Pretty Good PrivacyPretty Good Privacy““To PGP or not to PGPTo PGP or not to PGP?? “ “

PPhil Zimmermannhil Zimmermann

What are we going to What are we going to do ?do ?

Background & ConceptBackground & Concept– Why Is PGP Popular?Why Is PGP Popular?– PGP’s algorithmsPGP’s algorithms

Operational DescriptionOperational Description– Inside look on operationsInside look on operations

Key ManagementKey Management– The problem & SolutionThe problem & Solution

Web Of TrustWeb Of Trust

Pretty Good PrivacyPretty Good Privacy

First released in First released in 19911991, developed by , developed by Phil ZimmermanPhil Zimmerman, , provoked export control and patent infringement provoked export control and patent infringement controversy.controversy.

PGP PGP provides a provides a confidentiality confidentiality andand authentication authentication service service

- can be used for - can be used for electronic mailelectronic mail and and file storagefile storage applications.applications.

Available as Available as plug-in for popular e-mail clientsplug-in for popular e-mail clients, can also , can also be used as stand-alone software.be used as stand-alone software.

- microsoft exchange- microsoft exchange - outlook- outlook

Why Is PGP PopularWhy Is PGP Popular??

Based on Based on well knowwell knownn algorithms algorithms - - “The main idea”“The main idea”– These algorithm have survived extensive public review and are These algorithm have survived extensive public review and are

considered extremely secure.considered extremely secure.– Integrated these algorithms into a general-purpose applicationIntegrated these algorithms into a general-purpose application

It is availiable free on a It is availiable free on a variety of platformsvariety of platforms (Windows, UNIX, Macintosh, etc.)(Windows, UNIX, Macintosh, etc.)– Open and free code.Open and free code.

Wide range of applicabilityWide range of applicability from corporations that from corporations that wish to select and enforce a standerized secure to wish to select and enforce a standerized secure to individualsindividuals

IndependentIndependent – meaning Not developed or controlled – meaning Not developed or controlled by governmental or standards organizationsby governmental or standards organizations

- - Based on mutual trust between clientsBased on mutual trust between clients

Operational Operational DescriptionDescription

Actual operations of PGP consist of Actual operations of PGP consist of five services:five services:

• AuthenticationAuthentication – DSS/SHADSS/SHA or or RSA/SHARSA/SHA

• ConfidentialityConfidentiality – CASTCAST or or IDEAIDEA or or RSARSA oror 3DES3DES

• CompressionCompression – A message may be compressed, for storage or transmission A message may be compressed, for storage or transmission

using using ZIPZIP

• E-mail compatibilityE-mail compatibility– To provide transparency for e-mail applications, an encrypted To provide transparency for e-mail applications, an encrypted

message message may be converted to an ASCII using may be converted to an ASCII using Radix-64Radix-64

• SegmentationSegmentation– To accommodate maximum message size limitations.To accommodate maximum message size limitations.

Authentication/Digital Authentication/Digital SignatureSignature Sender Sender creates a messagecreates a message Sender Sender generates a hash code of the messagegenerates a hash code of the message - uses - uses SHA-1SHA-1 algorithm in order to generates 160-bit hash algorithm in order to generates 160-bit hash

codecode Hash code encryptedHash code encrypted with with RSARSA (sender’s private key) (sender’s private key) - the result is prepended to the message- the result is prepended to the message Receiver Receiver recover the hash coderecover the hash code - uses RSA with the sender’s public key - uses RSA with the sender’s public key Receiver Receiver generates new hash codegenerates new hash code of the message and of the message and

comparescompares the two codes. the two codes.If the two match, the message is accepted as authentic.If the two match, the message is accepted as authentic.

Note:Note: - PGP - PGP only encryptes the hash-codeonly encryptes the hash-code of the message: of the message: more efficient in more efficient in running timerunning time and in and in transfer timetransfer time

AuthenticationAuthentication/Digital /Digital signaturesignature

MessageM

H EP | |

Private keyKRa

ZIP UNZIPDP

Compare

H

MessageM

Source A Destination B

Public keyKRb

PGP Signed MessagePGP Signed Message

-----BEGIN PGP SIGNED MESSAGE----------BEGIN PGP SIGNED MESSAGE-----Hash: SHA1Hash: SHA1This is simply the text of the message. This is simply the text of the message. It has not been encrypted, simply signedIt has not been encrypted, simply signed

-----BEGIN PGP SIGNATURE----------BEGIN PGP SIGNATURE-----Version: Version: PGPfreeware 6.5.3 for non-commercial PGPfreeware 6.5.3 for non-commercial

use <http://www.pgp.com> use <http://www.pgp.com>

iEYEARECAAYFAj5Ha6AACgkQ99/iEYEARECAAYFAj5Ha6AACgkQ99/KQPj2cRNHsQCffKf64LwWQMfRIiKUfs6QrokB7tKQPj2cRNHsQCffKf64LwWQMfRIiKUfs6QrokB7twAnR5gDobzGapPgyLKQ0gLklj1WIIp=gXadwAnR5gDobzGapPgyLKQ0gLklj1WIIp=gXad

-----END PGP SIGNATURE----------END PGP SIGNATURE-----

Confidentiality/Confidentiality/EncryptionEncryption

Sender generates Sender generates messagemessage and also a and also a session keysession key - The session key is a random 128-bit number to be used as a session - The session key is a random 128-bit number to be used as a session key key for this message onlyfor this message only

Sender Sender encryptes the messageencryptes the message - - Uses CAST-128 (IDEA or 3DES) algorithm Uses CAST-128 (IDEA or 3DES) algorithm with the session keywith the session key Sender Sender encryptes the Session keyencryptes the Session key with RSA and prepended to the with RSA and prepended to the

messagemessage Receiver Receiver decrypt the session keydecrypt the session key

- uses RSA with its private key- uses RSA with its private key Receiver Receiver decrypt the messagedecrypt the message with the Session key with the Session key Note:Note: - PGP - PGP does not simply using RSAdoes not simply using RSA to encrypt the message directly. to encrypt the message directly. - Using CAST128 - Using CAST128 force us to share a keyforce us to share a key - using public-key algorithm solves the session key - using public-key algorithm solves the session key distrinution problem.distrinution problem. - Given - Given “Store-and-forward”“Store-and-forward” nature of e-mail, the use of handshaking to assure that both nature of e-mail, the use of handshaking to assure that both sides have the same session key is not practical.sides have the same session key is not practical. - The use of on-time conventional keys - The use of on-time conventional keys strengthens what is already a strongstrengthens what is already a strong conventional conventional encryption approach. only a small amount of plaintext is encrypted with each key and encryption approach. only a small amount of plaintext is encrypted with each key and there is no relationship among keys.there is no relationship among keys.

ConfidentialityConfidentiality//EncryptionEncryption

Public keyKUb

MessageM

Session keyKs

EC

EP

| |ZIPMessage

MDC

Session keyKs

DP

Private keyKRb

MessageM

UNZIP

Source A Destination B

Confidentiality Confidentiality & & AuthenticationAuthentication

MH EP | |

Private keyKRa

ZIP

Public keyKUb

EC

EP

| |DC

Session keyKs

DP

Private keyKRb

MUNZIP

Session keyKs DP

Compare

HM

Public keyKRb

Source A Destination B

•PGP PGP first signs the message and then encrypts it:first signs the message and then encrypts it: - more convenient to store a signature with a plaintext version of a - more convenient to store a signature with a plaintext version of a

messagemessage - for purposes of third party verification- for purposes of third party verification

CompressionCompression

Saving spaceSaving space both for e-mail transmission and for file storage both for e-mail transmission and for file storage PGP uses ZIP to compress the messagePGP uses ZIP to compress the message

PGP compress the message PGP compress the message afterafter applying the signature but applying the signature but beforebefore message encryption: message encryption:

SignatureSignature ZipZip EncryptionEncryption• One One can store only the uncompressedcan store only the uncompressed message with the signature for message with the signature for

future verification. In case the order was opposite:future verification. In case the order was opposite: - it would be necessary either to store a compressed version of the message or to- it would be necessary either to store a compressed version of the message or to recompress the message each time when verification is requiredrecompress the message each time when verification is required• Compression algorithms are differentCompression algorithms are different – the algorithm is not deterministic. – the algorithm is not deterministic. - sign after compress will would constrain all PGP implementations to the same- sign after compress will would constrain all PGP implementations to the same compression algorithmcompression algorithm• Encryption is applied after compression to Encryption is applied after compression to strengthen cryptographic strengthen cryptographic

securitysecurity - compressed message has less redundancy than original plaintext- compressed message has less redundancy than original plaintext

Example of ZIP (LZ77) Example of ZIP (LZ77) SchemeScheme

The brown fox jumped over the brown foxy jumping frog

The brown fox jumped over 0b26d13d y 0b27d5ding frog

13 5

26

27

•The main assumptionThe main assumption is that words and phrases within a text is that words and phrases within a text stream (image patterns I the case of GIF) are stream (image patterns I the case of GIF) are likely to be repeatedlikely to be repeated• When a repetition occurs, When a repetition occurs, the repeated sequence can be replaced by a short onethe repeated sequence can be replaced by a short one• Over time, Over time, codes are reusedcodes are reused to capture new sequencesto capture new sequences

E-mail CompatibilityE-mail Compatibility

When PGP is used, At least part of the block to When PGP is used, At least part of the block to be transmitted is encryptedbe transmitted is encrypted– The resulting block will consist of a The resulting block will consist of a stream of arbitraty 8-bit octetsstream of arbitraty 8-bit octets– Many electronic mail systems only permit the use of blocks consisting Many electronic mail systems only permit the use of blocks consisting

of of ASCII textASCII text

To provide transparency for e-mail applications, To provide transparency for e-mail applications, an encrypted message may be converted to an an encrypted message may be converted to an ASCII string using ASCII string using radix 64radix 64 conversion conversion

The use of Radix-64 expands a message The use of Radix-64 expands a message by 33%by 33% - In fact, the compression should be more than enough to compensate- In fact, the compression should be more than enough to compensate for the radix-64 expansionfor the radix-64 expansion

Encoding Binary Encoding Binary Data into Radix-64 Data into Radix-64 FormatFormat

The scheme used is radix-64 conversion, which expands The scheme used is radix-64 conversion, which expands the message by 33%.the message by 33%.

Radix-64 blindly convertsRadix-64 blindly converts the input stream to radix-64 the input stream to radix-64 format regardless of content, even if the input happens to format regardless of content, even if the input happens to be ASCII text.be ASCII text.

- - certain level of confidentialitycertain level of confidentiality - if the message is signed - if the message is signed but not encrypted, the output will be unreadable to the but not encrypted, the output will be unreadable to the casual observer casual observer

Segmentation and Segmentation and ReassemblyReassembly

E-mail facilities are often restricted to a E-mail facilities are often restricted to a maximum message lengthmaximum message length

- for example 50,000 octets.- for example 50,000 octets.

Longer messages must be broken up into segments, Longer messages must be broken up into segments, which will be mailed separately.which will be mailed separately.

PGP automatically subdivides a messagePGP automatically subdivides a message that is that is too large into segments that are small enough too large into segments that are small enough to send via e-mail.to send via e-mail.

The segmentation is done The segmentation is done after all of the other after all of the other processing,processing, including the Raidx-64 conversion. including the Raidx-64 conversion.

- thus, the session key component and signature component appear - thus, the session key component and signature component appear only onceonly once

The receiver strips off all e-mail headersThe receiver strips off all e-mail headers and and reassemble the block.reassemble the block.

Key RequirementsKey Requirements

PGP PGP makes use of four types of keys:makes use of four types of keys: - one-time session conventional keys, public keys, private keys ,- one-time session conventional keys, public keys, private keys , passphrase-based conventional keyspassphrase-based conventional keys Three seperate requirements:Three seperate requirements:

A means of A means of generating unpredictable session keysgenerating unpredictable session keys is is neededneeded

Any user may have Any user may have multiple public-key/private-keymultiple public-key/private-key pairs pairs - may wish to - may wish to change his keychange his key pair from time to time pair from time to time - in order to - in order to interact with different groupsinteract with different groups - simply to - simply to enhance securityenhance security by limiting tha anount material encrypted with any by limiting tha anount material encrypted with any

one keyone key some means is needed for identifying particular keyssome means is needed for identifying particular keys

Each PGP entity Each PGP entity must maintain data basemust maintain data base of: of: - a file of- a file of its own key pairs its own key pairs - a file of - a file of public keys of correspondentspublic keys of correspondents

Session Key Session Key GenerationGeneration

The Problem :The Problem : generating unpredictable session keysgenerating unpredictable session keys Session keys are generatedSession keys are generated using CAST-128 itself:using CAST-128 itself:

– This is a PGP specific random number generation This is a PGP specific random number generation techniquetechnique

– getting as input:getting as input: two 64-bit blockstwo 64-bit blocks that are treated that are treated as plaintextas plaintext to be encrypted. to be encrypted.

- based on keystroke stream generated by the user - based on keystroke stream generated by the user 128-bit key128-bit key

- random input that also combined with previous session key- random input that also combined with previous session key output from CAST-128.output from CAST-128.

The result, scrambling of CAST-128, is to produceThe result, scrambling of CAST-128, is to produce a sequence of session keys that is effectively unpredictablea sequence of session keys that is effectively unpredictable

Key IdentifiersKey Identifiers

The Problem:The Problem: user may have multiple public- user may have multiple public-key/private-key pairs key/private-key pairs

One simple solutionOne simple solution would be to transmit the public would be to transmit the public key with the message.key with the message.- Would work but an RSA key may be three hundreds ofWould work but an RSA key may be three hundreds of

decimal digits in length (1024 bits)decimal digits in length (1024 bits) PGP solutionPGP solution associate a associate a short identifiershort identifier with each with each

public key that is unique.public key that is unique. then only the much shorter key ID would need then only the much shorter key ID would need

to beto be transmitted.transmitted. The key ID associated with each public key consists The key ID associated with each public key consists

of its least significant 64 bitsof its least significant 64 bits That is the ID of KU is That is the ID of KU is (KU mod 2(KU mod 26464))

Format of PGP Format of PGP MessageMessage

Session Key Session Key ComponentComponent

SignatureSignature

MessageMessage

EEKUbKUb

EEKRaKRa

ZIPZIPEEksks R64R64

Timestamp

Key Id of Senders Public Key

Leading Two Octets of Message Digest

Message Digest

Filename

Time Stamp

Data

Session Key

Key Id of Recipients Public Key

PGP Key RingsPGP Key Rings

The problem:The problem: must maintain a database in order to must maintain a database in order to supports multiple public/private keys.supports multiple public/private keys.

The Solution :The Solution : Keys stored locally in a Keys stored locally in a PGP Key PGP Key

RingRing – essentially a database of keys. – essentially a database of keys. Two rings:Two rings:

- Private-key ring:- Private-key ring: stores the public/private key pairs stores the public/private key pairs ownedowned

by that nodeby that node - Public-key ring:- Public-key ring: stores the public keys of other users stores the public keys of other users

knownknown at this nodeat this node

Private keys stored in encrypted form; decryption key Private keys stored in encrypted form; decryption key determined by user-entered passphrase.determined by user-entered passphrase.

Key RingsKey Rings

TimestamTimestampp

Key IDKey ID** Public Public KeyKey

Encrypted Encrypted Private Private

KeyKey

User IDUser ID**

• • •

• • •

• • •

• • •

• • •

TTii KUKUii mod mod 226464

KUKUii EEH(PH(Pii))[KR[KRii]] User User ii

• • •

• • •

• • •

• • •

• • •

Private-Key Private-Key RingRing

Key RingsKey Rings

TimestamTimestampp

Key Key IDID**

PubliPublic Keyc Key

OwneOwner r

TrustTrust

User User IDID**

Key Key LegitimacLegitimac

yy

Signature(Signature(s)s)

Signature Signature Trust(s)Trust(s)

• • •

• • •

• • •

• • •

• • •

• • •

• • •

• • •

TiTi KUKUii momod d 226464

KUKUii User User ii

• • •

• • •

• • •

• • •

• • •

• • •

• • •

• • •

Public-Key Public-Key RingRing

Message GenerationMessage Generation

Public keyKRb

IDbSelect

Public-Key ring

MessageM

H EP | |

Messagedigest

Message

RNG

Session keyKs

EC

Signature + message

EP

Encrypted Signature+ message

| |

IDa Select

Private-Key ring

DC

HPassphase

EncryptedPrivate key

Output

Key ID

Private keyKRa

ReceptionReception

Receiver'sReceiver's

key IDkey ID

EncryptedEncrypted

Session keySession key

EncryptedEncrypted

MessageMessage+ +

SignatureSignature

Public keyKRb

Select

Public-Key ring

DP

Select

Private-Key ring

DC

HPassphase

EncryptedPrivate key

Session keyKs

DP

Private keyKRb

DC

Sender’Sender’ss

Key IDKey ID

EncryptEncrypteded

DigestDigest

MessagMessagee

Compare

H

Public Key Public Key Management ProblemManagement Problem The Problem:The Problem: A’s key ring contains a A’s key ring contains a

public key attributed to B but that the public key attributed to B but that the key is, in fact, owned by Ckey is, in fact, owned by C

Two threats now exist:Two threats now exist:• C can send messages to A and fake B’s C can send messages to A and fake B’s

signaturesignature, so that A will accept the , so that A will accept the message as coming from B !message as coming from B !

• Any encrypted Any encrypted message from A to B can be message from A to B can be read by C !read by C !

Public Key Public Key Management Problem Management Problem (cont.) (cont.) Possible solutions:Possible solutions:

• Physically get the key from BPhysically get the key from B• Verify a key by telephoneVerify a key by telephone• Obtain B’s public key from a mutual trusted individualObtain B’s public key from a mutual trusted individual• Obtains B’s public key from a trusted certifying authorityObtains B’s public key from a trusted certifying authority

That would violate PGP’s spirit as an That would violate PGP’s spirit as an E-mail security scheme for the masses:E-mail security scheme for the masses:• It should be possible for people to It should be possible for people to exchange keysexchange keys

electronically electronically with others whom they have never metwith others whom they have never met and and may not even knowmay not even know

• Every one who uses this scheme Every one who uses this scheme trusts the central trusts the central authorityauthority

PGP Key ManagementPGP Key Management

PGP Solution:PGP Solution: adopts a different trust model – the adopts a different trust model – the “web of trust”“web of trust”

No centralised authority like a root of trust !No centralised authority like a root of trust ! The concept of the web of trust:The concept of the web of trust:

• The concept:The concept: Individuals Individuals sign one another’s public keyssign one another’s public keys and and create an interconnected community of public-key users.create an interconnected community of public-key users.

• These “certificates” are These “certificates” are stored along with keys in key ringsstored along with keys in key rings - A signature testifies that the User ID associated with this public key is- A signature testifies that the User ID associated with this public key is validvalid - A signature is formed using the private key of the signer- A signature is formed using the private key of the signer

• PGP computes a PGP computes a trust leveltrust level for each public key in key ring. for each public key in key ring.• Users take partUsers take part in the assignment of the trust level in the assignment of the trust level

Trust in Public Key Trust in Public Key RingRing

Each user collects signed keysEach user collects signed keys and stores these in the public- key and stores these in the public- key ring.ring.

Each entry in the ring has:Each entry in the ring has:

- Key legitimacy field- Key legitimacy field Measures theMeasures the degree to which thisdegree to which this PGP user trusts that the key is valid for its user. PGP user trusts that the key is valid for its user.

TheThe higher the level of trust, the stronger is the binding of this user ID to this keyhigher the level of trust, the stronger is the binding of this user ID to this key

- Signature trust field- Signature trust field Measures how far the Measures how far the PGP user trusts the signer to certify public keys.PGP user trusts the signer to certify public keys. (The key (The key legitimacy field for an entry derives from the signature trust fields.) legitimacy field for an entry derives from the signature trust fields.)

- Owner trust field- Owner trust field Indicates the degree to which this Indicates the degree to which this PGP user trusts the key's owner to sign other PGP user trusts the key's owner to sign other

public-public- key certificates.key certificates. PGP doesn't compute this level of trust; the PGP user assigns it. PGP doesn't compute this level of trust; the PGP user assigns it.

YouYou can think of a signature trust field as a cached copy of the owner trust field fromcan think of a signature trust field as a cached copy of the owner trust field from another entry. another entry.

Trust in Public Key Trust in Public Key RingRing

Key Legitimacy Field (computed by PGP)Key Legitimacy Field (computed by PGP) Signature Trust Field (copies of OTF)Signature Trust Field (copies of OTF) Owner Trust Field (assigned by the user)Owner Trust Field (assigned by the user)

TimestamTimestampp

Key Key ID*ID*

PubliPublic Keyc Key

OwneOwner r TrustTrust

User User ID*ID*

Key Key LegitimacyLegitimacy

Signature(Signature(s)s)

SignaturSignature e Trust(s)Trust(s)

• • •

• • •

• • •

• • •

• • •

• • •

• • •

• • •

TTii KUi KUi momod d 226464

KUKUii Trust Trust flagflagii

User User ii

TrustTrustflagflagii

• • •

• • •

• • •

• • •

• • •

• • •

• • •

• • •

Public-Key Public-Key RingRing

Adding a new public Adding a new public key to your public-key key to your public-key ring:ring:

Owner trust field: Owner trust field: (signed other keys)(signed other keys) - If you - If you own the key - ultimate trustown the key - ultimate trust is automatically assigned. is automatically assigned. - If you - If you don’t own the key - PGP asks the user:don’t own the key - PGP asks the user: unknown, untrusted, marginally trusted, or completely trustedunknown, untrusted, marginally trusted, or completely trusted Signature trust field: Signature trust field: (trusts the signer)(trusts the signer) PGP searches the public-key ring to see if the author of this signature is PGP searches the public-key ring to see if the author of this signature is

among the known public-key owners. among the known public-key owners. - If so, the owner trust value for this owner is assigned to the signature - If so, the owner trust value for this owner is assigned to the signature

trust trust field for this signature. field for this signature. OWNERTRUST SIGTRUSTOWNERTRUST SIGTRUST - If not, an unknown-user value is assigned. - If not, an unknown-user value is assigned. key-legitimacy: key-legitimacy: (the key is valid for its user)(the key is valid for its user) On the basis of the signature trust fieldsOn the basis of the signature trust fields present in this entry. present in this entry.

- If at least one signature has a value of ultimate trust, then the key - If at least one signature has a value of ultimate trust, then the key legitimacy value is legitimacy value is set to completeset to complete- Otherwise, - Otherwise, PGP computes a weighted sumPGP computes a weighted sum of the trust values. of the trust values.

1/X is given to signatures that are always trusted 1/X is given to signatures that are always trusted 1/Y is given to signatures that are usually trusted1/Y is given to signatures that are usually trusted X and Y are user-configurable parameters. X and Y are user-configurable parameters.

PGP Trust Model PGP Trust Model ExampleExample

Revoking Public Revoking Public KeysKeys

When When exposure suspectsexposure suspects or simply or simply avoiding the use of the avoiding the use of the same key for an extended periodsame key for an extended period

The owner The owner issue a key revocation certificateissue a key revocation certificate– Signed by the ownerSigned by the owner , with the corresponding private key , with the corresponding private key– Same form of normal signatureSame form of normal signature certificate but includes an certificate but includes an

indicator that the purpose of this certificate is to revoke the indicator that the purpose of this certificate is to revoke the use of this public keyuse of this public key

The owner should The owner should disseminate this certificate disseminate this certificate as widely and as widely and as quickly as possible opponentas quickly as possible opponent

NOTE:NOTE:An opponent who has compromised the private-key of an An opponent who has compromised the private-key of an

ownerownercan also issue such a certificate. However, this would deny thecan also issue such a certificate. However, this would deny theopponent as well as the legitimate owner the use of the public opponent as well as the legitimate owner the use of the public Key – seems much less likely threat.Key – seems much less likely threat.

Next: S/MIME…Next: S/MIME…

Radix-64 Conversion Radix-64 Conversion TableTable

6-bit6-bit

ValueValue

CharactCharacterer

EncodinEncodingg

6-bit6-bit

ValueValue

CharactCharacterer

EncodinEncodingg

6-bit6-bit

ValueValue

CharactCharacterer

EncodinEncodingg

6-bit6-bit

ValueValue

CharactCharacterer

encodinencodingg

00

11

22

33

44

55

66

77

88

99

1010

1111

1212

1313

1414

1515

AA

BB

CC

DD

EE

FF

GG

HH

II

JJ

KK

LL

MM

NN

OO

PP

1616

1717

1818

1919

2020

2121

2222

2323

2424

2525

2626

2727

2828

2929

3030

3131

QQ

RR

SS

TT

UU

VV

WW

XX

YY

ZZ

aa

bb

cc

dd

ee

ff

3232

3333

3434

3535

3636

3737

3838

3939

4040

4141

4242

4343

4444

4545

4646

4747

gg

hh

ii

jj

kk

ll

mm

nn

oo

pp

qq

rr

ss

tt

uu

vv

4848

4949

5050

5151

5252

5353

5454

5555

5656

5757

5858

5959

6060

6161

6262

6363

((padpad))

ww

xx

yy

zz

00

11

22

33

44

55

66

77

88

99

++

//

==

Radix-64 Encoding