/ewegV
vf78urtFFzenepJ2dgShgZB8K+FkWDNJ4dyYpajAhnnqkgvZbzDVd+Jc36UtZhnW Zz9jHHEoj5XSGW4EcBE5UB5R4tg76KqZJTfrDOKifiLQ+bI/u4jPt6P2TpGd8rPU
k90OpLrjc9nFTQkyr0ygZPnas8aKs53lM2TSQnRMHBkvoyswglOyBP0eJpptBiqa 2bH1dJaImjko/zcMfq4hTxKiL8qxnPAjbMEwtCtlcO9ZOa1oJM0r5CO1TnFo09uq
mJDH5qK2ivjt+J77g+QkzolY0K6MwSELc0QwSGiK8z6XEktHYxd+O2Xda5j+mvAc FaP0RHz3949Pue+6Khf4My25iOdUor5qA7kxPsV6H0zZegWtLhWQ5bQqedzp5/eM
Rlcmgsk6HD56X2Ev5m39bMmAzCwXxH58xa4pB+0SAPf2IMD4iyXkOH9TMwA/yu0X LUZVgqQV4EqczWW6nVSHq14h1572C3wZEy8lSkMhFPmNo+cdYCucDeA7Z+If2jvm
8usDaDjHPW0S7mjrrA5hvv/NPJHTmahlOPG9ddaEAXqr3JSCyr4/BfdLX1dDq0U+ KotQrWLQ6GNUTV+uDM6y7YvVO+DK4C8mVvi4Kk85/7yQsLV1iDA9JWtH2D3+JTRv
m+unOyia9PPOSk+jNGUgp6Z4kT0cdh0d/Z4PiQmPiH9U9H2UTALqBw4NhZfCKlgo MZ1E5RduDm/XBr18LGBp08kBGLlm5sUg1Wf9bAb7VwoEgJf6YGPXxngTnQhpmSF3
2UMAhxv1bB/2ovqz1cczDOgCiNO3i49J7y3kTl7b6igRJo+/J6jJPPQXYs/K2h1x 05txmNA7C1O79SfGJGaS1xLuJrTaXuZGHYEK3mWv7x1pRtUkzMam7nu9Fk0WEBsi
MZamB266yvpzEQ5XmQVZ/WD0e8UP8PyWmALyhGObnucvDMBH76ENnpoiKG32qdGy 4TWBRNwFDLt+eRDhlcEZ3BXYXxaYmd5cXZUYdGaQuwbBkD47MEwL/XEPROuqpWFG
aiFbGDagENFNLURcZvcT/ov712ubwbfNK1U346ly4npNqJSCAWiw7X9wFJjnL175 IH3c2ZkmrugKkNgaKKJb8A196iXGBBz7JcofKzud8PK+3tWOdXYM0y/KXNM3vimE
aN0xf6Lif+eYOY+3v/p+TKT7X4dWLqrT0+G8uS8CWg9m5PRHCh6AWH6Rko6cJcpj QHrX3fidOvKpxrYJMgbcCkFaXWvGM3F6IksWK9R2IuPOS60MZ/IZPweiuQqMLgYK
0Fiv9sxu+FSXCa+4N1p8MGEzy368JojdVB5RSE6+i4DFy9juKnH8xlTaJKTw6JDj iLqf4Xkpc+mI+9iFwbfVOg8b+0+bI7fBfrCFsGliDS5xeBsmB86h+fn+O53BCZeZ
wi54YOxYpqJT4KLYy6ubzr0ka7TPU1LNdyvxoSDKGS549d56E/jP9jBNBKB5MMLI S6ltkJUm1lKQxzSKvYfdvY3Atm/MYVQK6/bIVZg+BniwM8VEFY26BWz0lsxzK0UY
nE57fAvuIoEZsSy/ndjmyC/BWfDDMXFZ0Y/w1n8OSph5sudLk4RCCsq+PeFMis7P FbtfWN9vjObdqOtiSoTMFIjcGC1C7z1mi1uiExj0saHwbTKFuyHduJ+VRLm3+uto
jZwliinGCoE67migyD2BygrIrj4p1GCfROgcgxqez5IXlxvl5xQtlQ/Cohq/HrZW ou9iSAahnyum4gnxQ7IIcceBe+/mp5SbG5G3EZwVQRkUHD/P/6fCJ2U2Qsl2lmmI
bg/HoXzJbbiZfy0dxv9rg/5t5WrzCtIq7TEvgyk9jPUd48vPBU38YXBPF0jxIAxd HClgZBzFMe8HeDW4K1tTnk4YMOyTbn3qMPq0Qii8a6yjDxTYfoCXWzVWF80VmOkz
WUlNZMELTHqGyrvaZFSRnh9Z9bCw6V3i2kRkSEfICZPygt+6ocmIDXmA0uv22I3I 1wVLaNm3GRujlWDRURCzwbWDUV9/dm++kWwquY23VagcWgaTKLWTW4vuAq0rf1KJ
uZJc7ykY7HlgfzrvgENSKN3bdLKfLH740tiBGfvxD/jyk0iBtY2j4lLmnaKeyZwP EYONqKKZHxBRyhg1+M6KQqGAgg3LZk6MqiMzABR8V6jmnLLbw1AIUCcaAGOynlZI
CcZPmoh6iKc8zruDs7LA7v/zOuzD8Y3snjkmuh+kLGtdpP09IkYYdmdoYpPVkcb3 WpcaMisOUT3C3v2ChiEQtQrfWX9vlOY/ScwND6KDieQMqkzMrPUZU8we/Mms/ouG
4Ndz5BjJ5FpRuRe69hBlZV73KZGaR6cHOPzfoKfHJo7dF8QNoK/RSP+DWaAV9bLu tiD4hMx3QZf2BTKcPeGDt9R5pkWYg1ZzL+7vsDouLCuDAnUOsSfu5w+Qgp9aRB98
6ZRKzgVVAR2QMD+3L3zOa1o8SIiSFKlUwR9B0oILEj5ue5bUes9zgIRmPn3ORBt5 O8g+RbMbBoiOljAK7Bbj6pqXD/IXJ3PubuED+Q8TSG4YexDXGX1qvBPvxUsSlS1p
SxegQO9L65uvcg6vnInvUe7BxIBqqxSZFyjCHFgU8qOrVB8+wB9thdTNXSfh9Qak 5XDmwx/ULLKV5UdRUlrTqmDjALIGAEww0awhTvvxaCHaRynxq1/9fJYFQcZ8JvlQ
ZVtF3Aw14GdvQJaVCNu7jSDuUP6FykZjqLPSYQQqGJcBzAvaZOp6k5Evjnf/Mnk/ j0Zjaqw8BS9rw1z+ZQDwYQbko0pBYWc/vKLib0YERvqph84iHWtvXfydd0poJvSa
gPwfCeJdAXyJcxSbFYelbx7V7Xk/09OkHWN+L5pqCQ9BAMk3FXWiv0K7wme0iYS3 KESUEko1Djp9ia+iEpUrwOQ4bU4cNXpqAlQtHy3ZntHWYdkWRRH8o5Fj9sYO+sDx
krs55liUz2ZSTlWVDdVxukBGoImY8A5i4+8SaOvVuITfvYhThfYS8ZiIKqgySeKe mQvwACvKaUb+o42n5AjfgI4fYoFBtHJj8TKDVxfPGJfajp/Nb+/xmyor8jbNOQZc
VHQl9cfF5gzko8GFJPJB5zVwX1uUnjGerB8Y93OAaWE9/UE43C8QG5kSb7mLSWwT ofBI9oZnZgGz8FdxG/eg1ZiUXHqGvs/fx7p2qjdcz5CMXbSzhvpiuMhDPGLDfDpN
OP0/NbLQWwax7L8jPzn4480ntX4AeOK834Dfx4a7blA9/fKtighNZQlAZ3ec0RpP 6T/DEY5OjN7dTHOhjYdPGYHZeH2o9dE6W60PlvREtOdHyJ0RZ0vwtWUzJEgGadcb
i0MiwFsZfqCYjDGHYhXGot9Ak2BwiN7Qpk4VHhICtr1nH6kJOhUbJaFSTHdRW29t HA1e6w72My04BWtL6SStDSfVhlUU7PSjqSA0mSc/8M/WjQJid2poodyKEOVijSID
10E87vda3aDYjtl2Jabl8HqQSZCsJGUskc+4mVq42BQGzuFHxMiHI4DLvFyMpXnx P1a5dKKJPo9WZtRPQUSSUtOYOdTTScYDynhYQ3qVGgIiEZBgI9XlLVXsvnTSXCTv
l48QAUnwDW5jtQblPSA8uBG+uKTIHOK/JKmHtPGIFeGMi1h8kEIbGEkfE/Pose2v 1uUPGg/P7wNmfg0GEpJDPqudqE3j2s8JRNWsuqiE44QKle/3JlHewX0m7hNyoVVM
u31RQmBs4BspSiMROnGMiLH/aDWgSsBgT+dvsWrtXaVHISgMVERqfYgy4WmyIJyV qZdJ3nkuA/7f68PW7+ctHoojLOxD41VLt+UjWgU2heqxsP4DlhTuSYprwl4Mg/Fq
UQ04MxOoGjVr5cO8JH6IdT0TvHpagP/lVlb6Acc9BXSHa2eLAL/VEtm74A2tt8Aq PyWkyh9qftkIi8WKAw8VcfSj9jRQGk+YHtt38DV9mBrPd2h7QUNKPa16Gw489CTz
AYZ2jHlTtREgeU2PLfffLAZk6PDZwkNi6ltHb7XQNBnyupbfLiWpMFZCemVd0SG9 hKP6MrCVLwLveTAJvx0YCH8k+yq6bCB6zURi4L1qOiu7VskLyB54/TEcLDMTRmEQ
MxP6COt4ZQ4d/Khd3ZlVpDClsHX5oLy438m/4pjHEEVUrq8IwR2iE2N4oVqP8BuB 6Nsueo1eldOv6SyXILaQljAbEZAXy0ZHGOy8YNbDm4y0caEhzr7Z2YmXrfEOo5Cb
yj6jswjjEu1uxahEYUqagASBAZU/uoue4B/hPrMgx3vVLs18UYPSIvJ2cawRFtEo Qmk/qtJb2cCNBIlyt/8DhseAE3ocYSDDGHFyyb1UneK+zmWdQIzKEch+ho0or2BG
PgFoTvS5uMDlOTcCvcW6pRksNQbOvkwgFa2DnpxAOKWY4o+6zhWcAzzE4o58m+hm X9B9kJOdsk/1en/Ln41PQoWCGshu23ftb7btgKzriCHzNQYFdq2Lr/1VMwScD56K
54sURdkwq9hoDKwv61Yw/OlI1DMSfoZyccoQ1r54PE0+rDcru4IPrPVsK65TMBHM 8RuUopGOJ3mwBDqJJweqYZj6h4NtdY1LcOy1+f0lObhLzcGQZ80vec6Uz02RNKCR
utS8DatppiLRuuryLd6YtRNihlELM6V64vPlbZi/i7allO04RQvHjy/vgZTHrCKF j816g+bUQuQSrJAecEnRy92vzQfnKngKknC3HC66S3kVQpf7ssyo/cS+hnj/VtML
lHZLaOAmoyGTPVAugiOVsLGc6SE/7P71Qxfmfw4nEAEkD5bDTLNXKrgSXN+26An9 3tq6Sw4fdd+mWlEKk9L4CisIFbV/P7Q+6HyreiOnai184ltgWA1AEKU47SIchIoe
pjAg/Kv7VzqkNvPeu41Y8dLEOA4LzUx00W4TtoJaGyOFY9jrOISPkYi7v9c7Onih gT5Gak9VyqGOhuyJVSfEuyphI7EUIjXFK6MMz35oWkwT5tcroUT4zYfH/p3W08Og
Qay38UcMyaHNrJ3ln45GrH4d6SyY3MFF9pCzYzhrYgMrrJoF12VGRL0CVfWEL7Co rQjBqIJfvVNTjbSXUfebiMrRNAPXSuN9knQkqHgNdh/0T6HsPGEFxvEFu38D+Qby
lWmMQ5sg5vYAVEZmdZA/BjApb5/yByVwYdVEcO4YlyZ4IKXutyPDsOtHn2f1YM6M 3WexSSUsUnH989T49sYCh6GSrk4h6hRl8Bhh7+UYg0alXi1SZzMMEMab7AGvuQI0
eC0mZq3Wlwac4h8oGh+bb5uyDtRxux20x/mFBO3clrt2Xlxg3Kz+30dz0rwBcJNg fKC/wXyhekq/1ZOtuEkDaTWvLedbHgaSKc/8WUItnLSefrR8iMgpTTQDsa0r+cEd
gb0McWbNuvqkrqbtcjrSsgiYSyc3+8jXBZTF+Gzb0lcQocDCH6c5EVhgkvJ0ZK1q Zf1Nfv4eBMuSYAJ6fT5LmhDS5LlAbkz/1tBfYkkout37Uppu73u2tnx2lgtxHXaH
xotnpJ5KkmutQcEaxWyzl5CZZJvUatasOH+Hq4742stnIjtgec5S7Zz6YyzWL/uA /4N94VfakQa5/J5s/yjx3YHb010Z1yEzgk3+GslWOdD5HY4PpX8oJCKEKChqr8E5
PbskoDQW1FBEgzMBwREQ4M+UjPKSsO8CAIVSreGTeSYYS9JAmfe5iGSTx7HkFRft D/d4XnQqvVepA/WLTXnk8j9ZRTkpSThqo1/v379XqFn6IbQlQyg57EuhSWJzFlbr
cP5KgEr1sm47epBnV7C9qAf6XVUWPpQMR0mbkn+1b+BYNE84NG3CCEDRl3JTs5fA 92AByhfG3CgJcjhwGBp49vlu0axM9Ahx94N/J0H4HRECcagNDsIOhfufB4/8OyOc
7yLCnNJ13+jmqjtyCtcbYfGVFiZ3xnPMTB2fbO16oTShsTx6jDr7bC+a959XBxWn BrK7Ai7RR8LDtknZ8oxMdg==
WSwc47R27JurX3+t7BkP0IYiED6yydVbQ0Q41E0p3o2Kec9VXh0fjIEuC6Ttctgk
JyAEwUylj/APoa//GN4qqHQFXIMALaxfwj/1IvyqXWEE5E6WCIhUdV3GFkMhztul
d/X6IOqUgQyas/1WakdhSpRiHZC6MXI5WUA1Fj7DqwlckxWDar3Poy9VsvtmP47w
zh5cgHDbi1Kz65mGK0AjVH1D9UYbOgkW6nAU8yO5Bm0AhS8bDceC6GaQzhhS6a5m
B.3.4. S/MIME encrypted and signed over a simple message, Wrapped B.3.4. S/MIME encrypted and signed over a simple message, Wrapped
Message with hcp_strong Message with hcp_strong
This is a encrypted and signed S/MIME message using PKCS#7 This is a encrypted and signed S/MIME message using PKCS#7
envelopedData around signedData. The payload is a text/plain envelopedData around signedData. The payload is a text/plain
message. It uses the Wrapped Message header protection scheme with message. It uses the Wrapped Message header protection scheme with
the hcp_strong Header Confidentiality Policy. the hcp_strong Header Confidentiality Policy.
It has the following structure: It has the following structure:
skipping to change at page 92, line 22 skipping to change at page 93, line 16
Headers with hcp_strong (+ Legacy Display) Headers with hcp_strong (+ Legacy Display)
This is a encrypted and signed S/MIME message using PKCS#7 This is a encrypted and signed S/MIME message using PKCS#7
envelopedData around signedData. The payload is a text/plain envelopedData around signedData. The payload is a text/plain
message. It uses the Injected Headers header protection scheme with message. It uses the Injected Headers header protection scheme with
the hcp_strong Header Confidentiality Policy with a "Legacy Display" the hcp_strong Header Confidentiality Policy with a "Legacy Display"
part. part.
It has the following structure: It has the following structure:
└─╴application/pkcs7-mime [smime.p7m] 7845 bytes └─╴application/pkcs7-mime [smime.p7m] 7540 bytes
↧ (decrypts to) ↧ (decrypts to)
└─╴application/pkcs7-mime [smime.p7m] 4802 bytes └─╴application/pkcs7-mime [smime.p7m] 4576 bytes
⇩ (unwraps to) ⇩ (unwraps to)
└┬╴multipart/mixed 918 bytes └─╴text/plain 419 bytes
├─╴text/plain 50 bytes
└─╴text/plain 367 bytes
Its contents are: Its contents are:
Content-Transfer-Encoding: base64 Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-mime; name="smime.p7m"; Content-Type: application/pkcs7-mime; name="smime.p7m";
smime-type="enveloped-data" smime-type="enveloped-data"
Subject: [...] Subject: [...]
Message-ID: <fdccb76a-49ed-50c5-9030-e4aeb83d7f04@lhp.example> Message-ID: <fdccb76a-49ed-50c5-9030-e4aeb83d7f04@lhp.example>
From: Alice <alice@smime.example> From: Alice <alice@smime.example>
To: Bob <bob@smime.example> To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 10:13:02 -0500 Date: Sat, 20 Feb 2021 10:13:02 -0500
MIIWnAYJKoZIhvcNAQcDoIIWjTCCFokCAQAxggMQMIIBhAIBADBsMFUxDTALBgNV MIIVvAYJKoZIhvcNAQcDoIIVrTCCFakCAQAxggMQMIIBhAIBADBsMFUxDTALBgNV
BAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFN BAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFN
UFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhMPLSW9ETmXSs5CVIeh7j00 UFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhMPLSW9ETmXSs5CVIeh7j00
Boq0MA0GCSqGSIb3DQEBAQUABIIBAFlb0uw75g4ZCsNeHmu6cGBIrI1m84iH5M8Y Boq0MA0GCSqGSIb3DQEBAQUABIIBAEwle5fdKMS6hyob72qHYwMpicWoxWhovcMx
h6VbVpYvAPA/KiFDEtYIW4jVzcWrLuDPIwDsb5rhP3fqOJVBb+aPueeX+1O9+3kF m9ncW3nWi8JUNK4Y306rc91m1a91Bnmm6koyF5vbpMTU7MQgVK8Xsfmc8Pl5UeX7
2cbvhTGXV4ypzmLnflRUDcvJc48uin2W9r5jwnz8Hcqzh/hpxkhyjQ+A43PrkNei 9nO2hq9Nk5YDrbEy2VetDe+8FmyhJHM2AEKCRYJENj8JVN32v38+96h/H+JtAagN
xFk9DHl+TjlbDXIHDBpq4a9UO0DwX3lwzl6+0wqFrnbAKop04yJ11TLZeNlukxci hbEnXCjwumjHMPq3nqq+32oFDLLRppc1JZ1khgX2LCH7MjfRp8ikVnSvAUa8tdtr
Gb6CO3J97HGPwe1agFIp8Dy/V6dV1oHYq2fYtwgXro+FIMKgQJrJIzO/7oXdFpBa uWtEPqmUktYXUtad5ZqXQXual6KDi+0XCy44Ou+txnGyzY/iFBl/U9o11QtMSBaq
zR2rgtoj7vlilATvQjlz0TZ+EKA8bSMdAk4lqTt7jsk7/5ZBBrEwggGEAgEAMGww hrCIF4WUgYlH1u3KN97+lm0qxlFcLQHGZx/eEhbejFEFwoFIOukwggGEAgEAMGww
VTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNh VTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNh
bXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkCEzB8R0APhiY6 bXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkCEzB8R0APhiY6
HGLS64MvlsDXhpQwDQYJKoZIhvcNAQEBBQAEggEABqHnnpvSQAY9G9b+jB6pp/A8 HGLS64MvlsDXhpQwDQYJKoZIhvcNAQEBBQAEggEAKiTmrMj8VnpLrV7+Exp1xnLj
ed7liUtmJEIpUdbJeWjK2wXX/ZMl8npfxptBfpyVUX/hZKv+7CEXxrR3HDmMhegU Vd5b5eQeYliijqjmlUqj8JoYMSe5FokiSfC+lheSGabYyRZ7KxKY2NRScXNIX2Fz
zwTWcF39ZC2cIYOe31l2J+ejNPWr7447svWuKyNG/TeobeZBYsVw0s9TFKN8+8KC r2Gv9imDrelGioRcACAbwJTj9aJYZqcY6NCkfvPvdhcs0sVvw1L3CX/iUbLkw5xm
T11WUqCA63rx4SG1Ueq1WjRc60fEPiCLrC9Cy0iNatfulUFiMWaUsenyUisqu9e0 P73HitnQIGolSmgB3M1hEVNIrhSefymvaQcekGRrNAH4paHMsNJqJOY77FmSVzmr
pyknncPN27BkIPY1Zj1Ks1PUy7SwrRztAFey4cQ7duElEoKOz3SrF7vk8/k55GKv YFketa7EX4sYy4Gf+7akz3GTH+wBHbmEFJnKp+4EC4ABLo3N7AQokqUlbn5DdUXG
Lh2WfTZozb4iMgqIVj15K3ARmgUAcoLrNRpFlia1MtN43YyHDzIopnbMLVPyuDCC 1JkgTT/wAqPW7wO/JDM0yv+yfqjA/IsWKwwFG8UtW9maIP/NYDumgW4CzYqUVDCC
E24GCSqGSIb3DQEHATAdBglghkgBZQMEAQIEENl7tFWc2MLAxbzfKk5mB5GAghNA Eo4GCSqGSIb3DQEHATAdBglghkgBZQMEAQIEEKA15xixtiHfDNDPM9jjLlCAghJg
Xw+XtyPyo6kYsiwxV6nx1hSJyw4mPDO9YbV7MWEBXixmizwqXrF3MT9F6ummVZSs uO1SOu8ogsWNs1fQP2jjEv7BYc+c4S79FLRrC6DAccBIlKL5S789CjRrx2+aIXVi
6ZNGuQ8grRFzR7jjhZJX+plXiErAvp2ntmD50JQ9kzzrzLK4QvWyGIwqPbZ40wn4 A1/gBT9yGFF7ex0g+L5Q47TYi/kZYprf3V8l2nf7NCSCn4MOczDpL0h98q6F0aqq
gvk1s1fgWmKHzmku+ajHLgTDAdIhFWvPw1eiodSmVFWSMT1X/KhbTwwcit+mYHId 9m6kIL6Z2LkTVCTLtuUfFv7WivKXqjw5G2rbgvKU1Biuw4hSn604yNsCrOvLVr9L
L4qND9defiJ9uuadxJeygvQqQbEI/OWxpmYBJxqxWrepc3RnVOdrDpsDx8ONVHLI fb8UA1Msy6Og9VVZJEM57Ns5wDcTnCNfecl3RLvQs0MtaX4qtk8DiY+A8maTM5PE
ujn1VaqKc7MFiNXJyhag2F5FngrUyl5TxvfwUmnmPYfwHBPHb9qAHslbnM4+4Mqj VmbwBnkYLlNEmv3KMhbYQdPN2YfXObyRVxg+HDuOd0wHx4TXKYK3frhgN+uII6hN
Q6IY5cio01a2D2fFFETACMzKexbNKGgLzLv8DGIDcgRJGyLVL7KHXdGPG/cUwlTh Py3gJmRR+HpK/kxCzXc2ZuyQLycQF2+Buv4bfW6PczVVGaw80iAWM5Iaj9H7Tv/T
s5IAlFA0pKjZA/rwtgQyGA1oYoL5JThQmYuA0vOL6PuEFDL31vZf3oXKqaSEFoPX fycspPk62ce3cGdh/RUT78mc4pEKMaZvut8WTf0u5szet/NnSyH/VgnymZ1etHL/
cjzMaxiBktvqkGF7vyWDk3fGH4iR1Ttgp/xv8Va5Aw94aZORT0dcW2bPKip++11k 9ijhv2lGfkhUltEGlHE3OIkcQhZAFRhMfMgDHcOAuATGcpybxmUAlVSF8F2pia66
M3VnfL2hpl+5pOsmPDc2d7kXo7OUHkDl4xRMuz0P4HdSlKNH5Kz2bBlBJsuVX0hW frmrFyzmKEQ1ce9fuyd0DX5MbPtPTb3fDgOPwHoknczGnSF8GE0kqIRcs4wiz906
8GlpvV8NFcJd8ns4x+Xajfp7cRPz1vOP1ISoGs2z5CKvVUH1jEsSC4mWEWo3m7tN KrHSwKM78SxxcMnJS1Z2V71fIx5LmcSiidjYhsr1gyDDzUhqksK4/YyrdLS5CAdA
zmyTqVhMVduAwKmCXn0dfNY1tOaZd2KqJ5/1DtOfy/0JpsSfP+TVe007asHhWEuI DVmWlQ/x7ALB+/gyW+2EYj4FhlhREW03Haqc4lDECCIVNjvxjqmhE8MnkUihJnqJ
6uSui1r1XNhXsS/GtIthhxN1Yh0CBMQ5sCQlpcPvbkckAdfh8gxWy1as6mdnSSQH yQAH/U+wBcK2zce62XHZpMbJBKlOSsGfjY+ofURfhjPPzfXlHSnDYMWAYkFWsUhk
6rH7js2DErqn8SJUW+8QW6cIwXCMfuEwUR3TXAHZJZc4+FDzLDh/SFAjUqBAjUw4 4L95+YwIcaDoYlen1XyNdmqRu7HC1K5tVQwGW4ffIeaJlxBe8NuOMaW3Tmn7KJrQ
tAzy8O1zM9lUNMaGFjvTulokTn8S8zdg2E22BOlDN6FDKa7xhrqJy4wMycinZxJ6 Y/QWy2sR/dgT3aTOSUO8sM+OHrmCW+44tdHFdsaGbQYrBX1l+2XtP/buOecSgkVb
PhEz0Cci7O3l0FUoT6pt6WVZo/jwpjmCoY7SWIREzxn8QISqhOCsQiPixdohSQW2 1v7B+4d+1T/BfoJxhDVyZ5wIulKjBVYOLJe/dj8JuYwDk9RNYpSl2XEKgl/5vsOa
5tsfSjC8VS75lGEHT4cqg8EZ4/oryfCLw4LVCZTeCl4V0xJFL1p6Vk0fgSOiN3B5 NpMNTmx/Sp6qw7OgqETPhZX6zFevW/Q81vnXiX/9bc3JEr7AmPmKoxij0JAI+a/g
niGj6eOHkmAnANr6Okuro3ogwoRyOPhetiGlD1svYxvX87vLGxtHYu9+NU5ZwI7A HPHTUR/7AylcvuqAXs3Ni8OTtOzzu5HU3YYqB3J9eeovmY8lTKyKS+bTgS9PQExr
grRd7v0XuI3a1tCs1PT0id5hNWfxWYbJcHT78aPJTT6n4Wzy13pKIxkzromw8T+7 3HtgzFoLQji+x6t5YcijdiEjsjD0R8ukMCRH0QMostGlodIrAla/3BU4+4epKtdl
hYByBPXWvrULea1irKL1QQp4Gl3bMDmNH2QGd1l6WlG58IPLXYMH8R18JQg3YPZl WwzPGlaPONuW11351UOArbfY0VKUa1IZj0lnKWs0Pr7CJsEObiRT+WMY1xDR6K3w
4ee+dXq40MaOPe+5TpDgBMWj5CTZGswLUOujsSvP4z+p6/N5H4erXNF54O7yBQ42 PUq0d8v+m8+gldNpqVJ/jm1U7BswjmKWnTcHgJYebwpA4BuAVUAQJJTzYy+MioEJ
oxQjQupz0NhAouYmXcdnsSEc++VwNrgoaic9EyroUCNHvcowtBPsw/fhJ2TYcm2B cNRngJF53JY3v9vBoQD/7g3CIzCI+UBiS/duaiVCtyzIwQ+T537LmrFWdDDHhzFC
wUyNqfOaJ7VfqeYUZBXhJidTx3E2vvayQ7F4tY0QdXzcSa/4rO0IWnI4Sn8yBMmQ S4k96TozHwcJQZT19GW4svAz2M8eZBTuBWoXtPn4sH/BHOC5yBjH5bHf5qg2vV1L
ReVXjN2IqTdNo/fWg7sSYvTKLmqKIfGnEIt/+u+V4horrQM6HoaxXuQ0HP6ekEAb dCfWdg9T6AYewLUr9c2EPd2t8Z04SH+KwsruM4z1db1LibNf1PxwXIpB1tpnKOox
GugQ44hyMwvKny3v/fhu/5g4y9V4hgyrwXTLoQYIooW4uzFOIbW3XzAOY8GMgIPZ nQAGYRHDyBLyIJ7Mdwoz5QfS1ZOQ61ct77tM343Rf1C8voyh90yDQXhGxkvfGPFr
7TTdMGTXpQxMb0k7GoFafSBHiygruaJ2HDVaqpXAnOh33ZdbGHxdBhRPlxfzpT+A RP1EEZK7oANIl0nhGkYwXkBsmdMR+KsC5VXA8tfXKkSAcEpXAbY+aqRCbUYRvpnV
bJ/P4JP4nG3MhrCtHbZCd6pKANcmLtCK7YCPfndumgqKPPl+Alq3QfwXwTnrksMM AZ3iNObov/wWcnnvYFZC844eFjYYg0lkbXsFcig0iS37EcGN2jSRZaiV5kVq7hHF
Aqt+PwwNJSq2i/LuOZoRusH85FqnBAhAHX+yTinsUTLZ1cWh6fkfT3gHcAe0u1Kd +VUnwsSFthMwtK+Z0cuJjRLrs1upM4fBbbVdRuSe2n2yvVZiZeXe59Jr6WwERlkI
f/vBsS0tbbkJYu4LV1Uqxr6+mm7oZla/NkUZ73Edf7G9IzixsVRXl03ryB8sr56o n+sc1D/wkXIBrCRGclyoyW1JU4A531Pd46dgcgHNtuP8Yv/PW6zHc4HT6VYro9mI
4ouRHAF815+RUFmVacuMGwpJrOs+ql6NNQblPkllveMBly9ak76sjnwX7LJUuhje wJosMTwIuL0W+Qr8/XLN+siI+XhdcaVGA480p3BxrjSeeqyWAC2QRVbWnf5YdXmp
uxaipDAOmd/49cSsKGkzzzAUCW6Ug4Ar+a4fa95CuX2ZSId+I79Mg9GIXRAiz1W1 NSkKo1ZsceL9myNGEBk6UTZyDDzo7aJiOy1rqPCJDlhfXofYDyPlSByHE8zoMnwj
LUYHVf5avjvnsms5d54oJCKsukizbSq0T3ItofhfQt0osK9VhbmT9PlntwwjXY3v KVhOHUHE2Q4FDiCpSJO5qlvhSB2svgWlrTcBI02qevuCHugFvbUIAI4sN0XPcl5y
5BhGkSp3CtOZpPjkrx6Cc4WNTBb+PX2ZTprF2+uWxxYbHKKyWv3eSoiJcpPkQUjX 1afNwNbXK3bQ+ZC8nXwKZRxQLRBbEk+YGP8XkDmXf59WjGoRJMO1v/5gxZQAb1s/
U0ZaKIxDv1er7Lq8wwdXLjUH3x3KgO3YsofePYsOWmcp33+fTef+0zBT3e60sT8f g2VX/juutTVUt0GZP0umPmrnRQXjwTLtfJpIETj4AKUuGKEhr+i8uuNlvIDHJTZ8
hnoUHI5OzR7dRqEiiKLFSN1Zw9fSXtp9cTxBeM6+jcjnZURoxgy6U+KbVnVv/je1 qQiqddhek7kTGfpZ5GTHsx4U1Nexaio1aHCln2oDYlkY0XBTlAmuU4kFo0sqfD6k
P5v3Wqau0FFFmWb5vPSlhHSF5L0z5CvCdWZaadU02lZmdRkYbBDtDADUlUfcQrXi hVHvlF9/A3sQt3v5ygiV42HVAjbYZl1RHRKPLBFhuomDxl9FBPbjGzF+cOKYRrnN
T+mJlCM9tAl3iCjm9Q88Poxcye3pri9tq+KqE1OUajmX38wWvlBISiXU1YIAxyWR qdZpYGtCNKp1VDudQw0ffHFCTjebXmPPOkgMrNtidWZGbf8wEPEf3VHE49gj7+lN
HjnIq8SZ3UvJzAkp92r+3ayy41CotY5o+RqG2ZZ/gAvH4FNOuzeZsDAJPeMR5ivO e5dwUlUXWQnfAs8VBIF4kSWhDG3gIFhD8IKoNTRPZeDL2O8bW6bfEBuKRlD9DE4z
grInuAfP6VeVKgvosaYYKvOL1rkm/acdKBs2wBXlKnceKR9mJwdnXvZi7ruILSpi rOot/hUAabFfA30AU1aMno7Rv5XNidY9sGTs39HSxL6CiGdHq1OoKErMW6vaVnZ2
WaAcoNvxAPNfd8Cv12IXz3q5t9OTZhHKrXFMhpMRq1XOmMfIdzr4UJgh8A2LQDsJ z0FCLo9VBtXR5qAGQ5MgFlOPq+/rhK8+qNb/iPozMddYgxktJPiORCg4B0xhDySt
/Dqpc9NVfqhWVP06ZAgWQW3UCQ0AyVRwYpaUh7fsJdR+rthFMusNrt24aWkE7dtn 8IuzPhsNINyj0+eclvG17TQPwX69jaUutQm3F82ldrLrFYXBDytfyz+APuWurZGH
sXPrwC/z7e/nhhPnqUaDmEYqP9i4k0ITlnACDnZsNOUbbNB5BZChmdc2CvTHvkCa NtBGj9JkKN50//7reaWeVkDSh8VwMwwfTCajrSQerUEu7rww0z+mGsSRzawuWahF
KHrloihhUT0YWygKGc5BEKfif8l/BrUaDATwzWAGICAyWUIu/XR2SbyjmRrulvta ZFpyNn2o/Pfn8eeBOW2E/2n/ndPvDf6jvAM8rL2rT3gGMktmYM4TvZxdFHG5gEFj
+dYMsekYozcKnTtu53JAD7AUun0Dj8Q1bK1i6UfJT/4fjvWslGrR3DDJwoaVC7Nv 7M8itL9dqDTaeaHMKaFN6AYqPIhMTnYJa15iV3eKavPwE/t33q6oeNW8Rb+kv/lO
t11hb+seTKdzBAtiF19p/ShhraL33qY9E+T7mo5paRO7GPVj/iOFtwUgUopKSt8f BMaVSzwxKti/MLt0xRe+x8+8HyvcxaINaojri2CYnbxCrH8HjTCsqVeiAIui4/q3
BjzoYuwcZGacW3YuMd9qbV8P4V2I9GL+FlnOcutSIech9jPS+7Fit6A+J15Ca87Y GjxEAiEfRoRmhRU+qcJ1O1XCqDsAhn7NOCUtQx9zS8ueWVUJeT19SsgQpjquSobg
DlIh1n1MAjOK7IvKnq1UC9ly8uC5e3CUDNGs1rbg9YSHaqnTQ/bTJIjfR55qBmBy Pc37RBBJP/QNHODoGUsYOLEmzMzAtC9YMOCXjmcm7g/2S9dspURtpV5UaCwm6eAt
eWK4/JNsE+gjQzWgWUccI1wDVvFktvM5dSIu1RiFEVHkzEcE8wQbMQ3i58EMhJg1 0quRoCr0ajbnG0zRWkoPRob6ZuIEOqMielz2QsuhTacD7OygdRNU2wmBcBAe7RKY
9ACyTLucKLuGJRm+CT+qsYXF6PEAXe589wo2wlg98EiQLfS5MI+ofrnMkpG1HNye J7dsJ/oYpJf6y+uBReB0AEUJhpErULETUlZ4uoLBWlqyP3drMYAAdoXXIBpLTN7E
pLMo3YoZt8bUZo58v/e2XWLKXG/ELQ+u6X+MsvfWA12HWiwHb/zyEyZuNZDqVDpo 9VkhIbQxhCuN7o2q6M2mykHAqEBAca9KkL0UiouLiPC9Ygxr0FAUJpzFBb6dBXQn
RkeLtYtaW/RDHyF82RyHYnmtG6xQCqsrsbtkWKVZCiVIcZONGt6Z/5AFnmJaMjZk Jo3JqNw7TyTzVf7PoZ1V8hkQdrvrJ/67peI+rMZS2Cn9ut93AilRdO2v/fJmvUcx
69ShU2R5x12WGXsvaDaw2Jzgb57DJfukOro2KDYebgTSRPiIAIxtinRlvrFAOfhl 8cei7AJlboOdMzdKTkDpX4Opmo/EDwl/uR4M7bVwoGLiVx83lutJ3FFmsNcwH53e
4W0BQehOVTv3Z48i3QYWG/vHkJTHKgwB6fXesTa5ylfs+YKlwCoP11UlLrove/hU FgyM2jdlWKncm0EnNhi8Njr/8j+O8iBlaGD9rTlkDRb8RlcF9VtMrKKp3/AYf6wk
cvXtsGju6y8Vs3ga3OA37Un2feDCZkNnpo9jUG8ULAmpuKlJX6otzxi/ZM61W/bI Ecenr9xcJxKzKxKigRNHmj1hEsJEyElICYoxlglyfyJRVeyVHoqO3OJ8cDeSwfFd
5pvxe/GLm7f3zzbxCX16ibeO/ZbqPa6VrqZ5rSXSj3TP6p0IusQ3lqOrvib5VEX4 kDK2va4X7CPQvWFkkOTsv70vw+Q820SdkSiU4bq8rK37Hku3qFwErTgFT0Iph8OP
YM0g5A0VTFJj1yQ09KMXa9qHoxVq2Ux5ai2Ry2/8A7nI/SFOjEex6mpL/NoCMMAN dz3TS00qpIWVYTRlCgWJnmwv2h20AAC25Cfwwa9ro+Xov5dr+/CZPEl/0wF4aZ3h
ionN1GU5Hx6oN3nS1nBWv9xNJW0sQ57fYI/gHzZ0mBn88RiwDYRoAWhR4hrA7okq 34uau8enUXV07sZ0ibmPUvwl6lZd8vj3I+h4y6JbQTclHtaNxlFKvRubFomrclMI
elg7J9X/lLDDrgIWNfImqQf8eu5MbJ4fteomo/s1usR0xEisF9RwECWEDLoHLG4u EqWbB24KS46W4U/l2qv2GD5SfiV9SjmwX8hYvhKlbY976BNL5VZbXNx2lyU2LUKs
m3VyXHzgHUbJEdxnOudweHFGfZDIncnCONYkQSC/IiU7p5t/AgfPyXK1kO+yrWkg Uhlv9BxW9c3YCo80yDY3vw7nfq49u3X9Xf3lQtDI839WfB5PnG/59UJhHWIxvpe2
aslamfOG52KaF1bk+rMOSlD9vQoFQbh7lsRkHg/MMznqHwFnN+/+YM9zGHHNd23A xn+mdUaGoyfLXSm2eZefp7C+41wsceFWgxpiVT6WekOoGyq/v0dRMHOruTOKyX2p
SyRnOHRVpfdIRPEwPKV0vf23v7CuajncmG35rl7ALYCPAr3W617N3/w8rNYiTk3d BIlzuqf0/2Vw9y3fnEJNsY0K+Afi6aevoHKQCWwr4tjc9YEawrzeVyNU2vZ3/YY3
D3gCu/gs0S6wOzOTsiMpA4fmsn0ze8GIQ+fkQefTa4f8VmITdXIAuh0uIeJcauqy 2NsMxQP0a+JqMpIbv2I3GX0lIOhW0Ws5Al/Qzx9rA+bIAXbQKT0z0bHdGm/rj2C7
EMSUbsJshKgnXg9zAws19VVRz4tbbt5rgSutuKY2yb8y3qst3bOg/AYlDc8jU2Kx z6ngk24CxIJNc38+YPhO6l7agY2bfXy5UJktxZPNxU23Os2GuqG4ymkfM2pf1nkN
k7unJAtMqNfDSFBs8yNd8iRh3OJ4u1jAYt3vbF+9EuGKvdmJStSJuErR165grMeI TXFOrhDNpaZKhSEEU3Vv/6f3w1y9wfjptEsanbt7oHDTnrh1BZPzUvvGuR7rmjy7
4KaV0JacRThFzC1TW42qlNMx2GE567agk3SQ/+qrQJZ9LvJe5AUaBQU/Pga9S0Pa AFqG+Ql6KduTqdWV3U5FqGk4RVuOKDj8rxkQDPZo23l76g0WRJOJY+aQi7uqQStL
t8k5qKewu9L3SFShSuqWjGTNdNlfRAzBj37I+l3wZe6SFGc7w/TBvkDcXBC58duV v0BtVtALm1LNMHfAza9FKOcbNlc+fyWLkJ6cqA1dKUqIyUAFh3EqDQQk3wcwuqQH
oZCRMsSb2QwNpkwsicLXnPTtjqQBPPsEklS08pjnYn4RJ3QOQ5LRP0M4rJ5i17Qc oBOZYRSsY8vSbFvA8mL2njUfxuhnGG+iUcNxJGaURHzhABBfrRHlbBmyDjW9gJPB
zO/BVXFtzP/SuGgrjWkEX9Qm3vgOLBGbNdk9Zn2uLtog7vrlSjydl6fYd0dF5otv TQaDauQgHe0K5OZooPi9UIGPIGJCy0hgnF9MupBiMkBDJmOBLK1bx6Fwj7h/Qjrc
GpBBRvOxZ5BzP07L9CfzXyAMeDu46JRA85m3qEZ7CLwo/aIG0Ff33/yUh65AmUu7 eVceaQtEbXvhiewH0BjiWckvSQ5tzoCeBE/9E2Bn/NCtf4ZUzWK1l1jAKU4Cb5Hm
/j7sLtICekmG3q+gzgreATkA45aVN3v0B3DsNHZnKPwIsit24FItq7mun5coHG6/ pZTTueisZbC302FNqM7hOOFsEqer24L2YH3TZOoaNaFd1pzPAzfbbqghQiFrREIo
jPoIvLiqR8ER1PROs7S8khfPZk3o+uoJmk1cmSPQdXF91y4qYbCeSuod6FTJU9Pw NmvhXVVzse+pskP3bXscjdartlkb8tXIKNSi1YP9TArBW1zBxy4hUqHv30hzS3uP
lsjWiaX5SORLkLKea/aNPC/s/v7zfe/Rd/3rDv/UtRr4Ys824X0qT9HKGRXpF0QL PmxpFlZPGgmmwu4sU9uAXG8WS+rWsDats8GmVnnx3kXJyessMHm7txv02TZ8Jplk
R42XRcIi3rTBsOmalFlyC6Wjy1RRdGOBisZLnQgNI+enmkmN/ik7bbulwXujIlWW cj7ciVmkfy3CBT5mMZ8Qn2pWAdtsXFn4OQFE6CGTiSDkZ2LA1iisyWOqQSVg6o9A
gXHzxBo8ADKqtxTRrri1ahNzxdBjuIz7/TkVgNxkTudSy3X1oaqA2TDxW2E2oNkY TYNF7xBFqxi2AiebiERKRLO3JOyZohVHNsbMWlCIMXUdH5TfUKAVLTkaAbB5b8Fc
t7raY/bQV1JQra8YXe0rbYiia+u/vEfvEzW+5oGTz830wV6YqxLbTgNWvzYqw2ut lNJs9EUuuFPnuorJIO6sETOp/mejzkaHiq3yBsmHgSKoUHTN49lcjg5GM8WDXr0P
HDP5q/6YQgoAFzT3+jFbqaankizXQHnZbQFrdEQIom24i+I1wuVhc8XuJydWa5Zz 8XJqRBIme3ySH6QF0yY6vCDISvKlAPisi4LRd0zpnh6LJmMxob1tvMerzXCEL1lc
z6uitAZF/mxEQ7BoFjNXtxoRVdxWG4ki2GypiN9/VzXpRvSUkUEpb5itnQeo51P8 wzAzuHVBGNI3BBltQ5mYdTAj0+SSDLwILnJ9Sf44JuWc4HaUBzX3nf20G0T2bxh/
2sfTXLQtYKK6r/nLs1QwlfLqIUY73qAz2lStvI1P1ou1ORWK/Ksz6CF+kcUfXOB6 2N1BbY9U5Fjtp7R8dNU37NrhxTKjhXSabJ8w0x6dkuvq6uWLOhzAw1OQKkHmEquR
KGDZvl0NnYg9Tu79xu3sktjfGNC9vaev3MD23Q66xK2kLY3OMikpXwAybmrGdu3I X0G5kRsWw0DYi0m/wfpvtBYZUKr124ejzLrl9FLXYVx4cVO8WOgnHxc4FW5mZl3e
OQlZRWVaGCtnNuj6jweCS6vvZtjD5m9uqTvRAtN+pMcqzdMwJne4jh4ljFOcv69z LlSyxfe6EoYzj1Z96wM4buC9TDesk83m6TlKA1PlZvBbU+nnpgFL7d1RXrsTD0Rn
bk9Z+mxJ5wfQsRNaH8QoaQmoHGRksaYIQr4sV5L4rA60+AtmXsmTQram6opUAXIv 5nk06TDXqQba/sRzzvyd5zjF8LfiPEdIB/X/zpqy5jK0Q01FixhOpyWA9MXYu2Se
7G3ggWdzwt2Nd6iVuMAtq92hiedoOcb7qxCi9/z8kpnLwp7r4X4AzQRsiLq8w6vJ 6keqSwT2lnfR/ZhpqRhA39TnmoITHS1lAPPkf/Er+8ecJlsNVzfuVkRBVVvSq4Hn
rVu96hIxmdP8ob/XU0DXCnZons1fhlw1Qcw00JnxJdQbF2a8aUQ1yBh4ySPfBgZ3 tOA0l1ItIK24/z5wa1e8W4dGnURA2OGWEPm1YACq8K1o+nSir0k4+VvJCm42+2vk
9ZnZtgzmzHS3LCqEs52r9nJAGvjiGtnWnCmGbFI0xU3j61/XQy4LFQx2Dcx+DCnH Zi1hE+FWxHQ9H+Pt58nJj5pNflP6VH+up0515X0EHRIkTm9ecyYPQETdG89ZbUwl
6qkYaxPJr6LZZQcobiYEHNOCjkajVFW/OTJjPoR6LsQletdRMjOTE8bggbHNEDGk Hys/1nsNIKnuREwY5P/J+A5/s/+xl94jNNBsv1Q8kLngufxOQBbpwGjRxCTTfzbj
ghcwzKUE273LaTdJorbEqsfJ0ZJee3n5l2P2IHA4a+rCvZcXBNfQKlf7JkUabIDf MHIONho7Xg0TbJQrq41oU1goDWV5tQsMH4VUg7ESiLzceMECYiQsnVLg+FOUqDvJ
f7FPTY0yGj8MuZKzWWFJJ1myE3o73katd7f2cSw/Vi1mFJsFe9hR+9A3ycmjUSfn 4vaaGYvSTIaxlgpjL3qpHbmYa7+XXN0Vr8eHvr4XPB5PDua1oEftZPA1z9dGCEAo
fsaFJNEaMFYckdG5Bg8imadMBrKtO4GsAtEFB0c8qAFxvZClz4/hGXwx7oU99BNC RPISOQbZBVxC2SmC60mZ3ANIUnBDIA6/6VRaByAWoH43QkuC7c6Z85TIB7Wosx9c
LyO07jZmQK0XUNXIwfaZZ5gyfCHQ8nu8AcpuN/7itIRA/ubHl6na3vg2eif+vcEG KatEOhxIRGwcTvLf00vKY3bHb9aihWMDnpBEKUfIpHU71iC9nCtij16NokXMNAqo
Mh0gdQ3B8gKQ9j2ZYT3X6bpsOjeOXA1e3Xz9KXAgfzcS5ECQeBGPBdg+WIhrhfrp SYvTbH9XJNfG7R3O9dINOgfD+aKTvkY3pP713HZyf/FiHyH5H+obcjXlHsKidTjg
WS9+GtY4J3YwFsB9QezWVG6jBZTk60KcqXZ/8JC1Sg19G1sOI/WZ2vyrFPw1mNif BUptxdFQt6yVJaAy0xCZtUPV8Yrd3XZaAV1rX1tDsnfJe1Ab5u7CxpDYLijdwLml
95zdXk6pM5vyucfXQqOrcIpRmRMez7Dtf6hQv9D06XVbS5sht/bwTqwLXBUe7Vp2 seOiMm6Uy0Nxr1UhfKmx9GPlrqMgm/U1Z2NBE5TKa5lAI+3iIGWxPUOByT18/7S0
QjlJhEG6LGv5zuEu7V1BaKfISyMV5YPCqvuF9emD+L0rLirsTgbrOQ10gezruXF4 jYkvk2oO9B9iPcYqxyUn7mS1vefRxwCmbIOP2lo39QYEX2zUsh3/kLoqxBwRk/Bj
r/Biuz07s51rGAahwuWj4vbqaD/onN0G7i4nfAx54YsCW1U4d87ty19K7Rcra93Z /S2lLwfSxi1Qrb3dJHyHyBIrMeGDCUXESmEv7n4JhFlSWjMYLTDY6TmlBefU1x+a
PeYPT0gwEYcQsQlKVlrU8BmZLIeBOq4SKBIzl0ec/qd+48pPSuom+KuVT/LBiiS7 klwE9TszGKt+rCMCUp1tt5axy0zPz3U7yJF63/j+kxT3YH7SJcmC47pOpALhG+dx
JtC469RvCKnlH/kILA6OatQGzYfD/R51QtW3e14LZaJBr102f7oQFFswj1K11Cag 5zdQnZiTtioYO7E8ZiaLPM2+42pYf9vhugpZhyA3R/EFJYYBBqjo36Iw7Jh6gP9q
ucIj54+UQTm4PEMW2SXsWBgwykfLfl1Aimbfp4BF4by3vqcd5pURCG8+B/++tL+n NzM4+CFNs3sdVuvkRNbDks6s9Z5FICjjK9BsYb2IjzyqDVMGdAxX0uuJTLoXTJ+o
DLxf02+KnPHZz6GRhhoGRoB0P4I98hC0/SqHMzbyLvsqDnOWesGUpzpka+JH0aTL lis5qqmnmylbPMoSsUiJZ+0ZQbw5m2NgNEZNrQEvfTj4L+R3tZfgCePtn1lVji6r
jxuSDtfR3oyEz6E2v/k66E3Uj5UaRVatOeow8AFZ67WTFmg9v+8yl5wTsw7pllMC lUo4asH3v+jk5varkDOjOF9/mX4Ycu+TX3ItDx2c6kcbMsP7tknEMa7Xd006g2f0
PNTy2aju5CZ2qP71LA7EprQLjrjc5rloXBGx71VvVgs1iSss/Irwy3WoaI20kXv/
d4vvl8mGy6Euha2Il+z8l5xCinZgdpf01YTboVBVa4NVhnvWIDihBp2BAIFLWq3e
I/jpu2+jfPBfPX/9oizqDpQayelhtUdXTL94RRMHR/z8NxdqfJ8X8xOlxLjEZsZ8
llPcVF7NcqciQEFfMJ7agW/FT6JTBqnwCGr0xXUXc6pRvZKi6qst1ReT7AmNmJS2
QBF5Rc2fX0e0qQjQEjaXmRymhxiH/sHslb8QNHFzgyw=
B.3.7. S/MIME encrypted and signed reply over a simple message, Wrapped B.3.7. S/MIME encrypted and signed reply over a simple message, Wrapped
Message with hcp_minimal Message with hcp_minimal
This is a encrypted and signed S/MIME message using PKCS#7 This is a encrypted and signed S/MIME message using PKCS#7
envelopedData around signedData. The payload is a text/plain envelopedData around signedData. The payload is a text/plain
message. It uses the Wrapped Message header protection scheme with message. It uses the Wrapped Message header protection scheme with
the hcp_minimal Header Confidentiality Policy. the hcp_minimal Header Confidentiality Policy.
It has the following structure: It has the following structure:
skipping to change at page 101, line 37 skipping to change at page 102, line 23
Injected Headers with hcp_minimal (+ Legacy Display) Injected Headers with hcp_minimal (+ Legacy Display)
This is a encrypted and signed S/MIME message using PKCS#7 This is a encrypted and signed S/MIME message using PKCS#7
envelopedData around signedData. The payload is a text/plain envelopedData around signedData. The payload is a text/plain
message. It uses the Injected Headers header protection scheme with message. It uses the Injected Headers header protection scheme with
the hcp_minimal Header Confidentiality Policy with a "Legacy Display" the hcp_minimal Header Confidentiality Policy with a "Legacy Display"
part. part.
It has the following structure: It has the following structure:
└─╴application/pkcs7-mime [smime.p7m] 8170 bytes └─╴application/pkcs7-mime [smime.p7m] 7845 bytes
↧ (decrypts to) ↧ (decrypts to)
└─╴application/pkcs7-mime [smime.p7m] 5034 bytes └─╴application/pkcs7-mime [smime.p7m] 4806 bytes
⇩ (unwraps to) ⇩ (unwraps to)
└┬╴multipart/mixed 1082 bytes └─╴text/plain 435 bytes
├─╴text/plain 57 bytes
└─╴text/plain 376 bytes
Its contents are: Its contents are:
Content-Transfer-Encoding: base64 Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-mime; name="smime.p7m"; Content-Type: application/pkcs7-mime; name="smime.p7m";
smime-type="enveloped-data" smime-type="enveloped-data"
Subject: [...] Subject: [...]
Message-ID: Message-ID:
<smime-enc-signed-injected-minimal-legacy-reply@lhp.example> <smime-enc-signed-injected-minimal-legacy-reply@lhp.example>
From: Alice <alice@smime.example> From: Alice <alice@smime.example>
To: Bob <bob@smime.example> To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 10:16:02 -0500 Date: Sat, 20 Feb 2021 10:16:02 -0500
In-Reply-To: In-Reply-To:
<smime-enc-signed-injected-minimal-legacy@lhp.example> <smime-enc-signed-injected-minimal-legacy@lhp.example>
References: References:
<smime-enc-signed-injected-minimal-legacy@lhp.example> <smime-enc-signed-injected-minimal-legacy@lhp.example>
MIIXjAYJKoZIhvcNAQcDoIIXfTCCF3kCAQAxggMQMIIBhAIBADBsMFUxDTALBgNV MIIWnAYJKoZIhvcNAQcDoIIWjTCCFokCAQAxggMQMIIBhAIBADBsMFUxDTALBgNV
BAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFN BAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFN
UFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhMPLSW9ETmXSs5CVIeh7j00 UFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhMPLSW9ETmXSs5CVIeh7j00
Boq0MA0GCSqGSIb3DQEBAQUABIIBAB4ecHLrDWfKl3yL1TN/yBLvobSKk41XBXYb Boq0MA0GCSqGSIb3DQEBAQUABIIBAGNl0aq5o2OJUxeEgaKipbTTomG9IBdUTU2t
VJ/3GqI6j/32SELFoDOUXgckW/66RyPsEs14KTmJRFA5KWGZ8NBPDN2AM8zjZfS+ ZdTEG6d1H4121Dz0Q5zSqpMHqbqb/HQpqERcNiXtq0vu2aBMF48OoZoO85R4khlC
iRgYm1d57/u4DEUnbUTXOagYTa8eanBrWX4/oGHg1L5wI6pZ9zyI5YUCj0tQUaLW 8uARKo/8CAcUANfGIjie+ojPw1o8eaDT8CQL8/T2TZ012rfdQahxsIAr83/tFQMD
9t4v3U25z38eCokhtksHNsCtXSvLAQzx2L6KrFRTCfCmgVgsXhsOBEiTCMf4ZiB4 5EqnQVxHA9IM69Epdiwk4IrQjep6djisHGG61WLrc8tbIXgBM7QHKdrEA9yJuWFp
hh0lhyu6SV+07dm1LcD0T7cLXAD4mkoeldbIpi92W6P66Y/Ay4PJAXZmvyq01+za zpnGgYTGHi3gPzE8H4MJK3hnZ3uNAWqHy/nLUw/BwzD6EOKM5CRoSKcwYI0yAYu2
5eYAieaPxfVbMaGdyayOUMV68ISqH69uKJpRVwVsZGhQQZY/MdcwggGEAgEAMGww zGrO7E5fvoqfFzBsYJp038zjw95tEOGUDeszdrGP2dPg16g5AjwwggGEAgEAMGww
VTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNh VTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNh
bXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkCEzB8R0APhiY6 bXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkCEzB8R0APhiY6
HGLS64MvlsDXhpQwDQYJKoZIhvcNAQEBBQAEggEAkBeWGtHTul5YGzJtjM7gl/ET HGLS64MvlsDXhpQwDQYJKoZIhvcNAQEBBQAEggEAG67SjjL4JZnZLqZM62xH8Cdz
UpVPGeHs/jLsqj6oeFQwrE57igqf6sMpY69yrFJnDm3aOjbZdIJg438bax+XjSG7 SGchx+DpraOfE5ehEpY40Jy9j8sF6Wu21MLUNRZHQ+pUlNky7tA0DCIWcIbJlWV1
vQUy8m6CgeztdBAzlTbdVU75sstdXeiRVwC5fMtz+H0ZymV3SRjjsgCv+0TEJR/j PHfr/M0xf++3kfnJBFAjiGzp1ROhtpeP5p+qtky9VLxoArhI071rvEG0Z3u+6IO5
gf0IB84y+zjJ1QMgIvCxIEXj3j4qPI6mijEnwqfPZ5nBcBL6/W82N205SArWYX71 Z9OLz4jX5lzZvi6XIQLp3wtBxap1hQ6lBD3DWX3W2lCdKw0mKPhHQlwig0kXFWUV
iIt/GE68DH9o6FU4lAXJSQj8iuxVFzDV2GTNJc1pTsgcEFC9bGD9NgZVUZhaSZkM mpUs6oJZV3HlUp+ifN6znQJVWjDOAT08d2Rtq0y3RGvivEWB6ElLpy9vu6a6JWIL
JleDMSMloQWPPd8HbXBiogIJG3dRudWSfohmxjOUZVj8Plq5q9JPt8sp6pEIKTCC 1TTb/owfsyochfPx0ew4y/edwROayHmScjQ/ysa4ee5ehFnG691E1F0hKXJLozCC
FF4GCSqGSIb3DQEHATAdBglghkgBZQMEAQIEEMSKvlmchoxV9HtD4C7JxlCAghQw E24GCSqGSIb3DQEHATAdBglghkgBZQMEAQIEEOh03Ev+7rYyNOa01Xc4M6eAghNA
uVLuAYWsCKCp+Ltfh81OkGuphM6f7qhorQ3+GLdW8e5C2kjyxEAjowXSHLjFAQBP Mmz6xWWqsulbcV8u720fQPHh5AMbqDsGBizaAz6U1atqA09hSm7bPTSZH8HsuP3M
aw7UCTiBJX9XCl6/0D9iCh8MzLDz5XMxwyJmluPAmOsyWvaGfFV8f2mqBrpfgeJB psIfwjyqa+yeFZqhx90wHC1CMBJJUcsKTnzKjNL71IC4NntenOTMTkIuFcnWT4Nu
kXZoou1UuRjv1MnKCOmwdfGTQTuvfEwawURVVM3cZVNidgP5QdHWBVHayWW4zCwB PBmKZjCN+8XqeJKQMyRT93MxKXNrMugo99jEnDIp1vvEk94e9sp9F2tfBbAspxjw
WpdArroepsEA8HvcUJ1j4t+rSefJfA/C3h7+J4HMi+/02tS+0iEUSMVl/xsp7Ote vyDpJWsMyylq1GPfHcepIqZ4ULyPCIiFgV/1xfvqu29NM2RClWuBPR/2ro0k12Z6
jzXdtdjFb53756oCnoRh66ozZlL2EoMs2v18Ccos8yHkPUCkSrBoRjq6fTl76PgM f2idvHL65xzqBxJf1APVZLUVcKZZdPMGXgk7H4a/NULP7AL12zxMqIzMXilk+Hp6
mRiREJHwYnNZImV5vNRcvwy/S/+rKwUEfshRDYc0P5NHSkRZuMfNu3yRB6UnaDzL H+9igKeybOrw2qYbZea2E7XxCJinzqdMpE1S3ChlaRTyKCLyDF3mKnuX9IMcS1Y0
3l/qOhv41DdptlI2mbvgziItgMlXdnzGkJQkS9G5V+GLi8/ISN2S7DtWpFCaJOh9 08dc23dKkLW85VYc6MhZXPu5SADPfDNj43GGuyy7L6hqLNfr1vLfYRLGfiPwG1CU
A77YNI35X5nTFioQiYZgRFjHkLEB/cpbYiANBHHtX0ZE00tW1w1QOUVJHPo8N0aI KKVOvFNxRUi3bJq2vMzmErG/mUkMZXWiFLEv4pj3eT+5eCrlwNqYgsezECwtcYWw
uRx7oIeHWJf6URM08yVqKV0VSrKHxdQ/RXii8qWDlS5DUk9lVZYypqmui4Nd9Vc6 KZrDYEep+2oGlIjyO0XLqWJf+aqaAHPaAUkyB3sbvTvCe5OwkV286LnXEbzCJSCU
N8KjbqEmaOlcA1XKTZ41PRAXCA71pGDPVutOrhSx1CuAqk0UJoMcx3FiM+uCmbQQ ZlpbGV81YlAXQQb5wKzKGpMn8jmUVOw89w+1v6zXmu8voytNqowE3QBsjHzVkBvO
WZ3K2OtKWpbRzgGxn6AFPMYTxmQfhbfp2WFBK4epEZeK9TK0XEba4/L+V++bPzqb 6RJ0+CkcRRC6oy5aOPP0GmjPBxodwTmmkJYdqUqDd7QAqkrlbjITjFMgs9NAocrP
SKTa0fYkRmfrXrQ+K2yKvMIBO3yPjSbEXQ5Yq4DWu5tTohOgQm+8zAdYeH//S0UU XyzjkT96178e3BFIaOY34JCZa2rB3I/dEFpPILq9bgR42Jajc+hhikFB3aQm3Gx+
F63qGQyKYlTIu1OjIauM9g9F2yGQdJGRtjSmbuyQ2CGOeeJpVY+Y08/5O73GvyqE ljZHAyDjJbSNGsMS2k9Vv/yNAYyy2AFA957mhXHX5mIKimD89pJAhnfoL0Dl202+
eytAb8Fa7d5gsToARMcxZzBl/NBgIJU4o6PPF7FYSz9cxYVtBdYiRAJBjuF+CghM F8eDfn3nU81gOR4rTWadeCsTbJnWtABBcwd3Yt6AZ5+aF+OnnWKdICvc4UTVD03Z
NWPPVxR6SqsNq9fm82EEunJZNlIzkqv0s76xySZaOizvjtvw9TkjDAkJBCP4+o6+ rP+bdla8xvTY2vkB+l2P4h+NVRRxszuR/9z1gF3I+8MRbpANT7zEr8Szs3RhO69R
eTRjYtGsgn4Z5JY5lMQirVxEy/Fd3gBRwGD85mDxrHKXtKT8j0ke7DjhAUuw2YoV N/Kz1nro4K7zZWh5xfkX49khdcOORwk7ecBojed8JJXS+hi3D25BA5l7hll1eC5s
uChtI1tGku9UZD3n9mbd515LXODVtbCXAJu2JYkearRMmOq+h0Pu22kGwo+9hYpm a90m4GVcZBvykdWd48VKmrdYttGAZTyW8afjfjSfPqN6Q21vHuNMec6MM1wXZsqZ
A/hr6XWNmQlytONCbIuNKyRTAt/CIA91trDVpnXqS/hIKdxFGx3OuYfHz2pELJUD nacCtsBJhfYrmOSdsFygTxg5Qsw6OC8EqFWZHtyUuXOUoFM5fJGC1nXCri/er9xq
lLcqpPhDYWsf5RoVykafGc76gUDzknIl8FdiFCD6NNJk+VjBUkPUvwCEIM6fyIPL HybJe5s8nbyK62Kc7QQPPU3oPMN8ApyvvL5NrKKF7OxFPX3XGIva1VAKgoBUsWUa
p07H7arnjZ0gJ6xxdyQlXwINqAMZ5DJ/dR0EgJtxJ7btzBtqZ4K4KyLlsDpLj8qY 44Usk/YQdw+3VngpUi7QJpn3fTbGMF31LHxoztmn7aNZ8cVDdidme096V+gbbUpq
OI1aTBH6UilHzQn5khZgC7XHuEHy1mHIbR9B5QeqqlwezWmtpmfPGVSv4UX3fRHa ay6QKYXnOWB6PclfewkY/G5ETwdRrB6jtJ1bwJ+0b2LBD7wU5cWBd/MeWBzYl4JO
h2yZ1QRqtvwalWPa97xj2fvQw7HbWtqF4scO0yLr0buvksZ+FWmc186t3zTdpnOY ZfpwfHuw3V8VQasdCVmqrzb6EA+8NLu34NxSzVEejItaMz2aawCHnGbHnYlTbvsK
Kvb1GK9VATs5UNjzpAdqqR/uPfqGyxjOZDM1BrDxVMejTL1bCCfzgpJ88A16tTIH JQ3/JHBu44dkMSFPwiUOONd1wa17SBtjOOnjFnz2IMGpkyhMNOjjw9Jq7CUMPGda
OvoLhY+8wUoZwaV4aaQIX2/Jq9H5EuXAJX1nffWbPdBusWlbUECf10DsIhjDw4r1 mcfhosZo/jxC+6ZrSybIJsmOzyasMsXxgRUvjGVjf8rpmhou5ThWJu8rlfWg6pia
PoPvqcjIuHNrp8Rs1G+COI1d4KHKN9mMgOxDTNgF1gKkkw33wEy7DRv7/b8ej/CY JbtyomU4c48lthqN/AaZNkkKlUsZg5uqHpO8jn1bOFVgREb2bOWnUzG9Y+SDxWV+
e9xLlTCQnXW+kAKs+OD179cHdHR42Jv80QEwB+Rx5m26mYsIcprqQf83Z2V4Gg1J 0IhwAq3FamYXMGAWGkmgr6xi2EJAXLPe14qy+p+GzQ3wEHu2lBLRTiAMpgJzqsXh
OYUCxd5T5G5rBdzLtRE+NipJJ0RqEKCEyc3RH39NXkg9LnP2XvA8zsByExwrruTb toundiL6kl9C0g6oawjx42JcOHITrjYtO1ySkFaFiynKT+dvBV2rNigWpUDrTxJv
6HZ5ojO7UvEXRZ2A/H9nu94C0+KPtER4mtESJFDq/k6Tn8MF+vw7k/2Dt2Us+TVI 308zWn9sGToO/iam0jSm0V9J0HptLw6BZhdqp/iZyre9wwouwP4uKzAY4Vi5clvu
q3do4FvUJfyZXmpX2LdDhgQE8CMb6B3hNPg+NSJX8KvCdWU8K79i+ppaSCknAaNq e0KMJXaMg1ykE8D0wg5MpxKPy1oIoSXoMbFKh/hAjZoxQTgotxoYMeGLe8FOYw+l
4cxYavHhYdHz2U9zQKLEJt8am2/Iyf2d46q6plUzvFj+DCFoD3z/yddRNqe0M1Wt 9pZSm0EwtL2ImAA/qyDp6A6245mc0W46sDE2vUyKMfWPNVFlnwCFackni/Rzg36M
tdgvklkymsJ6E/G+vpoDw89FeDA7oFc7mOgBsxZggi2X1WY2KUIqJqm5GwYy7j0J bVbxxpxGTY8GpSm4z4RI9EwwhbrdgzdyFD6qC8kXXGuXZpQ2n+e1ysdCmPSLcEy7
CGpHfQqU7WDvv9kvADEMOq+vIR17lpn9PRUluwutdaKNwICZEw4A9G7LuSNRhNz5 t0aXFBNyYMOI6eCBVNowQiZrQTp5aHxmxRgfeB/Ee45dfg2jvdryr7Cz6NO34kad
Me5pO1Tt2BRK7NtKCdiMiuKFq43ezOpMpCla2VCuEANA6iZwGJlz5iBFckCN2IsH Qv8gXyMx5Jfpjb6EIX/kGxliFbMFKUNB1DAVO1gJkL9mvsNa3nk1ZA5u7StcCRuH
NTNXA8oeL2sFcW+J9JVTsw4YnR/KYSgMlpoIU/l44fD+FMmC80+MwVPSe6QJkyKD z4Qq0ST2uEkv0OgT5UKh/SEW3OEg9AkF/G2kA1+4df192P3tP9JrJhFuxtcgrY/V
zXE9a/sP2WsAC2WEKiG71U38HDbRXzjyEVJcrTJAN/LSjIh/Ko3PFuuEvTu+2Rmk Q9mQV+R5MapirlP/OAmdMogkgktmfT0/VBUEup4I4bL6RTGr2Hs0KYUzcUNEbKEo
A+pOI2vbcEUlcS9qkQHuvSefxiIosSGR8HSWGr7BJMAnQ4/GYcPfJcib8vpN0l/n F24QXk8dri3SZf5WtIYW5cGflDptkKoUxGRsS5UHkfx8QXz1PG6PWpHR9Gy7SDQe
ID6LcyTTAUsPg8rYb7DeGuiwR43iW7wkReWc3HLO0p9N1UhYWQ9jy7Tf4L9NzK9B FvDIf7tegV8l2O7ak/v6TjoSyqXTq5IBjCpnmsHNoLd9pRVmfGwWzh6aL/CyeMqk
rZgAIPPrsoHuE22crg85aFU8JR1GHQyNJQnRirCCOOqS4B8t2ArY+bkuWrYj9JsT WOfOkIbKY4FIJUtU8dZmDRgEsq3O7cFnRdffFwAwodbrc9OAXdPHlpjAd7Ev/d6Q
xbYzTYYWhA3pytxm10NRGmwD4MU+SEdVGs+yvTo0YN6BJhm/OaHHFpWywNICO3F8 F3YRA5ndYXDktkUW0pPwmooCO7cKcYQsVFX9FeIt60Emvtd1+XY+zZF8i4kc38uP
NeO3+GBtaPXaxyZc1l7y6CJ1d7xGHnGkE3pQfkg4he8exYfyhdHpzxconSoOZ+XR sHaUBNYGAIlyZEyouBqEQyB11gc1/cQgxlc81izK+J7IXlwcYgmwq/jrpJ/mBeUM
ft4fqgk+tB6hyVGumlhyPz6ThWFMorxnJEgzIZR7iIuk4+ooiePjgTGjrtvp+rNb V3P4N1HqjfH2yc7fGnVLE86barIMsqtdrZ58kMLdZNiQiwe9DZzOWmIx5BSrqWEb
98e09SqpIxqWdiU4yCOwfkOg7hEb1SuJVoNFVLKoRMIgf4vBKIM0DBAv7wUebO61 tNtew/8ftKcMHrFAMyBkEArOWyyTty7QkvWlmAWDCGVt8rVuWIWlqk0gp2zATtMR
9JnhoQY20YMxSsVypdYeycF9TLIDreu+zufX6LNkZt+kq+oP7DyRodCB/4SIcRzv Fao6Io1thU2G8nPdEd0ntVssPQMmlhS4Bf16UAxpXUJ05KKgtyyzqxqWe+jGenxJ
tzXxNPUjnE5kHv4dxDXieBiC2S8zbQO2vaQ8kjf4/MOGjpP7eYBA7vK59kELCq0X /qu1JNzhlgjWPuFJ/qnm7+Vk0W/HFvwMiY95Jd+dAxhkqhk69PKVpcr6uBwKJRjn
b5ooYbxS2aUF/FbyTSRCIeNsCWUKMBmps0pS+MA1rpZ0zFxVRqdgmlpoMQ7AkjqB IHgr2jpEoyswZNKlRlZLMtiKEpc+sM1vnCgf5qIAUVi7WmSS7WxI4h9OUdTVjz4/
DI9B7RDDrW6ORZXX0D36Tcm+/PbJxf4QFmq7/SAWKPsZlN7GEYOAlRhfOr+XHHBy bjmJSDI7ekPdvoD1P6DvS6atTCgu0NgxkG15zSnqOD2q5+l87MGOiV6IL2vq/0Qk
91jPA+XdUDgKXt+y5kUxEcFRu14yGiCCUIOU7vbWxHqvXdiBMrjulAgduWJlVqgI oqwpKn2DCzLkO29XfVOPCZEyloJaufBlXWfqJIBA0EK9hQafa1q2ObXwQ9VT+JQW
CkI9QEDt2NNV/ElKxUS/PCnqCSWBpfg8u955rLijFchVD6sum7w9+X37tblXKeLC z+y25MbD5x7E7iqTTJPGNG+Lc1KVPVuryLz5aRsQdIa4AgvTZ0+Tgy2yt89tfZ2v
rn88xK/Wbi4NxZwEdp9OWbpavugUAe8ynkwBgfYIWP5CVbX+gP6BshyN7Sv23TWd 6dQ+VfyWTsHtwaympKDDGRKmk5qlhr88UkI9Km8d1bmTicg+94+ot20tJE43pyDp
kVUjudyfoXXBx6paTL64IgokxXvYMHXTPHmRkPhZhcPjOvaAS6SYr9FiE7cbtFCZ XpEohbQIfeNtYtkkOWRr+7Q9XBlq49FMBTFOoMv+ygcy2622WF7cSIFIIDUzh3UQ
yL1EcV03stmTO9x6mpJeWuoQs8mLllqzQFTwIKyLG/2gbOTI8Hjq3hWoVnSwDvxT Ca17U/TfyKbpoYxxeP5psXEI9q0fZg1N2Lc4CgyHt3CqTOZbie3+Vtsl3+YKZyJ8
xljQQQSqAGhLFhnGqnGHDqTUI0I31e7Yj1Nn4E3z43ft22Kq1+OSJ+g3LCHrqepZ Fwm11tlEMw67hezntqgf3ndcB0JRvoZSifIa3NLdYANJG+70yR3lG5Llly3kJ3w3
N160YqujX1Kd6/5t8dtnKFNjUlCy9gzJ6cy74pVyfQl4edAmMa1s/vZ12VEECXeg llKPCvy4theKWfYSAHxfx1+3nnPLV6PF7ZlTAZaHRukvKtnSOWb4Kvd06UWIN5Wi
hi+EmuMLquKZEVv+U0cNQxPfzm5x6LzWj7ibLkiWa8vDoa1//WGIWBcZX8v7HLN0 GiWjiYQS01VDdq2CWMQ6v5QR+KIt2lmse6mxwHg87UW6TR8FPsA4F6GBZA0W4IdH
42cNimy9xklYmdXVZ34711KHEhwRLpYfcrwNOttlwKOtfThkw0cW4bSatAmtguPd vLV2AjVR7G8UqWkcv7ETl/dE27daGrtF7Z82cO9x/9sBuFXJk8gxl7/rn9aOqRF0
SrpBwOpbTKI3am0yVsPCr0cgKmeMaNTZSEN5njDB84rsaLZ7aM23+s1UlJmyMQAi 2SY4CrMACJ8qnu9aakvtU+vN670pnFUAboIEG66jJ7Wd2SbhgXDOUmThzoZWezM4
/CCD9Lrl7S09s383KZNpNKmEUr4VZ9IQYipiDzN4wOI907mC6DWEVRh1II+bZeBM IIwVxlLlxqF4FJvPEQjI32UcoViUU4GkG5SgXerArXeYKRwRGoMMoNccUcar0rm6
cPQlrOrcfVqPqlNu8qiEyJUT/03Rb4xxAjH16EeeMcEIPs+BRujxEybRnBuPA9BO JuZMU58vcP9Uhz/HaRtaQUWjwG1N/I2Q1XJPX+Tzy4c3ae9pcoKoOFfL1VYSDLTI
oZ3pmIuN/NEFMBMZz7/VKoCbd0zapuV4KIMFzaEn5HmnHbP/DU9lSQKZcr/e0MHG 4KFH5ElGswcW7kHfsibCxrZc9Q3dP6bT+YteuGvbbSHgP1YFp0Iw4ok4Dzi8EWGp
7dnTM/zx2VxNk1f0b+yBjvZm15pV6FyjgGeldnl42Rq0uAzkYcs1gcKDmaEy9OVZ 6KvdCH5m1qZYJgawSVISnxLPLUdbqY/49uExMm+HcvO1fXNcbV2SF/KnhdJ26w5y
gNbu2k78DOtDhg58PRfBmX2luk951xf9F+PMe/K8KHSBqQQ+oD51kSUxuMPgQxA7 VcuMB1/ze/mG9MAerxoFBRIO29SRLhe39zsK2RNjDXDEi6R1q3F9oTQL/rCufOG5
rMxjdy8G+mfk63cYrWKZcNrr3vQ9e9w0oLjZ2dCtKsw7jLCxjAc0TIycSvn+bmOS Crl/ogQBFihF5Gyc8sqmVG6/f+p6dPcwHAX9US/WGI1zRR+qZ2TRW53zfe4CEgvi
kv4vg1BgsU5xTUVEK+6AIRc/bzOA7JkqMW5tsTYaQJ3szW3nYrTRjWMOIEG3ghvb YyRg6aniqaS15moIjoR2k7ieadjMPhw/zDIlvTbIjR10i1w2e97yTT3o7dvjAjQF
urJy/Jw0UBkozxP3zl0Neol8rrhAM6zFQXIE/nuOasAd6YF+TrFljIOIJIl4IgTV yJ6tcnCP7pX+WC0pEYF6LVQiIs1xEZFnsnug22YBFpYfyxVO7m3H7LTlZFjWdxpm
yTAQMeRXcFLYWRggFpdp3d/7a+M5d2p4lYbo58jydWPvqSF9/1PThswzHbDFT4fo 5JElz5wqdv7005yFo58JAs8fIpcD54VLQ9czDPpByq6M10JmasVc1EmdG98FgcuI
iFZK8EDY3wWjN55vyXusuB+8vOXMBLvamfTfFb5XDjZLeXp4jjoyaDf5dI3m65+K jGycJv0lloomv91iojQHTc3m1fCDrPcMMDeELBfoeP5Xpd4ZhHOBwx/BjdUfQHI+
xegr4fk0R0wvtdx4h1AtBb2C5myMLN3tUPQN6r9aEoc+U9ZiyFZinpaW8LGuqcyE DALW+hazukHzcsCamfYh6XffFbqXKBg2r+4An7z2Bnb6xoQRB3TW4yibQ5XhDasi
MIP4qWglDlE+7GaQbuvQfSsxcQ+YbQI62OyIgczsp6X8zMqKzhB0MgE6k5XSlYw4 kXsJ3m7Rx1Ja/scA8IqeEKD3xE2KWfARGBA4QSXv7/r3Q7/PHhCiBSQMZuLkPAxn
86IzcjlkdDYyDHNvQdmt+yfcqSrHsvBgkyD+ISr7zFrcW5WgCLuzi3WIlaRjgLfz RDDmyHFi4F4jU+L5zsrvy4qJ+nV6CwPIn5Py+6LuUnqe/ZHZv9MzsWbhbaChY+Gb
IDNUjroPB8xE+3YguefHdSoPF/Ai+lUzFXpRj9AE14JkH0WM9pPKc+JPgqlda2US uUYSfUVGbY3pdVIBiHymgmpHjlOxjDdD15WGRM8sI4yG0f6L0hCSm/fD0cIpihDZ
a6hLRd4+z4MF1HGbINbFWDmV2OiPDJrUzLcwaAHWu5QK+NyXlQWmYUB+iwOg7hyg HMikn2GaNYTS5A50+GkRQPfYnm+lKHN/enyD6vOHITFgqJufjk9TtFD6lt0l2kri
/gG9mYNUpzqtJghdu74HZxigX5jGUKQLthULGqDA2EL0vR2KCOMm9gLxeJkOrxqN O8Yx+o8fFvFaeFUBaTWpPMi/ffgZio3ih+vRQxlMX2G3JdDolPPuRTR5ZbH+a3f6
8YvCSpYUkaDvtIJcwExkfGu7LhiTXl5vvHrF0RDnhK7Q8QT9yQo7Er8Aay5ySRVi aAueSmT53IFvv7280mVHUPN0VtjqHdkOT8p/+xVy1VwCtl9h4xCLSQOKwwLzvEXw
ZFD9GhfQlix5cDox/YBNMyfSQm2T+O8WJdvVFWHF9mBX7ceUEg77EP65fjV+boY+ W64AQfaJ/tELAdB2k0l7tRO4tVlt0c94hgR1d2r67TZZzPC5y2tBspXL29SabgtY
ir4XmTJlZ01QUX/RuepGrm0969L1kpgwhpXIecyu2u3RKL4JTv6jLGpK69GMqNrB CRCpmaF09VIH3o05brlBrj0glYdy7t6U+TfMDunWiLCDmYtweCs9kGeESiruTHdr
Ol6zRufAgsUbFAzpvS7KeffSMQVeib6TthMSqiw5eTlUFj6stHMJzgnzu2tQphDb GTiWBojP4HAsGP+3qYD0nfMXKELYgaPC/xtl7A3ON5tR0pwDkSckCzrwHYKWL66X
TUkogk/41XGI2q8oMczv/4AL78eRQVTPTCU9MQGe9jdNlqrnbh6mSIXAxA+MUdpf KGOBDPW/o+Eq9BjwFN4n4lP4OXlcmGQqGBWHgnVSldditTAvFEEe1pokqQI0G6Cf
KzavSvbQWqnEEGQzsabx6nLQ5uPV+e5kDPs8IeEV83mi4Fg9v7YFrAtMf8nA30Vt 9/qeVR/kgY8/YmkwfSyL2b0xZMI1Yo7S54irqaP4j22vIKWA1RkrH9N0LV5sXAzy
eCHnZdgiQbaZQ6lt+hdiaJQ/+Edu9HM2v8aj1o0beiw8Zy++bGo3G32xazJVkFte XJxZVx0PCOFQVnyJqCNX29qfQ2j/KLmHfaK5ZESCdUzyvPEQkxt4NtQT+tGuJGBy
704GrOVWo5W0N0YGbzacvkI9ktZpwudcS7u5qp6HvATahMJpI0Pzujww+Y9j06JJ sWjK6jVA+CRw8xdLFZMwEZgoAhAVdW3bl75BmqSGGs72LvKs6535tfwsXMN4YJSe
xudfTJ6BgJlak458LUz37PrzSPuT0l8VGA7WUWeTTXjpNQ6WEiEcVyVmyHKbeB2+ x7Ax4n9HoH9zNsrJ4sFCsaI2jdGY5cj3XjB4oNcjutsMLj0xLg54wo5AAEHik+4G
5hIZKHnueZzqbtQjoBldChMeLRpYgA6RyrUxDJjRXrkPKdn0h5hgwyrYqdeQO9Wa qC9KPLpWIe7XXQFdUsMfByfqvFlj3iRERNdWCnhxk6xdXk29xaNgLh+uAEmG63Qb
5pfE2mZ4BJbOFLPZv8SMTKEnbR6a9bP6Fxhir80T30HiPW6Gc6Yk+yUx0aPfiRcJ 3DfVqsaCTed4N+gNf7sr/9xJ3PojwlcCXfCiO4h7J+tRw5m3bdOyhibVErHftemb
3qFKBOVuwrjEP1QZqVopm0XnjGr6pSii0+qk3f35bykpl15n/wRH3lVpPW1jFAlo 8skTeC6Sy27zEmeBj9suIyWeruTTAd77XzD7y+py6Mo7k0PV5nP7anGbVeKIZoSe
xKK9/9atIIy6+UejHD+tIgbVZD+FXcJKhtdf0by7WCOMnM7qaRrLqloEZlRVN8pD /pLC7TzSOaEzR/1fYia93Rz7ZD2weqp+j+OUgCipefeOeCs7nwPThu/Qki2Z0cki
283HqyRu+F05U+0bVL171kjRkPlb5FrtpqiRV3KswxP661pvIpVOGSh75izSb9fo F/pBP0xgIl2RRIPiInSWGq5WzfmdUo6BSkzz0PSJAa88yac7/Z/h8+rca7HGZzbB
YsdVCcSa/8jFS2VxugUa22efyOhAlCNQr+kwHTXztV3V5yMALNpnnUOd/t5IG6oI h1Y05I3Zx2oI2RxDW1ZS/x3ZEW1Qx14PNzpfKn4tyLIfCk02fZoA2YEb3s+NwASV
5PUAWfhPFco9b1em9v/XfaHwKt4+/buRfjIXiJOf9v54FoO6FESNXcyAPS9Fmd1S SaSz95eSz3gaaa7QcdwvXjy9Q9obcuZuQt57NofpkeL9R6sv1SJG0+3W/He8D9q/
lHSqrGKlD/lz5X7IbEq4tnZoBpkTMtbPnQrWUU+6HiHggjrh6goeLwKKp5IgtonX yW46YufMjtUUXCMmQecEBvUDNkr5BdAfAcpqtvEHx8mp+CKPOU0EfRaXC6+mtzYD
YmmGzyiLY34japtze8CfCyUZGtzkJqQIaYg2V7XF7aM068h1OVupmCYlkr3frM7Q lQQBHHBNXj0HwiKEMCmdJDMGv5hTwxLFJHPC0u4/cZLhebSqNxLM8siMH3zyua6z
HWssHhhcyVZ1q5pM2+5lEi6AZTblEVI/gwO6/0Efn47vwAwABCGKOR//MX877q7m L1YWygKvdhf09syokQVndzz7M9rz8pKqvosbVP3nn37Pu90jpEphZnY66cPbIQuR
Zcn1X1fxpT2V8hcEcgCOOmFWebIBdagvTDYu1QNBmGmKUTe9r1OTWhG2OEC8GgB7 BmjA2DLAImK/u2KQEtwNiiRYzWxmZxw+hiVMBaWHhmY0Dn5K+v3LQlnlUeIR5uwP
WMrNGS1i6wYDU712ZnjvLfUT45wsDgPBkGToecIEcT6PN/kjj33IYQDQGxxrXAuf /gdCM+F0Jy1FOPEfso9V/dVPa+sgXJc8Np42PGmgnbpNUR7+MMh1EQ+1iNq41Yuq
oZeYnioFc/7aRwh3tYjJNnNz7GpI/gVNwHJRwhufkVvJjlxqkE+sCGjgHaPo7n43 AsdKuq30cRy/5CC00IFz5tKDS0NpLKjEfa+LuZzPXd8i+MLthWEDPsi9/j+kwgjX
0ZzaA0OADyFmrLQeFDzeFElDUn/35LjU87CZSZxOisurHvzV4hpfQJtCuJh1FPBt 2QanQPnMj2kJ9sl5K22nMHtZWf0PI2B/3m3ic330yWaDJPm35z7UlYimwKLAPsg3
hC6ITgbq2hZSjPtyZEd0gYTyMhw+mdDyk/a+fbgquB5UcZDg7Kj8Kh738m+WLxYn 91JJxNt6f79/cqZbGOau01nffytR4/uSyra7AYmGUhSDFnd2FEpKTtzutURPKviy
wNiMwMbeaLMw6tnDt2D6GI6+qCjlBGydFm28El30EfimhifK0qj0utVgbNvhzgJe kDHUtu8OnJE+0jJrg6HIxyf7NzVhgYUESyMFyL+MHEbf4h4R+DoV8pdqVhJLk5Zu
XEJyXivslEzetRVvSRAy66COopqyDb/R/cKXJ2r7zgDmr1+Fq3OXB8ypw00km7gw Rtfejj0y6g53mq2e26I3y0iu9P9WMBowvmx3e5q0u+D8exIIM9V2aKfGFS0qynSB
0Tih89GOnyTMvTOVOFF9xaL3WL9lSEi1LjJ4S9XgNxiv6nCe4r2NW38Ql8RbF2jr O3BpRAofu6fjzSN6SxCaG/lCO40NIegIf+FXcehxr2eVV9+ql7dvc/bwOxer1bV4
XtOjGt4nY2KSaCtN/FMElqUilj3VtTmRRBzrjB8T9NpnfHSLbIgW9xevNHUeCZwB BBvuuRy9AO39kW0B8wCQDq/tzAIjxItCTM2deFxlwB/fAbbIG+a/PVBxA7T+aYsF
fgkpW+CjkywygPuogLtdq6tuqb5gE0GT9KBDRMTIlQYgdICvBnwDxVnAQreJ3HPH WGoNCxoFYe3TYXuVdp9FtSVlKIzW2E8LTT2pUfs1a7U22v4RnCFWTcjubRkaicoA
VhpRkJ5Yav/37Yq9YF8RSM7XqPuZm+YgZElNMMTHBVKfE5cW50fFWaZLzZHjjS1L eI5QRSnnESPlNF9Ci9TufpUPOxjOrImfoChuCftBoUUCLWSKktXKzICP3wrRt9Vs
75nd9FFceSjzhLMVC8sC7oWZqGdQBpcNg/BYBAn2Stf81ipSpz9WBoqQzNcO25Wb 8b8gb0Pg3hx5kSZjBJQ+yCeeRDGGEU9eTa8lsJTEitk=
qyGxUQfDvto9TVrJe+/7bCFqZbwx6RKZDUAnfgC4hs//PKm8Ts3+suSkwzfEpxN7
0cESXR3yioZNbkubxRXWzemAJzGn1G+Dk7MjoYQ3h6Pgjv7FJ2MDnmTDoJlL0jLI
zYNMz6izuerW2r5m3PXfkhffU7mlwn7Bo/6mbR6ztrsTOm6CbjdlkjjdSq4cMmX3
ZeUnehbRY/W4cGu9zMxJtNVGRTFAGV4zXGqjL8mTEHzA87OHf2BSJjOCM/V545U+
Td8ulTmmLG6hyNn3E+cL5Tinka/j92yxTzzUA2TU1uE=
B.3.10. S/MIME encrypted and signed reply over a simple message, B.3.10. S/MIME encrypted and signed reply over a simple message,
Wrapped Message with hcp_strong Wrapped Message with hcp_strong
This is a encrypted and signed S/MIME message using PKCS#7 This is a encrypted and signed S/MIME message using PKCS#7
envelopedData around signedData. The payload is a text/plain envelopedData around signedData. The payload is a text/plain
message. It uses the Wrapped Message header protection scheme with message. It uses the Wrapped Message header protection scheme with
the hcp_strong Header Confidentiality Policy. the hcp_strong Header Confidentiality Policy.
It has the following structure: It has the following structure:
skipping to change at page 111, line 18 skipping to change at page 111, line 37
Injected Headers with hcp_strong (+ Legacy Display) Injected Headers with hcp_strong (+ Legacy Display)
This is a encrypted and signed S/MIME message using PKCS#7 This is a encrypted and signed S/MIME message using PKCS#7
envelopedData around signedData. The payload is a text/plain envelopedData around signedData. The payload is a text/plain
message. It uses the Injected Headers header protection scheme with message. It uses the Injected Headers header protection scheme with
the hcp_strong Header Confidentiality Policy with a "Legacy Display" the hcp_strong Header Confidentiality Policy with a "Legacy Display"
part. part.
It has the following structure: It has the following structure:
└─╴application/pkcs7-mime [smime.p7m] 8150 bytes └─╴application/pkcs7-mime [smime.p7m] 7845 bytes
↧ (decrypts to) ↧ (decrypts to)
└─╴application/pkcs7-mime [smime.p7m] 5022 bytes └─╴application/pkcs7-mime [smime.p7m] 4794 bytes
⇩ (unwraps to) ⇩ (unwraps to)
└┬╴multipart/mixed 1075 bytes └─╴text/plain 431 bytes
├─╴text/plain 56 bytes
└─╴text/plain 373 bytes
Its contents are: Its contents are:
Content-Transfer-Encoding: base64 Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-mime; name="smime.p7m"; Content-Type: application/pkcs7-mime; name="smime.p7m";
smime-type="enveloped-data" smime-type="enveloped-data"
Subject: [...] Subject: [...]
Message-ID: <b10dcc75-cf43-5fd7-9e48-f932a9d68fb5@lhp.example> Message-ID: <b10dcc75-cf43-5fd7-9e48-f932a9d68fb5@lhp.example>
From: Alice <alice@smime.example> From: Alice <alice@smime.example>
To: Bob <bob@smime.example> To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 10:19:02 -0500 Date: Sat, 20 Feb 2021 10:19:02 -0500
MIIXfAYJKoZIhvcNAQcDoIIXbTCCF2kCAQAxggMQMIIBhAIBADBsMFUxDTALBgNV MIIWnAYJKoZIhvcNAQcDoIIWjTCCFokCAQAxggMQMIIBhAIBADBsMFUxDTALBgNV
BAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFN BAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFN
UFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhMPLSW9ETmXSs5CVIeh7j00 UFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhMPLSW9ETmXSs5CVIeh7j00
Boq0MA0GCSqGSIb3DQEBAQUABIIBAGqHqgj1xSnDA+I9w1gM5jscfj+VbIfCbhnx Boq0MA0GCSqGSIb3DQEBAQUABIIBACGdltueYBykYh99Md439ZT6COO0DuOkUssi
X0JP91o2lvOWKQP/faiuh+g/m0aWux3LmKbFTmeqI1GthooqMKdrsneFFPkq2YVr mv3sONO23lQTEH4IDhS8pYhggW0VuZxgSL6feXXdBPYdr8UHnTNZm2X8X2fSpZ+N
t/bKwwt9r/BHWX7YmC4IaUEt58wY5EpJjyNgxTS6W5rYW0L7Or1u4VavRwDQy6UB HcdEN21H71tpKrFHxIznR1bEU7/Zb0maRg8+O7g5f1cZb/e0dnjEOLQsEplkUKik
Z3PwtibHKXAWPRt0GdED9tUfwJodE2NUhpsww0GfbObN19UazD99Tb6l5ez64avb wZQmfi0FJaFRTGEdQh29pQ7Ww5rVltn8jyZvr6IFqVPjOlhYJ3SciUdJxygMnF1N
v6qp2I3T9K2777AyeI5mTPWLosR2e20ph8VVAaElK7eqoj6fNWUl9oCHEKZ2ugnu FyIBlmNShELvkr8C4huv3q2LOr02QN/W8TdflPIDakY5zijst5q6ILX6L2EypcuC
V4cMPsaqOAJFHnqFjoBCVtzMwKQUlSQdPD/G3M9QxD1eZyUA360wggGEAgEAMGww LBTFWAyWYCsechbb0ZyZVFzg7+Yj/ELIeOg7ZC0iPjQhaB9lluYwggGEAgEAMGww
VTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNh VTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNh
bXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkCEzB8R0APhiY6 bXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkCEzB8R0APhiY6
HGLS64MvlsDXhpQwDQYJKoZIhvcNAQEBBQAEggEAe+PncR8a8M2yRVIrPvFoFBJ/ HGLS64MvlsDXhpQwDQYJKoZIhvcNAQEBBQAEggEAAas3uwX/STpLX/lRqYFr8HSB
sjeT8XqP0JrDGQJAlltXX4VP4yv5f8QnxVyI4GPbmDE18nGDWewzgOcssAWZfuyP yVCdYgegxlTMbw98g/QmQgcNvrzFDvp6vF+VkGPOqTJAlFSQGJWraNLTmbBQ94i6
28Mwa8EFDstckvkFea4MvtoVbIZ1fj6zztvZeb0d/cMz9IWpM4qfaMrF9Ejk4jfE NXuQ3fDrGzr0Ll5RbvpB0VcqrejOrOojHrgkHKGl3DRTIH6tC4mgmOMYZToCev+H
AkagViFvjJ6168alDlLbJfAjFUAm3Kg9QMM3GVQrXlLxlhoOAANP+MzTZBk4a0/r bWpijRzWYdFH8wGQxwgfWKHF2AnXprLBxe6Uub+drp2fIrASfBehX3Aid+6gYP1h
LS0jU0v6KIq8T5bXj1pwGW/64+koLYA1ilvbMbN+G/1KucNgyYOc3++6LI50BzYX tOy57CV4WIRA9/Xr1fAyxkfmChdQHHBziiuvplUtSVVQf5UoB9lKkjRbJhCe45IJ
woOnmcNJtX32+f0kz33Zlbo1FNI+FGISzxYk3+ENNJbzOApIgRK8N/n6ky95fjCC mW2hG53SoHPyud6DIhDdUB0RzbTmnnSCnLNo03HohsszxDYJ3oa2Otu5UhvPxTCC
FE4GCSqGSIb3DQEHATAdBglghkgBZQMEAQIEEF8YHUGL0G/9JbgGJzcUb7iAghQg E24GCSqGSIb3DQEHATAdBglghkgBZQMEAQIEEN9CGuz4+n6t4epemVmxzYWAghNA
j91e8wyDIuHSPaIhkChDZUXsZphbmazatN+8ebg9nq7kB2HpmK4PyfOvv/kXpOdv 3D4c/K+3F1f4LD3bnX4C/QHDrrX+DwkHhmMT7SdnP5EfQngHFRFaLT14d39XpHOM
lMsP8vVjcQBneqza/wHl6Zj2HxqH0ou5sCSuiyfW55y8pquGuqLf77fb+htPIjmE sD7kubDwB5uW026zEoxDmgfcYPzeY1OKVzr/sakxiMRWybdMQyEkwQYWxVzaSTLm
+Cw+vCEUw/Y3ekJO3kTSBPoZIb7EWEJXM2LHQ2AW5eE2NhAi7XZVWfMKbSwsRx3d +pvssI56CmM/uImY6F/i8ncGRy2w+nuAjAhJFlXO9+NUzRPEweEoMccfZ8lX8yoo
LW28ErQcGCDYoF9CTGyGQ7dFn9snr/mi5lJk4nrEXr8wVJpqgfxvcZqhWEAndv2t Zy9e9LVvXQJ2gFyA9/Ny3NFXVlK7LbHIV3oAwztLE36nRBlrQRyUswvrYdowbS2u
9okudg/3f/kzY8A4yFfoapBF1SCT+ktTpWo9qSQ3gG1j/uPNhKIip2sCWBcwuyJX fVPzhi83lINf02rA+HJ9WWLRgQtc6oGDHJqEzXiMRQMuBFWj/6sdhISaoELUCSRo
MRv0DBTxObkpv1rgbLB8Rw/8TDRfPdrk/dttoRdqol/t/e/+Bx1KPMGRH86sPPLK 4ET9+D/hdrPpVuyUc7aglq9ihJnPV1Fod0ga0XHR9RziZgLqLknbroLOqj3mEFCd
2csc2fiEGUT4aOALq09mp1ayzHXHBqH6izqKGrR4LvTMEAMgnzbvhBSJVtS35Nu6 y18HXQbUOCxNuIw7SoLfFfoN/qV7hGOfkf3eFrChKmvD4A+FYezswa7lFq37Zkzs
LeJAgytmK3AI8NUzlPa9Wbxn1urGdP0vqisb7YcZ3hfZvifPiVgPgIcODL/6Uei9 hL7EeLHf8PhTPmQmQVd3EFVWhIUrNvR2Fy/lZOJjvokFLpsAfMyh/gL+4SMxJkYr
fL7yxqC5FR1DLzJh8KrZ6512xKNLWAH1A/RrY3KIPQUvZ2L1BtzVm1xvvju0m5oj MW5KtcDHH84o9J7ZYIZwhoc/Zr86uXtRVQN5cTJnPfMFsckBXD+KEWbTGuiXyzRJ
1pjWVs1OnfZbft/VCbhyxbpILmOW/XK3lhzRd7s6anzb1nioBPsFw5ToiXEKkbT6 ZtzqfVywRm+4MTWmmRHq0CRuHsrbE1WCGmQ2zIjdUIOG2+cge8Uc2aAttFVXfnXs
Pj3Yk+mWPGZbl6Q0pB+o9lgWtcNHr3fc4RIQfjM6H+WqV5VwozCA1CssSL07yYOi SZ3K1JHmRkvDug4qdR62lDDg6zfJNnsStk8ej+y0fLKZJy1qs7/MxcIRjxFaoEvr
jQArheZZjo0AsMlr5zOfPQTM/BlQIc9oFtFVs3Yes1pHGeX3c7xiQJ2aSNb2YtNk DdKbZk9Pk2pJutgsyU9p9bXN5qZdQWJSM6iZL0VVeolN0sZC1A61eeJUAzbytV5T
89toDxtEJpzwctlfbaWltjghW/fTBvXj/pDkSO3i2rI/XxuPror1BS5OO/4tB+BC 2ahvUGLR/zNMLSFyDUj4/et0/wuwqPVaLLT6VqrG1gylt9VAUm6nfDTj1n5mIerB
qj4Rvf4ZGYerXQuZtNiiv+xwvQ1wQOqVnEbzAx9d+gfh8xNzk7xoAuNUJL9JNyJS tVobrisydTBQ3wwDKY8s9t4kebInwfJx5l/lFaDg+BfMmZfIxph+CEVdaWE+ORgD
OnmM0pTPnHyRGFPFE49rE4rpRqWko1t5NHy/T67FZj0rGhssJR/y8RZf0Esqg1Mw 97FgoyL7j60qzJvInsEUe8Bb5cml8fyMMYGMlydDGHVUZUGI6OxFaJZMpAhuq37A
zHn0qVaCy1ZQimCM87D2+mvZMaD4VOYRanCWNYVOV6NLsjPxG84UCfuPSdNH6SZr 7z0/Y46ykepVvOzjZCBhNldwsW1AftSoWSEXHGbOmeI4rKELBiXqZ2TidS3Ny5Y5
ZXSy5M8KJgd2IkgxBVwCy//G4mBsgFnQUs2E0n5bh9HnQEQAB+ttVLElGtRitmrF WGRzzUYufn5rD4OULPIPbi25Fo7WydCFnOIHBSPaZNixaM4fcjSqCZcpXnuzKOGG
UiuJwzCVat0Lp8yQLk/FlLz13pqZSpABLdxKngIfBR7tTUd341/rcLadnF6u7gZA M6iGJ8F4rS3oFgXoeHDSM0CWnLS132zD/NKRklmLTiAgwEJ9BPG+NgNIIouZkv45
cl7ymFwoQT8pRg5yPHqFHoCxgreM6nXEr9Eh/ScaYKB5gKsPTdCGFKDOiJG2bxO9 EbFiYCGef4vBisukj0yDBvhlzTdrGAeHk2nqIF5B9DFc3GtuzKUjY/5xLQ9GIWuF
Y1RB/EvydEyoCQTLD3qdgFTqEoBqH8Z4u/jsxakqg2+qypO89Jo6QNhrZK8amuZ7 NFgu6DoHqVmoBaISDRKFlYr4vxqWsoW6a9+yIOcTqLL6ll9hu4Oc0SaYpPEZLV95
q0L+ltxcZRefx45cyYrzqTodXk8Gk4UxjD1qvj4nfK1l8JZY8cgEEkKEgCbrsyO4 io9pBC4N9HPS8tVBzd/GAeK/BUiv1zordIx9GgwB/200pNkUyAuQ+DXL4yv/MROX
mLnmMxvNT11PWqdMhXeQ9KyoDQEYb1Kkkr8VFu9PCsw4XvwP0u/DvvASM8XDawr/ Dp2tM0TvUNIQNpbcLSP3oGkEll1d2IvTFsKJMXBkCe/oASFUQDD0C4Upv7B6usoJ
krQtixD6aXo0ps13JPuzzXy21fJ1qwOnSBnJ3bIrllaeferjBFwmbaxzESi4UtK2 ZH5t1ne3dnxDQfBvhykXpWMxFEkktxpW5EwY5Cl7Br9f10LDX8wntj41F7ddxzDE
p0XwQpLKBh7LS+7KToClbvgzoqZO2mN+nTqn+mR+G2PXnW6KBFPsYaupBQoNoJAC xwk0GOkYfY7JTVnxefTyMCN8rYjEiQCa/KEgeZ2y9ORPG7tnDWpmSbRVOxPrmFDp
JwokhlrcdMZXy0C+YNNdmj8lgz3J/qNH7BFAhGYNaqMi9EODs4wBKxt4+WKuC1az sIHsnefohCbNuoLfWbcHsGX2nNQd7zSn4GRQWAUV2CP10/sVcsthEjTKsHrhMaVs
7lqbFMOy5eofcSl5txCZZyYjQp7aU5QE+2GkY867RtUqqJ6IrxEtt3BBKVZtBwWj PoBrhEos6wS2PBa4zLsFKTe85ORkowEW+n7TGU64Nz+TNR8w2xJqZrhJEiMvS51r
DeNAeX/UENoDi8bAxuQyggjGsM/ozgfq94q0i4wKThvGR2N7lfKs7dlF2Vk9zuWd uQ4fg1vijfgwPlmufZfH9UcTzZ4EpeRvTQp/Yrfc1uIfIliJSIqf2Vk3VJ1trJxj
G9m9MKXmZBk040HRtYDJlvXt7iuHpp/vvqlx4OoMf6QbG1nI3UT48PUHqHgNxbxW Jn0N5EDb/k3bNdxsD5GfuYgaO4bBtQ+8inywlbC7BXtpRJaEdE4xbPvQ/xARTV1r
NHPvNqQGW5ay44ZIbDmpTIAp3e9uUWGqS7F0bfAQJ/IEDnoizEFCL94MB00KCeAO SwTwK9cMhzB86GM8KUqLtNhvMOJLitfVRLlRcMYXYcpKaaBvXkPUtKDFU7adHC57
DBiKlneEHjY4EnsaKB9XwEjdEumhfveVgwpX9wn3PR9BDKZpWXIxc81I4C1B55QZ OOz8WCgazSrM29c8IIvKJKtxk0+zSZ5riscOhNXR7wuWPT1ZMMXWir0oKJIRO/Y1
zfKr0fGcvDRDVLIqFcI5/E2/D0+maSJdtvI3mHv0quU3wT863lDkKruz42ym/h6Y XptrfKa8goaSOE6abQZHMjdUwehU2W5epgZAz5XIUS0yBXpqv6f+NRpB75zazfNU
M0d9qr9+MHllxedB+l+Qo1LMmkNg8XtVBYmqtyOEA3eu20AqqX2a81YZj2S6qqW7 39buyaJnytIABH4r6777ft3oLe/JI0Eeput70P+imSENLRulQnafte7ZaGMSAsQF
fCwiLuSLNvrRxCrTOVkrgVRrKYynK7gFPZFRNaOMQLa3fv0mxiR59bVYSA7qh9OY v3RnekZqnYQnUSPU7hK7vn+sXbkf5tI6ntF7/XXY/BMrk7bAk2dvjiekscZy0Jsf
h7swt89nizA+IDKdaUpkN9zfhxo9IvkexukoaxbqHY+sYmy+ULLg9ZuJ9ZdiJpu6 CFKjpI9Y+dJ91+CXBGduBmavKSZ7xGdYayVKLyQ1SnGNw+IGm0sJ1fR9AzxGI3pa
waBgNKC/ELPvV1V/MwU6u08X+L+LZKnLRc1Ct/EOJlevDVm/MaHEcerKIUmkxUWP XPh55uuzGOFY5Y34kCO/+0KLbJ0ry7UQGGm8F3L1yLtKeFvYBj1pyAftb7VdMI3D
UDkQoUjjrIznQIODRYllw6E2pKK008gCglnm7er7VjE/yjEPzOdBuFAoRqatVsLL XlurTQ+03tPrWP21wFPpB9nZp7i+8JaH5gJSec0w9uooEXEZHkhoDzE/wK51uJgC
pCXATV+wySNzFgpxJWxHcGwRSs+JkWnw2rdbLQJOxrZr4v2rrNztx1BfA8WtGWmb wuPcTFMrXNI2nGaiNJW20FDTsOFZ0iit3cx54qT6w++P6iQRJOzAH2ncSkGz4DFC
vGXqztE2LV2mob/aK5Nb14ZzcySbt/rqqzJo2bGPU7TU++WxlOOPMVjjpURS6Do1 mHlYqgrY69jGWDa8Trg0RDBQH1aUAmOAlhmyVLumqBdpfQN7mppB97DNNVRsDhSY
HeTkgb7JYS65kCYDnr0hJMGdWJCEjqh1lSxOtc3q7R2tWbQokcU02rcFHFabA+4y VnnhvJH1YVzGJ1vxE50CLTfz8vDHgQmjLfab9IdJ2hb9McpWGGqLLw/u+363yxsv
Xc6rDQykW5xeB4XVJ0fO1QQ0L+k5WIj/9ZIifmO3kILrA7d++x39Ewnn/SrQ32Ex ijn5Raylovp5o7XF9t+NKpeGPNXamhbc22Yg08omXRsTv9RicnuPUK6WX9TGp6q6
lbsOIp4AMpyyUx34iNjsQXLUq70ixvWvs0R+B7gVdwa3w8KLgZUYkk6pR7pg06y3 9l6X/8rUNdDGKxwCfzVK2pknexty1h1rjMY7QQX5QD/MEZl2BHdVtjN2+DvoqqTZ
+R8CzTlKktxNSonU3AazQ4V1TWVcyMxZZTG5+MicEpSF1MUEvDmjuoZHfWv9HgYA N8T9ow7vZVKgTM0TWy9of78D8KLMW8mHsq6nHD9X97ROrkucD8avlQdjgTuHbQH2
K7G6hjQ8Q8y6+fY3rQiDDhAAGmLI9FDvoMDCQ1g3zHJuysZlXcOu4x8sCPTpz4O3 wXg1dxGGPQR+xDF4p40nfDvILWlEGndaYQH7qBJYvwE6uxO/6uk8otg8AzdfxRlK
GvtM5PIIB8K2NDeXucYc7jilElUX72sAYixlyoGWmCB+fM1yIgnKXITLRRcGnzr5 60DByDHk0N8JDQmek0bEHSy4CbuBZgDDZwQlAG7ade0WSRUZ0ZwHGPfFEozYNFG8
eB3Qjjb/2H/tIOdKysOg1u6Ki3ZwaHQZdLRwRxmQ/BUGxpX54WYAbL7Dv8CioRNy fCluzUuOOaPYUhDchIFYVOw30TwtoDwkEbcMzXXqBpXMzHD4Yk1TIKZY/ok9M3oa
wBrzuxldQaTqWsMyOsxpgPSIlzoJRRRrI8WLp2iK5PbKjaEXhdUXOD0zqbXV7KvJ Oei8xx3pPFJaxfSodmV/qXwv5b+f/UrmCwwC9gLIljzg26o2KZK9SGQfAMf5HbqN
EO/9efDUSocGHT4mfTNZHRCxT6AE+rNZ+vPoO6nUpfV0ZIrVEUm0Vi3TTLAvPAR2 yzp/RyMKr88w6urhdFdXI7UvPAcsi4wOOA4Q3ANX0T5E/3M9oGRyKpUridBt0Pfe
+loTHLSZQJzay4LknzauN0IsD2Gkr5YOYBP1mb8nqHGrZt+9wA5SPfPpBb0tqSzq Bmyr2Cq6yWDVs94OvPm6b1hOsOTx2KUTKKMTxWbbKjLKob7C6srYllc4x9AzjbJX
aRIBl5t+Nh3aTznqurQUXoJJlA9F6nXZQoFRwtMhgXqe1c2j9QrD/6r26+wPW2ZS XJu34KZxfbuRbL5mLzpu5BPXQE7VIZqwPXoYl+uvj4sAGq8RfHqpbeExVZAuGl+y
3VFH2ZDYLJP0t+wudEz0hdlqTgHqZrJal2tnqdE/Egh2Q81qDE6UiOEBsVa8cx69 Tb0gGtwaIyb3xTMV86tkjzMFprxMgbj+iHAeU0k2wbF09Cq2wXGddBUEH2XZYCgv
gWz4lfJ9ptmUGuxOjN/Wx/lo/V4apwrZlJarxhkg1DB5/s5rZXHgWen68HTg9nIa aviaalJRhNKIhvr0zmvugsjnsFlX91MYJwGJbw2TbSxLLcKK6Buan3e83SNVZGPi
cc4N7qBN0twqdDpWPebdEMuEms7KqnR/uW5uBTp5DpDRxTyu++71K76HhUaCB9J3 Tvvsyo4XebbkCxMy4Vnd+SYRfdPx2wfleJsq6LYqSrAA0DgvTjs/3hnVtGL1YQcd
98uyxSYBZdAl+7aDiKQn+HjJ4R2EaxBNtPiAwYkej24SasQ6sp51IcB+OeXyeIMn jttlij0V8i0VicD5bNUbB132G5qy2BoflCkwdjINBZcx56fXKMOJU5cAf+XGD68p
+EzweYVGn74tHQ0R5ZqBroPKpUYEVz536UCFHb5//9vvy14C1sMoaaqKn0TCZ55R shyNm+/cexdiiRjNGChN26m/yNiPAkCwrPacnj+Z/2DTvmFFutAtImSD5y30NOyH
zocRoFruFTkwRoEaNnfnB7g/CHrfvm+NIsbcYqIrmyM+FQsRv1SmJcjVxhrB/z9s YtxtuufCXPtwg1wzXcetvufyOHCquSLWIhB/usDLS8L/eqBJaezmF7dHa9oWLz22
6I6UwJVQNHXs/T05Z9yepEhY4UJDAS19NKDZoH6NTFD13O7PhbW48uf/9wVCH734 SjiGi+R/WqiSSFgBHAznUd7Wm9cUitJxLpMzVJDeotOGcFyVI0nXUR43B54+phJu
PeVT8swKZjBEfY0hVJ0I5Xh0TchKyUaMZzemCpf4U6/QE6poSggivtD7AF2uwwHN B5UBU5DSt8VbjehmLUa4VCw8q38vDbH7L4NkTd3pw38lNrNuzmRyIxcq6Ta/zUmn
4SlXi5cKjwZhk44GEIVRHkjam9OC611yNOJC3DRQrix5ibeXjdVHRYJOk4jCXJba CbWBfA6WoBHdaq+Lp8q3VNBE4IkVJObiYWtAegODFUIlvASixnUIYl3YePRXX8+5
hGxhJp21ZLPktke8lVR8BNSs7fJN6P0OahAuWaGxd/EfL6exWfTv+rm4nyDuCDBU QTGxKzosyzYBm2Xy9cA3DrEY7VviOjXzAtNozQRbiQY0dcmDpc1GocJPk7gNFtPO
FxbF2HcgR3b6AStXGhUKY+nNL93roNcpxU8sTRlJDHuuFUmp4jrGVKMs8mSvUyWJ BeCwMhlJ3+UVg+vMeX5lbAK3/gnMCSryxSgs9ku5v4ltN95KZxfOTmEXg2r1SdDz
BgL9PcNjfV155M+5ggj/VyipUv5feFKGiPa4wYq4zTWBMg3ysl3v4i9f3f2bxBMs pvwkAXzp0wTyD1v12fAexu5KpFTSqauxy0tR682iWElbxmPmqnxrU3Gii0Tass43
VwM21BgajuV2ilXi5lbNbLNgLDSeTH+VKEOWs230GfE4dsL+/06qsmVQMVowMtRN KUtV7fRY6Lw9DO/hcY4HCbL0uCeCi0YTsM52GPBNPyJkVzQjBAlATxmgSrW05+ND
xgHtzbcKOZcqKgZUe/lb82s4ZmY+EuKF+Uj2lXeGdFO/SeJ2X6A8thdFMnnUpkrS Ww3FoDL2ae81XWH4n3ZAZmRwTt3myeUm2UyBWDrXsQOb3MfENTrQDjoI4KjoHHyl
eJDZ0xo5B1abVVPldqGPK6d5bC6V8NovF02t24Y09T8FFE4PPdup/yKeZXCa5g8s k0BOS7MfR2SmSJh24aBsZgGuTekTVhcqzJHn68b2H5VkIaiSTS8LNBa12L37LpOK
VgztjBNQkrl5K81YBd6gMDMvMdzAfKnbHdzCmF4BvEiES6wpjE2jf7pTlFkrCEew 7jugg1RMU3KHdgSS4ZrfreHn6R3Mjz380TRwms+6fs4d55mqLWtnE6KMzm79cSw8
uva6sKsdcH/zPshz/BJCSYyNK9r0oy4moHWVrKLvOO9kTc9L+CYXG5TCmHRM1Ad6 flCcTKgYwpJdPX8qZR6BJKbR9kTeOdWcTgeJtoeWHMccVd7SLFa8Ya7MFAufnkX/
Itbv9249SBepyBJX9Usyf2NNaXvUtWIpZ1PmDH/ctWPqpVYnX9heLtaoDLmJB5aG nKyGteImetM81f2OuOc9s8tdvH6MnRBCGs6TLBJ/6HR7gvkAO8mm7Q7hF8T1f1hW
H4QROqKT/EIvaW23xzZsNr+Fa6lgaItjW1z5U4VLW3T19LX8uKpuNefu1fXKLaxY 7SBcWyV0ombMqutB+VxvKpzWhg+dozChhIVijh4uHCEhgHrDKgCRvQ0xdvPTce/f
nOSsFmsYh+dkJcyfb18W0bhXWPreC2ALI3yOcL5RH0Ix99fu9ivLQtkmUrGcL16c boPaajtf28SlJtoc+72AISoXv1QhQdInO5K36T0MhC47PTZMEVSYwkd+PluzO1ue
9sCqNZJjUbAENUYeGJYLVHnhEGgzHmYsHvp3LcbgBnzdTyPXanAek7Rl8VhIo0vl jVw9f4GfO9lmJ8Ly5VHT9auu/wLiJ7N1x1Fuyje1+hBU+eH6vtf/IPDZsYNTyo+7
a52LAE0Ld59Cz4Ta1wGDbQezt3wvwJSngKOmJYbraSn7YfmLviPbemeKo3/G2Yt5 r9hjMHdLYoDBqRplLxkEiOhD3j3VvJdTF0D84Ke97ICldKmdtpgTMeXgFI21OolZ
DVzqQBfelLUTdDIm4VGIrUv/UOwONBtlgnzaUOMXJdEE8+Ky95RKeajkPU2ipkSh dZWUeBo2xeqqgJWyNK0XykgOi6uLjs3pW72taG3q7pIgn66rHdQD5rixjisP2uTM
rv3rAdyNx+Hv+kt3PQEkScMhvLSrsbqiyx7nJyjewXzzyNZvu/4glNWZUGQfXzV2 yDznF+q5QbrtSAsQ3YoghwqLnxQnWrOp0swcef95tLHcJu6k3NNXiaMVVAZlWBIh
8+2Ce/zx77vugH8/UulNZntk4CP205P1KNPjQn6Nuw5OqerOOKWx/EIFEUmGmVA/ UJ/Hw679GGoXXVFveIzLA1gcThjJ7Y7IU7ipbx8JpczGUXkLjtEuOYxlBBm51q0d
Bf46FMejHnrPsEdFJu9eVGwpwF0ut+CaekLCPUhBOBTSCI3n+4f8G8ESTN2KJDQB F39q5YeNs0Z8DXg/Lo8xFgGKTzAuzDfmyM/vabHxFHTUJgyB/Dt/MrAGLztwvBjB
41u+LFN4vhJCq6m85SRcX+tc31GF9jYDXCcrvPFpU06FxKmmKv5rLISPVH9nfzyS sffTcVoAnzv5Fv2er9Qxgl7psksLwfRkV59IclGPrxfgwdZM21b0A3FURCGWvTMe
L3ZhsgUz5TURM2H8OaL5+mYpSpNJvIFajeqNAmWiXsUbZgMSes24ZEgvSjGc4SGd QLUm9pmb7HsvBfzixhvWU4Wo/OAtFWX59lSAlSeaNaRqtPNAiyj5mdnvJ7Ujl1FG
IlGCxAQDHbfFfoB6hhb1C9I/Xj36DqNRvqrW8zI+KprW0vDcq6r30/imHn4OE8W5 h+GAhGNn5yL27v9gvgkzBdUlq37eiNjjzu/m4YBZEkICz3buOVO2/io+vy1rxud5
jUA/dPpVFRRvMdSkeQfx81FlbNDOThSpNQkrhCEWwp47U6LXzGs7d/WJu8LoxuGh aMed7LnIqkXn8qXz2KPouU9BTiHwXLPby4FzKF6vJVF6q870R6b0WEYu0uRwTjLg
jQntq+bhctOqdnolTHSDp6wp6siguul0zobH3O8zP8KQ+y9CMJSKumgNATgvWUtY y2dHTpVSjU9rhTu4fHMbvgDBgvRKlY2GWf/d8DSb71lSgWVZvq6SYtjxJigqNKYq
2nDEPTUh5Tjp2MZ9IxVFH+ogsa1A2XRG2iSIKwSrSLzfzgVSTqO5SUATGJYs4qSk ekAKOGbchPbn0SRnlYkCCUzOzVI0nFs7SogYWbNv7lI1IkE5xW93Anpytzo6H7iQ
Kfaz8+i749PZTDtviMTQi1t6QnNH5vHezV5CBz4w3aE1CSDVQJPm3DreSNEXjnzV wX+1hB1jm/Q5iiBYTJU364NCqJ+a2H93H41Bf7PSMhoW+RvSoO7JUAsaOahQPjP8
Vy82bjcSw4LCA8bl05swwHmCysoqX/nluv+remcFOPfTEw/gciH5kjBhDhtEV4pz c1NAGqPTShgHDWE/1PUHRZ2+AjUOBY9tIe+NH/EF0zPY7uMXhm4srokBSdn1rosB
DKf4+Sr4OJ6Z1Qnfle3lL8xNCFScL4G7mu/dQnWLklhnlpmBG35elwvIPK+ZLU99 6NAnIxY9DDK5LiLrkpQXJJ3Dciifm7ivE+/FRK/4gb4RRwmjxTUtNv2c9Q3apdwX
MPsRMedK62OIkxIE9WzG5Hq2xMP//v67FT/wZuJ2qnXV59u5NlJNc0iWbo8yGy6z ZawER8MGwniMghNwU0plAdt5z+4aZ0nU6fW0S1eAsTZ1uR40BTf911sj2llFdEoL
ZQa3f7SIXoCQAgGbv16T+Hk1YsDFapC5HKLzAAKaWsd3ytmIoecsChRaOsKLla5h 2ZeUBYWm+lmx3MGtJIvYk93CmlJMBY8Mlcd1h/vT1FooJjt8EjjLBjzJhWacTbBO
GehI5HUD67UHjiBqarFwkZ80V4auIFzR6Lt9F+pb/HXyUKsGL33WwkES6TKOnxP+ 9/F7XjLzyEaG3v5u7C5T/mdDhYYyoQQj//M34pIUuGb8EL4Heq2wKX/k14QG7RBy
8hYBdWGWBZtC9tHkfvrdb2bQi8RNvnzez1zX8V8fCizEgAziDXaf2hWbipC4+xep PtKY8+Uso6DUFztfHwwyjafJKIcddFxiO/eQiIx813Uj/q5BGRRufrNcSVFAgDLE
hVf5mMD8KPaME9uD+Rb5Z+AlP+U7ka/d3wKh/DwDPn/4djy94SLJ1TxE4lpUaBm6 zTvGsoZGWkr7zxUw/cfoRAlzKa2h69SCFk4XcYkLLnQVEn27NXN3FhxQDH41f6qt
5EIIvnz5LoXEHizghqOIP74y/0FUggCWKEAMzCtLa/eBK3M68r9OFoznUy2QQeYc CpVIpqeJl300v5fDks3ne84iKGQkMnjdYRGJ2UzGvaxGA9NN28zdhPZKO3IqT3dC
i5Jx+vaP6J5GYffGNPXgL17777goCMNdN3UvWjf5ukDEhE6Q5v130nzlqG/3aKDS 2Nsq4TgBk/0wICjSg/vlMjaYVifBZo4H2Swb4CSbYh49S6upMHU+Kwx5R+x9TBNG
WSi/MrnZjvhtn3XZix7pb267F4hdBp4HZDG7yLZYRd+O7BoDArqciXlQg6gaI1wA vKK14gPzebpQxtjeX/oIJE9WEUS9/STuHpVRnuhYl5kbnD6XTOs2crZHpQlCNm75
2KlImv39QHhJF5aaNUaSYw9vMql0aKKG9OPCCvE/uSLGSbUNT7mf/fRMPznkatlC z4gqzHsG/ZXD//NkxsFPb6y7A0tmhol7wiEbLZf7r2O45YE/UGR5IcTcQ+q7dAu+
v8UhNIzE3T6bIIlr45gNQdvMZsAgQ+yg/hPFpkteawKdqhZL9cvyyXcr5/f24UE3 T6VXouyzcU927dN6PiKmVkd5E6+oR9zcMWopXvsR0cLR02+SzbtxIeQofq7TV4Gf
USxH7XiIobz76C93oK4gdEjBihN5uglkedwukwqt1/WAGiHBDpM+kbXuKNx/t4R3 ZaU+lNTzOusfGZR8erXiptDVThvRbk+SpjCydJUf6RKpmQ1TVod8tIEKH9JpBftn
tIMfrLdev5ssBTnBDuh8134RfxFHGHEOutrOd+ECZAIy4yPilypr44SfmKKjECUQ lhmZ6VHKEM939lifc2pDl9TkyX3I0QBoL01MuPRbpDJiDODIdZmbNltgmoE88maY
bCu/Jr6NkD+89ZjMo9hssAD9If6Ctu4ryx/jO2lZkUzzlDSs5WhwhIhTC4G2wzFj nZW3ZG6GhUjQsYSGEtuyZ6CkbC+dlGIWaVYQJM/YycxZ5QxasmgHwQ9jEgoMfXiS
p3YYRT1xvaDdkCwAD1gzInssQvTUDEkzHeWpCYSu2rZJHS4ccCiGGA9xhLceD7+h EfIBev7/ciyPU76nT/ZcExZ5OYaX9NHvNpL0KJzTNi7NXGK/JDI9gb6P1DTdwreH
4X4epNtb24KysAfBXYIY6HDKnVJ4FEApm53BcLbMGiuM430VfyeMLsTw9qSOFuyh 6FdwlkZe4ZX6TpCDrXl1FdL5bI6afUIZOpiiUZtICwVFTzYlhAlui0aD/79t0R0V
KBXW42iEw0ubD12cIKq3CuuTTYSQj+lIDxgNddD8T+WmPRWP+Oi7dLqGoJXRZyaT EjXZ0G3JdJmqdd50fqxVfcq/xwDOqqbJUvcVcWg2F6zAMfdwQFNGx1qpL2etFspL
RL0lj92WZ2h+/3P60RwV1+D4zc1x4ptNRG/KV5UVI9rjq801dLEZjayHDm4/Wnse vwe1mTu1UUP2gUBXpQyPrmf4EM768VaLjRoAFu2v4/M8zalr3WOtokr9YfiFRPEH
raZJV5bFsui/N+MyODq9WTDlHF5GgxAa8Lyc+muDOPOQffIccX+YfaL0aBueXemV EYAdFENn6A7DDE9uhFPJ+qasySYc1NwmdGtXVS5ynJw4GERicu7mJAa/L5fVzd6n
TrVyq9wE+EXFj9V67c/9iGMVqhjT1Fvq0kCP7ROlPBnJIwO2SzMWKjQLpE0rLZ5g xDKBsoZSv0yR+1I5Nl+79Q7L5xE10bITWIL00J8pxTE=
nmb6Ii3qM79NNCZHAPMkbdvRGkCfURrR+s/Yi0GXRcF0oT2h8eIwTR9xTFgDFtcT
lQgVNoS2UcJYJ5k/+q+WQRtRkX39ATSR0HuO2Xfi76p/TnLOqzIKVeesB1BIs4Fo
DYoG3nvcSItb/G3wLrkryWtRbktpBaEHIDtYrWtITkM2sx6qjQuBmk9NdRQtIfch
u6MSTmNwqpKIj0rSJ4h/IV5pC9FGxrvF0bVqMU0+CzXHOjjfa+XQWPEZAT1ijOQA
x8UuwNnS1G6MeJGd5oXIzA==
B.3.13. S/MIME encrypted and signed over a complex message, Wrapped B.3.13. S/MIME encrypted and signed over a complex message, Wrapped
Message with hcp_minimal Message with hcp_minimal
This is a encrypted and signed S/MIME message using PKCS#7 This is a encrypted and signed S/MIME message using PKCS#7
envelopedData around signedData. The payload is a multipart/ envelopedData around signedData. The payload is a multipart/
alternative message with an inline image/png attachment. It uses the alternative message with an inline image/png attachment. It uses the
Wrapped Message header protection scheme with the hcp_minimal Header Wrapped Message header protection scheme with the hcp_minimal Header
Confidentiality Policy. Confidentiality Policy.
It has the following structure: It has the following structure:
└─╴application/pkcs7-mime [smime.p7m] 9450 bytes └─╴application/pkcs7-mime [smime.p7m] 9470 bytes
↧ (decrypts to) ↧ (decrypts to)
└─╴application/pkcs7-mime [smime.p7m] 5982 bytes └─╴application/pkcs7-mime [smime.p7m] 6002 bytes
⇩ (unwraps to) ⇩ (unwraps to)
└┬╴message/rfc822 1805 bytes └┬╴message/rfc822 1819 bytes
└┬╴multipart/mixed 1741 bytes └┬╴multipart/mixed 1755 bytes
├┬╴multipart/alternative 1118 bytes ├┬╴multipart/alternative 1132 bytes
│├─╴text/plain 375 bytes │├─╴text/plain 375 bytes
│└─╴text/html 459 bytes │└─╴text/html 473 bytes
└─╴image/png inline 232 bytes └─╴image/png inline 232 bytes
Its contents are: Its contents are:
Content-Transfer-Encoding: base64 Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-mime; name="smime.p7m"; Content-Type: application/pkcs7-mime; name="smime.p7m";
smime-type="enveloped-data" smime-type="enveloped-data"
Subject: [...] Subject: [...]
Message-ID: Message-ID:
<smime-enc-signed-complex-wrapped-minimal@lhp.example> <smime-enc-signed-complex-wrapped-minimal@lhp.example>
From: Alice <alice@smime.example> From: Alice <alice@smime.example>
To: Bob <bob@smime.example> To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 12:08:02 -0500 Date: Sat, 20 Feb 2021 12:08:02 -0500
MIIbPAYJKoZIhvcNAQcDoIIbLTCCGykCAQAxggMQMIIBhAIBADBsMFUxDTALBgNV MIIbTAYJKoZIhvcNAQcDoIIbPTCCGzkCAQAxggMQMIIBhAIBADBsMFUxDTALBgNV
BAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFN BAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFN
UFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhMPLSW9ETmXSs5CVIeh7j00 UFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhMPLSW9ETmXSs5CVIeh7j00
Boq0MA0GCSqGSIb3DQEBAQUABIIBAFXRckr86ZKdjwWngyWuYzh2C83A2vwhjy3X Boq0MA0GCSqGSIb3DQEBAQUABIIBABfhanpcfRrENuk7s3Y/t208MLeCOtKAgVuq
CIP40KUvi3zDTIC3bHcS4J2+dfZughLHJ4zAUpLaV9aE/mXRFOR4R7+KFsqgFMq/ +YxkFGf1eaxIShygOHSwbXnGM+P3BCMmQ+iTm3smLm5KvZdO1e9Mle4QERyC2//p
AdZYFzPSolrBVrX4mJ/S33n9o4C8liWpYKOHTuCuaIQoncwJnxMjC3MNkTz3IQu7 VNSbK6NWD+5sFc9YMZ9BrQDIkQ3gSDtVpZiCoNUh/IFYw0d0Bu55kTxrD1iIbPdx
bA+8YQsXHKfxgYx/fDqE+M0vQ3WXdN3hNqFV1/vvn9XBcJ4vEqJUWbh20jrq6SWH rPSwuyLw43V+ytTi+PpnlxvI7mGYNLZxHkFIaY1zqjpqdMphNko5TZBE2tXZP37+
LA4Rf0ehkqkTO2eLfW816sEgRDjbmz9YnwPZI+9v9lTA54DOUHqGRCc4bF22Oauv MQ6slzZZ4nnUDIPO9u85PlEabQM4zbTd3gpdri8wZnNb16kqnoMR5/uv8JmAgvEw
cSMSlXYqYc5t7GG+m4FJr0ojYP2mfqO2fqD5MAWREKiXps55bM8wggGEAgEAMGww hYY1akgApGMqM9G7wjVSd3vk2kXPR8iPUP7dszHXdlbog0G7hlEwggGEAgEAMGww
VTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNh VTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNh
bXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkCEzB8R0APhiY6 bXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkCEzB8R0APhiY6
HGLS64MvlsDXhpQwDQYJKoZIhvcNAQEBBQAEggEAX2QNNJI5Eh2BB+XRtjP6Xj8w HGLS64MvlsDXhpQwDQYJKoZIhvcNAQEBBQAEggEAEn22GWE7bdTRn4fqNM0tQeXb
I99B8w98DcikKNcEO97Wubdh2e6zqTd5ZcN/l4RxDDC0eo63xq5urZxpjPQMDHNO NqN2BYvLUaMBiM4mpghZq9GH3NcmFADp6SMPjrh871dh7aKLQhOsBKLZ5eMlTUJr
VssAn8w9g5jZ3HSCqGlPqf91uRuZysIqA1QftgYEgMoyv3SJDsTviruYnPlOk3QZ 3CcxczSGd+8urr8fnH2/aHmarkkz8YE8eUNIPlcCJbkAuw8cskDdHgE/xPYpcNsC
rQhq9crW5eMPwcU3pR0fz9RBnUsCA2YSZtZ1Gv46IzxmPIhgn4EFX3gQE5P6Eh/k J5mwtcVnenPFt5M6Xg2TeaY7MYLV3nkToPhAr4wJsE+wFQv5sHSzP+W/HmoPzvxF
IGdNg4egeONZfpHJu2od14RrII/3keYC8dW5PwqJ2O5M8glq0tcERYG+9G1R85vT cpG3JKqI0oMnmbvWjqFKBc31HsFrr6LOhilpt/WS5N9OiFvld9VdsxX4ihoXfHCh
LVh4+wzEUKqUBG0ZcNuuB4XCH83w18aOhnVG5MkHblyqJVujKuVBlMzS5lwzBTCC KORL5MqJo+dW7iamwXl/EiqbT84z0r865OfvwgWFct2bjs6O1vSR8O3LrHTP2DCC
GA4GCSqGSIb3DQEHATAdBglghkgBZQMEAQIEEC83L317JnRlmVmZGWUVqz6Aghfg GB4GCSqGSIb3DQEHATAdBglghkgBZQMEAQIEEAVgmUQkXr9d9o0OLLRDaHKAghfw
Dhdevr/n3aQc13mAIW+gC2eax7HfkRXLt5pfz22kYNixmJQTrGScKgeySwqUIaqC AN3p9ViMzS3HiNWsI5FdjO0ONoey+zwgLD/6NT+kvHSdrO8mVxkiSlqiMlU+p73o
sSIOtsX9PkCc0oTY9fer0LFSFCts+Z9N6Br6R7XA4o1Q4+rIiJKAgkxRZaN8HUZi tuGu2G95XIXZhfdSa+FaFHo9R0+hPc1hRgwIOaKnanBcib69zehPF/v4PzgniUi0
DMrz3JPbIRAmSyP3snRlbLpHZWHBml1PaE//wIjBX5JyHwIUSMbfKqZAxunlzuvX /l02qOvemyfDyUNepw/LItyoTFFf0h8KxdqSrXAIOUYeaxjVqk5rdjh0WZ8k7rI4
23zJx7bu9CZBfo3oUF54zLWFNIWSd8Av6TCo8fNFB4nb5CCeUNumnAEOI/gZqhSu BMNXgFeiQzKr49+jME51mkjDNulUZiNhuEHpHLwiNfDOUybSoLyN01ZTC7ckSpV4
/RdeMvB+HtAc8MiXyOZGbWVL05EUWIczY0rVFqU7S1MmlDX646Jh+2hBDkExTGLz FT1+m7FH+LRwAo5ZqugK4i8CXbkqRByxpt8b+oPZz+7mM+L1bPNENBSk84eVfNQu
wjWnJ5QvjY375XxHB5SMidNuCWV+/ZxyYPy7GkFZCmsvjPb6J97ABSRJ03t2X67p 6cppe6/gCjdel+Zwr31mwdQ7TGt+nhgQU4+ZdtcEG9zZfcZ2EFxrYasInDZx6pY8
yNz16lijBj7vepUuZvPbYc/Wn6oy2tbTPww1OeWkw/LtzmbNGzMm+f1FWVvuxxpY W1qmI11VESiGBVq6mbDn6QzQRPIZwdxz5mIjm1ghHcNuBLgTnzBXGOANLsYrgWh8
9pxluovr69RfrHzbl7f6Dl2EGVbvCD5yjXxARqXkR+2Nr43KmhLcuaKnrjHdKooG noVnm6548GvXbYygAghYOljGIrIA9k7wZzfyedIhYYEc07BKHE6x0rNtAZsEs1JO
XaFmlLfY/A62d9btJd+U2uFFc156PVl+40/q8CVO73bSIZqPEo1MFN9pCs/x6mX3 Kln/cI3vAn425+Pfr8AJkzBnzzPwcBlDkUsxu2RNbuxAKD+OIIa3gnXk0hdQc4pz
RVgzipeItwteQdd8xcBvwYHX18lRVO5j7tql7KqKe2zTGDW4Mm9cy9Jg2o/9CESE LJ80AT0AQ1IKReaqa3WFYTDzZ9vqF+MECs5t3CqYpYk0T2dk27pa7K+O3NzklRe6
IDv0nO5Gr1NP4wcu1y0Y0uoZjIK402enFrRAjWKx12ai/iTFfJH05QwkQLWrOycq gxoCneYhsbNvzBTRhZeZFlt6jhoyhWdD0IZQC+G9WKXyYi1j56x2c04MCTMDse7y
0sHjaqtDgDaTSpSIdctC42QkvoikltgeEyjFC11zbt4CjD9bYI8/MoqN6MjltwI9 qBiHsCK8qWkz6PqFz0VhiorX7j7Ke+qTylHEF3jNlBEM1xoW5pHp8Jvg5JeUYK2A
G5TVT03tyBNaEfZrUkcM/CDd85hkClVnX2tBF28T63Ozui9GbVFviW9WUs+I02Je HovLtRQiF4suTS/f/FltIZzSY8eYs1czdmCFJVAzdDdHAwTiqu17d1R/v5Ypr4N9
KWN6llM7UWNb5XIwR//UG2fWxhvFK3aJzhEIHRV9JBQAQfzK2EVOZsRomgmOBnRg GyeXRUZWmHKZ7d1ixriYwwCWSaT5MAtoO/mIFamf5CMhUcxCLkmdRx23T4UCa/yf
mvOMH14trTNPaOcBn/SzdJ4ZW6FvvYjVpH3x4bJ2+pvWWL38t3jY0MgsfXzq/s19 ffZbPBCO23GzAG4WJOKPyCVWBjIyMlTPinYq4cOlnEqTom3CHYLFNuwAaD0iehuP
mvOhoIG7+UcchsQGYR5zrRDIb3oSc+hIJyHk/wkPM5a/iUFCvCIpGGw8ytP6ywhh aAqYtMETlFXyu7+AtkWqBgbwmec3z8LLIJzWt1IOb9opoP9QIhTy7aUePT42eA9n
O5KBYA/iEw9mjfJP6t9LWTky1pANXCYYxPXGqBQEQTc0i/yYIIYMwhvyBDiBAcS9 2r4rorVK4c7HxNCswBlSKbQrELyz1JiUcYeqPArb/jDE/LlgFH/D+wrL1zIAgR8E
aAbhlsPEjP2OO978H4MjdMpYlc9ftI62beqXnWRYq7SutLwG9xrdQo0NNyPhxBcB kxzGBaPmxxq6dhDdHeEAU3oqoWbt4e0Fy+bVoiw54O+e5NbvtM1+HAeKXzAy3fX+
h3xR9xNgkC3giBi7DVj30uzDSTVZaSzNf5dtctS4T3SlBGeeqiio0uczevPxwHQp Y8iavBhuLB0iDSDarP2Exc2dDO+rQOk6EYCvqaYh4WRA4iRe4hsW4WrwA9ccLGVi
xQibg4IbVKSDyETS6TIVL+sDliAWiPTjozptNzXN3ZNxk6pEM2Dtp+6kuje/KHxU +eTdml0/uJn59CcjEFs5bicctGtxTohpuzYE4V2BBBwXNu4KFvG1USuVdsH84Mhl
mbNiR4u4j/0/+lsOlCPtXiso25Zy5Db4FeWC+0kLHcMfRRcHTW1BJGBcHAtDlcwJ TtTo4ptQly0u90eyWWlSdaJORBMRMCj2AY+wvldRFpx10NtbGwQ7PtmemZktZgyf
RnMQK+RSRRGUI6B/bRUsosAWDk766bgJj42Q6YE/047amHvhtgCScqYaELG8G8+T UjL69zbu0qVOWW6h686uoOTkF1D6K2spPd7nLZjsu1KJjLCdQgbJNU20z3RswPq7
rG647BR/rxj/tMX5EKlQvc3qm+/MMc+LprO0WGVWMrGV4T64H5kcbvP0ai7nU/X+ cSK659Uv7h/kagEhlY9AhEjtXCbYxP/Tb7ieUQV+CmeGPM0xQceWd/LnSudqh3ZB
I6L3VA6v35uWbwi8sfzcrjXh6tyZ5dTSM14T0xkuyzXbahTTEL2+UxXH11qbxh/A slRv7nDgIaKqoF5dZB8AASqs1W9f62CRy/Kgu+D0kbLvc4unid8yS/CiFXsPGkAw
ZWHpYu9NNocE4/V36BZ+sbsisu6G9dwEAEtX+/rB3U9hm2QJ57lG05SAZ2mrcU+Y LJwd5nihVJC2jw2GrfP17yhNW8TR87nbR/faqoyWmQkjqyw+ezNIkgRM2Tr98fe+
x+tbMRIBz5dqJSN4hkL4r3ySMjU+p2hSWNWHYX2LHqjywM3+l0Dubjr9BvJAlatn CTofmHuFAOCAn4q9q40+p6YCDDJCYbyyP2nLIpaOZBpVNtoysfkvH7bBWC5qrFt+
uawkgIOLgEbr7BYqyfgr+/2HVrYTu+w7kGWHnGyEZgB9dIZ/kmSdJLJbW8qVdh9s xK7YzlPi4Dtw08K5F8nqaPdgJY5hSKoP2fPrJBwx40s92rOalZEdNA+Ig8zcMwqo
v1Z1BJB7ZWIpQd/kI7EXEm/OQsNM7soCrDZycDLDqy3n8G8Y2pu4QkOjvqpjP89v EYRE3BKxPBgChWxjuMcowBkNz6ZJzBSsfPfYHz0/9NdDStBl32M29oNN5XBIYjbD
T/TssRnDi7wOJ9+3RldrycQSnexuO57PsBQezZHMDbiZ4rRu1heolgsggygdpeWM sS1NqmK7vJVkrszIn8w5t1VQQo6B7SG34/sMPRZvfXLGvwDO0sn5g5NBJ2to323R
gRS58oqxDakL6S2n5uM1xcBMhY8NBHZQfOvcU0koJo7hbFFoxzRzo+USxJDsOuuj rpNwXHRQao1O6IARwxTSCLk7+r7mjz3U3Cz0YTWpuZZK3yMKg9JbxAN6rG6fb02+
+NhqRmVo/Wp0er5yKdeEdeqoqeOSq9IrS/txX58DX2lP/Wnohn47dm3tRE4eImj5 tideDrU5ibGI+VpBxPaoO/q7XBWks3Q3RX45O2uoAPkYNBr4D6PoMXq1zrtMoSg+
VsCOyBV3LNTnu0vsWGi6sm5wRLXvQtSmfwTCPwexiTUFjyz/UEpQBUONx5TWhiON PDKGTuZaw3RQ+5ED4tFWUl1VQACLDszT4Q/7RWkfF51b2aswy97gEoRCEUYc7GA/
kBeoz3OFR7SNj0vmLVVny5cIMa5CWqZ0F87ycT7vFzwo/X1QQppmcnEVysipM8XB KDSyviz8kGxEF/KxqGFZhYB1/Xs2VA/o1XUZsbR2YX/mhfn4iEvMUl+vI63YEkbR
e5AoYlMkcDf0Lh+NFtbksT8giOHoWHhM8pnQSRgScM2TdXC2+YayIb3G4ukgdOTh KTQdM2UEw1MaqKSSyo4TGJ8WXG1WerWQ1Vpxn2HmeOb7mIYw0CC5vMrDsYJ4Dz4f
KT8YJolbeEZrzegm15LBwcUftfAcUcxt20MUExVZSf/qQuKmcmwyFrle4thxK9yb rAG3v2iqqG7aLpbnXe8BYLVMgcnciJWfav2lWNVUnHhG1IyeOvuvQRBtO9RizxSK
CAHCNBa8iYyKU6qAdjWX+aH6UoRI/7ysWlx6SupMf8Bd2Ghk+iUllT8CrORNi2Lb fe/5rjxBBa7sPu8WDESre5Xg/C8GdbKk4vjxM6pUnYKLMGxpHO/XXWDlaIV4IuIG
M2SjZwKA/zNn4W584bAoV6fiwka4IgXh5SvszkU3c7OJYXtRuJwD5q/TpY+0fiAg HnfUZ9UzR3cilV53bmuWKlAOMqvJ3QcvO1tXdcQvk535uMu3VgRyrwd1wDbVRH2h
EOoPrqLiTTrEDE9obzPh9lDHGlF85m7WRjqtTmbgHYjuHqydXYAG37QgWMnyoSAF /ZTW5YEO95wjcCVjfD4YTXZOoinKBFt7vv2WDfCVOYQ4Frkertg/E/V+jcJ0usoS
YVHWqh7UhFoFvsHpn1Gxp2aqznkw2qXzoGZYoaCfTJ6cXbJNNID4n16eRztv1bOO qFny9JE2WQ3NSkYb1SEYQD0oiWH/6++kjknuMpWP2Ubc9UTERVD81RGPBNL+vAr5
XLVG41ldICCbOH6pmA28+DbNKQBx7cB/ZSpfwD/pQCNg4IXUuJA22p0WRdd+2yVw ItFtD8iwBROCZg8iB3dWaM6Gs2zu1sYZCWvn18XVrHkQjvqvliIeD9pyrmGKBqc6
7fPWdABaWydzQtKgN7HnXWCogt6fkz50t8gLkY1F1Q9pRzLDBZO0O/bCMlvPXy4i jdlFfhY0Q4Ucy3GxE9yz/WT2SWWXOUmq9PiAzOoh2jg45w7BWmsDnRx5WOwoaJvI
rXGP3BgH06G05OIzxcs9/EbNereRb0/OzXmd+A0wTDaBarQJYNu5IyaV4EIhVLBj 1W+BXT1K/ajqnzDQELZCYLElG4jbkqmUvpkm6wtZ4vs3xwNMGo5vVLUkudC4ybag
7x/tYSf+74o9uuw1hjiz10u57ZluHI2LfXcITXRufM3+i4VBlI+RSe9uUgv3dWcr nHrfb0t42o0IM4mtJOePslIEgLQ4dh3pd1hYFlOjcdwatHJ4yKjhli9UbjWcRFkV
zwqzUsMLxqGpVLUyISDoMMjIueIVLKg5TlsLIrjXyQVwj+ZX0mEpubL9US3AKDjr Brzh1obPcv1pAx9ExiwJqp91ETrdGk0I/Kwr4sacP9+yb9tnuP9Y8M7KXn+K7Y5t
UG09davXIkfK5OAPIJn4T9YOmw+bwtt39GCcd0ITKpX1rHhblJQKy7f5yqm3XNPo p6OXGLEAQsltWjK9b7XRI5y0FJwkMGFFjvKIVgLwDkeIYK5SNqsCgB+MoSwprtgJ
Pw9l2XAYAJ/vnvHoiXwp9pVYWqGY2qoLuCg5VLzlHgQIN+mN0OdzSqGG3KW8s+LP X7XWtd/6RICinOH+1AnAeB/WUVox4634qyh2GZC8vRvc2xNdKFDcLA3giC2/ltpb
9cb5oOw23VSA2AGjEYiEuFcunP5aZMCT8o0wh5J08a04/zwV3+IkaMRfC1ZPgyyz CeQULpERCoy5Q/1jo+ShZSSmw3JbdcJFuDP4varTgf7Ft9mAWnd8xPtkTTYKgzMo
YZ7NNh+v2RvR3VeW/QMPOFB6lTnzcHcYQdmK/DY9/BPrmm94yDS9t+wPfvVN67Ce ZO6nxNnMdNBu/3+NYWVTSXuq4OFUEmhkftP+GbVdU89jSr2oXsmTSd2PMWOUnNgN
zIkk4arX9S2KEJ3mOH0Usky4Co665+9R968xOjzSlUYaPdqmRb46TvYJ8BzmcUH2 oJK7meDsHkOPjT1mg05wvvRy9FHN6TNWEfSAAVeJHJOyoSRQDdRtmek/9AXecNb9
fXMAjPRsxaBeApglXFOPVCDR+H/6Y7T2lqkKWQCZqsIcOIPlD1YVILdPJFTRwXrm wyKXyw3aGL1wB49hC4AE+w6zw8uAHNF6xYGBLaxW9jWyN+EEYG5mb5Co9MPsqTEa
N85n+wflN50jpAoKKEg6CAsxgR8YxemQB1TFMee02Iv8j2Z2gpnu2TQALVo5dyjV +Nx4CMoj3VLFmk3Q8aYtIEmyQBkjY10pGAix8oINf9TTWvAgrHimCBQhsztQoHgz
PykeuGpWooq9za2hdLQkolkfCmn619yzAsfZIb1eFVNxyMvZO8BdtyZQ/u08eneT uByvSyCbvendL4o2BsiozGAhUM21HC9lL2FdtgVKEmYyXZEGWSdhMY7UD7uIPauo
4a9bAEXzzNTT2iDTXj1mlhO/ifXojWiEyTBUqNeT1eAnD+pNiLqZEQHqtlev1T5w 7/+5o46AS1ZBAynSHi8oAETNni/oy47O4a7yinNNcAsG+ZXH5mZU5akGiBJjPH7p
MaGx1M3mMUyiU7XN8F7UpfclDuJyOLP2dg3j3ffg+xBD/GAWByXjqTpOFaN0zg89 6REwmf11k+RGkS6sOIwdbXqgR3007qZPkesAKUVRB10xZkgEZ+DkZtOaULTxkxqJ
qA2wTkLGOFqcJzOWDHb35uPQGdHDkzXaWOSVWr+ebr8w/i5PNWYR79yL0MOzavvs ED10TW/lZAm3wmTY86UhCsOiPRCMvsfughQisp4yZeEIw1s3vb1Lf3r4FLvgBLRc
rvbgs/DL52R8llVHG9XYxHAVUxDrrvkOczg/e959xFntSsdART8NkuSEQnCBcJiK X9wdASPYHMPUWapeeYSajJPZ23B478UIINoziz7dEl/OFGEmHKwiNTgRG2guXVks
wTHjgd5vke87yC5dMdswj99kG5OJiUSRpBAOZNpUVqL6CaENsg4c6csACQUR15wS QX+9LH4G+W9Kic5fwm/5M9gkQXOGu+0PIMgIy13RNyFr+5rFfnCcdq+FKC/w6N30
QBR2MOBaXxiqma9k3i2JM0SPtkpCzfJoRrsSTvShKFVvBQIQXMybiVwFP8HTrnqw 3/15JKrRup4exCfw5fXIeUpOtJP8W4HKv+cPtTJ2lkJXHHpXkMWswdcBWXGrb4Pp
i63Xgew19nYRXv5jjsmQNvxZJDS6/mM3rbcyLBk3uSXciPFkQuO1sm2wdKb71Rt/ rOII2htbmRcq/99mx9/7cWmp1ZY512GEhbd73CV4ZUaRO5JJV82Hbp3j467BorIT
8ohiCt2xH03dmk1poVq3r0kzelvR2yt+gxqZ0G7DpIhIlm9SASZuoL/GIT/d/d+4 D/hMJoUsuSOypRvUJGGQ33m5uLOTqmQbuRk21SwNLYEoih0w6HK5Ayz1i4Jyrc0B
fecTkPr8dK8SobUGqCscev0ngVJWsDMM/1Q5yxZPoKtccOW9IOqY0zBGgwQxv9s4 gxWkNkkWD8e1QcYsb5kDlZeoMK7HHAeXzZBmW+LeMrkfAOhXqDFC4HO+Reza8d8k
4Bz3vo3SNDRvcvaTyfehrJmQIUm3+ObehmjPMh8l2Vlw19wQbROffjlg34RF0OPg 97RhAjNAHHdox0KoC6PY2dcu3VQEkYod8PizWgBtZYcjL6fsntjJNL/rDTl2Kfm2
spdcAupeeK6rzGz/qZkqs8qvioUM9M23oliyUJQ5j0DlywlnbmHQwbDTRzccroqY XkKGG/2Q/2RHiOhGVeEv6lMQN9CmvzIyB2Ijf5fpZLn/B0aedX8H1V33f/J/xsvA
e0zpiUZ0RX2Pd/aXaDVF3Rvd3ZQjHagWvgXizhNW7LmHyqTxupwYseE3mtBHllZJ nw2uAVziSucRJaEcSUoNV/cKgpV1OuwBDcVeE7+p/k+RlY8aohN4J6lWgATzV9+J
rNy+Ako6qxPslMv4x1+TrPiEC3xqFQxQ8Fkl2tJ9waY0PnZapSTNIaxf1n/zayLL MFbRZXALyzLrVKk6y6Siog+7BisQajPtu/XncGfrRHxwHRJgoOoJM/jXq91KyW1V
uqVVDmlsJ7W30QxAR8MvazDgW9R3pA/QlTHZTT74vxkjEhUfsG0xNnumWfRmO5Wc YlUNu/ea/hz5xOUJ0D9AlChu3b2lZZ81MAwnxxjyMVb7xRu+etoSpWYBB9/5B9gL
H5dsE/Bg6Y9lCPsBUQ8bTF6d2YqgHrA0jScPf3S2Me0zpzCYnkgDJGMiZ/DVXY/L KXA2lxpC8tdk0HVpPLH/kGwcZIsIr8GS8A2Unj/dreOIIW0+NxB/ERGPkbPEZ0qR
GUWuItZr2UqLG43LcVuzVAp7av5swE4ebwc5NRKf52UCAJE0R2wwYdHjj6ETd+q2 zBZZdkBbL8IckfMqP6w37k5ZXKHvJzQS6m2gFmNoXi0EybXe5cveSk/0ZxyohL4n
1R0Vw8GL1aUn8FE/SvyOTMaCseXhKCb2olnoLm0K6i+EskVucCIeNwwL5+g7kcf8 BA71Ouc+VoReh4st1zRWPbrOni7AuYeENdTH6kpQZ6Gd1kd0s05c1EPa+zDdPGJr
/wnTEC4sQA8zvtG68Kr1wQI5zgMNK+/MzYn+Dz2Hkm0NFJRXJFp2JG7CeO+D/OTk 21nOL/vYAHVtW9eAFWU17W0zSbRH8Fu0UfBSiuZmRyPrrd+bUL/GTPATDDSEdidy
RX/VBd7Q0tqQFeOnLd3JX5n2Fd/tpsrim7TuThDGVlUevg1Lgp4n4bucUFe+A7IN YBh/ihWM3PD10fgOrygqbpK/BmeOVEYesTHqjmdjLZU96NGMfmr0x+53a1YhFd4b
srRmfKChsjU9Yl+Vjyk6wyM7OwNAMLJ8BtY1aCJegncTMmNhTK1IQF2D6lUa2hJX 3sFFDdWdmDBh4eO+dELQkbT0ISLjmICTWw8TnKffjM3MDgy08VvjQP1ZiF7C6aao
FG5Ewc/xqd44hI/pchtFV0mKMX562GIAsndqsqBpgVX5rDReMt6DN0h23f7yzXIY wCYNS1iX+B7vANKfj8Ax89jgqPqyjzmB8xbxPsHvBvq7X718tWqXJnFuoFUrEhaz
xpan5It5aQE9PrIULl+oceRQPJ5tg2JajyJWwDv0nrRLQVk10Ryh2IZnpnFGmrPa l2h0WMxjY1P/r86Y1mzMlw17EwagREZq3sTIRc1pu4qYN93RhsUOXFGRukYQLh7C
ukEsJOBde8kCoGpE+4Exgsenv61MSpYxdmhQrm4AgIAHtumk0xBFh7k0TByZAYig 1VKgvOYGTynVDP9C2U07Rq/wPHc4u/6ZimtKJYddc3YqpvNXiQYv1unfGgz1UN9Y
MuuYUn1iVG87c4E7hGqSKmT3/oycprhRUTSzR/ZErszPAZZYTr6i4wgvrSEoFfxC tYQVDmM9d5k+1tdqONOpG2SIDifSCRpc7fogO5hlo/3+3JSRYg54irwaln2AiaOK
TrVw7w391XRsysO65KEN14pHDUWV6tswSoMpWI1FlcVNaGvfHipT91BVVJyUKoyG xhrSXkWlTaV7yIAFr5J38rYA5lGoaYLUAP2NavHiYCHjIUjAkm5TxHEnx0DVOuk7
iEjGzCa49IhqeTjLyjaBfB6u6LDAyC10ovbMo9gmRuEK45UqRWt3E414jUwXD4hT IQvkXRRXCkjBPWkvOQL6VwmauiPuQvYrWhUQHng4npHb/h+WY7RQcovz5tMtMOs+
jdzX5fdYmHjHfO8dcp7BOKOmr0SEwbhVMxjdGDCj0+hPOJC82jsD5FZJ/sfRtdvh RFIiORZmJS2Fze0lfsR3TZtu6eUQBotYF85YKvGCo/bPsvN7hKdY1L1CjpsDtn7I
lgKUhtAiTu4qjfmq09u4KXeYrZ+8UWrX2XvLlDlvNKYhe+iEqkjQk6SDzfWBYCa+ Q/dhxXWnvE2SXpzWBN9LrQrIKR4UYTcUiXXU+BnEodBJQD2z8/1Bf/r/JzUuHdo/
UNaDw9SG/cTBWH+JknHQbB1v9e/Qtj4n8FT+aM13D78k/kaVu1tyqa2NfyWIG2of CzA1OGF1IcuUYkoBZild5ZrWoikc1e6XCxXtUQ25yub8cq7V9Y8eOzpIee6VyYcy
59N2IfYFnKc4gw187MPp6NeuhFMqphqYqYSHSWsFa1LSa71R78eK0R8v4q/e6q52 NTezqa1AQ/NPVOFICTtl9blP1Tmo2I42GmjWTE7mjdANcl9MXg8vmFqq6PaR1n2D
BU1kaUk8isdPWkG0sgS5Mmejm/ajtoMHYCzsCWySkDfXqM/h9mOZVKRRfDI9Gpvp na66iGUEPfoNVGYFg0pR0DZAYWIE0ha9rY7Ocy7UbiQKRg73oBSMz1PGy+GNJwVg
7j4ScwbL+lgKu0XkCv8Qjr5a/rUY8ltD3g6WLSuu3RIWuslmkkfrMHGUUuw68Fcd 75K9Gpkuu4iTHey3BB6Kc6Qr8ab3CNoAf4z95VqfZ8eH6TwLjPwPrLbCa61iayBA
XQ2B7y3vEWU+t9kWUnHnQc1n2jrY25eZ7S+bpuFepUR5a7s3+FIjQJ4EdLActfzh MKAqD8mtHmLclE+9F4L9hn3oVIek3gVnKGWannZ64/RON75iwXJ2tijwJRfQsfP3
YFVC1fNR1vzKI+xtdqfU5p1wddbe+1zlbrmits1fnisg8GRjFjtDGPeHLv31AZMe dteQX1sBrt/l0Ui66PiOxMi83GwHNzkonFjia9Gn4FEOLTenDZowI+Fzp8uL9SzZ
ihvH8devCgSSac+0CTgL0XAohSnnqOemBYYtBKTYkLYPMBnDHpQlqoPuU/2c6OlP slziDSogFCEjSJUmBVBKciUcwD1wwuJi8N4Hw7MUlMxx0gLWLUWe1t2eCdrDd2WH
VLRinaHgxkVx9ZkdDNbY/clTbIgE+hVTOLxTmplV7CPnR/PPa6mWm/DkJXr6T/VU vCCfZ+VG41q7d/7nrRKNnThBZohgg0H7DFIuIco5a/u4lEr1vT3Cxb/LSBGWAHfh
vHxP8LQUjPWVYuxSZ8gjRujebi1gc8JSzK4drOf2qgZuRY3pRjHlrK+HdcUAUu+4 BPC+vKdBAdle2gnyIxajSv/8qPjbx1I09okQvIMygc6uA+ScX97RWbvWvFu5Pzig
XdzdVBFlPuVl2p57eYJi3QQN5BOHbJfRyCdnitccyLDGNkXbx1fLJf1aGn46LHV0 NFl01VSJqI9iO4r9jGm0P9nyDliAQFEcxqUNIQC0V98oZLSFA9q3jF+jqClaMDxL
kgrbHpg5p0Az+s0XQxvnGMf0n0IdVQ0MwPa3MNvJzMPohAqwfCC47GXAaZFde/6C Tj6WAZ6fEmamXo4VW1QkjwIIqwQAlDdyC2ffCZhHgtLL7MOqsOagvtMAPRzDGsl3
1x+BGQr6SqG+PaHcp7rxBLMGK+IXQhqlbFZ3muwW/AUsTAH47PbM3F/Gcft1m3pT Dj4uMUPkhgOmj+LzZby1at51L2n9qtZRiQpIAzSpCiHIakkxCZaix+TLU6xIsIPi
LjIk1dbqKQtGmu/cwq37WrMldgPQ6r2Uc4G/0tOMo0B2nV13WJe7jgorb547WUBJ TUw5t6QxmgDeqYbio5VYKCldb7LE+SjmESv0Ss4K2HoNxPiViw0G1vQYJoWpLiI5
3Im1Hl4rXx/uf34FxjTVhy/tuA22VA1vZV2gzwBQ9idalMzX2ouziaoebF8E5uBI E94ftgR41MwWhwEpeb+fB6ilVS+KCyyFOjPBmlWOejlrPYoK1ZbRJqVGfiV15eNl
IcAQmA4oyiaLRQmOwAGy4UBNREEqW91MCGAwuIvQO910iB1mTUjFRx6MskpWUuuU bfvWOlVoRqhGG/2YQqc4bnEjhKUYmPnqQ15HWeZGbZnlBQzyArU1s3WhLQxiP+O0
BmA3UPzXu4QbBTVSrrbnLZEuVaSKbFRSjhOUdsH36OWQLereNZvg4FyiSm140lD8 k9nh6ThhMD/NcynQpa5w45ozDhoLfDrE7W417oV5wcwRjkw89ylt8MRMr7XbJHjo
0U2s8e6c2k2Dj0UBAWtJdeCsRLg6xyMCI6z6Q9EbRVsfoJGKB3eEGKl3zRzaTwKS OaWaIDc+BU9SNJWo+OCzxkHOBO/rYcUEHC57gh93KWThFdMSgpju8Rl0DshdQwtq
3+EA3Mv/0UUshDFV3yd0tnkBC00BXbmKS4qc4Vmgx/N3UlCO+9AlEXoyeb6Z8esk ivJwyVI2s7csucaxcnao/dlSkEg00fUDTyMpXHsUE+TvAJvZbu9VA82oS59nyej9
cMY6GbsBZwtdRAfNWg9/X7rV88emPa1kUFI33iXVw4XYdYZMtaWEXQZrdab7dBws 1Wnb4PJxHwP3v+3xp22MadG+wwoQKQ4OsWS8QjmA+AjPltz8bbVlKDaJQ+mX7fO6
/aHvkHUAan7/Nl+lbuTcduLIHEGshkI7KKO0F8XDTT8TXf6mSgDZrTd6ICKKa74h sXc4Q7h8J0AfaX7CHfe08enFdQhgTYdCIinGQVVFE8E52tMp8bCosYKQ0/+Gs7Fs
NzO6xEtr7fElIhvi65O2ybWGKA/SVIyIVT4TXpz40GpzzY6mPC/zYv46RfzTetVe YSqSMyrTkd/vTNzzBAt2MKM/qRttltAoR1rGH2GEYGYy97uCXmEK/CS6OLsu7CIm
Msn2Jpi/tnjGVUGVzOLJzo/rQHukaNtDMKb8biQR2SHpxUauizdM2t5KQlht/GyL /JlSUTPMkfz/rGNQbNIhrmcoshyIxRMn5zJq/y3T3y63jbPRe2+w7tDDIMoFFjhU
nmvHbV0PdFCKVRrQ2XtwOR9XCmQKr5o2cztaE6Sqh0PLn9PxEwrpmswaMBhHfbdi 6ciiBm34QaHTg47LOhHjFRzqBPeAswaset9i5XjypsbPbajcvFBA0IqxtXJp8J2o
k6hK3gDPypJQYSGohd2AtUFlxokNDO4x/4yzHLCfK3Mpqfg+Q513EiPHEqSubZn1 eUDpkKsW/Pji8EQqxP6/6nst2hdaWRtvlC4cW9mkCobZ1xvjqnugCN2ANye49yxm
Z2i+qSLRnlfYDt2UjPD7jcSelW3uUdLtSfd0bN3uHxZZgqf+3WCi0ry/0WlG/lfF O9jQYjUxanul/heIQcGPBnhOHMFO2e/RwxsCOqQdP+HVghQcuQOq/S4rtDAuvCF+
g87KfUhWhUtFF/pMN0wdp6BrMWFxrjPfmTb3B9aQ1cQPoMeTQXYc05HxS2Rx6/HI PPfcB8MNbsWdD9IVeKkFXxqn3rtvlbs1WFCTvUjEI0cLorKixghPeYDmKNdDh5Ku
LO9s/HNehvLt8tyOy65KdHzCnLfxSlSl4vtRbhW73TYgbrh1BfSEFpzgU9sM1UkH 1ctfIe3wwadx9TV3mvMyjEoz5z/rUstZgh2SmKT7NznKrGHaSKKH/e+qnI02PvU6
8cCzrZ1U2cm6vbv0CO6/1wVhTnL+Ij3i0y3cvCUZpHSz2i0gra1wxEPMT/z5p17t aWi2mVvHOVHG6Sg0RF4FZZeaZj87bXyQz97ainp9jiko2GCwlxuy5hjOcC0Wsjb+
z5sppHHZZhzV0eS9ehUkkLdxbguwwFbKWl3OJ2wG82CDQb8Xdtc03K/zTD4QJJ0I UcFjBRqePQhSqo2LFT4+XtxbzosuCE74sefZLuNE4wX2cbQ1MPGh36drjY5vnygD
LSvoCYwnBJi4waoVQCbLGN0FC+cJAqqUaMVlAEHXauQ3VLDOnOWVISGYuUQZ0b3Z bl7Zgj5j5kOfDn2rFWORdkgk2yJE7Gae0XnkwifGEBSYNpNXZWgW00gTZxApQaAu
yom88ScoNdI7jNxjfRp52y6mVkgTY6Mm4z+X5E90+VqH9Bwg7PSFlaaQNC4hIkyP N2SAKRgKvKzLJTtpgNSIrJ6H2MOU+ImQhoB1uQiN43i265h9u7/GXSHarj9I5Rxm
ygciHDwcmQHDkzDpoY9+PCZb2DisR7DLxmGEKqX73POlGYTZGXb8pshypv4cqcnO yOtUwzF7J6IKV02ZJyDuNUXzpLJJHh3tvQX88N1Y3oLBj937j5xryIDHHNvX4bJP
WqtJoXs6TPvgu2UvKwdo4vrw6OhaR55wruq5+99irV+IuUk/qZWojKmLdd744fnM Ypjka010Pv9JTQ1PRAVHe4gvpSxb1qnEb+xaqa2/Kz/1hDnVJuHpC3cQyLgTkk7k
fYJEKLcU88iPoEHohals4z6km/osvbY7GHH6vRzgzRDIOMV64lONZD0kxW7j+DdG UtJn2j9z48MNK0Mbp7r9BeveVb39QGLfBVOoKnILQX2hv/8dkXvgN+I/tSjuW8k4
JeyoDuxKPICR/Rav1qKCjBxdzhHU73TZijFf4Ht2YelP4g1mx2ciLoZuyfQgaf45 sYXg/tUqwdu1FEdncgA+RvAGIqvWrwwzZESO+BFPavv7anvn5y40s21+r8NctgtK
rqFSXo/GlftzXbW2zSqr5uhTY6J+Wh7kk534m0yqf0lJ1Oa4avYqsZE7VNe+/Xnd RlL34q/LH+w2J4OVlkMEjqf9xDctTDAVWQ0Sdsqul94TCK8UpzNJAsc61QDdedlE
x8JqZf2FFqnf8+H6FL9DOtyfZugJTQwrDs0egcIVsbTHi3i0N37iDKGGaCAotdso nUsAKRQiYThJP6uwL7Xz3xAowcMyNyNLcxSLsgaYna7F3/rRoJr4oJErXX73zaVL
Ix47BHaBznn2+lU7VpHEkxTcTSZGAPJQ/5zZ10mQf5wwVAWUnaJlegnCpjjlr3xd EWjIuw2lJ5ba/5+XN4rHFKSlGtNNP8A5GCgNdbKxknowUZdMSWH2xDOXWExTnCJk
t81KWFMWAPVuL3otm2vp94yE/lcW1AGGO0tTb1e1e7G4qCzjQv16cy8FlSZv9Vj2 HJPcmXu1PnWt5NOH920R3EpuFKrRcSKKniORKdNLo7jPLZ6r0KwuPNoQtWgmNzQC
efUOVSINU+FmK8s0hMsgbJ/hY1yWGkhkL41wrcfvYfkt+Iwv0wzH0Rpan+9zC953 qSB0EWuRliZX+glNR7cWkwfLIxqVtER37OWpNEPr6YAXUFqgsFgKBNNM9etKVbll
/KIAvVqO6BK1BQfpYh5u/hOJ/tBC+wz7uReLT/q5qfZrP+bRvvQoApGKZHkWczif 82mWq9DRGbLCrhxbp8iAu4omBxQe1mGGRRT2WtBwkAvQr2O6sX/RU3nBVt4NvHwN
9wBhsM1cEPWfpDDIhTYdAsG7JFAaznlhb2II7n6g0CXiLP9pNktsLD50oJ9p9RVv yRyiTWYpfve8RzriZuZdCdYjagegbNVfPege0CYdhq3XYzf3AxrUVEZaaC/GCZlq
0bvGc9Ag9x9gTQBOiAqFeT8Ifk9gEfKKUpbpdHYlwiEKBNEvboJ5Q1KROb56OgaI innWTPiXunVZyqF0v/UL6Xikh4f/1L8i6Zn3GKeeWHXHnyzsw2c44eTzBnkC5eqz
gm3i3+Q6lIibNQub39Xdka+zl8NVBf5id0zTjZpFt85/7TGvHGCNuGudW79Jl17p F15GHyRMedBfg/3T8VnZSj/39dJ//+xSogpITDQc4yW7u5WKDvS47xQJ142yh4k7
TFXMattXtTHGEuAlWlqRKYoFPZpLMynTLsTT5z+gqHIAgURgTOMa9YY7+7QsNLXb bIAuqxXgAt87MWUA2mLzuifRpWFDZi999O0EH+teaiezOXbqnv4EPNjWGxRDPbyr
8et3eNsg5E/cAgzt0OJO/hpkQ0fL5k4dB6DTiJrwEMiedvp7cTeHPtlOdMa/KDge EIVNcKBxsk3zuFtGCsA2cEXLJIjcucV5Q5PscW5gBOqopPjNEClB5Fa9LpftzIR/
Mqk0daemNTOUbk3Vsj2s3SfS7BpDTnulb7/1U0Ti4oMF1Eerc7fb91dOhsKkh+13 8QoTaaW3Hr5PrcMgEuRnfIBKriykSxzbyRzsrozP1ieA0ygm35QW0Tvr32QBUwS1
fRAIhT6rto+gbnDKGQffeQ== wmSyyQOnKRpzyLDGZUuUehGyY4C4AZ7utFzxG8SBOdg=
B.3.14. S/MIME encrypted and signed over a complex message, Injected B.3.14. S/MIME encrypted and signed over a complex message, Injected
Headers with hcp_minimal Headers with hcp_minimal
This is a encrypted and signed S/MIME message using PKCS#7 This is a encrypted and signed S/MIME message using PKCS#7
envelopedData around signedData. The payload is a multipart/ envelopedData around signedData. The payload is a multipart/
alternative message with an inline image/png attachment. It uses the alternative message with an inline image/png attachment. It uses the
Injected Headers header protection scheme with the hcp_minimal Header Injected Headers header protection scheme with the hcp_minimal Header
Confidentiality Policy. Confidentiality Policy.
It has the following structure: It has the following structure:
└─╴application/pkcs7-mime [smime.p7m] 9470 bytes └─╴application/pkcs7-mime [smime.p7m] 9515 bytes
↧ (decrypts to) ↧ (decrypts to)
└─╴application/pkcs7-mime [smime.p7m] 6006 bytes └─╴application/pkcs7-mime [smime.p7m] 6028 bytes
⇩ (unwraps to) ⇩ (unwraps to)
└┬╴multipart/mixed 1771 bytes └┬╴multipart/mixed 1785 bytes
├┬╴multipart/alternative 1122 bytes ├┬╴multipart/alternative 1136 bytes
│├─╴text/plain 387 bytes │├─╴text/plain 387 bytes
│└─╴text/html 468 bytes │└─╴text/html 482 bytes
└─╴image/png inline 236 bytes └─╴image/png inline 236 bytes
Its contents are: Its contents are:
Content-Transfer-Encoding: base64 Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-mime; name="smime.p7m"; Content-Type: application/pkcs7-mime; name="smime.p7m";
smime-type="enveloped-data" smime-type="enveloped-data"
Subject: [...] Subject: [...]
Message-ID: Message-ID:
<smime-enc-signed-complex-injected-minimal@lhp.example> <smime-enc-signed-complex-injected-minimal@lhp.example>
From: Alice <alice@smime.example> From: Alice <alice@smime.example>
To: Bob <bob@smime.example> To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 12:09:02 -0500 Date: Sat, 20 Feb 2021 12:09:02 -0500
MIIbTAYJKoZIhvcNAQcDoIIbPTCCGzkCAQAxggMQMIIBhAIBADBsMFUxDTALBgNV MIIbbAYJKoZIhvcNAQcDoIIbXTCCG1kCAQAxggMQMIIBhAIBADBsMFUxDTALBgNV
BAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFN BAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFN
UFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhMPLSW9ETmXSs5CVIeh7j00 UFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhMPLSW9ETmXSs5CVIeh7j00
Boq0MA0GCSqGSIb3DQEBAQUABIIBACHOyBpdzWJH0FBPgjsElRkfM603OpOAWv2e Boq0MA0GCSqGSIb3DQEBAQUABIIBAJMTpwbSzvTtudiTaWcx0TvyxUZpiHL+UmRp
JJk17KWFDzNyqNUeh6amywEGtKMI9yEQMiWNDafOaySww5OAyv4m5Td1NqvM7yAK WR9LJ8Evl8vh5FnKDB9TadYiAhseHiWnelYjygz/q5C8lV1HH+WwEihs6x7gIROb
If8GwwHBsZkZfcQD0XsPeileAUpW6vhIAXNHv+Jx8PxoLef1IlqbpvIch/OYXMrA IAudvBR12CMjm4HX7GKkCNDyFse+QRiRuuuQzLG3d0/2slCA33mCsOhkE7RRtjvz
vrupwwg4fV17S9nPLPAbAAsHxkIblgtQd3VA1KUwW7EmuIyZYKlrO1oHXOTKu9fm yoxcOJ8Ulz18BzFtjYnIcjqR/zkeMtaTdaw9S15wLSoCHhdnAl0eYAnebMhpZM5t
f6+ZYptlsGhqn+sxjWqgdryLyWgHpAyC5lGcRA8/oA6NVFOseeueqYEfRS7d7S42 NatVeDmlzoJAlqQKtaE/K+LWfhSm2Y2GKD2I7XaslJS0QBNdDd00AF+537e4m/MY
34MgvX72chqxXnrEEk3jyq+ofs/LYiOQxNVxnsAcw7uInwzthXcwggGEAgEAMGww RylhEzNmR0dz/Tyg6tyqakhXnPiQDQRv+RaXMH3RWDJWfZI1rYQwggGEAgEAMGww
VTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNh VTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNh
bXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkCEzB8R0APhiY6 bXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkCEzB8R0APhiY6
HGLS64MvlsDXhpQwDQYJKoZIhvcNAQEBBQAEggEAd2UGrRGdkmM5K4skCB8Bv28Z HGLS64MvlsDXhpQwDQYJKoZIhvcNAQEBBQAEggEAger+uW41F5G04kqx+ZTa0DlY
MhHF+f/veYUT+lxq2ui/KUjsxbCAH+Wp9KZxoAqgCxuoc+eqhd96bTpfJ3m1iCNO 7GfQxltAwowLQzQPB1zUs0/WkjzvXFDBcFkXL/8RPGyqT+5GvNxiloFEB/emqqTg
V84S2KOXiq4A1G/IqM056zklYbvPfLI9+EOotWXXW5RSHyMczxsw3GrFEyLLSGsy qee5jWKPur+BknpyLKQN5bxprkeRSccljN2hO+msRhI6m6T7HIPs7Gqdwtw0C1rY
X5mYSLZpdPLzggn7VIP1Qk0gMXQXGgsjqxoUJUhb7PTmYR7F9f7qB3nhxBSIfdQq Zf0dl0+sKarYj3cR3YKV8BDD1kR+QhfLAmzRxryvhdXSYZah4KShupL2tcBpOYbQ
itXe1GgvI+e24eURa+lH57FivKbQGUCPmf24pB7WhjK66EuQZNWJvkMeQPOa2Qao TFF5bj6DdNY8heOItu3/EzH7dzfJexThe3dFh7HtSEMkXiVcqNVIqEVtm90dzP2T
lHZBshnyMuTzY88yDthhUd7M3zkzTLTbgOQEFY5JdB2Df39AmhWD5tkD+PD0dzCC lOrxdnqUscbb+6lrIOxn+JjQmRLSt6JImEGQaKKxXuTzaR+PAERxHemp8HUm1jCC
GB4GCSqGSIb3DQEHATAdBglghkgBZQMEAQIEEPcJVIQSixxxaBzyW99anlaAghfw GD4GCSqGSIb3DQEHATAdBglghkgBZQMEAQIEEKiRbYjQHnb/KW2jRBj95raAghgQ
myNPcQDx8BhQw1sJYG8BmQwWk13lQo28xcdZsyQgbKJ5Eq7Og124W3NJFCTWKtwU 74WlHyDzh0qIAn81LJx1D+JkALWg/z3P8Xhy++EjKaMAmY7CgoYG4O9ElUzkIDwi
CmTyu/IU50zFxmD9xm7IPCVFnCZRwuCfeNXiDfQy8KRQSIzMYnFz2CIWNnyJQ9wZ taWh6ide0mxmdP8oKFVVtb2cSIHDWnJD8+Ox1F5eFiVo5zKIdaSRekpopoKFoP15
WoeoJPTxQapw6ILEm8CAEpmTtpCarvrENS/MKQm7FmfYP6Z4UzIKQJMBjVS99xO7 /Zck5ua5lprkBMIBuinwHLtHLAq7nVDP9sv3adB55mUKPCRstPSWIYAqqAEBwKoS
3TU5KrneCPFYS3F5i1J2yNQg9O1ACQDZk5O0/arLdYaOs9ybOFMXLofxTgOYjATF gQsbEH68GxplCaFswEn+GU6Nw4ffdbM3t4yNHNZ/4W6I6P03e5fRhclbU+6wg0s3
Oz/2W0ElzsJMhpZo/yCNa0lq/dDSHQSumJTcLhKjSUDTPnj+fTELU2KUmmKmsRWz EhQNIgeP0aHYPjoShfAJ4IU+er9TV+UHN5Vz7FiEPE+Hpg9xNzL30fwhwN0Z1zRh
VXxYuusjuDZ00PRUp6NUF+I3goOYuR7+hvXurJFHGQhSp1rQ0fCkAHsyLCjfU6ux fX4HEd/nM2kZfezaF4DDoMj6g6N3n3mrl95JZuuH9MoJhhTXEFZ6FIVAPG13RrWY
i46LOkVYZrjQiuCIVFvs2otvHYN02xqhZBARNckq2rEORfA5CaH+9iGwEekhRfND 4KFehIWCrnjz+KJ+PoG/5A8RJJ9MSZLaWb2c9lmSj5+7WWwPqih+Ky60SXFnkSC9
+0Nwa+IQmh7AzEBS5vm7Rog5zymsTOu0Rv6j0QlonUiLiKQ6KvTlYHzwbZlspPuE uv9X76f4d2mIzBKzPtfpvka7b+LUua/lMCRxVN9q7eikC/po9yzc69kAezNAmwmF
aSEq1UZAriavn7Rh7fhX+JPcys6ImdXbQAqE8dl6Wtm+2y52HCaaoKHcJbCAvKY5 xi9Ni7yoCL9aPibcqUv1ZlW/mPajkOJ68o3lbb0KdR6dfW3ZtW+bI7IQwZnq2RDX
+AttDKOEzkTbYAhmlYOqEaW3NbKGyLGm5MhZ0iTyyCaZfk38P2c2nnOsotMJmtpG 4/fxf5qZ3l1VO8O2oVvfmrr5xpRXVfyYx+wdln2DbG3k/NzUcn8aKlmZ6pNEDily
sbdYA1qWrohadiGUOsLzbtqJaHCF0+TwdVdQ9/d9ecfmmdWm6oHTqCa3zOG2urTS va4GJ3Vx1AHN1PxnL8sYFh2q0/VWLE2+wsL6RtQzS9vK5SLJDrl9J+IY5Pn65Io1
JtpVFdIjtp5+5EYGT+HQKYnxEl+Zge43Yzu+70i9Vv+y2j8kubLLRXJXF5bX2Dpi O3gpsKC1bGODiaA0UGewRIUi9yfHzCMLwlmTWC9QBzGP/bqsp5bScgP6u02figP0
cyluo2s68DqrcXrLQ3d2ixmnq5gt87/HZPCykbKzssCQNhdgYR7Wv+01EZtroOL3 Kl53pevpRsrm4RLF+Jfcz/DoTso2qVSiBChh4qAiPmNXLmoR2YkY9LqWZHXc+Nfc
yvqRihxSqg6x4Rg44J29GBUL9b5arwRVo4pciz3F8WPP/jZNldLNqSeqkH+GSXtO 4b2cIUluCSTG+pX1p33B9OAytkfVNdj6SPhLvl+jASccJaPdY4Y33cboweJkdVq4
MlGg6s0dZlsRGdClr5DYCrLN4cqOA6VxCQvW2JiU+Jiwpt3XZ2v84WBEX5ZmKjGM cBStfoG+nFQsDhXx7KKym19Tzce/tu3CngG19umIuL9rT2uksT14U4h5hsy1bbCJ
oQtVe8fx49OZHrnQsgTMYBdY/Lx3nnzrbnpZwIza3V430HUtClnKbanF1zbnNsyA IZZZhpf6JnvCN8xrKaX8LAcblG2+DSbFvrkCZea+ej5v4sYiVBi40E88LQSB30bJ
dn6aZVliZW867m37N67g7Yl9VNrB9Qwwg0pEA90G826vXoBNI8aao2ZInTS+sEt0 FxREDenMDiKRTBEeRjmqY6JtVsVrcm5H19/cDnrsVdAKbp+ToAncdA3Jy2bQpfhe
iuH8Wz192z+gFFzfD3cyN1HczxBdXaOF5A2pOUEhaWCJWZYhFCLBj29/oUv8ax8w Ev7D/zDK2HPam2PODgCSX8ErGs0g1zOOlrtXBd0+BEEb8o9CyBj6VY+Rk5B8Hl6Y
obsApX5/RJj4F0POW412xRCePCeQghfuhUUyUYLWn99X4V0ZqAVXmJhNUgfrmass 21asrQGVpgnQTSeJJIfRGk2//3ZPmJvhXnINA9c1B1ctC2g+UPwbxs87V2oRhQkE
lUdPvQDm+FMK7v7Tz23Idt9nmuN70H5GG/Y0r/5e2JkkcxxTS8+yUL4SbVw3/03r oCdpPS/0GmtCFmG2pdO7Ejbhwx2s5R//sfQEkYc/jkmu8u8xuaUbP+yPSIGaSUBN
AbgpVFGYCMcug8UI/BX1CGlSI2PrMAg5MFVhpNW87ph2rOub4mJS7SESQvbPEYht aD+l2wvCsOzAdZpv3oS/uQ41M6ICuCRdWhufcs5M3sNh6rjCk8TvfiYOV9E36Qcu
ZgOv6gDLCWluJ7QrxsGIUYYOwHw82nqertruj3oZPepIR6WFiDp8JPgTLn/fqaGL 5owhwVaHZjy99TCYWq6BbTjgPrw1oYi15eqzUn/xPu+OnjqSkN1J5V14QqutLAOK
gMdfGV+Z1VruX4yCTkVdd60MITN0sPCbWoLQqK77QMk7i3fw4PahAnVdasuF5xnz VTfscKVW7rHDcmM2hbwl+rk+X/9F8tY/X8ekuy6Fha+NcYTjAsGwsMGhGZ3I9YI4
/xUYoelUq0gkY/7o8AFjc2zSFM76S+XWZMrmnZpM7IiBx3vBSPWPyR1INQYrD4ZF Zw3lpucLV9M3jmLBlF2n9KHbZ920SvFMzuyTeSXM2nEnvRPOoCEzRHcSqew/JMty
WpK9LVnAOtK5pxIlEziaqizSO1gp+DsY5JFa5W9TPpwbPw3nm3UMrd07cJMGu4yw 2Qn/me+bp28rc4zDLOz3IAYot0SNC6sskGM6rGsxvUmKkqu3U6D+mI4yhdZL3wL1
dzeokbYWSAAAu4qfjXB2RNHSw6HhoE6lTHIUJhH2+dw0LA/e48KfRgoUs/BA7E5h xuwRHM5ERRguxQAzFrCuc5w22UGL1gIShUTowRLirZ/e9KjDg6GzsDRscQEgr4zj
qCVOY55mqxcYl4eOitv5cYPdJeeqltpifhwEIiW77YFk8bjsZIS3y/yiMiqbYb9m kCRKsIVT9qotk6PjZXqcn5QJsy1GhH6coGGQdBbBIkwx0+XIOITCmtwIrMU4S79B
+lih/CNy0gLa3TmhpIzVGcTtsGlc2eSl2/GAX4rgg3db6Ut6EyE3MlUquOuQ4eOj fp+Ll2KTyWT4HcILWA1vof8CUAFYqZMYEOvxCF11yP7UbFelNNRU96BxkCtOfcP4
RGufe7coSwJ3HqwvrFgXYIWNPdus7cTiuIq4ryIqFwg8fShJIDVf9XFncTXNdkkB 2vwp2I+nViA4CwKyoizepwZqkLZERiSvvQAZah+Ukvd7mni4MiWN2OVEPZMvTNmZ
Fbxt2Bd4Eko5rXRn73wDKbtHKI0WclWxChNqGhkpydmQYgEV9GqHXtHTRertkVR7 p8VmOLRESZ0Ut67qh4leKq/c8pQtEhGArUP91n+H88bpfNVI3XhwJrLVEDXCKx7B
sO4Ua2U/is9C5JVtwnraYPNnsggYYWBQUs8zrAiXEGNH8G0mTonPEvuWlay23SbA IKcEwE6Di32lZlinkiWMTJq2Vk5oUaAI4D87y04rabhC/4Pl7rMn6LX4vBKDMcRW
KsnWxrAkrSREA3KX1klBsKhLvJexr5jezV/VoulQs2buTUa3T7Poa+/gygxaZQN7 VgrlIy5+AgglFaGE4NqNLaXUHyn4tq8dZIVdg4lWmlNFONKKTtNfTtGTwdYNKfEF
0YPZ5FvBdHWZMrnTCgIPi8JyEmlvZAYw7OD48Gv7p7GjudPd3NtUM3v6g7y2Jazy 14LzyWSvfkZvjUMlRWTITQz/rc0zkow98aYbQwWPWgAH7TK6tcsUSaUGi2nVm8FX
wTrQHVCW/BfBs4Qd+0NV4GSzzvGLjsGe7PSUQ5uNL3aOqbPcSanZbtE2DIRF8q4I 1JAMLH5KrQjBmyiKldpc33Pp2T4vb9CIOvVm7G8+E35XZ8bFdH3JmNcRB+bnh4dH
KyI2w+uRh/uiXk0xh3KYUq69xXMesnAICQxdDjqNE6Gcvdtw3NjxAaXUn8MJC9f7 Bgn982jnBkTh8TjhksvNs+tlGzHDxh65caJO5t8HuDuX78oUVJfeVU/pm1j7Wa3p
xd+Je3t51s/r/VyD7p16lo9UXurR/QjtOrMcoC7H9+xnmJ4xPD1aB1Nn7zE6DmH4 P0OgW5tckWxyLTYmOhnVHUk0GS01ZZQPYGo6adCGiGz0ghAHiikI0UKy5zrosh/L
uC1P8thxUQxysv6UVS2QuU91vC1jk6ioamSi7zbfXi/T11Z9pFxKxvjOT+w3b2W5 +nERmxlycUETbc2V5N5l8BHveOR83WlhR1qo0SzVlLPJwDqhwDyk3da23fUo0DDX
A/rG+zou4o7qO6ad2KWpei0ySQMVOW3XZN/7DcFXcQy5gGns3iWurW0L6R4bX6kx XTjgvokUk99fW1Kzma6PQsFJaRbAcOJycBOp9tyPJyo+h3s8L9Moj5S5lxXPq4Bf
QQqYtXQpDA8NxfBWu5ZyhCztkTXiuj+Z+YN0/xjie7Lw5wevJHNcqzHpshf9xEH1 N/LIKISnci9+QtNCg/baPByMLUHULep4llC+aeFqPVT037EJ6ixe88PRpVGkvpyd
mX7lWpcN5F4Z/uaG6hFyKmICCMCPNimEusCjpKSBrlEl2/ZfasAf7+nlot7gGRLa 8b2SGlgeP/e7fIOM2lAcpET5HI3hbv6ILYAIM/U6iEZp0CldMxt5nC3GiU0guSte
+nEqpZAHK6eZ2u1cOJcqlM6Kd+kj9Igp8evi2IaY/Z1FyQ/3HLJE7hDpP9GpGJGe c2zBkcwz6idYRETZQnbXFiKDNvolGoR1vh5h9pOFFabcyjpY3dxDpjGMSlrre/lX
alBt1pfu0IUyEJ2Fe7lJomcVreEXYBMdcPpc5btJbnsuamK82qCUaZBbxzxWfvGD RQF83BVCXFkFGtZjuGSRC+Upe44sL2kxKjHrJTpeFp/gI88Jecm8UuwsFHIFAGdr
yofGz2WySMZWttrMHUiCVLx6cFa9FMu8ME6HjaoqN7FbXplabt2ae+lsFJZ/Ehmy fczsiGKBjeBHUJlCM6i1QYNx9zQs/0Dsf+WWBUzthv84Lw6sVDjZaGYkzjZSwzvg
5uz/FTk0QqExHhF4uWvfoP92qUUgWnrT92Bua2CLMs4nGxh2b6pH6pjGLLmdNDwT iH6+ytZH26KVM3/QQ1qUB2EeLM8Jh3vNSKl3BLsrHr8XqQm8wllKcySSS+mDCmLu
w6Z+Cy5FFazNnA0w54FuIGLyV3HL8m8Jbzty+uiIB4NnfpXeAmWvhqStV8GVzH/j kmjwrXI8GbWyfkvKJmWi0WMEp4v+AQqltSSoNoQ+NYMzQe1vR+s9wzePrOmQxIpw
6VW7ZaZbg2acn1HMTSfKYa35m0RQlakc+1bzIqnLWMdbRB7Pd8mghNSHrZ8rrrCJ sdT3OxSr13r24K5Rl3YdhOD42YN+RSgU9m9MCLDg0Zst0n2FXfYhl+c02uwoSLbi
yUPhO0A980KgzFJZgh/3eLG5eYWwN+6B3nlkT0vETiALnTOE0+ICP6D25yyiy9k+ 6GHviTKteFAkk10B2E1DDj0gbMMvnXIHvgFIM7GoPf9GU4bDuo5ohDdtCSJwU2qv
iEAkiXY00vUnUv2QJFTKmgrYMRBpnebYE1y5VgA9etEUIOV0tlzKgbMYVlxgcK5v e4JtkY1VCY9zAcnmROqUSDpXvVlw1Q61FhzQ7GpkOuh0auGS7Sc3BTqX5s6Y1Smj
TnLVmTioj1DgSPpOwkE8EKlRgjjc8lA14Ih5pcW6qgarDkyW60ZRHfLRsuWkNw6j 0dChIy2aDtXppCDxvpLjYBko17JKg74ZlwdzyJe4ohS+w4h3oQNRZMqIGR5MlWeE
jFnRWskK1LukllBvG+S81ygPvfc1SIMlUg/nfqp3EF4i+1tCA5am5AuOrp23bBsw 6XCX5xELYh1lXT41SEL+ZXkIig0P+TywxnXMbQ74zY4o7+tVTarYTjf4leBGjkRE
3k15q5FKpsbn3rQ7b3L1NquBtPwIr1E5rIMx6pWXOs40M4GSNri6Fg92eo4ZZfYZ iqfTJGSCA+HDhMy+ULYRrdsbwWVpeNl66anKpSK8hPZe50+ULzBjVz1rsL+KX7MF
BeJZy4jerGNxR4SE7NunWj66j9UumyVyE6EbgZ8ITuqEKt3lx9JMJpWHnkgeqDsA h660epx9YwxzpEf9TK2SstH7dp3lbDMz96FL6ugWcTWSJa+ERyF4vt814y2lA7W/
K1YI/+L2zGRIMo9WOoPuw/WdojEEG+4r3JMAK3/fqKWiiQosStG2u54XExuUfTpm SZx4N5W+IzUG8kcws5UVczajnEE80dm8blBxVofJloKaRd1RS7aP+YPvaeOmI5l4
Jzc1keEorZKCvmyhiFFObkQli1Dn0ZwEpx6qZbowDiMmXSGJgC7l9XUd+3mDzmJo FeQ83kAri2oAcfmnk+yudvptSl3A5cmfKV1NCybx7vpK0ePwlg2UJtz1RiIIC20Z
QPn5IIYwOIkdoPastOGNuuax7RGUOekjl6f+T9SoGu9eVu8sTVNExarMAnwReJTh kCNMpLLN8hVkZHvJo2D9ic8IAmt4EGVQGcD6qp3Cv3RwYeVtJVgMnSw7j5HUpdFI
dnrdqWLzSNuJweyR3snwxMruvYE1yy2W9mxiQHM3Mj9apwIPmU3dtE+H9p7uP6CN JiIZl7ZSNLW83CiiqJXFmkyJx7AxvEOXNC/00jZBtoOKU4RuGp/Uzpx93g+rao+7
HAMiIUsegY/2du9cSeesA1re3B4Z1nJ8Jt/7wFOk3ob4Ox2lCk+U2RRoorBpJtvk 97oyYSmNk8WVH5qk4LXhlNw0NuQnYEeFICIeLNuZOJOJ/PjBI+hVvr6NtuEZ+0FV
8P/BRHq3EoUpbNnoB89N06GQ1w5DkfqOeNQC5E/wDDhx8JXWUHnad54UWGS9++fr J3zQYjMafQ9qD9EajVHjHJVyjBCDoAoJNio8l8OFM8/X1NIMxri3nQYc4xfHP+yx
4mHqUNdU6uA9wgUYUEeXkfUEyVlxY2OZAgKmb7xwAvfPrWxLadODpWMPb6dogmBY FgHbHiEcEhn1uHNARec+E6zXcVF/TmOhNovBPEROwhJhybxKAaaSKPzDZEOvfJ8a
icxx9Sg4ZOPFgBoSuwLlc+43NZNz++ziOgdIvtbpf0a8GJVfg3ql5Ch8vUsNIfNU MpQxexpNSpkJ0u5gcEw6Z2xASX6Qn7RTPXwJo7hNYOvqDUVUdwQLPy8vJHgqn4iC
9cYkQg+hTn9RehPdM0QQzOXWQX3C0vFshV5eGqrko4z+Tw+7E4wfA16Hm6S73trc KAdc1wMsJ7gTR2bgdZYfHGxUlXG4zKPvSZahp+uEcxixhC5N67sC301A1oLmXKFX
4YmHZtlgtgvWPb+CvQvmmx/xNmpatBYSDzPyusaA3GRb+0vxeIMqGXxdoriD0qrN YzGqt3ZhZu4XsPYWV2XEEa6S2Y+3ygke0HuloY/8aosF+3ow8UN0KJWinsyG3Rw7
lQeADPDYPcZvGOAYjvpn3UDs8aqKsZrqB88QUannTO+bhBUrjD8GBTSAg/Xj5yrP t+ssGCQ2sGUTdpx7SOLwpwzlUgLuIJ3tvUK617fsCwUl00uG6j6pqNIALRNiN6QM
8DMjwc5Q//QhiizoUtsAyDvsfjYFNriXiX0XsIydnVCqBQuk0h2spfIHqXT8+EIo ayUuu2lnKX2WTIiFf2UN5lppaGncolEwYozlfF+0Xw1+xmoFJ+42QgjHrZSLf88P
nNTq78WLbZiHqnKBNxWWCXakU7L5MeX16GlggHB/Y+klrWq9rcJEsoh68klYO4WN w0jisO3nKyTSNvqcJlv2yuloI01u90HO7qiCzpYbByPkFYN0yGhSFZ0aMl9vxoD6
jCrLweQMCmAAktbQQhS2TWoN4gtwd3lmjtoCU+97K7Umh0nQOOtOLbOPCONfxwLI O9tzFkNN9LZQBhaWxduBZJOxdEsF7Fi4c0ZB2443iyMJvhkxeQ+GeS8sPrX10LQu
rnV3HG2gyILR9mOjQbAh70F0GjAgov4C8eDdzVTv9WL0blN2APdNT7dbW69Q/1Aq nUVLUXLG24DI2w8o7ihTWn8PtZNgjcMbMf8c0g8+7yjmyRVtWcqJvfL/NtXv5f6x
Zh0BncXV4QH+TIH3A/6gwEhsrkCMeLgSpEDAsQgZgPp/2XQ0JjxlnkxnTmsDie/V FBQQiDqO5xFh2PyjUL+MO9xiUkC5YBBasBUm/cpPKflGnDIiqw5NRKGzdo6/5Pvv
OWH4X5rj1uKa/5dF+RjR05EmGzbExxIYgI9GUx5K3JbDxnx2teEGznvpFa4o8fjb pB5iUrukmzlDJ6ROUHpniT0FIs2gVa6d2YIoZ1iXxY/eYu8i31aAS0/h8KXiU+fN
dxOlpnrV/NWuQBtyS6Ated+0ngioqqaLDrJBRaWp2Wj7UIepTctAq3Ps0ZaJMGol GdzpeVKz3dr+UQwb+gMXafWV887yre6h70AA8gCW1dAbkRaNj9CZeKlm6Z1lQilp
DRg4LtubSNRDDYfcnAbwvMprC1s4IMzLPjtVK7lHwwvqGO6BatjcWUN2qwbKMA96 /NzqbHoCyvn2Ehrn8x8cFpEESBjau62otkaALHD032L2ijfiKqlq3AzTfgOhN2j1
GqQFeXZ24loj2rPYGD1vcnFkUHty+ZfEo7F/hdmwLz3/WCnmlBtGj4/ot/UTW3UE IbvpXGhke9gEzJG15iiWSqe7agSTb2AGGcgNaRlJP4/DW3nVf7SF01/J1dJPlC/w
VFTXxoz5m4JpRIm/eozcLVHh0FT4XviB8RrrrMqelN0dtzNTib0LnklcbAo7Fs05 RjmQVSxV+115g5bHxLr9BE4NOgAha0DDHZ4MVujaQaIj3XO3XcLhUROpbSC+cCzT
2MMWRTWxEokIx3Qmg7X+umqUKehNFtz+DaSmyySZ2i+7zlnWFY9yYV38N5D84Dca ZOmQ/QnCeiMZ1sFCmpn+hRxoV6BA8VBvI5pEprY7+YPiWGt3zqZF4Ot0UggbfZtM
1BrbEpMpwxREaWTpnxHQOOPPmWAOpdMvBBePNinw2jSQxGLnJt5IGjQ1b+YxcDA5 WSDqYv5CoXdSaVvBOPofBidUdk/ASlgjdQBbXk3P/YBFoAbkbSPQopm1Lmxcytfu
OSPvZp0igRaqNi+Dp2L9DATcvz2o3VQtqRDwzEGZk35K0vSaeD6BrFOLSsVhSXWG /W1GGf/VMk5/wm4QC8yu1nE+8b3iZuG2IxthamQZR/qqowk9Qi1juhDiWnx3mITK
FaMKB5RaX1el+CB7L3wvIq2WsofM8rBAEd0ExLiyk/IC+n59WQPQjW/2UZuGUQiW CJHeZhSR6zfF331p1G8mAYln6ZSfxrzQ4R5h8b/O/u4mf294VCNj5hoaTDhxEHmw
CtgTtpWak+D4V9LSGiET/kUBXor0R1DlKCPmqXdvkd4E//Gwfbg74J8vyZM1y1o/ inflbhehkFbk4GQT2Rx7Ub9MU7mhkUpf01Ch7lIn8ci6jg0TS3Yr63gt3FpW8YRG
dlfTicOJWZhqu7AUdLukBs0mo15P9JHXOg6Txgp/fpAGkYO8UO84AgHfpRDbzHKl Cyauu/nUGZg4MXRfzEas/KNgcyayz7G/WK7puHvCfq/kiM2iaeRZ2BSBuWt7jLUQ
HGTrERj8kAOv7MdFqDwVZHIdel9+JMw/sUq/TvJgRwrOdiEKLOaeVrRBUoInAe10 k5TgBmo51SVsSsr2Csf6mTG30+5kS1AgLkFaxqynIN819dpBLdybUH2dxLcGN6Ue
RBFqcQOgTClPZ4Q/fVroIuoNxMQF0OnAMNG1KEDVYt/Gwq3syNH9wUFBLuEriOdd wXhbqttN1pnCJ8EtPKo2puWrXla5ke++q9/cZdAx9+hwB7+PLwVPSBxO6IG6i3xu
OKiFmj+beOl0n3JDREGM9pasBDnE95JnMF7X+EDPVo57W+5ua549SctYcT7SrXzO LX2b3oxXCmTsFJ0V4AXFZGCwSXSI5tPx4wZPRI6l5OJ/iVxJFxaSQXwoGs/KyjOk
v0Y4LgT3y7EdiwQQy7eyxzTs1fkyFHcr0kLl1ajGLVxaaZWfMchfGIfyEYJWRLip B9dlqppJkzn6jxmCRt494/c7uVJePG/gm6PxhWVWP+c/S2d28cypy85fIE1kATQP
HvjCdUhPGjzrAkpbmhWuWbEbUTNpyi1UIzC4rtzWYthVIdL1n/CodIiScKCk7QOH YTBSHfzorJhH2dfD+vT5WWCwE5kTsORSiuLNlct3+m1N0gQU/OmAi76cwzpWd+w8
0ysSOAveFCmabvJG2GCXo7mcu0x7ruDxWZar3RBaLS+7gLLhHwZeZjU05E433yRc mtbwm9SY3el48FmHnlD4RFdZd3z/AWFVCmXJroEsUYuLL08NrFx7Cap61XCEEw0w
2Wme56dOTguGIVv1sBVZjGoQsGg5h1iYBxc0PMfHBCdD8Bz8cFhsU3GzA7lvPAw4 VxdjdFeaKOKFTIHBoTK4XUSmEYdMcjQv3lJ4zRGStjRuv4hF1awK/vhzC0ueOjqX
ILtHuw1pMVM63YEHOeoZwPYUoriQsKCG8C9QDCJGXL2BL8b75b9+aZYojvRLzACG ZyBjUEE0GCfzu2UvZ9P1jbPbCOWOkM5TNg8Szm5J40FgtwFXr7yZLddFKsqw3F7x
YszVDnQ7809N1M7YER66bWpr7Ni1w6+9x2XogefKDYUwV3+cw9BrelaXK4xGJmkp N2Tc9q61PNXbyElosPciD5vMpCBS7u3R1TP1UNJtoNf8qz/dvoDEh4FmKiVeznCV
cjucFDnUVuTKZwLnmQ3EeBEuAJTdLbTQmKlZi7nX+Sgn5uiQRySg7gy4hAxPlNB0 7BFss4q1YEQH3JwVEGjAvcSUsggIpqNI8W8mbIT65vY6VKgP/WsyugD5AFruh5M+
ZowjiMIxrr9ba9MYUgS78xP8iOclFJ/C5WxzTAz5XzYcbR4jGoMpwWY4CHAxFERz qlt+Dni6ywMGC+CSQ1Yl1S8bVZviAEgCWZBs2PmP3HjuAFIcNo/hPd6fTK3HVp+V
Tm3ZBqVvxqkLYoAts279KnjpYWwft6bL9acZ4Cmovb2wSzsCi2YXeHdll9uTz1be 6OYgIHScqa3qXt4NBogbYyNFOYwwQq/dokmT41bNzaFbh29xGlKfmOq+1qzT6bQs
Lx3eJ2P3AR80F6LMDtEIL7/EeYHI5zF9bBVG7s3xtb7u0CEAzEUG77vcdQBZOMsr ZSzV2DnyEtnBJ0t3OFR0hWBjUObR5DCfiqjw/ckkEe5rrmS11DCPdmJA9fWTWR5D
cMjEZ70fza5GFIi+cIYtPlVjocd0p4mCfSuFuBrICQDA0iLP3nqXjc+5RzZSkwKq EDICjnGMRrzIrINPKa3stnTRXNEujHw2FfpUIhXcd7IlrWJ+8EjaZKUDB9f4X28d
TpuVs6PSp52rikxC04IUozxpfaJvqRNQ6fusvMn6/ZinRbuS5ZWncTyfqZYP8JCv +DIR9tpvYhtB9/tWX/vK034ElxKGfLP3GpYMUnm+R8lv+v26JS7jndCylKmdbcjn
3OHtdAyF+uGuqgycMGPQU8zZz4/+ZDXP0zpySZQ9WUiQ9zpqeuk8QkoAT1HgwnBE 8l05tyykOqCt/hYjFtC+tt13wlTjZrdkJg7lJZ4p6gq4a35vn+gARo+X+RgOHffl
53K8HE+ceV32CrS7EODkHRKoMI6WhDg5PL9FobgSfqhNGLTYEW9I3lQxD7U4a1Bq /aQYY0X8JbfLBOI8BJ8NcvgJ0yaQXkTwGBDlGupCzIz0uUpsVTXUtkwBPgftsM7T
MSu4z2QGHPwYjSGZ/aQgs0vu6+3SK9ERSjXzENKDeofah4AVooYoSAMXuKkEevVe adqGCstJU44H56nQriTE+UJGSj0JZY5ch4nSTF49iwRvqtabrVUucM4TasERduFr
bjnUJBVh/SBMGx3NTlEVu0JBZqgbfpW7PHDmg+Si0TrrJVSD5IVWYYfxM2iWdLzo 12QCvEVgPO30zvkuWJobau3tjHOe2INzAqG8txBYO5pi8StzGJ0sIgJCIxDHHKyI
GHuckDuw8f+jpdZtLpEoQhdzOD3iIiKJ+hrk03sf4vowSZSAmIsNhr2Xjxt2roFH pa/V28Es6RYKpneKJLZHIe8ISILgj5bcowaSXLS4hLYr1FCdJzKgxoQg4/tUMHvm
KzIHyuIOs1RDc5O1DCZvVjjoC+HbDwaFErZGEQgIcHgZqPgdaTcubsMU0ykmmdw9 1B5Se5JfWER3K+4DLKkZ5EzWu39vwQOvYljrmd1ramOCkxSmOvoVt3AGecaW8Y0E
SsRq83TpNTj5fbwrT7Nq3z8NtCr1l3PW11KwzbjIBJooX+bBoahkb0pG+Xuth8eL d0j/iQnMVUwqtik0zprqVr0CCnZah+HfB0CVBqmEi+ymR0Lmtl6GoLzX/d2Jfk76
HXmpoGViY+Obet4pzbi2g/41VK4Yrp+HWgc1ZqzlBWR7GxC6lkc+xY6whA00L5Er eJi9iWDXqU3tQd7ya5fRmrEmQXxZ4F36sFHaBdp8ZVj9NMocDPAvBRXCfsU4vlwq
3pBhXMNkyKVzC5hYoscocLOXmAlQVcDoMA1G3Bu8r1e6Ak+SYIviiHj+ElD67kBw 7uFEXRN15y9mKlHQc4FGcrF81vYkBt6aSRZKdxwV3zajN+vOBUSlRAa580lzrmrl
gIZ0Qruh5GnoBiwIFQgsKUXFyNDF2PSljsWcZyevAJBiue3SlANdztwWMZQ6E28s SuQ7XH7OIVIuAcjpmlFcLzAFIx8UXAXflTvg8/T4fpzIbXL5KKebjYFBX3i2PUO/
NXMpF345BMGThDDK+YP80rmcwTrF0nOK3oDcn/hFKxNM1RQHHRpMkED8fiGKeX+n ajofkSfOwiNJrpv/0VyeDeXreFoP8XQlzxQRrST9TRTPgK2A76u/4JSJzwjGc5Uq
U32xWYhSBzuBKZN2sZWHzNju81AoK6braMqPjRTxkxX5Lvy0sKkgtGxxu6sHlvru sV4gTCwqFd9UEl+Ls4/P6RuDyGX6gl4/XI/VLxLaDTW2OEccANzOlxDQJALDR34O
26oZloZnCsBvjJyFw7Wqbbq8X9HXzGGAhBrBTCMcuL+TVShMbcgiV40GwCJDQ9SJ uSqRQf6/aIzUlS+wGUV1WglFYXheY93z/Z9/M18EqF/DunA9WawYlbjl02GYIIyQ
zaVS8VFoAzYtm2dpjnmjLOAp3QYOhNu78cEtjtS4GXFv+5jPdOuyn2NC/3dT/BI1 ENowMwUKzCBOth8JPO/qm6xkNV7Nn/ZbEBAOwb9i2wIUGCJT2csM5GjiqpR7k0cH
mV0f3NKviHWX9TKLll7LwEeAkdycM8tJAXEydzq/Jyrj2Fk15P8ZM/ltzC85dnht ybYGZQlWpQKYTHHxUIkTYkzREtOa42m2O2U2A3NA45Wu1tYY6r+9/eq7bltH/eFr
qljIT+8ENZSL4U1XFFTOXF7QiEpCmbenvSlyG+0xYb98FSk6Y0KoO1I++qcsr0UW KkNw3S3R/LjDvYGvijThFUAAp4bsdHRo6Vq0B8X61ToqUCenMc4WFR6B/LCJ5oYy
n08vhhv9nuhNRAHHcbR5ogv4S/Cr2yW5ChCht0u8a6R13cyJeHEtOZIB0Jr1+/yR Xpq3wY7d1CkwFEF8ZHmIIBDcV0rgtkQK45MhkWXkNoeNCQNb+VFHAgU901wC3qG/
Jv+tZZRzkI9Bjtppm2W/W/gSMvXFNdx+C7naU2Gtt7fBBTO6i5bRvfy1bGEAJksE CQBrlzF0mzMLel9OaSt8vR/uzdoCZksxDgElgNmM6tQeSuFdZyi7k9XgB/x2e1H5
ht0Wz9ri23JT/NfeL3rQuAfgbp2WaWQzCkuAgRZODnJedA0xOWm5rimru93eISWX 2Ph+u3l3XDhfE3Ce5QULLs5TJFSXhc7x1trZOXLC4T4YJSpIg14LBzIXc9USQ3xM
sDx2eQPdTxndKBxP6b9aFZrWmX0srW6jKeAQ5f4Quy2sXBvU2jAI5vjkA/wWiG9z UFgw1LUPIlI6uu8IJ33B8OS9HZeLmUZAHkfgJ14O9+UFwV7yWB1bDhDlIEN87LZz
v8R1sTbkXzM8VWz8kJbT1uOEMFNtG39kQoIRq2lQSHrSFn/VhyG2wh49wG5giLB2 DWGEUfSOXcUEjgoUMWfitfFtx/UXV8OzJB0TlvRTVY2clZzUY1fsGYzTz46DL+O1
eUtnSUvo3miqqCDfZY9B4rpHLbeDb/3NYlcMMQPQwWEKKR20zGiqKmMV9/jhaIoQ BQ1o1LzehE9GxkGoGplyS340Ifx/nKWvvOrPCXmFyC+1sU4yYj4OXiFjdRuDy2dD
Tr3gP8TUhPeuC7vbS/IFLDkIAliAzgpoYllAWUwZmW5J+84dDPMrVStiQMK/CAZk 9vOEOQ6A6TwGCBHaTHeLYJz/BlN2iDF4xL8hBAIk+jPKugY59SqFGvWq+LBFg3u8
ZIBLxwBnH9s6ucxtZWNFaatjMgz3Y03Twn5GOjjOJB9eaR6SdAZxDTeODajJIuGJ oy1O6YgAjcrKIrETalXDbHvVBr5u0+XHUhfsEvP/tXhZG7GD45K55TSvIroq8Ext
jB4cjm6Un8lZki3PTAyBFOupETWxRSczCs1aPnaZVcRWkfOV/O8LILxCA7lesZmB zilBP1ypEjJra+uFDDOAhzW43BuQw5Xa1PHg/lVh3bJ2YGuSJ7FHUjF5sgfnq0HT
IrJ5U9LqJLoluggC/4wuxCziXCRXLz7nT4UhxYqG8ZoJ9rjHtf2t1EbmpmT00D+S gnV5e9J71CJju7AqDUcmAtK7Vf/lCF9kgyd+uwkfAJLDvic5wZxSpwEmaejteHpl
71rAVNUg7Oep6ucSAR0gPQEA6T1sYehVYmIkz0QIJpQVP/Ls9ArZCkVpsmLoVhyu wPlKPKPE4MRDxXVJpqqxMjh/eXGn4n9lqGfkn+j1STMgYaudnyXSoIe3GO0qfEZ5
+pU/HIn6mLmmnqSlAYl38M8F8xjNX8UsOEuJ1X62coaGREi0FWgmti6rnzzYx0DQ LxeuW/QDMxOLgvVhaZLlQWKg6XVbCFwW5eTCSfZ2xfmSPFyF02coVIcemUZbpnUL
8dsaQCHtZR+7+tgxYGrBls6PWxpP2gjwk2u/5kDiirRfIMhvke1ZKLmwK/DvlhSI kXVoToyXbklNuh9Qyisivoy5Mz+DZetDF03042Ric7OOtWl0mIQDRQM7oPCECKOu
p25G88scGcwUoLhsIzPSfFHoYEIG9MPAS+CJgbiKqljpyhMZoKfsHXyHRdf9YrmZ iEEDlk0ZkG5BCFy1uSiznlBEZJR6Nc0NZyTDrX9haA5SsUrtGYZFow1PQXgCI1Ey
bemiWCBmwQK5J9zAcR8l5ULfkVC3kxgkdHff4hXsf2U08D+oANABAxDhxZFNMIvy jKVwenOKJbHo8ep728dd+aVBIw2sHnhzQcn5QNZ6URudhSavSM6CQJWqOsYOSrHc
d6HCmDdxtzdeUNcHF9XTJ/YGme8gsU0PJ1dPBsMPS0lBw2TXJAkHmY01meT8/r0v SIcxiL9CMzGXJzMG8ppnL2TgkiBjRmsst0sTT7Y19TFnScgXDjtwpimlSzkoQ4bY
r2uYdPt44EwrLtWonChUe1LwMWeK0D4soADI2Gc+cGxt/CWTFRFbULZF4BRc+1N9 a0Gw0jsN0F5k7k1SFjJQLe/fau99wQhJsTdnVeUA1SgzFLiEj0+Ba6z75muf4Yaj
xKgCvub2mwWSwCGP4tHGKWpAaoTX2b6uP5Kb7N7HDRE= 3CwhLFtXiAia29lqNteJNQSJKJa/NR9Qw9qEBwXuT/T7HxqZXfOAUqsiYeOJ9vOr
iskAuLrYCHbASEVkcHYOBw==
B.3.15. S/MIME encrypted and signed over a complex message, Injected B.3.15. S/MIME encrypted and signed over a complex message, Injected
Headers with hcp_minimal (+ Legacy Display) Headers with hcp_minimal (+ Legacy Display)
This is a encrypted and signed S/MIME message using PKCS#7 This is a encrypted and signed S/MIME message using PKCS#7
envelopedData around signedData. The payload is a multipart/ envelopedData around signedData. The payload is a multipart/
alternative message with an inline image/png attachment. It uses the alternative message with an inline image/png attachment. It uses the
Injected Headers header protection scheme with the hcp_minimal Header Injected Headers header protection scheme with the hcp_minimal Header
Confidentiality Policy with a "Legacy Display" part. Confidentiality Policy with a "Legacy Display" part.
It has the following structure: It has the following structure:
└─╴application/pkcs7-mime [smime.p7m] 10120 bytes └─╴application/pkcs7-mime [smime.p7m] 10100 bytes
↧ (decrypts to) ↧ (decrypts to)
└─╴application/pkcs7-mime [smime.p7m] 6474 bytes └─╴application/pkcs7-mime [smime.p7m] 6456 bytes
⇩ (unwraps to) ⇩ (unwraps to)
└┬╴multipart/mixed 2095 bytes └┬╴multipart/mixed 2094 bytes
├─╴text/plain 59 bytes ├┬╴multipart/alternative 1431 bytes
└┬╴multipart/mixed 1600 bytes │├─╴text/plain 485 bytes
├┬╴multipart/alternative 1194 bytes │└─╴text/html 637 bytes
│├─╴text/plain 424 bytes └─╴image/png inline 236 bytes
│└─╴text/html 505 bytes
└─╴image/png inline 236 bytes
Its contents are: Its contents are:
Content-Transfer-Encoding: base64 Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-mime; name="smime.p7m"; Content-Type: application/pkcs7-mime; name="smime.p7m";
smime-type="enveloped-data" smime-type="enveloped-data"
Subject: [...] Subject: [...]
Message-ID: Message-ID:
<smime-enc-signed-complex-injected-minimal-legacy@lhp.example> <smime-enc-signed-complex-injected-minimal-legacy@lhp.example>
From: Alice <alice@smime.example> From: Alice <alice@smime.example>
To: Bob <bob@smime.example> To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 12:10:02 -0500 Date: Sat, 20 Feb 2021 12:10:02 -0500
MIIdLAYJKoZIhvcNAQcDoIIdHTCCHRkCAQAxggMQMIIBhAIBADBsMFUxDTALBgNV MIIdHAYJKoZIhvcNAQcDoIIdDTCCHQkCAQAxggMQMIIBhAIBADBsMFUxDTALBgNV
BAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFN BAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFN
UFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhMPLSW9ETmXSs5CVIeh7j00 UFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhMPLSW9ETmXSs5CVIeh7j00
Boq0MA0GCSqGSIb3DQEBAQUABIIBAJY0bRwKmnM0NyOz+IgHeWMgMOX8/jDwHHrP Boq0MA0GCSqGSIb3DQEBAQUABIIBAEgnvqzNR+Do6JAxBP8F7JUcbB8kS7mxU+3b
t0MXudwDeJwQDmKd2J6YtkG3fRjZx+MS7bpLReFPedY/7RAe5oW3JgENYa1HpIwm foHqCQ/5kO96KgY8libT3/JmQw+yAifncpIcl+22N0NqaqisYJj9dKA3Gjs/Uprb
aD/h+qIxTicIrNwzuiFAgWpkAArav42vaMmG+/Xh/POG6Gzi0KPeJUnHyySf4Tp0 bSN0zOavKBotza78JC1mzmIIKQ4Vy9QuStaxihfghKti9dZ5+elgenqQhZrq3wjX
AfyjVj25criwnRM5O747uUuPB/jfGaQpY3juME48/ncykOBtoUJjZRnRfGPEGXi3 MYBlnGKNgrXmNb/8HVb+ak+kxK9ZiRj7s2A3HBQz4kFOr2wcga3QHrnUFqlllFw+
PC7dqg1DU6psEBsAblddc3UiWHmvbupTrzFRZ5GJpQxxAiEP+dyYkhEmmymIwVkl Qod2RDSowp7uvZ/vdtVdVcywnCh7P45RUFO1PL4WVr7AhzRDXsVmYWF1x+6uBz9M
LmxiN/ym+SGbYN8M6bEyQV+fa1XHVz26LJIZNTM7f6ud9rZlRQswggGEAgEAMGww NxOXJX3f7y5+eoTzMUWhJdUwcRM2z8EIT7EdG6I2n1XCgzT8jsIwggGEAgEAMGww
VTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNh VTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNh
bXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkCEzB8R0APhiY6 bXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkCEzB8R0APhiY6
HGLS64MvlsDXhpQwDQYJKoZIhvcNAQEBBQAEggEAP6JUg6dihpC+SAwERMVQthSf HGLS64MvlsDXhpQwDQYJKoZIhvcNAQEBBQAEggEAlNiYwrBY5HIxX9zMW8ERT4tV
ztjACWhmPPjx4+npojd9dah/Wc2iimFnMUpEUzU7AA61CmqDuC3TWJh0CUFy+QdZ Hl5QupEY6aXcOJhoRBLO3hrV9mEbo9vy3DlQkwW1OIsI4UqkQQ98dNeDQYEzy7TF
TS4Z/46E4te2mimwnE/vh84lgRX0G7+XjemnjeWlfbbtcxjwmUQA+largOX/O78C onupxyn8dy6gInGpUpqS6Vjnemvm+XbYthI6xuRu4wO1PEnGPuCsFjE79EARuh/e
3Wq6s45zUj/3gAUDOaIrbS24/VdvM0kNjbflYC5bVoRV7zCrnsv9HZ5Sl4R7aU4f 2QZutFt0PgbwevdiCDF7mJhFEA1aG0BHfYGxD142JRyQJ81LDB5MxsTD907MOGuF
AMPAEzt6JuNb56XLUeEjtLc/J1rg+by71moz+bl2vAHrCV7KS4rjuvdX5mtyx+7Q mB6+zW7NWvTjYEsSZfqe6Ycc1hcbFt/3yp8gthRh4eeJEtowBFMfxLQEIUiI7ImC
RsxO/4U7edUDYP7xwoRJH7BJuQ4TCpribA9gExERt+8TKVw1axoZ8q0gfLklGTCC CesYCwW1gMziG12d3hZkXR0nHd7xu/K1aw09mdvZepumsMwHXSOd66y5U7Bw8jCC
Gf4GCSqGSIb3DQEHATAdBglghkgBZQMEAQIEELIL/TZpjp5jGGOzwxBSul6AghnQ Ge4GCSqGSIb3DQEHATAdBglghkgBZQMEAQIEEBmL+hRticO6t0R79DViIhWAghnA
2G/ggROJ0uuf9cWwp4La4W+lALvFdSImHu8llX0XfYLiBrQWUJsRX4pa4bT8jUPl zZMLw8xZkhor3XzGSawL1DOtnmwJnq+wKQl+2FrIFolxv4y/rsh4bZQW0ouD6wF/
Wq/HHEZvS8ehM3FIlpxebnDey2FCxeAQ6Pn4oByw74UnzFeluL21PEeQeJTPbui+ MedLtVae7U9xInumho9P6VKuhRgWUCMMxG36qD/UwZ+s1V25QftaO9rt5cbCMN7/
sLqZqq4HWlA0WpDERVLbWxhMDGXLNHrgmy3tYGfOa7kP0mKnLahSRBI1FG2HSzpd e5da5VzohBicz6GzschM8HuV3uoNgxsLjZ88izGE7y/yptAcusUg2Fk+dWxnWwx1
71pHqYy90RE81qK6B6ocsK0+2D5pPZHFOedAS+xVMhagBRJrK9em5mSoTVZPUBWv KVsFEURo0qocwe4qcTEtOO0dPYZn8ebKFizhwAxD2g6jdFWefS+gmlpGQhKPGZJR
sITwwJI7lA98wuX7WlAHwk2SGNrmq59wkU6hF8ZVpIg+ItMwDW9+5lKI4sEJy3Y/ g7dC9sVURBP4FuvuUPvZE2OgSjM7pJCrALawOAUCaWMD+hAU25kX6Y0gydcpzdMW
oxP/zQX/+/GhQJSArY/Bc2k8dOcLZcFSGKglv46bm5NgDl0tQlg/waZHVYfyvDO2 Kus7jsPUKBfs9FwjX3gJnv9BFr7uJobL232X6ufvC11OgfzAzPE5GDo4nSdqpand
lB0AZpiVnum8B8KueauYQ95Mfaq4p5dldBye09fCjNNOsPuPwmmJMyYzwr1+fmQR JEd0Db6ZWLux4Fduy5xtWqqmGLST7KMZBHMzpo94Z8Op2V9Wqa2hJ/DS4nB4voYD
C9yNfArM13+/2aRYo6ti+8nldGl+cnCQDBXu48KlLZH8oBIsghIEmMw+3wGVb3ka fotZeh1dXoILB8HO7l/yq/6AyI3ouSV0GdmtpneoeKyStj+WlPVaREIdmIzup2l2
TXpTsYqAQtjg6V3J9FFTNbyX8LlHhAUbs0I6lyDwgILSEI9/pQdbkTE8oqJ8qChu +PySH1Kn5ckfcvz1RVQl2IL/Ba28Lx5KqBgbtMdGkfRmbGvH5DEYGiA7h98Q14Lv
wz4ZMwh89+AcMqInzKkhsOq48DbBLVeZoliknnJsLcejbM/ZN9tYVc+wqZ0YUmEo 6300MpgLbVjjs3h5QPUYp3tbDr5fUJZvAPJno8NtI5j7KgbPJmQaCNejpqJGWx2s
gCmd56WDhEGwKoSz7O3reLmAjen1wrKH8wGIzhlbL9rja1rgWSC1PrlcPVug9ghv g2X0Vmcsj7X24PHknpccTXCq5cAf0rV/59KidMJgjMkVhYSnJVJ35wteFmKxYc/l
6AlqZA2q7C+dVqdu2WhGgEktkccAnM+DDmSJxJxCzVjJomW9bdLoVxdvbhNfleQm lrcU1E3TJMOoUCeIoTUR6BSwuR9v4pWxkY8y43HZEqPK+lEx6m208woHTVx0YYoU
VjxPiY0Bxkqkq/JhyU3JcRpQ+b5XhA7q9PIhDRllcMOarUK4sMEVK3n38fZmaSzZ 76/Y1JC7eDVpqFbOwDCUqSCOZmOzz0R67+pxHNSf6y78gLYEIySt3n8OViIRH69E
xl7/DjiQn3EKwnEQso4/dajEdCAOe4cjRBdn1heQS5xnZgm0uuYajJ+jv35EvyE8 XMChkXCvj6dlynO+1zaFMr1XiFbxzlsIeqMAERp/QNAWAb3OIsqvAeZpG8Kb5byz
gXayeJiyXOHgUesgqNBFzT/Ld4qwQm4v64GFa2NHyUYcyqKpzIa1cWMKllMhaIbr 54+JpGZcYQ8VKkhrDt07oE5EM4ACNMQSzk4UfABXl4npNvBUbKZ3FRQPUsHEtLF9
iGQun4s36wYtiUEaDDxkfbcMr1jDDHokB+nCNz3Gg36zBRQJyf/LFsIk0tQiCOBk moSV4lzGGV1pmgOY5Rzuwe5Td3Yj9inGZ2heTO3VywoBN2iBmk2chX2V9xoUO5oA
qOxMrcYD5x0GT8EDHKYtmfoXlCE+H5I5wAjK3KNlpWDrrpO0Ynp7fYHGeMClt23/ If+wmAz2SM3vwT71krjWztCa25BH6O3RR0bFikxREWrfbS3stygZlq+fzmsmSnBe
cDej4eqGpy+/OrVwQMeiJ/V2hL5Q0Qk+POhjUEadbPPw4XODQADBeT/y/kn3hWYU n/2AXYZAUV9J0M3jz2FPHr09/y2TBoso9ExI2kSy6pgwqnqj3q/tMyErXgl6FKOC
otNWg7bnJYhh4pMYXCxYwFSK5tpc5cszCsaR0+CtSRyTVMxWTl56IWl4n6xk/A5m /OXMSn40cHCX7ZZ5ud+XJLG7bAb2izzG7jjguLihCL/WxUwQMQ46jzPaJXcg2ioR
surHCqVn33S7TIjH9aTCltz9pB/5c7/Lq/RJbGl3vw48ILJaC6qr7/w1eWJFp+tL PAQwITRsWGuWR3qyqaLeHBRzfpSKE6I7lIdy5cz2tD7LYrOnx3tJHjiXcyTbzRk2
ZEnFg6oVFa/aFB6QDQHkJfyGa1A8AgtCcCSLPsugeEOMfYsC4ZEg7KooLxDdIblv 69yMTNciAjBsIcg4VtJ6AKgF5Clxrdu/3iOMXtjOIkfvmlEl/pOsnhkprkQVUsgA
FiHFv0N+R+p8PHNbETNO9NezL1CIGgzS74xGW3wbnOlVbCtEJbGjVljVYWdpBnyN MjXBclOyE675ukj0TYB5Br+AJfa+beSgZ/5Hd8H/vhfS/0v6Mh6eFyaooWh8w5HS
8c6i/ASwjIMX4NuAROfJ+B/XS5Q2WTMwNmwxwsEBK6ZDEYEKIgiMstS5cwcIJ5EL jQg4TKzfnRyLMqOC5Us7UNZS9KNtp/g2FlYHYJX3CK2+AZfPtqn18XnoCF49rK54
4f/f/O/7XkE6n2SJ2+n8wSJXQM9uEO+QQSawXBkGeoSVDptDAwiiRVpj+aNmr8Oe S1e9rwAAa9gSYeAsoiEm3tCF+UiFlauSwzDgK82I1TCM7Vm4gD0Lwgi1z8OpDZXY
Hqofz8lbdz6t10Xm9j9+DG7Q0kqoyLBnjBdwc2JGPlTD96BRFz879V/jgTw/FEyr U7zavy4wLQhYVdKYQH+kItxxMvdyeu4v5+Fa2LH9+V/wg7lzMG9TmutDOdDGUXy/
x9aGtx+5sBFTg5ds+WzfraqR9DSOd0q9xEGZ6gRKbN6LRI51q96rzoAGoaYTo+bS LbXagLTbrPhLqPYVNK1kb+UMuSnrB+56tRJqdZnlC64kOEOG/nLa+K8p/ZE/2jZs
gIL8dxU/PzDxEZ8GOnH110vtnt+b7lYWkLQe/K+tMmEBLMmNMsMHDO0amRU46xG0 avakQn7ZXZs98aQ7NKFxNqJ9rgMNB1NMETrVA5Wtty+6WhlwfpW8Au/Md5gsdYfO
Awak2XOOx3p9lsuCR453Vn4CZwaIXpskIDFo3V1iWIJd58tqHbVwnyizjpnrcnq9 wckX/W+t+87UoW99zM6b8zOkFpfFNEgacBD3EA8dR8TWIgMXUm/Sq6ihlOpInqI1
FILQGrEoLhrOvP7S/utBsZ9PYihbD8aduzZNpNWxC/Lv8LSP1FTDB/ZPogYeDw// bbtuCqcgogz3uKgDDMZilb1taTAutpKTFvPcJ9rMoxC1HYuXhyrn/VNCBGMOVE49
wRxo/m35QFwfG4U7U+uW6Z/7N/5fX/DdPd4bw7vuJQO1JShB6PCfkK+dGh+1XMKX lAkoiyBesIPM5UQb+Ys6TQ7m/ALazY0PKLKPEWjCqnVtMkEjHIn5b6nDZvQwFoug
/yI5PkmM7tFNg4y2BORcHGWjaKNp7/xU0PpXFraIwENhXSGT7mOWjvyONjaOldxP fW2Tnzi0k6OIgiVMBNmx8+zBj8wflkeqdbZ3hS6Akx+lHXVeNGFq47VKwojw0rIM
Tigh3VrsWGOf4kyOPpBDzcdqUs8wbmp3F2OQ7OP8wpa2ou84Ka85rIc+RyjT+izE bUBUk8rMC+lxJWPebgu/l/+otzeBnSipu8sIA/5dEtVxkXExEKun/U/E7qQZD7jo
nUAq/aT/agOktwHBAe8EzXBQDpSfCpTQaCfv3NQPL+QK2Ty4EcMq9FnT5idTnlmv xscyuL1srcfwUd4W9intgyf/86rfJUc8yeAl4QOciAhjZvRc4X0Cf/Y8peIHRHAs
JP8Q3+Kk8oXz/bdkvW+dksfQw+yE8fZfyfwRJKLIEMzWe3HtOMr18WbVU3pHhwfP YKjQQYhQuCT04IqVOnodAzd/oGtFe3nvPu2uNUCOD/Ct66dVHb+n+eB63qeB9T1C
OouEX/9OCZenycf8P3KJ+ViaS1RrRL/O21jVupUgcC7kumJwiYYYjH8q+e0JI/PO cqj7AAMSA56ZM9jDICPs33k1Au6Z85gsPLxzySmfk1dtcYsdN1Inh6d+olcdJXtI
FqExNOjm1xm9ZX7xu36KUawsw1HiooaI45x75ddQlRpjmt14pQJYNoaweOActoba 1TfoRY+1xhTfavxfq9asGoQjNEtDywdi8JV8vHQ5ja5fC7LE89qGSkc/lRbTg1Ot
V1c550tHt7xlOIJNwhLFxIgN2axvPEdhONDLMOqwPjCvG6xep6wBagxrKHvRUjU5 MSjnQSBVtjmPkNIt2DlWwtdDdr/aAPyK57hsXpwYMOtNSqCF+L8HirXdZ6K+7zBG
XLvsPAeItrX0oUCvvydX7Dl6PmWauy8NCNlDZrxrcYrFHQdTWYzVUp6M+pt4SRIE lJd5uB8/EFP7oFi9+MpBSm56GYN8JByRJIF1rSCyK0GdrUb3/DJSd/sdheewQPDR
V8YYAvAavVsZBWSG9cYTEkiKGBnV07qPfrKn0gzjaqDMGtF+FOxoqv8EiZ8bI5c+ ra17SMB/aysgT2xu2cPqlbr+/D9bGA4kTJ7KXp6WZ67kuUC3JtKkaGiqfcESDKym
IztGlNoT7bpFoVv7Jcx7wNcYV9Xh+/+Y7R2GAaW1GN/A7OlLmezgJD2HdfHvaVZ4 mIglSN1W3BflH7fIxgszAdRRyEw01MaipgGbFsoU7sIKgjeQ56sczbl/PBJ3xS07
KEZMo0QHuBoJLsqhS7XSLoLgkaq+72VPNI1xYpHC3qO63wW2K7LvxxTs7Z3na81g GamCZ6m44m5DhVs3k1vawuZqrSTRsxFBVrSYajL6msNtLXu6l4IPD6x9RZ/OCDAt
c5brAyNhyERIqGLKUypxNLehBzqoA9/+VoBxnjO5DLpV+7lbVCXuI7PUdvMwWemW CgmX2rSBj3pg0Jx+X1nr69sVhTnq9LbB+GSu85eC/siDkcUEXaV5TzSXakE1afuv
DFzGgIhjZUf00RXc7/3mxiFtxXc+9/GcBwIluNcC06RiC1cqo8zGbwC2bMVKvrKG ESgOpdP1YFDIyiJmW0SKS+5uZLGvyH+hI3UdIaDt+Bj1meBmI+Q8poXc+jAqk2Qf
7n+1shUyxz3QFKXQu/Qv7ZPpDy0QQvv4pOrC7ArCYi1K100uo/lfN7WWF3S08RC/ /vG/2p9o7EWgawk1cuch6zDa3r4iNXWlKQc+lojXQdP5YhpRUcDKCGe2hdelk2ku
5VCzAaUYA0h1OuKbNmhFcK8GCHM91b2KBU91lfmbF6QNh0qeEdVABj9uBO9+26LT cdth0i5lM4YqZH71hP5M1df4uR8iDRjyTJCKGcDPVAKTpUXQ+GlbgzZxerv6XBuc
QaQJZh+bBDQCzTUVu97wHfbQKbd7xy6epVrSoBki9uAfof0pElcuTbpSFtTtgKzT Ouxmi36H1vzHOBrGgJw8FdXIosD/O25gSJUGr5Q2O9YzOOpcvUZiU/bSglfsb8fH
kOAWYgmt9QE8ZEqjf6Duj2CBkcXqFKOEacx6QoUxC/tMMrMN4w+4vZyJp0k61/00 9us8+rlf/qHf9Sa1HTd7g93kgTx996ne/D4xtnuc6R9bcUcYmoME14u5pRkHjAAq
2TgmIUBekdqFx1cg60v5G2ad9fBB/a+q/IwIPI+T5NsepMxapvH3OfqBIfPCLAg2 pAv8c0dFypwWm77RLb3SdSIqhuIQ3TK34yh7wILMHOAvZD4O/jYfDn8aMFz9zYBy
3SJKuuPa/YYr0i1z82XHKtbmFwF/pVGVksiJYg4mLZbXAor8RXzAgATQEQ1Xz4XR r8iB26Oyc7F7Gn52aZMoLoKuNYpJCE7UsM1N2pkyX5DhkDA/JHJW/5LOtmFHfSfU
NLS5PAGD4KpY/EFnROv0Iq56t7mEnxISi2TolvjtWnGkML279EDZjBycik9+yRAy mtkh5PR3c/DcRjsSImjWAW3BDvyOUlgDcGE3dVKzpfCEDwTt06+bIHHpLLv+otYt
DkBcMhe8WQdlPKgPXlLLUWZE8QteESP8YJSNqyQ8sYB/W9JzKSmDPYgwHOl+q2P5 uu3ZbQCNQmt9jCh7FbEYRLixr/as8MT2HijNbBfrT5m5yyo9jAFgl5kLMRe3SDmc
Y1gY+h8uPLzv8Hgbs4WvEq3ns2FMUaP6XuuMeWO5qAgAirUU5L7pNLQUB569z1NH 5eevHjA7ymNRPVmDPAK2yoSG6agF39CmZfZZS07Cwdtha3+YfHIfEaB8tdSEC/YX
GSAhjSAJdhNug9nuubG4upaWuc9DGMbPJe+EC6itqitSaBtL5lxu0aBa2TMhjn+A O9g9AQSjTCbfX1TK/bwitDFeTZhLEhQVUK5jCFJECQS2uOiqpgC7Hiv9MObH9GxU
PQEVzDMf78TQSUhZy5HJnj8c2DupKL6i20NIaF1doHHgOHXRxS6VPJGxq5X/XanK FM+E+h3Osw0gPmaEGXh9+2V+tR9EwzyE7VPjuUTv/aMl0qdOxIldZWM63BHBqrPn
TzMV0cVB2cltkcf75/JYu1JALe3o+49fm+nGUHrGlp6eHqXo1RwMaKFh/2Kw0nVs y1p4MId6l4zULkZ9m5xnXpBEOHQ0vbwbN8+qtfRTI3axZSbwAJAxvisUtLZDExIr
nivNX2mAoZAQRlZSJJCm9KOX7AtcY+uo3E+9wmNX+3iCwudxTjWNqFmD//Og9CED Q4ce+BNEMH1QnrKlSfZlIcwC9UwvzDfwkFm/zkiZ34NVPWHT9ep2zJIXkQrQ/ugY
aiqxFmvJF5AopqL5peo/BqH0BsEwb8lbeR9gSP5LUKmFFQ/Jeaf+EmCznUfMi5JV HOQVEwgHODz88MEsY01V1n2rC0nFTnSMbnwSpOH+cqn8gt1ogwBNYBiyfrFbCSGi
q2GzcVsLjsKjBipSccydc96D8TXbWSJJop/qz/47usS5kAlha8RhEDCKGe2s5mPV 7p4bUjO4MTXG6cbhZr2ztouRuGN4PWs5aWshQgc204U7mkldftGRuGxOHD6uxr1B
MRtJ+Dgn3HHzsVf9Mhb7IWbrq4W9jG6elr18hRxs39FhzZD0ovnFXPdiR64caAQP YllOJHEAQSg+Vm5mAPG7txzMHldLlsScGdwviP4TsLmfObJsxyr8JQKJlB9a0W+2
gyMFBrUdR4AMXahTwyl+rCtAt7SUBjAyIOXsjqEghENX/M/qi56IuI8nWg+cJtDL r47lIxOZ6+sTkOFIbzoCEH8rlwlpUIJI9QTZtc32bDI3bfEO4DFqUMvrN3cpS2nK
yFWhq3oJ75wEZGSX66GHMYcog0NMes8Lx9rsvBun5MXfmM+Dmq2VHjkAKP4NOPlQ Zr62fWlcM6s64r2cjmaMno1kwYB86gwZbZbxB1yxndMcIcsKb1vpFpEczg3b9aoH
jXo+kxW6YjfPGRAdBmlWrXqRqJljN8qffpgbAOgIF4uq/QD0dRx+dUmTWIAcU3C3 M+54UC2/YKtGc/j9xDZgQrivnN9YdMlXq/SSa9rBNGYUiALhkESxUFuc3Q6Kzxto
AW7Wux5f3w7AUNZDjt39eD0ivI+3jgMiSUGxCp3yZ+dQ1hxjnpq3YnVCTU9iJJ2r sw/OJVyZoDafAF/JnpcFFt0WaSbC4BCnLP5RSBjyHXTBYhN0JWDep/E4IJc8i8Ha
MXg8pOQFK4ofZB1EmBmhxJd/2lN1WAvAJHpgFXGs7Qy89WhY6RObYwvBPpkULu2D +LYIFuu7RySDJ4ciLleZ29rNlcEQ4go2H4GX8F+RlniC3oXHYrth6Hp/STe5svk3
aWVc6sEPXCgdBiSUd9fFbWNhDQd5puLpEuqLftejN7WNE1+Db9aiIlA+v05T3zX7 ZtblNLDP/ETyz2oE/0O7NbRmncVQ3/rijaRQX+Lwx59bc1vxeLOOomatawh0+F06
PYGxVGuYxf/P+Sl2wBR4yl8r/vONAyctAALCYP/KudSIgXQ7zWVC1klAjqRksWmK UgC9UYXHpltXBnJAFVQaScpez2hene/b3WMcl6lZaWFbslvGjCQqfuWXtKt8KSdE
SDtNmnXHlMfPTt7Av4vHX8iZrz6sOGpMso9j+Sdo62Ppmbwl9vS8gbZ4zFeelkXh 8ts/s1PAmLln0a/35q4Hu9gMTGT6hmxHm9gyEPNyLsNW/LkDDypIeG4KQ1ha12to
OXXIbRo7p3tMeFwsogY/7o8Y+9gxep0rm/w1mTWsQRHJr0t967Ki3AUrX2HoIa0j JILz8xufltXOwmIiMzWyGrMLWZriPhT2XL3uwutMHt++0KCcpG2v2HdOLvaA/+8E
mlOL846o7a1kMrKIK0FdFmWUFV7/iWbjoaX6GWJ0ovF5+KffFmfF1jPYDptlKR1K Y9/M5N4Vd6hSNGHKapfmypZB9ECf7jnXEkjvD0u+Er2JJ5G73e2u/vY4H42Af48k
PFjDwpzWuIu94fmDL5L7KcMUA/cGd4eSkXaIpYjNBQZ3QD9kqzoT2KopK2yG8DAX ZEKdBg6RRK7yZIsaD155TgOCCspcyoiHKmjWKzq3uhT76aKxmdi7gYfl0GOSZjc2
ScKlkB6EehTUzBIpvYRA2pA0W1Lfjnbzn5EU0PWa3sp2Yq++C4fURxEt+8yT8t6N zNUyWzjrCiehuz/tdFUsG1hfjcja158/RPKmXKdIUBHpm6FQTF9RKhC7hVqEjXju
WlFlqUJRQfWmEf1ZLHTA4Lvi7/HUN8JZDfNw7wckorMO4ZPWYI6+zBQmhx1IiGun cVvmaNC1g3hkvBPEu7ZGsWj4iXG8YxskrKGYB3L6RVbhJuSw7QobThAIH1nI17wC
PZ5s+lUSQKPi1uUArMwfcT0CkTE1ebt44z02GEyLyou4ZelKbz5oXh/mz7qyUZcX 5JnUgILU3HzPFmA8A5oC5CrMO3u7p+ambSZO26DRtYElKk3TuynuNwx/UejPWX7j
U6WcaNHuvIu+3r2I1RlblH1FYHB0/l6CQYQUPZh/GvVTliPpg0VqxbE//9zTYi+R S5ejy62kE7vsOEN4mmazRRxDxQC1RjE+XrD9bQR7/G0z6b0dS3BdxDQgnXIAyhLA
JF430mMMRXBhiNvJhWEfbdVr2YQXQKwN8yngzIlC1blCWWXE8LxrSb9HWbUrFmpG Iaz52rMo0qtun6gNFR8ynICetkwAgmtg+fVKqCIIQuV5zE8nw0fPVQfG2hmFf175
XcHg94A9B3uUcZwX80AuW8Km35KgCqNR5se9r3EMWeSvR61cTjZq5jU9lwwpkGdD 6+btxw+wUdUJWML/NjquSf+HSP7QXVRzCOVyLsX968iIwym7G10e+thPXbGhXqGy
heD7fdGDLq4DRktks2jvwn4UIm7uEu//7A77jhhvXgxv5no1EcrctPsMZsIuSsp6 SKxx7ZSw0SVDn89z3N58/Lfdi1x84gcEa2wVkssffysVlOIzE7EKTtU7fbzYW6MI
wUlMgY07vUuRVTSxmdeSwUXzwTPKqsSCq0XgdPe5bEjgIU/+jCTQczYeIUHqRwLj ihGnXkuQvAYwgKPw86nirrdHXs8nDIwjiuo7//VFzAwnqqTQxkXzbyDQJWZBzZKg
5qay14SkHSEBv29pwEXTJg1R9NXYQ1J9GtPtHrrS9Nf60YWMbsWvCdeM29BYHE0A PC5GqEe8O8mtvanHZFYFytM8PDOxgmTbcNj2QqvTY2XK2nhV27ce7LLK1KHTTDNm
4bZm0KrNNtiQcQu91diLXG4lxsW/ukLTMndvp7zHbKdq0dX0I/uewQsecCZOTNkb P8APqv3zVYKugFx7dyCVwPEpgayshnf9wGVfyVd9qHRb5o3LNJjxq8Pg1BpSOuzN
o/NyDKUd215Mo5LOTQtvvgZ5BB1bB9y2fWGsRvGbI6rZXCcEa96PoCaNlFAjT2tM ocUY2xOES7b6IGm+Apg7eJcl2vmC6eClapHg2U/S/p2T2w5FhWnonCAhO/U8DKBM
IjEiBcc/5T5qY1zNcw9HgU47GEIY3iTVNTVAdDAIfN9IIt3rWFhjiOgD9jcGBMyf DsMb7+JEJMCIdpm/0KbA8X55f3kkeNShwaDmKJMoEzVXiFMBNBLW/js9DJrPmL+H
O9NNPwapxJ0QDzFBgOxYyQXe5u84T7PTxvsJ2W9wYXawqx+yr44zPrSTGcRC1ed3 R58bo2I8yRhYnOmvNggyk/pp/JMZm8rJtcJTyI06M1sNuVUvNeisMP7yVgH/KLGE
EH1VhSuooWwzhlXFtRKure3d5K0lGUoNXwQAlqyNPA9GoyjGRdUnO4RY85uf10za 734aRoPQWSJA3IrY9h0lI+9zN+/0GB3db1zzImIP/17p88DPXeCW5My4MOhQYU2K
76z8OfGYqxnxyir0ZNZKhCqOhzGI8I1/mNJ/tvmjfF9hLbNOXWajrL4ziMeb1thT uuO2JanljJQs3h96Ps8MNMbvRqZGqq2poWLe2PvDCzu23/XIDLjPQk7b1Ttoa1rn
3Oj2sTLyFWlEcakU+4XhU05IAJDk8RyqRPXD9mmiJx5h9pgAaa+B4huIB8Tbx6Hh GfTjYW6W/5WqUrILkrdYWh5UBqtPdt+N0kBk3fzeOAheh6CGtt00T2+sRjXM0ABr
jsPszUbkzFNt64/+C4y0Oq9c501ZPBKxiSx5/1U6SlwkepBL2TZjio1w9fACjGSx 9g4BF8uBE7nMYF5KorUAdmmwgD3XzHkLTFBlVpD9TOLvQEGJ/l5kdudRSRQmbWMe
/OxUjlZNpWe959WL9eG7GICIy9yDNWGvHiQxxSZZF6mlN9ob1N7KR6jpKhWyKIwh iM61X6D9wFN3XoYBj6Zs0CbNWzLnicOrUIgSwvndNQHUjOx7snPwd7EEpTahMbIf
EukNuUKuYYqBnLO+nRNCuVJpSPOmXXmbTcPC5QRTrTem/krg6cGRMP1qCQ84jJDB MQILRvKV2PWXCjiKZm6b3oiMv83UINinANxhP4qdQ/yHXJx8FtUGmlE8/Ar7wJqn
XBY+MX1QqAKrK/JLuydUrWjoIeN4Zpw8USZEaBlO9ZNv8ZJlYNv7Y+mkz12ZbnmI UTJ5oICO2rANqCJdnok6ISs0fCYZ/6ok6u6W5sA/PuZKXLAvD4N+vM2ntvrySjcb
8cF6pB9Dw16c78ESuwTE+ghGnPtvxZ5dn15oxlkryWIWHkOJod2m+3x6assc2ADa lpHKJFOpAcomoLOZ60CCix1BXAtcejVkNSe835sJiNCK/LDg5I4bkoZ6/SsbPS64
HULNQRYqyR1RgwUysf6rQLMT0WRWOEoqn4n/SuvPpfLe0VylldnBMT7Q6awFkTtY MkRCaOqeEK9aRD44B+UYzz1cxfAlbUFPIhu34ohFgSL5T9n6NQQ5ARPvoZYSYcB5
Y2kWJ3NwP1G1Q8rcW9wcXj6+92XH0NU2sn0bNei7+wK6YnLL5rGgmp5QjPYlYJrw Z79+bYs8W/c4+9F7GAsIy9WJWuJLK1s2gGlSsf7uMkQ2t4ZblN+sNmiL/II2UvMp
sBGZ4hPtxmmuAKRWtoy8+oyT0kHjIEmg7nqxUZ3WJjk/SxQt2j+mYTaBPvqrIqmo maoMvSTdxATlVRmuvT0NX9Zh8M4PpNF4Fc6UhH0hqnHza1jYBEkAHeZytB47Hmq/
g0nxu9cnUVNJs1ScnF7Tceu2GFtN1yaBFZlrkW7uX9FWL94LtGletsVJlEPB4oPN OsRY5sHEoNJIsoU0OUlQyKhf3CcyWovSl/CKWoasFNM07kb3Sc4sUmLBd964UkFL
dT8x2siM3HHmqdCUiQd04oRUYG4A33NwI2GlI6RQ73deLlEJqUPUqhahyA3FvK6K THi+6MuOQvWusXO1Ba5g8XGvMB9T2B23R3Tl61XIFOGRoQ6ZOgnvPmvaEv6LzW3v
lU6x1Q13/TUj2satyjiZe+YNhlUZXmwTinPb+pUtsuo037yt0JcXjqdjkTEJc2yk lduQRgkUnYXOYDk0riNqIZ7o1u+60t1MvpU2MMnRoNrWgj3V2QpPyV9P97r51Yk2
gSKWwYZxQJtZkYRme1TnI0sciULrdtLNWQ1CDR+V4lyoc+6P7w9voCM297Ip819b wL27uGVjELbcYNI0ufY2js7L3cfQoY6+4SqcUrlvF8z+RHKRHdz0D7V8pb6OjOTA
xif6PKmHwNqdigey565yB8ngz8JwLtvq2BbbQjmm2QV4nMbeMJGkvwDijp5q5pTF +/ugp/qFXJYPqSi9ipmzoA8+qL378pusJ0lXG+A0Bf+T00nzEzlePwflle5pkQxc
9Rh2ljMBcJq9EY8w0fYcEEEB0PNF8iIVPoIvJNSfUIPoWhz4ocBxQCJTlD9ZhWMg FpR9cFHYsr6aAmOqf9nCQhzcMPT7xQkfpn9hKMFwB5lbMRD8NrYY0SH1pfaEMDuO
yCpOuYjcLm34O1swrvNvO5hb5Kvz0xSMlYhC/bU2phWV3EmnS4DBvZCfNxIUAok/ jMNdqO3IrOTRMuHA9WYsJK0wN/RM7LrLaSQPTqpWMFZhF0FHgcrheuCth94Nvi/D
zfbfc1B1AzJ+w/3X6dRRcG3tD/zn6GXT+SBJGOAKZ1W7fJcNA0a8yzHq6IkpWdjw MEN/saGODFQJuqpyzRtwkMQGvNE7JW98MFk6gHxZIXisVn5BEksPfM3EqFci6UfC
D+WeHOYQUN+UPiF/8pN8xPi71fyzJRpqj6s792yudJNvcg2WZEf0gdty2LEkQ52Z bAn1/8XFw29Um2IynHBedf+fTmjxg0D+aazX1jxeGyZ6by8DrlJMxq0yFO1HtLcv
m6mVcj404cGhyeiI8Sa4yD/LP6msfMUB9NGxKpknMfkzE1STGIuVr+3E8wdkLfbL XwaHFeKrF/tD88VHsiZuq+ek/AAZmrD6C4aSTtJIPysF5hto1l0lIJD9tPC+UfzS
Tl/HyfO5GpxgIb1Zw3i/EUGDkd1dy1qI3nq2ILccaYJsY/LjHKnbjAltj/CCyWqB f2oD2FGKE1Y1KPE3uPlkovnvNfdnV0CPq/17Zxfa30KRZTDstvTdc5+sZNxmbfVZ
W7rmbpHpqhNEHomC1on2C/mzN/Ea28tzhci7bErT2giDHVlqqfaAsaDFGngmbOGx ZnbfQv0g0vo/E8iG5V2Y+gVHRhHwIR8E71/n3JXV51xmchvvJQ9JNJh4sijEr+sH
G8mpoj9yjrrew9b/KfUjd+eUzuXoWlFVqmaj3IEIGsSK17dd6TCOYbujDyRNfpVf 7j5oXuEeFqWsISVHV+dlXTp3GZvTAiH2qgMDgbGSP696+VXsTp1h3L7/PEYKQkCG
nH9H7JWBdpdH3IJMapHuKVj3Gdfb+L0KHgAImHMA2yQQQxmluvLZln38UQuM2a/B d/ntsjq4mGQhI49Je4oCq3+5qb9i9gU1H6g4YFLL5vhkumdkL4mw8KbQoF/0kmGS
mXHx4D9tIzk+wy5F7atOqH73gx9KoZcQRvU2E97H9y1ddcTTDEDhhohuupn++5ni EhzXvd0mPTrlSb14ObVcjh4pvhLJw5uc/AHgCukSkFde3n7Ml9mpqgcJzfHTPYiK
wX3IE2UywQEd2TPYWV7xCx5/LypsNG+tnwLneN0HFrXle5Yvt+zTKiZDlCl9UkOM lBxfy0O0F0ZB5KgH/evozRKQZT5mLO0oFWbjtQJkGxXBhcyqTyCb3/zNGMonfk3P
wphDI6TRyOlIuvK7h44fTyBKSFoSYyev0CBLDP9tUgo3oSR9zlcDJlP0v2XPoCQ5 Jc7+ooybNn80pZzYHVTaYT2MNVFqKfy0GHMBA5S6SaISzoKtxR2XMwKAMGqInt95
jTlj7L96h1JQnKX9xINc5bPDLocMG5ht8q2VItRHtSEQVrZtyVqokJnRtIVDR68F Ie7dK/Ief0WhNx3iCexZeJ70dAfYMbAqghJYEFyOjPb1I6p7div5cnlR87Q45UQf
aho1hjC9pZoU4fEB6Qwpsy1ITyDdkstjuYl71QDChs0ceoN0xx4TO23czVCLN+z2 2VLRlOQvAR1OyNk+DxXKFesn61mejZR+5HeeLcu5h1d0R/broo2IrZGvCK3oDWyV
UF5zQwK/fwz4Zf8xpStxhoqEfG29dkXR1y77I6hJTjmjxPyOaWw3Ffw9fFU2mtQA meuvKtWP8oLn49fA20K56nG8OfkEKXNv/TVn2YqN5llNkU1E+d0v6vF3jFWbuqu4
f/DrlheHMOyogBSllBX1xXeyD7tneLVebUK/RPzB1wfsxA+t36+f4X0XfI1xMbWV al71ighPkUhWrVbXtSRydmNA/gjxkj/hPll1MfYiVOIfQ1wrpUgVpH50t4+a/cYk
Bd9o1bxgaob+zASOSoVhpi/64FCReUQPTrqQlyu+5rz3GsHSVxEBjV3K+F2ZFgXH jtqEEqPQtL9Jf91Y1i37JJ0KI6mH7ZIYXhcuPOGEzdQxj2CZxCZgIwe7Lb6GAu75
FMt4lj4LKlErUZpLKS+PsoR4Uc71dlrcTni+baJtgsdkuUCnLbI1o1+c33qqtWyu dLAIFwtzLdkKfFXyVlZFKig8ADzESPevxuO0TkNfX2hs8MB0nUFxziE2sY3XW5ih
3MD2OOEkIO+2AReqvbhT0R6BwkZGlhU7k1sZQcmnjS+wUR6zYRdnQ52zJs/fglEH vvaQc2o2KcpY+irZj+B1PoYPBaHqcxPAYgK4pdcUqkgjVmLSqxqyStrMYS4/glOr
fwKJaRagDSb3+HvCFsQVcgTia2ppzcbnORTYTfHiugWv6TWYBLOtOh3odigIrMZb cDWhFpYUAM6i55g5ojwK7WJ5HEws8+yUoniq1/d0PsiSfGOxm3P/cf1bPHsXW0Fm
I+a37z4tL2bBR0engUKRha///Hv0HX9hYj6HufnHbrakx7kJ8QDiM7/XbHmp/EFa I6FO3TFT2eQjLU7ZkZTSq1TrRH27EHyJ2drlQUM6aVKhSiHdqTS5hhpanPwfhd3+
QsubLIXp07htSBG8rYeyFcnY5DCygtNRyeBa4gvrQxN/fsssay7wDPylUjIc/83Y 1TZnWC9qLglpCwWjut+r9bqYS2hyFLbR7YCT3+jybEGQBXDHhXy+Xy9jixADek9/
WRxvKlsONECIPAUYovLO0AvHZeZsoes55AdGyzqZqhCwOUNwwZknmhL/3D6sZE+M IGKnmujmTq8F1akLgi1puSBFV08tOTrIiKZ9jV7O/un9T5IIq9eTPFu4dw47q67w
8acu/0dBUSVkQKceswjAlK3mwHoMV87E8s8Kvg4g7/mpZbZfNZ0ux/cj08Ilglb4 SUg+ped9JU1iMrer4gmdppjRIYheCUYSe9/9wmedaHLYkYnjNzHqZZlSlxROM10d
C55JlH7H5a7rueuUdkAedi/QB78MjZKsTFHlfeiov5z7C0zv/xxswUxTHF0l5l3c zPe7heqZGurSfVamOl2TKGYMYkPg9j/X0xejK0QQnkW8zP3Ptbb2z2ul/lIwPAQp
N8IWLrgaKG40QoFhHjTPe2QAmgXt4Zhi5BCp+e4JqYnPmmBrw4GjwbnMD4AE5YKf TraAOK74FHKLCkQV/B7Vc0TvoLbyNYWLwQkkLqvwLVb3FdgWSjO3ed0V4/lgJF+A
SI/JkCSQTaGeL5cl789uzqnVh+wT0rft5uQpB8l+RgekwIqAcwmeHww8VvTIGtB/ DRsBY5DLNf0hSXgfvgMa3kPkN+oD8u93LuIFRJp8+fGjcb2bMC58LpyJhhVUhFQZ
940B+UBeiWsCgFBANm350hrfLn/dh7HwOemg6CRbmNpBGXpIjWwE5L6V7aD9T5Qk JNVxhWn0bzuF8VSZbyek2NeIGLkDCziLrKB0ncnkeD9Yry/dgHN2ycWijJaI4TcY
fPZgmPkc65oZ9S7EejomfGH30OyUr1oC2jsVPd+1llLYlH4Wv8pGWzkKYhXmGyjj ixuCz6wtR5zzpxt3tPuY8NSMMfLW3+SH+gwGRpLS0E4QXbFCdsWoiuLduN60A2gL
TKOdWcOsc0/9ChR0cHy5b4E0NVKm0wCoJstY+bgpDRYbA1G3Urmmh43g+pbfZ15p 5pICZpsqE38z3M1yL2yYc0Kl4BvvNlAsDNXnAET9xadEyt+wHDY1x5VSWONM5+/2
jVnx7oQmlzeLpfpWcFZbJ3NmLBb/Y/QmMlmoEtYbakYkbLYgB2DMrBdM3hN7Bwi3 vgBq6YJnDDgP3fLIUf23nYDH8RVkRvewaKFOB1q0TtWwb6mmTVXFDEEsjjsHG9uT
8VM3WUes9gb1xvz3X4IEVL6Z2cAJDlxgyyFD6dtFlvfc/ONoZXF+pydrWQAalxQZ uNuGWi3yej3Q00HaqWZ1hdj+gNYDBikIEyvTRwJYWVELYugW9KLJIBLA+Ha4tCbd
uDZLKo+pdGkVZC5bHtHQd5tc2EmWiNawzK04KhEVkYTbO2KIYWQvwoN0aiDZEY40 MrPj2jslCXcU3jznPA0f2elPPGC2UPhwFEfo4JsobAGnBbJMkLrFkGt0CId4KjOq
Gb4Pf9kUUMCI0T/uG75DqVrjIvNooNPWOUvE5PuVN1sK7vK9sKxzhHgyElygOCRl hBJzY+nG18Lad+pAhPixagmYYr6L4g4aJADhORtoqsuIleCw1MfGxpFYOhbdyJL5
VOzHKuB787LgfyXrHlTfY2PEIOKCqa4FuYYT8WTG/NtgqVjDE2yCZsHu/qUXSe+9 NcQQwSZKRgVBKuRafocoIvkGrxdCaYbTWS27kVSvT5T7Y8REBMv6akipc5IrUi70
EwfhEUDwS3np2N9dwcMUNZKvefeOnc/7D57Z5xCvsioU2yns/NGMlbewMpbVaDjK ouSl909sPj5dz9kJ0RPqTxlUCUN+5LTuzWRxT+EyOLFxX1CjibP8lSjovji+KG1F
08G9pfLq3EDTU0Jw7iAZgG2duaIouYgQS1uursITbg2npAD42JbQ5iebrRUE650s yuHcQh7v9L/amc0MAsFkV0VSMKJQuGGoN/BaIK+yVidMO/P3VNiDHloPi8AalxLv
z2rLkM+/7/tz6TWhUbcIJv1BbP5M+xvnWwCCzvm05Rm8CrLzgb+7jFbYHDIaaYPE V7aAsUeu44NI+V3dnDW2KofLxCHsc44U+c/dpkyJWijRaoejiZ4U5G0Z4RxNRHI8
gfGxSiuIXxBYyTAWPj9iIiHuCwr1BBw71VY3U2gRqxk= cov6b9CP2WhxfoCWqatcsg==
B.3.16. S/MIME encrypted and signed over a complex message, Wrapped B.3.16. S/MIME encrypted and signed over a complex message, Wrapped
Message with hcp_strong Message with hcp_strong
This is a encrypted and signed S/MIME message using PKCS#7 This is a encrypted and signed S/MIME message using PKCS#7
envelopedData around signedData. The payload is a multipart/ envelopedData around signedData. The payload is a multipart/
alternative message with an inline image/png attachment. It uses the alternative message with an inline image/png attachment. It uses the
Wrapped Message header protection scheme with the hcp_strong Header Wrapped Message header protection scheme with the hcp_strong Header
Confidentiality Policy. Confidentiality Policy.
It has the following structure: It has the following structure:
└─╴application/pkcs7-mime [smime.p7m] 9425 bytes └─╴application/pkcs7-mime [smime.p7m] 9470 bytes
↧ (decrypts to) ↧ (decrypts to)
└─╴application/pkcs7-mime [smime.p7m] 5974 bytes └─╴application/pkcs7-mime [smime.p7m] 5994 bytes
⇩ (unwraps to) ⇩ (unwraps to)
└┬╴message/rfc822 1799 bytes └┬╴message/rfc822 1813 bytes
└┬╴multipart/mixed 1735 bytes └┬╴multipart/mixed 1749 bytes
├┬╴multipart/alternative 1114 bytes ├┬╴multipart/alternative 1128 bytes
│├─╴text/plain 373 bytes │├─╴text/plain 373 bytes
│└─╴text/html 457 bytes │└─╴text/html 471 bytes
└─╴image/png inline 232 bytes └─╴image/png inline 232 bytes
Its contents are: Its contents are:
Content-Transfer-Encoding: base64 Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-mime; name="smime.p7m"; Content-Type: application/pkcs7-mime; name="smime.p7m";
smime-type="enveloped-data" smime-type="enveloped-data"
Subject: [...] Subject: [...]
Message-ID: <95b9bb39-c028-5ff4-99b1-f179cb5d7585@lhp.example> Message-ID: <95b9bb39-c028-5ff4-99b1-f179cb5d7585@lhp.example>
From: Alice <alice@smime.example> From: Alice <alice@smime.example>
To: Bob <bob@smime.example> To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 12:11:02 -0500 Date: Sat, 20 Feb 2021 12:11:02 -0500
MIIbLAYJKoZIhvcNAQcDoIIbHTCCGxkCAQAxggMQMIIBhAIBADBsMFUxDTALBgNV MIIbTAYJKoZIhvcNAQcDoIIbPTCCGzkCAQAxggMQMIIBhAIBADBsMFUxDTALBgNV
BAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFN BAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFN
UFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhMPLSW9ETmXSs5CVIeh7j00 UFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhMPLSW9ETmXSs5CVIeh7j00
Boq0MA0GCSqGSIb3DQEBAQUABIIBACjMzFIXlc3EbymBS0JPbwPNsuC8oupYKV2Z Boq0MA0GCSqGSIb3DQEBAQUABIIBAE0WeE2CZplu4oxW9silJTfwzOsPhm847d7z
zEPTKjXpbK6gAq2DHXW+UN6VxRnuK5og8/5A6CH1qssj4VvZFE9BYmVtXBQzdSYg qIXcjfvT8bDw1Ftlv/4KmZLDPdBnuisuVpyLo4nnCIwQJYpQgGBTT6QS+49zKBE6
UB1lOVwT16EfEhaHMPlw2rZ6F7hnMApYrpiH3oMNzDF3L3AOMRwwu4botbDl2ONY MCBAtAEpO1EX96vni0EnBTirqrlYTpyCfovzY7Wit0AGZtagvTDbUFZ0x1zspCwd
KC1TGC2i77Uy3EfyHxO6yx2mOvL2xfzXf8lu3uP6j0WcOAI/bcwmMybxP1ieHsxp jrQHxNGnPvIUgWOmZvE8xcUU7goh5lIMlCrTSo7O1VwvBcAl36MvP2cq5fMwshaq
MM/wy92eu4cRreEln/W+FDwp2PCTEQE4EMeJvq9ovQjzRSa9EjAsadZmJ66KRbDH 5sG8Tisa8scczHgFPox8g4dRg3avviuPIeIWlhFHsjHOyxK//eXvbIAPvqSX2kkN
OjIxpVISEgPCSD/nmY68P92JPWt4lySKmjm3Z4tzNVWcVYtxKNwwggGEAgEAMGww XA2WosMZFaOFDbreUYfH3vXXKhM/bN/ppP0j79SP/Oo0zcZNrFswggGEAgEAMGww
VTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNh VTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNh
bXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkCEzB8R0APhiY6 bXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkCEzB8R0APhiY6
HGLS64MvlsDXhpQwDQYJKoZIhvcNAQEBBQAEggEAI/LCW328CZK5s77+nE3oW/7D HGLS64MvlsDXhpQwDQYJKoZIhvcNAQEBBQAEggEAHCEttYG1eFD18WMLL2cj4QA2
8ciV58oIhhU2ACOcQX+pBSXDPWl4DcBF0PbajRnzCL+RHbEDOpvV8iIv2pG3izDU 9ufo9YrcguLxREsAqFgSdjNWumX+O6TbxzRXIRWUDM7Fgya5itiSeRX9vVMPqmoE
XKvS9U5iVvFM9ZsCw2aUfOSiyw1sCT09gVMZAJc32hASFpPZDQvQnIMG8lnPMHaH IqvVaBvUJrC/vpqimtsZ1DzfMILZS++8zKvhe65KULce+nV5uQFdCqY0haaC+r6Q
nsj0CFc7M1RNcgrI+5hLoc3YSZzlv/khKsj04/TkKtfqJdhoei17Ch3iMRXLXHcT vo/Ync/CML6Gjnp4wpc5DWfXawIfTETdqw3OlRjeC1LN9x2Gm1rZRG4Ae220cevY
J5z+Pp56onPplEa3l6SFYEqj9l5k6aMqIfujFipfXU2xLN8wthVGnus6wroDde6G fSeUgEwOAhN0JK0dKJV2FTaSocvlsjSpqeEvrA/7PPTXiNhx3MpW/5LdnLVrGLWi
Rh19XCDBTwsqlr46QAOUMie+JOx6mA4anWEDK5UzWmkAsJ70afNOF+TWxpTX9jCC nf/8vbIMVRI1a6OuX5LIebtuiMcrDBW37Fz87G2WVfaLEGKlkOpuAq4Hva6UbjCC
F/4GCSqGSIb3DQEHATAdBglghkgBZQMEAQIEENOmE62/eOPyBJsQx75+tcWAghfQ GB4GCSqGSIb3DQEHATAdBglghkgBZQMEAQIEEHX14xKi0oQG2bn6PtoB3rCAghfw
RlceRC3Yh6DhNhJPej5k0aSqZp4yYE3yGFeQ/nuY7KjRFQ43ZJ2D/McFrfRQrox7 CwTQY9uTkxfjYyQLL9GBme+B4ar0sIhiueLsLSpDqYscvN0BUJ8d0xE+TpJm0IbY
2JXDYRlN1QDrFY5Ik1CkCArMAH28D4b8+VUH4bLD/hjoCti2nfROXY4dZaBVdB4k yB8K+Xu2ZuZEbKHDM6gkwMjUmvzrqaoFM9JdgEdV0xrEEAtZ5fo4CQSQdtOY1EcC
1sOplPXAHoy5gK8TeMBToyXoIwdQ4SP7BJFzfU1uZq0JIrC1Q7muA1MM2AY+nPhU gXaeqcek2pnEtzdMvpecyxJI+Swcj87MWMQkZC76ukWAJAb5HrzxWR1KppuRWK1k
fMv4zr7pODpQz7YWK79GeJVM1Xsu40gvduJdxdt19Tz3cqB3Vg64nU08vDXp5A+e k4dSlEU+tkItRahC1nfRNdHbi/N4IYHFR/FS8efbDILhfnCsNrzhirBKkn+xCm9S
fP8qxogkv2pOn+hPv2Etg6TIpZYdcfHIysbQYwGjkdrXxFoSijD9Ankc/OAaZCvm ICK3vs9rLRSxMGD2N2gvZlnijo/rIS38E8qPvgabRYasxvJjpm9pYnw8bna19NA5
WFv6+GIff0jk+lI7vWje107u2WIMsceo5cXdVhBLL4u7/x18RukgCpJF7LPEvT4e hH44E1Nmd5/hF4MezlJ2HU4Fm2illB31TE0MPz+k1U/luNpMfkgBUnLEzGchYr4O
1aWzI6nfCM+yz7GucNXeRUJ3PP+zjmDyzFJg9KvgL/fibz3G1js3CibezT7cWPDy +BzewtTsctonsul06hFrrHim5LgtaRxuiAJXnqmArH1N62eoFxC3t5GW1O2O9d6G
9WeLULXNgvfd6qdeRAk4oW0NN7Wk1ar1Dz/LOyv+tC0YVx7B9HkplY4x9XP3dvqy hEFa1cWjh03xZfVOmvog4BUa99tR1SgQf1jkLuSGbYr8mfzufkCnxOzEZEsuumqO
cfgTJ90Z2b1JN9YKa44wGN4PfJkT8ChCpaw+1L9LDZrTQyQAzfgHkAKTTazOS1S6 pGaxc4oX5J4ZiiGCMlK9M2L1/tDjN48CcZ3i1VWB/Dqb6bKHF3eEoy6qQR4aPWeL
SUyz02sM5cx4w/FwQzdSEyHZSzor80DffYiwSUQEgvm8aO3gYtWGvRdTQD9re/yj OQxiYK+mRcDtzOMcynvgGo74RmLMNk3rpjpDOM9ltd++8stxLRltZY4dlOfdlwu8
cotzfYeezN3Z2gr6LdExUwyykvpctLjDM8IAPgXfcaJN90QHbfOPoqOCgP/68ohS pO53BAi0nPEwze9ApPBqp5p/bPHUp1lJNAGXY8H6tnhgZ3x3RV/Ji9KGJ6GJmENx
5tY9getzCcNE0UjwWxmkJIRBCoy3IcCKNjAtxwaEEF2Q3Ummaw7i0VkvYaN1f4Kt SVI7r714zXjwM9FJHqCmzI2DKr7p5ysqZ+Qc8mw2CRsfz60LEKA6WGb0NlovfQXL
M4uYYxV+Jyde528ltqIYcAsB7+P0PzJ+192TSO/zA4mCH2PlpQZ7OaUsgY4WKo6h tTq0qIOHtYe9Ge0ztbKKnbzbZQL9kQ/32dbfKasQxDczaHjNZ8dNGhNr+BQ5rVWm
oiYgTNxNgD1I6SlhqQtRkuQsAOQcVy5rpss453xZNBU7gOlbUygMMZ9M00TDuW2Z +8FwxmvMZDIX6Py2wbJEREUGCGHh6lUUGiX3GlVYFBnqI1GUxBUVzXxvGJ3cj5t7
cGGRi5KtHOxIVkdN8R2/zFLrtyBXIm+erRUyfUupYrHxCQr+BlZsLWsuMwL6nY8d 4aX8GRvMBrZQxhwuSLxSFQ/rPyTAusVPphPbwAoav2ZaUIlblLr4yHbawssp81sD
beWupZ7uD7l9xdbKwTuHDXwttRhzRzM+IkH5JUh769T8IKNU+DpJ8APSs9sn4Q9w svgW39lI7SRDonvdo2+qs5nPW0l9leeD9I9wvZM8AQ5q7mxvQkY7WDqX2J6lxxzS
y/fuORtJIHKMo6WmTyV1zipHd653aKFL7Zz16rYz4Meg/qsKxzyjlH6yGhgccENV jP3+jvr5vGOYuPGYGOZeuFSZU7HZGnPGFRk3tWG5Q1dRGPi0TWXzV1eZZo08e0cw
2xa6DXmbLMvKp8eME/nurEB7g0ifozwMPab85eJDxSQfPktofgDESqa826WGQI88 K6EuDenwxOU7i1LpC2xRxuJgdN4adAi2+AOd4vyJWxIvkQtcbzj57ZKPt80raQXJ
rzHyw6BFBC1uPn1hcMq0r6LR1zPhAcqQsx7zDahTYRspN4xSEUe0p3oPJ9tVJKvr l/bGRFGynFRuXE510jBbwdBzvseKMOvfNFqB4nv6FMT9zVpGsmpesvDDUdKLDayO
mHAHO5GpEx2Zs7RWzXLBYb4fVfrCHu55O41EbXWU1ROX5JsVJS6+lLUQViqUKk3F sEqeoV2boFAP9EvIpmA6i+G27ECsh9cTUlYXueOdcBUHagcS9DT4oNt57euc29b/
tyBIYZhylAGEFHft/J1JdjNz/6iMrsXntiKNIpRDSkvQdVUT78+97rH9t5DbetxJ yKd5Y5iE3R0v6VquqewtpwlGS/F2De5x3ETXj86FmcML0aZ9Z2sZMJmVy/Dw+ixl
NnH34n2ZvQEuNghL35vBQv6Pcs4inkZ7OLY07k+3Zt1Qogqxlk/3ZZYQ4gg0x99C bjVKliDg/FQZzGwsyynEcBARKvdKwM07/o1iYy5n8OouKlmIPUyUmDoix3fS1z8/
6bS84GZV5OchQR0h6Ci+iCiR0G4+koTYo0BDZUa6JNR6kyX1LVPZys0QSbwi34BN RXYV30BYKERlNHxpPPxzhD95ECeWi68toMliKaMsTstv23mJNwAEh6TrdfXL4Ls6
n38Aenw57CUUkLigHfrcd+kw8nfF/VjMFda2wayrpQ0llmYWMkM+XfUtFQjplZ0c HfE/32ohxglD4q+sKg8V5QG8wVBnGpwBXd0yuUxewyeO8Xw1m7Y/PbCJvuSEj4G9
O9sdIQdE9G5+bG7YcU8UZfyl/UoqTBELBLyVIR7y7+80IDobuErkIi7WbQrs/rkK zSOPXka1ViH3tcnFedmyBugNw+Gs1NHCo49wllf2+UCpaoJcC6zvD8gdQ737Gl/p
Jzx1lI7Z2zR/Cer5pTgaKURcEzGEyHwUD1jwNdpUstVXgSLz+Pe0zdQOLucAVgtG tLvIrC6FZa4CP0PVE0omraIssica9iWZT1QaEWDZDSVlQQvBLfBpYA90XUHxEw2f
Ct8VtAE6xpdYl9KxU40Ke1VH/FU0L7uq9Br5QBawLVvH9R9a98JgfKdB7Nu4teg4 8vWTvVo+Wmx0nZMhlU8sen1kEcKVJNuRC6XDq3fHpVJXnPkdVKk9ssvJ8IfKPSL8
P1X8IWna8kT75n1V5o+EcrZTExyNPgQJyAvH00tCdj9cof0QNWQ3gw8RitEGIocX 4cpG9bV7RrGymy0q3hDzbzCPVGe5EdT5EaQyQRiHOjDYx+SGyyHdNQD0nDOT6nh5
+gWqLaeFmXX0500a6a5ypQHQuU6sUujZMj8biD0NaboGN+wMiftu7fRZBcxS+3n6 C+guv89wGlYFJnjpYOpKW9Ex8yo3Ib4ArrGLTzXqdZaMaA31oAqhlOPkfp15xPSY
dYx0pwlU6CSrDGET03HvVVWaJl9rJ1iGB86Q9VFXvELvwysuR3IpUxmlH8LDyb5+ clEMnTcEGGt98VSHJO1Ku3WDSC57PYd8QJsoFD4ayoYwlLM7Fc1X7CG3s4i6eJOy
LHKxe0PIEEO/DGBPE8YFycGXIpOUGeO/NIRYXWJy3nF5UoVbYLuBrB5i98WB3CY4 evfhxLQLiW5NX2/xkCnEHhZ7wWyXc6EPA4CQw2Rz0wyYEjEj/JQbcWqdn9eQnqHF
RNsk5UBmoZ+q0EKmzasXgCYc+nO758kBgNtmnVyH/cRrwrQALA8oLm+qURNUF1PO 6O0WW7O4x6zRtVMKYNkvOreAVL3Q7U5EyE4ralLZNc2E/4caDxANP7mXW8x+8QOx
vIrQkKnFNh6QH/K+mJEPMQGzSprhkhS18WOql2gpgqiVNbUuj2qQ1DC/riJZOF+S uJ7KR4z036DYCtZvOFO7d9k3wlwgMSxwJkBGiuIOP9QQ3xWXE49TncQlTIaFV2sN
b3wwGyBN/0WmTs1VxM7TjyWwfu88RXE/SozKwWbpHrOIY10kQkPxtE2zYACwrXEp Fcl0JLepjTDCSVi1U+JqwjI2DZdAfeLtKkC8Ka4D6Bg+Aovdgq/0ev+dj8Pl+ek4
TVZr6RTCbiazzvaps93hXruLDXBKc0UUUn/wTgAzLyCVuNl4obrl9CAPDkZIgU6M et1FTQ6Db/v2POfdiWLFdp1XzSHsEnQlNMfzvintSUsfGB0qOWFwPUj5jfH8/4hX
sJNArE/HJti3cvWTIavEOf4ez/OTpdzoIsnyv31Wc/0QkGk07qLaxq90nNwiWPJq D0pxPixHA8PI5/3gSPho+wxgnbsd/j72VHlA+S34IinR+OH4SW+A8qCzcF/JGP5P
J4HsMDwPzuLhfg5cOaA+9xzKzEEQQquXx3UMKRLht3/i4mwuNepZdYpGz9Go7Zal 2TSact6pbdx7dfdlcW0J+QC8ity5APj3cOss5XDe3gs95JBgZ1AXEhypZs6avgoB
O5ZwzzKde2H3XGa/3wsXhXYfFD/wUagmDYEmILXwFifSKLOo0GnX7E4zR40T0Kfd empIh6BBYeeu1+NuXmRxpzLQbsqNwivPMtK+Jab2Yw/ASZdqyBHJH8DLa6xi8yFI
6JJ76u3RCo1j7BMas+dbw7RQ+X0wCd+KQi0lvd9IMZ4Yr7vurZnpGRdQQh79QHbK 134xG6zMmGqW3Vnxa1IS6opslDenfDzZ2hCDG9m6J2CTqMiY7ec3uoT2QysRPjmL
l0RBMx4nyEsHyUQii6VxfmvslF5yzRGzePQD6HW8O6LTci96omIBsdpSt4rSr3CT cx/gtUxS1L31u6dfC0buV7dcEzuBG0H7m/Lja6vk6Tr+P9D+j1cQyUExDvpGnEOj
Ig3IP0gSNI/H4pu90R5XButCbu4fJcNFmb1VQswBsmwTXl+5G0QTVRoqst3a8tAI fhVRK//WmqWlxJ+su/yMvnSj9e51K0GC3yYmMem8Zyx7xSWOXpnBrqRf/T3tCAHL
+4mnaR/uZRfTt8LBgMDK59jSuFNNWxgrCTUm6PSRaqm/9ZVcwvXHLWXNFYFGC+6L P4DgV/3jEfFtu0PKV7Hx05YEemLzppQ0GA1IVvnZa/myRLB//x1qVATvGVc7EFhr
tufao/+k2Bphx261a/AERJyRJhgFF1gDyA8G74wfrVcYXXLYwNSP0sirYsjN9pE4 vKtr6FYfLfa7FUdMiDH2cxWx6/Zit+l7JT/PJaKTspmM7UuxWh6eBMEld7GZZMT4
RVMFNKYFaLsMyYiBAJLAoD0waXEBg2/kKeBPKhpNr8yIgQoNbpSxYV7oYqHCtBtT zaYrPCTvK+ykLj0FMs1ddbQCuD8BROzV/KgmTpiLQSmlcLpkGSODxR0K+8YVXigQ
k6o25FIj2MXauDvdxeN27drfjXM40x2Jtm/ryuBhZkF70do8bqUjMWEHkGxbGUa1 tOyNFEDtniIJQ3VoejaeLPX8YnHJPft4R9qAysU9wFdGJ1VPNCuDH29pn/i6KAPU
7M7vPMReB7lfJeJs+HjTYrhHXqtLsKMJoHD64boPNMAOQnaJTKT4WwVt0Op552yS Rl8ALoomj6W2htvLQtIrnxIcrKNpvd3FyXS0/+kSqT1WMfK1XdaYxYK1f4AR+P5A
rgc9vhaA//BN0oONV34x293H6Z7l9aBY6Su5xp5frwgT4vy2T2xXYASSN6ewGsN/ PGsmE9TA5lfkeYild3osdmL7/3n+x8LOOIDVxps+XdAk4MsQlnqjoazCysc+v6yi
TSyp5RV7n93PmeYxcssAxRGs8Ww8V8AI8xk1Wi+hRxoLy/IcxuIKajUzdq6XYEBB Y+eMl8nsaxiTt8d8JPS9BpBUi5NlTlCmGsdoYEBjMPEso4/irjuckLKxRDb8S3U0
RzAQslcM3bXpIA7xM0OR3P/grAqH1Qhh4zBGouljMH7LWRUqspCW4xGZdBAuPogN o6eo6x5IrEQK3/pw6/Vngiay9f32Rc64roNaCKcfgSl4MFJA2g5I4zIjBCL4stzN
JgbQaijQzPL8I93qw74qce6qTVTio0EK2ljRdOQ9Q1J/teG8hfaRlAcC5QUAr3GV E3tHKN7dCggwABOSxThjlBo8Q9/ZUPRNXyGlMduAWomNV5SR2tUChA+G8YH4ESNv
X1Z+CjNG8ywLaOyyYHoQ22yRYmiLuKkR93u79W9gogN8bUE3Qrw4wPxLOKfKZlQn M74R4Ij2moY9P8Pl65M4iKWBGwZ9eHwgHKZTkDBNrOvfwJlcDrjinDhNUwRNtFB9
k02QnVMrHaQAcY3FgXOpdvMC3Gxhpi8AQzF2OWQDo35UHDjB6rTWTrRIxI7O5oxN hkUY4ZAYqInsedNkZRI4PpSEl3jUtKHILRx4O55De37pwSFO04uZ0NNn7xhFyQYU
icVPihJ7XZF5eL2WpISJzJ+zj8tcVDA1GOFiNlC0zF6jHEUEdRvc++tOSao6Ckwa GXV0HxOHt+AkafP9TLFb76lN7WJvPHF43Gl6EYbOVYUDJ8XRktk1AMX4WH4bNz1n
+8sfsmoYRAijrsKN/BW6P2NC5K7KH6LwzySHdJNgDofW3Ekgw+mrSK0TzhrE3F9h ViY421ca1q1/NpziXwAUEBpKWm8BR6mcBvZzNWoW9C1tQjWW7JjK5FeRLlMYDMko
R7m3/mFa/22I2cHgAti+uF3RSL3xli0HOoiH53MM2B7G4xpkcTCWO4tmqfYBrNUI r07Ra6N4/3ZCk+e5bNbJUDAuzb8eqdmGP6X9aTEE9IM+sUNeSOCZsAZtmOknyU3A
BnLSoz2yLxWYH1mYGnH03ooVK45N9/BGUadV5ByQaB9nC8sD3BEft9wTxq0jRBPn 0eLkJyhzAf1uOSIYkD9SrAcsO47mpycYfQhREhwCbzYdM4AX9y0TVsCmVRWBznMK
eEFeiIDpbz2TzkJ5XTrAS14mR6jaxT0gYfM6T0YMhlt60HHUujWtv3SMoC3JBXiq z8i9jdnnKQYsSd131h4ZezvalEf4mWGDWY5bdXYwTwJfaFRPNzH7JqcMrQrgWJ9C
lx62lmdvxvJsoxmET9nTA5RmpZJPUSXn9R6jXVNg87CC3EHXGYS3SVyGT5l24X4x 7Im2YgUbOfTCqfxbVGZLstzRcONhn1v9yjXm1LlaaC6fbApPfolBzXSToXHG2FB2
90mRan9QiF+a3pVjQTt33UzHgpW2hwrljL4OEik9jFwXf4plGBT8Itzdud4P7Wqc ABgF+3DvWtltSShKbmqUE00Ppn2uz5ghChxt/uUFupvAntbIoHQPzsVB3GHiyN2p
4Lg3cbsBe+I53m3Ghy04tQ66fggE4Zi23OH6DxljsE/JJ8DBlnFA5kCBvLfAP8zc pGgScgaIelUp8AUA/htPDdY2Ia0hLmGaxF6lpO3yt+uzAaWE0CSSsUJBBAT+kf2Y
ZLbOMo799nbexsfJp4jo/0TkFzMbjk5Rp0vRvJlxqCxZiMpj51FyPH7q/hd3wd9f 8WMH1+54KiyyujKFU0Fq/4JQNQ0/JvZNNx3M44rpuTPwpecL91ygQmQ2OLphlKyJ
s06pJpXI4AkUXxeMl3EDmcYe4e6lR3RdFR0Oj+uHlQQFwvQSKMWK7Jq6K3bK1y/t Ou4B8cJLexmiUz8BHOtB+xKWfGdnT0OLzeNni+f8HzBPRivcWrpdyyYgOJ/YZnF3
DfutHObp05kmTjgoAEJPxcuKV6y7bSbPc6LHKU1SPg4E3hKHVK7e1TQqAbTMp3du 5+tbP1UsLo0GOjtXL1Egtg71pcgFv2RSDzYIsYMI+C7evP9r7GPoZeqQoU5d2fh4
Hza0QeEbgXw0+6/8pcC089XAoQ9Et/YvfxmYLZ5LMGfYkAfHsmnsy7kKLEOiPQNS hi7XGx8Hz9FlG+qDWhCj3JQUjBNxIPiEbP1u3N5ec/lzv4sgUwNkCcGKooPpm2HT
ZNwef1XUfUecsdGxg67Y4E0y2RvivaKFsoCrFCKVIRXzKIIwVUTo/qyDmbUJaI42 ddHIYyRnAGm1/om3HwMiZ+pH61slauPah6padnXHkX4uxNwDURuSFbhcZugAG4Qo
SsqdxKh0S42Uj0Ey8pew6G5SJuMK3YhOvmraZeVqJvfpQxj/FpEzQIqCKMiSF1jY UDpgSuRw/51av1cLzEN42Y5FFkHWpVZSXf2+XTbODGYOWK4B2rD8nAP5XGbBKpOY
H009sESdyCWH2F0thzranDGRRNDlIbwv81kaflTgl5Ug5Bu/aoPnaBhMmTd86YPs Zcu9I3Z+/jSkHoO7NFk/SctQmcrkz7CBG8Zg4E6m1XTdI+G4pu2OV3AWSfnnUKj0
PNjBFdcr92jnEjj95zPhy2nGn+o96s/dzrTvaQpq7BIbtZcZRxvQEkY0tYGoZ98R 4WnRDhyqPb25EN1dTQAGm9R5ltwb/lVxWqFKjPrRWzkifSZFKjIbFpWV2uqYhAeJ
C1M+kKImegPFoU+4UajtEnPVhbPxom0kZcPffJcS7i4nRPlrXKaOZnQ4Kc9jxwIQ +KptyupEN67BuI887mN/v064HR/Vz93Uc4b2ypaOb9ZbMC1gbmGuV7ckFU6yBuYd
kqJqXakWQqGri3vGaUP5PIfdbEdjVPONpf/WJPMHCz1v4fn7eEsu7uB1livaUVpz RA+KadICGwJne8vTRf0KnU1ccldqyz/Zz+uNZy9KMx1E7DtDOKU+0Zydl4Uoeqzv
/vhLzvjMiJB4D0z+B+YKDKmvtnGK2+JNJbwbYiPTaykXBUXxmTFMeClhvz0yZRST 4ExE9pD1QIc+XHvxeqQGk5wAYqM+65cw4J0PDJNTlKGoahzpyiJIBBMvh6Nlhg4/
mWtRFKopcKiK/ME9roq+FpZOeRSPkP3inpZYZQ6UpcfX2GHa6sVmIAIrrmPKjWsQ Ac71Wyv8yIczLyNi4wR5Tvq4I142AH3h5y2pzrUR2yTaB6iCYA+jClpQsLpZoTn/
MFNMQXUWT7fwmHRzZhWV0jzDzjPxAIaJ9PAtEGkdOwAbWManCx3G+gju0lJV+WtR Ry4x/8wxc6+tXSXsJkTWaZCDyEIDX8TXJ6nvcDYQvLek5sLf9QWQeSU+VniT8jUF
NQurz4x7mAotU2E4+DwGSAw/XZO7E6Ht+oMKDI13EGzc3P+Tbceg+uoUE3bncrr9 vtC5q0Y7BXcA0ymKtHFSB+rr2jJRT+680orbac2nTacuMF/YcTKclX0TXbLRFrqd
f9jOXKf8fL4OTvmPeLJMbgzFDTYs/vPzzSuL7X673geebfFhagavUweDx80kNn7j hMsu9An0CLG5CTHIpb1VXhEzuophya1aWsXkfRkU7EteWNiV6Mfg8ASVykh7HTtE
ywHTAFxmWEa8irFA/pof3J9T4kVFspdLQoVoLx8PBoCwDhU/12jZ9C4LgbWLbkMh Zgn/i4vhp5qzEB5ule1VIoevtWmYQxuIqxphqonucqf4AH32lC5S3/G4OaLpJBDS
4i/eP8ULCiEvw2wNMKt+BJMv9OmDQ4oidBMpxYfKeOullKPJ5FXKF8swhY7XZV7U DKsGVxF/u86KRZRN3euuy8aTz4pKxSaYp6IFpA5hNZYU8vk0YNd1wFd0K+d+JB4b
ku2PwEQXP19Ry6RK4+KVWZQlJBS7/IBggyN8mVx0sgpbpPPk3vmesSXRcuiOQe0Z y4tm7ipaJ26YgWE3kX4v9PX3v40UHMQVg+0k66GF0O0/bveWv0wg0KtbXWatb9c9
3nCvCjOV9A05lk+zS/+O4rwudTmmf0+DJr+cUa0VNSZLNsaykm9HF5txo8Hg7tC8 xO3ZRWto0h/l+oylLPCSROnVbBoICJ5VHgME/bIvZUIGQMKeWv9f3VQsI1k4J+e7
cJdtUI2UBTGfc+EAzpbsv1hP0K3SHABmatOuJA8YCOdIb4LWyxxy3EcFsHXx9UhT JX7SG0bfnuMczVS7fz6FEAV/k+1Z9HvjGXLfjTLXAJQOU0gZYbsr6ZfaAWyUmgBP
K03riK52wFzaoAkZJnIfx6y9GK1StAQCKaAmo3OrxNWajKV+oWT75ZXfPRa8Cu/D M9BT4M6ucbdvNdKd5AFMyg/DFoH2yINOBjXgEOio+m+5x0YAKE2pUn0W/9xaw+zR
sA907g1qT87WmtVHQu5JFE4r2NC52B8bC3UIJVOU/qtijVPhAkundJp2yx7q58hB abZTJHJdEdbW5YXiscG0MJKt1WWVjy1fGq7y6mgi0XqTMf6cY57DzR9k7hmywrpT
Vo8A3Wv3U0XMpED7wbJBKO6CJc/wa1Kx7RehcEfh3JZhZvYSpbRNkhKBFszW7K/T 6Bg9CStEDPEub8kNy+IafignKGkHdVwjXCC1Ly2U8P50sSifmvG+9vukY/E/IBgB
j+Tght9wozEQoc3uVsXflHAN2mROTOT6axo234DmJ8K3jUlpsU+zI3n0qwF6VMgD J2x8j2OJQ6FaiQ8PBhxVo+gudwZTQ4NKpgCiIxv2CHERaI8ao+DM4uNmD5T/Kaci
5Qi3lfsbBISRsVK18OtRr7XGGlNNHCnQqsyi0AoTbHSO/N+BhME2jBw4IAh2Hd2I QWWG0mA+SA3KVvqMreaYKnMmwvtTXbet8zMLHy6knEIBe0v4Gp1sLsr7IugcKANl
0ERKvOuFsy25IrlSUwoTcS0wDR4gUNB1UE+JMRMY96uGz9uYhNby3TnNUclhBGTv q/IahiURHLXnsmrLVPjojdzaK7uUJuuchZsuuYVJL4CnV/Uo69XvozltlZ0APY9i
jH/rmHcIPy6+RAGhnC9E8ejcW7KJ2hwWkvMRl/wsR7M3OSzy/yOMYzQkTSEOJ0os apIFDpZuF8tTBEHTU1uY8mCY918T8CqIcFEN1N5B6cieWhbNCzgR4C1Xl+YsCGgs
cLB9ROASnPBp4ymEoUuqxYd6L4eTxlnUlcSeJK8PI9CspQ2tFCoMs1lJh/eFwp7P O9dFKtOPKIMJvlk1WpDVIHb4Ae6Ogv6zIUmfnEQlGZzYksOauSQia1EhXYly/3Zo
FlISQEJh05Wl7a7svhDpg9zsUNbrqeyp1UMO4f0ZzQaXK0xwZzUVXoPyCsoS+TpO vQOenTXQDo2WuPiJohwP3Dh6qQuDkqgPmnhZ0EggdbxvT4xVAvRc2jwOag96XwqF
zAp0isrlLYRlHPZFkl+1GctlX0/ho0UqNdhh4v383mGOQvuGridR1J6aOOBUeI3t WcLgkKDeIcORd/JOBuCyMNPF1oQT4Tqse2TrGgRcbxwLrUAHRhmYhuzvnpjSt9x+
W5ZbD1Z0lZOMYHQRHd7UefCBWp3Iv4qd2iyBoW68JmCLrEnA5MQtBNeuPRFztBjS LCzkF2lGNorizv5Nc8sPSDIzCNKjC725BS65BUaRBQm/XywyZl9TkQ9tZP4vkQ8Y
RrjshjrpqthStLAORaX3I7J2tEilicQXD8ohSqRk3GBy922mc5F1RWV5lem2irva YIuejmuJFpu2WD+IhoLVKZgQoFckYjCAIdXK2XqYlpQFfUmcYmlcUbrLlyhwfVZd
Vq+gz6DsGaxwdF1AZXnngDw3MjQyCYgMs8ecGOoPr+hJYguhIT0DCNGFix8fCWWr PMFeFvUmIwmQxeZv6MYTyDWg0OwRLDAxsBlrDER0GPbxRsz8y5xrlNT5oayp3Ehs
joWeejmNokbN8ZDadID9or68y2iCVVVX4N31yxqWUppojT6OiEs3ANhIG0SA990e JLdDuhCHe3i/TGfHIuh2NUPBZsmGrNCMRCx8ersWKKKATqGm+344paa8AaaQTVxb
6yaZH9fkG4fA/GoiUviFGy1qaulO6jFmP8M3FDZ0srLnJAf1PtWgGOpxXA+sW/uy 14Yx0JGR/21YqdS3NvnRwDDtojwYieQb1rr3xXae9vFF5xXgtOCMMUiyu4GVuy/4
BSnRUm5fv60rs2T0NsQYPIMoBDwtjcQHKH3xgU4NA94EDi+BGTBVOq3+qgXVwPhh 6FuDGu9OAzayfOcjtPQLYTIP+P9CNEagX2y+/Phsh9lw3fbjkCWNG3/A0I/u+L3v
0HBDQi6YlRPTDB6Rq68k1ybSxqxIjf7Kin/33fn0q8jA87kl5dLvnTHskZ53R8O2 gyFaKP9wfi7uzcebxDlotFmdwSzLvO4idtjlA5F3djh9ZXY/R4cHqVuPgTnTJ7YE
QAPRABkjmOUAyYWZIaNU3GUsQhNDKnAi/s6X1zM6YFmgcFdfZZic2N49DD93kXgH Q6NzLEHlWB/X0xX2wl6GwA0k+hFVT/MX//+a4sf9dRETuzqbetGyvbqJ8whNQeh0
hjecAv2fmgsFbYlHb+t9rTDX6IQk5KolfbSAsYnFASwn0AIyKnkAkczEGg/p+1oK 7ZyqtGRPxrBsipaq1A4NMTTjeT9usAJze02GuQK8FwBBhVXAKSjeyWX5eKiSIlp9
gLp8KQj7dyG7SNI5azVdsyZZxGkzV+zmgfnN7mfGOlAWh5KLvTzGFwd9EtlQDC8z X0ytTitsmax66xCgjmCU6a0zuGHMvb/fih2RnuQZoEVmU/YK8xPWsjhwR2vOo+HK
CTCrzOKm9Pa7SwSQKIOH4o74XXgeijCTSIYWwRDqF7SWF+0E+kQ9TiMNl9cjG20P k0XPfZOlDZLV+ZNMn28Y1wtfBWt6EAqKsQNT/pdDWjcbnq51NOxGaK2yIuznyew8
VWvHv2kMBdCXEfBmPCwkiqmgSIP4txiq1FvS4swwnoT5WzMlEi/gKxUkwC1D/o7o KGk0I56x7sixMIfiye1v+vH5OzX68yxjxJ9Wf3ODjcLVWTs0rEi9DcPSXN2EB0UI
d3m3ywLOzq2co9zNNiuvlxblIUCCz5MbCU1rz19rM92IglljN9mu5g476PvzKHPt N2Ovqz17RjsA5+YDmkjk+DnPUrKJ1IW7B+7Tyx8Xec99AbsJ4kmnw12U56HlqCdR
K3fyU5YxOqhlR1JxUgL1dl2tMtBycqUPu/eT1yO6ER4b5Z4v5jzWQ91a/La2l/tV HfOWgI7Ci0Sq0gFozVDV6sA+AYuDGURGaYdWkBM+4VvoZyb0ZSplXW5TfrppRnmP
gllSFIQ5yGPB745+CZ3uCREOAFnwwXYw42jaV1MxJptchjJHY4oKFarROlXF3Oe+ yJnmUrRWotuLYxHnV1WsN4Tys2KAXYqbjSj0aGSuUXQxjzPrkqn5cLwxstaHUYr1
7nwuFS4WMkCZuXXHLevrRBPa7F0DX9tRDs2fYpJeEfpOR8epvB4nglk7x+bL0RKd 8TxNpQd3uzj2E2Y/Ud485aZR5d0VRA6GDqZc1V3IV3eYDxktBC00K8rT4jhBsUkq
xrY6dRH0cS1dJ5TXTWJtvCL/LocfiN+TKJDhlkgq72I8aKOZqxhqDk81nu9y3tbt oOEBjlHqIrRVXZ0XdFAjUO5ihzgGlvTB//DOI7xzpmfO80/ZREtNT7LubT5q2EEe
V9QGTzXhtg7KzXyQacxYUoTHHCDopEVVr6CNc0PY1xGN9CpLIg1BTduuBlIoTJyi M2rJYeOK4anWYGL1IIsck4o5rAT3Wyrq3qReKPAk3Vo9u4PIjmZCX1RE6Ypl7B6i
EBgE9dL64xi/D5jYLsV0L+iWO/ASRYEhKzqETSyPte8kWaqvIUUgH8bQCI9rJXab MoA/zdlp5fg3kNziivSSbTeM1vR+Vz3XD3/6IeRz6sTZJF2+Jl8N47+W7yxPFKHM
mngAU8eMR5Fdl8aXE//FCpUiLfK3cMQtKZn3q15gymnqSKi0BSZoogU4tFQnyC2E mia1KU73fNbjXXp/4/l9bZAYFQoatqCsxqTJSAU17f6klXVYsKnsnHMiZcvlJ5OP
gghhGe0fsdJgUbWUqlTyhtFTGhNCsFtooFTWVotcPAuo4CiUevm5v7Yu9xm8mvX0 /2Tg25JB4Cuif2UyYUDGTw7ZAWSnVQ56eYYPIgSqJE2+PBGC7a+7bKZLeZoRpzuh
r4S6I2bBoWhyiosZcd5lZensmUHBAwoHgKuJGAScPSfGQep5nUXcAx8rgW5LOq4+ iODsg8xhw+olSRMO5i01myoPWxJV/hochADoHY+oyk+9Gy3YPHwNUYZAr5glMYME
0kedmfwIvcvpc0WEOuycX/zFBHgZQJ3bnbNkBtzZf2xPg6jW+BRi7vOlfkzhhOcK m+BA5aY999241lkL6bs3JZsdROR4/m+eVBhfGQq47jejWWcPT+iB9/jPWjfLEnzU
fSwVELORItBGxRq5eysPrNnNhsftJPv7yy9boCE+MwrwH6WGG+4dnm3Gj6sNKdZv bK95G61z2uXASIDKVR0PZbsl8/YjBHsgELlVgYXG4pnLO0L+jEEZK4PZHkOEFFZ0
44QYT81muB6IDi5lpbK1PNEsko/Yxo07eMjWgx3ChnuuNdfgY7xWh2gnqBFvF1b7 0cGAVObOkXoIYr47Kgy9RcxZ0APK3GlKmGzCzppqu1x981MyIxllV1ZDkFWrYyCZ
m1D5AuZW+XAJ/yJTbLrJHLQzSoVp9+k0kvbe/suzbVsGNv+Awqs6E5csFgTM+lwg eZnQXlBdB4UkDTHBBqBDWXKpBHqe2lwrzrNDUTz68DegE7Fsy3RtNWBXdDyNneyg
geqq+lF7R6tH4GrPdpm7raGmQxZVc8vh6x/CKDEBqY0Cc6tGr3V2e/gH2oiuHIc0 6w/rfYkj8i5prYqceBChIsHG0HHoXzpdKAqkBL6WH8k1z2Iw3NuyDFwq0ubXHrMo
V8O04kjr3hJQBBZk34jWg0pFGNGxzPE4WtEI0CxvINs9aYdNvEY2iVRfH1Wi6+HS W8PFxlyh00cdfI3aecM0l7OH+eo/fFzMpQ3Fc9VwEYgFuMmT2BoPSeDLWpInOAKn
KwuRnMKbysO6rwIevDe1wa9JqBmqJFGteKqkdGzlaHMJTw9ehprhKrRAjf3aJ15C 5p5sym5uRRfrosszXJi43DkQJuOmX8gAHM0IfdKkxC61x/GCQER6jLoNBnHq9egY
xS3AiWc7guUeZiS/pN+DYpgX8HuFTuyf2FxEiDdLFFa0A6ozlq09CzQ3i6OYjQcO V3lzG1PdL2XjjgJ7Gm7S7CPTvO4uPi6/DW6xIHS1N8yAfvOQoORvUA+feom8lXkH
4fckHJD2PyoaQ3bbHdiEp/UNqq5OrAHSpVlqCCcN/gkTAZun5mNEZ96Yru16QrUw raLUgRGx/mMyAjvnDpE+QKvXNVRqEAPQ19p6txnh4uB5BvDn0Fvgqvi9TT0Zh0qM
jwXRwRff4Fhtux5WQklxflspTTPkQWG33X3WELecjw0abCYo4gcpD1kTjb74LmhB m+rKKr4yJONSwAktkWlr+h8JdcOonx3AD8bMG2v6jNLQC0D8Tab2NGUiy1ruhf00
eO9t8/YCMC0Di96YRHTvsux9qLFeYzI7J/hSeVm8G2ho7/McWU1q2jQMhdF4e1vv iGXn5rWe3q4mwmJhEOgTeVc42rURcOjIrh5njcvwm3kMIyoF2v8+1FloQcWwYu1G
G/pjZpCRUj9jfSCGoA9Yu05C/ifkS6p41mt1z1SrE0ttXYGYYgTLZzCR/XsyCHSO 8wyAGJytXy8UNi/W4/MR4Td5tVNn3sXIjoRk9sZ9O7ILfIU+4c7067N5VtkAtdPT
rLxSXEp59N+Onc48lbgEpcpN3Z0Cf+bOPYIODGfLwRorwoqJpG+cv4UJQfj2ZX9A BnyPvEaM/hyyXTxOZ2kVXx3pC2EB4HNQMI9AJfWFcpw/tPupk5JRf2bs4CD06tB3
bhBfC4dD0ZlqMAhBjK1zvfDDjafmY/5CD3xfTqPDxKTDjW/UVShgxuLn/Ida0NAA GnPORggcMCjGhlIKY2we3OW+38sCY/lXgYd2FWOXupYeEytax0iQn5ZcJlMLIzQ1
pAcZk4SNuLYBM4uG+YEl6ddJfuzndZgKOb4MbCPu34rRIF9AWBNu8P1Gca5dlzuK vAtwSP0ighGTimF563kRlmbveO5H/Tu4MWIj5kr/88nMMFWKdIY9FG0NViwfEFxa
Ieem/FtXVZu6dn0kCG5Hzkwv5ITErz4gaAJpbCWgrb4=
B.3.17. S/MIME encrypted and signed over a complex message, Injected B.3.17. S/MIME encrypted and signed over a complex message, Injected
Headers with hcp_strong Headers with hcp_strong
This is a encrypted and signed S/MIME message using PKCS#7 This is a encrypted and signed S/MIME message using PKCS#7
envelopedData around signedData. The payload is a multipart/ envelopedData around signedData. The payload is a multipart/
alternative message with an inline image/png attachment. It uses the alternative message with an inline image/png attachment. It uses the
Injected Headers header protection scheme with the hcp_strong Header Injected Headers header protection scheme with the hcp_strong Header
Confidentiality Policy. Confidentiality Policy.
It has the following structure: It has the following structure:
└─╴application/pkcs7-mime [smime.p7m] 9470 bytes └─╴application/pkcs7-mime [smime.p7m] 9490 bytes
↧ (decrypts to) ↧ (decrypts to)
└─╴application/pkcs7-mime [smime.p7m] 5998 bytes └─╴application/pkcs7-mime [smime.p7m] 6020 bytes
⇩ (unwraps to) ⇩ (unwraps to)
└┬╴multipart/mixed 1765 bytes └┬╴multipart/mixed 1779 bytes
├┬╴multipart/alternative 1118 bytes ├┬╴multipart/alternative 1132 bytes
│├─╴text/plain 385 bytes │├─╴text/plain 385 bytes
│└─╴text/html 466 bytes │└─╴text/html 480 bytes
└─╴image/png inline 236 bytes └─╴image/png inline 236 bytes
Its contents are: Its contents are:
Content-Transfer-Encoding: base64 Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-mime; name="smime.p7m"; Content-Type: application/pkcs7-mime; name="smime.p7m";
smime-type="enveloped-data" smime-type="enveloped-data"
Subject: [...] Subject: [...]
Message-ID: <23abef5f-8781-5c95-a46c-61e3a4464d58@lhp.example> Message-ID: <23abef5f-8781-5c95-a46c-61e3a4464d58@lhp.example>
From: Alice <alice@smime.example> From: Alice <alice@smime.example>
To: Bob <bob@smime.example> To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 12:12:02 -0500 Date: Sat, 20 Feb 2021 12:12:02 -0500
MIIbTAYJKoZIhvcNAQcDoIIbPTCCGzkCAQAxggMQMIIBhAIBADBsMFUxDTALBgNV MIIbXAYJKoZIhvcNAQcDoIIbTTCCG0kCAQAxggMQMIIBhAIBADBsMFUxDTALBgNV
BAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFN BAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFN
UFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhMPLSW9ETmXSs5CVIeh7j00 UFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhMPLSW9ETmXSs5CVIeh7j00
Boq0MA0GCSqGSIb3DQEBAQUABIIBACg5SAEbJdRyrU8Bf5P1nTcvjMySeblcbXsC Boq0MA0GCSqGSIb3DQEBAQUABIIBAHU8bGe/H5LsJ+SjrpHwt7+3o55WiMyCIM8u
SPaTgaVlplQQBJ8FmEBqzqelnX/JRwlJblVRu3LpDq0jaXSvJOnU0G9n1uuVbwIO JDc68NB26HoxcT1KAtf33RWDG0EF3HshliusIPEIu99f46HunvPjw3oIBJlXcMmQ
g2rKZmzj1nR3GUfnvVip5f7hfxCXtdIkTW2nxYrhrlMuOCSn8vhIg1vaZNKflzwl 8CHOFlx+iX82VOPuiW0O8lW6+aVsK3zZF8gxiFoUh/Z+kgL06L58OPM8v+V2cwIa
B7xn5F94g+SJwnxyOi66u35/A9fzexPN2CziSG9z2UAf6L+PV/AUSM13NnnFCNxP ApYX+6UXWvVY4CBZgpFtv8/L5tvwIFX0Zv/Yl50d4U/jFzc7GVq8Baz9JC4UjPrw
WwbnG9DqAOuCPVXq+W8Y93CvFjG4p4UP+6PLTeLcciFe60QKqeZoeE57xBzferxu 5QYctjl3CCCLNdssAzgxb0Gb/2qXUkPKNel4HxCBE9tWVtAT6N0pJ42iGEeC87yy
u3HOrMm1m6nLHXXzayGx2PPfC9rGZqHBdS6EeuMd50SchpyVeNAwggGEAgEAMGww RRk8MhzpaVghBs84p17CCHt/5e2x0Db7RS4fFxzr/KHjy0daW04wggGEAgEAMGww
VTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNh VTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNh
bXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkCEzB8R0APhiY6 bXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkCEzB8R0APhiY6
HGLS64MvlsDXhpQwDQYJKoZIhvcNAQEBBQAEggEAQIKKinEhs2gGBlkr4wmROMLj HGLS64MvlsDXhpQwDQYJKoZIhvcNAQEBBQAEggEAjQAOlUQpwd5dQ6rwccqfmudD
J5BtZ9ui0KT3QP47qn7cy9N18l7BK3yBTmqx3Lrw+Zb0Efyk6Hf5uP7PYj0wdET6 4Vr95tB9KqwFa6dQkQ+ZGQPO/rJMcL7aH3xKJZai1UmzD+B7Qkl2TVg/dCCkyxHC
smbGw9rmBbRIsTxqu/Jpu0jUEwPperuRFfSOU+2h9CkXlbCY9ZnntltaGVKJxFCF 9OIIRVw4Hd5H90/K1zxuX5D8bTFsZrbgQMhHTo6GnxZFbkHrW5Cj/XDYmpFSdORg
myXpOYFf5MfVyG6+Z4WljpR9JeiI57DTAPbD/+2LEedm0z/lvhDN/QSCZLDIe0Jo Sl/IpiWgxp7mkCM2eO5V8aQxf7gYn0AXW+IWIXnG5FsSO7ViTd3ar+/n0UhZDuYQ
vOfS5CvzHmLHyPtUbdHxJ71NMQvbkQhu0dZFbxtFUypWTFk+X84PSCZQt5/NvrKB iE5Sn0iw15b+snWR2u6ECu5COerDvmQA3y3p1DTBQzGpJnj2wWxkSqaunhJsF6/r
W7+SEzylc/Jbnp3je5M7bd+XjgBdhblYEO2CNw4EwnQxEtLhD+JNn9wzeelrJjCC UCaRcXnjTtoFVWegVaY8P/5ZB3J2OpZj2hBazyYi7t9623QdO3PHmT8/LeDN3TCC
GB4GCSqGSIb3DQEHATAdBglghkgBZQMEAQIEEJyJ4Y4LdbBu1BDaj40MuPmAghfw GC4GCSqGSIb3DQEHATAdBglghkgBZQMEAQIEEIrz8pPRFcIaD2K3N1GCAaGAghgA
BPr3MdKD9K8S+bENae4nFDCZSuX/TxLyWxeCErUi452NWR4++LedhDvwMIO9OQPI DGzTGc1dSEpAV7+00CnAVac9cDEwSOG4Loi6QQs2S3iKN1F14B2sdxpfOQq5uvGu
zEzvs/1974yrRPhTfXtls8uyKS2MArtXEP+SwkqmF/sI60Miko1wrYZMm/ccCSor vfr8Q4g6fYkQLeyJd1vPLjaiA43chMeBl9+2qZVb59rkj19XX42EIHtSplGy5/IU
G45CdWIfCZmRaFJ+sui9+Uoe9aUw8gFtDE+4J7smDXWo/slu8mBcjbe+ncGk6ahx 5S+BLxju5tV6lkj/akkXKOtUDAaVv7mtZqQE76C8W9NyLj3uKBAfKNngz7KcSQXz
4607LxUagIoUT2ynLRV4N7Ex2uQ/NF/geMAqmAyYhD4mjjWC/WmIDVuQt+j1tZzR 1Cc4CTI3/S9C2BmV1GjKwLYxS4ZD5S0CEuc8NIUCPb7WzeesnVkN2ZFZoq5gLrns
hUiADCdmR1qtynmG+cNu0RIa04lBw7NQSYZoI6ysnYKyH2e4F7cT42LdcHsiVrPQ DB1gTxu8a2vU1cVklyNohbqC+6IzkCaJUZo+372R05nRLFlwWAXe0Ur4yRa8P0rT
sgiSG6zyh+pk+Va27L2Ou788dSg+yZ0MvZn129vPksqn1z5Ep22JQh5WKKX1f0mT U0XJ/jo0EIQHLkQ27DKmEd8DWEyJZsFz4uAqqcjhlkLrnCgSGU3AolKkzXvs9VVI
U2lJbn+4AMGQPMzo1dVFydx5HFfV7cbhY5spO9uTV/IZPJOogOaZkNtLM8MMJDJy Db7+E73GQJ9gNU4dDjY+zrVC/ssM8JmwlqKQ9SZ/3p8oLL8LVQ9hiC2j1XH03W52
AOWO2iNyFJ5qQUCgK3gHwAe0kwsX9eIKaoCK0m4VeK5a3JLI0ktQduEw8y29asp9 yqph6lWkdBL3snl8M4fCre7ukmBbY0Z8JCIFu2lqvMndcvuIy6ygUH/Mjhtz7soV
33CDvr/u2qpNe29ouO7rw0G4K61uA1w9DKUxuSOCPVYocazFKd4zsdlSXgHmKwuW 6E5/nuTKWZgQN38LFnjm2YeILU0GsmBDjwfyV8S3aTRoQPk3ibMAICJi84SdzIo+
GGdYGTvfLD/+ZWSbXWwRXIj40cPzbyHgIRLWOGxkEeBRyHnKp/wdX4QdpwOVXItj jNrYikZK3isLflU9PDfle13cmmLcZibK6cceDwFyjR5A0RNgz/D4LIEsQWaq3fW5
+fxqvCYc8iKEz/993R1FdGtUG7StJm0gCfOjU4DWnYJhNBSNfv/rkUd5bQtmUpHI sw758e8mWCbOyXG317vh5TV2Y3wTy8gGIeflPfA8jCSVu3xnMxNArq9AcntgEUGR
HxxG7nC1EC3MQdGlZXSghfj2PKVDW6mFU6p2ExpsRkIOJ0RZRrhJuWXsNZvcNKFn k3C+UefHb1CWPC9+aW0/U83hFyelfCkuAIS39aFVbI3WHdruUd53cE+D1qaZ7AlX
05GrZzjKiCI199cyY5yJ6hUMl4rinVtr2YEibH5LTTHJAVX1ihv3pS6x1mFsWHXV Dga9uH5Yv4RFkrfbrTntd88k2yv1K6sXYCek+MS723E6NS+cRxpUk8d7qIbIXhDd
196gLUqHbu1bNceZ1GCS8KJxsm/IGL8lPWWVup/QF4d/528m65Fw6Ww9d2NsSUPf VAvnxtb2qrk7LB/lK0rvVyI2UaH1xh6JRy8TjJqxA7WpBnQ9EM8WBtruzQmqmg7F
byY420MylkUlZslOsepqST14h7jAwYJqfctT6SvK7RBF15c7CH2MNCyta7no7PfM S+l8EdGuKTqG3xhFjxK6Y/k6XndRiPWn+GpRv//llAFqbdm4ej0kiG9ieSfzGoa9
6xpq1xQylmBuOEYu3Flk6Z3LHwFNRKxYlz4+rN/5Om56uY9nsGECpC56kjbD3pZj cKQYw6C8u352uDaB6Ek7GYXMH7dywq9DJOdTpojQUWr4QX+m7Q1qmpljgLfzylib
cbjrOMYJxmJk8NQ+tPLmNTHBINtUGGUrO9rv2xYfNSPVKOGzKDacij2i4aNhS4IT qT1Zw8fYTq7fU3QIvmFTZBYkvoU3GLQEOWBS1rPGapUNl2ntj/arj85BTOdMZVVV
kr/j9Vq6qF1QCZ9J6sUJgAynKQKiRZS7QUFwp0LaBjV7/f9iJE0nthxnw9z+ndFj m1RN5qxtrJjA9IK5oMImYheqq8T5wBQ9gftKDMVdb6pPNqwTu3nbjyItKAt8OL4k
UQXnqTczPc0fzCG8r3Z6TCH3KvVBvJ7uc5gJAo7hlZ2p+hzsaTne3xmQlclorzJI c8IbgH5bTuNcVMJNlUIdxFoOEudnJzirckB7A1RfJDlgDq0WkaIBQsw3YV2npfaP
53qD6jn0AO3mCb/Ce7atobRput6cflyu4wsgSX7XqjB6GyEtyhT/j2/uZUEwuK1L D4lkf8HvyvTE6QbEDurgon/rDy6TQ2+bupgrsoCRw9+yvm0CHjKDOvk07L5ZNo5M
sbkVt69LerG19ALgz+zEpmoivn4Jz2TQ+h27TKmAm/IZv50EbGbIzoJR9ZAYf6ep LALNbBRtUgyyM27hkmYKSjGx9740ijlzj3eKl7DQ6XPlhxWPPfOFCYCPY5U9440g
EBoj4XtWSH04kqmTs4qY5EZdzaPgzKrAP1y1H/ouxeltesKOqQAbpeuoNLt17oEt 1unbhT+q3F4x7Lk4U726O3gj25h+SYJiAf+5jRCCUaOpjAaG4ex0s8kdEZnvSLH3
SZRfzQemo4cYuqu7cBfIOF8JAn81NupfzD89FhoDIzIpz2Fa2PdUZ8v+CBJSfUmU 0w9YmZr7w43Q+3C0IY/du3WCMkj0EgNWeDEALQIo1j3wEVOWIxNsynfEP7ilKGWX
aeem0Y+o1TmoJnNBSLHBCVkzgpvph7efjk2mxNHREOAw0iqdTErh2j1HxHMWJyiz /L4MkeACKDDYMbXkvM70khXuH0APAGmw5rwuEUH2Nvr4rTvRI7QKMnDJ9BiNKK6A
NMmzjEUg6Sm7bTTkY16zqMK2j61pH+cR+4nSi+OyFboJbf8PF5Ge2XN4M5ZTbd0F e2gySoYelX8c7NeqdoEVUUyigF3rB8LNOqOHqMM7AAsAyt/yjFYVXxze6PXS124Z
/+CXTSqe67ncl9nxl51dz7U9ghr8ryYAAsl69pk1Ozq15Ek+jdqsfj6urjHWIZWU ohTlT3vJstmrAfSsyzc4q29tU8Aiy0AT3xmUe7lN2/QNyzHIrp/KjC6OmNFvcDLE
ejb4x5qicfhWPbEnmax/TG4kV3LY53KjYQzIzwcHE+jwq71so4uMUf/LnmNv6o9u dTXLSxCUSLJby/rJ+YH69BJxledxdfogY7JFIXM3+4Hii5/JAsuAGkGpjsmTvc2T
ti4XNQvk+j9hvQoolMuuzOzJO/XIxte3aSjhukE72mcjoU6U4Mid0fFgz1UKELv3 X9pl1/08ChdT5m1wRo0PqgtXy3Sfyc4hlFDhDvCk0kP51Lpr9YHe51HSRx5x2/+i
uH9o4DsLL35cGaJUYo7AYyRXz/REm1VT0H5VtdBPMMvWOC0FaVCnZqHMoZVCSPrI mcSbDu1LU+2wNdu6g8+OResU5LvI87Mt0sCFRvV7yawg3gIt3tZrsStS543vilWd
Jo+E7W2l/sxNrzKAcy4gVzZKkrazvIEz8tMzWLaIMo0tkiu7EVjUMvHoMLf7Y9g/ +rZ7NQfC+GK7wBeP8xcGmb6LgdxTpJQmW7bOfLkIzXQHd6cd/Ezm24X5WjMkFKeB
he+JNo7GbfCro0PaycGakfvTBX456kxn9RmWi08hJHVP3fMDGR7DVZyoVHmhgRuF HRJPGK8i5FYjQW8I+26mctTjPmo3MN4m2aUzU934aKZWnnlHd21wahtXB2Z7CNJC
o1PYB/CnVop6SHoXg651w5MVa6aVPmTtb+oMK+BzZYshlqQ9JRdbF1QiQRWW9rew 7gpsed8peXWUzQ+ZTf8nx+nMpq8OdB4CRJl8Ah+GWBu1tkL7P1VikJIOQWE4ef5P
DPZAkc8AqkDmMa4hUbDl7wPn+noVZk65Y5Jqq6Fn6gHFZSZxGiAwp2R+iF6QbBi+ +wSn1phsQDeZWxyIGjcRcDwah6KougxOu9liqv7Hcy5fbgSDH0dWTJ+mARcQYiP8
GFAYJsmuBRXDquJi//1eXEDFhtWGOOrfhyvtdT62RgANWeaHF/pXXuhVczwfQTwA EgdkQ0rmiJJ3INAclG5jle4545SJTrIJqC5j2q2oRgj7JHe515QlIfzpfcNOxi6v
3Bigvd/PsJ/vHT9iJUItTMGLeS3N00xJhmz5VLywW3P5yhC7DOExk3w57guBl+35 Cv/51Srhh9vovy9f6SE92adrBuYf6m10EpR0UT0iYHKPEwCFkA73K6X8crEUXvGA
Xxc7Yz76vkKpAmiqHO2sPkGtn8Wke7S/w2uZsfLiflJ3p/8IOQMNK7eTaPuQM/ez PuvzXqqC1aK8kYcYYUKDy3wkY0L4XaO9iNHQ8YDC0bwUg7Gcexee5H5IOC4F1lRk
+0ktdSTvambpu9xekyCqTLyLSwZtlN5Me0iox/Uz15ytNzshe/2enklHEgLMJTrB sAGVv6QwESYsAikD1qS3d+IJC0DLasJ3OtY6ibSjNBs64A/SWxSVgrmkvyUK8GYs
5eHy6J9SykSRSHbvw/aXAIeJYeRqL/e7uG2JHxYsdbJ0gmrPA9kvtTdPvWC3qRMK bRoLyedYYWsaJLIE4w0SR4LEcNAUsS3IXFgmwzuZfwI6++kVnYnP/Mzfhai3pFOy
36UP29i9YZQTH5g/3+lfOSL/D4k10RXVO/XfIuU/LnLHeijCIpdQ55hvXFbO6w85 CWn3Q0n7egRd3athFzhalQMSo/F6Nqvp0cj/wQu0Ebevqnnv4hEi/QAVkzH6wWed
otk5z/NGQdqO2N2w9dh2dv85SZRZQappzuMVp5N8M0Vb922vhZbOwMTtSDNjyeIS bo0JZaEOEfHHVtK5gHqTbcD7tIxiZGIri6mW4CbdxMYBsMdA7D+CfjmFedVCZTZN
xLarc3xrmdl4FV6xRDLWIKVsa12Qv8PGLvYxGvFVHBbdtW1nwP1yEyc8unlBAYvQ Hhi90An3agODUXbE2W1tKMrUfxwOS2StF9MRWmjUtoqkqQMp9CSpucAxs57JTHER
V73tgsZhwXJ84FoVwGtZ0rRoQ9l6edqNlOYUiSkIX2ai9amIlWuxKYf/rIvu4T2n ex/IkrkJZUZ0dss7foEB5kple+JLA0Ilg2EzakCkcoC60TkTY/X34c+azZPLeEDM
6/t8n3i+MqBKcOmcPGxVWMaYfLxlBQqg0kCh031MgSw/pLm40eV+lHgI8GixyBcV vfNA5xqoiMWOotE9WDh8wlXphW8IHD9ixwPCaZGUNx75sQjqOMxh9UcgRaaolvFo
QrAV7c8B7Tf9u3xDZ4r360k3Nbm2TnMvVWaO2brcwU7UHrGhjKCJETK7Yn4G0lv2 XfjktjmfHbhTc/J3VyMxgvcS4WIU+w0Ru+DaDVzL/9Kl1Vdyrbel/SDzccYtDax3
YsHamXmxD9ae2+8QnpwJ1+j1QW2K0NzQbj4p5boMQQPZ8UhVIw+btgqK4uu7tMLc RpgWZC8/8h996H/Xr3p6gmFS10cQApU/SlvU67Ka6A1aBEIJnrIbv0r7hefAJPe8
4a97LDsZY9GefcbovG0IgNFNIYmSolJQyk0vdzRgfcKXbl/yUGagjfL7RuhCU/92 QIEyoz5WYJfaHpHSg49BUuS/vQB5XbvDEbJbTutsF7NWd/6/8R6iNI4iRtfYxrSn
oVSVl07mGeCTu+WRC//aPCodyT7Lrv/Y/dd4NYzIv7QSyf/RklYiJ75lBhLuwLoI QCu/yy78iomVpwpFR5qdRpwIIyigs4Do8yIEeKB3Woy1LHx0bsWrQqvQdVwEIszA
YAOtiSV4s6FpOZkRvPby+FuUZLWrD9wmED3Yq2nMsYGSGhDtaZGsWqnrFatfr02V tMkqlW1BJMTqPE1aQY5dwtr/zde2gZIIv41NikHHaOE6D+q3cNwHgUcSeRU1B0Ws
ajh1j9WNBJPErhO3LifrWhU3SpSnbzRORZh7AzjjoDBJU8M8lMgkr5JCn+e3COfH Y0KjEUhkb1tGlYVBsvtYio88JaQbsNom2MRBJE8eW3gNSIeYyN2BuUeu3MGcEuhb
AfRR9cansxaCXTM8Su/+Dtw6oEm/K7aWAim7KZ7uP1vnhZYJq70vu6/YH01MD00z x5kymYoD8rnk7UE6zrDc/pZuse8sPk/LMsPitFL1I1QXRjRyc4EhINUCjPI3fXyp
fK7P73+JMs+c6s0PcaMMRm3j1WILGIKQgGk65iFAUW8iGAp6T4Zsv8P5tPPn00Da 8rN74Eu+lR22AtXc95TzUr44sr5Xi2JC6ZD91jxexS1TRnoSkd/ODPD00hktkn49
F9Vr6Fz6APk2ueLwrF1dk4eXKt1IrbFeu8sMzPv3O+z6kC7IFv9kL8Wdjlq6MNLE 9vLH1HGtGFRg32LW7SCS2gKQFRf+t8DHGQBKyNt/UoOWGdx9NyUeFS6bqQzlTR1z
BdCVosbTYq+QPWAh0mg7Ky7t52QHi3n5YGLClsj+RXBcv6jwNWlcqgUFjZOAhJDC sw6UpnfQt4UuJR02d8Hv4OC3IVq3n5NFEGi0301Fvi7v3TQ4Vd8j7nYH9BR7IeUb
zjPlrRuufAGTK2QCLBnHoVcl+pwFJniCT5B0VuY8sZiwuMhNGRDpMvILw5w+lEvc eES3imAhN20cjEOy5cwn/pHh2TuZQpoEyLAkZJrZzl57Uxu84xRPSY+OyDUU/4Rw
CIQ1lqR10a+OvwFN42YOYmTCZtnC1wkH/1OoY3O0m/lnOrypLKLc27WBV/4ficGY L3M1pFSTXjG7cJeWS6qYJx6W9M/Kl6XffQSvV+a9tghkCk6fddrd4Zm2DzxJJZ37
VXf6nwhYCAzZEfChQfdXxpAqYp1JmWO0IvKwzrhI+dMr925V1pP1Q6SIubJyci1d jrdVAxzWoi2oFTLUccS4P/hFje9j9rk3iJRAEpVY7178UvyemgA9OwkYG342DQ4s
3jVOHYeFLBr8NwPMaDgG27DnM4RicmIb2qkXDgs4l0jQ+qCEEFF+Itbk+agNOZon +IR1S059lYjYf0XywFewBbkdLk4Jtnt1ObNkIxVLeaXtZ9ErByUrG4Mw2Bxq/MlZ
pILFOAJfkZ7JVptHD0p10AgrZVRx2efUJ3z/RHqmRecwc2S1bftaq4MSVz0R5U+D /BEiYdcoHUFPzqMckAqyOrng/k+uTkDs5OBnBIg84i9EAzrfL3iCW///1OMVAml8
G9ppeQSZwGLXwMhPxgoa40Wu2R9nQAfGB3UAsZHB7yJy6XRZPKncuPD6981lkxAX edoavzvZ/fJ3JyClx/+n+Z0o/zbIb0CD61/nT9c+65UMbe8FlZ7Jfu7G883fKFk4
lZG/Ft2lHLAEmnXdzQI85hRiDdwVOY7YgzL7Jibv5oFLOxv0qBEPC+UDurkTOzjf g9EOnjShWVRgW1xZoTm6n6q2U0cazxQeVMswCe0r5N8+hw5WgW/9KhEB56Yy756r
w6QS+QQ0gVwpIODaRT4EFTT5rbqAV44/qx1u11JX8Uacz6cGlqu+KBsQ3QAomg4C GdoIUv2dtOJBBe77EtCLU3QxqfaItSpsgErm3u7pwHFW8t0FbgaoB+Cfln+c7HWk
B5PAl7ZaAKOtCPBEbrSSWEwXVgozYVHDJDACGc903cz7rJgcJilvMEM+ZVwbC1cw 5G22Og916iK6k7Xba8HETpcviCtUbKS+SKXobr9ehgBNjQtmUG1MkUgxP9GRKBGk
gAM7I3h4Xsku4JZ87lSFz8guc1q8D2W+Z7rq9fMwIxD2nMK11K7LbBMNhUzrDFYn M1WnUD9ZN3yyLyEsXyNYRr8psmcS/tHXcpUlTwyKfS2wrNfXUFxUggcyqfkUrYto
vmRGWIU6qatgzDe7qG9lvsGuFS/V8aIMnKjcFuDMSBH/nj8dF6r3X+BBmJuKRK+D nTN/bThuRWHm1uji69YLvuSGZTdjn6WvPhzG0D0WTaimHrH2LhIev0t7gd8p6461
jDbzogBI0oPnBjs8AyaGYHS415Mn3P/cTsrG1tddngVoKX3Cz3NV8pjd7uIKaBUr Ke9ElGsTojuv+jE4W+a//BDVsMaXONzrmPJFPhHEq+ewSreJCn/dNIy7LwzHNOtp
OHSAwdB39RU20Jbv1YqQTRcgSyBOnVf2HKqP6N9836DAQKfDofz9TQxExaFlbxhi RdNY3oNXm3qIQ4ocjo53nEPeChi5sMxmdHTzNvVSl9s3baoLcrSfnSIsczX6gevM
xEdc2HSIewAZM7fJY78vpnvLwB6IOuqd3egD/AUjjhK6SDcSaVwfNhp5CLGUDSqb T3exb0F2ABkqEYLjK94VepPsTVJ8o5JIxaEMTFyXU42em+gGhFD/clr2moylm71i
zKccNVWu9M6hV38M7yfV1S3FqSZNkZucmd5VTuZmNBpyQhm7mfc9XYVTK+WrBFEv zbAFGP3KLDN+nMi2QXmoR14/4VhIs1Sdhs/OdlbsQKK4WBGyRhbcYepWTY0qPFh6
E5lGiAkMqW+TBE78MFAf90L2ZkwVXlUjFXrDc9OURnEu7j2UaupA8azc9Aq2Ho4b 0vOxXtN/FYJc4b2h+hBTsdrGdiOBYDk3pfKbS4R5z9FnYbP2LYiWjZ7sbUW572J7
ri7LWwbJplfiGi66TS2CstCnokV8XZ4S3GK/UgATxjVq4hpt1vGWBF7hWIduHJE0 i4tdRsuAdJr2dA+TEk/d04x3xJkxmQ2xIaBmxmaRZbxGKUg2Jk/ndJGUMLih7bNi
pNtkoyWby3enEXPUBilH+SSZRU/ZnItmjK+pyjSwJm2SxjIqv98nCB3sSdU4jBpW 3Cni/051ZtrgXJZyWn4CbawvDIntdK06KetGrrs8CzeUTPz7XOpOucxC7CtDB5Am
tmqVR2pfUM2+8Jr66Wk8iLRYf0xlNKlTk7U/yKbN/0lvan3nPoXkFF2/HLYdUCd2 W+s+imvEUX1fGqNoI+FJtevc/pcgrSFk1NFyRQ2F8R6hra70uy02W2Ta0FfFZtgx
LblEs76eo+TxaKIHu8XKZRDbJ1uzqIJYaOL1INi52kN2gZuKmS6ARdfXJ+V4l19Y OGboryID8EkpBvEr0rEjxSDzdWnTpbD1RlxKmhlTocft0N4yRfa2MLAuMhIcKY3U
sTCVMIb6uTrZrzcpPkuxNdSPFex5+jrfeB7+7qmW9zD/rQFPt88VNu6wrFnpNvhd sKj+SeSfdq+v5UOuEvr4RDuEsWRgFlFeDjv1VDlGkDzR5weT1d1bYXv86oI4G/9V
hNo0BtEegVk866eJBmKjBFQDzDR3gtRIQXsi9JRyllg414TB7cg75L3VbODOLqmz pE/86WG2xzyEYrHuUW9/y37EglGUTRP357gGuZvqvLWLo8+TRRWBDHfxUcdlXpKW
6t2ErgUFZRLRkSepH0Ylz6He4M3LangIBaAd1DTM82I+i8vY8bh7JZsm215BafqQ R9ejNA6slpC9Pq7s4cB1zcYMH/tX4o85FCLkIa6PfNSE52Dui5AXo3HliBeUGE4p
Xqf4yjjfByjcE4nbjeVSFOKrPNCe41caINZd9LT0PMDULCiKQamYCIlyKz+3y6Br FBBAbc2yK71L6vKp9ld+a7qhzMw+gEKt9bjLRJbSlDiyTvCuisK2n+zW0NZ98ftn
Hv0Bg+mcHZEqmnNSqAQfY01sWnlqYwqqAat/LwabfVN7AJyXgKsHwIV2aM78Msfv duoTAWi2pKRw9Tj8csKNgB6XCZmVM0rA0sdQGjRK5L1WFJAhw/tuWA6ZPSXeR59R
2XAx+axVvelIEqVO/IX8g/dQLJ7Lrd5ZVMywRHxs77ObYHrCnhan5m5r765kiFo0 xFlfoqPCKogCImWSokmduQ63dwSrr4rQsvKLRlQCfpv9c68CqFEV2fsIFtcfUAMz
tUw6ff7ReuRIQvX3i+Yy2LlsIWa4aIOg702TN2BKTEcPo4MHB7frMD+9DhhlmlHW eYibzi+Xl/t2XDPZ9DYpEopOGcfAXvUqSzqbbcAnvaOXHRcECJGmW22kvqgbDwiY
oGCNlgrPBZUOU1h3A5LTmiqV3cyeB67xjPMrTVsMp3r8mUEJEXfU9gXXiecRem7G Hg1t4LkyWAG2C+5MbFfB0u6U9NVgv3EnPZceDXMTYWhkUu9T7QvyQso+2vaOGt64
vL7KsPSnDnV+YV44fHKI9eaAtUH/XTG3ELho5jN4z6KgzALpramB3bqPmsi4palc 4Qs9he5jL9cLamEkdmlvKhSpJ+uig/1srw8JS6ZNddyCAChKDuVwlW4y/A4Aj7Vk
Qim4NKqhGB3vin4gDCOOlopKpn+CUaKFsBsmmsOZXR5llHXkHiGDAvet0x64xC6T IUBampf6jpzmlaYtkvFUG/X/PkKZYUZsX8XSRTHJ7ngTSMfh6pj9ZjPbGOI8Qnob
/Jt7Ywtc/oIaRxNYAruTQXyva/OEll4Z0Mic2rZyn2UU8rjB2Ax1yKo9N27DbPrv sqdThBen8dLsMS3SS1jg9wqmh1tKV+0Ni0x/xLy3weoC96ujika35zZh/048HKN5
wlHqKFO5wdo33s+XECogMJMqmW2almEzw9oliDNWODU/5qDQMUz6/gEBhW3g6nBH 6104KOA5PiQqmwGSVskQMy8kBZPF2IEOrmQuZUmrz5w1xVGYULNPNhUIscXDGV1+
pF1T3Uwo7S2OGY4+qChysyV9g9uf8CcykQtXMVSYDboo7B9ClUWp4+0W3woVnVZK 0ws5mOu9BHnu7OSy9RjJIp7llfagI0//22OjQ+kwxpaGsSRYN0k9ArR8LiijUoUH
nAgOI0N4Z0pUOg742DDn4kEZMBurUT67ssblb6SFzYrUIXL3hVtJAyLPlkVhIkdW cxI/VRAa+ELehkMiAzHma0quZ1bztVKd1ISono5d++7W9c68myMreM5IHKI1DMXL
aahmeBMAGhq0vgTxlGKvT4DaJZuPCy1rxHDkley5RKiZBHBzzH63kAxikarKEhO3 PfIEvCbhlTOcgetvn/y/6nQDMOTJuzeh1p9un3rIvfVfJtbtId+md3gHa2JRCeua
i/aB0Btu1Y0Gr4vrM/ynuIwTE///giigc8rTfZnXnHkojWBQVehHaE21nD4wXZbs tKifW21hk1Ec5rU8x5n3Zcnf/fupeVkkt90fR3NNtZjLKPh+tgvOWiUUztU2Mjpl
V5FV+RYNnhNs6IpNRWL7h6IdvxwtGZmq1iGYyMmJ3vNIMHaDJyev87ytQEvjphi+ eZ3p1IWgfdLKlmW9Ct2kMXMrEaJILDbC9pWd6lKUTpmXwJSDn2sifPQkfR/ClmAi
re9BMYGXIGsbxTwwdKW/VViBMP7MxVoDHO4e4pBoVlhFElGL5gcnpCG7qiJ98i96 3IUQevSy+HdGEDJmD0lcEr4dIAT/rrAAsJB4faO9oNrU5uJ/gi++qKx0olnMMMkS
VlJyTFF+ktUtWmDhE8ozkbTnqbz1M79BRsLJIrsOSWSzDeRlfBUBEfBpYwlMfKik 36ZJhczlp7kiZ0mqF5aVGEAwRnP7cOrrViHDEY8bVNTFTiJJKDjLro4w6dbaRPJ8
hEjL4FZCL3UZtE6lpEozA5XWxavUDvFOO+4sXwSYLeos/G9RGCGHs41vVoTu/vrS xKJgXblHEOCDHf3u91gcKZ6bERuMPxTXcqvTGiRQjRmPgEPUE08ktgBA0Va6QoV0
RyCRTQFm7d2JU4yNNUCLKrjSXyJ5ob3OYMZTrpseVwy+9Onwvg5ic81vYQ8ScL3h 1g+ntpIzRmek8t202ITq3Pfl4XW4O1s8MrjDu8U9KatnPlf0eaSjGnhRtJYZO+6z
xCfbUxuFf9c72lSNYUrDHCUGdiqPmi7UTfEXn5JnnhG+s+NXY9iK65DcQfuUSL64 vaRgNzqimwjUCyJiuDJjqn6TvwdVZ0P4qCbNLkpBQZjyevAcLg56nQImgBn+KZPZ
LjGqZNEMw5Z6+UgPOwgw5qp+MC10iOAXvrIXxVeqwAPGTLKpPcSzH/p8z2H51AFG 1kPOX93JWxW8jI2qt3xsTdbIT1uXVuPCm4AOMo9/LYE/g1/PLejwMmyCX3mw/dS1
xeMNcUYrb4sAY+IkFjhe1lkNeymFax9HogCSsYiYXY9OAjNLsp/gpS9QH7sZqdll avlPSQ78JwubirIjAcPz/iEsc+6TRobJWFl7ixFC0fDWW4XwTzpZVqYkcn3qrdQ0
UHp2pj1BHqumW2EzhIEURb66+/nG/3o1T0JFwwCMVV7mm0pLRuU6QfBet3oU+iin txX+bV2+6+F/ZMf4OsXUN3RxsVveT99cGMyJyhpWytCGOE5tRd2xB14N2VsO6r1R
9gIymNrJLYa9K3hJ/FpyA2tcglkSdHFGFvHBzKJD2m0B1Y05FIIlDuTAUpjujQWy M/ZhnTrBjwmEZLzwKXMhnE3rRhubX3JMgQ42jLEZqtfyzGh3Qz5UOEN/eNwpTTLt
kDrF+g4EWmTn4flTGfbugxMYIDFV51sDKMfOWtDXRGcvef7PP7qFSw3RworYPZed h0kqu9DX1/vN3MwTYaHHl7MMniZsZwUAlRLBwEUpMipuTOSiDArQqmzi0NFRlU6E
e4AvoToZnVIC2Lq2oUGIJbU3bbSWlw6iIOmENBKA8U0jnbcCN6TUEPO2vY33AypE 4TuxVFnQZvI2PdCccF6owNBxQX4jz6foY6VVuXTYaVl1F1ykkwRrwPU7R2gY2V0J
BbzgkIO+ruZyIGrcDlhVeAE9grptGCtc342Ii+ywDMPYSkgNC8qs3y+I5WI6NDt5 c3a75TZ7GZq3EZLdPz7yQyMS9iAIvjzgIXvPPcXi7zbT+eUPPEc/D/jY5SUuirj1
RY8Vrm5sYnkJDIYZ6wtkDB2C0VXLIqHtE4qTL3gm5R1pGGZ3y+CRD7ns9yUs5kQM OPy4xxb+yDrtilHLDzvZKLkOjT06S4RLA5CdZv0HLWKMvAUF9Qyb43PaqFNRjEta
a+aQ8AwV2cvmLNgZuJDLlyMBMzrJoTjiHFq7N2l72XRx3BUeDykK8gWeXj1vBZum TxiqKyIrFKon2nzbOiNh8W8z404/1KBAOdn1IlMhGZ4b5hOWsY0KY2sCr/rqRJs0
OZen4mUXUskGH92WZcHG3soz4ceby+uOyxJPKMusxJ8wdEfGDJHUKia7jpvi4v21 yxdFL7o4QwtONtfEep6gMBirUEpIHXkqfYlj3nBLuA6X4WkoARkLomRn1c0O4LO2
qvQ12fwmBV/rPiEunNnKEakczNB3fmZBDeTHmkkUpEyOtIAW0U5VHa0N9sHAjHh+ oxO8bZSmTNNWtlB1K45DjxQft4huCMdIa5N5hRfPUlG4G+Z08tjZRYMKuHi78Ntn
wCNB34BFZpHoXQ2yy0D7UHmFep1hFu3dahHfeohp2FEHAi3BkNc8l/Aem9ERznY+ SKtyo+9XOYCaiOHnUOzhSd0wXpZAVtixrhsKZJ8BeOSb2HhJW23hoPUd5EI6h0tU
IvCpxQbLb4pqtnWm/ko9Ai0MI1ouKNAyNzEbwF294ZGn9ABYHOChppB/zGyDLUFn P8JT7Vfshp6nc0nm5uWc/hGb4+G2F6Qaea19ZodxPquvOOgzw51ts8V9rTlxKfKh
K8PmHio/OSyddzwXyHi4gV6+Njnle2M+R/07SMxTqKS05TDIvsgW2i8AN7U08lwj bXrrAYYVQQEXLw7qEeptTrEIa2PEb/ALsXboBcvxJeHE2esGYFinD/w2k1bMwqaG
csKC9T+4fO7CMFrJqgeTwE9OBE6CY10mCe3AdF/f+a7sgt8Oe+vTXgBvtfo0GNLw KebiMZTB98PvrrwTfi+mPl0wHA3FmRm4B1IPH18yqgPIqHZPWnKZHyN7D84vn0B3
P5eqf2atPl+/5WzQdjtGSC+CWVmK/WJk/98n1DpoZ0hXn4m4F1AUq1nv7/g5TFlX c/jGgii3mYui1iNu78cI8l5dFgXektZv1A58e6zUO6kTd2ShOmT8NJkqOg1AACVT
WUFpDbjRb676ynX7UEj0AzyYjrUU8hAzPBvcQkndrjeYSWaKkE4DHn3bbH7wAhRg 5n9nfFBF+WLdflN1dFIdxc7Y1XCth1i+RjuWC53vASEbdnzMFmCuT5bh8Hh82rFo
AOhQqXFMIbOnyC5e0NWsIYn9nab+PlY7HUGjmWtW8XSheJkBh6Wf0aaO90OHTrq9 UbQ2Y5ssuqI6F/onzAh7XezjMGFzDEblF5S4WrGnyJ1EcikxxJ/2zV4lGacEXWDa
ZLJ6XZkwtuh5pNUGYdjSrjmVcEPwin14wieGfJXkCbmBsZ8kJXR+eaQBR3qadKcR kFvC8oHxlepSFtq9B2b9/ZJSVwy/p48UyJ0/buYFoYwME/FFvFA5BU4Wo4UvVPeH
Cfn8kAC4efD761OJk2HvzjNZaIqvdNVekvJyGMiTWfhHpuZjQ0fcJC5NDbmwCdNY iVDV8mC5cH5t2HubjV4332LFKpqSIqA6+BLhytDhOx9I4E6Ns078N5/US1vVZ86i
Qz7iS4YWdbXg10JNag32tazuhNwUegZFGXL9a5gcNkv7AdmWGkSdt0lsSPV05kfC 6w1yMcTT6SXn4N877apC2BgDR3T/byu34Y2zHUjTW/4YQJQQqFVQq9watpFShVbx
QurrTtShb3hfJkR6KnVBSK3jFjcF5asLM/VxoQ/iBgaanPhen0fNWgkyJJaVmDJi OmLPa8AkZOmScgvEQKUfP15p7zZXoNpWMMSwTiALbDYiLTGVi0bh2EZ3voRqca1Q
4xzAhz9r6kPENqyCY5C+e62MvEaekDidg0gZUWuo/gdb6moIoBrCqZr4J9y4W2Tt oSSlHtLoxpSrWtydtXlRQZUT/c+crTac+rxw2XmgfT+kqovdHPqLXhfZQTxdtYRO
6AZQtChAdW/A4OqDgXlXmXc/tXMy65zIccDzc/JMzufzQcP4wC7DbYC+sg/bNvv7 ruIAiWG0TbUUsBEVOqWY7RJjGflWTnEyCNk7Sk6PdFqWz7T7hRNYCbEEdVl4fbK+
LWWT4esu7njEbX7Ni4zIjhBlynqL+qecT5kB8ipGeql6+Js2iKNsi1HYQ+hTt4Xz rpxBbmdpNQxY4KQOumQIPxLj/iPtXkCSu5qVEgpHyrBsahu9kaCuU2x6lggIqfir
k/sEobzFVLp6yWNpa0ZqyY7RTLcb3OJUM+KCgSftZd6FWi7M1cPn7PUWG+Hdof/R xwqzwG/lJNu0NCPOjR2/R3nAieqNy3eus+yXDAa4L1YxdgQixBod7iDt/v1CZL6E
dxOt/PaXDxNYEK9yrcVWP4yurQ1YS+0oXzpmuAMQIbWvQki+tr0JcpsKnUxcvvsH zGoDoJpm8hWnoBvuYYDbmA8fAkfIq4utPMHrpr+bOW/7a7PESN7dBV4onEWfQFaT
ZFxZ02bTi73DCFCSWK00j8j5IVbvrRBvtgkVOAl4c5WU34sh6nwJPPBTeO002wFE D/T33gyRT5ly0UWd7Sf/BothnNXSQYWX7+jwkUMR5yCszQCxGqjuBLGE9mFAjnxZ
VgO2F6dPTTys/6D9eOzd3yb3aEJ9PNFhpzY4uhS3TBWhEcuyJlpus8ximdQjwjlQ 1PG8K/hN2jFAyfL8vAs5ak/Ui2eDi3x8UQE3mFRTxvS/irNUS1c1Sf1AgPaEGZWl
IgvT1ty1v2SRJLA8gVY8cmR6yn6KEL2lc2PsclF6zjYZd6khKSyrBBu7ZceIo78Q fV35q+7N15gJrNsopoZ/X64U4CzNzk+6114IjbczrzkJqF4xWzRLmMxdZGsJrhjg
bnPly68qrr8l7x/DxYHFJ6pwZ8LYPg8XkZb4k3TmLZrA4ys3a81R5RKHkwmc9qAI ox3JAAECGdYMfbDsu1TGiJ4J3/ooGsBU/xTgi532AyXGT8Vbd8jt2kug+K7KKBTp
kyNSd6lJLMeD2IMC7rxCupV/dIJZ2cIjH/46ZTOTB4jADtrHN1SjeFWOqnHhjKr+ xw+jRrSD9gW3kcUe3e4hqTxwVNUslt5uqkjFKpMgdQ5Uzlt1kAVKEhGCmSOHGw+e
naZLCDk2EcSquYtna4J4BvyQXdcebEz8/zSNK6jS1v8= 8lii+Oc+IggActRBZFM/DMucxfR4gTlVT8adbtODeR6l/nWwQBumEdDR004PgXp8
B.3.18. S/MIME encrypted and signed over a complex message, Injected B.3.18. S/MIME encrypted and signed over a complex message, Injected
Headers with hcp_strong (+ Legacy Display) Headers with hcp_strong (+ Legacy Display)
This is a encrypted and signed S/MIME message using PKCS#7 This is a encrypted and signed S/MIME message using PKCS#7
envelopedData around signedData. The payload is a multipart/ envelopedData around signedData. The payload is a multipart/
alternative message with an inline image/png attachment. It uses the alternative message with an inline image/png attachment. It uses the
Injected Headers header protection scheme with the hcp_strong Header Injected Headers header protection scheme with the hcp_strong Header
Confidentiality Policy with a "Legacy Display" part. Confidentiality Policy with a "Legacy Display" part.
It has the following structure: It has the following structure:
└─╴application/pkcs7-mime [smime.p7m] 10100 bytes └─╴application/pkcs7-mime [smime.p7m] 10075 bytes
↧ (decrypts to) ↧ (decrypts to)
└─╴application/pkcs7-mime [smime.p7m] 6460 bytes └─╴application/pkcs7-mime [smime.p7m] 6444 bytes
⇩ (unwraps to) ⇩ (unwraps to)
└┬╴multipart/mixed 2088 bytes └┬╴multipart/mixed 2086 bytes
├─╴text/plain 58 bytes ├┬╴multipart/alternative 1425 bytes
└┬╴multipart/mixed 1596 bytes │├─╴text/plain 481 bytes
├┬╴multipart/alternative 1190 bytes │└─╴text/html 633 bytes
│├─╴text/plain 421 bytes └─╴image/png inline 236 bytes
│└─╴text/html 502 bytes
└─╴image/png inline 236 bytes
Its contents are: Its contents are:
Content-Transfer-Encoding: base64 Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-mime; name="smime.p7m"; Content-Type: application/pkcs7-mime; name="smime.p7m";
smime-type="enveloped-data" smime-type="enveloped-data"
Subject: [...] Subject: [...]
Message-ID: <9cfcaae2-9fec-5aca-9a29-c98da35b262d@lhp.example> Message-ID: <9cfcaae2-9fec-5aca-9a29-c98da35b262d@lhp.example>
From: Alice <alice@smime.example> From: Alice <alice@smime.example>
To: Bob <bob@smime.example> To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 12:13:02 -0500 Date: Sat, 20 Feb 2021 12:13:02 -0500
MIIdHAYJKoZIhvcNAQcDoIIdDTCCHQkCAQAxggMQMIIBhAIBADBsMFUxDTALBgNV MIIdDAYJKoZIhvcNAQcDoIIc/TCCHPkCAQAxggMQMIIBhAIBADBsMFUxDTALBgNV
BAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFN BAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFN
UFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhMPLSW9ETmXSs5CVIeh7j00 UFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhMPLSW9ETmXSs5CVIeh7j00
Boq0MA0GCSqGSIb3DQEBAQUABIIBAEWYkOXbozCgn9S8iXQC0gutDVG0YPIJVm7k Boq0MA0GCSqGSIb3DQEBAQUABIIBAByIMaFU0xsD/lTxj7lo116DStu37Nert2mk
oS/9bJiQJUvaRNUw+Nj5QB2RYBoyUkAYI2JX/1q8PUAHH9KfUR6EOHkMWMYjZNZD 49trfnEu2mQhv6MAkHx1/MoOvM9j5S/Q1YSfRhF5c7XVgUWLl7xafpFcdxqwyK5J
cEOKyz0lFkhUUL2hW4NtriRalYxcQoQb5lbQpBIm9sSSxSUPLOVfDCKWVtfezLtG BfPzYzqEjA+P/oGei2qVW/IvI5iJkbFD04TPw4Cvfab6wNOnAhLiflDJElxx1uUD
+G4qtZyK/ih7LmcWW05GTzOhoaWx7QM4n5UqIxvleH2ncJZdWtQxp2nhkww745ME 93ha4H0ng3pb7MBP4wyYCSeCc16mqDolTGCP6ejUEzn9GAAMAyOVK6A5DxVe711M
jkOBqXRxUpeCGiulXT3lU4efVIsHcJA1G9q9mpXz1OZFewtvLkdUDlVgm/gA9+Nm UtAdjXwP3Gy4IRYTFfISTD3nKp51OaKSv8g9qQtGCuYdfJxW3eB0BpG6OmBLMiEU
D9LXe6z4VLwWjTCS1k19/9r/GMjxhYn0yD8iwo9d6jXYsTSv8iUwggGEAgEAMGww /jv1oVMZp0NwmuT+BSbkdecwgwuwJgqOOFn/4aIDEmyHyC72fakwggGEAgEAMGww
VTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNh VTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNh
bXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkCEzB8R0APhiY6 bXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkCEzB8R0APhiY6
HGLS64MvlsDXhpQwDQYJKoZIhvcNAQEBBQAEggEAFjcQW2naUCwQ3YNI7QTekTBL HGLS64MvlsDXhpQwDQYJKoZIhvcNAQEBBQAEggEAELJsGfVgEhqvwyS2R6g8/Srk
hqLffZscJbnMbWEWh87qQh/++/hy3h4XCgB/28tCMiBkuBAQHUFbrudBaFPbk2D7 JTe+rInzh0ZtMqt+7FoT1/5aaw3JDLnPsncJyVpqrxrWq4lJadCL5ycSUOaspAEP
jdhwdId8QCOV64VIP59T2jHwqqEl47M7+jN28ipnVHy4r2hg1XdS8xN3EcOOfxbn RLkQGexmMk27IYrhwXfTkALRWqrH3yvGihyuSwALfMWqX4uWgyJB4TGxN/xXfvWl
rE9ERd1D6IIHrGTNMEfzs1Ntvd/6katezKqYtV2zDUkF/uL3SmkIoitIb7hEW4mH 34jTPewe4JQOWGajIc/dgrKKDgQcbiT8v5UYw7d2ha8YpcUxII/t+RfXqknLDfRm
hy8UsLGt2ZmEhY49lsQWJQqxR4V9/7NYqFCSdSKt+oIbTzv3PVN7rtvZOeM2MG13 lGq3zXjwfmve1ABkYtvr7NZ5J1HsAQzMKn9m2C1w69ocgTgBqCHxVHJ8k+hHdXAz
/2zLagsWuUMPrvpC5HMMl8YR4mxOPJOi5m2xMrIS6kgfd3/KrpX1niUfuvEgiDCC L1U5kc1vlKxKklqtviEXZBtDXc1cc+jXEqNT7ZI1t4FlnqqYgroVTvzsSpKMqDCC
Ge4GCSqGSIb3DQEHATAdBglghkgBZQMEAQIEEC+d2DmVGu7vHFBEpLF4Ke+AghnA Gd4GCSqGSIb3DQEHATAdBglghkgBZQMEAQIEEB6qJslpRAtedRCD+VoEQzeAghmw
kzd7S/YbQDNpFka9cVZpJMyZSUzF+U3YQH7KjV7717o23YBLQPYEGxsA0LWTSILa cU0VsqpEoyC+vYCYkiY3Kbxt4jFIYYdAjPJRd8vfGkNtINaoFODWIXX7QSy7RU9E
JOon1R9d7vP81XGUWVHmpP4T7d45bOgQWHysoAREhkMQqyUb01mW3F7kSJkOmKcN Pd7Fc7zrQ+9FwrrSbxtMQZ4s4Z3cI4COUOMPR/7nlHspkKLyJQ16bEp6Z2GOjn8h
uNjVH8MJuhr8wiraPjN/GT7+xYy7tH2bXYmkuuzruXMH3s+P2+ZN4nqzvY9KPUDM 32kVC/Zb+ibVcKXyTABW0dRCtl2f5Kai4jEtwXlrcx43SLS9NUEMDTqpsgphCS7L
m9muevN1p/dQhYq2vPTFrrUS2QBOtuPjgxOAG02R2jNwJlWiVQrSCG8O3li2JNDc BHfHSmaM5g/RCX2Wa41meHlkDnQsR7T86qK/Wbna6eOdYL9uyhIlFC8UKZr2PSRc
Inem3VkMajeDw/8+dSjUz/eZ2/xvmWKhJ9YwtGu0e001+SEXNzMRO3lbJJN9yWqL 1/hFb+4vgubeJtOIpODtHCsTxZFMudj8t7Wusq9KdzBBLNu7afQLx2f/tMPI2Zxl
2j8VtnuAwX6QBcauaUg+kZY5DInb3gNPq6pX0px7rKRY78nXLsRpYsOM7Y7xiu7z ZTjDuhsopFZIH0Lp6MNNCcCzWHVVeY6KlqMI6fqDHL1OcFpWNManOERp/KfP/Gu9
5HoDzf9Hxim2j3gkYr7M+ULToQ0e8t1Vo90GSWB9Z7PnGt/NbCwK2LtDsuzZswuM 8kRxF4uM7siFrHjdeOa8fjARE4luXNKUio7DRezkVxPnX2dzg5CLTq0/U47x2DON
EclO3+Hfjey44GSB7GtuT8hc6I/NBnIEAPV0IbJfgH2MqTowuuM/GZz01rL9ijgX TOmM9kAie/7SxOmbAOmMJlO3p91Zyez6+BmXZlV7UdhvdCf50o+0y8X7sBLEwZB1
Rn1FFGLkrba+pw/DpqLjZCE7qS1vZUS10Br3scbayUl/4HTVWnLbrV2C1SGjVinY vzQvCRUvJeSm2k51hpNGv4GEA5fKKRQVdAITaCD1b9GJpmiqJmjt9YJlnlM8SkuL
1pHqiZQSpk6KPtNXoiL+XXNzpHXEv05VFrpulXheD1kz8w3D/Z4YqjR71bb8FVJs yxMBp9RDnraYcnrbgbyT60fnC62XYHmKMTOeBz9qMbcW4aweo7odM0DLhMpBEiu1
okvUR1s4ifDrinFwenBtdtH+Ra+8lejaXbbp0wuKX3Ne7hryjX4iKFv7aaJsg+bx 308VDGznIH+gPB8l77rECe+mXVIRO+sU7RvOUOurgm0Bh4Gwxbluqb6UF+yUB9a4
38DaXujx+9pF2gXULSSFGIxaTujy5fdIhvcKqHdAu/c9YZMlWnkK0xyvC0asGM0M 4ItKElEhYRuxIkfHR1rCvAj4mlAFSXjKakcI7wX3kFRTODz0vQe2uX90n+U2N1rY
H1Rzf4BWMxk3XpVZYzyqW0LIR/K5OUPsl2pN7B2y9QiWBQ061/8Mv3pViiu91thd ELTPpQhrnZqVSnQEPXEJPDjc87aIw2jkcsmdoKie+lt/PnoG99sF9Rf5qlNvG8rO
73uzgY9gKdPwsrKYhsSMLqrvuV4O6qTxZF/EwiKn7JRPwRozIVcnZtJSz7+MUH2t jK5FzIRl6WRk/u8IgGuZKD1UjxuDuwXyyQJZOUq3xHF46YE/0iGTkpcMPBNDOMXj
6mqUNygJlPPo4BF3/NZk8NeqfaHTic+nhgUyYwejhXk3dii8Z7etAFMsyTWFiEw8 CSrcJiq5FOi+Tw/TUBYhjYf+TrR31+cLFGUttZl0af6mfMX2y4nhRkd5I1Sy8TMk
xvdzI521CcmTn/+Ov6kOWSSbZkfzcMkhYSSpoh+8/kk49VPpvEyhT3D77pfIzTd8 +RrscOia0g+gWRWfpyDzpvmve5QEJxsLuXv8UC92y0EpR7/OKUeCujGRSU8iPePy
isKyyxyqIxFje1wDXUvKwoGHI1tvRsmxmUkRl9aa7iO1eXHVtQnXosajrM41MKI6 dqQSJV1kh8z5mG+3ioZdfejkTvlfniCocY+yYecdOGCZEBRdZq3JxLEMInsIk8Th
GYgKCLBh2jIAP/3Ae1Rwrd60XXbKhJek+4W2F9yqehTN9+ev0ZQ/Shtz9I4QiT6h W3cULAtziM7gie06byCMBkUuUDswPHLcQJdJJwpZIlnKGv/vevR55tzUgdit8tvA
gWkk56ijCZGUjxdIIAO4dAj/Iw35eGxvVxpKk7AE0kA9W1PV1NyrxytPn1SHsUHj oLnJQO/9OYna1PQbL1eUHE1ZhzH8hqve/3iSGn2M61EGi0ASRh74WM5Qrwflr/ax
zH536kW463PEBuVbPucedwr7GiAKHZaERhHZwEtSqrXi6Hk84z6LVzb8yG0KEuuo l6L3GIzHl/Vr6dLQz15nPwIjgVsl+lfGkagwpK1MX0veWj7WAGm11FJHH6amN/oI
a7WnjdliVc23EQsbY1CV1/ZmyxaMZ1cVnKsvda8xko25KI+/y0mD2YK/VcXprfRe 1pDtSGwlhzakM+QBTbPIQ3iWIpzA9xmiB9qXDfSInpogFMZVKHs8d9qpTAdSbXEH
WOfck9QWC5cvQqMTVpxV1ykMFFPMOOLRqyFDYK79WoMKLV6LTqKEsuzj+JxeMFf1 Y1F5XoKatqjyA2A2kqQnX3DZNrDgeYsOPpV+qBBtBmIzmWv5qXM1unwQuB5nFEzf
rjR22h5WDEjkglngB8P5KYHmpKIJVlSycemCu0gxu4iLZ1iAkncXF3Q/jVe3OepT ciq8LNboFTxM6Nb+2J8b84GNJH0RwQfjyDHU081z82HD1dFCCFbeFI8H4dg6vzQ2
4pj1hiRE6NbmzSo4yiQWiRMAziXu965vloLLlqhyGkeBgI4virllLegB4GM958Id dRVFqX5wGijJI5ZsAafFLQaxiyViAfEcrnNwbTauiNsqCwzW8VsKLe/+RsvsjKZp
iahOSRan0S5zijfQFWW/6ugAOK3d/iuZc5/OnzL1DTP6jISOVpkfpwuh6Va9vxkQ QTgcJ/3DZVaqJGefNi2i5YErLizIRGA0UUFdPck5iDqWOo1GlR4kUxnQM1ttRxwj
dUQZK4bjSW3A3nLl6AHn9RzV4pS7RfINyx/hYN+XoJl7qkfwWBLUxYtsUt03qqJv m0K69dDcqrz0lqCd+XlLE1VSuQ+m6W/p6nylVy0hwcNZK2Rd6V/8CztIKs5hcmVs
+n4eOpFQXSEOHyFWbIsdoWMUrBjwKCa8xLYCjPbxqCQv2IuLcekNj3rEYxjRWFkZ m2YcrPtRB4ZNtMqiRHKFHqX6K/bI+YJSArfVkhJ+top8M4qW3jFvGbk/d9GA+Xql
OzxSHhqlmKdNCLrUpxhqRwivDQSHr0VRpNCCfv9HkdP49zdyoF5bOXW8b754aKxI Oe4+5cN07qdC0OEHtcO61ZEdoyDjfoBE6y2LDXXVDc7vAUKh52vG5FWLmpgUhy9l
BN205TjoGRCbozJ/QmFsrKRKqURPo7R5Pi0rTe51HbTC0aLP056whZjIsjAhNXxt brHdPnkrIo4hJEgbeTyhP0FSQkKKGv0h/PXBJWMkfYWztltBaUPhi22dV3/MSLBZ
QXu0K/ZHE1ip5QD/cfsOQL94lRjwSQPYbv1+hNvxx/52gWrf7DnkVk80NyfNHMcm z7dyc5Ly9wAP72qL3Cd6Kwsz6kvBAMDcqzR5PWvdjkVv8plRuMWKv4UFazpM6sX6
UoeiVgQxp1GpHz8iv/ducJBx+YLCyJzZ6S0MswL1uPuk08Dlhz1ALM3deKEQcOoS ruNNgLCAYraByH/DbYU4kDMhCnpcVstZC6InBfMveoTsfwcSh0Qeb118SeqNBoI8
/665Rb+ZMuwDNFIhi7c7EK6d9FWHLpvAv4OOWVWtv+tQi+cU00CNKKO9R1TLZGVP NjDIDwlwXR8fsWNj5Ek7POrmutwqhTj0aqsNRuXBo+iyUE32QAb+Erx+ukbWlFPf
oDii0CcFszUyiluAO5mCUwbgk98EHv4v5tqICI1oUpTy/qF85vqg+//6OcwJrYYP ECA/Um/vZyP6TCZEMLCaxes9Yx4XcCGxrKboDwwwKIeiosCzBRMZ+hg0zTqiwYPe
4MolKXNYLVaYvjzZZeYpcyx4kC5bLZktp/Yom7Kq8/Nof/AoBJjbDc/IU3f0u81R uZIgWq3in1H3SPJhtNKbWvZwEpfkK/+soAQA6cNkKBemJxdjy0Cdvs4k+iWN8hVc
vZXM+b7PTwbfTlw6TQU5UFqEz8BarVINhrMlCkOUKp3ddgkRbnnBsXQp+BvQwh+i YNOeo9wG70iy/xLfmc7QGnlasUAWBkzpuBmcPw0VCNIkTwu10OR/K9/mUUe1QYpq
dQn5LnTew8kVenRPozwG/nThBQd7L/XcLYwM7S5cytcpbECERR4h4axl5FS0jud8 g5BR++U0cilgbBuh4MqdYBSmXraC/Sc8V0XF8HMXFqLf63VvymmXKXu0YdcsQmzg
UltbXu9mG2xSL5ZKDiPteQm86aocxd3bcwD9zbYnx0T7/2nr0gnkitMpO1gGVEC2 pLp/eA8DY3yEJqZYramSSUU5b2d9pBRhh/uiSX/KRNquVhIbyPmBr//C2E6CFSG6
jGJUrmMjvBX3VZK5Pi32FlWJ8u0xWJchY/Sfx6k8hrHiBuyYkHYyhbos7VDL5E/Z xDFJcYaZJPUIkh7SDDI8gIOshGoJpvQFfBZJtfoVtjP8gGk/pdCyqqCN4/4J5Lql
Pki+8m6aa/LBEV60ll/ZP2CpvWEjtaLqOoR2qUHsHFLTQsGyL6Tvauh0NI5hkFG7 HIfNXAqfeKobox3KJLLK4aKUcsElZ3ws7zH+0IDdtq2KTiIZxFaON7VfoYTpZCDZ
1nqhmJqp0jL3H2L/UO+cw9HpFUxC5BSu3L1bWp/xsDBvuHQkfvlI+WSaxZCHUYys Nf1XvkGeI6/iZ2TvpcE7R/+ueMUAhbOklIRm73tC3KNBjEcTmCd5ogHjnBU//FGL
XjcXrrr8PNYKixOlRDUFs3bu+vWhO/SQaTzRKrlHyWOO3M3k/mJdwFh7cQMwXchf APCfDs6dql82nG97yAxLRRVK/Hf6K/wCPapULZ9T2fDc6uIy4ffE0DynmguoIhxH
vpfHC+Ha4po/MLphNa9ZCARlh+OjHt3Wn0TqF+NEqo7Zckqpu7eWKzV6yr5CNk84 0U27dBn7m5FpaY1GP3+y0m6syw99RaV8o2NOpNtu+RPRD/V/V43s7f5S7BcGTdVB
UeWzHXpoXnOF9CDINDj1/+1/ODooRjSHSTk7GSlPzmrl/IUqhfwPTkr+XfozBwWR BZ3Q0ppHpU7UViCCSK6FnEEVYly37vF3uP8LRfJ3ZQ5N8957zXbF1OwUvBKW9eLl
/m/IwWAqdVeS6rxE7IcN3m9cTqE66dX3uHBnOdlc/E8N5lhEmKJJSDgcpWDdfiJn NJ8lI+d6Z+g4VZn0vKQkgjIp8xhtkUCjNzwdCCISNABMd1ja/N1R+aL/zUEZpM5+
YVK4PWHify+iQEg/DI7Bk2slTrmQBTiYHjWPaRhjFxBeHTBkhWeCTbcrT3G/1q84 TC7KFqJdea7VB8LS5UJUINa7SuWuGCUNqAZ8h+2Q0LTCO81/DMQCMIUyUYMZjj3T
3LjrkKmn6VGnc9Oifl3ua4EJinHUoWn++5HgyEosifKWQiPWYkfV6uIYUSMf0Y/9 qq0ZXr2KX1NfcjFx3J2Z46xLpIBx2Ui6psXapHrTZoORGGD6xg5PAYQoDfvo+u7X
5RiU6dNxqPrEwbTRvGaqNoY5EE7/zDrktHl+ZavezUtEmFCGfVru4GmV6JRAAC72 RMxTvYGR0xM3XX2XaxXQYzuFvY0Ksb7aa0WR2DJW5OTq7r1i2CUUYv8s6UUBNrtK
/J1YcQXjfscu+SRW7GS8pj24jGMM60f5RZy46efRlmqVqZ8WF5ciJN5BAEz8FQ7R wgTWi9HvExMKS1a6cZV07S3SDRXUf+ZGk3VROgtwX1OQfx4jPVs+Opp5YMQETKXQ
5KYqHDdRsqImEf2folbLvbSFkDmsnFrLswKdXVgInfdr7ddiud++nRb9KgFugC8a qPT9zaEC6bVKlm7ODT4Hq1AA+fPbWDcmdEn3r3LRQaKUFkTHs1pb+IT0xR8N4TcY
lSNt3eOwkEmc6vDd1+auovLXXF9fPnSPx+9N0wBnQbIDMEG4Qbo9FBFOHiiMC89u 3BsKf4AQaNlcQd9Ewso+wztvmOLHPub5PXrop/1DHap4OR3WfgnVd/7kpboYYsQH
8Up9kmfyqwNge4JaQxxOG0RvQMP4OypGAhyNk0NhGYbS2OcHp+s2kH9BiYw3Xn64 bx2fHcuX154kCCZ5oajf5o99GDG1M83MJP9YOS1v9yff3ikVVNzvGgSCJhqNNxlI
XawZnKQtQWpBSCKzq/aBIGya2kY/olHJm59NXRoBax60vHf08xGhGWTde4sMhned fJ5UW9jrSOh1MdCA4nDAZx14VcT7HA/RtvQYk6REMjhpMM/f2mKRT+LA7lx9Dd/R
fRlRRSzwoJRYu35a3Xg+iZ8SwvnwkGnAB+pxAip1XDm5kGiR2mXckNJ/8JQQf+CS wS74z4b893+hIoI+FdQhnzbO9c7LhsJDyQO+e9RlEgZj4Iudic7LPaB4ibtEZfMW
PpMeI3aieEoApqh9CiSgKkNVZnZkzMMBXoN0l0nQ75sPficTVOplYZ0DpbTgmieY I2tiXcN7bjfpAimTxDcr7pHgXy7OiAzrKMkeH0VZQUxytxvCdOKqiGpa7Q9rlcOV
Kist3Yf6kKH0BBXUmc5tAqPOK++TkFx6wff2hpJKJu0mWhMpTVBVSdv0eiFA59wI YOv6Qc7L0XeZowibtXMLHQrh/atZqHLGD3RkMk4wPws80QHfvvtJeU6r3ORr6sR9
NwuI8ZccVQcdH2dP1Vqun3C87y49ClagneW818TxK3KocUSJ84/jInFucc/v41Nr +z5/FM9eOQpEV556J8VvLtIRI+NkqTAQ6vn3NVmVcn0W1//JEeixkeXSNg320lS+
Kdbl6g43MQmj97zcaIYRB6JM102A89bN9j6UX/GpsICafLb4Ml622SH5LZyrcVSn VtgnhKmDIrRtaEX2riy9FfYZha/P4L/NtZV5YTlzbZIz2wK8nUvC/pjWqR7bsGqx
RujexKoiLCTYJscg6VfCnxeEkgrsc79NZ/rp4jd9gc5h3B+azq8uuJj4VwcnqjPZ yVpPXgydzIFVSRdSBJp2kCRvqMVahTPBXq2FJ7D05FZjtpJ02fIiD4h7r2KG5E/p
JSdLQKCMSH/nyb+hv+30zi9r+4HXn+sqgqAD6iUPsWB2GL1nKnMHKjMo7FnmA1Fu GlLueal+1kTw8F8ewXqg/kuX0UyMT3XuWCS59CirpPZfqWi7m5CJv0EMcJvmIqQ0
w65i510BeSAkjF2Gx4FIKycoaRqUBjICMtMrorrO/KmGP7l7dRpuhauOukayTOS7 wEQ4SxYhxcz61SJMMCcf2LKlRn5yUWOfElzAW+ORZeltXIBzQy6eGZjo1x0U02a4
8VKnb5lJOewHkS6VD5sAEYYrp7xMlX+w+azPxYG6subuEyiACJNRBylcFaKv5w8y SiQvMf2UtMW/TukODEMGyBmfGdj+hTXsbntSh+y4LrTOEbDPMtaIkHVOQ8bPG7Ch
2FCf4SVXO08bCgM5v6X2V0+44rNTq9SYygUIppVFbe2gZuPA8ZNi0iN0hwTsO9lw XZkNkLS/zFMxeP8UMs9kkfQNWsjAYWPOMtLEQkn5DEHL7BIARnWPzzjSRd8+mB7T
yJndiesu6NDfxnUqeP4k05b2dE3NMzgfqICUuI+gRVBNpsauXSkZmKRZ5xGSxztG ss+B0SzA0FRMmWASR7an0j6H8LPGU/WRJieuPBUoOcrLj3uY9nUms+VWnv50eKIc
j95vpUKXzyzzC7mIrzRq2ZeL7tj7X2u8t5wl+AFWeu8d5jkiII4jFIZlL3kWPSIH dc89aR+ev6JTzre5hDYZ+uQ8KLx4XsL+8VTSfTGsVGa45fIgUOFgkJsNqLdb84WG
guBvePaqkcR7uOzPksP7dx/dYMjGjsMucdnf/a9fqa1uouurpZXCp8hSpxV3VHD0 85Y+7qkRt7/+NaXJ2e3JNdqpqA3uLCM8TcQrj3fb25AEos4rlFb5N/e083CLTlaf
gN9ojaFQlNt1wqW7H3iy6eY+b8PngKY4//wdyoj3sazcxUWN44nUa+zGHjQWwFFB H9WcO12oFO8fXM1+uPFieLIjbkRshsWngD5G72GFgaLAAKe2xBRnh8bmQPiHeDe1
SgSFidez5n6vQABTwhkZrBz47Yhkc0QF2WwzlvEx96/9+eG20MfTrQINCPx/cDWT dzs2+kj4LmroR1Kg8yrMTbbQpItzGhIosOXOx0uCWM6XDMrIZV4+QFmdVlQKmtpH
N/PP8QpJkG86x3Kokr8thJYQHnlxgLXZywLIx31jKR3FSYzsD5PERTDzVU9cNEF9 JHF7KbltJ67EkfhKClaCZNJtSdrcFIRSn1Y7D6Mxain6sHM6EBUkmyL5zc6fmpXz
tGwSqEYg8AcLBFHzOU/iz0ilU2/i1ilcEoAivRD52H4OgpMArMZEL+x7peLEKs7n 8dTwMkebR8/c2mdvuZZv9cP0AVzOH5LIG3OQCkeCyRfwpX4briGu+1Nf2G2YthmY
a+on1E1RuQE/YSrA8KgGQ2kSaaouCuybeqx5SyYi1B003c4QTvcE8ShVbJhhbTka CN/UFvw11DQygRunTPMibMlC89pgLHsth3xrah4bqwyXQ9Kka/Oz/XLn5WIEEbFT
3vpcb/Zw9rZ+AeYyFfKj82Z6n/ujgEhmd+6Ianz4LNdgPgATpTgD9L/MiFv0LaWl n8pXpcU1zuH09WjBCEoz7kZAVYtov0fAbawJFhA8vyT/DnOdv4T5ZE3KSZAtgYZB
CtcGCBHSpBgk1ghemkMlVKORFy+CALQFdoVWtY1dJ2rDZl+BkyQPfTIXdoBmW3rm Ua4DrBi/1b7eJ7ed31kFhKCxQIzglroeb23hMEzRLcrw+3zE8HKm4E3TQjlN8est
P+TlHYBTA8WmOyS4Td4040h37gqNzk6WOi7oxY2Y5qKL05K1mcuymIvDXdDTTRY/ nuiyV2KsUNtzRhQvvh1tlLMx1Kp6C6XOZar6JHwS4F7xGrxS3iVGMrIQzqbPacgv
Pf3NcnBEHMVBqp4n2P/tDdqPLhkBHzGB/c82A1BXxt1tSrNZrKNYL3sPZYWEUd82 PD9w7N9jgnJ60R92OjYH0CveVCGiLO3DYjQOIJYSAqxtP0HN4nKO8gnJb+FLoofa
EtMDgKaNw4on+whyZexNl7hDS/JpO/2M1h8TaPel8EaPc/n0WiTgqajrNWdNUm0K 4fLkjoe2K1gILv6weolQUvCtjycoYdiV5ivwpwRpuGyujUOIwc/ATZsKrS/NySmE
Idf5gmeOjTLbNHYyBg81nkEif5k/73YvJvJDDAxZ2CxI/URgmpeqNWQ8SNukidiE /cVFfDNFDhjffynJuG+dS8Z502SGB8zmh3tbZDj/1uwlyqnzHzq7hHN+QdYmUIXr
qjkO+uvxxE105UIOEBCqwNd3MQSxmggMPHyfAIy6wVkE1zaRuEZvikZr2lMB4/qT /AXXEXd1mgJ9SArtyGeBTrmt1ufT7wyetJ7Y4Uvu5TdLIRrHVuOwzQItsCB/xrny
myc4tp3JVK2s4cK2933tWE7NYLMZMGRZJa5EDijFi4rBggiHP0uv2u6MYFCL9WZL e9xD3J+ZZA+AffaE0nZtu4FMK0+gWO6oyZ6QuIXqZSaZtGMtTHCJ6ONu2nMWgifq
fahwSlpa1mF3Az7+LaglL7ymyXMEcr1xHCwzolL3pX2J5q98rciCvkw6qkGLZYlL Vm1NvNTebsAS7PZg7FlGGn2OFwzdZQN7TAZtxp0iYbGrOgO/lZc+yKbALzVTQuwo
x4nAJnaRoxkya7eWZmHb/WcHOV4KghwYifsv9jlSfYrGZrB8YoCksuKZUlcZWB9f 4P+1WK4FoVzgwtCUwswgJeCb0bDwYwJ5dmzQo4kxZIyxGYawoXoxvigJrkZqPOIY
8992P0K+Pmcngtn2mBh5lTJ5nxPHUOLap3Psh77FLvflfkitP/Py7BPWq6uEQdgs d1ah8s3xzQMHNRt1AXLGOS8moIcBPGXQQl3i64M43bytLOOwn4rJfZb1gWDKVcrj
Zy5j8DbSQ8gUUzpDIHxwhx0xyvK8jIfAaKmP9ldVI79n+kElJt3ay1r7Gvm+2tsT a5tVN0unSfHOcgrBSJuw8C4bNlzDwnQMeawjQctkEeDU2DexIq/GtYj9X8//TPTp
7+AEjB8Nt382mAQte2zhmF4ecl+c3fgEFDySkbM/n/ws2Wp7tbNBDQVGUOTHUq04 boLHSFY0dcseVbHWw8O98ZCBU4Qd13JC3WLMF75aFvOcnuZZzJxh21R+espRC8ME
3dUTfMyHdsW+wQPEUSJx5U1OA7T671hwtf/X2OJDdC963efXDdLUiwMJTvK48HzX 7mNSr36wzwD7YLXxyjQJTHaS14A9GG3kHCvawTb06nSrwRgVOVSsfUw1Pglt/NV3
zjWlKwe0PNQj0qmLnzLsz4jzAo0lYeBzmfGmnXQb1+ReiQLAbzvg+q2lKrR93X06 WqeaQtUj9zn4nqPLHtEO7vCRR2d5P22ism08Nulu8mQN8JCNqH+qvK2RjOxESFEc
iSOtSpNP562saAYSD6mx/9ngqTfdODqZUsnD/wcn29hNox/RHVVf7+CJ8lWBrU0U wzo/AliWVkCROjaYivbfN08fXsN8mal3iL7L1tBeZ3dyNxRGksC7Q3jO7KfC9H25
7u/E+wKVfvFRkiBw9Aj3gEBC24GSfsb234xYILlIX/9zMMurslXL9uxZz6lKtenR XeDRabFI4RmbFXHSdEcb5IZvVRspZps32VSjaFORMztIpqBy7ilNt03Xoa3ZAwqe
As29a8xlDNiDUdZMwJhZbtABJC2gXsw0RK/uCasbkVGNeb5FGYEfOgN9NLtmryP1 NKdZpuSm70uwlQBVZSDQYKIL/RNbZ1c2uVko04gRvh5akoZMZHbPh62RLzWvDU5Y
2dcHQtug5WHcyDrtAjxVY6LuQCCpF3/9pzAtpH//f4qpf6tzumnoKwjwXMs54UlY EEmeT8pS+B+Z+Ecy0tCuSUFfwe4IT4oO39SCWWymA+F6JMI+nnRzzbFLgoSK+FVd
snBfIDQHNpRNYINiCyAO2mrNO/h6C6ELJu42zqZFzHcPy/u2Kq7IQAO5CvF7/2TE /nONHA59fN2Pfe3eP4GDWVgct78eHOgLU6QitnksyUXn5VdxdJjm4dPZeWEdVyhS
kpe+PusukCdfpJeR6xOZJlR8Zd+CD271ZZSbuxveRU8Q5pu13Wena7aBMXySt3Ro xUj/RKd20pSQj9L/+i7s9HSFCP0u9fe3mluqOdKLyM7tvpQZBFRpiCDo9U+hKhZE
RlKM2sQ6gI4TV2hZgk0uOg3g6l02ebXe39YZba2RU8FVsz2ySIgTYDixKmBpnZ0H RR5Bzw1viLObNtWbatUxLC2xwCfILdsXPzww5mWL5JxsZQrANYtZb9/Otc8QSV5t
rrl3xEUl5FW3hcH6FU/Bpqtv+K2xp1MsE75l92JIIZOMF88gtbw+/i+gao8lAMmx 11/An0LYu8dlY42NUbw+Vo3cEUlqkq4ULCMDqQVEwsYaTiOJIFXXfa35Jhzq32mZ
MF+Oa0ulBxpG/uRFMxY5+4iPRK3qZrZNLyjLAtOZ0wBbtoN8ws+MIV7/W9IiWbYB uBRQIUaac2nNVp9sWGbaRVV/g84g67uqK3ZTrOGmcPrBoinoe9nMC1gpgCq5ke0f
Oi3Nu0SXCYibdSFjHizV9Q1SBPHw64V0+wFb+kcAFeOxMeRtvAEsWrQbYlFxRxFx Dqi09ofQK7HsQtimRa3oPqa4+auijzi8aeE0fYjUUOenF/YQgDOx0L3ObDd5UiUW
17Nm/ldToQ7jMwZZ/zrL2Z9WD6SQgAadPqrXOFtZ1EiioHceNCb4X45GkA1wecsc 5XqbObxCLr7ItG34aHjRsiGAml/jVSNCAGIjybVuB2r/XR95g24THvE+WIM0204O
U2yBmjyGiRpNu66D7qI5WjmLI0pYY8ozFJ8sWYWjVnx6B1mi5mOhPgiXjcKnLW7A 9v+GuSK8gkATcCnLeHEeolOvHBKYhJy0WC0TkJ16YTwXIC6NisObPeBoYa4sF02v
007QdGeAhxOv5nHmPsH8iO29nbMkxioRu0xqw/EvluwBEl18iXyGQXyu8BPXYMzz a1vzVOx82uzKR+N9nIHtjZXNJ5QohQ1bduPYQcUU3tAOz33pk3tTCcs6hRYfUee1
3EDi4Apeu6D0lssgxJySo//TQYCowW9gE05QHTPp6ucMiuFuxRbxmGFz9QvNihxM x9IsI5AGh4jUoU8CXETUKKjlSDEP8yU9KX5M08+7Opom4VncYgGrGtRRsStdNb08
OZ9/d0ZDj+d8uOWSJhDzN+g/Wvegmpe+l4QsSMtPz4oY9xp7MmlJjdr24m8OsS8G m+qa7Im2zgqMucz1A/PSuCwlGrfuSUhGFDmy1GXVHTrpvzx6DG7trSvmeO4WOLnK
6ugkxD/Bx4INuQ6OBClWYEn/abxrWJEdsIAnD+8VyVYERH1CJPuEpEtEKPGZpJub rFezgGiJZTagiQLomXiQg4MtqRAfNcOdkW/+ojy1jdpcukyou+4SMjarHJkCOPWH
tlMGAP5H4G1v/vcRNuzwKtwBfwy+2HrCsEXg2ID6KNkaQ5rsF+eaEP40sW0Agrqr ToE428nTBq3ub4UaE3vMMoZlJZAru8nC1EE5qq/bIHdSVOjTXlw5elvSOUaBfm/8
XOWjvttcSHMzWIdYnKM+dNlbJYQCfszPEyrwoNPy0TZvj/GbhkvptZhxfYlyc1wC nSeQyBYHJtQcqp0qIPbSMMa+IavQPa+DjzNX+VzRay0XaffjspwwWwGg+cgnKL6D
5bakTYtX/VEQZ8K9u0tHKKbkm1YCq6s0Cj2YoKWDkpFPSqAtw6a91TyWAO9MP1DK HKtsqWJNuahAlmYLe4ktql9WHIcJtQRPqrAKcwI9WGsaA5ckOvP91V0nIhIjLzup
JAizgrwwJjZz7W68oVeUbVavIiSBqaJEU2FuQHftrpALDTL7Vb4HG+uwlCU1MlTC 3aHFd8Fa7oKLCPksD2jFNldJL8i4utOs7+GyLraPmQZMfAULwevozQadYi/kV7Q3
gfl5Z18q5GwJe2BM2ngEUfsddtsWRh4pKYtRoQavbLS6F7A13tvxbjKVU7l18VVl hI/WxFP+2bS+AJgerPrpixJOE5IQRdz3+d1RUP5pG51G6UL2VZQXcOhcta6yjuad
bp8WlPN3soXuEe6N1tWfvzZ5LPhC10lUYBv/QasAjyUPC6quYnz4L8YLOGZbnCB3 nr1C3mEY0LEreGf0QMGsnkDc+xFD9vn7pQ7mNazjY8UPyoC8LdAfQXpZz0LpCpWM
xKkTH9LwK3dK3JSu4Br8tURe5tMdEJFmE1XjAXGjwLS7Ao1Yzo7EMtIbdXNFxj0N kBMj1VoMooH6FFu+1KQ6MGVB5ycl005mCvwtlqqVW2j337AsASvbulH2VK5PU7TR
O0BE6ZedBUEoujik0cRtdckZ3yVZzQKkLhA2iTYV1JSpoRRjb/hCEqE7q+/oIqz7 oEX94PUldZNGmEyQGbJGep4br+z4GOKKwlPhcCTKzS4QXCkPSLNluolt9OqDny81
HkdmKbCWa9YEm9u195BSS5J9vRSADFR3h/uSQEGlNgnxnNBKMNTfXGya7B9IzNig We6WpVBIZtUG9YU5JBsa0EYHenmV4VGtEx+GrXA624jI5ZPcYvHery3AAXb61SZ8
MUwlW6IL7sHcUsQI4lfV25+QaW6ii6dZpHXVNUGfFkjk9aVv2D4oBhekLAJxfS9D HbjZoDyMpWCLiKb1SMpjYUrRISH0Qc4TJzYCchYp9DXp0thekCvj+JsYJuDzRJ14
t4FU7GQ7FElrJTiGq+L7+Jo07VBAHQpTejhFUe/myA5y3CfQ/cM6GDOyDJ69Lx3E nRQKmFVLTKhk3tGDPsBEk15eE0gB0uni8oDkggDAVd4YcnnoIPQErL9Urq6zUYOb
8/lv3Y1EmzbhE6BKCmGTv/3BtGcP1pbMN/NC/SQCYLyQaL3oGjrWiJTLmaPYT+/P br5UNf20HmUUVfj6EN14dF1moBHwfKIe1yXaffJ91OkdLfJASZnAT6iWV+EMrTAY
EQMvuIfoIEplqHLqrZ2tKihBx+dcmt8GvD0ekC5yHDhlZWUFxtJ9LRYaGSY6SgPm 61tDu3ZmHdrokfuuCBUCb2m+Ruxiy8euVtvtyOy9Hz6QmkfDJzU/IUpszVbxkzI4
poceJ756fN0JQFIzUFHzifY8u0TplXEmtbMSLw5qMnJzKcMwHjItG/3/HhaR7lO6 KMopbWaCNq1+bwOq7Cm5KlsQ5hXWbKJcjAUFwp1f0T6KuzZQHXpuscVOHihk/MNP
ZzhrGGCubD3fdnmsSvEIf+3TRMaRX9umMR9hl5Ub6eAp4j3VLDaQK0llQooxFXsq lRVqu9hYnYH4Pguyq+IwxJx/lr4BW1u0U5ad4tNpjNvHYNaH88rYxSMXKZmYB1oV
Y3a3Q3zq67sDJhUDdxwfeRbe5omx0ut5BygkOWRtT5eYOGyOISlA4f+mQCO6tvVr WesNteubU9yZK6sVCv19xnUCmy/meLS3ZgPuI+AEvVGv39aWDrNTWG8ZE8pom5N3
1EH0pncE7Cjm4Dhcg0Q3FxSfAPbr3FubD8D0bqFAAmDdGsR5iowWNiDnVd3+baqz eHxqtdJgocgeFzzhAXeyH0k/c5pu1f6iFveSu1VPWRWPunAshICkpBlFIWVvHxS5
PpL2PXsA4zA2fewBQbQtx+W9y8u1bG8R5F55QgzTIU1COJAdS4GF+jUkH//ZUUeH 54IwqzIVGmGV//xcYZrl7439S3H6+nCVGUdWJ39/j86LCzJlutdhVRcNNBKAMymR
0peDMkTIFIxTrbUK+cM8XwnrfixWuKU+hNSKULUxLZ/U6Hwvve9gCRH4nTZrzpX5 hgUeBFPb9cj41p6uSp9vQ3zKtwyRMAEPJjzTeEeOz4YroZi0nHnpQbU5aQ/6+Ex0
7r7noQBDDA3C8ly4CME3QMrkav1uTnjroXosgGL3u6z1BpuH9Reh0FUYvWo4x2bk AWXMC17zMPJ1aiqP0gFFjXUDUaC/OE84vok2Fr/1+VlBozORMDUNIv4UCmyZE0p5
aHFs0tMx6BOg2mi/ut4POToN+WW/jh+1c8HJfbCEX/XbrQlpzn8O/a1/fU535APE VeZ2SVI2dgS+2EeHM5L0lWTlXQOnj0CMU2w3W7mEGwQVb6su5R5Dze5o2+JhyWSJ
pB3AThi0b5dfsMMHGVGds/FT7EnmubAYgnIdTgmXI5aXu6mGChd2SSi1m4DmaMbV gcXdY+dgoi5nje2gL6rSx8Ng9uoDKxkWzbqn2cwjNd7fMbGfDApuhKAsK1c35h6p
PsTMF9EE781RWHX3fRYGItLWLTSckZ95wmsW2ossKiLkCpc+oOAfzn4RNcRCxgSz n48Mlmlw2hIPSrp9/af/nJmLg6BowhIFJNh6DhdaArLJ4PziwBNDw+3yhzy14IXA
KcZaOMhzY7N0Kfq+KZ/iHBcdMxvdVXiQMkAwZlv+xBledRBexuZ5k6psEYDcBXbV CfSEin4hIHtri0cONIu8wRT8Zyzm23UzcOJ4hpmV0JQnDYqA/S3s54zU46cth4p+
qhxNF/k1v3deCPJKZs1222LfsxqjzKKk/m3HFwFcEIXPfsImyJ15CYR3m0E27LJr I04XQoR9nfN248dxmCUxovOCx8oKodRMg7OR0EUkQ/NhjY5bu3gaTbRD3R8JiiQg
YctpbBPYSLzZFHHVOLJbOwrO4u1B0mC5mVW2KNg4sMzSGPBRzr9RGQk77ERDVcSm 7sRBFrQAYPojJQ7bg5NsgPjOjfzhEdkW/ALVfSVb7yP2tSF9oVAxyUgMlfRSRg5B
FLIH1+7m7Vvgew4zq2leQtCMKc3j/YHDiWOVse12qugp/56ejA5y2yWcsS/yULqp A1pYCKze3jaSjO5QZuxtohtwH9d4qpdyTMUPuGV7R9GolydLHTl94HeGJ4BwCktn
FQb6zqvkZk3Zq5IauhrTrBJrkox7viiZtDXoS+iM+Ohuk0bEecbePs5DEtmwUI5R Z8RAeSwMpqhi8wkeu+rw015OPYE6mndiIVQUKRuR5bWFSjm2CWXwQ4m7QvjIVjbd
XaaRuKREGzxvPqeTlg6jZu4XuPDwE3zb1vQudey71NDSy5iccWd1aqXDyVxvslwy 8lGFKgPnoyWNC1DVCEEc5jHk4V72X+U4mdG3Gm4vs3NzGi7aRpeGFXUWWuIBzu9B
I2srfh1W8v/y6yIQuuwi90/3fD76LInAYUrrr8d12hNdq6sLmrm97vy8Bj1LgLKw sT+3qcGlz9s7WQ6eiPEaERS9UMVN+FXUrdrI0xyIw8GxFcCgmLIo3OLJWadiOq/s
WlNU15UOIJg3rQ58tfpPt0G2ViULWhYgzS8vQqCsyMExwODbnUUPz4x3RId1lYRh +G+R6Q5AE1lt84szlmIrjyZsURpic43zojbjzFbcP9mXdkZRwaOHi1IGZm5JVOUb
p0HIVCVIhJm0mA8IxdttmyD7uPdzaSNNtgHb42q3GhRUQuSDvRumJWastCC4d+bs EkC67WMDgWg8fJ8+1C/X5cv2XnIHzQ0okcvFWmOWHhUkH997h13vLWMROW3lXldi
mPjNST59uJgARWKQJXskVRPB0UUW4nmof/AFzI5hcmMsLTWDasaJdQkJlJjib/Mf UuN/+maQS2grBs30QPJzB8c1cF7hBELFfdIK+GyJk4+Rf5Mlsqo0mMDJRbeA8Fl+
AUTEGQ728gzYwnD/NTvGr2NjcmCzI+O+MW76ACBWrNlLJNssqC0PQ4hDOhk5yRv1 v2VzU0k+X1aRky/89JLRHWKAfJT1marsf4qIvGOQ0WKpJT//Olz95ONcjFHq2u1e
RMm7qU3RoJ7lRP5Jcv2q1Ttw5zd6FIHBwQmltm/Y6MKQkkPdto7boCm0Zom+xW/Y OgxwxXeiIvNmPASjl8rx1jwj1FrbMcOAZfNi9j+3ygRK+Kk+g+5QYu8zkCbqoVD2
+AnlYDu5cR07uOnX3sYcOp+hye6uWL+IwdDDjZ7aXA/rAj0c1X3A8PAJIkp+o7zs MycPrv/fsRjrzojVnBDFRWMX1YIsO/sxYxTAZS67kz9YQDj7J5ulsHNLuc8bn7Rm
Gd0+hXYLrw1ooZzXU7ujig==
B.3.19. S/MIME encrypted and signed reply over a complex message, B.3.19. S/MIME encrypted and signed reply over a complex message,
Wrapped Message with hcp_minimal Wrapped Message with hcp_minimal
This is a encrypted and signed S/MIME message using PKCS#7 This is a encrypted and signed S/MIME message using PKCS#7
envelopedData around signedData. The payload is a multipart/ envelopedData around signedData. The payload is a multipart/
alternative message with an inline image/png attachment. It uses the alternative message with an inline image/png attachment. It uses the
Wrapped Message header protection scheme with the hcp_minimal Header Wrapped Message header protection scheme with the hcp_minimal Header
Confidentiality Policy. Confidentiality Policy.
It has the following structure: It has the following structure:
└─╴application/pkcs7-mime [smime.p7m] 9750 bytes └─╴application/pkcs7-mime [smime.p7m] 9775 bytes
↧ (decrypts to) ↧ (decrypts to)
└─╴application/pkcs7-mime [smime.p7m] 6200 bytes └─╴application/pkcs7-mime [smime.p7m] 6222 bytes
⇩ (unwraps to) ⇩ (unwraps to)
└┬╴message/rfc822 1964 bytes └┬╴message/rfc822 1978 bytes
└┬╴multipart/mixed 1900 bytes └┬╴multipart/mixed 1914 bytes
├┬╴multipart/alternative 1130 bytes ├┬╴multipart/alternative 1144 bytes
│├─╴text/plain 381 bytes │├─╴text/plain 381 bytes
│└─╴text/html 465 bytes │└─╴text/html 479 bytes
└─╴image/png inline 232 bytes └─╴image/png inline 232 bytes
Its contents are: Its contents are:
Content-Transfer-Encoding: base64 Content-Transfer-Encoding: base64
Content-Type: application/pkcs7-mime; name="smime.p7m"; Content-Type: application/pkcs7-mime; name="smime.p7m";
smime-type="enveloped-data" smime-type="enveloped-data"
Subject: [...] Subject: [...]
Message-ID: Message-ID:
<smime-enc-signed-complex-wrapped-minimal-reply@lhp.example> <smime-enc-signed-complex-wrapped-minimal-reply@lhp.example>
From: Alice <alice@smime.example> From: Alice <alice@smime.example>
To: Bob <bob@smime.example> To: Bob <bob@smime.example>
Date: Sat, 20 Feb 2021 12:14:02 -0500 Date: Sat, 20 Feb 2021 12:14:02 -0500
In-Reply-To: In-Reply-To:
<smime-enc-signed-complex-wrapped-minimal@lhp.example> <smime-enc-signed-complex-wrapped-minimal@lhp.example>
References: References:
<smime-enc-signed-complex-wrapped-minimal@lhp.example> <smime-enc-signed-complex-wrapped-minimal@lhp.example>
MIIcHAYJKoZIhvcNAQcDoIIcDTCCHAkCAQAxggMQMIIBhAIBADBsMFUxDTALBgNV MIIcLAYJKoZIhvcNAQcDoIIcHTCCHBkCAQAxggMQMIIBhAIBADBsMFUxDTALBgNV
BAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFN BAoTBElFVEYxETAPBgNVBAsTCExBTVBTIFdHMTEwLwYDVQQDEyhTYW1wbGUgTEFN
UFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhMPLSW9ETmXSs5CVIeh7j00 UFMgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5AhMPLSW9ETmXSs5CVIeh7j00
Boq0MA0GCSqGSIb3DQEBAQUABIIBAC6XPc3wZgeB3FCnDRhzs7bUIr/hjZrbZzPm Boq0MA0GCSqGSIb3DQEBAQUABIIBAIJ1TSnodbIX+xsUfgRTABHJ9Cp7TJAEjB4Q
H8yaAt5YW8XRZI/Bt31j9i1OtPWRqthYxM4xwIc7ShdGhF92sGkV6czLsH8kkT0p 8bJ2SJQsuXjbky2uXOISzL5ryCsv37l6n7W+MLKlTPvXIpRN5kkk9mlAlZkCprRC
Z+FD424d5ohgjPw87eyufum1GL+1q6TPItjC7DDM4kq3v+kwMaF59PCZ1QdbB1Yp usJvS25o/h3x6yb+XnhWORi3hB+b87zo1ysoA7YcyF3Qq9YCe8bkrNrstnxe6uzW
p+bGYko42Dd55Ur9xrbkklIuFI8KQuLrt6kdLehhPU8EFF2Trd5s0hbHR8/AE4GR T+1EhIhPRzZRpaJzXKer4JjxKKJYn3o+pLdsD9/T1sAJu8ueGodVcn3cnDH5oW8j
46lKp9nZNgkNRo9KKMXSMB9bkVe9kaTjGYKjtD23AbNDDFrwUE15jrgBkQWtWU9j 9BnAVIS7Bosh05moOD1jwg1taKZu02ycsVzIq7U1yQ/kXQbxMkdc3sCIJHSH7upn
BuZG/k+vtFch7NNVzGYQy95etutW1b6Efh1UJ7/sEv1at40ipKEwggGEAgEAMGww 3/filDlwvHZynaQc5oIrGaXfja7+BlmCJJ3pvCwRg1BTs+2OkhgwggGEAgEAMGww
VTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNh VTENMAsGA1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNh
bXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkCEzB8R0APhiY6 bXBsZSBMQU1QUyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkCEzB8R0APhiY6
HGLS64MvlsDXhpQwDQYJKoZIhvcNAQEBBQAEggEAkZniKnyo4dOigzoqg0j2AJRM HGLS64MvlsDXhpQwDQYJKoZIhvcNAQEBBQAEggEAJJ0GA1RKCaIpRJ/hSThEF8Kh
57gPSOt7RygacVe0zmHsvEnmvVeRA2u3C9gJHoxQpZWdDilIEDhFUEG0POmCvksB MV66qx8SQ4zF77Q0N1rgxGmQagbwuJaWy50TKpbEet11elIl4pERnA7ySapuOE+e
Dl50HiQvSP8h7RDohHPCAT4TpgnFcuLwxASBXOGVEEFUfQOaTxeR3ZecR2vqfXXt myif7rCxUr08+MyqSidsGm4wSUC9MwRfUC+t9CwwV55MG8ajowtd5WhCKPbStsup
TTTh+gO8j7y+uKqAdpwaSVRcawrX6KQwjiafPYhWYGkrZ53cHhN9Ljn7SvfwoigZ 9MXn5yMTNCMJPMWOTVx8b3dcQIREcjMK06ZF8s0Tv0ecI+FaCP/38Tt5IxZ7rx1r
fY7DanPi59cvr69ErFFVQBwQUu2IGpQ2q5O18GPuk3Rjv1WMyG9aX97OlbLxjJnM 3IlzBA5i1uHjkKGPlsF6iYoLafm36gWtCk36g++FRtROfmBa+PbRjX0HNU8efC8c
Ql0ajLoSdrQaPe5y4pw5KisbXIAamC7Npu7hc0Trwftyn6SdydpdrUNVJPGf7jCC W+WbS5fHnf6jx6wgtRgfNnwz/IKBp3OYBhpbURNMRoixDwTk8jTg6nWnFJPxfzCC
GO4GCSqGSIb3DQEHATAdBglghkgBZQMEAQIEEIT0h4LUiMtMNeOENaw0gB+AghjA GP4GCSqGSIb3DQEHATAdBglghkgBZQMEAQIEEC03a1ouHG0V1jk5l34aXauAghjQ
h+dlTSrH14NOYcnRg88Aj3gjke5sIzCIy5dF9rptdXw4wmUr6pAL44ufkCY0Qm24 BZBWseHe0tDuv9ziM/TuHvOjqmGw7teVs9nTLzfGBG3tZSAKlVuSbG4eJazVrwQO
cq3223vx8qLJYROZRn6DA15kFHcHw1o7mZWLW2EjNo8VsNo2eIrPmT8S/2UqEU8z O0G7DWrAtcKbTZ1CiOxGlEUm4wddP9TkZTlZR0jrg6y4zxr45Q23+iE6Wtw74p2Q
s9ZtYacYtD2bTJesQCr1gGck5kMJ3EXMknPUL4razcOxJB6sJLhb940fw/FsoeRC ZcRm90Zcv5Vq6rBThZdK946hmVdfNK6jB2ZQIfZ7ziemSrgxLO2cEx5dLNI0K3qC
tuaMNP4wYV1FsiG2zDGuOtnIE0Z/f3I8uhLF5uSsScnCDzURA2ERWPK5SwGy2Wz6 61ZdmJc7phl0+5sH/vMpzzQu93ju7f28dGa0A/fgSkfAGE5PL6kYXLJJK11vl6ph
PSw3nvIN0UtA2fSmRETWAog9DFWo/t/6sU428swxvqhFCHH7VZY/jqbE48GffVhV mhi8tHK4xGR3ELSu2LHapl+BMrI0L2RF2LJF5qgejVyaRx4NoFvd5ghSATDuzi0I
b8YyTr6jJvn1QJydL5n4V0rPPJdUMvmeXV/84/5oVPVY1YlOGhUXlgA0yl7JfM13 h22efX7oFv7AwCgBjucQxgUtmCLyd4hJlzNwGQK0mJS/YyTccEtQ96HqD7+3aBnt
q+UubdpKCGXCOXg8NT5g1eBagomHvqjtStAscpcIgvcj7SaydqtnIgOKAzJir0AI LFSP91kzFg7n7mnyffqspUK4jxCj1AXohRL0t6EzroIeuNXNF806Q1RZutbv8GIF
UkOe8L8uiAZAQ+GjRUdvJVkrRood0EPDUwRO2DFXbfaxyaZOhpc2EsJlm08BTAyW dkhSYvi/MC2AZmulbW3UgPz60Zm04QMVzKGZMNOzNn1ezPShXyTao8iSExrvU1F2
kzuRRaZJHYPLqQt+UeibGg653Uo/WYi7m32gjgU9MktBqKw93URtmw8Kmy5xGm6R 9VVvOVYXE4+e62V6MYdRgfu8bpKyLvOYl877l8S6Hyua61S1/c06mUN2bQrtQK3m
8s10FNZBg1Cj3aPRXbPjkTP5WUb0bxJA/aYBUTVt6bgHgV5NSbUS9DU9S7gf+YPb ctf44uHVhQ1gPuyrGCUrGzcVcQrvRiTGGJsDSA+kwefN5hWDY76MsTytKnMfqtsp
h0LoTqE1DeQktnMjFCeNUrI98js/Hfnq3OYRCn/w2jsJSvj90SR3djIgiUXl0wUm 59vVlOZJ5mQfCFyIhBttXHEaxUfaJH54aC3RT1Yt4yRS7qBikR9C97dwHbnsR1UX
YEh2cD6/OAu7UJ+LKVR9JhnJhjCfWACT1G36BLWdC5uGQ1f7/mSmYFxaD/+pwf/o cgAsxBSq/lgiajK8cBy8ZL6yXVra4A358r4R0TPeh0r2BDbOyQKvr2kE3YZJfVOv
GgNZyGq/ob9PLpVXjhCUozHxc6Ucy1KoBZkdPFdH3AZ918oDdQdJCOdf9jP/BV2i 9DxNoqf4Lma2NyQCwxvkP8D+na5df4RfmOPSnAWL1lxPkQEr84sHo6im28GNcWuJ
zPg7W17Ppd8i6QgdgUs2nrRVgJW2J7Jbf4ahlsMGeumoehsElc5BcLqM5daBB5jo 2OThMF6zKzRxM5bjfdgqnUMJdSXKsb7Akz0dRcF1G/uYCi7mVPn3SCAcmUsfu4NI
0RBUrIxUtVpuwjYlJ4fe82vgSUlaa5prSvGQlVhpD2uHqaTf4/5qtCxQimxGMHyz L1lLnwB6/EZf5mtVDe7O4iwmTss/75oYmy9jq62A1F07fsH/bN3CVERJufnKiTJI
+SUSnoglLsYBiDVaaDgVjTv8KRtrXb3ld0PBz1RVRBKJkoynNhgw6GRxjQrce0+T x4DzG1Ndb0QU8vSCCR/RjLMuAPO8y4BEF3wxVkJyhgVHlg4HncmkdWFRT866XRwl
qajjmpGWKScDPemN7booTxzKi66Igp/PMsmlDE20VTRH/lrg2pYcdsqz68OBLClp 5BJNrpfOgUXgIwEPRCiA0v2dgCEfpcNkYH7kv1IVTsE7OPqul0hjl0LMVyRcWmfg
lE4mTpM68YcFD7O6Cu7qlW33fxw0hU6jiIVghR1bLm3j0oO1I/wJ9qu8zn7TLc+y 9Ukg1fU8dsP7geg0PDcMt8UWYxynvqoPWYStSiuzTB9cOfmb4h5AUpBB1cnRge7L
EFYmOVTWE6DA4Ntoj5ASt51wNAXr7OLqoyod7N/A3XxJ/A80+LA0j/uhLBeqE74i fzaddRtVqyl415a+BFS4YPkC5/+hO9TVpVVGMZ2y4jNXvYU5YK9Ju5ejy3Vgks6n
qHijFBkdtM+m9mSxhBoCJeOCo/hIWDKP6ML+AQsUKoa5GqkswJ1+OhFkp73Y+PQ6