View Issue Details

IDProjectCategoryView StatusLast Update
0004582SOGoWeb Mailpublic2019-08-19 14:41
ReporterElektor Assigned Toludovic  
PrioritynormalSeverityminorReproducibilityalways
Status resolvedResolutionfixed 
Platform[Server] LinuxOSUbuntuOS Version16.04 LTS
Product Version4.0.3 
Fixed in Version4.1.0 
Summary0004582: Signed and encrypted messages sent from Outlook can't be opened
Description

A message send from Outlook, which is digitally signed and encrypted, can't be opened in SOGo Webmail. SOGo starts to open the message, but than runs into a timeout.
If the message is ONLY signed or ONLY encrypted, it can be opened. Also, there are no problems with messages sent from e.g. Thunderbird.

Steps To Reproduce

Always reproducable.

TagsNo tags attached.

Activities

ludovic

ludovic

2019-02-19 18:32

administrator   ~0013390

Please attach a sample email. I realize I won't be able to decrypt it but that's not the point.

schmirl

schmirl

2019-02-20 09:28

reporter   ~0013401

If I may barge in...
The problem with Outlook is that it uses opaque signing when also encrypting the mail, i.e. you don't have message text and signature as two separate MIME parts. The message text is embedded in the signature instead.

You can create an opaque signed message with openssl using the -nodetach option:
openssl cms -sign -nodetach -in some.msg -signer some.crt -inkey some.key

MIME headers of an opaque signed message are:
Content-Disposition: attachment; filename="smime.p7m"
Content-Type: application/pkcs7-mime; smime-type=signed-data; name="smime.p7m"

I attached samples in the usual detached format and in opaque format, both signed at the same time, so that all data including the signature is equal. Run both messages through the following openssl command and compare the output:
openssl cms -in the.msg -noout -cmsout -print

schmirl

schmirl

2019-02-20 09:29

reporter  

detached.msg (3,370 bytes)
schmirl

schmirl

2019-02-20 09:29

reporter  

opaque.msg (3,162 bytes)
Elektor

Elektor

2019-02-22 09:12

reporter   ~0013413

We have generated three different messages sent from Outlook, signed, encrypted and sigened_encrypted. As already mentioned, the first to can be read with SoGo without problems, only the third on, signed_encrypted, can't be opened.

Elektor

Elektor

2019-02-22 09:12

reporter  

encrypted (7,602 bytes)   
Return-Path: <thomas.zerna@tu-dresden.de>
Received: from deliver ([unix socket])
	 by mail (Cyrus v2.4.17-caldav-beta9-Debian-2.4.17+caldav~beta9-3) with LMTPA;
	 Fri, 22 Feb 2019 09:36:10 +0100
X-Sieve: CMU Sieve 2.4
Received: from eiet20.et.tu-dresden.de (eiet20.et.tu-dresden.de [141.30.122.20])
	by mail.avt.et.tu-dresden.de (Postfix) with ESMTP id 2BB66E02E7
	for <tyrian@avt.et.tu-dresden.de>; Fri, 22 Feb 2019 09:36:10 +0100 (CET)
Received: from localhost (localhost [127.0.0.1])
	by eiet20.et.tu-dresden.de (Postfix) with ESMTP id E57B4300999
	for <tyrian@avt.et.tu-dresden.de>; Fri, 22 Feb 2019 09:36:09 +0100 (CET)
X-Virus-Scanned: Debian amavisd-new at eiet20.et.tu-dresden.de
Received: from eiet20.et.tu-dresden.de ([127.0.0.1])
	by localhost (eiet20.et.tu-dresden.de [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id 2Fi-NvdIVmKB for <tyrian@avt.et.tu-dresden.de>;
	Fri, 22 Feb 2019 09:36:09 +0100 (CET)
Received: from mailin6.zih.tu-dresden.de (mailin6.zih.tu-dresden.de [141.30.67.69])
	by eiet20.et.tu-dresden.de (Postfix) with ESMTPS id F2BB130077A
	for <tyrian@avt.et.tu-dresden.de>; Fri, 22 Feb 2019 09:36:08 +0100 (CET)
Received: from eiet20.et.tu-dresden.de ([141.30.122.20])
	by mailin6.zih.tu-dresden.de with esmtps (TLSv1.2:DHE-RSA-AES256-GCM-SHA384:256)
	(Exim 4.84_2)
	(envelope-from <thomas.zerna@tu-dresden.de>)
	id 1gx6JU-0003jz-QV
	for swen.tyrian@tu-dresden.de; Fri, 22 Feb 2019 09:36:08 +0100
Received: from localhost (localhost [127.0.0.1])
	by eiet20.et.tu-dresden.de (Postfix) with ESMTP id 98C44300999
	for <swen.tyrian@tu-dresden.de>; Fri, 22 Feb 2019 09:36:08 +0100 (CET)
X-Virus-Scanned: Debian amavisd-new at eiet20.et.tu-dresden.de
Received: from eiet20.et.tu-dresden.de ([127.0.0.1])
	by localhost (eiet20.et.tu-dresden.de [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id YWdfG-6nkoNM for <swen.tyrian@tu-dresden.de>;
	Fri, 22 Feb 2019 09:36:08 +0100 (CET)
Received: from mail.avt.et.tu-dresden.de (eiet50.et.tu-dresden.de [141.30.122.50])
	by eiet20.et.tu-dresden.de (Postfix) with ESMTP id 07DB030077A
	for <swen.tyrian@tu-dresden.de>; Fri, 22 Feb 2019 09:36:08 +0100 (CET)
Received: from zmp122175 (unknown [192.168.122.175])
	by mail.avt.et.tu-dresden.de (Postfix) with ESMTP id 156AEE02E7
	for <swen.tyrian@tu-dresden.de>; Fri, 22 Feb 2019 09:36:08 +0100 (CET)
From: "Zerna" <thomas.zerna@tu-dresden.de>
To: "'Swen Tyrian'" <swen.tyrian@tu-dresden.de>
Subject: Encrypted message
Date: Fri, 22 Feb 2019 09:36:08 +0100
Message-ID: <00fd01d4ca89$a8750a80$f95f1f80$@tu-dresden.de>
MIME-Version: 1.0
Content-Type: application/pkcs7-mime;
	smime-type=enveloped-data;
	name="smime.p7m"
Content-Transfer-Encoding: base64
Content-Disposition: attachment;
	filename="smime.p7m"
X-Mailer: Microsoft Outlook 15.0
Thread-Index: AdTKiZmVwYJUGY+lTOO4YF3UIC0eig==
Content-Language: de
X-TUD-Virus-Scanned: mailin6.zih.tu-dresden.de
X-TUD-Spam-Status: No, hits=1.7 required=5 tests=[DOS_OUTLOOK_TO_MX=1.449, ENCRYPTED_MESSAGE=-1, FSL_HELO_NON_FQDN_1=0.001, RDNS_NONE=1.274, TVD_SPACE_RATIO=0.001] 
X-TUD-Spam-Level: *

MIAGCSqGSIb3DQEHA6CAMIACAQAxggNAMIIBnAIBADCBgzBzMQswCQYDVQQGEwJERTEQMA4GA1UE
CAwHU2FjaHNlbjEQMA4GA1UEBwwHRHJlc2RlbjEoMCYGA1UECgwfVGVjaG5pc2NoZSBVbml2ZXJz
aXRhZXQgRHJlc2RlbjEWMBQGA1UEAwwNVFUgRHJlc2RlbiBDQQIMHdtIB15GRjJ0w2zDMA0GCSqG
SIb3DQEBAQUABIIBAINFrAILfshhVbLsUFuwrgPrUBppc4Ctqgl2/znxoOafy9w74SLIOODLtEHu
RCmMridsEyc0lGyPXg33engumdfQAf2GckpmESeGWtnBH+DGj0NlNZGu3avB+DBVXaXaEAwHD/gE
2LnieDIhIhBrio8mgd57bHyf2LPH7KjD+nRcxoF1tmrwtieQt/aTkCnH0DO/OBrLRcI+mWczb4h9
cCcXrXizJmYT5WA1N2N614t6bOwOJ+RZdMfSbSq2U1rgdexOiyET/H7yXlxjOUxrltLkVpuN2r9a
PairxLVOqb+pQYjLuuahvKQ8uWChg2/ztYn0AtzBDccEz+h2jebQNU0wggGcAgEAMIGDMHMxCzAJ
BgNVBAYTAkRFMRAwDgYDVQQIDAdTYWNoc2VuMRAwDgYDVQQHDAdEcmVzZGVuMSgwJgYDVQQKDB9U
ZWNobmlzY2hlIFVuaXZlcnNpdGFldCBEcmVzZGVuMRYwFAYDVQQDDA1UVSBEcmVzZGVuIENBAgwf
1SkJrbSpQhSxIREwDQYJKoZIhvcNAQEBBQAEggEArwlxGQ5IpL/LXDHBpVdddmZxUnT8mQeoUGiy
FiXsZHFM+agGKu5SfMOtr/li4FoVyeamQ8o1IkUq5y/EdX4tz+61/hVeDM1/zpPXh5tYOaCQTmx7
zzaFfW+80y25JOSFMwfPdbJc2PAiTiLrlmfbOvnTJ1ldiZLTwPfQ/OJUWRS19Ig/9LJ14ze6SAyf
0nEauudKEx4hxajNWQUCswGyzO/aPdjHN7eYIviIacsSeZUhEptEN8vFV911GUxtgChhAZ6Z1FxB
9/QDh0V4zkxXmHLyIiQion37pgrnHeOvtuHbhCbP+xtRSPQ8DZCVrU0JlJNAcjI4J4gXWmtNks3O
bTCABgkqhkiG9w0BBwEwHQYJYIZIAWUDBAEqBBBN3NFWiJ8OHR+d0xV5NSIqoIAEggQAPcEepLj9
KrZaKhyKTFl23fCzd+j3zZlhP7bg3xOi7XeyC/FTtW0RTT8h5iABavRqhHYaRcmaDizRT6W71iQk
SpyuyoA06SUyJp3304A2l/0yYn2q94DeMxF6wC8QQRRWfJKAQfIZS/ySYEhFnRTo22bumrOI8WLU
TkDPRyIHxZzsbs6tnxjQXZ9ViYJa8i1VZF98U/Fslbmw83cYUqcSUxDFJoPWkgMIoaDavwwEhLme
nGofe7eL1QzG0MxTM9F4OVWu90s6+DYz5LulWqGW++sb0gasrgVFRPZh39yaL8TPQBhKJ5T50U5P
rJldJcqPKqWwKiltLR5C6FZvC01fZGxEoN9/zvP83B++oOO6Brxtg7NBpZEvgEAJJfba+Bj3mA8z
0IUTicEn9+RmjZEPpsDFg3MW5hH7esGOoqTfa7xa1OkGvzzZ+FFKEdMkdLkgCvn6ShiLPnWI19tL
wZhIZOR+C4WWPSqCgPwKg63UPyKXPZuFTEP7uEUNLoPT72oBMa1Gjlak/M4ODnfoxNRXR4tSHlzo
ZG4o4OThr7iazJCjYAXFhnYXLiYgxEppq+ZU887sGFBdyw7VRp8RAnVqvWzOVlDFb/OK/4t96Mw4
N/IYeMY2co6EW/IyEgCLsKfM7B31Kj/U+o3qhNHrqvSP0i43WjbvCDmjD+cn0dpZFI18/pXahcoU
q4Kbw701q70Rlbjq9Wfk4vPI0SrlyQ38gSVQEoWTYtzKMGGnstuHzEiiHvcIgo7+jDihtQx+VWOM
LHHd1ztl8HPmqILAafJeclyQMTpK+2m2nEpL2fzngQd8PXPIuAySMOJ5w7JCvbvPJuXmACEY8rd+
QLuxyXPWGzpx7PQL9Q8XK+R9g8jolgr3/LASScKVc4yGWtvBQ0QuLCSwtEf6jxL8xQgc/ZPmor2R
b7wOQZpvvjHxBHmjc7/qqls9eIvBTyM62M8M8MwMz3ylAlUSPv9jiTVly7PTksdZNQWu0e2ao9Pd
0UtAEEuO2pBMx8xfOXIVQQEYFkiTurX2oxcb2m9X3GPDXM/kce59yT14Na9xzJZ/VTI53+4heeyC
RQGzfu6Miojmr9cTpRNeDXZXjn62KQWwQkWgm6eoyvdRKoY3RcsRsfcU7lPqRDAGGOYVGEvC1adN
oMuzOfEJgQUH/gSQzALfrd/IMgF9p2OZmCvhVxZP/fhF7iWq2ww3t0OkgN9/3bbyZNgBAJvRNfJ+
29Wb5frI10Gb8ytAamWeItrN3bvXD/FDGW513A+wY9rDaEinmj6ivzOZ6UAKCSVN7P/LdROJu93i
gKfzhRHHZXQZ7V/pC9sZChuw+b0Z+vqAMfIXeUfSahIqBITjNP+HJG/mYyVR4Ct/awSCBABi514J
rMeiFHaCDB1o9quiHp3V7FLcswZspzCozemu4cyzCNzXSbrNCRlF+ll4zjuydITCf/fRvTsL/21U
+XG49XEJyMGk7EgvqYC1IFAIYbTfW9uvqjfh5Zf/yA9JsS88sENCJ62JeOBvTFtxDnlHQNCsQ9PW
DwobpAvNoO9S9YJfJlWevUQDYf8My0ZPk8vi3AW054MucWmXETximPqb7tKtYOGGsGF30l//0DtQ
XYY9Ls1aqB63qk7+t0etmVxbzbYq06opG8QMOYYa3Sg9LgUP+REWvH691JeNVJgvkhtdvBIFNjNt
wBmgAoHrMn4i1mvaC5022k312WncAE3SOJtogqIBWGApCzZy5kqAHcfTgwoko/k4+X+/Rw5049jp
pHkl8iKA8tvo5JTH91Egex059bow6VU8lvwWOO9QgywLDPEB9Vq5ziOAPm9XpGXpLUD03P87Hov7
C8o+DtUROCfjRnHDd15E1J/NkmZS6K7r6Vi6nQW1GNgm5zQ/bHNmV4dxIZCwby8EnxpbN6wVKdkj
h+WhkP7hk9Z+Orvy7ECsQSqBlc9ce4ogJKftdd/tEBLsqUzbv8CvYKswKCC7+Q5FUN9KR8Xfg+Uy
y1lwU8OTE+w+wT8GZT2VxjoaOfdkJNkcI6jhiRK8p3FIXUwAx4Sh+cBhl+PjiEuD15hpxsxclwkZ
Kl8rtkS+qT7/WrwAUmf+AwNY0j98i2/WPCrXl/oNxI6C6j4qOKVv8koBHylkbEg4Cbv6kUFtI692
8hcFE7WmK4LUXCZqeF0SUsuyqNb/f4t/6ylaekL/HyPHdH9IXtr+S+1CXr6KU6mbcAP3J7a3OhXl
jKJGgbsRZkG+5xdrqxBq0AxDT22CBnTk0MFLkjVb24rYPVmjR2A+ERybw26JRfOWFLHf57X3ALdn
FQmMr2cTiTg9f2KzWGNbdbqai4OkymaS01ZD+zXf2vUoTmDJAk7c5JsGnrRFNn5xSXX1u4v7HE6n
W1ZSN8TAjeIdIDcdFUdUvGNBYWs6XxFzZjJ/gxRAsaWmZmngFTLyzqVeEpfwpFiPUVNvutiaz0vd
0zbueUxHgKn0nuPsPyfYshVY4IcOrlX5fvmXfoN3NIOutbBokP3rXttBHyjs5dvXA1vyhzq6YnQc
RcNkL20hOkJ4FIq4+248SUmiJoHv/CkH8VzBsn02a0OI5gTsEkrRdGJSoVR2/kQPjce0FimqeIig
cFWSQdFYC36JKpDtogEHES1476myYKGwcFWZsGRJhgCDK9UTnHsisFerRHMYe0a7wymGePHnNkqh
zdO46XhJb1iRxZL7fJR/PAg7qx6sY94ysxt9l0/APlT4w3mRZZdIbYPaxuaxY2qAkjZeBIIBMLB5
MnWddr8qD9DO5BBgQ0kfVQxSmDr9rjVWokWWfR9fRt99HAK7tFtmH4TY5HDWJbLADPgkg4sh3Y6w
1gKV5UrPApVLJjun08jqLoY/BKUGxDmVGCYjaqwgfI/tKlK295dESgq1pTXxMOjDibvlqqF2tBZk
tTD3/ewBkka0VmXs6doI3EZTwftLM9Qq51gqEsjSrMXDelXiCy9j3TiaDK6Y18bVYalGHnAAfwLT
HB9rSx6czvp0lGt0W0rOBTN3QfwgsgSVRNYEf8UvuHqxMrn4ctwwUjpAGuEmJYJziQphzHWAiePJ
d3KDWCnI/XD1DTveDZ9EBF3PXo5XNySK8DQ+Jwo3Za4MuhJfMQl0rQCARMvLQknePvCMCA/VvrE4
8Etdq1J9ROSY46PgbSCg6JoAAAAAAAAAAAAA

encrypted (7,602 bytes)   
Elektor

Elektor

2019-02-22 09:12

reporter  

signed (16,269 bytes)   
Return-Path: <thomas.zerna@tu-dresden.de>
Received: from deliver ([unix socket])
	 by mail (Cyrus v2.4.17-caldav-beta9-Debian-2.4.17+caldav~beta9-3) with LMTPA;
	 Fri, 22 Feb 2019 09:35:34 +0100
X-Sieve: CMU Sieve 2.4
Received: from eiet20.et.tu-dresden.de (eiet20.et.tu-dresden.de [141.30.122.20])
	by mail.avt.et.tu-dresden.de (Postfix) with ESMTP id 6F0C1E02E7
	for <tyrian@avt.et.tu-dresden.de>; Fri, 22 Feb 2019 09:35:34 +0100 (CET)
Received: from localhost (localhost [127.0.0.1])
	by eiet20.et.tu-dresden.de (Postfix) with ESMTP id 3C485300999
	for <tyrian@avt.et.tu-dresden.de>; Fri, 22 Feb 2019 09:35:34 +0100 (CET)
X-Virus-Scanned: Debian amavisd-new at eiet20.et.tu-dresden.de
Received: from eiet20.et.tu-dresden.de ([127.0.0.1])
	by localhost (eiet20.et.tu-dresden.de [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id deOt6b_sUvqL for <tyrian@avt.et.tu-dresden.de>;
	Fri, 22 Feb 2019 09:35:29 +0100 (CET)
Received: from mailin6.zih.tu-dresden.de (mailin6.zih.tu-dresden.de [141.30.67.69])
	by eiet20.et.tu-dresden.de (Postfix) with ESMTPS id 0988B30077A
	for <tyrian@avt.et.tu-dresden.de>; Fri, 22 Feb 2019 09:35:29 +0100 (CET)
Received: from eiet20.et.tu-dresden.de ([141.30.122.20])
	by mailin6.zih.tu-dresden.de with esmtps (TLSv1.2:DHE-RSA-AES256-GCM-SHA384:256)
	(Exim 4.84_2)
	(envelope-from <thomas.zerna@tu-dresden.de>)
	id 1gx6Iq-0003M3-RX
	for swen.tyrian@tu-dresden.de; Fri, 22 Feb 2019 09:35:28 +0100
Received: from localhost (localhost [127.0.0.1])
	by eiet20.et.tu-dresden.de (Postfix) with ESMTP id A0A6F300999
	for <swen.tyrian@tu-dresden.de>; Fri, 22 Feb 2019 09:35:28 +0100 (CET)
X-Virus-Scanned: Debian amavisd-new at eiet20.et.tu-dresden.de
Received: from eiet20.et.tu-dresden.de ([127.0.0.1])
	by localhost (eiet20.et.tu-dresden.de [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id gov__bT_1DJ8 for <swen.tyrian@tu-dresden.de>;
	Fri, 22 Feb 2019 09:35:23 +0100 (CET)
Received: from mail.avt.et.tu-dresden.de (eiet50.et.tu-dresden.de [141.30.122.50])
	by eiet20.et.tu-dresden.de (Postfix) with ESMTP id C592330077A
	for <swen.tyrian@tu-dresden.de>; Fri, 22 Feb 2019 09:35:23 +0100 (CET)
Received: from zmp122175 (unknown [192.168.122.175])
	by mail.avt.et.tu-dresden.de (Postfix) with ESMTP id D11BFE02E7
	for <swen.tyrian@tu-dresden.de>; Fri, 22 Feb 2019 09:35:23 +0100 (CET)
From: "Zerna" <thomas.zerna@tu-dresden.de>
To: "'Swen Tyrian'" <swen.tyrian@tu-dresden.de>
Subject: Signed message
Date: Fri, 22 Feb 2019 09:35:24 +0100
Message-ID: <00f501d4ca89$8e17ed10$aa47c730$@tu-dresden.de>
X-Mailer: Microsoft Outlook 15.0
MIME-Version: 1.0
Thread-Index: AdTKiXrQPpjZglT5SR6eTx6srMudsQ==
Content-Language: de
Content-Type: multipart/signed;
	protocol="application/x-pkcs7-signature";
	micalg=SHA1;
	boundary="----=_NextPart_000_00ED_01D4CA91.EFC4AE60"
X-TUD-Virus-Scanned: mailin6.zih.tu-dresden.de
X-TUD-Spam-Status: No, hits=2.7 required=5 tests=[DOS_OUTLOOK_TO_MX=1.449, FSL_HELO_NON_FQDN_1=0.001, HTML_MESSAGE=0.001, RDNS_NONE=1.274] 
X-TUD-Spam-Level: **

This is a multipart message in MIME format.

------=_NextPart_000_00ED_01D4CA91.EFC4AE60
Content-Type: multipart/alternative;
	boundary="----=_NextPart_001_00EE_01D4CA91.EFC4AE60"


------=_NextPart_001_00EE_01D4CA91.EFC4AE60
Content-Type: text/plain;
	charset="us-ascii"
Content-Transfer-Encoding: 7bit

This is a signed message sent from Outlook.

 

 

 


------=_NextPart_001_00EE_01D4CA91.EFC4AE60
Content-Type: text/html;
	charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

<html xmlns:v=3D"urn:schemas-microsoft-com:vml" =
xmlns:o=3D"urn:schemas-microsoft-com:office:office" =
xmlns:w=3D"urn:schemas-microsoft-com:office:word" =
xmlns:m=3D"http://schemas.microsoft.com/office/2004/12/omml" =
xmlns=3D"http://www.w3.org/TR/REC-html40"><head><META =
HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html; =
charset=3Dus-ascii"><meta name=3DGenerator content=3D"Microsoft Word 15 =
(filtered medium)"><style><!--
/* Font Definitions */
@font-face
	{font-family:"Cambria Math";
	panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
	{font-family:Calibri;
	panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
	{margin:0cm;
	margin-bottom:.0001pt;
	font-size:11.0pt;
	font-family:"Calibri",sans-serif;
	mso-fareast-language:EN-US;}
a:link, span.MsoHyperlink
	{mso-style-priority:99;
	color:#0563C1;
	text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
	{mso-style-priority:99;
	color:#954F72;
	text-decoration:underline;}
span.E-MailFormatvorlage17
	{mso-style-type:personal-compose;
	font-family:"Calibri",sans-serif;
	color:windowtext;}
.MsoChpDefault
	{mso-style-type:export-only;
	font-family:"Calibri",sans-serif;
	mso-fareast-language:EN-US;}
@page WordSection1
	{size:612.0pt 792.0pt;
	margin:70.85pt 70.85pt 2.0cm 70.85pt;}
div.WordSection1
	{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext=3D"edit" spidmax=3D"1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext=3D"edit">
<o:idmap v:ext=3D"edit" data=3D"1" />
</o:shapelayout></xml><![endif]--></head><body lang=3DDE =
link=3D"#0563C1" vlink=3D"#954F72"><div class=3DWordSection1><p =
class=3DMsoNormal><span lang=3DEN-US>This is a signed message sent from =
Outlook.<o:p></o:p></span></p><p class=3DMsoNormal><span =
lang=3DEN-US><o:p>&nbsp;</o:p></span></p><p class=3DMsoNormal><span =
lang=3DEN-US =
style=3D'mso-fareast-language:DE'><o:p>&nbsp;</o:p></span></p><p =
class=3DMsoNormal><span lang=3DEN-US =
style=3D'mso-fareast-language:DE'><o:p>&nbsp;</o:p></span></p></div></bod=
y></html>
------=_NextPart_001_00EE_01D4CA91.EFC4AE60--

------=_NextPart_000_00ED_01D4CA91.EFC4AE60
Content-Type: application/pkcs7-signature;
	name="smime.p7s"
Content-Transfer-Encoding: base64
Content-Disposition: attachment;
	filename="smime.p7s"

MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIZPDCCA58w
ggKHoAMCAQICASYwDQYJKoZIhvcNAQEFBQAwcTELMAkGA1UEBhMCREUxHDAaBgNVBAoTE0RldXRz
Y2hlIFRlbGVrb20gQUcxHzAdBgNVBAsTFlQtVGVsZVNlYyBUcnVzdCBDZW50ZXIxIzAhBgNVBAMT
GkRldXRzY2hlIFRlbGVrb20gUm9vdCBDQSAyMB4XDTk5MDcwOTEyMTEwMFoXDTE5MDcwOTIzNTkw
MFowcTELMAkGA1UEBhMCREUxHDAaBgNVBAoTE0RldXRzY2hlIFRlbGVrb20gQUcxHzAdBgNVBAsT
FlQtVGVsZVNlYyBUcnVzdCBDZW50ZXIxIzAhBgNVBAMTGkRldXRzY2hlIFRlbGVrb20gUm9vdCBD
QSAyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqwujNeCLKRSxFIWvPBDkOW81XUqu
3ephjZVJ9G9koxpgZqSpQCKE2dSl5XiTDmgBrblNXDrO07ioQkDfz6O6gllqkhusHJraCCslJ/lp
I0fx4Ossepv1EwLQfjR8wp48AFmr9doM9TI8K6xQ2tbD3oOUyqgMmTIOCEhWW2r72uFYWAFJX3JB
PBUGAY5draq4k7TNnuun6GotUjTbOu9cdVHa2/Mx+e5xmDLEVBVEDPmbVe2t3xgIoKOGiknuUwWP
GUzV3lh5m9JqHEKrxdWnz2gPluThYZh2YciRfNY+AOKRUIfhnQrmrZfSHcY6fcu82gM01Y5bAfVq
B7cWtm5KfwIDAQABo0IwQDAdBgNVHQ4EFgQUMcN5G7r1U9cX4Il6LRdsCrMrnTMwDwYDVR0TBAgw
BgEB/wIBBTAOBgNVHQ8BAf8EBAMCAQYwDQYJKoZIhvcNAQEFBQADggEBAJRkWa05ZOcp6xP+WsOL
E1fIBCTwdHfAYONn++mJpoO/loJ8btTDPe+egG67KbSYerE7VOs5F0d+Go4L/B8xWTEEss4X8yzH
YjZV4iLYiVW0mEiqZPrWHDbYRHhaWiM6V5f1ejBPrp9qTEsrjqAD4z7gqdTSe9KzqOJyPK2e/4BZ
5JtFtPY7sM05GZgy5eohYZDkMSGONLH3LzVKhRDa54o3Ib5ZY+DyhYgxU9RUFIVwefQuBncndS8f
uIr5/sW62Dbkg+znZbe/Y1rzRq+BlDfUQYzWI9Yez/VoG0Rjolq6pzVZoeVwBZsOI1eZlAptujlj
KIaS8xiE2PvRzwVWZFcwggUSMIID+qADAgECAgkA4wvV+K8l2YEwDQYJKoZIhvcNAQELBQAwgYIx
CzAJBgNVBAYTAkRFMSswKQYDVQQKDCJULVN5c3RlbXMgRW50ZXJwcmlzZSBTZXJ2aWNlcyBHbWJI
MR8wHQYDVQQLDBZULVN5c3RlbXMgVHJ1c3QgQ2VudGVyMSUwIwYDVQQDDBxULVRlbGVTZWMgR2xv
YmFsUm9vdCBDbGFzcyAyMB4XDTE2MDIyMjEzMzgyMloXDTMxMDIyMjIzNTk1OVowgZUxCzAJBgNV
BAYTAkRFMUUwQwYDVQQKEzxWZXJlaW4genVyIEZvZXJkZXJ1bmcgZWluZXMgRGV1dHNjaGVuIEZv
cnNjaHVuZ3NuZXR6ZXMgZS4gVi4xEDAOBgNVBAsTB0RGTi1QS0kxLTArBgNVBAMTJERGTi1WZXJl
aW4gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMtg1/9moUHN0vqHl4pzq5lN6mc5WqFggEcVToyVsuXPztNXS43O+FZsFVV2B+pG/cgDRWM+
cNSrVICxI5y+NyipCf8FXRgPxJiZN7Mg9mZ4F4fCnQ7MSjLnFp2uDo0peQcAIFTcFV9Kltd4tjTT
wXS1nem/wHdN6r1ZB+BaL2w8pQDcNb1lDY9/Mm3yWmpLYgHurDg0WUU2SQXaeMpqbVvAgWsRzNI8
qIv4cRrKO+KA3Ra0Z3qLNupOkSk9s1FcragMvp0049ENF4N1xDkesJQLEvHVaY4l9Lg9K7/AjsMe
O6W/VRCrKq4Xl14zzsjz9AkH4wKGMUZrAcUQDBHHWekCAwEAAaOCAXQwggFwMA4GA1UdDwEB/wQE
AwIBBjAdBgNVHQ4EFgQUk+PYMiba1fFKpZFK4OpL4qIMz+EwHwYDVR0jBBgwFoAUv1kgNgB5oKAi
a4zV8mHSuCzLgkowEgYDVR0TAQH/BAgwBgEB/wIBAjAzBgNVHSAELDAqMA8GDSsGAQQBga0hgiwB
AQQwDQYLKwYBBAGBrSGCLB4wCAYGZ4EMAQICMEwGA1UdHwRFMEMwQaA/oD2GO2h0dHA6Ly9wa2kw
MzM2LnRlbGVzZWMuZGUvcmwvVGVsZVNlY19HbG9iYWxSb290X0NsYXNzXzIuY3JsMIGGBggrBgEF
BQcBAQR6MHgwLAYIKwYBBQUHMAGGIGh0dHA6Ly9vY3NwMDMzNi50ZWxlc2VjLmRlL29jc3ByMEgG
CCsGAQUFBzAChjxodHRwOi8vcGtpMDMzNi50ZWxlc2VjLmRlL2NydC9UZWxlU2VjX0dsb2JhbFJv
b3RfQ2xhc3NfMi5jZXIwDQYJKoZIhvcNAQELBQADggEBAIcL/z4Cm2XIVi3WO5qYi3FP2ropqiH5
Ri71sqQPrhE4eTizDnS6dl2e6BiClmLbTDPo3flq3zK9LExHYFV/53RrtCyD2HlrtrdNUAtmB7Xt
s5et6u5/MOaZ/SLick0+hFvu+c+Z6n/XUjkurJgARH5pO7917tALOxrN5fcPImxHhPalR6D90Bo0
fa3SPXez7vTXTf/D6OWST1k+kEcQSrCFWMBvf/iu7QhCnh7U3xQuTY+8npTD5+32GPg8SecmqKc2
2CzeIs2LgtjZeOJVEqM7h0S2EQvVDFKvaYwPBt/QolOLV5h7z/0HJPT8vcP9SpIClxvyt7bPZYoa
orVyGTkwggU1MIIEHaADAgECAggRnBSMwawOlTANBgkqhkiG9w0BAQsFADBxMQswCQYDVQQGEwJE
RTEcMBoGA1UEChMTRGV1dHNjaGUgVGVsZWtvbSBBRzEfMB0GA1UECxMWVC1UZWxlU2VjIFRydXN0
IENlbnRlcjEjMCEGA1UEAxMaRGV1dHNjaGUgVGVsZWtvbSBSb290IENBIDIwHhcNMTYwNDI1MDkw
MTM5WhcNMTkwNzA5MjM1OTU5WjCBgjELMAkGA1UEBhMCREUxKzApBgNVBAoMIlQtU3lzdGVtcyBF
bnRlcnByaXNlIFNlcnZpY2VzIEdtYkgxHzAdBgNVBAsMFlQtU3lzdGVtcyBUcnVzdCBDZW50ZXIx
JTAjBgNVBAMMHFQtVGVsZVNlYyBHbG9iYWxSb290IENsYXNzIDIwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCqX9obX+hzkeXaXPSi5kfl82hVYAUdAqSzm1nzHoqvNK38DcLZSBnuaY/J
IPwhqgcZ7bBcrGXHX+0CfHt8LRvWurmAwhiCFoT6ZrAIxlQjgeTNuUk/9k9uN0goOA/FvudocP05
l03Sx5iRUKrERLMjfTlH6VJi1hKTXrcxlkIF+3anHqP1wvzpesVsqXFP6st4vGCvx9702cu+fjOl
bpSD8DT6IavqjnKgP6TeMFvvhk1qlVtDRKgQFRzlAVfFmPHmBiiRqiDFt1MmUUOyCxGVWOHAD3bZ
wI18gfNycJ5v/hqO2V81xrJvNHy+SE/iWjnX2J14np+GPgNeGYtEotXHAgMBAAGjggG9MIIBuTAP
BgNVHRMBAf8EBTADAQH/MD8GA1UdIAQ4MDYwNAYJKwYBBAG9Rw0VMCcwJQYIKwYBBQUHAgEWGWh0
dHA6Ly93d3cudGVsZXNlYy5kZS9jcHMwDgYDVR0PAQH/BAQDAgEGMIHYBgNVHR8EgdAwgc0wL6At
oCuGKWh0dHA6Ly9wa2kudGVsZXNlYy5kZS9ybC9EVF9ST09UX0NBXzIuY3JsMIGZoIGWoIGThoGQ
bGRhcDovL3BraS50ZWxlc2VjLmRlL0NOPURldXRzY2hlJTIwVGVsZWtvbSUyMFJvb3QlMjBDQSUy
MDIsT1U9VC1UZWxlU2VjJTIwVHJ1c3QlMjBDZW50ZXIsTz1EZXV0c2NoZSUyMFRlbGVrb20lMjBB
RyxDPURFP0F1dGhvcml0eVJldm9jYXRpb25MaXN0MDoGCCsGAQUFBwEBBC4wLDAqBggrBgEFBQcw
AYYeaHR0cDovL29jc3AwMi50ZWxlc2VjLmRlL29jc3ByMB0GA1UdDgQWBBS/WSA2AHmgoCJrjNXy
YdK4LMuCSjAfBgNVHSMEGDAWgBQxw3kbuvVT1xfgiXotF2wKsyudMzANBgkqhkiG9w0BAQsFAAOC
AQEABo+KajB2EGBo5lWqUw9f2tMDDZind4kkbKLEZeqFJVSIR8GNXwxqCjPvX0xk9NjPifMp6ADG
BRgj8FgBwqOirlITD/VNmJVJcur2WiuW8j+lo+ZNSA4hkuBO6/oiV14HlNHgf+r0KEKceL+FAXSh
OBdcqobbzGHXazqD5hccDqbjLjwfh/j85A30EGEOx6KKXDR9PO4gCOI0DgX9xGywMkCwrqvwQqOZ
4/Qw8ZKtWTPz/JMwnoXJiFQZB5YyrrnN1WRfGGsfmhecApqoJ6y7VR4IfQoI8DLetqgEOO20QwcG
A2M3a/MMPijMSQuzI5HVzZ0DIERiqnzuWndF5qAChzCCBZYwggR+oAMCAQICDBxuNCQ/OtgsG8yR
NTANBgkqhkiG9w0BAQsFADCBlTELMAkGA1UEBhMCREUxRTBDBgNVBAoTPFZlcmVpbiB6dXIgRm9l
cmRlcnVuZyBlaW5lcyBEZXV0c2NoZW4gRm9yc2NodW5nc25ldHplcyBlLiBWLjEQMA4GA1UECxMH
REZOLVBLSTEtMCsGA1UEAxMkREZOLVZlcmVpbiBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAyMB4X
DTE2MTIxMjE0MzkxNloXDTMxMDIyMjIzNTk1OVowczELMAkGA1UEBhMCREUxEDAOBgNVBAgMB1Nh
Y2hzZW4xEDAOBgNVBAcMB0RyZXNkZW4xKDAmBgNVBAoMH1RlY2huaXNjaGUgVW5pdmVyc2l0YWV0
IERyZXNkZW4xFjAUBgNVBAMMDVRVIERyZXNkZW4gQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
ggEKAoIBAQDn4IJzjZjX7Qnm2kBJY9JjH/Q/GqP3s/UN3MJtOHdfCmlGwAy2o3BLyxPGAcyZs0Ci
XXy3cSoiRMf+JJcSF3lx/o5LIe6ZVuC9lO+MyH9ztHdUZmLCqKaWGTj9QlXydU++svbga6QPXtGy
/6It7kyx7scgwnt71yICt0IFXlbqST/k7bj9mG20gSz/YjeLwxOUagFp6w2CRTL9xFoDSHDUEFOs
Nt8rW+FvFX8JZv5zPLQXQzlbfUtOgate7CgWuGCCflf8usVe8Jvz/3D6NKTxbMa8nDoyU8ZcfC5N
+N/uh6L9LSPuIerl/IgfeUSznwziTDGUtWK/atzcomRNfnGZAgMBAAGjggIFMIICATASBgNVHRMB
Af8ECDAGAQH/AgEBMA4GA1UdDwEB/wQEAwIBBjApBgNVHSAEIjAgMA0GCysGAQQBga0hgiweMA8G
DSsGAQQBga0hgiwBAQQwHQYDVR0OBBYEFFL+vrckwhsKHUZSjkQkKvRIQD0BMB8GA1UdIwQYMBaA
FJPj2DIm2tXxSqWRSuDqS+KiDM/hMIGPBgNVHR8EgYcwgYQwQKA+oDyGOmh0dHA6Ly9jZHAxLnBj
YS5kZm4uZGUvZ2xvYmFsLXJvb3QtZzItY2EvcHViL2NybC9jYWNybC5jcmwwQKA+oDyGOmh0dHA6
Ly9jZHAyLnBjYS5kZm4uZGUvZ2xvYmFsLXJvb3QtZzItY2EvcHViL2NybC9jYWNybC5jcmwwgd0G
CCsGAQUFBwEBBIHQMIHNMDMGCCsGAQUFBzABhidodHRwOi8vb2NzcC5wY2EuZGZuLmRlL09DU1At
U2VydmVyL09DU1AwSgYIKwYBBQUHMAKGPmh0dHA6Ly9jZHAxLnBjYS5kZm4uZGUvZ2xvYmFsLXJv
b3QtZzItY2EvcHViL2NhY2VydC9jYWNlcnQuY3J0MEoGCCsGAQUFBzAChj5odHRwOi8vY2RwMi5w
Y2EuZGZuLmRlL2dsb2JhbC1yb290LWcyLWNhL3B1Yi9jYWNlcnQvY2FjZXJ0LmNydDANBgkqhkiG
9w0BAQsFAAOCAQEATNhE/LA4aX/Bn8x3PaAsMxs7f1/v6JBytU9HL+VuOMu37Rui5qLzFOPUj035
bhk6EbDDnmBcw06cGIqi44N01xrNPFbr6CUDj7kr1vGQAq72SX0nZ7OlwzDU81MUVxLXIb62EZBO
27L7dLd8jpUh/GL5FrAWuL2wLvTXSpLdHA5KGaGwuTeISOUNDXzTOQHOx169Ye3Wy8Aumqxz7sNw
e4/4yBi+SjD/W7Iene/J5MT0ruF3Fx9fBFD0iR4Kj3EslR7KS6iyqtM5A17hjDiE+Gsl9G2jIf3Z
IWp15l6dV5Tr6uSq56/rVfd8+L7/JKlQ4bJY92CA3rltDzUTycsVhTCCBawwggSUoAMCAQICDB/V
KQmttKlCFLEhETANBgkqhkiG9w0BAQsFADBzMQswCQYDVQQGEwJERTEQMA4GA1UECAwHU2FjaHNl
bjEQMA4GA1UEBwwHRHJlc2RlbjEoMCYGA1UECgwfVGVjaG5pc2NoZSBVbml2ZXJzaXRhZXQgRHJl
c2RlbjEWMBQGA1UEAwwNVFUgRHJlc2RlbiBDQTAeFw0xODEwMDQwNTU2MTJaFw0yMTEwMDMwNTU2
MTJaMFwxCzAJBgNVBAYTAkRFMSgwJgYDVQQKDB9UZWNobmlzY2hlIFVuaXZlcnNpdGFldCBEcmVz
ZGVuMQwwCgYDVQQLDANabVAxFTATBgNVBAMMDFRob21hcyBaZXJuYTCCASIwDQYJKoZIhvcNAQEB
BQADggEPADCCAQoCggEBANO7IlILoFH4EVLQF4mE1XzXeXyHi3wPgeJkZg58510H6IbvMOUIeFGm
aPfwMuDARa3UYej8ea8yxe3WWkxehdRffi4r7OXeCXCzvJFCN0/0qNvSkAtb9x3FeRAolO4HOTcM
SEP/s/q2LIDhSIYGfXx4kasGhIgWIVoqRFAuT/fkpTEWO+d4xKedVfla28KJ/AEeKUNMmVG8MdrR
GPExBmlatg6y15UJVskcCYcLCTRuX6I/7+cpb/5tKttz7MHKV/yEXSO3m8HUdLqVA0PNtXzwroee
ASEr4gWTMg+AsCtyNW/AlAsXFDImnDrw/Lsu/a9HTPt7gAUCcoy4hiZOPoECAwEAAaOCAlUwggJR
MAkGA1UdEwQCMAAwDgYDVR0PAQH/BAQDAgXgMB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcD
BDAdBgNVHQ4EFgQU2WsKt8pqz8TL7O+mH+sLHAMS4lIwHwYDVR0jBBgwFoAUUv6+tyTCGwodRlKO
RCQq9EhAPQEwJQYDVR0RBB4wHIEadGhvbWFzLnplcm5hQHR1LWRyZXNkZW4uZGUwgY0GA1UdHwSB
hTCBgjA/oD2gO4Y5aHR0cDovL2NkcDEucGNhLmRmbi5kZS90dS1kcmVzZGVuLWcyLWNhL3B1Yi9j
cmwvY2FjcmwuY3JsMD+gPaA7hjlodHRwOi8vY2RwMi5wY2EuZGZuLmRlL3R1LWRyZXNkZW4tZzIt
Y2EvcHViL2NybC9jYWNybC5jcmwwgdsGCCsGAQUFBwEBBIHOMIHLMDMGCCsGAQUFBzABhidodHRw
Oi8vb2NzcC5wY2EuZGZuLmRlL09DU1AtU2VydmVyL09DU1AwSQYIKwYBBQUHMAKGPWh0dHA6Ly9j
ZHAxLnBjYS5kZm4uZGUvdHUtZHJlc2Rlbi1nMi1jYS9wdWIvY2FjZXJ0L2NhY2VydC5jcnQwSQYI
KwYBBQUHMAKGPWh0dHA6Ly9jZHAyLnBjYS5kZm4uZGUvdHUtZHJlc2Rlbi1nMi1jYS9wdWIvY2Fj
ZXJ0L2NhY2VydC5jcnQwQAYDVR0gBDkwNzAPBg0rBgEEAYGtIYIsAQEEMBEGDysGAQQBga0hgiwB
AQQDCDARBg8rBgEEAYGtIYIsAgEEAwgwDQYJKoZIhvcNAQELBQADggEBALGKebdGnWf+FFah0yvZ
PqqxSHv96DCmNz4AbGJ8YUb0fDKAsr3FoAnmxZA4K1narUZPY9FrixLqvheTIO0hKxlIR8xvKjrk
M9YitQFS5eFI8bY8UkPPOM8BJlIN9/u9JYJZwheQwn4pvEFxnll0T5muU5R9mB/eBOt2Seo13/3O
aYY4733dX2POgyeiHq5qZzgXyUjNIKe0KDDld4jYvtcwomlHUfd9B0CiQ65NCfVAD36j+UCmK5+/
AHf+3TOr6df4gZXaOc7skv4p77/Y2tEOoNbaNZxQ9oD816cUYGsuJJ4ZS0GAnX57NtNMj/PupPYc
D3LUnFS+tT4bP/L4OiExggPSMIIDzgIBATCBgzBzMQswCQYDVQQGEwJERTEQMA4GA1UECAwHU2Fj
aHNlbjEQMA4GA1UEBwwHRHJlc2RlbjEoMCYGA1UECgwfVGVjaG5pc2NoZSBVbml2ZXJzaXRhZXQg
RHJlc2RlbjEWMBQGA1UEAwwNVFUgRHJlc2RlbiBDQQIMH9UpCa20qUIUsSERMAkGBSsOAwIaBQCg
ggIjMBgGCSqGSIb3DQEJAzELBgkqhkiG9w0BBwEwHAYJKoZIhvcNAQkFMQ8XDTE5MDIyMjA4MzUy
NFowIwYJKoZIhvcNAQkEMRYEFLuDdPpZaf7sNR2NXZqs4Nyn6iD5MIGTBgkqhkiG9w0BCQ8xgYUw
gYIwCwYJYIZIAWUDBAEqMAoGCCqGSIb3DQMHMAsGCWCGSAFlAwQBFjALBglghkgBZQMEAQIwDgYI
KoZIhvcNAwICAgCAMA0GCCqGSIb3DQMCAgFAMAcGBSsOAwIaMAsGCWCGSAFlAwQCAzALBglghkgB
ZQMEAgIwCwYJYIZIAWUDBAIBMIGUBgkrBgEEAYI3EAQxgYYwgYMwczELMAkGA1UEBhMCREUxEDAO
BgNVBAgMB1NhY2hzZW4xEDAOBgNVBAcMB0RyZXNkZW4xKDAmBgNVBAoMH1RlY2huaXNjaGUgVW5p
dmVyc2l0YWV0IERyZXNkZW4xFjAUBgNVBAMMDVRVIERyZXNkZW4gQ0ECDB/VKQmttKlCFLEhETCB
lgYLKoZIhvcNAQkQAgsxgYaggYMwczELMAkGA1UEBhMCREUxEDAOBgNVBAgMB1NhY2hzZW4xEDAO
BgNVBAcMB0RyZXNkZW4xKDAmBgNVBAoMH1RlY2huaXNjaGUgVW5pdmVyc2l0YWV0IERyZXNkZW4x
FjAUBgNVBAMMDVRVIERyZXNkZW4gQ0ECDB/VKQmttKlCFLEhETANBgkqhkiG9w0BAQEFAASCAQB1
185YslMDbIWKXNptRXWXbTEQjIEfMFpEy0Pybnagl7YsBtZc6R3FV4w+wEttHVULVEf8nXBc+12O
SQ7V/ZcD4uXxeMMnirtltJoi2k4nnDqB9mCXGdEebHe6pjQluePUhE8uckfcIy1znbK8xn4UnGzW
v1YqBp7fcrUOrLiU26HYdDGGj4a36/x01vG3hmTl6uIO+/JnT+D5sq6in8Su37hk2VuD7x4IRQn9
joCYlCszg9bmJyekA7gJGjWU3ZuXj7hhFdFUJhZPw3ZkhDr2kQSDx0O0RWimlczYrgSdMe6yos16
QbxuAZv/Uz2EzvdnxxSUlMt82GTsNdF0l4X0AAAAAAAA

------=_NextPart_000_00ED_01D4CA91.EFC4AE60--

signed (16,269 bytes)   
Elektor

Elektor

2019-02-22 09:12

reporter  

signed_encrypted (23,080 bytes)   
Return-Path: <thomas.zerna@tu-dresden.de>
Received: from deliver ([unix socket])
	 by mail (Cyrus v2.4.17-caldav-beta9-Debian-2.4.17+caldav~beta9-3) with LMTPA;
	 Fri, 22 Feb 2019 10:03:34 +0100
X-Sieve: CMU Sieve 2.4
Received: from eiet20.et.tu-dresden.de (eiet20.et.tu-dresden.de [141.30.122.20])
	by mail.avt.et.tu-dresden.de (Postfix) with ESMTP id 98C46E02E7
	for <tyrian@avt.et.tu-dresden.de>; Fri, 22 Feb 2019 10:03:34 +0100 (CET)
Received: from localhost (localhost [127.0.0.1])
	by eiet20.et.tu-dresden.de (Postfix) with ESMTP id 616CD305712
	for <tyrian@avt.et.tu-dresden.de>; Fri, 22 Feb 2019 10:03:34 +0100 (CET)
X-Virus-Scanned: Debian amavisd-new at eiet20.et.tu-dresden.de
Received: from eiet20.et.tu-dresden.de ([127.0.0.1])
	by localhost (eiet20.et.tu-dresden.de [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id vJsk6L0Pb4fw for <tyrian@avt.et.tu-dresden.de>;
	Fri, 22 Feb 2019 10:03:33 +0100 (CET)
Received: from mailin5.zih.tu-dresden.de (mailin5.zih.tu-dresden.de [141.30.67.68])
	by eiet20.et.tu-dresden.de (Postfix) with ESMTPS id 5E94830077A
	for <tyrian@avt.et.tu-dresden.de>; Fri, 22 Feb 2019 10:03:33 +0100 (CET)
Received: from eiet20.et.tu-dresden.de ([141.30.122.20])
	by mailin5.zih.tu-dresden.de with esmtps (TLSv1.2:DHE-RSA-AES256-GCM-SHA384:256)
	(Exim 4.84_2)
	(envelope-from <thomas.zerna@tu-dresden.de>)
	id 1gx6k1-0003e6-6m
	for swen.tyrian@tu-dresden.de; Fri, 22 Feb 2019 10:03:33 +0100
Received: from localhost (localhost [127.0.0.1])
	by eiet20.et.tu-dresden.de (Postfix) with ESMTP id F017E305712
	for <swen.tyrian@tu-dresden.de>; Fri, 22 Feb 2019 10:03:32 +0100 (CET)
X-Virus-Scanned: Debian amavisd-new at eiet20.et.tu-dresden.de
Received: from eiet20.et.tu-dresden.de ([127.0.0.1])
	by localhost (eiet20.et.tu-dresden.de [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id sWvlC-cgAilV for <swen.tyrian@tu-dresden.de>;
	Fri, 22 Feb 2019 10:03:32 +0100 (CET)
Received: from mail.avt.et.tu-dresden.de (eiet50.et.tu-dresden.de [141.30.122.50])
	by eiet20.et.tu-dresden.de (Postfix) with ESMTP id 5395430077A
	for <swen.tyrian@tu-dresden.de>; Fri, 22 Feb 2019 10:03:32 +0100 (CET)
Received: from zmp122175 (unknown [192.168.122.175])
	by mail.avt.et.tu-dresden.de (Postfix) with ESMTP id 65214E02E7
	for <swen.tyrian@tu-dresden.de>; Fri, 22 Feb 2019 10:03:32 +0100 (CET)
From: "Zerna" <thomas.zerna@tu-dresden.de>
To: "'Swen Tyrian'" <swen.tyrian@tu-dresden.de>
Subject: Signed and encrypted
Date: Fri, 22 Feb 2019 10:03:32 +0100
Message-ID: <013b01d4ca8d$7c8b9930$75a2cb90$@tu-dresden.de>
MIME-Version: 1.0
Content-Type: application/pkcs7-mime;
	smime-type=enveloped-data;
	name="smime.p7m"
Content-Transfer-Encoding: base64
Content-Disposition: attachment;
	filename="smime.p7m"
X-Mailer: Microsoft Outlook 15.0
Thread-Index: AdTKjXxmqDPjupRnQ6WjQNvG4CnfVg==
Content-Language: de
X-TUD-Virus-Scanned: mailin5.zih.tu-dresden.de
X-TUD-Spam-Status: No, hits=1.7 required=5 tests=[DOS_OUTLOOK_TO_MX=1.449, ENCRYPTED_MESSAGE=-1, FSL_HELO_NON_FQDN_1=0.001, RDNS_NONE=1.274] 
X-TUD-Spam-Level: *

MIAGCSqGSIb3DQEHA6CAMIACAQAxggNAMIIBnAIBADCBgzBzMQswCQYDVQQGEwJERTEQMA4GA1UE
CAwHU2FjaHNlbjEQMA4GA1UEBwwHRHJlc2RlbjEoMCYGA1UECgwfVGVjaG5pc2NoZSBVbml2ZXJz
aXRhZXQgRHJlc2RlbjEWMBQGA1UEAwwNVFUgRHJlc2RlbiBDQQIMHdtIB15GRjJ0w2zDMA0GCSqG
SIb3DQEBAQUABIIBAElie4K79KRAXVGVUGFfLYi/0tmDq1FnjtLULa1Rzy9eFu2BlV6gHgk5klIc
GeOlLHzRbbBmXQSiQkGtC/WSaGw9akGgF7pTrsJYBWt+q9wvJJYoRc8nmtYiW1sznlcUGCz33Bs7
fa01mydhSO7TWGzxRXqm633QlMYjN0QZfCwR/GEZrIWzeias0h8KjifjDZEnlSNNBU4r9uWcxpT1
YYdP1dXBOb6B5L0/fFlKfpkTCiu3ZbE/Tb3OG++qs5JAq6jVZi6+GmUKkesVqgabpegIaY6nw6vW
ObRX03ivuVwcXQAk8nIuKe+5jyxlCJCXt0Rymo4GCsXEMFi8Oe1KgwgwggGcAgEAMIGDMHMxCzAJ
BgNVBAYTAkRFMRAwDgYDVQQIDAdTYWNoc2VuMRAwDgYDVQQHDAdEcmVzZGVuMSgwJgYDVQQKDB9U
ZWNobmlzY2hlIFVuaXZlcnNpdGFldCBEcmVzZGVuMRYwFAYDVQQDDA1UVSBEcmVzZGVuIENBAgwf
1SkJrbSpQhSxIREwDQYJKoZIhvcNAQEBBQAEggEAuQB1E+ggsDTkKif3BiP/HPoJNvxzYTZcdYOL
n1Z/tmdvkT2m3n5S7aG7YZVZfcqmfJlZkkbtMEAyQR21oSkRZft9UzG7cnQILQmi1PliY9IM6bac
wXkr1i2CnH7dhdSiK+Bs4h7FXLuldmVFLdccXhOSO9waNzTErLKzjkfnv/jCdtuBoo0qDXCyDKAR
6SLE4VZEAnmSfbln0CuVBeRIFZ9J9D+8fvLHeWoaJ9AwB9pJXTppCl9WQZDJkffuk+UQPcBqz483
oowJVguAt9D4XUnd9klqmedLqtaH9bnINPjkYrdLuXZLFBHAFAT7p+KAHmVvueGml8jze0VzlzUo
XzCABgkqhkiG9w0BBwEwHQYJYIZIAWUDBAEqBBCvzKMpibGp5v7SUhINDy+loIAEggQA/2yBVtlb
D+b0iiYOwmbzMQlHqQ9IJyT4f2qi9dNl8aLqcQobmkAkMmlz9VbjI0ChGjwVFWKSVsue1qIwUlQe
Hx/kYSsCmWQ53EMC/bZzY5e1DlH7eksAKL4b6gGbWjQCJVxXVzjezdMXRyww/35e3DtwAbatZ+CB
2t4RQQBASSUg3TvCzRzhx9/stAKkhMXBj0CpzX3KXCE9z4HmjnfClhqnsvHVE5wIwyI6KrfNRzfH
cZPkdrTN7fwvIw2SIw0JgbLznfgMuWUJxlVwUKNewENlZsuqq/BvSHg+bjz+Owqfop12vQYItTUi
cDrLyN5DRzMVq2VSnNIlBEpYxaOx1qBRRag5p3SWx3Nx8cZD/6ydgahtt0WpdSY4oBIH1tR7y5Df
w04vWtIefHpWMKJ84eEx9q0ZlTKF2UX14RVf809/UiEsLzXiTXss7JDF9UvHwr/bGHaZRv5aYeBG
WbuGutxDe5VXi9ZTL5E32088miqQ8jW8iJ6z1VApMXb4USGbCQhddqBAXM3n8LKv6tQTALxSIPCA
Yd3Y4yPf3RmeDgQo9QVX/eQxpAG9tL7XTBVV3EZlyvYplO000Ldf+zgjYlch3NmQyqAsfNUW3xx9
yq1IqaVxgmPtrNsqIVAFQw013Eh1QJyfN5wZZ7y+cyEM8+m3WdJTdOD4qXWrTghYLFMQVTjF/f9A
YGvolRHhnFhSwMgN8AkXg3Az0pfD6LInxNu4uhrvutCAzCP0sRJmrfbWoHtDAfMAU7OSb2Zq3jTe
09tt0cotsxaB+bCwYithy5A1NAwxFisMa2UyEKKeSDkahFkuvawxlU//TVo+9O0NKVWgOR5iK4Hr
wZTs+Z3koRLAK72fk5ZmGL4h2/Z8MoH1ecRu+KOIJSk/i8ZHBgny+RJm7H59PPLan0dk8hS8jopm
FstiWQ3WzZj3pj+3JzD3y01tP6Uv/92puesLIjuvr16niy2yTfd16Vmz9XUU+s/1f138jr6ukWqW
EDGpb5uceuVYvIfhhrcS4J2Lx2Xp4+flwQ4azwSQIa1E3t5YgEPsYmeH/0zzfzkN0GkezB6m8GSE
PDMayKB+iY92XzPdEV5QDznvRNupxpE5s85dH9SKXHCaWjlNLUKVJSydztRmKhEeOayUD7c278uo
If8+F/OdFcBk+B9LLxBGoGkWjIQ1a5rf5JrUQPz+YRHPTFfpki8jcw+Q7J8yoMGK/bL6DIjGQQi2
r5/sbAZ6Lf0U5lnabg2jfhpkHAlJHrE/b/fS4lyK6WXvsOFGX6Qr4aFRTd+4YZWD7PqJn/k7+bFW
lD/Q0Iu+JsMdiCoHIMYtX0hqAojGoZFuLfSSzSNZNnCeLPpwppfCT6+aHWusb+Y34ASCBAAWcW6/
bkxM5+x8chbOYKA+7YmcNq/5aLX5pHAGdRZ/pd1hI5p2m7w9FT+/WRyrEY87Q1lVHofBCEvcHA6/
WEd7mK4RC9/jAPG+nzndV4Th9zw68+I8Vej4+oNOloS6nLn7CikX1yKtTaNDELVpT7RTPg7z+oEk
hyZ+/NJ3jmBYWcWCUrFnwDYJkPvJN7v99CeM2BAvnGf69jQnBJCFdtQ6J6qQ/7EfPru6j+JArTav
TV/P8HuhH9RrmkMz+E1YHvx+yS+XQWVYq1Dnm+TywQYClwUnGgIiLsngyUESxYU16KJON0u4sDxl
J9WnHUNv0xD0YyhRIC0dqVcyVkkYmYniolsZyFt0HFlTI2p/bL9jjE/8EB/tOutwnRHRBhhhRIUG
wGs4MSTjF2mKW9ubgp19LgENA/fXzWxUZ0G8JrPSONQL7y7C/QCabKIwKfciVpn9/EZjrrf1c2f0
o4uMHtO7NtERZp+oSMPlKwKN55mrrIdpneEhVK3XUFv1zxb8rC5MvDNGrb9a7Qslp27KRdthEI/v
W6wjspv1zqU0JuNEJWuCveBQqZwaT3vZYL4FOlhUzJ0/Pdfu0vfxch0IXTrHhJigTlBBqFCkNk0y
6C1LXKwzY6dwT1M0VljoPkH06rcjvJ2id2QWrxD61+I7HKpQxxsyVEFMSlEZRExp/HQ3rMnTk8QR
93pDFqRhsxUjEPxkID1FCvDY7pNbYLgYizMHtjwqZaUjXXJf/xyCulTu2jfYdttjhbK6cQICjT/z
OFG/bUznWcX+STcpIGMTFsNwWVINkPiemO5HVS/SAnyIOU8uSGZKtEmUkEHOLws1VQQv2iP5ph3F
nHQoMzye2bESapsY8rZO8QWeDpgj4MvOViKnd4TgtCJ463hmpqGGWKSXBvGr1jinJH5uHlUoIJKC
1hO2liQSS9CbUbw7cfCXv2PeQYYygHSWUaOMY0fH9WsDWgVZY6ggAmUrssybt7uy/jx7SFY3GkNq
Ranr6NJ64XxlS/DtEaCI02Y9LoOiso6OiiTe7Ue9l9aBIBqBaulqq1Bs4eCuA0mlO4eULJc6+XVk
QWLpkpFMi0Tea1/YmEWGyB0d+aKY9HnyMhXDvHVrZ+ff7iv7NnTevSzOsmpMKbcZ2GaBdxR/60bM
MvM5UtUiPninwXPtJQybpxuKmstJIcuvNoV2Z31MOILXphBfTtaI0zsnrz9crZ6sFojc5ypASJcG
J1pxYVvyUElKlpjc0rFatXaL/F7wl3vBosB7D1O51zP56tbFjRXQ5oFBY2Iwhh6FWob8M7HVLaJp
n5zbBlrGNZFvoPSZIvpdLBzmn12d3lI1YYWOmN2wJDk41TGj97uOOI78V/Aol+lXiV7PBIIEAJun
1PM9gsm69Nw6M0t35kQW3kmb7ePiixBdpGeRzaeuGQwNwUE9AlkjgFEH6WFtOCW5TNMzpr2QH/Ch
U+Ep1yaO9vhTzTnv1Oo6Ewju5ySsYsFIZnV7NrbcPGtvKOy/VUZLqqCmkjBSKTVP53eqLlhmrWXi
8zI8ADNGxf+5kUnE9xTJqw4icrDRxc5D05ZdaAv5L0dHsyZnHDoGrnlzMVrzln2osv8IeakEMJSO
3BXrOm+uPPiKiFXgXA7McEP3+klRqifW3fDyl0GkT5lQH6kW+JM2pndk9+Ic/mocjfx/thK6R9tx
zcTo+eJP2ELZypbNF/QZiyVmv+y2IywqhTs+Pw1XIXX0N5a1JUq9CKnVOrUzOZ5Xn7uARi0of/aU
LHruutbHvcisvD7NZ/n6b5Jl5Z2IY5jDAG8yN5K31Hw0uek+S6l41CPkPDqucVQWL6KXmDEnJ8Ru
6QhZdofMj+E+QP8HVRzZcc1Ubigsud50hgPMLrdatl2CxVOAE4qowfCI7xW3HVYHHMYnEDfNFL0j
U7RDHf2W3xZ4NQLMK7BJEsYPA23T/4nuHccbW/ugLd4KAjq6dgJdG9HC5YgW4LgUmp7JBNAHElct
yRiqzoZJSPxZFKNACQ3wUf2CtUMO2GCO5NFfKNmqjEIcz5G7mwWCsWBmYHNkQctxgfO+0muFri4q
b4eQ59d2NVeaT9kZWQprMMOhPX79bpNANwqjh1m7occsdwnPuxdoLce8dHGpZuXrUSPx8pckubkv
1jrSycyUajoRzTbDToa07bECoLvFygbUN+8NVkoX6EvuktaB50mad3IQ730/MDQ6ZwV54AfNdQ1b
WRqq+hc1FBVVx0QHZbFuAy8KN6V+/AuEMqe7Jbz5g9qz/G6wh2R4BDoUgvFPyMriawL/NBb90AI+
Vygs+XtVE7zJNJNi20mucvMQ5sX4ZAjJzVWmx1tYvt+W2d4NSf2PVCvV8zYI6Mr2ewUYSdZoyfJy
Q5KudD31p1jzgvaICjI1hz8K0kPf3/yfQb3nf8NcxZN0GIc/10BY0I6fqMuZ9pfs1lmG/xm/2UYv
7sc5HoMcBt56u8ePPeqU7Y8mmihJge6JKwJViiLtPJcSlyKxAAfjvJ2nF+7xedNhYnjCO7ZVbk7i
5ti/O0mf7BhU1ztdKogbgQs9gkHesPD/otBY4OWkEzIcRhPpsbs/NFm3o6QI5d0kucWxn4LR3mFF
pJOb8DkWFAhzsa75u17XcxjVOS+opzGQxE8pYbRc7xAYrOum6HbMxjZyi3augRwDaNRTTEw30amw
OHNQnIuJLxt/bCZaKpYl+jmMV2+GCbtBDd20Ulnp0NpDQUQ4Kqh8q9kvDuNUE64h8TEjR4UEggQA
E4ZOSQCReTkEuclP8bWvtnhXpg3u0Q8V1CZuS8DFL6ghgaET1DCfQf9b1W9l3qJqmUXmZWklj1ne
9OWVgUQhWCR0o7wsLgheZE/cB9xJxCJJnct3LHfnhLrYkNsCdqts/yh3n6lRSgvFbeMT7QohgKDi
GHiXc7iebJtoumcn+qMdP96nmF5S625w2VcWxanghDlM1BEX8F49aUmszdPz5F9fmyCxWpFaHnLG
WJ9mhnFdLHJWoKKESxAkZsFPpbT2SMUZ8dWNZlx3/h/7lqBNUwGhTJKhBhZ6QvDj6b2rcW0pldqZ
W6o+evvFMQ6qgltR7x8rYn9txtacQCOLEWdat2rpoBbTHHNHJ2aJI7MfYufDM1y8imhSBAiixE5c
b1hJHFS/PC+ybvrlcGwhInWfWzZAbq12Qe5KVb/cVwsUWmsU9xe31YQpRyHV6IDXGK6lkaiwewU+
MYMNgrY2wqDERaXlb91GpRxaMRoyY8T7xwEprR/YuS7Wj0JZvmooq861jOrTMq1QvdV4XhwcMfHt
m1M71vHDensQCyk+0IB9M1UQjuDzQFeRaGvmVnk9tYuUr/1YPTC0O6I2UTwwKM2GAx3nlD6Gly1/
9pKAxrX6nBdOHl1TtQ2P7hxGMiAURza3N4tKzdtzS+be1ApSuCC08aQ0O4y3kI2iSN8Ko7HX+X/q
J7WplznhO0u5ucECA983ID0fkxOrK8ZEs4+p3ekuIQM4LGtqVN1ApoWW5yuHytA5zi9xxkl8yZXT
ue0ukMtusZ9O5HX/6d5krQ/a+yswxvL+RsfV/8xodLwdfiz9NniNCuzcqs9p2+/Id4e03/C8RRTd
Kll5nnaM+qqWxIpwxMrcB8Tfp/PO3htA/KuTlrHrc+fBWkDUNU9t1w/c4oYaLJaQNW8FkkKlLTyu
Bt1IHEoYXjRtAFh05/5N+a212UjcBAq7EzYlPaUicjzwGRW1c2e0jvrF/wjA53MUymDh5NW0foaw
DJpj0qluQ2ZiB/gkHT6kLpeZIGNc/ZPXOcWpHcPK7eYCyAtf5Fsrk2hD//LId/WO8eDi8QRnSeVA
VadBomxN28JYzWwmFqDJClJRQuLfk0fmV47LEkI6hrecWSV7cSPnIp6sq7nknEkiRf4in6w+wv/z
tOAQUfFBeVNvPRnDk0EGwIAVqoPpU0ZSB11QMbf1BT1utrGU/l306AVDc0PzBIHpq830a4nyEXqI
NNxEkJMHyjmftAIeTdF3AnaaShSU6XEiBjAT6mngwM9I0muGoPD9MBZKOBRA+yq2hwzbIfK2ENqw
0V8Qb1+LrTVtK5o3zZUortFW2xlr0zf5lZYFEz99Tqk1FKtoYRZ+kIsboArVKG7UeyijJ4k+6QSC
BAClKhTlTSviVTbZSTw7Ns+sfrRBd2kOA3y9oG4wijLDN3pW9Sh7ueh94kgbfMtB/9Su7TK6mjoh
uBkijHBMm43YrnFrXMVJsXGWVPelgkIXhK0mJ3b1Le8+4rnJA6hiyYdUvMCA0zNhfTknspQ4W4UM
a22tl9mdTMHfUR7+HQI+u3wJcmLt1N2KvZPK6gQW0353hQe1sCNDy0+Vz9WqF6cZZ4V0NYi6PtUJ
tYDmXcCuqXQYiHkjm0NxgwtqjZFQXHgfjylgHaOSdtTt6TeT+ASLQ6ZLK/LKJLZnMb1iWL4yySqn
DWf+yA8l0rmgETy5TpfykTwXfEeH0DWrz1p6bj92wtWa6UqH6Y7Lfs10wSDxQO52OAuJdkViS4gD
a0QgHx1yHeGATwEKX98fX3yOs5Nx8/yBf65nGoPVitVbN+iUi/hQusJH9uT7KZqyZ6oRPMFUOOz3
Qx1pPrzHjtjdp0PMn4geGUgXL89JRqzmpWouQF+Y2qexlOR2uoLdh1j/ajcyZSxNGb3J5I+4whUy
NAE/2LWEHUDaT2jyt5jA+hQ4a+9J6XNONNDWynY2oBU6aRZ87wtryWRLl6kPoXJgtONEaRC26ziI
cxMD2jwGvElq7qLCJGCp0Med32YMSzmeNPirdeY3R8z60t750E08KKLWW6TLwHg5G7tpWPIS6pN4
L7ETmT500aJCSYTK91pm+IsXLRvm8thlkTtajrY/GUmT0Tz/u2/pXCAfQ0KcOluTyo9rn5CdMx02
jQalS4mf3Z1iY2H3DnSF8a0m5XOw8ghWjONV1aKKqZJWr4VjtwdT35XGRcQmFnS4bYgthW5+e6Bt
T5WlVRhKUwNiDzSF20iVZqzgPAPzzRzdfo63JMo1MAYeSjB7MtBkHyQBOEHOQvpFcYYuOoYwIDQ7
BjdeLJimKrgm8o+9wj4YLOyarE/VB06KZMW5h9dEQ9irm3mCiTDfsz3j6UksfVqfGr8ZnQmQTTYL
c0Q5MNnyC67HJ8V6Pr0Lto/ue9IqREOAMHpFm1pZMKqnAveGp5T0R3PdMR7HRui0MnNW/r9+6+Vr
2B8ZTnAhZZKmx3OlHq8bJ+TCNTvxb1MYg+zYi0bfFYZRYp6qTx5ttSF0az7nNeqLz4xtRkZsG8GF
8IYxUvHPbY+uVsOq1XmQGfaPdfv7rYIc8l0QA6AkvUIsH2N0cGkESHxPcMfLNuFY8yrX0IYUQnc/
BeIjjacKlHf3WsnvuiLs6QZ5f0vrR0hWCsYAwH9viJaliF0Rpwme8kBOdjHHZ/nKRjKpIeoEO3mP
X0/pUtghN3yn5Y29RBKMaoFsxJvdK8CQIq/22JPvx2PQzP8KKTI9mg//hpQ13F2gqS9JDAdf9m6m
BIIEAA7KukYfXW9l/UGxooFF6b9ZucDMUvYNeuE7N7dXYH8QoaMqwu/KWCJh550L9H2128i1RMAL
6lnhQZ2RDv5b7ZtYSxBIHi5EY++J82eB+h0PHVIHQBWbgFtTBakya96arjAINmXSgGQBc+bCIGvU
pVDNaoRdV3+iexiFkCPEn1m8tIhF0Wu+qMun0dzsa2UMTzru3zvtAOnIZKhRG9ElTwH5G6ABWOG+
ZIc4NGxQ6x7sHusxp436DkF63U4h+7F/lp6xrzYHVg6aX+ta8pS+M0kDngghwIbIgHsCvjwP78f2
iy3P43SCnCrlLZ8CmWOIWzJLP9YgvmBIVaOQAskf+KCe2r1navnDW0svg2cLudg7w3sUhhe7omJR
LwkDF6HS6UnyvZTq6qtuU9wrPVUlWthUkQZkon1qKhwJ5z8eI+fm/gald8Y6rOW2KTi0DMZ7hFz8
v1fdevhYEP7CVbhxu/I7wmFSpJfs8E2tAv1JZkh01UzEqzETXKThePwzkPfDU6XK1uqE+ne9E2NC
bKs/A+fmfPmUzNdgepXCc4jgSruA7gkqW9lIPSpmncScR8dheE83+s+dyLWuuaKRg6gOGb9kHySN
jg9+LGaSGD64jVcYbX/dJ7IqT6dWmL1UVy3XVobUxXlTxig3s6vxb6EyjrsnMyjTvZ5CY28tQ4AY
UhnoSz9P5MuDlvYtfimmkMYzY63zrdRnDlIWhm1Ms1fnad3NgXuaI+MmHexp/fupoLpZ0YjWKQr+
bKEfugXEcXqLwJHPZJl71CDIPi7zHsCuI6kQW1pK+2fLICykB90HrAO2nGC/Ky5J8iTBX+d4S+BK
6r9WpVWXJ7MwAbe4RjeZi0Rp5e/ksgxs4iBVFLgB2SbZ2uvfSGF1F95wPO+/X6y1pfZo/hBGzedy
D7gbxXlw82t2YvPUGEc+3TNXpW+8brZkL8MFSB7yXHi07wE4bD4RPVWzIYYtOkq+orC6RNZJ59ye
QfOsqz2S+VigVS6N6jh01Z64rqqJ7HCpjYVKyp68knFXzgVfLkf0DCbPvT4Ve39ni5l2SjQ/ONNb
xh/kESjaLle7owwHqORxwPwI6rRYWDRtTLS9JLvZCGhuFL1ebmkzxpverjUNJvHBqi/3CPnQqLXG
iztdqNpHRt2llxiNQDCm+SeeKqWEW/hIwXRjXskFMifqK40wtqEs3/ksWR2AMl9R+zGkgBPpeFsB
IYELhlbeLmZhepiq5XGTIdSZwybD4BAXe1VB7Cv3iRquVZdIp7+oex1FKnlt/3gwekHjWXZqheC8
DvZDJlXN51ipNZe7MDctUxsoYx4NA7IT2E0H2oj6NhCDMkMPKraiJduJNd5Yo2E/FAsR0Oezszjz
42sEggQAPvBhrqX0+piWe1HYpmIWOM/Y9QBQUYNtMwllfOmoCIpFuA4ind75NhEv78cD+OlhIEfQ
Ei+AvHP0Us7J11byWqlD5dxIprTUBqvBdmS9gBiG7nkNsWK0ER71D02iYVgvia7WthryyEDJVdQ5
0/2xXF8zTsU2du529y1fx5N8jVNYWJ4dgAtHJroHunpsR49a8cKK3hvRSxWgWB8fMwK1oo79Cdkh
DTHqyH8GA0/XhmVlzasm7gi4+ncawz3ca2l+25q/wBOqDjPC3gl15kESWocV4ZmXOY7r9L+hmsMM
WvzZLLJaRKGzeoQ6t6fM6fPf7qSWLyqeKX7K3BbwEl/jYc5e3LaWXxszn+9c1aULXK0Wbr7aVd8S
Ytp14eP7IprGjpJAdbtNpcRs+bxK0tRJjZI0IV/L5TRpLXKfFZ0wMo5wlq/WVYzb6SG+OmAM8yLG
dD8gRsrqu2fQVbBvetNtZO0R8dB0LlXs6Taujx0IMPVjxcY43UOdSSGshq3eBRzBgT3a/fQkwoOn
1ybEHVrlpMqjWmfQs3Bv2iS+P8QsGEX+v3WLy/vqt2/3TcbKfb1vcjmx1LrrkB/wVWgGiToMPQVN
ubBmvE21DK94ngf7neWR/bqrSSD6Y5iVoAHCUSSd8JtZTsTwiXvKuFY20lgp7LY7woxrPYn1Q0wL
6fhD3Yy4h9zzppBj0bJbX3U9Ym6fWCI3JtdqxUjQks+MhGQuuqfVyCea4XtMniJUWqkiAouWS7HU
ZiP3HmIRkpDo4MlpQWGHk0Ivy1wSmyVLOyLOLxFsJLgBxS/nakMkScYC+BIT+soWKk5GhPWNR0mR
lzOliJgZvqBAd0cXIumMPRMYLgKOWFZoaxHo5Lq8St8o+zIs/fAI/yTJyQIulPu2feHzUE0B0EFF
SGu/aETiWh8NBJYeq2TVXgn09IA27J+NBtCXHgOQtZlo9G202ki2e6OiifnflY7r8UhsJJzjSFx9
xFZ2NPcBIPlfmMun4riifrFWvTdLsJuGcW0YJUvsexnrYvzvpyYiyQ0xcImwt8iMNgFfRuVDG6j1
GGoxG/e74tr/lMEMTaFH+ahlL2kbTKiEFzktjfYUV/R+H9jCcb5majLK9375kjUrtq6s2d04Urjt
3RibXX+X8jgtHxI1HGmwYOomv1lQq6tHPiM2krztOQdlQzRZg7lOFFy3ILF5U1i+BxQcPkSmF2sG
kPOy72wlKEKgWFb9MMBS/RPFoF+pATD70K6BgSrC1XG0AfF2BXYt+OOi6tfOSiS7Q9zumshJlvhO
QrxgJu89Kziq2smoBhPUYgdLPDgacGE28xwj5UAZqbBOLJUjX+kap/2IlRdiiBxXjSO1Kg6kODW1
yCAH4wSCBAA9mRCXqNe2iwreV4+FXIIdhyi0VWNDXpPpgyJQZ+U9SwmJ9FXW87c6W9g1fLdnaKeY
G6xUnZnCwVMbKC/bXUwpwVyYJgT/FIcJhRGh4zurBY9myvbXS2GfnBlQpKQpBsRlN2QDNMKmC+W9
Hr7DlUOS0PgfQeoNtvjd6XcUf10btm7NIhDXG4LlCsNWJ6vxx5oLwdwoUu86guUb2ilZDkoUmxJH
nrxJ9cBzw7vgJt1bOyFWd3BbsBmMsEttC10CkNiIKlXnuMsfucvfJ438LMrtrtSBi9sE6NWF/Hik
C+tN4q4xUVQwqCNzrnovh8afYd+MsCjSxbOOpR0NbB+P79jZejZXPewhS9NwIOTEdS9GaPD33epP
DDJPnPWIxgt2GCf+RBkU/dVH8mL4BHzbsUBU4ZVObCPXuieaAKPWCloW6MR0bz3VHQX025cGeDe6
ZVxmK/4SFTgLcg5nDQze22u4TuApCyIhdM2d335S0AX3ejOiLbu8meneVfK15mcIdmjTFrzQrMlk
NT2aynONvghBDNZ8HR90CJAKtrbvtm/8iiHNP7zwu4PtfRkKQlxRfir9MyIYuWPI79418a5xJtVb
S+3tyNxuC2k16YGg/FqYb+jAW+pBodIkpfAzi7OG0NxEpn70WzgvP27Svo/jlfgAAmkO0AaqHtgn
QvKYqE9sUoNd6NjO14Y69uywIdYfmbheeXIXVRA5FuxYnyakxoqTcVJR0YVzrBVDxvIUA9uqf8tE
ZJpJP+YUmPyQnoOGzlmD4X5xsbjGlieDylrfYcYy0cSSFJXHLP8GEHn79ZYTqaLyvSAwLW/KwRQL
Q5fOM/nAz9rF9Cm7xoGg/cMjwBA2ZEvbKS7sV7c+lxwQr9jkeh9HPodLa9jrYq9DRDIWCGMa32m1
wjfd1HNrmE0h7Aj1FKCUOuRtx6QK+JJkOhmeeHGs6ZqeqQxSxJJmNrA6tCm2EVP8PZyJoX2H/C/p
UulLD2/TX7u/zzEoMIj+6kxiOGouPXUdhf41Ya6XXadUw5LacjvB9Oxd5PaZmnG9tsDVrbx5BgUN
+Tpbbw8OAFJGjlbHCxpHN8NTTUJVdFjiS4zbIU2Cy/ynYLcx/iaXCCXMctg6zvNI4C4eEXy8IE4C
VQfxsdPVmqXIdJuQcHqxyLHZN8fnneYrS8R0WDlGEDdowFrIxcK/QyER9m9JbEPnuOCEC/XPIoDH
AJJ4WM1pGHmWrONjMKx/A7RMyzpr1w5AwPLgTMZaOUoIOHn1+krjn/EM3bnCXqDlb7opTtD61Oo2
U+a2IraBTEr5Nz7HGqyC1hgUxpV2X3VWtXlEBQ3sIuUQCYAIJu68tbahJyusEmry94hxmwOK0hhX
dRJWYe+dBIIEAIh1QjXA7+dDKo959L2zcpCNFTSCiklifi+JE45SFFKLqiLJzFJG/AtbR63E8xJk
md3ltWUG+wCxzrbl/j4a7LHWy0vyP9Vw8doE/K8HY16PZLajrITSsLHQBYScKr2+evNbPLTfoaoO
rABMi4xfPCF3iGd2fsUboCnHd/zGZuhQOhj7Dm+wHwmD5P05iqNgtKxwY0RBy5ih+WB0Y4wnbZEI
SHxiNhIeI9N6hMCC80jTtdAIFTIeskapgMwhjbHfg+EvxE4F0quiNOgt3ps7/CfPNTRvnVZb5GKP
mRe51Vhgme2kyJjeyuRutmr9SWYwHR/bDfQCtnWkDWEPf6OtY62HIoikK26t9vLB4P0ucmw57etH
ytv7Q6GHuzfvXjxrSISfPic/1G9DxpuJ25lB4IZryMUHn4qBa/D29gzCbNqZ0YkAgWUDIqSY884W
tYRnTZx+WqANHJrDuLa5fmRLlvPcOqdF0vk+RNTRTVFCb7W1ZSy54oIy8EDvA8ssq+qh6oZgN0Hd
h0ptOCmJeI17uLer+nV615tTmrPVslIZow2gtbHRtMdhFwqHCsHhYQuDgtTjNbOYTo1uJe9Z3hLL
qoJRpT8I3lLJRCI4Q39U2ksA27HAX1A5Nqc96Vccxq2Vt4507GpbEojZYr1fuzTWFBdR1PwXnLS9
rxZR1dDZl/uxwG6R7Ca9MQeeEn+gSR1WiF1nH5MTmBs+M/UFiDLD7ct2NGxM/CsMbBtpGURXP+sX
MA9079EhmAYtCdLeKx1ZWWiEtifeAiYwkSQpgfaCxgA88jzIoyEvH9JBY61cSG2ZCMV0VY2c+rYK
XrgEj1J4Oe229OsFgdJMEXPa3IGCliCjtPkRGhmCD1eq51wujtLhdR7AdyA5r11lThuFEbqHU6zG
ncjGdNhTWEZs7L7GmKnCHdEswQvs0tdjdfeE8MUh+Q+NDZ9VLRtt6tMQoyY58QH4IQcnPZBEV4wU
3uEDXIsj9DUGMazGSovSu5Nqdde4o9/OI4eK2fA3IlYTXMavWkyyYR4GQsvdj3ENNqS3SUk3YMSI
JbeXfBqUhNk3pbyRkzIvQ5lxqVHcAgR1NzVGrLtggIhEkemNdsWvUfO4xH/grT0HEra767RdkcEA
1AOnlNAguC129NCfzNIQ3hTahl2SLEf0f2MmQIHSxujPcynngHhsk0Ec2DsRmdpgmF46BeAbi2Yo
64VDudCmG4uTREdQQcKYLgKKhzvfJnjGosUgBsarOg5FoQe0EJYmMhFcNMLcsV3pVKz9RgAbThJ2
g7PiUreYrhowVGmf1cLV/q6+cCgG3h4ID+1FcwMFMrkzP3ZFDXk8+3SX3qRdz5zNEGCqolkgtdYZ
kpzf/YChin8EggQAVXJ+hwHbSprVkLqAMjA3tcWnL2uTTIrDlHqGjxShbQMyW1NeW6FD/dMef+ci
9sVgZMJppOm+0B7e13m/ibBvz6ZPXrW3nGfFsnOw3FxSngGafGYCHQS/sFnO8PFpEJf2lwxE5Tur
SshRboXH2J77gs8LC0wO7Fk+H+FtiwcNuZ0tlyZzFuHUHRah3bC6/vXsHNCmBpknzNeaJuOYrCXU
T7KdIUISLcarYB55nQJYwLSv5lVNd6vu57qtGGZj3STkBqmb/o7NSjh9NEyzys0d30nuzXq9cTaX
D/JzsoRrtLUnczxju52hdAUzc8ucYOE+AvIvgkIRqJ7ydElfc+mb9c8/O6g+xkbJk7YWAGuXRI+W
IrYpgd689JsoTk4nLYixfhtZIB8maqQLvqAnNGCzuOwnK/4WQboy4/nezOg4YjjvzH8vEgmZM8Le
Jm2fN5wITWOHeLVL8BFKmGfhsHJlapSPkEHaeLv3C0qAPTFS9vtMoyqPuqAGsdDf9uUd/DSW/P4h
uFjVAkrV00khT7cCGsWYlyjkuIkI1f3wB9IT1JLiAK/dyKlBTepB3f25Gti0JWR8pznLj/pDFUk/
W+JnadNYRp5DObtwQSBmdbkq+UeV55H9udjSlQt55D1HFnojIslosaxSbHlFQfSXszSGFylFCa4r
oBoYHN8Vxn5gGeJloyOEwU4xrgZnG9AFKYTabSsQHisdQXO91e3pIGig+ncPqYgndj4cLGrOQdAo
4pfrFS0zvDNGFOC86I3dR7xj3TbB0VISKQKSda6n/T3dYxXvz6sTwH62nKtfZKZYcDF4qgiJ9uLY
xoRJAlJpJDZa8Qar451YvDJnxtNPrBnHJnSM5+5eSfPngbwCbEiToHl9ENzoyn7AzF1cdNeSbMvV
rgHM1TIfwH1vQLVXd/11QkHNWTXRxn9Y6PH7mhMo9gK/eQuyg44xxXT+xDwQUHXopP3uCT/USyM1
KQJlwzGMMzvPDFZfa6Vl+Jx3S05Z34ESoxBp1kxnj/RCRMs+BEC2PUlX68KadAaESQPRlZhcBCRw
a5qzYR9ku2zrjDRNVh2MP9MfvjAoUI8lMT3XvVMswWXCX07i5JOSM3N1R7zoraJMsU+PMPoZEMMk
xC+OKJB1IJ+kux2jtKKA4UXKokWIOR3Dfh3gnnPyj6j+hETktVJQu5BvxZylKCGQShZ23DRBBt0z
RTPvhEXtgGVPcVaDUfUgmbxpaV/OZGfClO5tgmvOVm1LU2i0DG4VEkxVXmVsHVfiIVYcBJSguVkj
panzgIvSS+LwL0u1I2ZeBhoOjGSydXW8IkcPh/4KisQ/5+J+/fBIdnj6HmpbOptgvTGn+5v5uuiz
H+ZvnvGaW3tUHASCBAD4GZh+gJ71nWMVKYyoL08lJ738QyneC0PrKTgMETum0uqxD0/96rhmwzgt
WAC1lqR4RHnk9GiudYRlnneBF/9BAT/Y3lGzzlyLlFUiXecxa1rkkBG65Y5cHEumhV4K74IvYnNj
Bz2oQaEe4xxYWDBI+oP2dBZ4bKrdflCYmE/rMj/hwvB4JGx2jgRj05eqyuPYLSpPWqEqQUavyZI8
WpsCVBcP5SMv1Mkf/iQ224ryxhp8xd9Mju97BQXWUiQxclRyyYgksKglyNA2IL+weQDYWIF8KIqB
u/RfMHJZbvStvXLjFEI8nhvYtGaohqMM/xcv681S+QOTz+8M7B/UxsF7deeU73yXKQjrO2L7CjYj
OhNdz6HsnSCPsNlqDgaL8/2O6bZLm7rBqNRoi/EgWvw8yK0xcf6DV7E1RKx7bgU8YLRPfWVDg6pl
UMWtAgHIq3G+NQCcXiWcicsViGbpYuzFvTvPoKl10KhZawwCnE0tBcVAQVqhuAvzA82NH5wNdgp2
qv/IGo/4aRbPLDPOW7xPy81SV+rS8/rbiehQUCJScDSTWRmYmWYFalOlvoL5YNmuMcKvUAqaU19o
N3hrqA+WrFIOcJ+B0SphW4iKQtoDP+U2NriBcWDmzoXo81yUFoB6fF6jSxxir2UKum8oOO7y2HwR
3xvThtoDkc55GZ1un7YqYNaNjHFQan1uJtG0IjYZkVdCRQ1+BlNUvqyYnnCFd6xFyxYedZJDAMPu
iNFNurub2GwY5fWwc77aTfmp1YyyNXsdoKlSuRrJWGbvPKHpcyYU3axfirsBTNGovg19Mr5sph8Y
EaD6hwHJF+MZZjLyDM0TZ+z6IlqUYVrlLU7MwdoR16ReDhBHg5yYCveRH4HVrsPenWbaLbB95AEI
gicCpvOg3KzBltHbusB9ng8MK3AJAO3iWYGbB2shGqoAlS1QDCx89+EsxtnIIcDyvKF0qdSOUuyf
3Ab3I+EqA16siZMAGSWXhCOoONROxRuTuLTVp9jK1XY8occmRT9m2elhI29SJwUxDb93zbSrzcMF
4J+Gg3oriSIqP5+LxXLkmbD7r9xICQ9LP72sR3GP4mModeWcbKWBJwiJIjPf+fUAclfwuMksebF4
hKo+PXcViFw621J+Ogwd+24oMbV0U3LtGjKFRD8ipX2XMjBW+kvh1J9p2hyB91hGK9Ufr/AIafU3
L5msP8IbOVMSSQAjIsljdPiruwUpGqmv6zpz4DygeFXDVypSQ5sboHn/VOWAkjXbqGxxHLT+vIrZ
l25ddsgRvH8WOo5/+AhO05GPiXg3tFx9fcfM8hzoneVkYoooq56QCDKcyonHd8DeHX8iPtZh2YXj
M59KqR8XYs9WJmWeBIIEAGKOHaUhAeEtrnyJx6YGXdZUGITZb1cxmn+Ktsh0JWJDHkx0Og8P54Ps
mGmIPELpdwGGMUKSzySEKCet5cKqaaoKg+9xQ39ZB3fJyX1HLR3kjTIOignPkOgPqoFHc6BdymGt
I07ZO39wmIpc7/9OxYWeFFpv0gamZ7TPctyazUXxaXNtmcmiRGU7UICAXXqGEAtMeNLNTP/mU8PK
JCdxYbXQxSsOlf80TtMXdZwcZ6su+oqT44uN7Pbq4V8//8qX4E0lDsvAzuohdrbtPPKKPNbPijRC
LYtpYl2P2G69VUkzwlk570OS/xVJW9BkcumKokNvyLgIAky85QcodZlQtSeH7Cmx5o4famb15WBm
ljkTYyun0jL8LIb1CCKxOJbEBcF9XcIcXJXVpL54ecGoarqvVyTO2TN0Dau93U/Ll3jPXBLer3C0
pFX1mWXJbJrWppwKovf1+87B616LY48pEB+3Pfw9g9psb29okXZNnykITSSACgFfcYys9VOH2Sfh
ZFife1alJbWpwC37vMrFvYTU3DNGj75dj1w3CfawWO0hzj2wdB75LlJAvo4QbSgeDzuPskabsQWU
iz125OWJasxEPHlfm1mzERgRp2ev3VEi+sJ9vYY9Ii5/AwmQeWyz2crriW7GW71TjELSuqWzOjZN
rt797hVB6xu+LPx3sEktUtlQ8OE8v0Cnc7P68X8mqCe8cY01UfAkJEZfRffZqDQ31eivXn7sqOyD
CDTkR7QoVdq50liBFhcHyDeSnMHy26SyehO8566LyuWbbC3Lj7+jpoVfgDb4FX4JIgazwWc9rh8M
H2aPAbTqAXe7owbrA3u51XscBvAP9RVbClqr6Vi6t/uRxzutSoshD/Hhl2Nv7zvYsfsuGM2RvTHE
jrZupxFY22DuaEBEtm2f9BJY+UDhB7qqUE67PQwfhlqqwkaTIEAQyp81me7D8xRl46/wmc6Ss9eX
GYl31hUlF5D5Dh05bJrd5Kq+OB5tgOs7SgPSYjJBL3XniAzbnkvSYXvKw5LfnTt+/NVVMF6cRQjT
DEdmehM7/ORdx6bF0POFZXj1HKzlM8S3tblSy1AtWPtRRygYlwrHxY/amtg4X8T/EYi0+ThIZCHr
erH6Aus7+NBKgVIXapTyjT9CxBtCINyK4z+m2uIwrkfAd+nq7wHgNDMOOJdlfuESP9M7KpSGlFzg
3CUJLBpR2VjhFeiIo9Xqm9KvX1mULUKWWtT0gRoRqsfSng+FrsRW3hFRgjY7iRAPtYEmbhnEXTF6
5M/yV2mfAtcVOpP+nPzmNiPByLPTGISupQZK/NYkcJruKm0d80Bqfg/+reRN0gm/HwGszkvv9ToW
wuXXA9emS7S1tUhFBlkEggQAs8Y9/tOKQ93pp9Apom1mfaxa0VHP8xzgumLXNaRSFL3L9foJJ+ku
v7Ltri/fFqMSIUH8hdJK9sWxtz5YNmJB0MmEmeOCi4Z+RjRJXCrPs0xARV2Q1DmWWOI2R62WiYo0
hwXg4l00oeqhIrGWh8ibdlVtYJvuHLgjGRxZ5ErX2ukkO8mZ6HRyRbIvXFZirXA/4UVHAFs2EQ78
RdQ4pqcT0aoBFif9DaHDi8/fTSKaaGqq3NG7oPCmkYnrDvAk0J3ds3wEDg0gxZmERapVUInDj/BB
4F43AbMp1o1JpGYj5ZaPUO8S5w9mDNrRs6Q3PK9ij+i6OFfVFsHMq8bm/Ds5iNAk48m/yWpLVJsl
Yi+iuEF7hUMA1QB1/shkswwQY0XPOsm1J+vLa9f0VDtHbTp0PtqK0kbZJnDT2QUL07+0Yu7XQfFj
jXT/0phmcrcY7Wb7vKamCUeS5nx3VfZhj2kpPEiZpVhg8RNMSTzkvwsEx2P1I6VjtsHlktnoWvOd
VPWAmnkIGuXNHQQayf35tUuEV8fTa8635TLj9Y4AuuRyFVyrc3UCDhsF3EJEEm4zqQXpAgS5dbna
e4OANZH+1WEUO2KOGyOQRcaQlR6IY+QavypZ1nDAfmdfSsF25MIw586sajHXmeTETVZKt+e9K83m
7vwZL9lhPM1O9O4EK0WoQ2hv7MMNKU+us51u9OCjp9wpWjkR/PYAiBW7f1J4trD6UMy87BrcNykQ
fGlHwCb3WQPAc+8lHM1iPSPyJJJ48DK/HV1+K0euoPaahdNcafz2r0CsC96bli6xqk0KrPmYp7Iz
RtI7PaDSJQrfGM5aNp1qmxwWiRRLYXx/HFB5dTU2fT50lvUMwYDD1m4xa8H/OZieKIQOR4kOkXxQ
iOQSq2xjdQcYwK3pKgkxvGU7Y/sWYe9y9cyDPL90D2NsPpnH6H9ctNf2Y/JUi+RtSGiMmjai4abx
qP0u1D0yq7sAQfK6hdJ2Wi+NaUoLotWnBXHraZXGpkW1YtwyrhabicuLKSNvLpYEVmudAmBLAki5
bXYsBFmSoEOvGxsvkySICjTt+FkaJYGV/Fkeaf1O7xuX5CX66Rk3ufJHlzAegRRTeWBB/vSt5Nyh
e2KNB/tpV2qNqaBoO8sry2BKZU+q6fqsILSGyaQmsVV4TEOUJG2uBSAgwzRxjBpzRdIYKtS76ocr
gOoMaesu4IciSMXYiWaoJsWE75Jem1C0PKruwNiyD1ZE58P1xCAQ+1pvU4eealjFPsZLHC8jIDBw
zBg3ZQtrH+DYboy2Jg0f9alzkwRGdkxz5f2cRMeUgeZrugHyyvgAsSmKq7BrS+y1iFyUl1FoWTZR
RQdpcsjyCjfGkOPrmLTBpwSCAUBVEBnRdlK1/t8urgyCx7ijNflUTY5msGVKlPkvQ9L4anIGNWhd
kbj32joeb870dpzvl1j0WxiQyWRc1PheYBInsnRtYmWlXs2igirOGruV3/brpMn+0hpUVfxmQhLy
W0HZi6eyAm3HX9Q91A+5OIm4caAmIhN3ZfcnTh/lzuVRZqdHTgnoscONcU4xS13QDvAkaoebzaMx
VrsvZipOqiyUSRaZDoSOJYSmvPJnREUANtBxrAWztmWD+ewoxfLzOgEdTayR8WWGR7ReV40gbajp
guDBOf04iXjkY5yhhd3JuRfrY/ag32Lf/Y7zuzkU/0IRnTon/PKm8J11Fq1CgolLHClSN5Ozr7xk
n0ComISSwCZe+j5VwBw8TOS1uZtiDL2DyyAtWxHnqgw13WMVaEj25+AmaQR+N58CLEXYvMRY0AAA
AAAAAAAAAAA=

signed_encrypted (23,080 bytes)   
schmirl

schmirl

2019-05-05 20:34

reporter   ~0013562

I prepared a patch which adds support for opaque signed messages to SOGo.

schmirl

schmirl

2019-05-05 20:34

reporter  

SOGo-4.0.6-smime.patch (26,031 bytes)   
--- SOGo-4.0.6.orig/SoObjects/Mailer/NSData+SMIME.h	2019-02-21 16:11:07.000000000 +0100
+++ SOGo-4.0.6/SoObjects/Mailer/NSData+SMIME.h	2019-05-05 21:41:45.462408407 +0200
@@ -31,6 +31,8 @@
 - (NSData *) encryptUsingCertificate: (NSData *) theData;
 - (NSData *) decryptUsingCertificate: (NSData *) theData;
 - (NGMimeMessage *) messageFromEncryptedDataAndCertificate: (NSData *) theCertificate;
+- (NSData *) embeddedContent;
+- (NGMimeMessage *) messageFromOpaqueSignedData;
 - (NSData *) convertPKCS12ToPEMUsingPassword: (NSString *) thePassword;
 - (NSData *) convertPKCS7ToPEM;
 - (NSDictionary *) certificateDescription;
--- SOGo-4.0.6.orig/SoObjects/Mailer/NSData+SMIME.m	2019-02-21 16:11:07.000000000 +0100
+++ SOGo-4.0.6/SoObjects/Mailer/NSData+SMIME.m	2019-05-05 21:46:24.630420372 +0200
@@ -292,10 +292,86 @@
   NGMimeMessageParser *parser;
   NGMimeMessage *message;
   NSData *decryptedData; 
+  NGMimeType *contentType;
+  NSString *type, *subtype, *smimetype;
  
   decryptedData = [self decryptUsingCertificate: theCertificate];
   parser = [[NGMimeMessageParser alloc] init];
   message = [parser parsePartFromData: decryptedData];
+
+  // Extract contents if the encrypted messages contains opaque signed data
+  contentType = [message contentType];
+  type = [[contentType type] lowercaseString];
+  subtype = [[contentType subType] lowercaseString];
+  if ([type isEqualToString: @"application"])
+    {
+      if ([subtype isEqualToString: @"x-pkcs7-mime"] ||
+          [subtype isEqualToString: @"pkcs7-mime"])
+	{
+	  smimetype = [[contentType valueOfParameter: @"smime-type"] lowercaseString];
+	  if ([smimetype isEqualToString: @"signed-data"])
+	    {
+	      message = [decryptedData messageFromOpaqueSignedData];
+	    }
+	}
+    }
+
+  RELEASE(parser);
+
+  return message;
+}
+
+- (NSData *) embeddedContent
+{
+  NSData *output = NULL;
+
+  BIO *sbio, *obio;
+  BUF_MEM *bptr;
+  PKCS7 *p7 = NULL;
+  
+  sbio = BIO_new_mem_buf((void *)[self bytes], [self length]);
+
+  p7 = SMIME_read_PKCS7(sbio, NULL);
+
+  if (!p7)
+    {
+      NSLog(@"FATAL: could not read the signature");
+      goto cleanup;
+    }
+
+  // We output the S/MIME encrypted message
+  obio = BIO_new(BIO_s_mem());
+  
+  if (!PKCS7_verify(p7, NULL, NULL, NULL, obio, PKCS7_NOVERIFY|PKCS7_NOSIGS))
+    {
+      NSLog(@"FATAL: could not extract content");
+      goto cleanup;
+    }
+  
+  BIO_get_mem_ptr(obio, &bptr);
+  
+  output = [NSData dataWithBytes: bptr->data  length: bptr->length];
+
+ cleanup:
+  PKCS7_free(p7);
+  BIO_free(sbio);
+  BIO_free(obio);
+  
+  return output;
+}
+
+//
+//
+//
+- (NGMimeMessage *) messageFromOpaqueSignedData
+{
+  NGMimeMessageParser *parser;
+  NGMimeMessage *message;
+  NSData *extractedData; 
+ 
+  extractedData = [self embeddedContent];
+  parser = [[NGMimeMessageParser alloc] init];
+  message = [parser parsePartFromData: extractedData];
   RELEASE(parser);
 
   return message;
--- SOGo-4.0.6.orig/SoObjects/Mailer/SOGoDraftObject.m	2019-02-21 16:11:07.000000000 +0100
+++ SOGo-4.0.6/SoObjects/Mailer/SOGoDraftObject.m	2019-05-05 21:47:53.650424188 +0200
@@ -875,6 +875,18 @@
 //
 //
 //
+- (void) _fetchAttachmentsFromOpaqueSignedMail: (SOGoMailObject *) sourceMail
+{
+  NGMimeMessage *m;
+
+  m = [[sourceMail content] messageFromOpaqueSignedData];
+  [self _fileAttachmentsFromPart: [m body]];
+}
+
+
+//
+//
+//
 - (void) fetchMailForEditing: (SOGoMailObject *) sourceMail
 {
   NSString *subject, *msgid;
@@ -1007,6 +1019,8 @@
       [self setText: [sourceMail contentForInlineForward]];
       if ([sourceMail isEncrypted])
         [self _fetchAttachmentsFromEncryptedMail: sourceMail];
+      else if ([sourceMail isOpaqueSigned])
+        [self _fetchAttachmentsFromOpaqueSignedMail: sourceMail];
       else
         [self _fetchAttachmentsFromMail: sourceMail];
     }
--- SOGo-4.0.6.orig/SoObjects/Mailer/SOGoMailBodyPart.m	2019-02-21 16:11:07.000000000 +0100
+++ SOGo-4.0.6/SoObjects/Mailer/SOGoMailBodyPart.m	2019-05-05 21:58:43.746452051 +0200
@@ -210,6 +210,28 @@
                                                inContext: localContext];
       obj = [clazz objectWithName:key inContainer: self];
     }
+  else if ([o isOpaqueSigned])
+    {
+      NGMimeMessage *m;
+      id part;
+
+      int i;
+
+      m = [[o content] messageFromOpaqueSignedData];
+      part = [m body];
+
+      for (i = 0; i < [[self bodyPartPath] count]; i++)
+        {
+          nbr = [[[self bodyPartPath] objectAtIndex: i] intValue]-1;
+          part = [[part parts] objectAtIndex: nbr];;
+        }
+
+      part = [[part parts] objectAtIndex: ([key intValue]-1)];
+      mimeType = [[part contentType] stringValue];
+      clazz = [SOGoMailBodyPart bodyPartClassForMimeType: mimeType
+                                               inContext: localContext];
+      obj = [clazz objectWithName:key inContainer: self];
+    }
   else
     {
       infos = [self partInfo];
@@ -354,6 +376,24 @@
       part = [m body];
 
       for (i = 0; i < [[self bodyPartPath] count]; i++)
+        {
+          nbr = [[[self bodyPartPath] objectAtIndex: i] intValue]-1;
+          part = [[part parts] objectAtIndex: nbr];;
+        }
+
+      return [part body];
+    }
+  else if ([o isOpaqueSigned])
+    {
+      NGMimeMessage *m;
+      id part;
+
+      unsigned int i, nbr;
+
+      m = [[o content] messageFromOpaqueSignedData];
+      part = [m body];
+
+      for (i = 0; i < [[self bodyPartPath] count]; i++)
         {
           nbr = [[[self bodyPartPath] objectAtIndex: i] intValue]-1;
           part = [[part parts] objectAtIndex: nbr];;
--- SOGo-4.0.6.orig/SoObjects/Mailer/SOGoMailObject+Draft.m	2019-02-21 16:11:07.000000000 +0100
+++ SOGo-4.0.6/SoObjects/Mailer/SOGoMailObject+Draft.m	2019-05-05 21:48:46.038426433 +0200
@@ -238,6 +238,24 @@
   return nil;
 }
 
+
+//
+//
+//
+- (NSString *) _contentForEditingFromOpaqueSignedMail
+{
+  SOGoUserDefaults *ud;
+  NGMimeMessage *m;
+
+  m = [[self content] messageFromOpaqueSignedData];
+  ud = [[context activeUser] userDefaults];
+
+  return [self _preferredContentFromPart: [m body]
+                               favorHTML: [[ud mailComposeMessageType] isEqualToString: @"html"]];
+
+  return nil;
+}
+
 //
 //
 //
@@ -250,6 +268,8 @@
 
   if ([self isEncrypted])
     output = [self _contentForEditingFromEncryptedMail];
+  else if ([self isOpaqueSigned])
+    output = [self _contentForEditingFromOpaqueSignedMail];
 
   // If not encrypted or if decryption failed, we fallback
   // to the normal content fetching code.
--- SOGo-4.0.6.orig/SoObjects/Mailer/SOGoMailObject.h	2019-02-21 16:11:07.000000000 +0100
+++ SOGo-4.0.6/SoObjects/Mailer/SOGoMailObject.h	2019-05-05 21:41:45.462408407 +0200
@@ -124,7 +124,8 @@
 - (BOOL) replied;     /* \Answered */
 - (BOOL) forwarded;   /* $forwarded */
 - (BOOL) deleted;     /* \Deleted */
-- (BOOL) isSigned;    /* S/MIME signed message */
+- (BOOL) isSigned;       /* S/MIME signed message (detached signature) */
+- (BOOL) isOpaqueSigned; /* S/MIME signed message (embedded content) */
 - (BOOL) isEncrypted; /* S/MIME encrypted message */
 
 /* deletion */
--- SOGo-4.0.6.orig/SoObjects/Mailer/SOGoMailObject.m	2019-02-21 16:11:07.000000000 +0100
+++ SOGo-4.0.6/SoObjects/Mailer/SOGoMailObject.m	2019-05-05 21:50:58.394432106 +0200
@@ -1201,6 +1201,19 @@
           return [clazz objectWithName:_key inContainer: self];
         }
     }
+  else if ([self isOpaqueSigned])
+    {
+      NGMimeMessage *m;
+      id part;
+
+      m = [[self content] messageFromOpaqueSignedData];
+
+      part = [[[m body] parts] objectAtIndex: ([_key intValue]-1)];
+      mimeType = [[part contentType] stringValue];
+      clazz = [SOGoMailBodyPart bodyPartClassForMimeType: mimeType
+                                               inContext: _ctx];
+      return [clazz objectWithName:_key inContainer: self];
+    }
 
   parts = [[self bodyStructure] objectForKey: @"parts"];
 
@@ -1738,18 +1751,47 @@
            [protocol isEqualToString: @"application/pkcs7-signature"]));
 }
 
+- (BOOL) isOpaqueSigned
+{
+  NSString *type, *subtype, *smimetype;
+  NGMimeType *contentType;
+
+  contentType = [[self mailHeaders] objectForKey: @"content-type"];
+  type = [[contentType type] lowercaseString];
+  subtype = [[contentType subType] lowercaseString];
+
+  if ([type isEqualToString: @"application"])
+    {
+      if ([subtype isEqualToString: @"x-pkcs7-mime"] ||
+          [subtype isEqualToString: @"pkcs7-mime"])
+        {
+          smimetype = [[contentType valueOfParameter: @"smime-type"] lowercaseString];
+          if ([smimetype isEqualToString: @"signed-data"])
+              return YES;
+        }
+    }
+
+  return NO;
+}
+
 - (BOOL) isEncrypted
 {
-  NSString *type, *subtype;
+  NSString *type, *subtype, *smimetype;
+  NGMimeType *contentType;
 
-  type = [[[[self mailHeaders] objectForKey: @"content-type"] type] lowercaseString];
-  subtype = [[[[self mailHeaders] objectForKey: @"content-type"] subType] lowercaseString];
+  contentType = [[self mailHeaders] objectForKey: @"content-type"];
+  type = [[contentType type] lowercaseString];
+  subtype = [[contentType subType] lowercaseString];
 
   if ([type isEqualToString: @"application"])
     {
       if ([subtype isEqualToString: @"x-pkcs7-mime"] ||
           [subtype isEqualToString: @"pkcs7-mime"])
-        return YES;
+        {
+          smimetype = [[contentType valueOfParameter: @"smime-type"] lowercaseString];
+          if ([smimetype isEqualToString: @"enveloped-data"])
+              return YES;
+        }
     }
 
   return NO;
--- SOGo-4.0.6.orig/UI/MailPartViewers/UIxMailRenderingContext.m	2019-02-21 16:11:07.000000000 +0100
+++ SOGo-4.0.6/UI/MailPartViewers/UIxMailRenderingContext.m	2019-05-05 21:52:06.986435046 +0200
@@ -256,10 +256,18 @@
       if ([st isEqualToString: @"x-pkcs7-mime"] ||
           [st isEqualToString: @"pkcs7-mime"])
         {
-          // If the mail account has a valid certificate, we try to decode
-          // the encrypted email. Otherwise, we fallback to a link viewer
-          if ([[[viewer clientObject] mailAccountFolder] certificate])
-            return [self encryptedViewer];
+          NSString *smt = [[[_info objectForKey:@"parameterList"] valueForKey:@"smime-type"] lowercaseString];
+          if ([smt isEqualToString:@"signed-data"])
+            {
+              return [self encryptedViewer];
+            }
+          else if ([smt isEqualToString:@"enveloped-data"])
+            {
+              // If the mail account has a valid certificate, we try to decode
+              // the encrypted email. Otherwise, we fallback to a link viewer
+              if ([[[viewer clientObject] mailAccountFolder] certificate])
+                return [self encryptedViewer];
+            }
         }
 
 #if 0 /* the link viewer looks better than plain text ;-) */
--- SOGo-4.0.6.orig/UI/WebServerResources/js/Mailer/Message.service.js	2019-02-21 16:11:07.000000000 +0100
+++ SOGo-4.0.6/UI/WebServerResources/js/Mailer/Message.service.js	2019-05-05 21:41:45.466408407 +0200
@@ -321,13 +321,22 @@
               };
             }
             else if (part.type == 'UIxMailPartEncryptedViewer') {
-              _this.encrypted = {
-                valid: part.valid
-              };
-              if (part.valid)
-                _this.encrypted.message = l("This message is encrypted");
-              else
-                _this.encrypted.message = l("This message can't be decrypted. Please make sure you have uploaded your S/MIME certificate from the mail preferences module.");
+              if (part.encrypted) {
+                _this.encrypted = {
+                  valid: part.decrypted
+                };
+                if (part.decrypted)
+                  _this.encrypted.message = l("This message is encrypted");
+                else
+                  _this.encrypted.message = l("This message can't be decrypted. Please make sure you have uploaded your S/MIME certificate from the mail preferences module.");
+              }
+              if (part.opaqueSigned) {
+                _this.signed = {
+                  valid: part.valid,
+                  certificate: part.certificates[part.certificates.length - 1],
+                  message: part.message
+                };
+              }
             }
             _.forEach(part.content, function(mixedPart) {
               _visit(mixedPart);
--- SOGo-4.0.6.orig/UI/MailPartViewers/UIxMailPartEncryptedViewer.h	2019-02-21 16:11:07.000000000 +0100
+++ SOGo-4.0.6/UI/MailPartViewers/UIxMailPartEncryptedViewer.h	2019-05-05 21:41:45.466408407 +0200
@@ -28,8 +28,20 @@
 
 @interface UIxMailPartEncryptedViewer : UIxMailPartViewer
 {
+  BOOL processed;
+  BOOL encrypted;
+  BOOL opaqueSigned;
+  BOOL validSignature;
+  NSMutableArray *certificates;
+  NSString *validationMessage;
 }
 
+- (BOOL) validSignature;
+- (NSString *) validationMessage;
+- (NSArray *) smimeCertificates;
+- (NSDictionary *) certificateForSubject: (NSString *) subject
+                               andIssuer: (NSString *) issuer;
+
 @end
 
 #endif /* UIXMAILPARTENCRYPTEDVIEWER_H */
--- SOGo-4.0.6.orig/UI/MailPartViewers/UIxMailPartEncryptedViewer.m	2019-02-21 16:11:07.000000000 +0100
+++ SOGo-4.0.6/UI/MailPartViewers/UIxMailPartEncryptedViewer.m	2019-05-05 21:55:08.426442823 +0200
@@ -19,6 +19,14 @@
   02111-1307, USA.
 */
 
+#if defined(HAVE_OPENSSL) || defined(HAVE_GNUTLS)
+#include <openssl/ssl.h>
+#include <openssl/bio.h>
+#include <openssl/err.h>
+#include <openssl/pkcs7.h>
+#include <openssl/x509.h>
+#endif
+
 #import <Foundation/NSDictionary.h>
 #import <Foundation/NSNull.h>
 #import <Foundation/NSValue.h>
@@ -36,11 +44,222 @@
 #import <SoObjects/Mailer/SOGoMailObject.h>
 #import <UI/MailerUI/WOContext+UIxMailer.h>
 
+#import <SOGo/NSString+Utilities.h>
+
 #import "UIxMailRenderingContext.h"
 #import "UIxMailPartEncryptedViewer.h"
 
 @implementation UIxMailPartEncryptedViewer
 
+#if defined(HAVE_OPENSSL) || defined(HAVE_GNUTLS)
+- (X509_STORE *) _setupVerify
+{
+  X509_STORE *store;
+  X509_LOOKUP *lookup;
+  BOOL success;
+
+  success = NO;
+
+  store = X509_STORE_new();
+  OpenSSL_add_all_algorithms();
+
+  if (store)
+    {
+      lookup = X509_STORE_add_lookup(store, X509_LOOKUP_file());
+      if (lookup)
+        {
+          X509_LOOKUP_load_file(lookup, NULL, X509_FILETYPE_DEFAULT);
+          lookup = X509_STORE_add_lookup(store, X509_LOOKUP_hash_dir());
+          if (lookup)
+            {
+              X509_LOOKUP_add_dir(lookup, NULL, X509_FILETYPE_DEFAULT);
+              ERR_clear_error();
+              success = YES;
+            }
+        }
+    }
+
+  if (!success)
+    {
+      if (store)
+        {
+          X509_STORE_free(store);
+          store = NULL;
+        }
+    }
+
+  return store;
+}
+
+- (NSData *) _processMessageWith: (NSData *) signedData
+{
+  NSData *output;
+
+  STACK_OF(X509) *certs;
+  X509_STORE *x509Store;
+  BIO *msgBio, *obio;
+  PKCS7 *p7;
+  int err, i;
+ 
+  ERR_clear_error();
+
+  msgBio = BIO_new_mem_buf ((void *) [signedData bytes], [signedData length]);
+
+  p7 = SMIME_read_PKCS7(msgBio, NULL);
+
+  certs = NULL;
+  certificates = [NSMutableArray array];
+  validationMessage = nil;
+
+  if (p7)
+    {
+      if (OBJ_obj2nid(p7->type) == NID_pkcs7_signed)
+	{
+          NSString *subject, *issuer;
+	  X509 *x;
+	  
+	  certs = p7->d.sign->cert;
+
+          for (i = 0; i < sk_X509_num(certs); i++)
+            {
+	      BIO *buf;
+	      char p[1024];
+
+	      x = sk_X509_value(certs, i);
+
+	      memset(p, 0, 1024);
+	      buf = BIO_new(BIO_s_mem());
+	      X509_NAME_print_ex(buf, X509_get_subject_name(x), 0,
+                                 ASN1_STRFLGS_ESC_CTRL | XN_FLAG_SEP_MULTILINE | XN_FLAG_FN_LN);
+              BIO_read(buf, p, 1024);
+	      subject = [NSString stringWithUTF8String: p];
+	      BIO_free(buf);
+
+	      memset(p, 0, 1024);
+	      buf = BIO_new(BIO_s_mem());
+	      X509_NAME_print_ex(buf, X509_get_issuer_name(x), 0,
+                                 ASN1_STRFLGS_ESC_CTRL | XN_FLAG_SEP_MULTILINE | XN_FLAG_FN_LN);
+	      BIO_read(buf, p, 1024);
+	      issuer = [NSString stringWithUTF8String: p];
+	      BIO_free(buf);
+
+              [certificates addObject: [self certificateForSubject: subject
+                                                         andIssuer: issuer]];
+	    }
+	}
+      
+      err = ERR_get_error();
+      if (err)
+	{
+	  validSignature = NO;
+	}
+      else
+	{
+	  x509Store = [self _setupVerify];
+          obio = BIO_new(BIO_s_mem());
+
+	  validSignature = (PKCS7_verify(p7, NULL, x509Store, NULL,
+					 obio, 0) == 1);
+	  
+	  err = ERR_get_error();
+	  
+	  if (x509Store)
+	    X509_STORE_free (x509Store);
+	}
+
+      if (err)
+        {
+#ifdef HAVE_GNUTLS
+          const char* sslError;
+	  ERR_load_crypto_strings();
+          SSL_load_error_strings();
+          sslError = ERR_reason_error_string(err);
+          validationMessage = [[self labelForKey: [NSString stringWithUTF8String: sslError ? sslError : @"No error information available"]] retain];
+#elif OPENSSL_VERSION_NUMBER < 0x10100000L
+          const char* sslError;
+	  ERR_load_crypto_strings();
+          SSL_load_error_strings();
+          sslError = ERR_reason_error_string(err);
+          validationMessage = [[self labelForKey: [NSString stringWithUTF8String: sslError ? sslError : @"No error information available"]] retain];
+#else
+	  validationMessage = [[self labelForKey: @"No error information available"] retain];
+#endif /* HAVE_GNUTLS */
+
+           BUF_MEM *bptr; //DEL
+           BIO_get_mem_ptr(obio, &bptr); //DEL
+          // extract contents without validation
+          output = [ signedData embeddedContent ];
+        }
+      else
+        {
+           BUF_MEM *bptr;
+           BIO_get_mem_ptr(obio, &bptr);
+           output = [NSData dataWithBytes: bptr->data  length: bptr->length];
+        }
+    }
+
+  PKCS7_free(p7);
+  BIO_free (msgBio);
+  BIO_free (obio);
+  
+  if (validSignature)
+    validationMessage = [NSString stringWithString: [self labelForKey: @"Message is signed"]];
+  else if (!validationMessage)
+    validationMessage = [NSString stringWithString: [self labelForKey: @"Digital signature is not valid"]];
+
+  processed = YES;
+  opaqueSigned = YES;
+  return output;
+}
+
+- (BOOL) validSignature
+{
+  if (!processed)
+    NSLog(@"ERROR: validSignature called but not processed yet");
+    //[self _processMessage];
+
+  return validSignature;
+}
+
+- (NSDictionary *) certificateForSubject: (NSString *) subject
+                               andIssuer: (NSString *) issuer
+{
+  return [NSDictionary dictionaryWithObjectsAndKeys:
+                              [subject componentsFromMultilineDN], @"subject",
+                              [issuer componentsFromMultilineDN], @"issuer",
+                       nil];
+}
+
+- (NSArray *) smimeCertificates
+{
+  return certificates;
+}
+
+- (NSString *) validationMessage
+{
+  if (!processed)
+    NSLog(@"ERROR: validationMessage called but not processed yet");
+    //[self _processMessage];
+
+  return validationMessage;
+}
+#else
+- (NSArray *) smimeCertificates
+{
+  return nil;
+}
+
+- (BOOL) validSignature
+{
+  return NO;
+}
+
+- (NSString *) validationMessage
+{
+  return nil;
+}
+#endif
+
 - (void) _attachmentIdsFromBodyPart: (id) thePart
                            partPath: (NSString *) thePartPath
 {
@@ -91,26 +310,107 @@
 
 - (id) renderedPart
 {
+  SOGoMailObject *mailObject;
   NSData *certificate, *decryptedData, *encryptedData;
   id info, viewer;
 
-  certificate = [[[self clientObject] mailAccountFolder] certificate];
-  encryptedData = [[self clientObject] content];
-  decryptedData = [encryptedData decryptUsingCertificate: certificate];
+  mailObject = [[self clientObject] mailObject];
+  if ([mailObject isEncrypted])
+    {
+      encrypted = YES;
+      certificate = [[[self clientObject] mailAccountFolder] certificate];
+      encryptedData = [[self clientObject] content];
+      decryptedData = [encryptedData decryptUsingCertificate: certificate];
 
-  if (decryptedData)
+      if (decryptedData)
+        {
+          NGMimeMessageParser *parser;
+          NGMimeMessage *message;
+          NGMimeType *contentType;
+          NSString *type, *subtype, *smimetype;
+          id part;
+
+          parser = [[NGMimeMessageParser alloc] init];
+          message = [parser parsePartFromData: decryptedData];
+
+          // Extract contents if the encrypted messages contains opaque signed data
+          contentType = [message contentType];
+          type = [[contentType type] lowercaseString];
+          subtype = [[contentType subType] lowercaseString];
+          if ([type isEqualToString: @"application"])
+            {
+              if ([subtype isEqualToString: @"x-pkcs7-mime"] ||
+                  [subtype isEqualToString: @"pkcs7-mime"])
+                {
+                  smimetype = [[contentType valueOfParameter: @"smime-type"] lowercaseString];
+                  if ([smimetype isEqualToString: @"signed-data"])
+                    {
+                      NGMimeMessageParser *parser;
+                      opaqueSigned = YES;
+                      NSData *extractedData = [self _processMessageWith: decryptedData];
+                      if (extractedData)
+                        {
+                          parser = [[NGMimeMessageParser alloc] init];
+                          message = [parser parsePartFromData: extractedData];
+                          decryptedData = extractedData;
+                          RELEASE(parser);
+                        }
+                    }
+                }
+            }
+
+          processed = YES;
+	  part = [message retain];
+
+          info = [NSDictionary dictionaryWithObjectsAndKeys: [[part contentType] type], @"type",
+                               [[part contentType] subType], @"subtype",
+                               [[part contentType] parametersAsDictionary], @"parameterList", nil];
+          viewer = [[[self context] mailRenderingContext] viewerForBodyInfo: info];
+          [viewer setBodyInfo: info];
+          [viewer setFlatContent: decryptedData];
+          [viewer setDecodedContent: [part body]];
+
+          // attachmentIds is empty in an ecrypted email as the IMAP body structure
+          // is of course not available for file attachments
+          [self _attachmentIdsFromBodyPart: [part body]  partPath: @""];
+          [viewer setAttachmentIds: attachmentIds];
+
+          return [NSDictionary dictionaryWithObjectsAndKeys:
+                                     [self className], @"type",
+                                   [NSNumber numberWithBool: YES], @"encrypted",
+                                   [NSNumber numberWithBool: YES], @"decrypted",
+                                   [NSNumber numberWithBool: opaqueSigned], @"opaqueSigned",
+                                   [NSNumber numberWithBool: [self validSignature]], @"valid",
+                                   [NSArray arrayWithObject: [viewer renderedPart]], @"content",
+                                   [self smimeCertificates], @"certificates",
+                                   [self validationMessage], @"message",
+                               nil];
+        }
+    }
+  else if ([mailObject isOpaqueSigned])
     {
       NGMimeMessageParser *parser;
+      NGMimeMessage *message;
       id part;
+      opaqueSigned = YES;
+      encryptedData = [[self clientObject] content];
+      NSData *extractedData = [self _processMessageWith: encryptedData];
+      if (extractedData)
+        {
+          parser = [[NGMimeMessageParser alloc] init];
+          message = [parser parsePartFromData: extractedData];
+          RELEASE(parser);
+        }
 
-      parser = [[NGMimeMessageParser alloc] init];
-      part = [[parser parsePartFromData: decryptedData] retain];
+      processed = YES;
+      part = [message retain];
 
       info = [NSDictionary dictionaryWithObjectsAndKeys: [[part contentType] type], @"type",
-                           [[part contentType] subType], @"subtype", nil];
+                           [[part contentType] subType], @"subtype",
+                           [[part contentType] parametersAsDictionary], @"parameterList", nil];
       viewer = [[[self context] mailRenderingContext] viewerForBodyInfo: info];
       [viewer setBodyInfo: info];
-      [viewer setFlatContent: decryptedData];
+      [viewer setFlatContent: extractedData];
       [viewer setDecodedContent: [part body]];
 
       // attachmentIds is empty in an ecrypted email as the IMAP body structure
@@ -120,8 +420,12 @@
 
       return [NSDictionary dictionaryWithObjectsAndKeys:
                                  [self className], @"type",
-                               [NSNumber numberWithBool: YES], @"valid",
+                               [NSNumber numberWithBool: NO], @"encrypted",
+                               [NSNumber numberWithBool: YES], @"opaqueSigned",
+                               [NSNumber numberWithBool: [self validSignature]], @"valid",
                                [NSArray arrayWithObject: [viewer renderedPart]], @"content",
+                               [self smimeCertificates], @"certificates",
+                               [self validationMessage], @"message",
                            nil];
     }
 
@@ -129,7 +433,9 @@
   // Decryption failed, let's return something else...
   return [NSDictionary dictionaryWithObjectsAndKeys:
                          [self className], @"type",
-                           [NSNumber numberWithBool: NO], @"valid",
+                       [NSNumber numberWithBool: encrypted], @"encrypted",
+                       [NSNumber numberWithBool: NO], @"decrypted",
+                       [NSNumber numberWithBool: NO], @"opaqueSigned",
                        [NSArray array], @"content",
                        nil];
 }
SOGo-4.0.6-smime.patch (26,031 bytes)   

Related Changesets

sogo: master 676d2e67

2019-08-19 10:37

ludovic


Details Diff
(feat) added support for S/MIME opaque signing (fixes 0004582) Affected Issues
0004582
mod - NEWS Diff File
mod - SOPE/GDLContentStore/GCSFolder.m Diff File
mod - SoObjects/Mailer/NSData+SMIME.h Diff File
mod - SoObjects/Mailer/NSData+SMIME.m Diff File
mod - SoObjects/Mailer/SOGoDraftObject.m Diff File
mod - SoObjects/Mailer/SOGoMailBaseObject.m Diff File
mod - SoObjects/Mailer/SOGoMailBodyPart.m Diff File
mod - SoObjects/Mailer/SOGoMailObject+Draft.m Diff File
mod - SoObjects/Mailer/SOGoMailObject.h Diff File
mod - SoObjects/Mailer/SOGoMailObject.m Diff File
mod - UI/MailPartViewers/UIxMailPartEncryptedViewer.h Diff File
mod - UI/MailPartViewers/UIxMailPartEncryptedViewer.m Diff File
mod - UI/MailPartViewers/UIxMailRenderingContext.m Diff File
mod - UI/MailerUI/UIxMailView.m Diff File
mod - UI/WebServerResources/js/Mailer/Message.service.js Diff File

Issue History

Date Modified Username Field Change
2018-10-26 09:02 Elektor New Issue
2019-02-19 18:31 ludovic Severity major => minor
2019-02-19 18:32 ludovic Note Added: 0013390
2019-02-20 09:28 schmirl Note Added: 0013401
2019-02-20 09:29 schmirl File Added: detached.msg
2019-02-20 09:29 schmirl File Added: opaque.msg
2019-02-22 09:12 Elektor Note Added: 0013413
2019-02-22 09:12 Elektor File Added: encrypted
2019-02-22 09:12 Elektor File Added: signed
2019-02-22 09:12 Elektor File Added: signed_encrypted
2019-05-05 20:34 schmirl Note Added: 0013562
2019-05-05 20:34 schmirl File Added: SOGo-4.0.6-smime.patch
2019-08-19 14:41 ludovic Changeset attached => sogo master 676d2e67
2019-08-19 14:41 ludovic Assigned To => ludovic
2019-08-19 14:41 ludovic Resolution open => fixed
2019-08-19 14:41 ludovic Status new => resolved
2019-08-19 14:41 ludovic Fixed in Version => 4.1.0