blackbeard420/esp-idf
1
0
Fork 0
mirror of https://github.com/espressif/esp-idf synced 2025-03-09 09:09:10 -04:00
Code Issues Projects Releases Wiki Activity

fix(secure_boot): Fix SB verification failure when sig block and key digest mismatch

Browse Source 
- Secure boot V2 verification failed when multiple keys are used to sign the bootloader
  and the application is signed with a key other than the first key that is used to
  sign the bootloader.
- The issue was introduced as a regression from the commit `ff16ce43`.
- Added a QEMU test for recreating the issue.
- Made SECURE_BOOT_FLASH_BOOTLOADER_DEFAULT independent of SECURE_BOOT_BUILD_SIGNED_BINARIES.
This commit is contained in:
harshal.patil 2025-02-27 16:18:47 +05:30
parent afb2154247
commit a6ea9bcd41
No known key found for this signature in database
GPG Key ID: 67334E837530B75C
12 changed files with 211 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
components/bootloader/Kconfig.projbuild
View File

@ -764,7 +764,7 @@ menu "Security features"
config SECURE_BOOT_FLASH_BOOTLOADER_DEFAULT config SECURE_BOOT_FLASH_BOOTLOADER_DEFAULT
bool "Flash bootloader along with other artifacts when using the default flash command" bool "Flash bootloader along with other artifacts when using the default flash command"
depends on SECURE_BOOT_V2_ENABLED && SECURE_BOOT_BUILD_SIGNED_BINARIES depends on SECURE_BOOT_V2_ENABLED
default n default n
help help
When Secure Boot V2 is enabled, by default the bootloader is not flashed along with other artifacts When Secure Boot V2 is enabled, by default the bootloader is not flashed along with other artifacts

3
components/bootloader_support/src/secure_boot_v2/secure_boot_signatures_bootloader.c
View File

@ -154,13 +154,12 @@ esp_err_t esp_secure_boot_verify_sbv2_signature_block(const ets_secure_boot_sign
ets_secure_boot_key_digests_t trusted_key_digests = {0}; ets_secure_boot_key_digests_t trusted_key_digests = {0};
bool valid_sig_blk = false; bool valid_sig_blk = false;
for (unsigned i = 0; i < SECURE_BOOT_NUM_BLOCKS; i++) { for (unsigned i = 0; i < SECURE_BOOT_NUM_BLOCKS; i++) {
trusted_key_digests.key_digests[i] = &trusted.key_digests[i];
if (sig_block->block[i].version != ESP_SECURE_BOOT_SCHEME) { if (sig_block->block[i].version != ESP_SECURE_BOOT_SCHEME) {
ESP_LOGD(TAG, "%s signing scheme selected but signature block %d generated for %s scheme", esp_secure_boot_get_scheme_name(ESP_SECURE_BOOT_SCHEME), i, esp_secure_boot_get_scheme_name(sig_block->block[i].version)); ESP_LOGD(TAG, "%s signing scheme selected but signature block %d generated for %s scheme", esp_secure_boot_get_scheme_name(ESP_SECURE_BOOT_SCHEME), i, esp_secure_boot_get_scheme_name(sig_block->block[i].version));
continue;
} else { } else {
valid_sig_blk = true; valid_sig_blk = true;
} }
trusted_key_digests.key_digests[i] = &trusted.key_digests[i];
} }
if (valid_sig_blk != true) { if (valid_sig_blk != true) {
ESP_LOGE(TAG, "No signature block generated for valid scheme"); ESP_LOGE(TAG, "No signature block generated for valid scheme");

2
tools/test_apps/security/.build-test-rules.yml
View File

@ -2,7 +2,7 @@
tools/test_apps/security/secure_boot: tools/test_apps/security/secure_boot:
disable: disable:
- if: IDF_ENV_FPGA != 1 - if: IDF_ENV_FPGA != 1 and CONFIG_NAME != "qemu"
reason: the test can only run on an FPGA as efuses need to be reset during the test. reason: the test can only run on an FPGA as efuses need to be reset during the test.
tools/test_apps/security/signed_app_no_secure_boot: tools/test_apps/security/signed_app_no_secure_boot:

35
tools/test_apps/security/secure_boot/main/CMakeLists.txt
View File

@ -7,3 +7,38 @@ endif()
idf_component_register(SRCS "${main_src}" INCLUDE_DIRS ".") idf_component_register(SRCS "${main_src}" INCLUDE_DIRS ".")
target_compile_options(${COMPONENT_LIB} PRIVATE "-Wno-format") target_compile_options(${COMPONENT_LIB} PRIVATE "-Wno-format")
if(CONFIG_EXAMPLE_TARGET_QEMU)
set(bootloader_unsigned_bin "bootloader-unsigned.bin")
set(app_unsigned_bin "${PROJECT_BIN}-unsigned.bin")
add_custom_target(sign_bootloader ALL
COMMAND ${CMAKE_COMMAND} -E copy "${CMAKE_BINARY_DIR}/bootloader/bootloader.bin"
"${CMAKE_BINARY_DIR}/bootloader/${bootloader_unsigned_bin}"
COMMAND ${ESPSECUREPY} sign_data --version 2 --keyfile
${PROJECT_DIR}/test/secure_boot_signing_key0.pem
${PROJECT_DIR}/test/secure_boot_signing_key1.pem
${PROJECT_DIR}/test/secure_boot_signing_key2.pem
-o "${CMAKE_BINARY_DIR}/bootloader/bootloader.bin"
"${CMAKE_BINARY_DIR}/bootloader/${bootloader_unsigned_bin}"
COMMAND ${CMAKE_COMMAND} -E echo "Generated signed binary image ${CMAKE_BINARY_DIR}/bootloader/bootloader.bin"
"from ${CMAKE_BINARY_DIR}/bootloader/${bootloader_unsigned_bin}"
VERBATIM
COMMENT "Generated the test-specific signed bootloader")
add_dependencies(sign_bootloader bootloader)
add_custom_target(sign_app ALL
COMMAND ${CMAKE_COMMAND} -E copy "${CMAKE_BINARY_DIR}/${PROJECT_BIN}"
"${CMAKE_BINARY_DIR}/${app_unsigned_bin}"
COMMAND ${ESPSECUREPY} sign_data --version 2 --keyfile
${PROJECT_DIR}/test/secure_boot_signing_key1.pem
-o "${CMAKE_BINARY_DIR}/${PROJECT_BIN}"
"${CMAKE_BINARY_DIR}/${app_unsigned_bin}"
COMMAND ${CMAKE_COMMAND} -E echo "Generated signed binary image ${CMAKE_BINARY_DIR}/${PROJECT_BIN}"
"from ${CMAKE_BINARY_DIR}/${app_unsigned_bin}"
VERBATIM
COMMENT "Generated the test-specific signed application")
add_dependencies(sign_app app)
endif()

9
tools/test_apps/security/secure_boot/main/Kconfig.projbuild Normal file
View File

@ -0,0 +1,9 @@
menu "Example Configuration"
config EXAMPLE_TARGET_QEMU
bool "Run the example tests for target QEMU"
default n
help
Run the example tests for target QEMU
endmenu

9
tools/test_apps/security/secure_boot/main/secure_boot_main.c
View File

@ -76,4 +76,13 @@ static void example_secure_boot_status(void)
} else { } else {
ESP_LOGI(TAG, "Secure Boot not enabled. Enable Secure Boot in menuconfig, build & flash again."); ESP_LOGI(TAG, "Secure Boot not enabled. Enable Secure Boot in menuconfig, build & flash again.");
} }
#if CONFIG_EXAMPLE_TARGET_QEMU
for (int i = 5; i >= 0; i--) {
ESP_LOGI(TAG, "Restarting in %d seconds...", i);
vTaskDelay(1000 / portTICK_PERIOD_MS);
}
ESP_LOGI(TAG, "Restarting now.");
esp_restart();
#endif /* CONFIG_EXAMPLE_TARGET_QEMU */
} }

32
tools/test_apps/security/secure_boot/pytest_secure_boot.py
View File

@ -1,4 +1,4 @@
# SPDX-FileCopyrightText: 2022-2024 Espressif Systems (Shanghai) CO LTD # SPDX-FileCopyrightText: 2022-2025 Espressif Systems (Shanghai) CO LTD
# SPDX-License-Identifier: Unlicense OR CC0-1.0 # SPDX-License-Identifier: Unlicense OR CC0-1.0
import os import os
import struct import struct
@ -91,6 +91,36 @@ def test_examples_security_secure_boot(dut: Dut) -> None:
dut.burn_wafer_version() dut.burn_wafer_version()
# Test secure boot flow.
# Correctly signed bootloader + correctly signed app should work
@pytest.mark.host_test
@pytest.mark.qemu
@pytest.mark.esp32c3
@pytest.mark.parametrize(
'qemu_extra_args',
[
f'-drive file={os.path.join(os.path.dirname(__file__), "test", "esp32c3_efuses.bin")},if=none,format=raw,id=efuse '
'-global driver=nvram.esp32c3.efuse,property=drive,value=efuse '
'-global driver=timer.esp32c3.timg,property=wdt_disable,value=true',
],
indirect=True,
)
@pytest.mark.parametrize('config', ['qemu'], indirect=True)
def test_examples_security_secure_boot_qemu(dut: Dut) -> None:
try:
dut.expect('Secure Boot is enabled', timeout=10)
dut.expect('Restarting now.', timeout=10)
dut.expect('Secure Boot is enabled', timeout=10)
finally:
# the above example test burns the efuses, and hence the efuses file which the
# qemu uses to emulate the efuses, "esp32c3_efuses.bin", gets modified.
# Thus, restore the efuses file values back to the default ESP32C3 efuses values.
with open(os.path.join(os.path.dirname(__file__), 'test', 'esp32c3_efuses.bin'), 'wb') as efuse_file:
esp32c3_efuses = '0' * 77 + 'c' + '0' * 1970
efuse_file.write(bytearray.fromhex(esp32c3_efuses))
# Test efuse key index and key block combination. # Test efuse key index and key block combination.
# Any key index can be written to any key block and should work # Any key index can be written to any key block and should work
@pytest.mark.esp32c3 @pytest.mark.esp32c3

7
tools/test_apps/security/secure_boot/sdkconfig.ci.qemu Normal file
View File

@ -0,0 +1,7 @@
CONFIG_IDF_TARGET="esp32c3"
CONFIG_SECURE_BOOT=y
CONFIG_SECURE_BOOT_BUILD_SIGNED_BINARIES=n
CONFIG_SECURE_BOOT_FLASH_BOOTLOADER_DEFAULT=y
CONFIG_EXAMPLE_TARGET_QEMU=y

BIN
tools/test_apps/security/secure_boot/test/esp32c3_efuses.bin Normal file
View File

Binary file not shown.

39
tools/test_apps/security/secure_boot/test/secure_boot_signing_key0.pem Normal file
View File

@ -0,0 +1,39 @@
-----BEGIN RSA PRIVATE KEY-----
MIIG4wIBAAKCAYEA1E4X2rXFWjZ96ZDvzQInTb9Of+R6cL9CPejkKi38mgDTD7T8
t3VBD2MSrNEXk9CjjI1tbMAUQfWdthPGnPwpqWThK+OxdpHVqIHJ5IHn+3+2O9PA
V9lV2Ls7HyX2/xpTLGD9DUTTsh0yDHnU5+LqIC3e8idL2mY/3eF5cOQDfuSQ1ifP
T7ZjUs0MPYuiUPSwJHK2f8Sco/HzbM6MCxFUjXLMgyZ3vAdgoqlZnPffj1jIeQAL
mj07vW1FYuRJ7RpNc7nxWs7kvE+ygFLUsnbhpreLt1f4JhjqU7FVupx/EQumg1B0
ZEtnDYnRv8oFj+BPVa0ox0dwHF9qS57LG21SF+B3xr9UOGI8w98ZOm4VMNU1JKpf
kSqsvlUCR23SpLQ7P3DaQMAkZqUWHoafnmPQBL1beaiPcwmPwTC0XZFX5VCq+lQd
bV3jurM8EXY4Dk/YRrk7tZFEO8istytHXcFINL1zgCXbBXeFmzppePtpNYfuamMN
br+Eq/UBz+FWG1ITAgMBAAECggGAPRQcg8UQuoP71ILoooPQl+sGY//xA9facGI8
pi/lwM6k6htpK0SWC522pTZggJuhOdIEXamjCljl3xiwZsCbIctOhqhyiUiqfdid
I1sGSRI0dODWMM/rhTdUaoErHrhNnnJmyvb2qoMAv5sbV/0t20UnI2aPyYzqKeTw
4bwPj2Wlj58TYvz3dT5dm6U89Op4dHv2Kir/36C/phmEK7j4KNuSn9ak0tkSgamU
CPc8/4oM3tbW/7BHLBewQyOnawnKIO2C27/MrWm5gehGMW/c5p40Tgv8cA95cv/0
VHFOMlgpEIZtm8HhgPt+t+UM7+/T4dBPO4pOCFaXZK0RcMawttpVm6kGDpyqoAQ4
UCNl2qPo7EADsWcvpKbLSk23SoznUdslrr4y1frGiDBaPg7siSQepJ8d25K/d3vO
sAWV4lf6qMEJebWfPKlv2HQQ08xRa8g4T187gQqsNaFVkZP+mJCyJSKIko56ui1x
1zBCazwFZStIvoIQWXDJ/UaLhCXJAoHBAP53tlkuAUEwuJ/2KlMqIEk6m7M5ZHl3
zYy4bujmpsDZG/FphxkH32ULe2stlms3w+7zg/i36Xc4ZYnrDreTygKqaXQQXZni
SHeii0/GZkzTH7lf0wz4XRNjlw+zcMRaRpA58/DSVjMmRvG2eK/FPtn+VZ19oQB9
CY1+W/P/CKB1N1Gh7R6JWMpOnoAYnM+6yym0UGCXu1MLzNpDKJ2DPKBB/k6DyA8k
19MEB0BFL7aBEaFrerF+SO7Ri6+KIQw4OwKBwQDVlWILnpaS/eph7Egnx67RgDzs
X/zJAEV0zTRJtTYzZPTVPZWkEZE+8Nd51l2S6YQfKVi4PskQqlomU5/15WRMYGRB
ja56rBCcjO38vo/G5OCUWBfn4OmZkj87RZDNzvaKgfhTESWlScgUyftiCnQw/WNV
CFJ/qB7KlNvxBnz461L0OdVM4WpCss1nRq77P6bMK0uW6gDukuOQxPcA57WVyCDD
dGqXWLXTIGT4HV9kO2t4Vyr7SzOH8/RDDS2KiAkCgcB/HYoHroWN7SqtLaki9i4+
pnpU41yfmQsjOpac3Wt7dnkQ9Wg5Rsd/kGbMuW8kjCziVt8cBbMojRGb/cHSTo9h
GYOoKOy5DGKq8JWq+i7sPaLhVU72cbL9FojFnRu92mLZdTm4mTnaP0q9QCu1klC9
UOGv1KvytINrHS4OCt5iWWuS6dKrqGykUvW2g5UB6AvI/3wPZHx9Fa31cgr99Cr6
2zyQOCBeAEeX77E3l9gn0P3fpvMZaz4/nomq3NN5aTUCgcB5D6o6QdLBUJE4nfAs
NB/f+dsOdD3ZRIEZ+nJH0SH+sZug/r5B9/8m+OZ51crGSfwsmYgDLvtSqexdSwsh
GrvmGsDY81DRkZP82FjQ6MagCv1MuD4cnbxq4p1aoEy6izPtQEwb8V0wOgjh17bY
VGqVlhpmiUgRuZ5yXzvnezD8+o3ThrBjWmWblrOcdVEbcnG9ylCXIt4SXEoGtc33
wl6Hnp8LioIcdRjiqbrxc9ys+I0q8eWX+IEl714lX2PP4NkCgcEA/O7zrnGJ2kQP
QuE/A7YWgGVD3ybK1Crk7vKtGQPaCKrSVVS5E/WBNsIpAMkroaJCOd53+l/OzBfz
uPWIcVCujOvrrhxsvkkCIZ66mQkiygd5etPyvfmeqXHNhLBVNER6c42rpmTf1WAf
UnIBhKoG09ehJ5rqfcAnMN92Z5a7zP+7iDnANgUQrH5qfDLkvZq37wyS01iIX47D
fo1MQgUBAUjpBNUGLtCSo8r/irDLnt2/VWx+67dE1ELv7/QizXBm
-----END RSA PRIVATE KEY-----

39
tools/test_apps/security/secure_boot/test/secure_boot_signing_key1.pem Normal file
View File

@ -0,0 +1,39 @@
-----BEGIN RSA PRIVATE KEY-----
MIIG4wIBAAKCAYEAn9mfX+24efn7xCnI2YlpBJONsht1SOLQTQQ7xC8JGVxHwJ6f
KaPWZFdb+LMy7hN9YRudr+93c2LDh0sfBetKUs/i5jio+StKitI8VVDUj2ccV6Fb
qlL/9NtdNGTIcP29MoexcCyF+U5IsXjgyrVgfDWyr/ca9y0SFJ7GPeWn6W8ESpIC
AmeQOcJ0VFTaYpyJy0uPPAxZFoq9uuNGjtiDg33TmOcC4A5h+xCU+AxLDgogbNw5
/yY9P5Tm9VD92KLenoXkRWyAKscpyOOa77fRViLa16RkaJLWv+sd8Xk+Qry0Yeoq
BnZF5atz37h2TOFDvTyBkACjK/Hs+nqSekqF+3IrEH71Llk1lyTKbARFTtHe0VrE
dNAtwZqPqa+bqJJKaIE9Ts3WoNRSUcgsZpzV+rSzVsHj6pTbODruFqhhkHXVvOQj
6uiK005+uoPFeuNiV2/s4vTniofXHgGqnHtXx8+XMR+uoTwrdVk0HQD5PIpOtQzF
xGmN6pjjMNgBnDuXAgMBAAECggGACaIWSjQryWIIy6YO/hkbVJTF1cV02HsevX1z
UpvZCwe2JUQJ6HsAqRRgrQizmYhgJnGBG8CtLK13hhg/Wt52oK35iRFCEZ4LxHjt
/OA9pxS6LwfA2+9bkHiF0en+8FxCQiDOTynHuyH+HH/h4CV1Fpcv2Q3luJ6lN8vn
u4QzDczMb+gDqfxuwyRWWVyxun6fiTpY++/skIC09WXL80DWEB8NmOnXEQSc4AH8
UESBY2u1z4moDxnRWBsTnhYO7jbGZk+ohEeiYFriGCELqdStNESTfuv1uMNfem7K
OW5WZ3bKmCc1oBbZOwL8/M12+sk/b2OR15yBa16hCZF0yDuv54YZOpLew6Agc7/l
z9nk32CSca57GvpGtDZjXswhlmEoX6PybMSIQwtjkgPcNk99Wba+n4zEJqVq1erd
kj1Nn1niWjwsCc5+K5uEVIwMwrZXgPZG2hiEhkkOl72GvNt2BfEJDaajMSTTdmmU
C3CJkA90THrugPAcxEMl05MORWMFAoHBANaNhTVp9i8o01iXvVCBtoUgA0VJpy2b
4DrZ+1b6z5hqRz9EngPmmthCjlWx+U9s4XlASRb2a4aIyqAXLqRlg8BYpGPACP90
aRwWRfSFVogW1ji/3qVK3mPyl/j3AG0I+O3JX87OC0LgPaxO/UswV/B2ToTlnN3H
eoWTrRegDL/GjA9URG+YDebiSnmwL/70CBU+MWttWfTtiIjSWhXhez1+J37r/KEi
JYXdkYK7ww6D7aA0kE+iNoIqbiUpQAQYEwKBwQC+utZlqFWLqRGA6cbQWqCrftrY
XHKT2137gUsJKst/fy35NUN1fF0upbqLtrYDkLHzam3fEuap6ZPm6jB8tN9HtOlh
xufff5R0CJ1wKHNYOAwcvfps8JKVS/PaoEZJlgnmjh41CiGJuntsDIBYiM65w/62
OPy1hRtBd62PZB99+eFo80ERLCBbP/g6ML2GXTSk7UOHYtNfxA7QjPp8q8JT3e4t
T9563czQqMBiru4gvG4+aRx6Jq0Kg+gE2hjohu0CgcB2fMeBHRihKLm3Jm2dpVUI
JgrIXAmgbYIi3jko6vB0qtTYAuwFGXiQUAlNGDGoBGhszuzOap4tOSQ1zzeqAIoH
UqzOjcIqWb6mjUJq7KxCEeKSipvJyxQQPGxjSP2KObdHkrt/eVjMwQwuOZ02xeb6
3Es2p5u++ygV1t1zu6buzhaRbKcyvdWHmZcppvyKn3hLSwJ94nEYi4mojgrEJLcr
2Zy0Ql1NG49/Y0K14T2yqXc0z3KXF+1ka0xS53n8CNMCgcAT4UedmvknsHypkjRt
3TRoC7Xl3WT38mKOZ4CZuQMzC9+P3TRl14ui5BVYoLfCEV/q/knreX3fcgA/jmN1
bCjlwX6d+WyLyDGCEq/OU/kJ1fW1PTwQBNdShnMpc5E/9Eqd5GxTnPW39F8O+RKb
p87cYAh5l+EHTpNztHS7wHTj3ZrYJJrAnnfU6wsFjbUDf02Qb0adovhjP/1HUZp+
SizcLwK3aF7JMbs6eIxs/MzHTryy9qPIO6XHtc4GS3FTM1UCgcEAqbGAfdryYGnB
xEQPE7aw8rC1+SA9D8MhYjyIQi863MruDD4eqa6kyjATiKH2kV4yhLO/7aH31qZ0
Jq/dV2/onzEF8/pFKUyjwDMvLo9FTR9ysE/o/sj7EyL4TdEX0bTZUUryEzIfA+Oc
6xv+80viBRbBV4sTiUPVsA7ai8TuQCvXQqZCP9FDPNvQgRaVSnpzh2+VS9BdGUmY
0yN4fBdiw2aDB1nywwO30FbzxgdS722/bUN922vQcBH5dXzx7O8F
-----END RSA PRIVATE KEY-----

39
tools/test_apps/security/secure_boot/test/secure_boot_signing_key2.pem Normal file
View File

@ -0,0 +1,39 @@
-----BEGIN RSA PRIVATE KEY-----
MIIG4wIBAAKCAYEAm20CFl1l5N/JZ0AwxgouohrhQPFrBTtG+mQkC+vyhYd+ytBw
HXfoKAZA35EOWZlZUH8lBUYKAlISo9jQ7RvCFkd2JHPjSrtSjZXLp7+FWCSBirjX
AwOVclquzecPoRB5SRUhhnhjTi8nDwX+t5rGwztZ/+eEF3Hgt4g7BOieokrYp8Nq
AkiZm0FHOP0j9R4t8zRIOImdFBbuNT+47MN2gUMxIKxP21SIXGt999x3aA2Ae7dt
Xg2mMTW+JEcjvDHw0bID/hia77dhRLpUhLnyPI3e1uHX9q6jZKs/q7px5wOE/nvg
ViR9TD4Fg0veQjrpSbsrqo5k+Hxm0kGPVVQRpQH0zTEiwZC3QpeXiUkJcLmbAwhj
oP8mG+gfKins36vF4ozP6wxgNicCqzPEe6whtanUoqHkXpV78KjFXf7EVMTNI/p3
3GH+8mcMVVXCUaASXZxzZUiXcjhj2K2QDPnHaVogiznzAD2RYMdpoUt9tDi53jeT
TWBzDRxYX8GBPayrAgMBAAECggGACy8w80MNTgb8iz2HRPj+mhOtGetFdD7rwKDs
Jx93eDxj11xgdP5n6llo2a2qhrAOSUic9WAw4DHfvYKgpi9VLB1AVycvt/T6381j
tlKF2e3mlIDwl/ruCiiUY6S47zIsSCIJI5AONVYXTXF0/ulYXDwtIckbLES5kvtu
o8/JeoxAQvJA8qEezJlJ8sPkjoL5c4LTn53ne8aapaJMQF1gbbTUGDHOHU5b8aqa
ifeHcClokX6FlDsPNoNTh3DHFYfSW7PG0wb9f8JdM74m8gpc+7dBY5e+ePlCZqNz
Tg4FXkz8R2UupPpbUWYl1h3OE5xgEMZhquThgMkOVvLe0KPl4ETi+gCWHp9vxqMR
/vVYOpE6dE+p2gfig6PEIyCTnqGW6WcjHtPKfo5iGltAABqQzR0FOPMJYTwCbFJP
VXuBGEIC55aN7xMdz9JfzF8nHF3hTEYwfqXnuQghJ9oTmR6HRVUQX7gJ3IsGQY7j
tOG43VQRCZm4vMfxQDSDo4X2HUQhAoHBANmChopRDwVovuhFGsFOESUVpyNX9hPZ
zlJ9iWgww6nwUr6GkdNvJAIGAyQRbsWR6omTxbC4ngypyRz+IoNQyd05GZ4Js6pk
5ttWgkDcrl2e967CgwGahBpI1OrPpY9axIYTH27xqFMDxbq3z9ZB//qHiZAKcTWb
QozG2OH5m6mNVtUiOf7bD+L7JXbAjo9oOGEnVN70HtEUWCC7X9DVc9l2G4Cv4yxF
qxO8UeBt0G1YVIw6ObDLO/JJb+bZaS1gnwKBwQC27f7ttbaKjxISBCujph+69Tnv
Z+XBaEy3iJXUSy12DaC//Mut3RFunhp1nMlNoFPN6ucZ1Rqk5f0Hfbz4FLtJQ1w4
u0uGCq371gCLjZ8Kxh4kmxfmTScigK+1bzD99RMA83kCWgyormJ2mVuaM5ULzwEj
8ryJTyRPbqUPFRY5tFvys3aqcZtN8hxaMENrGA9IsvXgF8Mp8VXDD7+WIwCf8Lzp
FBKegWj7xfnNKjrmM6WATm5SEb1I+je5Tu0c/HUCgcAzFLtB+n1bmNjUtX3uDcZq
/iXNYBfzW4Bf0QmXBXS+ESltgy72B7DeJMlSDCIGlhkNjD2uHf1IHguUGn7CdhOi
N4mzmrWt+5pXwn4+e1UbuXyTdyzLEJ2biqUuK+vGudtTXWRRasFMFaO3EPnnaIKU
NIZy5HDn1PmRFBXVJAiRjhbpYOtb1dhqRu7qb5hLR3+OGW2OGqiuE2gK79Y1thtJ
47nbw/LG7+mYbe6QlVmQhGD+uaHYyjHe2a5E+aQAuyMCgcBGjSvRClBIyD0z7Z/X
Ee8S8BlUGEIogc10y5zdr9DswvzIjvsPJz/d5eRWkA2jfr5ToNFYyTPpfTpFdV04
YOaKrwwWZUYPgHbxteun5wr74MUnYRmqnP8G85LQ6v1+NNMLftug6JIRTJB1JViK
9HH7h+7sqmXEn11ltUq7smpL/x+nT0fpHL/FJCeDMTIPT8w1QbBKqV+AAbAN9zjw
8rb++J4jVraHo2mWERjy4+KrfifKgHVT+buDNd3f/my8zTECgcEAs/v5UXrgmPTW
Zk6c3gBaXzsdaFjiPPB87JVypufzqoQ8kVqrAcUUUjXwQ2Bl2hAmmgwa4xAMBITP
Z33gs8gilYGTrCt/r91Zgo4tyM9QQM7kVskxY3o42GeRgD1+WNsOpEEuz2XxAEEc
CqY1xlNkAeqHis8k5GyFTxCu00eagunt/BPRq8iKtgBSVplEQisqAjM8WaEHKYp0
3Eb6/fKw0va5ABMiwuiuSUtv4GAkok/DZC4pOgwCYICX9kjuuFXp
-----END RSA PRIVATE KEY-----